December 05, 2021

All-remote workspace at home

Sujeevan Vijayakumaran

It’s been a little over 1,5 years since I joined GitLab as my first all remote company. About half a year ago, I wrote about what I learned in one year at GitLab. In this blog post I will describe my setup how I work because I got several questions about it over the last time. I can also blame dnsmichi who published a similar post about his setup ;-).

I can certainly recommend the page about “Considerations for a Productive Home Office or Remote Workspace“ in the GitLab Handbook about All-Remote.

The Desk

Even long before I worked from home full time I bought a standing desk. I own a IKEA Bekant which only has a “up” and “down” button which is a bit annoying since I always have to hold the button when I want to move the desk up or down. Back in 2017 I’ve written a blog post about my experiences with it in German.

It’s also always good to have some sort of cable management hidden underneath the desktop. Otherwise, your legs will always touch the cables, and it will look ugly.

As part of the desk, I do have three (or should I say four?) arms mounted. One for my 32” 4K Samsung Screen, one for my Notebook-Stand, one for my microphone and an additional cheap „magic arm“ for my Canon EOS 700D which I use as a Webcam.

The Screen

As mentioned above, I’m using a 32" Samsung 4K display. A lot of folks I know are using ultra-widescreen monitors, which I personally do not like that much because they most likely have a smaller resolution. I rather prefer to use a 4K screen without scaling so that I have more space available for my windows.

I used to have a 28" 4K screen, which was a bit small when you want to use it without (much) scaling. Moving forward I hope I will not need to scale it though. For now, my glasses are a good “bugfix” for my eyes, so I can work without scaling on the system side.

The Laptop and The Dockingstation

I used to have Thinkpads in the past, but I recently switched to Dell XPS. I have two Dell XPS 13. One for work (in white) and one private (in black).

While I personally prefer to run ArchLinux (btw I use Arch!) I’m running the latest Ubuntu LTS on my work laptop.

The laptop is connected to a CalDigit TS3-Plus which is my docking station. This was one of the few docking station which supported 4K@60Hz back when I bought this. I would prefer a docking station with more USB-ports. Right now I have another USB-Hub (hidden under the desktop) because the ports provided by most of the docking stations out there are not really enough for me.

Audio and Video

As already mentioned above, I use my Canon EOS 700D as my webcam. I’ll mostly use an 18-55mm lens. The camera is connected to an elgato Cam Link 4k. The biggest downside of this setup currently is that the format is not perfect, as the HDMI-output has two black bars on the left and right side of the video.

I try to keep my background as boring as possible, that’s why all of you will mostly only see my yellow wall behind me.

As a microphone, I use an M-Audio Uber-Mic. It’s being used in meetings and also for my (German) podcast TILpod which I record remotely with Dirk Deimeke. For listening in meetings and also for videos/music, I’m using my Sony WH-1000X3.

Lighting

I do not have a perfect lighting solution yet. I do have a small desk light which is okay for the desk itself but not for video calls. The main light in my office is an IKEA Floalt which can be dimmed.

What else is on the desk?

  • Stream Deck, mostly for changing audio settings
  • a mechanical keyboard (HyperX with brown Cherry MX switches)
  • a boring Logitech mouse
  • a big mouse pad
  • a wrist rest pad
  • some old Logitech speaker
  • a Brother printer/scanner
  • a YubiKey 5 NFC
  • a few (water) bottles

What do I use for on the go?

I didn’t really travel that much for obvious reasons. However, I do have these items as well:

  • a no-name 8-in-1 Hub with multiple USB-Ports, HDMI, microSD and SD and USB-C Power Delivery.
  • a cheap no-name clip-on micrphone because the Laptop-internal microphone are mostly crappy anyway
  • a LAN cable just in case
  • a USB-C cable
  • my Sony WH-1000X3
on December 05, 2021 03:10 PM

December 03, 2021

The development of graphical applications intended for use on IoT devices isn’t trivial. The complexity goes beyond the usual challenges that exist in the classic desktop and server domains. One, the IoT world is much less mature. Two, developers need to take into consideration various edge cases that do not apply to hands-on devices like laptops, for instance. Kiosks, industrial displays and digital signage devices require additional focus and rigor.

Ubuntu Frame is a solution designed to simplify and streamline the build and development of products that need graphical output. On a technical level, it is a fullscreen shell, based on Wayland, intended for interactive usage applications. On a product level, Ubuntu Frame bundles communication protocols, input protocols and security policies into a single kit, which can then be used in IoT devices. You can test it today.

Getting started

There are multiple ways you can try Ubuntu Frame. It is compatible with classical desktop applications as well as snaps, and you can run it on any standard Linux system that supports snaps, or Ubuntu Core. Ubuntu Frame integrates with toolkits such as Flutter, Qt, GTK, Electron, and SDL2, and can also be used for applications based on HTML5 and Java.

To get Ubuntu-Frame running, you need to install the snap, set the Wayland display environment variable, and then, in that same shell, launch any supported application, as we will demonstrate soon. First, make sure Ubuntu Frame is running:

snap install ubuntu-frame
export WAYLAND_DISPLAY=wayland-5
ubuntu-frame &

This set of commands will start Ubuntu Frame in the background. You should see a window on your display, with a somewhat confusing title Mir on X. This is the frame inside which graphical applications can run.

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh5.googleusercontent.com/hGfgv8qI3n0kpljbnO7SB46dmbdvzOBUq7LrdaZToYjg6m5c1w0yk8SdpcXf82ONafd8o6Cxd14VOst4Zz1EnbZHs5Sb1I02tiY_8NoNuu2FYQvKTc9QtjTKfGkPDfEp6oV-k32N" width="720" /> </noscript>

A handful of snaps ready to test and use

At this point, if you have any supported applications available out of the box, you can just run them. If you do not, Canonical’s Mir team has an IoT example on its GitHub page. You can clone the repository, and then build a snap for any one of the included applications by selecting the corresponding branch. At the moment, the repository includes working application examples for GTK3, Qt5 and SDL2. You can use these example snap recipes as a basis for snapping your own choice of application based on the same toolkits.

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh3.googleusercontent.com/qLWAqiyKpDjegzH25ZXaKr3OIs7UxU-TXs-yohlQjA29QZ991A0qms1o4ySsI6MOq11vhL2ki0-2vBc2_6_eFK2y3iKmgsQAhlj7eBqpd0g-WHZjPOhbMVKYMAdj2S3i_VyFLrUW" width="720" /> </noscript>

This is an excellent way to test how your application could or would behave once you deploy it on Ubuntu Core. You can then troubleshoot any potential problems and iron out usability issues that may arise in the development process.

You can further streamline the work by using several other tools:

  • You can use the remote build feature to create snaps for architectures other than your own host system. Typically, people developing on the desktop will be using the x86 processors, whereas many IoT devices will use ARM processors.
  • You can create virtual machines with graphical support using qemu-virgil. The virtual machine may also be used to install Ubuntu Core. You will then be able to SSH into the guest operating system, copy any snaps, and run necessary application tests.

Some rough edges …

You may encounter some problems, though. For example, if you run the Qt5-Bomber example, you will probably see the following errors on the command line:

snap run iot-example-graphical-snap

WARNING: wayland interface not connected! Please run: /snap/iot-example-graphical-snap/current/bin/setup.sh

Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use
QT_QPA_PLATFORM=wayland to run on Wayland anyway.

In some cases, you will need to run application-specific setup scripts, which will help connect any interfaces that the software relies on, or set missing environment variables. You can also manually override any commands, and later implement the solution in the final product.

Ideally, testing the snap functionality locally, in virtual machines and Ubuntu Core will help you narrow down any potential problems. Then, you can request necessary assertions for automatic interface connections in the Snap Store, create application launchers that cover any missing bits, and give your end users a clean, smooth experience.

Summary

Ubuntu Frame is a convenient toolkit for IoT developers looking to get started with graphical applications on Ubuntu Core. It simplifies and streamlines the setup and testing, and the several examples available as part of the main repository should provide you with a good reference on how to snap your own applications. We’d appreciate feedback or suggestions, if you have any. So please join the Snapcraft forum, and let us know what you think.

Photo by pine watt on Unsplash.

on December 03, 2021 12:09 PM

Christmas is coming, but you don’t have a present on hand for your (grand)parents (Mom, Dad, if you’re reading this – I promise this post isn’t drawn from real life!). Looking for a solution? If your loved ones happened to live through the era of monochrome photography, keep reading. You can work some magic with Intel® Distribution of OpenVINO™ Toolkit on Ubuntu containers to give their old pictures new life. Hopefully, this blog will save Christmas!

Also, suppose you’re curious about AI/ML and what you can do with OpenVINO on Ubuntu containers. In that case, this blog is an excellent read for you too.

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh5.googleusercontent.com/mHnWAAaZ2F4vWFtandmHO8_7Yy_yuxt4tVowFFG9cK5dJnLXsabD2RYuFVkPXVnGj3WxaIyVp7CS8f6ugxVoDChuPoW0Pq4hxDlHIUJ80eLBXP4umE6etex_c7fXoK44i_ZCyytC" width="720" /> </noscript>

OpenVINO on Ubuntu containers: making developers’ lives easier

Docker image security isn’t only about provenance and supply chains; it’s also about the user experience. More specifically, the developer experience.

Removing toil and friction from your app development, containerisation, and deployment processes avoids encouraging developers to use untrusted sources or bad practices in the name of getting things done. As AI/ML development often requires complex dependencies, it’s the perfect proof point for secure and stable container images.

Why Ubuntu Docker images?

As the most popular container image in its category, the Ubuntu base image provides a seamless, easy-to-set-up experience. From public cloud hosts to IoT devices, the Ubuntu experience is consistent and loved by developers.

One of the main reasons for adopting Ubuntu-based container images is the software ecosystem. More than 30.000 packages are available in one  `install` command, with the option to subscribe to enterprise support from Canonical. It just makes things easier.

In the next and final blog (coming soon, keep posted…), you’ll see that using Ubuntu Docker images greatly simplifies components containerisation. We even used a prebuilt & preconfigured container image for the NGINX web server from the LTS images portfolio maintained by Canonical for up to 10 years.

Beyond providing a secure, stable, and consistent experience across container images, Ubuntu is a safe choice from bare metal servers to containers. Additionally, it comes with hardware optimisation on clouds and on-premises, including Intel hardware.

Why OpenVINO?

When you’re ready to deploy deep learning inference in production, binary size and memory footprint are key considerations – especially when deploying at the edge. OpenVINO provides a lightweight Inference Engine with a binary size of just over 40MB for CPU-based inference. It also provides a Model Server for serving models at scale and managing deployments.

OpenVINO includes open-source developer tools to improve model inference performance. The first step is to convert a deep learning model (trained with TensorFlow, PyTorch,…) to an Intermediate Representation (IR) using the Model Optimizer. In fact, it cuts the model’s memory usage in half by converting it from FP32 to FP16 precision. You can unlock additional performance by using low-precision tools from OpenVINO. The Post-training Optimisation Tool (POT) and Neural Network Compression Framework (NNCF) provide quantisation, binarisation, filter pruning, and sparsity algorithms. As a result, Intel devices’ throughput increases on CPUs, integrated GPUs, VPUs, and other accelerators.

Open Model Zoo provides pre-trained models that work for real-world use cases to get you started quickly. Additionally, Python and C++ sample codes demonstrate how to interact with the model. More than 280 pre-trained models are available to download, from speech recognition to natural language processing and computer vision.

For this blog, we will use the pre-trained colourisation models from Open Model Zoo and serve them with Model Server.

OpenVINO and Ubuntu container images

The Model Server – by default – ships with the latest Ubuntu LTS, providing a consistent development environment and an easy-to-layer base image. The OpenVINO tools are also available as prebuilt development and runtime container images.

To learn more about Canonical LTS Docker Images and OpenVINO™, read:

Neural networks to colourise a black & white image

Now, back to the matter at hand: how will we colourise grandma and grandpa’s old pictures? Thanks to Open Model Zoo, we won’t have to train a neural network ourselves and will only focus on the deployment. (You can still read about it.)

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh5.googleusercontent.com/wrXsELcMO6ZtEuKeWfxc2CwclbVBJTCt--bTCzbG2gpaodeuhYaGz5LsHVOaME4R2sU-Bsh4wMdrwpIQmiP06ueo77c6E0GZ4CsQDvMSf3WKPbsvSLdqiP7MIP5EunTytfjBjSeY" width="720" /> </noscript>
Architecture diagram of the colouriser demo app running on MicroK8s

Our architecture consists of three microservices: a backend, a frontend, and the OpenVINO Model Server (OVMS) to serve the neural network predictions. The Model Server component hosts two different demonstration neural networks to compare their results (V1 and V2). These components all use the Ubuntu base image for a consistent software ecosystem and containerised environment.

A few reads if you’re not familiar with this type of microservices architecture:

gRPC vs REST APIs

The OpenVINO Model Server provides inference as a service via HTTP/REST and gRPC endpoints for serving models in OpenVINO IR or ONNX format. It also offers centralised model management to serve multiple different models or different versions of the same model and model pipelines.

