Planet Ubuntu

Subscribe to Planet Ubuntu feed
Planet Ubuntu - http://planet.ubuntu.com/
Updated: 2 hours 11 min ago

Daniel Pocock: The questions you really want FSFE to answer

Fri, 06/15/2018 - 01:28

As the last man standing as a fellowship representative in FSFE, I propose to give a report at the community meeting at RMLL.

I'm keen to get feedback from the wider community as well, including former fellows, volunteers and anybody else who has come into contact with FSFE.

It is important for me to understand the topics you want me to cover as so many things have happened in free software and in FSFE in recent times.

Some of the things people already asked me about:

  • the status of the fellowship and the membership status of fellows
  • use of non-free software and cloud services in FSFE, deviating from the philosophy that people associate with the FSF / FSFE family
  • measuring both the impact and cost of campaigns, to see if we get value for money (a high level view of expenditure is here)

What are the issues you would like me to address? Please feel free to email me privately or publicly. If I don't have answers immediately I would seek to get them for you as I prepare my report. Without your support and feedback, I don't have a mandate to pursue these issues on your behalf so if you have any concerns, please reply.

Your fellowship representative

Categories: Linux

Kees Cook: security things in Linux v4.17

Thu, 06/14/2018 - 17:23

Previously: v4.16.

Linux kernel v4.17 was released last week, and here are some of the security things I think are interesting:

Jailhouse hypervisor

Jan Kiszka landed Jailhouse hypervisor support, which uses static partitioning (i.e. no resource over-committing), where the root “cell” spawns new jails by shrinking its own CPU/memory/etc resources and hands them over to the new jail. There’s a nice write-up of the hypervisor on LWN from 2014.

Sparc ADI

Khalid Aziz landed the userspace support for Sparc Application Data Integrity (ADI or SSM: Silicon Secured Memory), which is the hardware memory coloring (tagging) feature in Sparc M7. I’d love to see this extended into the kernel itself, as it would kill linear overflows between allocations, since the base pointer being used is tagged to belong to only a certain allocation (sized to a multiple of cache lines). Any attempt to increment beyond, into memory with a different tag, raises an exception. Enrico Perla has some great write-ups on using ADI in allocators and a comparison of ADI to Intel’s MPX.

new kernel stacks cleared on fork

It was possible that old memory contents would live in a new process’s kernel stack. While normally not visible, “uninitialized” memory read flaws or read overflows could expose these contents (especially stuff “deeper” in the stack that may never get overwritten for the life of the process). To avoid this, I made sure that new stacks were always zeroed. Oddly, this “priming” of the cache appeared to actually improve performance, though it was mostly in the noise.

MAP_FIXED_NOREPLACE

As part of further defense in depth against attacks like Stack Clash, Michal Hocko created MAP_FIXED_NOREPLACE. The regular MAP_FIXED has a subtle behavior not normally noticed (but used by some, so it couldn’t just be fixed): it will replace any overlapping portion of a pre-existing mapping. This means the kernel would silently overlap the stack into mmap or text regions, since MAP_FIXED was being used to build a new process’s memory layout. Instead, MAP_FIXED_NOREPLACE has all the features of MAP_FIXED without the replacement behavior: it will fail if a pre-existing mapping overlaps with the newly requested one. The ELF loader has been switched to use MAP_FIXED_NOREPLACE, and it’s available to userspace too, for similar use-cases.

pin stack limit during exec

I used a big hammer and pinned the RLIMIT_STACK values during exec. There were multiple methods to change the limit (through at least setrlimit() and prlimit()), and there were multiple places the limit got used to make decisions, so it seemed best to just pin the values for the life of the exec so no games could get played with them. Too much assumed the value wasn’t changing, so better to make that assumption actually true. Hopefully this is the last of the fixes for these bad interactions between stack limits and memory layouts during exec (which have all been defensive measures against flaws like Stack Clash).

Variable Length Array removals start

Following some discussion over Alexander Popov’s ongoing port of the stackleak GCC plugin, Linus declared that Variable Length Arrays (VLAs) should be eliminated from the kernel entirely. This is great because it kills several stack exhaustion attacks, including weird stuff like stepping over guard pages with giant stack allocations. However, with several hundred uses in the kernel, this wasn’t going to be an easy job. Thankfully, a whole bunch of people stepped up to help out: Gustavo A. R. Silva, Himanshu Jha, Joern Engel, Kyle Spiers, Laura Abbott, Lorenzo Bianconi, Nikolay Borisov, Salvatore Mesoraca, Stephen Kitt, Takashi Iwai, Tobin C. Harding, and Tycho Andersen. With Linus Torvalds and Martin Uecker, I also helped rewrite the max() macro to eliminate false positives seen by the -Wvla compiler option. Overall, about 1/3rd of the VLA instances were solved for v4.17, with many more coming for v4.18. I’m hoping we’ll have entirely eliminated VLAs by the time v4.19 ships.

That’s in for now! Please let me know if you think I missed anything. Stay tuned for v4.18; the merge window is open. :)

© 2018, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Categories: Linux

Simos Xenitellis: How to use LXD container hostnames on the host in Ubuntu 18.04

Thu, 06/14/2018 - 12:32

If you have two LXD containers, mycontainer1 and mycontainer2, then you can reference each other with those handy *.lxd hostnames like this,

$ lxc exec mycontainer1 -- sudo --user ubuntu --login ubuntu@mycontainer1:~$ ping mycontainer2.lxd PING mycontainer2.lxd(mycontainer2.lxd (fd42:cba6:557e:1a5a:24e:3eff:fce2:8d3)) 56 data bytes 64 bytes from mycontainer2.lxd (fd42:cba6:557e:1a5a:24e:3eff:fce2:8d3): icmp_seq=1 ttl=64 time=0.125 ms ^C --- mycontainer2.lxd ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.125/0.125/0.125/0.000 ms ubuntu@mycontainer1:~$

Those hostnames are provided automatically by LXD when you use the default private bridge lxdbr0. They are provided by the dnsmasq service that LXD starts for you, and it’s a service that binds specifically on the lxdbr0 network interface.

