Planet Ubuntu
Subscribe to Planet Ubuntu feed
Planet Ubuntu - http://planet.ubuntu.com/
Updated: 3 hours 40 min ago

Lubuntu Blog: Box now on XFCE!

Thu, 2014-01-02 19:58
I must confess that XFCE is my second favourite environment (you already know what's the first one), and after giving support for Unity (and some Ubuntu elements) now it's turn to give it to XFWM, the window manager of XFCE, and Thunar, the file manager, that now looks pretty similar to PCManFM (unified :D). You can download the Box unified theme here, or use the instructions mentioned on the

The Fridge: Announcing the new Technical Board Members

Thu, 2014-01-02 17:32

The poll has been completed an the following nominees have been
elected to the Technical Board:

Congratulations and welcome! And thanks again to everyone who stood for election.

Originally posted to the technical-board mailing list on Thu Jan 2 17:27:13 UTC 2014 by Elizabeth Krumbach Joseph

Jorge Castro: nginx coming to main in 14.04

Thu, 2014-01-02 15:05

Right before the holidays Robie Basak filed a Main Inclusion Report for nginx in Ubuntu. What does this mean? This means that nginx will sit alongside Apache in 14.04 with full security updates over the life of the release.

This is excellent news for those of you using stacks that tend to use nginx; increasing our support of nginx has been something many Ubuntu Server users have been telling me they’d like to see and it’s good to see us make some progress in this area.

All this is possible due to Thomas Ward; who has been rocking nginx in Ubuntu for a while now. Without his tireless efforts this couldn’t have been possible! He’s also maintaining PPAs for stable and development releases of nginx for every Ubuntu release since 10.04. What an excellent contribution to the community!

On the Juju front we have some charms that allow you to dynamically swap between Apache and nginx. Over the course of the year we’d like to see more charms have an option to use nginx. If you are interested in working on that, let me know.

Luke Faraone: Unstandardized standards are the worst: sendmail

Thu, 2014-01-02 05:25
Implementing software to replace legacy systems is always a challenge, especially when you're dealing with a system with as much legacy as sendmail, which was first introduced as delivermail in 1979.ref

Each UNIX vendor, it seems, rewrote or heavily customized sendmail. This has lead to sometimes conflicting implementations.
Case in point: -tNormally, you invoke sendmail(8) with a series of arguments indicating the subject of a message, the recipients, etc. When invoked this way, the command expects a message on standard input, waits for EOF, and then sends your message along.

However, sometimes you don't want to have to fiddle with command-line parameters; you've already written a perfectly fine message with headers.

-t is generally passed to sendmail when you want to build a message envelope from an already-formatted message, with headers, etc. For example, if you had a file foo.txt with a body like this:
From: Luke Faraone
To: John Smith
Subject: Hello, world!

Hi there.
you could send the message with a simple invocation of cat foo.txt | sendmail -t. The system would take care of ensuring a Message-id was appended if appropriate, and queue the message to be sent. However, it is when you do slightly more complex invocations of sendmail that things get ambiguous.

It turns out that implementations differ on what exactly it means when you use -t in combination with naming destination addresses after the arguments to sendmail. exim4's documentation describes the situation in greater detail:
extract_addresses_remove_   argumentsUse: mainType: booleanDefault: trueAccording to some Sendmail documentation (Sun, IRIX, HP-UX), if any addresses are present on the command line when the -t option is used to build an envelope from a message’s To:, Cc: and Bcc: headers, the command line addresses are removed from the recipients list. This is also how Smail behaves. However, other Sendmail documentation (the O’Reilly book) states that command line addresses are added to those obtained from the header lines. When extract_addresses_remove_arguments is true (the default), Exim subtracts argument headers. If it is set false, Exim adds rather than removes argument addresses.
Thus, there's basically no mechanism for a program to know which behaviour to expect. God forbid two programs are installed on a system that expect different behaviours!

It appears that the default behaviour of Ruby is the opposite of what exim4 (Debian's default mail client) expects. This has resulted in numerous bug reports. Some replies suggest changing exim4's defaults, while others advocate overriding ActionMailer and friends to use sendmail -i instead, without -t.

That said, its not really clear who's wrong here; at no point does there appear to have been a definitive specification for sendmail, and as such we can hope for defined behaviour by common custom at best, and a sea of incompatibility bugs at worst. Amusingly, POSIX standards have nothing to say on this subject of sendmail at all; it defines that a mailx command must exist, but says that its sending mode may be implementation-specific.

As Matthew Garrett writes, there's not enough gin in the world.

Eric Hammond: Default ssh Usernames For Connecting To EC2 Instances

Thu, 2014-01-02 05:03

Each AMI publisher on EC2 decides what user (or users) should have ssh access enabled by default and what ssh credentials should allow you to gain access as that user.

For the second part, most AMIs allow you to ssh in to the system with the ssh keypair you specified at launch time. This is so common, users often assume that it is built in to EC2 even though it must be enabled by each AMI provider.

