In the last few weeks I have been asked by many people what topics we have in the Community Council and what we are doing. After a month in the Council, I want to give a first insight into what happened in the early days and what has been on my mind. Of course, these are all subjective impressions and I am not speaking here from the perspective of the Community Council, but from my own perspective.

In the beginning, of course, we had to deal with organisational issues. These include ensuring that everyone is included in the Community Council's communication channels. There are two main channels that we use. On the one hand, we have a team channel on IRC on Freenode to exchange ideas. The channel has the advantage that you can ask the others small questions and have a relaxed chat. To reach everyone in the Council, we have set up the mailing list: community-council at lists.ubuntu.com

No, I haven't yet managed to read through all the documents and threads that deal with the Community Council or how to make the community more active again. But I have already read a lot in the first month on the Community Hub and on mailing lists to get different impressions. I can only encourage everyone to get involved with constructive ideas and help us to improve the community of Ubuntu.

I haven't worked on an international board since 2017 and had completely forgotten one topic that is more complex than national teams: the different timezones. But after a short time we managed to find a date where we all can basically do it and we had our public meeting of the council. This took place twice and the second time we all managed to attend. The minutes of the meetings are publicly available: 1st Meeting and 2nd Meeting. We have decided that we will hold the meeting twice a month.

The Community Council had not been active for a year now, so there had been further problems with filling positions that are dependent on the Community Council. So we had to tackle these issues as soon as possible. In the case of the Membership Board, we extended the existing memberships for a period of time after consultation with the members concerned, so that the ability to work would not be affected. After that, we launched a call for new candidates to join the Board. The result of this call was that sufficient candidates were found and we can fill this board again. Soon the new members will be selected and announced by us.

A somewhat more difficult issue proved to be the Local Community (LoCo) Council. Like the Community Council, this one had not been staffed for some time, and as a result some local communities have fallen out of the approved status, even though they applied for it. Here we have also launched a call for a new LoCo Council. But even though the pain seemed to be big there, not enough candidates were found, so that we were able to fill this council and fill it with life. After a discussion on how to deal with the situation, we decided to take a step back and look at why we got into this situation and what the needs of the existing local communities are (see the log of our second meeting). This will be the subject of a Committee that we will set up. This way we will discuss a basic framework of the community of Ubuntu and see what new ways we as a community can go about it.

As further topics we have started the discussion about our understanding of the work of the Community Council and how we want to work. One of the results was that we want to use Launchpad in the future to manage our tasks. As another board was threatened with membership expiring, we at the Technical Board extended the membership of members until the end of the year. This will allow us to start the process for a new election there.

All in all, there are more exciting topics to come in the community on Ubuntu in the near future. Are the structures currently so suitable for the community? There is no community team at Canonical at the moment and the future cooperation between Canonical and the community has not yet been clarified. These all seem to me to be very exciting topics and I'm happy that we are able to work on it together.

If you want to get involved in discussions about the community, you can do so at the Community Hub. You can also send us an email to the mailing list above if you have a community topic on your mind. If you want to contact me: you can do so by commenting, via Twitter or sending a mail to me: torsten.franz at ubuntu.com

24 Nov 2020 9:30pm GMT

The web team here at Canonical run two-week iterations. Here are some of the highlights of our completed work from this iteration.

Meet the team

Hi, I am Carlos Wu. I work for the Webteam as a web developer, and I just recently reached 1 year at Canonical!

I have worked previously in a number of Front-end roles and Canonical and the webteam gave me the opportunity to work on both back-end and front-end, which has been my professional goal for some time. I quite like our tech stack, which includes Python and Flask, React, and we use Docker to deploy our projects, so I really enjoy working and learning in this team.

Coming from agencies and companies where managers would just tell me "Don't ask questions, just do your work", Canonical's webteam has proved to be like a family, where I can be curious and ask questions and not be afraid to explore my boundaries.

In my free time, I like to do a variety of things. Sometimes, I like to play music, try as many instruments as I can. Although I have been a long time guitar player, I also enjoy playing chords on the piano or fiddling with a violin. Furthermore, I also sometimes build my own small projects to help me in my daily life. I very much enjoy a walk in the park! As you can see in the picture above in Hyde Park, London.

Web squad

Our Web Squad develops and maintains most of Canonical's promotional sites like ubuntu.com, canonical.com and more.

CVE and USN API

We have been working on developing our new API endpoint for the server team to access our USN and CVE data.

Published resources

9 out of the top 10 US & European financial institutions use Ubuntu

Find out why multi-cloud is fundamental to financial services transformation

Ubuntu Masters 4: Innovating for the future

Sign up for the Ubuntu Masters 4

Other resources and webinars

• SQL Server on Kubernetes: the next frontier
• Industry 4.0 needs a complete automation solution
• Together We Sink or Swim: Plugging the BootHole
• Micro clouds: Building your Kubernetes edge computing strategy

Other resources

In German

• Fünf Strategien zur Beschleunigung von Kubernetes in Unternehmen
• Vergleich von Red Hat OpenStack Platform und Charmed OpenStack von Canonical

In French

• Guide pour réussir l'adoption et le déploiement d'OpenStack

In Italian

• Charmed Openstack riduce significativamente il costo totale di proprietà

New AWS Outposts page

The most popular operating system in the public cloud, running on your premises with a consistent AWS experience.

