You are here

Site në gjuhë të huaj

Ubuntu Insights: Canonical and AWS partner to deliver world-class support in the cloud

Planet UBUNTU - Hën, 28/11/2016 - 6:38md

In today’s software world, support is many times an afterthought or an expensive contract used only to keep-up with the latest patches, updates, and versions. Hidden costs to upgrade software, including downtime, scheduling, and planning are also factors that need to be considered. Canonical does not believe the traditional norms of support apply. Our leading support product Ubuntu Advantage (UA) is a professional support package that provides Ubuntu users with the backing needed to be successful.

This week at AWS’ Re:invent 2016 conference we are announcing the ability to purchase UA Virtual Guest via AWS marketplace. Ubuntu Advantage Virtual Guest is designed for virtualized enterprise workloads on AWS, which use official Ubuntu images. The tooling, technology, and expertise of UA is available via the AWS marketplace with just a few clicks. It includes:

  • Access to Landscape (SaaS version), the system’s management tool for using Ubuntu at scale
  • Canonical Livepatch Service, which allows users to apply critical kernel patches without rebooting on Ubuntu 16.04 LTS images using the Linux 4.4 kernel
  • Up to 24×7 telephone and web support and the option of a dedicated Canonical support engineer
  • Access to the Canonical Knowledge Hub and regular security bug fixes

Further, the added benefits of accessing Ubuntu Advantage through AWS Marketplace SaaS model are hourly pricing rates based on the quantity of customers actual Ubuntu usage on AWS, their SLA requirements, and centralized billing through users AWS Marketplace account. Customers pay for what they consume within their account, no more.

Innovation and leadership on display at Re:invent 2016

The ability to buy UA through the AWS Marketplace is just the beginning. At Re:invent we will be showcasing many of our solutions that support Big Software including:

Containers are changing how software is deployed and operated. Canonical is also actively innovating around containers with our machine container solution LXD, providing the density and efficiency of containers, but with the manageability and security of virtual machines; enhanced partnerships with partners like Docker, the CNCF and others around process container orchestration. Finally, our Canonical Distribution of Kubernetes provides a ‘pure K8s’ experience across any cloud.

Juju for service modeling and Charms to make software deployments painless. Juju is an open source service modeling platform that makes it easy to deploy and operate complex, interlinked, dynamic software stacks. Juju has hundreds of preconfigured services called Juju Charms available in the Juju store. For example, Juju makes it easy to stand-up and scale up or down Hadoop, Kubernetes, Ceph, MySQL, etc. all without disruption to the cloud environment.

Snaps for product interoperability and enablement. Snaps is a new packaging format used to securely bundle any software as an app, making updates and rollbacks simple. A snap is a fancy zip file containing an application together with its dependencies, and a description of how it should be safely run on your system, especially the different ways it should talk to other software. Most importantly snaps are secure, sandboxed, containerised applications isolated from the underlying system and from other applications. Snaps allow the safe installation of apps from any vendor on mission critical devices and desktops. Canonical’s Ubuntu Core is the leading open source Snap-enabled production operating system which powers anything from robots, drones, industrial IoT gateways, network equipment, digital signage, mobile base stations, refrigerators, and more.

Even as the cost of software has declined, the expense to operate today’s complex and distributed solutions have increased as many companies have found themselves managing these systems in a vacuum. Even for experts, deploying, and operating containers and Kubernetes at scale can be a daunting task. However, by deploying Ubuntu, Juju for software modeling, and Canonical’s Kubernetes distribution helps organizations to make deployment simplified. Further, we have certified our distribution of Kubernetes to work with most major public clouds as well as on-premise infrastructure like VMware or bare-metal Metal as a Service (MaaS) solutions thereby eliminating many of the integration and deployment headaches.

Most of these solutions can be used and deployed in production with your AWS EC2 credentials today. What’s more, they are supported with a professional SLAs from Canonical. We are also looking for innovative ISVs and forward thinking systems integrators to help us drive value for our customers and bring compelling solutions to market.

At AWS Re:invent 2016, we will be talking about all this and more at booth 2341 in Hall D.

Michal Čihař: phpMyAdmin security issues

Planet Debian - Hën, 28/11/2016 - 6:00md

You might wonder why there is so high number of phpMyAdmin security announcements this year. This situations has two main reasons and I will comment a bit on those.

