You are here

Agreguesi i feed

Michael Meeks: 2015-04-23 Thursday

Planet GNOME - Enj, 23/04/2015 - 10:58pd
  • Reminded by Claire to update my blog; good idea.
  • Mail chew; amused to see the pictures from Keith of what building LibreOffice can do to your laptop paint job; though I'm rather a fan of Thinkpads.
  • Great to see Tobias and Jennifer's interview written up by Sam; nice work guys.

Ubuntu Podcast from the UK LoCo: S08E07 – The Starfighters - Ubuntu Podcast

Planet UBUNTU - Enj, 23/04/2015 - 10:36pd

It’s Episode Seven of Season Eight of the Ubuntu Podcast! Alan Pope, Laura Cowen, Mark Johnson, and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week, please send your comments and suggestions to: show@ubuntupodcast.org
Join us on IRC in #ubuntu-podcast on Freenode
Follow us on Twitter
Find our Facebook Fan Page
Follow us on Google+

6 Most Dangerous New Attack Techniques in 2015

LinuxSecurity.com - Enj, 23/04/2015 - 10:35pd
LinuxSecurity.com: Experts with the SANS Institute convened at RSA Conference for their annual threats panel, this time dishing on the six most dangerous new attack techniques. Led by SANS Director John Pescatore, the panel featured Ed Skoudis, SANS faculty fellow and CEO of CounterHack Challenges, Johannes Ullrich, dean of research for SANS, and Michael Assante, SANS project lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) security.

Wi-Fi client vulnerability could expose Android, Linux, BSD, other systems to attacks

LinuxSecurity.com - Enj, 23/04/2015 - 10:32pd
LinuxSecurity.com: A serious flaw in a component that's used to authenticate clients on Wi-Fi networks could expose Android, Linux, BSD, and possibly Windows and Mac OS X systems to attacks. The vulnerability is in wpa_supplicant, an open-source software implementation of the IEEE 802.11i specifications for wireless clients.

RSAC 2015: RSA Conference (Day 3)

LinuxSecurity.com - Enj, 23/04/2015 - 10:30pd
LinuxSecurity.com: For me - today is part two of running the gauntlet with back-to-back meetings; for everyone else today is day three, easily described as the show's apex. In other words, there's a lot going on today at the conference, so we'll start the day with a bit of news.

Hubble Spots Star Explosion Astronomers Can't Explain

Slashdot.org - Enj, 23/04/2015 - 8:59pd
schwit1 writes: The Hubble Space Telescope has spotted the explosion of a star that does not fit into any theory for stellar evolution. "The exploding star, which was seen in the constellation Eridanus, faded over two weeks — much too rapidly to qualify as a supernova. The outburst was also about ten times fainter than most supernovae, explosions that destroy some or all of a star. But it was about 100 times brighter than an ordinary nova, which is a type of surface explosion that leaves a star intact. 'The combination of properties is puzzling,' says Mario Livio, an astrophysicist at the Space Telescope Science Institute in Baltimore, Maryland. 'I thought about a number of possibilities, but each of them fails' to account for all characteristics of the outburst, he adds." We can put this discovery on the bottom of a very long list of similar discoveries by Hubble, which this week is celebrating the 25th anniversary of its launch.

Read more of this story at Slashdot.

Ancient Hangover Cure Discovered In Greek Texts

Slashdot.org - Enj, 23/04/2015 - 6:29pd
An anonymous reader writes with good news for people looking for an old cure for an old problem. Trying to ease a bad hangover? Wearing a necklace made from the leaves of a shrub called Alexandrian laurel would do the job, according to a newly translated Egyptian papyrus. The "drunken headache cure" appears in a 1,900-year-old text written in Greek and was discovered during the ongoing effort to translate more than half a million scraps of papyrus known as the Oxyrhynchus Papyri. Housed at Oxford University's Sackler Library, the enormous collection of texts contains lost gospels, works by Sophocles and other Greek authors, public and personal records and medical treatises dating from the first century AD to the sixth century A.D.

Read more of this story at Slashdot.

Adam Stokes: Extending Juju, Plugin basics in Go

Planet UBUNTU - Enj, 23/04/2015 - 4:52pd

This is a quick introduction on extending Juju with plugins. What we’ll cover:

  • Setting up your Go environment
  • Getting the Juju source code
  • Writing a basic plugin named juju-lyaplugin short for (juju-learnyouaplugin)
  • End result will be a plugin that closely resembles what juju run would do.
Prerequisites
  • Running on Ubuntu 14.04 or above
  • Go 1.2.1 or above (Article written using Go 1.2.1)
  • A basic understanding of the Go language, package imports, etc.
Setting up your Go environment

This is all a matter of preference but for the sake of this article we’ll do it my way :)

Install Go

On Trusty and above:

1sudo apt-get install golang Go dependency management

2 projects I use are:

Install 1 2$ cd /tmp && git clone https://github.com/pote/gvp.git && cd gvp && sudo ./configure && sudo make install $ cd /tmp && git clone https://github.com/pote/gpm.git && cd gpm && sudo ./configure && sudo make install

Feel free to check out their project pages for additional uses.

