News aggregator

Adam Trickett: Picasa Web: 2014-02-16

Planet HantsLUG - Sun, 16/02/2014 - 19:09
Date: 16 Feb 2014
Number of Photos in Album: 1

View Album

Categories: LUG Community Blogs

Adam Trickett: Picasa Web: 2014-02-16

Planet HantsLUG - Sun, 16/02/2014 - 19:09
Date: 16 Feb 2014
Number of Photos in Album: 1

View Album

Categories: LUG Community Blogs

Adam Trickett: Picasa Web: 2014-02-16

Planet HantsLUG - Sun, 16/02/2014 - 19:08
Date: 16 Feb 2014
Number of Photos in Album: 1

View Album

Categories: LUG Community Blogs

Wayne Stallwood (DrJeep): Dancing Ferrofluid first test

Planet ALUG - Sun, 16/02/2014 - 19:03
First attempt, This is using a coil scavenged from an old hard drive. The real project I am working on isn't really about driving it with audio but I just wanted to see how it worked out.

Fed with half wave rectified audio. The coil impedance measured at approximately 6 ohms which was convenient as it's not that far from a loudspeaker coil.

Running it with a 60W amp meant that I only had about 30 seconds before the coil started to overheat. Quite fun though I might try a bigger coil or an array of more small coils.

Categories: LUG Community Blogs

Steve Kemp: Pastebin site with markdown support

Planet HantsLUG - Sun, 16/02/2014 - 17:47

Today I setup a new website:

Something I want, something I'll use, and something that might be useful to others?

Categories: LUG Community Blogs

Aq: More on an Ubuntu Component Store

Planet WolvesLUG - Sun, 16/02/2014 - 15:21

After yesterday’s musings on a “component store” for Ubuntu developers, a few people said “hm that sounds interesting, how would it work?” So I’ve thrown together a little demo.

I should be clear: this is a demo. It’s not a component store; it’s not for real use; you can’t add things to it; you can’t use it in your apps. This is just enough of a test implementation to allow people to talk about whether this is a good idea or not. None of the code I’ve written would be used in a real implementation, if such a thing existed: I don’t do any error checking, I don’t have any tests. It’s just to give a demo of what I think the developer experience of a component store might be like if it existed, which it does not.

First you need the utility which searches the store, which is called ucs. Get it with bzr branch lp:~sil/+junk/ucs-cli. You now have a utility named ucs which can search the component store for components you might find useful in your apps.

Next, an app which uses it. Grab a demo with bzr branch lp:~sil/+junk/ucs-demo-app. You can now load that app into the Ubuntu SDK editor, or just run it from the command line with qmlscene ucs-demo-app/UCSDemoApp.qml. If you do that, you’ll see that it’s missing components: UCSDemoApp.qml:3 "ubuntu_component_store": no such directory. So, the app needs components and they aren’t installed, which is correct. Change to the app’s folder and run ucs install.1

$ cd ucs-demo-app $ ucs install Installing RedButton

and now the app should work: qmlscene UCSDemoApp.qml shows an app with a red button in it. If you look at the source of the app in the ucs-demo-app folder, you’ll see two things that make it different from a stock app:

  1. import "ubuntu_component_store" at the top of UCSDemoApp.qml. This includes components installed from the UCS into the app. You don’t need to individually name the components you import: just import "ubuntu_component_store". The app can then use all the components it asks for, such as the RedButton {} QML Item.

  2. there is an ubuntu_component_store.json file in the app’s folder. This ships with the app, and it describes the components that this app uses. Basically, it is JSON like this: { dependencies: { RedButton: "*" }}, describing that this app requires a component called RedButton and doesn’t care about its version number (hence "*").

So the process for working on an app which uses components from the store is: get the app source, then ucs install. That will install all the components that the app requires, and then you can start hacking on the app.

The process for developing an app which needs components: if you want to add a component to your app-in-progress, then ucs list will show the list of all components (which in this demo is one, RedButton), and ucs install RedButton will install that component2 and update ubuntu_component_store.json to add it to your dependency list. So when developing, just ucs install ComponentINeed, and then make sure that ubuntu_component_store.json is checked into source control and that the ubuntu_component_store/ folder isn’t checked in.

