fidzu : Ubuntu

Welcome to the Ubuntu Weekly Newsletter, Issue 540 for the week of August 5 - 11, 2018. The full version of this issue is available here.

In this issue we cover:

• IRC Council Call for Nominations (2018)
• changelogs.ubuntu.com/meta-release-lts
• Ubuntu Stats
• Hot in Support
• LoCo Events
• This Week In Mir (10th August, 2018)
• XDG Shell Stable Supported by Mir
• This Week in Lubuntu Development #8
• Fresh Snaps from July 2018
• In the Blogosphere
• Featured Audio and Video
• Meeting Reports
• Upcoming Meetings and Events
• Updates and Security for 14.04, 16.04, and 18.04
• And much more!

The Ubuntu Weekly Newsletter is brought to you by:

• Krytarik Raido
• Bashing-om
• Chris Guiver
• Wild Man
• And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

18 Aug 2018 10:51pm GMT

We've been upgrading RAM and tooting in the fediverse. We discuss Hollywood embracing open source, a new release of LibreOffice, pacemakers getting hacked and fax machines becoming selfaware and taking over the planet. We also round up the community news and events.

It's Season 11 Episode 23 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week's show:

• We discuss what we've been up to recently:
  • Alan has been upgrading RAM.
  • Mark has been tooting on Mastodon.
• We discuss the news:
  • Academy Software Foundation founded
  • LibreOffice 6.1 released
  • Malicious fax causes security panic
  • Hack causes pacemakers to deliver life-threatening shocks

• We discuss the community news:
  • Mystery Donation Lets Elementary Hire Full-Time Staff
  • KDE Plasma 5.14 Desktop Environment Lets You Upgrade Your Computer's Firmware
  • Opera arrives as an Ubuntu Snap for most Linux distros
• We mention some events:
  • FOSDEM: 2nd - 3rd Feburary 2019, Brussels
  • OggCamp!: 18th - 19th August 2018. Sheffield, UK.
• Image credit: Hunter Johnson

That's all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there's a topic you'd like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

• Join us in the Ubuntu Podcast Telegram group.

17 Aug 2018 2:00pm GMT

Akademy is always a whirlwind which is my excuse for not blogging! Today we wrapped up the program which leaves us in a nearly-empty venue and a bit of time after lunch to catch up.

17 Aug 2018 1:05pm GMT

This is the ninth issue of The Lubuntu Development Newsletter. You can read the last issue here. Changes General We've been polishing the desktop more, but work has been blocked by the still ongoing Qt transition. The 16.04 to 18.04 upgrade has now been enabled! Please do let us know if there's any issues. Here's […]

17 Aug 2018 1:53am GMT

Hello MAASTers

MAAS 2.4.1 has now been released and it is a bug fix release. Please see more details in discourse.maas.io [1].

[1]: https://discourse.maas.io/t/maas-2-4-1-released/148

15 Aug 2018 3:20pm GMT

Welcome to August.

As you could see from my last post, there have been changes afoot. We're effectively in a state of freefall at my job right now. The normal progression of events would have me place on seasonal release otherwise known as furlough about now already. Due to a wide-ranging set of factors beyond my control, we barely know week-to-week what is going on. It is considered to be a bad economic situation to "live paycheck to paycheck" in US life but it is even worse when you have no idea about the status of your job week to week. Being unable to plan means I can't even pursue an off-season job or look for freelance work yet. My proficiency in LaTeX is improving, at least, as evidence by the maintenance of my main static website at http://erielookingproductions.info.

There have been some stressors at work. Our enterprise WAN almost collapsed outright last week. Due to legislative changes, we're having to fit in massive retraining with very little time available and no ability to totally down tools for such training. We have difficult days ahead potentially. If appropriations go haywire, none of this may matter. The countdown clock is running on what the Senate and House of Representatives may manage.