Create your project directory 1 2$ mkdir ~/Projects/juju-learnyouaplugin $ cd ~/Projects/juju-learnyouaplugin Setup the project specific Go paths 1$ source gvp in

This will setup your $GOPATH and $GOBIN variables for use when resolving imports, compiling, etc.

1 2 3 4$ echo $GOPATH /home/adam/Projects/juju-learnyouaplugin/.godeps $ echo $GOBIN /home/adam/Projects/juju-learnyouaplugin/.godeps/bin

From this point on all package dependencies will be stored in the project’s .godeps directory.

Get the Juju code

From your project’s directory run:

1$ go get -d -v github.com/juju/juju/... Writing the plugin

Now that all the preparatory tasks are complete we can begin the fun stuff. Using your favorite editor open up a new file main.go. Within this file we need to define a few package imports that are necessary for the plugin.

1 2 3 4 5 6 7 8 9 10 11 12 13 14import ( "fmt" "github.com/juju/cmd" "github.com/juju/juju/apiserver/params" "github.com/juju/juju/cmd/envcmd" "github.com/juju/juju/juju" "github.com/juju/loggo" "github.com/juju/names" "launchpad.net/gnuflag" "os" "time" _ "github.com/juju/juju/provider/all" )

Let’s go through the imports and list why they are required.

  • github.com/juju/cmd - This import gives us access to the run context of a command DefaultContext
  • github.com/juju/juju/cmd/envcmd - Provides EnvCommandBase for creating new commands and giving us access to the API Client for making queries against the Juju state server.
  • github.com/juju/juju/apiserver/params - Provides access to 2 types RunParams and RunResults for executing the api call to Run and return the executed results.
  • github.com/juju/juju/juju - Provides access to InitJujuHome for initializing the necessary bits like charm cache and environment. Required before running any juju cli command.
  • github.com/juju/loggo - Provides access to juju’s logging api
  • github.com/juju/names - This package provides some convenience functions in particular we’ll use IsValidMachine
  • launchpad.net/gnuflag - Provides the interface for our command definition like setting arguments, usage information, and execution.
  • github.com/juju/juju/provider/all - Registers all known providers (amazon, maas, local, etc)

With that said let’s spec out the plugin type. This will hold our embedded command base and cli arguments.

1 2 3 4 5 6 7 8 9 10 11type LYAPluginCommand struct { envcmd.EnvCommandBase out cmd.Output timeout time.Duration machines []string services []string units []string commands string envName string description bool }

Once defined we can spec out our cli command and its functions.

The info function

First part of the command is the Info() function which returns information about the particular subcommand, in our case that is lyaplugin

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17var doc = `Run a command on target machine(s) This example plugin mimics what "juju run" does. eg. juju lyaplugin -m 1 -e local "touch /tmp/testfile" ` func (c *LYAPluginCommand) Info() *cmd.Info { return &cmd.Info{ Name: "lyaplugin", Args: "<commands>", Purpose: "Run a command on remote target", Doc: doc, } } SetFlags function

Next we’ll define what arguments are available to this new subcommand (lyaplugin).

1 2 3 4 5 6 7func (c *LYAPluginCommand) SetFlags(f *gnuflag.FlagSet) { f.BoolVar(&c.description, "description", false, "Plugin Description") f.Var(cmd.NewStringsValue(nil, &c.machines), "machine", "one or more machine ids") f.Var(cmd.NewStringsValue(nil, &c.machines), "m", "") f.StringVar(&c.envName, "e", "local", "Juju environment") f.StringVar(&c.envName, "environment", "local", "") }

Here we are providing a –description argument to satisfy a Juju plugin requirement. In addition a target argument -m/–machine MACHINEID and the ability to define which juju environment to execute this in -e/–environment defaults to local environment.

