Colin Watson: Deploying Swift

Planet Ubuntu - Mon, 12/03/2018 - 18:37

Sometimes I want to deploy Swift, the OpenStack object storage system.

Well, no, that’s not true. I basically never actually want to deploy Swift as such. What I generally want to do is to debug some bit of production service deployment machinery that relies on Swift for getting build artifacts into the right place, or maybe the parts of the Launchpad librarian (our blob storage service) that use Swift. I could find an existing private or public cloud that offers the right API and test with that, but sometimes I need to test with particular versions, and in any case I have a terribly slow internet connection and shuffling large build artifacts back and forward over the relevant bit of wet string makes it painfully slow to test things.

For a while I’ve had an Ubuntu 12.04 VM lying around with an Icehouse-based Swift deployment that I put together by hand. It works, but I didn’t keep good notes and have no real idea how to reproduce it, not that I really want to keep limping along with manually-constructed VMs for this kind of thing anyway; and I don’t want to be dependent on obsolete releases forever. For the sorts of things I’m doing I need to make sure that authentication works broadly the same way as it does in a real production deployment, so I want to have Keystone too. At the same time, I definitely don’t want to do anything close to a full OpenStack deployment of my own: it’s much too big a sledgehammer for this particular nut, and I don’t really have the hardware for it.

Here’s my solution to this, which is compact enough that I can run it on my laptop, and while it isn’t completely automatic it’s close enough that I can spin it up for a test and discard it when I’m finished (so I haven’t worried very much about producing something that runs efficiently). It relies on Juju and LXD. I’ve only tested it on Ubuntu 18.04, using Queens; for anything else you’re on your own. In general, I probably can’t help you if you run into trouble with the directions here: this is provided “as is”, without warranty of any kind, and all that kind of thing.

First, install Juju and LXD if necessary, following the instructions provided by those projects, and also install the python-openstackclient package as you’ll need it later. You’ll want to set Juju up to use LXD, and you should probably make sure that the shells you’re working in don’t have http_proxy set as it’s quite likely to confuse things unless you’ve arranged for your proxy to be able to cope with your local LXD containers. Then add a model:

juju add-model swift

At this point there’s a bit of complexity that you normally don’t have to worry about with Juju. The swift-storage charm wants to mount something to use for storage, which with the LXD provider in practice ends up being some kind of loopback mount. Unfortunately, being able to perform loopback mounts exposes too much kernel attack surface, so LXD doesn’t allow unprivileged containers to do it. (Ideally the swift-storage charm would just let you use directory storage instead.) To make the containers we’re about to create privileged enough for this to work, run:

lxc profile set juju-swift security.privileged true lxc profile device add juju-swift loop-control unix-char \ major=10 minor=237 path=/dev/loop-control for i in $(seq 0 255); do lxc profile device add juju-swift loop$i unix-block \ major=7 minor=$i path=/dev/loop$i done

Now we can start deploying things! Save this to a file, e.g. swift.bundle:

series: bionic description: "Swift in a box" applications: mysql: charm: "cs:mysql-62" channel: candidate num_units: 1 options: dataset-size: 512M keystone: charm: "cs:keystone" num_units: 1 swift-storage: charm: "cs:swift-storage" num_units: 1 options: block-device: "/etc/swift/storage.img|5G" swift-proxy: charm: "cs:swift-proxy" num_units: 1 options: zone-assignment: auto replicas: 1 relations: - ["keystone:shared-db", "mysql:shared-db"] - ["swift-proxy:swift-storage", "swift-storage:swift-storage"] - ["swift-proxy:identity-service", "keystone:identity-service"]

And run:

juju deploy swift.bundle

This will take a while. You can run juju status to see how it’s going in general terms, or juju debug-log for detailed logs from the individual containers as they’re putting themselves together. When it’s all done, it should look something like this:

Model Controller Cloud/Region Version SLA swift lxd localhost 2.3.1 unsupported App Version Status Scale Charm Store Rev OS Notes keystone 13.0.1 active 1 keystone jujucharms 290 ubuntu mysql 5.7.24 active 1 mysql jujucharms 62 ubuntu swift-proxy 2.17.0 active 1 swift-proxy jujucharms 75 ubuntu swift-storage 2.17.0 active 1 swift-storage jujucharms 250 ubuntu Unit Workload Agent Machine Public address Ports Message keystone/0* active idle 0 5000/tcp Unit is ready mysql/0* active idle 1 3306/tcp Ready swift-proxy/0* active idle 2 8080/tcp Unit is ready swift-storage/0* active idle 3 Unit is ready Machine State DNS Inst id Series AZ Message 0 started juju-d3e703-0 bionic Running 1 started juju-d3e703-1 bionic Running 2 started juju-d3e703-2 bionic Running 3 started juju-d3e703-3 bionic Running

At this point you have what should be a working installation, but with only administrative privileges set up. Normally you want to create at least one normal user. To do this, start by creating a configuration file granting administrator privileges (this one comes verbatim from the openstack-base bundle):

