April 23, 2019

hackergotchi for Cumulus Linux

Cumulus Linux

Cumulus NetQ Reinvented

When it comes to visibility into the health of your network. telemetry is all the rage these days. Even so, many customers are still plowing through old SNMP and Flow data to try to piece together what went wrong in their network with no easy way to back the clock up to a time before something broke your spine or leaf! Network downtime is usually costly and for many customers, large and small, can be mission critical.

With these and many other reasons in mind, I’m really excited to introduce Cumulus NetQ. With NetQ, Cumulus Networks has reinvented, from the ground up, our original NetQ product to include a long list of very useful features that are sure to make NetQ a Network Operators best friend.

Figure 1: Cumulus NetQ Benefits

NetQ is a highly-scalable, modern network operations toolset that provides visibility into and troubleshooting of your overlay and underlay networks in real-time. NetQ, delivers actionable insights and operational intelligence about the health of your network and your Linux-based data center — from the container, virtual machine, or host, all the way to the switch and port. In short, NetQ provides holistic, real-time intelligence about your modern network.

So, what is unique about NetQ you ask! Well, since you asked, NetQ has been completely reimagined with some very unique features and advantages.

NetQ performs 3 primary functions:

  • Data Collection: real-time and historical telemetry and network state information
  • Data Analytics: deep processing of the data
  • Data Visualization: rich Graphical User Interface (GUI) for actionable insight

You are sure to love the new GUI to help visualize everything that is happening in your network and beyond. It’s a single tool to manage everything Linux in your data center and provides seamless integration with third-party software such as Splunk, PagerDuty, Slack and others. But that’s not all! NetQ also drastically simplifies your ability to scale Cumulus Linux and streamline your container operations. Finally, NetQ can collect and save up to 90 days of real-time telemetry data, alert you immediately if something breaks or is misconfigured, tell you exactly where to find it, and then let you roll back to a previous version to avoid any downtime. Everything you need in a “modern” network.

Under the covers, NetQ is a Cloud-based, microservices architecture with some obvious advantages that you can read all about in the links below. NetQ agents collect real-time telemetry data to then provide deep analytics for things like predictive troubleshooting with no performance impact to your switches or routers. In addition, it delivers web-scale levels of scalability that parallel the largest of tier 1 web-scale companies, in case you need it, and will soon offer a full set of Lifecycle management features and capabilities (coming soon).

You’ll find a full set of collateral, videos, web pages and a press release below but don’t take my word for it, I would suggest you try NetQ for yourself by taking a test drive.

Cumulus NetQ Press Release
Cumulus NetQ Demo Video
Cumulus NetQ Executive Overview Video
Cumulus NetQ Datasheet
Cumulus NetQ Web Page
Get Certified with Cumulus Networks New Certification Program – Cumulus Certified Open Network Professional (CCONP)

If you would like to see NetQ in action, don’t hesitate to contact your sales team for a demo.

Please let me know if you have any comments or questions, or via Twitter at @CicconeScott.

23 April, 2019 12:00PM by Scott Ciccone

April 22, 2019

hackergotchi for Ubuntu

Ubuntu

Ubuntu Weekly Newsletter Issue 575

Welcome to the Ubuntu Weekly Newsletter, Issue 575 for the week of April 14 – 20, 2019. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

22 April, 2019 10:23PM by wildmanne39

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Studio: Ubuntu Studio at Linux Fest Northwest 2019

Council Chair Erich Eickmeyer will be in Bellingham, WA, USA this weekend for Linux Fest Northwest 2019, and will be bringing his audio setup to demonstrate Ubuntu Studio at the Ubuntu table. Check out the post on his personal blog!

22 April, 2019 05:49PM

Erich Eickmeyer: Gearing Up for Linux Fest Northwest 2019!

This next weekend (April 26-28th, 2019) I will be in Bellingham at Bellingham Technical College for Linux Fest Northwest to help at the Ubuntu table!

I will be demonstrating Ubuntu Studio and my audio setup.

I also have a few giveaways for fans of Ubuntu Studio fans. After all, nearly everybody loves vinyl stickers.

I even put a couple of them on my pickup truck! (The Tux sticker is from HelloTux, where you can pick up some amazing Ubuntu Studio clothing!)

I look forward to seeing you there! Also attending (that I know of) will be Valorie Zimmerman (Kubuntu), Dustin Krysak (Ubuntu Budgie), Simon Quigley (Lubuntu), Martin Wimpress (Ubuntu MATE, Canonical), and Alan Pope (Canonical). It’s going to be a blast!

22 April, 2019 05:45PM

hackergotchi for SparkyLinux

SparkyLinux

Strawberry

There is a new tool available for Sparkers: Strawberry

What is Strawberry?

Strawberry is a music player and music collection organizer. It is a fork of Clementine released in 2018 aimed at music collectors, audio enthusiasts and audiophiles. The name is inspired by the band Strawbs. It’s based on a heavily modified version of Clementine created in 2012-2013. It’s written in C++ and Qt 5.

Installation:
sudo apt update
sudo apt install strawberry

or via the Sparky APTus (with Sparky APTus Extra >= 0.2.16).
The tool is available for Sparky 4/Debian Stretch and Sparky 5/Debian Buster.

Strawberry

The Stawberry GitHub page: github.com/jonaski/strawberry
The project developer is Jonas Kvinge; it is licensed under the GNU General Public License v3.0

 

22 April, 2019 04:27PM by pavroo

hackergotchi for ARMBIAN

ARMBIAN

hackergotchi for Ubuntu developers

Ubuntu developers

Jono Bacon: Open Source Won’t Save A Subpar Product

Bonus points for those of you who can guess where the main image for this post is from.

One of the interesting elements of working with a range of different companies is being able to better understand the dynamics that influence how well a community will succeed or fail. These dynamics are many and broad, and include having a solid strategy, the right balance of transparency, executive and frontline and support, simple and sensible tooling, and more. Sadly, the availability of gin plays no concrete role in this success. Bah humbug.

Within the context of companies building a community around a product, one of the most critical influences of this success, frankly, is having a product that (a) people actually want, and (b) that they can wrap their heads around it.

This may seem obvious, but it is more complex than it may seem. If you look at the rich tapestry of open source, you have some very popular projects that serve broad needs such as Kubernetes, Node.js, Git, Docker, Angular, and others. But then, you have projects that serve very niche needs such as OpenMRS, SymPy, Astropy, and eht-imaging. All of these projects are thriving open source communities.

Now, for some companies watching these projects growing in adoption and market recognition, it can generate a seemingly logical conclusion:

“Surely if we open source our struggling project on GitHub or GitLab we will attract an audience of users and developers, and therefore help our broader market success, right?”

Well, Danger, Will Robinson.

A Balanced View

While there is little doubt that open source can have a heck of an impact on projects, products, and companies, the way in which you accomplish this impact needs to pull together four key components:

  1. Product – firstly, you need to have a product that the market wants, that can add value for your target audience, and maps well to your chosen open source model.
  2. Product/Engineering Workflow – secondly, if you are going to run a public open source project, you need to ensure your product and engineering teams can operate with an open, asynchronous workflow and can interface with public contributors.
  3. Community Strategy – thirdly, you are going to need a clear, unambiguous strategy for how you structure your community, hire the right team members, target the right audiences, build growth, and more.
  4. Internal Capabilities – finally, you are going to need to develop the skills in your company to accomplish all of the above. This will require staff training, support, mentoring, and leadership.

Now, often when I am brought into a company, the client is typically very interested in focusing on points 2 – 4. After all, this is what a lot of people associate with the work I do.

My first questions though almost always focus on (1). Is the product you have suitable for open sourcing, and will open sourcing it bring you and your prospective community the value you and they want?

Open source is not a panacea. It is not a solution that will revive an uninteresting or poorly built product. I never recommend anyone goes down the open source road until they have assessed this important product suitability consideration first. Otherwise, they risk doing a lot of work for very limited benefit for anyone.

Essential Questions To Ask

Here’s the deal: open source requires a careful balance of open workflow, community/contributor management, and a clear delineation of where the lines are drawn between your open source and non-open source projects (and which teams work on what.)

To put it rather glibly, open source is not as simple as chucking some code into a public repository and blogging about it. It requires a careful balance of internal and public workflow, and needs a significant investment of time and energy to do well. As such, you want to be sure that this time and energy is not just worth it, but has a realistic chance of success for both you and your community.

When you are considering this, I recommend asking yourself 4 key questions:

#1. Is there a market need/fit for your product?

Open source has become increasingly interesting to companies who want to get developers using their product or platform. Developers are increasingly influential decision-makers in modern tech firms, and often prefer open source platforms.

Put the open source element to one side though and ask yourself the objective question, “Does your project serve a clear need and deliver enough value for your target audience?”

Market fit? Would you wear this while on the phone so to not disturb others? No, you are not insane.
Credit.

The #1 thing your audience are looking for is clear, valuable functionality. Does the software do something that pragmatically make your audience’s lives better? If it doesn’t deliver this, no amount of open source will save it.

So, try to understand what your core audience want and ensure your project can deliver it. If this is a new project, publish a roadmap for these key target features and focus on staffing the delivery of them. A compelling 1.0 is essential to interest both users and potential contributors.

#2. What is the on-boarding experience like for new users?

On a related note, how easy is it to get started using your project? Can a new user get up and running and experience tangible value within 10 minutes? No? Then you you need optimize your on-boarding experience.

I have seen some bloody horror stories here: projects that make users jump through endless hoops, require complicated configuration (with little to no documentation), have dependencies on obscure or unavailable services, and other dents in the experience.

This is the model I have developed over the years for thinking about building a clear onramp:

Every step should logically lead to the next step. If it doesn’t, your onramp needs fixing.

Your audience should be able to proceed simply and logically from one step to the next ultimately getting to the star, which is a piece of tangible value for them (e.g. completing a task, solving a problem, etc.).

Now, while every project will use a slightly different set of steps, an onramp generally breaks down into understanding value, setting up tools, learning skills, and using the tools and skills to produce something valuable. (1) and (6) are highlighted in the above graph because they should be on every onramp: you always need to communicate the value of your project (such as via websites, social media, etc) and validate the people who use it successfully (such as with rewards, engagement, and opportunities). The latter is especially important for building lasting relationships with your community.

Think about how to simplify the overall onramp (you should explore how muntzing can help here). Then, ensure that each transition from one step to the next step is logical and try to understand and resolve where people get stuck.

If you don’t do this, you will struggle to build a userbase for your project, which is a critical requirement before you can consider developing a contributor-base.

#3. What are your primary goals for open sourcing it?

The next question is why are you are open sourcing your project in the first place? From a company perspective this can vary and will often include one or more of the following:

  • We want to increase market awareness and adoption.
  • We want to increase engineering contributions to the project.
  • We want people to build on top of the project (e.g. plugins or modules.)
  • We want to increase the company’s brand recognition.
  • . . .

This is where things can get complex: open source projects can often lead to many of the benefits listed above, but it is not just the nature of being open source that will drive these benefits, it is the focused strategy efforts you put in place that will.

For example, if your goal is “increasing engineering contributions”, putting code in a repo will not merely lead to this. Clear developer on-boarding, solid documentation, building meaningful community relationships with developers, developer focused content and outreach, and other efforts will help drive this growth.

The risk some companies face here is that they think of the value of open source primarily from their own perspective, but don’t focus enough on what value their users want to experience too. How can you build an open source community that gives your users greater information, flexibility, and communication with the project and your team? How can your users play a more meaningful role in the project? If you build an environment with your users’ needs in mind, you will build a a far more engaging and valuable community in general.

#4. What new skills and resources do you need to build in your company to do this work well?

It took me far too long to realize that a significant determining factor of community success is not just making the right strategic choices, but also baking those skills effectively into an organization.

For many companies, switching to an open source model is a significant change of workflow, policy, and how you incentivize your team. Aside from picking the right set of open source strategic steps (such as how you publish code, manage issues, build community engagement and growth etc.), you should also plan for how to bake these skills and expertise into your teams.

Wrong kind of baking.
Credit.

An an example, one key element of being an open source project is receiving and responding to pull requests with new features and fixes. This requires your team members to be able to review those PRs, test them, provide constructive feedback, and approve or reject the contribution based on merit. It requires calm and constructive feedback, often with people you don’t know and trust yet. It requires the overall code review process to happen end-to-end out in the open. Overall this needs a nuanced set of skills such as peer review, technical collaboration, open build management, and other pieces.

For companies less familiar with open source, this is all going to seem a bit weird and uncomfortable. Your team members are going to hesitant to engage, not only because it is new, but they also don’t want to put a foot wrong and get in trouble. This is entirely normal.

As such, think about how to break these skills down into simple pieces, provide the right level of training and support, and how to mentor and support people through this transition. Help them to build a habit around participation, and develop incentives, rewards, and other mechanisms to help them naturally orient to an open workflow and enjoy engaging in it.

Open source is an enormously powerful model, but focusing on these core product questions is an important part of the process. What other considerations should companies be making? Share them in the comments…

The post Open Source Won’t Save A Subpar Product appeared first on Jono Bacon.

22 April, 2019 06:12AM

Gustavo Silva: Disco Dingo Thoughts

Hello everyone.

After over a year without posting, I am back to review the latest release of Ubuntu, Disco Dingo 19.04.


Those already around me know I love Linux and my favourite linux distribuition is Ubuntu.

One of the reasons Ubuntu is my favourite is how simple and compatible it is with pretty much all devices I have tried installing. Except my laptop, but that’s due to the graphics card.

But hey, I fondly received the news that now we can select the option to automatically set nomodeset and other convenient tools when running the setup. For me, this means a major win. I previously had to set nomodeset manually and after installation I had to immediately modifiy some options in the grub’s defaults (namely set the acpi=force) but now, with this new option, the installation process which was already smooth, become (melted) butter. Thank you, honestly, person who remembered to include this option. This seems like a feature that will stick to Ubuntu 20.04, so I’m happy to now a LTS version will become even simpler to install too, so that’s great.

The UI and custom-Gnome experience has been improved as well, in this custom flavour of Gnome. We now have a few more options for customization, including dark options of the themes but I am definitely pleased to say that the Gnome shell, in Ubuntu 19.04, really looks great.

Finally, Ubuntu 19.04 comes with the 5 series of the kernel, meaning we are getting cutting edge version of the kernel. People everyone are mentioning the fact that is given a significant battery duration boost, although I haven’t tried it. I use my computer mainly at home and it’s always plugged in. Personally though, using a more recent kernel is awesome, as I am more balanced torward freshness of the software in favour of stability (but not to the point things break on a daily basis). In fact, the entire experience feels improved, sharper, more responsive than before. The system is the same, so there is nothing related to hardware changes. They also removed Python 2 from the base installation but I feel that was expected as Python 2 will stop being supported very soon.

I’ll take my chances and simply say that Ubuntu is making significant progress in becoming the linux distribution of choice for a lot of people. It just works, whether you have a potato computer, or a high-end beast. Great job, everyone.

Thanks for reading gsilvapt

22 April, 2019 12:00AM by Gustavo Silva (gustavosntaremsilva@gmail.com)

April 21, 2019

hackergotchi for Whonix

Whonix

Google Season of Docs (GSoD) 2019

@Patrick wrote:

April 22, 2019

The Whonix team has exciting news to share with our community!

The Whonix project has applied to the Google Season of Docs 2019! If you are unfamiliar with the Season of Docs that’s OK because this is the first year of the program. Once you learn more about the program and how it benefits open-source you will be just as enthusiastic about participating as we are.

Season of Docs is Google’s annual program that fosters collaboration between open-source project and tech writers.
The goal of this program is to provide a framework for technical writers and open source projects to work together towards the common goal of improving an open source project’s documentation. For technical writers who are new to open source, the program provides an opportunity to gain experience in contributing to open source projects. For technical writers who’re already working in open source, the program provides a potentially new way of working together. Season of Docs also gives open source projects an opportunity to engage more of the technical writing community.

During the program, technical writers spend a few months working closely with an open source community. They bring their technical writing expertise to the project’s documentation, and at the same time learn about the open source project and new technologies.

The open source projects work with the technical writers to improve the project’s documentation and processes. Together they may choose to build a new documentation set, or redesign the existing docs, or improve and document the open source community’s contribution procedures and on-boarding experience.[1],[2]

For those of you that are familiar with the Whonix wiki aka “A crash course in anonymity and security on the Internet” you’ll know why Season of Docs is such an extraordinary opportunity for both our project and open-source. As you know the Whonix wiki is a corner stone of our project which is why we put forth such an extensive amount of time and effort to ensure it stays relevant and up to date. Season of Docs presents an unique opportunity for our project to both enhance our(yours, mine, everyone’s) wiki and to give back by mentoring an up and coming technical writer from the greater open-source community

If you’re a technical writer that’s interested in submitting a project proposal check out the project ideas we have for you at our dedicated Season of Docs wiki. If you don’t find your perfect fit, but have a great project proposal we would be eager to hear about it. If you have any questions please don’t hesitate to contact us.

Do you know a tech writer that might be interested in Season of Docs? You can use this sample email message to give them the information they need to get started.

Whats made our project and wiki such a success over the years is the continuing involvement from our awesome community. And Season of Docs is no different. So if you would like to become involved with this years program and support open-source, and the Whonix project, it will make this first year of Season of Docs the one to remember and we can set the bar high for the coming years to come.

On behalf of the Whonix team we would like to thank you for all of your support and we look forward to your participation, feedback and unending enthusiasm for this years’ program.

[1] https://developers.google.com/season-of-docs/docs/
[2] Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.

Posts: 2

Participants: 2

Read full topic

21 April, 2019 10:54PM by @Patrick

hackergotchi for Ubuntu developers

Ubuntu developers

Kubuntu General News: Trusty 14.04 LTS end of life, and end of Kubuntu support for Xenial 16.04 LTS

As the newly released Kubuntu 19.04 makes its way into the world, inevitably other things come to their end.

Kubuntu 14.04 LTS was released in April 2014, and reaches ‘End of Life’ for support on 25th April 2019. All Kubuntu users should therefore switch to a newer supported release. Upgrades from 14.04 to a newer release are not advised, so please install a fresh copy of 18.04 or newer after running a backup of all your data.

Kubuntu 16.04 LTS was released on 21st April 2016, and was supported for Kubuntu for a period of year 3 years.* Kubuntu 16.04 LTS support therefore ends 21st April 2019, and users are invited to upgrade to 18.04 LTS, or perform a fresh install of that or newer release.

The Kubuntu team would thank users of both releases, especially for the amazing additional community support on IRC, forums, mailing lists, and elsewhere.

* https://lists.ubuntu.com/archives/ubuntu-release/2016-April/003704.html

21 April, 2019 09:59PM

hackergotchi for OSMC

OSMC

OSMC's Easter update is here with Kodi v18 (Leia)

It's been a while since we last posted an update. Kodi v18 was released at the end of January and since then we've been working on readying a stable release for OSMC supported devices. The Kodi Leia (v18) update is not available for Vero 1 (late 2015) users and we now consider the device to be end of life.

We'd like to thank those who have tested our nightly builds as well as pre-release test builds. We have now started to produce nightly builds for Kodi v19.

Kodi v18 comes with a large number of improvements, and you can learn more about the release from the official announcement. The main improvements for OSMC users are:

  • Retrogaming support
  • Stability fixes and improvements
  • Improved Live TV / PVR support
  • Support for DRM services, such as Amazon Prime Video and Netflix

We now endeavour to resume the monthly update cycle and will track Kodi v18 point releases in a timely manner.