Init function

Here we’ll parse the cli arguments, do some basic sanity checking to make sure the passed arguments validate to our liking.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23func (c *LYAPluginCommand) Init(args []string) error { if c.description { fmt.Println(doc) os.Exit(0) } if len(args) == 0 { return fmt.Errorf("no commands specified") } if c.envName == "" { return fmt.Errorf("Juju environment must be specified.") } c.commands, args = args[0], args[1:] if len(c.machines) == 0 { return fmt.Errorf("You must specify a target with --machine, -m") } for _, machineId := range c.machines { if !names.IsValidMachine(machineId) { return fmt.Errorf("(%s) not a valid machine id.", machineId) } } return cmd.CheckEmpty(args) }

Notice the names.IsValidMachine(machineId) which was imported above as this is the only place where we make use of that particular package.

Run function

To the heart of the command where the execution based on the cli arguments take place. I’ll describe inline what is happening:

1 2func (c *LYAPluginCommand) Run(ctx *cmd.Context) error { c.SetEnvName(c.envName)

Set the environment name pulled from our arguments list so we known which environment to run our command against.

1 2 3 4 5 client, err := c.NewAPIClient() if err != nil { return fmt.Errorf("Failed to load api client: %s", err) } defer client.Close()

Grab the api client for the current environment.

1 2 3 4 5 6 7 8 9 10 var runResults []params.RunResult logger.Infof("Running cmd: %s on machine: %s", c.commands, c.machines[0]) params := params.RunParams{ Commands: c.commands, Timeout: c.timeout, Machines: c.machines, Services: c.services, Units: c.units, }

Prepare the RunParams for passing to the api’s Run function.

1 2 3 4 5 6 7 8 9 10 runResults, err = client.Run(params) if err != nil { fmt.Errorf("An error occurred: %s", err) } if len(runResults) == 1 { result := runResults[0] logger.Infof("Result: out(%s), err(%s), code(%d)", result.Stdout, result.Stderr, result.Code) } return nil }

Execute the api Run function and return the results from the executed command on the machine.

Entrypoint

The last bit of code is our main function which ties everything together.

1 2 3func main() { loggo.ConfigureLoggers("<root>=INFO") err := juju.InitJujuHome()

Initialize the Juju environment based on the default paths or if $JUJU_HOME is defined.

1 2 3 4 5 6 7 8 if err != nil { panic(err) } ctx, err := cmd.DefaultContext() if err != nil { panic(err) }

Set the proper command context

1 2 3 c := &LYAPluginCommand{} cmd.Main(c, ctx, os.Args[1:]) }

Pass our plugin type/command into the supplied command Context and off you go.

Finish

With the code written, build and run the command.

1$ go build -o juju-lyaplugin -v main.go

Place the executable somewhere in your $PATH $ mv juju-lyaplugin ~/bin

See if Juju picks it up

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19$ juju help lyaplugin usage: lyaplugin [options] <commands> purpose: Run a command on remote target options: --description (= false) Plugin Description -e, --environment (= "local") Juju environment -m, --machine (= ) Run a command on target machine(s) This example plugin mimics what "juju run" does. eg. juju lyaplugin -m 1 -e local "touch /tmp/testfile"

See it in your list of plugins, requires juju-plugins to be installed:

1 2 3 4 5 6 7 8 9 10 11$ juju help plugins Juju Plugins Plugins are implemented as stand-alone executable files somewhere in the user's PATH. The executable command must be of the format juju-<plugin name>. ... git-charm Clone and keep up-to-date a git repository containing a Juju charm for easy source managing. kill Destroy a juju object and reap the environment. lyaplugin Run a command on target machine(s) ...

This should hopefully give you a better idea where to start when you decide to dive into writing a juju plugin :)

Full source code for juju-learnyouaplugin

Apple Offers Expedited Apple Watch Order Lottery To Developers

Slashdot.org - Enj, 23/04/2015 - 4:12pd
An anonymous reader writes: Apple is sending out invites to random registered developers, giving them the chance to buy an Apple Watch with guaranteed delivery by the end of the month. "Special Opportunity for an Expedited Apple Watch Order," the invite email states. "We want to help give Apple developers the opportunity to test their WatchKit apps on Apple Watch as soon as it is available. You have the chance to purchase one (1) Apple Watch Sport with 42mm Silver Aluminum Case and Blue Sport Band that's guaranteed to ship by April 28, 2015."

Read more of this story at Slashdot.

House Bill Slashes Research Critical To Cybersecurity

Slashdot.org - Enj, 23/04/2015 - 2:15pd
dcblogs writes: A U.S. House bill that will set the nation's basic research agenda for the next two years increases funding for computer science, but at the expense of other research areas. The funding bill, sponsored by Rep. Lamar Smith (R-Texas), the chair of the Science, Space and Technology Committee, hikes funding for computer science, but cuts — almost by half — social sciences funding, which includes the study of human behavior. Cybersecurity uses human behavior research because humans are often the weakest security link. Research funding social, behavioral and economic sciences will fall from $272 million to $150 million, a 45% decrease. The bill also takes a big cut out of geosciences research, which includes climate change study, from $1.3 billion to $1.2 billion, an 8% decrease. The insight into human behaviors that comes from the social science research, "is critical to understanding how best to design and implement hardware and software systems that are more secure and easier to use," wrote J. Strother Moore, the Computing Research Association chair and a professor of computer science at the University of Texas.