_OS_PARAMS=$(env | awk 'BEGIN {FS="="} /^OS_/ {print $1;}' | paste -sd ' ') for param in $_OS_PARAMS; do if [ "$param" = "OS_AUTH_PROTOCOL" ]; then continue; fi if [ "$param" = "OS_CACERT" ]; then continue; fi unset $param done unset _OS_PARAMS _keystone_unit=$(juju status keystone --format yaml | \ awk '/units:$/ {getline; gsub(/:$/, ""); print $1}') _keystone_ip=$(juju run --unit ${_keystone_unit} 'unit-get private-address') _password=$(juju run --unit ${_keystone_unit} 'leader-get admin_passwd') export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://${_keystone_ip}:5000/v3 export OS_USERNAME=admin export OS_PASSWORD=${_password} export OS_USER_DOMAIN_NAME=admin_domain export OS_PROJECT_DOMAIN_NAME=admin_domain export OS_PROJECT_NAME=admin export OS_REGION_NAME=RegionOne export OS_IDENTITY_API_VERSION=3 # Swift needs this: export OS_AUTH_VERSION=3 # Gnocchi needs this export OS_AUTH_TYPE=password

Source this into a shell: for instance, if you saved this to ~/.swiftrc.juju-admin, then run:

. ~/.swiftrc.juju-admin

You should now be able to run openstack endpoint list and see a table for the various services exposed by your deployment. Then you can create a dummy project and a user with enough privileges to use Swift:

USERNAME=your-username PASSWORD=your-password openstack domain create SwiftDomain openstack project create --domain SwiftDomain --description Swift \ SwiftProject openstack user create --domain SwiftDomain --project-domain SwiftDomain \ --project SwiftProject --password "$PASSWORD" "$USERNAME" openstack role add --project SwiftProject --user-domain SwiftDomain \ --user "$USERNAME" Member

(This is intended for testing rather than for doing anything particularly sensitive. If you cared about keeping the password secret then you’d use the --password-prompt option to openstack user create instead of supplying the password on the command line.)

Now create a configuration file granting privileges for the user you just created. I felt like automating this to at least some degree:

touch ~/.swiftrc.juju chmod 600 ~/.swiftrc.juju sed '/^_password=/d; s/\( OS_PROJECT_DOMAIN_NAME=\).*/\1SwiftDomain/; s/\( OS_PROJECT_NAME=\).*/\1SwiftProject/; s/\( OS_USER_DOMAIN_NAME=\).*/\1SwiftDomain/; s/\( OS_USERNAME=\).*/\1'"$USERNAME"'/; s/\( OS_PASSWORD=\).*/\1'"$PASSWORD"'/' \ <~/.swiftrc.juju-admin >~/.swiftrc.juju

Source this into a shell. For example:

. ~/.swiftrc.juju

You should now find that swift list works. Success! Now you can swift upload files, or just start testing whatever it was that you were actually trying to test in the first place.

This is not a setup I expect to leave running for a long time, so to tear it down again:

juju destroy-model swift

This will probably get stuck trying to remove the swift-storage unit, since nothing deals with detaching the loop device. If that happens, find the relevant device in losetup -a from another window and use losetup -d to detach it; juju destroy-model should then be able to proceed.

Credit to the Juju and LXD teams and to the maintainers of the various charms used here, as well as of course to the OpenStack folks: their work made it very much easier to put this together.

Categories: Linux

Daniel Pocock: Smart home: where to start?

Planet Ubuntu - Mon, 12/03/2018 - 01:44

My home automation plans have been progressing and I'd like to share some observations I've made about planning a project like this, especially for those with larger houses.

With so many products and technologies, it can be hard to know where to start. Some things have become straightforward, for example, Domoticz can soon be installed from a package on some distributions. Yet this simply leaves people contemplating what to do next.

The quickstart

For a small home, like an apartment, you can simply buy something like the Zigate, a single motion and temperature sensor, a couple of smart bulbs and expand from there.

For a large home, you can also get your feet wet with exactly the same approach in a single room. Once you are familiar with the products, use a more structured approach to plan a complete solution for every other space.

The Debian wiki has started gathering some notes on things that work easily on GNU/Linux systems like Debian as well as Fedora and others.


What is your first goal? For example, are you excited about having smart lights or are you more concerned with improving your heating system efficiency with zoned logic?

Trying to do everything at once may be overwhelming. Make each of these things into a separate sub-project or milestone.

Technology choices

There are many technology choices:

  • Zigbee, Z-Wave or another protocol? I'm starting out with a preference for Zigbee but may try some Z-Wave devices along the way.
  • E27 or B22 (Bayonet) light bulbs? People in the UK and former colonies may have B22 light sockets and lamps. For new deployments, you may want to standardize on E27. Amongst other things, E27 is used by all the Ikea lamp stands and if you want to be able to move your expensive new smart bulbs between different holders in your house at will, you may want to standardize on E27 for all of them and avoid buying any Bayonet / B22 products in future.
  • Wired or wireless? Whenever you take up floorboards, it is a good idea to add some new wiring. For example, CAT6 can carry both power and data for a diverse range of devices.
  • Battery or mains power? In an apartment with two rooms and less than five devices, batteries may be fine but in a house, you may end up with more than a hundred sensors, radiator valves, buttons, and switches and you may find yourself changing a battery in one of them every week. If you have lodgers or tenants and you are not there to change the batteries then this may cause further complications. Some of the sensors have a socket for an optional power supply, battery eliminators may also be an option.
Making an inventory

Creating a spreadsheet table is extremely useful.

