Tomorrow (Monday the 3rd of March) at 5pm UTC I'll be giving a talk about QML and Box2D based game development for the Ubuntu App Developer Week, details of my talk can be found here: http://summit.ubuntu.com/appdevweek-1403/meeting/22144/game-development-with-qml-and-box2d/

In preparation for this I've put together a simple template for getting started with QML and Box2D development for both desktop Ubuntu and Ubuntu Touch. It's available in two flavours:

• Precompiled version - Includes QML Box2D already compiled for amd64 and armhf (when I have more time I'll add i386 to this as well).
• Source version - Makes it easy to compile everything yourself on whatever architecture you're interested in.

This means that if your game is going to be purely QML based you can just grab the precompiled version, and run "make click-packages" and have packages built for both desktop and mobile use at the same time.

The template comes populated with an example application (one of the standard QML Box2D demos), which is found in the "src/" directory; so you'll be able to see something running straight out of the box, then when you're ready you can just replace this with your own game.

In the future I also plan to extend these templates to provide example packaging for multiple different QML + Box2D compatible mobile platforms (Sailfish, MeeGo, Blackberry, Android, etc.)

If you're interested in seeing an example of the sort of thing you can achieve fairly easily with QML and Box2D I've also uploaded a video of one of my current work in progress projects:

1 0

02 Mar 2014 11:57pm GMT

Meeting held on FreeNode, channel #maemo-meeting (logs)

Attending: Joerg Reisenweber (DocScrutinizer05), Ruediger Schiller (chem|st), Gido Griese (Win7Mac), Paul Healy (sixwheeledbeast), Jussi Ohenoja (juiceme).

Absent:

Summary of topics (ordered by discussion):
- Discussion on moving Hildon Foundation to a german e.V.

Topic (Discussion on moving Hildon Foundation to a german e.V.):

• Win7Mac has consulted a lawyer on the responsibilities of directors of an E.v. and the extents of liability. It seems that directors are "only liable for damage by gross negligence and intent" so there propably is no need for an extra insurance for the directors. There was some general talk over liability, and juiceme asked if there is any possibility that in EU there could be similar threat of litigation that Woody was fearing could happen to HiFo in US. General consensus seems to be that it is not likely.
• chem|st asked if Win7Mac will take care of the "Nokia" statements all over the website, and check that there are no unappropriate binaries in repositories.
• Win7Mac presented the work-on-progress for the changing of names/terms in the legal documentation on the website:
  • Contribution Guidelines
  • Terms + Conditions
  • Privacy Policy

Win7Mac told that when the documenation has been finished it will be reviewed again by a lawyer, and should be finalized by friday this week.

0 0

28 Feb 2014 8:51pm GMT

While the Owncloud Manual suggests enabling SSL, it unfortunately does not go into detail how to get a secure setup. The core problem is that the default SSL settings of Apache are not sane as in they do not enforce strong encryption. Furthermore the used default certificate will not match your server name and produce errors in the browser.

In the following a short guide in how to set-up a secure Apache 2.4 server for Owncloud will be presented.

Generating a secure Certificate

A secure TLS connection starts with the Server authenticating itself to the client with the server certificate. Therefore we will start the setup of our server with generating that certificate.
The purpose of the certificate is to ensure that if you type in "your.website.net" you are indeed talking to your server and not to a man-in-the-middle who intercepted your connection. Therefore the certificate contains the server name and the public key of the server.

As mentioned above the default certificate will not match your server name and therefore you will have to generate a matching one.

Unfortunately following the apache SSL FAQ will results in a certificate using the possibly vulnerable SHA-1 hashing function. A better alternative is SHA-256, but it has to be explicitly requested during certificate creation. The according call to openssl for certificate creation is

openssl req -new -sha256 -x509 -nodes -days 365 -out your.website.net.pem -keyout your.website.net.key

The resulting certificate and private key have to be referenced in Apache as following

SSLCertificateFile    /path/to/your.website.net.pem
SSLCertificateKeyFile /path/to/your.website.net.key

Note that this results in a so called self-signed certificate. Usually certificates on the web are approved by a Certificate Authority (a digital notary) which confirms your identity. By trusting the CA you can also trust websites that are otherwise unknown to you, but which were approved by the CA.
While this makes sense for public websites, you probably already trust your own server, so there is no need for a CA signed certificate.
Just add your self-signed certificate to the trusted list of your browser on first visit.
If you fear a man-in-the-middle attack during the initial connection, you can also manually copy the generated pem file on a USB-drive and import it in the browser from there.

