October 17, 2024

We’re excited to announce our participation in EDUCAUSE 2024 from 21 to 24 October. We’re looking forward to meeting many of our partners and customers in person. Stop by our booth, number 4047, to join the conversation about building open-source cloud and virtualization in a secure environment.  

<noscript> <img alt="" height="720" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1280,h_720/https://ubuntu.com/wp-content/uploads/fe72/Data-lake-webinar-august-21-8.png" width="1280" /> </noscript>

Ubuntu in Education 

Ubuntu has long been a preferred operating system for Universities and colleges. The ease of use, user-friendliness, and security that Ubuntu offers are a perfect foundation for reliable infrastructure. 

However, Canonical solutions for academic institutions for long are not limited to the beloved operating system. Here are just a couple of examples of the leading Universities taking advantage of the open-source products and tools we provide. 

University of Alabama at Birmingham accelerates research with Canonical Charmed Infrastructure and Ceph on Dell infrastructure

The University of Alabama at Birmingham (UAB) is an internationally renowned public research university and academic medical center that has more than 22,000 students enrolled and over 24,000 faculty members. UAB generates $12.1 billion in annual economic impact within the State of Alabama.

UAB is committed to empowering its researchers with all of the tools and technologies they need to work as efficiently and effectively as possible. With the rise of containerisation, the university saw an opportunity to further accelerate research by transforming its approach to compute and storage resource management through Kubernetes

To make this vision a reality, the organization turned to its trusted partners Dell Technologies and Canonical.

“The fact that Canonical and Dell had a partnership made it easy for us to act on our deployment goals.”

Read the full case study here

How New Mexico State University accelerates compliant federal research with Ubuntu

With the introduction of the Cybersecurity Maturity Model Certification (CMMC) 2.0 program and FIPS 140 validated cryptography, New Mexico State University’s Physical Science Laboratory (PSL) was under pressure to find a new operating system that would meet these stringent compliance standards. At the same time the right choice would need to be easy to use for their team of in-house researchers and student hires. 

PSL was using CentOS, which was about to be discontinued. This sent them on a mission to find a cost-effective, easy-to-use, and compliant alternative.

After a series of trials, Ubuntu emerged as the clear choice for PSL. It wasn’t just that Ubuntu offered the necessary FIPS 140 certification through Ubuntu Pro at a price 4-5 times lower than other options; Ubuntu also has an intuitive design and large open source community, along with comprehensive and free documentation, making it the ideal solution for PSL’s diverse team. 

Transitioning to a new OS could have been a disruptive process, but thanks to the simplicity of Ubuntu and wealth of online resources, the shift was almost seamless. 

The feedback from the team at PSL says it all. As Ed Zenisek, IT Manager at PSL, puts it, “Info on Ubuntu is right there at our fingertips. Anything we need to know is always just a Google search away, so whatever issues we run into are easy to solve”.

Learn how PSL achieved CMMC certification here 

Building open-source cloud

At EDUCAUSE we will also talk about building and managing open-source private cloud solutions. Alongside Canonical Openstack, now we’re offering Microclouds, small-scale clouds optimized for repeatable and reliable remote deployments. 

Microclouds consist of low-footprint clusters of compute nodes with distributed storage and secure networking. They can serve as small-scale private clouds, or as edge clouds distributed across a number of locations.

Microclouds are a great fit to build a new infrastructure and an alternative to many solutions offered by Vmware. 

Learn how Canonical empowers Université de l’Ontario Français dream of rapid scaling through MicroCloud and enterprise support here. 

What else?

Ubuntu Pro, Kubernetes, Openstack and Microcloud are just several examples of multiple open-source solutions we’re offering at Canonical. Visit our team at booth #4047 and bring us any open-source challenge and we will be happy to solve it for you! 

If you’d like to learn more about open-source solutions for your organization book an in-person time with EDU Account Executives Carlos Falsiroli or Hannah Watson here

on October 17, 2024 05:57 PM
<noscript> <img alt="" height="720" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1280,h_720/https://ubuntu.com/wp-content/uploads/f3c4/Ubuntu-for-Finance-Blog-header.png" width="1280" /> </noscript>

Financial services are powered by technology. The customer experience is increasingly driven by data, with tailoring of products and services to reflect individual behaviors and preferences. All of this rests on a foundation of secure, stable technology that can support agility and flexibility to adapt to customer needs, whilst at the same time remaining compliant. 

Financial services organizations using CentOS as their foundation for innovation watched as CentOS 8 retired in 2021, followed by CentOS 7 in June 2024. However, a recent study revealed that nearly a quarter of organizations across industries are still using CentOS

Sound familiar? It’s no secret that financial institutions are amongst the most cautious when making major technological changes. This makes sense given the sensitivity of their work. In fact, despite the transition to the cloud being well established, 60% of financial institutions report that their legacy tech stack is too costly and inadequate. As with all legacy systems, the now unsupported CentOS will begin to show its age. As a result, the burden of maintenance upon your developers to keep it running will only grow. 

In this blog, we’ll run through the benefits Ubuntu offers as an alternative to CentOS, in the context of financial services.

Ubuntu offers a smooth migration experience

When it comes to change management, it’s often the journey (and not the destination) that makes people nervous. Financial institutions are well aware that there are better options out there than their legacy tech. The problem is that many see the cost of implementing these options as not worth the risk. In the same vein, it’s understandable that when dealing with services that operate 24/7, to service customers globally, the concept of moving from a Fedora-based system to a Debian-based system may raise some eyebrows. 

The silver-lining to switching from CentOS after EoL is that you can learn from other enterprises who have already made the change. The changes needed to switch from CentOS to Ubuntu are extremely well-documented. Canonical, the publisher of Ubuntu, has published a step-by-step guide for system administrators and enterprises looking to switch to Ubuntu. This guidance is based on the real experiences of our customers. Additionally, customers who have already made the switch, including Pentera and New Mexico State University, have shared their stories of how Canonical’s enterprise-grade support made their transitions to Ubuntu seamless. 

It’s worth noting that the Ubuntu community has assisted many migrations from Fedora-based systems over the years. The chances are that any questions you have about packages, dependencies or issues have already been answered. 

Whilst no migration is guaranteed to be without bumps in the road, Ubuntu’s wide support base works hard to make it accessible to users from all backgrounds, whichever system they are migrating from.

A stable landing zone

<noscript> <img alt="" height="427" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1212,h_427/https://ubuntu.com/wp-content/uploads/c77f/Ubuntu-Releases-Upload-2.png" width="1212" /> </noscript>
A diagram showing the current supported releases of Ubuntu

We’ve talked about the journey – now let’s examine the destination. One of the original attractions of CentOS was its stability. Its point release system provided a stable base which financial institutions valued, given that updates would not bring unexpected changes. With all the work that goes into a migration, it’s important that your chosen solution does not require a burdensome level of continual maintenance. 

The good news is that Ubuntu follows a regular release cadence. Long-term support editions are released every 2 years, with standard support for 5 years in every instance. This support cadence extends to anywhere you are using Ubuntu in your stack. From bare-metal and workstations to Kubernetes Clusters and edge devices. 

With an Ubuntu Pro subscription, you can extend long-term support for up to 12 years, through enterprise-grade support that offers you full maintenance patching for over 30,000 open source packages. This frees your developers to spend more time on activities that drive business value, and less on upkeep and compliance.

Security and compliance is in Ubuntu’s DNA

<noscript> <img alt="" height="436" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_706,h_436/https://ubuntu.com/wp-content/uploads/12c9/Identity_Management.webp" width="706" /> </noscript>
An example of identity management on Ubuntu

There’s no skirting around the fact that security is one of the biggest factors preventing financial institutions from catching up with other industries in terms of technologies. This is with good reason: breaches harm customers, damage reputations and result in punitive measures.

However, this is equally true of outdated technology. The risk of an attack increases by 47% once software reaches end of life. Once you factor in that 59% of cybersecurity professionals at large report feeling burnt out and that the sensitivity of the data at stake in financial institutions is higher than other industries, financial institutions begin to look like fertile ground for a security incident. 

Ubuntu releases have security baked into them by default, through pre-configurations that minimize attack surface and keep protection up to date:

  • Minimized attack surface
    • Read-only data sections
    • No open ports 
    • Password hashing
    • Disable legacy TLS 
  • Auto-enablements that keep protection up to date
    • Automated patching
    • AppArmor (a security module that restricts permissions) 

This provides a solid foundation which developers can build upon in order to meet strict compliance requirements. 

Given the importance of controls and policies that govern access permissions in compliance frameworks, it’s important your OS empowers security teams to make changes dynamically. Ubuntu, like CentOS, makes use of industry recognized open source standards for identity management. Ubuntu supports advanced identity management features that conform to OpenID Connect authentication protocols, making identity management on Ubuntu interoperable with your wider ecosystem. You can choose to use Ubuntu’s Authd, an authentication daemon that integrates cloud-based identity providers. Alternatively, you can integrate with Microsoft Entra ID (formerly known as Azure Active Directory). However you choose to implement your identity management protocols, Ubuntu provides the enterprise-grade tools for the job. 

In addition, with an Ubuntu Pro subscription, your developers can access automated hardening tools for compliance frameworks. This includes ISO 27001, PCI-DSS, FIPS-140 and the Cyber Resilience Act. As financial institutions provide services to a range of other regulated industries, choosing Ubuntu is a sign of commitment to the most rigorous security standards.

Interoperability for cloud computing

Whilst assessing alternatives to CentOS, compatibility will be high on your list of considerations. As organizations continue to shift towards cloud computing for workload deployment, data management and machine learning, it’s important to ensure a layer of interoperability amongst these systems. Whilst traditionally, financial institutions have relied on on-premise infrastructure (also known as “private clouds”), organizations are increasingly adopting hybrid-cloud approaches. This approach allows greater scalability and flexibility in workload deployment.

Open source systems, like CentOS and Ubuntu, are able to provide interoperability between public and private clouds. This is because they are both open source systems and not tied to any specific vendor. However, Ubuntu brings considerable advantages over other OSes in this regard. Through Ubuntu Server, financial organizations can deploy workloads at scale across both public and private clouds, be they OpenStack clouds, Kubernetes clusters or databases. With a single OS, you can harmonize your approach across your cloud stack. 

Additionally, Ubuntu is the #1 guest OS on public clouds. There are certified Ubuntu images available for AWS, Azure, Google Cloud, Oracle and IBM Cloud. As public cloud vendors become more attuned to compliance requirements and attempt to capture more regulated markets, the importance of public clouds as part of a hybrid-cloud strategy will continue to grow.

Artificial intelligence at scale

With the importance of AI in finance continuing to grow, the ability to harness customer data to provide a truly tailored experience, as well as to spot potential fraud or predict surges in demand (to name just a few applications), financial services institutions are integrating machine learning models into their tech stacks. 

This ties in to cloud computing, given the importance of clouds when deploying AI workloads. Kubernetes is the orchestration platform that is most widely used for deploying AI workloads, with it projected to reach 90% enterprise adoption by 2027. Given that AI is one of the fastest evolving enterprise technologies, continuing to use an OS that has reached end of life will limit your opportunities, as incompatibilities and lack of maintenance are likely to cause model failure. 

By contrast, Ubuntu is the reference platform for Kubernetes, meaning that Kubernetes is built on Ubuntu. By choosing Ubuntu as your OS, you’re empowering your developers to run your AI/ML lifecycle on a single, integrated stack. This enables you to maximize your resources, avoid wastage and most importantly, simplify operations for your developers.

Learn more about Ubuntu for financial services

Since CentOS reached end of life, financial institutions will need to make decisions about how to deploy their resources. Do they choose to invest considerable time and effort in keeping a legacy system running? Or is it time to switch to a new system that empowers them to face future challenges with future-facing technology? 

To discuss a change to Ubuntu, click the link below to share your information and begin a discussion.

Are you evaluating CentOS alternatives?

Get in touch


on October 17, 2024 10:28 AM

E320 Baderna Na Caserna III

Podcast Ubuntu Portugal

AVEIRO TREMEU. Numa cave mal iluminada, rodeados de cervejas e patinhos de borracha, um bando de perigosos meliantes reuniu-se em assembleia secreta, perturbando gravemente o sono das gentes sérias e trabalhadoras dessa malograda cidade, para espalharem a sua mensagem de Software Livre. O que aconteceu? Uma gravação clandestina, que obtivemos em exclusivo, revelar-vos-á TUDO!

Já sabem: oiçam, subscrevam e partilhem!

Apoios

Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal. E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8. Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem. Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino, Miguel e Tiago Carrondo e editado pelo Senhor Podcast. O website é produzido por Tiago Carrondo e o código aberto está licenciado nos termos da Licença MIT. (https://creativecommons.org/licenses/by/4.0/). A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da CC0 1.0 Universal License. Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

on October 17, 2024 12:00 AM

October 15, 2024

Designed by Freepik

What is an “online” system?

Networking is a complex topic, and there is lots of confusion around the definition of an “online” system. Sometimes the boot process gets delayed up to two minutes, because the system still waits for one or more network interfaces to be ready. Systemd provides the network-online.target that other service units can rely on, if they are deemed to require network connectivity. But what does “online” actually mean in this context, is a link-local IP address enough, do we need a routable gateway and how about DNS name resolution?

The requirements for an “online” network interface depend very much on the services using an interface. For some services it might be good enough to reach their local network segment (e.g. to announce Zeroconf services), while others need to reach domain names (e.g. to mount a NFS share) or reach the global internet to run a web server. On the other hand, the implementation of network-online.target varies, depending on which networking daemon is in use, e.g. systemd-networkd-wait-online.service or NetworkManager-wait-online.service. For Ubuntu, we created a specification that describes what we as a distro expect an “online” system to be. Having a definition in place, we are able to tackle the network-online-ordering issues that got reported over the years and can work out solutions to avoid delayed boot times on Ubuntu systems.

In essence, we want systems to reach the following networking state to be considered online:

  1. Do not wait for “optional” interfaces to receive network configuration
  2. Have IPv6 and/or IPv4 “link-local” addresses on every network interface
  3. Have at least one interface with a globally routable connection
  4. Have functional domain name resolution on any routable interface

A common implementation

NetworkManager and systemd-networkd are two very common networking daemons used on modern Linux systems. But they originate from different contexts and therefore show different behaviours in certain scenarios, such as wait-online. Luckily, on Ubuntu we already have Netplan as a unification layer on top of those networking daemons, that allows for common network configuration, and can also be used to tweak the wait-online logic.

With the recent release of Netplan v1.1 we introduced initial functionality to tweak the behaviour of the systemd-networkd-wait-online.service, as used on Ubuntu Server systems. When Netplan is used to drive the systemd-networkd backend, it will emit an override configuration file in /run/systemd/system/systemd-networkd-wait-online.service.d/10-netplan.conf, listing the specific non-optional interfaces that should receive link-local IP configuration. In parallel to that, it defines a list of network interfaces that Netplan detected to be potential global connections, and waits for any of those interfaces to reach a globally routable state.

Such override config file might look like this:

[Unit]
ConditionPathIsSymbolicLink=/run/systemd/generator/network-online.target.wants/systemd-networkd-wait-online.service

[Service]
ExecStart=
ExecStart=/lib/systemd/systemd-networkd-wait-online -i eth99.43:carrier -i lo:carrier -i eth99.42:carrier -i eth99.44:degraded -i bond0:degraded
ExecStart=/lib/systemd/systemd-networkd-wait-online --any -o routable -i eth99.43 -i eth99.45 -i bond0

In addition to the new features implemented in Netplan, we reached out to upstream systemd, proposing an enhancement to the systemd-networkd-wait-online service, integrating it with systemd-resolved to check for the availability of DNS name resolution. Once this is implemented upstream, we’re able to fully control the systemd-networkd backend on Ubuntu Server systems, to behave consistently and according to the definition of an “online” system that was lined out above.

Future work

The story doesn’t end there, because Ubuntu Desktop systems are using NetworkManager as their networking backend. This daemon provides its very own nm-online utility, utilized by the NetworkManager-wait-online systemd service. It implements a much higher-level approach, looking at the networking daemon in general instead of the individual network interfaces. By default, it considers a system to be online once every “autoconnect” profile got activated (or failed to activate), meaning that either a IPv4 or IPv6 address got assigned.

There are considerable enhancements to be implemented to this tool, for it to be controllable in a fine-granular way similar to systemd-networkd-wait-online, so that it can be instructed to wait for specific networking states on selected interfaces.