Those of you who have worked with node.js and npm will be thinking: this looks a lot like npm. You are not wrong. I think that that’s an excellent model for building projects. There will be people who say “but what if I want the same component in two projects but I don’t want to have it on my disk twice?” Ignore these people. Make a component store which works on a project-by-project basis; it’s so much nicer. Clearly there’d need to be a bunch more work on all this: ucs search and ucs submit and ucs remove and a web UI to browse everything and API specifications and server scaling and re-running ucs install after you install a component in case that component itself has dependencies and deciding what happens if two components in the same project have the same dependency and actually paying attention to version numbers and, and, and. There’s a bunch of integration which could be done with the Ubuntu SDK editor: if your app ships with an ubuntu_component_store.json file, then run ucs install when you open it. Ship ucs with the SDK. Automatically add ubuntu_component_store/ to bzr ignore. Provide a graphical browser for the list of components. This is not an implementation: it’s a demo. A real version would need a decent amount of thought.

I don’t know whether this would actually take off. I don’t know whether there are sufficient people developing reusable components for Ubuntu apps to justify it. But I think that, if there are, then this might be a good way for someone to go about it.

  1. fill in a path to the ucs utility wherever you branched it, of course, or put it on your $PATH
  2. from wherever the store says it’s hosted. This RedButton component is on github, mainly because ucs downloads a zip file of the component and github helpfully provides them for you, which Launchpad doesn’t. Note that I think that components should not themselves be uploaded to the store; the store just stores a URL for them.
Categories: LUG Community Blogs

Aq: Bad Voltage, apps, and generic components for Ubuntu

Planet WolvesLUG - Sat, 15/02/2014 - 21:19

I wrote a very simple app for Ubuntu for Bad Voltage, the finest podcast in the land. It shows you the list of shows, and lets you play them. Simple. Streaming: there’s no downloading for offline use here, no notifications of new shows; it’s a little app, only. So the first thing you should do is go search for it on your Ubuntu phone and install it.

More interestingly, though, I tried to make this a generic app. That is: the actual code which defines this as a Bad Voltage app looks like this:

import QtQuick 2.0 import Ubuntu.Components 0.1 import "components" MainView { objectName: "mainView" applicationName: "org.kryogenix.badvoltage" automaticOrientation: false width: height: id: root backgroundColor: "black" GenericPodcastApp { name: "Bad Voltage" squareLogo: "" author: "Stuart Langridge, Jono Bacon, Jeremy Garcia, and Bryan Lunduke" category: "Technology" feed: "" description: "Every two weeks Bad Voltage " + "delivers an amusing take on technology, " + "Open Source, politics, music, and anything " + "else we think is interesting." } }

To make a similar app for your podcast, just fetch the GenericPodcastApp.qml file from the Bad Voltage app source, include it in your project, and then use the GenericPodcastApp component. Define a name, squareLogo, author, category, feed, and description, and that’s it; you’re done.

I’d love there to be a whole bunch of generic components like this. Something where I don’t really have to mind how it works, I just grab it from somewhere, drop it into my project, and use it. A QR code scanner, a QR code generator, a circular dial widget, an online high-score table. Obviously it’s possible to make reusable components right now, but there’s no market in them; what I want is something almost like the Ubuntu app store but for developers, where I can look for components, grab one, and insert it into my project, right from the Ubuntu SDK editor. One button-push should update any of these components that I have in my project; that way, if someone fixes a component I can rebuild my app to include it with ease. What I really want is the Ubuntu component equivalent of npm install, I think. The ultimate destiny of any such component is to be so useful to so many people that the Ubuntu core team lift it out of the component store and into the SDK, but it’d be great if it were easier to do this before things get to that stage, and the SDK can’t contain everything. I see no reason why some of these components couldn’t be open source and some sold for money, so there’s potentially an income stream there for Ubuntu developers who make reusable things. GenericPodcastApp is hugely trivial, but an example of the sort of thing that I think could develop. Any component which doesn’t use anything very Ubuntu-specific would work on other QML platforms too, and vice-versa, so the market could even be usable by developers across many platforms.

Categories: LUG Community Blogs

Laura Cowen: Monkigras 2014: Sharing craft

Planet HantsLUG - Fri, 14/02/2014 - 17:06

After Monkigras 2013, I was really looking forward to Monkigras 2014. The great talks about developer culture and creating usable software, the amazing buzz and friendliness of the event, the wonderful lack of choice over which talks to go to (there’s just one track!!), and (of course) the catering:

The talks at Monkigras 2014

The talks were pretty much all great so I’m just going to mention the talks that were particularly relevant to me.

