Planet Ubuntu
Subscribe to Planet Ubuntu feed
Planet Ubuntu - http://planet.ubuntu.com/
Updated: 12 min 54 sec ago

Daniel Pocock: Trialing the xTuple/PostBooks next generation web UI

Wed, 2014-06-04 20:35

For some time I've been using PostBooks to keep track of finances. The traditional PostBooks system has a powerful Qt GUI.

The xTuple team have been hard at work creating a shiny new web-based user interface.

The traditional UI has no dedicated server - all users communicate directly with the PostgreSQL database where stored procedures and triggers ensure the correct logic is applied.

The new model provides an xTuple application server that can handle requests from web users and potentially other third-party apps too.

Who is it for?

Some people may feel that the web UI is intended to appeal to mobile users. While it is useful for mobile and tablet devices, this is not strictly the aim, John has discussed this in a blog.

One benefit of the web UI is that accountants and book-keepers do not need to have a copy of every exact PostBooks version that every client is using. Given that many people only need their accountant to look at their books for just a few hours at the end of each year, the ease of access with a web UI will make a big difference.

Trying it out quickly

The xTuple Git repository provides a script to install the whole server quickly. Initially it just supported a single Ubuntu release, I just contributed some tweaks to generalize it for Debian wheezy and potentially other releases. It doesn't appear too difficult to generalize it further for Fedora or RHEL users.

To get going, I recommend trying it in a fresh virtual machine, either in a server environment or desktop VirtualBox solution. The installation script will install various packages on the machine and mess about with the PostgreSQL setup so you will not want to run the automated setup script on any machine where you have existing databases.

Once the virtual machine is setup, make sure sudo is installed and configured:


# apt-get install sudo
# visudo

and then run the install as your normal user:


git clone --recursive git://github.com/xtuple/xtuple.git
cd xtuple
git remote add XTUPLE git://github.com/xtuple/xtuple.git
git fetch XTUPLE
git checkout `git describe --abbrev=0`
chmod a+x scripts/install_xtuple.sh
scripts/install_xtuple.sh

If all goes well, 5-10 minutes later it is ready to run:


cd node-datasource
node main.js

The port numbers will appear on the screen and you can connect with a web browser.

Trying it out

Despite my comments above to the effect that this is not primarily aimed at mobile, the first and second device I tested with were both mobile devices, Samsung Galaxy S3 and a Samsung Galaxy Note 3. I feel the Note is far better for this type of application, primarily due to screen size and the fact that most of the forms in the application have fields that launch popup menus. It appears to work in both Chrome and Firefox on these devices.

One handy feature is that the mobile device can dial numbers directly from the CRM address book, this is facilitated with the tel URI.

My impression is that this is still a product that is in the final stages of development, although some people will be able to use it almost immediately. One significant thing to note is that the database schema is very stable due to the long history of the traditional xTuple/PostBooks products.

The Fridge: Alternate Meeting Channel

Wed, 2014-06-04 20:24

Over the past several years the Ubuntu community has grown to encompass projects that range a variety of teams that work on everything from tablets to servers.

We’ve recently been seeing an increase in meeting time collisions among teams, so we’ve decided to go ahead and open an alternate meeting channel called #ubuntu-meeting-2 where teams can host their meetings if a meeting is already happening in #ubuntu-meeting during the time they want to host their own meeting. The Ubuntu Technical Board was the first to have their meeting on the schedule for this new channel!

If your team wants to have their meetings scheduled in our meetings ground, please let us know by dropping an email to ubuntu-news-team@lists.ubuntu.com or contacting us on IRC at #ubuntu-news on irc.freenode.net (click here to join from your browser).

Aurélien Gâteau: A template for shell-based command-line scripts

Wed, 2014-06-04 16:54

If you write shell scripts, you may be familiar with the situation where you wrote a script, and now would like to extend it to add some optional argument. Said script being a temporary hack (as temporary as those tend to be...) you end up writing a quick'n'dirty command-line parser, suffering limitations like fixed argument orders or other things which make tools annoying to use, but which would take too much time to get right than would be worth for this tiny shell script.

I felt this annoyance many times while writing scripts. To avoid that situation, I used to have a template which made use of the getopt binary but I always found it cumbersome: annoying to work with and hard to read again when coming back to my code after a while. Recently I came up with a simpler, slightly more manual, alternative.