A note of caution

Making a service depend on network-online.target is considered an antipattern in most cases. This is because networking on Linux systems is very dynamic and the systemd target can only ever reflect the networking state at a single point in time. It cannot guarantee this state to be remained over the uptime of your system and has the potentially to delay the boot process considerably. Cables can be unplugged, wireless connectivity can drop, or remote routers can go down at any time, affecting the connectivity state of your local system. Therefore, “instead of wondering what to do about network.target, please just fix your program to be friendly to dynamically changing network configuration.” [source].

on October 15, 2024 07:33 AM

Welcome to the Ubuntu Weekly Newsletter, Issue 861 for the week of October 6 – 12, 2024. The full version of this issue is available here.

In this issue we cover:

  • Canonical Releases Ubuntu 24.10 Oracular Oriole
  • Ubuntu Stats
  • Hot in Support
  • Ubuntu Meeting Activity Reports
  • LXD: Weekly news #366
  • Rocks Public Journal 2024-10-11
  • Ubuntu HPC Meeting Notes: 2024/10/9
  • Ubuntu 24.10 Release Party @ Pohang
  • Ubuntu 24.10 Release & 20th Anniversary Event @ Busan
  • LoCo Events
  • Introducing the NVMe/TCP PoC with Ubuntu Server 24.10
  • Expanding the Xubuntu Community: Matrix & Discourse
  • Other Community News
  • Canonical News
  • In the Blogosphere
  • Featured Audio and Video
  • Meeting Reports
  • Upcoming Meetings and Events
  • Updates and Security for Ubuntu 20.04, 22.04, 24.04, and 24.10
  • And much more!

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • Din Mušić
  • Cristovao Cordeiro – cjdc
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

.

on October 15, 2024 12:04 AM

October 14, 2024

Happy 28th birthday KDE!Happy 28th Birthday KDE!

Sorry my blog updates have been MIA. Let me tell you a story…

As some of you know, 3 months ago I was in a no fault car accident. Thankfully, the only injury was I ended up with a broken arm. ER sends me home in a sling and tells me it was a clean break and it will mend itself in no time. After a week of excruciating pain I went to my follow up doctor appointment, and with my x-rays in hand, the doc tells me it was far from a clean break and needs surgery. So after a week of my shattered bone scraping my nerves and causing pain I have never felt before, I finally go in for surgery! They put in a metal plate with screws to hold the bone in place so it can properly heal. The nerve pain was gone, so I thought I was on the mend. Some time goes by and the swelling still has not subsided, the doctors are not as concerned about this as I am, so I carry on until it becomes really inflamed and developed fever blisters. After no success in reaching the doctors office my husband borrows the neighbors car and rushes me to the ER. Good thing too, I had an infection. So after a 5 day stay in the hospital, they sent us home loaded with antibiotics and trained my husband in wound packing. We did everything right, kept the place immaculate, followed orders with the wound care, took my antibiotics, yet when they ran out there was still no sign of relief, or healing. Went to doctors and they gave me another month supply of antibiotics. Two days after my final dose my arm becomes inflamed again and with extra spectacular levels of pain to go with it. I call the doctor office… They said to come in on my appointment day ( 4 days away ). I asked, “You aren’t concerned with this inflammation?”, to which they replied, “No.”. Ok, maybe I am over reacting and it’s all in my head, I can power through 4 more days. The following morning my husband observed fever blisters and the wound site was clearly not right, so once again off we go to the ER. Well… thankfully we did. I was in Sepsis and could have died… After deliberating with the doctor on the course of action for treatment, the doctor accepted our plea to remove the plate, rather than tighten screws and have me drive 100 miles to hospital everyday for iv antibiotics (Umm I don’t have a car!?) So after another 4 day stay I am released into the world, alive and well. I am happy to report, the swelling is almost gone, the pain is minimal, and I am finally healing nicely. I am still in a sling and I have to be super careful and my arm was not fully knitted. So with that I am bummed to say, no traveling for me, no Ubuntu Summit 🙁

I still need help with that car, if it weren’t for our neighbor, this story would have ended much differently.

https://gofund.me/00942f47

Despite my tragic few months for my right arm, my left arm has been quite busy. Thankfully I am a lefty! On to my work progress report.

Kubuntu:

With Plasma 6! A big thank you to the Debian KDE/QT team and Rik Mills, could not have done it without you!

KDE Snaps:

All release service snaps are done! Save a few problematic ones still WIP.. I have released 24.08.2 which you can find here:

https://snapcraft.io/publisher/kde

I completed the qt6 and KDE frameworks 6 content packs for core24

Snapcraft:

I have a PR in for kde-neon-6 extension core24 support.

That’s all for now. Thanks for stopping by!

on October 14, 2024 08:58 PM

Announcing Incus 6.6

Stéphane Graber

A slightly less busy release this time, mostly due to traveling to the Linux Plumbers Conference and associated events a few weeks ago.

But still far from a boring release. On top of the usual bugfix and performance improvements, we’re getting a number of nice additions for virtual machines, improved clustered LVM support, improvements to incus-migrate and a number of new network features!

The highlights for this release are:

  • OS info for virtual machines
  • Console history for virtual machines
  • Ability to create clustered LVM volume groups
  • QCOW2 and VMDK support in incus-migrate
  • Configurable macvlan mode
  • Load-balancer health information
  • External interfaces in OVN networks
  • Parallel cluster evacuation/restoration

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

on October 14, 2024 03:12 AM

October 13, 2024

In today’s rapidly evolving tech world, the need for fast and efficient data management is more critical than ever. One name that frequently stands out in the NoSQL database world is Redis. Since its introduction in 2009, Redis has become a go-to choice for real-time applications that require exceptional speed and flexibility in handling data.

In this article, we’ll explore the history of Redis, how it’s used, and the benefits it offers to various modern applications.

The History of Redis: Origins and Evolution

Redis, which stands for Remote Dictionary Server, was developed by Salvatore Sanfilippo in 2009. Initially launched as an open-source project to address scalability issues faced by large-scale systems, Redis quickly gained popularity among developers for its ability to process data at lightning speeds.

Redis operates as an in-memory database, meaning it stores all data in RAM rather than on disk. This design enables Redis to deliver significantly faster performance compared to traditional databases, making it ideal for applications that demand real-time speed.

How is Redis Used?

One of the primary reasons Redis is so popular is its flexibility, allowing it to be used in various scenarios. Here are some real-world examples of how Redis is utilized:

  1. Caching
    Redis is well-known for its use in caching due to its speed. By storing data in memory, Redis drastically reduces the time it takes to retrieve data. This is especially useful in web applications where users need instant access to information such as previously loaded pages, images, or API data.
  2. Session Management
    Many large platforms use Redis to store user session information. When users log into a system, Redis can store their session data in memory, ensuring quick access. This is crucial for maintaining a smooth user experience without delays.
  3. Real-Time Analytics
    In a data-driven world, companies need instant analytics to make informed decisions. Redis enables companies to process and analyze data in real time, such as tracking user behavior on websites, monitoring IoT devices, or analyzing financial transactions as they occur.
  4. Message Queuing
    Redis is also widely used for message queuing via its Pub/Sub (Publisher/Subscriber) feature. This is particularly helpful in systems where real-time communication between services or applications is required, such as notification systems or instant messaging services.

The Benefits of Redis: What Makes It Great?

Incredible Speed
Redis stands out because of its speed. As an in-memory database, Redis delivers sub-millisecond response times, making it one of the fastest technologies available for data management. This is why it is often the preferred choice for real-time applications.

Versatile Data Structures
Another feature that sets Redis apart is its support for various data structures like strings, lists, sets, and hashes. This versatility allows developers to use Redis in a wide range of scenarios, from storing user information to managing complex data in e-commerce systems.

Persistence Options
Even though Redis stores data in memory, it also offers persistence options, allowing users to periodically save data to disk. This provides an added layer of security in case of system failures, ensuring that data is backed up and recoverable.

Easy Scalability
Redis is easily scalable, whether vertically (by adding more RAM) or horizontally (by adding more Redis servers). This is essential for growing applications where the need to process more data increases over time.

Conclusion

Redis has proven itself to be one of the most powerful tools in modern data management. Its incredible speed, support for multiple data types, and scalability make it the top choice for real-time applications. Whether you’re a developer building web apps or a company looking to process real-time analytics, Redis is a technology worth exploring.


There you have it—a brief guide to Redis and the benefits it brings. This technology not only accelerates application performance but also provides a flexible and reliable solution for managing data at scale.

The post Redis: The Powerhouse Behind Modern Databases appeared first on HamRadio.My - Ham Radio, Fun Facts, Open Source Software, Tech Insights, Product Reviews by 9M2PJU.

on October 13, 2024 11:33 AM

FreeBSD vs. Ubuntu: A Comparison

Faizul "Piju" 9M2PJU

When it comes to choosing an operating system for your projects, two names often come up: FreeBSD and Ubuntu. Both have unique strengths and characteristics that make them suitable for different tasks. In this post, we’ll dive deep into the differences and similarities between these two powerful systems, helping you determine which one is the best fit for your needs.

Overview of FreeBSD and Ubuntu

FreeBSD

FreeBSD is an operating system that is derived from the Berkeley Software Distribution (BSD). Known for its performance and advanced networking features, FreeBSD provides a robust environment ideal for servers, embedded systems, and networking applications. The entire operating system, from the kernel to the userland tools, is developed from a single source, which helps ensure consistency and stability.

Ubuntu

Ubuntu is a popular Linux distribution based on Debian. It is widely used for both desktop and server environments due to its user-friendliness and extensive software repositories. Ubuntu emphasizes ease of use and regular updates, making it a favorite among beginners and experienced users alike.

Key Comparisons

1. System Base

  • FreeBSD: The entire OS is developed from a single source, providing a consistent and cohesive experience. This unified approach allows for seamless integration between the kernel and userland tools.
  • Ubuntu: As a Linux-based system, Ubuntu relies on the Debian base. While it offers a rich ecosystem of software, the diversity of packages can sometimes lead to compatibility issues.

2. Performance & Efficiency

  • FreeBSD: Renowned for its lightweight and minimal design, FreeBSD excels in server environments where performance is critical. It manages system resources efficiently, making it ideal for high-traffic applications.
  • Ubuntu: While Ubuntu performs well in most situations, its default installation comes with a variety of services and applications that can consume more system resources than necessary.

3. Software Availability

  • FreeBSD: With its Ports Collection and package management system, FreeBSD offers access to over 40,000 software options. However, it may lack some of the more niche applications available on Linux.
  • Ubuntu: As one of the most popular Linux distributions, Ubuntu boasts extensive software repositories, providing compatibility with nearly all Linux applications. This makes it a go-to choice for developers and users looking for variety.

4. Security

  • FreeBSD: Security is a core focus of FreeBSD. It features built-in security mechanisms such as jails (which provide a form of lightweight virtualization) and a strong emphasis on minimizing vulnerabilities.
  • Ubuntu: While Ubuntu is secure and receives regular updates, its wider range of installed software can lead to a larger attack surface. However, it also offers tools like AppArmor for enhanced security.

5. Community & Support

  • FreeBSD: The FreeBSD community may be smaller, but it is dedicated and knowledgeable. Comprehensive documentation is available, ensuring users have access to the resources they need.
  • Ubuntu: Ubuntu has a large and active community, along with professional support available through Canonical. The extensive community means users can find help quickly, whether through forums or official channels.

6. Use Cases

  • FreeBSD: Ideal for servers, network appliances, and scenarios where stability and performance are paramount. Its strong networking capabilities make it a popular choice for firewalls and routers.
  • Ubuntu: Excellent for desktop use, development environments, and general-purpose servers. Its ease of use makes it particularly appealing for users who are new to Linux.

Conclusion

Choosing between FreeBSD and Ubuntu ultimately comes down to your specific needs and goals. If you’re looking for an operating system that excels in performance, security, and stability, especially in server or networking environments, FreeBSD is an excellent choice. On the other hand, if you prefer a user-friendly interface with a wide array of applications for both desktop and server use, Ubuntu may be the way to go.

Both systems have their strengths, and understanding them can help you make an informed decision. Whichever you choose, you’ll be working with powerful tools that are widely respected in the tech community. Happy computing!

The post FreeBSD vs. Ubuntu: A Comparison appeared first on HamRadio.My - Ham Radio, Fun Facts, Open Source Software, Tech Insights, Product Reviews by 9M2PJU.

on October 13, 2024 10:22 AM

October 10, 2024

Ubuntu 24.10, codenamed “Oracular Oriole”, is here. This release continues Ubuntu’s proud tradition of integrating the latest and greatest open-source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, partnering with the community and our partners, to introduce new features and fix bugs.

Ubuntu 24.10 features the latest Linux 6.11 kernel for improved performance and hardware support, marking a shift to a more aggressive kernel version selection policy going forward.

Building on our previous LTS efforts around performance engineering, Ubuntu 24.10 now includes kdump-tools on relevant platforms for automatic kernel crashdumps. The default desktop installation also includes sysprof for application and workload profiling.

Ubuntu Desktop delivers GNOME 47 with improvements to performance, user experience and enhanced touchscreen support. The power-profiles-daemon improves power management for AMD CPUs and GPUs while libfprint adds support for many new fingerprint reader devices. Ubuntu Desktop now defaults to Wayland on devices with NVIDIA graphics cards and defaults to the NVIDIA 560 open driver version.

Snap management has also been improved on desktop with better update management and messaging in both the dock and the App Center, alongside an experimental new permissions prompting feature which can be enabled in the new Security Center application.

Valkey now replaces Redis in Ubuntu 24.10 with a configuration migration package to support the transition. As always Ubuntu provides updated toolchains for GCC, LLVM, Rust, Golang and .Net alongside TCK certified packages for OpenJDK 21 and 17.

The newest Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, Ubuntu Unity, and Xubuntu are also being released today. More details can be found for these at their individual release notes under the Official Flavours section:

https://discourse.ubuntu.com/t/oracular-oriole-release-notes/44878#heading–official-flavours

Maintenance updates will be provided for 9 months for all flavours releasing with 24.10.

To get Ubuntu 24.10

In order to download Ubuntu 24.10, visit:

https://ubuntu.com/download

Users of Ubuntu 24.04 LTS will be offered an automatic upgrade to 24.10 if they have selected to be notified of all releases rather than just LTS upgrades. For further information about upgrading, see:

https://ubuntu.com/download/desktop/upgrade

As always, upgrades to the latest version of Ubuntu are entirely free of charge.

We recommend that all users read the release notes, which document caveats, workarounds for known issues, as well as more in-depth notes on the release itself. They are available at:

https://discourse.ubuntu.com/t/oracular-oriole-release-notes

Find out what’s new in this release with a graphical overview:

https://ubuntu.com/desktop

https://ubuntu.com/desktop/features

If you have a question, or if you think you may have found a bug but aren’t sure, you can try asking in any of the following places:

Help Shape Ubuntu

If you would like to help shape Ubuntu, take a look at the list of ways you can participate at:

https://ubuntu.com/community/contribute

About Ubuntu

Ubuntu is a full-featured Linux distribution for desktops, laptops, IoT, cloud, and servers, with a fast and easy installation and regular releases. A tightly-integrated selection of excellent applications is included, and an incredible variety of add-on software is just a few clicks away.

Professional services including support are available from Canonical and hundreds of other companies around the world. For more information about support, visit:

https://ubuntu.com/support

More Information

You can learn more about Ubuntu and about this release on our website listed below:

https://ubuntu.com

To sign up for future Ubuntu announcements, please subscribe to Ubuntu’s very low volume announcement list at:

https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce

Originally posted to the ubuntu-announce mailing list on Thu Oct 10 16:03:21 UTC 2024 by Łukasz ‘sil2100’ Zemczak, on behalf of the Ubuntu Release Team.

on October 10, 2024 11:53 PM

Xubuntu 24.10, "Oracular Oriole," is now available, featuring many updated applications from Xfce (4.18 and 4.19), GNOME (46 and 47), and MATE (1.26).

The post Xubuntu 24.10 Released appeared first on Sean Davis.

on October 10, 2024 09:19 PM

The Xubuntu team is happy to announce the immediate release of Xubuntu 24.10.

Xubuntu 24.10, codenamed Oracular Oriole, is a regular release and will be supported for 9 months, until July 2025.

Xubuntu 24.10, featuring the latest updates from Xfce 4.19 and GNOME 47.