We've also worked on a number of OSMC improvements. Here's what's new:

Bug fixes

  • Fix HDMI full range output setting on Vero 4K / 4k +
  • Fix an issue where the OSMC installer may display a blank screen when run on Vero 4K / Vero 4K +
  • Fixed an issue where Ethernet connectivity may stop working in low traffic (typically DHCPless) environments
  • Fix an issue caused by a lack of IDR frame which would cause some stuttering with some German Live TV services on Vero 4K / Vero 4K +
  • Reduced idle load for Vero 4K / Vero 4K +

Improving the user experience

  • Fix permissions so that GPIO can be accessed without root privileges
  • Added support for backing up Kodi profiles with the My OSMC backup add-on
  • Updated Pulse-Eight CEC library with a number of fixes for CEC quirks
  • Improved OSMC skin for Kodi Leia with new views and optimisations

Miscellaneous

  • Add support for forcing HDR10 output to displays that do not advertise support on Vero 4K / 4K +
  • Add support for serial port installation for Raspberry Pi with the OSMC installer
  • Added additional netfilter modules for Vero 4K / 4K +
  • Cleaned up Apple TV (1st generation) and Vero (late 2015) targets from build system

Database upgrade

Please be aware that this version of Kodi Leia uses a new database schema that is incompatible with older versions of Kodi. If you are using Kodi on other devices with a shared MySQL library, then you should ensure that those devices can also be upgraded to Kodi Leia as well before proceeding.

Add-on compatibility issues

Your skins or add-ons of choice may not necessarily be compatible with the new version of Kodi. You should check with the developer of any add-ons or skins before updating and enquire if there is a Leia compatible version. Most add-ons should work without issue, however Kodi's skinning engine has been significantly revamped in this version. We recommend that you switch to the OSMC skin before upgrading, then attempt to switch back to your skin of choice if you use a different skin.

You should also note that some add-ons may be disabled by default after upgrading. You can re-enable them manually to get them working again.

Wrap up

To get the latest and greatest version of OSMC, simply head to My OSMC -> Updater and check for updates manually on your exising OSMC set up. Of course — if you have updates scheduled automatically you should receive an update notification shortly.

If you enjoy OSMC, please follow us on Twitter, like us on Facebook and consider making a donation if you would like to support further development.

If you'd like to get the best OSMC experience, we recommend Vero 4K +, which allows you to enjoy HEVC, HDR10 and HD audio.

You may also wish to check out our Store, which offers a wide variety of high quality products which will help you get the best of OSMC. Our flagship device, Vero 4K + is currently on sale, which is a great way to get the best OSMC experience if you're after HDR10, HD audio and 4K HEVC support in a complete package.

Happy Easter!

21 April, 2019 06:11PM by Sam Nazarko

hackergotchi for Ubuntu developers

Ubuntu developers

Podcast Ubuntu Portugal: Ep. 54 – Disco com o Dingo

Mascote do Ubuntu 19.04 - Um dingo numa mesa de misturaDisco Dingo por Sylvia Ritter

As nossas aventuras, falámos do Ubuntu 19.04 Disco Dingo e da Ubucon Portugal 2019. Mas claro que também passámos pelas notícias, por alguns snaps e pela agenda.
Já sabes: ouve, subscreve e partilha!

  • https://www.youtube.com/watch?v=aJWSE7acl-Q
  • https://ubports.com/pt_PT/blog/ubports-blog-1/post/interview-with-jan-sprinz-217
  • https://matrix.org/blog/2019/04/11/security-incident/
  • https://snapcraft.io/mailspring
  • https://snapcraft.io/search?q=rambox
  • http://loco.ubuntu.com/events/ubuntu-pt/3825-encontro-ubuntu-pt-sintra-lan%C3%A7amento-disco-dingo/
  • https://ubuntu-paris.org/
  • https://summit.creativecommons.org/

Apoios

Este episódio foi produzido e editado por Alexandre Carrapiço (Thunderclaws Studios – captação, produção, edição, mistura e masterização de som) contacto: thunderclawstudiosPT–arroba–gmail.com.

Atribuição e licenças

A imagem de capa (Disco Dingo) foi criada por Sylvia Ritter, e é utilizada com a sua gentil e explicita permissão, podendo ser encontrada em: https://www.deviantart.com/sylviaritter/art/Disco-Dingo-786327017
Mais trabalhos feitos pela Sylvia Ritter, incluindo imagens de outras mascotes de releases de Ubuntu, podem também ser encontrados no seu sítio web: https://www.sylvia-ritter.com/
Podem apoiar o trabalho da Sylvia Ritter na sua página de Patreon em: https://www.patreon.com/sylviaritter
E podem também seguir nas redes sociais:

https://www.facebook.com/SylviaRitterArt

A música do Genérico: “Stringed Disco”, por Kevin MacLeod (incompetech.com), está licenciada com Creative Commons: By Attribution 3.0 License (http://creativecommons.org/licenses/by/3.0/)
https://incompetech.com/music/royalty-free/index.html?isrc=USUAN1100059

Este episódio está licenciado nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

21 April, 2019 08:52AM

Ubuntu Studio: Ubuntu Studio 18.04 Extended Support

Back in April 2018, Ubuntu Studio 18.04 was released as a non-LTS (Long-Term Support) version, which limited its support cycle to end January 2019. This was due to a number of factors, from the involvement of the team members at the time to the number of team members. In January 2019, the team came up […]

21 April, 2019 01:55AM

April 20, 2019

hackergotchi for Netrunner

Netrunner

Netrunner Rolling 2019.04 released

The Netrunner Team is happy to announce the immediate availability of Netrunner Rolling 2019.04 – 64bit ISO. Updated Base Compared to 2018.08 these are the main updates: KDE Plasma 5.15.3 KDE Frameworks 5.56 KDE Applications 18.12.3 Qt 5.12.2 Linux Kernel 4.19.32 LTS Firefox Quantum 66.0.3 with KDE integration (read more in this announcement) Thunderbird 60.6 […]

20 April, 2019 07:21PM by Netrunner Team

hackergotchi for Ubuntu developers

Ubuntu developers

Jonathan Carter: Debian project leader elections 2019

A few weeks ago, after a few days of internal turmoil on the matter, I committed to running for DPL.

The original nomination period was the week before, with no one stepping up for the position and with our current leader indicating that he wouldn’t be available to serve another term. This resulted in a bit of a knee-jerk reaction and slight panic, with threads popping up on the debian mailing lists pondering things like what a leaderless Debian would look like and whether we perhaps need more of a team than a single person to be the leader the project. There was also some discussion about burnout and whether it’s even fair to put so much pressure on a single person, and whether it’s possible to delegate more of the DPL’s responsibilities. The press also picked up on this and there were a few big stories on the matter that lead some to be slightly nervous on the matter.

Of course (as the LWN article pointed out), Debian’s constitution is quite thorough and has made provision for cases like these. If no one steps up, the nomination period is extended for another week, and it only took one such extension to produce 5 new candidates (of which one retracted soon afterwards due to time commitments).

I mentioned internal turmoil at the beginning of the post, this was because up until a few days before my self-nomination, I’ve been very confident, and consistently so for a very long time, that I never want to run for DPL. The work that I care about and spend most attention on doesn’t at all require me being a DPL. Also, having more responsibility in areas that I’d rather let others take care of sounded a bit daunting. I’d much rather spend time on technical and more general community issues than very specific interpersonal problems or administrative tasks like reading and approving budget proposals, sending out developer certificates, etc. On top of that, I was aware that running for DPL and opening myself like that means that I open myself to a very wide array of critique, that people might put everything I say under a microscope and try to tear it apart, and that running for DPL means being prepared for that.

Despite that turmoil, a small nagging part kept asking the questions “But what if?”, what if I were DPL, what would I do? What would I change? What would I do as DPL that would make Debian better, and better as a DPL than I just could as a normal debian developer? These questions helped form in my head what my platform would look like, why I wanted to run for DPL, and how the rest of my campaign would shaped up. This year is also unique for me compared to previous years in that I will actually have time over the next year to focus on DPL-like activities. That, combined with the plans that were shaping up that I’m very enthusiastic about, convinced me that it’s time to step up and proceed with my self-nomination.

Directly after the nomination period, the campaign period starts. There are surprisingly few rules (or even guidance) regarding the campaign period, the majority of it is where Debian developers (or anyone really, but mostly DDs) ask questions to the DPL candidates about their stance and policy on certain matters, how they plan to take action and often a few really tough hypothetical situations. Some questions even took advantage of the fact that April fools day falls in the campaign period, which led to some odd and interesting questions. Overall, I really enjoyed the campaign period. I was preparing myself for the worst case scenario before campaigning started, but what actually happened next astonished me. We had all kinds of Debian developers coming forward with high quality, productive discussions on all kinds of aspects which ranged from internal technical policies, how we work with upstreams, community matters, diversity, the DPL role itself, how Debian is changing and how to keep it relevant, community turnover, how we deal with money, how we market ourselves and so one. It was productive discussion and I enjoyed it.

Regardless of the outcome of this election, I’m very happy that I stepped up as a DPL candidate, and I’m very satisfied with how my campaign went and how I answered my questions. I’m also very happy that the elections turned out so vibrant and productive and I dare say even exciting. I hope that this will continue to happen for future elections, because it’s clear to me that a productive election period is good for the health of Debian.

In the future, someone may be reading this and ponder “Should I run for DPL?”. My advice would be to first take some stock and figure out if you’re at a place in your life where you can actually do that (Did you just start a new job? Would your employer support you? Did you recently get married, have kids? How’s your health? Can you afford to spend lots of unpaid time doing DPL work? etc…) and then also consider why you’d want to be DPL and what you’d like to achieve with such a role. If you weigh up all the aspects and it still feels right for you, then by all means go for it. In my opinion, even if you’re not elected you still help make Debian better by participating in the election process.

Voting closes in around 12 hours at the time of writing this. Good luck to all the candidates and thank you to everyone who participated in making this such a fantastic and surreal experience!

2019-04-21: Update: Congratulations to Sam Hartman who is our new DPL! We’ve been talking off-list throughout the election process and Sam knows he has my full support and we even plan to collaborate on certain areas, more news to follow in the near future.

20 April, 2019 12:00PM

April 19, 2019

Riccardo Padovani: Responsible disclosure: improper access control in Gitlab private project.

As I said back in September with regard to a responsible disclosure about Facebook, data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a practical side.

This issue was firstly reported on HackerOne and was managed on the Gitlab issues’ tracker. Both links are now publicly accessible.

Summary of the issue

  • Rogue user is added to a private group with dozens of projects
  • The user’s role in some projects changes
  • Rogue is fired, and removed from the group: they still have access to projects where their role was changed

The second step could happen for a lot of different reasons:

  • rogue is added as master - knowing this vulnerability, they decrease their privileges to stay in some projects (this is the only malicious one)
  • rogue is added as developer, but they become responsible for some projects, and are promoted to master role
  • rogue is added as reporter, and then they are promoted for a project, and so on.

When an admin removes a user from a private group, there is no indication that the user still has access to private projects, if their role was changed.

Impact

User can still see all resources of a project of a secret group after they have been removed from the parent’s group.

Timeline

  • 29 January 2018: First disclosure to Gitlab
  • 9 February 2018: Gitlab confirmed the issue and triaged it, assigning a medium priority
  • 25 February 2018: I ask for a timeline
  • 27 February 2018: They inform me they will update me with a timeline
  • 16 March 2018: Almost two months are passed, I ask again for a timeline or suggest to go public since administrators of groups can easily check and avoid this vulnerability
  • 17 March 2018: They inform me they will update me with a timeline, and ask to do not go public
  • Somewhere around December 2018: the team think the issue has been fixed, and close the internal issue - without communicating with me
  • 17 January 2019: I ask for an update - they will never reply to this message
  • 25 January 2019: the security team sees this is still an issue
  • 31 January 2019: the fix is deployed in production and publicly disclosed, without informing me
  • 5 March 2019: I ask again for another update
  • 12 March 2019: Gitlab says the issue has been fixed and awards me a bounty

Bounty

Gitlab awarded me a $2000 bounty award for the disclosure.

If you follow my blog, you know I deeply love Gitlab: I contribute to it, I write blog posts, and I advocate for it any time I can. Still, I think this experience was awful, to say the least. There was a total lack of communication by their side, they thought they fixed the issue the first time, but actually, it wasn’t fixed. If they had communicated with me, I would have double checked their work. After that, they deployed the fix and went public, without telling me. I was not interested in the bounty (for which I am grateful), I reported the issue because I care about Gitlab. Nonetheless, my love for Gitlab is still the same! I just hope they will improve this part of communication / contributing to Gitlab: in the last couple of years the community around the project grew a lot, and they are doing amazing with it, maybe the Community team should step in and help also the security community?

For any comment, feedback, critic, write me on Twitter (@rpadovani93) or drop an email at riccardo@rpadovani.com.

Regards,
R.

19 April, 2019 06:00PM

Jonathan Riddell: Kipi Plugins 5.9.1 Released

Kipi Plugins is a set of app plugins for manipulating images.  They use libkipi which is released as part of KDE Applications.  It used to get standalone releases and was then moved to be part of Digikam releases.  Since Digikam 6 they have been deprecated by Digikam in favour of their new plugin framework DPlugins.  While in KDE Frameworks the Purpose Framework is another newer project covering similar features.

However Kipi Plugins are still supported by KDE apps KPhotoAlbum, Gwenview, Spectacle so they shouldn’t disappear yet.

I’ve made a new release available for download now.

https://download.kde.org/stable/kipi-plugins/

Versioned 5.9.1 because it is little changed from the previous release done inside Digikam which was 5.9.0.

Tagged commit b1352149b5e475e0fbffb28a7b5fe13503f24dfe

Sha256 Sum: 04b3d31ac042b901216ad8ba67dafc46b58c8a285b5162b51189833f6d015542

Signed by me Jonathan Riddell <jr@jriddell.org>

This will become part of KDE Applications in its next release scheduled for August and will follow the KDE Applications version numbers.

Facebooktwitterlinkedinby feather

19 April, 2019 11:47AM

hackergotchi for Ubuntu

Ubuntu

Ubuntu 19.04 (Disco Dingo) released

Codenamed “Disco Dingo”, 19.04 continues Ubuntu’s proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs.

The Ubuntu kernel has been updated to the 5.0 based Linux kernel, our default toolchain has moved to gcc 8.3 with glibc 2.29, and we’ve also updated to openssl 1.1.1b and gnutls 3.6.5 with TLS1.3 support.

Ubuntu Desktop 19.04 introduces GNOME 3.32 with increased performance, smoother startup animations, quicker icon load times and reduced CPU+GPU load. Fractional scaling for HiDPI screens is now available in Xorg and Wayland.

Ubuntu Server 19.04 integrates recent innovations from key open infrastructure projects like OpenStack Stein, Kubernetes, and Ceph with advanced life-cycle management for multi-cloud and on-prem operations, from bare metal, VMware and OpenStack to every major public cloud.

The newest Ubuntu Budgie, Kubuntu, Lubuntu, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu are also being released today.

More details can be found for these at their individual release notes:

https://wiki.ubuntu.com/DiscoDingo/ReleaseNotes#Official_flavours

Maintenance updates will be provided for 9 months for all flavours releasing with 19.04.

To get Ubuntu 19.04

In order to download Ubuntu 19.04, visit:

http://www.ubuntu.com/download

Users of Ubuntu 18.10 will be offered an automatic upgrade to 19.04 if they have selected to be notified of all releases, rather than just LTS upgrades. For further information about upgrading, see:

http://www.ubuntu.com/download/desktop/upgrade

As always, upgrades to the latest version of Ubuntu are entirely free of charge.

We recommend that all users read the release notes, which document caveats, workarounds for known issues, as well as more in-depth notes on the release itself. They are available at:

http://wiki.ubuntu.com/DiscoDingo/ReleaseNotes

Find out what’s new in this release with a graphical overview:

http://www.ubuntu.com/desktop
http://www.ubuntu.com/desktop/features

If you have a question, or if you think you may have found a bug but aren’t sure, you can try asking in any of the following places:

#ubuntu on irc.freenode.net
http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
http://www.ubuntuforums.org
http://askubuntu.com

Help Shape Ubuntu

If you would like to help shape Ubuntu, take a look at the list of ways you can participate at:

http://community.ubuntu.com/contribute

About Ubuntu

Ubuntu is a full-featured Linux distribution for desktops, laptops, netbooks and servers, with a fast and easy installation and regular releases. A tightly-integrated selection of excellent applications is included, and an incredible variety of add-on software is just a few clicks away.

Professional services including support are available from Canonical and hundreds of other companies around the world. For more information about support, visit:

http://www.ubuntu.com/support

More Information

You can learn more about Ubuntu and about this release on our website listed below:

http://www.ubuntu.com

To sign up for future Ubuntu announcements, please subscribe to Ubuntu’s very low volume announcement list at:

http://lists.ubuntu.com/mailman/listinfo/ubuntu-announce

Originally posted to the ubuntu-announce mailing list on Thu Apr 18 13:13:39 UTC 2019 by Adam Conrad, on behalf of the Ubuntu Release Team

19 April, 2019 07:02AM by guiverc

April 18, 2019

hackergotchi for Cumulus Linux

Cumulus Linux

Campus design feature set-up : Part 2

To catch you up to speed quickly, I have a six-part blog series that will show you how to set up the CL 3.7.5 campus design feature: Multi-Domain Authentication. 

We’ll cover it all: Wired 802.1X Authentication using Aruba ClearPass, Wired MAC Authentication using Aruba ClearPass, Multi-Domain Authentication using Aruba ClearPass, Wired 802.1x using Cisco ISE, Wired MAC Authentication using Cisco ISE, and Multi-Domain Authentication using Cisco ISE.

In the last blog, I showed you how to enable wired 802.1X authentication in Cumulus Linux 3.7.5+ using Aruba ClearPass 6.7.x. In this second guide, I’ll be sharing is how to enable wired MAC Authentication in Cumulus Linux 3.7.5+ using Aruba ClearPass 6.7.x.

Keep in mind that this step-by-step guide assumes that you have already performed an initial setup of Aruba ClearPass.

Aruba ClearPass Configuration:

1. Add the Cumulus Switch to ClearPass

First, we are going to add this specific Cumulus Network switch to ClearPass. Go to the following:

Configuration > Network > Devices. Click “+Add” in the top right-hand corner

Fill in the appropriate IP Address, Description, and Shared Secrets. For simplicity sake, set the “Vendor Name” to “Cisco.”

2. Adding the Cumulus Switch to a Device Group

Configuration > Network > Device Groups. Click “+Add” in the top right-hand corner

We are going to move the “Cumulus OOB SW” from the left-hand, “Available Devices” column, over to the “Selected Devices” column.

Click the “Save” button.

All future Cumulus switches can be added to this Device Group and will inherit all of the upcoming configuration elements.

3. Add a Dynamic VLAN Enforcement Profiles

Configuration > Enforcement > Profiles. Click “+Add” in the top right-hand corner

On the “Profile” tab, select “VLAN Enforcement” from the “Template” drop down.

On the “Attributes” tab, click the “Enter VLAN” text and enter the numeric value for a VLAN on the switch

Here, I added the value “36” as the “Tunnel-Private-Group-Id:”

4. Add an Enforcement Policy

Configuration > Enforcement > Policies. Click “+Add” in the top right-hand corner

Select “RADIUS” as the “Enforcement Type.”

Select “[Deny Access Profile]” as the “Default Profile” from the drop-down menu.

On the “Rules” tab, we are going to create a specific rule for the VoIP phone with the Dynamic VLAN.

Set the following:

  •  Type = “Authentication”
  •  Name = “Username”
  • Operator = “EQUALS_IGNORE_CASE”
  • Value = <Wired MAC Address of Device>

A MAC Authenticated device will use its MAC Address as the username for the connection.

Under the “Profile Names”, select the “PoC – Cumulus Dynamic VLAN 36” that was created in the previous step.

Click the “Save” button in the bottom right-hand corner.

The Enforcement Policy should look like the above. Click the “Save” button in the bottom right-hand corner to continue.

