Linux

Launchpad News: Launchpad news, May 2018

Planet Ubuntu - Sat, 06/02/2018 - 13:44

Here’s a brief changelog for this month.

Build farm
  • Send fast_cleanup: True to virtualised builds, since they can safely skip the final cleanup steps
Code
  • Add spam controls to code review comments (#1680746)
  • Only consider the most recent nine successful builds when estimating recipe build durations (#1770121)
  • Make updated code import emails more informative
Infrastructure
  • Upgrade to Twisted 17.9.0
  • Get the test suite passing on Ubuntu 18.04 LTS
  • Allow admins to configure users such that unsigned email from them will be rejected, as a spam defence (#1714967)
Snappy
  • Prune old snap files that have been uploaded to the store; this cleaned up about 5TB of librarian space
  • Make the snap store client cope with a few more edge cases (#1766911)
  • Allow branches in snap store channel names (#1754405)
Soyuz (package management)
  • Add DistroArchSeries.setChrootFromBuild, allowing setting a chroot from a file produced by a live filesystem build
  • Disambiguate URLs to source package files in the face of filename clashes in imported archives
  • Optimise SourcePackagePublishingHistory:+listing-archive-extra (#1769979)
Miscellaneous
  • Disable purchasing of new commercial subscriptions; existing customers have been contacted, and people with questions about this can contact Canonical support
  • Various minor revisions to the terms of service from Canonical’s legal department, and a clearer data privacy policy
Categories: Linux

Costales: Podcast Ubuntu y otras hierbas S02E07: iPads y Chromebooks en colegios y aplicaciones Android en Ubuntu Phone

Planet Ubuntu - Sat, 06/02/2018 - 07:29
En esta ocasión, Francisco MolineroFrancisco Javier Teruelo y Marcos Costales, charlamos sobre los siguientes temas:

  • La adopción de iPads y Chromebooks en educación.
  • Qué supondrá poder ejecutar aplicaciones Android en Ubuntu Phone.

Capítulo 7º de la segunda temporada
El podcast esta disponible para escuchar en:
Categories: Linux

Ubuntu Podcast from the UK LoCo: S11E13 – Thirteen Reasons Why - Ubuntu Podcast

Planet Ubuntu - Thu, 05/31/2018 - 08:00

This week we’ve been to Devon and built a 3D printer. The FBI tells everyone to reboot your routers, PUBG sues Fortnite, GDPR happened, the Mosquitto project gets sponsorship and we round up the community news.

It’s Season 11 Episode 13 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Categories: Linux

Andres Rodriguez: MAAS 2.4.0 (final) released!

Planet Ubuntu - Wed, 05/30/2018 - 12:05
Hello MAASters! I’m happy to announce that MAAS 2.4.0 (final) is now available! This new MAAS release introduces a set of exciting features and improvements that improve performance, stability and usability of MAAS. MAAS 2.4.0 will be immediately available in the PPA, but it is in the process of being SRU’d into Ubuntu Bionic. PPA’s Availability MAAS 2.4.0 is currently available for Ubuntu Bionic in ppa:maas/stable for the coming week. sudo add-apt-repository ppa:maas/stable
sudo apt-get update
sudo apt-get install maas
What’s new? Most notable MAAS 2.4.0 changes include:
  • Performance improvements across the backend & UI.
  • KVM pod support for storage pools (over API).
  • DNS UI to manage resource records.
  • Audit Logging
  • Machine locking
  • Expanded commissioning script support for firmware upgrades & HBA changes.
  • NTP services now provided with Chrony.
For the full list of features & changes, please refer to the release notes: https://docs.maas.io/2.4/en/release-notes
Categories: Linux

Mythbuntu: 18.04 Upgrades

Planet Ubuntu - Tue, 05/29/2018 - 13:15
While Mythbuntu as a separate Ubuntu flavor ceases to exist. Many people continue to use our packaging and have asked questions about 18.04. This page attempts to answer some of these questions.
  • What happens if I upgrade to 18.04?
    • We've always recommended a backup and clean install for upgrades, but if you do this everything should continue functioning. You will need to reenable the MythTV Updates repositories
  • How do I upgrade to 18.04?
    • We've always recommended a backup and clean install when moving to a new version of the underlying OS (such as 18.04) and continue to recommend this. If you still want to attempt the upgrade, you can follow the steps here
  • Where can I get support?
    • Support can be attained from numerous locations. Check our support page for more info.
  • Where can I get updated MythTV packages?
  • I found a bug. Where should I report this?
    • Bugs should be filed upstream with MythTV. See our support page for more info
Categories: Linux

Mythbuntu: Mythbuntu: So Long and Thanks for All the Fish

Planet Ubuntu - Tue, 05/29/2018 - 12:44
It's been a long and fun ride from 7.10, but it's time to turn in our badge.
What is happening?
Mythbuntu as a separate distribution will cease to exist. We will take the necessary steps to pull Mythbuntu specific packages from the repositories (17.04 and later) unless someone steps up to take these packages over. MythTV packages in the official repositories and the Mythbuntu PPA will continue to be available and updated at their current rate.

Why is this happening?Mythbuntu is a necessary distribution for easing some of the setup of MythTV, however through attrition we have dwidled from a team of ten down to two developers doing all of the work. Although we have automated as much as we can, the effort to both fix issues that pop up from underlying changes and release an ISO is more than the team can support in our free time.
What does this mean for users?MythTV will continue to be available from the repositories just like any other package. 
For users wanting to install new installations, there will no longer be an ISO, the mythbuntu-desktop package, nor the Mythbuntu-Control-Centre. We recommend installing a slim distro (perhaps Xubuntu), add the Mythbuntu Repos, and install and configure MythTV from there.
For users looking for up to date versions of MythTV, we will continue to provide these updates through our PPA.
Special Thanksbendaily - Administration, domain, DNSdaviey - Co-founder, hosted mythbuntu in the early days, helped write the build scripts, packagingdavemorris - user supportfoxbuntu - Theme worklaga - Did all of the work on LTSPmajoridiot - Did much of the early firewire work for cable boxesmrandr - testing, bug fixingrhpot1991 - mythexport superm1 - Co-founder, built MCC, build scripts, packaging, and a lot of other stuff that I can't mention in one line.tgm4883 - Theme work, mythbuntu-repos code, mythbuntu-log-grabber, mythbuntu-bare, release stufftroy_s - Did a lot of the theme work, giving us the more modern black themeUpstream MythTV DevelopersUbuntu archive and release managers
What will we do now?Mostly life. We all have other projects we are interested in and we'll continue to be around the Ubuntu community. We will also continue to provide the deb packages via our PPA and will continue working on snap packages. Our time has just been spread so thin for so long that something had to give.
Where we go from there is a choice I leave to you.
Categories: Linux

Mythbuntu: Mythbuntu 16.04 Released

Planet Ubuntu - Tue, 05/29/2018 - 12:29
CORRECTION 2016.04.23 - It was previously stated that 16.04 is a point release to 14.04. This was due to a silly copy&paste issue from our previous release statement for 14.04. The Mythbuntu 16.04 release is a flavor of Ubuntu 16.04. We're sorry for any confusion this has caused.
Mythbuntu 16.04 has been released. This is our third LTS release and will be supported until shortly after the 18.04 release.The Mythbuntu team would like to thank our ISO testers for helping find critical bugs before release. You guys rock!With this release, we are providing torrents only. It is very important to note that this release is only compatible with MythTV 0.28 systems. The MythTV component of previous Mythbuntu releases can be be upgraded to a compatible MythTV version by using the Mythbuntu Repos. For a more detailed explanation, see here.You can get the Mythbuntu ISO from our downloads page.HighlightsUnderlying system
  • Underlying Ubuntu updates are found here
MythTVWe appreciated all comments and would love to hear what you think. Please make comments to our mailing list, on the forums (with a tag indicating that this is from 16.04 or xenial), or in #ubuntu-mythtv on Freenode. As previously, if you encounter any issues with anything in this release, please file a bug using the Ubuntu bug tool (ubuntu-bug PACKAGENAME) which automatically collects logs and other important system information, or if that is not possible, directly open a ticket on Launchpad (http://bugs.launchpad.net/mythbuntu/16.04/).
Upgrade NodesIf you have enabled the mysql tweaks in the Mythbuntu Control Center these will need to be disabled prior to upgrading. Once upgraded, these can be reenabled.Known issues
Categories: Linux

Marco Trevisan (Treviño): What’s that (gitlab) BOT?