The server offers two sets of APIs to interface with it: REST and gRPC. Both APIs are compatible with TensorFlow Serving and expose endpoints for prediction, checking model metadata, and monitoring model status. For use cases where low latency and high throughput are needed, you’ll probably want to interact with the model server via the gRPC API. Indeed, it introduces a significantly smaller overhead than REST. (Read more about gRPC.)

OpenVINO Model Server is distributed as a Docker image with minimal dependencies. For this demo, we will use the Model Server container image deployed to a MicroK8s cluster. This combination of lightweight technologies is suitable for small deployments. It suits edge computing devices, performing inferences where the data is being produced – for increased privacy, low latency, and low network usage.

Ubuntu minimal container images

Since 2019, the Ubuntu base images have been minimal, with no “slim” flavours. While there’s room for improvement (keep posted), the Ubuntu Docker image is a less than 30MB download, making it one of the tiniest Linux distributions available on containers.

In terms of Docker image security, size is one thing and reducing the attack surface is a fair investment. However, as is often the case, size isn’t everything. In fact, maintenance is the most critical aspect. The Ubuntu base image, with its rich and active software ecosystem community, is usually a safer bet than smaller distributions.

A common trap is to start smaller and install loads of dependencies from many different sources. The end result will have poor performance, use non-optimised dependencies, and not be secure. You probably don’t want to end up effectively maintaining your own Linux distribution… So, let us do it for you.

Colourise black & white pictures: what’s next?

In the next and final blog in this series, we’ll start coding. I promise you’ll come out of reading it with a concrete solution for a Christmas present. You can already begin scanning the old photo books to craft their coloured version.

In the final blog, we will:

  • Prepare the backend and frontend code (source code included!)
  • Craft Dockerfiles based on Ubuntu and LTS images for each component
  • Give an overview of container images best practices using multi-stage builds
  • Deploy the OpenVINO Model Server on MicroK8s
  • Relate all these microservices to complete the whole picture
  • Colourise some black and white photos!

You can also sign up for the on-demand version of our joint OpenVINO demo webinar with Intel. The most advanced (or impatient) readers can get started with the architecture diagram above and use the documentation to implement it themselves.

See you soon…

on December 03, 2021 09:32 AM

December 02, 2021

Ep 171 – Vollare

Podcast Ubuntu Portugal

Esta semana estivemos na companhia do Janos Kehl que é Head of Marketing & Sales na Hallo Welt Systeme responsável entre outros produtos pelo(s) Volla phone(s). E a conversa foi do Volla às francesinhas num ápice… percebam como em mais um capítulo do vosso podcast preferido.

Já sabem: oiçam, subscrevam e partilhem!

  • https://volla.online
  • https://keychronwireless.referralcandy.com/3P2MKM7
  • https://shop.nitrokey.com/shop/product/nk-pro-2-nitrokey-pro-2-3?aff_ref=3
  • https://shop.nitrokey.com/shop?aff_ref=3
  • https://youtube.com/PodcastUbuntuPortugal

Apoios

Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.

Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino e Tiago Carrondo e editado por Alexandre Carrapiço, o Senhor Podcast.

A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da [CC0 1.0 Universal License](https://creativecommons.org/publicdomain/zero/1.0/).

Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

on December 02, 2021 10:45 PM

November 29, 2021

Welcome to the Ubuntu Weekly Newsletter, Issue 711 for the week of November 21 – 27, 2021. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

on November 29, 2021 09:07 PM

November 26, 2021

Full Circle Magazine #175

Full Circle Magazine

This month:
* Command & Conquer : Terminal
* How-To : Python, Latex and WebDAV Server
* Graphics : Inkscape
* Everyday Ubuntu
* Micro This Micro That
* Review : Kubuntu 21.10
* Review : Bluemail
* Ubports Touch : OTA-20
* Ubuntu Games : Nowhere Prophet
plus: News, The Daily Waddle, Q&A, and more.

Get it while it’s hot!

https://fullcirclemagazine.org/issue-175/

on November 26, 2021 08:01 PM

November 25, 2021

Ep 170 – Desfiladeiro

Podcast Ubuntu Portugal

Esta semana a conversa foi animada e abordou temas tão interessantes como Wireguard e/ou integrações zigbee no Home Assistant, e revisitámos o raspberry pi zero e as mais recentes acções da comunidade Ubuntu.

Já sabem: oiçam, subscrevam e partilhem!

  • https://ubuntu.com//blog/raspberry-pi-zero-2-w-with-ubuntu-server-support-is-here
  • https://ubuntu.com/blog/5-things-to-check-out-in-ubuntu-21-10-impish-indri
  • https://ubuntu.com/blog/common-sense-using-the-raspberry-pi-sense-hat-on-ubuntu-impish-indri
  • https://astro-pi.org/
  • https://www.phoronix.com/scan.php?page=news_item&px=Better-Ubuntu-Docs-2021
  • https://sonoff.tech/product/smart-home-security/zbbridge/
  • https://uptimerobot.com/
  • https://github.com/joseantmazonsb/linguard
  • https://ubuntu.com/blog/enhance-security-of-open-source-applications
  • https://ubuntu.com/blog/help-us-chart-the-ubuntu-community-roadmap
  • https://www.omgubuntu.co.uk/2021/11/ubuntu-is-working-on-a-new-firmware-updater-app
  • https://github.com/canonical/firmware-updater
  • https://repo.lolsnap.org/lol-snaphttps://www.youtube.com/watch?v=rGgmwcdxr88
  • https://www.humblebundle.com/books/raspberry-pi-uncut-books?partner=PUP
  • https://www.humblebundle.com/books/coding-hardware-make-books?partner=PUP
  • https://www.humblebundle.com/software/javascript-software?partner=PUP
  • https://keychronwireless.referralcandy.com/3P2MKM7
  • https://shop.nitrokey.com/shop/product/nk-pro-2-nitrokey-pro-2-3?aff_ref=3
  • https://shop.nitrokey.com/shop?aff_ref=3
  • https://youtube.com/PodcastUbuntuPortugal

Apoios

Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.

Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino e Tiago Carrondo e editado por Alexandre Carrapiço, o Senhor Podcast.

A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da [CC0 1.0 Universal License](https://creativecommons.org/publicdomain/zero/1.0/).

Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

on November 25, 2021 08:45 PM

November 24, 2021

Designing Secure Software (Amazon, No Starch Press) by Loren Kohnfelder is one of the latest entries in No Starch Press’s line of security books. This book stands out to me for two big reasons. First, this is one of the most mindset-centric books I’ve seen (which means it is likely to age better than a lot of more technically-specific books). Second, this book caters to developers more than security professionals (but don’t take this to mean it’s only for developers), which is definitely a distinguishing feature from so many other security books.

Note: I was provided an early access copy of Designing Secure Software by the publisher for review, but they had no editorial input. All of the opinions in this review are my own.

The writing in this book is very clear and easy reading, and the examples used are both captivating and easy to understand. Kohnfelder does a great job of making a point that is easy to understand, and most of the chapters could stand alone for developers just working in that one particular area.

Security is something that has to be baked into the software development life cycle, so informing and educating developers is a key element of this. This book is a great resource for this and shows how vulnerabilites can creep in during both the design and implementation phases of the SDLC. There are examples written in C and Python to help developers understand.

One of the best points made in this book is that security is a spectrum and that we have to trust something. Whether that’s a compiler, an operating system vendor, a cloud provider, or dependencies in your software’s build process. Sometimes people who find out a little bit about security become security absolutists, looking for 100% guarantees, and while I recognize and understand the instinct, the real world doesn’t work that, and this book helps software developers to understand and evaluate that.

Overall, this book is a worthwhile read for both software developers and security engineers working the application security space. It distinguishes itself by focusing on concepts rather than being a checklist of individual items to focus on.

on November 24, 2021 08:00 AM

November 22, 2021

Welcome to the Ubuntu Weekly Newsletter, Issue 710 for the week of November 14 – 20, 2021. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

on November 22, 2021 09:18 PM

Be careful when using vxlan!

Paul Tagliamonte

I’ve spent a bit of time playing with vxlan - which is very neat, but also incredibly insecure by default.

When using vxlan, be very careful to understand how the host is connected to the internet. The kernel will listen on all interfaces for packets, which means hosts accessable to VMs it’s hosting (e.g., by bridged interface or a private LAN will accept packets from VMs and inject them into arbitrary VLANs, even ones it’s not on.

I reported this to the kernel mailing list to no reply with more technical details.

The tl;dr is:

  $ ip link add vevx0a type veth peer name vevx0z
  $ ip addr add 169.254.0.2/31 dev vevx0a
  $ ip addr add 169.254.0.3/31 dev vevx0z
  $ ip link add vxlan0 type vxlan id 42 \
    local 169.254.0.2 dev vevx0a dstport 4789
  $ # Note the above 'dev' and 'local' ip are set here
  $ ip addr add 10.10.10.1/24 dev vxlan0

results in vxlan0 listening on all interfaces, not just vevx0z or vevx0a. To prove it to myself, I spun up a docker container (using a completely different network bridge – with no connection to any of the interfaces above), and ran a Go program to send VXLAN UDP packets to my bridge host:

$ docker run -it --rm -v $(pwd):/mnt debian:unstable /mnt/spam 172.17.0.1:4789
$

which results in packets getting injected into my vxlan interface

$ sudo tcpdump -e -i vxlan0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vxlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:30:15.746754 de:ad:be:ef:00:01 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 64: truncated-ip - 27706 bytes missing! 33.0.0.0 > localhost: ip-proto-114
21:30:15.746773 de:ad:be:ef:00:01 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 64: truncated-ip - 27706 bytes missing! 33.0.0.0 > localhost: ip-proto-114
21:30:15.746787 de:ad:be:ef:00:01 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 64: truncated-ip - 27706 bytes missing! 33.0.0.0 > localhost: ip-proto-114
21:30:15.746801 de:ad:be:ef:00:01 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 64: truncated-ip - 27706 bytes missing! 33.0.0.0 > localhost: ip-proto-114
21:30:15.746815 de:ad:be:ef:00:01 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 64: truncated-ip - 27706 bytes missing! 33.0.0.0 > localhost: ip-proto-114
21:30:15.746827 de:ad:be:ef:00:01 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 64: truncated-ip - 27706 bytes missing! 33.0.0.0 > localhost: ip-proto-114
21:30:15.746870 de:ad:be:ef:00:01 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 64: truncated-ip - 27706 bytes missing! 33.0.0.0 > localhost: ip-proto-114
21:30:15.746885 de:ad:be:ef:00:01 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 64: truncated-ip - 27706 bytes missing! 33.0.0.0 > localhost: ip-proto-114
21:30:15.746899 de:ad:be:ef:00:01 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 64: truncated-ip - 27706 bytes missing! 33.0.0.0 > localhost: ip-proto-114
21:30:15.746913 de:ad:be:ef:00:01 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 64: truncated-ip - 27706 bytes missing! 33.0.0.0 > localhost: ip-proto-114
10 packets captured
10 packets received by filter
0 packets dropped by kernel

(the program in question is the following:)

  package main

  import (
      "net"
      "os"
      "github.com/mdlayher/ethernet"
      "github.com/mdlayher/vxlan"
  )
  func main() {
      conn, err := net.Dial("udp", os.Args[1])
      if err != nil { panic(err) }
      for i := 0; i < 10; i++ {
          vxf := &vxlan.Frame{
              VNI: vxlan.VNI(42),
              Ethernet: &ethernet.Frame{
                  Source:      net.HardwareAddr{0xDE, 0xAD, 0xBE,
0xEF, 0x00, 0x01},
                  Destination: net.HardwareAddr{0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF},
                  EtherType:   ethernet.EtherTypeIPv4,
                  Payload:     []byte("Hello, World!"),
              },
          }
          frb, err := vxf.MarshalBinary()
          if err != nil { panic(err) }
          _, err = conn.Write(frb)
          if err != nil { panic(err) }
      }
  }

When using vxlan, be absolutely sure all hosts that can address any interface on the host are authorized to send arbitrary packets into any VLAN that box can send to, or there’s very careful and specific controls and firewalling. Note this includes public interfaces (e.g., dual-homed private network / internet boxes), or any type of dual-homing (VPNs, etc).

on November 22, 2021 02:39 AM

November 21, 2021

APT Z3 Solver Basics

Julian Andres Klode

Z3 is a theorem prover developed at Microsoft research and available as a dynamically linked C++ library in Debian-based distributions. While the library is a whopping 16 MB, and the solver is a tad slow, it’s permissive licensing, and number of tactics offered give it a huge potential for use in solving dependencies in a wide variety of applications.

Z3 does not need normalized formulas, but offers higher level abstractions like atmost and atleast and implies, that we will make use of together with boolean variables to translate the dependency problem to a form Z3 understands.

In this post, we’ll see how we can apply Z3 to the dependency resolution in APT. We’ll only discuss the basics here, a future post will explore optimization criteria and recommends.

Translating the universe

APT’s package universe consists of 3 relevant things: packages (the tuple of name and architecture), versions (basically a .deb), and dependencies between versions.

While we could translate our entire universe to Z3 problems, we instead will construct a root set from packages that were manually installed and versions marked for installation, and then build the transitive root set from it by translating all versions reachable from the root set.