Using secure ciphers

Using the secure certificate we only know that we are indeed talking to the server we want to talk to. Next we actually want to start sending encrypted messages. In theory we could encrypt data with the public key of the server using asymmetric encryption like RSA. However asymmetric encryption is slow and therefore not suitable for large amounts of data. Furthermore our communication could be decrypted if somebody would record it and at some point in the future get access to the private key of the server. Therefore we want to use a one-time symmetric key. This way we achieve forward secrecy.The symmetric encryption should be also secure in a sense that even when large amounts of data is collected, it is must not be possible to reconstruct the key and decode the data.
Last but not least the chosen cipher should be supported by our clients. Surprisingly it is the Owncloud desktop client which does not support modern ciphers, while current browsers and even the android app does.

Instead of discussing all available ciphers in regard of the above requirements, I would rather refer to the excellent TLS server configuration guide by Mozilla.
Yet we can still improve the suggested configuration. Mozilla has to consider compability with old web-browsers which we do not have to. So without further ado this is the recommend cipher configuration

SSLProtocol all -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AESGCM:EECDH+AES:EDH+AES

The rationale behind this suggestion is

• Allow TLS 1.0 for compability with mobile apps
• Disable SSL compression to mitigate the CRIME attack
• always use Diffie Hellman(DH) key exchange(Kx) for forward secrecy
• prefer Elliptic Curve Diffie Hellman (ECDH) for performance
• always use AES for symmetric encryption
• prefer AES GCM mode for security and performance

Notes

Actually only the Owncloud desktop client forces us to enable ordinary DH key exchange. Besides being much slower than ECDH, a weak modulus is used for DH Kx up to (including) Apache 2.4.6. While there are no practical attacks exploiting this yet, we can only be completely on the safe side by updating to Apache 2.4.7 or fixing the root issue in the desktop client. (bug status)

Also we only allow TLSv1 for compability with the mobile apps as openssl in android does not yet support TLS1.1+. This circumstance is not really critical as BEAST is not applicable in the sync apps and browsers will connect to the server with TLS1.1+ or work around the vulnerability.

Enforcing HTTPS

At this point the secure connection to your server is ready, but we still have to ensure that it is the only way data is exchanged with the clients.
While you can only enable apache on port 443, you will always have to remember to type in https:// in the browser. A better way is to automatically redirect from port 80 to port 443 like

<VirtualHost *:80>
        ServerName your.website.net
        Redirect permanent / https://your.website.net/
</VirtualHost>

Note that you do not have to use mod_rewrite here as Owncloud sets the HSTS header, so browsers will automatically prefix all requests with https after the first visit.

But whatever you do, remember this

0 0

22 Feb 2014 10:53am GMT

Meeting held on FreeNode, channel #maemo-meeting (logs)

Attending: Joerg Reisenweber (DocScrutinizer05), Ruediger Schiller (chem|st), Gido Griese (Win7Mac), chainsawbike, Jussi Ohenoja (juiceme).

Absent:

1 0

18 Feb 2014 8:36am GMT

It was somewhere between 7th and 11th February 2004 when I got package with my first Linux/ARM device. It was Sharp Zaurus SL-5500 (also named "collie") and all started…

At that time I had Palm M105 (still own) and Sony CLIE SJ30 (both running PalmOS/m68k) but wanted hackable device. But I did not have idea what this device will do with my life.

Took me about three years to get to the point where I could abandon my daily work as PHP programmer and move to a bit risky business of embedded Linux consulting. But it was worth it. Not only from financial perspective (I paid more tax in first year then earned in previous) but also from my development. I met a lot of great hackers, people with knowledge which I did not have and I worked hard to be a part of that group.

I was a developer in multiple distributions: OpenZaurus, Poky Linux, Ångström, Debian, Maemo, Ubuntu. My patches landed also in many other embedded and "normal" ones. I patched uncountable amount of software packages to get them built and working. Sure, not all of those changes were sent upstream, some were just ugly hacks but this started to change one day.