Xubuntu 24.10 features the latest updates from Xfce 4.19, GNOME 47, and MATE 1.26. For Xfce enthusiasts, you’ll appreciate the new features and improved hardware support found in Xfce 4.19. Xfce 4.19 is the development series for the next release, Xfce 4.20, due later this year. As pre-release software, you may encounter more bugs than usual. Users seeking a stable, well-supported environment should opt for Xubuntu 24.04 “Noble Numbat” instead.

The final release images for Xubuntu Desktop and Xubuntu Minimal are available as torrents and direct downloads from xubuntu.org/download/.

As the main server might be busy in the first few days after the release, we recommend using the torrents if possible.

We’d like to thank everybody who contributed to this release of Xubuntu!

Highlights and Known Issues

Highlights

  • Xfce 4.19 is included as a development preview of the upcoming Xfce 4.20. Among several new features, it features early Wayland support and improved scaling.
  • GNOME 47 apps, including Disk Usage Analyzer (baobab) and Sudoku (gnome-sudoku), include a refreshed appearance and usability improvements

Known Issues

  • The shutdown prompt may not be displayed at the end of the installation. Instead you might just see a Xubuntu logo, a black screen with an underscore in the upper left hand corner, or just a black screen. Press Enter and the system will reboot into the installed environment. (LP: #1944519)
  • Xorg crashes and the user is logged out after logging in or switching users on some virtual machines, including GNOME Boxes. (LP: #1861609)
  • You may experience choppy audio or poor system performance while playing audio, but only in some virtual machines (observed in VMware and VirtualBox)
  • OEM installation options are not currently supported or available, but will be included for Xubuntu 24.04.1

For more obscure known issues, information on affecting bugs, bug fixes, and a list of new package versions, please refer to the Xubuntu Release Notes.

The main Ubuntu Release Notes cover many of the other packages we carry and more generic issues.

Support

For support with the release, navigate to Help & Support for a complete list of methods to get help.

on October 10, 2024 09:07 PM

The Ubuntu Studio team is pleased to announce the release of Ubuntu Studio 24.10 code-named “Oracular Oriole”. This marks Ubuntu Studio’s 35th release. This release is a Regular release and as such, it is supported for 9 months, until July 2025.

Since it’s just out, you may experience some issues, so you might want to wait a bit before upgrading. Please see the release notes for a more complete list of changes and known issues. Listed here are some of the major highlights.

You can download Ubuntu Studio 24.10 from our download page.

Special Notes

The Ubuntu Studio 24.10 disk image (ISO) exceeds 4 GB and cannot be downloaded to some file systems such as FAT32 and may not be readable when burned to a standard DVD. For this reason, we recommend downloading to a compatible file system. When creating a boot medium, we recommend creating a bootable USB stick with the ISO image or burning to a Dual-Layer DVD.

Minimum installation media requirements: Dual-Layer DVD or 8GB USB drive.

Images can be obtained from this link: https://cdimage.ubuntu.com/ubuntustudio/releases/24.10/release/

Full updated information, including Upgrade Instructions, are available in the Release Notes.

Upgrades from 24.04 LTS should be enabled within a month after release, so we appreciate your patience.

New This Release

Minimal Installation

We have now implemented minimal installations in the system installer. This will let you install a minimal desktop to get going and then install what you need via Ubuntu Studio Installer. This will make a faster installation process and lets you customize what you need for your personal Studio.

Unfortunately, at least for the time being, we also had to get rid of the default shortcuts in the panel since it would cause an error when loading without the applications being installed. A solution for this is coming in 25.04.

Generic Kernel

The Generic Ubuntu Kernel is now fully capable of low-latency workloads. As such, with this release, we have switched from the LowLatency Kernel to the Generic Kernel with the boot options to enable the low-latency configuration enabled by default.

These options can be changed via Ubuntu Studio Audio Configuration and customized depending on your use-case and your workload. If you don’t need the low-latency and wish to have a computer that is more energy-efficient, you may wish to turn off all three options. The choice is yours.

Plasma 6

Ubuntu Studio, in cooperation with Kubuntu, switched to Plasma 6 this cycle. This switch was not without issues, so we expect many of the issues to be Plasma 6 related, especially when it comes to the default configuration and theming.

New Look

Ubuntu Studio had been using the same theming, “Materia” (except for the 22.04 LTS release which was a re-colored Breeze theme) since 19.04. However, Materia has gone dead upstream. To stay consistent, we found a fork called “Orchis” which seems to match closely and have switched to that.

As you can see from the screenshot, it has more vivid colors, round corners, and a more modern look. We hope you enjoy it. We are aware of a bug involving a dark bar under windows which may be an issue, but sometimes switching the window decorations to another variation of the theme is a solution.

PipeWire 1.2.4

This release contains PipeWire 1.2. With PipeWire 1.2, FireWire devices requiring FFADO are supported. Do note that the Ubuntu Studio team does not have any FireWire devices and could not test this.

PipeWire’s JACK compatibility is configured to use out-of-the-box and is zero-latency internally. System latency is configurable via Ubuntu Studio Audio Configuration.

However, if you would rather use straight JACK 2 instead, that’s also possible. Ubuntu Studio Audio Configuration can disable and enable PipeWire’s JACK compatibility on-the-fly. From there, you can simply use JACK via QJackCtl.

Complete Deprecation of PulseAudio/JACK setup/Studio Controls

Due to the maturity of PipeWire, the traditional PulseAudio/JACK setup, where JACK would be started/stopped by Studio Controls and bridged to PulseAudio, is now fully deprecated and the option is not offered anymore. This configuration is no longer installable via Ubuntu Studio Audio Configuration. Studio Controls may return someday as a PipeWire fine-tuning solution, but for now it is unsupported by the developer.

Ardour 8.6

While this does not represent the latest release of Ardour, Ardour 8.6 is a great release. If you would like the latest release, we highly recommend purchasing one-time or subscribing to Ardour directly from the developers to help support this wonderful application.

To help support Ardour’s funding, you may obtain later versions directly from ardour.org. To do so, please one-time purchase or subscribe to Ardour from their website. If you wish to get later versions of Ardour from us, you will have to wait until the next regular release of Ubuntu Studio, due in April 2025.

Ubuntu Studio Audio Configuration

Ubuntu Studio Audio Configuration’s Dummy Audio Device now also has a much-requested Dummy Audio Input.

Additionally as described above, Ubuntu Studio Audio Configuration has an option to configure the default boot parameters that are commonly used to enable the low-latency capabilities of the Linux kernel used in Ubuntu. For more information about that, see the Ubuntu Studio Audio Configuration page.

We’re back on Matrix

You’ll notice that the menu links to our support chat and on our website will now take you to a Matrix chat. This is due to the Ubuntu community carving its own space within the Matrix federation.

However, this is not only a support chat. This is also a creativity discussion chat. You can pass ideas to each other and you’re welcome to it if the topic remains within those confines. However, if a moderator or admin warns you that you’re getting off-topic (or the intention for the chat room), please heed the warning.

This is a persistent connection, meaning if you close the window (or chat), it won’t lose your place as you may only need to sign back in to resume the chat.

Frequently Asked Questions

Q: Does Ubuntu Studio contain snaps?
A: Yes. Mozilla’s distribution agreement with Canonical changed, and Ubuntu was forced to no longer distribute Firefox in a native .deb package. We have found that, after numerous improvements, Firefox now performs just as well as the native .deb package did.

Thunderbird also became a snap so that the maintainers can get security patches delivered faster.

Additionally, Freeshow is an Electron-based application. Electron-based applications cannot be packaged in the Ubuntu repositories in that they cannot be packaged in a traditional Debian source package. While such apps do have a build system to create a .deb binary package, it circumvents the source package build system in Launchpad, which is required when packaging for Ubuntu. However, Electron apps also have a facility for creating snaps, which can be uploaded and included. Therefore, for Freeshow to be included in Ubuntu Studio, it had to be packaged as a snap.

We have additional snaps that are Ubuntu-specific, such as the Firmware Updater and the Security Center. Contrary to popular myth, Ubuntu does not have any plans to switch all packages to snaps, nor do we.

Q: Will you make an ISO with {my favorite desktop environment}?
A: To do so would require creating an entirely new flavor of Ubuntu, which would require going through the Official Ubuntu Flavor application process. Since we’re completely volunteer-run, we don’t have the time or resources to do this. Instead, we recommend you download the official flavor for the desktop environment of your choice and use Ubuntu Studio Installer to get Ubuntu Studio – which does *not* convert that flavor to Ubuntu Studio but adds its benefits.

Q: What if I don’t want all these packages installed on my machine?
A: Simply use the Ubuntu Studio Installer to remove the features of Ubuntu Studio you don’t want or need!

Get Involved!

A wonderful way to contribute is to get involved with the project directly! We’re always looking for new volunteers to help with packaging, documentation, tutorials, user support, and MORE! Check out all the ways you can contribute!

Our project leader, Erich Eickmeyer, is now working on Ubuntu Studio at least part-time, and is hoping that the users of Ubuntu Studio can give enough to generate a monthly part-time income. We’re not there, but if every Ubuntu Studio user donated monthly, we’d be there! Your donations are appreciated! If other distributions can do it, surely we can! See the sidebar for ways to give!

Special Thanks

Huge special thanks for this release go to:

  • Eylul Dogruel: Artwork, Graphics Design
  • Ross Gammon: Upstream Debian Developer, Testing, Email Support
  • Sebastien Ramacher: Upstream Debian Developer
  • Dennis Braun: Upstream Debian Developer
  • Rik Mills: Kubuntu Council Member, help with Plasma desktop
  • Scarlett Moore: Kubuntu Project Lead, help with Plasma desktop
  • Cristian Delgado: Translations for Ubuntu Studio Menu
  • Dan Bungert: Subiquity, seed fixes
  • Len Ovens: Testing, insight
  • Wim Taymans: Creator of PipeWire
  • Mauro Gaspari: Tutorials, Promotion, and Documentation, Testing, keeping Erich sane
  • Krytarik Raido: IRC Moderator, Mailing List Moderator
  • Erich Eickmeyer: Project Leader, Packaging, Development, Direction, Treasurer
on October 10, 2024 04:21 PM

The Kubuntu Team is happy to announce that Kubuntu 24.10 has been released, featuring the new and beautiful KDE Plasma 6.1 simple by default, powerful when needed.

Codenamed “Oracular Oriole”, Kubuntu 24.10 continues our tradition of giving you Friendly Computing by integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution.

Under the hood, there have been updates to many core packages, including a new 6.11 based kernel, KDE Frameworks 5.116 and 6.6.0, KDE Plasma 6.1 and many updated KDE gear applications.

Kubuntu 24.10 with Plasma 6.1

Kubuntu has seen many updates for other applications, both in our default install, and installable from the Ubuntu archive.

Applications for core day-to-day usage are included and updated, such as Firefox, and LibreOffice.

For a list of other application updates, and known bugs be sure to read our release notes.

Wayland as default Plasma session.

The Plasma wayland session is now the default option in sddm (display manager login screen). An X11 session can be selected instead if desired. The last used session type will be remembered, so you do not have to switch type on each login.

Download Kubuntu 24.10, or learn how to upgrade from 24.04 LTS.

Note: For upgrades from 24.04, there may a delay of a few hours to days between the official release announcements and the Ubuntu Release Team enabling upgrades.

on October 10, 2024 03:05 PM
Wake up and hear the birds sing! Thanks to the hard work from our contributors, Lubuntu 24.10 has been released. With the codename Oracular Oriole, Lubuntu 24.10 is the 27th release of Lubuntu, the 13th release of Lubuntu with LXQt as the default desktop environment. Download and Support Lifespan With Lubuntu 24.10 being an interim […]
on October 10, 2024 02:46 PM

A Joana Simões voltou e contou-nos as muitas aventuras que teve (e ainda vai ter) um pouco por todo o mundo; ainda falámos dos nossos Fairphones, das muitas Cimeiras, Encontros, Convenções e encontrões de comunidades por esse mundo fora - e a nossa favorita: a Festa do Software Livre e a Ubucon de 2024, cujo programa estivemos a rever em antecipação. A Festa ’tá forte, pá!

Já sabem: oiçam, subscrevam e partilhem!

Apoios

Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal. E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8. Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem. Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino, Miguel e Tiago Carrondo e editado pelo Senhor Podcast. O website é produzido por Tiago Carrondo e o código aberto está licenciado nos termos da Licença MIT. (https://creativecommons.org/licenses/by/4.0/). A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da CC0 1.0 Universal License. Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

on October 10, 2024 12:00 AM

October 08, 2024

Ubuntu MATE 24.10 is more of what you like, stable MATE Desktop on top of current Ubuntu. Read on to learn more 👓️

Ubuntu MATE 24.10 Ubuntu MATE 24.10

Thank you! 🙇

My sincere thanks to everyone who has played an active role in improving Ubuntu MATE for this release 👏 I’d like to acknowledge the close collaboration with the Ubuntu Foundations team and the Ubuntu flavour teams, in particular Erich Eickmeyer who pushed critical fixes while I was travelling. Thank you! 💚

What changed since the Ubuntu MATE 24.04 LTS?

Here are the highlights of what’s changed since the release of Ubuntu MATE 24.04

  • Ships stable MATE Desktop 1.26.2 with a handful of bug fixes 🐛
  • Switched back to Slick Greeter (replacing Arctica Greeter) due to race-condition in the boot process which results the display manager failing to initialise.
    • Returning to Slick Greeter reintroduces the ability to easily configure the login screen via a graphical application, something users have been requesting be re-instated 👍
  • Ubuntu MATE 24.10 .iso 📀 is now 3.3GB 🤏 Down from 4.1GB in the 24.04 LTS release.
    • This is thanks to some fixes in the installer that no longer require as many packages in the live-seed.

Login Window Configuration Login Window

What didn’t change since the Ubuntu MATE 24.04 LTS?

If you follow upstream MATE Desktop development, then you’ll have noticed that Ubuntu MATE 24.10 doesn’t ship with the recently released MATE Desktop 1.28 🧉

I have prepared packaging for MATE Desktop 1.28, along with the associated components but encountered some bugs and regressions 🐞 I wasn’t able to get things to a standard I’m happy to ship be default, so it is tried and true MATE 1.26.2 one last time 🪨

Major Applications

Accompanying MATE Desktop 1.26.2 🧉 and Linux 6.11 🐧 are Firefox 131 🔥🦊, Celluloid 0.27 🎥, Evolution 3.54 📧, LibreOffice 24.8.2 📚

See the Ubuntu 24.10 Release Notes for details of all the changes and improvements that Ubuntu MATE benefits from.

Download Ubuntu MATE 24.10

Ubuntu MATE 24.10 (Oracular Oriole) is available for PC/Mac users.

Download

Upgrading to Ubuntu MATE 24.10

The upgrade process to Ubuntu MATE 24.10 is the same as Ubuntu.

There are no offline upgrade options for Ubuntu MATE. Please ensure you have network connectivity to one of the official mirrors or to a locally accessible mirror and follow the instructions above.

on October 08, 2024 12:35 PM

October 07, 2024

Ubuntu Budgie 24.10 (Oracular Oriole) is a Standard Release with 9 months of support by your distro maintainers and Canonical, from Oct 2024 to July 2025.. These release notes showcase the key takeaways for 24.04 upgraders to 24.10. In these release notes the areas covered are: The key focus for the team for this cycle has been the conversion of our distro to a Wayland based distro.

Source

on October 07, 2024 05:35 PM
It’s time for another update! I’m pleased to introduce uCareSystem 24.10.07, the latest version of the all-in-one system maintenance tool. This release brings several key fixes and improvements that will make your system maintenance even smoother. What’s New? This really pissed me off…. I was preparing a test server of Ubuntu 24.04 where I installed […]
on October 07, 2024 03:00 PM

October 01, 2024

Almost all of my Debian contributions this month were sponsored by Freexian.

You can also support my work directly via Liberapay.

Pydantic

My main Debian project for the month turned out to be getting Pydantic back into a good state in Debian testing. I’ve used Pydantic quite a bit in various projects, most recently in Debusine, so I have an interest in making sure it works well in Debian. However, it had been stalled on 1.10.17 for quite a while due to the complexities of getting 2.x packaged. This was partly making sure everything else could cope with the transition, but in practice mostly sorting out packaging of its new Rust dependencies. Several other people (notably Alexandre Detiste, Andreas Tille, Drew Parsons, and Timo Röhling) had made some good progress on this, but nobody had quite got it over the line and it seemed a bit stuck.

