You are here

Planet Ubuntu

Subscribe to Feed Planet Ubuntu
Planet Ubuntu - http://planet.ubuntu.com/
Përditësimi: 1 month 3 javë më parë

Jono Bacon: Linus, His Apology, And Why We Should Support Him

Hën, 17/09/2018 - 12:12pd

Today, Linus Torvalds, the creator of Linux, which powers everything from smartwatches to electrical grids posted a pretty remarkable note on the kernel mailing list.

As a little bit of backstory, Linus has sometimes come under fire for the ways in which he has expressed feedback, provided criticism, and reacted to various scenarios on the kernel mailing list. This criticism has been fair in many cases: he has been overly aggressive at times, and while the kernel maintainers are a tight-knit group, the optics (not just of what it looks like, but what is actually happening), particularly for those new to kernel development has often been pretty bad.

Like many conflict scenarios, this feedback has been communicated back to him in both constructive and non-constructive ways. Historically he has been seemingly reluctant to really internalize this feedback, I suspect partially because (a) the Linux kernel is a very successful project, and (b) some of the critics have at times gone nuclear at him (which often doesn’t work as a strategy towards defensive people). Well, things changed today.

In his post today he shared some self-reflection on this feedback:

This week people in our community confronted me about my lifetime of not understanding emotions. My flippant attacks in emails have been both unprofessional and uncalled for. Especially at times when I made it personal. In my quest for a better patch, this made sense to me. I know now this was not OK and I am truly sorry.

He went on to not just share an admission that this has been a problem, but to also share a very personal acceptance that he struggles to understand and engage with people’s emotions:

The above is basically a long-winded way to get to the somewhat painful personal admission that hey, I need to change some of my behavior, and I want to apologize to the people that my personal behavior hurt and possibly drove away from kernel development entirely. I am going to take time off and get some assistance on how to understand people’s emotions and respond appropriately.

His post is sure to light up the open source, Linux, and tech world for the next few weeks. For some it will be celebrated as a step in the right direction. For some it will be too little too late, and their animus will remain. For some they will be cautiously supportive, but defer judgement until they have seen his future behavior demonstrate substantive changes.

My Take

I wouldn’t say I know Linus very closely; we have a casual relationship. I see him at conferences from time to time, and we often bump into each other and catch up. I interviewed him for my book and for the Global Learning XPRIZE. From my experience he is a funny, genuine, friendly guy. Interestingly, and not unusually at all for open source, his online persona is rather different to his in-person persona. I am not going to deny that when I would see these dust-ups on LKML, it didn’t reflect the Linus I know. I chalked it down to a mixture of his struggles with social skills, dogmatic pragmatism, and ego.

His post today is a pretty remarkable change of posture for him, and I encourage that we as a community support him in making these changes.

Accepting these personal challenges is tough, particularly for someone in his position. Linux is a global phenomenon. It has resulted in billions of dollars of technology creation, powering thousands of companies, and changing the norms around of how software is consumed and created. It is easy to forget that Linux was started by a quiet Finnish kid in his university dorm room. It is important to remember that just because Linux has scaled elegantly, it doesn’t mean that Linus has been able to. He isn’t a codebase, he is a human being, and bugs are harder to spot and fix in humans. You can’t just deploy a fix immediately. It takes time to identify the problem and foster and grow a change. The starting point for this is to support people in that desire for change, not re-litigate the ills of the past: that will get us nowhere quickly.

I am also mindful of ego. None of us like to admit we have an ago, but we all do. You don’t get to build one of the most fundamental technologies in the last thirty years and not have an ego. He built it…they came…and a revolution was energized because of what he created. While Linus’s ego is more subtle, and certainly not overstated and extending to faddish self-promotion, overly expensive suits, and forays into Hollywood (quite the opposite), his ego has naturally resulted in abrupt and fixed opinions on how his project should run. This sometimes results in him plugging fingers in his ears to particularly challenging viewpoints from others (he is not the only person guilty of this, many people in similar positions do too). His post today is a clear example of him putting Linux as a project ahead of his own personal ego.

This is important for a few reasons. Firstly, being in such a public position and accepting your personal flaws isn’t a problem many people face, and isn’t a situation many people handle well. I work with a lot of CEOs, and they often say it is the loneliest job on the planet. I have heard American presidents say the same in interviews. This is because they are the top of the tree with all the responsibility and expectations on their shoulders. Put yourself in Linus’s position: his little project has blown up into a global phenomenon, and he didn’t necessarily have the social tools to be able to handle this change. Ego forces these internal struggles under the surface and to push them down and avoid them. So, to accept them as publicly and openly as he did today is a very firm step in the right direction. Now, the true test will be results, but we need to all provide the breathing space for him to accomplish them.