Worked as distribution leader in OpenZaurus. My duties (still in free time only) were user support, maintaining repositories and images. I organized testing of pre-release images with over one hundred users - we had all supported devices covered. There was "updates" repository where we provided security fixes, kernel updates and other improvements. I also officially ended development of this distribution when we merged into Ångström.

I worked as one of main developers of Poky Linux which later became Yocto Linux. Learnt about build automation, QA control, build-after-commit workflow and many other things. During my work with OpenedHand I also spent some time on learning differences between British and American versions of English.

Worked with some companies based in USA. This allowed me to learn how to organize teamwork with people from quite far timezones (Vernier was based in Portland so 9 hours difference). It was useful then and still is as most of Red Hat ARM team is US based.

I remember moments when I had to explain what I am doing at work to some people (including my mom). For last 1.5 year I used to say "building software for computers which do not exist" but this is slowly changing as AArch64 hardware exists but is not on a mass market yet.

Now I got to a point when I am recognized at conferences by some random people when at FOSDEM 2007 I knew just few guys from OpenEmbedded (but connected many faces with names/nicknames there).

Played with more hardware then wanted. I still have some devices which I never booted (FRI2 for example). There are boards/devices which I would like to get rid of but most of them is so outdated that may go to electronic trash only.

But if I would have an option to move back that 10 years and think again about buying Sharp Zaurus SL-5500 I would not change it as it was one of the best things I did.

All rights reserved © Marcin Juszkiewicz
It is 10 years of Linux on ARM for me was originally posted on Marcin Juszkiewicz website

2 0

11 Feb 2014 9:19pm GMT

Meeting held on FreeNode, channel #maemo-meeting (logs)

Attending: Joerg Reisenweber (DocScrutinizer05), Ruediger Schiller (chem|st), Gido Griese (Win7Mac), chainsawbike, freemangordon, kerio, Jussi Ohenoja (juiceme).

Absent:

Summary of topics (ordered by discussion):
- Proposals for next contest
- Discussion on moving Hildon Foundation to a german e.V.

Topic (Proposals for next contest):

• No news, seems Jolla peole have been busy with FOSDEM.

Topic (Discussion on moving Hildon Foundation to a german e.V.):

• Win7Mac has drawn up nice proposals on the different possibilities to organize: first draft of various possibilities
• More refined models: KDE model and General Assembly centered model and final draft
• Discussion on whether there needs to be an annual support fee for community, pros: it would heighten the sense/value of community.
• Discussion on the actual method of the moving, do we need a general census/election for community to okay the move?

0 0

11 Feb 2014 5:20pm GMT

0 0

07 Feb 2014 1:11am GMT

The idea of Full-Stack Development is quite popular at the moment - building things that run both the browser and the server side of web development, usually utilizing similar languages and frameworks.

With Flow-Based Programming and the emerging Flowhub ecosystem, we can take this even further. Thanks to the FBP network protocol we can build and monitor graphs spanning multiple devices and flow-based environments.

Jon Nordby gave a Flow-Based Programming talk in FOSDEM Internet of Things track last weekend. His demo was running a FBP network comprising of three different environments that talk together. You can find the talk online.

Here are some screenshots of the different graphs.

MicroFlo running on an Arduino Microcontroller and monitoring a temperature sensor:

NoFlo running on Node.js and communicating with the Arduino over a serial port:

NoFlo running in browser and communicating with the Node.js process over WebSockets:

(click to see the full-size picture)

Taking this further

While this setup already works, as you can see the three graphs are still treated separately. The next obvious step will be to utilize the subgraph features of NoFlo UI and allow different nodes of a graph represent different runtime environments.

This way you could introspect the data passing through all the wires in a single UI window, and "zoom in" to see each individual part of the system.

The FBP ecosystem is growing all the time, with different runtimes popping up for different languages and use cases. While NoFlo's JavaScript focus makes it part of the Universal Runtime, there are many valid scenarios where other runtimes would be useful, especially on mobile, embedded, and desktop.