The whole template looks like this:

#!/bin/sh set -e PROGNAME=$(basename $0) die() { echo "$PROGNAME: $*" >&2 exit 1 } usage() { if [ "$*" != "" ] ; then echo "Error: $*" fi cat << EOF Usage: $PROGNAME [OPTION ...] [foo] [bar] <Program description>. Options: -h, --help display this usage message and exit -d, --delete delete things -o, --output [FILE] write output to file EOF exit 1 } foo="" bar="" delete=0 output="-" while [ $# -gt 0 ] ; do case "$1" in -h|--help) usage ;; -d|--delete) delete=1 ;; -o|--output) output="$2" shift ;; -*) usage "Unknown option '$1'" ;; *) if [ -z "$foo" ] ; then foo="$1" elif [ -z "$bar" ] ; then bar="$1" else usage "Too many arguments" fi ;; esac shift done if [ -z "$bar" ] ; then usage "Not enough arguments" fi cat <<EOF foo=$foo bar=$bar delete=$delete output=$output EOF

Note: the die function is not used by the template itself, but most of the scripts I write needs such a function at some point, which is why it is there.

This template supports:

  • Short and long options (-d and --delete for example)
  • Options with and without arguments
  • Arbitrary position for options: myscript foo -d will do the same as myscript -d foo
  • Aborting when invalid options are passed
  • Checks for mandatory positional arguments

This last feature is done in two parts. First the *) case in the while loop sets variables as it goes through arguments and aborts if too many arguments are passed. Once the code leaves the while loop, a check is done on the last argument: if it is empty the code aborts complaining about missing arguments.

Supporting a variable number of arguments

A common change is accepting a variable number of arguments. If you are confident your arguments will never contain spaces or other weird characters, then you can do the following changes:

  1. Declare an empty args variable before the while loop:

    args=""
  2. Replace the code in the *) case with something like this:

    *) args="$args $1" ;;
  3. Remove the check for the last argument or alter it to check if args is empty.

  4. Iterate over the arguments with:

    for arg in $args ; do # Do work here done

If you want to support arguments which contain spaces, that's another story. The simplest solution I know of is to make use of Bash arrays. The changes would thus look like this:

  1. Change the shebang to #!/bin/bash.

  2. Declare an empty args array before the while loop:

    args=()
  3. Replace the code in the *) case with something like this:

    *) args=(${args[@]} "$1") ;;
  4. Same as before: remove the check for the last argument or alter it to check if args is empty.

  5. Iterate over the arguments with:

    for arg in ${args[@]} ; do # Do work here done

Higher percentage of cabalistic symbols in there, but that's the price one has to pay to manipulate arrays with Bash.

Pros and cons

Compared to getopt, this template has a few advantages but also limitations one must be aware of:

  • Pros
    • No need to list the options again in a call to getopt
    • Less boilerplate: getopt requires you to run it, then eval its output
    • Positional arguments are handled in the same loop which handles the options
  • Cons
    • No support for concatenated short options: -ab is not the same as -a -b.
    • No support for separating option arguments with an equal sign: you must write --output file.log and not --output=file.log.

That's it for this template, hope it is useful to you.

Jorge Castro: Juju is now on Github

Wed, 2014-06-04 13:55

We’ve got some changes in Juju and the Juju ecosystem that have been landing this week.

Ian Booth announced the move of Juju core to github.com. You can find all our work at: https://github.com/juju.

Workflow instructions for contributing are available in the CONTRIBUTING file. Ian also adds:

Once the dust settles on the migration of juju-core, we’ll also be migrating various dependencies like goose, gwacl, gomaasapi and golxc.

You can find the code for Juju Core at: https://github.com/juju/juju

On a related note, we have a one way mirror of the Juju Charm Store as well: https://github.com/charms

You can combine these with Francesco Banconi’s git-deploy plugin to deploy right from github, as an example:

juju git-deploy charms/mysql

Hopefully 2-way syncing will be possible soon, stay tuned!

David Murphy: Enabling Students in a Digital Age: Charlie Reisinger at TEDxLancaster

Wed, 2014-06-04 13:44

This is really inspiring to me, on several levels: as an Ubuntu member, as a Canonical, and as a school governor.

Not only are they deploying Ubuntu and other open-source software to their students, they are encouraging those students to tinker with their laptops, and – better yet – some of those same students are directly involved in the development, distribution, and providing support for their peers. All of those students will take incredibly valuable experience with them into their future careers.

Well done.

The post Enabling Students in a Digital Age: Charlie Reisinger at TEDxLancaster appeared first on David Murphy.