First of all we've got quite a lot of attention of people doing security reviews this year. It has all started with Mozilla SOS Fund funded audit. It has discovered few minor issues which were fixed in the 4.6.2 release. However this was really just the beginning of the story and the announcement has attracted quite some attention to us. In upcoming weeks the security@phpmyadmin.net mailbox was full of reports and we really struggled to handle such amount. Handling that amount actually lead to creating more formalized approach to handling them as we clearly were no longer able to deal with them based on email only. Anyway most work here was done by Emanuel Bronshtein, who is really looking at every piece of our code and giving useful tips to harden our code base and infrastructure.

Second thing which got changed is that we release security announcements for security hardening even when there might not be any practical attack possible. Typical example here might be PMASA-2016-61, where using hash_equals is definitely safer, but even if the timing attack would be doable here, the practical result of figuring out admin configured allow/deny rules is usually not critical. Many of the issues also cover quite rare setups (or server misconfigurations, which we've silently fixed in past) like PMASA-2016-54 being possibly caused by server executing shell scripts shipped together with phpMyAdmin.

Overall phpMyAdmin indeed got safer this year. I don't think that there was any bug that would be really critical, on the other side we've made quite a lot of hardenings and we use current best practices when dealing with sensitive data. On the other side, I'm pretty sure our code was not in worse shape than any similarly sized projects with 18 years of history, we just become more visible thanks to security audit and people looked deeper into our code base.

Besides security announcements this all lead to generic hardening of our code and infrastructure, what might be not that visible, but are important as well:

  • All our websites are server by https only
  • All our releases are PGP signed
  • We actively encourage users to verify the downloaded files
  • All new Git tags are PGP signed as well

Filed under: Debian English phpMyAdmin SUSE | 0 comments

Michael Meeks: 2016-11-28 Monday.

Planet GNOME - Hën, 28/11/2016 - 5:55md
  • Up lateish, practices with babes; mail chew. Team calls variously, chat with Georg. Reviewed some online QA pieces.

Ubuntu Insights: Mir is not only about Unity8

Planet UBUNTU - Hën, 28/11/2016 - 4:41md

This is a guest post by Alan Griffiths, Software engineer at Canonical. If you would like to contribute a guest post, please contact ubuntu-devices@canonical.com

Mir is a project to support the management applications on the display(s) of a computer. It can be compared to the more familiar X-Windows used on the current Ubuntu desktop (and many others). I’ll discuss some of the motivation for Mir below, but the point of this post is to clarify the relationship between Mir and Unity8.

Most of the time you hear about Mir it is mentioned alongside Unity8. This is not surprising as Unity8 is Canonical’s new user interface shell and the thing end-users interact with. Mir “only” makes this possible. Unity8 is currently used on phones and tablets and is also available as a “preview” on the Ubuntu 16.10 desktop.

Here I want to explain that Mir is available to use without Unity8. Either for an alternative shell, or as a simpler interface for embedded environments: information kiosks, electronic signage, etc. The evidence for this is proved by the Mir “Abstraction Layer” which provides three important elements:

1.libmiral.so – a stable interface to Mir providing basic window management;
2. miral-shell – a sample shell offering both “traditional” and “tiling” window management; and,
3. miral-kiosk – a sample “kiosk” offering only basic window management.

The miral-shell and miral-kiosk sample servers are available from the zesty archive and Kevin Gunn has been blogging about providing a miral-kiosk based “kiosk” snap on “Voices”. I’ll give a bit more detail about using these examples below, but there is more (including “how to” develop your own alternative Mir server) on my “voices” blog.

USING MIR

Mir is a set of programming libraries, not an application in its own right. That means it needs applications to use it for anything to happen. There are two ways to use the Mir libraries: as a “client” when writing an application, or as a “server” when implementing a shell. Clients (as with X11) typically use a toolkit rather than using Mir (or X11) directly.

There’s Mir support available in GTK, Qt and SDL2. This means that applications using these toolkits should “just work” on Mir when that support is enabled in the toolkit (which is the default in Ubuntu). In addition there’s Xmir: an X11 server that runs on Mir, this allows X based applications to run on Mir servers.

But a Mir client needs a corresponding Mir server before anything can happen. Over the last development cycle the Mir team has produced MirAL as the recommended way to write Mir servers and a package “miral-examples” by way of demonstration. For zesty, the development version of Ubuntu, you can install from the archive:

$ sudo apt install miral-examples mir-graphics-drivers-desktop qtubuntu-desktop

For other platforms you would need to build MirAL this yourself (see An Example Mir Desktop Environment for details).