Planet Ubuntu - Tue, 05/29/2018 - 09:32

Since some time in both some freenode ubuntu-related and gnome channels, people might have been bothered (or not :)), but the presence of this IRC bot (named ubot5-ng in freenode):

Since people asked, as I’ve set in the /whois, I’m the man behind it, and it’s actually running for some time from a snap inside a cloud instance I manage and hosted by Canonical.

This was just a quick-hack (so take it as it is) I did as I was annoyed by  not to getting the bug infos when linking the the always increasing references to GNOME or Debian projects. The source-code is here, while configuration files (can provide samples if curious) are just enabling the minimum necessary for having this joining the channels and disabling all the other plugins.

However, it currently supports parsing issues and merge proposals for Github and various Gitlab instances (gitlab itself, GNOME, and Debian Salsa)

Yeah, I know:

  • There are other bot options, but I just wanted to hack something quickly
  • It should be moved to git, cleaned up removing the unused bugzilla stuff
  • Supybot should be replaced with its new fork Limonria
  • I should host the code in a GNOME gitlab project together with the configuration (without the API tokens, of course)
  • Jonas asked for colors

I’ll probably do this once I’ve some free time (hard to find, in between my travels), but in the mean time, in case this bothers you, let me know, if instead want it to join other channels, tell me too

Categories: Linux

The Fridge: Ubuntu Weekly Newsletter Issue 529

Planet Ubuntu - Mon, 05/28/2018 - 12:06

Welcome to the Ubuntu Weekly Newsletter, Issue 529 for the week of May 20 – 26, 2018. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Wild Man
  • Chris Guiver
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Categories: Linux

Stephen Michael Kellat: Memorial Day Weekend 2018

Planet Ubuntu - Sun, 05/27/2018 - 17:32

What is new in Ashtabula?

Systems
  • Ripped out the packaged TeX Live 2017 and installed a vanilla Tex Live 2018 on my Xubuntu 18.04 system
  • Left documentation of my vanilla TeX Live 2018 integration effort at https://github.com/skellat/texlive2018-meta
  • Updated the main website at http://erielookingproductions.info and realized that there probably are no GDPR implications for a static site since it does not collect anything and I am the only one with anything to delete
Work
  • The job continues although the CEO has issued orders about accelerating firings
  • Our mainframe computer system collapsed entirely on April 17th and we risk another collapse
  • A possible Reduction-In-Force looms
F/LOSS Participation
  • Still on hold due to the vagaries of my job plus the utter unpredictability of the CEO at work
  • I keep hitting renew on Xubuntu Documentation even though I haven't submitted anything in a while
  • Eventually I will be back but I have things to resolve with the crazy job
Coming Events
  • Atlantic Hurricane Season apparently started early with Subtropical Storm Alberto
  • I will be leading activities at a local nursing home to recognize Memorial Day on Monday
  • RiffTrax Live: Space Mutiny is coming up in mid-June and I may go see that
Categories: Linux

David Tomaschik: Hacker Summer Camp 2018: Prep Guide

Planet Ubuntu - Sat, 05/26/2018 - 01:00

For those unfamiliar with the term, Hacker Summer Camp is the combination of DEF CON, Black Hat USA, and BSides Las Vegas that takes place in the hot Las Vegas sun every summer, along with all the associated parties and side events. It’s the largest gathering of hackers, information security professionals and enthusiasts, and has been growing for 25 years. In this post, I’ll present my views on how to get the most out of your 2018 trip to the desert, along with tips & points from some of my friends.

The Panel

Because not everyone enjoys everything the same way, I’ve asked a few of my friends to chime in for this blog post as well. Some are new to the field, and others have been around a lot longer than myself. These are itsc0rg1, illusorycake, dissect0r, fadec0d3, and Anonymous.

The Events

There are 3 main events: DEF CON, Black Hat, and BSides Las Vegas (BSides LV). Along with this, there are dozens of parties (corporate sponsors, DEF CON local groups, etc.) and a number of smaller events like QueerCon and the Diana Initiative.

As in year’s past, Black Hat begins the week with Trainings Saturday-Tuesday and Briefings on Wednesday and Thursday. DEF CON follows up with DC 101 talks on Thursday, and all the events are open Friday-Sunday. BSidesLV overlaps with Black Hat on Tuesday and Wednesday. This means you can’t realistically do all 3 cons – I’ve tried, it really doesn’t work. The closest might be doing BSidesLV on Tuesday, Black Hat Briefings Wednesday and Thursday, then DEF CON Friday through Sunday. It works on paper, but unless you have way more energy than I do, it’ll get you burned out pretty quickly.

DEF CON

DEF CON is the largest and original of the 3 conferences. Founded in 1993, it is one of the longest running Hacker/Computer Security conferences, drawing an estimated 25,000 attendees for DEF CON 25 in 2017. It’s widely speculated that this year’s attendance will hit 30,000, so be ready to meet some new friends. Introverts and those whose dislike crowds will want to make sure to be prepared to take breaks from the masses at DEF CON.

In case you missed the big announcement, DEF CON will be spread across two hotels this year: Caesar’s Palace and the Flamingo. I’m excited about this change, but it does mean more time out in the Las Vegas sun. This seems to be due to the continued growth of the DEF CON “Village” concept, which is very exciting to me – it gives more space for the niche interests within the hacker subculture to come together and explore their specific topics in more depth.

DEF CON Villages are topic-specific areas with presentations and hands-on activities for a small subarea/niche of the larger hacker/security community, like lockpicking or IoT security. If you’re into one of these areas (or want to explore it), the Villages are a great opportunity. Unlike main track talks, Village speakers will often hang around after their talk slot to talk to attendees, so you might get some opportunities to dig into their knowledge. If you’re really into their area of research, offer to buy them a drink – that’s a great way to show appreciation for them sharing their knowledge!

DEF CON has earned the nickname “line con” among some attendees, as it seems like there’s a line for everything. Want to attend a talk? Line up an hour before. Want to get into a village when it opens? Better be lined up. Want to get your badge early on Thursday? Try lining up at 1AM. That being said, you don’t have to do things this way. The talks will end up on YouTube (or buy them even sooner) or you can always hang out in someone’s hotel room and watch them over the hotel cable. Villages are generally accessible if you don’t go first thing.

DEF CON is the most “hacker culture” of the conferences – lots of hackers, very casual, no corporate sponsors. (This also means no free swag, so you might want to check out Black Hat if you’re looking for the free stuff.) DEF CON does have a fairly decent vendor floor – note that these are not vendors of security snake oil, but vendors of cool hacker stuff to sell right there at the conference. (Including a lot of hacker shirts.)