Read more of this story at Slashdot.

Steve McIntyre: Ready for Jessie! (aka bits from the debian-cd team)

Planet Debian - Enj, 23/04/2015 - 2:10pd

I'm happy with the progress we've made for debian-installer and related packages for the Jessie release. We're going to end up with a release that's better in a number of ways than what we've had before.

1. Big EFI enhancements

I've already blogged a lot about the stuff I've worked on here, so I'll just summarise for now some of the improvements we've got over Wheezy.

  1. A fix for systems that (badly) dual-boot in EFI and BIOS mode such that after installing Debian you wouldn't get a sensible choice of which OS to boot (#763127).
  2. A workaround for broken EFI implementations: an option to install the grub-efi bootloader to the removable media path in case the system firmware does not load grub-efi from the correctly registered boot path. (#746662).
  3. Addition of 32-bit EFI to our i386 installation images, to support both some older systems and some brand new systems that need it. This has unfortunately stopped those i386 images from working on some of the oldest Intel-based Apple Mac machines, so we've added an extra Mac-only flavour of i386 netinst without EFI in case people need it.
  4. Significantly better support for Intel-based Apple Macs in general, to the point that installing Debian on lots of these machines should now be much easier and doesn't depend on extra third-party software such as rEFIt or rEFInd. I've massively updated the Debian wiki page at https://wiki.debian.org/MacMiniIntel with more details for specific models of Mac Mini. I'm hoping to provide similarly updated information for Mac laptops too - see below!
    Massive thanks to the lovely folks at Mythic Beasts for providing me with a range of machines to test with here!
  5. Support for mixed-mode EFI systems like the Intel Bay Trail: a 64-bit platform crippled with a 32-bit EFI firmware. I believe Jessie will be the first release of a Linux distribution to support these machines fully!
2. Openstack images

In collaboration with Thomas Goirand, we now have amd64 Openstack Jessie image builds being produced every week, and there will be an official image made to go with the Jessie release too. See http://cdimage.debian.org/cdimage/openstack/testing/ for the current image.

3. Debian-live images

As of a few weeks ago, we've also added started doing weekly builds of live Debian images for amd64 and i386, using software and configuration from the Live Systems Project. See http://cdimage.debian.org/cdimage/weekly-live-builds/ for the current weekly images. These will be produced in sync with the Jessie release too.

4. New architectures

We've added installation media for the two new architectures added in Jessie: arm64 and ppc64el.

I'm particularly proud of the arm64 images. With help from Ian Campbell, Leif Lindholm and Thomas Schmitt I've managed to make EFI-compatible CD images in an isohybrid design that means they should also work when copied directly to a USB stick. Hopefully this will help this new platform to become just as easy to install as any x86 PC is today.

Hopefully post-Jessie we'll even be able to start providing live images and openstack images for more architectures too.

More help needed yet!

First of all, we're planning to release Jessie as Debian 8 this coming Saturday (25th April). Help with testing the installation and live images as they're produced would be lovely - please join us on the #debian-cd channel on irc.debian.org and we'll co-ordinate there.

Secondly, there's an almost endless variety of machines out there. I've updated information about how Debian installation works on some of the more awkward Mac Mini machines, but we don't yet cover all the bases even there. It would be great to update the information about other machines such as the Macbook range as well - currently a lot of these pages are well out of date and won't be helpful for new users. Please test on machines if you have them, and help improve Debian's documentation here.

Facebook's "Hello" Tells You Who's Calling Before You Pick Up

Slashdot.org - Enj, 23/04/2015 - 1:31pd
Mark Wilson writes: When you receive a call you'll usually see the number of the caller, but this may not be helpful in identifying them before you decide whether to pick up. Facebook's answer to this problem is Hello. This new app comes from the Facebook Messenger team and aims to tell you more about the person getting in touch with you even if you don't have their number saved in your address book. Currently available for Android, the dialer app also allows for the blocking of calls from individuals.

Read more of this story at Slashdot.

Chinese Scientists Claim To Have Genetically Modified Human Embryos

Slashdot.org - Enj, 23/04/2015 - 12:50pd
Annanag writes: There were rumours — but now it's been confirmed. Chinese scientists have attempted the ethically questionable feat of genetically modifying human embryos. The scientists try to head off ethical concerns by using 'non-viable' embryos, which cannot result in a live birth, obtained from local fertility clinics. The study is a landmark — but also a cautionary tale.

