You are here

Agreguesi i feed

new old thing

Planet Debian - Hën, 04/12/2017 - 9:50md

This branch came from a cedar tree overhanging my driveway.

It was fun to bust this open and shape it with hammer and chisels. My dad once recommended learning to chisel before learning any power tools for wood working.. so I suppose this is a start.

Some tung oil and drilling later, and I'm very pleased to have a nice place to hang my cast iron.

Joey Hess http://joeyh.name/blog/ see shy jo

Sebastian Heinlein: Aptdaemon

Planet Ubuntu - Hën, 04/12/2017 - 9:01md
I am glad to announce aptdaemon: It is a DBus controlled and PolicyKit using package management...

20171204-qubes-mirage-firewall

Planet Debian - Hën, 04/12/2017 - 3:37md
On using QubesOS MirageOS firewall

So I'm lucky to attend the 4th MirageOS hack retreat in Marrakesh this week, where I learned to build and use qubes-mirage-firewall, which is a MirageOS based (system) firewall for Qubes OS. The main visible effect is that this unikernel only needs 32 megabytes of memory, while a Debian (or Fedora) based firewall systems needs half a gigabyte. It's also said to be more secure, but I have not verified that myself

In the spirit of avoiding overhead I decided not to build with docker as the qubes-mirage-firewall's README.md suggests, but rather use a base Debian stretch system. Here's how to build natively:

sudo apt install git ocaml-native-compilers camlp4-extra opam aspcud curl debianutils m4 ncurses-dev perl pkg-config time git clone https://github.com/talex5/qubes-mirage-firewall cd qubes-mirage-firewall/ opam init # the next line is super useful if there is bad internet connectivity but you happen to have access to a local mirror # opam repo add local http://10.0.0.2:8080 opam switch 4.04.2 eval `opam config env` ## in there: opam install -y vchan xen-gnt mirage-xen-ocaml mirage-xen-minios io-page mirage-xen mirage mirage-nat mirage-qubes netchannel mirage configure -t xen make depend make tar

Then follow the instructions in the README.md and switch some AppVMs to it, and then make it the default and shutdown the old firewall, if you are happy with the results, which currently I'm not sure I am because it doesn't allow updating template VMs...

Update: qubes-mirage-firewall allows this. Just the crashed qubes-updates-proxy service in sys-net prevented it, but that's another bug elsewhere.

I also learned that it builds reproducibly given the same build path and ignoring the issue of timestamps in the generated tarball, IOW, the unikernel (and the 3 other files) inside the tarball is reproducible. And I still need to compare a docker build with a build done the above way & and I really don't like having to edit the firewalls rules.ml file and then rebuilding it. More on this in another post later, hopefully.

Oh, I didn't mention it and won't say more here, but this hack retreat and it's organisation is marvellous! Many thanks to everyone here!

Holger Levsen http://layer-acht.org/thinking/ Any sufficiently advanced thinking is indistinguishable from madness

Raphaël Hertzog: My Free Software Activities in November 2017

Planet Ubuntu - Dje, 03/12/2017 - 6:52md

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donors (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I was allocated 12h but I only spent 10h. During this time, I managed the LTS frontdesk during one week, reviewing new security issues and classifying the associated CVE (16 commits to the security tracker).

I prepared and released DLA-1171-1 on libxml-libxml-perl.

I prepared a new update for simplesamlphp (1.9.2-1+deb7u1) fixing 6 CVE. I did not release any DLA yet since I was not able to test the updated package yet. I’m hoping that the the current maintainer can do it since he wanted to work on the update a few months ago.

Distro Tracker

Distro Tracker has seen a high level of activity in the last month. Ville Skyttä continued to contribute a few patches, he helped notably to get rid of the last blocker for a switch to Python 3.

I then worked with DSA to get the production instance (tracker.debian.org) upgraded to stretch with Python 3.5 and Django 1.11. This resulted in a few regressions related to the Python 3 switch (despite the large number of unit tests) that I had to fix.

In parallel Pierre-Elliott Bécue showed up on the debian-qa mailing list and he started to contribute. I have been exchanging with him almost daily on IRC to help him improve his patches. He has been very responsive and I’m looking forward to continue to cooperate with him. His first patch enabled the use “src:” and “bin:” prefix in the search feature to specify if we want to lookup among source packages or binary packages.

I did some cleanup/refactoring work after the switch of the codebase to Python 3 only.