Work to be done

Interoperability between them is an area we should focus on. The network protocol needs more scrutiny to ensure all scenarios are covered, and more of the FBP/dataflow systems need to integrate it.

Some steps are already being taken in this direction. After Jon's session in FOSDEM we had a nice meetup discussing better integration between MicroFlo on microcontrollers, NoFlo on browser and server, and Lionel Landwerlin's work on porting NoFlo to the GNOME desktop.

If you're interested in collaborating, please get in touch!

Photo by Forrest Oliphant.

1 0

06 Feb 2014 8:00am GMT

Meeting held on FreeNode, channel #maemo-meeting (logs)

Attending: Joerg Reisenweber (DocScrutinizer05), Ruediger Schiller (chem|st), Paul Healy (sixwheeledbeast), freemangordon, kerio, Jussi Ohenoja (juiceme).

Absent:

Summary of topics (ordered by discussion):
- Proposals for next contest
- Discussion on the mailing list
- Things to be settled with Nokia

Topic (Proposals for next contest):

• No news, Chemist has contacted Cybette but no answer yet.

Topic (Discussion on the mailing lists):

• There was discussion on the technical merits of a majordomo based list vs. current mail forwarder based list.
• It was decided that for council matters forwarder is better, and it can be implemented using masked send addresses to avoid bouncing on strictly configured servers.

Topic (Things to be settled with Nokia):

• No progress currentl.y
• Discussion on alternatives if maemo.org cannot be used.

1 0

28 Jan 2014 6:08pm GMT

I will be doing a presentation about Tracker at FOSDEM this year.

1 0

24 Jan 2014 11:12am GMT

I've been a loyal pidgin user for a long time, and for the last couple of years it's sat somewhat uncomfortably on the Ubuntu desktop. Obviously, Empathy became the default IM client a while back, but the more troublesome part, for me, has been Unity dropping support for the well established system tray icon specification in favour of their own Application Indicators. Ignoring the relative merits of the standards, and the questionable claim that you can unilaterally deprecate a widely used standard, Ubuntu has been good at providing indicator replacements for all the tray icons I care about, with one notable exception - Pidgin. Rather than providing a pidgin icon, they instead provided integration with the central messaging indicator. While this is a fine aspiration, I find the messaging indicator a very poor replacement - it doesn't offer reasonable behaviour for showing and hiding pidgin and has problems dismissing new message notifications.

Initially, it was possible to turn on the system tray compatibility function in Unity with a simple dconf setting, but in 13.04, this was changed so that it would only work for java, and nothing else. In turn, this led to the creation of ppas for 13.04 and 13.10 to provide patched versions of Unity with the general purpose system tray restored (a one line change, apparently). I've been running with that for a while, but I didn't want to swim upstream on this issue forever, so I decided to write a pidgin plugin that provides a proper indicator, with the same menu and behaviour as the tray icon.

It turned out to be an interesting exercise - creating indicators is extremely simple - all credit where it's due - with the main challenge being building the menu without reinventing a wheel that's already present inside pidgin. The pidgin tray icon (docklet is the internal name) is not a plugin, although there is a partial concept of different providers. Unfortunately, the interface can't be used to drive an indicator as it assumes it can show the menu itself, while indicators require the menu be shown by the indicator. Ultimately, I had to copy the docklet code into my plugin to make the necessary modifications.

It would be possible to modify the docklet interface in pidgin to allow for an indicator provider with minimal impact on the existing providers, but I wanted to offer a working solution without requiring a newer version of pidgin, never mind the complexities of feeding changes upstream, etc. But, there's an aspirational project there.

So, without further ado, I'd like to offer to all the stubborn people who want pidgin to work they way it always used to in Unity.

At some point I'll get around to producing a deb for it, but just source for now.

Enjoy!

1 0

20 Jan 2014 4:05am GMT

Meeting held on FreeNode, channel #maemo-meeting (logs)

Attending: Joerg Reisenweber (DocScrutinizer05), Ruediger Schiller (chem|st), Michael Demetriou (qwazix), Paul Healy (sixwheeledbeast), Gido Griese (Win7Mac), warfare, Jussi Ohenoja (juiceme).