This helps estimate the correct quantity of sensors, bulbs, radiator valves and switches and it also helps to budget. Simply print it out, leave it under the Christmas tree and hope Santa will do the rest for you.

Looking at my own house, these are the things I counted in a first pass:

Don't forget to include all those unusual spaces like walk-in pantries, a large cupboard under the stairs, cellar, en-suite or enclosed porch. Each deserves a row in the table.

Sensors help make good decisions

Whatever the aim of the project, sensors are likely to help obtain useful data about the space and this can help to choose and use other products more effectively.

Therefore, it is often a good idea to choose and deploy sensors through the home before choosing other products like radiator valves and smart bulbs.

The smartest place to put those smart sensors

When placing motion sensors, it is important to avoid putting them too close to doorways where they might detect motion in adjacent rooms or hallways. It is also a good idea to avoid putting the sensor too close to any light bulb: if the bulb attracts an insect, it will trigger the motion sensor repeatedly. Temperature sensors shouldn't be too close to heaters or potential draughts around doorways and windows.

There are a range of all-in-one sensors available, some have up to six features in one device smaller than an apple. In some rooms this is a convenient solution but in other rooms, it may be desirable to have separate motion and temperature sensors in different locations.

Consider the dining and sitting rooms in my own house, illustrated in the floorplan below. The sitting room is also a potential 6th bedroom or guest room with sofa bed, the downstairs shower room conveniently located across the hall. The dining room is joined to the sitting room by a sliding double door. When the sliding door is open, a 360 degree motion sensor in the ceiling of the sitting room may detect motion in the dining room and vice-versa. It appears that 180 degree motion sensors located at the points "1" and "2" in the floorplan may be a better solution.

These rooms have wall mounted radiators and fireplaces. To avoid any of these potential heat sources the temperature sensors should probably be in the middle of the room.

This photo shows the proposed location for the 180 degree motion sensor "2" on the wall above the double door:


To summarize, buy a Zigate and a small number of products to start experimenting with. Make an inventory of all the products potentially needed for your home. Try to mark sensor locations on a floorplan, thinking about the type of sensor (or multiple sensors) you need for each space.

Categories: Linux

Eric Hammond: Guest Post: Notable AWS re:invent Sessions, by Jennine Townsend

Planet Ubuntu - Sun, 12/02/2018 - 17:00

A guest post authored by Jennine Townsend, expert sysadmin and AWS aficionado

There were so many sessions at re:Invent! Now that it’s over, I want to watch some sessions on video, but which ones?

Of course I’ll pick out those that are specific to my interests, but I also want to know the sessions that had good buzz, so I made a list that’s kind of mashed together from sessions that I heard good things about on Twitter, with those that had lots of repeats and overflow sessions, figuring those must have been popular.

But I confess I left out some whole categories! There aren’t sessions for Alexa or DeepRacer (not that I’m not interested, they’re just not part of my re:Invent followup), and I don’t administer any Windows systems so I leave out most of those sessions.

Some sessions have YouTube links, some don’t (yet) have and may never have YouTube videos, since lots of (types of) sessions aren’t recorded. (But even there, if I search the topic and speakers, I bet I can often find an earlier talk.)

There’s not much of a ranking: keynotes at the top, sessions I heard good things about in the middle, then sessions that had lots of repeats. It’s only mildly specific to my interests, so I thought other people might find it helpful. It’s also not really finished, but I wanted to get started watching sessions this weekend!


Peter DeSantis Monday Night Live

Terry Wise Global Partner Keynote

Andy Jassy keynote

Werner Vogels keynote

Popular: Buzz during AWS re:Invent

DEV322 What’s New with the AWS CLI (Kyle Knapp, James Saryerwinnie)

SRV409 A Serverless Journey: AWS Lambda Under the Hood

CON362 Container Power Hour with Jess, Clare, and Abby

SRV325 Using DevOps, Microservices, and Serverless to Accelerate Innovation (David Richardson, Ken Exner, Deepak Singh)

SRV375 Lambda Layers and Runtime API (Danilo Poccia) - Chalk Talk

SRV338 Configuration Management and Service Discovery (mentions CloudMap) (Alex Casalboni, Ben Kehoe) - Chalk Talk

CON367 Introducing App Mesh (Kiran Meduri, Shubha Rao, James Straub)

SRV355 Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (Chris Munns) (focuses on SAM, CodeStar, I believe) - Chalk Talk

DEV327 Advanced Infrastructure as Code Programming on AWS

SRV322 From Monolith to Modern Apps: Best Practices

Popular: Repeats During AWS re:Invent

CON301 Mastering Kubernetes on AWS

ARC202 Running Lean Architectures: How to Optimize for Cost Efficiency

DEV319 Continuous Integration Best Practices

AIM404 Build, Train, and Deploy ML Models Quickly and Easily with Amazon SageMaker