Misc Debian work

Sponsorship. I sponsored many new packages: python-envparse 0.2.0-1, python-exotel 0.1.5-1, python-aws-requests-auth 0.4.1-1, pystaticconfiguration 0.10.3-1, python-jira 1.0.10-1, python-twilio 6.8.2-1, python-stomp 4.1.19-1. All those are dependencies for elastalert 0.1.21-1 that I also sponsored.

I sponsored updates for vboot-utils 0~R63-10032.B-2 (new upstream release for openssl 1.1 compat), aircrack-ng 1:1.2-0~rc4-4 (introducing airgraph-ng package) and asciidoc 8.6.10-2 (last upstream release, tool is deprecated).

Debian Installer. I submitted a few patches a while ago to support finding ISO images in LVM logical volumes in the hd-media installation method. Colin Watson reviewed them and made a few suggestions and expressed a few concerns. I improved my patches to take into account his suggestions and I resolved all the problems he pointed out. I then committed everything to the respective git repositories (for details review #868848, #868859, #868900, #868852).

Live Build. I merged 3 patches for live-build (#879169, #881941, #878430).

Misc. I uploaded Django 1.11.7 to stretch-backports. I filed an upstream bug on zim for #881464.

Thanks

See you next month for a new summary of my activities.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

My Free Software Activities in November 2017

Planet Debian - Dje, 03/12/2017 - 6:52md

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donors (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I was allocated 12h but I only spent 10h. During this time, I managed the LTS frontdesk during one week, reviewing new security issues and classifying the associated CVE (16 commits to the security tracker).

I prepared and released DLA-1171-1 on libxml-libxml-perl.

I prepared a new update for simplesamlphp (1.9.2-1+deb7u1) fixing 6 CVE. I did not release any DLA yet since I was not able to test the updated package yet. I’m hoping that the the current maintainer can do it since he wanted to work on the update a few months ago.

Distro Tracker

Distro Tracker has seen a high level of activity in the last month. Ville Skyttä continued to contribute a few patches, he helped notably to get rid of the last blocker for a switch to Python 3.

I then worked with DSA to get the production instance (tracker.debian.org) upgraded to stretch with Python 3.5 and Django 1.11. This resulted in a few regressions related to the Python 3 switch (despite the large number of unit tests) that I had to fix.

In parallel Pierre-Elliott Bécue showed up on the debian-qa mailing list and he started to contribute. I have been exchanging with him almost daily on IRC to help him improve his patches. He has been very responsive and I’m looking forward to continue to cooperate with him. His first patch enabled the use “src:” and “bin:” prefix in the search feature to specify if we want to lookup among source packages or binary packages.

I did some cleanup/refactoring work after the switch of the codebase to Python 3 only.

Misc Debian work

Sponsorship. I sponsored many new packages: python-envparse 0.2.0-1, python-exotel 0.1.5-1, python-aws-requests-auth 0.4.1-1, pystaticconfiguration 0.10.3-1, python-jira 1.0.10-1, python-twilio 6.8.2-1, python-stomp 4.1.19-1. All those are dependencies for elastalert 0.1.21-1 that I also sponsored.

I sponsored updates for vboot-utils 0~R63-10032.B-2 (new upstream release for openssl 1.1 compat), aircrack-ng 1:1.2-0~rc4-4 (introducing airgraph-ng package) and asciidoc 8.6.10-2 (last upstream release, tool is deprecated).

Debian Installer. I submitted a few patches a while ago to support finding ISO images in LVM logical volumes in the hd-media installation method. Colin Watson reviewed them and made a few suggestions and expressed a few concerns. I improved my patches to take into account his suggestions and I resolved all the problems he pointed out. I then committed everything to the respective git repositories (for details review #868848, #868859, #868900, #868852).

Live Build. I merged 3 patches for live-build (#879169, #881941, #878430).

Misc. I uploaded Django 1.11.7 to stretch-backports. I filed an upstream bug on zim for #881464.

Thanks

See you next month for a new summary of my activities.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Raphaël Hertzog https://raphaelhertzog.com apt-get install debian-wizard

Clive Johnston: Bye bye LastPass, hello bitwarden

Planet Ubuntu - Dje, 03/12/2017 - 5:42md

I have been a loyal customer for a password manager called LastPass for a number of years now.  It all started when I decided to treat myself to an early Christmas present by purchasing the “Premium” version back in 2013, in order to take advantage of the extra features such as the mobile app.