Black Hat Briefings

Black Hat involves both the “Briefings” (talks) and the “Trainings.” Black Hat trainings are generally very high quality, and the ticket price shows it. The briefings are also high quality, but will also eventually end up on YouTube. As a general rule, those attending either briefings or trainings are getting their pass paid for by their employer or self-employed and able to deduct the expense.

Here you’ll find far more attendees in polos or button-up shirts and khakis than in the black t-shirt and jeans of DEF CON. You’ll also find the occasional suit, which I really don’t understand in the Las Vegas heat.

Black Hat has a much larger vendor area than DEF CON, but in this case, I do mean vendors to sell you security snake oil. Every IDS, endpoint security solution, consultancy, and magic appliance vendor will be there. Some of them will have free things for you. Some of them will not. Such is life.

BSides Las Vegas

BSides Las Vegas is a smaller conference (just a few hundred people) and runs more or less in parallel to Black Hat Briefings. BSidesLV was the first BSides security conference, intended to be the “B-Side” to Black Hat. It’s a great option for those looking for more of a community feel or not wanting to pay for a Black Hat pass.

BSides is small, but still has a lot of high-quality talks. Many of them will also be presented at one of the other conferences, but will give you a chance to be up close with the speakers.

BSides is also home to my favorite educational CTF: Pros vs Joes. It’s a great CTF designed to give players hands on experience with a variety of tools and techniques, and provide an opportunity to do things they might not have done before.

Ask the Panel: DEF CON, BSides Las Vegas, Black Hat: pick one. Why?

Matir: Hands down DEF CON. It’s one of the few opportunities I get where I feel comfortable being myself and even talking to strangers. There’s a sense of belonging with many of the other attendees, and it’s amazing how passionate everyone is about what they’re working on. Of the three, it’s the one I feel most embodies the hacker spirit and culture.

fadec0d3: Both DEF CON and BSides for the culture.

illusorycake: BSides Las Vegas because it seems easier to get into the interactional aspects of it due to the smaller crowd. DEF CON is a hell of a fun experience but it seems a bit more difficult to understand what all is there to interact with. I stumbled upon really neat stuff both years I’ve been to DEF CON though, so if you can swing both BSides and DEF CON, I’d recommend it. I’ve been to Black Hat once and didn’t really feel compelled to go again.

itsc0rg1: Defcon, I love the villages and the interactions.

dissect0r: I think they all have their pros and cons, and I know many folks that like to do more than one every year. Based on work schedules, etc., I tend to always shoot for DEF CON, but I should mention that I like DEF CON more for catching up with friends and colleagues than solely for the content of the conference talks/tracks. I also think that DEF CON has more variety overall when it comes to topics, vendors, events, and personalities.

Anonymous: DEF CON. Black Hat is too corporate (and pricey) for my tastes, and while BSidesLV can be fun due to its size, DEF CON is just something that everyone should experience, imo. It can be huge and overwhelming but also small and fun.

Travel Logistics

If you haven’t already booked your hotel and airfare, there’s no time like the present. Rooms at Caesar’s Palace have dramatically increased in price. The other properties in the area still have decent availability. If you don’t want to pay Caesar’s pricing, Flamingo is a good choice for convenience (since the conference is spreading over there). Alternatively, the rooms at Paris are quite nice, it gets you some distance from the crowds, but is still just across the street. (Though if you’ve never been to Vegas before, note that “across the street” is still likely a 15-20 minute walk from your room to the conference floor.)

I’ve had numerous debates with others about whether or not to stay at the conference hotel. (Caesar’s for DEF CON, Mandalay Bay for Black Hat, or Tuscany for BSidesLV.) I maintain that I like to be able to just drop off stuff I don’t want to carry around, take a short break at times, etc. Others feel that getting more distance between themselves and the conferences is superior. At the end of the day, it comes down to personal preference (and potentially cost, depending on the hotels you’re comparing). I put a full comparison list in my 2016 summer camp guide.

Airfare is already going up as well. Whether or not it will keep going up is a mystery (I don’t think anyone really understands airfare pricing, even the airlines) but it’s probably worth booking now. One of the nice things about Las Vegas is the number of direct flights to get there.

I like to arrive the afternoon before the first thing I’m attending, and depart the morning after the last. While that does add to the hotel stay and the amount of time I’m spending in Las Vegas, arriving the afternoon before allows me to get settled in and be ready to go in the morning, and staying until the morning after ensures I don’t have to leave early for my flight. Additionally, I’ve found it’s a great chance to have a post-con dinner or drinks with new connections (or ones I don’t get to see often enough).

What to Do

The most ubiquituous piece of advice you’ll find about attending DEF CON is to be an active participant and not just sit there and hope to have things happen by osmosis. You absolutely can go and just sit in the talks and listen. I did mostly that at my first DEF CON, and it was good – but it wasn’t great. Participating makes it great.

So what do I mean by participating? It can come in many forms:

  • Go to villages and try hands on activities (soldering, lockpicking, etc.)
  • Meet people and find out what they’re working on
  • Find a group to try one of the contests (Scavenger Hunt, Badge Challenge, etc.)

At DEF CON, in addition to the talks, you have a large number of other activities, so nobody can say there’s nothing they want to do. In fact, I never manage to get to all the things I wanted to.

  • Many Villages
    • Packet Hacking
    • Lockpicking
    • Tamper Evident
    • Crypto and Privacy
    • Wireless
    • IoT
    • Car Hacking
    • Election Hacking
      • More every year (and some I’m sure I’ve forgotten)
  • Vendors willing to take your money
  • Contests
    • Scavenger Hunt
    • Capture the Packet
    • Badge Challenge
    • Beverage Cooling Contraption
    • Hack Fortress
  • Side Events
    • DEF CON Shoot
    • Toxic BBQ
    • Drinking (who knew?)
    • Networking
    • Parties (Official & Unofficial)

I put a big emphasis on the hands on activities. I have seen people demo new tools (DEF CON demo labs), taught kids how to hack (R00tz Asylum), first learned to pick locks (Lockpicking Village), learned about network forensics (Capture the Packet), seen people hack cars (Car Hacking Village) and hacked on IoT devices and voting machines (IoT and Election Hacking villages). I meet up with people I only see once a year and share what we’re both working on, meet friends of friends, and so much more. Every year I spend every waking moment doing stuff and still wish I’d had more time at the end.

I should mention that both DEF CON and BSidesLV have talks that are not recorded: at DEF CON, these are “SkyTalks” and BSidesLV calls them “Underground.” If you see something on the schedule in those areas that interests you, you should go, as it’s likely your only chance to see the relevant talk. Don’t try to record with your phone either: I’ve seen people ejected and phones confiscated for this behavior. These talks are off the record for a reason.

What not to do!

Look, it’s pretty simple: don’t be a dumbass. Please don’t ruin things for others. (It sometimes amazes me DEF CON doesn’t get banned from hotels, but I guess for enough money, the hotels will tolerate quite a bit.) Examples of things you should not do:

  • Get alcohol poisioning and spend your con in the hospital.
  • Do grossly illegal things (Vegas has cameras, or so I hear)
  • Brag about hacks that were a crime (true or not) unless you want to chat with the feds.
  • Harass or assault anyone.

Also, please try not to argue with the DEF CON Goons or the BSidesLV Staff. Most of the time, you’ll look stupid, and they usually have a good reason for what they’re asking you to do. (Crowd control, fire code, etc.)

Ask the Panel: What’s your favorite thing about Hacker Summer Camp?

What’s your favorite thing about Hacker Summer Camp? What can you not miss or just must do?