Learn more about AWS Outposts

New cloud page

Private cloud vs hybrid cloud, multi-cloud and more. We do so much in the cloud we created a page to help you navigate our offerings.

Learn more about Ubuntu in the cloud

New Kubernetes comparison page

The Kubernetes landscape is vast and complex. If you are looking to compare different enterprise Kubernetes distributions, have a look at this page.

Brand

The Brand team develops our design strategy and creates the look and feel for the company across many touch-points, from web, documents, exhibitions, logos and video.

Suru across the web analysis

We completed the analysis of the use of 'suru' (our brand pattern) across all of our sites in preparation for a team workshop on Monday, where we will endeavour to expand its use and identify shortfalls and areas for improvement.

Nurture email templates

Working with the Marketing team we designed a number of templates to use in generic nurture campaigns, they will be built and distributed through Marketo.

Financial illustration library

A library of financial illustrations was developed with a focus on banking and investment for the Project Managers and the Marketing team to use.

KUSA development

We progressed the brand development of our proposed new theme 'KUSA', looking at the colours and levels of saturation.

MAAS

The MAAS squad develops the UI for the MAAS project.

We continued our journey to migrate our Machine details feature to React this week, covering the Network tab and Storage tab.

PCI device modelling

On the UX side, we have finalised our designs for PCI modelling work and from now, users will be able to see hardware information of the PCI devices from our UI already. The current PCI device modelling feature covers PCI devices and USB devices. From the aggregated view, information on the vendor, product, location and driver are provided. The network section includes information on normal networking cards and SmartNIC if available. Configurations can be done on two groups of devices; network-related devices and NVME storage devices. We hope to be able to provide configuration functions for GPUs in future work. Stay tuned, for development!

Machine workload annotation

Another piece of research work the UX team is working on is the machine workload annotation feature. The purpose of this feature is to bridge the communication gap between Site Reliability Engineers (SREs) and Data Center Engineers. The underlying problem at the moment is to understand how each side our users work and how they interface with MAAS. The current assumption is that SREs interface with MAAS through an orchestrating tool like Chef, Juju, Ansible, puppet, etc. This means that information we provide on MAAS need to be available in CLI and in the UI for the purpose of interfacing with these orchestrating tools.

JAAS

The JAAS squad develops the JAAS dashboard for the Juju project.

We landed a major new feature this iteration, the revised search and filter component. This is now using a shared component from our React Component library. This component is populated by the available model attributes and then filters the models whenever the user selects one of those filters. It is responsive, keyboard accessible and supports free form fuzzy search.

Juju action on dashboard UX design

In this iteration, we improved the dashboard UX design of the new Juju action feature sets, focusing on displaying available actions in the app, selecting units to execute/cancel actions and view action pipeline in the action tab view. Continuous feedback gathering will be carried out in the next iteration.

New layout UI design update

We've been busy updating our UI to be more streamlined with the level of information we show at a given time and added some new enhancements such as the Relationships view on the Integrations panel.

Below are some sample screens of the UI updates. We'd love to hear any feedback from our users and will continue to improve the experience in upcoming updates and release.

Vanilla

The Vanilla squad designs and maintains the design system and Vanilla framework library. They ensure a consistent style throughout web assets.

Improvement to application layout responsiveness

We continued work on the application layout. During the last couple of weeks, we improved how the layout adapts to different screen sizes, and we provided a couple of built-in widths for the aside panel.

We also provided additional examples to demonstrate how to build specific layouts of the application and documented the ways application developers can customize the layout to the individual needs of the apps they build.

New button variants

We worked on upstreaming some of the custom styles used in our React components library to Vanilla framework. This iteration we focused on the buttons and introduced updated styling for small and active buttons.

Patterns UX design

Work continues on our unified Notifications pattern, we hope to demonstrate some mockups soon. The draft pattern for our update to Code Snippet is still open for community feedback on Discourse.

Vanilla 2.20.0 release

Last iteration work was released as Vanilla framework v2.20.0

.

Snapcraft and Charmhub

The Snapcraft team works closely with the Store team to develop and maintain the Snap Store site and the Charmhub site.

Snapcraft

Brand store admin pages

The team has been working on designing the brand store admin pages. This work is done to continue the migration of the remaining features from dashboard.snapcraft.io to snapcraft.io.

UX update metadata

We designed the minimum required messaging around the new feature of updating metadata on release. Updating metadata on release is a handy way to always keep the snap listing up to date if any of the metadata information changes when releasing a new version to the stable channel. Currently, any changes to the snapcraft yaml file are simply ignored by the storefront, however, with the introduction of this feature they will be applied to the listing page.

Charmhub

Charmhub.io was released. The team has been working on this release of the site. Here are some highlights.

Homepage

We have been working on the user experience of the homepage. On the initial load of the homepage we show a set of featured charms. In the background a list of operators is loaded to give further functionality such as search and filtering by category or platform.

Details pages

Each operator has a details page. All the information about the operator can be found in different tabs:

• The Overview is where you get information about the operator including the Readme and project links.
• The Docs tab is the author's documentation for the operator. Freeing the description to solely be about the project.
• The Configure tab displays the configuration options when deploying or maintaining this operator.
• Actions list the available actions for the operator which provide a method of triggering internal actions on the operator itself.