This also means I cannot travel to OggCamp. Essentially I have to stay within close range of my Post of Duty right now. Leave grants may be getting revoked soon. Getting shifted over to mandatory training status shortly makes that happen when the stakes are becoming as high as they are right now. Nobody has said this yet at work: "Failure Is Not An Option." With senior ranks in the chain of command coming to the Post of Duty in less than a week, we'll be learning how close things are to running aground. What makes me feel worse is that this was the year I specifically made provision to travel to England. Moving up the ranks at work means I can't escape responsible roles because I'm slowly becoming one of the persons others look up to because everybody else at my rank has either retired or left.

I have been working on an article. It has been a while since I pitched anywhere. I have to check the clock to see if it has run out on the pitch. Once upon a time I had been a working journalist in print. There are four days left on the clock before I try other options. With a link to an old effort from 2012 that brings back some memories, I offer some of the citations I'm working from to write the article:

Amatulli, Jenna. "Spotify Pulls Radio Show Episodes By InfoWars' Alex Jones After Widespread Complaints." Huffington Post, August 1, 2018, sec. Media. https://www.huffingtonpost.com/entry/spotify-infowars-alex-jones_us_5b61c4d2e4b0b15aba9ec86e.

Badawy, Adam, Kristina Lerman, and Emilio Ferrara. "Who Falls for Online Political Manipulation?" ArXiv:1808.03281 [Physics], August 9, 2018. http://arxiv.org/abs/1808.03281.

Beschizza, Rob. "Tech Platforms Quit Alex Jones and InfoWars." Boing Boing, August 6, 2018. https://boingboing.net/2018/08/06/tech-platforms-quit-alex-jones.html.

Brown, Elizabeth Nolan. "Senate Democrats Are Circulating Plans for Government Takeover of the Internet." Reason.com, July 31, 2018. https://reason.com/blog/2018/07/31/democrats-tech-policy-plans-leaked.

Cellan-Jones, Rory. "Facebook, ITunes and Spotify Drop InfoWars." BBC News, August 6, 2018, sec. Technology. https://www.bbc.co.uk/news/technology-45083684.

Crowe, Jack. "Facebook Deletes Infowars Page, Apple Deletes All Alex Jones Podcasts." National Review (blog), August 6, 2018. https://www.nationalreview.com/news/facebook-deletes-infowars-page-apple-deletes-all-alex-jones-podcasts/.

"Enforcing Our Community Standards | Facebook Newsroom." Accessed August 6, 2018. https://newsroom.fb.com/news/2018/08/enforcing-our-community-standards/.

Gilmer, Marcus. "Facebook Deletes 4 Pages Belonging to Alex Jones and InfoWars." Mashable, August 6, 2018. https://mashable.com/2018/08/06/facebook-bans-alex-jones-pages/.

Glaser, April. "Apple and Spotify Just Did to Alex Jones What Facebook Wouldn't." Slate Magazine, August 6, 2018. https://slate.com/technology/2018/08/apple-and-spotify-are-now-both-blocking-infowars-and-alex-jones-podcasts.html.

Gold, Ashley. "Facebook Removes 4 Pages Owned by InfoWars' Alex Jones." POLITICO, August 6, 2018. https://www.politico.com/story/2018/08/06/facebook-removes-infowars-pages-alex-jones-764590.

Gore, Leada. "Alex Jones Infowars: Facebook, Apple Remove Podcasts, Pages from Controversial Host." AL.com, August 6, 2018. https://www.al.com/news/index.ssf/2018/08/alex_jones_infowars_facebook_a.html.

Hern, Alex. "Facebook, Apple, YouTube and Spotify Ban Infowars' Alex Jones." The Guardian, August 6, 2018, sec. Technology. http://www.theguardian.com/technology/2018/aug/06/apple-removes-podcasts-infowars-alex-jones.

Hernandez. "The War Against InfoWars and Free Speech." Victory Girls Blog (blog), August 6, 2018. http://victorygirlsblog.com/the-war-against-infowars-and-free-speech/.