STG209 Amazon S3 Storage Management (Scott Hewitt) - Chalk Talk

ENT205 Executing a Large-Scale Migration to AWS (Joe Chung, Jonathan Allen, Mike Wittig)

DEV317 Advanced Continuous Delivery Best Practices

CON308 Building Microservices with Containers

ANT323 Build Your Own Log Analytics Solutions on AWS

ANT201 Big Data Analytics Architectural Patterns and Best Practices

DEV403 Automate Common Maintenance & Deployment Tasks Using AWS Systems Manager - Builders Session

DAT356 Which Database Should I Use? - Builders Session

DEV309 CI/CD for Serverless and Containerized Applications

ARC209 Architecture Patterns for Multi-Region Active-Active Applications

AIM401 Deep Learning Applications Using TensorFlow

SRV305 Inside AWS: Technology Choices for Modern Applications

SEC401 Mastering Identity at Every Layer of the Cake

SEC371 Incident Response in AWS - Builders Session

SEC322 Using AWS Lambda as a Security Team

NET404 Elastic Load Balancing: Deep Dive and Best Practices

DEV321 What’s New with AWS CloudFormation

DAT205 Databases on AWS: The Right Tool for the Right Job

Original article and comments:

Categories: Linux

Julian Andres Klode: Migrating web servers

Planet Ubuntu - Sat, 12/01/2018 - 15:40

As of today, I migrated various services from shared hosting on to a VPS hosted by hetzner. This includes my weechat client, this blog, and the following other websites:

  • redirector

Uberspace runs CentOS 6. This was causing more and more issues for me, as I was trying to run up-to-date weechat binaries. In the final stages, I ran weechat and tmux inside a debian proot. It certainly beat compiling half a system with linuxbrew.

The web performance was suboptimal. Webpages are served with Pound and Apache, TLS connection overhead was just huge, there was only HTTP/1.1, and no keep-alive.

Security-wise things were interesting: Everything ran as my user, obviously, whether that’s scripts, weechat, or mail delivery helpers. Ugh. There was also only a single certificate, meaning that all domains shared it, even if they were completely distinct like and

Enter Hetzner VPS

I launched a VPS at hetzner and configured it with Ubuntu 18.04, the latest Ubuntu LTS. It is a CX21, so it has 2 vcores, 4 GB RAM, 40 GB SSD storage, and 20 TB of traffic. For 5.83€/mo, you can’t complain.

I went on to build a repository of ansible roles (see repo on, that configured the system with a few key characteristics:

  • http is served by nginx
  • certificates are per logical domain - each domain has a canonical name and a set of aliases; and the certificate is generated for them all
  • HTTPS is configured according to Mozilla’s modern profile, meaning TLSv1.2-only, and a very restricted list of ciphers. I can revisit that if it’s causing problems, but I’ve not seen huge issues.
  • Log files are anonymized to 24 bits for IPv4 addresses, and 32 bit for IPv6 addresses, which should allow me to identify an ISP, but not an individual user.

I don’t think the roles are particularly reusable for others, but it’s nice to have a central repository containing all the configuration for the server.

Go server to serve comments

When I started self-hosting the blog and added commenting via mastodon, it was via a third-party PHP script. This has been replaced by a Go program (GitHub repo). The new Go program scales a lot better than a PHP script, and provides better security properties due to AppArmor and systemd-based sandboxing; it even uses systemd’s DynamicUser.

Special care has been taken to have time outs for talking to upstream servers, so the program cannot hang with open connections and will respond eventually.

The Go binary is connected to nginx via a UNIX domain socket that serves FastCGI. The service is activated via systemd socket activation, allowing it to be owned by www-data, while the binary runs as a dynamic user. Nginx’s native fastcgi caching mechanism is enabled so the Go process is only contacted every 10 minutes at the most (for a given post). Nice!


Performance is a lot better than the old shared server. Pages load in up to half the time of the old one. Scalability also seems better: I tried various benchmarks, and achieved consistently higher concurrency ratings. A simple curl via https now takes 100ms instead of 200ms.

Performance is still shitty from the west coast of the US or other places far away from Germany: Measuring from Oregon, it took 1.4s for a page to fully render (vs ~3s before).

Upcoming mail server

The next step is to enable email. Setting up postfix with dovecot is quite easy it turns out. Install them, tweak a few settings, setup SPF, DKIM, DMARC, and a PTR record, and off you go.

I mostly expect to read my email by tagging it on the server using notmuch somehow, and then syncing it to my laptop using muchsync. The IMAP access should allow some notifications or reading on the phone.

Spam filtering will be handled with rspamd. It seems to be the hot new thing on the market, is integrated with postfix as a milter, and handles a lot of stuff, such as:

  • greylisting
  • IP scoring
  • DKIM verification and signing
  • ARC verification
  • SPF verification
  • DNS lists
  • Rate limiting

It also has fancy stuff like neural networks. Woohoo!