Learning Rust is on my to-do list, but merely not knowing a language hasn’t stopped me before. So I learned how the Debian Rust team’s packaging works, upgraded a few packages to new upstream versions (including rust-half and upstream rust-idna test fixes), and packaged rust-jiter. After a lot of waiting around for various things and chasing some failures in other packages I was eventually able to get current versions of both pydantic-core and pydantic into testing.

I’m looking forward to being able to drop our clunky v1 compatibility code once debusine can rely on running on trixie!

OpenSSH

I upgraded the Debian packaging to OpenSSH 9.9p1.

YubiHSM

I upgraded python-yubihsm, yubihsm-connector, and yubihsm-shell to new upstream versions.

I noticed that I could enable some tests in python-yubihsm and yubihsm-shell; I’d previously thought the whole test suite required a real YubiHSM device, but when I looked closer it turned out that this was only true for some tests.

I fixed yubihsm-shell build failures on some 32-bit architectures (upstream PRs #431, #432), and also made it build reproducibly.

Thanks to Helmut Grohne, I fixed yubihsm-connector to apply udev rules to existing devices when the package is installed.

As usual, bookworm-backports is up to date with all these changes.

Python team

setuptools 72.0.0 removed the venerable setup.py test command. This caused some fallout in Debian, some of which was quite non-obvious as packaging helpers sometimes fell back to different ways of running test suites that didn’t quite work. I fixed django-guardian, manuel, python-autopage, python-flask-seeder, python-pgpdump, python-potr, python-precis-i18n, python-stopit, serpent, straight.plugin, supervisor, and zope.i18nmessageid.

As usual for new language versions, the addition of Python 3.13 caused some problems. I fixed psycopg2, python-time-machine, and python-traits.

I fixed build/autopkgtest failures in keymapper, python-django-test-migrations, python-rosettasciio, routes, transmissionrpc, and twisted.

buildbot was in a bit of a mess due to being incompatible with SQLAlchemy 2.0. Fortunately by the time I got to it upstream had committed a workable set of patches, and the main difficulty was figuring out what to cherry-pick since they haven’t made a new upstream release with all of that yet. I figured this out and got us up to 4.0.3.

Adrian Bunk asked whether python-zipp should be removed from trixie. I spent some time investigating this and concluded that the answer was no, but looking into it was an interesting exercise anyway.

On the other hand, I looked into flask-appbuilder, concluded that it should be removed, and filed a removal request.

I upgraded some embedded CSS files in nbconvert.

I upgraded importlib-resources, ipywidgets, jsonpickle, pydantic-settings, pylint (fixing a test failure), python-aiohttp-session, python-apptools, python-asyncssh, python-django-celery-beat, python-django-rules, python-limits, python-multidict, python-persistent, python-pkginfo, python-rt, python-spur, python-zipp, stravalib, transmissionrpc, vulture, zodbpickle, zope.exceptions (adopting it), zope.i18nmessageid, zope.proxy, and zope.security to new upstream versions.

debmirror

The experimental and *-proposed-updates suites used to not have Contents-* files, and a long time ago debmirror was changed to just skip those files in those suites. They were added to the Debian archive some time ago, but debmirror carried on skipping them anyway. Once I realized what was going on, I removed these unnecessary special cases (#819925, #1080168).

on October 01, 2024 01:19 PM

September 29, 2024

A networking guide for Incus

Simos Xenitellis

Incus is a hypervisor/manager for virtual machines and application/system containers. Get community support here.

A virtual machine (VM) is an instance of an operating system that runs on a computer, along with the main operating system. A virtual machine uses hardware virtualization features for the separation from the main operating system.

A system container is an instance of an operating system that also runs on a computer, along with the main operating system. A system container, instead, uses security primitives of the Linux kernel for the separation from the main operating system. The system container follows the lifecycle of a computer system. You can think of system containers as software virtual machines.

An application container is a container that has an application or service. It follows the lifecycle of the application instead of a system. That is, here you start and stop the application instead of booting and shutting down a system. Incus supports Open Container Initiative (OCI) images such as Docker images. When Incus launches an OCI image, it uses its own runtime, not Docker’s. That is, Incus consumes images from any OCI image repositories.

In virtual machines and system/application containers we can attach virtual networking devices, either

  • none, (i.e. an instance without networking)
  • one or, (i.e. most common and simple case)
  • more than one.

In addition to the virtual networking devices, we can also attach real hardware networking devices. Those devices can be taken away from the host and get pushed into a virtual machine or system container.

You may use a combination of those networking devices in the same instance. It is left as an exercise to the reader to explore that road. In these tutorials we are look at one at most networking device per instance.

There will be attempts to generalize and explain in practical terms. If I get something wrong, please correct me in the comments so that it gets fixed and we all learn something new. Note that I will be editing this content along the way, adding material, troubleshooting cases, etc.

In this post we are listing tutorials of the different Incus devices of type nic (network interface controller). Whatever we write in this post and the linked tutorials, are covered in that documentation URL!

The list of tutorials per networking:

  1. bridge (the default, the local network bridge), it’s in this post below.
  2. bridged, (pending)
  3. macvlan, (pending)
  4. none,
  5. physical,
  6. ipvlan,
  7. routed,

The setup

When demonstrating these network configurations, we will be using an Incus VM. When learning, try there in your Incus VM before applying on your host or your server.

We launch an Incus VM, called tutorial, with Ubuntu 24.04 LTS, then get a shell with the default non-root account ubuntu. I am impatient and I am typing repeatedly the incus exec command to get a shell. The VM takes a few moments to boot up, and I get interested error messages until the VM is actually running. Not really relevant to this tutorial but you will get educated at every opportunity.

$ incus launch images:ubuntu/24.04/cloud tutorial --vm
Launching tutorial
$ incus exec tutorial -- su -l ubuntu
Error: VM agent isn't currently running
$ incus exec tutorial -- su -l ubuntu
su: user ubuntu does not exist or the user entry does not contain all the required fields
$ incus exec tutorial -- su -l ubuntu
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@tutorial:~$ 

We got a shell in the VM. Then, install Incus which is available in the default repositories of Ubuntu 24.04 LTS. Also, we install zfsutils-linux, which are the client utilities to use ZFS in Incus. We are advised to add our non-root account to the incus-admin group in order to have access to Incus. Without that, we would have to use sudo all the time. When you add a user to a group, you need to logout then log in again for the change to take effect. And this is what we do (unless you know about newgrp).

ubuntu@tutorial:~$ sudo apt install -y incus zfsutils-linux
...
Creating group 'incus' with GID 989.
Creating group 'incus-admin' with GID 988.
Created symlink /etc/systemd/system/multi-user.target.wants/incus-startup.service → /usr/lib/systemd/system/incus-startup.service.
Created symlink /etc/systemd/system/sockets.target.wants/incus-user.socket → /usr/lib/systemd/system/incus-user.socket.
Created symlink /etc/systemd/system/sockets.target.wants/incus.socket → /usr/lib/systemd/system/incus.socket.
incus.service is a disabled or a static unit, not starting it.
incus-user.service is a disabled or a static unit, not starting it.

Incus has been installed. You must run `sudo incus admin init` to
perform the initial configuration of Incus.
Be sure to add user(s) to either the 'incus-admin' group for full
administrative access or the 'incus' group for restricted access,
then have them logout and back in to properly setup their access.

...
ubuntu@tutorial:~$ sudo usermod -a -G incus-admin ubuntu
ubuntu@tutorial:~$ logout
$ incus exec tutorial -- su -l ubuntu
ubuntu@tutorial:~$ 

Now we initialize Incus with sudo incus admin init.

Default Incus networking

When you install and setup Incus with incus admin init, you are prompted whether you want to create a local network bridge. We press Enter to all prompts, which means that we accept all the defaults that are presented to us. The last question is whether to show the initialization configuration. If you missed it, you can get it after the fact by running incus admin init --dump (dumps the configuration).

ubuntu@tutorial:~$ incus admin init
Would you like to use clustering? (yes/no) [default=no]: 
Do you want to configure a new storage pool? (yes/no) [default=yes]: 
Name of the new storage pool [default=default]: 
Name of the storage backend to use (zfs, dir) [default=zfs]: 
Create a new ZFS pool? (yes/no) [default=yes]: 
Would you like to use an existing empty block device (e.g. a disk or partition)? (yes/no) [default=no]: 
Size in GiB of the new loop device (1GiB minimum) [default=5GiB]: 
Would you like to create a new local network bridge? (yes/no) [default=yes]: 
What should the new bridge be called? [default=incusbr0]: 
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: 
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: 
Would you like the server to be available over the network? (yes/no) [default=no]: 
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]: 
Would you like a YAML "init" preseed to be printed? (yes/no) [default=no]: yes
config: {}
networks:
- config:
    ipv4.address: auto
    ipv6.address: auto
  description: ""
  name: incusbr0
  type: ""
  project: default
storage_pools:
- config:
    size: 5GiB
  description: ""
  name: default
  driver: zfs
profiles:
- config: {}
  description: ""
  devices:
    eth0:
      name: eth0
      network: incusbr0
      type: nic
    root:
      path: /
      pool: default
      type: disk
  name: default
projects: []
cluster: null

ubuntu@tutorial:~$

If you accept the defaults (i.e. press Enter in each) or type them explicitly, you get a local bridge named incusbr0 that is managed by Incus, and gives private IPv4 and IPv6 IP addresses to your newly created instances.

Let’s see them in practice in your Incus installation. You have configured Incus and Incus created a default profile, called default, for you. This profile is applied by default to all newly created instances and has the networking configuration in there. In that profile there are two devices, and one of them is the networking device. In Incus the device is called eth0 (in pink color), and in the instance it will be shown as eth0 (green color). On the host, the bridge will appear with the name incusbr0. It’s a networking type, hence of type nic.

ubuntu@tutorial:~$ incus profile list
+---------+-----------------------+---------+
|  NAME   |      DESCRIPTION      | USED BY |
+---------+-----------------------+---------+
| default | Default Incus profile | 0       |
+---------+-----------------------+---------+
ubuntu@tutorial:~$ incus profile show default
config: {}
description: Default Incus profile
devices:
  eth0:
    name: eth0
    network: incusbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by: []
ubuntu@tutorial:~$ 

incusbr0 was created by Incus. Let’s see details through the incus network commands. We first list the network interfaces and then we show the incusbr0 network interface. incusbr0 is a managed network interface (in pink below), and it’s managed by Incus. Incus takes care of the networking and provides DHCP services, and access to the upstream network (i.e. the Internet). incusbr0 is a network bridge (in blue). An instance that requires network configuration from incusbr0, will get an IP address from the range 10.180.234.1-254 (in orange). Network Address Translation (NAT) is enabled (also in orange), which means there is access to the upstream network, and likely the Internet.

ubuntu@tutorial:~$ incus network list
+----------+----------+---------+-----------------+---------+---------+
|   NAME   |   TYPE   | MANAGED |      IPV4       | USED BY |  STATE  |    
+----------+----------+---------+-----------------+---------+---------+
| enp5s0   | physical | NO      |                 | 0       |         |    
+----------+----------+---------+-----------------+---------+---------+
| incusbr0 | bridge   | YES     | 10.180.234.1/24 | 1       | CREATED |
+----------+----------+---------+-----------------+---------+---------+
ubuntu@tutorial:~$ incus network show incusbr0
config:
  ipv4.address: 10.180.234.1/24
  ipv4.nat: "true"
  ipv6.address: fd42:7:7dfe:75cf::1/64
  ipv6.nat: "true"
description: ""
name: incusbr0
type: bridge
used_by:
- /1.0/profiles/default
managed: true
status: Created
locations:
- none
ubuntu@tutorial:~$ 

Let’s launch a container and test these out. The instance got an IP address (in orange) that is within the range of the network bridge above.

ubuntu@tutorial:~$ incus launch images:alpine/edge/cloud myalpine
Launching myalpine
ubuntu@tutorial:~$ incus list -c ns4t     
+----------+---------+----------------------+-----------+
|   NAME   |  STATE  |         IPV4         |   TYPE    |
+----------+---------+----------------------+-----------+
| myalpine | RUNNING | 10.180.234.24 (eth0) | CONTAINER |
+----------+---------+----------------------+-----------+
ubuntu@tutorial:~$ 

The IP address is OK but could it look better? It’s private anyway, and we can select anything from the range 10.x.y.z. Let’s change it so that it uses instead 10.10.10.1-254. We set the configuration of incusbr0 for ipv4.address (see earlier) to a new value, 10.10.10.1/24. Each number separated by commas is 8 bits in length, and /24 means that the first 3 * 8 = 24 bits should stay the same. We make the change, but the instance still has the old IP address. We restart the instance, and it automatically gets the new IP address from the new range.

ubuntu@tutorial:~$ incus network set incusbr0 ipv4.address=10.10.10.1/24
ubuntu@tutorial:~$ incus list -c ns4t
+----------+---------+----------------------+-----------+
|   NAME   |  STATE  |         IPV4         |   TYPE    |
+----------+---------+----------------------+-----------+
| myalpine | RUNNING | 10.180.234.24 (eth0) | CONTAINER |
+----------+---------+----------------------+-----------+
ubuntu@tutorial:~$ incus restart myalpine
ubuntu@tutorial:~$ incus list -c ns4t
+----------+---------+--------------------+-----------+
|   NAME   |  STATE  |        IPV4        |   TYPE    |
+----------+---------+--------------------+-----------+
| myalpine | RUNNING | 10.10.10.24 (eth0) | CONTAINER |
+----------+---------+--------------------+-----------+
ubuntu@tutorial:~$ 

We have created incusbr0. Are we allowed to create another private bridge? Sure we are. We will call it incusbr1, and also we disable IPv6 networking. IPv6 addresses are too wide and mess up the formatting on my blog. If you notice earlier, there were no IPv6 addresses although IPv6 was configured on incusbr0. I cheated and removed the IPv6 addresses in some command outputs.

ubuntu@tutorial:~$ incus network create incusbr1 ipv4.address=10.10.20.1/24 ipv6.address=none
Network incusbr1 created
ubuntu@tutorial:~$ incus network show incusbr1
config:
  ipv4.address: 10.10.20.1/24
  ipv6.address: none
description: ""
name: incusbr1
type: bridge
used_by: []
managed: true
status: Created
locations:
- none
ubuntu@tutorial:~$ 

We have created incusbr1. Can we now launch an instance onto that private bridge? We launch the instance called myalpine1 and we used the incus launch parameter --network incusbr1 to specify a different network than the default network in the default Incus profile. We verify below that myalpine1 is served by incusbr1 (in green).

ubuntu@tutorial:~$ incus launch images:alpine/edge/cloud myalpine1 --network incusbr1
Launching myalpine1
ubuntu@tutorial:~$ incus list -c ns4t
+-----------+---------+--------------------+-----------+
|   NAME    |  STATE  |        IPV4        |   TYPE    |
+-----------+---------+--------------------+-----------+
| myalpine  | RUNNING | 10.10.10.24 (eth0) | CONTAINER |
+-----------+---------+--------------------+-----------+
| myalpine1 | RUNNING | 10.10.20.85 (eth0) | CONTAINER |
+-----------+---------+--------------------+-----------+
ubuntu@tutorial:~$ incus network show incusbr1
config:
  ipv4.address: 10.10.20.1/24
  ipv6.address: none
description: ""
name: incusbr1
type: bridge
used_by:
- /1.0/instances/myalpine1
managed: true
status: Created
locations:
- none
ubuntu@tutorial:~$ 

Technical details

The instances that use the Incus private bridge have access to the Internet. How is this achieved? It’s achieve with either iptables or nftables rules. In recent versions of Linux distributions, you would be using nftables by default (command: nft, no relation to NFTs). To view the firewall ruleset that were created by Incus, run sudo nft list ruleset. Here is my ruleset and should be similar to yours. There is one table for Incus and four chains. A persistent, a forward, an in and an out. More at the documentation site at nftables.

ubuntu@tutorial:~$ sudo nft list ruleset
table inet incus {
	chain pstrt.incusbr0 {
		type nat hook postrouting priority srcnat; policy accept;
		ip saddr 10.57.39.0/24 ip daddr != 10.57.39.0/24 masquerade
		ip6 saddr fd42:e7b:739c:7117::/64 ip6 daddr != fd42:e7b:739c:7117::/64 masquerade
	}

	chain fwd.incusbr0 {
		type filter hook forward priority filter; policy accept;
		ip version 4 oifname "incusbr0" accept
		ip version 4 iifname "incusbr0" accept
		ip6 version 6 oifname "incusbr0" accept
		ip6 version 6 iifname "incusbr0" accept
	}

	chain in.incusbr0 {
		type filter hook input priority filter; policy accept;
		iifname "incusbr0" tcp dport 53 accept
		iifname "incusbr0" udp dport 53 accept
		iifname "incusbr0" icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
		iifname "incusbr0" udp dport 67 accept
		iifname "incusbr0" icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-solicit, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } accept
		iifname "incusbr0" udp dport 547 accept
	}

	chain out.incusbr0 {
		type filter hook output priority filter; policy accept;
		oifname "incusbr0" tcp sport 53 accept
		oifname "incusbr0" udp sport 53 accept
		oifname "incusbr0" icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
		oifname "incusbr0" udp sport 67 accept
		oifname "incusbr0" icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } accept
		oifname "incusbr0" udp sport 547 accept
	}
}
ubuntu@tutorial:~$ 

Future considerations

  1. Network isolation.

on September 29, 2024 02:12 PM

September 21, 2024


The beta of Kubuntu Oracular Oriole (to become 24.10 in October) has now been released, and is available for download.