Unfortunately, there is no standard ssh username that is used to access EC2 instances across operating systems, distros, and AMI providers.

Here are some of the ssh usernames that I am aware of at this time:

OS/Distro Official AMI
ssh Username Legacy / Community / Other AMI
ssh Usernames Amazon Linux ec2-user Ubuntu ubuntu root Debian admin root RHEL 6.4 and later ec2-user RHEL 6.3 and earlier root Fedora ec2-user root Centos root SUSE root BitNami bitnami TurnKey root NanoStack ubuntu FreeBSD ec2-user OmniOS root

Even though the above list will get you in to most official AMIs, there may still be situations where you aren’t quite sure how the AMI was built or what user should be used for ssh.

If you know you have the correct ssh key but don’t know the username, this code can be used to try a number of possibilities, showing which one(s) worked:

host=<IP_ADDRESS> keyfile=<SSH_KEY_FILE.pem> for user in root ec2-user ubuntu admin bitnami do if timeout 5 ssh -i $keyfile $user@$host true 2>/dev/null; then echo "ssh -i $keyfile $user@$host" fi done

Some AMIs are configured so that an ssh to root@ will output a message informing you the correct user to use and then close the connection. For example,

$ ssh root@<UBUNTUHOST> Please login as the user "ubuntu" rather than the user "root".

When you ssh to a username other than root, the provided user generally has passwordless sudo access to run commands as the root user. You can use sudo, ssh, and rsync with EC2 hosts in this configuration.

If you know of other common ssh usernames from popular AMI publishers, please add notes in the comments with a link to the appropriate documentation.

Original article: http://alestic.com/2014/01/ec2-ssh-username

Stephan Adig: It never rains in Southern California...

Wed, 2014-01-01 19:00

… totally not true

but what is true…

is that I am here for one month already and I am totally excited.

As mentioned in one of my last posts, I am working now for Sony Europe, especially for a company which was aquired by Sony. We are working closely with the Sony Playstation Team.

And Guys, it’s a blast.

I would really like to write something about what we are doing, and especially how we are doing it, but sadly I would kick my own ass out of this adventure, so I won’t reveal anything.

What I can say is this:

This month was full of new experiences. A very different approach to our discipline. And somehow I am feeling at home.

Our people here are very enthusiastic about their product, you can see that every day. The proudness, focus and knowledge is special here.

The work environment is more than awesome. Yes, StartUp feeling, for sure, but that is not it.

People are discussing new ideas, and how we can approach challenges in a very different way. Different from the traditional SysAdmin approach.

Being an SRE here means, not only knowing your system and being able to fix stuff in the SysAdmin way, but also to improve the overall quality of the system, which also means, that we are coding a lot of tools by ourselves to improve our work, reporting quality drops to other departments and debugging issues in third party software.

Furthermore, the bond between SRE and Development/Engineering is very tight. Means, whichever bug SRE finds, in OS, third party software stacks or in-house developed software, we will fix them ourselves, or we will report our findings directly to Development/Engineering (of course via bugtracker :))

The answers are coming fast, and the bugfixes, too. Faster than I was expecting.

That brings me to my next surprise. I never saw so many people working with Linux on a Workstation. This is really surprising. Don’t get me wrong, you’ll find here a lot of different computers and OSes, mostly Apple MacBooks and other types of Laptops, mostly dual booting, but at least every SRE and Developer has a Workstation with Linux running on it. Pretty awesome.

Yes, the vast amount of OpenSource Software here is incredible and surprising.

Anyways, I am so excited, and I am proud to work on this project. It will be a success, I have no doubts.

One last statement, what we are doing here, is revolutionary. It will change the way of todays Gaming experience, believe me. I am already dogfooding and even when I am more a casual gamer, I am impressed about the quality.

So, when you are into Gaming, look out for announcements from Sony in 2014.

OpenSource

And there is still time to do some other things. Like fixing Python code for the Python Sphinx Contrib Project.

While working on a Python Project inhouse, I needed to use the sphinxcontrib-httpdomain module, sadly it wasn’t Python3 compatible.

Until 2 days ago :)

I worked on changing this, but without looking at some Python Helpers, which would have made the work more easy. After filing the pull-request, Upstream said thanks, but I should have a look at python-six, a Python Library which makes the transition a lot more easier than manual coding.

I did that, and ported the fixes to python-six and commited the changes and updated the pull-request. Upstream merged after 5 minutes, and my changes will be in the next release of sphinxcontrib-httpdomain.

Well, this is really special. We are using OpenSSH with Roumen Petrovs X.509 Patch. Sadly, this patch is not applied to the OpenSSH packages of most distributions. Neither Ubuntu, Debian or Fedora are carrying this patch in their repos.

So I am working on a sane solution for this and resolving this bug in Launchpad.

And to make things even more smooth for our Friends from Fedora, I am working on an RPM package for the same OpenSSH package as well.