With miral-examples installed you can run a Mir server as a window on your Unity7 desktop and start clients (such as gedit) within it as follows:

$ miral-shell& $ miral-run gedit

This will give you (very basic) “traditional” desktop window management. Alternatively, you can try “tiling” window management:

$ miral-shell --window-manager tiling& $ miral-run qterminal

Or the (even more basic) kiosk:

$ miral-kiosk& $ miral-run 7kaa

None of these Mir servers provide a complete “desktop” with support for a “launcher”, notifications, etc. but they demonstrate the potential to use Mir without Unity8.

THE PROBLEM MIR SOLVES

The X-Windows system has been, and remains, immensely successful in providing a way to interact with computers. It provides a consistent abstraction across a wide range of hardware and drivers. This underlies many desktop environments and graphical user interface toolkits and lets them work together on an enormous range of computers.

But it comes from an era when computers were used very differently from now, and there are real concerns today that are hard to meet given the long legacy that X needs to support.
In 1980 most computers were big things managed by specialists and connecting them to one another was “bleeding edge”. In that era the cost of developing software was such that any benefit to be gained by one application “listening in” on another was negligible: there were few computers, they were isolated, and the work they did was not open to financial exploitation.

X-Windows developed in this environment and, through a series of extensions, has adapted to many changes. But it is inherently insecure: any application can find out what happening on the display (and affect it). You can write applications like Xeyes (that tracks the cursor with its “eyes”) or “Tickeys” (that listens to the keyboard to generate typewriter noises). The reality is that any and all applications can track and manipulate almost all of what is happening. That is how X based desktops like Unity7, Gnome, KDE and the rest work.

The open nature of window management in X-Windows is poorly adapted to a world with millions of computers connected to the Internet, being used for credit card transactions and online banking, and managed by non-experts who willingly install programs from complete strangers. There has been a growing realization that adapting X-Windows to the new requirements of security and graphics performance isn’t feasible.

There are at least two open source projects aimed at providing a replacement: Mir and Wayland. While some see these as competing, there are a lot of areas where they have common interests: They both need to interact with other software that previously assumed X11, and much of the work needed to introduce support alternatives benefits both projects.

Canonical’s replacement for X-Windows, Mir, only exposes the information to an application that it needs to have (so no snooping on keystrokes, or tracking the cursor). It can meet the needs of the current age and can exploit modern hardware such as graphics processors.

Ubuntu Podcast from the UK LoCo: S09E39.2 – Le CrossOver Number 2 - Ubuntu Podcast

Planet UBUNTU - Hën, 28/11/2016 - 4:00md

It’s Le CrossOver #2! Marius Quabeck, Rudy, Martin Wimpress and Max Kristen are connected and speaking to your brain.

Four complete strangers make a podcast during UbuCon Europe 2016 at the Unperfekthaus in Essen, Germany.

That’s all for Le CrossOver #2! If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Clint Adams: Not the Grace Hopper Conference

Planet Debian - Hën, 28/11/2016 - 2:56md

Do you love porting? For ideas on how to make GHC suck less on your favorite architecture, see this not-at-all ugly table.

Richard Hughes: Linux communities, we need your help!

Planet GNOME - Hën, 28/11/2016 - 12:35md

There are a lot of Linux communities all over the globe filled with really nice people who just want to help others. Typically these people either can’t (or don’t feel comfortable) coding, and I’d love to harness some of that potential by adding a huge number of new application reviews to the ODRS. At the moment we have about 1100 reviews, mostly covering the more popular applications, and also mostly written in English.

What I would love is for a few groups of people to come together for their next LUG/outreach/InstallFest and sit down together somewhere cozy and write a few reviews. Bonus points if you use a less-well-known application, and even more points if you can write in a language other than English. Submitting a review is easy; just open up GNOME Software, find the application, and click ‘Write a Review‘ at the bottom of the page.

Application reviews help new users what to install, and the star ratings you give means we can return useful search results full of great applications. Please write an email, ask about helping the ODRS, and perhaps you can help a lot of new users next time you meet with your Linuxy friends.

Thanks!

Emmanuele Bassi: This week in GTK+ – 26

Planet GNOME - Hën, 28/11/2016 - 11:51pd

In this last week, the master branch of GTK+ has seen 40 commits, with 1551 lines added and 1998 lines removed.