This milestone features images for Kubuntu and other Ubuntu flavours.

Pre-releases of Kubuntu Mantic Minotaur are not recommended for:

  • Anyone needing a stable system
  • Regular users who are not aware of pre-release issues
  • Anyone in a production environment with data or workflows that need to be reliable

They are, however, recommended for:

  • Regular users who want to help us test by finding, reporting, and/or fixing bugs
  • Kubuntu, KDE, and Qt developers
  • Other Ubuntu flavour developers

The Beta includes some software updates that are ready for broader testing. However, it is an early set of images, so you should expect some bugs.

We STRONGLY advise testers to read the Kubuntu 24.10 Beta release notes before installing, and in particular the section on ‘Known issues‘.

You can also find more information about the entire 24.10 release (base, kernel, graphics etc) in the main Ubuntu Beta release notes and announcement.



To enable Flatpaks in KDE’s Discover in Kubuntu 24.10, run this command:

sudo apt install flatpak plasma-discover-backend-flatpak


To enable the largest Flatpak repository, run this command:

flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo


Log out and log back in (or restart) to re-initialize the XDG_DATA_DIRS variable, otherwise, newly installed Flatpak apps will not run or appear in the startup menu.

on September 21, 2024 10:38 PM

The Ubuntu Studio team is pleased to announce the beta release of Ubuntu Studio 24.10, codenamed “Oracular Oriole”.

While this beta is reasonably free of any showstopper installer bugs, you will find some bugs within. This image is, however, mostly representative of what you will find when Ubuntu Studio 24.10 is released on October 10, 2024.

Special Notes

The Ubuntu Studio 24.10 image (ISO) exceeds 4 GB and cannot be downloaded to some file systems such as FAT32 and may not be readable when burned to a DVD. For this reason, we recommend downloading to a compatible file system. When creating a boot medium, we recommend creating a bootable USB stick with the ISO image or burning to a Dual-Layer DVD.

Images can be obtained from this link: https://cdimage.ubuntu.com/ubuntustudio/releases/24.10/beta/

Full updated information, including Upgrade Instructions, are available in the Release Notes.

New Features This Release

  • Plasma 6.1 is now the default desktop environment, an upgrade from Plasma 5.27. This may have some unknown bugs that we’re ironing out as we go along, along with theming.
  • Ubuntu’s Generic Kernel is now capable of the same low latency processing as Ubuntu’s lowlatency kernel when certain boot parameters are used. Additionally, the lowlatency kernel is eventually going to be deprecated. With this in mind, we have switched to the generic kernel with the low latency boot parameters enabled by default. These boot parameters can be tweaked in Ubuntu Studio Audio Configuation.
  • Minimal Install Option for new installations. This allows users to install Ubuntu Studio and customize what they need later with Ubuntu Studio Installer.
  • Orchis is now our default theme, which replaces Materia, our default theme since 19.04. Materia has stopped development, so we decided to
  • PipeWire continues to improve with every release and now includes FFADO support. Version 1.2.3
  • Ubuntu Studio Installer‘s included Ubuntu Studio Audio Configuration utility for fine-tuning the PipeWire setup now includes the ability to create or remove a dummy audio input device. Version 1.30
  • The legacy PulseAudio/JACK has been deprecated and discontinued, is no longer supported, and is no longer an option to use. Going forward, PipeWire or JACK are the only options. PipeWire’s JACK integration can be disabled from Ubuntu Studio Audio Configuration to use JACK by itself with QJackCtl, or via other means.

Major Package Upgrades

  • Ardour version 8.6.0
  • Qtractor version 1.1
  • OBS Studio version 30.2.3
  • Audacity version 3.6.1
  • digiKam version 8.4.0
  • Kdenlive version 24.08.1
  • Krita version 5.2.3

There are many other improvements, too numerous to list here. We encourage you to look around the freely-downloadable ISO image.

Known Issues

  • Due to the transition to Plasma 6 and Qt6, there may be some theming inconsistencies, especially for those upgrading. To work around these issues, reapply the default theme using System Settings and select “Orchis-dark” from Kvantum Manager.
  • Some graphics cards might find the transparency in the Orchis theme difficult to work with. For that reason, you can switch to “Orchis-dark-solid” in the Kvantum Manager. Feedback is welcome, and if the transparency becomes too burdensome, we can switch to the solid theme by default.
  • The new minimal install mode will not load the desktop properly with the extra icons (gimp, krita, patchance, etc.) in the top bar, so those had to be removed by default. If you find them useful, you can add them by right-clicking in the menu and clicking “Pin to Task Manager”. We apologize for the inconvenience.

Official Ubuntu Studio release notes can be found at https://ubuntustudio.org/ubuntu-studio-24-10-release-notes/

Further known issues, mostly pertaining to the desktop environment, can be found at https://wiki.ubuntu.com/OracularOriole/ReleaseNotes/Kubuntu

Additionally, the main Ubuntu release notes contain more generic issues: https://discourse.ubuntu.com/t/oracular-oriole-release-notes/44878

How You Can Help

Please test using the test cases on https://iso.qa.ubuntu.com. All you need is a Launchpad account to get started.

Additionally, we need financial contributions. Our project lead, Erich Eickmeyer, is working long hours on this project and trying to generate a part-time income. Go here to see how you can contribute financially (options are also in the sidebar).

Frequently Asked Questions

Q: Does Ubuntu Studio contain snaps?
A: Yes. Mozilla’s distribution agreement with Canonical changed, and Ubuntu was forced to no longer distribute Firefox in a native .deb package. We have found that, after numerous improvements, Firefox now performs just as well as the native .deb package did.

Thunderbird is also a snap this cycle in order for the maintainers to get security patches delivered faster.

Additionally, Freeshow is an Electron-based application. Electron-based applications cannot be packaged in the Ubuntu repositories in that they cannot be packaged in a traditional Debian source package. While such apps do have a build system to create a .deb binary package, it circumvents the source package build system in Launchpad, which is required when packaging for Ubuntu. However, Electron apps also have a facility for creating snaps, which can be uploaded and included. Therefore, for Freeshow to be included in Ubuntu Studio, it had to be packaged as a snap.

Also, to keep theming consistent, all included themes are snapped in addition to the included .deb versions so that snaps stay consistent with out themes.

We are working with Canonical to make sure that the quality of snaps goes up with each release, so we please ask that you give snaps a chance instead of writing them off completely.

Q: If I install this Beta release, will I have to reinstall when the final release comes out?
A: No. If you keep it updated, your installation will automatically become the final release. However, if Audacity returns to the Ubuntu repositories before final release, then you might end-up with a double-installation of Audacity. Removal instructions of one or the other will be made available in a future post.

Q: Will you make an ISO with {my favorite desktop environment}?
A: To do so would require creating an entirely new flavor of Ubuntu, which would require going through the Official Ubuntu Flavor application process. Since we’re completely volunteer-run, we don’t have the time or resources to do this. Instead, we recommend you download the official flavor for the desktop environment of your choice and use Ubuntu Studio Installer to get Ubuntu Studio – which does *not* convert that flavor to Ubuntu Studio but adds its benefits.

Q: What if I don’t want all these packages installed on my machine?
A: We now include a minimal install option. Install using the minimal install option, then use Ubuntu Studio Installer to install what you need for your very own content creation studio.

on September 21, 2024 12:02 AM

September 17, 2024

My Chair

Benjamin Mako Hill

I realize that because I have several chairs, the phrase “my chair” is ambiguous. To reduce confusion, I will refer to the head of my academic department as “my office chair” going forward.

on September 17, 2024 10:11 PM

Recently I have been most baffled by how on my iPhone, my iCloud backup was over 5GB (and therefore would not back up into the free space that I have) despite how I had turned off most of the apps that might want to be included in the backup.

There are many, many, many posts on the internet from people having this problem, and there are a few common things which come up. The first one is that iMessage is included in the backup, and this includes any images or videos you've received or sent. The second is that your photos are included. So if you're thinking "hey there's hardly anything on my phone, why is the iCloud backup so big" but you've got 2 years worth of chats with a zillion people full of videos... that's why.

I, however, had tried all that and I still couldn't get the backup size down. I even spoke to Apple suport directly about it, three times; each of the people I spoke to had helpful suggestions, but it was also equally clear that each of them was fishing around in the dark, because all the "usual" tricks and traps they knew about which caused this were things that I'd already dealt with or disabled. It all ended up inconclusive, and I still didn't have a backup.

Today, in desperation, I decided to try backing up the phone to my Linux machine so I could poke about in the backup to see if I could tell what was using all the space. Now, iPhones can be backed up to Macs (not surprisingly) and Windows, but there's no official provision for doing so on Linux, sadly. However, there is libimobiledevice, a set of command line tools. I used them to back up my phone to my desktop as follows:

  1. plug the phone in
  2. idevicebackup2 cloud off # disable iCloud backup
  3. idevicebackup2 -i encryption on # enter a password
  4. idevicebackup2 backup ./ # back up phone into current dir

Once I'd done that, I had a folder named for the UDID of my phone, filled with encrypted data. Fortunately, there is a Python library called iOSbackup which knows how to read and decrypt these backups, so I used it to write myself a little equivalent of the du utility to see which folders in the backup might be unexpectedly using a lot more storage than I expected.

And in fact there were a whole bunch of folders called something like Library/WebClips/(long string).webclip/ which were using tons of storage, some over a gigabyte. I immediately thought: hey, I bet they're Home Screen web apps. I use a lot of these -- if there's a PWA for a service, I'll use it rather than a platform-specific app. We set up Open Web Advocacy for a reason, after all. So this made me jump to a (what turned out to be correct) conclusion from a standing start. Each of these Library/WebClips/blah.webclip folders contains an ApplicationManifest file, and you can get iOSbackup to disgorge its decrypted content; it's a "binary plist" (which Python knows how to read) and with that I could see which Home Screen web apps were taking up space with this little script:

from iOSbackup import iOSbackup
import plistlib
import os
import json

UDID = "ENTER YOUR UDID HERE (the backup folder name)"
PASSWORD = "BACKUP ENCRYPTION PASSWORD"
FOLDER = "2024-09-17" # folder you put the backup in
b = iOSbackup(udid=UDID, cleartextpassword=PASSWORD, 
    backuproot=FOLDER)

# https://stackoverflow.com/a/53567149/1418014 thanks!
def formatSize(sizeInBytes, decimalNum=1,
    isUnitWithI=False, sizeUnitSeperator=""):
  """format size to human readable string"""
  # K=kilo, M=mega, G=giga, T=tera, P=peta, 
  # E=exa, Z=zetta, Y=yotta
  sizeUnitList = ['','K','M','G','T','P','E','Z']
  largestUnit = 'Y'

  if isUnitWithI:
    sizeUnitListWithI = []
    for curIdx, eachUnit in enumerate(sizeUnitList):
      unitWithI = eachUnit
      if curIdx >= 1:
        unitWithI += 'i'
      sizeUnitListWithI.append(unitWithI)

    sizeUnitList = sizeUnitListWithI

    largestUnit += 'i'

  suffix = "B"
  decimalFormat = "." + str(decimalNum) + "f" # ".1f"
  finalFormat = ("%" + decimalFormat + 
    sizeUnitSeperator + "%s%s") # "%.1f%s%s"
  sizeNum = sizeInBytes
  for sizeUnit in sizeUnitList:
      if abs(sizeNum) < 1024.0:
        return finalFormat % (sizeNum, sizeUnit, suffix)
      sizeNum /= 1024.0
  return finalFormat % (sizeNum, largestUnit, suffix)

webapp_sizes = {}
for file in b.getBackupFilesList():
    if not file["name"].startswith("Library/WebClips/"):
        continue
    webclip_folder = file["name"].split("/")[2]
    if webclip_folder not in webapp_sizes:
        webapp_sizes[webclip_folder] = {
            "size": 0, "name": None}

    # work out where this file is in the backup
    backup_file_loc = os.path.join(
        FOLDER, UDID, file["backupFile"][:2], 
        file["backupFile"])
    try:
        # technically this is accumulating the encrypted
        # size of the file, not the decrypted. But it's fine
        bf_size = os.stat(backup_file_loc).st_size
        webapp_sizes[webclip_folder]["size"] += bf_size
    except FileNotFoundError:
        continue

    if file["name"].endswith("/ApplicationManifest"):
        # decrypt it to a temp location
        # you should be doing this with tempfile
        dec = b.getFileDecryptedCopy(relativePath=file["name"],
            targetFolder="/tmp", targetName="iosdec")
        with open("/tmp/iosdec", mode="rb") as fp:
            data = fp.read()
            am = plistlib.loads(data)
            # go looking for the first one which looks like JSON
            for item in am["$objects"]:
                if type(item) is not str:
                    continue
                elif item.startswith("https://"):
                    webapp_name = item
                else:
                    try:
                        manifest_json = json.loads(item)
                    except:
                        continue
                    webapp_name = manifest_json.get("name", 
                        manifest_json.get("short_name", "?"))
                webapp_sizes[webclip_folder]["name"] = webapp_name
                break

for v in webapp_sizes.values():
    if v["size"] < 50 or not v["name"]: continue
    print(f"{v['name']}: {formatSize(v['size'])}")

and this helpfully printed a list which looked like this (but longer; I've kept a few around to give you the flavour):

https://elk.zone/: 133.1MB
https://squoosh.app/: 1.1MB
https://www.kryogenix.org/farmbound/: 11.5MB
https://nerdlegame.com/: 220.9MB
https://twitter.com/: 1.2GB
Phanpy: 1.6GB
https://www.nytimes.com/games/: 376.2MB

So... aha. Twitter and Phanpy can, I suppose, be excused since they are presumably caching every post ever, but I can delete those and re-add (and not bother re-adding Twitter) to get some of that back. Wordle, you are the weakest link, goodbye, and also I don't need elk.zone any more now I'm using Phanpy.

I removed a bunch of these. Then I told the iCloud Backup to run again. And now my backup size is 800MB, not 5GB. Hooray!

To be clear, this is not at all a Safari problem. Safari is absolutely doing the right thing here; well done Safari team. Web apps are apps; they should be included in my phone backup, 100%. The bug here is in the iCloud Backup Settings App List, which lists all the apps that are taking up space in the backup but does not list Home Screen web apps. This sucks, and it's a bug, and it should be fixed. Show me PWAs in the backup list, especially ones taking up a gigabyte of space in it. I have filed the bug at feedbackassistant.apple.com although I've never heard back from any of the others I've filed there so I don't really know what the process is.

OK, now off to add Phanpy again.

on September 17, 2024 09:35 PM

Introduction

The Linux Containers project maintains Long Term Support (LTS) releases for its core projects.
Those come with 5 years of support from upstream with the first two years including bugfixes, minor improvements and security fixes and the remaining 3 years getting only security fixes.

This is now the second round of bugfix releases for LXC, LXCFS and Incus 6.0 LTS.

LXC

LXC is the oldest Linux Containers project and the basis for almost every other one of our projects.
This low-level container runtime and library was first released in August 2008, led to the creation of projects like Docker and today is still actively used directly or indirectly on millions of systems.