Charles Profitt: Ubuntu 13.10 Reboots Instead of Shutting Down

Wed, 2014-01-01 16:32

The last few days I was struggling to find the causes of a peculiar issue. Ubuntu 13.10, given the conditions detailed below, would reboot instead of shutting down.

  • Suspend computer by closing lid
  • Resume computer by opening lid
  • Select shut down from the menu

The expected behavior is that the laptop would shutdown, but what actually happened is a shutdown followed within two seconds by a reboot. I posted a question on Askubuntu asking what logs I should look at and I posted on the Ubuntu forums looking for any advice at all. I continued my own trouble shooting and found the culprit was the newly acquired Anker® Uspeed USB 3.0 7-Port Hub + 5V 2A Charging Port.

Two different computers had the issue with the hub attached. I tested on a Lenovo T530 and X230. The Anker uses the VIA VL812 chipset and my research on that shows other manufacturers advertising that they have updated firmware (v8581) on their devices. I was unable to determine what firmware the Anker was using and their website did not offer any firmware upgrades. There is also a VIA VL812-B2 chipset that Anker and other manufacturers are advertising as well.

Ubuntu users looking for a USB 3.0 hub may want to avoid the Anker 68UPHUB-B8U and potentially the VIA VL812 chipset.


St&eacute;phane Graber: LXC 1.0: Security features [6/10]

Wed, 2014-01-01 14:32

This is post 6 out of 10 in the LXC 1.0 blog post series.

When talking about container security most people either consider containers as inherently insecure or inherently secure. The reality isn’t so black and white and LXC supports a variety of technologies to mitigate most security concerns.

One thing to clarify right from the start is that you won’t hear any of the LXC maintainers tell you that LXC is secure so long as you use privileged containers. However, at least in Ubuntu, our default containers ship with what we think is a pretty good configuration of both the cgroup access and an extensive apparmor profile which prevents all attacks that we are aware of.

Below I’ll be covering the various technologies LXC supports to let you restrict what a container may do. Just keep in mind that unless you are using unprivileged containers, you shouldn’t give root access to a container to someone whom you’d mind having root access to your host.

Capabilities

The first security feature which was added to LXC was Linux capabilities support. With that feature you can set a list of capabilities that you want LXC to drop before starting the container or a full list of capabilities to retain (all others will be dropped).

The two relevant configurations options are:

  • lxc.cap.drop
  • lxc.cap.keep

Both are lists of capability names as listed in capabilities(7).

This may sound like a great way to make containers safe and for very specific cases it may be, however if running a system container, you’ll soon notice that dropping sys_admin and net_admin isn’t very practical and short of dropping those, you won’t make your container much safer (as root in the container will be able to re-grant itself any dropped capability).

In Ubuntu we use lxc.cap.drop to drop sys_module, mac_admin, mac_override, sys_time which prevent some known problems at container boot time.

Control groups

Control groups are interesting because they achieve multiple things which while interconnected are still pretty different:

  • Resource bean counting
  • Resource quotas
  • Access restrictions

The first two aren’t really security related, though resource quotas will let you avoid some obvious DoS of the host (by setting memory, cpu and I/O limits).

The last is mostly about the devices cgroup which lets you define which character and block devices a container may access and what it can do with them (you can restrict creation, read access and write access for each major/minor combination).

In LXC, configuring cgroups is done with the “lxc.cgroup.*” options which can roughly be defined as: lxc.cgroup.<controller>.<key> = <value>

For example to set a memory limit on p1 you’d add the following to its configuration:

lxc.cgroup.memory.limit_in_bytes = 134217728

This will set a memory limit of 128MB (the value is in bytes) and will be the equivalent to writing that same value to /sys/fs/cgroup/memory/lxc/p1/memory.limit_in_bytes

Most LXC templates only set a few devices controller entries by default:

# Default cgroup limits lxc.cgroup.devices.deny = a ## Allow any mknod (but not using the node) lxc.cgroup.devices.allow = c *:* m lxc.cgroup.devices.allow = b *:* m ## /dev/null and zero lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:5 rwm ## consoles lxc.cgroup.devices.allow = c 5:0 rwm lxc.cgroup.devices.allow = c 5:1 rwm ## /dev/{,u}random lxc.cgroup.devices.allow = c 1:8 rwm lxc.cgroup.devices.allow = c 1:9 rwm ## /dev/pts/* lxc.cgroup.devices.allow = c 5:2 rwm lxc.cgroup.devices.allow = c 136:* rwm ## rtc lxc.cgroup.devices.allow = c 254:0 rm ## fuse lxc.cgroup.devices.allow = c 10:229 rwm ## tun lxc.cgroup.devices.allow = c 10:200 rwm ## full lxc.cgroup.devices.allow = c 1:7 rwm ## hpet lxc.cgroup.devices.allow = c 10:228 rwm ## kvm lxc.cgroup.devices.allow = c 10:232 rwm

This configuration allows the container (usually udev) to create any device it wishes (that’s the wildcard “m” above) but block everything else (the “a” deny entry) unless it’s listed in one of the allow entries below. This covers everything a container will typically need to function.