Rafe Colburn from Etsy talked about how to motivate developers to fix bugs (IBMers, read ‘defects’) when there’s a big backlog of bugs to fix. They’d tried many strategies, including bug rotation, but none worked. The answer, they found, was to ask their support team to help prioritise the bugs based on the problems that users actually cared about. That way, the developers fixing the bugs weren’t overwhelmed by the sheer numbers to choose from. Also, when they’d done a fix, the developers could feel that they’d made a difference to the user experience of the software.

Rafe Colburn from Etsy

While I’m not responsible for motivating developers to fix bugs, my job does involve persuading developers to write articles or sample code for So I figure I could learn a few tricks.

A couple of talks that were directly applicable to me were Steve Pousty‘s talk on how to be a developer evangelist and Dawn Foster‘s on taking lessons on community from science fiction. The latter was a quick look through various science fiction themes and novels applied to developer communities, which was a neat idea though I wished I’d read more of the novels she cited. I was particularly interested in Steve’s talk because I’d seen him speak last year about how his PhD in Ecology had helped him understand communities as ecosystems in which there are sometimes surprising dependencies. This year, he ran through a checklist of attributes to look for when hiring a developer evangelist. Although I’m not strictly a developer evangelist, there’s enough overlap with my role to make me pay attention and check myself against each one.

Dawn Foster from PuppetLabs

One of the risks of TED Talk-style talks is that if you don’t quite match up to the ‘right answers’ espoused by the speakers, you could come away from the event feeling inadequate. The friendly atmosphere of Monkigras, and the fact that some speakers directly contradicted each other, meant that this was unlikely to happen.

It was still refreshing, however, to listen to Theo Schlossnagle basically telling people to do what they find works in their context. Companies are different and different things work for different companies. Similarly, developers are people and people learn in different ways so developers learn in different ways. He focused on how to tell stories about your own failures to help people learn and to save them from having to make the same mistakes.

Again, this was refreshing to hear because speakers often tell you how you should do something and how it worked for them. They skim over the things that went wrong and end up convincing you that if only you immediately start doing things their way, you’ll have instant success. Or that inadequacy just kicks in like when you read certain people’s Facebook statuses. Theo’s point was that it’s far more useful from a learning perspective to hear about the things that went wrong for them. Not in a morbid, defeatist way (that way lies only self-pity and fear) but as a story in which things go wrong but are righted by the end. I liked that.

Theo Schlossnagle from Circonus

Ana Nelson (geek conference buddy and friend) also talked about storytelling. Her point was more about telling the right story well so that people believe it rather than believing lies, which are often much more intuitive and fun to believe. She impressively wove together an argument built on various fields of research including Psychology, Philosophy, and Statistics. In a nutshell, the kind of simplistic headlines newspapers often publish are much more intuitive and attractive because they fit in with our existing beliefs more easily than the usually more complicated story behind the headlines.

Ana Nelson from Brick Alloy

The Gentle Author spoke just before lunch about his daily blog in which he documents stories from local people. I was lucky enough to win one of his signed books, which is beautiful and engrossing. Here it is with my swagbag:

My swag bag from #monkigras – I was a lucky recipient of a beautiful, signed London Album by @thegentleauthor

— Laura Cowen (@lauracowen) February 1, 2014

After his popular talk last year, Phil Gilbert of IBM returned to give an update on how things are going with Design@IBM. Theo’s point about context of a company being important is so relevant when trying to change the culture of such a large company. He introduced a new card game that you can use to help teach people what it’s like to be a designer working within the constraints of a real software project. I heard a fair amount of interest from non-IBMers who were keen for a copy of the cards to be made available outside IBM.

Phil Gilbert’s Wild Ducks card game

On the UX theme, I loved Leisa Reichelt‘s talk about introducing user research to the development teams at GDS. While all areas of UX can struggle to get taken seriously, user research (eg interviewing participants and usability testing) is often overlooked because it doesn’t produce visual designs or code. Leisa’s talk was wonderfully practical in how she related her experiences at GDS of proving the worth of user research to the extent that the number of user researchers has greatly increased.