As another bonus point: It’s trivial to confine with AppArmor, which I really love. Postfix and Dovecot are a mess to confine with their hundreds of different binaries.

I found it via uberspace, which plan on using it for their next uberspace7 generation. It is also used by some large installations like and

I plan to migrate mail from uberspace in the upcoming weeks, and will post more details about it.

Categories: Linux

Colin King: New features in Forkstat

Planet Ubuntu - Sat, 12/01/2018 - 05:47
Forkstat is a simple utility I wrote a while ago that can trace process activity using the rather useful Linux NETLINK_CONNECTOR API.   Recently I have added two extra features that may be of interest:

1.  Improved output using some UTF-8 glyphs.  These are used to show process parent/child relationships and various process events, such as termination, core dumping and renaming.   Use the new -g (glyph) option to enable this mode. For example:

In the above example, the program "wobble" was started and forks off a child process.  The parent then renames itself to wibble (indicated by a turning arrow). The child then segfaults and generates a core dump (indicated by a skull and crossbones), triggering apport to investigate the crash.  After this, we observe NetworkManager creating a thread that runs for a very short period of time.   This kind of activity is normally impossible to spot while running conventions tools such as ps or top.

2. By default, forkstat will show the process name using the contents of /proc/$PID/cmdline.  The new -c option allows one to instead use the 16 character task "comm" field, and this can be helpful for spotting process name changes on PROC_EVENT_COMM events.

These are small changes, but I think they make forkstat more useful.  The updated forkstat will be available in Ubuntu 19.04 "Disco Dingo".
Categories: Linux

Sergio Schvezov: Snapcraft 3.0

Planet Ubuntu - Fri, 11/30/2018 - 12:47
The release notes for snapcraft 3.0 have been long overdue. For convenience I will reproduce them here too. Presenting snapcraft 3.0 The arrival of snapcraft 3.0 brings fresh air into how snap development takes place! We took the learnings from the main pain points you had when creating snaps in the past several years, and we we introduced those lessons into a brand new release - snapcraft 3.0! Build Environments As the cornerstone for behavioral change, we are introducing the concept of build environments.
Categories: Linux

Valorie Zimmerman: Google Code-in in KDE

Planet Ubuntu - Thu, 11/29/2018 - 17:55
So far, so good! We're having quite a variety of students and I'm happy to see new ones still joining. And surprising to me, we're still getting beginner tasks being done, which keep us busy.

New this round were some tutorials written by Pranam Lashkari. I hope we can expand on this next year, because I think a lot of students who are willing to do these tutorials one by one are learning a lot. His thought is that they can be added to our documentation after the contest is over. I think we can re-use some stuff that we've already written, for next year. What do you think?

In addition, I'm seeing loads of work -- yes, small jobs, but keep in mind these kids are 14 to 18 years old - for the teams who were willing to write up tasks and tutor. It is a lot of work so I really appreciate all those mentors who have stepped forward.

I'm very glad we are participating this year. It isn't as wild and crazy as it was in the beginning, because there are now lots more orgs involved, so the kids have lots of options. Happy that the kids we have are choosing us!

Categories: Linux

Podcast Ubuntu Portugal: S01E13 – Festa da boa

Planet Ubuntu - Thu, 11/29/2018 - 16:35

Na ressaca da Festa do Software Livre da Moita 2018, com a Ubuntu Party de Paris à porta e já com os olhos postos da Ubucon Europe 2019 que vai realizar-se no nosso país, mais precisamente em Sintra, o que não falta neste episódio é festa! Este que é também um marco importante nossa história, por ser o primeiro episódio a ser publicado apenas 2 dias após a sua gravação… Já sabes: Ouve, subscreve e partilha!


Este episódio foi produzido e editado por Alexandre Carrapiço (Thunderclaws Studios – captação, produção, edição, mistura e masterização de som) contacto: thunderclawstudiosPT–arroba–

Atribuição e licenças

A imagem de capa: Richard e está licenciada como CC BY-ND.

A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da CC0 1.0 Universal License.

Este episódio está licenciado nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

Categories: Linux

Daniel Pocock: Connecting software freedom and human rights

Planet Ubuntu - Thu, 11/29/2018 - 15:04

2018 is the 70th anniversary of the Universal Declaration of Human Rights.

Over the last few days, while attending the UN Forum on Business and Human Rights, I've had various discussions with people about the relationship between software freedom, business and human rights.

In the information age, control of the software, source code and data translates into power and may contribute to inequality. Free software principles are not simply about the cost of the software, they lead to transparency and give people infinitely more choices.

Many people in the free software community have taken a particular interest in privacy, which is Article 12 in the declaration. The modern Internet challenges this right, while projects like TAILS and Tor Browser help to protect it. The UN's 70th anniversary slogan Stand up 4 human rights is a call to help those around us understand these problems and make effective use of the solutions.

We live in a time when human rights face serious challenges. Consider censorship: Saudi Arabia is accused of complicity in the disappearance of columnist Jamal Khashoggi and the White House is accused of using fake allegations to try and banish CNN journalist Jim Acosta. Arjen Kamphuis, co-author of Information Security for Journalists, vanished in mysterious circumstances. The last time I saw Arjen was at OSCAL'18 in Tirana.