You will find reasonably up to date documentation about the available controllers, control files and supported values at:
https://www.kernel.org/doc/Documentation/cgroups/

Apparmor

A little while back we added Apparmor profiles support to LXC.
The Apparmor support is rather simple, there’s one configuration option “lxc.aa_profile” which sets what apparmor profile to use for the container.

LXC will then setup the container and ask apparmor to switch it to that profile right before starting the container. Ubuntu’s LXC profile is rather complex as it aims to prevent any of the known ways of escaping a container or cause harm to the host.

As things are today, Ubuntu ships with 3 apparmor profiles meaning that the supported values for lxc.aa_profile are:

  • lxc-container-default (default value if lxc.aa_profile isn’t set)
  • lxc-container-default-with-nesting (same as default but allows some needed bits for nested containers)
  • lxc-container-default-with-mounting (same as default but allows mounting ext*, xfs and btrfs file systems).
  • unconfined (a special value which will disable apparmor support for the container)

You can also define your own by copying one of the ones in /etc/apparmor.d/lxc/, adding the bits you want, giving it a unique name, then reloading apparmor with “sudo /etc/init.d/apparmor reload” and finally setting lxc.aa_profile to the new profile’s name.

SELinux

The SELinux support is very similar to Apparmor’s. An SELinux context can be set using “lxc.se_context”.

An example would be:

lxc.se_context = unconfined_u:unconfined_r:lxc_t:s0-s0:c0.c1023

Similarly to Apparmor, LXC will switch to the new SELinux context right before starting init in the container. As far as I know, no distributions are setting a default SELinux context at this time, however most distributions build LXC with SELinux support (including Ubuntu, should someone choose to boot their host with SELinux rather than Apparmor).

Seccomp

Seccomp is a fairly recent kernel mechanism which allows for filtering of system calls.
As a user you can write a seccomp policy file and set it using “lxc.seccomp” in the container’s configuration. As always, this policy will only be applied to the running container and will allow or reject syscalls with a pre-defined return value.

An example (though limited and useless) of a seccomp policy file would be:

1 whitelist 103

Which would only allow syscall #103 (syslog) in the container and reject everything else.

Note that seccomp is a rather low level feature and only useful for some very specific use cases. All syscalls have to be referred by their ID instead of their name and those may change between architectures. Also, as things are today, if your host is 64bit and you load a seccomp policy file, all 32bit syscalls will be rejected. We’d need per-personality seccomp profiles to solve that but it’s not been a high priority so far.

User namespace

And last but not least, what’s probably the only way of making a container actually safe. LXC now has support for user namespaces. I’ll go into more details on how to use that feature in a later blog post but simply put, LXC is no longer running as root so even if an attacker manages to escape the container, he’d find himself having the privileges of a regular user on the host.

All this is achieved by assigning ranges of uids and gids to existing users. Those users on the host will then be allowed to clone a new user namespace in which all uids/gids are mapped to uids/gids that are part of the user’s range.

This obviously means that you need to allocate a rather silly amount of uids and gids to each user who’ll be using LXC in that way. In a perfect world, you’d allocate 65536 uids and gids per container and per user. As this would likely exhaust the whole uid/gid range rather quickly on some systems, I tend to go with “just” 65536 uids and gids per user that’ll use LXC and then have the same range shared by all containers.

Anyway, that’s enough details about user namespaces for now. I’ll cover how to actually set that up and use those unprivileged containers in the next post.

Paul Tagliamonte: Hy 0.9.12 released

Tue, 2013-12-31 23:12

Good morning all my hungover friends. New Hy release - sounds like the perfect thing to do while you’re waiting for your headaches to go away. Here’s a short-list of the changes (from NEWS) - enjoy!