Absent:

Summary of topics (ordered by discussion):
- Proposals for next contest
- Proposing date and time for the next meeting
- Things to be settled with Nokia
- PayPal account

Topic (Proposals for next contest):

• There were few ideas presented;
  • Native opensource applications for SailfishOS
  • Fremantle porting Hackathlon/Contest
  • Multiplatform SW Contest.
• It was pointed out that before a proposal for a contest could be taken into consideration funding for the prizes should be cleared out.
  • If contest would be about apps for Jolla, then Jolla should donate for the contest
  • If contest would be about Fremantle porting, then funding could be arranged from neo900.org

Topic (Proposing date and time for the next meetings):

• It was agreed that meetings would be held every tuesday 20:00 UTC

Topic (Things to be settled with Nokia):

• DNS/domain ownership transfer is imminent.
• Firmware and flashing tools cannot be transferred.

Topic (PayPal account):

• The maemo donation PayPal account is still frozen. Workaround is to use the account of Joerg instead.
• Joerg told that generally the donations sum up to 20...30 eur/month. Infra costs come up to 60 eur/month.

1 0

14 Jan 2014 4:39pm GMT

Meeting held on FreeNode, channel #maemo-meeting (logs)

Attending: Joerg Reisenweber (DocScrutinizer05), Ruediger Schiller (chem|st), Michael Demetriou (qwazix), Christian Ratzenhofer (merlin1991), Paul Healy (sixwheeledbeast), Aakash Sadh (thedead1440), freemangordon, Craig Woodward (Woody14619), chainsawbike, Gido Griese (Win7Mac), Jussi Ohenoja (juiceme).

Absent:

Summary of topics (ordered by discussion):
- Announcing election results
- Farewell to stepping down memebers and welcoming new members
- Nominating new chairman
- Proposing date and time for the next meeting
- Planning for next election
- Proposals for next contest
- Discussion on state of maemo infra
- Things to be settled with Nokia

Topic (Announcing election results):

• chem|st announced the MCC/Q4 election results. Members are DocScrutinizer51, chem|st, juiceme.

Topic (Farewell to stepping down memebers and welcoming new members):

• The stepping down council memebers qwazix and merlin1991 were thanked for their valuable contribution to MCC/HFC.
• Also sixwheeledbeast and thedead1440 were recognized for support to community.
• juiceme was welcomed to council.

Topic (Nominating new chairman):

• chem|st proposed that as the newest addition to council, juiceme should be nominated to chair.
• juiceme accepted on the condition that screwups will be tolerated :)

Topic (Proposing date and time for the next meeting):

• There was a lot of discussion on the date of the next meeting. The holiday season breaks the end-of-year and it was difficult to agree on a date suitable for all.
• Finally it was agreed that next meeting will be held on Tuesday 2014-01-07 19:00 UTC.

Topic (Planning for next election):

• DocScrutinizer51 suggested that it would be important to start planning immediately for next elections so that it can be synchronized with Hildon Foundation board elections.

Topic (Proposals for next contest):

• chem|st asked for participants to dream up a new maemo contest topic over christmas holidays.

Topic (Discussion on state of maemo infra):

• qwazix brought up the topic of upgrading the infrastructure. There was some discussion on using the funds reserved for HW upkeep.

Topic (Things to be settled with Nokia):

• The "Maemo" name licencing from Nokia is still an open issue. To properly transfer the name and domain name to us from Nokia needs some paperwork.

1 0

12 Jan 2014 8:54pm GMT

The Big Picture

Android consists of three parts relevant to rooting

1. the bootloader
2. recovery system
3. main system

typically only the main system is running, that is the Linux Kernel, the launcher, the phone app etc.. If we talk about rooting, that means we want to add an additional app to the main system which may access secured parts of the main system and also acts as a gatekeeper for other apps that want to get access too.

The problem is that we need access to the secure parts of the system in order to do so, which means that we cant simply install that app (e.g. an apk) from within the main system.

This means we have to go one level down. This is where the recovery system is. Typically you do not see it, as it is only active when the main system can not run - either because a system update is installed or because you do a factory reset.
As the recovery system can do a full system update, it means that it has also access to the secured parts of the main system - exactly what we need. Unfortunately the stock recovery system does not allow installing apps, so we have to replace it.
But before that we have to talk about the bootloader.

