Enabling IPv6 Privacy Addresses

cyphermox, 15/12/2011 | Source: Matt's blog

At the last UDS, we once again discussed the state of IPv6 support in Ubuntu. We're in the process of making Ubuntu really rock with IPv6, and this comes with decisions and hard work.

One of these decisions was to enable IPv6 Privacy Extensions by default. In other words, rather than having an IPv6 address that is derived directly from your network device's MAC address, you'll now have that, but supplemented with time-based temporary addresses, randomly created, used to establish outgoing connections to systems. This leads to higher privacy; because it makes it harder for an eavesdropper to identify whether different addresses really refer to the same node (that's because the *prefix*, which network you come from, would change, but never the last part of the address, unless using privext). How all of this works is described in more details in RFC 4941.


And leading to this, the hard work. We've recently enabled IPv6 privacy extensions through a new file shipped by procps: /etc/sysctl.d/10-ipv6-privacy.conf. Sysctls are parsed early on in the boot process, but perhaps not early enough; which lead to an issue: on some systems, one would see some interfaces with privext enabled, and some others without. This appears to be because some interfaces (eth0 on my system) are initialized early enough in the boot process that it comes up before the sysctl settings are applied.

With this, another issue: there are three types of sysctl settings for ipv6: default, all, and per-interface entries. According to kernel documentation and help strings; default is meant as the ... default for future interfaces that would get created. At least, that's how I get it. Per-interface entries are obvious: you're just changing the setting for that particular interface. But what about all?

Well, it turns out net.ipv6.conf.all.anything doesn't really do anything, except for forwarding and disable_ipv6. These two options are already handled specially by kernel code. The particular setting that interested me was use_tempaddr though, and isn't being propagated (to the per-interface entries) or use globally to enable privacy addresses on all interfaces; which is something you'll likely want if you are looking to enable privacy extensions at all. Take this example: if you're using a mobile system, you might have wired and wireless connected at the same time, and may want to get up, unplug wired, and move around to a different spot, with or without suspending. While NetworkManager will in time allow toggling privacy extensions per connection, you shouldn't need to manually change this for a default install, on a typical, mobile worker day.

So I started writing my first ever kernel patch: having the net.ipv6.conf.all.use_tempaddr sysctl propagate its value to all the other interfaces already present on the system when the value is changed. It's currently being reviewed before I work towards having it included in the kernel proper. Reviews for that patch are welcome on the kernel-team mailing list.

I've now tested that this solves the issue of applying that particular sysctl at boot time; much like it appears to be expected to work by just about everyone if I'm to believe research I've done on the web on that subject. If there are brave souls wanting to test this, head over to my NM PPA. You'll need to be running Precise, and the package you'll want is linux 3.2.0-4.11~mtrudel2. Since this is a custom hacked up kernel package (but I tried hard to follow the Kernel Team's procedures), standard warnings of caution and the usual "if your system gets broken you get to keep both pieces" apply... but I'm running that package too ;)


GNOME Women: work on PiTiVi!

nekohayo, 17/10/2011 | Source: Nekohayo ! » Planète Ubuntu Québec

Do you love Python (or C)? Interested in video editing? Then you should definitely consider working on PiTiVi as part of the GNOME Outreach Programme for Women! Feel free to email me or Thibault about it, or catch us on IRC (some details about the program and how to get in touch with us are on this page)

Wait, let me give you an even better incentive. If you feel like email or IRC is too dry to carry complex discussions/questions, and would like a more personalized approach, I (and/or Thibault) will be glad to make an appointment with you for a live audio/video call over Empathy (through Jabber/XMPP/GTalk), Google Plus or even Skype. Just ask and we’ll make sure to be available to discuss every concern you may have.

PiTiVi is currently in a heavy state of flux and it is a bit tricky to list out the exact features that you could work on for the time being. This is one of the reasons why I’m offering an audio call. In the meantime you could take a quick look at the roadmap, pitivi love, but keep in mind that some of these items may be outdated or blocked by the transition to GES. The feature that we probably need the most right now is completing the implementation of the user interface for editing text/titles in PiTiVi: the work is partly done, your mission (if you accept it) would be to finish the UI and integrate it with our new GES backend.

Get in touch with us ASAP, there’s loads of stuff to be done and you only have until Halloween to apply for the GNOME Outreach Programme for Women!

Note that you will have to make a small patch/fix as part of your application, but we’ll gladly help you with it.