So, I would encourage everyone to give Linus a shot. This doesn’t mean the frustrations of the past are erased, and he has acknowledged and apologized for these mistakes as a first step. He has accepted he struggles with understanding other’s emotions, and a desire to help improve this for the betterment of the project and himself. He is a human, and the best tonic for humans to resolve their own internal struggles is the support and encouragement of other humans. This is not unique to Linus, but to anyone who faces similar struggles.

All the best, Linus.

The post Linus, His Apology, And Why We Should Support Him appeared first on Jono Bacon.

David Tomaschik: Course Review: Software Defined Radio with HackRF

Pre, 14/09/2018 - 9:00pd

Over the past two days, I had the opportunity to attend Michael Ossman’s course “Software Defined Radio with HackRF” at Toorcon XX. This is a course I’ve wanted to take for several years, and I’m extremely happy that I finally had the chance. I wanted to write up a short review for others considering taking the course.

Course Material

The material in the course focuses predominantly on the basics of Software Defined Radio and Digital Signal Processing. This includes the math necessary to understand how the DSP handles the signal. The math is presented in a practical, rather than academic, way. It’s not a math class, but a review of the necessary basics, mostly of complex mathematics and a bit of trigonometry. (My high school teachers are now vindicated. I did use that math again.) You don’t need the math background coming in, but you do need to be prepared to think about math during the class. Extracting meaningful information from the ether is, it turns out, an exercise in mathematics.

There’s a lot of discussions of frequencies, frequency mixers, and how frequency, amplitude, and phase are related. Also, despite more than 20 years as an amateur radio operator, I finally understand dB properly. It’s possible to understand reasonably without having to do logarithms:

  • +3db = x2
  • +10db = x10
  • -3db = 1/2
  • -10db = 1/10

In terms of DSP, he demonstrated extracting signals of interest, clock recovery, and other techniques necessary for understanding digital signals. It really just scratches the surface, but is enough to get a basic signal understood.

From a security point of view, there was only a single system that we “attacked” in the class. I was hoping for a little bit more of this, but given the detail in the other content, I am not disappointed.

Mike pointed out that the course primarily focuses on getting signals from the air to a digital series of 0 an 1 bits, and then leaves the remainder to tools like python for adding meaning and interpretation of the bits. While I understand this (and, admittedly, at that point it’s similar to decoding an unknown network protocol), I would still like to have gone into more detail.

Course Style

At the very beginning of the course, Mike makes it clear that no two classes he teaches are exactly the same. He adapts the course to the experience and background of each class, and that was very evident from our small group this week. With such a small class, it became more like a guided conversation than a formal class.

Overall, the course was very interactive, with lots of student questions, as well as “Socratic Method” questions from the instructor. This was punctuated with a number of hands-on exercises. One of the best parts of the hands-on exercises is that Mike provides a flash drive with a preconfigured Ubuntu Linux installation containing all the tools that are needed for the course. This allows students to boot into a working environment, rather than having to play around with tool installation or virtual machine settings. (We were, in fact, warned that VMs often do not play well with SDR, because the USB forwarding has overhead resulting in lost samples.)

Mike made heavy use of the poster pad in the room, diagramming waveforms and information about the processes involved in the SDR architecture and the DSP done in the computer. This works well because he customizes the diagrams to explain each part and answer student questions. It also feels much more engaging than just pointing at slides. In fact, the only thing displayed on the projector is Mike’s live screen from his laptop, displaying things like the work he’s doing in GNURadio Companion and other pieces of software.

If you have devices you’re interested in studying, you should bring them along with you. If time permits, Mike tries to work these devices into the analysis during the course.

Tools Used Additional Resources Opinions & Conclusion

This was a great class that I really enjoyed. However, I really wish there had been more emphasis on how you decode and interpret the unknown signals, such as discussion of common packet types over RF, any tools for signals analysis that could be built either in Python or in GNURadio. Perhaps he (or someone) could offer an advanced class that focuses on the signal analysis, interpretation, and “spoofing” portions of the problem of attacking RF-based systems.

If you’re interested in doing assessments of physical devices, or into radio at all, I highly recommend this course. Mike obviously really knows the material, and getting a HackRF One is a pretty nice bonus. Watching the videos on his website will help you prepare for the math, but will also result int a good portion of the content being duplicated in the course. I’m not disappointed that I did that, and I still feel that I more than made good use of the time in the course, but it is something to be aware of.

Stephen Kelly: API Changes in Clang

Pre, 14/09/2018 - 12:45pd

I’ve started contributing to Clang, in the hope that I can improve the API for tooling. This will eventually mean changes to the C++ API of Clang, the CMake buildsystem, and new features in the tooling. Hopefully I’ll remember to blog about changes I make.

