UK Linux User Groups

Heheh yellow snow #infanthumour RT @metofficeSEEng: Yellow Alert of Snow for London & South East England : Wed 13 Mar bit.ly/14JhoJ1

I've been a fan of nullmailer for some years now, so much so that I took ownership of the nullmailer package for Arch Linux.

> nullmailer is a sendmail/qmail/etc replacement MTA for hosts which > relay to a fixed set of smart relays. It is designed to be simple to > configure, secure, and easily extendable.

The other advantage nullmailer has compared to similar tools is that is queues email until it is able to deliver it upstream.

Install nullmailer as follows.

packer -S --noedit --noconfirm nullmailer

Configuring nullmailer to relay via Gmail can be achieved using SMTPS or MSA. nullmailer has had these capabilies since 1.10. The following provides some useful clues /usr/lib/nullmailer/smtp --help.

While these examples are specific to relaying via Gmail, you can sse it is trivial to adapt them to any other mail host.

Relay via Gmail using MSA

Add to following to /etc/nullmailer/remotes. I prefer this technique.

smtp.gmail.com smtp --port=587 --auth-login --user=you@gmail.com --pass=Yourpassword --starttls Relay via Gmail using SMTPS

Add to following to /etc/nullmailer/remotes.

smtp.gmail.com smtp --port=465 --auth-login --user=you@gmail.com --pass=Yourpassword --ssl

Once you've got /etc/nullmailer/remotes configured start the nullmailer service.

sudo systemctl start nullmailer

To test nullmailer can relay email correctly do the following.

echo "Test 1" | mailx -s "Test One" me@example.org

You can see what nullmailer is up to by checking the systemd journal or syslog (if you've syslog enabled systemd). This is how to get the logs from the systemd journal.

journalctl _SYSTEMD_UNIT=nullmailer.service

Or via syslog.

sudo grep nullmailer /var/log/daemon.log

When you're happy nullmailer is working enable the systemd unit.

sudo systemctl enable nullmailer

Email will now flow as required.

Jetlazzzzzzzzzzzzzzzzzz

Dear @HBO: please let me give you money (say ~ £30) for digital Game of Thrones. I don’t want physical media. I want to watch on TV & iPad.

Start: 2013-03-09 11:00 End: 2013-03-09 17:00

This month we are at LiNCORE offices (part of the ReigateHub) in Reigate on 9th March. Our thanks go to Jay Bennie for hosting us.

Bring a 'box', bring a notebook/netbook, bring anything that might run Linux, or just bring yourself and enjoy socialising, learning, teaching or simply chilling out!

New members are very welcome. We're not a cliquey bunch, so you won't feel out of place! Usually between 15 and 30 people come along.

While migrating one of my VPS servers to Arch Linux I deployed Uncomplicated Firewall (UFW) to handle basic firewalling duties. I like ufw as it provides simple host-based firewall management and, in my opinion, one of the better projects to come out of the Ubuntu camp.

Install ufw as follows.

sudo pacman -Syy -noconfirm --needed ufw

Configuring ufw is simple but make sure you have console access to the host you are configuring just in case you lock yourself out.

NOTE! When enabling ufw the chains are flushed and connections may be dropped. You can add rules to the firewall before enabling it however, so if you are testing ufw on a remote machine it is recommended you perform...

ufw allow ssh/tcp

...before running sudo ufw enable. Once the firewall is enabled, adding and removing rules will not flush the firewall, although modifying an existing rule will.

Set the default behaviour to deny all incoming connections.

sudo ufw default deny

Open up TCP port 22 but with rate limiting enabled which will deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. Ideal for protecting sshd but you should conisder other SSH brute force defense techniques as well.

sudo ufw limit tcp/22

I'm hosting a few websites on my VPS so I open http and https.

sudo ufw allow 80/tcp sudo ufw allow 443/tcp

I have a static IP address at home so I allow unfiltered access to the VPS from that IP. I've used a bogus IP address in the example below.

sudo ufw allow from 10.0.0.0/32

Enable the ufw systemd unit.

sudo systemctl enable ufw sudo systemctl start ufw

However, ufw is not enabled at this point. To enable the firewall you also have to do the following.

sudo ufw enable

You can see the status of the firewall using sudo ufw status.

On low-end servers it might be beneficial to disable logging.

sudo ufw logging off

At this point you should have a basic firewall configured and ufw help or the references below will assist you.