Planning and status
  • Matthias Clasen released the first GTK+ 3.89 development snapshot
  • The GTK+ road map is available on the wiki.
Notable changes

On the master branch:

  • Andrew Chadwick landed a series of fixes for graphic tablets support on Windows
  • Benjamin Otte removed the gtk_cairo_should_draw_window() utility function; the function was introduced for compatibility in the 3.x API, but now it’s not necessary any more
  • Benjamin also removed gdk_window_process_updates() and gdk_window_process_all_updates(); GDK has long since been switched to a frame clock; additionally, only top level GdkWindow can be used as a rendering surface
  • Lapo Calamandrei updated the High Contrast and Adwaita theme with the recent round of CSS improvements for progress bars and gradients
Bugs fixed
  • 774114 – Window shadows are repainted even if only the contents of the window change
  • 774695 – GtkProgressbar needs full and empty classes
  • 774265 – No tilt for wintab devices
  • 774699 – [wintab, potential segfault]: list iteration regression causes odd-indexed devices to be ignored during lookup & e.g. present no pressure
  • 775038 – Build: Add wayland to GSKs dependencies
  • 774917 – [wayland] child subsurfaces need to be placed relative to their parent
  • 774893 – Application font sizes scaling gets clamped to 1.00 when starting GtkInspector
  • 774939 – GtkLabelAccessible: Initialize link before setting parent
  • 774760 – inspector: ensure controller is a GtkGesture
  • 774686 – GtkMenu does not unref all GtkCheckMenuItem it creates
  • 774743 – GtkNotebook does not unref all GtkBuiltinIcon it creates
  • 774790 – GtkTextHandle does not unref all GtkAdjustment it references
Getting involved

Interested in working on GTK+? Look at the list of bugs for newcomers and join the IRC channel #gtk+ on irc.gnome.org.

Stefano Zacchiroli: last week to take part in the Debian Contributors Survey

Planet Debian - Hën, 28/11/2016 - 11:27pd
Debian Contributors Survey 2016

About 3 weeks ago, together with Molly and Mathieu, we launched the first edition of the Debian Contributors Survey. I won't harp on it any further, because you can find all relevant information about it on the Debian blog or as part of the original announcement.

But it's worth noting that you've now only one week left to participate if you want to: the deadline for participation is 4 December 2016, at 23:59 UTC.

If you're a Debian contributor and would like to participate, just go to the survey participation page and fill in!

Pau Garcia i Quiles: Desktops DevRoom @ FOSDEM 2017: you are still on time to submit a talk

Planet Debian - Hën, 28/11/2016 - 1:24pd

FOSDEM 2016 is going to be great (again!) and you still have the chance to be one of the stars.

Have you submitted your talk to the Desktops DevRoom yet?

No?

Remember: we will only accept proposals until December 5th. After that, the Organization Team will get busy and vote and choose the talks.

Here is the full Call for Participation, in case you need to check the details on how to submit:

FOSDEM Desktops DevRoom 2017 Call for Participation

Topics include anything related to the Desktop: desktop environments, software development for desktop/cross-platform, applications, UI, etc

Dirk Eddelbuettel: anytime 0.1.1: More robust

Planet Debian - Dje, 27/11/2016 - 10:09md

CRAN just accepted the newest release 0.1.1 of anytime, following the previous five releases since September.

anytime is a very focussed package aiming to do just one thing really well: to convert anything in integer, numeric, character, factor, ordered, ... format to POSIXct (or Date) objects -- and to do so without requiring a format string.

See the anytime page, or the GitHub README.md for a few examples, or just consider the following illustration:

R> library(anytime) R> anytime("20161107 202122") ## all digits [1] "2016-11-07 20:21:22 CST" R> utctime("2016Nov07 202122") ## UTC parse example [1] "2016-11-07 14:21:22 CST" R>

Release 0.1.1 robustifies two aspects. The 'digits only' input above extends what Boost Date_Time can parse and relies on simple-enough pre-processing. This operation is now more robust. We also ensure that input already of class Date is simply passed through by anydate() or utcdate(). Last but not least we added code coverage support, which oh-so-predictably lead us to game this metric to reach the elusive 100% coverage.

The NEWS file summarises the release:

Changes in anytime version 0.1.1 (2016-11-27)
  • Both anydate() and utcdate() no longer attempt to convert an input value that is already of type Date.