For many of us, events like these may leave us feeling powerless. Nothing could be further from the truth. Standing up for human rights starts with looking at our own failures, both as individuals and organizations. For example, have we ever taken offense at something, judged somebody or rushed to make accusations without taking time to check facts and consider all sides of the story? Have we seen somebody we know treated unfairly and remained silent? Sometimes it may be desirable to speak out publicly, sometimes a difficult situation can be resolved by speaking to the person directly or having a meeting with them.

Being at the United Nations provided an acute reminder of these principles. In parallel to the event, the UN were hosting a conference on the mine ban treaty and the conference on Afghanistan, the Afghan president arriving as I walked up the corridor. These events reflect a legacy of hostilities and sincere efforts to come back from the brink.

A wide range of discussions and meetings

There were many opportunities to have discussions with people from all the groups present. Several sessions raised issues that made me reflect on the relationship between corporations and the free software community and the risks for volunteers. At the end of the forum I had a brief discussion with Dante Pesce, Chair of the UN's Business and Human Rights working group.

Best free software resources for human rights?

Many people at the forum asked me how to get started with free software and I promised to keep adding to my blog. What would you regard as the best online resources, including videos and guides, for people with an interest in human rights to get started with free software, solving problems with privacy and equality? Please share them on the Libre Planet mailing list.

Let's not forget animal rights too

Are dogs entitled to danger pay when protecting heads of state?

Categories: Linux

Ubuntu Podcast from the UK LoCo: S11E38 – Thirty-Eight Nooses

Planet Ubuntu - Thu, 11/29/2018 - 08:00

This week we’ve been donating to Wikipedia and discuss Mark’s Snappy Adventure. We bring you some command line love and go over all your feedback.

It’s Season 11 Episode 38 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

youtube-dl -f best -ciw -o %(title)s.%(id)s.%(ext)s -v

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Categories: Linux

Ubuntu Podcast from the UK LoCo: S11E38 – Thirty-Eight Nooses

Planet Ubuntu - Thu, 11/29/2018 - 08:00

This week we’ve been donating to Wikipedia and discuss Mark’s Snappy Adventure. We bring you some command line love and go over all your feedback.

It’s Season 11 Episode 38 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

youtube-dl -f best -ciw -o %(title)s.%(id)s.%(ext)s -v

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Categories: Linux

LoCo Ubuntu PT: UbuCon Europe 2019 – Sintra!

Planet Ubuntu - Wed, 11/28/2018 - 17:22

(English version below)

Essen > Paris > Xixón > Sintra!

É com um enorme prazer que anunciamos o local (e data) da próxima UbuCon Europe. Será de 10 a 13 de Outubro, no Centro Cultural Olga Cadaval!
Após várias sugestões, pedidos, pressões e uma grande vontade de receber a comunidade Ubuntu mundial no nosso país, decidimos criar as condições para que no próximo ano esta aconteça em terras lusitanas.
Posto isto, a LoCo Ubuntu PT vem, desta forma, convidar todos os interessados a estarem presentes na próxima UbuCon Europe.

O que são as UbuCon?

As UbuCon são convenções organizadas pela Comunidade Ubuntu.
Nelas acontecem palestras, conferências, workshops, demonstrações e eventos sociais.

O local:

O espaço escolhido é o ideal para o efeito, com um auditório para mais de 270 pessoas, 3 salas para workshops e um espaço de exposições. Nas imediações, abundam locais para experimentar a gastronomia local, onde serão organizados eventos sociais.


Contamos oferecer uma vasta lista de alojamentos parceiros, desde o CouchSurfing até ao requinte dos hotéis de 5 estrelas, com condições preferenciais para todos os participantes.


Sintra é servida por comboio e autocarro regulares, mas é possível também recorrer a empresas de transfers e até mesmo fazer a viagem no eléctrico da praia das Maçãs.


Antes do final do ano, estará disponível a chamada para propostas de apresentações e workshops – brevemente serão disponibilizadas mais informações, fiquem atentos.

Teletrabalhadores & Nómadas Digitais:

Para quem precise de trabalhar, estão já a ser feitos contactos com espaços próximos de coworking, para não quebrar a produtividade de quem quiser vir uns dias mais cedo.


Atendendo à meteorologia dos últimos 5 anos, estatisticamente, talvez seja possível dar um mergulho (ou surfar umas ondas) na belíssima praia da Maçãs…

Nota final:

Ambos os sites habitualmente utilizados para divulgar as UbuCon estão offline, mas estarão operacionais durante os próximos dias.

Por agora é tudo, estamos muito ocupados a preparar tudo para vos receber!
Fotos: Sérgio Pedro Tiago

UbuCon Europe 2019 – in Sintra! Essen> Paris> Xixón> Sintra!

It is our great pleasure to announce the location (and dates) for the next UbuCon Europe.
It will be from the 10th to 13th October 2019, at the Centro Cultural Olga Cadaval (Sintra, Portugal).