Now, don’t get me wrong, I do think $12 is very good value for money and I was very happy with LastPass, but I must say this article really, really got my back up.  (Apparently I’m an “entitled user”).  Not only that but the fact that not one, but three of the Google ads on the page are for LastPass (now there’s a spooky coincidence!)

I do agree with a lot of other users that to double the price for absolutely no benefits is an extremely bitter pill to swallow, especially as there are a number of issues I been having regarding the security of the mobile app.  But anyways, I calmed down and the topic went out of my head until I received an email reminding me that they would automatically charge my credit card with the new $24 price.  Then, about a week later, as I watched a YouTube video by TuxDigital, he mentioned another password manager called bitwarden

So a big thank you to Michael for bringing this to my attention. Not only does it have way more features than LastPass, but it is also open source (code on GitHub), self host-able and the “Premium” version is only $10. My issues with the LastPass mobile app are gone in bitwarden and replaced with the option to lock the app with your fingerprint or a pin code, which is a nice happy medium of having to log out of LastPass and then re-enter your entire master code to regain access!

Also another feature I *beeping* love (excuse my French), is the app and vault allows you to store a “Google Authenticator” key in the vault and then automatically generates a One Time Password (OTP) on the fly and copies it to the device clipboard.  This allows it to be easily copied in when auto-filling the username and password, great for those who use this feature on their blogs.

On the demise of Linux Journal

Planet Debian - Dje, 03/12/2017 - 3:54pd

Lwn, Slashdot, and many others have marked the recent announcement of Linux Journal's demise. I'll take this opportunity to share some of my thoughts, and to thank the publication and its many contributors for their work over the years.

I think it's probably hard for younger people to imagine what the Linux world was like 20 years ago. Today, it's really not an exaggeration to say that the Internet as we know it wouldn't exist at all without Linux. Almost every major Internet company you can think of runs almost completely on Linux. Amazon, Google, Facebook, Twitter, etc, etc. All Linux. In 1997, though, the idea of running a production workload on Linux was pretty far out there.

I was in college in the late 90's, and worked for a time at a small Cambridge, Massachusetts software company. The company wrote a pretty fancy (and expensive!) GUI builder targeting big expensive commercial UNIX platforms like Solaris, HP/UX, SGI IRIX, and others. At one point a customer inquired about the availability of our software on Linux, and I, as an enthusiastic young student, got really excited about the idea. The company really had no plans to support Linux, though. I'll never forget the look of disbelief on a company exec's face as he asked "$3000 on a Linux system?"

Throughout this period, on my lunch breaks from work, I'd swing by the now defunct Quantum Books. One of the monthly treats was a new issue of Linux Journal on the periodicals shelf. In these issues, I learned that more forward thinking companies actually were using Linux to do real work. An article entitled "Linux Sinks the Titanic" described how Hollywood deployed hundreds(!) of Linux systems running custom software to generate the special effects for the 1997 movie Titanic. Other articles documented how Linux was making inroads at NASA and in the broader scientific community. Even the ads were interesting, as they showed increasing commercial interest in Linux, both on the hardware (HyperMicro, VA Research, Linux Hardware Solutions, etc) and software (CDE, Xi Graphics) fronts.

The software world is very different now than it was in 1997. The media world is different, too. Not only is Linux well established, it's pretty much the dominant OS on the planet. When Linux Journal reported in the late 90's that Linux was being used for some new project, that was news. When they documented how to set up a Linux system to control some new piece of hardware or run some network service, you could bet that they filled a gap that nobody else was working on. Today, it's no longer news that a successful company is using Linux in production. Nor is it surprising that you can run Linux on a small embedded system; in fact it's quite likely that the system shipped with Linux pre-installed. On the media side, it used to be valuable to have everything bundled in a glossy, professionally produced archive published on a regular basis. Today, at least in the Linux/free software sphere, that's less important. Individual publication is easy on the Internet today, and search engines are very good at ensuring that the best content is the most discoverable content. The whole Internet is basically one giant continuously published magazine.

It's been a long time since I paid attention to Linux Journal, so from a practical point of view I can't honestly say that I'll miss it. I appreciate the role it played in my growth, but there are so many options for young people today entering the Linux/free software communities that it appears that the role is no longer needed. Still, the termination of this magazine is a permanent thing, and I can't help but worry that there's somebody out there who might thrive in the free software community if only they had the right door open before them.