For each package P in the transitive root set, we create a boolean literal P. We then translate each version P1, P2, and so on. Translating a version means building a boolean literal for it, e.g. P1, and then translating the dependencies as shown below.

We now need to create two more clauses to satisfy the basic requirements for debs:

  1. If a version is installed, the package is installed; and vice versa. We can encode this requirement for P above as P == atleast({P1,P2}, 1).
  2. There can only be one version installed. We add an additional constraint of the form atmost({P1,P2}, 1).

We also encode the requirements of the operation.

  1. For each package P that is manually installed, add a constraint P.
  2. For each version V that is marked for install, add a constraint V.
  3. For each package P that is marked for removal, add a constraint !P.

Dependencies

Packages in APT have dependencies of two basic forms: Depends and Conflicts, as well as variations like Breaks (identical to Conflicts in solving terms), and Recommends (soft Depends) - we’ll ignore those for now. We’ll discuss Conflicts in the next section.

Let’s take a basic dependency list: A Depends: X|Y, Z. To represent that dependency, we expand each name to a list of versions that can satisfy the dependency, for example X1|X2|Y1, Z1.

Translating this dependency list to our Z3 solver, we create boolean variables X1,X2,Y1,Z1 and define two rules:

  1. A implies atleast({X1,X2,Y1}, 1)
  2. A implies atleast({Z1}, 1)

If there actually was nothing that satisfied the Z requirement, we’d have added a rule not A. It would be possible to simply not tell Z3 about the version at all as an optimization, but that adds more complexity, and the not A constraint should not cause too many problems.

Conflicts

Conflicts cannot have or in them. A dependency B Conflicts: X, Y means that only one of B, X, and Y can be installed. We can directly encode this in Z3 by using the constraint atmost({B,X,Y}, 1). This is an optimized encoding of the constraint: We could have encoded each conflict in the form !B or !X, !B or !X, and so on. Usually this leads to worse performance as it introduces additional clauses.

Complete example

Let’s assume we start with an empty install and want to install the package a below.

Package: a
Version: 1
Depends: c | b

Package: b
Version: 1

Package: b
Version: 2
Conflicts: x

Package: d
Version: 1

Package: x
Version: 1

The translation in Z3 rules looks like this:

  1. Package rules for a:
    1. a == atleast({a1}, 1) - package is installed iff one version is
    2. atmost({a1}, 1) - only one version may be installed
    3. a – a must be installed
  2. Dependency rules for a
    1. implies(a1, atleast({b2, b1}, 1)) – the translated dependency above. note that c is gone, it’s not reachable.
  3. Package rules for b:
    1. b == atleast({b1,b2}, 1) - package is installed iff one version is
    2. atmost({b1, b2}, 1) - only one version may be installed
  4. Dependencies for b (= 2):
    1. atmost({b2, x1}, 1) - the conflicts between x and b = 2 above
  5. Package rules for x:
    1. x == atleast({x1}, 1) - package is installed iff one version is
    2. atmost({x1}, 1) - only one version may be installed

The package d is not translated, as it is not reachable from the root set {a1}, the transitive root set is {a1,b1,b2,x1}.

Next iteration: Optimization

We have now constructed the basic set of rules that allows us to solve solve our dependency problems (equivalent to SAT), however it might lead to suboptimal solutions where it removes automatically installed packages, or installs more packages than necessary, to name a few examples.

In our next iteration, we have to look at introducing optimization; for example, have the minimum number of removals, the minimal number of changed packages, or satisfy as many recommends as possible. We will also look at the upgrade problem (upgrade as many packages as possible), the autoremove problem (remove as many automatically installed packages as possible).

on November 21, 2021 07:49 PM

November 15, 2021

Full Circle Weekly News #235

Full Circle Magazine


Apache OpenMeetings 6.2 available:
https://blogs.apache.org/openmeetings/entry/openmeetings-v6-2-0-openapi

Vaultwarden 1.23, released:
https://github.com/dani-garcia/vaultwarden

Blender Community Releases Sprite Fright Animated Movie:
https://www.blender.org/

New release of antiX 21:
https://antixlinux.com/antix-21-grup-yorum-released/

Release of MPV 0.34:
http://mpv.io/

Fedora Linux 35 Distribution Released:
https://fedoramagazine.org/announcing-fedora-35/

OpenSUSE Leap 15.3-2 First Quarterly Update Available:
https://news.opensuse.org/2021/11/02/leaps-first-quarterly-update-is-released/

Canonical unveils Intel-optimized Ubuntu builds:
https://ubuntu.com//blog/ubuntu-optimised-for-intel-processors-accelerates-adoption-of-iot-innovations

Release of Asterisk 19 communication platform and FreePBX 16 distribution
https://www.asterisk.org/asterisk-news/asterisk-19-0-0-now-available/

Red Hat Enterprise Linux 9 beta testing begins:
https://www.redhat.com/en/blog/red-hat-enterprise-linux-85-beta-now-available

ClamAV 0.104.1 update:
https://blog.clamav.net/2021/11/clamav-01034-and-01041-patch-releases.html

Open source Luau, a type-checking variant of Lua:
https://luau-lang.org/2021/11/03/luau-goes-open-source.html

LXQt 1.0 Graphics Environment Released:
https://github.com/lxqt/lxqt/releases/tag/1.0.0

Tails 4.24 distribution released: 
https://tails.boum.org/news/version_4.24/index.en.html



Credits:
Full Circle Magazine
@fullcirclemag
Host: @bardictriad, @zaivala@hostux.social
Bumper: Canonical
Theme Music: From The Dust - Stardust
https://soundcloud.com/ftdmusic
https://creativecommons.org/licenses/by/4.0/
on November 15, 2021 06:34 PM

November 09, 2021

Should online communities require people to create accounts before participating?

This question has been a source of disagreement among people who start or manage online communities for decades. Requiring accounts makes some sense since users contributing without accounts are a common source of vandalism, harassment, and low quality content. In theory, creating an account can deter these kinds of attacks while still making it pretty quick and easy for newcomers to join. Also, an account requirement seems unlikely to affect contributors who already have accounts and are typically the source of most valuable contributions. Creating accounts might even help community members build deeper relationships and commitments to the group in ways that lead them to stick around longer and contribute more.

In a new paper published in Communication Research, I worked with Aaron Shaw provide an answer. We analyze data from “natural experiments” that occurred when 136 wikis on Fandom.com started requiring user accounts. Although we find strong evidence that the account requirements deterred low quality contributions, this came at a substantial (and usually hidden) cost: a much larger decrease in high quality contributions. Surprisingly, the cost includes “lost” contributions from community members who had accounts already, but whose activity appears to have been catalyzed by the (often low quality) contributions from those without accounts.


A version of this post was first posted on the Community Data Science blog.

The full citation for the paper is: Hill, Benjamin Mako, and Aaron Shaw. 2020. “The Hidden Costs of Requiring Accounts: Quasi-Experimental Evidence from Peer Production.” Communication Research, 48 (6): 771–95. https://doi.org/10.1177/0093650220910345.

If you do not have access to the paywalled journal, please check out this pre-print or get in touch with us. We have also released replication materials for the paper, including all the data and code used to conduct the analysis and compile the paper itself.

on November 09, 2021 07:55 PM

The OpenUk awards reconise and celebrate the best in open tech in the UK over the last year. We have a bunch of awards this year and the shortlists are up. I’ve clerked the judges into tracking down the gossip on all the shortlisted nominees and we do have final winners which will be announced at the ceremony on Thursday evening.

The ceremony is at COP26 in Glasgow, Scotland. This is the UN conference to try to get international agreement on mitigating the worst affects of the climate crisis. We’ll be one of the last events there.

I’ll be making announcement about KDE’s sustainability effort in front of the politicians and tech audience which I’m very excited about.

You can sign up to watch the day event on sustainability in tech. The evening award ceremony will have its video published shortly after the event.

Who’s is nominated I hear you ask?

OpenUK Awards Shortlist 2021

Belonging – sponsored by Osmii

Pride at SUSE – Rob Knight – executive lead and ambassador for “Pride at SUSE”

Red Hat B.U.I.L.D UK&I – Ally Kouao – who set up the UK and Ireland chapter of Red Hat’s Blacks United in Leadership and Diversity (B.U.I.L.D.)

Endless Compute – Endless’ commitment to open source and an inclusive community goes beyond their own work sharing their OS to promote digital inclusion, to sponsoring the creation of the GNOME Community Engagement Awards, promoting bringing people into open source.

Data: 

Open Knowledge Foundation – a global, non-profit network that promotes and shares information at no charge, including both content and data

Viæ Regiæ project – Viæ Regiæ project aims to extract data on early modern transport networks from historic maps and documents in Britain

Code the City – is dedciated to the use of tech and data for civic good

Hardware – sponsored by The Stack

Lime Micro – Lime Micro specialises in field programmable RF (FPRF) transceivers, SDR platforms and ecosystem technology for the next generation of wireless broadband systems.

Gatecat – developer of nextpnr, the open source FPGA place and route tool

DevTank, HILTOP – Tim Telford – Devtank are an open source test and measurement business dedicated to supplying high quality solutions to businesses across many sectors including space, aerospace, telecoms, defence and green energy

Finance – sponsored by FINOS

Starling Bank – Starling Bank has built its business on open source software

Wise – open source technologies: MariaDB, Envoy and Orchestrator

Software – sponsored by GitLab

Royal College of Paediatrics and Child Health – Their Child Health Digital Growth API wraps all complexity the of child growth in a simple REST API

The Herald Proximity Project – creates an opensource and privacy focused Proximity Measurement and Digital Contact Tracing solution

Open Health Hub – runs an open forum, which provides the only completely independent, open internet-facing, and free place to discuss health technology in the UK’s four NHSes

Sustainability – sponsored by Centre for Net Zero

Turing Institute – The Turing Way – The Turing Way is an open-source project that involves and supports its diverse community to make data science reproducible, ethical, collaborative and inclusive for everyone.

Icebreaker One – an independent, non-partisan non-profit with global reach, which aims to influence investment decisions of $3.6T/year to deliver net-zero by 2030

DevTank, Open Smart Monitor – Tim Telford – an open source test and measurement business

Individual – sponsored by Open Source Connections 

Catherine Stihler – Chief Executive Officer of the Open Knowledge Foundation

Kevin Mayfield – an integral part of the Open Health Hub

Cheryl Hung – VP ecosystem at the Cloud Native Foundation

Young Person (under 25) – sponsored by JetStack

Lowena Hull – Lowena has been volunteering and speaking at events to promote girls in technology

Samuel Van Stroud – Turing Data Stories has the goal of developing an open-source platform that enhances the understanding of the world around us through

Paul Ogbonoko Owoicho – PhD candidate who researches Mixed-Initiative interaction for Conversational Search System

See you there!

on November 09, 2021 06:40 PM

November 05, 2021

Bug Bounty Bootcamp (Amazon, No Starch Press) by Vickie Li is one of No Starch Press’s newest offerings in the security space. The alliterative title is also the best three word summary I could possibly offer of the book – it is clearly focused on getting the reader into a position to participate in Bug Bounties from the first page to the last. This differentiates this book well against other web security books, despite covering many of the same vulnerabilities.

Note: I was provided an early access copy of Bug Bounty Bootcamp by the publisher for review, but they had no editorial input. All of the opinions in this review are my own.

The first couple of chapters provide an introduction to the Bug Bounty space, helping the reader to understand the role of bounties in the overall security program of a company, selecting a bounty to participate in, and how the programs are managed in different situations. It also does a fairly good job of setting expectations for new bounty participants, but I think it might be a little bit on the optimistic side for some that are newer to the space.

The second part of the book covers some foundational knowledge and tooling setup, as well as performing reconnaissance on the target environment. The recon section feels a little light because there are so many situational approaches out there, but for a beginner, it will be a good start. As one gets more experienced, you will need to recognize that there are a lot of other sources of information and incorporating them into your methodology will improve your coverage. (And hopefully also your findings.)

In the third part, Vickie describes a wide of vulnerability types that may be found in common web applications. Obviously, it is not possible to cover every vulnerability and edge case, but the vulnerabilities described cover the vast majority of findings that I have found or seen reported in web applications. 16 Chapters cover a wide variety of vulnerability classes – so many that it may feel overwhelming to newcomers, so I’d suggest picking a subset of classes to start testing for at first. This will give you time to get comfortable with the process and tooling for testing.

Chapter 17, which covers logic errors and broken access control, in particular, is one that I think all web developers should read. (In addition, of course, to bug bounty hunters.) These bugs are pervasive and essentially impossible for better frameworks, web application firewalls, or automated tooling to mitigate because they require an understanding of the underlying business logic in addition to the technical understanding of vulnerability classes.

The fourth, and final, part of this book collects what Vickie refers to as “Expert Techniques”. While they are an extension of other techniques to cover more surface, I think these can be applied even by those with less experience in the field. In particular, covering API and Android apps is a rather natural extension of web security, as most of these are just HTTP APIs with a nice facade on them. Fuzzing is a bit more advanced and further afield, but she provides a nice introduction to them in the final chapter of the book. These chapters do have a bit of a “supplemental” feel to them, and those brand new to security may wish to return to them after gaining some experience with the other vulnerabilities covered and the tooling involved.