Changes from Hy 0.9.11 tl;dr: 0.9.12 comes with some massive changes, We finally took the time to implement gensym, as well as a few other bits that help macro writing. Check the changelog for what exactly was added. The biggest feature, Reader Macros, landed later in the cycle, but were big enough to warrent a release on it's own. A huge thanks goes to Foxboron for implementing them and a massive hug goes out to olasd for providing ongoing reviews during the development. Welcome to the new Hy contributors, Henrique Carvalho Alves, Kevin Zita and Kenan Bölükbaşı. Thanks for your work so far, folks! Hope y'all enjoy the finest that 2013 has to offer, - Hy Society * Special thanks goes to Willyfrog, Foxboron and theanalyst for writing 0.9.12's NEWS. Thanks, y'all! (PT) [ Language Changes ] * Translate foo? -> is_foo, for better Python interop. (PT) * Reader Macros! * Operators + and * now can work without arguments * Define kwapply as a macro * Added apply as a function * Instant symbol generation with gensym * Allow macros to return None * Add a method for casting into byte string or unicode depending on python version * flatten function added to language * Add a method for casting into byte string or unicode depending on python version * Added type coercing to the right integer for the platform [ Misc. Fixes ] * Added information about core team members * Documentation fixed and extended * Add astor to install_requires to fix hy --spy failing on hy 0.9.11. * Convert stdout and stderr to UTF-8 properly in the run_cmd helper. * Update requirements.txt and setup.py to use rply upstream. * tryhy link added in documentation and README * Command line options documented * Adding support for coverage tests at coveralls.io * Added info about tox, so people can use it prior to a PR * Added the start of hacking rules * Halting Problem removed from example as it was nonfree * Fixed PyPI is now behind a CDN. The --use-mirrors option is deprecated. * Badges for pypi version and downloads. [ Syntax Fixes ] * get allows multiple arguments [ Bug Fixes ] * OSX: Fixes for readline Repl problem which caused HyREPL not allowing 'b' * Fix REPL completions on OSX * Make HyObject.replace more resilient to prevent compiler breakage. [ Contrib changes ] * Anaphoric macros added to contrib * Modified eg/twisted to follow the newer hy syntax * Added (experimental) profile module

Duncan McGreggor: Joe Armstrong's Favorite Erlang Program... in LFE

Tue, 2013-12-31 23:08
It kind of shocked me to discover recently that a new post hasn't been pushed out on this blog since April. Looking at the drafts I've got backlogged -- 30 and counting -- I also realized that none of these were going to get finished in a single day. Of those 30, probably 6 will ever see the light of day, and all of those are drafts in various states of completion for the Lambda Calculus series.

There's a great Tiny Scheme example I want to write about, some cool Clojure stuff I've played with, and bunch of functional programming work I'd like to share, etc., etc., but again, none of these are anything I can complete in a few minutes (allowing me to do the other things that I'd like to do today!).
I'd given up, when I remembered that there was something short, sweet, and a bit of ol' fun that I wanted to share! Mr. Erlang himself recently blogged about it, and I wanted to convert it to LFE: Joe Armstrong's Favorite Erlang Program.
This little puppy is quite delightful -- and Joe shares a great little story about how he deployed it on Planet Lab in his "aside" section of that post :-)
After you read his post, come back and take a look at this code:That's how you do it in LFE! (Also, did you notice that Github now knows how to colorize *.lfe files? That happened here.)
Ain't it just the purdiest thing you ever saw?
This code has also been submitted for inclusion in the LFE examples (thus the "examples/" below). Let's do a quick sanity check:And now, let's run the example!
Happy New Year, everyone :-D

Benjamin Kerensa: A New Year with More Connections

Tue, 2013-12-31 20:30

North America Mozilla Reps

This year has been wonderful for me; with many opportunities to connect with some of the most brilliant people in the world while having discussions surrounding moving the open web forward and evangelizing products like Firefox and Firefox OS.

For me, there have been so many examples that I could offer of events or experiences this year that were touching. But I think nothing has been as exciting as my experience at Mozilla Summit, where I got to hear Mitchell Baker speak so passionately about the values Mozilla believes in.

Me and Mozillians from India

This year has been fast paced for me and nearly every month this year, I was traveling somewhere or organizing an event. While this meant withdrawing from some projects, I have historically had very large contributions too. It also gave me an opportunity to contribute in my new role on the Firefox Release Management Team and to expand into other areas I really wanted to dive into.

In December, I got to travel to San Francisco to take part in Mozilla’s Community Building Team Work Week where I got to meet Mitchell Baker and have dinner with her and many other awesome Mozillians. This also presented an opportunity to see familiar faces again and, most important, help build a roadmap for community building in Mozilla for 2014.

Me and Mitchell Baker, Chief Lizard Wrangler at Mozilla

One of the things I really look forward to doing in 2014 is making more connections with users of free and open source software and making more connections to open source projects by contributing to projects I have not yet contributed to. I’m proud to say that in 2013 I had contributed to 40+ Open Source projects which is a pretty incredible way to diversify the time I spend on Open Source.

Even more impressive, I gave talks at three major universities in 2013 which was really a neat experience because I’m a big advocate for Open Source being more heavily adopted in all levels of academia. My biggest hope for 2014 is to see continued increase in adoption of Free and Open Source Software by people worldwide who have not typically used it. I also hope to see OpenStack, Ubuntu and Mozilla continue to grow as they are all three communities that I love.

In closing, I want to wish all of my readers a Happy New Year and I hope to make a connection with you in 2014!

Benjamin Mako Hill: “When Free Software Isn’t Better” Talk

Tue, 2013-12-31 06:33

In late October, the FSF posted this video of a talk called When Free Software Isn’t (Practically) Better that I gave at LibrePlanet earlier in the year. I noticed it was public when, out of the blue, I started getting both a bunch of positive feedback about the talk as well as many people pointing out that my slides (which were rather important) were not visible in the video!

Finally, I’ve managed to edit together a version that includes the slides and posted it online and on Youtube.