References

• https://wiki.archlinux.org/index.php/Uncomplicated_Firewall
• https://wiki.ubuntu.com/UncomplicatedFirewall
• https://launchpad.net/ufw

Impatient to get home! (@ Gate E20) 4sq.com/ZmKrPo

Collective Motion of Moshers at Heavy Metal Concerts. I love that this exists. j.mp/XY4ZAY via Danny Yee’s blog.

I've decide to migrate one of my servers to Arch Linux. I'm not sure that a rolling release distro really suits servers but I've enjoyed using Arch Linux over the last year on my workstations and the only way to assess it's suitability on a server is to try it. So, I've decide to migrate my blog to an Arch Linux server.

This blog post describes how to install Nikola on Arch Linux. Nikola is a static site and blog generator written in Python that I've been using for a few months.

First you'll need Python and virtualenvwrapper so read my Python and virtualenv on Arch Linux and Ubuntu blog post and get yourself equiped.

Install the Nikola 5.4.2 dependencies.

sudo pacman -S --noconfirm --needed freetype2 libxslt libxml2 sudo packer -S --noconfirm --noedit libjpeg6

Create a virtualenv for Nikola.

mkvirtualenv -p python2.7 --use-distribute nikola-542

You will notice your shell prompt has changed to indicate that the nikola-542 virtualenv is now active. Install Nikola and the optional libraries I use.

pip install http://nikola-generator.googlecode.com/files/nikola-5.4.2.zip pip install bbcode markdown requests webassets peewee feedparser

Nikola is now installed. nikola help and the Nikola Handbook will assist you from here on.

#cmobff cmo of geometrixx is concerned? She may be fictional but the awesome charting demo is very real. #adobesummit

#sweetemotion because the world needs more spider charts.
Love the animated rainbow flower though.

#ontheedge #adobesummit here comes responsive design with edge reflow. About a dozen clicks to mobilise a website. Magic from @keepthebyte

#adobesummit are showing sneaks – previews of possible new features and functionality. Also running a tweet contest real time. Very cool.

Recently there has been some fire flowing about Canonical in the community. These concerns started off as sporadic at first and then we saw a small blog avalanche (blogalanche, if you will) as a number of folks piled onto the ride.

I feel somewhat trapped in the middle of all of this. On one hand I work at Canonical and I believe Canonical are acting in the honorable interests of Ubuntu in helping to build a competitive and forward-looking Free Software platform, but I also feel a sense of personal responsibility when I see unhappy members of our community who are concerned with different aspects of how Canonical engages. Essentially, I sympathize with both sides of this debate; both have the best interests at heart for Ubuntu.

From my perspective there is a balance that needs to be struck. Our community needs to be transparent and open, but also nimble to react to opportunities (such as the convergence story), but also Canonical play an important role in helping us to drive Ubuntu to the masses. We need to be able to work in a way that maintains our Ubuntu values but also gives Canonical the opportunity to get our platform out to the market effectively to reach these users.

I believe one cannot exist without the other; Canonical cannot deliver this vision without our community and Ubuntu would be significantly debilitated if there was no Canonical providing staff, resources, and other investment into Ubuntu. Canonical is not evil, and the community is not entitled; we all just need to step back and find some common ground and remember that we are all in the circle of friends.

This symbol is as potent to me as it was back in 2004.

When I got interested in Linux back in 1998 and wanted to make it my career, my primary motivation was to bring freedom of technology to everyone. This is what attracted me to Ubuntu and ultimately working at Canonical. I don’t want to be rude to other distros who are quite happy within their remit of making a great OS for Linux enthusiasts, but I frankly don’t want to settle for that. I want Ubuntu to be the choice for Linux enthusiasts, but for us to not stop there and also bring Free Software to people who have not yet been blessed by it, and who may be new to technology and the opportunities it provides.

Achieving that goal is not just as simple as making the source code available for the platform and setting up a bunch of mailing lists. It means delivering simple and elegant user experiences built for the needs of our users, consistent and beautiful design, professional-grade quality, strong hardware and software partner relationships, certification across a range of hardware profiles, training, responsive security, diverse marketing and advocacy campaigns, and many other areas. Both Canonical and the community contribute extensively to provide these things that we need to get over that chasm, and importantly, each provides things that the other cannot.