LXD does not make changes to the networking of the host, therefore you cannot use those hostnames from your host,

ubuntu@mycontainer1:~$ exit $ ping mycontainer2.lxd ping: unknown host mycontainer2.lxd Exit 2

In this post we are going to see how to set up the host on Ubuntu 18.04 (any Linux distribution that uses systemd-resolve) so that the host can access the container hostnames.

The default configuration per systemd of the lxdbr0 bridge on the host is

$ systemd-resolve --status ...Link 2 (lxdbr0) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no

The goal is to add the appropriate DNS server entries to that configuration.

$ ip addr show dev lxdbr0 2: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether fe:2b:da:d9:49:4a brd ff:ff:ff:ff:ff:ff inet 10.100.100.1/24 scope global lxdbr0 valid_lft forever preferred_lft forever inet6 fd42:6a89:42d0:60b::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::10cf:51ff:fe05:5383/64 scope link valid_lft forever preferred_lft forever

The IP address of the lxdbr0 interface in this case is 10.100.100.1 and that is the IP of the DNS server.

Temporary network configuration

Run the following command to configure temporarily the interface and add the DNS service details.

$ sudo systemd-resolve --interface lxdbr0 --set-dns 10.100.100.1 --set-domain lxd

In this command,

  1. we specify the network interface lxdbr0
  2. we set the DNS server to the IP address of the lxdbr0, the interface that dnsmasq is listening on.
  3. we set the domain to lxd, as the hostnames are of the form mycontainer.lxd.

Now, the configuration looks like

$ systemd-resolve --status ... Link 2 (lxdbr0) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 10.100.100.1 DNS Domain: lxd

This is a temporary network configuration and nothing has been saved to a file. When we reboot the computer, the configuration will be gone.

Permanent network configuration

In systemd, we can add per network interface configuration by adding a file in /etc/systemd/network/.

It should be a file with the extension .network, and the appropriate content.

Add the following file

$ cat /etc/systemd/network/lxd.network [Match] Name=lxdbr0 [Network] DNS=10.100.100.1 Domains=lxd

We chose the name lxd.network for the filename. As long as it has the .network extension, we are fine.

The [Match] section matches the name of the network interface, which is lxdbr0. The rest will only apply if the network interface is indeed lxdbr0.

The [Network] section has the specific network settings. We set the DNS to the IP of the LXD DNS server. And the Domains to the domain suffix of the hostnames. The lxd in Domains is the suffix that is configured in LXD’s DNS server.

Now, let’s restart the host and check the network configuration.

$ systemd-resolve --status ... Link 2 (lxdbr0) Current Scopes: DNS        LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 10.100.100.1 fe80::a405:eade:4376:3817 DNS Domain: lxd

Everything looks fine. By doing the configuration this way, systemd-resolve also picked up automatically the IPv6 address.

Conclusion

We have seen how to setup the host on a LXD installation so that processes on the host are able to see the hostnames of the containers. For Ubuntu 18.04 or any distribution that uses systemd for the DNS client needs.

If you use Ubuntu 16.04, then it requires a different way involving the dnsmasq-base configuration. There are instructions on this on the Internet, ask if you cannot find them.

Simos Xenitellishttps://blog.simos.info/
Categories: Linux

Ubuntu Podcast from the UK LoCo: S11E14.5 – Fourteen and a Half Pound Budgie - Ubuntu Podcast

Thu, 06/14/2018 - 08:00

This show was recorded in front of a live studio audience at FOSS Talk Live on Saturday 9th June 2018! We take you on a 40 year journey through our time trumpet and contribute to some open source projects for the first time and discuss the outcomes.

It’s Season 11 Episode 14.5 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this live show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Categories: Linux

Stephen Michael Kellat: Active Searching

Wed, 06/13/2018 - 20:00

I generally am not trying to shoot for terse blog posts. That being said, my position at work is getting increasingly untenable since we're in a position of being physically unable to accomplish our mission goals prior to funding running out at 11:59:59 PM Eastern Time on September 30th. Conflicting imperatives were set and frankly we're starting to hit the point that neither are getting accomplished regardless of how many warm bodies we're throwing at the problem. It isn't good either when my co-workers who have any military experience are sounding out KBR, Academi, and Perspecta.

I'm actively seeking new opportunities. In lieu of a fancy resume in LaTeX, I put forward the relevant details at https://www.linkedin.com/in/stephenkellat/. I can handle LaTeX, though, as seen by the example here that has some copyright-restricted content stripped from it: http://erielookingproductions.info/saybrook-example.pdf.

Ideas for things I could do:

  • Return to being a librarian
  • Work in an Emergency Operations Center (I am Incident Command System trained plus ran through the FEMA EOC basics training)
  • Work as a dispatcher (General class licensed ham radio operator)
  • Teach since I do "point of need" education now over the phone such as spending 30 minutes or more explaining to people how the "Estimated Tax Penalty" in the Internal Revenue Code works, for example
  • Work in a journalistic endeavor as I previously worked as a print news reporter and helmed an audio podcast for 6 years
  • Help coordinate interactions between programmers and regulators (Would you want to be in the uncomfortable position Mr. Zuckerberg was in front of the US Congress without support?)