David Tomaschik: Secuinside Quals 2014: Simple Login

Wed, 2014-06-04 02:08

In this challenge, we received the source for a site with a pretty basic login functionality. Aside from some boring forms, javascript, and css, we have this PHP library for handling the session management:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50<? class common{ public function getidx($id){ $id = mysql_real_escape_string($id); $info = mysql_fetch_array(mysql_query("select idx from member where id='".$id."'")); return $info[0]; } public function getpasswd($id){ $id = mysql_real_escape_string($id); $info = mysql_fetch_array(mysql_query("select password from member where id='".$id."'")); return $info[0]; } public function islogin(){ if( preg_match("/[^0-9A-Za-z]/", $_COOKIE['user_name']) ){ exit("cannot be used Special character"); } if( $_COOKIE['user_name'] == "admin" ) return 0; $salt = file_get_contents("../../long_salt.txt"); if( hash('crc32',$salt.'|'.(int)$_COOKIE['login_time'].'|'.$_COOKIE['user_name']) == $_COOKIE['hash'] ){ return 1; } return 0; } public function autologin(){ } public function isadmin(){ if( $this->getidx($_COOKIE['user_name']) == 1){ return 1; } return 0; } public function insertmember($id, $password){ $id = mysql_real_escape_string($id); mysql_query("insert into member(id, password) values('".$id."', '".$password."')") or die(); return 1; } } ?>

Some first impressions:

  • MySQL calls seem to be properly escaped.
  • The auth cookie is using the super-weak crc32.
  • Setting the user_name cookie to 'admin' won't work out for us.

In index.php, we see:

1 2 3if($common->islogin()){ if($common->isadmin()) $f = "Flag is : ".__FLAG__; else $f = "Hello, Guest!";

So, presumably, the correct user is actually 'admin', but we can't log in as that. So what to do? Well, after playing around for a bit, I realized one important point. By default, MySQL uses case-insensitive string comparisons but, of course, PHP's == operator is case-sensitive. So a mixed-case version of admin will pass the test in islogin() but will return the user we want in getidx(), but we can't log in as any variation of admin as the password will still be needed.

That brings us to the hash. Perhaps we could fake the hash for an uppercased admin user? While we could probably brute force the salt, that would take a while. However, crc32 is vulnerable to trivial hash length extension attacks, if you can set the internal state to an existing hash. That is: crc32(a+b) == crc32(b, crc32(a)). So, since the salt is at the beginning, if we have the crc32 for a user, we can easily concatenate anything on the end and still generate a valid hash. (Assuming an implementation of crc32 that allows you to set the existing internal state.)

One rub: while python allows you to set the state, it doesn't implement the same CRC-32 as PHP! (I thought there was only one CRC-32, but apparently the one in python's binascii and zlib modules is the zlib CRC-32, and the PHP hash one is the bz2 CRC-32.) So I was able to find the relevant lookup table for the BZ2 crc-32 and write this implementation:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18import struct crc_table = [ 0x00000000L, 0x04c11db7L, 0x09823b6eL, 0x0d4326d9L, ...snip... 0xbcb4666dL, 0xb8757bdaL, 0xb5365d03L, 0xb1f740b4L ] def bzcrc(s, init=None): if init: state = struct.unpack('>I', struct.pack('<I', ~init & 0xffffffff))[0] else: state = 0xffffffff for c in s: state = state & 0xffffffff state = ((state << 8) ^ (crc_table[(state >> 24) ^ (ord(c))])) return hex(struct.unpack('>I', struct.pack('<I', ~state & 0xffffffff))[0])

And yes, I do some weird stuff with byte-order swapping, but it works for the one off. So, we logged in as the user 'a', got a hash, then changed the user_name cookie to aDMIN, and calculated the new hash via: bzcrc('DMIN', <existing hash>). Updated the hash cookie, refresh, and we've got a flag.

Ubuntu Server blog: Meeting Minutes: June 3rd, 2014

Tue, 2014-06-03 19:27
Agenda
  • Review ACTION points from previous meeting
  • U Development
  • Server & Cloud Bugs (caribou)
  • Weekly Updates & Questions for the QA Team (psivaa)
  • Weekly Updates & Questions for the Kernel Team (smb, sforshee)
  • Ubuntu Server Team Events
  • Open Discussion
  • Announce next meeting date, time and chair
Minutes
  • vUDS is next week (Tues-Thurs) – Pat (gaughen) is still working on topics, so if someone has a suggestion please talk to her.
  • bug 1319555 should not be on the list – list needs refreshing
  • bug 1315052 has fix committed upstream
  • bug 1317587 is in progress
  • The team is working on getting the blueprints filled out completely.  Expecting them to be solidified around vUDS.
  • Louis (caribou) created blueprint: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-u-networked-kdump and working on getting it filled in and approved.
  • kdump may be added to vUDS agenda
  • There’s an Openstack meetup in London on Thursday – James (jamespage) and Liam (gnuoy) are attending.  http://www.eventbooking.uk.com/openstack/home.html
Next Meeting

Next meeting will be on Tuesday, June 10th at 16:00 UTC in #ubuntu-meeting.

Additional logs @ https://wiki.ubuntu.com/MeetingLogs/Server/20140603

Ubuntu Kernel Team: Kernel Team Meeting Minutes – June 03, 2014

Tue, 2014-06-03 17:13
Meeting Minutes

IRC Log of the meeting.

Meeting minutes.

Agenda

20140603 Meeting Agenda


ARM Status

No new update this week.