Publisher pages

The team started integrating a publisher section on the site. We integrated the APIs into our Python module canonicalwebteam.store-api. This module handles the API calls made to the store related to Charmhub.

Team posts:

• Code snippet pattern - design specs
• Communication in code: Writing expressive code
• [Research] Cloud-like Experience in MAAS

With ♥ from Canonical web team.

24 Nov 2020 4:44pm GMT

Ten year maintenance commitment on app images provides secure cloud software supply chain

November 24th 2020: Canonical has published the LTS Docker Image Portfolio, a curated set of secure container application images, on Docker Hub.

The LTS Docker Image Portfolio comes with up to ten years Extended Security Maintenance by Canonical. "LTS Images are built on trusted infrastructure, in a secure environment, with guarantees of stable security updates," said Mark Lewis, VP Application Services at Canonical. "They offer a new level of container provenance and assurance to organisations making the shift to container based operations."

Canonical and Docker will collaborate on Docker Official Images and LTS Docker Image Portfolio to bring the best of the two to the community and ecosystem. The entire LTS Docker Image Portfolio will be exempted from per-user rate limits.

Critical CVE fixes within 24 hours

The Snyk State of Open Source Security report for 2020 found that many popular container images have known security vulnerabilities. The only image in the study free of such concerns was the Ubuntu image, maintained by Canonical.

"Our track record underscores our commitment to security," said Valentin Viennot, Product Manager at Canonical. "We address high and critical CVEs in LTS offerings, and fix critical issues within 24 hours." The Snyk report finds the average time for enterprises to remediate homegrown images is 68 days.

Hardened free and commercial LTS images

Several images from the LTS Docker Image Portfolio will be freely available as Docker Official Image versions during the five year standard security maintenance period of the underlying Ubuntu LTS. The entire LTS Image Portfolio, including content exclusively available to Canonical customers, will be available through Docker Hub.

"Docker helps millions of developers simplify how they collaboratively build, share and run applications," said Scott Johnston, CEO, Docker. "Docker Hub is the most popular registry on the planet because of the depth and breadth of content. It equally serves any developer running in any environment. Developers want and need a curated, maintained and secure set of content that Docker is continuously investing in. Today, we are taking that investment further with Canonical's Ubuntu, one of the most popular verified images on Docker Hub, to create a more integrated, reliable and secure developer experience to accelerate app delivery for our community."

"Guarantees of software supply chain security and integrity are vital to the fast-moving world of cloud-native operations," said Mark Shuttleworth, CEO at Canonical. "As the platform provider for the vast majority of container runtimes, we are responsible for the underlying performance and security of multi-cloud container operations and are glad to extend that service to the application container layer."

Many cloud applications with latest and LTS versions

The image portfolio includes fast-moving developer-oriented images which reflect current development. An example Redis image is at:

docker run -d ubuntu/redis:5.0-20.04_beta

Stable application version images with a stable Ubuntu LTS base and up to five years free standard security maintenance will shortly be freely available:

docker run -d lts/nginx:1.18-20.04_beta

Finally, customers of Canonical's Ubuntu Pro gain access to ten year Extended Security Maintenance images through Docker Hub.

Integrated partnerships for scanning and fixing

The LTS Images complement scanning solutions which identify problematic container images in registries and in production.

"For too long, going cloud native has left enterprises exposed to security vulnerabilities - from sourcing patched images through awareness of vulnerabilities to the maintenance lifecycle," said Jim Armstrong, Product Director at cloud-native application security leader Snyk. "The availability of the LTS Docker Image Portfolio, as well as the recently announced Docker security scanning powered by Snyk directly in Docker Hub, can drive a surge in Kubernetes adoption as companies embrace digital transformation while significantly reducing operating risk in the solution application life-cycle."

Docker Hub is the world's leading independent registry for finding and sharing container images with over 200 verified publishers, 160 Docker Official Images and more than 11 million active developers. It remains the world's most popular and richest container registry with 13+ billion pulls per month from 7.9 million application repositories. Content sources include an active and vibrant community of developers, open source projects and independent software vendors (ISV) who overwhelmingly choose to build and distribute their code in containers using the Docker platform.

Additional resources:

• https://ubuntu.com/security/docker-images
• https://hub.docker.com/u/ubuntu

ENDS

About Canonical

Canonical is the publisher of Ubuntu, the OS for most public cloud workloads as well as the emerging categories of smart gateways, self-driving cars and advanced robots. Canonical provides enterprise security, support and services to commercial users of Ubuntu. Established in 2004, Canonical is a privately held company.

24 Nov 2020 12:50pm GMT

Welcome to the Ubuntu Weekly Newsletter, Issue 658 for the week of November 15 - 21, 2020. The full version of this issue is available here.

In this issue we cover:

• Welcome New Members and Developers
• Ubuntu Stats
• Hot in Support
• LoCo Events
• Mir 2.2.0 Release
• Other Community News
• Canonical News
• In the Blogosphere
• Other Articles of Interest
• Featured Audio and Video
• Meeting Reports
• Upcoming Meetings and Events
• Updates and Security for 16.04, 18.04, 20.04, and 20.10
• And much more!

The Ubuntu Weekly Newsletter is brought to you by:

• Krytarik Raido
• Bashing-om
• Chris Guiver
• Wild Man
• And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

23 Nov 2020 9:35pm GMT

On a couple Telegram channels I have been radio silent for a couple days. I've gone silent elsewhere too. There has been a reason for this.