Matir: The IoT village is one of my favorite places to hang out and meet people with similar interests. I’m also on staff for the Pros vs Joes CTF at BSides Las Vegas, so you’ll find me there during BSidesLV. I’ll also always make the Dual Core performance at DEF CON, and sometimes some of int0x80’s side performances at other events. (I don’t deny it, I’m a bit of a fanboy.)

fadec0d3: Don’t miss the workshops & villages.

itsc0rg1: Conversations / Contests.

dissect0r: I try to swing past every hacker village at least once, but usually several times. Sometimes there are unique and interesting things going on or fun people participating in the village when you least expect it. And I always bring a lot of cash for the vendor area — every year there seems to be a handful of devices that everyone wants, and sometimes stock clears out fast! I always throw down a lot of money on hardware and new gadgets or tools.

Anonymous: My favorite part is learning new things. I try to challenge myself as much as possible to learn something new every year, whether it’s soldering (DEF CON XX), a new attack technique, or starting a new programming language. In many cases it’s not something I use again, but I can at least say I’ve tried it. I absolutely can’t miss the Dual Core performance.

What to Bring

What you should or should not bring with you is also a surprisingly divisive topic. I’ll begin by admitting that I’m a bit of a pack rat and tend to bring everything I could possibly want to have with me. (Ok, maybe not quite that bad, but I still tend to bring far more than necessary.) Others prefer a much more minimalist approach. Both probably work out well for different individuals. (Or maybe I’m quite unreasonable about what I bring.)

If you want to participate in some of the hands-on activities, you may either want or need to bring more specialized equipment. For example, if you want to do hardware hacking, it might be easier to bring your own soldering iron than to try to get into the Hardware Hacking Village when you want. Perhaps you’ll bring your own lockpicks for the Lockpicking Village. (The lockpicks in the village tend to be cheap picks that end up being badly abused during the con, so this can be great if you care about working with better tools.)

Electronics

The DEF CON network is often described as “the most dangerous network in the world”. While I think this overstates the risks (by quite a bit, actually), it makes sense to take precautions and to consider the network a hostile network. (Though you really should think of any network you don’t control as a hostile network.)

Some will suggest that you leave all your electronics at home (or at least in your room) and spend your time doing things that require your in-person presence (meeting people, hands-on activities, etc.). This is not a bad idea, but I think almost everyone will end up carrying at least a cell phone with them, even if only to stay in touch with friends.

When it comes to laptops, there are two questions to be answered: will you bring one with you at all, and if so, will you carry it with you daily?

I think most will end up bringing a laptop. Some might feel comfortable bringing their everyday laptop, and I’ve done that before (after swapping out the SSD for one with an alternate image to protect my data, just in case). This year, however, I’ll be carrying a Chromebook – the Asus C302CA with Crouton installed. If all you need is internet access, a Chromebook offers the highest level of security while on a hostile network. Placing it in developer mode does reduce the security guarantees somewhat, but also allows you to run Crouton, which gives a more or less fully functional Debian Linux chroot. You can also run Debian derivatives like Kali, which is what I do, since I will use the device for CTFs and contests.

If you’re not going to participate in a contest or activity that requires the use of a laptop, I encourage you to leave it in your hotel room safe. (Yes, I acknowledge that carrying it with you is a better mitigation against evil maid attacks, but if you’re that paranoid, you’re probably already aware of that.) There’s no sense in carrying extra weight and hopefully you’ll be spending your time doing interactive things instead of staring at a laptop screen.

Once you’ve decided what you’ll bring, you should take some reasonable steps to secure your electronics.

On all devices, you should setup a VPN service (either commercial or your own) and use it at all times. I’ve used Private Internet Access when travelling, but there are a number of providers with good reputations out there. I even use it over the cellular network because of the rumors of Stingrays and Rogue Cell Towers. (Yes, if the operator of those devices has an 0-day for your baseband, you’re still screwed.) You should also ensure that all devices are using a password for login and lock after going to screensaver/sleep mode.

If you connect to the conference WiFi, connect to the “secure” DEF CON network that uses 802.1x authentication. If you’ve setup the proper certificate, this should make it very difficult for someone to create a rogue AP. This network also does not allow client-to-client traffic, so should be reasonably secure against too much malicious activity. You’ll still want to use the VPN though.

For cell phones, use a phone with the latest Android or iOS build, or bring a burner phone (i.e., one with no data that you care about). Make sure it’s fully patched before you leave home, and don’t accept updates that may appear while at con. Enable device encryption and at least a strong PIN (if not password) to unlock the screen. It is exceedingly unlikely that someone will waste an iOS or Android 0-day to pop random phones while at the conference.

For laptops, the advice is similar. You should be fully patched and enable full-disk encryption. Turn on a software firewall, dropping all incoming connections. Set a BIOS/UEFI administrator password. When it’s not in your posession, at least put it in your room safe. (This is more about theft than about hacking, but it’s a good idea either way.)

Electronic Device Checklist
  • Backup all your data
  • Try not to carry very sensitive data
  • Fully patch your OS and applications (esp. browsers)
  • Use Full-Disk Encryption
  • Enable your firewall
  • Use a VPN
  • Don’t accept updates over hostile networks
  • Don’t click past SSL warnings
  • Consider a separate hard drive or separate device
  • If you leave it unattended, leave it with a trustworthy friend or in your hotel room safe.
  • Turn off interfaces you’re not using (WiFi, Bluetooth, etc.)
Cash

While Black Hat is probably not a problem with only a credit card, DEF CON is certainly a predominantly cash economy. DEF CON badge purchase is cash only, no preregistration, the official DEF CON SWAG area is cash only, and all of the bars at the events are cash only. Most of the vendors will deal mostly in cash (some exclusively) and, of course, Las Vegas as a city still sees a ton of cash flowing through. (Please remember to tip!)

Put simply, you’ll want to bring cash with you. At an absolute minimum, DEF CON badges are $280 this year. Things can quickly add up though if you get swag, buy gadgets, drink a lot, etc. Obviously, it’s better to bring too much cash than too little, as using the ATMs on the casino floor will, at a minimum, carry a hefty fee. At worst, the ATM may be compromised or have a skimmer on it. (Again, this may be a case where DEF CON’s bark is worst than its bite, but it’s still a good idea to be safe.)

Remember that Las Vegas is basically a giant service industry, and the service industry workers expect tips. Anyone who comes into contact with your luggage, delivers something for you, brings you something, etc., is probably expecting a tip. Vegas.com offers a detailed guide.

Food and Drink

You’ll want to eat and drink. Drinking alcohol is optional, but pretty common as well. There’s a wide range of strategies on how to do this depending upon your budget and personal tastes/desires. Attendees on a tight budget can bring a lot with them (energy bars, etc.) or get food at a local grocery store, but Vegas is also home to a number of high quality restaurants, including some that are a great value.

For quick/cheap eats, there’s a number of options:

  1. Close by, both Caesars and Bally’s have food courts with a variety of typical food court fare.
  2. Shake Shack down the strip at New York New York is very popular.
  3. Fremont Street, just a little off the strip, has a number of good budget-friendly options.

Las Vegas buffets can be a good value, but they are often not cheap – you can get a lot for your money, but it’s still quite a bit more than the cheaper venues. On the other hand, buffets can be good for a group because of the sheer variety of food available. The buffet at Caesar’s (Bacchanal) is very good, but also fairly expensive – around $50/person for dinner!

At the upper end, Vegas is home to a number of Michelin Star and celebrity chef restaurants. You can find something to suit any taste. I once had a coworker suggest a restaurant to me with a several-hundred dollar tasting menu. (I’m sure it’s great, but I doubt I have the palette to appreciate it.)

While convenient, I’d skip the food lines setup in a number of the rooms at DEF CON and Black Hat. These provide low-quality food at very high prices. (Think vastly overpriced sandwiches and hot dogs.)