5. Adding a wired MAC Authentication Service

Configuration > Service. Click “+Add” in the top right-hand corner

Set the following:

  • Type Dropdown = “MAC Authentication”
  • Name = “PoC – Cumulus Wired MAC Authentication”

Under the “Service Rules”, add the following:

  • Type = “Connection”
  • Name = “NAD-IP-Address”
  • Operator = “BELONGS_TO_GROUP”
  • Value = “Cumulus-Switches”

The “Value” is the name of the Device Group that was added in Step #2 above.

Under the “Service Rules”, remove the following:

  •  “Wireless-802.11 (19)” value from line #1 that contains “Radius:IETF : NAS-Port-Type”
  • The entry that contains “Radius:IETF : Service-Type : Belongs_To : Login-User (1), Call_Check (10)”

On the “Authentication” tab, add “[Allow All MAC Auth]” and remove “[MAC AUTH]” from the “Authentication Methods”

On the “Enforcement” tab, select the “PoC – Cumulus MAC Authentication Policy” that was created in step #4.

Click the “Save” button in the bottom right-hand corner.

Cumulus Linux wired MAC Authentication setup:

1. Testing an interface

I am going to be using “swp11” to test wired MAC Authentication.

net add interface swp11
net add bridge bridge ports swp11
net commit

2. Enabling wired MAC Authentication on swp11

Here are the following NCLU commands that I entered to configure wired MAC Authentication:

net add dot1x radius server-ip 10.10.102.252 vrf mgmt
net add dot1x radius client-source-ip 192.168.255.100
net add dot1x radius shared-secret cumulus11
net add dot1x send-eap-request-id
net add dot1x dynamic-vlan
net add interface swp11 dot1x mab
net commit

3. Modify the hostapd.conf file

The next step is to change the bottom two values in the /etc/hostapd.conf file from “=1” to “=0”

radius_das_require_event_timestamp=0
radius_das_require_message_authenticator=0

Restart the hostapd.service after making the above changes with the following command:

sudo systemctl restart hostapd.service

Verification and Troubleshooting

Plug in a wired VoIP phone into port swp11. Within 3CX, the SIP VoIP server in this test, the phone has come up and registered with the system:

On the Cumulus switch, the following commands will show the status of the swp11 interface:

net show dot1x interface swp11

Adding the “details” command will provide more information about the connected device:

net show dot1x interface swp11 details

Notice that the “Status Flags” report that this connection is using a “[DYNAMIC VLAN]” which is being sent from the ClearPass server. The “Server Flags” are also reporting “[MAB]”, which is the abbreviation for MAC Authentication Bypass.

Aruba ClearPass also provides a view of the MAC Authenticated connection through the Access Tracker:

Monitoring > Live Monitoring > Access Tracker

Clicking on the top entry within Access Tracker will open up the “Request Details” window

  1. Service – The request is hitting the “PoC – Cumulus Wired MAC Authentication” service that we created in ClearPass Step #5
  2. Authentication Method – ClearPass is reporting MAC-AUTH
  3. Enforcement Profiles – This service request is sending the “PoC – Cumulus Dynamic VLAN 36” down to the Cumulus Switch

Let’s examine the Enforcement Profile by clicking on the “Output” tab in the “Request Details”

  1. Enforcement Profile – We are sending the Dynamic VLAN 36 profile that we created in ClearPass Step #4
  2. Radius:IETF:Tunnel-Private-Group-Id – We are sending VLAN value “36” down to the Cumulus Switch as a Dynamic VLAN.

For further wired MAC Authentication802.1x troubleshooting, the link in the 802.1x Interface docs page is an invaluable resource.

In the next blog, we’ll move on to Multi-Domain Authentication using Aruba ClearPass. As always, be sure to take a look at some of the other tutorials we offer engineers where you can learn basic open networking commands and configurations, all the way up to advanced configurations. Wondering where a great place to start it? Check out our how-to videos.

18 April, 2019 07:38PM by Mike Courtney

hackergotchi for ARMBIAN

ARMBIAN

Nanopi R1

Debug serial console is enabled on UART0, which is located near mUSB port, mUSB console is also enabled for login Bluetooth is not yet enabled. One Ethernet device gets random MAC

18 April, 2019 06:49PM by Igor Pečovnik

hackergotchi for Ubuntu developers

Ubuntu developers

Xubuntu: Xubuntu 19.04 released!

The Xubuntu team is happy to announce the immediate release of Xubuntu 19.04!

Xubuntu 19.04 is a regular release and will be supported for 9 months, until January 2020. If you need a stable environment with longer support time, we recommend that you use Xubuntu 18.04 LTS instead.

The final release images are available as torrents and direct downloads from xubuntu.org/getxubuntu/

As the main server might be busy in the first few days after the release, we recommend using the torrents if possible.

We’d like to thank everybody who contributed to this release of Xubuntu!

Highlights and Known Issues

Highlights

  • Xubuntu 19.04 features a wide range of bug fixes for issues identified in previous releases, many of which have already been backported to the stable releases.
  • AptURL, The GIMP, and LibreOffice Impress have been included to provide a more complete and user-friendly desktop experience.
  • New keyboard shortcuts make it easier and faster to get work done. Shift + Print Screen will capture a screenshot for a specified region. Press F4 in Thunar to open a terminal window in the current path, or press Ctrl + Shift + F to search for files.
  • Many Xfce 4.13 components have been added or updated, providing an updated snapshot of Xfce 4.14 development.

Known Issues

  • If more than one instance of the Xfce Pulseaudio Plugin is added to the panel, volume notifications will be duplicated.
  • Tooltips can become unresponsive in the Xfce Task Manager. Usually a bit of movement will cause the tooltip to fade away.

For more obscure known issues, information on affecting bugs, bug fixes, and a list of new package versions, please refer to the Xubuntu Release Notes.

The main Ubuntu Release Notes cover both many of the other packages we carry and more generic issues.

Support

For support with the release, navigate to Help & Support for a complete list of methods to get help.

18 April, 2019 04:55PM

Lubuntu Blog: Lubuntu 19.04 (Disco Dingo) Released!

Thanks to all the hard work from our contributors, Lubuntu 19.04 has been released! With the codename Disco Dingo, Lubuntu 19.04 is the 16th release of Lubuntu and the second release of Lubuntu with LXQt as the default desktop environment. Support lifespan Lubuntu 19.04 will be supported for 9 months, until January 2020. If you […]

18 April, 2019 04:52PM

Kubuntu General News: Kubuntu 19.04 is released today

Kubuntu 19.04 has been released, featuring the beautiful Plasma 5.15 desktop from the KDE community.

Code-named “Disco Dingo”, Kubuntu 19.04 continues our proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution.

The team has been hard at work through this cycle, introducing new features and fixing bugs.

Under the hood, there have been updates to many core packages, including a new 5.00-based kernel, Qt 5.12, KDE Frameworks 5.56, Plasma 5.15.4, and KDE Applications 18.12.3

Kubuntu has seen some exciting improvements, with newer versions of Qt, updates to major packages like Krita, Kdeconnect, Kstars, Latte-dock, Firefox and LibreOffice, and stability improvements to KDE Plasma.

For a list of other application updates, upgrading notes and known bugs be sure to read our release notes:

https://wiki.ubuntu.com/DiscoDingo/ReleaseNotes/Kubuntu

Download 19.04 or read about how to upgrade from 18.10.

18 April, 2019 04:28PM

Ubuntu Podcast from the UK LoCo: S12E02 – Light Force

This week we have been upgrading disk drives (again) and playing Elite Dangerous. We discuss Mark’s homebrew Raspberry Pi based streaming box, bring you some command line love and go over your feedback.

It’s Season 12 Episode 02 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

rdfind ./somedir
  • And we go over all your amazing feedback – thanks for sending it – please keep sending it!

  • Image taken from Light Force published in 1986 for the ZX Spectrum by Faster Than Light.

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Toot us or Comment on our Facebook page or comment on our sub-Reddit.

18 April, 2019 02:00PM

Ubuntu Studio: Ubuntu Studio 19.04 Released!

The Ubuntu Studio team is pleased to announce the release of Ubuntu Studio 19.04, code-named “Disco Dingo”. This marks Ubuntu Studio’s 25th release, and is its largest and most feature-full release in a long while. This release is a regular release and as such, it is supported for 9 months. For those requiring longer-term support, […]

18 April, 2019 01:15PM

Ubuntu MATE: Ubuntu MATE 19.04 Final Release

Ubuntu MATE 19.04 is a modest upgrade over previous releases. If you want bug fixes and improved hardware support, particularly for NVIDIA GPU owners, then 19.04 is for you. Oh yeah, we've also made bespoke Ubuntu MATE 19.04 images for the GPD Pocket and GPD Pocket 2. Read on to learn more...

Ubuntu MATE 19.04
Ubuntu MATE 19.04 with the Mutiny layout

What changed since the Ubuntu MATE 18.10 final release?

Those of you who follow the desktop Linux news will know that upstream MATE Desktop recently released version 1.22.

Let's rip that band-aid off and get this over quickly. Ubuntu MATE 19.04 is shipping with MATE Desktop 1.20. Albeit, the latest maintenance release of MATE Desktop 1.20 with some of the bug fixes and new features from MATE Desktop 1.22 included. In fact, the version of MATE Desktop being shipped in 19.04 is derived from the same MATE packages that will feature in the upcoming Debian 10 (Buster) release.

You may be wondering why we're not shipping MATE Desktop 1.22? The answer, stability. MATE Desktop 1.22 introduces some underlying API changes in core components and while all first party MATE Desktop applications are compatible with the changes and completely stable, some third party applications are not. Some third party applications are big crashers now and we've not been able to fix them in time.

So, we are playing it safe and sticking with MATE Desktop 1.20 and working with upstreams so we can land MATE Desktop 1.22 early in the Ubuntu MATE 19.10 development cycle.

NVIDIA Drivers

During the Ubuntu 18.10 development cycle the Linux kernel, firmware, Mesa and Vulkan were all updated to ensure we offered the best possible support for sipping AMD GPUs. During the 19.04 cycle AMD support has been uplifted again but we have also improved the "out of box" experience for NVIDIA GPU owners too.

If you have an NVIDIA GPU connected to your computer and select Install third-party software for graphics and Wi-Fi hardware during installation, the NVIDIA proprietary drivers will be installed.

Third party drivers

Post install, the proprietary NVIDIA drivers are installed and configured. To confirm this, open a terminal and run nvidia-smi. Ubuntu MATE users with laptops that support hybrid graphics will see the MATE Optimus hybrid graphics applet displaying the NVIDIA logo.

MATE Optimus - hybrid graphics switcher

MATE Dock Applet

MATE Dock Applet has been updated to 0.88 which introduces some new visual options, based on the look of the Unity desktop. As seen in the screenshot at the start of this post, this has been used in the Mutiny layout to further mimic Unity 7.

Remote Desktop Awareness

Our MATE Desktop 1.20 packages ship with patches to support Remote Desktop Awareness (RDA). RDA makes MATE Desktop more aware of its execution context so that it behaves differently when run inside a remote desktop session compared to when running on local hardware. Different remote technology solutions support different features and they can now be queried from within MATE components. The inclusion of RDA offers the option to suspend your remote connection; supports folder sharing in Caja; MIME type bindings for SSHFS shares and allows session suspension via the MATE screensaver.

GPD Pocket

Alongside the generic image for 64-bit Intel PCs, we're also releasing bespoke images for the GPD Pocket and GPD Pocket 2. These include hardware specific tweaks to get these devices working "out of the box" without any faffing about. See our GPD Pocket page for more details.

Major Applications

Accompanying MATE Desktop 1.20.4 and Linux 5.0.0 are Firefox 66.0.3, VLC 3.0.6, LibreOffice 6.2.2.2 and Thunderbird 60.6.1.

Major Applications

See the Ubuntu 19.04 Release Notes for details of all the changes and improvements in Ubuntu that Ubuntu MATE benefits from.

Download Ubuntu MATE 19.04

Our download page makes it easy to acquire the most suitable build for your hardware.

Download

Upgrading from Ubuntu MATE 18.04 or 18.10

  • Open the "Software & Updates" from the Control Center.
  • Select the 3rd Tab called "Updates".
  • Set the "Notify me of a new Ubuntu version" dropdown menu to "For any new version".
  • Press Alt+F2 and type in update-manager -c into the command box.
  • Update Manager should open up and tell you: New distribution release '19.04' is available.
    • If not, you can use /usr/lib/ubuntu-release-upgrader/check-new-release-gtk
  • Click "Upgrade" and follow the on-screen instructions.

Known Issues

Here are the known issues.

Ubuntu MATE

  • Nothing significant.

Ubuntu family issues

This is our known list of bugs that affects all flavours.

You'll also want to check the Ubuntu MATE bug tracker to see what has already been reported. These issues will be addressed in due course.

Feedback

Is there anything you can help with or want to be involved in? Maybe you just want to discuss your experiences or ask the maintainers some questions. Please come and talk to us.

18 April, 2019 12:00PM

hackergotchi for LiMux

LiMux

Besserer Service dank professionellem Geschäftsprozessmanagement

Sie wünschen sich von Ihrer Stadtverwaltung, dass sie Ihre Anliegen zügig erledigt? Sie erwarten aber auch, dass sie sparsam mit Geldmittel und Ressourcen umgeht? Professionelles Geschäftsprozessmanagement bringt beide Ziele nachhaltig voran. Wachsende Bevölkerung, steigende Anforderungen … Weiterlesen

Der Beitrag Besserer Service dank professionellem Geschäftsprozessmanagement erschien zuerst auf Münchner IT-Blog.

18 April, 2019 04:53AM by Stefan Döring

hackergotchi for Ubuntu developers

Ubuntu developers

Sean Davis: Xubuntu 19.04: The Exhaustive Update

Xubuntu 19.04 “Disco Dingo” is just around the corner. It features numerous updates and an updated snapshot of Xfce 4.14 development. If you want to see all the changes, you’ve come to the right place!

What’s New?

Click here for a complete list of package changes.

Changes to the Xubuntu Packageset

Orage and Quick Launcher, Gone!
  • Orage Calendar is no longer included. This decision comes following a team vote during the November community meeting.
  • Xfce Quick Launcher Plugin has been removed from the Debian and Ubuntu archives due to it no longer being supported.
AptURL Now Included!
Installing a package with AptURL.

AptURL provides an easy way to link to and install packages from the repositories. It supports most browsers and works without any additional configuration when installed. Anytime you see an apt:// link on the internet, just click and install. For example, why not install Super Tux Kart?

 

GIMP Returns!

It’s back! Not seen in Xubuntu since 15.04 “Vivid Vervet”, GIMP (GNU Image Manipulating Program), the powerful and feature-packed image editor has been added back to Xubuntu 19.04. While it has a bit of a learning curve, there’s a number of tutorials on gimp.org to get you up to speed.

LibreOffice Impress Has Finally Arrived!
Make great presentations in moments with LO Impress.

With the addition of LibreOffice Impress, the Xubuntu office suite is now complete! Impress makes it possible for users to quickly and easily produce and present high-quality presentations. It comes with a number of great templates already installed, and hundreds more at the LibreOffice Extensions website.

 

Updates to Existing Components

This list will quickly highlight some of the biggest changes in each new update.

Atril Document Viewer (1.20.2-1 to 1.20.3-1)
  • Support was added for RAR-compressed comic archives
  • Files are now saved in the same path they are opened from
Catfish File Search (1.4.6-1 to 1.4.7-1)
  • The classic layout returns to Xfce and Xubuntu.

    All documented URLs were replaced with HTTPS where possible

  • The window layout now respects the current desktop environment, displaying Client Side Decorations (CSD) for desktops that prefer them and traditional titlebar layouts for all other desktops (Xfce #14486)
  • Files can now be dragged from Catfish into other applications, copying or opening the file based on the target application (Xfce #14492)
  • A number of performance improvements were made to guarantee a snappier, more efficient search
elementary Xfce Icon Theme (0.13.1-1 to 0.13.1-1ubuntu1)
  • The icon theme now correctly inherits from the Adwaita icon theme, fixing some issues  with KDE applications (LP #1787989)
Exo (0.12.2-1 to 0.12.4-1)
  • Highlighting fixes are a welcome graphical improvement.

    The thumbnail directory was updated to align with other applications, reducing file duplication and speeding up the desktop (Xfce #14799)

  • Improved icon view highlighting with GTK 3, with items now highlighted in the current theme’s selection color (Xfce #14971)
  • Improved positioning of the icon view type-ahead search, the search overlay will now always be displayed on-screen (Xfce #14994)
Garcon (0.6.1-2 to 0.6.2-1)
  • All application menu items are now rendered at the same size (Xfce #13785)
  • Added support for the Keywords key in desktop entries (Xfce #10683)
  • Added support for composite XDG_CURRENT_DESKTOP variables (Xfce #14137)
Gigolo (0.4.2-2 to 0.4.91-0ubuntu1)
  • Ported to GTK 3! 🎉
  • Improved appearance of various dialogs
  • Improved sizing for the icon view
Greybird GTK Theme (3.22.9-0ubuntu1 to 3.22.10-1)
  • Even the print dialog looks better in Greybird!

    Improved appearance of the print dialog (GH #238) and Xfce Terminal’s tabs (GH #184)

  • Improved margins and padding for the Xfce Panel’s Tasklist plugin (GH #240)
  • Improved sizing of the Alt-Tab dialog (GH #224)
LibreOffice Elementary Style (1:6.1.2-0ubuntu1 to 1:6.2.2-0ubuntu2)

I feel like this update deserves a special mention. rizmut did an amazing job refreshing the elementary theme and making it consistent everywhere.

  • Blurry icons are blurry no more
  • Icons were updated to meet the elementary HIG
  • Icons were made consistent between sizes, and a 32px size variant was added
  • Numerous icons were added for various commands and menu options
  • Support for the Notebookbar layout was vastly improved
MATE Calculator (1.20.2-1 to 1.20.3-1)
  • Equations can now be entered using MathML
  • Equations are copied from the calculator as ASCII text
Mugshot (0.4.0-1 to 0.4.1-1)
  • Mugshot in the Setting Manager, where it belongs.

    Fixed loading of user-specified initials (LP #1574239)

  • Fixed TypeError crash at startup (LP #1443283)
  • Fixed FileNotFoundError crash when comparing profile images (LP #1771629)
  • Added Mugshot to the Xfce Settings Manager, Personal Settings (LP #1698626)
Parole Media Player (1.0.1-1build1 to 1.0.2-0ubuntu1)
  • Fixed various issues with disabling plugins (LP #1698540)
  • Fixed play button sensitivity items are added to playlist (Xfce #13724, LP #1705243)
Ristretto Image Viewer (0.8.3-1 to 0.8.4-0ubuntu1)
  • Fixed thumbnail generation (Xfce #13419)
  • Fixed memory leak related to thumbnail generation (Xfce #12034)
  • Fixed opening of PPM files (Xfce #14709)
  • Added file size to the status bar (Xfce #14791)
Thunar (1.8.1-1 to 1.8.4-1ubuntu1)
  • Skip the trash bin and delete files forever!

    Numerous crashes were fixed, making the file manager substantially more stable

  • Fixed USB drives being mounted with root permissions (Xfce #14719)
  • Fixed high CPU load when parent directories are not readable (Xfce #14900)
  • The spinner will no longer keep spinning after the user cancels an unmount action (Xfce #14539)
  • Fixed expansion of the “Create Document” submenu (LP #1822380)
  • A new preference was added to open new Thunar instances as tabs (Xfce #13314)
  • A new preference was added to enable the “Permanently Delete” option in the context menu (Xfce #13327)
  • Ctrl + = was added as an alternative accelerator for Zoom In (Xfce #14586)
  • Ctrl + PgUp / PgDown was added to switch tabs (Xfce #9585)
Thunar Archive Plugin (0.4.0-1 to 0.4.0-2)
  • Support was added for the Engrampa Archive Manager (Debian #911370)
Thunar Volume Manager (0.8.1-2build1 to 0.9.1-1)
  • Ported to GTK 3! 🎉
  • Added support for Blu-Ray media (Xfce #13297)
  • Automatic browsing of removable media now respects the default file manager (Xfce #9537)
  • Notifications are now transient, reducing notification log spam
Xfce Application Finder (4.12.0-2ubuntu3 to 4.13.2-1)
  • Without the category panel, things are much tidier!