  • The string splitter (needed for the 'all-digits' formats extending Boost Date_time) is now more defensive about the input argument and more robust. Thanks to Bob Jansen for the heads-up (PR #30 closing issue #29).

  • Code coverage reporting has been added (PR #31).

Courtesy of CRANberries, there is a comparison to the previous release. More information is on the anytime page.

For questions or comments use the issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Michael Meeks: 2016-11-27 Sunday.

Planet GNOME - Dje, 27/11/2016 - 10:00md
  • NCC in the morning, back for lunch with Peter, Dianne & Lydia, lovely to see them. Took N. and E. to a pre-exam concert in the afternoon, followed by much slugging; feeling increasingly unwell unfortunately.

Eriberto Mota: Debian with three monitors under low cost graphics interface

Planet Debian - Dje, 27/11/2016 - 7:27md

Since 2008 I use two monitors in my desktop. Yesterday I bought a new graphics interface and a third monitor. Some time I was looking for a low cost graphics interface. Ok, I am using GeForce GT 740 which has three output ports: VGA, DVI and HDMI. In Brazil this interface card can be found around R$ 400 (US$ 117, but my card was US$ 87 in Brazilian Black Friday). In Amazon.com, it is between US$ 51 and US$ 109. The chosen manufacturer was Zotac, but all GT 740 and 750 will work fine (I tested the GT 750 too).

The GeForce GT 740 was imediatelly recognised by Debian Jessie with kernel Linux 4.7.0 from Backports (it is my default, so I didn't test with original 3.16 kernel). The driver used was the default X.Org Nouveau. I use KDE and the management was easy.

I hope this post can help people interested in use 3 monitors. Enjoy!

 

Sujeevan Vijayakumaran: UbuCon Europe in the retrospective

Planet UBUNTU - Dje, 27/11/2016 - 12:30md

Last weekend the very first UbuCon Europe took place in Essen, Germany. It was the second UbuCon where I was the head of the organisation team. But this one was the first international UbuCon, which had a few more challenges compared to a national UbuCon. ;)

This blog posts focuses on both: the event itself and some information about the organisation.

Thursday

The first unofficial day of the UbuCon was Thursday, where some people already arrived from different countries. We were already ten people from five different countries and we visited the Christmas market in Essen, which opened on that day. Gladly we had Nathan Haines with us, so he could translate all the alcoholic drinks from German to English, because I don't know anything about that. ;)

Friday

The first official day started in the afternoon with a guided tour through Zeche Zollverein. We were 18 people, this time from eight different countries. The tour showed us the history of the local area with the coal mines which were active in the past. They showed us the whole production line from the coal mining to the processing. The tour took two hours and after that we went to the Unperfekthaus, where the first social event of the weekend took place. There, we were roughly fifty persons mostly drinking, eating and talking.

It was also the first chance to see familiar and new faces again!

Saturday

Saturday started with my quick introduction to the event. After that Canonical CEO Jane Silber hold the first keynote where she talked mostly about the IoT and the Cloud. I was glad that she followed my invitation, even though she had to leave after lunch. The day was packed with different talks and workshops.

I sadly couldn't join every talk but the talks from Microsoft about "Bash on Ubuntu on Windows" was quite interesting. Laura Czajkowskis talk about "Supporting Inclusion & Involvement in a Remote Distributed Team" was short but also interesting. The day ended with the raffle and the UbuCon Quiz. Everyone could buy an unlimited amount of raffle ticket for 1€ so there were a few people with more than ten tickets. We mostly had different Ubuntu USB-Sticks, three Ubuntu Books, Microsoft T-Shirts, a Nextcloud Box and the bq Aquaris M10 Tablet which were pretty popular. Funnily some people won more than one prize. The UbuCon Quiz afterwards was funny too. The ultimate answer to every question seemed to be "Midnight Commander" :). After the quiz the second social event started and was joined by about 80 persons.

Sunday

After the long Saturday the started again at around 10 o'clock in the morning. There were different talks and workshops again. Daniel Holbach did a workshop on how to create snaps, Costales did a talk about his navigation app uNav. Later Alan Pope talked about how to bring an app as a snap to the store. Elizabeth K. Joseph was talking on how to build a career with Ubuntu and FOSS and Olivier Paroz talked about Nextcloud and the upcoming features.