The health departments of Ashtabula County issued a stay at home advisory on Friday late in the day. Residents are advised to stay home as much as possible. There is also a statewide curfew in effect running from 10 PM to 5 AM each day.

This has required some hurried changes in operational circumstances. Twelve counties in Ohio have issued advisories and they general expire in mid-December. While compliance is notionally voluntary there is discussion of switching to enforced orders if this does not work out.

I now have to get a sermon written as well as a service planned so that "stay at home" services can be filmed. Considering that I am having to make hand-me-down analog tech do what I want this is not simple. That I am working out of my garage also compounds the level of difficulty.

Writing continues although I am definitely not meeting the NaNoWriMo usual daily word count goals. My target is to have a new novelette to go up on Kindle Direct Publishing at the start of December. Eventually I will get a Minimum Working Example posted as to how I am putting this together in LaTeX.

There was a project to launch a linear streaming video channel for the arts in my local area. Right now we have many multiple uncoordinated efforts strewn across YouTube. With YouTube's upcoming Terms of Service changes it does seem like the risk of uncontrolled inappropriate mid-roll advertising is increasing. This matter is on hold at the moment as other players in the project are having to handle more pressing matters due to the rapidly worsening coronavirus situation locally.

A few other plates are spinning at the moment too. In the end that's why I've been a bit quiet. A holiday or two may be coming up but it is not shaping up to be a vacation for me.

23 Nov 2020 12:28am GMT

Human perception has never ceased to amaze me, and in the context of this article, it is the perception of value, and the value of contribution that I want us to think about.

Photo by Andrea Piacquadio from Pexels

It is yours in title, deed and asset

A common miss perception with Open Source software is the notion of free. Many people associate free in its simplest form, that of no monetary cost, and unfortunately this ultimately leads to the second conclusion of 'cheap' and low quality. Proprietary commercial vendors, and their corporate marketing departments know this and use that knowledge to focus their audience on 'perceived value'. In some ways free of cost in the open source software world is a significant disadvantage, because it means there are no funds available to pay for a marketing machine to generate 'perceived value'.

Think, for a moment, how much of a disadvantage that is when trying to develop a customer/user base.

Kubuntu is completely and whole contributon driven. It is forged from passion and enthusiasm, built with joy and above all love. Throughout our community; users use it because they love it, supporters help users, and each other, maintainers fix issues and package improvements, developers extend functionality and add features, bloggers write articles and documentation, youtubers make videos and tutorials. All these people do this because they love what they're doing and it brings them joy doing it.

Photo by Tima Miroshnichenko from Pexels

Today Linux is cloud native, ubiquitous and dominates wholesale in the internet space, it is both general purpose, and highly specialised, robust and extensive, yet focused and detailed.

Kubuntu is a general purpose operating system designed and developed by our community to be practical and intuitive to a wide audience. It is simple and non-intrusive to install, everyday it continues to grow a larger user base of people who download it, install it and for some, love it! Further more, some of those users will find their way into our community, they will see the contributions given so freely by others and be inspired to contribute themselves.

Image from Wikipedia

Anyone who has installed Windows 10 recently, will atest to the extent of personal information that Microsoft asks users of its operating system to 'contribute'. This enables the Microsoft marketing teams to further refine their messaging to resonate with your personal 'perceived value' and indeed to enable that across the Microsoft portfolio of 'partners'!
The story is identical with Apple, the recently announced Silicon M1 seeks, not only to lock Apple users into the Apple software ecosystem and their 'partners' but also to lock down and isolate the software to the hardware.

With this background understanding, we are able to return full circle to the subject of this article 'Kubuntu is not Free, it is Free' and further more Kubuntu users are free.
Free from intrusion, profiling, targeting, and marketing; Kubuntu user are free to share, modify and improve their beloved software however they choose.

Photo by RF._.studio from Pexels

Let us revisit that last sentence and add some clarity. Kubuntu users are free to share and improve 'their' beloved software however they choose.
The critical word here is 'their', and that is because Kubuntu is YOUR software, not Microsoft, Apple, and not even Canonical or Ubuntu's. It is yours in title, deed and asset and that is the value that the
GNU GPL license bequithes to you.

This ownership also empowers you, and indeed puts you as an individual in a greater place of power than the marketeers from Microsoft or Apple. You can share, distribute, promote, highlight or low-light, Kubuntu wherever, and whenever you like. Blog about it, make YouTube videos about it, share it, change it, give it away and even sell it.

How about the for perceived value ?

About the Author:

Rick Timmis is a Kubuntu Councillor, and advocate. Rick has been a user and open contributor to Kubuntu for over 10 years, and a KDE user and contributor for 20

22 Nov 2020 4:32pm GMT

22 Nov 2020 1:09pm GMT

As estrelas da Internet que vocês mais admiram voltam a presentear o seu vasto auditório com pormenores de interesse duvidoso da sua vida pessoal e derivados. Aqui fica mais um episódio no vosso podcast preferido.

Já sabem: oiçam, subscrevam e partilhem!

• https://twitter.com/costalesdev/status/1327543116354695170
• https://www.youtube.com/channel/UCjSsbz2TDxIxBEarbDzNQ4w
• https://www.minecraft.net/pt-br/download/server
• https://www.opensourcelisbon.com/
• https://www.humblebundle.com/books/java-programming-more-oreilly-books?partner=PUP
• https://shop.nitrokey.com/de_DE/shop?aff_ref=3

Apoios

Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.

Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino e Tiago Carrondo e editado por Alexandre Carrapiço, o Senhor Podcast.

A música do genérico é: "Won't see it comin' (Feat Aequality & N'sorte d'autruche)", por Alpha Hydrae e está licenciada nos termos da [CC0 1.0 Universal License](https://creativecommons.org/publicdomain/zero/1.0/).

Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

19 Nov 2020 10:45pm GMT

This week we've been shapening knives and revisting Morrowind. We round up new from the Ubuntu community and discuss our favourite picks from the tech news.

It's Season 13 Episode 35 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week's show:

• We discuss what we've been up to recently:
  • Alan as been sharpening his knives.
  • Mark has been installing OpenMW
• We discuss the community news:
  • Thunderbird are hiring!
  • Using Snaps to package old software
  • Ubuntu MATE 20.04.1 is available for the GPD WIN Max and Martin live streamed some GPD WIN Max game testing on Twitch.
  • Popular snaps per distro (2020 edition)
• We discuss the news:
  • Standing up for developers: youtube-dl is back
  • ARM based Macs are upon us
  • £100,000 for broadband
  • Guido van Rossum joins Microsoft
• Image credit: Kelly Sikkema
• We are running a crowd funder to cover our audio production costs on Patreon.
• You can listen to the Ubuntu Podcast back catalogue on YouTube.

That's all for this week! If there's a topic you'd like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Toot us or Comment on our Facebook page or comment on our sub-Reddit.

• Join us in the Ubuntu Podcast Telegram group.

19 Nov 2020 3:00pm GMT

Automatic and continuous testing is a fundamental part of today's development cycle. Given a Gitlab pipeline that runs for each commit, we should enforce not only all tests are passing, but also that a sufficient number of them are present.

Photo by Pankaj Patel on Unsplash

Aren't you convinced yet? Read 4 Benefits of CI/CD! If you don't have a proper Gitlab pipeline to lint your code, run your test, and manage all that other annoying small tasks, you should definitely create one! I've written an introductory guide to Gitlab CI, and many more are available on the documentation website.

While there isn't (unfortunately!) a magic wand to highlight if the code is covered by enough tests, and, in particular, if these tests are of a sufficient good quality, we can nonetheless find some valuable KPI we can act on. Today, we will check code coverage, what indicates, what does not, and how it can be helpful.

Code coverage

In computer science, test coverage is a measure used to describe the degree to which the source code of a program is executed when a particular test suite runs. A program with high test coverage, measured as a percentage, has had more of its source code executed during testing, which suggests it has a lower chance of containing undetected software bugs compared to a program with low test coverage.

Wikipedia

Basically, code coverage indicates how much of your code has been executed while your tests were running. Personally, I don't find a high code coverage a significant measure: if tests are fallacious, or they run only on the happy path, the code coverage percentage will be high, but the tests will not actually guarantee a high quality of the code.

On the other hand, a low code coverage is definitely worrisome, because it means some parts of the code aren't tested at all. Thus, code coverage has to be taken, as every other KPI based only exclusively on lines of code, with a grain of salt.

High code coverage doesn't guarantee a high quality test suite, but a low code coverage definitely highlights a problem in the testing process.

Code coverage and Gitlab

Gitlab allows collecting code coverage from test suites directly from pipelines. Major information on the setup can be found in the pipelines guide and in the Gitlab CI reference guide. Since there are lots of different test suites out there, I cannot include how to configure them here. However, if you need any help, feel free to reach out to me at the contacts reported below.

With Gitlab 13.5 there is also a Test Coverage Visualization tool, check it out! Gitlab will also report code coverage statistic for pipelines over time in nice graphs under Project Analytics > Repository. Data can also be exported as csv! We will use such data to check if, in the commit, the code coverage decreased comparing to the main branch.

This means that every new code written has to be tested at least as much as the rest of the code is tested. Of course, this strategy can be easily changed. The check is only one line of bash, and can be easily be replaced with a fixed number, or any other logic.

The Gitlab Pipeline Job

The job that checks the coverage runs in a stage after the testing stage. It uses alpine as base, and curl and jq to query the APIs and read the code coverage.

On self hosted instances, or on Gitlab.com Bronze or above, you should use a project access token to give access to the APIs. On Gitlab.com Free, use a personal access token. If the project is public, the API are accessible without any token. It needs three variables: the name of the job which generates the code coverage percentage (JOB_NAME), the target branch to compare the coverage with (TARGET_BRANCH), and a private token to read the APIs (PRIVATE_TOKEN). The job will not run when the pipeline is running on the target branch, since it would be comparing the code coverage with itself, wasting minutes of runners for nothing.