Johnson, Bridget. "Homeland Security Officials: White Supremacist Extremists Skirting Social Media Bans." Homeland Security (blog), August 7, 2018. https://pjmedia.com/homeland-security/homeland-security-officials-white-supremacist-extremists-skirting-social-media-bans/.

Kreps, Daniel. "Apple Removes Alex Jones, 'Infowars' Podcasts From Apps." Rolling Stone (blog), August 6, 2018. https://www.rollingstone.com/culture/culture-news/apple-removes-alex-jones-infowars-podcasts-from-apps-706764/.

Legaspi, Althea. "Spotify Pulls Episodes of Infowars' 'Alex Jones Show' Podcast." Rolling Stone (blog), August 2, 2018. https://www.rollingstone.com/culture/culture-news/spotify-pulls-episodes-of-infowars-alex-jones-show-podcast-705812/.

McKay, Rich. "Facebook, Apple, YouTube and Spotify Take down Alex Jones Content." Reuters, August 6, 2018. https://www.reuters.com/article/us-apple-infowars/apple-removes-most-of-u-s-conspiracy-theorists-podcasts-from-itunes-idUSKBN1KR0MZ.

Meza, Summer. "Facebook Finally Cracks down on Alex Jones and Infowars." The Week, August 6, 2018. http://theweek.com/speedreads/788787/facebook-finally-cracks-down-alex-jones-infowars.

Morris, Chris. "Facebook Bans Several Pages From Alex Jones and Infowars." Fortune, August 6, 2018. http://fortune.com/2018/08/06/facebook-bans-alex-jones-infowars-hate-speech/.

Neidig, Harper. "Facebook Deletes InfoWars Pages." TheHill, August 6, 2018. http://thehill.com/policy/technology/400512-facebook-deletes-infowars-pages.

Paczkowski, John, and Charlie Warzel. "Apple Kicked Alex Jones Off Its Platform Then YouTube And Facebook Rushed To Do The Same." BuzzFeed News, August 6, 2018. https://www.buzzfeednews.com/article/johnpaczkowski/apple-is-removing-alex-jones-and-infowars-podcasts-from.

Palladino, Valentina. "Alex Jones Hit with Bans from Facebook and Apple." Ars Technica, August 6, 2018. https://arstechnica.com/gadgets/2018/08/alex-jones-hit-with-bans-from-facebook-and-apple/.

Russell, Jon. "Apple Has Removed Infowars Podcasts from ITunes." TechCrunch (blog), August 6, 2018. http://social.techcrunch.com/2018/08/05/apple-has-removed-infowars-podcasts-from-itunes/.

Ryan, Jackson. "Apple Drops Alex Jones and Infowars from ITunes, Podcast App." CNET, August 6, 2018. https://www.cnet.com/news/apple-has-dropped-alex-jones-and-infowars-from-itunes-podcasts/.

Simon, Roger L. "InfoWars and the Rise of the Tech Fascists." Roger L. Simon (blog), August 6, 2018. https://pjmedia.com/rogerlsimon/infowars-and-the-rise-of-the-tech-fascists/.

Watson, Paul Joseph. "Facebook Bans Infowars. Permanently. Infowars Was Widely Credited with Playing a Key Role in Getting Trump Elected. This Is a Co-Ordinated Move Ahead of the Mid-Terms to Help Democrats. This Is Political Censorship. This Is Culture War.Https://Www.Infowars.Com/Purged-Facebook-Permanently-Bans-Infowars-for-Hate-Speech/ …." Tweet. @PrisonPlanet (blog), August 6, 2018. https://twitter.com/PrisonPlanet/status/1026433061469257733.

Yilek, Caitlin. "'Survival of Our Democracy' Depends on Banning Sites like InfoWars, Dem Senator Says." Washington Examiner, August 7, 2018. https://www.washingtonexaminer.com/news/survival-of-our-democracy-depends-on-banning-sites-like-infowars-democratic-senator-says.

