Happy new year, friends!
2013 was a phenomenal year for Ubuntu. It is difficult to believe that it was just a year ago today that we announced Ubuntu for phones. Since then we have built and released the first version of Ubuntu for phones complete with core apps, delivered Mir in production on the phone, built a vastly simplified and more powerful new app delivery platform complete with full security sand-boxing, created a powerful smart scopes service to bring the power of native search and online content to devices, delivered a new SDK with support for QML, HTML5, and Scopes, built an entirely new developer.ubuntu.com, created extensive CI and testing infrastructure to ensure quality as we evolve our platform, shipped two desktop releases, extended the charm store, delivered Juju Gui, spun up multiple clouds with Juju, and much more.
In terms of Ubuntu for devices, I mentally picture 2013 as the year when we put much of the core foundational pieces in place. Everything I just mentioned were all huge but significant pieces of delivering a world-class Free Software convergence platform. Building this platform is not as simple as building a sexy GUI; there is lots of complex foundational work that needs doing, and I am incredibly proud of everyone who participated in getting us to where we are today…it is a true testament of collaborative development involving many communities and contributors from around the world.
So, 2013 was an intense year with lots of work, some tough decisions, and lots of late (and sometimes stressful) nights, but it laid down the core pillars of what our future holds. But what about 2014?
This time next year we will have a single platform code-base for phone, tablet, and desktop that adapts to harness the form-factor and power of each device it runs on. This is not just the aesthetics of convergence, it is real convergence at the code level. This will be complemented by an Ubuntu SDK in which you can write an app once and deliver it to any of these devices, and an eco-system in which you can freely publish or sell apps, content, and more with a powerful set of payment tools.
These pieces will appear one phase at a time throughout 2014. We are focusing on finishing the convergent pieces on phone first, then bringing them to tablet, and then finally bringing our desktop over to the new convergent platform. Every piece of new technology that we built in 2013 will be consumed across all of these form-factors in 2014; every line of code is an investment in our future.
Even more importantly though, 2014 will be the year when we see this new era of Ubuntu convergence shipping to consumers. This will open up Ubuntu to millions of additional users, provide an opportunity for app developers to get in on the ground floor in delivering powerful apps, and build more opportunity for our community than ever before.
I wish I could tell you that 2014 is going to be more relaxing than 2013. It isn’t. It is going to be a roller-coaster. There are going to be some late nights, some stressful times, some shit-storms, and some unnecessary politics, but my goal is to help keep us working together as a community, keep us focused on the bigger picture, keep our discourse constructive, and to keep the fun in Ubuntu.
Let’s do this.
Occasionally users are unable to connect to our FreeNX server, they report an error “Startup Session Failed”. Clicking on “Detail” shows that it is unable to find the server session file.
Searching for solutions suggested a number of options, including removing the server /tmp/.X1***-lock files, or simply removing FreeNX and installing NoMachine’s NXServer instead.
In the end the solution proved remarkably simple:
On the server run:# nxserver --list NX> 100 NXSERVER - Version 1.5.0-60 OS (GPL) NX> 127 Sessions list: Display Username Remote IP Session ID ------- --------------- --------------- -------------------------------- 1001 chris 192.168.1.52 1BC6B4B9C3CF4C2B6BD7137AC7FDE5DA 1000 helen - 87443D16622EC0751551685A93DD023B 1002 michelle 192.168.1.102 DBAC430C8AA8B414A5E2228970E2BBDC NX> 999 Bye
The session with no remote IP is for a session that has not ended properly. Terminate this session and users should be able to log in once again:# nxserver --terminate helen
Update: This problem was little more complex than I at first thought, all I had really done is allow one more user to login before the issue re-occurred. You also need to check is that there are no old lock files in /tmp/.X11-unix:# cd /tmp/.X11-unix #ls -al /tmp/.X11-unix# ls -al total 316 drwxrwxrwt 2 root root 4096 2014-01-02 12:48 . drwxrwxrwt 375 root root 315392 2014-01-02 12:48 .. srwxrwxrwx 1 root root 0 2013-07-24 17:04 X0 srwxrwxrwx 1 helen helen 0 2014-01-02 10:32 X1000 srwxrwxrwx 1 chris chris 0 2014-01-02 11:42 X1001 srwxrwxrwx 1 michelle michelle 0 2014-01-02 08:52 X1002 srwxrwxrwx 1 terry terry 0 2013-09-05 15:05 X1003
Notice that there is a .X11-unix file for terry X1003, but no corresponding user shown in nxserver –list above. Remove this spurious file and it should now work.