Regardless of how you choose to eat, you must stay hydrated. Las Vegas is both hot and dry, which makes for quick dehydration. Even being inside you may find yourself less hydrated than usual due to the dry air. Bottled water can be expensive, especially if you buy it from the hotel, so many choose to either have some delivered or refill a Camelbak or Sigg-style water bottle. You can also get bottled water at the drugstores and convenience stores on the strip for much less than the hotel will charge you.

I’ve let myself get dehydrated a few times during Hacker Summer Camp, and it really ruins things. Even once you start drinking properly, it will be a day or two before you start feeling right again. In a 4 day event, that’s a long time to feel like crap. For the shorter cons, that’s the entire con!

Speaking of drinking: a lot of drinking goes on at DEF CON, BSidesLV, and the associated parties. I’ve found a good way to help avoid a hangover is one drink (cup/glass/bottle) of water to each alcoholic drink I go through. I’m not sure if it slows my intake of alcohol or just keeps me more hydrated to avoid the hangover, but it does work.

If you’re drinking on a budget, try to get yourself invited to sponsored parties/events with open bars. I’ve also heard some people carry flasks, but I don’t know how well that works out. The bars setup within the con space are going to serve mainstream drinks for hotel prices (think $6 for Bud Light and $8 for house/well liquor). If you’re at BSidesLV or want to travel over to Tuscany, Pub 365 has a great selection (365 beers!) and is pretty reasonably priced, with many craft beers for $5-6 each. The food at Pub 365 is solid as well.

My personal favorite food and drink venues in Vegas:

  • Pub 365 at Tuscany for the Craft Beer selection, solid food, and decent atmosphere. Busy during BSidesLV, quiet the rest of the week.
  • Gordon Ramsay Pub & Grill at Caesar’s Palace has good service and excellent food. A little overpriced to go with the celebrity name, but not over the top.
  • The Buffet at Wynn for a buffet and a break from the conference hotels. On the expensive end for buffets, but the food is absolutely top notch and the pastries in the dessert section are the best.
  • Shake Shack is one of my wife’s favorites, and she introduced me to it last year. Solid burger, great shakes, and quick to boot. The burger here was better than Gordon Ramsay Burger at Planet Hollywood.
  • Carnegie Deli at the Mirage has solid deli-style food. The sandwiches are expensive for a sandwich, but big enough to split or to have for two meals. Seriously. (Even for a big guy like me!)
Other Supplies

Clothing should be pretty obvious, and you can count on August in Las Vegas being hot. Depending on which events you are attending, the social conventions of dress code may vary somewhat. For example, at both BSidesLV and DEF CON, the “norm” is a t-shirt and shorts or jeans. Black Hat will be a mix of t-shirts and polos with jeans or khakis. (And yes, some button-down shirts and suits too.) Of the three, Black Hat probably has the most information communicated by what someone is wearing. You can usually spot upper management, middle management, and engineers on sight.

If you’re planning to go to parties held at any of the Vegas clubs, you’ll probably need to plan for their dress codes. Most of the clubs will enforce their code after a certain time, and at a minimum men will want nice jeans (not torn/ripped and no shorts) and a collared shirt. I won’t begin to pretend to know enough about women’s fashion to say anything there, but just understand the clubs will be enforcing dress codes in the evenings.

On the other end of the spectrum, there are also pool parties at BSidesLV and Queercon. If you want to attend these, you should probably bring a swimsuit. Or, you know, shorts you don’t mind getting wet.

You should also bring some aspirin or ibuprofen (“Advil” or “Motrin”), I don’t suggest paracetamol (“Tylenol”) because you’ll probably be drinking a bit, and your liver won’t like the combination. (Note: I’m not a doctor and this isn’t medical advice, but you should probably keep that in mind.)

As to everyday carry, we’ve already covered the cell phone everyone will be carrying, and the water bottle everyone should be carrying. I also suggest carrying a backup USB battery (even a small one) for your phone, your cash, and hotel keycard. Some also like notebooks or other ways to take notes during talks or when meeting people.

Note that, according to the every-other-year electronic badge philosophy announced by Dark Tangent, DEF CON 26 should have an electronic badge. So if you’re into badge hacking, you might want to bring the appropriate tools. At a minimum, I’d suggest some sort of universal interface like a Bus Pirate, an FT232H breakout board, or the FTDI FT232H cable. The FTDI cable probably has the best form factor to bring with you to the con. If you’re not familiar with these tools, my IoT Hacker’s Toolkit talk from BSidesSF has more details.

Ask the Panel: What do you carry with you at the cons?

Matir: Entirely too much. I carry a cell phone, my Skeletool, cash, an Anker Powercore battery, hotel room key, a small Moleskine notebook, business cards, and a steel-barreled pen. I carry it all in a Timbuk2 backpack specifically chosen to not be too big – it forces me to make decisions about what I carry, and prevents me from just taking everything with me. This year I’ll be adding an aluminum water bottle to stay hydrated and a cooling towel to help stay cool in the Las Vegas sun. I bring enough cash for the whole week so I don’t have to deal with ATM fees or the risk of skimmers. (Las Vegas is popular for ATM skimmers, this isn’t something unique to Hacker Summer Camp.)

illusorycake: A laptop with my favorite Linux distro on it, water(s), relevant power cords, a notebook or two, a few pens, chapstick, ibuprofen, cash, ID, and all the swag I can find and fit in whatever bag I have with me. If you’re looking for a new t-shirt wardrobe, you can easily obtain it at Hacker Summer Camp. One addition I’ll be making to my bag this year is a portable soldering iron so I can solder in a peaceful place and at my own pace.

fadec0d3: Bring a (lightweight) burner laptop you’re comfortable with using.

itsC0rg1: Deodorant, a water bottle and protein bars.

dissect0r: Backpack with the necessities (laptop, chargers, lock picks, etc.), extra cash, snacks, hydration.

Anonymous: A backpack of some sort. (I’m not picky which one.) A portable computer I can wipe. (Specifically a Lenovo 11e with an upgraded SSD running Kali Linux.) A small soldering kit. A kit of electronics tools. My con phone (not so much a burner as simply a phone, like the aforementioned laptop, that I can easily wipe once home). In the hotel room, I might also have things like more electronics parts, etc. mainly in anticipation of a contest or badge that I can play around with.

Packing Checklist

This is just to get you started, and you’ll need much more, but hopefully it has some good reminders.

  • Clothes for hot Vegas days.
  • Clothes for parties in semi-hot Vegas nights.
  • Secured Cell Phone
  • (Optional, but common) Secured Laptop
  • Notebook/Pen
  • Business/Personal Cards (I have cards I give to people I meet in contexts not related to my employer.)
  • Cash for DEF CON Ticket, Drinks, Tips, Gaming, etc.
  • Deodorant
  • (Optional, but common) Tools for Hacking
  • RFID blocking sleeves
First Timers

If this happens to be your first Hacker Summer Camp, it’s pretty easy to be overwhelmed by it all. Actually, even if it’s not your first time, it’s pretty easy to be overwhelmed by it all.

If you haven’t seen it before, you might want to check out the DEF CON Documentary produced by Jason Scott (@textfiles). While it’s a very small slice of DEF CON, it’s still well produced and a very interesting watch.

3-2-1 Rule

If you attend the DEF CON 101 session, you’ll hear about the 3-2-1 rule, but I think it’s so important, that it bears repeating here. At an absolute minimum, you should get 3 hours of sleep, 2 meals, and 1 shower each day. This rule is both for your own safety and the comfort of others. (I wonder if they should add a “4” for “4 liters of water”.)