Noah Meyerhans http://noah.meyerhans.us/ Category: debian | Noah Meyerhans

There’s cloud, and it can even be YOURS on YOUR computer

Planet Debian - Sht, 02/12/2017 - 11:09md

Each time I see the FSFE picture, just like on Daniel’s last post to planet.d.o, where it says:

“There is NO CLOUD, just other people’s computers”

it makes me so frustrated. There’s such a thing as private cloud, setup on your own set of servers. I’ve been working on delivering OpenStack to Debian for the last 6 years and a half, motivated exactly to fix this issue: I refuse that the only cloud people could use would be a closed source solution like GCE, AWS or Azure. The FSFE (and the FSF) completely dismissing this work is more than annoying: it is counter productive. Not only the FSFE shouldn’t pull anyone away from the cloud, but it should push for the public to choose cloud providers using free software like OpenStack.

The openstack.org market place lists 23 public cloud providers using OpenStack, so there is now no excuse to use any other type of cloud: for sure, there’s one where you need it. If you use a free software solution like OpenStack, then the question if you’re running on your own hardware, on some rented hardware (on which you deployed OpenStack yourself), or on someone else’s OpenStack deployment is just a practical one, on which you can always back-up quickly. That’s one of the very reason why one should deploy on the cloud: so that it’s possible to redeploy quickly on another cloud provider, or even on your own private cloud. This gives you more freedom than you ever had, because it makes you not dependent anymore on the hosting company you’ve selected: switching provider is just the mater of launching a script. The reality is that neither the FSFE or RMS understand all of this. Please don’t dive into the FSFE very wrong message.

Goirand Thomas http://thomas.goirand.fr/blog Zigo's blog

BlogSpam.net repository cleanup, and email-changes.

Planet Debian - Sht, 02/12/2017 - 11:00md

I've shuffled around all the repositories which are associated with the blogspam service, such that they're all in the same place and refer to each other correctly:

Otherwise I've done a bit of tidying up on virtual machines, and I'm just about to drop the use of qpsmtpd for handling my email. I've used the (perl-based) qpsmtpd project for many years, and documented how my system works in a "book":

I'll be switching to pure exim4-based setup later today, and we'll see what that does. So far today I've received over five thousand spam emails:

steve@ssh /spam/today $ find . -type f | wc -l 5731

Looking more closely though over half of these rejections are "dictionary attacks", so they're not SPAM I'd see if I dropped the qpsmtpd-layer. Here's a sample log entry (for a mail that was both rejected at SMTP-time by qpsmtpd and archived to disc in case of error):

{"from":"<clzzgiadqb@ics.uci.edu>", "helo":"adrian-monk-v3.ics.uci.edu", "reason":"Mail for juha not accepted at steve.fi", "filename":"1512284907.P26574M119173Q0.ssh.steve.org.uk.steve.fi", "subject":"Viagra Professional. Beyond compare. Buy at our shop.", "ip":"2a00:6d40:60:814e::1", "message-id":"<p65NxDXNOo1b.cdD3s73osVDDQ@ics.uci.edu>", "recipient":"juha@steve.fi", "host":"Unknown"}

I suspect that with procmail piping to crm114, and a beefed up spam-checking configuration for exim4 I'll not see a significant difference and I'll have removed something non-standard. For what it is worth over 75% of the remaining junk which was rejected at SMTP-time has been rejected via DNS-blacklists. So again exim4 will take care of that for me.

If it turns out that I'm getting inundated with junk-mail I'll revert this, but I suspect that it'll all be fine.

Steve Kemp https://blog.steve.fi/ Steve Kemp's Blog

My Debian Activities in November 2017

Planet Debian - Sht, 02/12/2017 - 5:55md

FTP master

As you might have read elsewhere, I am no longer an FTP assistant. I am very delighted about my new delegation as FTP master.

So this month I almost doubled the number of accepted packages to 385 packages and rejected 60 uploads. The overall number of packages that got accepted this month was 448.

Debian LTS

This was my forty first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 13h. During that time I did LTS uploads of:

  • [DLA 1188-1] libxml2 security update one CVE
  • [DLA 1191-1] python-werkzeug security update one CVE
  • [DLA 1192-1] libofx security update two CVEs
  • [DLA 1195-1] curl security update one CVE
  • [DLA 1194-1] libxml2 security update two CVEs

I also took care of an rsync issue and continued to work on wireshark.