After several suggestions, requests and a reasonable amount of enthusiastic pressure, added to our great wish to receive the world’s Ubuntu Community in our country, we decided to set the conditions for this great gathering in Lusitanian lands.
Therefore, Ubuntu PT Local Community is thus inviting all interested parties to attend the next UbuCon Europe!

What’s a UbuCon?

UbuCon are conventions organized by the Ubuntu Community.
They’re comprised of lectures, workshops, conferences, key notes, demonstrations and social events.

The venue:

The chosen location is ideal for this purpose, with an auditorium fitting more than 270 people, 3 rooms for workshops and an exhibition space. In the immediate vicinity there are plenty of places to try out the local cuisine and where social events will be organized.


We offer a wide range of accommodation partners, from CouchSurfing to the refinement of 5 star hotels, with special conditions for all participants.


Sintra is served by regular trains and buses easily accessible from Lisbon’s international airport; it’s also possible to use shuttle companies and even make the trip from the Maçãs beach.


Before the end of the year, we’ll launch a Call for Proposals – for presentations, lectures, workshops – more information will be available soon. Stay tuned.

Remote workers & digital nomads:

For those who still need to work, arrangements are already being made with nearby coworking spaces – as not to break the productivity of those who want to come a few days earlier.


Given the weather conditions of the last 5 years, statistically perhaps it will be possible to dive (or surf) in the beautiful Maçãs beach!…

Last notes:

Both websites commonly used to promote UbuCon are offline, but will be operational during the next few days.

It’s all for now – we are very busy arranging everything to welcome you!
Photos: Sérgio Pedro Tiago

Categories: Linux

Podcast Ubuntu Portugal: S01E12 – Áudio-jornal

Planet Ubuntu - Tue, 11/27/2018 - 18:27

Ubuntu 18.04 com o dobro do prazo de validade me contraponto com o fim do Free Music Archive, passando pelas últimas movimentações próximas do Fairphone… Já sabes: Ouve, subscreve e partilha!


Este episódio foi produzido e editado por Alexandre Carrapiço (Thunderclaws Studios – captação, produção, edição, mistura e masterização de som) contacto: thunderclawstudiosPT–arroba–

Atribuição e licenças

A imagem de capa: richard ling em Visualhunt e está licenciada como CC BY-NC-ND.

A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da CC0 1.0 Universal License.

Este episódio está licenciado nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

Categories: Linux

The Fridge: Ubuntu Weekly Newsletter Issue 555

Planet Ubuntu - Mon, 11/26/2018 - 14:17

Welcome to the Ubuntu Weekly Newsletter, Issue 555 for the week of November 18 – 24, 2018. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Categories: Linux

Daniel Pocock: UN Forum on Business and Human Rights

Planet Ubuntu - Mon, 11/26/2018 - 04:42

This week I'm at the UN Forum on Business and Human Rights in Geneva.

What is the level of influence that businesses exert in the free software community? Do we need to be more transparent about it? Does it pose a risk to our volunteers and contributors?

Categories: Linux

Sean Davis: Xfce Screensaver 0.1.3 Released

Planet Ubuntu - Sun, 11/25/2018 - 08:37

After 3 weeks of dedicated development time, the first Xfce Screensaver beta release is now available! With better event handling, a significantly upgraded preferences dialog, and a tidier codebase, the new version is nearly ready for prime time. 

What’s New? Features
  • All available configuration options are now available in the Preferences dialog, boosting the easily accessible options from 4 to 13!
  • Idle time is now based on the X11 Screensaver plugin instead of the GNOME Session Manager.
  • Xfce Screensaver now respects the xdg-screensaver state, inhibiting the screensaver when using apps like Caffeine or watching a fullscreen video.
  • Screensaver and lock screen functionality can easily now be toggled separately.
General Preferences
  • Dropped unused configuration options [1, 2, 3]
  • Renamed all Xfconf properties for improved clarity and easier maintenance [1, 2]
Bug Fixes
  • Replaced Help link with a link to the Xfce Docs (Xfce #14877)
  • Added /usr/lib and /usr/libexec as trusted engine paths, enabling local installs on Linux with access to existing screensavers (Xfce #14883)
  • Fixed screen blanking and locking on FreeBSD and OpenBSD (Xfce #14846)
  • Fixed lock screen crash on laptop lid-close events (GTK #1466)
  • Fixed daemon crash when scrolling through available themes
  • Improved window size resizing for smaller displays
  • Renamed included screensavers to avoid conflicts with MATE Screensaver
  • Reduced flicker rate when multiple keyboard layouts are available (still not fully fixed, but greatly improved)
Build Improvements
  • Silenced warning: ar: ‘u’ modifier ignored since ‘D’ is the default
  • Fixed warning: Target given more than once in the same rule
Code Quality
  • Applied cpplint fixes and added cpplint configuration file
  • Cleaned up unused variables, trailing spaces, and deprecated code
  • Glade templates were cleaned up and organized for easier maintenance
Translation Updates

Albanian, Basque, Chinese (China), Chinese (Taiwan), Danish, French, Galician, Hebrew, Icelandic, Italian, Korean, Malay, Polish, Russian, Slovak, Turkish

Screenshots Downloads

This is the first beta release of Xfce Screensaver. While still not recommended for production machines, this is a great time to test and report bugs so we can put together an awesome stable release soon.