And lastly I must mention Project Andiamo, which was born at Monkigras 2013 after watching a talk about laser scanning and 3D printing old railway trains. The project aims to produce medical orthotics, like splints and braces, by laser scanning the patient’s body and then 3D printing the part. This not only makes the whole process much quicker and more comfortable, it is at a fraction of the cost of the way that orthotics are currently made.

Samiya Parvez & Naveed Parvez of Project Andiamo

If you can help in any way, take a look at their website and get in touch with them. Samiya and Naveed’s talk was an amazing example of how a well-constructed story can get a powerful message across to its listeners:

"This is supposed to be a compliment, but your talk made me cry" – @monkigras

— Charlotte Spencer (@Charlotteis) January 31, 2014

After Monkigras 2014, I’m now really looking forward to Monkigras 2015.

My 11yr old just said that #monkigras could be translated as "fat monkey" … not sure what to make of that @monkchips

— Paul Johnston (@PaulDJohnston) February 12, 2014


The post Monkigras 2014: Sharing craft appeared first on

Categories: LUG Community Blogs

Dick Turpin: If its four it must be less?

Planet WolvesLUG - Fri, 14/02/2014 - 15:03
Customer: "I can't send this email?"
Me: "That's because you have a 50mb attachment! You can't send attachments that size you'll need to split that zip file into four separate ones."

A little later.

Customer: "I still cannot send this email!"
Me: "What the...... You've attached the four zip files to the same email! That's still 50mb."

Categories: LUG Community Blogs

Jono Bacon: Bad Voltage Season 1 Episode 9 ‘The Starting Pitstop’ Is Out

Planet WolvesLUG - Thu, 13/02/2014 - 22:44

Stuart Langridge, Jeremy Garcia, Bryan Lunduke, and myself wend our troublesome ways down the road of:

  • We weigh in on the upstart/systemd brouhaha in Debian and discuss what happened, why it happened, and whether it was a good thing or not.
  • Bryan reviews the Lenovo Miix 2 tablet and we get into the nitty gritty of what you can do with it.
  • We take a trip down memory lane about how we each got started with Linux, which distributions we used, and who helped us get on our journey.
  • We take a recap and look at community feedback about guns, 3D printing, predictions, Bad Voltage gaming, the Bad Voltage Selfie Competition and more, all making an appearance.

Go and listen or download it here

Be sure to go and share your feedback, ideas, and other comments on the community discussion thread for this show!

Also, be sure to join in the Bad Voltage Selfie Competition to win some free O’Reilly books!

Finally, many thanks to Microsoft for helping us get the Bad Voltage Community Forum up and running, and thanks to A2 Hosting for now hosting it. Thanks also to Bytemark for their long-standing support and helping us actually ship shows.

Categories: LUG Community Blogs

Steve Kemp: Secure your rsync shares, please.

Planet HantsLUG - Thu, 13/02/2014 - 17:38

Recently I started doing a internet-wide scan for rsync servers, thinking it might be fun to write a toy search-engine/indexer.

Even the basics such as searching against the names of exported shares would be interesting, I thought.

Today I abandoned that after exploring some of the results, (created with zmap), because there's just too much private data out there, wide open

IP redacted for obvious reason:

shelob ~ $ rsync rsync://xx.xx.xx.xx/ ginevra Ginevra backup krsna Alberto Laptop Backup franziska Franz Laptop Backup genoveffa Franz Laptop Backup 2

Some nice shares there. Lets see if they're as open as they appear to be:

shelob ~ $ rsync rsync://xx.xx.xx.xx/ginevra/home/ drwxrwsr-x 4096 2013/10/30 13:42:29 . drwxr-sr-x 4096 2009/02/03 10:32:27 abl drwxr-s--- 12288 2014/02/12 20:05:22 alberto drwxr-xr-x 4096 2011/12/13 17:12:46 alessandra drwxr-sr-x 20480 2014/02/12 22:55:01 backup drwxr-xr-x 4096 2008/10/03 14:51:29 bertacci ..

Yup. Backups of /home, /etc/, and more.

I found numerous examples of this, along with a significant number of hosts that exported "www" + "sql", as a pair, and a large number of hosts that just exported "squid/". I assume they must be some cpanel-like system, because I can't understand why thousands of people would export the same shares with the same comments otherwise.