On behalf of fellow attendees, the shower is the most important part of that rule. Because of the heat and the walking, I will tend to end up taking 2 showers every day: one in the morning to wake me up, and one just before dinner, because I don’t want to smell at dinner. One of my friends said she was going to bring travel sized deodorants for other attendees, and she wasn’t kidding. Please don’t be that person. (In case you’re unaware, “body sprays” like Axe are not a deodorant. Then you just smell like sweat and cheap body spray.)

Manage Your Energy

I’ve definitely mentioned this before, but it bears repeating. Even if you’re only going to a single con of the week, it’s a long event with long days, and it’s in a hot climate. If you try to do everything, you’ll just end up feeling like crap or burning yourself out. Manage your energy as you go, and if you need to take a break, take it! I know FOMO (fear of missing out) is a thing, but if you burn yourself out too far, you’ll miss out on a lot more than a short break.

Taking a break also doesn’t mean you have to completely stop doing anything con related. There are some ways to recover your energy while still having a good time and doing things:

  • Grab a (new) friend and head to one of the quieter bars for a drink and to catch up.
  • If you’re staying onsite or at one of the other Caesar’s properties with the talks on TV, head to your room and watch a talk.
  • If you know someone from one of the groups that has a suite, head up there to hang out. They tend to be a lot quieter and more chill than the con floor.
  • If you or someone you know has brought electronic gear with them, find a quiet place to work on the electronic badge (or #badgelife).

You should also be prepared to walk a lot. I know, a lot of us hackers are far more used to sitting in front of the comforting glow of a few LCDs, but even within the hotels, you’ll be walking a lot between areas. So wear comfortable shoes and be ready for the hot Vegas sun to make you sweat, a lot.

Plan Ahead

You should do some amount of planning ahead for con. I failed miserably at this my first time, and it could have been so much better if I hadn’t.

I’m not saying you should make a minute-by-minute (or even hour-by-hour) plan. But you should have an idea of what’s available to do, what your top goals are, and what is located where.

For example, you might want to take a look at the Caesar’s property map and the conference area floor plans to get an idea of what is where and where you might be going. You can look at last year’s DEF CON Program to get an idea of how the layout might look, but DEF CON tends to reimagine how the space gets used year to year based on the evolution of the conference and the lessons learned from the previous year, so don’t count on it being the same.

Likewise, as the event and talk schedules get released, you might want to look at them and start making a list of things you “must do”. (Again, recall that talks will be placed online, so unless you feel like it’s particularly timely for you, I suggest focusing on the things you can only do “in person”.) This can be very useful for your evening plans such as parties and musical performances. You can follow @defconparties on Twitter for all the Hacker Summer Camp party information. (Don’t let the name confuse you, they cover all the parties of the week.)

Physical Safety

Keep on eye on what’s on around you. I personally find the cons to be far more safe than Vegas streets, but that’s not to say there isn’t someone who wants to take advantage of you at the cons either. Just like you should in any busy public place or major city:

  • Keep your wallet in a front pocket
  • Don’t make your electronics easy to grab
  • Don’t leave your valuables unattended even for a brief minute (better to lose your seat than to lose your electronics)
  • If somebody on the street gets into your personal space, odds are they’re up to something.
Ask the Panel: What’s one thing you wish you knew before your first DEF CON?

Matir: I should have been ready to do more than just go to talks and parties. Being ready for competitions, being ready to be more social, having a better plan. If you don’t know all the things that are going on, it’s so easy to become frozen and overwhelmed by it all.

illusorycake: I wish I had known the scope of DEF CON. There are lots of different things going on: talks, villages, smaller conferences/events that overlap DEF CON, etc. It can be overwhelming to even simply just know what is available for you to do. I recommend talking to folks who have been before and asking them questions about anything that’s confusing once you have a schedule/agenda in front of you to reference.

fadec0d3: Don’t worry about missing lectures, they’re recorded.

itsC0rg1: Taking breaks is important, crowds are a bit overwhelming.

dissect0r: I tell newcomers not to be too rigid about their scheduling expectations, don’t expect to make it to every exciting talk you want to see. Sometimes the lines are staggering, and standing room only is not always a fun way learn new things. I expect to catch some of those epic talks later online or from the recordings. Be flexible, don’t be afraid to break from your expected schedule to grab a drink with some new friends, and definitely bring some extra cash to blow on vendor wares!

Anonymous: That not sleeping is ok but you still need to sleep.

Bonus Panel Question: What’s your best Hacker Summer Camp memory?

Matir: Dual Core performing at The Summit (an EFF fundraiser party) at DEF CON 20. It was an incredible show, and I really got into it, plus the party had great people and great drinks. There are so many runners up: hanging out with one of my best friends until early in the morning, a 2nd place finish in Capture the Packet, and getting a bright red mohawk for mohawkcon.

illusorycake: Pros vs Joes at BSides Las Vegas. If you’re looking for a practical experience of what it’s like to be a security engineer, this is the CTF for you.

fadec0d3: Accidentally overloading the electronic badge which broadcast to the radio, and ripping apart someone’s phone in the name of science to pick up IR visually for the electronic badge challenge.

itsC0rg1: A Goon handing me a bunch of free stickers when I was nearly collapsed from exhaustion.

dissect0r: There are a bunch, I don’t want to limit myself to just one. Some of my fondest memories are: meeting heroes in the security space — this brings a sense of realism to meet some of these people you admire online. Catching up with good friends that you don’t see near often enough. And learning new tricks and hacks that you didn’t know before.

Anonymous: Hanging out late at night working on some random contest. DEF CON can be such a nice blend of social and hacking, which is something we don’t always get to do if we don’t have access to a hackerspace and spend most of our time at home working on things. I’ve hatched so many plans and schemes and learned so much just sitting in the con area chatting late at night.

Summary

I hope this has been at least a little bit useful to you, or at least a good reminder of good times at Hacker Summer Camp. Feel free to share or hit me up on Twitter if you have ideas or suggestions for things I should have covered. This is the 3rd year in a row I’ve written such a guide, and you can find my 2017 guide here, and my 2016 guide in two parts here and here.

I suggest also checking out the Defcon for N00bs guide for other advice and another take on preparing for con.

Finally, a big thanks to illusorycake, fadec0d3, itsC0rg1, dissect0r, and Anonymous for contributing their thoughts. You all are great friends and hackers. I owe each of you a drink (or several) at Hacker Summer Camp this year.

FAQ

Are you paranoid?

Yes, I’m a professional paranoid. Everyone in this industry is, if they’ve been around long enough. In particular, I’m paid to simulate attackers, so I see everything as an opportunity to hack.

Will I get hacked at the cons?

Probably not, if you prepare well and aren’t stupid about it. But if you use open wifi with no protection, well, you’ll probably find out just how trivial such attacks are.

Should I go to talks?

Some people have interpreted my view on talks as “don’t go to talks, they’re a waste of time”, and that couldn’t be further from the truth. I think the talks are great, but unless it’s a talk that won’t be recorded, or is particularly relevant to you, I generally choose to do something requiring my physical presence at that time instead of sitting in a room listening to the talk. (And spending time lining up before the talk to even get into the room.)

Categories: Linux

Ubuntu Podcast from the UK LoCo: S11E12 – Twelve Years a Slave - Ubuntu Podcast

Planet Ubuntu - Thu, 05/24/2018 - 08:15

This week we make an Ubuntu Core laptop, discuss whether Linux on the desktop is rubbish, bring you a virtual private love and go over your feedback.

It’s Season 11 Episode 12 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

  • We discuss what we’ve been up to recently:
  • We discuss whether desktop Linux is rubbish and has failed.