I do recommend that more individuals looking to have success in bug bounty programs consider understanding APIs and mobile applications, as these attack surfaces seem to be far less covered, leading to more opportunities to be the first discoverer of a bug. It’s very nice to see that these are covered here, as bug bounty coverage is often “web only”.

This book does bear some similarities to No Starch’s own Real-World Bug Hunting, but it also stands its own ground. Real-World Bug Hunting focuses almost entirely just on the vulnerability classes, while Bug Bounty Bootcamp has a lot more content about automating reconnaisance, integrating a lifecycle for ongoing testing of the same properties, and supplementing your tooling with your own scripting and development. If you have the time, I can handily recommend reading both of these resources. If you’re only going to read one, and your predominant interest is success in Bug Bounties, I think Bug Bounty Bootcamp will do a better job of preparing you for that.

Readers who are interested in full-time roles doing security assessment as opposed to just bug bounties – such as penetration testers or application security engineers – may still find this book useful, but will want to supplement their approach with more traditional resources. A good compliment might be The Web Application Hacker’s Handbook. This is not a negative of the book (as it never claimed to be anything beyond the bug bounty space) but is still something for readers to be aware of depending on their personal goals and roles.

Bug Bounty Bootcamp is a great resource for those who want to participate in Bug Bounties because it not only teaches you about the technical aspects, but helps you develop a methodology and sustain your testing. Some technology knowledge is assumed, but it does a solid job of describing the relevant vulnerability types from first principles, so it can be a strong resource for those new to the security space. The writing style is clear and to the point.

on November 05, 2021 07:00 AM

November 03, 2021

Ever considered doing research about online communities, free culture/software, and peer production full time? It’s PhD admission season and my research group—the Community Data Science Collective—is doing an open-to-anyone Q&A about PhD admissions this Friday November 5th. We’ve got room in the session and its not too late to sign up to join us!

The session will be a good opportunity to hear from and talk to faculty recruiting students to our various programs at the University of Washington, Purdue, and Northwestern and to talk with current and previous students in the group.

I am hoping to admit at least one new PhD advisee to the Department of Communication at UW this year (maybe more) and am currently co-advising (and/or have previously co-advised) students in UW’s Allen School of Computer Science & Engineering, Department of Human-Centered Design & Engineering, and Information School.

One thing to keep in mind is that my primary/home department—Communication—has a deadline for PhD applications of November 15th this year.

The registration deadline for the Q&A session is listed as today but we’ll do what we can to sneak you in even if you register late. That said, please do register ASAP so we can get you the link to the session!

on November 03, 2021 07:11 AM

November 01, 2021

Here’s my (twenty-fifth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

Debian

This was my 34th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

Just churning through the backlog again this month. Ugh.

Anyway, I did the following stuff in Debian:

Uploads and bug fixes:

Hah, as a surprise, I did no uploads or bug fixes this month. :(

Other $things:

  • Mentoring for newcomers.
  • Moderation of -project mailing list.

Ubuntu

This was my 9th month of actively contributing to Ubuntu. Now that I’ve joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

I mostly worked on different things, I guess.

I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from next year onward, as I was doing before. :D


Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

This was my twenty-fifth month as a Debian LTS and sixteenth month as a Debian ELTS paid contributor.
I was assigned 28.50 hours for LTS and 40.00 hours for ELTS and worked on the following things:
(however, I only worked for 35h on ELTS work, thereby, carrying over a few hours.)

LTS CVE Fixes and Announcements:

  • Issued DLA 2780-1, fixing CVE-2021-31799, CVE-2021-31810, and CVE-2021-32066, for ruby2.3.
    For Debian 9 stretch, these problems have been fixed in version 2.3.3-1+deb9u10.
  • Issued DLA 2743-2, fixing CVE-2017-5715, for amd64-microcode.
    For Debian 9 stretch, these problems have been fixed in version 3.20181128.1~deb9u2.
    This update took the most time as this had to be co-ordinated w/ multiple people and teams. But finally got this sorted! \o/
  • Issued DLA 2808-1, fixing CVE-2021-3733 and CVE-2021-3737, for python3.5.
    For Debian 9 stretch, these problems have been fixed in version 3.5.3-1+deb9u5.
  • Prepped the debian-archive-keyring update, however the build fails because of Jonathan’s GPG keys. Wrote to the list and Jonathan replied that they’ll prep a branch that I can land later. So waiting on that.

ELTS CVE Fixes and Announcements:

  • Issued ELA 510-1, fixing CVE-2021-3426, CVE-2021-3733, and CVE-2021-3737, for python3.4.
    For Debian 8 jessie, these problems have been fixed in version 3.4.2-1+deb8u11.
  • Issued ELA 513-1, fixing CVE-2021-33829 and CVE-2021-37695, for ckeditor.
    For Debian 8 jessie, these problems have been fixed in version 4.4.4+dfsg1-3+deb8u1.
  • Took a look at jsoup again. Post-discussion, the customer did not revert, so we decided to ignore the CVEs.
  • Worked on openssh’s reported regression (via LP: #1934501) and found that Debian jessie, stretch, buster, and bullseye aren’t affected. Informed the security team as well (whom I woked along with). Given that all seemed in order, we decided to postpone the new CVE since that was a minor issue which can be piggy-backed later with a more severe issue.
  • Co-ordinated with Abhijith who unclaimed ntfs-3g and started working on the update. A high number of CVEs are open. Work still in progress.

Other (E)LTS Work:

  • Front-desk duty from 27-09 to 03-10 and 25-10 to 31-10 for both LTS and ELTS.
  • Triaged rpm, npm, nltk, request-tracker4, ros-ros-comm, mediawiki, ruby2.1, ckeditor, ntfs-3g, jsoup, udisks2, libgit2, python3.5, python3.4, and openssh.
  • Mark CVE-2021-3521/rpm as postponed for stretch and jessie.
  • Mark CVE-2021-3913{4,5}/npm as no-dsa.
  • Mark CVE-2021-3828/nltk as no-dsa for stretch.
  • Mark CVE-2021-38562/request-tracker4 as no-dsa for stretch.
  • Mark CVE-2021-37146/ros-ros-comm as no-dsa for stretch.
  • Mark CVE-2021-28965/ruby2.1 as ignored for jessie.
  • Mark CVE-2021-37714/jsoup as ignored for jessie.
  • Mark CVE-2021-41617/openssh as no-dsa for jessie.
  • Auto EOL’ed ardour, nltk, request-tracker4, python-scrapy, webkit2gtk, and linux for jessie.
  • Drop wordpress from dla-needed for stretch and jessie. No update needed.
  • Attended monthly Debian LTS meeting.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • General and other discussions on LTS private and public mailing list.

Until next time.
:wq for today.

on November 01, 2021 05:41 AM

October 28, 2021

This week sees COP26, the UN conference which is probably the last chance for humanity to mitigate the worse effects of the climate emergency.

At Akademy earlier this year KDE had a talk about Towards Sustainable Computing. Open tech can make a difference.

OpenUK will be hosting a venue on 11 November with a day of events about sustainability with technology emphasising why open tech is the most effective way to do that.

Sessions include an opening from former government minister Francis Maude, Launch of the OpenUK Consortium Data Centre Blueprint, Open Collaboration Opening Sustainability led by Red Hat, Opening Up the Energy Sector, building the Sustainable Open Future for the UK.

In the evening I’ll be hosting the OpenUK awards 2021, showcasing and recognising the best people and organisations for open tech in the UK.

Do join us online for the streaming of the event Join us Digitally on 11 November

on October 28, 2021 01:15 PM

October 21, 2021

https://www.mixcloud.com/dholbach/dj-support-gitops-one-stop-shop-event-oct-2021/

In my day job (in the IT world) we staged an online event in Oct 2021. As with past events like these, it makes the event a lot more fun if you have music in between quite technical talks and folks can get up from your desk and dance while you grab a new cup of tea.

On Mixcloud it’s my first mix using a DJ controller - it’s a very recent development for me. A lot of fun though. I enjoyed the whole event, but it was also sensory overload as I was watching 3 laptops to e.g. catch cues when new speakers would come on or if there was audience feedback, so excuse these moments of distraction - along with the breaks! I’ll get a distraction-free mix out soon again - promise! So without further ado, here’s the music folks from the event as people asked for it. Enjoy!

  1. jiony - Sincretismo
  2. Notorious B.I.G. - Hypnotize (Benedikt Frey Edit)
  3. okuma - Garnatxa
  4. Daniel Hokum - Burn (Paul Traeumer’s Shuffled Remix)
  5. Johannes Klingebiel - Latewood
  6. Canu, Nu, Alejandro Castelli - Mariposa (Viken Arman Remix)
  7. The Tribe Of Good - Heroes (edit)
  8. Noir & Haze - Around (Solomon remix)

  1. Nachtbraker - Hamdi
  2. Sam Shure - Mirage
  3. Vijay & Sofia Zlatko - Rap A Verse (Cassimm Remix)
  4. Sanoi & Rattler - Walking

  1. Malaa - Paris 96'
  2. Afgo - Someone
  3. Kurd Maverick - Dancing To (Extended Mix)
  4. Efdemin - Just a Track

  1. Andi Otto - Gianna Anna (Paradise Hippies Remix)
  2. Thornato - Chapinero

  1. Tony Adams - Estou Livre
  2. Fibre - I’ll Go Back
  3. Psychemagik - Mink & Shoes feat Navid Izadi
  4. Sam Shure - Mirage
  5. Super Flu - Watching The Stars (Super Flu´s Watching A Piano RMX)
  6. The Sunburst Band - He Is (Jimpster Remix)
on October 21, 2021 08:52 AM

October 20, 2021

Ocelot did it again! The French speaking Ubuntu community is happy to present you his splendid Impish Indri t-shirt. :) You can buy it before the end of October for €15 (+ shipping costs) and receive it at the end of November 2021. You can try to buy it later but it will be more expensive and you will not have any garanty of stock.

on October 20, 2021 10:10 PM

We are pleased to announce that Plasma 5.23.1 is now available in our backports PPA for Kubuntu 21.10 (Impish Indri).

The release announcement detailing the new features and improvements in Plasma 5.23 can be found here.

To upgrade:

Add the following repository to your software sources list:

ppa:kubuntu-ppa/backports

or if it is already added, the updates should become available via your preferred update method.

The PPA can be added manually in the Konsole terminal with the command:

sudo add-apt-repository ppa:kubuntu-ppa/backports

and packages then updated with

sudo apt full-upgrade

IMPORTANT

Please note that more bugfix releases are scheduled by KDE for Plasma 5.23, so while we feel these backports will be beneficial to enthusiastic adopters, users wanting to use a Plasma release with more rounds of stabilisation/bugfixes ‘baked in’ may find it advisable to stay with Plasma 5.22 as included in the original 21.10 (Impish Indri) release.

The Kubuntu Backports PPA for 21.10 also currently contains newer versions of KDE Gear (formerly Applications) and other KDE software. The PPA will also continue to receive updated versions of KDE packages other than Plasma, for example KDE Frameworks.

Issues with Plasma itself can be reported on the KDE bugtracker [1]. In the case of packaging or other issues, please provide feedback on our mailing list [2], IRC [3], and/or file a bug against our PPA packages [4].

1. KDE bugtracker: https://bugs.kde.org
2. Kubuntu-devel mailing list: https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel
3. Kubuntu IRC channels: #kubuntu & #kubuntu-devel on irc.libera.chat
4. Kubuntu ppa bugs: https://bugs.launchpad.net/kubuntu-ppa

on October 20, 2021 07:18 PM

October 17, 2021

Xubuntu 21.10 Released

Xubuntu 21.10 "Impish Indri" was released on October 14, 2021. Check out the release announcement and release notes. I&aposve expanded on both below.

New Features

GNOME Disk Usage Analyzer

GNOME Disk Usage Analyzer (baobab) scans folders, devices, and remote locations to provide an in-depth report on disk usage. It can quickly identify large files and folders wasting disk space and enable users to act on them. A tree-like and graphical representation are used to display disk usage.

Xubuntu 21.10 ReleasedDisk Usage Analyzer makes it much easier to recover lost disk space.

GNOME Disks

GNOME Disks provides an easy way to inspect, format, partition, and configure disks. You can view SMART data, manage devices, benchmark physical disks, and image flash drives using GNOME Disks. Another benefit is that it can mount partitions on-demand or automatically.

Xubuntu 21.10 ReleasedGNOME Disks is an all-in-one solution for managing physical disks and partitions.

Rhythmbox

Rhythmbox is a music-playing application. It features a media library, podcast feeds, and live internet radio stations. It integrates with the Xfce PulseAudio Plugin in Xubuntu, controlling playback and granting easy access to recent playlists. Xubuntu ships with the Alternative Toolbar plugin enabled, making the application layout fit in with the rest of the desktop. Additionally, the Music key on multimedia keyboards will now launch Rhythmbox instead of Parole.