The talk is very roughly based on this 2010 article and I argue that, despite our advocacy, free software isn’t always (or even often) better in practical terms. The talk moves beyond the article and tries to be more constructive by pointing to a series of inherent practical benefits grounded in software freedom principles and practice.

Most important to me though, the talk reflects my first serious attempt to bring together some of the findings from my day job as a social scientist with my work as a free software advocate. I present some nuggets from my own research and talk about about what they mean for free software and its advocates.

In related news, it also seems worth noting that I’m planning on being back at LibrePlanet this March and that the FSF annual fundraiser is currently going on.

Chuck Frain: Adding IR to Xbian

Tue, 2013-12-31 02:57

For Christmas one of the gifts-to-myself was a Logitech Harmony Smart Control. This was to replace an aging Harmony 550 with some button issues. In the course of setting things up I wanted to get IR working with my Xbian installation on the Raspberry Pi. I needed to get an IR receiver and found that this SANOXY remote for ~$15 (at the time of this writing) came with a USB receiver that fit the bill. The smart control uses the Ortek VRC-1100 from the Logitech database for the controls.

Largely this is doubling a set of notes for my own future reference if I have to recreate what I did to get IR working with my Xbian install on a RPi. Conveniently, I hope it helps someone set this up for themselves. The code for the solution came from responses by CurlyMoo in the bug report Vrc-1100 usb remote not working on Github.

I replaced the default /etc/lirc/hardware.conf file with the following:

# /etc/lirc/hardware.conf
#
# Arguments which will be used when launching lircd
LIRCD_ARGS="-u"

#Don’t start lircmd even if there seems to be a good config file
#START_LIRCMD=false

#Don’t start irexec, even if a good config file seems to exist.
#START_IREXEC=true

#Try to load appropriate kernel modules
LOAD_MODULES=true

# Run “lircd –driver=help” for a list of supported drivers.
DRIVER=”devinput”
# usually /dev/lirc0 is the correct setting for systems using udev
DEVICE=”/dev/lirc0″
MODULES=”evdev uinput”

# Default configuration files for your hardware if any
LIRCD_CONF=”"
LIRCMD_CONF=”"

And ran the following command after running ‘sudo su’:

sed -i '$d' /etc/rc.local && echo -e "chmod 0644 /dev/tty0\nexit 0" >> /etc/rc.local

After that, it was just a matter of configuring the buttons on the remote to do what I wanted. I’m not sure that the last commadn was really needed, but its working and I don’t see a down side to leaving it in place.

Tony Whitmore: Another year over, a new one just begun

Mon, 2013-12-30 19:30

That’s right, it’s my end of year round up! I am running the risk that nothing significant or amazing will happen to me in the next 24 hours, I know. I’ve trawled through tweets and blogs and reminded myself of the fantastic, crazy things that have happened this year. Here are just some of them, in no particular order.

  • An amazing year of wedding photography. Lots of lovely clients, so many different styles of wedding. Thank you to each and every one of you for asking me to be your wedding photographer.
  • Started my Malawi Mission to help improve healthcare in the UK and Africa. Thank you so much to everyone who has supported me so far. You can still donate to it here: http://uk.virginmoneygiving.com/tonywhitmore
  • A year of celebratory screenings of Doctor Who stories at the BFI in London. As well as the screenings and the panels, it was great to hang out with fellow fans who have now become friends.
  • Helped make an awesome OggCamp happen. This year’s was the biggest and I think the best. So many cool people doing cool things, it was a pleasure to be part of it.
  • The Project Motormouth convention. I had my photo taken with four Doctors!
  • Another glorious season of the Ubuntu Podcast. The live shows continue to be good fun to do and the weekly episodes seem to have gone down well. I can’t believe Alan and I have been doing it for six years.
  • The Sam Shaw Appeal. So many people helped raise an enormous amount of money to get Sam treatment in the US that gives him an increased chance of beating his neuroblastoma. Thank you so much to every one who has contributed.
  • Interviewing lots of lovely people for The Doctor Who Podcast at Big Finish Day 3, and being a guest presenter on two episodes.
  • Being inducted into the legendary Photography Farm, and meeting a great group of fellow photographers. And I got to second shoot for Shell de Mar and Neil Thomas Douglas as a result.
  • Seeing lots of live theatre performances including the Reduced Shakespeare Company, Richard Herring, Mark Thomas, the 39 Steps, I’m Sorry I Haven’t a Clue, and Toby Hadoke.
  • Having some of my photographs included on an official BBC DVD documentary about David Burton, the Doctor Who Never Was. And having more photographs published in Doctor Who Magazine.
  • Visiting the the magical island of Spetses for Stuart and Zoe’s wedding.
  • Celebrating my birthday. I know it happens every year, but this year I actually celebrated it. With other people. It was fun.
  • Having an entire month full of Doctor Who anniversary celebrations: “An Adventure in Space and Time“, “The Day of the Doctor” in 3D with the people who made it, and the official Celebration. (And saw 9 new episodes of Doctor Who from the 1960s!)