  • We share a Virtual Private Lurve:

  • And we go over all your amazing feedback – thanks for sending it – please keep sending it!

  • Image credit: Mike Wilson

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Categories: Linux

Matthew Helmke: Ubuntu Unleashed 2019 and other books presale discount

Planet Ubuntu - Wed, 05/23/2018 - 22:59

Starting Thursday, May 24th the about-to-be released 2019 new edition of my book, Ubuntu Unleashed, will be listed in InformIT’s Summer Coming Soon sale, which goes through May 29th. The discount is 40% off print and 45% off eBooks, no discount code will be required. Here’s the link: InformIT Summer Sale
.

Categories: Linux

The Fridge: Call for nominations for the Technical Board

Planet Ubuntu - Wed, 05/23/2018 - 12:54

The current 2-year term of the Technical Board is over, and it’s time for electing a new one. For the next two weeks (until 6 June 2018) we are collecting nominations, then our SABDFL will shortlist the candidates and confirm their candidacy with them, and finally the shortlist will be put to a vote by ~ubuntu-dev.

Anyone from the Ubuntu community can nominate someone.

Please send nominations (of yourself or someone else) to Mark Shuttleworth <mark.shuttleworth at ubuntu.com> and CC: the nominee. You can optionally CC: the Technical Board mailing list, but as this is public, you *must* get the agreement of the nominated person before you CC: the list.

The current board can be seen at ~techboard.

Originally posted to the ubuntu-devel-announce mailing list on Wed May 23 18:19:18 UTC 2018 by Walter Lapchynski on behalf of the Ubuntu Community Council.

Categories: Linux

Xubuntu: New Wiki pages for Testers

Planet Ubuntu - Wed, 05/23/2018 - 10:49

During the last few weeks of the 18.04 (Bionic Beaver) cycle, we had 2 people drop by in our development channel trying to respond to the call for testers from the Development and QA Teams.

It quickly became apparent to me that I was having to repeat myself in order to make it “basic” enough for someone who had never tested for us, to understand what I was trying to put across.

After pointing to the various resources we have, and other flavours use – it transpired that they both would have preferred something a bit easier to start with.

So I asked them to write it for us all.

Rather than belabour my point here, I’ve asked both of them to write a few words about what they needed and what they have achieved for everyone.

Before they get that chance – I would just like to thank them both for the hours of work they have put in drafting, tweaking and getting the pages into a position where we can tell you all of their existence.

You can see the fruits of their labour at our updated web page for Testers and the new pages we have at the New Tester wiki .

Kev

On behalf of the Xubuntu Development and QA Teams.

“I see the whole idea of OS software and communities helping themselves as a breath of fresh air in an ever more profit obsessed world (yes, I am a cynical old git).
I really wanted to help, but just didn’t think that I had any of the the skills required, and the guides always seemed to assume a level of knowledge that I just didn’t have.
So, when I was asked to help write a ‘New Testers’ guide for my beloved Xubuntu I absolutely jumped at the chance, knowing that my ignorance was my greatest asset.
I hope what resulted from our work will help those like me (people who can easily learn but need to be told pretty much everything from the bottom up) to start testing and enjoy the warm, satisfied glow of contributing to their community.
Most of all, I really enjoyed collaborating with some very nice people indeed.”

Leigh Sutherland

“I marvel at how we live in an age in which we can collaborate and share with people all over the world – as such I really like the ideas of free and open source. A long time happy Xubuntu user, I felt the time to be involved, to go from user-only to contributor was long overdue – Xubuntu is a community effort after all. So, when the call for testing came last March, I dove in. At first testing seemed daunting, complicated and very technical. But, with leaps and bounds, and the endless patience and kindness of the Xubuntu-bunch over at Xubuntu-development, I got going. I felt I was at last “paying back”. When flocculant asked if I would help him and Leigh to write some pages to make the information about testing more accessible for users like me, with limited technical skills and knowledge, I really liked the idea. And that started a collaboration I really enjoyed.
It’s my hope that with these pages we’ve been able to get across the information needed by someone like I was when I started -technical newby, noob- to simply get set up to get testing.
It’s also my hope people like you will tell us where and how these pages can be improved, with the aim to make the first forays into testing as gentle and easy as possible. Because without testing we as a community can not make xubuntu as good as we’d want it to be.”

Willem Hobers

Categories: Linux

Benjamin Mako Hill: Natural experiment showing how “wide walls” can support engagement and learning

Planet Ubuntu - Wed, 05/23/2018 - 10:17

Seymour Papert is credited as saying that tools to support learning should have “high ceilings” and “low floors.” The phrase is meant to suggest that tools should allow learners to do complex and intellectually sophisticated things but should also be easy to begin using quickly. Mitchel Resnick extended the metaphor to argue that learning toolkits should also have “wide walls” in that they should appeal to diverse groups of learners and allow for a broad variety of creative outcomes. In a new paper, Sayamindu Dasgupta and I attempted to provide an empirical test of Resnick’s wide walls theory. Using a natural experiment in the Scratch online community, we found causal evidence that “widening walls” can, as Resnick suggested, increase both engagement and learning.

Over the last ten years, the “wide walls” design principle has been widely cited in the design of new systems. For example, Resnick and his collaborators relied heavily on the principle in the design of the Scratch programming language. Scratch allows young learners to produce not only games, but also interactive art, music videos, greetings card, stories, and much more. As part of that team, Sayamindu was guided by “wide walls” principle when he designed and implemented the Scratch cloud variables system in 2011-2012.

While designing the system, Sayamindu hoped to “widen walls” by supporting a broader range of ways to use variables and data structures in Scratch. Scratch cloud variables extend the affordances of the normal Scratch variable by adding persistence and shared-ness. A simple example of something possible with cloud variables, but not without them, is a global high-score leaderboard in a game (example code is below). After the system was launched, we saw many young Scratch users using the system to engage with data structures in new and incredibly creative ways.

Example of Scratch code that uses a cloud variable to keep track of high-scores among all players of a game.

Although these examples reflected powerful anecdotal evidence, we were also interested in using quantitative data to reflect the causal effect of the system. Understanding the causal effect of a new design in real world settings is a major challenge. To do so, we took advantage of a “natural experiment” and some clever techniques from econometrics to measure how learners’ behavior changed when they were given access to a wider design space.

Understanding the design of our study requires understanding a little bit about how access to the Scratch cloud variable system is granted. Although the system has been accessible to Scratch users since 2013, new Scratch users do not get access immediately. They are granted access only after a certain amount of time and activity on the website (the specific criteria are not public). Our “experiment” involved a sudden change in policy that altered the criteria for who gets access to the cloud variable feature. Through no act of their own, more than 14,000 users were given access to feature, literally overnight. We looked at these Scratch users immediately before and after the policy change to estimate the effect of access to the broader design space that cloud variables afforded.

We found that use of data-related features was, as predicted, increased by both access to and use of cloud variables. We also found that this increase was not only an effect of projects that use cloud variables themselves. In other words, learners with access to cloud variables—and especially those who had used it—were more likely to use “plain-old” data-structures in their projects as well.

The graph below visualizes the results of one of the statistical models in our paper and suggests that we would expect that 33% of projects by a prototypical “average” Scratch user would use data structures if the user in question had never used used cloud variables but that we would expect that 60% of projects by a similar user would if they had used the system.

Model-predicted probability that a project made by a prototypical Scratch user will contain data structures (w/o counting projects with cloud variables)

It is important to note that the estimated effective above is a “local average effect” among people who used the system because they were granted access by the sudden change in policy (this is a subtle but important point that we explain this in some depth in the paper). Although we urge care and skepticism in interpreting our numbers, we believe our results are encouraging evidence in support of the “wide walls” design principle.