If your project/work/organization/endeavor/skunkworks is looking for a new team player I may prove a worthwhile addition. You more than likely could pay me more than my current employer does.

Categories: Linux

Timo Aaltonen: Status of Ubuntu Mesa backports

Wed, 06/13/2018 - 07:08

It’s been quite a while since the last post about Mesa backports, so here’s a quick update on where we are now.

Ubuntu 18.04 was released with Mesa 18.0.0 which was built against libglvnd. This complicates things a bit when it comes to backporting Mesa to 16.04, because the packaging has changed a bit due to libglvnd and would break LTS->LTS upgrades without certain package updates.

So we first need to make sure 18.04 gets Mesa 18.0.5 (which is the last of the series, so no version bumps expected until the backport from 18.10) along with an updated libglvnd which bumps the Breaks/Replaces on old package versions to ensure that xenial -> bionic upgrade will go smoothly once 18.0.5 is backported to xenial, which will in fact be in -proposed soon.

What this also means is that the only release getting new Mesa backports via the x-updates PPA from now on is 18.04. And I’ve pushed Mesa 18.1.1 there today, enjoy!

Categories: Linux

Stuart Langridge: Little community conferences

Tue, 06/12/2018 - 03:07

This last weekend I was at FOSS Talk Live 2018. It was fun. And it led me into various thoughts of how I’d like there to be more of this sort of fun in and around the tech community, and how my feelings on success have changed a bit …

Categories: Linux

The Fridge: Ubuntu Weekly Newsletter Issue 531

Mon, 06/11/2018 - 15:56

Welcome to the Ubuntu Weekly Newsletter, Issue 531 for the week of June 3 – 9, 2018. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Categories: Linux

Jono Bacon: Closed Source and Ethics: Good, Bad, Or Ugly?

Mon, 06/11/2018 - 15:39

Recently the news broke that Microsoft are acquiring GitHub. Effusive opinions flowed from all directions: some saw the acquisition as a sensible fit for Microsoft to better support developers, and some saw it as a tyrant getting their grubby fingers on open source’s ecosystem.

I am thrilled for Microsoft and GitHub for many reasons, and there will be a bright future ahead because of it, but I have been thinking more about the reaction some of the critics have had to this, and why.

I find it fascinating that there still seems to be a deep-seated discomfort in some about Microsoft and their involvement in open source. I understand that this is for historical reasons, and many moons ago Microsoft were definitely on the offensive against open source. I too was critical of Microsoft and their approach back in those days. I may have even said ‘M$’ instead of ‘MS’ (ugh.)

Things have changed though. Satya Nadella, their CEO, has had a profound impact on the company: they are a significant investor and participant in open source across a multitude of open source projects, they hire many open source developers, run their own open source projects (e.g. VSCode), and actively sponsor and support many open source conferences, events, and initiatives. I know many people who work at Microsoft and they love the company and their work there. These are not microserfs: they are people like you and me.

Things have changed, and I have literally never drunk Kool-aid; this or any other type. Are they perfect? No, but they don’t claim to be. But is the Microsoft of today a radically different company to the Microsoft of the late nineties. No doubt.

Still though, this cynicism exists in some. Some see them as a trojan horse and ask if we can really trust them?

A little while ago I had a discussion with someone who was grumbling about Microsoft. After poking around his opinion, what shook out was that his real issue was not with Microsoft’s open source work (he was supportive of this), but it was with the fact that they still produce proprietary software and use software patents in departments such as Windows and Office.

Put bluntly, he believed Microsoft are ethically unfit as a company because of these reasons, and these reasons were significant enough to diminish their open source work almost entirely.

Ethics?

Now, I am always fascinated when people use the word “ethics” in a debate. Often it smacks of holier-than-thou hyperbole as opposed to an objective assessment of what is actually right and wrong. Also, it seems that when some bring up “ethics” the discussion takes a nosedive and those involved become increasingly uninterested in other opinions (as I am sure we will see beautifully illustrated in the comments on this post )

In this case though, I think ethics explains a lot about the variance of views on this and why we should seek to understand those who differ with us. Let me explain why.

Many of the critics of proprietary software are people who believe that it is ethically unsound. They believe that the production and release of proprietary software is a fundamentally pernicious act; that it is harmful to society and the individuals within it.

I have spent my entire career, the last 20 years, working in the open source world. I have run a number of open source communities, some large, some small. I am a live and let live kind of guy and I have financially supported organizations I don’t 100% agree with but who I think do interesting work. This includes the Free Software Foundation, Software Freedom Conservancy, and EFF, I have a close relationship with the Linux Foundation, and have worked with a number of companies on all sides of the field. Without wishing to sound like an egotistical clod, I believe I have earned my open source stripes.

Here’s the thing though, and some of you won’t like this: I don’t believe proprietary software is unethical. Far from it.

Clearly murder, rape, human trafficking, child abuse, and other despicable acts are unethical, but I also consider dishonesty, knowingly lying, taking advantage of people, and other similar indiscretions are unethical. I am not an expert in ethics and I don’t claim to be a perfectly ethical person, but by my reasoning unethical acts are a power imbalance that is forced on people without their consent.

Within my ethical code, software doesn’t get a look in. Not even close.

I don’t see proprietary software as a power imbalance. Sure, there are very dominant companies with proprietary platforms that people need to use (such as at your employer), and there are companies who have monopolies and tremendous power imbalances in the market. My ethical objection there though is with the market, not with the production of closed source software.

Now, before some of you combust. Let me be clear on this: I am deeply passionate about open source and free software and I do believe that proprietary software is sub-optimal in many situations. Heck, at least 60% of my clients are companies Ia m working with to build and deliver open source workflow.