14 Aug 2018 2:25am GMT

Alan and Mark shoot the breeze about stuff, you know? They miss Martin and hope he comes back soon.

It's Season 11 Episode 22 of the Ubuntu Podcast! Alan Pope and Mark Johnson are connected and speaking to your brain.

In this week's show:

• BATHROOM CHAT!

• We discuss a negativity towards developers when bugs occur.

• We share a Command Line Lurve:

  • maybe - run a command and see what it will do to your system, without doing it
• And we go over all your amazing feedback - thanks for sending it - please keep sending it!

• Image credit: Ian Schneider

That's all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there's a topic you'd like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

• Join us in the Ubuntu Podcast Telegram group.

10 Aug 2018 8:56am GMT

Today I'm giving a talk in the IoT Village at DEF CON 26. Though not a "main stage" talk, this is my first opportunity to speak at DEF CON. I'm really excited, especially with how much I enjoy IoT hacking. My talk was inspired by the research that lead to CVE-2017-17704, but it's not meant to be a vendor-shaming session. It's meant to be a discussion of the difficulty of getting physical access control systems that have IP communications features right. It's meant to show that the designs we use to build a secure system when you have a classic user interface don't work the same way in the IoT world.

(If you're at DEF CON, come check it out at 4:45PM on Friday, August 10 in the IoT Village.)

The TL;DR of it is that encryption (particularly with a key hardcoded in the device firmware) does not guarantee authenticity and that an attacker can forge messages triggering behavior on the door access controller. What's more interesting is to discuss how to fix this problem in product designs going forward.

Getting encryption right is hard at the best of times. Doing it in a way that allows reasonable management of the devices, with proper authentication of connection, when you have devices that may not have hostnames (or if they do, may be internal only hostnames), that don't have classic user interfaces, that may fail and need to be replaced, is very hard.

It's also worth noting that the amount we should care about security really does depend on the product involved. While I don't deny that an RCE in a light bulb could become part of a botnet, authentication bypass in an access control system is pretty scary. It literally has one job: to deny unauthorized access. Having the ability to bypass it over the network is clearly impactful.

I hope my talk will inspire conversations about how to do network trust among networks of embedded & IoT devices. As security professionals, we haven't offered the device developers the tools to bootstrap the trust relationships in the real world. Here's to hoping that next year, I can be discussing a different type of bug.

Slides

PDF: I'm the One Who Doesn't Knock: Unlocking Doors From the Network

10 Aug 2018 7:00am GMT

Welcome to the Ubuntu Weekly Newsletter, Issue 539 for the week of July 29 - August 4, 2018. The full version of this issue is available here.

In this issue we cover:

• Ubuntu 16.04.5 LTS released
• Ubuntu Stats
• Hot in Support
• LoCo Events
• Ubuntu Server development summary - 31 July 2018
• Xubuntu Development Update August 2018
• Ubuntu Studio 18.10 Wallpaper Contest
• In the Blogosphere
• In Other News
• Featured Audio and Video
• Upcoming Meetings and Events
• Updates and Security for 14.04, 16.04, and 18.04
• And much more!

The Ubuntu Weekly Newsletter is brought to you by:

• Krytarik Raido
• Bashing-om
• Chris Guiver
• And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

10 Aug 2018 2:55am GMT

A short lived ride After some time on Kubuntu on this new laptop, I just re-discovered that I did not want to live in the Plasma world anymore. While I do value all the work the team behind it does, the user interface is just not for me as it feels rather busy to my liking. In that aforementioned post I wrote about running the Ubuntu Report Tool on this system, it is not part of the Kubuntu install or first boot experience but you can install it by running apt install ubuntu-report followed by running ubuntu-report to actually create the report and if you want, send it too.

08 Aug 2018 11:22pm GMT

I read Twitter with Tweetdeck. And I use the excellent Better Tweetdeck to improve my Tweetdeck experience. And I had an idea.

