news aggregator

Alberto Milone: Hybrid Graphics in Ubuntu 14.04

Planet Ubuntu - Sat, 2014-05-03 10:24

Here’s a short list of the new features concerning hybrid graphics in Ubuntu 14.04:

  • External displays connected to the NVIDIA GPU can now be used through the “nvidia-settings” panel. We used to disable them but this is no longer the case (also there’s a fix pending for LP: #1296020, in case your BIOS provides a fake output)
  • We have a more robust system to detect and enable hybrid graphics, thanks to the new gpu-manager (I’ll write a more technical article with all the details soon).
  • We now fall back on the open Intel driver if any of the required components is missing (e.g. the kernel module was not built for the newly installed kernel, or a key package was accidentally removed).
  • Installing the nvidia or the fglrx driver should allow hybrid graphics to work with no further action required. Switching from a power profile to another can be done using the relevant control panels (either AMD’s or NVIDIA’s), as usual.
  • A direct benefit of using a recent kernel is that tearing on Intel/NVIDIA systems, while still an issue, should be a little reduced.

My special thanks go to Maarten Lankhorst (of Nouveau fame), who helped a lot by providing guidance, testing, and debugging X issues.

Known issues

Instructions

Andrea Veri: Adding reCAPTCHA support to Mailman

Planet Ubuntu - Sat, 2014-05-03 09:37

The GNOME and many other infrastructures have been recently attacked by an huge amount of subscription-based spam against their Mailman istances. What the attackers were doing was simply launching a GET call against a specific REST API URL passing all the parameters it needed for a subscription request (and confirmation) to be sent out. Understanding it becomes very easy when you look at the following example taken from our apache.log:

May 3 04:14:38 restaurant apache: 81.17.17.90, 127.0.0.1 - - [03/May/2014:04:14:38 +0000] "GET /mailman/subscribe/banshee-list?email=example@me.com&fullname=&pw=123456789&pw-conf=123456789&language=en&digest=0&email-button=Subscribe HTTP/1.1" 403 313 "http://spam/index2.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36"

As you can the see attackers were sending all the relevant details needed for the subscription to go forward (and specifically the full name, the email, the digest option and the password for the target list). At first we tried to either stop the spam by banning the subnets where the requests were coming from, then when it was obvious that more subnets were being used and manual intervention was needed we tried banning their User-Agents. Again no luck, the spammers were smart enough to change it every now and then making it to match an existing browser User-Agent. (with a good percentage to have a lot of false-positives)

Now you might be wondering why such an attack caused a lot of issues and pain, well, the attackers made use of addresses found around the web for their malicius subscription requests. That means we received a lot of emails from people that have never heard about the GNOME mailing lists but received around 10k subscription requests that were seemingly being sent by themselves.

It was obvious we needed to look at a backup solution and luckily someone on our support channel suggested the freedesktop.org sysadmins recently added CAPTCHAs support to Mailman.  I’m now sharing the patch and providing a few more details on how to properly set it up on either DEB or RPM based distributions. Credits for the patch should be given to Debian Developer Tollef Fog Heen, who has been so kind to share it with us.

Before patching your installation make sure to install the python-recaptcha package (tested on Debian with Mailman 2.1.15) on DEB based distributions and python-recaptcha-client on RPM based distributions. (I personally tested it against Mailman release 2.1.15, RHEL 6)

The Patch diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py index 4a54517..d6417ca 100644 --- a/Mailman/Cgi/listinfo.py +++ b/Mailman/Cgi/listinfo.py @@ -22,6 +22,7 @@ import os import cgi +import sys from Mailman import mm_cfg from Mailman import Utils @@ -30,6 +31,8 @@ from Mailman import Errors from Mailman import i18n from Mailman.htmlformat import * from Mailman.Logging.Syslog import syslog +sys.path.append("/usr/share/pyshared") +from recaptcha.client import captcha # Set up i18n _ = i18n._ @@ -200,6 +203,9 @@ def list_listinfo(mlist, lang): replacements[''] = mlist.FormatFormStart('listinfo') replacements[''] = mlist.FormatBox('fullname', size=30) + # Captcha + replacements[''] = captcha.displayhtml(mm_cfg.RECAPTCHA_PUBLIC_KEY, use_ssl=False) + # Do the expansion. doc.AddItem(mlist.ParseTags('listinfo.html', replacements, lang)) print doc.Format() diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py index 7b0b0e4..c1c7b8c 100644 --- a/Mailman/Cgi/subscribe.py +++ b/Mailman/Cgi/subscribe.py @@ -21,6 +21,8 @@ import sys import os import cgi import signal +sys.path.append("/usr/share/pyshared") +from recaptcha.client import captcha from Mailman import mm_cfg from Mailman import Utils @@ -132,6 +130,17 @@ def process_form(mlist, doc, cgidata, lang): remote = os.environ.get('REMOTE_HOST', os.environ.get('REMOTE_ADDR', 'unidentified origin')) + + # recaptcha + captcha_response = captcha.submit( + cgidata.getvalue('recaptcha_challenge_field', ""), + cgidata.getvalue('recaptcha_response_field', ""), + mm_cfg.RECPTCHA_PRIVATE_KEY, + remote, + ) + if not captcha_response.is_valid: + results.append(_('Invalid captcha')) + # Was an attempt made to subscribe the list to itself? if email == mlist.GetListEmail(): syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote)