There are some things I’ve done this year that have been really, really special. But I just can’t tell you about them. Sorry! They really were among the highlights of my year though.

I’ve got a feeling that 2014 will be very special too. Have a great new year….

Pin It

Raphaël Hertzog: The Debian Wheezy Handbook is now available

Mon, 2013-12-30 15:59

After multiple months of hard work, I’m pleased to announce that Roland and I finished updating the Debian Administrator’s Handbook for Debian Wheezy.

Grab it now!

By the way, as part of the launch of this updated edition, you can benefit from a 10% discount on any paperback copy ordered before January 9th 2014. Just click here and place your order.

We have put lots of hard work on this edition, doing quite some janitorial work. We didn’t cover as many new topics as I would have liked, but I’m still proud of the end result.

The book has a nice preface co-signed by the current and former Debian Project Leaders. Let me quote a short extract:

The book you have in your hands is different. It’s a free as in freedom book, a book which is up to Debian freedom standards for every aspects of your digital life. […] You can apt-get install this book, you can redistribute it, you can fork this book or, better, submit bug reports and patches for it, so that other in the future can benefit from your contributions. The “maintainers” of this book — who are also its authors — are longstanding members of the Debian Project, who grok the freedom ethos that permeates every aspect of Debian.

Enjoy it and share your comments! Even better if you write up a review that we can link from the website.

One comment | Liked this article? Click here. | My blog is Flattr-enabled.

Lubuntu Blog: Unified Box theme

Mon, 2013-12-30 13:18
Unified means that Box is getting more complete and global. Now we included full support for Unity and Metacity. Now you can use it with Ubuntu and everything will work fine. Look how the Unity controls look on maximixed windows over the panel: You can download Box icons here, and Box theme here. The current version is 0.42+bzr384, which means you should our PPA to keep it uptodate, because

Sean Davis: Parole Media Player 0.5.91 Released

Mon, 2013-12-30 04:12

Today I wrap up my week-long “staycation” with the release of Parole Media Player 0.5.91.  The media player with the curious name (“parole” means “lyrics” in Italian) continues it’s steady march towards 0.6 with a new plugin and several fixes.

Release Notes
  • Added a new MPRIS2 plugin, thanks to Matias and Hakan (of Pragha fame)
  • Added realmedia video to supported video mimetypes (bug #10434)
  • Fixed untranslatable strings (bug #10418)
  • Fixed loading of playlists with relative paths (bug #10436)
  • Fixed plugin installation on some platforms (bugs #10142, #10441)
  • Fixed failing debug builds on some platforms (bug #10525)
  • Fixed broken “Remove Duplicates” functionality
  • Fixed playlist searching
  • Started Plugin API documentation updates (more on this ahead)
New MPRIS2 Plugin

This latest addition is thanks to the hard work of Matias and Hakan, who provided the majority of the effort to create the MPRIS2 plugin.  The Media Player Remote Interface Specification (MPRIS) is a standard DBUS interface for controlling media player.

Implementations can be found in most desktop environments, such as the Ubuntu Sound Indicator, the GNOME Shell Media Player extension, and the upcoming Xfce Sound Panel Applet.

Download and Installation

Source packages of Parole Media Player can be downloaded from the Xfce archives.  Parole Media Player 0.5.91 can be downloaded directly from here.

Additionally, updated packages should arrive soon in the Xfce 4.12 PPA for Ubuntu users.  Exercise caution in enabling this PPA as it contains development packages not meant for the everyday user.

If you encounter any bugs, please report them following our bug reporting guidelines.

Looking for Help

Are you familiar with Gtk documentation tools (gtk-doc)?  We’re trying to complete our Plugin API documentation, and can use some more experienced individuals helping us out.  If you’re interested, let us know in the comments or even send us a merge request.  Any help is appreciated!

Charles Profitt: Computer Science Literacy for K-12 Students

Sun, 2013-12-29 20:58

The Problem:
Over the past several years I have watched educational leaders talk about technology literacy, 21st century skills, ISTE standards (formerly the NETS) and STEM. As a parent and community member I remain unimpressed with what my local school districts are offering in the way of computer science education. As an employee of a school district I see little that makes me think meaningful change is coming any time soon. The following are examples:

Example High School Courses Offered 2013-14:

  • Business Department:
    • Advanced Microsoft Applications: The key to productivity is the ability to integrate the capabilities of software. This computer course utilizes realistic activities and projects designed for learning and integrating Microsoft Office 2007 suite of application software.
    • Personal Computer Keyboarding: Keyboarding is a necessary skill in this computer age!
    • Web Page Design: This Web design course teaches you how to plan, organize, and create a Web site from start to finish. Using HTML code and Notepad, then progressing into using Microsoft Expressions Web, (a Web authoring and site management program), you will learn to create and manage professional quality sites.
  • Technology Department:
    • Digital Electronics: Digital Electronics is a course of study in applied digital logic.
    • Computer Integrated Manufacturing: CIM is a course that applies principles of rapid prototyping, robotics and automation.