The last line is the one providing the logic to compare the coverages.

checkCoverage:
    image: alpine:latest
    stage: postTest
    variables:
        JOB_NAME: testCoverage
        TARGET_BRANCH: main
    before_script:
        - apk add --update --no-cache curl jq
    rules:
      - if: '$CI_COMMIT_BRANCH != $TARGET_BRANCH' 
    script:
        - TARGET_PIPELINE_ID=`curl -s "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/pipelines?ref=${TARGET_BRANCH}&status=success&private_token=${PRIVATE_TOKEN}" | jq ".[0].id"`
        - TARGET_COVERAGE=`curl -s "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/pipelines/${TARGET_PIPELINE_ID}/jobs?private_token=${PRIVATE_TOKEN}" | jq --arg JOB_NAME "$JOB_NAME" '.[] | select(.name==$JOB_NAME) | .coverage'`
        - CURRENT_COVERAGE=`curl -s "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/pipelines/${CI_PIPELINE_ID}/jobs?private_token=${PRIVATE_TOKEN}" | jq --arg JOB_NAME "$JOB_NAME" '.[] | select(.name==$JOB_NAME) | .coverage'`
        - if  [ "$CURRENT_COVERAGE" -lt "$TARGET_COVERAGE" ]; then echo "Coverage decreased from ${TARGET_COVERAGE} to ${CURRENT_COVERAGE}" && exit 1; fi;

This simple job works both on Gitlab.com and on private Gitlab instances, for it doesn't hard-code any URL.

Gitlab will now block merging merge requests without enough tests! Again, code coverage is not the magic bullet, and you shouldn't strive to have 100% of code coverage: better fewer tests, but with high quality, than more just for increasing the code coverage. In the end, a human is always the best reviewer. However, a small memo to write just one more test is, in my opinion, quite useful ;-)

Questions, comments, feedback, critics, suggestions on how to improve my English? Reach me on Twitter (@rpadovani93) or drop me an email at riccardo@rpadovani.com.

Ciao,
R.

18 Nov 2020 9:00am GMT

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In October, 221.50 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Abhijith PA did 16.0h (out of 14h assigned and 2h from September).
• Adrian Bunk did 7h (out of 20.75h assigned and 5.75h from September), thus carrying over 19.5h to November.
• Ben Hutchings did 11.5h (out of 6.25h assigned and 9.75h from September), thus carrying over 4.5h to November.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 20.75h (out of 20.75h assigned).
• Holger Levsen did 7.0h coordinating/managing the LTS team.
• Markus Koschany did 20.75h (out of 20.75h assigned).
• Mike Gabriel gave back the 8h he was assigned. See below
• Ola Lundqvist did 10.5h (out of 8h assigned and 2.5h from September).
• Roberto C. Sánchez did 13.5h (out of 20.75h assigned) and gave back 7.25h to the pool.
• Sylvain Beucler did 20.75h (out of 20.75h assigned).
• Thorsten Alteholz did 20.75h (out of 20.75h assigned).
• Utkarsh Gupta did 20.75h (out of 20.75h assigned).

Evolution of the situation

October was a regular LTS month with a LTS team meeting done via video chat thus there's no log to be shared. After more than five years of contributing to LTS (and ELTS), Mike Gabriel announced that he founded a new company called Frei(e) Software GmbH and thus would leave us to concentrate on this new endeavor. Best of luck with that, Mike! So, once again, this is a good moment to remind that we are constantly looking for new contributors. Please contact Holger if you are interested!

The security tracker currently lists 42 packages with a known CVE and the dla-needed.txt file has 39 packages needing an update.

Thanks to our sponsors

Sponsors that joined recently are in bold.

• Platinum sponsors:
• • TOSHIBA (for 62 months)
  • GitHub (for 52 months)
  • Civil Infrastructure Platform (CIP) (for 30 months)
• Gold sponsors:
• • Blablacar (for 77 months)
  • Roche Diagnostics International AG (for 73 months)
  • Linode (for 67 months)
  • Babiel GmbH (for 56 months)
  • Plat'Home (for 55 months)
  • University of Oxford (for 12 months)
• Silver sponsors:
• • The Positive Internet Company (for 78 months)
  • Domeneshop AS (for 77 months)
  • Nantes Métropole (for 71 months)
  • Univention GmbH (for 63 months)
  • Université Jean Monnet de St Etienne (for 63 months)
  • Ribbon Communications, Inc. (for 57 months)
  • Exonet B.V. (for 46 months)
  • Leibniz Rechenzentrum (for 40 months)
  • CINECA (for 30 months)
  • Ministère de l'Europe et des Affaires Étrangères (for 24 months)
  • Cloudways Ltd (for 13 months)
  • Dinahosting SL (for 11 months)
  • Platform.sh (for 6 months)
  • Bauer Xcel Media Deutschland KG (for 5 months)
• Bronze sponsors:
• • Seznam.cz, a.s. (for 78 months)
  • Evolix (for 77 months)
  • Linuxhotel GmbH (for 75 months)
  • Intevation GmbH (for 74 months)
  • Daevel SARL (for 73 months)
  • Bitfolk LTD (for 72 months)
  • Megaspace Internet Services GmbH (for 72 months)
  • Greenbone Networks GmbH (for 71 months)
  • NUMLOG (for 71 months)
  • WinGo AG (for 70 months)
  • Ecole Centrale de Nantes - LHEEA (for 66 months)
  • Entr'ouvert (for 62 months)
  • Adfinis AG (for 59 months)
  • Tesorion (for 54 months)
  • GNI MEDIA (for 53 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 53 months)
  • Bearstech (for 45 months)
  • LiHAS (for 45 months)
  • People Doc (for 41 months)
  • Catalyst IT Ltd (for 39 months)
  • Supagro (for 35 months)
  • Demarcq SAS (for 33 months)
  • Université Grenoble Alpes (for 19 months)
  • TouchWeb SAS (for 11 months)
  • SPiN AG (for 8 months)
  • CoreFiling (for 4 months)

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

17 Nov 2020 9:06am GMT

Welcome to the Ubuntu Weekly Newsletter, Issue 657 for the week of November 8 - 14, 2020. The full version of this issue is available here.