You see, emoji, much as they're the way we communicate now, they're actually quite hard to read. And Slack does this rather neat thing where if …

08 Aug 2018 11:19pm GMT

A lovely lunch and a shared afternoon and evening with Ade was a pleasant interlude in our time together here in beautiful Deventer. We changed tables a few times to avoid the sun! Last night we were wakened at around 2am with wind blowing rain into the open windows, which was quite exciting. Thunder roared in the south. It was still quite cool and breezy this morning so we ate inside.

After lunch, Boud proposed a walk around the town while the temperatures were moderate. We walked over much of the old town of Deventer, and spend some time in the Roman Catholic church, the old church on the "hill" with twin spires, the old Brush Shop, and back past the Weighing House and a lovely cast bronze map of Deventer.

Our favorite tree:

08 Aug 2018 4:00pm GMT

Mugshot 0.4.1, the latest release of the lightweight user profile editor, is now available! This release includes a number of bug fixes and will now run in the most minimal of environments.

What's New?

Code Quality Improvements

• Replaced deprecated logger.warn with logger.warning (Python 2.x)
• Replaced deprecated module optparse with argparse (Python 2.7)
• Resolved Pylint and PEP8 errors and warnings

Bug Fixes

• TypeError in _spawn(): The argument, args, must be a list (LP: #1443283)
• User-specified initials are not correctly loaded (LP: #1574239)
• Include Mugshot in Xfce Settings, Personal Settings (LP: #1698626)
• Support -p and -w office phone flags in chfn. This flag varies between chfn releases. (LP: #1699285)
• FileNotFoundError when comparing profile images (LP: #1771629)

Support for Minimal Chroot Environments

• Fix crash when run without AccountsService
• Handle OSError: out of pty devices
• Specify utf-8 codec for desktop file processing when building

Translation Updates

Catalan, Chinese (Simplified), Danish, Lithuanian, Spanish

Downloads

Source tarball (md5, sig)

08 Aug 2018 10:04am GMT

Am I leading a double life as an actor in several critically acclaimed television series?

I ask because I was recently accused of being Paul Sparks-the actor who played gangster Mickey Doyle on Boardwalk Empire and writer Thomas Yates in the Netflix version of House of Cards. My accuser reacted to my protestations with incredulity. Confronted with the evidence, I'm a little incredulous myself.

Previous lookalikes are here.

07 Aug 2018 9:00pm GMT

Here is the eighth issue of This Week in Lubuntu Development. You can read the last issue here. Translated into: español Changes General Lubuntu 18.04.1 has been released! Lubuntu 16.04.5 has been released! We're taking a new direction. The past couple of weeks have been focused on more desktop polish and some heavy infrastructure and […]

06 Aug 2018 10:09pm GMT

FreeDesktop platforms have come a long way in terms of usability and as we strive to make them better platforms for application developers, I think it's time to shed one more shackle that slows that down: themes.

Now, coming from me that view may be a surprise (because of all those themes that I call personal projects) but I do feel it's necessary mainly because the level of visual customisation that is being done at the distribution level has led to widespread visual fragmentation which impacts both user- and developer-friendliness.

Letting the Past Go

What themes used to be were sets of preset or configuration files that would only tweak the details of the user interface such as the window borders or how buttons and scrollbars looked but the overall layout and function stayed the same.

But user interfaces of the past were much simpler, there were fewer window states, fewer points of interaction, less visual feedback, and just plain fewer pixels. These limitations in old toolkits meant that they largely stayed the same from theme to theme and things were relatively stable.

Fast-forward to today where we have modern toolkits like GTK+ 3 with more complex visuals and detailed interactions means that without the same level of quality control that you find at the toolkit level, maintaining a separate theme is a very fiddly and potentially buggy prospect. Not to mention getting all the details right matters for both usability and accessibility.