In many situations, open source provides a much better model for collaboration, growth, security, community development, and other elements. Open source provides an incredible environment for people to shine: our broader open source ecosystem is littered with examples of under-represented groups doing great work and building fantastic careers and reputations. Open source and free software is one of the most profound technological revolutions, and it will generate great value and goodwill for many years to come.

Here lies the rub though: when I look at a company that ships proprietary products, I don’t see an unethical company, I see a company that has chosen a different model. I don’t believe the people working there are evil, that they are doing harm, and that they have mendacious intent. Is their model of building software sub-optimal? Probably, but it needs further judgement: open source clearly works in some areas (e.g. infrastructure software), but has struggled to catch on commercially in other areas (e.g. consumer software).

Put simply, open source does not guarantee success and proprietary software does not guarantee evil.

Be Productive

Throughout the course of my career I have always tried to understand other people’s views and build relationships even if we see things differently.

As an example, earlier I mentioned I have financially supported the Free Software Foundation and Software Freedom Conservancy. Over the years I have had my disagreements with both RMS and Bradley Kuhn, largely based on this different perspective to the ethics of software, but I respect that they come from a different position. I don’t believe they are “wrong” in their views. I believe the position they come from is different to mine. Let a thousand roses bloom: produce an ecosystem in which everyone can play a role and the best ideas will generally play out.

What is critical to me is taking a decent approach to this.

We don’t get anywhere by labelling those who work at or run companies with proprietary products as evil and as part of a shadowy cabal. We also don’t get anywhere by labelling those who do consider free software to be a part of their ethical code as “libtards” or something similarly derogatory. We need to learn more about other people’s views rather than purely focusing on out-arguing people. Sure, have fun with other people’s views, poke fun at them, but it should all be within the spirit of productive discourse.

Either way, no matter where you draw your line, or whatever your view is on the politique du jour, open source, community development, and open innovation is changing the world. We are succeeding, but we can do even greater work if we build bridges, not firebomb them. Be nice, people.

The post Closed Source and Ethics: Good, Bad, Or Ugly? appeared first on Jono Bacon.

Categories: Linux

Stuart Langridge: FOSS Talk Live 2018

Mon, 06/11/2018 - 10:50

Saturday 9th June 2018 marked FOSS Talk Live 2018, an evening of Linux UK podcasts on stage at The Harrison pub near Kings Cross, London. It’s in its third year now, and each year has improved on the last. This year there were four live shows: Late Night Linux …

Categories: Linux

Stephen Michael Kellat: Early June Update

Sun, 06/10/2018 - 21:26

In no particular order:

  • The world hasn't ended yet. The summit hasn't started between my CEO at work and the North Korean leader, either.
  • I set up a Gogs instance at http://git.erielookingproductions.info with help from the gogsgit snap. The next step is to figure out setting up HTTPS on it. Yes, Alan, there is a firewall.
  • Updated the LaTeX doc that serve as "my website" over at http://erielookingproductions.info.
  • Somehow I still have a job. The internal dashboards are extremely scary-looking. I haven't heard back on any outside applications. The profile at LinkedIn has probably every little detail I can stuff in it.
  • I'm still using LaTeX to layout the worship booklets for the church's mission activity at the local nursing home. Consider how graphics-heavy it is with all the scans from the hymnals, LaTeX actually makes it pretty easy compared to fussy with MS Word let alone LibreOffice Writer. Granted, I end up producing PDF files that range around 25-35 megabytes each fortnight but we get usable materials. So far it has worked for over a year as I've tightened up the workflow and have become more adept at using LaTeX routinely in a humanities role.
  • Work has me stuck at "week to week" life to where I don't know if I even have a work schedule for the next week. That makes planning a bit rough. OggCamp 18 is on my mind as I try to figure out what the barely-communicated needs of the enterprise are compared to my role in meeting them. To use a sad expression, barely anybody is singing from the same hymnal at work whether it is agency executives or first-line managers.
  • Eventually I will get a proper cord-cutting operation in place. Antennae are up. One receiver is in place. I need to get the personal video recorder up and going next.
Categories: Linux

Ubuntu Podcast from the UK LoCo: S11E14 – The Fourteenth Goldfish - Ubuntu Podcast

Thu, 06/07/2018 - 12:35

This week we review the KDE Slimbook II, experiment with Linux on the Hades Canyon NUC and play some Track Mania Nations Forever. We also bring you some command line love and go over your feedback.

It’s Season 11 Episode 14 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

sudo snap set core refresh.schedule=4:00-7:00
  • And we go over all your amazing feedback – thanks for sending it – please keep sending it!

  • Image credit: Joshua Allwood

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

Categories: Linux

Alan Pope: KDE Slimbook 2 Review

Thu, 06/07/2018 - 10:28
KDE Slimbook 2 Review

The kind folks at Slimbook recently sent me the latest generation of their ultrabook-style laptop line for review, the KDE Slimbook 2. You can hear my thoughts on the latest episode of the Ubuntu Podcast, released on June 7th 2018.

Slimbook are a small laptop vendor based in Spain. All the laptops ship with KDE Neon as the default operating system. In addition to their hardware, they also contribute to and facilitate local Free Software events in their area. I was sent the laptop only for review purposes. There's no other incentive provided, and Slimbook didn't see this blog post before I published it.

Being a small vendor, they don't have the same buying power with OEM vendors as other big name laptop suppliers. This is reflected in the price you pay. You're supporting a company who are themselves supporting Free Software developers and communities.

If you're after the cheapest possible laptop, and don't care about its origin or the people behind the device, then maybe this laptop isn't for you. However, if you like to vote with your wallet, then the KDE Slimbook should absolutely be on your list to seriously consider.

Specs

The device I was sent has the following technical specifications.

