14 Sep 2014

feedPlanet Ubuntu

Joel Leclerc: I’m quitting relinux

I will start this off by saying: I'm very (and honestly) sorry for, well, everything.

To give a bit of history, I started relinux as a side-project for my CosmOS project (cloud-based distribution … which failed), in order to build the ISO's. The only reasonable alternative at the time was remastersys, and I realized I would have to patch it anyways, so I thought that I might as well make a reusable tool for other distributions to use too.

Then came a rather large amount of friction between me and the author of remastersys, of which I will not go into any detail of. I acted very immaturely then, and wronged him several times. I had defamed him, made quite a few people very angry at him, and even managed to get some of his supporters against him. True, age and maturity had something to do with it (I was 12 at the time), but that still doesn't excuse my actions at all.

So my first apology is to Tony Brijeski, the author of remastersys, for all the trouble and possible pain I had put him through. I'm truly sorry for all of this.

However, though the dynamics with Tony and remastersys are definitely a large part of why I'm quitting relinux, that is not all. The main reason, actually, is lack of interest. I have rewritten relinux a total of 7 times (including the original fork of remastersys), and I really hate the debugging process (takes 15-20 minutes to create an ISO, so that I can debug it). I have also lost interest in creating linux distributions, so not only am I very tired of working on it, I also don't really care about what it does.

On this note, my second apologies (and thanks) have to go those who have helped me so much through the process, especially those who have tried to encourage me to finish relinux. Those listed are in no particular order, and if I forgot you, then let me know (and I apologize for that!):

Thank you very much for everything you've done!

Lastly, I would like to explain my plans for it, in case anyone wants to continue it (by no means do I want to enforce these, these are just ideas).

My plan for the next release of relinux was to actually make a very generic and scriptable CLI ISO creation tool, and then make relinux as a specific set of "profiles" for that tool (plus an interface). The tool would basically contain a few libraries for the chosen scripting language, for things like storing the filesystem (SquashFS or other), ISO creation, and general utilities for editing files while keeping permissions, mutli-threading/processing, etc… The "profiles" would then copy, edit, and delete files as needed, set up the tool wanted for running the live system (in ubuntu's case, this'd be casper), setup the installer/bootloader, and such.

I would like to apologize to you all, the people who have used relinux and have waited for a stable version for 3 years, for not doing this. Thank you very much for your support, and I'm very sorry for having constantly pushed releases back and having never made a stable or well working version of relinux. Though I do have some excuses as to why the releases didn't work, or why I didn't test them well enough, none of them can cover why I didn't fix them or work on it more. And for that, I am very sorry.

I know that this is a very large post for something so simple, but I feel that it would not be right if I didn't apologize to those I have done wrong to, and thanked those who have helped me along the way.

So to summarize, thank you, sorry, and relinux is now dead.

- Joel Leclerc (MiJyn)


14 Sep 2014 11:24pm GMT

David Tomaschik: Getting Started in CTFs

My last post was about getting started in a career in information security. This post is about the sport end of information security: Capture the Flag (CTFs).

I'd played around with some wargames (Smash the Stack, Over the Wire, and Hack this Site) before, but my first real CTF (timed, competitive, etc.) was the CTF run by Mad Security at BSides SF 2013. By some bizarre twist of fate, I ended up winning the CTF, and I was hooked. I've probably played in about 30 CTFs since, most of them online with the team Shadow Cats. It's been a bumpy ride, but I've learned a lot about a variety of topics by doing this.

If you're in the security industry and you've never tried a CTF, you really should. Personally, I love CTFs because they get me to exercise skills that I never get to use at work. They also inspire some of my research and learning. The only problem is making the time. :)

Here's some resources I've thought were interesting:

14 Sep 2014 8:07pm GMT

13 Sep 2014

feedPlanet Ubuntu

Luke Faraone: "Your release sucks."

I look forward to Ubuntu's semiannual release day, because it's the completion of 6ish months of work by Ubuntu (and by extension Debian) developers.

I also loathe it, because every single time we get people saying "This Ubuntu release is the worst release ever!".

Ubuntu releases are always rocky around release time, because the first time Ubuntu gets widespread testing is on or after release day.