Other stuff

During November I uploaded new upstream versions of …

I also did uploads of …

  • openoverlayrouter to change the source package Section: and fix some problems in Ubuntu
  • duktape to not only provide a shared library but also a pkg-config file
  • astronomical-almanac to make Helmut happy and fix a FTCBFS where he also provided the patch

Last month I wrote about apcupsd as the DOPOM of October. Unfortunately in November was the next power outage due to some malfunction in a transformer station. I never would have guessed that such a malfunction can do so much harm within the power grid. Anyway, the power was back after 31 minutes and my batteries would have lasted 34 minutes before turning off all computer. At least my spec was correct :-).

The DOPOM for this month has been dateutils.

As it is again this time of the year, I would also like to draw some attention to the Debian Med Advent Calendar. Like the past years, the Debian Med team starts a bug squashing event from the December 1st to 24th. Every bug that is closed will be registered in the calendar. So instead of taking something from the calendar, this special one will be filled and at Christmas hopefully every Debian Med related bug is closed. Don’t hestitate, start to squash :-).

Last but not least I sponsored the upload of evqueue-core.

alteholz http://blog.alteholz.eu blog.alteholz.eu » planetdebian

dbus, rsyslogd, systemd: Which one is the culprit?

Planet Debian - Sht, 02/12/2017 - 4:03md
I have been facing this issue since a few weeks on testing. For many weeks, it prevented upgrading dbus to the latest version that trickled to Testing. Having manually force-installed dbus via the Recovery Mode's shell, I then ran into this issue:


This is a nasty one, since it also prevents performing a clean poweroff. That systemd-journald line about getting a timeout while attempting to connect to the Watchdog keeps on showing ad infinitum.

What am I missing? Martin-Éric noreply@blogger.com Funkyware: ITCetera

Simos Xenitellis: How to set the timezone in LXD containers

Planet Ubuntu - Sht, 02/12/2017 - 1:06md

See https://blog.simos.info/trying-out-lxd-containers-on-our-ubuntu/ on how to set up and test LXD on Ubuntu (or another Linux distribution).

In this post we see how to set up the timezone in a newly created container.

The problem

The default timezone for a newly created container is Etc/UTC, which is what we used to call Greenwich Mean Time.

Let’s observe.

$ lxc launch ubuntu:16.04 mycontainer Creating mycontainer Starting mycontainer $ lxc exec mycontainer -- date Sat Dec 2 11:40:57 UTC 2017 $ lxc exec mycontainer -- cat /etc/timezone Etc/UTC

That is, the observed time in a container follows a timezone that is different from the vast majority our computer settings. When we connect with a shell inside the container, the time and date is not the same with that of our computer.

The time is recorded correctly inside the container, it is just the way it is presented, that is off by a few hours.

Depending on our use of the container, this might or might not be an issue to pursue.

The workaround

We can set the environment variable TZ (for timezone) of each container to our preferred timezone setting.

$ lxc exec mycontainer -- date Sat Dec 2 11:50:37 UTC 2017 $ lxc config set mycontainer environment.TZ Europe/London $ lxc exec mycontainer -- date Sat Dec 2 11:50:50 GMT 2017

That is, we use the lxc config set action to set, for mycontainer,  the environment variable TZ to the proper timezone (here, Europe/London). UTC time and Europe/London time happen to be the same during the winter.

How do we unset the container timezone and return back to Etc/UTC?

$ lxc config unset mycontainer environment.TZ

Here we used the lxc config unset action to unset the environment variable TZ.

The solution

LXD supports profiles and you can edit the default profile in order to get the timezone setting automatically applied to any containers that follow this profile. Let’s get a list of the profiles.

$ lxc profile list +---------+---------+ | NAME | USED BY | +---------+---------+ | default | 7 | +---------+---------+

Only one profile, called default. It is used by 7 containers already on this LXD installation.

We set the environment variable TZ in the profile with the following,

$ lxc exec mycontainer -- date Sat Dec 2 12:02:37 UTC 2017 $ lxc profile set default environment.TZ Europe/London $ lxc exec mycontainer -- date Sat Dec 2 12:02:43 GMT 2017

How do we unset the profile timezone and get back to Etc/UTC?

lxc profile unset default environment.TZ

Here we used the lxc profile unset action to unset the environment variable TZ.

 

Simos Xenitellishttps://blog.simos.info/

Daniel Pocock: Hacking with posters and stickers

Planet Ubuntu - Pre, 01/12/2017 - 9:27md

The FIXME.ch hackerspace in Lausanne, Switzerland has started this weekend's VR Hackathon with a somewhat low-tech 2D hack: using the FSFE's Public Money Public Code stickers in lieu of sticky tape to place the NO CLOUD poster behind the bar.

Get your free stickers and posters

FSFE can send you these posters and stickers too.