  • Core i5-7200 @ 2.5GHz CPU
  • Integrated Intel HD 620 GPU
  • 16GB DDR4 RAM
  • 500GB Samsung 960 EVO SSD
  • Intel 7265 Wireless chipset
  • Bluetooth chipset
  • 1080p Matte finish
  • Full size SD card
  • Heaphone socket and built in mic
  • 720p webcam
  • 1 x USB 3.0 (USB3.1 Gen 1) (Type A), 1 x USB 3.0 (USB3.1 Gen 1) (Type C), 1 x USB 2.0 (Type A)
  • Spanish 'chiclet' style keyboard with power button in top right
  • 3-level keyboard backlight
  • Elan Synaptics touch pad
  • 46Wh battery, TPS S10
  • Power adpater with right-angle plug
  • USB-C dongle

As shipped, mine came in at around ~1098EUR / 956GBP / 1267USD. Much of this can be tweaked, including the keyboard layout, although doing so may extend the lead time on receiving the device. There are plenty of options to tweak, and the site gives a running total as you adjust to taste. There's an i7 version, and I'm told it will soon be possible to order one with a black case, rather than the silver I was shipped. The laptop shipped with one drive, but has capacity for both an M.2 and traditional form factor drive too. So, fully loaded you could order this with 2x1TB SSDs if you're after extra disk space.

Notable is the lack of Ethernet port, which for some is a dealbreaker, even in these days of ubiquitous reliable wifi for many. The solution Slimbook went with is to provide two optional 'dongles'. One connects to USB3 Type A and presents an Ethernet port. The other option connects to the USB C port and provides 3 more USB 3 tradtional ports and an Ethernet socket. Slimbook shipped me the latter, which was super useful for connecting more USB devices, and a LAN cable.

The cable on the dongle is relatively short, but it feels solid, and I had no problems with it in infrequent daily use. One omission on the dongle is the lack of a pass-through USB C port. Once the dongle is attached to the laptop, you've used your only type-c connector. This might not be a problem if you're a luddite like me who had very few USB-C devices, but I imagine that'll be more of an issue going forward. This is an optional dongle though, and you could certainly choose not to get it, but purchase a differenty one to service your requirements.

Software

Default install - KDE Neon

The laptop shipped with KDE Neon. It's no secret to listeners of the Ubuntu Podcast that I'm a bit of a KDE fanboy since I began testing Neon a few months back, and stuck with it on my ThinkPad T450. So I am a little biased in favour of this particular Linux distribution. So I felt very much at home on the Slimbook with KDE.

On other computers I've tweaked the desktop in various ways - it's the KDE raison d'être to expose settings for everything, and I usually tweak a fair number. However on the Slimbook I wanted to try out the default experience. I found the default applications easy to use, well integrated and reliable. I'm writing this blog post in Kwrite, and have noticed features that I would have not expected here, such as the zoomed out code view and popup spelling completion.

I'm pleasantly surprised by the choices made on the software build here. KDE performs well & starts up and wakes from suspend quickly. Everything works out of the box, and the selection of applications is small, but wisely chosen. Unsurprisingly I've augmented the default apps with a few applications I use on a daily basis elsewhere, and they all fit in perfectly. I didn't feel any of the applications I use stood out as alien, or non-KDE originals. The theme and app integration is spot on. If I were a Slimbook customer, I'd happily leave the default install pretty much as-is and thoughouly enjoy the experience.

The software is delivered by the usual Ubuntu 16.04 (Xenial) archives, with the KDE Neon archive delivering updates to the KDE Plasma desktop and suite of applications. In addition two PPAs are enabled. One for TLP and another for screenfetch. Personally on a shipping laptop I'd be inclined not to enable 3rd party PPAs, but perhaps supply documentation which details how the user can enable them if required. PPAs are not stable, and can deliver unexpected updates and experiences to users.

I should also mention in the pack was a tri-fold leaflet titled "Plasma Desktop & You". It details a little about KDE, the community and invites new users to not only enjoy the software, but get involved. It's a nice touch.

Alternative options

Slimbook don't appear to offer other Linux distributions - and given the lid of the laptop has a giant KDE logo engraved on it, that wouldn't make a ton of sense anyway.

However I tested a couple of distros on it via live USB sticks. With Ubuntu 18.04 everything worked, including the USB C Ethernet dongle. For fun I also tried out Trisquel, which also appeared to mostly work including wired network via the dongle, but wifi didn't function. I didn't attempt any other distros, but given how well KDE Neon (based on Ubuntu 16.04), Ubuntu 18.04 worked, I figure any distro-hoppers would have no hardware compatibility issues.

Hardware Display & Graphics

The 1080p matte finish panel is great. I found it plenty bright and clear enough at maximum brightness. There are over 20 levels of brightness and I found myself using a balanced setting near the middle most of the time, only needing full brightness sometimes when outside. The viewing angles are fine for a single person using it, but don't lend well to having a bunch of people crouched round the laptop.

I ran a few games to see how the integrated GPU performed, and it was surprinsgly okay. My usual tests involved running Mini Metro which got 50fps, Goat Simulator at 720 got me 25fps and Talos Principle at 1080p also clocked in 25fps. This isn't a gaming laptop but if you want to play a few casual games or even run some emulators between work, it's more than up to the task.

Performance

I use a bunch of fairly chunky applications on a daily basis including common electron apps and tools. I also frequently build software locally using various compilers. The Slimbook 2 was a super effective workstation computer for these tasks. It rarely broke into a sweat, with very few occasions where the fan span up. Indeed I can't really tell you how loud the fan is because I so rarely heard it.