I still would like to run the indexer, but with so much easy content to steal, well I think the liability would kill me.

I considered not posting this, but I suspect "bad people" already know..,

Categories: LUG Community Blogs

Aq: Static electricity

Planet WolvesLUG - Thu, 13/02/2014 - 12:51

So here I am with a static blog.

I was on Wordpress. I like Wordpress; in particular, I like the vitality of it. There’s a large community of people using it and working on it and making plugins and making themes, and it’s become apparent to me over the years that one of the things I care about quite a lot, when using software which is not a core part of what I do, is that I do not have to solve every problem that I have myself. That is: I would like there to be the problem-solving method of “1. google for desired outcome; 2. find someone else has written a plugin to do it”, rather than “1. google; 2. find nothing; 3. write code”. What this means is using some project with a largeish community. So I settled on Pelican, because it’s one of the more popular static blog engines out there, and hence vibrant community.

At this point there will be questions.

If you wanted a vibrant popular community why didn’t you use Jekyll?

I couldn’t work out how to install it.

It says: gem install jekyll. I did that and it says Permission denied - /var/lib/gems/1.9.1. So for some reason a command run as me wants to install things in a system-level folder. No. System level belongs to apt. Let the word go throughout the land.

I’m sure that it’s entirely possible to configure RubyGems so that it installs things in a ~/gems folder or something. But I don’t want that either: I want this stuff to be self-contained, inside the project folder. Node’s npm gets this completely right and I am impressed down to the very tips of my toes with it. Python gets it rightish: you have to use a virtualenv, which I am doing. Is there a virtualenv-equivalent for Ruby and RubyGems? Almost certainly. But I’m not trying to learn about Ruby, I’m trying to set up a blog. Reading up about how to configure Ruby package installation to be in the project folder when you’re trying to set up a blog isn’t just yak-shaving, it’s like an example you’d tell a child to explain what yak-shaving is. So no Jekyll for me, which is a bit annoying, but not too much since Pelican looks good. And I know Python pretty well, and don’t like Ruby very much, so that’s also indicative.

Why are you using a static blog engine at all? What was wrong with Wordpress?

It got owned. I got an email from a friend of mine saying “hey, did you know that if you look at your blog in an old browser, such as Dillo, there’s a bunch of spam at the top of it?”

I did not know. But it was the case. Sigh.

There are plenty of guides around about how to fix this: dump the DB, reinstall Wordpress, restore the DB, then look for fixes, etc, etc, etc. And I thought: wow, that’s a bunch of effort and what do I get for it? I’m still vulnerable to exactly the same problem, which is that an upgrade to WP happens, it notifies me, I notice thirty nanoseconds later, and in that thirty nanoseconds some script bot somewhere 0wns the blog. I could, in theory, fix this by spending much more time setting up something to auto-update WP, but in practice that’s hard: what do I do, svn update every fifteen seconds in a cron job? Nightmare.

So, what am I getting from Wordpress that I’ll lose if I go static?

My list of plugins contains a bunch of stuff which is only relevant because it is Wordpress and thus dynamic: caching, spam, that sort of thing. Static sites don’t need any of that. I like Jetpack a lot; it gives me a nice mobile theme and stats, and I’ll lose that (as well as comment moderation from a mobile app, which I don’t care about if I don’t have comments; see below). I have a bunch of nice little plugins which throw in features that I like, such as adding footnotes, which I’ll lose. Counterbalance that with how it’s basically impossible to put a <script> element in a Wordpress post, which is incredibly annoying. I won’t be able to create posts if I’m away from my computer (without doing a bunch of setup), but in practice I don’t do that, it turns out. And finally, comments.

Hm, comments. On the one hand, I like my commenters; there have been interesting discussions there, and normally informative. On the other hand, there’s a lot less commenting on blogs going on these days; you get much more real-time discussion on Twitter or G+ about a post than you do on the post itself. That’s a bit worrying — you’re losing the in-one-place nature of the conversation, and their bit of the conversation might vanish from the public discourse if G+ shuts down, which is why I don’t like Disqus — but that’s happening anyway and can’t be stopped. So maybe I can live with it.

Also, themes, but Pelican has a bunch, including rather excellently the same theme I was using on Wordpress! So it looks like nothing changed! Rawk.