    Ported to GTK 3! 🎉

  • Menu items without a name are no longer displayed (Xfce #14655)
  • Applications can now be launched by pressing Enter once (Xfce #14469)
  • The Application Finder will no longer crash when toggling bookmarks (Xfce #14134)
  • A new preference was added to hide the category panel (Xfce #14893)
  • Searches are now fuzzy (Xfce #10393)
  • Improved application sorting and keyboard navigation
Xfce Desktop (4.13.2-0ubuntu1 to 4.13.3-0ubuntu2)
  • Added orientation option for icon arrangement (Xfce #14979)
  • Added support for the RandR primary monitor (Xfce #10688)
  • Added integration for the AccountsService wallpaper
  • Fixed crash with monitor changes (Xfce #14609)
  • Fixed icon size in the “Open With” submenu (Xfce #14774)
Xfce Dictionary (0.8.1-0ubuntu1 to 0.8.2-1)
  • Crashes related to invalid URLs were resolved (Xfce #14786)
  • Web search links are only displayed when URLs are valid
  • The link tooltip is now escaped, fixing display issues
Xfce Notifications (0.4.2-0ubuntu3 to 0.4.3-1)
  • The fadeout preference is now correctly displayed (LP #1763674)
Xfce Panel (4.13.3-1ubuntu1 to 4.13.4-1ubuntu1)
  • Specify the maximum icon size for improved control.

    Added per-panel icon size preferences

  • Numerous improvements to plugin display and sizing issues
  • Added support for alternative menu editors, with MenuLibre as default (Xfce #11684)
  • Fixed issues with clicking panel items at the top or left of the screen (LP #1795135)
  • Fixed space reservation on the bottom and right of the screen (Xfce #14886)
  • Fixed crashes in the Directory Menu plugin and when removing certain plugins (Xfce #14418)
  • Fixed alignment of various plugin menus (Xfce #14803)
  • Fixed display of the binary clock
Xfce Screenshooter (1.9.3-1 to 1.9.5-1)
  • Added width and height to the region select overlay (Xfce #12664)
  • Fixed delay functionality in the panel plugin (Xfce #14604)
  • Fixed saving screenshots from the panel plugin (Xfce #15187)
  • Improved Imgur upload results dialog (Xfce #14973)
  • Improved support when XInput is not available (Xfce #15166)
  • Improved support for HiDPI displays
Xfce Session (4.12.1-3ubuntu4 to 4.12.1-6ubuntu1)
  • Replaced packaging recommendation on Xscreensaver with Light Locker (LP #1754872)
  • Added support for MATE Screensaver and Xfce Screensaver
Xfce Settings (4.13.4-1ubuntu1 to 4.13.4-1ubuntu2)
  • Fixed scrolling in the Settings Manager (LP #1653448)
Xfce System Load Plugin (1:1.2.1-0ubuntu1 to 1:1.2.2-1ubuntu1)
  • Reworked preferences dialog (still functionally the same)
  • The default update interval was updated to 0.5 seconds (Xfce #13536)
Xfce Task Manager (1.2.1-1 to 1.2.2-1)
  • Builds now default to GTK 3, with GTK 2 being removed in the next release
  • Improved UTF-8 normalization (Xfce #14172)
  • Fixed crash when closing processes (Xfce #14466)
Xfce Terminal (0.8.7.4-0ubuntu1 to 0.8.7.4-2ubuntu1)
  • Improved support for longer and more complex URLs
Xfce Weather Plugin (0.8.10-1build1 to 0.9.1-0ubuntu1)
  • Now with an adaptive forecast background!

    Port to GTK 3!

  • HTTPS is now used for all network connections (Xfce #13645)
  • The latest Sunrise API (version 2.0) is now used (Xfce #14972)
  • The displayed weather icon now respects the panel icon size
  • Improved forecast background with both dark and light themes
  • Improved spacing in the preference and forecast dialogs
Xfce Whisker Menu Plugin (2.2.1-1 to 2.3.1-1)
  • Fixed crash when the menu is reloaded
  • Fixed sidebar being wider than categories without icons
  • Added buttons for individual logout commands (Xfce #14639)
  • Added option to stay visible when focus is lost (Xfce #12240)
  • Improved spacing in the preferences dialog (Xfce #14683)
Xubuntu Artwork (18.10.3 to 19.04)
  • New desktop wallpaper for 19.04
  • New release-agnostic wallpaper for Plymouth (see below tweet for a video)

Xubuntu Default Settings (18.10.2 to 19.04.1)
  • Added F4 accelerator to open a Terminal in Thunar (LP #1793395)
  • Added Ctrl + Shift + F accelerator to open Catfish File Search from Thunar (LP #1793395)
  • Added Shift + Print accelerator to capture a region screenshot (LP #1812234)
  • Added GNOME/GTK 3 dconf keys for fonts (LP #1769774)
  • Added support for startup notifications in Thunar’s custom actions (LP #1794118)
  • The default inactivity mode is now set to Suspend on AC and Battery (LP #1768038)

Wrapping Up

You’re still here after all that, amazing! Excited about Xfce or Xubuntu, and want to help out? Share this post on your favorite social media and let everybody know how much you love our work. If you want to contribute (and anybody can, really!), check out the Xubuntu contributor documentation to learn how to get started.

18 April, 2019 04:03AM

April 17, 2019

hackergotchi for Purism PureOS

Purism PureOS

Purism’s Librem 5 Progress in Videos

The Purism team is making a remarkable progress to deliver the Librem 5 phone.

Nothing shows the progress we have been making quite as clearly as a demonstration of the Librem 5 status from the devkit itself – so let us take you through a handful of (short) videos showcasing the current possibilities and development of our Librem 5 devkit:

Bootup in under 10 seconds

In this video we get to witness the devkit’s amazingly fast bootup – less than 10 seconds!

Incoming call

Here we are, receiving a voice call on the Librem 5 devkit.

SMS text messaging in chat application

Using the Librem 5 chat application to send and receive sms text messages (and hello world).

Web browsing and video playback

You can now browse the web, choose a video and watch it play.

Librem 5 devkit to devkit calling

And finally, the really awesome one that never fails to amaze: voice calling from devkit to devkit.

That’s it for now, we hope you are as happy about what you’ve just seen as we all are.

 


You can pre-order your Librem 5 phone now

17 April, 2019 03:10PM by Todd Weaver

hackergotchi for SparkyLinux

SparkyLinux

qt-fsarchiver

There is a new tool available for Sparkers: qt-fsarchiver

What is qt-fsarchiver?

Back up and restore partitions for Debian,Ubuntu, Linux-Mint, Suse and Fedora. qt-fsarchiver a program with a Qt based graphical interface for easy operation the archiving program fsarchiver. qt-fsarchiver has been split into a program with a graphical user interface and a terminal program.

Installation:
If you have a deb package of qt-fsarchive downloaded from the project page and installed – uninstall it before installing a new one from Sparky repos:
sudo apt purge qt-fsarchiver qt4-fsarchiver qt5-fsarchiver
sudo apt update
sudo apt install qt-fsarchiver

or via the latest version of Sparky APTus 0.4.18.
The tool is available for Sparky 4/Debian Stretch and Sparky 5/Debian Buster 32 and 64 bit.
Let me know if you find any problem with installation or using the new tool, please.

qt-fsarchiver

The qt-fsarchiver project page: github.com/DieterBaum/qt-fsarchiver
Copyright (C) 2008-2018 Francois Dupoux and Dieter Baum; it is licensed under the GNU General Public License v3.0

 

17 April, 2019 12:59PM by pavroo

hackergotchi for Ubuntu developers

Ubuntu developers

James Page: OpenStack Stein for Ubuntu 18.04 LTS

The Ubuntu OpenStack team at Canonical is pleased to announce the general availability of OpenStack Stein on Ubuntu 18.04 LTS via the Ubuntu Cloud Archive. Details of the Stein release can be found here.

You can enable the Ubuntu Cloud Archive pocket for OpenStack Stein on Ubuntu 18.04 LTS installations by running the following commands:

    sudo add-apt-repository cloud-archive:stein
    sudo apt update

The Ubuntu Cloud Archive for Stein includes updates for:

aodh, barbican, ceilometer, ceph (13.2.4), cinder, designate, designate-dashboard, glance, gnocchi, heat, heat-dashboard, horizon, ironic, keystone, magnum, manila, manila-ui, mistral, murano, murano-dashboard, networking-bagpipe, networking-bgpvpn, networking-hyperv, networking-l2gw, networking-odl, networking-ovn, networking-sfc, neutron, neutron-dynamic-routing, neutron-fwaas, neutron-lbaas, neutron-lbaas-dashboard, neutron-vpnaas, nova, nova-lxd, octavia, openstack-trove, openvswitch (2.11.0), panko, sahara, sahara-dashboard, senlin, swift, trove-dashboard, vmware-nsx, watcher, and zaqar.

For a full list of packages and versions please refer to the Stein UCA version report.

Python 3

The majority of OpenStack packages now run under Python 3 only; notable exceptions include Swift.  Python 2 packages are no longer provided for the majority of projects.

Branch package builds

If you would like to try out the latest updates to branches, we deliver continuously integrated packages on each upstream commit-ish via the following PPA’s:

    sudo add-apt-repository ppa:openstack-ubuntu-testing/rocky
    sudo add-apt-repository ppa:openstack-ubuntu-testing/stein

Reporting bugs

If you have any issues please report bugs using the ‘ubuntu-bug’ tool to ensure that bugs get logged in the right place in Launchpad:

sudo ubuntu-bug nova-conductor

Thanks to everyone who has contributed to OpenStack Stein, both upstream and downstream. Special thanks to the Puppet OpenStack modules team and the OpenStack Charms team for their continued early testing of the Ubuntu Cloud Archive, as well as the Ubuntu and Debian OpenStack teams for all of their contributions.

Have fun and see you all for Train!

Cheers

James

(on behalf of the Ubuntu OpenStack team)

17 April, 2019 10:50AM

Erich Eickmeyer: One Year Leading Ubuntu Studio

I hardly know how to describe this entire past year. If I had one word to describe it, that would be “surreal.”
Just a little over a year ago, I answered a call to put together a council for Ubuntu Studio. The project leader at the time couldn’t commit the time to lead, and the project was failing. As someone who was using open source software for audio production at the time, and at the time using Fedora Jam, I saw Ubuntu Studio as too important of a project to let die. I just had no idea how dire the situation was, or how it had even ended up that way.
With the release of 18.04 LTS Beta around the corner, I knew something had to be done, and fast. So, I jumped-in, feet first.
Ubuntu Studio, as it turns out, was on life support. It hadn’t been worked on, save a few bugfixes here and there, for two years. Many considered it a dead project, but somehow, the plug never got pulled. I was determined to save it.
I had many connections and sought a lot of advice. We got the council going, and since I was running the meetings, I became the chair. Then, I acted as the release manager. However, I wasn’t quite comfortable with signing-off on a release that would be supported for three years. I was advised by those already involved with the Ubuntu release team that it might be a good idea to have Ubuntu Studio 18.04 be a non-LTS. I presented this idea to the council, and they agreed.
Ubuntu Studio 18.04 “Bionic Beaver” was released as a non-LTS. The community was unhappy with this decision since now that meant those that only use LTS, especially in professional applications, were feeling left out. Eventually we figured out a solution, but not until much later, and that became the Ubuntu Studio Backports PPA.
During the 18.10 release cycle, we got the development ball rolling again. Len Ovens worked on a new version of Ubuntu Studio Controls that would do something that no other tool for configuring audio on Linux had been done before: adding/removing USB devices from the Jack Audio Connection Kit (Jack) as they are hotplugged, and allowing Jack to use more than one audio device simultaneously. It’s truly something that can revolutionize how audio is done with Linux. Eylul Dogruel made an amazing backdrop wallpaper, originally intended for 18.04. She and Thomas Pfundt helped with the Ubuntu Studio Wallpaper Contest, the winners of which landed in 18.10.
We had a vision during that release cycle of adding an additional desktop environment. Unfortunately, that turned out to be more work than it was worth. So, we scrapped that idea and instead of bringing a new desktop environment to Ubuntu Studio, we decided the opposite should happen: bring Ubuntu Studio to the other desktop environments. This manifested in a repurposing of the Ubuntu Studio Metapackage Installer. Len and I worked on this, renamed it to the Ubuntu Studio Installer, and got something working for the 19.04 release. Now, Ubuntu Studio has become an operating system and a toolkit.
Then there was the vision to add more tools to Ubuntu Studio and replace some old ones. The Calf Studio Gear plugins were outdated in 18.04 and 18.10. Working with Ross Gammon, we got that fixed upstream in Debian, which then trickled-down and landed in 19.04. Then there was the challenge to add Carla, an audio plugin host and patchbay, to the Ubuntu repositories. In the past this had been prohibitive. It took me almost a year, but I finally got it packaged (with the help of the upstream developer, Ross, and several others in the Ubuntu community). Now, it’s available in 19.04.
Unfortunately, we had done all of this work, but had nobody to upload to the Ubuntu repositories. I started speaking out. When I got no response, I escalated things. Eventually, it got to a member of the technical board who, upon hearing that Ubuntu Studio had no uploaders, realized that it was not able to function as an official flavor. Remember that life support Ubuntu Studio was on? Ubuntu Studio had just gone “Code Blue.” Ubuntu Studio was about to die.
Within a week, Ross and I were able to get upload privileges for the key parts of Ubuntu Studio. Then, two weeks later, Ross got upload privileges to the Ubuntu Studio Package Set, which is everything in Ubuntu Studio not shared with other flavors.  With that, Ubuntu Studio has made a big recovery.
What’s next? Len and I agree that we’d like to make it so that nobody who runs Ubuntu Studio thinks they need to add the KXStudio repositories to have a complete audio setup. We want to keep making it a full-fledged audio, graphics, photography, and video workstation. We want to be the choice for creative-types everywhere. We just hope others want to join us on this journey.
As for myself, I cannot tell you how much “Imposter Syndrome” I’ve experienced. Oftentimes, I don’t believe I’m deserving of such a high leadership position within the Ubuntu community. Me, and audio engineer / video producer / photographer from Microsoft’s back yard, would be leading the world’s most popular multimedia creation operating system. Surely, others are more qualified. Yet, here I am. It’s a good thing others believe in me, even when I can’t.
So a special thanks to those people (in no particular order): Len Ovens, Eylul Dogruel, Thomas Pfundt, Set Hallstrom, Ross Gammon, Simon Quigley, Valorie Zimmerman, Dustin Krysak, Martin Wimpress, Alan Pope, Jeremy Bicha, Walter Lapchynski, Mathieu Truedel-Lapierre, Thomas Ward, Keefe Bieggar, and anybody else I’ve missed.
And of course, thanks to my wife and son who have had to put up with me though all of this geeking-out.
Here’s to another year.

17 April, 2019 05:29AM

hackergotchi for Qubes

Qubes

Qubes Tor onion services are available again!

We previously announced that the Qubes Tor onion services were no longer being maintained due to lack of resources. However, Unman generously agreed to bring them back, and they’re now available once again!

Here are the new onion service URLs:

Website:   www.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
Yum repo:  yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
Deb repo:  deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
ISOs:      iso.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion

Soon, you will be able to get the new, correct repo definitions just by updating dom0 and your TemplateVMs. However, if you can’t wait, you can edit your repository definitions by following the instructions below.

Instructions

Follow these instructions only if you wish to update dom0 and your TemplateVMs over Tor (via sys-whonix). This is an opt-in feature. If, instead, you wish to update over your regular network connection (aka “clearnet”), or if you are not sure, then do not follow these instructions.

In order to use the new onion services, you must ensure that every line that contains an onion address uses the appropriate new address above. We’ll go through this for dom0, Fedora templates, Debian, and Whonix templates. For additional information, see Onionizing Repositories on the Whonix wiki.

dom0

  1. In dom0, open /etc/yum.repos.d/qubes-dom0.repo in a text editor.

  2. Comment out all the baseurl = https://yum.qubes-os.org/[...] and metalink lines.

  3. Uncomment all the baseurl = [...].onion lines.

  4. Update every .onion address to yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion. The affected lines should look like this:
    #baseurl = https://yum.qubes-os.org/r$releasever/current/dom0/fc25
    baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/current/dom0/fc25
    #metalink = https://yum.qubes-os.org/r$releasever/current/dom0/fc25/repodata/repomd.xml.metalink
    
  5. Open /etc/yum.repos.d/qubes-templates.repo in a text editor and repeat steps 2-4.

  6. In Qubes Global Settings, set Dom0 UpdateVM to sys-whonix.

Fedora TemplateVMs

  1. In the TemplateVM, open /etc/yum.repos.d/qubes-r4.repo in a text editor.

  2. Comment out every line that contains yum.qubes-os.org.

  3. Uncomment every line that contains .onion.

  4. Update every .onion address to yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion. The affected lines should look like this:
    #baseurl = https://yum.qubes-os.org/r4.0/current/vm/fc$releasever
    baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/current/vm/fc$releasever
    
  5. In dom0, ensure that the first non-comment line in /etc/qubes-rpc/policy/qubes.UpdatesProxy is:
    $type:TemplateVM    $default    allow,target=sys-whonix
    

Debian & Whonix TemplateVMs

  1. In the TemplateVM, open /etc/apt/sources.list.d/qubes-r4.list in a text editor.

  2. Comment out every line that contains deb.qubes-os.org.

  3. Uncomment every line that contains .onion.

  4. Update every .onion address to deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion. The affected lines should look like this:
    # Main qubes updates repository
    #deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm stretch main
    #deb-src https://deb.qubes-os.org/r4.0/vm stretch main
    
    
    # Qubes Tor updates repositories
    # Main qubes updates repository
    deb [arch=amd64] http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm stretch main
    #deb-src http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm stretch main
    
  5. In dom0, ensure that the first non-comment line in /etc/qubes-rpc/policy/qubes.UpdatesProxy is:
    $type:TemplateVM    $default    allow,target=sys-whonix
    

17 April, 2019 12:00AM

April 16, 2019

hackergotchi for Ubuntu developers

Ubuntu developers

Jamie Strandboge: Cloud images, qemu, cloud-init and snapd spread tests

It is useful for testing to want to work with official cloud images as local VMs. Eg, when I work on snapd, I like to have different images available to work with its spread tests.

The autopkgtest package makes working with Ubuntu images quite easy:

$ sudo apt-get install qemu-kvm autopkgtest
$ autopkgtest-buildvm-ubuntu-cloud -r bionic # -a i386
Downloading https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img...
# and to integrate into spread
$ mkdir -p ~/.spread/qemu
$ mv ./autopkgtest-bionic-amd64.img ~/.spread/qemu/ubuntu-18.04-64.img
# now can run any test from 'spread -list' starting with
# 'qemu:ubuntu-18.04-64:'

This post isn’t really about autopkgtest, snapd or spread specifically though….

I found myself wanting an official Debian unstable cloud image so I could use it in spread while testing snapd. I learned it is easy enough to create the images yourself but then I found that Debian started providing raw and qcow2 cloud images for use in OpenStack and so I started exploring how to use them and generalize how to use arbitrary cloud images.