The day and also the conference ended on 5pm. At that time many people were already on their way back home.

Conclusion

We've welcomed 130 persons from 17 different countries and three continents. Originally I didn't expect that many people from other countries. In the end there were 55 % attendees from Germany. In the last year we had a similar amount of people who attended the German UbuCon. Personally I'm pretty happy that the event took place without big issues or problems. The biggest problem was just the payment which was rather complicated for most of the people. It was a good decision to use the Unperfekthaus as a venue for our event. We didn't have to organise food and drinks, because that was already included. The projectors were already setted up and even the WiFi worked without problems. The mix of the talks were good too: We had different levels of talks, for beginners and for advanced users and developers.

At this place I want to thank to a lot of people. First of all to Canonicals Community-Team including David Planella, Michael Hall, Daniel Holbach and Alan Pope who helped us with the overall organisation and where always ready when we needed help. Also, thanks to Marius Quabeck and Ilonka O. who joined the weekly hangouts with the Community-Team and helped in a lot of smaller and bigger organisation stuff, too. Jonathan Liebers and Jens Holschbach actually brought the UbuCon to Essen, even though the Unperfekthaus wasn't the first choice. Ilonka and Veit Jahns also helped with the handling of all the submitted talks and workshops. Sarah, Peter and Philipp were on the wrong place at the wrong time and got recruited to handle the registration desk: Thanks and Sorry ;)! Last but not the least Torsten Franz and Thoralf Schilde from the ubuntu Deutschland e.V. who were our legal entity to host the UbuCon and handle all the bills.

Also: Never forget the Sponsors: Microsoft, otris software AG, Nextcloud, bytemine, b1 systems, ubuntu-fr and Ubuntu User.

Besides the help in the organisation I also want to thank every speaker and visitor who actually formed the content of the conference. I'm really glad that so many people said that they liked it and I'm really looking forward for next years UbuCon Europe which will take place in Paris, France!

See you there!

Hubert Figuiere: libopenraw 0.1.0

Planet GNOME - Dje, 27/11/2016 - 6:09pd

I just released libopenraw 0.1.0. It is to be treated as a snapshot as it hasn't reached the level of functionality I was hoping for and it has been 5 years since last release.

Head on to the download page to get a tarball.

Several new API, some API + ABI breakage. Now the .pc files are parallel installable.

Colin King: stress-ng 0.07.07 released

Planet UBUNTU - Sht, 26/11/2016 - 11:35pd
stress-ng is a tool that I have been developing on-and-off for a few years. It is designed to stress kernels to force out bugs, stress CPU and memory and also contains some performance benchmarking metrics too.

stress-ng is now entering the maturity part of the development phase, however, there is always scope to add new stressors and generally improve the tool.   I've just released version 0.07.07 for the Ubuntu Zesty 17.04 release and it contains a few additional features:
  • SIGUSR2 sent to stress-ng will dump out the current system load and memory statistics
  • Sched policy stress tests for different scheduler configurations
  • Add a missing --sockfd-port option
And various bug fixes:
  • Fixed up some minor memory leaks
  • Missing counter stats on bind-mount, fp-error, personality and resources stressors
  • Fix the --fiemap-bytes option
  • Fix up build warnings with various compilers and static analyzers
The major change to stress-ng over the past month was an internal re-working of system call and GNU features to abstract these into a shim layer to reduce the number build conditional #ifdef paths around code. This simplifies portability, so the code now builds more easily across a range of systems and with various versions of gcc and clang and fixes some issues on older kernels too.   This makes the code also faster to statically analyze with cppcheck.

For more details, visit the stress-ng project page or the quick help guide.

Julian Andres Klode: Starting the faster, more secure APT 1.4 series

Planet Debian - Sht, 26/11/2016 - 12:43pd

We just released the first beta of APT 1.4 to Debian unstable (beta here means that we don’t know any other big stuff to add to it, but are still open to further extensions). This is the release series that will be released with Debian stretch, Ubuntu zesty, and possibly Ubuntu zesty+1 (if the Debian freeze takes a very long time, even zesty+2 is possible). It should reach the master archive in a few hours, and your mirrors shortly after that.

Security changes

APT 1.4 by default disables support for repositories signed with SHA1 keys. I announced back in January that it was my intention to do this during the summer for development releases, but I only remembered the Jan 1st deadline for stable releases supporting that (APT 1.2 and 1.3), so better late than never.