So, let’s see how it goes. Possibly I’ll find something else critical that I’m missing and migrate back… and I do still have to write a footnotes plugin… but so far we’re feeling good about it.

Categories: LUG Community Blogs

Jono Bacon: Forward Momentum in the Ubuntu App Developer Platform

Planet WolvesLUG - Thu, 13/02/2014 - 07:14

Last week I was in Orlando sprinting with my team as well as the platform, SDK, and security teams and some desktop and design folks. As usual after a sprint, I have been slammed catching up with email, but I wanted to provide a summary of some work going that you can expect to see soon in the Ubuntu app developer platform.


In the last few months we have been working to refine our HTML5 support in the Ubuntu SDK.

Today we have full HTML5 support in the SDK but we are working to make HTML5 apps more integrated than ever. This work will land in the next week and will include the following improvements:

  • Consolidating everything into a single template and container. This means that when you create a new app in the SDK you have a single template to get started with that runs in a single container.
  • Updating our Cordova support to access all the devices and sensors on the device (e.g. camera, accelerometer).
  • Adding full Ubuntu platform API access via Javascript. With this you will be able to access Online Accounts, the Content Hub, the App Lifecycle support etc and more.
  • Adding a series of refinements to the look and feel of the HTML5 Ubuntu components. Before the components looked a little different to the QML ones and we are closing the loop.
  • Full API documentation for the Cordova and Platform APIs as well as a number of tutorials for getting started with HTML5.
  • On a side note, there has been some tremendous speed improvements in Oxide which will benefit all HTML5 apps. Thanks to Chris Coulson for his efforts here.

With these refinements you will be able use the Ubuntu SDK to create a new HTML5 app from a single template, follow a tutorial to make a truly native look and feel HTML5 app utilizing the Cordova and Platform APIs, then click one button to generate a click package and fill in a simple form and get your app in the store.

I want to offer many thanks to David Barth’s team for being so responsive when I asked them to refine our HTML5 support ready for MWC. They have worked tirelessly, and thanks also to Daniel Holbach for coordinating the many moving pieces here.


Our SDK is the jewel in the crown of our app development story. Our goal is that the SDK gets you on your Ubuntu app development adventure and provides all the tools you need to be creative and productive.

Fortunately there are a number of improvements coming here too. This includes:

  • We will be including a full emulator. This makes it easy for those of you without a device to test that your app will work well within the context of Ubuntu for smartphones or tablets. This is just a click away in the SDK.
  • We are also making a series of user interface refinements to simplify how the SDK works overall. This will include uncluttering some parts of the UI as well as tidying up some of the Ubuntu-specific pieces.
  • Device support has been enhanced. This makes it easier than ever to run your app on your Ubuntu phone or tablet with just a click.
  • We have looked at some of the common issues people have experienced when publishing their apps to the store and included automatic checks in the SDK to notify the developer before they submit them to the store. This will speed up the submissions process.
  • Support for “fat” packages is being added. This means you can ship cross-compiled pieces with your app (e.g. a C++ plugin).
  • Last but certainly not least, we are going to be adding preliminary support for Go and QML to the Ubuntu SDK in the next month. We want our app developers to be able to harness Go and with the excellent Go/QML work Gustavo has done, we will be landing this soon.

As ever, you can download the latest Ubuntu SDK by following the instructions on Thanks to Zoltan and his team for his efforts

An awesome SDK and a fantastic platform is only as good as the people who know how to use it. With this in mind we are continuing to expand and improve to be a world-class developer portal.

With this we have many pieces coming:

  • A refinement of the navigational structure of the site to make it easier to get around for new users.
  • Our refined HTML5 support will also get full Cordova and Platform API documentation on the site. Michael Hall did a tremendous job integrating Ubuntu and upstream API docs in the same site with a single search engine.
  • A library of primers that explain how key parts of our platform work (e.g. Online Accounts, Content Hub, App Lifecycle, App Insulation etc). This will help developers understand how to utilize those parts of the platform.
  • Refining our overview pages to explain how the platform works, what is in the SDK etc.
  • A refreshed set of cookbook questions, all sourced from our standard support resource, Ask Ubuntu.
  • We will also be announcing Ubuntu Pioneers soon. I don’t want to spoil the surprise, so more on this later.