Super Key Support

The Super (or Windows) key will now reveal the application menu, similar to Windows and other desktop environments. This is possible thanks to the inclusion of xcape. xcape is used to configure modifier keys to act as other keys when pressed. For Xubuntu, the left Super key is now mapped to trigger the Ctrl+Escape key combination used for the Whisker Menu. For a peek into the technical reason for this workaround, please see the upstream Xfce bug.

The Super key now works exactly as you&aposd expect.

PipeWire

PipeWire is now included in Xubuntu and the other flavors. PipeWire is a project that improves audio and video handling in Linux. It is used alongside PulseAudio to significantly improve hardware support, particularly for Bluetooth audio devices. For regular usage, PipeWire quietly works in the background. Audio devices are still controlled through the Xfce PulseAudio Plugin and PulseAudio Volume Control (pavucontrol).

Pidgin Removal

Pidgin, “the universal chat client,” is no longer included in Xubuntu. Due to an increasing number of chat services moving to proprietary and restricted protocols, the overall usefulness of Pidgin has diminished significantly over the years. However, if you still use Pidgin, it can be installed from the repository.

Late Night Linux Extra episode 32 featured Gary Kramlich, the lead Pidgin maintainer. In this episode, Gary explained that while many of these services are no longer available within Pidgin by default, existing plugins enable support for those services. Unfortunately, many plugins change rapidly, making it impossible to keep them packaged and up-to-date in Ubuntu.

UX Updates

In continuing our keyboard shortcut clean-up, the long-obsoleted Super+{1,2,3,4} shortcuts were removed. These shortcuts go way back to when Xubuntu had a two-panel layout and launched the first four pinned applications. For a complete list of keyboard shortcuts, click here.

We also made a minor change to our Thunar defaults, updating the title bar to always display the full path of the current directory. This should make navigating and managing the filesystem easier with multiple open windows.

Xubuntu 21.10 ReleasedGo layers deep in your filesystem and never forget where you are with the full path displayed in Thunar at all times.

About the Xubuntu Versions

Xubuntu has three installable versions. Using the main ISO (2.0G), you can pick from the Normal or Minimal installation option, whereas Xubuntu Core (1.0G) will result in a much smaller installation size. Normal includes everything you need to be productive and have fun with Xubuntu. Meanwhile, Minimal and Core are designed to provide the bare essentials, enabling you to tailor Xubuntu to your needs.

Xubuntu 21.10 ReleasedWhen installing from the main ISO, you have an option to perform a "Normal" or "Minimal" installation.

Core and Minimal seem to have the same purpose, but Core has a few advantages. For one, the download size is much smaller and more accessible for those with limited connectivity options. Second, the install size is quite a bit smaller due to how the different versions work. Core installs only the minimal set of packages. Minimal first installs the Normal Xubuntu version and then removes the excess packages. Unfortunately, it’s impossible to reliably identify and remove all of the extra packages, so you end up with another 1.0G of bloat.

Xubuntu 21.10 ReleasedSave nearly 2.0G of disk space by opting for the Xubuntu Core version.

You can learn more about Xubuntu Core here or view the spreadsheet I put together with the package and memory differences here.

Wrapping Up

Xubuntu 21.10 features the work of numerous contributors from the Xfce, GNOME, MATE, Ubuntu, and Debian communities. If you&aposd like to contribute, check out the following links:

Next up, we have the 22.04 "Jammy Jellyfish" LTS cycle. The next six months will be focused primarily on bug fixes and other improvements, building a solid LTS foundation for the next three years. As it is an LTS, we&aposll be running a Wallpaper Contest again, so keep an eye on the Xubuntu website and Twitter for updates.

on October 17, 2021 02:30 PM

October 15, 2021


The Kubuntu Team is happy to announce that Kubuntu 21.10 has been released, featuring the ‘beautiful’ KDE Plasma 5.22: simple by default, powerful when needed.

Codenamed “Impish Indri”, Kubuntu 21.10 continues our tradition of giving you Friendly Computing by integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution.

The team has been hard at work through this cycle, introducing new features and fixing bugs.

Under the hood, there have been updates to many core packages, including a new 5.13-based kernel, KDE Frameworks 5.86, KDE Plasma 5.22 and KDE Gear 21.08.

Kubuntu 21.10 Desktop Image

Kubuntu has seen many updates for other applications, both in our default install, and installable from the Ubuntu archive.

Krita, Kdevelop, Yakuake, and many many more applications are updated.

Applications for core day to day usage are included and updated, such as Firefox, VLC and Libreoffice.

For a list of other application updates, and known bugs be sure to read our release notes.

Download Kubuntu 21.10, or learn how to upgrade from 21.04.

Note: For upgrades from 21.04, there may a delay of a few hrs to days between the official release announcements and the Ubuntu Release Team enabling upgrades.

on October 15, 2021 04:57 PM

The Ubuntu OpenStack team at Canonical is pleased to announce the general
availability of OpenStack Xena on Ubuntu 21.10 (Impish Indri) and Ubuntu
20.04 LTS (Focal Fossa) via the Ubuntu Cloud Archive. Details of the Xena
release can be found at: https://www.openstack.org/software/xena

To get access to the Ubuntu Xena packages:

Ubuntu 21.10

OpenStack Xena is available by default for installation on Ubuntu 21.10.

Ubuntu 20.04 LTS

The Ubuntu Cloud Archive for OpenStack Xena can be enabled on Ubuntu
20.04 by running the following command:

sudo add-apt-repository cloud-archive:xena

What’s included?

aodh, barbican, ceilometer, ceph (16.2.6), cinder, designate,
designate-dashboard, dpdk (20.11.3), glance, gnocchi, heat,
heat-dashboard, horizon, ironic, ironic-ui, keystone, magnum,
magnum-ui, manila, manila-ui, masakari, mistral, murano,
murano-dashboard, networking-arista, networking-bagpipe,
networking-baremetal, networking-bgpvpn, networking-hyperv,
networking-l2gw, networking-mlnx, networking-odl, networking-sfc,
neutron, neutron-dynamic-routing, neutron-vpnaas, nova, octavia,
octavia-dashboard, openstack-trove, openvswitch (2.16.0),
ovn (21.09.0), ovn-octavia-provider, placement, sahara,
sahara-dashboard, senlin, swift, trove-dashboard, vmware-nsx,vitrage, watcher, watcher-dashboard, zaqar, and zaqar-ui.

For a full list of packages and versions, please refer to:
https://openstack-ci-reports.ubuntu.com/reports/cloud-archive/xena_versions.html

Known issues

OVN 21.09.0 coming soon:
https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1947003

Reporting bugs

If you have any issues please report bugs using the ‘ubuntu-bug’ tool to
ensure that bugs get logged in the right place in Launchpad:

sudo ubuntu-bug nova-conductor

Thank you to everyone who contributed to OpenStack Xena!

Corey
(on behalf of the Ubuntu OpenStack Engineering team)

on October 15, 2021 03:06 PM

The Xubuntu team is happy to announce the immediate release of Xubuntu 21.10.

Xubuntu 21.10, codenamed Impish Indri, is a regular release and will be supported for 9 months, until June 2022. If you need a stable environment with longer support time we recommend that you use Xubuntu 20.04 LTS instead.

The final release images are available as torrents and direct downloads from xubuntu.org/download/.

As the main server might be busy in the first few days after the release, we recommend using the torrents if possible.

Xubuntu Core, our minimal ISO edition, is available to download from unit193.net/xubuntu/core/ [torrent]. Find out more about Xubuntu Core here.

We’d like to thank everybody who contributed to this release of Xubuntu!

Highlights and Known Issues

Highlights

  • New Software: Xubuntu now comes pre-installed with GNOME Disk Analyzer, GNOME Disk Utility, and Rhythmbox. Disk Analyzer and Disk Utility make it easier to monitor and manage your partitions. Rhythmbox enables music playback with a dedicated media library.
  • Pipewire: Pipewire is now included in Xubuntu, and is used in conjunction with PulseAudio to improve audio playback and hardware support in Linux.
  • Keyboard Shortcuts: The Super (Windows) key will now reveal the applications menu. Existing Super+ keyboard shortcuts are unaffected.

Known Issues

  • The shutdown prompt may not be displayed at the end of the installation. Instead you might just see a Xubuntu logo, a black screen with an underscore in the upper left hand corner, or just a black screen. Press Enter and the system will reboot into the installed environment. (LP: #1944519)

For more obscure known issues, information on affecting bugs, bug fixes, and a list of new package versions, please refer to the Xubuntu Release Notes.

The main Ubuntu Release Notes cover many of the other packages we carry and more generic issues.

Support

For support with the release, navigate to Help & Support for a complete list of methods to get help.

on October 15, 2021 11:49 AM
Ubuntu 21.10 Is released. https://releases.ubuntu.com/21.10/ https://youtu.be/pQBL0dDYWxI Estimate: 10 Min Play Speed: x4
on October 15, 2021 04:48 AM
Featured News Ubuntu Ubuntu 21.10 ကတော့ မကြာသေးခင်က ထွက်ရှိထားတဲ့ Gnome 40, GCC11 နဲ့ Flutter toolkit ပိုင်း စုံစုံလင်လင်နဲ့ ထွက်ရှိလာတော့မှာပဲဖြစ်ပါတယ် Release Dates Beta release: 23rd September Release Candidate: 7th October Final Release: 14th October Ubuntu 21.10 codename – ‘Impish Indri’ လို့ အမည်ပေးထားပါတယ်. New Features တွေ ဘာတွေပါ၀င်လာမလဲ Official feature list အနေနဲ့ တိတိကျကျ ထွက်မလာသေးပေမဲ့လည်း ပါ၀င်လာနိုင်တဲ့ features တွေကတော့ 1. Gnome 40 […]
on October 15, 2021 04:42 AM

October 14, 2021

Thanks to all the hard work from our contributors, Lubuntu 21.10 has been released. With the codename Impish Indri, Lubuntu 21.10 is the 21st release of Lubuntu, the seventh release of Lubuntu with LXQt as the default desktop environment. Support lifespan Lubuntu 21.10 will be supported for 9 months until July 2022. Our main focus […]
on October 14, 2021 05:57 PM

The Ubuntu Studio team is pleased to announce the release of Ubuntu Studio 21.10, code-named “Impish Indri”. This marks Ubuntu Studio’s 30th release. This release is a regular release, and as such it is supported for nine months until July 2022.

Since it’s just out, you may experience some issues, so you might want to wait a bit before upgrading. Please see the release notes for a complete list of changes and known issues.

You can download Ubuntu Studio 21.10 from our download page.

If you find Ubuntu Studio useful, please consider making a contribution.

Upgrading

Due to the change in desktop environment that started after the release of 20.04 LTS, direct upgrades from supported releases prior to 21.04 are not supported.

We have had anecdotal reports of successful upgrades from 20.04 LTS (Xfce desktop) to later releases (Plasma desktop), but this will remain at your own risk.

Instructions for upgrading are included in the release notes.

New This Release

This release includes Plasma 5.22.5, the full-featured desktop environment made by KDE. The theming uses the Materia theme and icons are Papirus icons.

Audio

Studio Controls has seen further development as its own independent project and has been updated to version 2.2.7. This version has an all-new layout and features, including JACK over network and MIDI over network.

Ardour 6.9

Ardour has been updated to version 6.9 and includes a ton of bugfixes and enhancements. For more information, check out the official release announcement.

Other Notable Updates

Carla has been upgraded to version 2.4.0 Full release announcement at kx.studio.

Video

OBS Studio

Included this cycle is OBS Studio 27.0.1, which includes support for the upcoming (currently experimental) Wayland compositor via PipeWire. More information at the official release announcement.

For those that would like to use the advanced audio processing power of JACK with OBS Studio, OBS Studio is JACK-aware!

More Updates

There are many more updates not covered here but are mentioned in the Release Notes. We highly recommend reading those release notes so you know what has been updated and know any known issues that you may encounter.

Get Involved!

A great way to contribute is to get involved with the project directly! We’re always looking for new volunteers to help with packaging, documentation, tutorials, user support, and MORE! Check out all the ways you can contribute!

Special Thanks

Huge special thanks for this release go to:

  • Len Ovens: Studio Controls, Ubuntu Studio Installer, Coding
  • Thomas Ward: Packaging, Ubuntu Core Developer for Ubuntu Studio
  • Eylul Dogruel: Artwork, Graphics Design, Website Lead
  • Ross Gammon: Upstream Debian Developer, Guidance, Testing
  • Sebastien Ramacher: Upstream Debian Developer
  • Dennis Braun: Debian Package Maintainer
  • Rik Mills: Kubuntu Council Member, help with Plasma desktop
  • Mauro Gaspari: Tutorials, Promotion, and Documentation, Testing
  • Brian Hechinger: Testing and bug reporting
  • Chris Erswell: Testing and bug reporting
  • Robert Van Den Berg: Testing and bug reporting, IRC Support
  • Krytarik Raido: IRC Moderator, Mailing List Moderator
  • Erich Eickmeyer: Project Leader, Packaging, Direction, Treasurer
on October 14, 2021 05:05 PM

The significant change in Ubuntu MATE 21.10 is the introduction of MATE Desktop 1.26.0 ✨ which was 18 months in the making. Thanks to the optimisations in MATE Desktop 1.26, Ubuntu MATE 21.10 is faster and leaner 💪

Ubuntu MATE 21.10 Ubuntu MATE 21.10 (Impish Indri).