It boots quickly, the session starts promptly and application startup isn't a problem. Overall as a workstation, it's fine for any of the tasks I do daily.

Keyboard

The keyboard is a common 'chiclet' affair, with a full row of function keys that double as media, wifi, touchpad, brightness hardware control buttons. The arrow cluster is bottom right with home/end/pgup/pgdown as secondary functions on those keys. The up/down arrows are vertically half-size to save space, which I quite like.

The "Super" (Windows) key sports a natty little Tux with the Slimbook logo beneath. Nice touch :)

Touchpad

The touchpad is a decent size and works with single and double touch for click/drag and scrolling. I did find the palm rejection wasn't perfect in KDE. I sometimes found myself nuking chunks of a document while typing as my fat thumbs hit the touchpad, selecting text and overtyping it.

I tried fiddling with the palm rejection options in KDE but didn't quite hit the sweet-spot. I've never been a fan of touchpads at all, and would likely just turn off the device (via Fn-F1) if this continued to annoy me, which it didn't especially.

Audio

As with most ultrabook style laptops the audio is okay, but not great. I played my usual test songs and the audio reproduction via speakers lacked volume, was a bit tinny and lacked bass.

With headphones plugged in, it was fine. I rarely use laptop speakers personally, but tend to use a pair of headphones. Nobody wants to hear what I'm listening to :). It's fine for the odd video conference though.

Battery

The model I had was supplied with a 46Wh battery, a small & lightweight ~40W charger and euro power cable & right angled barrel connector to the laptop. Under normal circumstances with medium workload I would get around 7 hours, sometimes more.

Leaving the laptop on, connected to wifi, with KDE power management switched off and brightness at 30% the system lasted around 8 hours 40 mins. I'd anticipate with a variable workload, with KDE power management switched on, you'd get similar times.

I also tried leaving the laptop playing a YouTube video at 1080p, full screen with wifi switched on and power management suppresed by the browser. The battery gave out after around 5 hours.

The battery takes around 4 hours to re-charge while the laptop is on. This is probably faster if you're not using the laptop at the time, but I didn't test that.

Overall impressions

I've been really happy using the KDE Slimbook 2. The software choices are sensible, and being based on Ubuntu 16.04 meant I could install whatever else I needed outside the KDE ecosystem. The laptop is quiet, feels well built and was a pleasure to use. I'm a little sad to give it back, because I've got used to the form-factor now.

I have only a couple of very minor niggles. The chassis case is a little sharp around the edges, much like the MacBook Air it takes design cues from. Secondly, when suspended the power LED is on the inside of the laptop, above the keyboard. So if like me, you suspend your laptop by closing the lid, you won't know if it suspended properly by looking at the slow blink of the power LED. It's a minor thing, but having been burned (literally) in the past by a laptop which unexpectedly didn't suspend, it's something I'm aware of.

Other than that, it's a cracking machine. I'd be happy to use this on a daily basis. If you're in the market for a new laptop, and want to support a Linux vendor, this device should totally be on your list. Thanks so much to Slimbook for shipping the device over and letting me have plenty of time to play with it!

Categories: Linux

Marcin Juszkiewicz: From a diary of AArch64 porter — parallel builds

Wed, 06/06/2018 - 04:46

Imagine that you have a package to build. Sometimes it takes minutes. Other one takes hours. And then you run htop and see that your machine is idle during such build… You may ask “Why?” and the answer would be simple: multiple cpu cores.

On x86-64 developers usually have from two to four cpu cores. Can be double of that due to HyperThreading. And that’s all. So for some weird reason they go for using make -jX where X is half of their cores. Or completely forget to enable parallel builds.

And then I came with ARM64 system. With 8 or 24 or 32 or 48 or even 96 cpu cores. And have to wait and wait and wait for package to build…

So next step is usually similar — edit of debian/rules file and adding --parallel argument to dh call. Or removal of --max-parallel option. And then build makes use of all those shiny cpu cores. And it goes quickly…

Related posts:
  1. I miss Debian tools
  2. The story of Qt/AArch64 patching
  3. It is 10 years of Linux on ARM for me
Categories: Linux

Daniel Pocock: Public Money Public Code: a good policy for FSFE and other non-profits?

Tue, 06/05/2018 - 14:40

FSFE has been running the Public Money Public Code (PMPC) campaign for some time now, requesting that software produced with public money be licensed for public use under a free software license. You can request a free box of stickers and posters here (donation optional).

Many non-profits and charitable organizations receive public money directly from public grants and indirectly from the tax deductions given to their supporters. If the PMPC argument is valid for other forms of government expenditure, should it also apply to the expenditures of these organizations too?

Where do we start?

A good place to start could be FSFE itself. Donations to FSFE are tax deductible in Germany and Switzerland. Therefore, the organization is partially supported by public money.

Personally, I feel that for an organization like FSFE to be true to its principles and its affiliation with the FSF, it should be run without any non-free software or cloud services.

However, in my role as one of FSFE's fellowship representatives, I proposed a compromise: rather than my preferred option, an immediate and outright ban on non-free software in FSFE, I simply asked the organization to keep a register of dependencies on non-free software and services, by way of a motion at the 2017 general assembly:

The GA recognizes the wide range of opinions in the discussion about non-free software and services. As a first step to resolve this, FSFE will maintain a public inventory on the wiki listing the non-free software and services in use, including details of which people/teams are using them, the extent to which FSFE depends on them, a list of any perceived obstacles within FSFE for replacing/abolishing each of them, and for each of them a link to a community-maintained page or discussion with more details and alternatives. FSFE also asks the community for ideas about how to be more pro-active in spotting any other non-free software or services creeping into our organization in future, such as a bounty program or browser plugins that volunteers and staff can use to monitor their own exposure.