We ship software to 12 Million Ubuntu Users with only 150 MOTUs who work directly on the platform. That's a little less than 1 developer with upload rights to the archive for every 60,000 users. ((This number, like all other usage data, is dated, and probably wasn't even accurate when it was first calculated)) Compared to Debian, which (at last estimate in 2010) had 1.5 million uniques on security.debian.org, yet has around 1000 Debian Developers.

Debian has a strong testing culture; someone once estimated that around ¾ of Debian users are running unstable or testing. In Ubuntu, we don't have good metrics on how many people are using the development release that I'm aware of (pointers welcome), but I'd guess that it's a very very small percentage. A common thread in bug reports, if we get a response at all, goes on as follows:

Triager: ((Developer, bugcontrol member, etc. Somebody who is not experiencing the problem but wants to help.)) "Is this a problem in $devel?"
User: "I'll let you know when it hits final"
Triager: "It's too late then. Then we'll want you to test in the next release. We have to fix it BEFORE its final"
User: "Ok, I'll test at beta."
Triager: "That's 2 weeks before release, which will be too late. Please test ASAP if you want us to have time to fix it"


Of course, there are really important bugs with hardware support which keep on cropping up. But if they're just getting reported on or around release day, there are limits to what can be done about them this cycle.

We need to make it easier for people to run early development versions, and encourage more people to use them (as long as they're willing to deal with breakage). I'm not sure whether unstable/testing is appropriate for Ubuntu, and I'm fairly confident that we don't want to move to a rolling release (currently being discussed in Debian, summary). But we badly need more developers, and equally importantly, more testers to try it out earlier in the release process.

To users: please, please try out the development versions. Download a LiveCD and run a smoketest, or check if bugs you reported are in fact fixed in the later versions. And do it early and often.

13 Sep 2014 8:43pm GMT

David Tomaschik: Getting Started in Information Security

I've only been an information security practitioner for about a year now, but I've been doing things on my own for years before that. However, many people are just getting into security, and I've recently stumbled on a number of resources for newcomers, so I thought I'd put together a short list.

13 Sep 2014 7:30pm GMT

Stuart Langridge: Developers are users too

When you talk about the "user experience" of the thing you're building, remember that developers who use your APIs are users too. And you need to think about their experience.

We seem to have created a world centred on github where everyone has to manage dependencies by hand, like we had to in 1997. This problem was completely solved by apt twenty years ago, but the new cool github world is, it seems, too cool to care about that. Go off to get some new project by git cloneing it and it's quite likely to say "oh, and it depends on $SOME_OTHER_PROJECT (here's a link to that project's github repo)". And then you have to go fetch both and set them up yourself. Which is really annoying.

Now, there are good reasons why to not care about existing dependency package management systems such as apt. Getting stuff into Ubuntu is hard, laborious work and most projects don't want to do it. PPAs make it easier, but not much easier; if you're building a thing and not specifically targeting Ubuntu with it, you don't want to have to learn about Launchpad and PPAs and build recipes and whatnot. This sort of problem is also solves neatly for packages in a specific language by that language's own packaging system; Python stuff is installable with pip install whatever and a virtualenv; Node stuff is installable with npm install whatever; all these take care of fetching any dependent stuff. But this rush for each language to have its own "app store" for its apps and libraries means that combining things from different languages is still the same 20th century nightmare. Take, for example, Mozilla's new Firefox Tools Adaptor. I'm not picking on Mozilla here; the FTA is new, and it's pretty cool, and it's not finished yet. This is just the latest in a long line of things which exhibit the problem. The FTA allows you to use the Firefox devtools to debug web things running in other browsers. Including, excitingly, debugging things running in iOS Safari on the iPhone. Now, doing that's a pain in the ringpiece at the moment; you have to install Google's ios-webkit-debug-proxy, which needs to be compiled, and Apple break compatibility with it all the time and so you have to fetch and build new versions of libimobiledevice or something. I was eager to see that the new Firefox Tools Adaptor promises to allow debugging on iOS Safari just by installing a Firefox extension.