The bootloader is a tiny piece of software which decides wether to start the recovery or the main system (or another main system, like Ubuntu Phone). But in the default configuration in only starts systems that it knows and trusts. In this configuration the bootloader is called locked. Although it prevents malicious software to change the phone and spy on us, it also prevents us from replacing the recovery system. This concept is also coming to the PC btw where it is called secure-boot.

Here is a graphical overview of the Android components:

So what we need to do in order to get root access is

1. unlock the bootloader
2. replace the recovery system
3. install a superuser app

Preparations

First you need to install the fastboot binary to be able to perform low-level communication with the device

apt-get install android-tools-fastboot

Next you have to allow non-root users to execute commands over USB, so you do not have to run fastboot as root. For this create the file

/etc/udev/rules.d/51-android.rules

with the following content

SUBSYSTEM=="usb", ATTR{idVendor}=="<VENDOR>", MODE="0666", GROUP="plugdev"

you can find the value for <VENDOR> on the page linked here.

Finally you have to reboot into fastboot mode. Usually there is a key combination you have to press on startup.

• Key combinations for Google Nexus Devices
• Key combinations for Sony Xperia Devices

Remember this key combination as you will need some more times.

Samsung Devices however, like the Galaxy S3, do not support the fastboot mode - instead they have a download mode, which uses a proprietary Samsung protocol. To flash those you have to use the Heimdall tool. While this article does not cover the heimdall CLI calls, the general discussion still applies.

Unlocking the Bootloader

for google devices, like a Nexus 4 or Nexus 7 it is just

fastboot oem unlock

if you have a Sony Xperia device, like a Xperia Z, you additionally have to request a unlock key and then do

fastboot oem unlock 0x<KEY>

where <KEY> is the key you obtained.

Replacing the Recovery System

There are two prominent alternative recovery systems with the ability to install apps

• Team Win Recovery Project
• Clock Work Mod

Clock Work Mod (CWM) is probably most known so we will use that one. From the Website linked above download the recovery image which fits your phone.
Here you have the choice between the ordinary recovery which uses the volume buttons of your device for navigation and the touch recovery which supports the touch screen.

fastboot flash recovery <RECOVERY>.img

where <RECOVERY> is the name of the file you downloaded. For instance for a Nexus 5 and CWM 6.0.4.5 it would be

fastboot flash recovery recovery-clockwork-6.0.4.5-hammerhead.img

Installing the superuser app

Again we have several choices here

• SuperSU
• Superuser by ChainsDD
• Superuser by CWM

although SuperSU is the most prominent one, I would recommend getting Superuser by CWM, as it is open source and also nag-free as there is no "pro" version of it.

To install we need to get this zip archive and copy it to the device. To install it, we need to reboot into fastboot mode and then select "Recovery Mode" to get to the recovery system. Once in Recovery mode select

install zip -> choose zip from /sdcard

then browse and select the "superuser.zip" you just copied.

Once installed select

Go Back -> reboot system now

Once the system has started you should have a "Superuser" App on your device. Congratulations, you are done.

Optional: flash stock recovery

As the recovery is responsible for installing system updates it is a good idea to revert to stock version after you installed root, so the system can auto-update itself again. However a system update will also remove your superuser app so you will have to repeat the above procedure again.

If you have a Google Nexus Device, you can grab the factory images here. There you will find a image of the stock recovery and restore it by

fastboot flash recovery recovery.img

1 0

12 Jan 2014 1:14pm GMT

Firefox for Mobile Back to Basics - http://cmlooney.wordpress.com/2014... January 6 from Caitlin Looney's Blog - Comment - Like

0 1

07 Jan 2014 4:55am GMT

A new minor release of ownNotes is available.

Changeslog:

• Replace busycircle on Cover for a label (Sailfish)
• Add remorse to publish menu (Sailfish)
• Use pull down busy instead of ugly progress bar (Sailfish)

Where to ? same place as usual, on openRepos.net or in the downloads section.
Why not in Harbour ? Python apps are currently not accepted in Jolla Harbour, but will be soon (©Jolla)

1 0

04 Jan 2014 12:00am GMT