Around January 1st, the same or a similar change will occur in the APT 1.2 and 1.3 series in Ubuntu 16.04 and 16.10 (subject to approval by Ubuntu’s release team). This should mean that repository provides had about one year to fix their repositories, and more than 8 months since the release of 16.04. I believe that 8 months is a reasonable time frame to upgrade a repository signing key, and hope that providers who have not updated their repositories yet will do so as soon as possible.

Performance work

APT 1.4 provides a 10-20% performance increase in cache generation (and according to callgrind, we went from approx 6.8 billion to 5.3 billion instructions for my laptop’s configuration, a reduction of more than 21%). The major improvements are:

We switched the parsing of Deb822 files (such as Packages files) to my perfect hash function TrieHash. TrieHash – which generates C code from a set of words – is about equal or twice as fast as the previously used hash function (and two to three times faster than gperf), and we save an additional 50% of that time as we only have to hash once during parsing now, instead of during look up as well. APT 1.4 marks the first time TrieHash is used in any software. I hope that it will spread to dpkg and other software at a later point in time.vendors.

Another important change was to drop normalization of Description-MD5 values, the fields mapping a description in a Packages files to a translated description. We used to parse the hex digits into a native binary stream, and then compared it back to hex digits for comparisons, which cost us about 5% of the run time performance.

We also optimized one of our hash functions – the VersionHash that hashes the important fields of a package to recognize packages with the same version, but different content – to not normalize data to a temporary buffer anymore. This buffer has been the subject of some bugs (overflow, incompleteness) in the recent past, and also caused some slowdown due to the additional writes to the stack. Instead, we now pass the bytes we are interested in directly to our CRC code, one byte at a time.

There were also some other micro-optimisations: For example, the hash tables in the cache used to be ordered by standard compare (alphabetical followed by shortest). It is now ordered by size first, meaning we can avoid data comparisons for strings of different lengths. We also got rid of a std::string that cannot use short string optimisation in a hot path of the code. Finally, we also converted our case-insensitive djb hashes to not use a normal tolower_ascii(), but introduced tolower_ascii_unsafe() which just sets the “lowercase bit” (| 0x20) in the character.

Others
  • Sandboxing now removes some environment variables like TMP from the environment.
  • Several improvements to installation ordering.
  • Support for armored GPG keys in trusted.gpg.d.
  • Various other fixes

For a more complete overview of all changes, consult the changelog.


Filed under: Debian, Ubuntu

Julian Andres Klode: Starting the faster, more secure APT 1.4 series

Planet UBUNTU - Sht, 26/11/2016 - 12:43pd

We just released the first beta of APT 1.4 to Debian unstable (beta here means that we don’t know any other big stuff to add to it, but are still open to further extensions). This is the release series that will be released with Debian stretch, Ubuntu zesty, and possibly Ubuntu zesty+1 (if the Debian freeze takes a very long time, even zesty+2 is possible). It should reach the master archive in a few hours, and your mirrors shortly after that.

Security changes

APT 1.4 by default disables support for repositories signed with SHA1 keys. I announced back in January that it was my intention to do this during the summer for development releases, but I only remembered the Jan 1st deadline for stable releases supporting that (APT 1.2 and 1.3), so better late than never.

Around January 1st, the same or a similar change will occur in the APT 1.2 and 1.3 series in Ubuntu 16.04 and 16.10 (subject to approval by Ubuntu’s release team). This should mean that repository provides had about one year to fix their repositories, and more than 8 months since the release of 16.04. I believe that 8 months is a reasonable time frame to upgrade a repository signing key, and hope that providers who have not updated their repositories yet will do so as soon as possible.

Performance work

APT 1.4 provides a 10-20% performance increase in cache generation (and according to callgrind, we went from approx 6.8 billion to 5.3 billion instructions for my laptop’s configuration, a reduction of more than 21%). The major improvements are:

We switched the parsing of Deb822 files (such as Packages files) to my perfect hash function TrieHash. TrieHash – which generates C code from a set of words – is about equal or twice as fast as the previously used hash function (and two to three times faster than gperf), and we save an additional 50% of that time as we only have to hash once during parsing now, instead of during look up as well. APT 1.4 marks the first time TrieHash is used in any software. I hope that it will spread to dpkg and other software at a later point in time.vendors.