Announcement: https://discuss.linuxcontainers.org/t/lxc-6-0-2-lts-has-been-released/21632

Highlights of this point release:

  • Reduced log level on some common messages
  • Fix compilation error on aarch64

LXCFS

LXCFS is a FUSE filesystem used to workaround some shortcomings of the Linux kernel when it comes to reporting available system resources to processes running in containers.
The project started in late 2014 and is still actively used by Incus today as well as by some Docker and Kubernetes users.

Announcement: https://discuss.linuxcontainers.org/t/lxcfs-6-0-2-lts-has-been-released/21631

Highlights of this point release:

  • Fix building of LXCFS on musl systems (missing include)

Incus

Incus is our most actively developed project. This virtualization platform is just over a year old but has already seen over 3500 commits by over 120 individual contributors. Its first LTS release made it usable in production environments and significantly boosted its user base.

Announcement: https://discuss.linuxcontainers.org/t/incus-6-0-2-lts-has-been-released/21633

Highlights of this point release:

  • Completion of transition to native OVSDB for OVS/OVN
  • Baseline CPU defintiion for clustered users
  • Filesystem support for io.bus and io.cache
  • CPU flags in server resources
  • Unified image support in incus-simplestreams
  • Completion of libovsdb transition
  • Using a sub-path of a volume as a disk
  • Per storage pool projects limits
  • Isolated OVN networks (no uplink)
  • Per-instance LXCFS
  • Support for environment file at create/launch time
  • Instance auto-restart
  • Column selection in all list commands
  • QMP command hooks and scriptlet
  • Live disk resize support in virtual machines
  • PCI devices hotplug
  • OVN load-balancer health checks
  • Promiscuous mode for OVN NICs
  • Ability to run off IP allocation on OVN NICs
  • Customizable OIDC scope request
  • Configurable LVM PV metadata size
  • Configurable OVS socket path

What’s next?

We’re expecting another LTS bugfix release for the 6.0 branches later this year.

On top of that, Q4 of 2024 will also feature non-LTS feature releases of both LXC and LXCFS as we’re trying to push out new releases of those two projects every 6 months now.

Incus will keep going with its usual monthly feature release cadence.

on September 17, 2024 12:05 PM

September 13, 2024

Parasocial chat

On Linux Matters we have a friendly and active, public Telegram channel linked on our Contact page, along with a Discord Channel. We also have links to Mastodon, Twitter (not that we use it that much) and email.

At the time of writing there are roughly this ⬇️ number of people (plus bots, sockpuppets and duplicates) in or following each Linux Matters “official” presence:

Channel Number
Telegram 796
Discord 683
Mastodon 858
Twitter 9919

Preponderance of chat

We chose to have a presence in lots of places, but primarily the talent presenters (Martin, Mark, and myself (and Joe)) only really hang out to chat on Telegram and Mastodon.

I originally created the Telegram channel on November 20th, 2015, when we were publishing the Ubuntu Podcast (RIP in Peace) A.K.A. Ubuntu UK Podcast. We co-opted and renamed the channel when Linux Matters launched in 2023.

Prior to the channel’s existence, we used the Ubuntu UK Local Community (LoCo) Team IRC channel on Freenode (also, RIP in Peace).

We also re-branded our existing Mastodon accounts from the old Ubuntu Podcast to Linux Matters.

We mostly continue using Telegram and Mastodon as our primary methods of communication because on the whole they’re fast, reliable, stay synced across devices, have the features we enjoy, and at least one of them isn’t run by a weird billionaire.

Other options

We link to a lot of other places at the top of the Linux Matters home page, where our listeners can chat, mostly to eachother and not us.

Being over 16, I’m not a big fan of Discord, and I know Mark doesn’t even have an account there. None of us use Twitter much anymore, either.

Periodically I ponder if we (Linux Matters) should use something other than Telegram. I know some listeners really don’t like the platform, but prefer other places like Signal, Matrix or even IRC. I know for sure some non-listeners don’t like Telegram, but I care less about their opinions.

Part of the problem is that I don’t think any of us really enjoy the other realtime chat alternatives. Both Matrix and Signal have terrible user experience, and other flaws. Which is why you don’t tend to find us hanging out in either of those places.

There are further options I haven’t even considered, like Wire, WhatsApp, and likely more I don’t even know or care about.

So we kept using Telegram over any of the above alternative options.

Pondering Posting Polls

I have repeatedly considered asking the listeners about their preferred chat platforms via our existing channels. But that seems flawed, because we use what we like, and no matter how many people prefer something else, we’re unlikely to move. Unless something strange happens 👀 .

Plus, often times, especially on decentralised platforms, the audience can be somewhat “over-enthusiastic” about their preferred way being The Way™️ over the alternatives. It won’t do us any favours to get data saying 40% report we should use Signal, 40% suggest Matrix and 20% choose XMPP, if the four of us won’t use any of them.

Pursue Podcast Palaver Proposals

So rather than ask our audience, I thought I’d see what other podcasters promote for feedback and chatter on their websites.

I picked a random set from shows I have heard of, and may have listened to, plus a few extra ones I haven’t. None of this is endorsement or approval, I wanted the facts, just the fax, ma’am.

I collated the data in a json file for some reason, then generated the tables below. I don’t know what to do with this information, but it’s a bit of data we may use if we ever decide to move away from Telegram.

Presenting Pint-Sized Payoff

The table shows some nerdy podcasts along with their primary means (as far as I can tell) of community engagement. Data was gathered manually from podcast home pages and “about” pages. I generally didn’t go into the page content for each episode. I made an exception for “Dot Social” and “Linux OTC” because there’s nothing but episodes on their home page.

It doesn’t matter for this research, I just thought it was interesting that some podcasters don’t feel the need to break out their contact details to a separate page, or make it more obvious. Perhaps they feel that listeners are likely to be viewing an episode page, or looking at a specific show metadata, so it’s better putting the contact details there.

I haven’t included YouTube, where many shows publish and discuss, in addition to a podcast feed.

I am also aware that some people exclusively, or perhaps primarily publish on YouTube (or other video platforms). Those aren’t podcasts IMNSHO.

Key to the tables below. Column names have been shorted because it’s a w i d e table. The numbers indicate how many podcasts use that communication platform.

  • EM - Email address (13/18)
  • MA - Mastodon account (9/18)
  • TW - Twitter account (8/18)
  • DS - Discord server (8/18)
  • TG - Telegram channel (4/18)
  • IR - IRC channel (5/18)
  • DW - Discourse website (2/18)
  • SK - Slack channel (3/18)
  • LI - LinkedIn (2/18)
  • WF - Web form (2/18)
  • SG - Signal group (3/18)
  • WA - WhatsApp (1/18)
  • FB - FaceBook (1/18)

Linux

Show EM MA TW DS TG IR DW SK MX LI WF SG WA FB
Linux Matters
Ask The Hosts
Destination Linux
Linux Dev Time
Linux After Dark
Linux Unplugged
This Week in Linux
Ubuntu Security Podcast
Linux OTC

Open Source Adjunct

Show EM MA TW DS TG IR DW SK MX LI WF SG WA FB
2.5 Admins
Bad Voltage
Coffee and Open Source
Dot Social
Open Source Security
localfirst.fm

Other Tech

Show EM MA TW DS TG IR DW SK MX LI WF SG WA FB
ATP
BBC Newscast
The Rest is Entertainment

Point

Not entirely sure what to do with this data. But there it is.

Is Linux Matters going to move away from Telegram to something else? No idea.

on September 13, 2024 04:00 PM

September 12, 2024

git revert name and Akademy

Jonathan Riddell

I reverted my name back to Jonathan Riddell and have now made a new uid for my PGP key, you can get the updated one on keyserver.ubuntu.com or my contact page or my Launchpad page.

Here’s some pics from Akademy

on September 12, 2024 02:33 PM

September 11, 2024

Incus is a manager for virtual machines, system containers and application containers. Get Incus support here.

When you initially setup Incus, you create a storage pool where Incus will put in there everything. There are several options for storage pools, in this post we focus on ZFS storage pools, and those specifically that are stored on a separate block device (like /dev/sdb).

We are dealing with two cases. One, your installation of Incus has been somehow removed but the storage pool is somewhere there intact and you want to recover by installing again Incus. Two, you want to move the disk with storage pool from one computer to another, like reconnecting the storage pool on a new server.

This type of task is quite risky if you have a lot of important data on your system. Obviously, prior to you actually doing this on an actual system, you should take backups with incus export of your most important instances. And then, you should perform this tutorial several times so that you get the gist of recovering Incus installations. This tutorial shows you how to do a dry run of creating an Incus installation, killing it off, and then miraculously recovering it.

Prerequisites

You should have a running Incus installation.

Setting up Incus, using a block storage volume

We launch an Incus virtual machine (VM) that will act as our Incus server. We then (on the host) create a storage volume of type block. Next, we attach that block storage volume to the VM. In the VM it can be found as /dev/sdb. Subsequently, we incus admin init to initialize Incus, and configure Incus to use the block device /dev/sdb when creating the storage pool. When we run incus admin init, we press Enter when we want to accept the default value.

$ incus launch images:ubuntu/24.04/cloud --vm incusserver
Launching incusserver
$ incus storage volume create default IncusStorage --type=block size=6GiB
Storage volume IncusStorage created
$ incus storage volume attach default IncusStorage incusserver
$ incus shell incusserver
root@incusserver:~# fdisk -l /dev/sdb
Disk /dev/sdb: 6 GiB, 6442450944 bytes, 12582912 sectors
Disk model: QEMU HARDDISK   
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
root@incusserver:~# sudo apt install -y incus zfsutils-linux
...
root@incusserver:~# incus admin init
Would you like to use clustering? (yes/no) [default=no]: 
Do you want to configure a new storage pool? (yes/no) [default=yes]: 
Name of the new storage pool [default=default]: 
Name of the storage backend to use (dir, zfs) [default=zfs]: 
Create a new ZFS pool? (yes/no) [default=yes]: 
Would you like to use an existing empty block device (e.g. a disk or partition)? (yes/no) [default=no]: yes
Path to the existing block device: /dev/sdb
Would you like to create a new local network bridge? (yes/no) [default=yes]: 
What should the new bridge be called? [default=incusbr0]: 
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: 
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: 
Would you like the server to be available over the network? (yes/no) [default=no]: 
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]: 
Would you like a YAML "init" preseed to be printed? (yes/no) [default=no]: yes
config: {}
networks:
- config:
    ipv4.address: auto
    ipv6.address: auto
  description: ""
  name: incusbr0
  type: ""
  project: default
storage_pools:
- config:
    source: /dev/sdb
  description: ""
  name: default
  driver: zfs
profiles:
- config: {}
  description: ""
  devices:
    eth0:
      name: eth0
      network: incusbr0
      type: nic
    root:
      path: /
      pool: default
      type: disk
  name: default
projects: []
cluster: null

root@incusserver:~#

Next we populate the Incus installation with a few alpines. We do this because we want to see these containers again after we recover the storage pool.

root@incusserver:~# incus launch images:alpine/edge alpine1
Launching alpine1
root@incusserver:~# incus launch images:alpine/edge alpine2
Launching alpine2
root@incusserver:~# incus launch images:alpine/edge alpine3
Launching alpine3
root@incusserver:~#

This is where the interesting stuff start. We now want to shutdown the Incus server and remove it. However, the block storage volume will still be there and in good condition, as the server has been shutdown cleanly. Note that the block storage volumes should only be attached to one system at a time.

root@incusserver:~# shutdown -h now
root@incusserver:~# Error: websocket: close 1006 (abnormal closure): unexpected EOF
$ incus storage volume show default IncusStorage
config:
  size: 6GiB
description: ""
name: IncusStorage
type: custom
used_by:
- /1.0/instances/incusserver
location: none
content_type: block
project: default
created_at: ...
$ incus delete incusserver
$ incus storage volume show default IncusStorage
config:
  size: 6GiB
description: ""
name: IncusStorage
type: custom
used_by: []
location: none
content_type: block
project: default
created_at: ...
$

Next, we launch a new VM that will be used as a new Incus server, then attach back the block storage volume with incus storage volume attach and install Incus along with the necessary ZFS client utils.

$ incus launch images:ubuntu/24.04/cloud --vm incusserver
Launching incusserver
$ incus storage volume attach default IncusStorage incusserver
$ incus shell incusserver
Error: Instance is not running
$ incus shell incusserver
Error: VM agent isn't currently running
$ incus shell incusserver
Error: VM agent isn't currently running
$ incus shell incusserver
Error: VM agent isn't currently running
$ incus shell incusserver
Error: VM agent isn't currently running
$ incus shell incusserver
Error: VM agent isn't currently running
$ incus shell incusserver
Error: VM agent isn't currently running
$ incus shell incusserver
root@incusserver:~# apt install -y zfsutils-linux incus
...
root@incusserver:~#

Finally, we bring back the old installation data with those three alpines. We run zpool import, which is a ZFS command that will look for potential ZFS pools and list them by name. The command zpool import default is the one that does the actual import. The ZFS pool name default was the name that was given by Incus before, when we were initializing Incus. Subsequently, we run incus admin recover to recover the ZFS pool and reconnect it with this new installation of Incus.

root@incusserver:~# zfs list
no datasets available
root@incusserver:~# zpool list
no pools available
root@incusserver:~# zpool import
   pool: default
     id: 8311839500301555365
  state: ONLINE
 action: The pool can be imported using its name or numeric identifier.
 config:

	default     ONLINE
	  sdb       ONLINE
root@incusserver:~# zpool import default
root@incusserver:~# zpool list
NAME      SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP    HEALTH  ALTROOT
default  5.50G  6.80M  5.49G        -         -     0%     0%  1.00x    ONLINE  -
root@incusserver:~# 
root@incusserver:~# incus admin recover
This server currently has the following storage pools:
Would you like to recover another storage pool? (yes/no) [default=no]: yes
Name of the storage pool: default
Name of the storage backend (zfs, dir): zfs
Source of the storage pool (block device, volume group, dataset, path, ... as applicable): /dev/sdb
Additional storage pool configuration property (KEY=VALUE, empty when done): 
Would you like to recover another storage pool? (yes/no) [default=no]: 
The recovery process will be scanning the following storage pools:
 - NEW: "default" (backend="zfs", source="/dev/sdb")
Would you like to continue with scanning for lost volumes? (yes/no) [default=yes]: 
Scanning for unknown volumes...
The following unknown storage pools have been found:
 - Storage pool "default" of type "zfs"
The following unknown volumes have been found:
 - Container "alpine2" on pool "default" in project "default" (includes 0 snapshots)
 - Container "alpine3" on pool "default" in project "default" (includes 0 snapshots)
 - Container "alpine1" on pool "default" in project "default" (includes 0 snapshots)
Would you like those to be recovered? (yes/no) [default=no]: yes
Starting recovery...
root@incusserver:~# incus list
+---------+---------+------+------+-----------+-----------+
|  NAME   |  STATE  | IPV4 | IPV6 |   TYPE    | SNAPSHOTS |
+---------+---------+------+------+-----------+-----------+
| alpine1 | STOPPED |      |      | CONTAINER | 0         |
+---------+---------+------+------+-----------+-----------+
| alpine2 | STOPPED |      |      | CONTAINER | 0         |
+---------+---------+------+------+-----------+-----------+
| alpine3 | STOPPED |      |      | CONTAINER | 0         |
+---------+---------+------+------+-----------+-----------+
root@incusserver:~#

Those alpines are in a STOPPED state. Will they start? Sure they will.

root@incusserver:~# incus start alpine1 alpine2 alpine3
root@incusserver:~# incus list -c ns4t
+---------+---------+----------------------+-----------+
|  NAME   |  STATE  |         IPV4         |   TYPE    |
+---------+---------+----------------------+-----------+
| alpine1 | RUNNING | 10.36.146.69 (eth0)  | CONTAINER |
+---------+---------+----------------------+-----------+
| alpine2 | RUNNING | 10.36.146.101 (eth0) | CONTAINER |
+---------+---------+----------------------+-----------+
| alpine3 | RUNNING | 10.36.146.248 (eth0) | CONTAINER |
+---------+---------+----------------------+-----------+
root@incusserver:~#

In this tutorial we saw how to recover an Incus installation, while the storage pool is intact. We covered the case that the storage pool is ZFS on a block device.

on September 11, 2024 02:05 PM

September 10, 2024

OpenUK Awards 2024

Jonathan Riddell

https://openuk.uk/openuk-september-2024-newsletter-1/

https://www.linkedin.com/feed/update/urn:li:activity:7238138962253344769/

Our 5th annual Awards are open for nominations and our 2024 judges are waiting for your nominations! Hannah Foxwell, Jonathan Riddell, and Nicole Tandy will be selecting winners for 12 categories. ?