The Department of Redundancy Department

I’ve been implementing custom clang-tidy checks and have become quite familiar with the AST Node API. Because of my background in Qt, I was immediately disoriented by some API inconsistency. Certain API classes had both getStartLoc and getLocStart methods, as well as both getEndLoc and getLocEnd etc. The pairs of methods return the same content, so at least one set of them is redundant.

I’m used to working on stable library APIs, but Clang is different in that it offers no API stability guarantees at all. As an experiment, we staggered the introduction of new API and removal of old API. I ended up replacing the getStartLoc and getLocStart methods with getBeginLoc for consistency with other classes, and replaced getLocEnd with getEndLoc. Both old and new APIs are in the Clang 7.0.0 release, but the old APIs are already removed from Clang master. Users of the old APIs should port to the new ones at the next opportunity as described here.

Wait a minute, Where’s me dump()er?

Clang AST classes have a dump() method which is very useful for debugging. Several tools shipped with Clang are based on dumping AST nodes.

The SourceLocation type also provides a dump() method which outputs the file, line and column corresponding to a location. The problem with it though has always been that it does not include a newline at the end of the output, so the output gets lost in noise. This 2013 video tutorial shows the typical developer experience using that dump method. I’ve finally fixed that in Clang, but it did not make it into Clang 7.0.0.

In the same vein, I also added a dump() method to the SourceRange class. This prints out locations in the an angle-bracket format which shows only what changed between the beginning and end of the range.

Let it bind

When writing clang-tidy checks using AST Matchers, it is common to factor out intermediate variables for re-use or for clarity in the code.

auto valueMethod = cxxMethodDecl(hasName("value")); Finer->addMatcher(valueMethod.bind("methodDecl"));

clang-query has an analogous way to create intermediate matcher variables, but binding to them did not work. As of my recent commit, it is possible to create matcher variables and bind them later in a matcher:

let valueMethod cxxMethodDecl(hasName("value")) match valueMethod.bind("methodDecl") match callExpr(callee(valueMethod.bind("methodDecl"))).bind("methodCall") Preload your Queries

Staying on the same topic, I extended clang-query with a --preload option. This allows starting clang-query with some commands already invoked, and then continue using it as a REPL:

bash$ cat cmds.txt let valueMethod cxxMethodDecl(hasName("value")) bash$ clang-query --preload cmds.txt somefile.cpp clang-query> match valueMethod.bind("methodDecl") Match #1: somefile.cpp:4:2: note: "methodDecl" binds here void value(); ^~~~~~~~~~~~ 1 match.

Previously, it was only possible to run commands from a file without also creating a REPL using the -c option. The --preload option with the REPL is useful when experimenting with matchers and having to restart clang-query regularly. This happens a lot when modifying code to examine changes to AST nodes.

Enjoy!

Lubuntu Blog: Lubuntu Development Newsletter #11

Enj, 13/09/2018 - 3:13pd
This is the eleventh issue of The Lubuntu Development Newsletter. You can read the last issue here. Changes General This list is a bit short because we have been focusing on general, behind-the-scenes (and admittedly tedious) administration tasks, but we plan on ramping up development progress in time for the next newsletter. Desktop Experience We […]

Sebastian Dröge: GStreamer Rust bindings 0.12 and GStreamer Plugin 0.3 release

Hën, 10/09/2018 - 1:41md

After almost 6 months, a new release of the GStreamer Rust bindings and the GStreamer plugin writing infrastructure for Rust is out. As usual this was coinciding with the release of all the gtk-rs crates to make use of all the new features they contain.

Thanks to all the contributors of both gtk-rs and the GStreamer bindings for all the nice changes that happened over the last 6 months!

And as usual, if you find any bugs please report them and if you have any questions let me know.

GStreamer Bindings

For the full changelog check here.

Most changes this time were internally, especially because many user-facing changes (like Debug impls for various types) were already backported to the minor releases in the 0.11 release series.

WebRTC

The biggest change this time is probably the inclusion of bindings for the GStreamer WebRTC library.

This allows using building all kinds of WebRTC applications outside the browser (or providing a WebRTC implementation for a browser), and while not as full-featured as Google’s own implementation, this interoperates well with the various browsers and generally works much better on embedded devices.

A small example application in Rust is available here.

Serde

Optionally, serde trait implementations for the Serialize and Deserialize trait can be enabled for various fundamental GStreamer types, including caps, buffers, events, messages and tag lists. This allows serializing them into any format that can be handled by serde (which are many!), and deserializing them back to normal Rust structs.