It turns out that building this simple, ubiquitous Free Software experience for everyone is hard. We can’t just settle for the tried and tested approach of pulling the latest upstream software and integrating it into a single Operating System. That is tough, intensive and grueling work in itself, but to achieve the goals I mentioned above we need to be constantly challenging ourselves to innovate and go faster in how we deliver this innovation to our users. We need to always challenge the status quo…not for the sake of being different, but for the sake of not restricting ourselves to tradition and instead helping us to be better at what we do, and ultimately achieve our goals of getting Ubuntu into the hands of more people.

We saw this challenge with Unity: that was a tough, but necessary decision. While we suffered over the firestorm around Unity, I think it ultimately put us in a better position, and now we have a single convergent user interface that spans across multiple devices and we will soon have a single convergent Unity code-base across these devices too. In an era where desktop shipments are down due to the impact of phones and tablets, we are no longer trapped in a form factor that has had a decreasing scope of opportunity for us; the desktop is just one part of our wider convergence vision. This opens up the market for Ubuntu and the Free Software and Open Source values we encompass. While some people in some comment boxes will still bring the hate about Unity, I think that overall it has put us in a position to get Free Software in the hands of more people than if we didn’t make that difficult decision, and the sheer level of interest in Ubuntu for the phone, tablet, TV, and desktop is testament to that.

Put it in my pocket, on my lap, on my desktop, and hang it on my wall.

While making tough decisions is important, it is also important that we maintain our Ubuntu values too. One core value is that our platform and community are open for discussion and participation, so everyone is welcome to help put their brick in the wall. Our archive has long been open and there are many ways to contribute, and while some of these projects were secret before-hand, now everything is out in the open and available for participation. Some may disagree with the rationale of keeping things private, but particularly in the case of Phone and Tablet, the “big-reveal” helped us to have a big splash and generate more press interest and partner inquiries, and thus help us along to our vision.

Importantly though, we made the source and community on-ramp available as soon as we feasibly could. The code for Unity, Ubuntu Touch, and Mir is publicly available, and we are eager to invite people to join and shape those projects. This week we also ran our very first online UDS, with the goal of making the Ubuntu planning process as open and accessible to all as possible, not just those who could travel, and on a more regular cadence. All of the videos, notes and blueprints from that event are archived here. I am confident for the next event we will have an even smoother, better-run UDS, with even more participation.

We are now in a position with a clearly articulated vision around convergence and cloud orchestration, full source availability, daily builds of images, and public mailing lists and IRC channels to have those conversations. Everything is available in public blueprints and tracked at status.ubuntu.com, and we have many outreach campaigns to help our community participate in this vision, such as the core apps project, port-o-thon, regular cadance testing, charm quality improvements, SDK participation, and other areas. Our community should expect our projects to be open, accessible and collaborative, and if they are not, please raise your concerns with the Canonical engineering managers, or talk to me either publicly on my weekly Q&A video hangout at 7pm UTC every Wednesday on Ubuntu On Air, or privately at jono@ubuntu.com, or by contacting me on Freenode IRC – my nick is jono. My door is always open.

Things are never perfect in a community, and I am not suggesting we are perfect either, but I believe we are at the cusp of an incredible opportunity to get Free Software and open technology into the hands of the masses, not just by wishing it to be true, but because there is genuine market opportunity for it to be true.

Post LTS.  You start a rolling release. This gets all the goodness in that you want.  6 months in you take a fortnight out. Week one stabilize, week two ISO testing.  The resulting ISO is then supported with security back ports for the next 6 months till the next ISO is stabilized and so on till you get to the 6 months for the next lts.  Here you go back to the more tried and tested release method so this release is solid, stable and ready for the next 5 years.

This I think gives users a regular cadence they are used to. Gives people like system 76 a regular OEM install it has security back ports from the continuing rolling release.  It gives app devs a set of libs for 6 months that won't change.  And means there is only a fortnight slow down for the devs.

Plus the community driven derivatives can continue to use their current 6 monthly cadence. Everyone is happy :-)

I’m in @paolomoz‘ lab on Experience Driven Commerce at #adobesummit. Impressive to see 50 people build a CQ5.6 eCommerce site from scratch!

Great session by @rogerjwoods & @Danalytix at #adobesummit on analytics & targeting on mobile. Easy as baking a cake! developer.omniture.com