Hacking with posters and stickers

Planet Debian - Pre, 01/12/2017 - 9:27md

The FIXME.ch hackerspace in Lausanne, Switzerland has started this weekend's VR Hackathon with a somewhat low-tech 2D hack: using the FSFE's Public Money Public Code stickers in lieu of sticky tape to place the NO CLOUD poster behind the bar.

Get your free stickers and posters

FSFE can send you these posters and stickers too.

Daniel.Pocock https://danielpocock.com/tags/debian DanielPocock.com - debian

Debian LTS work, November 2017

Planet Debian - Pre, 01/12/2017 - 6:54md

I was assigned 13 hours of work by Freexian's Debian LTS initiative and carried over 4 hours from September. I worked all 17 hours.

I prepared and released two updates on the Linux 3.2 longterm stable branch (3.2.95, 3.2.96), but I didn't upload an update to Debian. However, I have rebased the Debian package on 3.2.96 and expect to make a new upload soon.

Ben Hutchings https://www.decadent.org.uk/ben/blog Better living through software

Mini-DebConf Cambridge 2017

Planet Debian - Pre, 01/12/2017 - 6:51md

Last week I attended Cambridge's annual mini-DebConf. It's slightly strange to visit a place one has lived in for a long time but which is no longer home. I joined Nattie in the 'video team house' which was rented for the whole week; I only went for four days.

I travelled down on Wednesday night, and spent a long time (rather longer than planned) on trains and in waiting rooms. I used this time to catch up on discussions about signing infrastructure for Secure Boot, explaining my concerns with the most recent proposal and proposing some changes that might alleviate those. Sorry to everyone who was waiting for that; I should have replied earlier.

On the Thursday and Friday I prepared for my talk, and had some conversations with Steve McIntyre and others about SB signing infrastructure. Nattie and Andy respectively organised group dinners at the Polish club on Thursday and a curry house on Friday, both of which I enjoyed.

The mini-DebConf proper took place on the Saturday and Sunday, and I presented my now annual talk on "What's new in the Linux kernel". As usual, the video team did a fine job of recording and publishing video of the talks.

Ben Hutchings https://www.decadent.org.uk/ben/blog Better living through software

I was trying to get selenium up and running.

Planet Debian - Pre, 01/12/2017 - 6:20md
I was trying to get selenium up and running. I wanted to try chrome headless and one that seemed to be usable seemed to be selenium but that didn't just work out of the box on Debian apt-get installed binary. hmm.

Junichi Uekawa http://www.netfort.gr.jp/~dancer/diary/201712.html.en Dancer's daily hackings

Kubuntu General News: Kubuntu Kafe Live approaching

Planet Ubuntu - Mër, 29/11/2017 - 9:32md

This Saturday ( December 2nd ) the second Kubuntu Kafe Live, our online video cafe will be taking place from 21:00 UTC.
Join the Kubuntu development community, and guests as our intrepid hosts.

  • Aaron Honeycut
  • Ovidiu-Florin Bogdan
  • Rick Timmis

Discuss a cornucopia of topics in this free format, magazine style show.

This show includes Technical Design and Planning for a Kubuntu CI Rebuild, a Live Testing workshop in the Kubuntu Dojo, Kubuntu product development and more.

We will be attempting to run a live stream into our YouTube Channel although we encourage you to come and join us in our Big Blue Button conference server, use your name and welcome to join room 1 and come and interact with us and be part of the show.

See you there

Chris Glass: Serving a static blog from a Snap

Planet Ubuntu - Mër, 29/11/2017 - 10:31pd

Out of curiosity, I decided to try and package this blog as a snap package, and it turns out to be an extremely easy and convenient way to deploy a static blog!

Why?

There are several advantages that the snappy packaging format bring to the table as far as applications developers are concerned (which I am, my application in this case being my blog).

Snapcraft makes it very easy to package things, there's per-application jails preventing/sandboxing your applications/services that basically comes for free, and it also comes with a distribution mechanism that takes care of auto-upgrading your snap on any platform.

Sweet!

How?

Since this blog is generated using the excellent "pelican" static blog generator from a bunch of markdown articles and a theme, there's not a lot of things to package in the first place :)

A webserver for the container age

A static blog obviously needs to be served by a webserver.

Packaging a "full" traditional webserver like apache2 (what I used before) or nginx is a little outside the scope of what I would have liked to do with my spare time, so I looked around for another way to serve it.