Generic Tag API

Previously only a strongly-typed tag API was exposed that made it impossible to use the wrong data type for a specific tag, e.g. code that tries to store a string for the track number or an integer for the title would simply not compile:

let mut tags = gst::TagList::new(); { let tags = tags.get_mut().unwrap(); tags.add::<Title>(&"some title", gst::TagMergeMode::Append); tags.add::<TrackNumber>(&12, gst::TagMergeMode::Append); }

While this is convenient, it made it rather complicated to work with tag lists if you only wanted to handle them in a generic way. For example by iterating over the tag list and simply checking what kind of tags are available. To solve that, a new generic API was added in addition. This works on glib::Values, which can store any kind of type, and using the wrong type for a specific tag would simply cause an error at runtime instead of compile-time.

let mut tags = gst::TagList::new(); { let tags = tags.get_mut().unwrap(); tags.add_generic(&gst::tags::TAG_TITLE, &"some title", gst::TagMergeMode::Append) .expect("wrong type for title tag"); tags.add_generic(&gst::tags::TAG_TRACK_NUMBER, &12, gst::TagMergeMode::Append) .expect("wrong type for track number tag"); }

This also greatly simplified the serde serialization/deserialization for tag lists.

GStreamer Plugins

For the full changelog check here.

gobject-subclass

The main change this time is that all the generic GObject subclassing infrastructure was moved out of the gst-plugin crate and moved to its own gobject-subclass crate as part of the gtk-rs organization.

As part of this, some major refactoring has happened that allows subclassing more different types but also makes it simpler to add new types. There are also experimental crates for adding some subclassing support to gio and gtk, and a PR for autogenerating part of the code via the gir code generator.

More classes!

The other big addition this time is that it’s now possible to subclass GStreamer Pads and GhostPads, to implement the ChildProxy interface and to subclass the Aggregator and AggregatorPad class.

This now allows to write custom mixer/muxer-style elements (or generally elements that have multiple sink pads) in Rust via the Aggregator base class, and to have custom pad types for elements to allow for setting custom properties on the pads (e.g. to control the opacity of a single video mixer input).

There is currently no example for such an element, but I’ll add a very simple video mixer to the repository some time in the next weeks and will also write a blog post about it for explaining all the steps.

Sean Davis: Xubuntu Development Update September 2018

Sht, 08/09/2018 - 5:52pd

A week later than expected, it’s the September development update! The theme for August (and early September) has been visual improvements, with a few bug fixes tossed in for good measure. Check it out! 

Xubuntu Bionic Beaver (18.04)

Bionic was pretty stable in August, with only one of our packages making it through the SRU process and into the hands of our users.

We’re currently looking to get these new releases and fixes into Bionic.

  • Catfish 1.4.6
    • This is a new release with numerous bug fixes and a much-improved thumbnailer.
  • Xfce Settings: Mouse acceleration not configurable in Xubuntu 18.04 (LP: #1758023)
    • This issue is related to libinput taking over mouse configuration, and will be resolved by building xfce4-settings with libinput support.
Cosmic Cuttlefish (18.10)

The following source package updates landed in Cosmic in August.

  • elementary-xfce 0.12-1ubuntu1
    • The elementary-xfce icon theme is now available on Debian! Previously, this theme was part of the xubuntu-icon-theme package.
  • ristretto 0.8.3-1 (Debian sync)
  • thunar-archive-plugin 0.4.0-1 (Debian sync)
  • thunar-media-tags-plugin 0.3.0-1 (Debian sync)
  • xfce4-taskmanager 1.2.1-1 (Debian sync)
  • xubuntu-artwork 18.10
    • The development wallpaper is set on boot and the desktop.
    • The xubuntu-icon-theme is now a branding package, that upgrades the elementary-xfce icon theme with the Xubuntu distributor logo.
  • xubuntu-default-settings 18.10
    • “Square icons” were enabled in all supported plugins, improving size and shape consistency on the panel.
    • Orage configuration was updated to use the “paplay” command for sounds by default (LP: #1054396)
    • The panel was updated to be 80% transparent at all times. This is a settings migration to support the new GTK+ 3 panel.
    • The Xubuntu session was updated to correctly set XDG_CURRENT_DESKTOP (LP: #1590089)
  • xubuntu-meta 2.227
    • This package release replaces the fwupdate dependency with the newly minted fwupd.
Xfce New Releases

Xfce had 3 new releases in August, featuring a variety of bug fixes and usability improvements.

Xfce Display Profiles (Preview)

Simon has been hard at work implementing a nifty new feature for the Xfce Display Settings, display profiles! This feature allows you to save and switch between various display setups, useful for users on the go or presenters. This hasn’t been merged into master yet, so designs are not final.

Spacing Improvements

I’ve spent the last week submitting patches to the Xfce core applications, panel plugins, and Thunar plugins. My goal is to improve the overall look and feel of Xfce by improving the consistency of it’s preference dialogs. A few before and after screenshots are below.

I’ve based my work on the excellent GNOME 2 HIG Window Layout documentation. Xfce has long borrowed the design philosophies from this document (to varying degrees) and is once again benefiting from the well-written work.

Shimmer Project Elementary Xfce Icon Theme

Xubuntu’s beloved icon theme has had a few significant updates in recent weeks. From build optimizations to new upstream icons, there’s a lot to unpack.