And then I read about it, and it says, "The Adapter's iOS support uses Google's ios-webkit-debug-proxy. Until that support is built directly into the add-on, you'll need to install and run the ios-webkit-debug-proxy binary yourself". Sigh. That's the hard part. And it's not any easier here.

Again, I'm not blaming Mozilla here - they plan to fix this, but they'll have to fix it by essentially bundling ios-webkit-debug-proxy with the FTA. That'll work, and that's an important thing for them to do in order to provide a slick user experience for developers using this tool (because "download and compile this other thing first" is not ever ever a nice user experience).

It is made worse by people using a language packaging system (designed for people developing libraries for a given language) to do app distribution. See, for example, tmuxme, which is an app for sharing a terminal session with many people (think of it like screen sharing, but for a terminal). And how do you install it? gem install tmuxme. No. Ruby's gem command is for developers to download a Ruby library that their Ruby package needs. I, as someone who wants to use this tool, should not have to care that it's written in Ruby. I should not have to have a Ruby development environment set up in order to use an app. See the birmingham.io forum thread for much much more about this, and why it doesn't even work. New rather cool app pup is the same - it's a little app, inspired by the excellent jq, into which I can pipe HTML and give it a CSS selector, and pup will then print just the elements which match the selector. But how do I install it? go get github.com/ericchiang/pup. No. I don't have go. I don't have a go environment set up. I don't have $GOPATH set. I shouldn't even have to care that this little util is even written in Go. It's a utility. What's worse about this is that, unlike Ruby or Python, Go creates actual executables; I don't even need the Go system around to run it! Why should I need to install all of Go just to get your app? Don't use a language-specific library packaging system for distribution of applications. Don't make me identify and download dependencies myself just because you already have them.

This is sorta kinda solved by brew for Mac users, but there's a lot of stuff not in brew either. Still, there is willingness to solve it that way by having a packaging system. But it's annoying that Ubuntu already has one and people are loath to use it. Using it makes for a better developer user experience. That's important.

13 Sep 2014 3:51pm GMT

12 Sep 2014

feedPlanet Ubuntu

John Baer: Get a free Chromebook from the Google Lending Library

student chromebook

Are you are enrolled in college, need a laptop computer, and willing to accept a new Chromebook? If so, Google got a deal for you and it's called the Google Lending Library.

The Chromebook Lending Library is traveling to 12 college campuses across the U.S. loaded with the latest Chromebooks. The Lending Library is a bit like your traditional library, but instead of books, we're letting students borrow Chromebooks (no library card needed). Students can use a Chromebook during the week for life on campus- whether it's in class, during an all-nighter, or browsing the internet in their dorm.

Lindsay Rumer, Chrome Marketing


Assuming you attend one the partnered Universities, here is how it works.

1. Request a Chromebook from the Library
2. Agree to the Terms of Use Agreement
3. Use the Chromebook as you like while you attend school
4. Return it when you want or when you leave

What happens if you don't return it? Expect to receive a bill for the fair market value not to exceed $220.

Here's the fine print.

"Evaluation Period" means the period of time specified to you at the time of checkout of a Device.

"Checkout Location" means the location specified by Google where Devices will be issued to you and collected from you.

1.1 Device Use. You may use the Device issued to you for your personal evaluation purposes. Upon your use of the Device, Google transfers title to the Device equipment to you, but retains all ownership rights, title and interest to any Google Devices and services and anything else that Google makes available to you, including without limitation any software on the Device.

1.2 Evaluation Period. You may use the Device during the Evaluation Period. Upon (i) expiration of the Evaluation Period, or (ii) termination of this Agreement, if this Agreement is terminated early in accordance Section 4, you agree to return the Device to the Checkout Location. If you fail to return the Device at the end of the Evaluation Period or upon termination of this Agreement, you agree Google may, to the extent allowed by applicable law, charge you up to the fair market value of the Device less normal wear and tear and any applicable taxes for an amount not to exceed Two Hundred Twenty ($220.00) Dollars USD.

1.3 Feedback. Google may ask you to provide feedback about the Device and related Google products optimized for Google Services. You are not required to provide feedback, but, if you do, it must only be from you, truthful, and accurate and you grant Google permission to use your name, logo and feedback in presentations and marketing materials regarding the Device. Your participation in providing feedback may be suspended at any time.