Release Metrics and Incoming Bugs

Release metrics and incoming bug data can be reviewed at the following link:

http://people.canonical.com/~kernel/reports/kt-meeting.txt


Milestone Targeted Work Items    apw    core-1405-kernel    2 work items       ogasawara    core-1405-kernel    2 work items   


Status: Utopic Development Kernel

We have most recently rebased our Utopic kernel to v3.15-rc8 and
uploaded (3.15.0-5.10). We are planning on converging on the v3.16
kernel for Utopic. It also appears that the Utopic release date has
been pushed out a week to Thurs Oct 23 in order to not conflict with
the Linux Plumbers Conference.
—–
Important upcoming dates:
Mon-Wed June 10 – 12, UOS – Ubuntu Online Summit (~1 week away)
Thurs Jun 26 – Alpha 1 (~3 weeks away)
Fri Jun 27 – Kernel Freeze for 12.04.5 and 14.04.1 (~3 weeks away)


Status: CVE’s

The current CVE status can be reviewed at the following link:

http://people.canonical.com/~kernel/cve/pkg/ALL-linux.html


Status: Stable, Security, and Bugfix Kernel Updates – Trusty/Saucy/Precise/Lucid

Status for the main kernels, until today (June 3):

  • Lucid – Verification and Testing
  • Precise – Verification and Testing
  • Quantal – No changes this cycle
  • Saucy – Verification and Testing
  • Trusty – Verification and Testing

    Current opened tracking bugs details:

  • http://people.canonical.com/~kernel/reports/kernel-sru-workflow.html

    For SRUs, SRU report is a good source of information:

  • http://people.canonical.com/~kernel/reports/sru-report.html

    Schedule:

    cycle: 18-May through 07-Jun
    ====================================================================
    16-May Last day for kernel commits for this cycle
    18-May – 24-May Kernel prep week.
    25-May – 31-May Bug verification & Regression testing.
    01-Jun – 07-Jun Regression testing & Release to -updates.


Open Discussion or Questions? Raise your hand to be recognized

No open discussions.

David Planella: A new era for the Ubuntu community team, or business as usual

Tue, 2014-06-03 17:06

A sample of the wider Ubuntu Community team, with Canonicalers and volunteer core app developers

After the recent news of Jono stepping down as the Ubuntu Community Manager to seek new challenges at XPRIZE, a new era in Ubuntu begins. Jono’s leadership, passion and drive to continually push the boundaries have been contagious over the years, and have been the catalyst for growing the unique community of individuals that defines Ubuntu today.

Jono is now joining the ranks of non-Canonical Ubuntu members, and while this will change the angle of participation, I’m certain that it won’t change his energy and dedication one bit. But most importantly, it’s a testament to his work that his former team will continue to thrive and take up the torch in pushing those boundaries.

For us, it will be business as usual in the sense of implementing our roadmap, continuing to grow a strong and open community, being innovative in how we do it, and coordinating the logistics around our plans. So not much will be different in that regard, but obviously some organizational bits will change.

As part of the transition, the Ubuntu Community Team at Canonical in full, that is, Michael Hall, Daniel Holbach, Alan Pope, Nicholas Skaggs and myself, will now be hosting the weekly Ubuntu Q&A, starting today at 18:00 UTC on Ubuntu On Air (click here for the time at your location).

The Ubuntu Community Team Q&A

Openness, both in being a transparent and welcoming community, is one of the core values of Ubuntu, and we believe the channels should be always open for a healthy information flow and to help contributors get involved.

As such, the Ubuntu Community Team Q&A will continue to provide a weekly, 1-hour-long session open for participation to anyone who wants to ask their questions about Ubuntu. In fact, as in former editions, you can ask the Community Team just anything about Free Software, Technology, or whatever you come up with. As before, the only questions we won’t answer are those related to technical support, where you’ll be much better served using Ask Ubuntu, the Ubuntu forums or IRC.

Join the Ubuntu Community Team Q&A at 18:00 UTC today and ask your questions >

The Ubuntu Online Summit is coming soon!

Also, following the thread of events and participation, the new Ubuntu Online Summit (UOS) is coming up very soon, and it’s an excellent opportunity to learn about getting involved in Ubuntu, organizing or presenting the plans of the different Ubuntu teams for the next months.

UOS will be held on June 10th – 12th and it will be a combination of the former Ubuntu Developer Summit and the more user-facing events we’ve been organizing in the past. This opens the door to a wider audience that can follow a richer mix of developer and user or contributor content.

If you want to learn about the details, check out Michael’s UOS post on how it’s going to work. If you want to contribute and make a difference in Ubuntu, do register a session too!

Looking forward to seeing you soon!

The post A new era for the Ubuntu community team, or business as usual appeared first on David Planella.

Pages