In this issue we cover:

• Ubuntu Stats
• Hot in Support
• LoCo Events
• Please test autoinstalls for 20.04!
• Canonical News
• In the Blogosphere
• Featured Audio and Video
• Meeting Reports
• Upcoming Meetings and Events
• Updates and Security for 16.04, 18.04, 20.04, and 20.10
• And much more!

The Ubuntu Weekly Newsletter is brought to you by:

• Krytarik Raido
• Bashing-om
• Chris Guiver
• Wild Man
• And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

17 Nov 2020 12:49am GMT

2020 has been a fascinating year, and an exciting one for Kubuntu. There seems to be a change in the market, driven by the growth in momentum of cloud native computing.

As markets shift towards creative intelligence, more users are finding themselves hampered by the daily Windows or MacOS desktop experience. Cloud native means Linux, and to interoperate seamlessly in the cloud space you need Linux.

Kubuntu Focus Linux Laptop

Here at Kubuntu we were approached in late 2019 by Mindshare Management Ltd. MSM wanting to work with us to bring a cloud native Kubuntu Linux laptop to the market, directly aimed at competing with the MacBook Pro. As 2020 has progressed the company has continued to grow and develop the market, releasing their second model the Kubuntu Focus M2 in October. Their machines are not just being bought by hobby and tech enthusiasts, the Kubuntu Focus team have sold several high spec machines to NASA via their Jet Propulsion Laboratory.

Lenovo launches Linux range

Lenovo also has a vision for Linux on the Desktop, and as an enterprise class vendor they know where the market is heading. The Lenovo Press Release of 20th September announced 13 machines with Ubuntu Linux installed by default.

"These include 13 ThinkStation and ThinkPad P Series Workstations and an additional 14 ThinkPad T, X, X1 and L series laptops, all with the 20.04 LTS version of Ubuntu, with the exception of the L series which will have version 18.04."

When it comes to desktops, at Kubuntu, we believe the KDE desktop experience is unbeatable. In October KDE announced the release of Plasma-Desktop 5.20 as "New and improved inside and out". Shortly after the release, the Kubuntu team set to work on building out Kubuntu with this new version of the KDE Plasma desktop.

KDE Plasma Desktop on Linux

Our open build process means that you can easily get your hands on the current developer build of Kubuntu Linux 'Hirsute Hippo' from our Nightly Builds Repo.

It's been an exciting year, and 2021 looks even more promising, as we fully anticipate more vendors to bring machines to the market with Linux on the Desktop.

Even more inspiring is the fact that Kubuntu Linux is built by enthusiastic volunteers who devote their time, energy and effort. Those volunteers are just like you, they contribute what they can, when they can, and the results are awesome!

About the Author:

Rick Timmis is a Kubuntu Councillor, and advocate. Rick has been a user and open contributor to Kubuntu for over 10 years, and a KDE user and contributor for 20

15 Nov 2020 4:05pm GMT

I was lucky to support GitOps Days 2020 EMEA last week. The community of GitOps practitioniers came together again for round two and we saw lots of very engaged discussion and new ideas. It was a great pleasure to play at the event and bring some playfulness and silliness to the breaks in between. As last time I found it a bit hard to read the crowd (you can't see anyone), so I tried to pick from a variety of styles of danceable music.

14 Nov 2020 6:15am GMT

For those who don't follow KDE's instagram feed, get with the programme chicos!

Here's some pics from the Linux App Summit 2020 you'll find there

Conference opening by Aleix

Rohan has he first talk about graphics on Linux. Rohan is an elite Linux graphics dev.

This is a reel. I'm not sure what a reel is but it's a moving image on the Instagram.

Greg K-H had a keynote where he said KDE does it right, keeping libraries stable is hard (KF5 now 6 years in). Evolve you App.

Alexis (not to be confused with Aleix) talking about AppImage Builder, which magically works out how to make an AppImage package from your running app.

MyGNUHealth is a useful system for health records with an app using Kirigami.

There's also talks on Saturday. You can watch the live stream on Youtube. Or register and join in directly.

Just now we are enjoying a tour of Amalfi, a comune in the province of Salerno, in the region of Campania, Italy, We are learning about the Lemons of Salerno and because it's 2020 making limonchello.

13 Nov 2020 9:16pm GMT

LXD gives you system containers and virtual machines, usable from the same user interface. You would rather use system containers as they are more lightweight than VMs.

Previously we have seen how to use the Kali LXD containers (includes how to use a USB network adapter). There is documentation on using graphics applications (X11) in the Kali LXD containers at the Kali website. In this post we see again how to use graphics applications (X11) in the Kali LXD containers. The aim is to simplify and make the instructions more robust.

The following assume that you have configured LXD on your system.