Another important change was to drop normalization of Description-MD5 values, the fields mapping a description in a Packages files to a translated description. We used to parse the hex digits into a native binary stream, and then compared it back to hex digits for comparisons, which cost us about 5% of the run time performance.

We also optimized one of our hash functions – the VersionHash that hashes the important fields of a package to recognize packages with the same version, but different content – to not normalize data to a temporary buffer anymore. This buffer has been the subject of some bugs (overflow, incompleteness) in the recent past, and also caused some slowdown due to the additional writes to the stack. Instead, we now pass the bytes we are interested in directly to our CRC code, one byte at a time.

There were also some other micro-optimisations: For example, the hash tables in the cache used to be ordered by standard compare (alphabetical followed by shortest). It is now ordered by size first, meaning we can avoid data comparisons for strings of different lengths. We also got rid of a std::string that cannot use short string optimisation in a hot path of the code. Finally, we also converted our case-insensitive djb hashes to not use a normal tolower_ascii(), but introduced tolower_ascii_unsafe() which just sets the “lowercase bit” (| 0x20) in the character.

Others
  • Sandboxing now removes some environment variables like TMP from the environment.
  • Several improvements to installation ordering.
  • Support for armored GPG keys in trusted.gpg.d.
  • Various other fixes

For a more complete overview of all changes, consult the changelog.


Filed under: Debian, Ubuntu

Dougie Richardson: Install Android Studio on Ubuntu

Planet UBUNTU - Pre, 25/11/2016 - 11:16md

Android Studio is a great development environment and is available on Ubuntu. I’m using Ubuntu Mate 16.10 “Yakkety Yak”.   First install a Java Development Kit (JDK). OpenJDK is pre-installed or you can use Oracle Java 8 (there is a great guide here). I don’t wish to argue over your choice – I need to use the latter (my tutor does). Download Android Studio here. – I extracted it to /opt; ran the installer; and used my home folder for the SDK. If you are using 64 bit, you need the 32 bit GNU standard C++ library: sudo apt install lib32stdc++6

Virtualisation support is interesting. I read two tutorial and Google’s guide. The former makes reference to command line options not in version 2.2.2. These posts suggest this is a bug, but it may now be default behaviour. First enable that virtualisation in BIOS (check if enabled using “kvm-ok”).

sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils sudo adduser dougie kvm sudo adduser dougie libvirtd

This results in an error.

Using the system version of libstdc++.so.6 works. Add the following to /etc/environment:

ANDROID_EMULATOR_USE_SYSTEM_LIBS=1

It seems snappy but with no feedback I’m unsure if accelerated.

So I now have a development environment set up for my project. The next hurdle is to choose a title. So far it is a: development project; distributed application; and uses Android.

Petter Reinholdtsen: Quicker Debian installations using eatmydata

Planet Debian - Pre, 25/11/2016 - 2:50md

Two years ago, I did some experiments with eatmydata and the Debian installation system, observing how using eatmydata could speed up the installation quite a bit. My testing measured speedup around 20-40 percent for Debian Edu, where we install around 1000 packages from within the installer. The eatmydata package provide a way to disable/delay file system flushing. This is a bit risky in the general case, as files that should be stored on disk will stay only in memory a bit longer than expected, causing problems if a machine crashes at an inconvenient time. But for an installation, if the machine crashes during installation the process is normally restarted, and avoiding disk operations as much as possible to speed up the process make perfect sense.

I added code in the Debian Edu specific installation code to enable eatmydata, but did not have time to push it any further. But a few months ago I picked it up again and worked with the libeatmydata package maintainer Mattia Rizzolo to make it easier for everyone to get this installation speedup in Debian. Thanks to our cooperation There is now an eatmydata-udeb package in Debian testing and unstable, and simply enabling/installing it in debian-installer (d-i) is enough to get the quicker installations. It can be enabled using preseeding. The following untested kernel argument should do the trick:

preseed/early_command="anna-install eatmydata-udeb"

This should ask d-i to install the package inside the d-i environment early in the installation sequence. Having it installed in d-i in turn will make sure the relevant scripts are called just after debootstrap filled /target/ with the freshly installed Debian system to configure apt to run dpkg with eatmydata. This is enough to speed up the installation process. There is a proposal to extend the idea a bit further by using /etc/ld.so.preload instead of apt.conf, but I have not tested its impact.

Faqet

Subscribe to AlbLinux agreguesi - Site në gjuhë të huaj