"Look and Feel" as a Toolkit Component

It's unfortunate that "Adwaita" is thought of as a theme when in fact it is a core component of the toolkit, but this is mostly a holdover from how we're used to thinking about look and feel as it relates to the user interface. Adwaita is as closely tied to GTK+ as Aqua is to the macOS user interface, and as a result it has broad implications applications built with GTK+.

The reality is that GTK+ 3 has no theme framework (there is no API or documentation for "themes") and "Adwaita" is simply the name of the stylesheet deeply integrated in GTK+. So when third-party developers build GNOME apps, they rely on this stylesheet when determining the look and feel of their apps and, if necessary, use it as a reference when writing their own custom stylesheets (since it is a core toolkit component).

Today's themes aren't themes

GTK+ 3 themes are not themes in the traditional sense. They are not packages of presets designed to work with the user interface toolkit, they are more like custom stylesheets which exist outside of the application-UI framework and only work by essentially overriding the toolkit-level stylesheet (and quite often only the toolkit-level stylesheet).

When GTK+ 3 applications are being used under third-party themes, what is being broken is the boundary an application developer has set up to control both the quality of their application and how it looks and feels and this becomes really problematic when applications have custom CSS.

In order for third party themes to work properly and not cause cascading visual bugs, they have to either become monolithic and start incorporating all the custom stylesheets for all the applications that have them, or work with application developers to include stylesheets in their applications that support their themes. Neither of these solutions are good for platform or application development since it will become a task of never-ending maintenance.

Visual Fragmentation

Across the GNOME desktop ecosystem exists "visual fragmentation" and it's a very real problem for app developers. Since very few distributions ship GNOME as-is, it is hard to determine what the visual identity of GNOME is and therefore it's difficult to know which visual system to build your application for.

Integrating the stylesheet with the user interface toolkit, in theory, should have solved many issues regarding visual inconsistency across the GNOME platform, but that's an unsolveable problem so long as themes persist.

The biggest offenders continue to be downstream projects that theme GNOME extensively by overriding the default icons and stylesheet, and insist that that's part of their own brand identity, but so long as that practice carries on then this fragmentation will continue.

Upstream vs. Downstream Identity

It is extremely rare for a Linux distribution to also be the platform vendor, so it can be said that nearly all distros that ship a desktop platform (like GNOME) are "downstream" vendors.

Platforms like GNOME and KDE exist irrespective of distributions and they have their own visual and brand identities, and own guidelines around the user interface. On the other hand, distribution vendors see a need to have unique identities and some decide to extend that to the look and feel of the desktop and apply themes.

But this practice raises questions about whether it is right or not for distributions to cut out or override the upstream platform vendor's identity to favour their own. Should distributions that ship GNOME be asked to leave the default look and feel and experience intact? I think yes.

A similar situation exists on Android where Google is trying to control the look and feel of Android and hardware OEMs all over the place are skinning it for their phones, but the blame for issues gets conflated with issues in Android (unless you do some monumental branding effort and effectively erase Android, like Samsung)

Distributions owe a lot to the desktop platforms, as such I think that effort should be made to respect the platform's intended experience. Not to mention, the same concerns for quality assurance regarding applications also applies to the platform, GNOME developers lose out when then forced to dedicate time and resources to dealing with bugs related to issues created by downstream theming and deviations.

The Future

If ending the wild west of visual customisation (which would probably end all of those projects of mine) on GNOME is necessary to grow the ecosystem, so be it.

I would rather see GNOME evolve as a platform and become a little less developer-hostile by dropping support for third-party themes, than stagnate. Doing so would also bring us in line with the how the major (successful) platforms maintain a consistent look and feel and consider app developers' control over their apps and their rights to their brand identities.

That said, I doubt such a hardline position will be widely warmly recieved, but I would like to see a more closed approach to look and feel. Though, perhaps actually building some sort of framework that allows for custom stylesheets (so that downstreams can have their unique visual identities) that doesn't involve totally overriding the one at the toolkit level would be the best solution.

05 Aug 2018 3:00pm GMT