It would also make sense to ensure that the correct /tmp/.X1***-lock files are present:# cd /tmp # ls -al | grep -i X.*-lock -rw------- 1 nx nx 0 2014-01-02 10:32 .nX1000-lock -rw------- 1 nx nx 0 2014-01-02 11:42 .nX1001-lock -rw------- 1 nx nx 0 2014-01-02 08:52 .nX1002-lock -r--r--r-- 1 helen helen 11 2014-01-02 10:32 .X1000-lock -r--r--r-- 1 chris chris 11 2014-01-02 11:42 .X1001-lock -r--r--r-- 1 michelle michelle 11 2014-01-02 08:52 .X1002-lock
You should expect to see the correct number of lock files for your user sessions, in my case these required no changes, but if there had been spurious files, removing them would seem sensible.
If this has been helpful to you, please do consider rating this post or adding a comment!
Here we are again, another year, another dissatisfying look at what options I have for local photo management.
Here’s what I do now:
The question is how to improve that experience?
I can’t run F-Spot on multiple computers because it stores its SQLite database locally and even if the database file were synced between hosts or kept on the fileserver it would still need the exact same version of F-Spot on every machine, which is not feasible — my laptop and desktop already run different releases of Ubuntu and I want to continue being able to do that.
It would be nice to be able to import photos from any machine but I can cope with it having to be done from the desktop alone. What isn’t acceptable is only being able to view them from the desktop as well. And when I say view I mean be able to search by tags and metadata, not just navigate a directory tree.
It sounds like a web application is needed, to enforce the single point of truth for tags and metadata. Are there actually any good ones that you can install yourself though? I’ve used Gallery before and was never really satisfied with ease of use or presentation.
Your-Photos-As-A-Service providers like Flickr and even to some extent Google+ and Facebook have quite nice interfaces, but I worry about spending many hours adding tags and metadata, not bothering to back it all up, and then one day the service shuts down or changes in ways I don’t like.
I’m normally quite good about backing things up but the key to backups is to make them easy and automatic. From what I can see these service providers either don’t provide a backup facility or else it’s quite inconvenient, e.g. click a bunch of times, get a zip file of everything. Ain’t nobody got time for that, as a great philosopher once wrote.
So.. yeah.. What do you do about it?
Arbitrary tweets made by TheGingerDog (i.e. David Goodwin) up to 01 January 2014
Entered monthly 10km races in Regent's Park, reducing my time from 55:07 in January 4th to 43:28 on December 1st.
Entered the Hell of Ashdown cyclosportive in sub-zero conditions for over 100 miles & 7,500 ft of elevation (actual photo).
Had my lute returned after it was damaged.
Had a time-trial bike built and raced my first triathlon, duathlon and aquathlon.
More biking, including a long ride with my brother. Also performed on the viola da gamba in Bach's St John Passion with Belsize Baroque.
Amongst more triathlon preperation, I performed in a Linden Baroque concert of Handel's Israel in Egypt.
Raced my biggest event of the year—a "Half-Ironman" triathlon—hitting my time goal.
Whilst procrastinating about writing some letters, I created a small service to send letters without a printer.
Started cooking a little more adventurously.
Performed Geminiani's arrangement of Corelli's La Folia in the Fitzwilliam Museum with Le Petit Orchestre.
Ramped up my running volume so I could go over 1000km for the year. (Strava profile)
Today I had occasion to test trivia’s page load times. I used the (admittedly fairly dated) website optimization test tool and was surprised to find that it reported that parts of the pages I tested were not compressed before delivery.
I have the default compression options set in my lighty configuration file as below:
compress.cache-dir = “/var/cache/lighttpd/compress/”
and the mod_compress server module is loaded, so I expected all the text, html and scripts loaded by my wordpress configuration to be compressed.
It turns out that in order for compression to work correctly in WordPress (or any other php based web delivery mechanism) with lighty you need to enable compression in php. In all the time I have been running trivia on my own server I hadn’t done this. The option that needs to be changed to correct this is to set:
zlib.output_compression = On
What I think I might need to work on now is the number of scripts my theme and plugins load. Counterize in particular is beginning to feel a bit sluggish. Certainly the generation of traffic reports is now quite slow and mysql is chewing up a lot of CPU. I suspect that I may need to purge the database and start afresh in the new year – or find another nice traffic analysis tool.