What changed since the Ubuntu MATE 21.04?

Here are the highlights of what’s changed since the release of Hirsute Hippo 🦛

MATE Desktop 🧉

A significant effort 😅 has been invested in fixing bugs 🐛 in MATE Desktop 1.26.0, optimising performance ⚡ and plugging memory leaks. MATE Desktop is faster and leaner as a result and it’s underpinnings have been modernised and updated. This last point mostly benefits developers working on MATE, but is important to highlight to users at it demonstrates MATE Desktop is being maintained to ensure it’s longevity.

Here are some of the other quality of life 💌 improvements in MATE Desktop 1.26:

  • The Control Center features:
    • Improved Window Preferences dialog with a more comprehensive window behaviour and placement options presented.
    • Display preferences now has an option for discrete display scaling.
    • Power Manager has a new option to enable keyboard dimming.
    • Notifications now support for hyperlinks.
  • Caja can format drives and has a new Bookmarks sidebar.
  • Caja Actions, which allows you to add arbitrary programs to be launched through the context menu, is now part of the Desktop.
  • Calculator now uses GNU MPFR/MPC for high precision, faster computation and additional functions.
  • Pluma has a new mini map instant overview, a grid background to turn Pluma into a writing pad and the preferences have been redesigned.
  • Atril is much faster scrolling through large documents and the memory footprint has been reduced.
  • Engrampa, the archive manager, now supports EPUB, ARC and encrypted RAR files.
  • Marco, the windows manager:
    • Correctly restores minimised windows to their original position.
    • Thumbnail window previews support HiDPI.
  • Netspeed applet shows more information about your network interfaces.

While MATE Desktop is not completely ready for Wayland just yet, 1.26.0 represents a significant stepping stone towards that objective with most of the MATE Desktop being able to run on a Wayland compositor. 👍

Ubuntu MATE Enhancements

Ubuntu MATE has tweaked 🔧 the default desktop configuration slighty:

  • Image Extrapolation and Interpolation is disabled by default in Eye of MATE to make image viewing faster and image quality sharper.
  • The Alt-Tab pop-up is now expanded to fit long window titles.
  • If you use the Mutiny layout, session loading is now faster.

Guest Session

Once in a while a friend, family member, or colleague may want to borrow your computer 😱 The Guest Session provides a convenient way, with a high level of security, to lend your computer to someone else. A guest session can be launched either from the login screen or from within a regular session. If you are currently logged in, click the icon at the far right of the menu bar and select Guest Session. This will lock the screen for your own session and start the guest session.

A guest cannot view the home folders of other users, and by default any saved data or changed settings will be removed/reset at logout. It means that each session starts with a fresh environment, unaffected by what previous guests did.

RedShift

RedShift makes a return, after being temporarily removed in Ubuntu MATE 21.04.

Raspberry Pi images

We will be refreshing our Ubuntu MATE images for Raspberry Pi in the coming weeks.

Major Applications

Accompanying MATE Desktop 1.26.0 and Linux 5.13 are Firefox 93.0, Celluloid 0.20, LibreOffice 7.2.1.2

See the Ubuntu 21.10 Release Notes for details of all the changes and improvements that Ubuntu MATE benefits from.

Download Ubuntu MATE 21.10

This new release will be first available for PC/Mac users.

Download

Upgrading from Ubuntu MATE 21.04

You can upgrade to Ubuntu MATE 21.10 from Ubuntu MATE 21.04. Ensure that you have all updates installed for your current version of Ubuntu MATE before you upgrade.

  • Open the “Software & Updates” from the Control Center.
  • Select the 3rd Tab called “Updates”.
  • Set the “Notify me of a new Ubuntu version” drop down menu to “For any new version”.
  • Press Alt+F2 and type in update-manager -c -d into the command box.
  • Update Manager should open up and tell you: New distribution release ‘XX.XX’ is available.
    • If not, you can use /usr/lib/ubuntu-release-upgrader/check-new-release-gtk
  • Click “Upgrade” and follow the on-screen instructions.

There are no offline upgrade options for Ubuntu MATE. Please ensure you have network connectivity to one of the official mirrors or to a locally accessible mirror and follow the instructions above.

Known Issues

Here are the known issues.

Component Problem Workarounds Upstream Links
Plank When snaps update, they disappear from Plank.
Ubuntu Ubiquity slide shows are missing for OEM installs of Ubuntu MATE
VTE gdebi can not install .deb packages

Feedback

Is there anything you can help with or want to be involved in? Maybe you just want to discuss your experiences or ask the maintainers some questions. Please come and talk to us.

on October 14, 2021 02:41 PM

October 07, 2021

Grandma

Stuart Langridge

A couple of weeks ago, my grandma died.

This was not wholly unexpected, and at the same time it was completely unexpected. I should probably explain that.

She was ninety, which is a fair age for anyone, but her mother (my great-grandmother) lived to be even older. What’s different is that nobody knew she was ninety, other than us. Most of her friends were in their mid-seventies. Now, you might be thinking, LOL, old, but this is like you in your mid-forties hanging out with someone who’s 30, or you in your late twenties hanging out with someone who’s 13, or you at eighteen hanging out with someone who’s still learning what letters are. Gaps get narrower as we get older, but the thing that most surprised me was that all her friends were themselves surprised at the age she was. She can’t have been that age, they said when we told them, and buried in there is a subtle compliment: she was like us, and we’re so much younger, and when we’re that much older we won’t be like her.

No. No, you won’t be like my grandma.

I don’t want to talk much about the last few weeks. We, my mum and me, we flew to Ireland in the middle of the night, we sorted out her house and her garden and her affairs and her funeral and her friends and her family, and we came home. All I want to say about it is that, and all I want to say about her is probably best said in the eulogy I wrote and spoke for her death, and I don’t want to say it again.

But (and this is where people in my family should tune out) I thought I’d talk about the website I made for her. Because of course I made a website. You know how some people throw themselves into work to dull the pain when something terrible happens to the people they love? I’m assuming that if you were a metalworker in 1950 and you wanted to handle your grief that a bunch of people got a bunch of metal stuff that you wouldn’t ordinarily have made. Well, I am no metalworker; I build the open web, and I perform, on conference stages or for public perception. So I made a website for my grandma; something that will maybe live on beyond her and maybe say what we thought about her.

Firstly I should say: it’s at kryogenix.org/nell because her name was Nell and I made it. But neither of those things are really true. Her name was Ellen, and what I did was write down what we all said and what we all did to say goodbye. I wanted to capture the words we said while they were still fresh in my memory, but more while how I felt was fresh in my memory. Because in time the cuts will become barely noticeable scars and I’ll be able to think of her not being here without stopping myself crying, and I don’t want to forget. I don’t want to lose it amongst memories of laughter and houses and lights. So I wrote down what we all said right now while I can still feel the hurt of it like fingernails, so maybe I won’t let it fade away.

I want to write some things about the web, but that’s not for this post. This post is to say: goodbye, Grandma.

Goodbye, Grandma. I tried to make a thing that would make people think of you when they looked at it. I wanted people to think of memories of you when they read it. So I made a thing of memories of you, and I spoke about memories of you, and maybe people who knew you will remember you and people who didn’t know you will learn about you from what we all said.

Goodbye, Grandma.

kryogenix.org/nell

on October 07, 2021 09:54 PM

I have a re-purposed AMD64 laptop motherboard, ready to become an experimental Ubuntu Core server.

It's in fine condition. You can see that it boots an Ubuntu LiveUSB's "Try Ubuntu" environment just fine. Attached to the motherboard is a new 60GB SSD for testing. The real server will use a 1TB HDD.

But Ubuntu Core doesn't install on bare metal from a Live USB. It's still easy, though.

1. Boot a "Try Ubuntu" Environment on the target system.

  • Test your network connection. The picture shows a wireless connection. This particular laptop has a wireless chip that is recognized out-of-the box, so I didn't need to get out the long network cable.
  • Test that your storage device works. You can see in the picture that Gnome Disks can see the storage device.

2. Terminal: sudo fdisk -l. Locate the storage device that you want to install Ubuntu Core onto.

  • The entire storage device will be erased.
  • My storage device is at /dev/sda today. It might be different next boot. Yours might be different.

3. Open the web browser and download Ubuntu Core.

4. Write Ubuntu Core to the storage device.

  • Warning: This command will erase your entire storage device. If there is anything valuable on your storage device, then you have skipped too many steps!
    xzcat Downloads/<.img.xz file> | sudo dd of=/dev/<target_storage_device> bs=32M status=progress; sync
  • So mine was
    xzcat Downloads/ubuntu-core-20-amd64.img.xz | sudo dd of=/dev/sda bs=32M status=progress; sync
  • Source: https://ubuntu.com/download/intel-nuc

5. Reboot into Ubuntu Core.

  • When prompted by the "Try Ubuntu" environment, remove the LiveUSB so you are booting from your newly-written storage device.
  • Be patient. My first boot into Ubuntu Core led to a black screen for nearly a minute before the system acknowledged that it actually has been working the entire time.
  • After 3-4 minutes of non-interactive setup alternating between blank screens and scrolling setup output, Ubuntu Core finally asked me two questions:  Which network to connect to, and my Ubuntu SSO e-mail address.
  • Finally, the system rebooted again. This time it didn't ask any question - just displayed the new Ubuntu Core system's IP address.

6. Log into Ubuntu Core.

    On my Desktop:
    me@Desktop:~$ ssh me@192.168.1.x
    Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-77-generic x86_64)
Success: A working Ubuntu Core on bare metal.
on October 07, 2021 09:29 PM

October 04, 2021

Back in March, we asked the HackerNews community, “What do you want to see in Ubuntu 17.10?

A passionate discussion ensued, the results of which are distilled into this post.

In fact, you can see our progress so far this cycle.  We already have a beta code in 17.10 available for your testing for several of those:

And several others have excellent work in progress, and will be complete by 17.10:

In summary -- your feedback matters!  There are hundreds of engineers and designers working for *you* to continue making Ubuntu amazing!

Along with the switch from Unity to GNOME, we’re also reviewing some of the desktop applications we package and ship in Ubuntu.  We’re looking to crowdsource input on your favorite Linux applications across a broad set of classic desktop functionality.

We invite you to contribute by listing the applications you find most useful in Linux in order of preference. To help us parse your input, please copy and paste the following bullets with your preferred apps in Linux desktop environments.  You’re welcome to suggest multiple apps, please just order them prioritized (e.g. Web Browser: Firefox, Chrome, Chromium).  If some of your functionality has moved entirely to the web, please note that too (e.g. Email Client: Gmail web, Office Suite: Office360 web).  If the software isn’t free/open source, please note that (e.g. Music Player: Spotify client non-free).  If I’ve missed a category, please add it in the same format.  If your favorites aren’t packaged for Ubuntu yet, please let us know, as we’re creating hundreds of new snap packages for Ubuntu desktop applications, and we’re keen to learn what key snaps we’re missing.

  • Web Browser: ???
  • Email Client: ???
  • Terminal: ???
  • IDE: ???
  • File manager: ???
  • Basic Text Editor: ???
  • IRC/Messaging Client: ???
  • PDF Reader: ???
  • Office Suite: ???
  • Calendar: ???
  • Video Player: ???
  • Music Player: ???
  • Photo Viewer: ???
  • Screen recording: ???

In the interest of opening this survey as widely as possible, we’ve cross-posted this thread to HackerNews, Reddit, and Slashdot.  We very much look forward to another friendly, energetic, collaborative discussion.

Or, you can fill out the survey here: https://ubu.one/apps1804

Thank you!
On behalf of @Canonical and @Ubuntu
on October 04, 2021 11:02 PM

Here’s a bunch of uploads for September. Mostly catching up with a few things after the Bullseye release.

2021-09-01: Upload package bundlewrap (4.11.2-1) to Debian unstable.

2021-09-01: Upload package calamares (3.2.41.1-1) to Debian unstable.

2021-09-01: Upload package g-disk (1.0.8-2) to Debian unstable (Closes: #993109).

2021-09-01: Upload package bcachefs-tools (0.1+git20201025.742dbbdb-1) to Debian unstable (Closes: #976474).

2021-09-02: Upload package fabulous (0.4.0+dfsg1-1) to Debian unstable (Closes: #983247).

2021-09-02: Upload package feed2toot (0.17-1) to Debian unstable.

2021-09-02: Merge MR!1 for fracplanet.2021-09-02:2021-09-02:

2021-09-02: Upload package fracplanet (0.5.1-6) to Debian unstable (Closes: #980808).

2021-09-02: Upload package toot (0.28.0-1) to Debian unstable.

2021-09-02: Upload package toot (0.28.0-2) to Debian unstable.

2021-09-02: Merge MR!1 for gnome-shell-extension-gamemode.

2021-09-02: Merge MR!1 for gnome-shell-extension-no-annoyance.

2021-09-02: Upload package gnome-shell-extension-no-annoyance (0+20210717-12dc667) to Debian unstable (Closes: #993193).

2021-09-02: Upload package gnome-shell-extension-gamemode (5-2) to Debian unstable.