Thanks to David, Michael, and Kyle on my team for all of their wonderful efforts here.

Desktop Integration

In the Ubuntu 14.04 cycle we are also making some enhancements to how Ubuntu SDK apps can run on the desktop.

As many of you will know we are planning on shipping a preview session of Unity8 running on Mir. This means that you can open Unity8 from the normal Ubuntu login screen so you can play with it and test it. This will not look like the desktop; that work is on-going to converge Unity 8 into the desktop form-factor and will come later. It will however provide a base in which developers can try the new codebase and hack on it to converge it to the desktop more quickly. We are refreshing our Unity8 developer docs to make this on-ramp easier.

We are also going to make some changes to make running Ubuntu SDK apps on Unity 7 more comfortable. This will include things such as displaying scrollbars, right-click menus etc. More on this will be confirmed as we get closer to release.

All in all, lots of exciting work going on. We are at the beginning of a new revolution in Ubuntu where beautifully designed, integrated, and powerful apps can drive a new generation of Ubuntu, all build on the principles of Open Source, collaboration, and community.

Categories: LUG Community Blogs

Mick Morgan: checking client-side ssl/tls

Planet ALUG - Wed, 12/02/2014 - 21:06

At the tail end of last year I mentioned a couple of tools I had used in my testing of SSL/TLS certificates used for trivia itself and my mail server. However, that post concentrated on the server side certificates and ignored the security, or otherwise, offered by the browser’s configuration. It is important to know the client side capability because without proper support there for the more secure ciphers it is pointless the server offering them in the handshake – the client-server interaction will simply negotiate downwards until both sides reach agreement on a capability. That capability may be sub-optimal.

A recent post to the Tor stackexchange site posed a question about the client side security offered by the TorBrowser Bundle v. 3.5 (which uses Firefox). The questioner had used the “howsmyssl” site to check the cipher suites which would be used by firefox in a TLS/SSL exchange and been disturbed to discover that it reportedly offered an insecure cipher (SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA). Sam Whited responded with a pointer to his blog post about improving FF’s use of TLS.

From that post, it appears that TLS 1.1 and 1.2 were off by default in FF versions prior to 27. Hence they would have been off in the TorBrowser Bundle as well.

Categories: LUG Community Blogs

Mick Morgan: policy update

Planet ALUG - Wed, 12/02/2014 - 18:39

An exchange of emails with Mark over at a day or so ago made me realise that my privacy policy needed updating. Not, I hasten to add, for any fundamental reason, but simply because a couple of the references in that policy were out of date. I have therefore amended it and version 0.2.0 is now in place. As promised in the policy, this post draws attention to the changes.

The amendments I have made are as follows:

I have amended my reference to geo-locating IP addresses because I stopped using the off-site “clustrmaps” tool some time ago. I now point out that I collect aggregate IP address geo-location data incidentally through my use of Counterize. However, as I note in the policy, I may drop Counterize shortly because it is becoming a drain on the site. Unlike static web log analysis tools, Counterize runs a script in real time to update its database. That database is now getting too large for my liking and some of the (automatic) queries it runs are not well optimised. I haven’t spent any long time investigating this, largely because my MySQL DB skills are woefully inadequate, but it looks to me as if some of the fields are not properly indexed to allow fast queries.

As an aside, readers may care to note that Counterize reports that I get between 30,000 and 40,000 hits on trivia each month and the top visiting countries are: the US at 57.8%, China at 13.6%, the EU at 6.8% and the Russian Federation at 4.5%. The dear old UK is eighth at 2.4% just ahead of Canada and the Ukraine. Those stats might look odd until you realise that I have allowed Counterize to include known webcrawlers. The biggest of these of course are based in the US, but Baidu in China is not far behind in its activity.

I have changed my references to the captcha and contact forms I use on trivia because I have stopped using Mike Challis’s plugins. I did this because Mike seems to like to update his plugins every other week or so and, much as that is to be applauded if there are real gains to be made, I found the maintenance overhead to be too high for what I was getting. Stability is good too.

Incidentally, for anyone interested in FreeBSD, particularly in its use on a server running Tor, or a website it is well worth paying a visit to Mark’s blog. He writes well and it is always worth looking at alternatives to Linux.

Categories: LUG Community Blogs
Syndicate content