That’s right, it’s my end of year round up! I am running the risk that nothing significant or amazing will happen to me in the next 24 hours, I know. I’ve trawled through tweets and blogs and reminded myself of the fantastic, crazy things that have happened this year. Here are just some of them, in no particular order.
There are some things I’ve done this year that have been really, really special. But I just can’t tell you about them. Sorry! They really were among the highlights of my year though.
I’ve got a feeling that 2014 will be very special too. Have a great new year….Pin It
Every Summer, I wish for a pair of sandals that are comfortable but have some style so that they can feel a bit smart as well as casual. And I’m rubbish at finding them – I don’t really like shoe-shopping at all, which doesn’t help. Enter MOHOP sandals.
I was browsing Kickstarter projects over Christmas and came across the MOHOP sandals project. Basically, you get a pair of sandal bases, some ribbon, and some design cards. You then thread the ribbons on the bases according to the design cards (or your imagination). The bases are flexible with wooden heels and are suitable for vegans and people with a range of other ethical shopping goals (inc, if you’re from the US, made in the US).
(Although the bases shown have high heels, they’re also available as flats or different heights of heel.)
They’ve apparently been going for some time (at mohop.com and on Etsy) but were struggling to meet demand. They’re taking the Kickstarter route to fund expanding their production capabilities (inc creating local jobs).
I think the sandals are a great idea. They’re fun to look at, comfy to wear (according to the reviews), and infinitely re-designable, which appeals to my crafty side. You can thread decorations on to the ribbon or replace the ribbons completely with strips of sari, shoelaces, or anything else that occurs to you.
At the moment, the cheapest pair is $45 for a pair of flats (though there are lower-cost ‘perks’ available if you just want to contribute without buying any shoes). I’ve gone for the $100 ones that have low heels. They’re looking for $50,000 of funding by the 25th January so that they can open their new production place. They’ve got some way to go yet so if you like the look of them, consider supporting this cool idea!
Here’s their video about manufacturing their shoes:
This week my small collection of sysadmin tools received a lot of attention; I've no idea what triggered it, but it ended up on the front-page of github as a "trending repository".
Otherwise I've recently spent some time "playing about" with some security stuff. My first recent report wasn't deemed worthy of a security update, but it was still a fun one. From the package description rush is described as:
GNU Rush is a restricted shell designed for sites providing only limited access to resources for remote users. The main binary executable is configurable as a user login shell, intended for users that only are allowed remote login to the system at hand.
As the description says this is primarily intended for use by remote users, but if it is installed locally you can read "any file" on the local system.
How? Well the program is setuid(root) and allows you to specify an arbitrary configuration file as input. The very very first thing I tried to do with this program was feed it an invalid and unreadable-to-me configuration file.
Helpfully there is a debugging option you can add --lint to help you setup the software. Using it is as simple as:shelob ~ $ rush --lint /etc/shadow rush: Info: /etc/shadow:1: unknown statement: root:$6$zwJQWKVo$ofoV2xwfsff...Mxo/:15884:0:99999:7::: rush: Info: /etc/shadow:2: unknown statement: daemon:*:15884:0:99999:7::: rush: Info: /etc/shadow:3: unknown statement: bin:*:15884:0:99999:7::: rush: Info: /etc/shadow:4: unknown statement: sys:*:15884:0:99999:7::: ..
The only mitigating factor here is that only the first token on the line is reported - In this case we've exposed /etc/shadow which doesn't contain whitespace for the interesting users, so it's enough to start cracking those password hashes.
If you maintain a setuid binary you must be trying things like this.
If you maintain a setuid binary you must be confident in the codebase.
People will be happy to stress-test, audit, examine, and help you - just ask.
Simple security issues like this are frankly embarassing.
Just a quick note to say our November meeting will be on Wednesday night at 7.30pm, usual place the Courtyard in Hereford on the mezzanine floor.
If you attended our Software Freedom Day event, please feel to come along on Wednesday
The meeting will start at 7:30pm as usual.
Items to discuss :-
Just a quick note to say our October meeting will be on Wednesday night at 7.30pm, usual place the Courtyard in Hereford on the mezzanine floor.
If you attended our Software Freedom Day event in September, please feel to come along on Wednesday.
The meeting will start at 7:30pm as usual. I've been out of the loop a bit recently, with family issues to deal with, so haven't had any opportunity to get any agenda planned.