Of course, our work is not without important limitations. Critically, we also found that rate of adoption of cloud variables was very low. Although it is hard to pinpoint the exact reason for this from the data we observed, it has been suggested that widening walls may have a potential negative side-effect of making it harder for learners to imagine what the new creative possibilities might be in the absence of targeted support and scaffolding. Also important to remember is that our study measures “wide walls” in a specific way in a specific context and that it is hard to know how well our findings will generalize to other contexts and communities. We discuss these caveats, as well as our methods, models, and theoretical background in detail in our paper which now available for download as an open-access piece from the ACM digital library.

This blog post, and the open access paper that it describes, is a collaborative project with Sayamindu Dasgupta. Financial support came from the eScience Institute and the Department of Communication at the University of Washington. Quantitative analyses for this project were completed using the Hyak high performance computing cluster at the University of Washington.

Categories: Linux

Daniel Pocock: OSCAL'18 Debian, Ham, SDR and GSoC activities

Planet Ubuntu - Mon, 05/21/2018 - 14:44

Over the weekend I've been in Tirana, Albania for OSCAL 2018.

Crowdfunding report

The crowdfunding campaign to buy hardware for the radio demo was successful. The gross sum received was GBP 110.00, there were Paypal fees of GBP 6.48 and the net amount after currency conversion was EUR 118.29. Here is a complete list of transaction IDs for transparency so you can see that if you donated, your contribution was included in the total I have reported in this blog. Thank you to everybody who made this a success.

The funds were used to purchase an Ultracell UCG12-45 sealed lead-acid battery from Tashi in Tirana, here is the receipt. After OSCAL, the battery is being used at a joint meeting of the Prishtina hackerspace and SHRAK, the amateur radio club of Kosovo on 24 May. The battery will remain in the region to suport any members of the ham community who want to visit the hackerspaces and events.

Debian and Ham radio booth

Local volunteers from Albania and Kosovo helped run a Debian and ham radio/SDR booth on Saturday, 19 May.

The antenna was erected as a folded dipole with one end joined to the Tirana Pyramid and the other end attached to the marquee sheltering the booths. We operated on the twenty meter band using an RTL-SDR dongle and upconverter for reception and a Yaesu FT-857D for transmission. An MFJ-1708 RF Sense Switch was used for automatically switching between the SDR and transceiver on PTT and an MFJ-971 ATU for tuning the antenna.

I successfully made contact with 9A1D, a station in Croatia. Enkelena Haxhiu, one of our GSoC students, made contact with Z68AA in her own country, Kosovo.

Anybody hoping that Albania was a suitably remote place to hide from media coverage of the British royal wedding would have been disappointed as we tuned in to GR9RW from London and tried unsuccessfully to make contact with them. Communism and royalty mix like oil and water: if a deceased dictator was already feeling bruised about an antenna on his pyramid, he would probably enjoy water torture more than a radio transmission celebrating one of the world's most successful hereditary monarchies.

A versatile venue and the dictator's revenge

It isn't hard to imagine communist dictator Enver Hoxha turning in his grave at the thought of his pyramid being used for an antenna for communication that would have attracted severe punishment under his totalitarian regime. Perhaps Hoxha had imagined the possibility that people may gather freely in the streets: as the sun moved overhead, the glass facade above the entrance to the pyramid reflected the sun under the shelter of the marquees, giving everybody a tan, a low-key version of a solar death ray from a sci-fi movie. Must remember to wear sunscreen for my next showdown with a dictator.

The security guard stationed at the pyramid for the day was kept busy chasing away children and more than a few adults who kept arriving to climb the pyramid and slide down the side.

Meeting with Debian's Google Summer of Code students

Debian has three Google Summer of Code students in Kosovo this year. Two of them, Enkelena and Diellza, were able to attend OSCAL. Albania is one of the few countries they can visit easily and OSCAL deserves special commendation for the fact that it brings otherwise isolated citizens of Kosovo into contact with an increasingly large delegation of foreign visitors who come back year after year.

We had some brief discussions about how their projects are starting and things we can do together during my visit to Kosovo.

Workshops and talks

On Sunday, 20 May, I ran a workshop Introduction to Debian and a workshop on Free and open source accounting. At the end of the day Enkelena Haxhiu and I presented the final talk in the Pyramid, Death by a thousand chats, looking at how free software gives us a unique opportunity to disable a lot of unhealthy notifications by default.

Categories: Linux

The Fridge: Ubuntu Weekly Newsletter Issue 528

Planet Ubuntu - Mon, 05/21/2018 - 14:07

Welcome to the Ubuntu Weekly Newsletter, Issue 528 for the week of May 13 – 19, 2018. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Wild Man
  • Chris Guiver
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Categories: Linux

Kubuntu General News: Plasma 5.12.5 bugfix update for Kubuntu 18.04 LTS – Testing help required

Planet Ubuntu - Mon, 05/21/2018 - 09:36

Are you using Kubuntu 18.04, our current LTS release?

We currently have the Plasma 5.12.5 LTS bugfix release available in our Updates PPA, but we would like to provide the important fixes and translations in this release to all users via updates in the main Ubuntu archive. This would also mean these updates would be provide by default with the 18.04.1 point release ISO expected in late July.

The Stable Release Update tracking bug can be found here: https://bugs.launchpad.net/ubuntu/+source/plasma-desktop/+bug/1768245

A launchpad.net account is required to post testing feedback as bug comments.

The Plasma 5.12.5 changelog can be found at: https://www.kde.org/announcements/plasma-5.12.4-5.12.5-changelog.php

[Test Case]

* General tests:
– Does plasma desktop start as normal with no apparent regressions over 5.12.4?
– General workflow – testers should carry out their normal tasks, using the plasma features they normally do, and test common subsystems such as audio, settings changes, compositing, desktop affects, suspend etc.

* Specific tests:
– Check the changelog:
– Identify items with front/user facing changes capable of specific testing. e.g. “weather plasmoid fetches BBC weather data.”
– Test the ‘fixed’ functionality.

Testing involves some technical set up to do, so while you do not need to be a highly advanced K/Ubuntu user, some proficiently in apt based package management is advisable.

Details on how to enable the propose repository can be found at: https://wiki.ubuntu.com/Testing/EnableProposed.

Unfortunately that page illustrates Xenial and Ubuntu Unity rather than Bionic in Kubuntu. Using Discover or Muon, use Settings > More, enter your password, and ensure that Pre-release updates (bionic-proposed) is ticked in the Updates tab.

Or from the commandline, you can modify the software sources manually by adding the following line to /etc/apt/sources.list:

deb http://archive.ubuntu.com/ubuntu/ bionic-proposed restricted main multiverse universe

It is not advisable to upgrade all available packages from proposed, as many will be unrelated to this testing and may NOT have been sufficiently verified as updates to assume safe. So the safest but a little involved method would be to use Muon (or even synaptic!) to select each upgradeable packages with a version containing 5.12.5-0ubuntu0.1 (5.12.5.1-0ubuntu0.1 for plasma-discover due to an additional update).

Please report your findings on the bug report. If you need some guidance on how to structure your report, please see https://wiki.ubuntu.com/QATeam/PerformingSRUVerification. Testing is very important to the quality of the software Ubuntu and Kubuntu developers package and release.

We need your help to get this important bug-fix release out the door to all of our users.

Thanks! Please stop by the Kubuntu-devel IRC channel or Telegram group if you need clarification of any of the steps to follow.

Categories: Linux

Pages

Subscribe to Bill's Place aggregator - Linux