1.4 No Compensation. You will not be compensated for your use of the Devices or for your feedback.

2. Intellectual Property Rights. Nothing in this Agreement grants you intellectual property rights in the Devices or any other materials provided by Google. Except as provided in Section 1.1, Google will own all rights to anything you choose to submit under this Agreement. If that isn't possible, then you agree to do whichever of the following that Google asks you to do: transfer all of your rights regarding your submissions to Google; give Google an exclusive, irrevocable, worldwide, royalty-free license to your submissions to Google; or grant Google any other reasonable rights. You will transfer your submissions to Google, and sign documents and provide support as requested by Google, and you appoint Google to act on your behalf to secure these rights from you. You waive any moral rights you have and agree not to exercise them, unless you notify Google and follow Google's instructions.

3. Confidentiality. Your feedback and other submissions, is confidential subject to Google's use of your feedback pursuant to Section 1.3.

4. Term. This Agreement becomes effective when you click the "I Agree" button and remains in force through the end of the Evaluation Period or earlier if either party gives written termination notice, which will be effective immediately. Upon expiration or termination, you will return the Device as set forth below. Additionally, Google will remove you from any related mailing lists within thirty (30) days of expiration or termination. Sections 1.3, 1.4, and Sections 2 through 5 survive any expiration or termination of this Agreement.

5. Device Returns. You will return the Device(s) to Google or its agents to the Checkout Location at the time specified to you at the time of checkout of the Device or if unavailable, to Google Chromebook Lending Library, 1600 Amphitheatre Parkway, Mountain View, CA 94043. Google may notify you during or after the term of this Agreement regarding return details or fees chargeable to you if you fail to return the Device.

The post Get a free Chromebook from the Google Lending Library appeared first on john's journal.

12 Sep 2014 10:52pm GMT

Ayrton Araujo: CloudFlare as a ddclient provider under Debian/Ubuntu

Dyn's free dynamic DNS service closed on Wednesday, May 7th, 2014.

CloudFlare, however, has a little known feature that will allow you to update
your DNS records via API or a command line script called ddclient. This will
give you the same result, and it's also free.

Unfortunately, ddclient does not work with CloudFlare out of the box. There is
a patch available
and here is how to hack[1] it up on Debian or Ubuntu, also works in Raspbian with Raspberry Pi.

Requirements

basic command line skills, and a domain name
that you own.

CloudFlare

Sign up to CloudFlare and add your domain name.
Follow the instructions, the default values it gives should be fine.

You'll be letting CloudFlare host your domain so you need to adjust the
settings at your registrar.

If you'd like to use a subdomain, add an 'A' record for it. Any IP address
will do for now.

Let's get to business...

Installation

$ sudo apt-get install ddclient

Patch

$ sudo apt-get install curl sendmail libjson-any-perl libio-socket-ssl-perl
$ curl -O http://blog.peter-r.co.uk/uploads/ddclient-3.8.0-cloudflare-22-6-2014.patch 
$ sudo patch /usr/sbin/ddclient < ddclient-3.8.0-cloudflare-22-6-2014.patch

Config

$ sudo vi /etc/ddclient.conf

Add:

##
### CloudFlare (cloudflare.com)
###
ssl=yes
use=web, web=dyndns
protocol=cloudflare, \
server=www.cloudflare.com, \
zone=domain.com, \
login=you@email.com, \
password=api-key \
host.domain.com

Comment out:

#daemon=300

Your api-key comes from the account page

ssl=yes might already be in that file

use=web, web=dyndns will use dyndns to check IP (useful for NAT)

You're done. Log in to https://www.cloudflare.com and check that the IP listed for
your domain matches http://checkip.dyndns.com

To verify your settings:

sudo ddclient -daemon=0 -debug -verbose -noquiet

Fork this:
https://gist.github.com/ayr-ton/f6db56f15ab083ab6b55

12 Sep 2014 6:47pm GMT

Ayrton Araujo: New blog with Ghost

Here I am again, moving once more. This time from octopress to ghost.
At this time I'm moving because I want an easy way to update my blog. Keep it in a static content generator is a little bit harder to update and fix posts. But I will miss some things from octopress like the codesnipets and the responsible videos plugin. I'm considering to make some pull requests with the features I am missing. I will continue using Haroopad for off-line drafting markdown posts.