General procedure

The basic steps are:

  1. obtain a cloud image
  2. make copy of the cloud image for safekeeping
  3. resize the copy
  4. create a seed.img with cloud-init to set the username/password
  5. boot with networking and the seed file
  6. login, update, etc
  7. cleanly shutdown
  8. use normally (ie, without seed file)

In this case, I grabbed the ‘debian-testing-openstack-amd64.qcow2’ image from http://cdimage.debian.org/cdimage/openstack/testing/ and verified it. Since this is based on Debian ‘testing’ (current stable images are also available), when I copied it I named it accordingly. Eg, I knew for spread it needed to be ‘debian-sid-64.img’ so I did:

$ cp ./debian-testing-openstack-amd64.qcow2 ./debian-sid-64.img

I then resized it. I picked 20G since I recalled that is what autopkgtest uses:

$ qemu-img resize debian-sid-64.img 20G

These are already setup for cloud-init, so I created a cloud-init data file (note, the ‘#cloud-config’ comment at the top is important):

$ cat ./debian-data
#cloud-config
password: debian
chpasswd: { expire: false }
ssh_pwauth: true

and a cloud-init meta-data file:

$ cat ./debian-meta-data
instance-id: i-debian-sid-64
local-hostname: debian-sid-64

and fed that into cloud-localds to create a seed file:

$ cloud-localds -v ./debian-seed.img ./debian-data ./debian-meta-data

Then start the image with:

$ kvm -M pc -m 1024 -smp 1 -monitor pty -nographic -hda ./debian-sid-64.img -drive "file=./debian-seed.img,if=virtio,format=raw" -net nic -net user,hostfwd=tcp:127.0.0.1:59355-:22

(I’m using the invocation that is reminiscent of how spread invokes it; feel free to use a virtio invocation as described by Scott Moser if that better suits your environment.)

Here, the “59355” can be any unused high port. The idea is after the image boots, you can login with ssh using:

$ ssh -p 59355 debian@127.0.0.1

Once logged in, perform any updates, etc that you want in place when tests are run, then disable cloud-init for the next boot and cleanly shutdown with:

$ sudo touch /etc/cloud/cloud-init.disabled
$ sudo shutdown -h now

The above is the generalized procedure which can hopefully be adapted for other distros that provide cloud images, etc.

For integrating into spread, just copy the image to ‘~/.spread/qemu’, naming it how spread expects. spread will use ‘-snapshot’ with the VM as part of its tests, so if you want to update the images later since they might be out of date, omit the seed file (and optionally ‘-net nic -net user,hostfwd=tcp:127.0.0.1:59355-:22’ if you don’t need port forwarding), and use:

$ kvm -M pc -m 1024 -smp 1 -monitor pty -nographic -hda ./debian-sid-64.img

UPDATE 2019-04-23: the above is confirmed to work with Fedora 28 and 29 (though, if using the resulting image to test snapd, be sure to configure the password as ‘fedora’ and then be sure to ‘yum update ; yum install kernel-modules nc strace’ in the image).

UPDATE 2019-04-22: the above is confirmed to work with CentOS 7 (though, if using the resulting image to test snapd, be sure to configure the password as ‘centos’ and then be sure to ‘yum update ; yum install epel-release ; yum install golang nc strace’ in the image).

Extra steps for Debian cloud images without default e1000 networking

Unfortunately, for the Debian cloud images, there were additional steps because spread doesn’t use virtio, but instead the default the e1000 driver, and the Debian cloud kernel doesn’t include this:

$ grep E1000 /boot/config-4.19.0-4-cloud-amd64
# CONFIG_E1000 is not set
# CONFIG_E1000E is not set

So… when the machine booted, there was no networking. To adjust for this, I blew away the image, copied from the safely kept downloaded image, resized then started it with:

$ kvm -M pc -m 1024 -smp 1 -monitor pty -nographic -hda $HOME/.spread/qemu/debian-sid-64.img -drive "file=$HOME/.spread/qemu/debian-seed.img,if=virtio,format=raw" -device virtio-net-pci,netdev=eth0 -netdev type=user,id=eth0

This allowed the VM to start with networking, at which point I adjusted /etc/apt/sources.list to refer to ‘sid’ instead of ‘buster’ then ran apt-get update then apt-get dist-upgrade to upgrade to sid. I then installed the Debian distro kernel with:

$ sudo apt-get install linux-image-amd64

Then uninstalled the currently running kernel with:

$ sudo apt-get remove --purge linux-image-cloud-amd64 linux-image-4.19.0-4-cloud-amd64

(I used ‘dpkg -l | grep linux-image’ to see the cloud kernels I wanted to remove). Removing the package that provides the currently running kernel is a dangerous operation for most systems, so there is a scary message to abort the operation. In our case, it isn’t so scary (we can just try again ;) and this is exactly what we want to do.

Next I cleanly shutdown the VM with:

$ sudo shutdown -h now

and try to start it again like with the ‘general procedures’, above (I’m keeping the seed file here because I want cloud-init to be re-run with the e1000 driver):

$ kvm -M pc -m 1024 -smp 1 -monitor pty -nographic -hda ./debian-sid-64.img -drive "file=./debian-seed.img,if=virtio,format=raw" -net nic -net user,hostfwd=tcp:127.0.0.1:59355-:22

Now I try to login via ssh:
$ ssh -p 59355 debian@127.0.0.1
...
debian@127.0.0.1's password:
...
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Apr 16 16:13:15 2019
debian@debian:~$ sudo touch /etc/cloud/cloud-init.disabled
debian@debian:~$ sudo shutdown -h now
Connection to 127.0.0.1 closed.

While this VM is no longer the official cloud image, it is still using the Debian distro kernel and Debian archive, which is good enough for my purposes and at this point I’m ready to use this VM in my testing (eg, for me, copy ‘debian-sid-64.img’ to ‘~/.spread/qemu’).

16 April, 2019 04:36PM

hackergotchi for Cumulus Linux

Cumulus Linux

Campus design feature set-up : Part 1

Shared knowledge makes for a stronger ecosystem and with this in mind, I’m going to show you how to set up the CL 3.7.5 campus feature: Multi-Domain Authentication in a 6-part blog series.

We’ll cover it all: Wired MAC Authentication using Aruba ClearPass, Multi-Domain Authentication using Aruba ClearPass, Wired 802.1x using Cisco ISE, Wired MAC Authentication using Cisco ISE, and Multi-Domain Authentication using Cisco ISE. 

The first guide I’ll be sharing is how to enable wired 802.1X authentication in Cumulus Linux 3.7.5+ using Aruba ClearPass 6.7.x. 

Keep in mind that this step-by-step guide assumes that you have already performed an initial setup of Aruba ClearPass.

Aruba ClearPass Configuration:

1. Add the Cumulus Switch to ClearPass

First, we are going to add this specific Cumulus Network switch to ClearPass. Go to the following:

Configuration > Network > Devices. Click “+Add” in the top right-hand corner

Fill in the appropriate IP Address, Description, and Shared Secrets. For simplicity sake, set the “Vendor Name” to “Cisco.”

2. Adding the Cumulus Switch to a Device Group

Configuration > Network  > Device Groups. Click “+Add” in the top right-hand corner

We are going to move the “Cumulus OOB SW” from the left-hand, “Available Devices” column, over to the “Selected Devices” column.

Click the “Save” button.

All future Cumulus switches can be added to this Device Group and will inherit all of the upcoming configuration elements.

3. Add a Dynamic VLAN Enforcement Profiles 

Configuration > Enforcement  > Profiles. Click “+Add” in the top right-hand corner

On the “Profile” tab, select “VLAN Enforcement” from the “Template” drop-down.

On the “Attributes” tab, click the “Enter VLAN” text and enter the numeric value for a VLAN on the switch

Here, I added the value “17” as the “Tunnel-Private-Group-Id:”

4. Add an Enforcement Policy

Configuration > Enforcement  > Policies. Click “+Add” in the top right-hand corner

Select “RADIUS” as the “Enforcement Type.”

Select “[Deny Access Profile]” as the “Default Profile” from the drop-down menu. 

On the “Rules” tab, we are going to create a generic allow all role with the Dynamic VLAN.

Set the following:

  • – Type = “Tips”
  • – Name = “Role”
  • – Operator = “EQUALS”
  • – Value = “[User Authenticated]”

Under the “Profile Names”, select the “PoC – Cumulus Dynamic VLAN 17” that was created in the previous step.

Click the “Save” button in the bottom right-hand corner.

The Enforcement Policy should look like the above. Click the “Save” button in the bottom right-hand corner to continue.

5. Adding a wired 802.1x Service

Configuration > Service. Click “+Add” in the top right-hand corner

Set the following:

  • Type Dropdown = “802.1X Wired”
  • Name = “PoC – Cumulus Wired 802.1x”

Under the “Service Rules”, add the following:

  • Type = “Connection” 
  • Name = “NAD-IP-Address”
  • Operator = “BELONGS_TO_GROUP”
  • Value = “Cumulus-Switches”

The “Value” is the name of the Device Group that was added in Step #2 above. 

On the “Authentication” tab, add the appropriate “Authentication Methods” and “Authentication Sources.” In the above example, I am using Active Directory as an Authentication Source and EAP-PEAP/MSCHAPv2 and EAP-TLS as available methods.

On the “Enforcement” tab, select the “PoC – Cumulus 802.1X Wired Enforcement Policy” that was created in step #4.

Click the “Save” button in the bottom right-hand corner.

Cumulus Linux wired 802.1x setup:

1. Testing an interface

I am going to be using “swp11” to test wired 802.1x:

net add interface swp11
net commit

2. Enabling dot1x on swp11

Here are the following NCLU commands that I entered to configure dot1x:

net add dot1x radius server-ip 10.10.102.252 vrf mgmt
net add dot1x radius client-source-ip 192.168.255.100
net add dot1x radius shared-secret cumulus11
net add dot1x send-eap-request-id
net add dot1x dynamic-vlan
net add interface swp11 dot1x
net commit

3. Modify the hostapd.conf file

The next step is to change the bottom two values in the /etc/hostapd.conf file from “=1” to “=0”

radius_das_require_event_timestamp=0
radius_das_require_message_authenticator=0

Restart the hostapd.service after making the above changes with the following command:

sudo systemctl restart hostapd.service

Verification and Troubleshooting

Plug in an 802.1x enabled laptop into port swp11. 

On my laptop, I see that the wired interface is successfully authenticated in the 192.168.17.0/24 subnet which corresponds to VLAN 17.

On the Cumulus switch, the following commands will show the status of the swp11 interface:

net show dot1x interface swp11

This lines up with the laptop output as the machine is authenticating using EAP-TLS and is on VLAN 17

Adding the “details” command will provide more information about the connected device:

net show dot1x interface swp11 details

Notice that the “Status Flags” report that this connection is using a “[DYNAMIC VLAN]” which is being sent from the ClearPass server

Aruba ClearPass also provides a view of the 802.1x connection through the Access Tracker:

Monitoring > Live Monitoring > Access Tracker

In the above example, I am filtering on “Cumulus”

Clicking on the top entry within Access Tracker will open up the “Request Details” window.

  1. Service – The request is hitting the “PoC – Cumulus 802.1x Wired” service that we created in ClearPass Step #5
  2. Authentication Method – ClearPass is reporting EAP-TLS, which is exactly what the laptop is offering and the Cumulus Switch is reporting
  3. Enforcement Profiles – This service request is sending the “PoC – Cumulus Dynamic VLAN 17” down to the Cumulus Switch

Let’s examine the Enforcement Profile by clicking on the “Output” tab in the “Request Details”

  1. Enforcement Profile – We are sending the Dynamic VLAN 17 profile that we created in ClearPass Step #4
  2. Radius:IETF: Tunnel-Private-Group-Id – We are sending VLAN value “17” down to the Cumulus Switch as a Dynamic VLAN.

For further 802.1x troubleshooting, the link in the 802.1x Interface docs page is an invaluable resource.

In the next blog, I’ll cover Wired MAC Authentication using Aruba ClearPass. In the meantime, take a look at some of the other tutorials we offer engineers where you can learn basic open networking commands and configurations, all the way up to advanced configurations. Our how-to videos are a great place to start. 

16 April, 2019 04:34PM by Mike Courtney

hackergotchi for Whonix

Whonix

Whonix KVM 15.0.0.0.9 - Debian Buster based released

@HulaHoop wrote:

This is the first release in the Whonix 15 series. The version number was bumped up because we are now tracking Buster as our base. To get an idea of what major fixes and features have been included in 15 check the links below:

Tickets:
https://phabricator.whonix.org/project/board/132/query/vANU1Yf0Fgls/


Download Whonix KVM here:

Posts: 4

Participants: 2

Read full topic

16 April, 2019 04:16PM by @HulaHoop

hackergotchi for Stamus Networks

Stamus Networks

SELKS5 – The Sorceress

SELKS 5 is out! Thank you to the whole community for your help and feedback! Thank you to all the great Open Source projects and tools mentioned below for making it possible to showcase Suricata with this new release.

All components have been upgraded in this release to the latest version available but this is not the main improvement. SELKS is now able of doing Full Packet Capture thanks to Suricata and Moloch and benefit from an upgraded Scirius CE adding a new threat hunting interface.

Alert metadata in Scirius Hunting interface

Moloch addition allows the user to investigate and explore captured data via the Moloch viewer that provide an intuitive interface. The new Scirius threat hunting interface proposes a drill-down approach that allow to quickly find relevant alerts in a haystack and start investigation by what matter.

Features, fixes and major improvements:

  • The whole stack has been upgraded
    • Over 21 new dashboards
    • Hundreds of visualizations
    • New Threat Hunting interface
    • Full Packet Capture possibility
  • Elasticsearch 6.7.1
  • Logstash 6.7.1
  • Kibana 6.7.1
  • Moloch 1.8.0  –  The new SELKS makes use of Moloch and Moloch viewer to parse and view the full packet capture done by Suricata. Moloch comes with an arsenal of tools and features on its own like:
    • CyberChef
    • Extremely flexible and easy to use interface for FPC drill down, filtering, search and pcap export
  • Scirius 3.2.0 CE
      • Threat Hunting based on Suricata’s alerts metadata
      • Administration, ruleset and threat hunting management
      • Any field and action are selectable and searchable
      • Order and set up your own threat hunting dashboard in seconds with drag and drop functionality

TLS Server Name Identification

HTTP UserAgent selection

 

Easily select and filter on any metadata

Easily select and filter on any metadata

 

  • Suricata  – latest git edition anytime available.
  • SELKS scripts upgrade
    • available now system wide in “/usr/bin”
    • Full packet Capture retention policy – thanks Joren0494 !
    • selks-health-check_stamus  – SELKS health check script
  • Debian – always thankful !
  • EveBox – always the latest and very thankful for your support and extremely fast bug fixing and feature addition

More  screenshots of SELKS 5 release 

SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. Stamus Networks is a proud member of the Open Source community and SELKS is released under GPLv3 license.

Download

To download SELKS 5, pick one of the two flavors:

SELKS with desktop
  • HTTP: SELKS-5.0-desktop.iso
  • Sha256sum: 60c52286df9d1d250efac3f24644bd5b59bf5728d2c50bd722d8e4c9e8ce2089
SELKS without desktop

Usage

You can find the first time set up instructions on our SELKS 5.0 wiki page.

SELKS 4 user can upgrade their running systems using the following Upgrade instructions.

Feedback is welcome

Any feedback as always is greatly appreciated! 🙂

Give us feedback and get help on:

While this test upgrade/installation has been verified and tested please make sure you try it in your test/QA set up first.

Thank you!

 

16 April, 2019 01:46PM by Peter Manev

hackergotchi for Ubuntu developers

Ubuntu developers

Raphaël Hertzog: Freexian’s report about Debian Long Term Support, March 2019

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In March, 204 work hours have been dispatched among 13 paid contributors. Their reports are available:

  • Abhijith PA did 14 hours (out of 14 hours allocated).
  • Adrian Bunk did 8 hours (out of 8 hours allocated).
  • Ben Hutchings did 22.5 hours (out of 20 hours allocated plus 16.5 extra hours from February, thus carrying over 14 hours to April).
  • Brian May did 10 hours (out of 10 hours allocated).
  • Chris Lamb did 18 hours (out of 18 hours allocated).
  • Emilio Pozuelo Monfort did 26 hours (out of 29.5 hours allocated + 2.5 extra hours from February, thus carrying over 6h to April).
  • Hugo Lefeuvre did 20 hours (out of 20 hours allocated).
  • Markus Koschany did 29.5 hours (out of 29.5 hours allocated).
  • Mike Gabriel did 14 hours (out of 10 hours allocated + 4 extra hours from February).
  • Ola Lundqvist did 8.5 hours (out of 8 hours allocated + 2 extra hours from last month, thus carrying over 1.5h to April).
  • Roberto C. Sanchez did 12 hours (out of 12 hours allocated).
  • Sylvain Beucler did 29.5 hours (out of 29.5 hours allocated).
  • Thorsten Alteholz did 29.5 hours (out of 29.5 hours allocated).

Evolution of the situation

In March we had one new contributor, Sylvain Beucler, though we lost Antoine Beaupré. Thankfully we also gained Jonas Meurer starting in April, yet we are are still very much looking for new contributors. Please contact Holger if you are interested to become a paid LTS contributor.

On a positive note, we are also pleased to welcome a new French university among LTS sponsors: Université Grenoble Alpes.

The security tracker currently lists 36 packages with a known CVE and the dla-needed.txt file has 39 packages needing an update.

Thanks to our sponsors

New sponsors are in bold.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

16 April, 2019 10:23AM

Stephen Kelly: Debugging Clang AST Matchers

Last week I flew to Brussels for EuroLLVM followed by Bristol for ACCU.

At both conferences I presented the work I’ve been doing to make it easier for regular C++ programmers to perform ‘mechanical’ bespoke refactoring using the clang ASTMatchers tooling. Each talk was prepared specifically for the particular audience at that conference, but both were very well received. The features I am working on require changes to the upstream Clang APIs in order to enable modern tooling, so I was traveling to EuroLLVM to try to build some buy-in and desire for those features.

I previously delivered a talk on the same topic about AST Matchers at code::dive 2018. This week I presented updates to the tools and features that I have worked on during the 6 months since.

One of the new features I presented is a method of debugging AST Matchers.

Part of the workflow of using AST Matchers is an iterative development process. For example, the developer wishes to find functions of a particular pattern, and creates and ever-more-complex matcher to find all desired cases without false-positives. As the matcher becomes more complex, it becomes difficult to determine why a particular function is not found as desired.

The debugger features I wrote for AST Matchers intend to solve that problem. It is now possible to create, remove and list breakpoints, and then enable debugger output to visualize the result of attempting to match at each location. A simple example of that is shown here.

When using a larger matcher it becomes obvious that the process of matching is short-circuited, meaning that the vertically-last negative match result is the cause of the overall failure to match the desired location. The typical workflow with the debugger is to insert break points on particular lines, and then remove surplus breakpoints which do not contribute useful output.

This feature is enabled by a new interface in the Clang AST Matchers, but the interface is also rich enough to implement some profiling of AST Matchers in the form of a hit counter.

Some matchers (and matcher sub-trees) are slower/more expensive to run than others. For example, running a matcher like `matchesName` on every AST node in a translation unit requires creation of a regular expression object, and comparing the name of each AST node with the regular expression. That may result in slower runtime than trimming the search tree by checking a parameter count first, for example.

Of course, the hit counter does not include timing output, but can give an indication of what might be relevant to change. Comparison of different trees of matchers can then be completed with a full clang-tidy check.

There is much more to say about both conferences and the tools that I demoed there, but that will be for a future log post. I hope this tool is useful and helps discover and debug AST Matchers!