Additional setup

Then on the /var/lib/mailman/templates/en/listinfo.html template (right below <mm-digest-question-end>)  add:

<tr> <td>Please fill out the following captcha</td> <td><mm-recaptcha-javascript></TD> </tr>



Make also sure to generate a public and private key at https://www.google.com/recaptcha and add the following paramaters on your mm_cfg.py file:

  • RECAPTCHA_PRIVATE_KEY
  • RECAPTCHA_PUBLIC_KEY

Loading reCAPTCHAs images from a trusted HTTPS source can be done by changing the following line:

replacements[''] = captcha.displayhtml(mm_cfg.RECAPTCHA_PUBLIC_KEY, use_ssl=False)


to

replacements[''] = captcha.displayhtml(mm_cfg.RECAPTCHA_PUBLIC_KEY, use_ssl=True)


EPEL 6 related details

A few additional details should be provided in case you are setting this up against a RHEL 6 host: (or any other machine using the EPEL 6 package python-recaptcha-client-1.0.5-3.1.el6)

Importing the recaptcha.client module will fail for some strange reason, importing it correctly can be done this way:

ln -s /usr/lib/python2.6/site-packages/recaptcha/client /usr/lib/mailman/pythonlib/recaptcha

and then fix the imports also making sure sys.path.append(“/usr/share/pyshared”) is not there:

from recaptcha import captcha



That’s not all, the package still won’t work as expected given the API_SSL_SERVER, API_SERVER and VERIFY_SERVER variables on captcha.py are outdated (filed as bug #1093855), substitute them with the following ones:

API_SSL_SERVER="https://www.google.com/recaptcha/api" API_SERVER="http://www.google.com/recaptcha/api" VERIFY_SERVER="https://www.google.com/recaptcha/api/verify"


That should be all! Enjoy!

Dimitri John Ledkov: X4D Icons released

Planet Ubuntu - Fri, 2014-05-02 23:38
I am releasing some icons under MIT license. They will be hosted at x4d.surgut.co.uk and available for development on GitHub.
I had to create my own icons, as I couldn't find icons of similar nature under a free license. Hopefully others will find these useful as well.

The icons below are all available in PNG, GIF, SVG and EPS. To link to a specific version directly, add .png, .gif, -v.svg or -v.eps to the generic URI (or browse the icons repository to see all versions).

Document type Light Dark HTML 2.0 HTML 3.2 HTML 4.0 HTML 4.01 XHTML 1.0 XHTML 1.1 XHTML Basic 1.0 XHTML-Print 1.0 CSS CSS 1 CSS 2 MathML 2.0 SVG 1.0 SVG 1.1 SVG 1.2 SVG Tiny 1.1 SVG Tiny 1.2 XML 1.0 XML 1.1

Benjamin Kerensa: Unboxing The First Firefox OS Tablet

Planet Ubuntu - Fri, 2014-05-02 19:25

This is the clean little box the tablet comes in

And let’s open the lid and see what’s inside… Look at that nice large display

The back of the tablet is a soft matte feel so not slippery and has a camera

This device comes with a special boot animation since its not a publicly available device yet.

Second boot animation

The familiar Firefox OS first boot screenLet’s get on the Wifi

Setup the timezone Let’s begin the tablet tour

Swipe lessonsMore swipe lessons

And more swiping

And tutorial complete now to play

And that concludes this unboxing!

Want to play with this? Find me at one of the many conferences I’m attending or speaking at this summer.

Pages

Subscribe to Free Software Magazine aggregator