Requirements:

  • A static files webserver.
  • Able to set headers for cache control and HSTS.
  • Ideally self-contained / statically linked (because snapping the whole would be much faster/easier this way)
  • SSL ready. I've had an A+ rating on SSLlabs for years and intend to keep it that way.
  • Easy to configure.

After toying with the idea to write my own in rust, I instead settled on an already existing project that fits the bill perfectly and is amazingly easy to deploy and configure - Caddy.

A little bit of snapcraft magic

Of course, a little bit of code was needed in the snapcraft recipe to make it all happen.

All of the code is available on a github project, and most of the logic can be found in the snapcraft.yaml file.

Simply copying the Caddyfile and the snap/ subfolder to your existing pelican project should be all you need to get going, then run the following to get a snap package:

# On an Ubuntu system. snap install snapcraft snapcraft

With your site's FQDN added to the Caddyfile and pushed to production, you can marvel at all the code and configuration you did not have to write to get an A+ rating with SSLlabs :)

Questions? Comments?

As usual, feel free to reach out with any question or comment you may have!

Stephen Michael Kellat: Looking Towards A Retrospective Future

Planet Ubuntu - Mër, 29/11/2017 - 5:40pd

I wish this was about Ubuntu MATE. It isn't, alas. With the general freak-out again over net neutrality in the United States let alone the Internet blackout in Pakistan, it is time to run some ideas.1

The Internet hasn't been healthy for a while. Even with net neutrality rules in the United States, I have my Internet Service Provider neutrally blocking all IPv6 traffic and throttling me. As you can imagine, that now makes an apt update quite a pain. When I have asked my provider, they have said they have no plans to offer this on residential service. When I have raised the point that my employer wants me to verify the ability to potentially work from home in crisis situations, they said I would need to subscribe to "business class" service and said they would happily terminate my residential service for me if I tried to use a Virtual Private Network.

At this point, my view of the proposed repeal of net neutrality rules in the United States is simple. To steal a line from a former presidential candidate: What difference at this point does it make?2 I have exactly one broadband provider available to me.3 Unless I move to HughesNet or maybe something exotic, I have what is generally available.4

The Internet, if we can even call it a coherent whole anymore, has been quite stressed over the past few years. After all, a simple hurricane can wipe out Internet companies with their servers and networks based in New York City.5 In Puerto Rico, mail carriers of the United States Postal Service were the communications lifeline for quite a while until services could come back online.6 It can be popular on the African continent to simply make Internet service disappear at times to meet the needs of the government of the day.7 Sometimes bad things simply happen, too.8

Now, this is not say people are trying to drive forward. I have found concept papers with ideas that are not totally "pie in the sky".9 Librarians see the world as one where it is littered with PirateBoxes that are instead called LibraryBoxes.10 Alphabet's own Project Loon has been field tested in the skies of Puerto Rico thanks to the grant of a "Special Temporary Authority" by the Federal Communications Commission's Office of Engineering Technology.11

Now, I can imagine life without an Internet. My first e-mail address was tremendously long as it had a gateway or two in it to get the message to the BBS I dialed into that was tied into FidoNet. I was hunting around for FidoNews and, after reading a recent issue, noticed some names that correlate in an interesting fashion with the Debian & Ubuntu realms. That was a very heartening thing for me to find. With the seeding of apt-offline on at least the Xubuntu installation disc, I know that I would be able to update a Xubuntu installation whenever I actually found access somewhere even if it was not readily available to me at home. Thankfully with that bit of seeding we solved the "chicken and the egg" problem of how do you install something like that which you need when you don't have the access to get it to use.

We can and likely will adapt. We can and likely will overcome. These bits of madness come and go. As it was, I already started pricing the build-out of a communications hub with a Beverage antenna as well as an AN-FLR9 Wullenweber array at a minimum. On a local property like a couple acres of farm land I could probably set this up for just under a quarter million dollars with sufficient backups.12 One farm was positioned close enough to a physical corridor to the PIT Internet Exchange Point but that would still be a little over 100 miles to traverse. As long as I could get the permissions, could get the cable laid, and find a peer, peering with somebody who uses YYZ as their Internet Exchange Point is oddly closer due to quirks of geography.