16 April, 2019 08:29AM

hackergotchi for VyOS

VyOS

VyOS 1.2.1 release

We have just released VyOS 1.2.1. The images are available to subscribers and public clouds images submitted, and if you build an image from the Crux branch now, it will be equivalent to those images.

A number of issues have been resolved, and a small feature was added.

16 April, 2019 04:03AM by Yuriy Andamasov (yuriy@sentrium.io)

April 15, 2019

hackergotchi for Ubuntu

Ubuntu

Ubuntu Weekly Newsletter Issue 574

Welcome to the Ubuntu Weekly Newsletter, Issue 574 for the week of April 7 – 13, 2019. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

15 April, 2019 09:24PM by guiverc

hackergotchi for Purism PureOS

Purism PureOS

Purism at SCaLE 2019 – Retrospective on Secure PureBoot

In March, Purism took part in the Southern California Linux Expo – SCaLE 2019.

Once again, we were so busy we barely had the time to leave our booth: people were very interested in the Librem 5 devkit hardware, in the latest version of the Librem laptops and PureOS, on having the same apps for the Librem laptops and the Librem 5 phone… so we got to do the full pitch. On a less technical note, our swag was quite a success. People told us they loved our paper notebook and carpenter pencil, and asked questions about the pencils – which, according to Kyle Rankin, Chief Security Officer of Purism, have a section that is “kind of shaped like our logo”, and being carpenter pencils “are designed so you can sharpen them without having to use a proprietary pencil sharpener.” Visitors (and team) loved them for being beautiful, unusual and useful.

Above all, our audience wanted to see the PureBoot demos (apart from an inspirational young attendee, who asked his grandmother to take him to SCaLE specifically so he could meet Todd Weaver, our founder and CEO) – and each time we thought we could take a break, someone else came up and asked about PureBoot. We had constant demonstrations of PureBoot on a Librem 13v4 and Librem Key, and got lots of excitement from the security community and enterprise customers – national and international.

PureBoot, as introduced earlier, is a combination of hardware – a trusted platform module (TPM) inside a Librem laptop – with a disabled Management Engine. It boots using a coreboot BIOS and a Heads payload, that verifies it hasn’t been tampered with, using a Librem Key. This combination is the strongest security available in computing devices. Unlike other secured boot processes, this combination also allows you to control and sign with your own keys. We were frequently asked to demonstrate PureBoot for enterprise use cases – specifically, what the best-practices would be for an enterprise to secure their fleet of laptops; these same enterprise best-practices may also be applied to an individual, whether a beginner or a security expert.

During the in-person demonstration, Purism team members showcased for the first time the complete PureBoot solution from start to finish (and we are about to get technical):

  • A Librem 13v3 /boot partition was frozen in time and signed with a user-generated gpg key, on a Librem Key. The happy path is proven by an inserted Librem Key; the Librem laptop is powered on to show the device matches the previous known-good-state – and the LED blinks green.
  • The system is booted and PureBoot unlocks the encrypted disk, using the Librem Key and the user’s PIN. The Librem Key is then removed, and a malicious attack is simulated by modifying the secrets stored in the TPM.
  • The Librem Key is inserted, the Librem laptop powered back on, the measurements failed to match – alerting the user that the device was tampered with (since the last known-good-state) by a bright red screen on the Librem laptop, and a constantly blinking red LED on the Librem Key.
  • The user of the Librem laptop can now decide how to handle the tampered-with laptop: by flipping the Hardware Kill Switch on the WiFi/BT and deciding to boot; by booting from a known-good USB recovery OS and performing forensics on the system; or by working with Purism to return the system to a known-good factory state.

PureBoot Enterprise Best Practices

The best practices for enterprise using Pureboot were also described to a regular audience at the Purism booth in Pasadena, and here they are, for reference:

  • The IT/Security department uses an airgapped Librem Laptop, and they generate GPG keys for all staff and copy the GPG key per staff, onto an individual’s Librem Key;
  • They physically label the Librem Key for the staff member, sign the staff member’s Librem laptop with the Librem Key, hand the Librem laptop (and Librem Key) to the staff member, who boots and sets up the Librem laptop like normal; uses the Librem Key for tamper-detection, disk-decryption, mail encryption among other uses, such as anti-interdiction;
  • If a Librem Key is lost, a new key can be created from the airgapped backup Librem laptop, and handed to the staff member.
  • If a device was tampered with, the IT/Security department can have any number of policies implemented including: Librem laptop drops to offline mode for document recovery; Librem laptop optionally wipes the disks, or Librem laptop flags the user to bring it to IT/Security.

This offers the best in class enterprise control, measuring single-bit detection and tampering on a signed image – while subscribing to the usable computing practice of “boot not brick” of devices in the field.

It was really nice meeting you at SCaLE, and we hope to see you next time.

15 April, 2019 03:09PM by Todd Weaver

hackergotchi for Whonix

Whonix

recent developments at Whonix

@Patrick wrote:

  • upgrade due to apt RCE bug
  • improved, safer, faster build process (mmdebstrap)
  • unified (single) ova (containing both VMs) for better usability
  • enhanced Whonix project legal protections
  • work on cross platform build support and reproducible builds
  • kloak - anti keystroke fingerprinting tool
  • porting to Debian buster
  • testers-only releases for Whonix 15

Posts: 1

Participants: 1

Read full topic

15 April, 2019 03:01PM by @Patrick

hackergotchi for LiMux

LiMux

Datenschutz: Das DSGVO-Projekt in München

Datenschutz ist ein europäisches Anliegen. Die Datenschutzgrundverordnung (DSGVO) ist der Versuch der EU, die Persönlichkeitsrechte bei der Verarbeitung personenbezogener Daten zu wahren. Die Verordnung trat im Mai 2016 in Kraft, nach einer Übergangsfrist ist sie … Weiterlesen

Der Beitrag Datenschutz: Das DSGVO-Projekt in München erschien zuerst auf Münchner IT-Blog.

15 April, 2019 10:03AM by Lisa Zech

April 14, 2019

hackergotchi for rescatux

rescatux

Super Grub2 Disk 2.04rc1s1 beta 4 downloads







Recommended download (Floppy, CD & USB in one) (Valid for i386, x86_64, i386-efi and x86_64-efi):

Super Grub2 Disk 2.01 rc2 Main MenuSuper Grub2 Disk 2.01 rc2 Main Menu






         

EFI x86_64 standalone version:

EFI i386 standalone version:

CD & USB in one downloads:

About other downloads. As this is the first time I develop Super Grub2 Disk out of source code (well, probably not the first time, but the first time in ages) I have not been able to build these other downloads: coreboot, i386-efi, i386-pc, ieee1275, x86_64-efi, standalone coreboot, standalone i386-efi, standalone ieee1275. bfree has helped on this matter and with his help we might have those builds in next releases. If you want such builds drop a mail in the mailing list so that we aware of that need.  

Source code:

Everything (All binary releases and source code):

Hashes

In order to check the former downloads you can either check the download directory page for this release or you can check checksums right here:

MD5SUMS

e2d3fc9c1097a04301851e3a28471cb9  super_grub2_disk_2.04rc1s1-beta4_source_code.tar.gz
e0a9b2c6cda6c98cec6e25efb48f008d  super_grub2_disk_hybrid_2.04rc1s1-beta4.iso
18efd15d8cd320ec3059387ccfd91154  super_grub2_disk_i386_efi_2.04rc1s1-beta4.iso
df9e3da46c365586547053a6505e0492  super_grub2_disk_i386_pc_2.04rc1s1-beta4.iso
eb3ddf1e6aea3ef8bb56f8d65c7dcd82  super_grub2_disk_standalone_i386_efi_2.04rc1s1-beta4.EFI
ce695895bef77c1aac8c2a737d38fbac  super_grub2_disk_standalone_x86_64_efi_2.04rc1s1-beta4.EFI
666a197765b481b82717fc3917d9c506  super_grub2_disk_x86_64_efi_2.04rc1s1-beta4.iso
75471d118381ba82fec39fab8670d348  super_grub2_disk_2.04rc1s1-beta4.zip

SHA1SUMS

ca71b0e51f8854f8aa11f7a8b015b871b1766e47  super_grub2_disk_2.04rc1s1-beta4_source_code.tar.gz
1c15c67ecb7cccb27ff8e4310ae84bb9ac6d08aa  super_grub2_disk_hybrid_2.04rc1s1-beta4.iso
d3c09bcf13f4b770b073c82fddd445b7e196636c  super_grub2_disk_i386_efi_2.04rc1s1-beta4.iso
e0a2925f7ce28fde82d9c5480bbf19ee584ef313  super_grub2_disk_i386_pc_2.04rc1s1-beta4.iso
730ea63e4cb279710f7ffb2d4450791464aee55c  super_grub2_disk_standalone_i386_efi_2.04rc1s1-beta4.EFI
f15116b867ebad51727d47289bc623da27f8a53d  super_grub2_disk_standalone_x86_64_efi_2.04rc1s1-beta4.EFI
855debb761c7caa9294f1a1d0af56e01f24ee455  super_grub2_disk_x86_64_efi_2.04rc1s1-beta4.iso
8800e20ac105714803cddec69ffdd06fbd530672  super_grub2_disk_2.04rc1s1-beta4.zip

SHA256SUMS

eb2f48b75de9d2a566c7385f1956dcc80bd0484ac1a2bf0a0e2f914930b4acd6  super_grub2_disk_2.04rc1s1-beta4_source_code.tar.gz
77a2716e544bd8ee598e306f4fcc776e65124841b1926fa80d849f3900d54719  super_grub2_disk_hybrid_2.04rc1s1-beta4.iso
d7a0657e76198d00f2dc5b6b5d986758e6046dfc219c1b3020230737c3e90f76  super_grub2_disk_i386_efi_2.04rc1s1-beta4.iso
65f67deec4c683fa211ca17621444c924b371d506a7ac73e377a0bbaeb3247e4  super_grub2_disk_i386_pc_2.04rc1s1-beta4.iso
0b691c73346abae945d3c827080eb4640e52fa290effd5d1122eba635464aedf  super_grub2_disk_standalone_i386_efi_2.04rc1s1-beta4.EFI
d3d94e870a9a2667feb1c68393df6e0c1fd67c1e92b2d15cf31d78e3de12fc59  super_grub2_disk_standalone_x86_64_efi_2.04rc1s1-beta4.EFI
007da80fa9fa051cd35a939a3f25860030ab24d15b27bddd58519aa0698285e3  super_grub2_disk_x86_64_efi_2.04rc1s1-beta4.iso
222bfa9a79f6ddfe1e15108cda35ed521d7a92a97fd0e53e3780b0c931fdb6c6  super_grub2_disk_2.04rc1s1-beta4.zip

Flattr this!

14 April, 2019 07:32PM by adrian15

Super Grub2 Disk 2.04rc1s1 beta 4 released

Super Grub2 Disk 2.04rc1s1 beta 4 is here.

Super GRUB2 Disk is a live cd that helps you to boot into most any Operating System (OS) even if you cannot boot into it by normal means.

A new beta release

This new releases features new upstream grub 2.04rc1 which includes

  • Support for multiple early initrd images
  • Support for the F2FS file-system
  • A verifier framework
  • RISC-V support
  • UEFI Secure Boot shim support
  • Btrfs Zstd improvements
  • Btrfs RAID5/RAID6 support
  • Xen PVH support
  • UEFI TPM 1.2/2.0 support

 

Super Grub2 Disk 2.02s5 - Detect and show boot methods in actionSuper Grub2 Disk 2.02s5 – Detect and show boot methods in action
Chinese Super Grub2 Disk main menuChinese Super Grub2 Disk main menu
Chinese Super Grub2 Disk - Detect all Operating SystemsChinese Super Grub2 Disk – Detect all Operating Systems
Finnish Super Grub2 Disk main menuFinnish Super Grub2 Disk main menu
Finnish Super Grub2 Disk - Detect all Operating SystemsFinnish Super Grub2 Disk – Detect all Operating Systems

We are going to see which are the complete Super Grub2 Disk features with a demo video, where you can download it, the thank you – hall of fame and some thoughts about the Super Grub2 Disk development.

Please do not forget to read our howtos so that you can have step by step guides (how to make a cdrom or an usb, how to boot from it, etc) on how to use Super Grub2 Disk and, if needed, Rescatux.

Super Grub2 Disk 2.02s4 main menuSuper Grub2 Disk 2.02s3 main menu

Tour

Here there is a little video tour in order to discover most of Super Grub2 Disk options. The rest of the options you will have to discover them by yourself.

Features

Most of the features here will let you boot into your Operating Systems. The rest of the options will improve the Super Grub2 Disk operating systems autodetecting (enable RAID, LVM, etc.) or will deal with minor aspects of the user interface (Colours, language, etc.).

  • Change the language UI
  • Translated into several languages
    • Spanish / Español
    • German / Deutsch
    • French / Français
    • Italian / Italiano
    • Malay / Bahasa Melayu
    • Russian
    • Finnish / Suomi
    • Chinese

Super Grub2 Disk 2.01 rc2 Spanish Main Menu

Super Grub2 Disk 2.01 rc2 Spanish Main Menu

  • Detect and show boot methods option to detect most Operating Systems

Super Grub2 Disk 2.01 beta 3 Everything menu making use of grub.cfg extract entries option functionality

Super Grub2 Disk 2.01 beta 3 – Everything menu making use of grub.cfg extract entries option functionality

  • Enable all native disk drivers *experimental* to detect most Operating Systems also in special devices or filesystems
  • Boot manually
    • Operating Systems
    • grub.cfg – Extract entries
      Super Grub2 Disk 2.01 beta 3 grub.cfg Extract entries optionSuper Grub2 Disk 2.01 beta 3 grub.cfg Extract entries option
    • grub.cfg – (GRUB2 configuration files)
    • menu.lst – (GRUB legacy configuration files)
    • core.img – (GRUB2 installation (even if mbr is overwritten))
    • Disks and Partitions (Chainload)
    • Bootable ISOs (in /boot-isos or /boot/boot-isos
    • Extra GRUB2 functionality
      • Enable GRUB2’s LVM support
      • Enable GRUB2’s RAID support
      • Enable GRUB2’s PATA support (to work around BIOS bugs/limitation)
      • Mount encrypted volumes (LUKS and geli)
      • Enable serial terminal
    • Extra Search functionality
      • Search in floppy ON/OFF
      • Search in CDROM ON/OFF
  • List Devices / Partitions
  • Color ON /OFF
  • Exit
    • Halt the computer
    • Reboot the computer

Supported Operating Systems

Excluding too custom kernels from university students Super Grub2 Disk can autodetect and boot most every Operating System. Some examples are written here so that Google bots can see it and also to make more confident the final user who searchs his own special (according to him) Operating System.

  • Windows
    • Windows 10
    • Windows Vista/7/8/8.1
    • Windows NT/2000/XP
    • Windows 98/ME
    • MS-DOS
    • FreeDOS
  • GNU/Linux
    • Direct Kernel with autodetected initrd
      Super Grub2 Disk - Detect any Operating System - Linux kernels detected screenshotSuper Grub2 Disk – Detect any Operating System – Linux kernels detected
      • vmlinuz-*
      • linux-*
      • kernel-genkernel-*
    • Debian / Ubuntu / Mint
    • Mageia
    • Fedora / CentOS / Red Hat Enterprise Linux (RHEL)
    • openSUSE / SuSE Linux Enterpsise Server (SLES)
    • Arch
    • Any many, many, more.
      • FreeBSD
        • FreeBSD (single)
        • FreeBSD (verbose)
        • FreeBSD (no ACPI)
        • FreeBSD (safe mode)
        • FreeBSD (Default boot loader)
      • EFI files
      • Mac OS X/Darwin 32bit or 64bit
Super Grub2 Disk 2.00s2 rc4 Mac OS X entriesSuper Grub2 Disk 2.00s2 rc4 Mac OS X entries (Image credit to: Smx)

Support for different hardware platforms

Before this release we only had the hybrid version aimed at regular pcs. Now with the upcoming new EFI based machines you have the EFI standalone versions among others. What we don’t support is booting when secure boot is enabled.

  • Most any PC thanks to hybrid version (i386, x86_64, i386-efi, x86_64-efi) (ISO)
  • EFI x86_64 standalone version (EFI)
  • EFI i386 standalone version (EFI)
  • Additional Floppy, CD and USB in one download (ISO)
    • i386-pc
    • i386-efi
    • x86_64-efi

Known bugs

  • Non English translations are not completed

Supported Media

  • Compact Disk – Read Only Memory (CD-ROM) / DVD
  • Universal Serial Bus (USB) devices
  • Floppy (1.98s1 version only)

Downloads







Recommended download (Floppy, CD & USB in one) (Valid for i386, x86_64, i386-efi and x86_64-efi):

Super Grub2 Disk 2.01 rc2 Main MenuSuper Grub2 Disk 2.01 rc2 Main Menu






         

EFI x86_64 standalone version:

EFI i386 standalone version:

CD & USB in one downloads:

About other downloads. As this is the first time I develop Super Grub2 Disk out of source code (well, probably not the first time, but the first time in ages) I have not been able to build these other downloads: coreboot, i386-efi, i386-pc, ieee1275, x86_64-efi, standalone coreboot, standalone i386-efi, standalone ieee1275. bfree has helped on this matter and with his help we might have those builds in next releases. If you want such builds drop a mail in the mailing list so that we aware of that need.  