The OpenUK Awards 2024 are open for nominations until Sunday, September 15.. Our 5th Awards again celebrate the UK’s leadership and global collaboration in open technology!

Nominate now! https://openuk.uk/awards/openuk-awards-2024/

Up to 3 shortlisted nominees will be selected in each category by early October and each nominee will be given one place at the Oscars of Open Source, the black tie Awards Ceremony and Gala Dinner for our 5th Awards held at the House of Lords on 28 November, thanks to the sponsorship of Lord Wei.

on September 10, 2024 02:28 PM

September 06, 2024

This is mostly an informational PSA for anyone struggling to get Windows 3.11 working in modern versions of QEMU. Yeah, I know, not exactly a massively viral target audience.

Anyway, short answer, use QEMU 5.2.0 from December 2020 to run Windows 3.11 from November 1993.

Windows 3.11, at 1280x1024, running Internet Explorer 5, looking at a GitHub issue

An innocent beginning

I made a harmless jokey reply to a toot from Thom at OSNews, lamenting the lack of native Mastodon client for Windows 3.11.

When I saw Thom’s toot, I couldn’t resist, and booted a Windows 3.11 VM that I’d installed six weeks ago, manually from floppy disk images of MSDOS and Windows.

I already had Lotus Organiser installed to post a little bit of nostalgia-farming on threads - it’s what they do over there.

Post by @popey
View on Threads

I thought it might be fun to post a jokey diary entry. I hurriedly made my silly post five minutes after Thom’s toot, expecting not to think about this again.

Incorrect, brain

I shut the VM down, then went to get coffee, chuckling to my smart, smug self about my successful nerdy rapid-response. While the kettle boiled, I started pondering - “Wait, if I really did want to make a Mastodon client for Windows 3.11, how would I do it?

I pondered and dismissed numerous shortcuts, including, but not limited to:

  • Fake it with screenshots doctored in MS Paint
  • Run an existing DOS Mastodon Client in a Window
  • Use the Windows Telnet client to connect insecurely to my laptop running the Linux command-line Mastodon client, Toot
  • Set up a proxy through which I could get to a Mastodon web page

I pondered a different way, in which I’d build a very simple proof of concept native Windows client, and leverage the Mastodon API. I’m not proficient in (m)any programming languages, but felt something like Turbo Pascal was time-appropriate and roughly within my capabilities.

Diversion

My mind settled on Borland Delphi, which I’d never used, but looked similar enough for a silly project to Borland Turbo Pascal 7.0 for DOS, which I had. So I set about installing Borland Delphi 1.0 from fifteen (virtual) floppy disks, onto my Windows 3.11 “Workstation” VM.

Windows 3.11, with a Borland Delphi window open

Thank you, whoever added the change floppy0 option to the QEMU Monitor. That saved a lot of time, and was reduced down to a loop of this fourteen times:

"Please insert disk 2"
CTRL+ALT+2
(qemu) change floppy 0 Disk02.img
CTRL+ALT+1
[ENTER]

During my research for this blog, I found a delightful, nearly decade-old video of David Intersimone (“David I”) running Borland Delphi 1 on Windows 3.11. David makes it all look so easy. Watch this to get a moving-pictures-with-sound idea of what I was looking at in my VM.

Once Delphi was installed, I started pondering the network design. But that thought wasn’t resident in my head for long, because it was immediately replaced with the reason why I didn’t use that Windows 3.11 VM much beyond the original base install.

The networking stack doesn’t work. Or at least, it didn’t.

That could be a problem.

Retro spelunking

I originally installed the VM by following this guide, which is notable as having additional flourishes like mouse, sound, and SVGA support, as well as TCP/IP networking. Unfortunately I couldn’t initially get the network stack working as Windows 3.11 would hang on a black screen after the familiar OS splash image.

Looking back to my silly joke, those 16-bit Windows-based Mastodon dreams quickly turned to dust when I realised I wouldn’t get far without an IP address in the VM.

Hopes raised

After some digging in the depths of retro forums, I stumbled on a four year-old repo maintained by Jaap Joris Vens.

Here’s a fully configured Windows 3.11 machine with a working internet connection and a load of software, games, and of course Microsoft BOB 🤓

Jaap Joris published this ready-to-go Windows 3.11 hard disk image for QEMU, chock full of games, utilities, and drivers. I thought that perhaps their image was configured differently, and thus worked.

However, after downloading it, I got the same “black screen after splash” as with my image. Other retro enthusiasts had the same issue, and reported the details on this issue, about a year ago.

does not work, black screen.

It works for me and many others. Have you followed the instructions? At which point do you see the black screen?

The key to finding the solution was a comment from Jaap Joris pointing out that the disk image “hasn’t changed since it was first committed 3 years ago”, implying it must have worked back then, but doesn’t now.

Joy of Open Source

I figured that if the original uploader had at least some success when the image was created and uploaded, it is indeed likely QEMU or some other component it uses may have (been) broken in the meantime.

So I went rummaging in the source archives, looking for the most recent release of QEMU, immediately prior to the upload. QEMU 5.2.0 looked like a good candidate, dated 8th December 2020, a solid month before 18th January 2021 when the hda.img file was uploaded.

If you build it, they will run

It didn’t take long to compile QEMU 5.2.0 on my ThinkPad Z13 running Ubuntu 24.04.1. It went something like this. I presumed that getting the build dependencies for whatever is the current QEMU version, in the Ubuntu repo today, will get me most of the requirements.

$ sudo apt-get build-dep qemu
$ mkdir qemu
$ cd qemu
$ wget https://download.qemu.org/qemu-5.2.0.tar.xz
$ tar xvf qemu-5.2.0.tar.xz
$ cd qemu-5.2.0
$ ./configure
$ make -j$(nproc)

That was pretty much it. The build ran for a while, and out popped binaries and the other stuff you need to emulate an old OS. I copied the bits required directly to where I already had put Jaap Joris’ hda.img and start script.

$ cd build
$ cp qemu-system-i386 efi-rtl8139.rom efi-e1000.rom efi-ne2k_pci.rom kvmvapic.bin vgabios-cirrus.bin vgabios-stdvga.bin vgabios-vmware.bin bios-256k.bin ~/VMs/windows-3.1/

I then tweaked the start script to launch the local home-compiled qemu-system-i386 binary, rather than the one in the path, supplied by the distro:

$ cat start
#!/bin/bash
./qemu-system-i386 -nic user,ipv6=off,model=ne2k_pci -drive format=raw,file=hda.img -vga cirrus -device sb16 -display gtk,zoom-to-fit=on

This worked a treat. You can probably make out in the screenshot below, that I’m using Internet Explorer 5 to visit the GitHub issue which kinda renders when proxied via FrogFind by Action Retro.

Windows 3.11, at 1280x1024, running Internet Explorer 5, looking at a GitHub issue

Share…

I briefly toyed with the idea of building a deb of this version of QEMU for a few modern Ubuntu releases, and throwing that in a Launchpad PPA then realised I’d need to make sure the name doesn’t collide with the packaged QEMU in Ubuntu.

I honestly couldn’t be bothered to go through the pain of effectively renaming (forking) QEMU to something like OLDQEMU so as not to damage existing installs. I’m sure someone could do it if they tried, but I suspect it’s quite a search and replace, or move the binaries somewhere under /opt. Too much effort for my brain.

I then started building a snap of qemu as oldqemu - which wouldn’t require any “real” forking or renaming. The snap could be called oldqemu but still contain qemu-system-i386 which wouldn’t clash with any existing binaries of the same name as they’d be self-contained inside the compressed snap, and would be launched as oldqemu.qemu-system-i386.

That would make for one package to maintain rather than one per release of Ubuntu. (Which is, as I am sure everyone is aware, one of the primary advantages of making snaps instead of debs in the first place.)

Anyway, I got stuck with another technical challenge in the time I allowed myself to make the oldqemu snap. I might re-visit it, especially as I could leverage the Launchpad Build farm to make multiple architecture builds for me to share.

…or not

In the meantime, the instructions are above, and also (roughly) in the comment I left on the issue, which has kindly been re-opened.

Now, about that Windows 3.11 Mastodon client…

on September 06, 2024 01:40 PM

September 05, 2024

uCareSystem has had the ability to detect packages that were uninstalled and then remove their config files. Now it uses a better way that detects more. Also with this release, there are fixes and enhancements that make it even more useful. First of all, Its the Olympics… you saw the app icon that was change […]
on September 05, 2024 09:09 PM

September 02, 2024

Beer, cake and ISO testing amidst rugby and jazz band chaos

On Saturday, the Debian South Africa team got together in Cape Town to celebrate Debian’s 31st birthday and to perform ISO testing for the Debian 11.11 and 12.7 point releases.

We ran out of time to organise a fancy printed cake like we had last year, but our improvisation worked out just fine!

We thought that we had allotted plenty of time for all of our activities for the day, and that there would be plenty of time for everything including training, but the day zipped by really fast. We hired a venue at a brewery, which is usually really nice because they have an isolated area with lots of space and a big TV – nice for presentations, demos, etc. But on this day, there was a big rugby match between South Africa and New Zealand, and as it got closer to the game, the place just got louder and louder (especially as a band started practicing and doing sound tests for their performance for that evening) and it turned out our space was also double-booked later in the afternoon, so we had to relocate.

Even amidst all the chaos, we ended up having a very productive day and we even managed to have some fun!

Four people from our local team performed ISO testing for the very first time, and in total we covered 44 test cases locally. Most of the other testers were the usual crowd in the UK, we also did a brief video call with them, but it was dinner time for them so we had to keep it short. Next time we’ll probably have some party line open that any tester can also join.

Logo

We went through some more iterations of our local team logo that Tammy has been working on. They’re turning out very nice and have been in progress for more than a year, I guess like most things Debian, it will be ready when it’s ready!

Debian 11.11 and Debian 12.7 released, and looking ahead towards Debian 13

Both point releases tested just fine and was released later in the evening. I’m very glad that we managed to be useful and reduce total testing time and that we managed to cover all the test cases in the end.

A bunch of things we really wanted to fix by the time Debian 12 launched are now finally fixed in 12.7. There’s still a few minor annoyances, but over all, Debian 13 (trixie) is looking even better than Debian 12 was around this time in the release cycle.

Freeze dates for trixie has not yet been announced, I hope that the release team announces those sooner rather than later, also KDE Plasma 6 hasn’t yet made its way into unstable, I’ve seen quite a number of people ask about this online, so hopefully that works out.

And by the way, the desktop artwork submissions for trixie ends in two weeks! More information about that is available on the Debian wiki if you’re interested in making a contribution. There are already 4 great proposals.

Debian Local Groups

Organising local events for Debian is probably easier than you think, and Debian does make funding available for events. So, if you want to grow Debian in your area, feel free to join us at -localgroups on the OFTC IRC network, also plumbed on Matrix at -localgroups:matrix.debian.social – where we’ll try to answer any questions you might have and guide you through the process!

Oh and btw… South Africa won the Rugby!

on September 02, 2024 01:01 PM

September 01, 2024

All but about four hours of my Debian contributions this month were sponsored by Freexian. (I ended up going a bit over my 20% billing limit this month.)

You can also support my work directly via Liberapay.

man-db and friends

I released libpipeline 1.5.8 and man-db 2.13.0.

Since autopkgtests are great for making sure we spot regressions caused by changes in dependencies, I added one to man-db that runs the upstream tests against the installed package. This required some preparatory work upstream, but otherwise was surprisingly easy to do.

OpenSSH

I fixed the various 9.8 regressions I mentioned last month: socket activation, libssh2, and Twisted. There were a few other regressions reported too: TCP wrappers support, openssh-server-udeb, and xinetd were all broken by changes related to the listener/per-session binary split, and I fixed all of those.

Once all that had made it through to testing, I finally uploaded the first stage of my plan to split out GSS-API support: there are now openssh-client-gssapi and openssh-server-gssapi packages in unstable, and if you use either GSS-API authentication or key exchange then you should install the corresponding package in order for upgrades to trixie+1 to work correctly. I’ll write a release note once this has reached testing.

Multiple identical results from getaddrinfo

I expect this is really a bug in a chroot creation script somewhere, but I haven’t been able to track down what’s causing it yet. My sbuild chroots, and apparently Lucas Nussbaum’s as well, have an /etc/hosts that looks like this:

$ cat /var/lib/schroot/chroots/sid-amd64/etc/hosts
127.0.0.1       localhost
127.0.1.1       [...]
127.0.0.1       localhost ip6-localhost ip6-loopback

The last line clearly ought to be ::1 rather than 127.0.0.1; but things mostly work anyway, since most code doesn’t really care which protocol it uses to talk to localhost. However, a few things try to set up test listeners by calling getaddrinfo("localhost", ...) and binding a socket for each result. This goes wrong if there are duplicates in the resulting list, and the test output is typically very confusing: it looks just like what you’d see if a test isn’t tearing down its resources correctly, which is a much more common thing for a test suite to get wrong, so it took me a while to spot the problem.

I ran into this in both python-asyncssh (#1052788, upstream PR) and Ruby (ruby3.1/#1069399, ruby3.2/#1064685, ruby3.3/#1077462, upstream PR). The latter took a while since Ruby isn’t one of my languages, but hey, I’ve tackled much harder side quests. I NMUed ruby3.1 for this since it was showing up as a blocker for openssl testing migration, but haven’t done the other active versions (yet, anyway).

OpenSSL vs. cryptography

I tend to care about openssl migrating to testing promptly, since openssh uploads have a habit of getting stuck on it otherwise.

Debian’s OpenSSL packaging recently split out some legacy code (cryptography that’s no longer considered a good idea to use, but that’s sometimes needed for compatibility) to an openssl-legacy-provider package, and added a Recommends on it. Most users install Recommends, but package build processes don’t; and the Python cryptography package requires this code unless you set the CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 environment variable, which caused a bunch of packages that build-depend on it to fail to build.

After playing whack-a-mole setting that environment variable in a few packages’ build process, I decided I didn’t want to be caught in the middle here and filed an upstream issue to see if I could get Debian’s OpenSSL team and cryptography’s upstream talking to each other directly. There was some moderately spirited discussion and the issue remains open, but for the time being the OpenSSL team has effectively reverted the change so it’s no longer a pressing problem.

GCC 14 regressions

Continuing from last month, I fixed build failures in pccts (NMU) and trn4.

Python team

I upgraded alembic, automat, gunicorn, incremental, referencing, pympler (fixing compatibility with Python >= 3.10), python-aiohttp, python-asyncssh (fixing CVE-2023-46445, CVE-2023-46446, and CVE-2023-48795), python-avro, python-multidict (fixing a build failure with GCC 14), python-tokenize-rt, python-zipp, pyupgrade, twisted (fixing CVE-2024-41671 and CVE-2024-41810), zope.exceptions, zope.interface, zope.proxy, zope.security, and zope.testrunner to new upstream versions. In the process, I added myself to Uploaders for zope.interface; I’m reasonably comfortable with the Zope Toolkit and I seem to be gradually picking up much of its maintenance in Debian.

A few of these required their own bits of yak-shaving:

I improved some Multi-Arch: foreign tagging (python-importlib-metadata, python-typing-extensions, python-zipp).

I fixed build failures in pipenv, python-stdlib-list, psycopg3, and sen, and fixed autopkgtest failures in autoimport (upstream PR), python-semantic-release and rstcheck.

Upstream for zope.file (not in Debian) filed an issue about a test failure with Python 3.12, which I tracked down to a Python 3.12 compatibility PR in zope.security.

I made python-nacl build reproducibly (upstream PR).

I moved aliased files from / to /usr in timekpr-next (#1073722).

Installer team

I applied a patch from Ubuntu to make os-prober support building with the noudeb profile (#983325).

on September 01, 2024 01:29 PM

Plesk high swap usage

Dougie Richardson

Seen warnings about high swap consumption in Plesk on Ubuntu 20.04.6 LTS:

Had a look in top and noticed clamavd using 1.0G of swap. After a little digging around, it might be related to a change in ClamAV 0.103.0 where non-blocking signature database reloads were introduced.

Major changes

  • clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort.
    • Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads, as it will temporarily consume double the amount of memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no.