The theme has added a Makefile and build tool to convert the theme’s SVG sources to PNG. Xubuntu has included the PNG-building functionality for some time, and now it’s available for everyone. PNG-based themes are faster to load and generally crisper at various sizes. Included in the new build options are PNG optimization. Optipng is now used to optimize each of the generated files, reducing the overall file size.

Updated icons coming from upstream this month include dialog-password, selection icons, graphics icons, and manila-colored folders. The manila folders are a sharp contrast from the longtime blue, but after using them for a few days, they’re actually pretty nice.

Other Updates Mugshot 0.4.1

I released Mugshot 0.4.1 early last month with a number of bug fixes and code quality improvements. You can check out the release notes and find downloads here.

Contributing

Ready to start giving back to your favorite open source projects? Remember that there’s something for everyone, and you can get started quickly with the Xubuntu and Xfce contributor docs. If you don’t know where to start, join us at #xubuntu-devel on Freenode… we’ll point you in the right direction.

David Tomaschik: Hacker Summer Camp 2018: Wrap-Up

Sht, 25/08/2018 - 9:00pd

I meant to write this post much closer to the end of Hacker Summer Camp, but to be honest, I’ve been completely swamped with getting back into the thick of things. However, I kept feeling like things were “unfinished”, so I thought I’d throw together at least a few thoughts from this year.

BSides Las Vegas

I can’t say much about BSides as a whole this year, as I spent the entire time Gold Teaming for Pros vs Joes CTF. (Gold Team is responsible for running the game infrastructure, scoreboard, etc.) It was a great experience to be on Gold Team, but I do miss having a team to support and educate. Overall, the CTF went fairly well, but there were a few bumps that I hope we can avoid next year.

BSides also announced that they are ending their free badges. In some ways, I’m disappointed, but I also understand the reasons they are doing this. Even though I’ve had a badge included with my participation in the PvJ CTF for years, I’ve also been a personal sponsor of BSidesLV for those years as well. I’m lucky enough to be well-employed in the industry that BSidesLV supports, and I want to support their mission. I hope others will do so as well, but I also want to try to find a way to support those who aren’t able to shell out for a badge. Once details are announced for badges next year, I’ll look for an opportunity to support passionate students in our community.

DEF CON 26

DEF CON 26 was an incredible event. I know there were some bumps and warts to it, but I had a great con. (Also, I think it’s the only conference I attend that I refer to simply as “con”.) The villages are my favorite part of DEF CON, and the villages were in rare form this year with the expansion.

This year was my first year speaking at DEF CON (as a village speaker) and I am incredibly humbled by the experience. To think that something I had done was seen as interesting enough for 150 or so attendees to choose to spend 45 minutes of their time listening to me really makes me feel like I’m making an impact. The audience was great, and thanks to the IoT village for having me. (Maybe one day I’ll get a DEF CON speaker badge to place on my wall of badges.)

I have hopes that next year, villages will have some way to divide their rooms or reduce noise for the presentations in their space. So many run another activity (a CTF, hands on activities, etc.) and the noise from that can be problematic when it comes to speakers in the same space. (I experienced this both as a speaker and as an attendee for the talks.)

I also hope that next year, DEF CON will have helped to work through the issues we had with Caesar’s security this year. A good friend of mine landed in hot water over a misunderstood tweet, and there were the obvious reports of “room checks” that were not going according to the established policy. (I’m not even a fan of the room checks, but rifling through guests belongings is completely unacceptable.)

Splitting across Las Vegas Boulevard was also not the best situation. I look forward to moving back to Paris/Bally’s and having Planet Hollywood join the con. (Plus, breakfast crepes!) Getting over to Flamingo was such an ordeal that I only went over there once, and it was a brief visit at that. The ICS village over there was really impressive, and I missed out on a chance to get a Car Hacking Village badge. Some of this was poor planning on my part, but also the sheer distance between the two conference areas made it anything but convenient.

Conclusion

I can’t wait until next year. I’ll begin my planning guide around the beginning of 2019 to try to provide support to those looking for travel information, and I have a feeling that DEF CON 27 will be an even stronger showing. Here’s to all the contributions of the hacker family!

The Fridge: Ubuntu Membership Board call for nominations

Pre, 24/08/2018 - 10:12md

As you may know, Ubuntu Membership is a recognition of significant and sustained contribution to Ubuntu and the Ubuntu community. To this end, the Community Council recruits from our current member community for the valuable role of reviewing and evaluating the contributions of potential members to bring them on board or assist with having them achieve this goal.

We have five members of our boards expiring from their terms, which means we need to do some restaffing of this Membership Board.