Earlier in today's news, it appeared that the Democratic People's Republic of Korea made yet another unauthorized missile launch.13 This one appears to have been an ICBM that landed offshore from Japan.14 The DPRK's leader has threatened missile strikes of various sorts over the past year on the United States.15 A suborbital electromagnetic pulse blast near our Pacific coast, for example, would likely wipe out the main offices of companies ranging from Google to Yahoo to Apple to Amazon to Microsoft in terms of their computers and other electronic hardware.16

I'm not really worried right now about the neutrality of internetworking. I want there to still be something carried on it. With the increasingly real threat of an EMP possibly wiping out the USA's tech sector due to one rogue missile, bigger problems exist than mere paid prioritization.17

  1. Megan McArdle, "The Internet Had Already Lost Its Neutrality," Bloomberg.Com, November 21, 2017, https://www.bloomberg.com/view/articles/2017-11-21/the-internet-had-already-lost-its-neutrality. ; M. Ilyas Khan, "The Politics behind Pakistan's Protests," BBC News, November 26, 2017, sec. Asia, http://www.bbc.com/news/world-asia-42129605.

  2. The candidate in this case is Hillary Clinton. That sentence, often taken out of context, was uttered before the Senate Foreign Relations Committee in 2013.

  3. Sadly the National Broadband Map project was not funded to be continually updated. It would have continued to show that, even though cell phone services are available, those are not meant for use in place of a wired broadband connection. Updates stopped in 2014.

  4. I am not made of gold but this is an example of an offering on the Iridium constellation: http://www.bluecosmo.com/iridium-go/rate-plans.

  5. Sinead Carew, "Hurricane Sandy Disrupts Northeast U.S. Telecom Networks," Reuters, October 30, 2012, https://www.reuters.com/article/us-storm-sandy-telecommunications/hurricane-sandy-disrupts-northeast-u-s-telecom-networks-idUSBRE89T0YU20121030.

  6. Hugh Bronstein, "U.S. Mail Carriers Emerge as Heroes in Puerto Rico Recovery," Reuters, October 9, 2017, https://www.reuters.com/article/us-usa-puertorico-mail/u-s-mail-carriers-emerge-as-heroes-in-puerto-rico-recovery-idUSKBN1CE15G.

  7. "Why Has Cameroon Blocked the Internet?," BBC News, February 8, 2017, sec. Africa, http://www.bbc.com/news/world-africa-38895541.

  8. "Marshall Islands' 10-Day Internet Blackout Extended," BBC News, January 9, 2017, sec. News from Elsewhere, http://www.bbc.com/news/blogs-news-from-elsewhere-38559117.

  9. Pekka Abrahamsson et al., "Bringing the Cloud to Rural and Remote Areas - Cloudlet by Cloudlet," ArXiv:1605.03622 [Cs], May 11, 2016, http://arxiv.org/abs/1605.03622.

  10. Jason Griffey, "LibraryBox: Portable Private Digital Distribution," Make: DIY Projects and Ideas for Makers, January 6, 2014, https://makezine.com/projects/make-37/librarybox/.

  11. Nick Statt, "Alphabet's Project Loon Deploys LTE Balloons in Puerto Rico," The Verge, October 20, 2017, https://www.theverge.com/2017/10/20/16512178/alphabet-project-loon-puerto-rico-lte-balloons-disaster-relief-connectivity.

  12. One property reviewed with a house, two barns, and a total of six acres of land came to $130,000. The rest of the money would be for licensing, equipment, and construction.

  13. "North Korea Fires New Ballistic Missile." BBC News, November 28, 2017, sec. Asia. http://www.bbc.com/news/world-asia-42160227.

  14. "N Korea 'Tested New Long-Range Missile.'" BBC News, November 29, 2017, sec. Asia. http://www.bbc.com/news/world-asia-42162462.

  15. Kim, Christine, and Phil Stewart. "North Korea Says Tests New ICBM, Can Reach All U.S. Mainland." Reuters, November 29, 2017. https://www.reuters.com/article/us-northkorea-missiles/north-korea-fires-ballistic-missile-u-s-government-sources-idUSKBN1DS2MB.

  16. For example: Zimmerman, Malia. "Electromagnetic Pulse Attack on Hawaii Would Devastate the State." Fox News, May 12, 2017. http://www.foxnews.com/us/2017/05/12/electromagnetic-pulse-attack-on-hawaii-would-devaste-state.html.

  17. Apparently the last missile test can reach the Pacific coast of the United States. See: Smith, Josh. "How North Korea’s Latest ICBM Test Stacks up." Reuters, November 29, 2017. https://www.reuters.com/article/us-northkorea-missiles-technology-factbo/how-north-koreas-latest-icbm-test-stacks-up-idUSKBN1DT0IF.

Faqet

Subscribe to AlbLinux agreguesi