Unfortunately, it failed to receive enough votes.

In a blog post on the topic of using proprietary software to promote freedom, FSFE's Executive Director Jonas Öberg used the metaphor of taking a journey. Isn't a journey more likely to succeed if you know your starting point? Wouldn't it be even better having a map that shows which roads are a dead end?

In any IT project, it is vital to understand your starting point before changes can be made. A register like this would also serve as a good model for other organizations hoping to secure their own freedoms.

For a community organization like FSFE, there is significant goodwill from volunteers and other free software communities. A register of exposure to proprietary software would allow FSFE to crowdsource solutions from the community.

Back in 2018

I'll be proposing the same motion again for the 2018 general assembly meeting in October.

If you can see something wrong with the text of the motion, please help me improve it so it may be more likely to be accepted.

Offering a reward for best practice

I've observed several discussions recently where people have questioned the impact of FSFE's campaigns. How can we measure whether the campaigns are having an impact?

One idea may be to offer an annual award for other non-profit organizations, outside the IT domain, who demonstrate exemplary use of free software in their own organization. An award could also be offered for some of the individuals who have championed free software solutions in the non-profit sector.

An award program like this would help to showcase best practice and provide proof that organizations can run successfully using free software. Seeing compelling examples of success makes it easier for other organizations to believe freedom is not just a pipe dream.

Therefore, I hope to propose an additional motion at the FSFE general assembly this year, calling for an award program to commence in 2019 as a new phase of the PMPC campaign.

Please share your feedback

Any feedback on this topic is welcome through the FSFE discussion list. You don't have to be a member to share your thoughts.

Categories: Linux

The Fridge: Ubuntu Weekly Newsletter Issue 530

Mon, 06/04/2018 - 14:15

Welcome to the Ubuntu Weekly Newsletter, Issue 530 for the week of May 27 – June 2, 2018. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Wild Man
  • Bashing-om
  • Chris Guiver
  • Simon Quigley
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Categories: Linux

Raphaël Hertzog: My Free Software Activities in May 2018

Mon, 06/04/2018 - 10:56

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donors (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

distro-tracker

With the disappearance of many alioth mailing lists, I took the time to finish proper support of a team email in distro-tracker. There’s no official documentation yet but it’s already used by a bunch of team. If you look at the pkg-security team on tracker.debian.org it has used “pkg-security” as its unique identifier and it has thus inherited from team+pkg-security@tracker.debian.org as an email address that can be used in the Maintainer field (and it can be used to communicate between all team subscribers that have the contact keyword enabled on their team subscription).

I also dealt with a few merge requests:

I also filed ticket #7283 on rt.debian.org to have local_part_suffix = “+” for tracker.debian.org’s exim config. This will let us bounce emails sent to invalid email addresses. Right now all emails are delivered in a Maildir, valid messages are processed and the rest is silently discarded. At the time of processing, it’s too late to send bounces back to the sender.

pkg-security team

This month my activity is limited to sponsorship of new packages:

  • grokevt_0.5.0-2.dsc fixing one RC bug (missing build-dep on python3-distutils)
  • dnsrecon_0.8.13-1.dsc (new upstream release)
  • recon-ng_4.9.3-1.dsc (new upstream release)
  • wifite_2.1.0-1.dsc (new upstream release)
  • aircrack-ng (add patch from upstream git)

I also interacted multiple times with Samuel Henrique who started to work on the Google Summer of Code porting Kali packages to Debian. He mainly worked on getting some overview of the work to do.

Misc Debian work

I reviewed multiple changes submitted by Hideki Yamane on debootstrap (on the debian-boot mailing list, and also in MR 2 and MR 3). I reviewed and merged some changes on live-boot too.

Extended LTS

I spent a good part of the month dealing with the setup of the Wheezy Extended LTS program. Given the lack of interest of the various Debian teams, it’s hosted on a Freexian server and not on any debian.org infrastructure. But the principle is basically the same as Debian LTS except that the package list is reduced to the set of packages used by Extended LTS sponsors. But the updates prepared in this project are freely available for all.

It’s not too late to join the program, you can always contact me at deblts@freexian.com with a source package list that you’d like to see supported and I’ll send you back an estimation of the cost.

Thanks to an initial contribution from Credativ, Emilio Pozuelo Monfort has prepared a merge request making it easy for third parties to host their own security tracker that piggy-back on Debian’s one. For Extended LTS, we thus have our own tracker.

Thanks

See you next month for a new summary of my activities.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Categories: Linux

Daniel Pocock: Free software, GSoC and ham radio in Kosovo

Mon, 06/04/2018 - 02:06

After the excitement of OSCAL in Tirana, I travelled up to Prishtina, Kosovo, with some of Debian's new GSoC students. We don't always have so many students participating in the same location. Being able to meet with all of them for a coffee each morning gave some interesting insights into the challenges people face in these projects and things that communities can do to help new contributors.

On the evening of 23 May, I attended a meeting at the Prishtina hackerspace where a wide range of topics, including future events, were discussed. There are many people who would like to repeat the successful Mini DebConf and Fedora Women's Day events from 2017. A wiki page has been created for planning but no date has been confirmed yet.

On the following evening, 24 May, we had a joint meeting with SHRAK, the ham radio society of Kosovo, at the hackerspace. Acting director Vjollca Caka gave an introduction to the state of ham radio in the country and then we set up a joint demonstration using the equipment I brought for OSCAL.

On my final night in Prishtina, we had a small gathering for dinner: Debian's three GSoC students, Elena, Enkelena and Diellza, Renata Gegaj, who completed Outreachy with the GNOME community and Qendresa Hoti, one of the organizers of last year's very successful hackathon for women in Prizren.