We have the following requirements for nominees:

  • be an Ubuntu Member (preferably for some time)
  • be confident that you can evaluate contributions to various parts of our community
  • be committed to attending the membership meetings broad insight into the Ubuntu community at large is a plus

Additionally, those sitting on membership boards should have a proven track record of activity in the community. They have shown themselves over time to be able to work well with others and display the positive aspects of the Ubuntu Code of Conduct. They should be people who can discern character and evaluate contribution quality without emotion while engaging in an interview/discussion that communicates interest, a welcoming atmosphere, and which is marked by humanity, gentleness, and kindness. Even when they must deny applications, they should do so in such a way that applicants walk away with a sense of hopefulness and a desire to return with a more complete application rather than feeling discouraged or hurt.

To nominate yourself or somebody else (please confirm they wish to accept the nomination and state you have done so), please send a mail to the membership boards mailing list (ubuntu-membership-boards at lists.ubuntu.com). You will want to include some information about the nominee, a Launchpad profile link, and which time slot (20:00 or 22:00) the nominee will be able to participate in.

We will be accepting nominations through Monday, September 10th at 13:00 UTC. At that time all nominations will be forwarded to the Community Council who will make the final decision and announcement.

Thanks in advance to you and to the dedication everybody has put into their roles as board members.

Jonathan Riddell: Akademy Group Photo Automator

Pre, 24/08/2018 - 3:50md

Every year we take a group photo at Akademy and then me or one of the Kennies manually marks up the faces so people can tag them and we can know who we all are and build community.  This is quite old school effort so this year I followed a mangazine tutorial and made Akademy Group Photo Automator to do it.  This uses an AI library called face_recognition to do the hard work and Docker to manage the hard work and spits out the necessary HTML.  It was a quick attempt and I’m not sure it did much good in the end alas.  The group photos tend to be quite disorganised and whoever takes it upon themselves to direct it each year makes basic mistakes like putting everyone on a flat stage or making everyone wave their hands about which means many of the faces are half covered and not recognised.  And it seems like the library is not a fan of glasses.  It also outputs rect coordinates rather than circle ones which ment Kenny had to do many adjustments.  Still it’s an interesting quick dive into a new area for me and maybe next year I’ll get it smoother.

Faces recognisedby

Raphaël Hertzog: Freexian’s report about Debian Long Term Support, July 2018

Pre, 24/08/2018 - 1:59md

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In July, about 224 work hours have been dispatched among 14 paid contributors. Their reports are available:

Evolution of the situation

The number of sponsored hours did not change.

The security tracker currently lists 51 packages with a known CVE and the dla-needed.txt file has 43 packages needing an update.

Thanks to our sponsors

New sponsors are in bold.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Benjamin Mako Hill: Heading to the Bay Area

Pre, 24/08/2018 - 4:39pd

On September 4th, I’ll be starting a fellowship at the Center for Advanced Studies in the Behavioral Sciences (CASBS), a wonderful social science research institute at Stanford that’s perched on a hill overlooking Palo Alto and the San Francisco Bay. The fellowship is a one-year gig and I’ll be back in Seattle next June.

A CASBS fellowship is an incredible gift in several senses. In the most basic sense, it will mean time to focus on research and writing. I’ll be using my time there to continuing my research on the social scientific study of peer production and cooperation. More importantly though, the fellowship will give me access to a community of truly incredible social social scientists who be my “fellow fellows” next year.

Finally, being invited for a CASBS fellowship is a huge honor. I’ve been preparing by reading a list of Wikipedia articles I built about the previous occupants of the study that I’ll be working out of next year (the third fellow to work out of my study was Claude Shannon!). It’s rare for junior faculty like myself to be invited and I’m truly humbled.

The only real downside of the fellowship is that it means that I’ll be spending the academic year away from Seattle. I’m going to miss working out of UW, my department, and the Community Data Science Collective lab here enormously.

In a personal sense, it means I’ll be leaving a wonderful community in Seattle in and around my home at Extraordinary Least Squares. I’m going to miss folks deeply and I look forward to returning.

Of course, I’m also pretty excited about moving to Palo Alto. It will be the first time either Mika or I have lived in California and we hope to take advantage of the opportunity.

Please help us do so!  If you’re at Stanford, in Silicon Valley, or are anywhere in the Bay Area and want to meet up, please don’t hesitate to get in contact! We’ll be arriving with very little community and I’m really interested in meeting and making friends  and taking advantage of my nine-months in the area to make connections!

Jono Bacon: Design The Bacon Family Crest

Enj, 23/08/2018 - 9:01md

Designers! We need your help! We want to produce a fun family crest for the Bacon family, something that really reflects us and who we are. This will go on a flag poll at our house and on napkins/coasters for parties.