Source tarball (md5sha1sha256)

Xubuntu users (18.04, 18.10, and 19.04) can grab the package from the Xubuntu QA Experimental PPA.

sudo add-apt-repository ppa:xubuntu-dev/experimental
sudo apt-get update
sudo apt-get install xfce4-screensaver

Remember to also remove or exit light-locker and start xfce4-screensaver (or log out and back in) and add support for xfce4-screensaver to the xflock4 script.

Thanks and enjoy!

Categories: Linux

Balint Reczey: Migrating from Bazaar to Git on Launchpad just got easier!

Planet Ubuntu - Sat, 11/24/2018 - 15:48

Debian recently switched from Alioth to Salsa offering only Git hosting from now on and that simplifies the work of exiting contributors and also helps newcomers who are most likely already familiar with Git if they know at least one version control system. (Thanks to everyone involved in the transition!)

On Ubuntu’s side, most Ubuntu-specific packages and big part of Ubuntu’s infrastructure used to be maintained in Bazaar repositories in the past. Since then Git became the most widely used version control system but the Bazaar repositories did not fully disappear.

There are still hundreds of packages maintained in Bazaar in Ubuntu (packaging repositories in Bazaar by team) and Debian (lintian report) and maintaining them in Git instead could be easier in the long term.

Launchpad already supports Git and there are guidelines for converting Bazaar repositories to Git (1,2),  but if you would like to make the switch I suggest taking a look at bzr-git-mass-convert based on bzr fast-export (verifying the result with git-remote-bzr). It is a simple tool for merging multiple Bazaar branches to a single git repository set up for pushing it back to Launchpad.

We (at the Foundations Team) use it for migrating our repositories and there is also a wiki page for tracking the migration schedule of popular repositories.

Categories: Linux

LoCo Ubuntu PT: Ho Ho Ho! O Pai Natal chegou mais cedo

Planet Ubuntu - Fri, 11/23/2018 - 05:35


Trazemos ótimas novidades para a Comunidade! Acabamos de encomendar camisolas e t-shirts alusivos ao Ubuntu e à Comunidade Ubuntu Portugal e estamos a vendê-las para angariar fundos para as atividades do grupo. Mas não acaba aqui! Também temos crachás para venda.

Eis uma amostra do material que temos:

Quiçá uma prenda de Natal? Ou simplesmente um acessório altamente estiloso?

O custo das t-shirts é de 10€, das hoodies é de 25€ e os crachás custam 1€.

Para encomendares, preenche o formulário que encontrás neste link:

Contamos com o teu contributo!

Saudações cibernauticas

Categories: Linux

Sebastian K&uuml;gler: Different indentation styles per filetype

Planet Ubuntu - Fri, 11/23/2018 - 01:30

For my hacking, I love to use the KDevelop IDE. Once in a while, I find myself working on a project that has different indentation styles depending on the filetype — in this case, C++ files, Makefiles, etc. use tabs, JavaScript and HTML files use 2 spaces. I haven’t found this to be straight-forward from KDevelop’s configuration dialog (though I just learnt that it does seem to be possible). I did find myself having to fix indentation before committing (annoying!) and even having to fix up the indentation of code committed by myself (embarrassing!). As that’s both stupid and repetitive work, it’s something I wanted to avoid. Here’s how it’s done using EditorConfig files:

  1. put a file called .editorconfig in the project’s root directory
  2. specify a default style and then a specialization for certain filetypes
  3. restart KDevelop

Here’s what my .editorconfig file looks like:

# EditorConfig is awesome: # for the top-most EditorConfig file, set... # root = true # In general, tabs shown 2 spaces wide [*] indent_style = tab indent_size = 2 # Matches multiple files with brace expansion notation [*.{js,html}] indent_style = space indent_size = 2

This does the job nicely and has the following advantages:

  • It doesn’t affect my other projects, so I don’t have to run around in the configuration to switch when task-switching. (Editorconfigs cascade, so will be looked up up in the filesystem tree for fallback styles.
  • It works across different editors supporting the editorconfig standards, so not just KWrite, Kate, KDevelop, but also for entirely different products.
  • It allows me to spend less time on formalities and more time on actual coding (or diving).

(Thanks to Reddit.)

Categories: Linux

Ubuntu Podcast from the UK LoCo: S11E37 – Thirty Seven: Essays On Life, Wisdom, And Masculinity

Planet Ubuntu - Thu, 11/22/2018 - 08:00

This week we’ve been building a new home server using SnapRAID and upgrading a Thinkpad to Ubuntu 16.04. Samsung debut the beta of Linux on DeX, Wireframe Magazine is out, the Raspberry Pi 3 Model A+ is available, Ubuntu 18.04 will be supported for 10 years and we round up community news.

It’s Season 11 Episode 37 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Categories: Linux


Subscribe to Bill's Place aggregator - Linux