Promoting free software at Doku:tech, Prishtina, 9-10 June 2018

One of the largest technology events in Kosovo, Doku:tech, will take place on 9-10 June. It is not too late for people from other free software communities to get involved, please contact the FLOSSK or Open Labs communities in the region if you have questions about how you can participate. A number of budget airlines, including WizzAir and Easyjet, now have regular flights to Kosovo and many larger free software organizations will consider requests for a travel grant.

Categories: Linux

Serge Hallyn: TPM 2.0 in qemu

Sat, 06/02/2018 - 21:41

If you want to test software which exploits TPM 2.0 functionality inside the qemu-kvm emulator, this can be challenging because the software stack is still quite new. Here is how I did it.

First, you need a new enough qemu. The version on Ubuntu xenial does not suffice. The 2.11 version in Ubuntu bionic does. I believe the 2.10 version in artful is also too old, but might be mis-remembering haven’t tested that lately.

The two pieces of software I needed were libtpms and swtpm. For libtpms I used the tpm2-preview.rev146.v2 branch, and for swtpm I used the tpm2-preview.v2 branch.

apt -y install libtool autoconf tpm-tools expect socat libssl-dev git clone https://github.com/stefanberger/libtpms ( cd libtpms && git checkout tpm2-preview.rev146.v2 && ./bootstrap.sh && ./configure --prefix=/usr --with-openssl --with-tpm2 && make && make install) git clone https://github.com/stefanberger/swtpm (cd swtpm && git checkout tpm2-preview.v2 && ./bootstrap.sh && configure --prefix=/usr --with-openssl --with-tpm2 && make && make install)

For each qemu instance, I create a tpm device. The relevant part of the script I used looks like this:

#!/bin/bash i=0 while [ -d /tmp/mytpm$i ]; do let i=i+1 done tpm=/tmp/tpm$i mkdir $tpm echo "Starting $tpm" sudo swtpm socket --tpmstate dir=$tpm --tpm2 \ --ctrl type=unixio,path=/$tpm/swtpm-sock & sleep 2 # this should be changed to a netstat query next_vnc() { vncport=0 port=5900 while nc -z 127.0.0.1 $port; do port=$((port + 1)) vncport=$((vncport + 1)) done echo $vncport } nextvnc=$(next_vnc) sudo kvm -drive file=${disk},format=raw,if=virtio,cache=none -chardev socket,id=chrtpm,path=/$tpm/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 -vnc :$nextvnc -m 2048
Categories: Linux

Gustavo Silva: Installing Ubuntu 1804 With NVidia High End Graphics Card

Sat, 06/02/2018 - 18:00

Last week, I was presented with a message saying my Ubuntu partition was already full. I digged up what was going on, I found out Google Chrome was flooding /var/log/syslog. I had 40GB of logs with a weird error message:

Jun 1 12:22:35 machina update-notifier.desktop[5460]: [15076:15076:0100/000000.062848:ERROR:zygote_linux.cc(247)] Error reading message from browser: Socket operation on non-socket (88)

I’m pretty certain it was related with Chrome because the only time the system stabilized enough was when I killed its process. I two extensions, an ad blocker and Todoist, so I don’t think it was related to any suspicious extension.

Anyway, the sprint ended in the previous Friday so I thought it might be a good time to format the computer. Maybe try a new Linux distro, other than Ubuntu. And this is the story of how I spent close to a day figuring out which Linux distributions would work on my hardware.

Here’s the thing: In April, I tried installing Ubuntu and failed miserably. The installer would freeze loading. It was not faulty image. The same happened again yesterday. Then I decided to give Manjaro Linux a try. It wouldn’t work properly. Sometimes the boot would freeze, others it would actually work. “That’s it, I’m moving to Fedora.” The installer work, but no start-up would work. So I investigated and wrote nomodeset in the grub options (when you enter the grub menu, just press e to get access to boot options). It worked, the system was booting., But at 800x600. And in no way I was able to easily install nouveau (open source drivers) or the proprietary.

It was then time to give a go to Ubuntu again. And I didn’t want to give up on the 18.04. It is LTS after all and it has to work. My graphics card always brought me issues, specially being on the mid-high end side of things (GTX1060).

The first step was to add the nomodeset command again to the grub options - Hey the installer launched instantly with 800x600 resolution. It’s enough to get it done.

Then I had a major issue: Ubuntu did not work after the first login. The screen turns black and nothing happens. Fine!!! In the next boot, before logging in via GDM, I pressed ALT + F2 to enter TTY mode and then ran the set of commands to enable the graphics card to work properly and set other important flags to allow the system to reboot, shutdown and not crash when opening the settings screen after booting up (these three errors have always been fixed after adding these options:

I need to add acpi=force into grub options again (run sudo vi /etc/default/grub and edit the line with GRUB_CMDLINE_LINUX), add my mouse configuration manually - it’s a Mad Catz R.A.T. 3.

At the time, I decided to try and remove the nomodeset option in the GRUB_CMDLINE_LINUX and the resolution got back to normal. The next step was to install NVidia’s graphics, using the proprietary tab (in Gnome, you can call that panel running software-properties --open-tab=4.

And that’s it. It just worked. Everything was back to normal. Potentially the same kind of solution would have worked in Fedora but since I’ve been using Ubuntu for the past 3 years now, getting help has become much easier, as well as debugging error logs.

Since version 17.04 and since I got this computer, installing Linux has always been difficult Hope this story is useful for someone with an high-end laptop that has encountered issues with NVidia graphics card’s drivers. Hopefully these commands will at least help you getting one step further into your working system

Thanks for reading,

gsilvapt

Categories: Linux

Pages