Source code:

Everything (All binary releases and source code):

Hashes

In order to check the former downloads you can either check the download directory page for this release or you can check checksums right here:

MD5SUMS

e2d3fc9c1097a04301851e3a28471cb9  super_grub2_disk_2.04rc1s1-beta4_source_code.tar.gz
e0a9b2c6cda6c98cec6e25efb48f008d  super_grub2_disk_hybrid_2.04rc1s1-beta4.iso
18efd15d8cd320ec3059387ccfd91154  super_grub2_disk_i386_efi_2.04rc1s1-beta4.iso
df9e3da46c365586547053a6505e0492  super_grub2_disk_i386_pc_2.04rc1s1-beta4.iso
eb3ddf1e6aea3ef8bb56f8d65c7dcd82  super_grub2_disk_standalone_i386_efi_2.04rc1s1-beta4.EFI
ce695895bef77c1aac8c2a737d38fbac  super_grub2_disk_standalone_x86_64_efi_2.04rc1s1-beta4.EFI
666a197765b481b82717fc3917d9c506  super_grub2_disk_x86_64_efi_2.04rc1s1-beta4.iso
75471d118381ba82fec39fab8670d348  super_grub2_disk_2.04rc1s1-beta4.zip

SHA1SUMS

ca71b0e51f8854f8aa11f7a8b015b871b1766e47  super_grub2_disk_2.04rc1s1-beta4_source_code.tar.gz
1c15c67ecb7cccb27ff8e4310ae84bb9ac6d08aa  super_grub2_disk_hybrid_2.04rc1s1-beta4.iso
d3c09bcf13f4b770b073c82fddd445b7e196636c  super_grub2_disk_i386_efi_2.04rc1s1-beta4.iso
e0a2925f7ce28fde82d9c5480bbf19ee584ef313  super_grub2_disk_i386_pc_2.04rc1s1-beta4.iso
730ea63e4cb279710f7ffb2d4450791464aee55c  super_grub2_disk_standalone_i386_efi_2.04rc1s1-beta4.EFI
f15116b867ebad51727d47289bc623da27f8a53d  super_grub2_disk_standalone_x86_64_efi_2.04rc1s1-beta4.EFI
855debb761c7caa9294f1a1d0af56e01f24ee455  super_grub2_disk_x86_64_efi_2.04rc1s1-beta4.iso
8800e20ac105714803cddec69ffdd06fbd530672  super_grub2_disk_2.04rc1s1-beta4.zip

SHA256SUMS

eb2f48b75de9d2a566c7385f1956dcc80bd0484ac1a2bf0a0e2f914930b4acd6  super_grub2_disk_2.04rc1s1-beta4_source_code.tar.gz
77a2716e544bd8ee598e306f4fcc776e65124841b1926fa80d849f3900d54719  super_grub2_disk_hybrid_2.04rc1s1-beta4.iso
d7a0657e76198d00f2dc5b6b5d986758e6046dfc219c1b3020230737c3e90f76  super_grub2_disk_i386_efi_2.04rc1s1-beta4.iso
65f67deec4c683fa211ca17621444c924b371d506a7ac73e377a0bbaeb3247e4  super_grub2_disk_i386_pc_2.04rc1s1-beta4.iso
0b691c73346abae945d3c827080eb4640e52fa290effd5d1122eba635464aedf  super_grub2_disk_standalone_i386_efi_2.04rc1s1-beta4.EFI
d3d94e870a9a2667feb1c68393df6e0c1fd67c1e92b2d15cf31d78e3de12fc59  super_grub2_disk_standalone_x86_64_efi_2.04rc1s1-beta4.EFI
007da80fa9fa051cd35a939a3f25860030ab24d15b27bddd58519aa0698285e3  super_grub2_disk_x86_64_efi_2.04rc1s1-beta4.iso
222bfa9a79f6ddfe1e15108cda35ed521d7a92a97fd0e53e3780b0c931fdb6c6  super_grub2_disk_2.04rc1s1-beta4.zip

Changelog (since former 2.00s2 stable release)

Changes since 2.02s10 version:

  • Use grub-2.04-rc1 upstream grub2 tag

Changes since 2.02s9 version:

  • ‘Enable all native disk drivers’ option was improved. It no longer crashes.
  • Now devices are cached and Super Grub2 Disk is faster
  • Modify sg2d_directory and sg2d_dev_name variables so that SG2D is more portable
  • Standalone images are no longer broken and show main menu

Changes since 2.02s8 version:

  • (Devel) supergrub-release-news helps release team to generate a template for its news. Initial implementation.
  • (Devel) Added supergrub-release-changes to help with the release team.
  • (Devel) INSTALL: Improved explanation about what release scripts and file outputs.
  • Rename ‘(GRUB2 installation (even if mbr is overwritten))’ to: ‘(GRUB2 installation)’
  • Use grub-2.02 upstream grub2 tag (Stable version)
  • Added Chinese (zh-cn) translation
  • Added Finnish translation (Thanks to tavallinenvirtanen7)

Changes since 2.02s7 version:

  • Use grub-2.02-rc2 upstream grub2 tag
  • Default theme starfield is no longer included. This will make images smaller.
  • (Devel) Make sure normal isos and standalone images have hash files without its full path.
  • (Devel) File hashes generation has been rewritten to work from the single supergrub-mkcommon generate_filename_hashes function
  • (Devel) Now MD5SUMS, SHA1SUMS and SHA256SUMS files are generated as part of the official build.

Changes since 2.02s6 version:

  • Updated grub 2.02 build to tag: 2.02~rc1

Changes since 2.02s5 version:

  • Added Russian language
  • Improved Arch Linux initramfs detection
  • Added i386-efi build support
  • Added i386-efi to the hybrid iso
  • Grub itself is translated when a language is selected
  • Added loopback.cfg file (non officially supported)
  • (Devel) sgrub.pot updated to latest strings
  • (Devel) Added grub-build-004-make-check so that we ensure the build works
  • (Devel) Make sure linguas.sh is built when running ‘grub-build-002-clean-and-update’
  • (Devel) Updated upstream Super Grub2 Disk repo on documentation
  • (Devel) Move core supergrub menu under menus/sgd
  • (Devel) Use sg2d_directory as the base super grub2 disk directory variable
  • (Devel) New supergrub-sourcecode script that creates current git branch source code tar.gz
  • (Devel) New supergrub-all-zip-file script: Makes sure a zip file of everything is built.
  • (Devel) supergrub-meta-mkrescue: Build everything into releases directory in order to make source code more clean.
  • (Devel) New supergrub-official-release script: Build main files, source code and everything zip file from a single script in order to ease official Super Grub
    2 Disk releases.

Changes since 2.02s4 version:

  • Stop trying to chainload devices under UEFI and improve the help people get in the case of a platform mismatch
  • (Devel) Properly support source based built grub-mkfont binary.
  • New options were added to chainload directly either /ntldr or /bootmgr thanks to ntldr command. They only work in BIOS mode.

Changes since 2.02s3 version:

  • Using upstream grub-2.02-beta3 tag as the new base for Super Grub2 Disk’s grub.
  • Major improvement in Windows OS detection (based on BCD) Windows Vista, 7, …
  • Major improvement in Windows OS detection (based on ntldr) Windows XP, 2000, …

Changes since 2.02s2 beta 1 version:

  • (Devel) grub-mkstandalone was deleted because we no longer use it
  • Updated (and added) Copyright notices for 2015
  • New option: ‘Disks and Partitions (Chainload)’ adapted from Smx work
  • Many files were rewritten so that they only loop between devices that actually need to be searched into.
    This enhacement will make Super Grub2 Disk faster.
  • Remove Super Grub2 Disk own devices from search by default. Added an option to be able to enable/disable the Super Grub2 Disk own devices search.

2.02s2 beta 1 changelog:

  • Updated grub 2.02 build to commit: 8e5bc2f4d3767485e729ed96ea943570d1cb1e45
  • Updated documentation for building Super Grub2 Disk
  • Improvement on upstream grub (d29259b134257458a98c1ddc05d2a36c677ded37 – test: do not stop after first file test or closing bracket) will probably make Super Grub2 Disk run faster.
  • Added new grub build scripts so that Super Grub2 Disk uses its own built versions of grub and not the default system / distro / chroot one.
  • Ensure that Mac OS X entries are detected ok thanks to Users dir. This is because Grub2 needs to emulate Mac OS X kernel so that it’s detected as a proper boot device on Apple computers.
  • Thanks to upstream grub improvement now Super Grub2 Disk supports booting in EFI mode when booted from a USB device / hard disk. Actually SG2D was announced previously to boot from EFI from a USB device while it only booted from a cdrom.

2.02s1 beta 1 changelog:

  • Added new option: “Enable all native disk drivers” so that you can try to load: SATA, PATA and USB hard disks (and their partitions) as native disk drives. This is experimental.
  • Removed no longer needed options: “Enable USB” and “Enable PATA”.
  • “Search floppy” and “Search cdrom” options were moved into “Extra GRUB2 functionality menu”. At the same time “Extra Search functionality” menu was removed.
  • Added new straight-forward option: “Enable GRUB2’s RAID and LVM support”.
  • “List devices/partitions” was renamed to “Print devices/partitions”.
  • “Everything” option was renamed to “Detect and show boot methods”.
  • “Everything +” option was removed to avoid confusions.
  • Other minor improvements in the source code.
  • Updated translation files. Now most translations are pending.
  • Updated INSTALL instructions.

Finally you can check all the detailed changes at our GIT commits.

If you want to translate into your language please check TRANSLATION file at source code to learn how to translate into your language.

Thank you – Hall of fame

I want to thank in alphabetical order:

  • The upstream Grub crew. I’m subscribed to both help-grub and grub-devel and I admire the work you do there.
  • Necrosporus for his insistence on making Super Grub2 Disk smaller.

The person who writes this article is adrian15 .

And I cannot forget about thanking bTactic, the enterprise where I work at and that hosts our site.

Some thoughts about Super Grub2 Disk development

Super Grub2 Disk development ideas

I think we won’t improve Super Grub2 Disk too much. We will try to stick to official Grub2 stable releases. Unless a new feature that it’s not included in official Grub2 stable release is needed in order to give additional useful functionalities to Super Grub2 Disk.

I have added some scripts to Super Grub2 Disk build so that writing these pieces of news is more automatic and less prone to errors. Check them out in git repo as you will not find them in 2.02s8 source code.

Old idea: I don’t know when but I plan to readapt some scripts from os-prober. That will let us detect more operating systems. Not sure when though. I mean, it’s not something that worries me because it does not affect too many final users. But, well, it’s something new that I hadn’t thought about.

Again, please send us feedback on what you think it’s missing on Super Grub2 Disk.

Rescatux development

I want to focus on Rescatux development on the next months so that we have an stable release before the end of 2017. Now I need to finish adding UEFI features (most finished), fix the scripts that generate Rescatux source code (difficult) and write much documentation.

(adrian15 speaking)

Getting help on using Super Grub2 Disk

More information about Super Grub2 Disk

Flattr this!

14 April, 2019 07:22PM by adrian15

April 13, 2019

hackergotchi for Ubuntu developers

Ubuntu developers

Jonathan Carter: Help test Debian Live

Introduction

During the stretch release period, it became apparent that very few people had been testing Debian Live, and some nasty bugs were discovered only during final release testing. The final stretch images for Debian live wasn’t quite up to the quality the Debian community deserved, and it lead to Steve McIntyre asking “IMPORTANT: Do live Debian images have a future?“.

I decided to get involved and have been doing testing and bug fixes throughout the buster release cycle, and with today’s builds, I think we’re at a point where we have something good that’s ready for wide-scale testing.

The Buster live images come with something new that a bunch of other distributions have also adopted, which is the Calamares installer. Calamares is an independent installer project (They call it “The universal installer framework”) which offers a Qt based interface for installing a system. It doesn’t replace debian-installer on the live images, rather, it serves a different audience. Calamares is really easy to use, with friendly guided partitioning and really simple full-disk encryption setup. It doesn’t cover all the advanced features of debian-installer (although it very recently got RAID support) and it doesn’t have an unattended install mode either. However, for 95%+ of desktop and laptop users, Calamares is a much easier way to get a system installed, which makes it very appropriate for live systems. For anyone who needs anything more complicated, or who’s doing a mass-install, debian-installer is still available in both text and GUI forms.

An image is worth a thousand words, so here’s a bunch of screenshots showing what Calamares looks like on our Gnome live image:

Calamares Intro screen.
Select timezone and localisation.
Select keyboard model, layout and variant.
Partition disk and configure encryption.
Configure user and password.
Confirm choices.
Wait for installer to do the rest.
Reboot or continue live environment.

Download and test

Today’s images are available with the Cinnamon, Gnome, KDE, LXDE, LXqt, Mate, standard (text-only) and Xfce desktop environments for:

I haven’t yet tested the i386 images myself, so anything is possible there. We’re also planning an upcoming beta (well, it will be called a release candidate but that’s because it will be RC1 of debian-installer) so if anyone has some time to do some testing that would be great. It’s especially useful to test on a wide variety of supported hardware and ensure that things work as they should. We’re already looking a lot better than they last cycle, but that’s no reason to be overconfident.

Please file bugs for major problems or hardware support issues. Feature requests bugs or similar bugs aren’t really useful at this stage.

More screenshots

This wasn’t my personal first choice for default wallpaper, but I like its colours and they work really well with all the other elements.

ISO splash image when booting in legacy mode

GRUB boot loader
Plymouth boot splash
GDM Login Screen
Gnome desktop

What about bullseye?

The next Debian release, Debian 11, will be code named ‘bullseye’.

I’m planning to schedule a BoF at DebConf19 for Debian Live where we cover at least the following:

  • Reduce the number of i386 images. We currently have 8 of them and we probably just need one or two light variants for the i386 machines that’s still supported by Debian.
  • Get the desktop teams more involved. And ideally, have them test and sign off for their live variant for alphas, betas and the final release. If you’re a maintainer of a desktop environment, it would be great if you could attend this session.
  • Reduce the number of paper cuts in our live media. We’ve made some progress on these during this cycle, but there are some minor annoyances that remain that we’d like to completely eliminate next time.

Well, if you got this far, thanks for reading! You can also join us on irc on #debian-live and #debian-boot on the oftc network if you have any questions.

13 April, 2019 08:38PM

Costales: Podcast Ubuntu y otras hierbas S03E04: Ubuntu en Windows 10 y Ley de copyright Europea

Javier Teruelo y Marcos Costales conversaremos sobre qué implica que se pueda ejecutar el bash de Ubuntu en Windows 10 y sobre la nueva Ley de copyright de la Unión Europea, con sus polémicos artículos.

S03E04
Escúchalo en:

13 April, 2019 04:31PM by Costales (noreply@blogger.com)

hackergotchi for Whonix

Whonix

Qubes-Whonix version 14 (Debian stretch based) can be upgraded to version 15 (Debian buster based). - Testers Wanted!

@Patrick wrote:

Upgrades are possible.

Qubes-Whonix version 14 (Debian stretch based) can be upgraded to version 15 (Debian buster based).

Testers wanted!


New Qubes-Whonix 15 TemplateVM downloads are unavailable at this time and will require more time (prerequisite). Another news will be posted when these become available.


Other Whonix platforms version 15:
See Whonix News Blog

Posts: 17

Participants: 3

Read full topic

13 April, 2019 02:48PM by @Patrick

hackergotchi for ev3dev

ev3dev

LEGO releases MicroPython for EV3 based on ev3dev and Pybricks

EV3 MicroPython

LEGO just officially released MicroPython for LEGO MINDSTORMS EV3 and it runs on top of ev3dev!

With contributions from the community, LEGO has worked hard to make (Micro)Python programming more accessible than ever.

Head over to the LEGO Education website to give it a try.

EV3 MicroPython runs on top of ev3dev with a new Pybricks MicroPython runtime and library. It also comes with a dedicated Visual Studio Code extension that includes project templates and documentation to get started. EV3 MicroPython is designed to be easier to use for beginners by taking away some of the complexity of getting started with Python programming on the EV3.

At the same time, the Pybricks MicroPython runtime adds many exciting features that make EV3 robots more powerful and easier to control. This includes brand new drivers and APIs to make motor control easier and more accurate. We think that especially FLL teams will love features such as built-in gearing compensation, drive base classes, or integrated stall detection.

Once the source code for this Pybricks library is publicly available, it might find its way into regular ev3dev releases as well. It wouldn’t replace any existing libraries or runtimes — everything you know and love about ev3dev will continue to be included as well.

13 April, 2019 12:00AM by @laurensvalk

April 12, 2019

hackergotchi for Whonix

Whonix

Upgrade Whonix VirtualBox 14 -> Whonix VirtualBox 15 - Testers Wanted!

@Patrick wrote:

Upgrades are possible.

Whonix for VirtualBox version 14 (Debian stretch based) can be upgraded version 15 (Debian buster based).

Testers wanted!

Alternatively, see previous news for new image downloads: Whonix VirtualBox 15.0.0.0.7 - Debian buster based - Testers Wanted!


Other Whonix platforms version 15:
Qubes-Whonix / Whonix KVM: unavailable at this point. A separate call for testers will be posted later. Stay tuned!

Posts: 3

Participants: 2

Read full topic

12 April, 2019 06:13PM by @Patrick

hackergotchi for Univention Corporate Server

Univention Corporate Server

How To: Upgrade to the new UCS version 4.4

In March we launched the fourth minor release for Univention Corporate Server 4. The current version 4.4 offers a number of new features, as well as increased security and more convenience. In the blog article UCS 4.4 Release – Admin Diary, Self Services and Windows Domain Trusts we discussed the highlights of the new UCS version. With this article we will now demonstrate how easy it is to update to the new UCS – depending on your personal preferences either through the Univention Management Console (UMC) or using the commandline.

Preparing for the Upgrade to UCS

First, check that there is enough space on your hard drive. A standard installation requires about 10 GB; an upgrade to the new version 4.4 requires about 4 GB of additional disk space. If you manage an environment with more than one UCS machine, it is important that you maintain the following order when updating:

  1. First update the Domain Controller Master, which maintains the authoritative version of the LDAP directory service and replicates it to all other LDAP servers in the UCS domain.
  2. After the upgrade of the DC Master is completed, upgrade the remaining UCS systems (Domain Controller Backup, Domain Controller Slave or Member Server).

Whether you upgrade from the Univention Management Console or from the commandline, the procedure remains the same: First, update the software of the running UCS system (update existing packages), then upgrade to the next UCS version.

Upgrading UCS via UMC

Whenever there are new versions of currently installed packages or apps or a new UCS release, notification area in the the Univention Management Console notifies you. A click on this message will take you directly to the correct module (Software update).

In order to update all existing packages, scroll to Package updates and click the Install Package Updates button. After a short time, a small dialog box will appear listing the renewable packages. A click on Install starts the update.

If the system needs to be rebooted afterwards, it will indicate this – a click on the button of the same name will execute the reboot. Afterwards, simply log in again. The UMC module Software Update will also notify you if there is a new UCS release:

Click Install Release Updates to start the upgrade. A dialog box shows some guidelines for the upgrade, such as leaving the system running during the upgrade. You can also use this dialog to access the official release notes and the Univention Forum. Depending on the bandwidth and speed of the system itself, the upgrade may take a while. Again, you will need to confirm the system reboot.

Upgrading UCS using the Command Line

If access to the Univention Management Console is not possible (or you prefer to use the shell), you can upgrade to the next UCS version with a single command. To do this, log in as root user and run univention-upgrade.

Note: It is not recommended to do the upgrade via SSH, as the network connection may break down during the upgrade. If you want to upgrade a remote system, log in via SSH, run the screen tool, and then start the univention-upgradetool. This allows the upgrade to continue even if the SSH connection is being interrupted. Simply log back in and reactivate the session using screen -r.

After starting univention-upgrade, the script first shows which UCS version is already installed. A verification of the package sources follows. If package updates are available for the current system, install those first. Confirm the request with y, followed by [Enter].

 

As soon as all packages of the running system are up to date, the script checks if there are new app versions. You can either install them directly (by entering y) or after upgrading to the new UCS version via the Univention App Center.

The next step is to upgrade to the new UCS release. The script displays links to both the German and English release notes and also checks whether there is sufficient disk space. After the upgrade has finished, the script checks if there are upgradeable packages for the new UCS version, and imports them after you enter y. Once the upgrade is complete, reboot the system.

After the UCS Upgrade

If you enclounter problems during hte upgrade (or if you’are simply interested in some background information) take a look at the log file /var/log/univention/updater.log. Xou need root privileges to view the log.

In the Univention Forum, users and developers discuss the new release and its features. Search for 4.4 to filter for related posts. Also, feel free to ask your own questions in the forum.

Der Beitrag How To: Upgrade to the new UCS version 4.4 erschien zuerst auf Univention.

12 April, 2019 08:40AM by Christina Scheinig

hackergotchi for ev3dev

ev3dev

ev3dev-stretch is Stable

Python driving sample

Thanks to everyone who has downloaded ev3dev-stretch snapshots, tested the latest kernel and reported issues on GitHub. We’re declaring ev3dev-stretch as the new stable version of ev3dev.

That means we’re saying so-long to ev3dev-jessie and hello to ev3dev-buster as the new experimental version of ev3dev (we tend to lag behind one release from the official Debian project that ev3dev is based on). There might not be as much development going on as there used to be, but more people are using ev3dev now than there ever have been. We hope you have as much fun using it as we have had making it!

Note: If you really, really need ev3dev-jessie, you can still find the downloads on the GitHub releases page.

12 April, 2019 12:00AM by @dlech

April 11, 2019

hackergotchi for Whonix

Whonix

Whonix VirtualBox 15.0.0.0.7 - Debian buster based - Testers Wanted!

@Patrick wrote:

Testers Wanted!

Whonix was ported to Debian buster in this release.

Alternatively, in-place release upgrade is possible, see Upgrade Whonix VirtualBox 14 -> Whonix VirtualBox 15 - Testers Wanted!.


Download the Testers-Only version of Whonix for VirtualBox:


Other Whonix platforms version 15:
Qubes-Whonix / Whonix KVM: unavailable at this point. A separate call for testers will be posted later. Stay tuned!