Hello, Designers! The Bacon family needs a Family Crest designing. We have a flag poll in our new house, and we thought it could be fun to have a family crest that reflects us, our personalities, and background. This will also go on some napkins and coasters for parties. We want it to be amusing and fun, but also professional and classy. Please make it: * Modern and classy. We don't want this to look medieval or old-school. We want it to look classy, but contemporary. * Amusing, but not cheesy. * Either a single-color design, or max of 2 - 3 colors (that contrast really well). * This should be hi-res so it can be printed on material with a solid background color. As you design it, please try to incorporate the following (in priority order): * Include the text "The Bacon Family" near the top. * Add the latin "Sicut delectamentum cibum prandium." near the bottom (which is latin for "Like the delicious breakfast meat" - we say this when we say our name and check in hotels, because people always assume our name isn't as ridiculous as "Bacon") * The USA, British, and Italian flags in some form. * Incorporate key symbols that reflect us: - Food/Cooking. - Music/Heavy Metal (e.g. a Rhandy Rhoads guitar.) - Technology. - People/Community (people getting together to do cool things.) As food for thought, I like these: * https://www.teepublic.com/phone-case/597879-rahoxah-family-crest * https://www.pinterest.ca/pin/42573158947630583/

Interested?

JOIN THE 99DESIGNS CONTEST ($350 fee)

There is only four days to submit entries!

The post Design The Bacon Family Crest appeared first on Jono Bacon.

Ubuntu Podcast from the UK LoCo: S11E24 – Mr. Penumbra’s 24-Hour Bookstore - Ubuntu Podcast

Enj, 23/08/2018 - 12:30md

One of us has been vacationing in France. Alan went to Akademy and explains what went on. We’ve got some Webby love and go over all your feedback.

It’s Season 11 Episode 24 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Jono Bacon: ZBiotics Crowdfunding Campaign Launched

Mër, 22/08/2018 - 2:16pd

A little while ago I worked with a client called ZBiotics. They are producing an engineered probiotic which that can be a hangover cure, but the technology has a wealth of other potential applications outside of making your morning-after a little less brutal.

They were interested in running a crowdfunding campaign. I have run a few campaigns before (the $12.7 million Ubuntu Edge, and the $1million Global Learning XPRIZE) and I provided strategic guidance for the Mycroft Mark II (which raised $395k of it’s $50k goal).

I like Zack and Stephen. They seem like good guys who want to build a company the right way. I sat down and provided some training around how to structure and deliver their campaign. This was a complex one because they are not only delivering a practical consumer product (hangover cure) but their technology is also the secret sauce. Both of these are important parts of the message.

They launched it yesterday with a goal of $25,000 and already smashed past that in Day 1. Here is their overview video:

Can’t see it? See it here.

Go and check it out.

The post ZBiotics Crowdfunding Campaign Launched appeared first on Jono Bacon.

The Fridge: Ubuntu Weekly Newsletter Issue 541

Mar, 21/08/2018 - 1:52pd

Welcome to the Ubuntu Weekly Newsletter, Issue 541 for the week of August 12 – 18, 2018. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Jono Bacon: Video: How to Manage and Work With Difficult Personalities

Hën, 20/08/2018 - 9:36md

Every organization, community, and family has difficult people in them. Some get overly agitated, some are not constructive in their criticism, some rub other people up the wrong way, some always commit but never deliver, and other traits.

In my new video I share some details for how to manage these types of personalities. I share some golden rules for handling them, how to analyze the situation well, and a method for building a resolution and solving problems.

Here it is:

Can’t see it? Watch it here.

The post Video: How to Manage and Work With Difficult Personalities appeared first on Jono Bacon.

Kees Cook: security things in Linux v4.18

Hën, 20/08/2018 - 8:29md

Previously: v4.17.

Linux kernel v4.18 was released last week. Here are details on some of the security things I found interesting:

allocation overflow detection helpers
One of the many ways C can be dangerous to use is that it lacks strong primitives to deal with arithmetic overflow. A developer can’t just wrap a series of calculations in a try/catch block to trap any calculations that might overflow (or underflow). Instead, C will happily wrap values back around, causing all kinds of flaws. Some time ago GCC added a set of single-operation helpers that will efficiently detect overflow, so Rasmus Villemoes suggested implementing these (with fallbacks) in the kernel. While it still requires explicit use by developers, it’s much more fool-proof than doing open-coded type-sensitive bounds checking before every calculation. As a first-use of these routines, Matthew Wilcox created wrappers for common size calculations, mainly for use during memory allocations.

removing open-coded multiplication from memory allocation arguments
A common flaw in the kernel is integer overflow during memory allocation size calculations. As mentioned above, C doesn’t provide much in the way of protection, so it’s on the developer to get it right. In an effort to reduce the frequency of these bugs, and inspired by a couple flaws found by Silvio Cesare, I did a first-pass sweep of the kernel to move from open-coded multiplications during memory allocations into either their 2-factor API counterparts (e.g. kmalloc(a * b, GFP...) -> kmalloc_array(a, b, GFP...)), or to use the new overflow-checking helpers (e.g. vmalloc(a * b) -> vmalloc(array_size(a, b))). There’s still lots more work to be done here, since frequently an allocation size will be calculated earlier in a variable rather than in the allocation arguments, and overflows happen in way more places than just memory allocation. Better yet would be to have exceptions raised on overflows where no wrap-around was expected (e.g. Emese Revfy’s size_overflow GCC plugin).