2021-09-02: Merge MR!2 for gnome-shell-extension-harddisk-led.

2021-09-02: Upload package gnome-shell-extension-pixelsaver (1.24-2) to Debian unstable (Closes: #993195).

2021-09-02: Upload package gnome-shell-extension-dash-to-panel (43-1) to Debian unstable (Closes: #993058, #989546).

2021-09-02: Upload package gnome-shell-extension-harddisk-led (25-1) to Debian unstable (Closes: #993181).

2021-09-02: Upload package gnome-shell-extension-impatience (0.4.5+git20210412-e8e132f-1) to Debian unstable (Closes: #993190).

2021-09-02: Upload package s-tui (1.1.3-1) to Debian unstable.

2021-09-02: Upload package flask-restful (0.3.9-2) to Debian unstable.

2021-09-02: Upload package python-aniso8601 (9.0.1-2) to Debian unstable.

2021-09-03: Sponsor package fonts-jetbrains-mono (2.242+ds-1) for Debian unstable (Debian Mentors request).

2021-09-03: Sponsor package python-toml (0.10.2-1) for Debian unstable (Python team request).

2021-09-03: Sponsor package buildbot (3.3.0-1) for Debian unstable (Python team request).

2021-09-03: Sponsor package python-strictyaml (1.4.4-1) for Debian unstable (Python team request).

2021-09-03: Sponsor package python-absl (0.13.0-1) for Debian unstable (Python team request).

2021-09-03: Merge MR!1 for xabacus.

2021-09-03: Upload package aalib (1.4p5-49) to Debian unstable (Closes: #981503).

2021-09-03: File ROM for gnome-shell-extension-remove-dropdown-arrows (#993577, closing: #993196).

2021-09-03: Upload package bcachefs-tools (0.1+git20210805.6c42566-2) to Debian unstable.

2021-09-05: Upload package tuxpaint (0.9.26-1~exp1) to Debian experimental.

2021-09-05: Upload package tuxpaint-config (0.17rc1-1~exp1) to Debian experimental.

2021-09-05: Upload package tuxpaint-stamps (2021.06.28-1~exp1) to Debian experimental (Closes: #988347).

2021-09-05: Upload package tuxpaint-stamps (2021.06.28-1) to Debian experimental.

2021-09-05: Upload package tuxpaint (0.9.26-1) to Debian unstable (Closes: #942889).

2021-09-06: Merge MR!2 for connectagram.

2021-09-06: Upload package connectagram (1.2.11-2) to Debian unstable.

2021-09-06: Upload package aalib (1.4p5-50) to Debian unstable (Closes: #993729).

2021-09-06: Upload packag gdisk (1.0.8-3) to Debian unstable (Closes: #993732).

2021-09-06: Upload package tuxpaint-config (0.17rc1-1) to Debian unstable.

2021-09-06: Upload package grapefruit (0.1_a3+dfsg-10) to Debian unstable.

2021-09-07: File ROM for gnome-shell-extension-hide-activities ().

2021-09-09: Upload package calamares (3.2.42-1) to Debian unstable.

2021-09-09: Upgraded peertube.debian.social to PeerTube 3.4.0.

2021-09-17: Upload calamares (3.2.43-1) to Debian unstable.

2021-09-28: Upload calamares (3.2.44.2-1) to Debian unstable.

on October 04, 2021 12:50 PM

October 03, 2021

Funding the Xubuntu Development Server

Xubuntu Development Update September 2021

Thanks to the Ubuntu Community Fund, the Xubuntu web server has been funded for another two years. Elizabeth announced the news on Twitter early in September. If you want to sponsor Xubuntu and the other flavors, the community fund is the way to go. Other options are available on the Xubuntu website.

Wallpaper Update

On September 30, Pasi uploaded the new wallpaper for Xubuntu 21.10. This cycle&aposs wallpaper features overlapping teal geometric shapes, continuing the tradition of calm and clean backdrops. The updated xubuntu-artwork package has been submitted and is currently awaiting acceptance into the 21.10 archive.

Xubuntu Development Update September 2021Featuring teal geometric shapes, the Xubuntu 21.10 wallpaper gives off a relaxing vibe.

Package Updates

In September, the Xubuntu packageset saw only a few updates to Xfce and Xubuntu components.

Xubuntu Development Update September 2021Greybird-dark was updated with a much smoother gradient for non-CSD window titlebars, better aligning with the CSD version.

In other package-related (semi-Xubuntu-related) news, Ayatana indicators have replaced the original libappindicator and libindicator in Ubuntu, with the originals demoted from main to universe. libappindicator and libindicator have been removed entirely from Debian.

Xfce 4.17 PPA Update

Xfce 4.18 is still very early in its development, with Xfce 4.17 as its development series. Our Debian package manager, Unit 193, has started publishing Xfce 4.17 builds to the Xubuntu QA Experimental PPA for testing and development. There&aposs not much to see here yet, but if you&aposre curious (and don&apost mind the occasional breakage), check it out! If you prefer not to install bleeding-edge packages on your system, you can also use the XFCE Test docker image to try out the latest changes.

Xubuntu Development Update September 2021Xfce 4.17 packages are now available for 21.10 (featured), 21.04, and 20.04.

Upcoming Dates

If you&aposre following along with the Release Schedule, you know that Xubuntu 21.10 "Impish Indri" is just around the corner! The BETA release notes are up on the Xubuntu Wiki. More than ever, please take the time to test Xubuntu to help us catch some last-minute bugs.

Thanks for reading! Join the conversation with @Xubuntu on Twitter, the Xubuntu Users group on Facebook, or IRC!

on October 03, 2021 10:09 AM

October 01, 2021

Here’s my (twenty-fourth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

Debian

This was my 33rd month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

Just churning through the backlog this month. Ugh.

Anyway, I did the following stuff in Debian:

Uploads and bug fixes:

Hah, as a surprise, I did no uploads or bug fixes this month. :(

Other $things:

  • Mentoring for newcomers.
  • Moderation of -project mailing list.

Ubuntu

This was my 8th month of actively contributing to Ubuntu. Now that I’ve joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

I mostly worked on different things, I guess.

I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from next year onward, as I was doing before. :D


Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

This was my twenty-fourth month as a Debian LTS and twelfth month as a Debian ELTS paid contributor.
I was assigned 24.75 hours for LTS and 40.00 hours for ELTS and worked on the following things:
(however, I worked for 6.75h more on ELTS work, thereby, making a total of 46.75h)

LTS CVE Fixes and Announcements:

  • Issued DLA 2751-1, fixing CVE-2021-3449, for postgresql-9.6.
    For Debian 9 stretch, these problems have been fixed in version 3.20181128.1~deb9u1.
    However, please note that the update was prepped by the maintainer, Christoph Berg. \o/
  • Issued DLA 2777-1, fixing CVE-2020-19131 and CVE-2020-19144, for tiff.
    For Debian 9 stretch, these problems have been fixed in version 4.0.8-2+deb9u7.
  • Still discussing salt DLA/DSA uploads with Fredrico, Damien, and the maintainer.
    I reviewed the patch and it looks good but we’ve been having build issues on buster, so have postponed the update/upload for a bit. Will need a fresh look.
  • Philipp Hann raised the issue for incomplete uploads of amd64-microcode, where the binaries haven’t been pusblished yet.
    I took a look and that seems to be a valid bug/report, I’ve further discussed with the buildd admins and the security team to see what we can do here.
  • Raphael Hertzog raised a bug for debian-archive-keyring, which needs an update prepped for stretch.
    I’ve been looking at the same and mildly prepped the update, but still work-in-progress.

ELTS CVE Fixes and Announcements:

  • Issued ELA 486-1, fixing CVE-2021-3185, for gst-plugins-bad0.10.
    For Debian 8 jessie, these problems have been fixed in version 0.10.23-7.4+deb8u5.
  • Issued ELA 492-1, fixing CVE-2020-19131 and CVE-2020-19144, for tiff.
    For Debian 8 jessie, these problems have been fixed in version 4.0.3-12.3+deb8u12.
  • Issued ELA 495-1, fixing CVE-2021-31799, CVE-2021-31810, and CVE-2021-32066, for ruby2.1.
    For Debian 8 jessie, these problems have been fixed in version 2.1.5-2+deb8u12.
  • Discussed the libjdom1-java regression plausiblity with the security team, where the last uploader forgot to include a regression fix and thus warrants a regression upload now.
    Working on checking the severity w/ upstream to see how urgent it is.
  • Worked on jsoup intensively. Discussed w/ upstream via issue #1627.
    Further checked how plausible this is and discussed this on the internal list w/ Markus and Raphael.
  • Whilst a separate section (below), it’s also worth noting here that this time’s front-desk triages had to be precise as there were really close calls to be made w.r.t. to the decisions made by the Debian’s security and Ubuntu’s security team.
    More on that below.

Other (E)LTS Work:

  • Front-desk duty from 30-08 until 05-09 and 27-09 to 03-10 for both LTS and ELTS.
  • Triaged ffmpeg, git, gpac, inetutils, mc, modsecurity-crs, node-object-path, php-pear, systemd-cron, node-tar, ruby2.3, gst-plugins-bad0.10, ntfs-3g, tiff, wordpress, and openssh.
  • Mark CVE-2021-38171/ffmpeg as postponed for stretch.
  • Mark CVE-2021-40330/git as no-dsa for stretch and jessie.
  • Mark CVE-2020-19481/gpac as ignored for stretch.
  • Mark CVE-2021-40491/inetutils as no-dsa for stretch.
  • Mark CVE-2021-36370/mc as no-dsa for stretch and jessie.
  • Mark CVE-2021-35368/modsecurity-crs as no-dsa for stretch.
  • Mark CVE-2021-23434/node-object-path as end-of-life for stretch.
  • Mark CVE-2021-32610/php-pear as no-dsa for stretch.
  • Mark CVE-2017-9525/systemd-cron as no-dsa for stretch.
  • Mark CVE-2021-37701/node-tar as end-of-life for stretch.
  • Mark CVE-2021-37712/node-tar as end-of-life in stretch.
  • Mark CVE-2021-39201/wordpress as not-affected for jessie.
  • Mark CVE-2020-19143/tiff as not-affected for stretch and jessie.
  • Auto EOL’ed gpac, nltk, request-tracker4, and linux for jessie.
  • Drop wordpress from {d,e}la-needed for stretch and jessie. No update needed.
  • Drop qtbase-opensource-src from dla-needed for stretch. CVE-2020-24742 has the same fix as CVE-2020-0569.
  • A backporting error for CVE-2018-15473 was reported in Ubuntu (and can see the same code differences here). This needs further deeper investigation w/ Ubuntu and Debian security teams involved.
  • Attended monthly Debian LTS meeting.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • General and other discussions on LTS private and public mailing list.

Until next time.
:wq for today.

on October 01, 2021 05:41 AM

September 30, 2021

S14E30 – Final Episode Recorded

Ubuntu Podcast from the UK LoCo

This week we’ve been watching The Matrix, giving up Facebook and buying a new car. We make predictions for the next 14 years, bring you some command line love and go over your feedback to conclude this, the last episode of Ubuntu Podcast ever!

It’s Season 14 Episode 30 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

  • The Ubuntu Podcast After Party

  • We discuss what we’ve been up to recently:
    • Mark has been watching The Matrix.
    • Martin has stopped using Facebook and WhatsApp.
    • Alan has bought a car.
  • We discuss our predictions for the next 14 years!
  • We share some command line lurve:
gotop

View post on imgur.com

btop

btop++

That’s all for this week! If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Toot us or Comment on our Facebook page or comment on our sub-Reddit.

on September 30, 2021 02:00 PM

September 29, 2021

A colleague recently talked me into buying one of these nifty HDMI to USB video capture dongles that allows me to try out my ARM boards attached to my desktop without the need for a separate monitor. Your video output just ends up in a window on your desktop … this is quite a feature for just 11€

The device shows up on Linux as a new /dev/video* device when you plug it in, it also registers in pulseaudio as an audio source. To display the captured output a simple call to mplayer is sufficient, like:

mplayer -ao pulse tv:// -tv driver=v4l2:device=/dev/video2:width=1280:height=720

Now, you might have other video devices (i.e. a webcam) attached to your machine and it will not always be /dev/video2 … so we want a bit of auto-detection to determine the device …

Re-plugging the device while running dmesg -w shows the following:

usb 1-11: new high-speed USB device number 13 using xhci_hcd
usb 1-11: New USB device found, idVendor=534d, idProduct=2109, bcdDevice=21.00
usb 1-11: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 1-11: Product: USB Video
usb 1-11: Manufacturer: MACROSILICON
uvcvideo: Found UVC 1.00 device USB Video (534d:2109)
hid-generic 0003:534D:2109.000C: hiddev2,hidraw7: USB HID v1.10 Device [MACROSILICON USB Video] on usb-0000:00:14.0-11/input4

So our vendor id for the device is 534d … this should help finding the correct device from Linux’ sysfs … lets write a little helper:

VIDEODEV=$(for file in /sys/bus/usb/devices/*/idVendor; do 
  if grep -q 534d $file 2>/dev/null; then 
    ls $(echo $file| sed 's/idVendor/*/')/video4linux; 
  fi;
done | sort |head -1)

Running this snippet in a terminal and echoing $VIDEODEV now puts out “video2”, this is something we can work with … lets put both of the above together into one script:

#! /bin/sh

VIDEODEV=$(for file in /sys/bus/usb/devices/*/idVendor; do 
  if grep -q 534d $file 2>/dev/null; then 
    ls $(echo $file| sed 's/idVendor/*/')/video4linux; 
  fi;
done | sort |head -1)

mplayer -ao pulse tv:// -tv driver=v4l2:device=/dev/$VIDEODEV:width=1280:height=720

Making the script executable with chmod +x run.sh (i have called it run.sh) and executing it as ./run.sh now pops up a 720p window showing the screen of my attached Raspberry Pi.