Read more of this story at Slashdot.

Swallowing Your Password

Slashdot.org - Enj, 23/04/2015 - 12:07pd
HughPickens.com writes: Amir Mizroch reports at the WSJ that a PayPal executive who works with engineers and developers to find and test new technologies, says that embeddable, injectable, and ingestible devices are the next wave in identification for mobile payments and other sensitive online interactions. Jonathon Leblanc says that identification of people will shift from "antiquated" external body methods like fingerprints, toward internal body functions like heartbeat and vein recognition, where embedded and ingestible devices will allow "natural body identification." Ingestible devices could be powered by stomach acid, which will run their batteries and could detect glucose levels and other unique internal features can use a person's body as a way to identify them and beam that data out. Leblanc made his remarks during a presentation called Kill all Passwords that he's recently started giving at various tech conferences in the U.S. and Europe, arguing that technology has taken a huge leap forward to "true integration with the human body." But the idea has its skeptics. What could possibly go wrong with a little implanted device that reads your vein patterns or your heart's unique activity or blood glucose levels writes AJ Vicens? "Wouldn't an insurance company love to use that information to decide that you had one too many donuts—so it won't be covering that bypass surgery after all?"

Read more of this story at Slashdot.

WordPress 4.1.2 Fixes Critical XSS Flaw

LinuxSecurity.com - Mër, 22/04/2015 - 11:57md
LinuxSecurity.com: The maintainers of WordPress announced a new version for the blogging platform, which is considered a critical security release that addresses a highly important cross-site scripting (XSS) vulnerability.

IPFire 2.17 Core 89 Linux Firewall Distribution Brings Numerous Improvements

LinuxSecurity.com - Mër, 22/04/2015 - 11:53md
LinuxSecurity.com: On April 21, Michael Tremer announced that a new maintenance release for IPFire, a Linux distribution that can be used by beginning and experienced system administrators alike to deploy a firewall, proxy server, or VPN gateway on their infrastructure without too much hassle, is available for download.

Bill To Require Vaccination of Children Advances In California

Slashdot.org - Mër, 22/04/2015 - 11:23md
mpicpp sends the latest news on California legislation that would eliminate exemptions for vaccinating school children. A bill that would require nearly all children in California to be vaccinated by eliminating "personal belief" exemptions advanced through the State Legislature on Wednesday, though it still has several hurdles to clear. If approved, California would become one of only three states that require all parents to vaccinate their children as a condition of going to school, unless there is a medical reason not to do so. Under the bill, introduced after a measles outbreak that began at Disneyland, parents who refuse vaccines for philosophical or religious reasons would have to educate their children at home. The legislation prompted a roiling debate in Sacramento, and last week hundreds of people protested at the Capitol, arguing that it infringed on their rights and that it would unfairly shut their children out of schools. Last Wednesday, the legislation stalled in the Senate Education Committee as lawmakers said they were concerned that too many students would be forced into home schooling. This Wednesday, however, the bill passed that committee after its authors tweaked it, adding amendments that would expand the definition of home schooling to allow multiple families to join together to teach their children or participate in independent study programs run by public school systems.

Read more of this story at Slashdot.

Michael Meeks: 2015-04-22 Wednesday

Planet GNOME - Mër, 22/04/2015 - 11:00md
  • Customer call, interview, interesting lunch with Andrew Haley. Partner call, sync. with Tomaz, reviewed a nice blog.

Yahoo Called Its Layoffs a "Remix." Don't Do That.

Slashdot.org - Mër, 22/04/2015 - 10:41md
Nerval's Lobster writes: Yahoo CEO Marissa Mayer, in a conference call with reporters and analysts, referred to the net layoffs of 1,100 employees in the first quarter of 2015 as part of a 'remixing' of the company. A 'remix' is a term most often applied to songs, although it's also appropriate to use in the context of photographs, films, and artwork. CEOs rarely use it to describe something as momentous as a major enterprise's transition, especially if said transition involves layoffs of longtime employees, because it could potentially appear flippant to observers. If you run your own shop (no matter how large), it always pays to choose words as carefully as possible when referring to anything that affects your employees' lives and careers. Despite a renewed focus on mobile and an influx of skilled developers and engineers, Yahoo still struggles to define its place on the modern tech scene; that struggle is no more evident than in the company's most recent quarterly results, which included rising costs, reduced net income, and layoffs.

Read more of this story at Slashdot.

Faqet

Subscribe to AlbLinux agreguesi