I disabled the option and the difference is dramatic:

I’ll keep an eye on it I guess.

on September 01, 2024 09:11 AM

August 31, 2024

Thanks to all the hard work from our contributors, Lubuntu 24.04.1 LTS has been released. With the codename Noble Numbat, Lubuntu 24.04 is the 26th release of Lubuntu, the 12th release of Lubuntu with LXQt as the default desktop environment. Support lifespan Lubuntu 24.04 LTS will be supported for 3 years until April 2027. Our […]
on August 31, 2024 12:17 PM

August 29, 2024

Around a decade ago, I was happy to learn about bcache – a Linux block cache system that implements tiered storage (like a pool of hard disks with SSDs for cache) on Linux. At that stage, ZFS on Linux was nowhere close to where it is today, so any progress on gaining more ZFS features in general Linux systems was very welcome. These days we care a bit less about tiered storage, since any cost benefit in using anything else than nvme tends to quickly evaporate compared to time you eventually lose on it.

In 2015, it was announced that bcache would grow into its own filesystem. This was particularly exciting and it caused quite a buzz in the Linux community, because it brought along with it more features that compare with ZFS (and also btrfs), including built-in compression, built-in encryption, check-summing and RAID implementations.

Unlike ZFS, it didn’t have a dkms module, so if you wanted to test bcachefs back then, you’d have to pull the entire upstream bcachefs kernel source tree and compile it. Not ideal, but for a promise of a new, shiny, full-featured filesystem, it was worth it.

In 2019, it seemed that the time has come for bcachefs to be merged into Linux, so I thought that it’s about time we have the userspace tools (bcachefs-tools) packaged in Debian. Even if the Debian kernel wouldn’t have it yet by the time the bullseye (Debian 11) release happened, it might still have been useful for a future backported kernel or users who roll their own.

By total coincidence, the first git snapshot that I got into Debian (version 0.1+git20190829.aa2a42b) was committed exactly 5 years ago today.

It was quite easy to package it, since it was written in C and shipped with a makefile that just worked, and it made it past NEW into unstable in 19 January 2020, just as I was about to head off to FOSDEM as the pandemic started, but that’s of course a whole other story.

Fast-forwarding towards the end of 2023, version 1.2 shipped with some utilities written in Rust, this caused a little delay, since I wasn’t at all familiar with Rust packaging yet, so I shipped an update that didn’t yet include those utilities, and saw this as an opportunity to learn more about how the Rust eco-system worked and Rust in Debian.

So, back in April the Rust dependencies for bcachefs-tools in Debian didn’t at all match the build requirements. I got some help from the Rust team who says that the common practice is to relax the dependencies of Rust software so that it builds in Debian. So errno, which needed the exact version 0.2, was relaxed so that it could build with version 0.4 in Debian, udev 0.7 was relaxed for 0.8 in Debian, memoffset from 0.8.5 to 0.6.5, paste from 1.0.11 to 1.08 and bindgen from 0.69.9 to 0.66.

I found this a bit disturbing, but it seems that some Rust people have lots of confidence that if something builds, it will run fine. And at least it did build, and the resulting binaries did work, although I’m personally still not very comfortable or confident about this approach (perhaps that might change as I learn more about Rust).

With that in mind, at this point you may wonder how any distribution could sanely package this. The problem is that they can’t. Fedora and other distributions with stable releases take a similar approach to what we’ve done in Debian, while distributions with much more relaxed policies (like Arch) include all the dependencies as they are vendored upstream.

As it stands now, bcachefs-tools is impossible to maintain in Debian stable. While my primary concerns when packaging, are for Debian unstable and the next stable release, I also keep in mind people who have to support these packages long after I stopped caring about them (like Freexian who does LTS support for Debian or Canonical who has long-term Ubuntu support, and probably other organisations that I’ve never even heard of yet). And of course, if bcachfs-tools don’t have any usable stable releases, it doesn’t have any LTS releases either, so anyone who needs to support bcachefs-tools long-term has to carry the support burden on their own, and if they bundle it’s dependencies, then those as well.

I’ll admit that I don’t have any solution for fixing this. I suppose if I were upstream I might look into the possibility of at least supporting a larger range of recent dependencies (usually easy enough if you don’t hop onto the newest features right away) so that distributions with stable releases only need to concern themselves with providing some minimum recent versions, but even if that could work, the upstream author is 100% against any solution other than vendoring all its dependencies with the utility and insisting that it must only be built using these bundled dependencies. I’ve made 6 uploads for this package so far this year, but still I constantly get complaints that it’s out of date and that it’s ancient. If a piece of software is considered so old that it’s useless by the time it’s been published for two or three months, then there’s no way it can survive even a usual stable release cycle, nevermind any kind of long-term support.

With this in mind (not even considering some hostile emails that I recently received from the upstream developer or his public rants on lkml and reddit), I decided to remove bcachefs-tools from Debian completely. Although after discussing this with another DD, I was convinced to orphan it instead, which I have now done. I made an upload to experimental so that it’s still available if someone wants to work on it (without having to go through NEW again), it’s been removed from unstable so that it doesn’t migrate to testing, and the ancient (especially by bcachefs-tools standards) versions that are in stable and oldstable will be removed too, since they are very likely to cause damage with any recent kernel versions that support bcachefs.

And so, my adventure with bcachefs-tools comes to an end. I’d advise that if you consider using bcachefs for any kind of production use in the near future, you first consider how supportable it is long-term, and whether there’s really anyone at all that is succeeding in providing stable support for it.

on August 29, 2024 01:04 PM

August 21, 2024

Here's the tl;dr: if you make web apps in or for the UK, the CMA, the UK tech regulator, want to hear from you about their proposals before August 29th 2024, which is only a week away. Read their list of remedies to anticompetitive behaviour between web browsers and platforms, and email your thoughts to browsersandcloud@cma.gov.uk before the deadline. They really do want to hear from you, confidentally if you want, and your voice is useful here; you don't need to have some formally written legal opinion here. They want to hear from actual web devs and companies. Email them.

We want to hear from you -- Competition and Markets Authority

Now let's look at what the CMA have written in a little more detail. (This is the "tl" bit, although hopefully you will choose to "r".) They have been conducting a "Market Investigation Reference", which is regulator code for "talk to loads of people to see if there's a problem and then decide what to do about that", and the one we care about is about web browsers. I have, as part of Open Web Advocacy, been part of those consultations a number of times, and they've always been very willing to listen, and they do seem to identify a bunch of problems with browser diversity that I personally also think are problems. You know what we're talking about here: all browsers on iOS are required to be Safari's WebKit and not their own engine; Google have a tight grip on a whole bunch of stuff; browser diversity is a good thing and there's not enough of it in the world and this looks to be from deliberate attempts to act like monopolies by some players. These are the sorts of issues that CMA are concerned about (and they have published quite a few working papers explaining their issues in detail which you can read). What we're looking at today is their proposed list of fixes for these problems, which they call "remedies". At OWA we have also done this, of course, and you should read the OWA blog post about the CMA's remedies paper. But the first important point is, to be clear, that a whole bunch of these remedies being proposed by the CMA are good. This is not a complaint that it's all bad or that it's toothless, not at all. They're going to stop the #AppleBrowserBan and require that other browsers are allowed to use their own engines on iOS as browser apps and in in-app browsing, they're going to require both Apple and Google to grant other browsers' access to the same APIs that their own browsers can get at, they've got suggestions in place for how users can choose which browser they use to get past the problem of the "default hotseat" where you get one browser when you buy a phone and never think to change it, they're suggesting that Google open access to WebAPK minting to everyone. All of these help demonopolise the UK market. This is all good.

Stuart Langridge, Bruce Lawson, and Alex Moore of OWA in the CMA offices in London

But there are some places where their remedies don't really go far enough, and this is the stuff where it would be good for you, my web-engaged reader, to send them an email with your thoughts one way or the other. Part of making the web as capable as a platform-specific app is that web sites can be presented like a platform-specific app. This is (part of) what a PWA is, which most of you reading this will already know about. But releasing your app as a PWA, while it has a bunch of good characteristics for you (no reviews needed, instant updates, full control, cross-platform development, no tithing of money required to the people who sold the phone it's on) also has some downsides. In particular, it's difficult to get people to "install" a PWA, especially on iOS where you have to tell your users to go digging around in the share menu. And this is a fairly big area where the CMA could have proposed remedies, and have so far not chosen to. The first problem here is that iOS Safari doesn't support any sort of install prompt: as mentioned, there's the "add to home screen" entry hidden in the share menu. There's an API for this, everyone else implements it, iOS Safari doesn't. Maybe the API's got problems and needs fixing? That seems fine; engage with the web standards process to get it fixed! But there's been no sign of doing that in any useful way.

The second and related issue is that although the CMA's remedies state that browsers can use their own engine rather than having to be mere wrappers around the platform's web view, they do not say that when a browser installs a web app, that that web app will also use that browser's engine. That is: if there were a port of, say, Microsoft Edge to iOS, then Edge would be able to use its own engine, which is Microsoft's port of Blink. That Edge browser can implement install prompts how it likes, because it's using its own engine. But there's no guarantee in the CMA remedies that the PWA that gets installed will then be opened up in Edge. Calling the "install this PWA as an app" API provided by the platform might add it as a PWA in the platform maker's browser -- iOS Safari in this example. This would be rubbish. It means that the installed app might not even work; how will it know your passwords or cookies, etc; this can't be what's intended. But the remedies do not explicitly state this requirement, and so it's quite possible that platform owners will therefore use this as another way to push back against PWAs to make them less of a competitor to their own app stores. I would like to be able to say that platform owners wouldn't do that, that they wouldn't deliberately make things worse in an effort at malicious compliance, but after the debacle earlier this year of Apple dropping PWA support entirely and then only backing off on that after public outcry, we can't assume that there will be a good-faith attempt to improve PWA support (either by implementation, or by engaging wholeheartedly with the public web standards process), and so the remedies need to spell this out in more detail. This should be easy enough if I'm right and the CMA's intent is that this should be done, and your voice adding to that is likely to encourage them.

A tweet from Ada Rose Cannon reading 'Seeing a Web App I worked on used by *Apple* to justify that the Web is a viable platform on iOS is bullshit. The Web can be an ideal place to build apps but Apple is consistently dragging their heals on implementing the Web APIs that would allow them to compete with native apps', quoting a tweet by Peter Gasston with text 'This image from Apple‘s opening presentation in the Epic Games court case is very misleading. “Web Apps and Native Apps can look the same, therefore no-one needs to publish on the App Store”.' and an Apple-created image of the FT web app and FT platform-specific app looking similar

The worry about malicious compliance hampering web apps being a proper competitor to platform-specific apps also extends to another thing missing in the remedies: that access to hardware and software platform APIs for other browsers isn't required to be "which APIs there are", but "which APIs the existing browser elects to use". That is: if you write a native platform-specific app, it can talk to various hardware-ish things; bluetooth, USB, NFC, whichever. Therefore, you ought to be able, if you're a browser, to also have those APIs, in enough detail that you can then offer (mediated, secure) access to those services to your users, the PWAs and websites that people run with you. But the remedies do not ensure that this is the case; they ensure that there is a "requirement for Apple to grant equivalent access to APIs used by WebKit and Safari to browsers using alternative browser engines." What this means is that if Safari doesn't use a thing, no other browser can use it either. So it's not possible to make the browser you build better than Safari at this; Apple get to set the ceiling of what the web can do on the platform, and the ceiling is defined as "whatever their browser can do". That's... not very competitive, is it? No. If you agree with that, then you should also write to the CMA about it. They would like to hear about actual examples where this sort of thing harms UK businesses, of course, and if that's you definitely write in, but it's also worth giving your opinion if you are a UK developer who works in this area, delivering things via the web to your users (or if you want to do that but are currently prevented).

OK. Discussion over: go and write to the CMA with your thoughts on their remedies. Even if you think what they've proposed is perfect, you should still send them a message saying that; one thing that they and all government agencies tend to bemoan is that they only hear from people with lots of skin in the game, and generally only from people who are opposed, not people who are supportive. That means that they get a skewed view of what the web developer community actually think, and this is a chance for us to unskew that a bit, together. You can request that the CMA keep your name, business, or submission confidential, so you don't have to worry about giving away secrets or your participation, and you need only comment on stuff which is relevant to you; you do not need a comprehensive position paper on the whole thing! The address to email is browsersandcloud@cma.gov.uk, the list of remedies is Working Paper 7, and the deadline is Thursday 29th August.

State of the Browser 2024

If you want to hear more about this, then I am speaking about OWA, how it happened, what we've done, and how you can be involved at State of the Browser 2024 on Saturday 14th September (just under a month from now!) in the Barbican in London. I'm told that there are less than 30 in-person tickets left, although there are online streaming tickets available too, so get in quick if you want to hear me and a whole bunch of other speakers!

(Late breaking update: Bruce has also written about this and you should read that too!)

on August 21, 2024 08:07 AM

August 14, 2024

Netplan v1.1 released

Lukas Märdian

I’m happy to announce that Netplan version 1.1 is now available on GitHub and is soon to be deployed into a Debian and/or Ubuntu installation near you! Six months and 120 commits after the previous version (including one patch release v1.0.1), this release is brought to you by 17 free software contributors from around the globe. 🚀

Kudos to everybody involved! ❤

Highlights

  • Custom systemd-networkd-wait-online logic override to wait for link-local and routable interfaces. (#456#482)
  • Modification of the embedded-switch-mode setting without virtual-function (VF) definitions on SR-IOV devices (#454)
  • Parser flag to ignore individual, broken configurations, instead of not generating any backend configuration (#412)
  • Fixes for @ProtonVPN (#495) and @microsoft Azure Linux (#445), contributed by those companies

Releasing v1.1

Documentation

Bug fixes

New Contributors

Full Changelog1.0…1.1

on August 14, 2024 01:41 PM

August 12, 2024

Another loss last week of a friend. I am staying strong and working through it. A big thank you to all of you that have donated to my car fund, I still have a long way to go. I am not above getting a cheap old car, but we live in sand dunes so it must be a cheap old car with 4×4 to get to my property. A vehicle is necessary as we are 50 miles away from staples such as food and water. We also have 2 funerals to attend. Please consider a donation if my work is useful to you. https://gofund.me/1e784e74 All of my work is currently unpaid work, as I am between contracts. Thank you for your consideration. Now onto the good stuff, last weeks work. It was another very busy week with Qt6 packaging in Debian/Kubuntu and KDE snaps. I also have many SRUs for Kubuntu Noble .1 release that needs their verification done.

Kubuntu:

Debian:

Starting the salvage process for kdsoap which is blocking a long line of packages, notably kio-extras.

  • qtmpv – in NEW
  • arianna – in NEW
  • xwaylandvideobridge – NEW
  • futuresql – NEW
  • kpat WIP – failing tests
  • kdegraphics-thumbnailers (WIP)
  • khelpcenter – experimental
  • kde-inotify-survey – experimental
  • ffmpegthumbs – experimental
  • kdialog – experimental
  • kwalletmanager – experimental
  • libkdegames – pushed some fixes – experimental
  • Tokodon – Done, but needs qtmpv to pass NEW
  • Gwenview – WIP needs – kio-extras (blocked)

KDE Snaps:

Please note: Please help test the –edge snaps so I can promote them to stable.

WIP Snaps or MR’s made

  • Kirigami-gallery ( building )
  • Kiriki (building)
  • Kiten (building)
  • kjournald (Building)
  • Kdevelop (WIP)
  • Kdenlive (building)
  • KHangman (WIP)
  • Kubrick (WIP)
  • Palapeli (Manual review in store dbus)
  • Kanagram (WIP)
  • Labplot (WIP)
  • Kjumpingcube (MR)
  • Klettres (MR)
  • Kajongg –edge (Broken, problem with pyqt)
  • Dragon –edge ( Broken, dbus fails)
  • Ghostwriter –edge ( Broken, need to workout Qt webengine obscure way of handling hunspell dictionaries.)
  • Kasts –edge ( Broken, portal failure, testing some plugs)
  • Kbackup –edge ( Needs auto-connect udisks2, added home plug)
  • Kdebugsettings –edge ( Added missing personal-files plug, will need approval)
  • KDiamond –edge ( sound issues )
  • Angelfish –edge https://snapcraft.io/angelfish ( Crashes on first run, but runs fine after that.. looking into it)
  • Qrca –edge ( needs snap connect qrca:camera camera until auto-connect approved, will remain in –edge until official release)

Thanks for stopping by.

on August 12, 2024 04:33 PM