Video works now, lets take a look at how we can get the audio output too.
First we need to find the correct name for the pulseaudio source, again based on the Vendor Id:

AUDIODEV=$(pactl list sources | egrep 'Name:|device.vendor.id.' | grep -B1 534d | head -1 | sed 's/^.*Name: //')

Running the above and then echoing $AUDIODEV returns alsa_input.usb-MACROSILICON_USB_Video-02.analog-stereo so this is our pulse source we want to capture and play back to the default audio output, this can be easily done with a pipe between two pacat commands, one for record (-r) and one for playback (-p) like below:

pacat -r --device="$AUDIODEV" --latency-msec=1 | pacat -p --latency-msec=1 

Now playing a video with audio on my Pi while running the ./run.sh script in one terminal and the pacat pipe in a second one gives me both, video and audio output …
To not have to use two terminals we should rather merge the pacat, auto detection and mplayer commands into one script … since both of them are actually blocking, we need to fiddle a bit by putting pacat into the background (by adding a & to the end of the command) and telling our shell to actually kill all subprocesses (even backgrounded ones) that were started by our script when we stop it with the following trap command:

pid=$$
terminate() {
  pkill -9 -P "$pid"
}
trap terminate 1 2 3 9 15 0

So lets merge everything into one script, it should look like below then:

#! /bin/sh

pid=$$
terminate() {
  pkill -9 -P "$pid"
}
trap terminate 1 2 3 9 15 0

VIDEODEV=$(for file in /sys/bus/usb/devices/*/idVendor; do 
  if grep -q 534d $file 2>/dev/null; then 
    ls $(echo $file| sed 's/idVendor/*/')/video4linux; 
  fi;
done | sort |head -1)

AUDIODEV=$(pactl list sources | egrep 'Name:|device.vendor.id.' | grep -B1 534d | head -1 | sed 's/^.*Name: //')

pacat -r --device="$AUDIODEV" --latency-msec=1 | pacat -p --latency-msec=1 &

mplayer -ao pulse tv:// -tv driver=v4l2:device=/dev/$VIDEODEV:width=1280:height=720

And this is it, executing the script now plays back video and audio from the dongle …

Collecting all the above info to create that shell script took me the better part of a Sunday afternoon and I was figuring that everyone who buys such a device might hit the same pain, so why not package it up in a distro agnostic way so that everyone on Linux can simply use my script and does not have to do all the hackery themselves … snaps are an easy way to do this and they are really quickly packaged as well, so lets do it !

First of all we need the snapcraft tool to quickly and easily create a snap and use multipass as build environment:

sudo snap install snapcraft --classic
sudo snap install multipass

Now lets create a workdir, copy our script in place and let snapcraft init create a template file as a boilerplate:

$ mkdir hdmi-usb-dongle
$ cd hdmi-usb-dongle
$ cp ../run.sh .
$ snapcraft init
Created snap/snapcraft.yaml.
Go to https://docs.snapcraft.io/the-snapcraft-format/8337 for more information about the snapcraft.yaml format.
$

We’ll edit the name in snap/snapcraft.yaml, change core18 to core20 (since we really want to be on the latest base), adjust description and summary, switch grade: to stable and confinement: to strict … Now that we have a proper skeleton, lets take a look at the parts: which tells snapcraft how to build the snap and what should be put into it … we just want to copy our script in place and make sure that mplayer and pacat are available to it … To copy a script we can use the dump plugin that snapcraft provides, to make sure the two applications our script uses get included we have the stage-packages: property, the parts: definition should look like:

parts:
  copy-runscript: # give it any name you like here
    plugin: dump
    source: . # our run.sh lives in the top level of the source tree
    organize:
      run.sh: usr/bin/run # tell snapcraft to put run.sh into a PATH that snaps do know about
    stage-packages:
      - mplayer
      - pulseaudio-utils

Now we can just call snapcraft while inside the hdmi-usb-dongle dir:

$ snapcraft
Launching a VM.
Launched: snapcraft-my-dongle
[...]
Priming copy-runscript 
+ snapcraftctl prime
This part is missing libraries that cannot be satisfied with any available stage-packages known to snapcraft:
- libGLU.so.1
- libglut.so.3
These dependencies can be satisfied via additional parts or content sharing. Consider validating configured filesets if this dependency was built.
Snapping |                                                                                                                   
Snapped hdmi-usb-dongle_0.1_amd64.snap

OOPS ! Seems we are missing some libraries and snapcraft tells us about this (they are apparently needed by mplayer)… lets find where these libs live and add the correct packages to our stage-packages: entry … we’ll install apt-file for this which allows reverse searches in deb packages:

$ sudo apt install apt-file
[...]
$ sudo apt-file update
$ apt-file search libGLU.so.1                               
libglu1-mesa: /usr/lib/x86_64-linux-gnu/libGLU.so.1
libglu1-mesa: /usr/lib/x86_64-linux-gnu/libGLU.so.1.3.1
$ apt-file search libglut.so.3
freeglut3: /usr/lib/x86_64-linux-gnu/libglut.so.3
freeglut3: /usr/lib/x86_64-linux-gnu/libglut.so.3.9.0

There we go, lets add libglu1-mesa and freeglut3 to our stage-packages:

    stage-packages:
      - mplayer
      - pulseaudio-utils
      - libglu1-mesa
      - freeglut3

If we now just call snapcraft again, it will re-build the snap for us and the warning about the missing libraries will be gone …

So now we do have a snap containing all the bits we need, the run.sh script, mplayer and pacat (from the pulseaudio-utils package). We also have made sure that mplayer finds the libs it needs to run, now we just need to tell snapcraft how we want to execute our script. To do this we need to add an apps: section to our snapcraft.yaml:

apps:
  hdmi-usb-dongle:
    extensions: [gnome-3-38]
    command: usr/bin/run
    plugs:
      - audio-playback   # for the use of "pacat -p" and "pactl list sources"
      - audio-record     # for the use of "pacat -r"
      - camera           # to allow read access to /dev/videoX
      - hardware-observe # to allow scanning sysfs for the VendorId 

To save us from having to fiddle with any desktop integration, there are the desktop extensions (you can see which extensions exist with the snapcraft list-extensions command), since we picked base: core20 at he beginning when editing the template file, we will use the gnome-3-38 extension with our snap. Our app should execute our script from the place we have put it in with the organize: statement before so our command: entry points to usr/bin/run and to allow the different functions of our script we add a bunch of snap plugs that I have explained inline above. Now our snapcraft.yaml looks like below:

name: hdmi-usb-dongle
base: core20
version: '0.1'
summary: A script to use a HDMI to USB dongle
description: |
  This snap allows to easily use a HDMI to USB dongle on a desktop
grade: stable
confinement: strict

apps:
  hdmi-usb-dongle:
    extensions: [gnome-3-38]
    command: usr/bin/run
    plugs:
      - audio-playback
      - audio-record
      - camera
      - hardware-observe

parts:
  copy-runscript:
    plugin: dump
    source: .
    organize:
      run.sh: usr/bin/run
    stage-packages:
      - mplayer
      - pulseaudio-utils
      - libglu1-mesa
      - freeglut3

And this is it … running snapcraft again will now create a snap with an executable script inside, you can now install this snap (because it is a local snap you need the –dangeours option), connect the interface plugs and run the app (note that audio-playback automatically connects on desktops, so you do not explicitly need to connect it) …

$ sudo snap install --dangerous hdmi-usb-dongle_0.1_amd64.snap
$ sudo snap connect hdmi-usb-dongle:audio-record
$ sudo snap connect hdmi-usb-dongle:camera
$ sudo snap connect hdmi-usb-dongle:hardware-observe

When you now run hdmi-usb-dongle you should see something like below (if you have a HDMI cable connected with a running device you will indeed not see the test pattern):

This is great, everything runs fine, but if we run this on a desktop an “Unknown” icon shows up in the panel … it is also annoying having to start our app from a terminal all the time, so lets turn our snapped shell script into a desktop app by simply adding a .desktop file and an icon:

$ pwd
/home/ogra/hdmi-usb-dongle
$ mkdir snap/gui

We’ll create the desktop file inside the snap/gui folder that we just created, with the following content:

[Desktop Entry]
Type=Application
Name=HDMI to USB Dongle
Icon=${SNAP}/meta/gui/icon.png
Exec=hdmi-usb-dongle
Terminal=false
Categories=Utility;

Note that the Exec= line just uses our command from the apps: section in our snapcraft.yaml
Now find or create some .png icon, 256×256 is a good size (I tend to use flaticon.com to find something that fits (do not forget to attribute the author if you use downloaded icons, the description: field in your snapcraft.yaml is good for this)) and copy that icon.png into snap/gui

Re-build your snap once again, install it with the --dangerous option and you should now find it in your application overview or menu (if you do not use GNOME).
Your snapped shell script is done, congratulations !

You could now just upload it to snapcraft.io to allow others to use it … and here we are back to the reason for this blog post … as I wrote at the beginning it took me a bit of time to figure all the commands out that I added to the script … I’m crazy enough to think it might be useful for others, even though this USB dongle is pretty exotic hardware, so I expected it to probably find one or two other users for whom it might be useful and I created https://snapcraft.io/hdmi-usb-dongle

For snap publishers the snapcraft.io page offers the neat feature to actually see your number of users. I created this snap about 6 weeks ago, lets see how many people actually installed it in this period:

Oh, seems I was wrong, there are actually 95 (!) people out there that I could help with packaging my script as a snap package !! While indeed the majority of users will be on Ubuntu given that snaps are a default package tool there, even among these 95 users there are a good bunch of non Ubuntu systems (what the heck is “boss 7” ??):

So if you have any useful scripts lying on your disk, even for exotic tasks, why not share them with others ? As you can see from my example even scripts to handle exotic hardware quickly find a lot of users around the world and across different distros when you offer them in the snap store … and do not forget, snap packages can be services, GUI apps as well as CLI apps, there are no limits in what you can package as a snap !

on September 29, 2021 12:56 PM

September 24, 2021

The Ubuntu Studio team is pleased to announce the beta release of Ubuntu Studio 21.10, codenamed “Impish Indri”.

While this beta is reasonably free of any showstopper DVD build or installer bugs, you may find some bugs within. This image is, however, reasonably representative of what you will find when Ubuntu Studio 21.10 is released on October 21, 2021.

Please note: Due to the change in desktop environment, directly upgrading to Ubuntu Studio 21.10 from 20.04 LTS is not supported and will not be supported.  However, upgrades from Ubuntu Studio 21.04 will be supported. See the Release Notes for more information.

Images can be obtained from this link: https://cdimage.ubuntu.com/ubuntustudio/releases/21.10/beta/

Full updated information is available in the Release Notes.

New Features

Ubuntu Studio 21.10 includes the new KDE Plasma 5.22 desktop environment. This is a beautiful and functional upgrade to previous versions, and we believe you will like it.

Studio Controls is upgraded to 2.2.3 and includes a frontend to qnetjack which allows Jack sources to/from the local network.

OBS Studio is upgraded to version 27 and works with Wayland sessions. While Wayland is not currently the default, it is available as unsupported and experimental.

We now use the Icon-Only Task Manager by default. You can change this by right-clicking on the taskbar/top panel and select “Show Alternatives…”.

There are many other improvements, too numerous to list here. We encourage you to take a look around the freely-downloadable ISO image.

Known Issues

Official Ubuntu Studio release notes can be found at https://ubuntustudio.org/ubuntu-studio-21-10-release-notes/

Further known issues, mostly pertaining to the desktop environment, can be found at https://wiki.ubuntu.com/ImpishIndri/ReleaseNotes/Kubuntu

Additionally, the main Ubuntu release notes contain more generic issues: https://discourse.ubuntu.com/t/impish-indri-release-notes/21951

Note of clarification: This release does not use the snapped Firefox browser. That will be changing for 22.04 LTS as required by Mozilla.

Please Test!

If you have some time, we’d love for you to join us in testing. Testing begins…. NOW!

on September 24, 2021 03:09 PM

September 23, 2021

S14E29 – Penultimate Episode Recorded

Ubuntu Podcast from the UK LoCo

This week we’ve been buying iPhones and playing with floppy disk emulators. We bring you new from the Ubuntu community and our favourite stories from past episodes of Ubuntu Podcast.

It’s Season 14 Episode 29 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week! If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Toot us or Comment on our Facebook page or comment on our sub-Reddit.

on September 23, 2021 02:00 PM