Variable Length Array removals, part 2
As discussed previously, VLAs continue to get removed from the kernel. For v4.18, we continued to get help from a bunch of lovely folks: Andreas Christoforou, Antoine Tenart, Chris Wilson, Gustavo A. R. Silva, Kyle Spiers, Laura Abbott, Salvatore Mesoraca, Stephan Wahren, Thomas Gleixner, Tobin C. Harding, and Tycho Andersen. Almost all the rest of the VLA removals have been queued for v4.19, but it looks like the very last of them (deep in the crypto subsystem) won’t land until v4.20. I’m so looking forward to being able to add -Wvla globally to the kernel build so we can be free from the classes of flaws that VLAs enable, like stack exhaustion and stack guard page jumping. Eliminating VLAs also simplifies the porting work of the stackleak GCC plugin from grsecurity, since it no longer has to hook and check VLA creation.

Kconfig compiler detection
While not strictly a security thing, Masahiro Yamada made giant improvements to the kernel’s Kconfig subsystem so that kernel build configuration now knows what compiler you’re using (among other things) so that configuration is no longer separate from the compiler features. For example, in the past, one could select CONFIG_CC_STACKPROTECTOR_STRONG even if the compiler didn’t support it, and later the build would fail. Or in other cases, configurations would silently down-grade to what was available, potentially leading to confusing kernel images where the compiler would change the meaning of a configuration. Going forward now, configurations that aren’t available to the compiler will simply be unselectable in Kconfig. This makes configuration much more consistent, though in some cases, it makes it harder to discover why some configuration is missing (e.g. CONFIG_GCC_PLUGINS no longer gives you a hint about needing to install the plugin development packages).

That’s it for now! Please let me know if you think I missed anything. Stay tuned for v4.19; the merge window is open. :)

© 2018, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Ubuntu Podcast from the UK LoCo: S11E23 – Twenty-Three Tales - Ubuntu Podcast

Pre, 17/08/2018 - 4:00md

We’ve been upgrading RAM and tooting in the fediverse. We discuss Hollywood embracing open source, a new release of LibreOffice, pacemakers getting hacked and fax machines becoming selfaware and taking over the planet. We also round up the community news and events.

It’s Season 11 Episode 23 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Valorie Zimmerman: Akademy: closing time

Pre, 17/08/2018 - 3:05md
Akademy is always a whirlwind which is my excuse for not blogging! Today we wrapped up the program which leaves us in a nearly-empty venue and a bit of time after lunch to catch up.
I did manage to gather photos together in Google Photos: https://photos.app.goo.gl/qHPwehW8C1zPGuav7
Thanks again to the KDE e.V. for sponsoring my hostel and the Ubuntu Community Fund for part of my travel expenses. This allowed me to attend. Meeting Popey from the Ubuntu community and the Limux team was great, although we didn't do as much Kubuntu work as in past years. However, attending the Distro BoF was a great experience; very friendly and collaborative.
As always, the talks were interesting, the "hall track" fascinating, BoFs engaging. The high point for me personally was being given an Akademy Award on Sunday after a blessedly-short e.V. meeting. I almost fainted from surprise! It feels wonderful to be not just appreciated but honored for my work for the KDE community. 
Thank you again!
I will update here with a photo when I can.
Yesterday and today were taken up with trainings, which while exhausting are extremely valuable. Along with the documentation work ahead, I look forward to integrating both the Non-Violent Communication and Tech Documentation trainings into my work.
In addition, I will be happy to see our documentation team re-group and gain strength over the next year as we work with the contractor on identifying pain points and fixing them.
I got lost yesterday, which one should always do in a strange city. Here is one of the beautiful windows I saw before finding the tram and a different way home:
Tomorrow we meet at 3:45 am to share an Uber to the airport and the beginning of the journey home. To KDE friends new and old: we'll meet next year at Akademy I hope, or at least in IRC.
Local friends and family, I'll see you soon!

Lubuntu Blog: Lubuntu Development Newsletter #9

Pre, 17/08/2018 - 3:53pd
This is the ninth issue of The Lubuntu Development Newsletter. You can read the last issue here. Changes General We’ve been polishing the desktop more, but work has been blocked by the still ongoing Qt transition. The 16.04 to 18.04 upgrade has now been enabled! Please do let us know if there’s any issues. Here’s […]

Faqet