Posts: 10

Participants: 2

Read full topic

11 April, 2019 09:46PM by @Patrick

hackergotchi for Cumulus Linux

Cumulus Linux

Kernel of Truth season 2 episode 5: The power of community

Subscribe to Kernel of Truth on iTunes, Google Play, SpotifyCast Box and Sticher!

Click here for our previous episode.

From developer days to hackathons and from events to forums, Slack and social media included- there’s a community out there waiting for you! In this episode, host Brian talks to community evangelist for Nutanix Angelo Luciani and our own Pete Lumbis about the power of community and self-service. What are the perks, both personally and professionally, that you get when you’re actively participating in a community? What are some communities and resources we’ve found useful? Grab a taco, listen and find out. We promise you’ll get the taco reference after listening.

Guest Bios

Brian O’Sullivan: Brian currently heads Product Management for Cumulus Linux. For 15 or so years he’s held software Product Management positions at Juniper Networks as well as other smaller companies. Once he saw the change that was happening in the networking space, he decided to join Cumulus Networks to be a part of the open networking innovation. When not working, Brian is a voracious reader and has held a variety of jobs, including bartending in three countries and working as an extra in a German soap opera. You can find him on Twitter at @bosullivan00.

Angelo Luciani: Angelo is a community evangelist for Nutanix. He gets to tell the Nutanix story to audiences all over the world. He is active in the virtualization community and also mentors others that need that extra lift. He is co-creator of Virtual Design Master the first online IT reality show, designed to uplevel viewers and participants IT design skills. He blogs at virtuwise.comand you can find him on Twitter at @angeloluciani .

Pete Lumbis: CCIE R&S #28677 and CCDE 2012::3, Pete is a Technical Marketing Engineer at Cumulus Networks. He helps customers build and design next generation, fully automated data centers. He can be found on Twitter at @PeteCCDE

11 April, 2019 09:32PM by Katie Weaver

hackergotchi for Purism PureOS

Purism PureOS

Coreboot News: New Script, Pre-built Binaries and PureBoot on Non-TPM Laptops

Things have been busy in the coreboot department, lately, and we are excited to announce a number of new improvements:

  • Pre-built binaries of our default coreboot BIOS firmware
  • Pre-built binaries of our tamper-evident PureBoot firmware
  • Improved script to automate coreboot builds and flashing from pre-built binaries
  • PureBoot tamper-evident support for non-TPM Librem 13 version 2 and Librem 15 version 3 systems

Pre-built Binaries

In the past, updating to our latest coreboot BIOS images required you to go through an automated, yet time-consuming process, of downloading and compiling coreboot from scratch. While we know that many people prefer building the firmware from source–after all that’s one of the big advantages to using free software –some would rather have the convenience of pre-built binaries, for the same reason they like pre-built binaries for regular OS packages.

This is a way of getting convenience while also knowing the ROM you are loading has already been tested for your particular laptop version. Just like with our regular coreboot BIOS, trying out our beta PureBoot firmware images–that use Heads instead of SeaBIOS–required users to go through a somewhat complicated process of building from source. While we hope to soon offer PureBoot as a pre-install option when you buy a laptop, in the mean time we will be providing pre-built PureBoot firmware binary images.

Starting today, you can get binary ROM images both for our traditional coreboot and PureBoot in the https://source.puri.sm/coreboot/releases repository. We’ve already disabled and neutralized the Intel Management Engine in these pre-built images as well. As we update and make improvements to coreboot, we will keep these images up-to-date—a great reference point if you want to make sure you are running firmware with the latest updates and security improvements.

Improved Flashing Script

Providing pre-built images is a good start to making our coreboot images easier to install and update, but we do realize most people don’t want to figure out how to use flashrom on the command line, and we are releasing a new and improved flashing script at https://source.puri.sm/coreboot/utility so it’s easier to either pull down the latest pre-built coreboot binary, or build it yourself. If you are using the traditional coreboot BIOS, it will even flash the update for you, whether you want to update the traditional SeaBIOS coreboot image or transition over to PureBoot. Current PureBoot users should flash from within the trusted Heads environment itself: the script detects it and provides users with instructions on which ROM file they should copy to a USB disk and flash.

To use the improved script, copy https://source.puri.sm/coreboot/utility/raw/master/coreboot_util.sh and run it as root. The README for the script lists what dependencies you need, and the script itself will also detect and alert you if you are missing packages it needs:

mkdir ~/updates
cd ~/updates
wget https://source.puri.sm/coreboot/utility/raw/master/coreboot_util.sh -O coreboot_util.sh
sudo bash ./coreboot_util.sh

PureBoot Tamper-evident Support for Legacy non-TPM Laptops

We make sure our own security, and our improvements aren’t limited to those who buy our latest hardware. This is why we ported coreboot to the Librem 13 version 1 and continue to provide coreboot updates to it and other early Librem laptops. One of the things I’m most excited to announce is that we have ported PureBoot tamper-evident support into Skylake-based Librem laptops without TPM chips! This means that if you have a Librem 13 version 2 or Librem 15 version 3 without a TPM, you can now use a Librem Key in place of your TPM chip and get similar protection against tampering!

Heads Using a Librem KeyHeads Using a Librem Key

How Does This Work Without A TPM?

When we first announced our partnership with Trammell Hudson to port Heads to our laptops, we also started offering TPM chips, first as an optional upgrade for an extra cost and ultimately installed by default for no extra charge. Until now, the TPM chip was needed to store all of the pre-approved firmware measurements securely, as that was the only method Heads supported; once we announced the addition of the Librem Key to our product line, we realized that there might be a way for the Librem Key to take the place of the TPM for older Librem laptops.

Traditionally, Heads will send measurements of itself to the TPM, and if it matches the pre-approved measurements you originally set up the TPM will unlock a secret that gets converted into a 6-digit HOTP code and sent to the Librem Key, which has its own copy of the secret and generates its own 6-digit HOTP code. If the code it receives over USB matches the code it generates, it flashes a green LED; otherwise it flashes a red LED to alert you of tampering.

When configured for a system without a TPM, and instead of using a random secret that’s unlocked with the correct firmware measurement, our PureBoot Heads ROM uses the firmware measurement itself—converted to a hash—as the secret. When originally setting it up, the Librem Key is to be configured to store a copy of that secret. Upon boot, Heads uses its own local flashrom to pull down a full copy of the running firmware, hashes it, and converts it into a 6-digit HOTP code. Like before, it sends that HOTP code to the Librem Key and the Librem Key compares it with the code it generates. If they match, green LED, if they don’t, red LED.

This method turns the Librem Key into a kind of external TPM—at least in the sense that the device itself is being sent firmware measurements instead of the TPM, in the form of a hash converted into a 6-digit code. The main practical difference you’ll notice is that the no-TPM solution takes an additional number of seconds at boot, before you will get to the first boot prompt—as it takes time to copy down the full firmware image.

What’s Next for Coreboot

We are working on a number of additional improvements to make coreboot, PureBoot and our coreboot update process even better. Among them is a migration to coreboot 4.9, compiling the PureBoot firmware from source and from within our firmware update script; more automation around the initial PureBoot and Librem Key setup process, and maybe—if there’s sufficient interest—backporting PureBoot to Broadwell-based Librem laptops (13 version 1 and 15 version 2).

11 April, 2019 02:05PM by Kyle Rankin

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Podcast from the UK LoCo: S12E01 – Bombjack

We’ve been playing with PCI Express to SATA SSD adapters and we discuss UBPorts becoming a foundation, Ubuntu 14.04 entering ESM, Ubuntu 19.04 beta, Ubuntu MATE 18.04 for the Raspberry Pi and GPD Pockets. Plus we round up some community events and news headlines.

It’s Season 12 Episode 01 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Toot us or Comment on our Facebook page or comment on our sub-Reddit.

11 April, 2019 02:00PM

hackergotchi for LiMux

LiMux

#explainIT: Blockchain erklärt

Oft fällt der Begriff Blockchain in Verbindung mit Kryptowährungen wie Bitcoin. Scheinbar ist das nur die Spitze des Eisberges, denn es wird sogar behauptet, dass diese Technologie ganze Industrien erneuern könnte. Aber was ist eine Blockchain … Weiterlesen

Der Beitrag #explainIT: Blockchain erklärt erschien zuerst auf Münchner IT-Blog.

11 April, 2019 06:11AM by Stefan Döring

April 09, 2019

hackergotchi for Ubuntu developers

Ubuntu developers

Timo Aaltonen: Intel NEO OpenCL driver for Disco

The past few months I’ve been packaging the bits needed for Intel’s new OpenCL driver, which they call NEO. The packages are now finally ready, you can enable ‘ppa:canonical-x/x-staging’ and install ‘intel-opencl’ on Disco. After installing it this is what ‘clinfo’ says on my laptop:

Number of platforms                               1
  Platform Name                                   Intel(R) OpenCL HD Graphics
  Platform Vendor                                 Intel(R) Corporation
  Platform Version                                OpenCL 2.1 
  Platform Profile                                FULL_PROFILE
  Platform Extensions                             cl_khr_3d_image_writes cl_khr_byte_addressable_store
    cl_khr_fp16 cl_khr_depth_images cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics
    cl_khr_icd cl_khr_image2d_from_buffer cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics
    cl_intel_subgroups cl_intel_required_subgroup_size cl_intel_subgroups_short cl_khr_spir
    cl_intel_accelerator cl_intel_media_block_io cl_intel_driver_diagnostics cl_intel_device_side_avc_motion_estimation
    cl_khr_priority_hints cl_khr_throttle_hints cl_khr_create_command_queue cl_khr_fp64 cl_khr_subgroups
    cl_khr_il_program cl_intel_spirv_device_side_avc_motion_estimation cl_intel_spirv_media_block_io
    cl_intel_spirv_subgroups cl_khr_spirv_no_integer_wrap_decoration cl_khr_mipmap_image cl_khr_mipmap_image_writes
    cl_intel_planar_yuv cl_intel_packed_yuv cl_intel_motion_estimation cl_intel_advanced_motion_estimation
    cl_intel_va_api_media_sharing 
  Platform Host timer resolution                  1ns
  Platform Extensions function suffix             INTEL

  Platform Name                                   Intel(R) OpenCL HD Graphics
Number of devices                                 1
  Device Name                                     Intel(R) Gen9 HD Graphics NEO
  Device Vendor                                   Intel(R) Corporation
  Device Vendor ID                                0x8086
  Device Version                                  OpenCL 2.1 NEO 
  Driver Version                                  1.0.0
  Device OpenCL C Version                         OpenCL C 2.0 
  Device Type                                     GPU
  Device Profile                                  FULL_PROFILE
  Device Available                                Yes
  Compiler Available                              Yes
  Linker Available                                Yes
  Max compute units                               24
  Max clock frequency                             1100MHz
  Device Partition                                (core)
    Max number of sub-devices                     0
    Supported partition types                     None
    Supported affinity domains                    (n/a)
  Max work item dimensions                        3
  Max work item sizes                             256x256x256
  Max work group size                             256
  Preferred work group size multiple              32
  Max sub-groups per work group                   32
  Sub-group sizes (Intel)                         8, 16, 32
  Preferred / native vector sizes                 
    char                                                16 / 16      
    short                                                8 / 8       
    int                                                  4 / 4       
    long                                                 1 / 1       
    half                                                 8 / 8        (cl_khr_fp16)
    float                                                1 / 1       
    double                                               1 / 1        (cl_khr_fp64)
  Half-precision Floating-point support           (cl_khr_fp16)
    Denormals                                     Yes
    Infinity and NANs                             Yes
    Round to nearest                              Yes
    Round to zero                                 Yes
    Round to infinity                             Yes
    IEEE754-2008 fused multiply-add               Yes
    Support is emulated in software               No
  Single-precision Floating-point support         (core)
    Denormals                                     Yes
    Infinity and NANs                             Yes
    Round to nearest                              Yes
    Round to zero                                 Yes
    Round to infinity                             Yes
    IEEE754-2008 fused multiply-add               Yes
    Support is emulated in software               No
    Correctly-rounded divide and sqrt operations  Yes
  Double-precision Floating-point support         (cl_khr_fp64)
    Denormals                                     Yes
    Infinity and NANs                             Yes
    Round to nearest                              Yes
    Round to zero                                 Yes
    Round to infinity                             Yes
    IEEE754-2008 fused multiply-add               Yes
    Support is emulated in software               No
  Address bits                                    64, Little-Endian
  Global memory size                              13253832704 (12.34GiB)
  Error Correction support                        No
  Max memory allocation                           4294959104 (4GiB)
  Unified memory for Host and Device              Yes
  Shared Virtual Memory (SVM) capabilities        (core)
    Coarse-grained buffer sharing                 Yes
    Fine-grained buffer sharing                   No
    Fine-grained system sharing                   No
    Atomics                                       No
  Minimum alignment for any data type             128 bytes
  Alignment of base address                       1024 bits (128 bytes)
  Preferred alignment for atomics                 
    SVM                                           64 bytes
    Global                                        64 bytes
    Local                                         64 bytes
  Max size for global variable                    65536 (64KiB)
  Preferred total size of global vars             4294959104 (4GiB)
  Global Memory cache type                        Read/Write
  Global Memory cache size                        524288 (512KiB)
  Global Memory cache line size                   64 bytes
  Image support                                   Yes
    Max number of samplers per kernel             16
    Max size for 1D images from buffer            268434944 pixels
    Max 1D or 2D image array size                 2048 images
    Base address alignment for 2D image buffers   4 bytes
    Pitch alignment for 2D image buffers          4 pixels
    Max 2D image size                             16384x16384 pixels
    Max planar YUV image size                     16384x16352 pixels
    Max 3D image size                             16384x16384x2048 pixels
    Max number of read image args                 128
    Max number of write image args                128
    Max number of read/write image args           128
  Max number of pipe args                         16
  Max active pipe reservations                    1
  Max pipe packet size                            1024
  Local memory type                               Local
  Local memory size                               65536 (64KiB)
  Max number of constant args                     8
  Max constant buffer size                        4294959104 (4GiB)
  Max size of kernel argument                     1024
  Queue properties (on host)                      
    Out-of-order execution                        Yes
    Profiling                                     Yes
  Queue properties (on device)                    
    Out-of-order execution                        Yes
    Profiling                                     Yes
    Preferred size                                131072 (128KiB)
    Max size                                      67108864 (64MiB)
  Max queues on device                            1
  Max events on device                            1024
  Prefer user sync for interop                    Yes
  Profiling timer resolution                      83ns
  Execution capabilities                          
    Run OpenCL kernels                            Yes
    Run native kernels                            No
    Sub-group independent forward progress        Yes
    IL version                                    SPIR-V_1.0 
    SPIR versions                                 1.2 
  printf() buffer size                            4194304 (4MiB)
  Built-in kernels                                block_motion_estimate_intel;block_advanced_motion_estimate_check_intel;block_advanced_motion_estimate_bidirectional_check_intel;
  Motion Estimation accelerator version (Intel)   2
    Device-side AVC Motion Estimation version     1
      Supports texture sampler use                Yes
      Supports preemption                         No
  Device Extensions                               cl_khr_3d_image_writes cl_khr_byte_addressable_store cl_khr_fp16 cl_khr_depth_images cl_khr_global_int32_base_atomics cl_khr_global_int32_extended_atomics cl_khr_icd cl_khr_image2d_from_buffer cl_khr_local_int32_base_atomics cl_khr_local_int32_extended_atomics cl_intel_subgroups cl_intel_required_subgroup_size cl_intel_subgroups_short cl_khr_spir cl_intel_accelerator cl_intel_media_block_io cl_intel_driver_diagnostics cl_intel_device_side_avc_motion_estimation cl_khr_priority_hints cl_khr_throttle_hints cl_khr_create_command_queue cl_khr_fp64 cl_khr_subgroups cl_khr_il_program cl_intel_spirv_device_side_avc_motion_estimation cl_intel_spirv_media_block_io cl_intel_spirv_subgroups cl_khr_spirv_no_integer_wrap_decoration cl_khr_mipmap_image cl_khr_mipmap_image_writes cl_intel_planar_yuv cl_intel_packed_yuv cl_intel_motion_estimation cl_intel_advanced_motion_estimation cl_intel_va_api_media_sharing 

NULL platform behavior
  clGetPlatformInfo(NULL, CL_PLATFORM_NAME, ...)  Intel(R) OpenCL HD Graphics
  clGetDeviceIDs(NULL, CL_DEVICE_TYPE_ALL, ...)   Success [INTEL]
  clCreateContext(NULL, ...) [default]            Success [INTEL]
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_DEFAULT)  Success (1)
    Platform Name                                 Intel(R) OpenCL HD Graphics
    Device Name                                   Intel(R) Gen9 HD Graphics NEO
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_CPU)  No devices found in platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_GPU)  Success (1)
    Platform Name                                 Intel(R) OpenCL HD Graphics
    Device Name                                   Intel(R) Gen9 HD Graphics NEO
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_ACCELERATOR)  No devices found in platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_CUSTOM)  No devices found in platform
  clCreateContextFromType(NULL, CL_DEVICE_TYPE_ALL)  Success (1)
    Platform Name                                 Intel(R) OpenCL HD Graphics
    Device Name                                   Intel(R) Gen9 HD Graphics NEO
  ICD loader properties
  ICD loader Name                                 OpenCL ICD Loader
  ICD loader Vendor                               OCL Icd free software
  ICD loader Version                              2.2.11
  ICD loader Profile                              OpenCL 2.1

I’ll check with Intel if some of the ‘no devices found’ are to be expected or not..

It’s still possible these might end up in the 19.04 release, we’ll see. They’re also uploaded to Debian, though with the Buster release keeping everyone busy I’m sure it’ll take some time to get them all through the NEW queue.

NOTE: if you already have the stack installed from Intel’s github repo, please uninstall it first. Otherwise there will be file conflicts since the package names won’t match.

09 April, 2019 04:11PM

hackergotchi for Purism PureOS

Purism PureOS

Purism at LibrePlanet 2019 – Showcasing the Librem 5 Phone

This year’s edition of LibrePlanet went on so well, we had people stopping by to ask questions before the conference was open for the day.

Purism’s booth was busy, and people were happy to see us. Nearly everyone we talked to had been following our progress, and everyone was excited to see things in-person. We showcased the fourth version of Librem laptops, and made regular demonstrations of both PureBoot on a Librem 13v4 and Librem Key. Above all, we drew a lot of excitement around the in-person viewing of the Librem 5 devkit. So much excitement, we really wanted to write about the commotion caused by the Librem 5 development – and specially about the devkit demonstration – not only among the audience but also within our own team members.

The Librem 5 phone may still be months away from delivery, but the Librem 5 devkit is under very rapid development. Showcasing our progress is something we’re very proud of, so at the first day of LibrePlanet we whet the appetite of audience members by showcasing sub ten-second boot times from powered-off state to unlock-screen… and we also showed off the initial application support of calling, settings, chat/sms, and browser.

But it gets better: on the second day we drew audible gasps of astonishment – from people in the audience and staff alike – when we demonstrated a voice call from a phone to the Librem 5 devkit and it rang on cue, alerting of the incoming voice call. To add to the excitement, the Purism staff then powered up a second Librem 5 devkit and opened the chat/sms program and sms (text) – and messaged to and from another staff member over the cellular connection.

Purism's booth (and part of the team) at LibrePlanet 2019

The Librem 5 as a product highlights the impressively diverse nature of our team’s expertise at Purism – from schematics through kernel development, through the creation of phosh; from the authorship of libhandy to initial adaptive design of core applications such as Web to PureOS Store and house curated applications, all the way to custom in-house design and the development of Calls, and Chat. A good summary to our presence at LibrePlanet, a few weeks ago, is that it ended up being an impressive demonstration of what people expect to get when the Librem 5 begins shipping in Q3 of 2019. And how amazed they will be at what they get.

09 April, 2019 04:08PM by Todd Weaver