All the offerings from the business department should have been taught prior to high school. Keyboarding is a skill that should be started no later than 1st grade. In fact, keyboarding as currently defined by most schools is more a 20th century skill than 21st century skill. Touch interfaces and keyboard variants make qwerty keyboarding less important. The technology department has some good courses, but there is a lack of systems administration, network administration and programming courses. Programming should be introduced at the middle school level and integrated in to other curricular areas in high school. Imagine using R to process statistical data for social studies, biology, physics, chemistry or other courses. Imagine engaging in real world data analysis that educates students while having a real world impact students can see.

A Possible Solution:
A community based group that focuses on providing students with opportunities to learn real-world computer science skills. This fall I started reaching out to people in my local community who run computer related user groups to discuss building such a group. Two efforts could provide a framework for building a local group in Rochester: Codeacademy and CoderDojo. My goal for 2014 is to get such a community group organized and functional by July of 2014. The next steps will be to:

  • Identify interested community groups
  • Identify local parent association groups (stake holders)
  • Identify local students interested in assisting in defining the group (stake holders)
  • Identify a location for organizational meetings
  • Determine if a legal entity needs to be created for this effort
  • Identify a location for classes
  • Contact possible sponsors

The only item on the list that gives me a reason to pause is the potential requirement for a legal entity to be created. I have no legal experience in this arena so I have no idea what to expect.


Lubuntu Blog: Happy New Year wallpaper

Sun, 2013-12-29 14:24
Another traditional party, the New Year celebration. So here it is a new wallpaper for the StartUbuntu project, a great initiative commanded by Amjjawad that supports people that leave Windows XP in favour of a new Lubuntu install on their systems. Download it at the artwork section, as well as lots of *buntu flavoured wallpapers (Xubuntu, Lubuntu, Ubuntu Studio, etc).

Sean Davis: LightDM GTK+ Greeter 1.7.0 Released

Sun, 2013-12-29 02:44

After several weeks of development, the first development release leading to LightDM GTK+ Greeter version 1.8 has been made available.  Thanks to some new contributors, there’s quite a bit to see this time around.

Release Notes New Features
  • Window positioning (relative or absolute) of the login window and power dialogs is now configurable.
  • The default user-image displayed for user’s without a profile image is now configurable.
Accessibility Improvements
  • The onboard on-screen keyboard application is now run in xembed mode.
  • The accessibility menu items can now be activated with the F1, F2, and F3 hotkeys.
  • The selected user can now be changed from the username and password entries with the up and down keys.
  • The power dialogs can now be cancelled with the Escape key.
Lock Screen Improvements
  • When the LightDM GTK+ Greeter is used as a locked, it now blanks the screen when activated.
Bugs Fixed
    • Debian #718497: Last PAM error message not showing
    • Debian #721510: Greeter panel clock fails with long date formats
    • LP #1031421: Greeter doesn’t select user’s last session when using “Other”
    • LP #1147914: Can’t change the login window’s position
    • LP #1191509: Disabling language selector leaves strange artifact on the screen
    • LP #1194694: move to password input if <enter> pressed after username input
    • LP #1231134: support enter key to validate login entry
    • LP #1232804: Improve “login greeter -> desktop” transition in Xubuntu
    • LP #1251431: user background gets painted over background specified in config file
    • Fixed typo in language selection code
    • Fixed keyboard focus when used with the on-screen keyboard
New Features Window Positioning

10 pixels from the left and 30% down (position=10 30%)

With the added window positioning, the login window and power dialogs can now be placed based on relative or absolute values.

Configuration is simple. Values can be represented as percentages, positive (from the top/left), and negative (from the bottom/right). Some layout examples are below.

# position = main window position: x y

# 20% horizontally, 40% vertically
position = 20% 40%

# 10 pixels from the left, 50% vertically
position = 10 50%

# 100 pixels from the right, 50% vertically
position = -100 50%

Default User Image

The default user image configured as “#distributor-logo”, useful for distributions.

The profile image that is displayed for user’s that have not already chosen an image can now be configured.  Previously the image was always set to “avatar-default”.  The value can either be the path to an image file, or an icon name.  Sample configuration is below.

# default-user-image = Image used as default user icon, path or #icon-name

# Using a file path
default-user-image = /usr/share/pixmaps/firefox.png

# Using an icon name, distro logo
default-user-image = #distributor-logo

Screenshots Download and Installation

The source code for LightDM GTK+ Greeter can be obtained from the downloads page.  Ubuntu users (Quantal through Trusty) can also install it from the Stable PPA using the following commands.

sudo add-apt-repository ppa:lightdm-gtk-greeter-team/stable
sudo apt-get update
sudo apt-get install lightdm-gtk-greeter

If you find any bugs, please report them on the bugs page.

Pages