Well, for this migration I used an account in Wabble (because it is really cheap) with 4 VPS.

As I don't have an API in Wablle and theres no roadmap for this I used juju manual provisioning. Here is my enviroments.yaml:

environments:
  wable:
    type: manual
    default-series: precise
    bootstrap-host: example.com
    bootstrap-user: root

Before add new units, I cleaned up the machine with:

apt-get update && apt-get install curl && curl https://dl.dropboxusercontent.com/u/X/juju-agent.sh | sh

Because of the X, it will not works for you, but heres the script (remember to change the X):

#!/bin/bash
# curl https://dl.dropboxusercontent.com/u/x/juju-agent.sh | sh

locale-gen en_US.UTF-8
dpkg-reconfigure locales

apt-get purge apache2.2-common -y
apt-get dist-upgrade -y
apt-get autoremove -y
apt-get install dbus -y

mkdir $HOME/.ssh
echo 'ssh-rsa yourpubkey' > $HOME/.ssh/authorized_keys

And then I added new units with juju add-machine ssh:root@example.com with no error.

Then I deployed 2 mysql units and 4 ghost units, with haproxy as follows (as we're using manual provisioning, we need to specify the machines, otherwise it will not work):

juju deploy mysql --to 0
juju add-unit mysql --to 1
juju deploy haproxy --to 2 
juju deploy ghost --to 0
juju add-unit ghost --to 1
juju add-unit ghost --to 2
juju add-unit ghost --to 3
juju add-relation mysql ghost
juju add-relation haproxy ghost
juju expose haproxy

Wait for units to deploy before add the relations.

And voilà:
deployed

All this power is just for test, I will change this schema soon, as my blog will never have engagement to justify that scale schema. Ahaha

Here's my juju-gui canvas:
juju-gui canvas

I would like to say thanks to hatch, the creator of Ghost charm, that helped me a lot with some breaked deploys in #juju at irc.freenode.org and quote a related post of him: http://fromanegg.com/post/97035773367/juju-explain-it-to-me-like-im-5

What I would like to have next:

Search for me in #juju at irc.freenode.org if you pass through any problem.

12 Sep 2014 6:42pm GMT

Harald Sitter: My Family…

… is the best in the whole wide world!
akademy2014

12 Sep 2014 3:33pm GMT

Ubuntu Podcast from the UK LoCo: S07E24 – The One with the Holiday Armadillo

We're back with Season Seven, Episode Twenty-Four of the Ubuntu Podcast! Alan Pope, Mark Johnson, and Laura Cowen are drinking tea and eating Battenburg cake in Studio L.

Download OGG Download MP3 Play in Popup

In this week's show:

We'll be back next week, so please send your comments and suggestions to: podcast@ubuntu-uk.org
Join us on IRC in #uupc on Freenode
Leave a voicemail via phone: +44 (0) 203 298 1600, sip: podcast@sip.ubuntu-uk.org and skype: ubuntuukpodcast
Follow us on Twitter
Find our Facebook Fan Page
Follow us on Google+

12 Sep 2014 1:05pm GMT

11 Sep 2014

feedPlanet Ubuntu

Benjamin Kerensa: Off to Berlin

Right now, as this post is published, I'm probably settling into my seat for the next ten hours headed to Berlin, Germany as part of a group of leaders at Mozilla who will be meeting for ReMo Camp. This is my first transatlantic trip ever and perhaps my longest flight so far, so I'm both […]

11 Sep 2014 8:45pm GMT

Jonathan Riddell: Akademy Poll

KDE Project:

Best thing about Akademy Brno

11 Sep 2014 8:42pm GMT

Jonathan Riddell: Akademy Wednesday and Thursday Photo Blog

KDE Project:

DSC_0769
Hacking hard in the hacking room

DSC_0773
Blue Systems Beer

DSC_0775
You will keep GStreamer support in Phonon

DSC_0780
Boat trip on the loch

DSC_0781
Off the ferry

DSC_0783
Bushan leads the way

DSC_0784
A fairy castle appears in the distance

DSC_0787
The talent show judges

DSC_0790
Sinny models our stylish Kubuntu polo shirts

DSC_0793
Kubuntu Day discussions with developers from the Munich Kubuntu rollout

IMG 9510 v1
Kubuntu Day group photo with people from Kubuntu, KDE, Debian, Limux and Net-runner

c IMG 8903 v1
Jonathan gets a messiah complex

11 Sep 2014 8:34pm GMT

Benjamin Kerensa: On Wearable Technology

The Web has been filled with buzz of the news of new Android watches and the new Apple Watch but I'm still skeptical as to whether these first iterations of Smartwatches will have the kind of sales Apple and Google are hoping for. I do think wearable tech is the future. In fact, I owned […]

11 Sep 2014 12:00pm GMT

Valorie Zimmerman: Accessible KDE, Kubuntu

KDE is community. We welcome everyone, and make our software work for everyone. So, accessibility is central to all our work, in the community, in testing, coding, documentation. Frederik has been working to make this true in Qt and in KDE for many years, Peter has done valuable work with Simon and Jose is doing testing and some patches to fix stuff.

However, now that KF5 is rolling out, we're finding a few problems with our KDE software such as widgets, KDE configuration modules (kcm) and even websites. However, the a11y team is too small to handle all this! Obviously, we need to grow the team.

So we've decided to make heavier use of the forums, where we might find new testers and folks to fix the problems, and perhaps even people to fix up the https://accessibility.kde.org/ website to be as
awesome as the KDE-Edu site. The Visual Design Group are the leaders here, and they are awesome!

Please drop by #kde-accessibility on Freenode or the Forum https://forum.kde.org/viewforum.php?f=216 to read up on what needs doing, and learn how to test. People stepping up to learn forum
moderation are also welcome. Frederik has recently posted about the BoF: https://forum.kde.org/viewtopic.php?f=216&t=122808

A11y was a topic in the Kubuntu BoF today, and we're going to make a new push to make sure our accessibility options work well out of the box, i.e. from first boot. This will involve working with the Ubuntu a11y team, yeah!

More information is available at
https://community.kde.org/Accessibility and
https://userbase.kde.org/Applications/Accessibility

11 Sep 2014 10:31am GMT

Canonical Design Team: Canonical and Ubuntu at dConstruct

Brighton is not just a lovely seaside town, mostly known for being overcrowded in Summer by Londoners in search for a bit of escapism, but also the home of a thriving community of designers, makers and entrepreneurs. Some of these people run dConstruct, a gathering where creative minds of all sorts converge every year to discuss important themes around digital innovation and culture.

When I found out that we were sponsoring the conference this year, I promptly jumped in to help my colleagues in the Phone, Web and Juju design teams. Our stand was situated in the foyer of the Brighton Dome, flashing the orange banner of Ubuntu and a number of origami unicorns.

The Ubuntu Stand

Origami Unicorns

We had an incredibly positive response from the attendees, as our stand was literally teeming with Ubuntu enthusiasts who were really keen to check our progress with the phone. We had a few BQ phones on display where we showed the new features and designs.

Testing the phone

For us, it was a great occasion to gather fresh impressions of the user experience on the phone and across a variety of apps. After a few moments, people started to understand the edge interactions and began to swipe left and right, giving positive feedback on the responsiveness of the UI. Our pre-release models of BQ phones don't have the final shell and they still display softkeys, as a result some people found this confusing. We took the opportunity to quickly design our own custom BQ phone by using a bunch of Ubuntu stickers…and viola, problem solved! ;)

Ubuntu phone - customised

Our 'Make your Unicorn' competition had a fantastic response. To celebrate the coming release of Utopic Unicorn and of the BQ phone, the maker of the best origami unicorn being awarded a new phone. The crowd did not hesitate to tackle the complex paper-bending challenge and came up with a bunch of creative outcomes. We were very impressed to see how many people managed to complete the instructions, as I didn't manage to go beyond step 15..

Ubuntu fans

Twitter Search - #dconstruct #ubuntu

11 Sep 2014 9:57am GMT