Overview of the Kali LXD containers

Let's have a look at the available Kali images. Currently, there are only container images (no VM images), for the x86_64, armel, arm64, armhf and i386 architectures. They all follow Kali current which is very fresh. There are plain and cloud images. The latter support cloud-init and are more user-friendly. The cloud images create a non-root account for us (username is debian)

$ lxc image list images:kali
+---------------------------+-------------------------------------+
|           ALIAS           |             DESCRIPTION             |
+---------------------------+-------------------------------------+
| kali (5 more)             | Kali current amd64 (20201112_17:14) |
+---------------------------+-------------------------------------+
| kali/arm64 (2 more)       | Kali current arm64 (20201112_17:14) |
+---------------------------+-------------------------------------+
| kali/armel (2 more)       | Kali current armel (20201112_17:14) |
+---------------------------+-------------------------------------+
| kali/armhf (2 more)       | Kali current armhf (20201112_17:14) |
+---------------------------+-------------------------------------+
| kali/cloud (3 more)       | Kali current amd64 (20201112_17:14) |
+---------------------------+-------------------------------------+
| kali/cloud/arm64 (1 more) | Kali current arm64 (20201112_17:14) |
+---------------------------+-------------------------------------+
| kali/cloud/armel (1 more) | Kali current armel (20201112_17:14) |
+---------------------------+-------------------------------------+
| kali/cloud/armhf (1 more) | Kali current armhf (20201112_17:14) |
+---------------------------+-------------------------------------+
| kali/cloud/i386 (1 more)  | Kali current i386 (20201112_17:14)  |
+---------------------------+-------------------------------------+
| kali/i386 (2 more)        | Kali current i386 (20201112_17:14)  |
+---------------------------+-------------------------------------+
$ 

From the above list, you would install either kali or kali/cloud. Since these are container images, your LXD will automatically consider your host's architecture and install the appropriate one. In our case, we are interested in the cloud variant because we want to configure the container while it gets started so that it gets X11 support in an easy way.

LXD profile for Kali containers, X11/graphics support

We are using the following LXD profile to add X11 (graphics) support for applications running in the Kali containers. Download the file and save as x11kali.txt. Then, import the profile into your LXD installation.

$ wget https://blog.simos.info/wp-content/uploads/2020/11/x11kali.txt
$ lxc profile create x11kali
$ cat x11kali.txt | lxc profile edit x11kali
$ lxc profile show x11kali

Launching a Kali container with X11 support

We have the LXD profile and we are ready to launch a Kali container with X11 support. We select the Kali container image with cloud-init support. We name the container xkali. We apply first the default profile, then the x11kali profile. Then, we run the cloud-init status --wait command in the container so that it shows the progress until the container is fully ready to be used. It should take a bit because it is updating the package list and installs a few X11 support packages.

$ lxc launch images:kali/cloud xkali --profile default --profile x11kali
Creating xkali
Starting xkali
$ lxc exec xkali -- cloud-init status --wait
..................................................................................................................................................................................
status: done
$ 

Here is the container.

$ lxc list xkali
+-------+---------+--------------------+-----------+
| NAME  |  STATE  |        IPV4        |   TYPE    |
+-------+---------+--------------------+-----------+
| xkali | RUNNING | 10.10.10.65 (eth0) | CONTAINER |
+-------+---------+--------------------+-----------+
$ 

Using the Kali LXD container with X11 support

There are several ways to get a shell into a container. We are using a particular one here, and create a LXD alias for it. Use the following commands that create a kalishell alias to give you a shell (non-root) to the Kali container.

$ lxc alias add kalishell 'exec @ARGS@ --user 1000 --group 1000 --env HOME=/home/debian -- /bin/bash --login'
$ lxc alias list
+-----------+------------+
| ALIAS     | TARGET     |
+-----------+------------+
| kalishell | exec @ARGS@ --user 1000 --group 1000 --env HOME=/home/debian -- /bin/bash --login |
+-----------+------------+

We get a shell into the Kali container and run a few commands to test X11 applications, OpenGL applications and finally play audio. Note that you can also run CUDA applications (not shown below).

$ lxc kalishell xkali
debian@xkali:~$ xclock
^C
debian@xkali:~$ glxgears 
Running synchronized to the vertical refresh.  The framerate should be
approximately the same as the monitor refresh rate.
^C
debian@xkali:~$ sudo apt install -y wget
...
debian@xkali:~$ wget https://upload.wikimedia.org/wikipedia/commons/1/1d/Demo_chorus.ogg
debian@xkali:~$ paplay Demo_chorus.ogg
^C
debian@xkali:~$

You can now install all sort of packages. Note that to get the whole lot of Kali packages, you can install the kali-linux-default metapackage. If you are only interested in a specific package, you can install just that one instead.

debian@xkali:~$ sudo apt install -y kali-linux-default
...

Conclusion

You managed to get a Kali LXD container work with X11 applications, so that they will appear on the host. As if you are running Kali on the host but you have properly separated the filesystem and the networking from the host. Still, in the situation described in this post, the X server is that of the host. There is no separation here, and you should not use this setup if you are dealing with malicious code samples, or malicious hosts. You would need a separate X server for a proper separation between the container and the host.

In this post we did not mention any networking configuration, and we have been using the default private bridge that LXD provides to us. Depending on your requirements, you would use something else. Such as setting up a USB network adapter to be used exclusively by the Kali container, or using a bridge, macvlan, ipvlan or routed networking.

Simos Xenitellis

blog.simos.info/

13 Nov 2020 8:02pm GMT