Changer les icônes dans Gnome 3 sous Oneiric

Éric Noël, 11/10/2011 | Source: //Cybercarnet du ProfNoël » ubuntu

Je suis un peu allergique à l’orange, donc en passant sous Gnome 3, j’ai essayé de trouver un moyen d’ajouter la pack d’icônes que j’utilisais sous Gnome 2 (le pack « Dropline Neu! » ). Alors voici comment j’ai procédé.

1 – Changer un thème d’icônes.

Pour changer un thème d’icônes nous avons besoins de l’utilitaire gnome-tweak-tool, s’il n’est pas installé il suffit de taper dans un terminal:

sudo apt-get install gnome-tweak-tool

On peut ensuite le lancer en tapant gnome-tweak-tool dans un terminal ou bien dans le menu Applications->Autre->Advanced Settings.

On peut ensuite changer le thème d’icônes dans la section Theme:

2 – Ajouter un thème d’icônes.

Le choix étant assez limité, on se demande rapidement comment ajouter un thème d’icônes. Heureusement quelques pack d’icônes fonctionnent sous Gnome 3. Il suffit de créer le répertoire .icons à la base notre répertoire personnel.

mkdir ~/.icons

Et y placer notre répertoire contenant notre pack d’icônes. On peut ensuite changer le thème d’icônes dans la section Theme de gnome-tweak-tool.

Également à lire.....

Boston Summit in Not Boston

nekohayo, 11/10/2011 | Source: Nekohayo ! » Planète Ubuntu Québec

This week-end:

  • Trapped Olivier Crète and Guillaume Desmottes into fixing their stack to make video/audio calls work again in Empathy 3.2
  • Spoke at length with Robert Ancell at the Collabora party on Sunday.

    • Good to have an elaborate counter-argument to Matthew Garrett’s famous rebuttal of LightDM: it seems that Robert wishes to make it a compelling-enough replacement for gdm (and all the others) before bringing it up again; in other words, bring the living proof of the superiority of your replacement, such that there are pratically no more reasons for upstream not to adopt it. We will see how this pans out in the next few cycles, it should be interesting.
    • It was a pleasure to discuss  various fashionable subjects of recent times such as the strategic positioning of Canonical/Ubuntu, turning points in the type of userbase (I forgot what exact terminology he used, but to me it basically translated to leaping over a ravine with a giant rocket-propelled lobster), CLAs, Pitivi, etc.
  • Managed to catch Karen Sandler, discuss the workings of the GNOME Foundation and the challenges to face in dealing with project-specific funds. Impressed by her background and moved by her personal story; she literally embodies down to her very heart the struggle of free vs proprietary software.
  • Briefly discussed the women outreach program with Marina. Hopefully I’ll find some time soon to write a dedicate blog post to invite participants to get in touch with the Pitivi project.
  • Hung around with Stéphane, Nohemi, and many others I’m forgetting to mention here. A bit sad I could not follow them onto a leisurely walk in the old town yesterday, I had to go back to the venue to continue investigating bugs in Empathy.
    • I’m not entirely convinced that file transfers work correctly with gtalk and jabber accounts. They sometimes work, sometimes don’t (it seems to vary wildly with huge combinations of version numbers, account types, network/router types, etc.)… one thing I’m very certain of is that I haven’t seen them working reliably in years, and I always have to apologize to friends for that.
  • Ate a lot of apples and mandarines
  • Took absolutely no pictures or videos, for a change.

All in all, it seems to me that the atmosphere this year was the same as last year. I did not know what to expect from a smaller attendance at first, but I’m happy of the outcome and I’d definitely like for more events such as the “Boston Summit” to happen in Montréal.

Installer Gnome Shell (Gnome 3) dans Ubuntu 11.10

Éric Noël, 10/10/2011 | Source: //Cybercarnet du ProfNoël » ubuntu

En voulant écrire un billet sur l’installation de Gnome 3 dans Oneiric, je suis tombé sur ce billet de Daylinux qui reprend le même thème:

Ubuntu 11.10, la prochaine mouture de Canonical, outre l’environnement par défaut proposant Unity, permet l’installation de Gnome Shell de façon très simple puisque celui-ci est disponible via la logithèque Ubuntu. Si vous souhaitez installer et tester Gnome Shell sur Oneiric suivez les instructions ci-dessous.

Ouvrez la logithèque Ubuntu puis, dans le champ de recherche, tapez ‘gnome’ (ou gnome shell).

Installez le paquet ‘Gnome Shell’

Déconnectez-vous de votre session puis dans le gestionnaire de session LightDM, cliquez le petit engrenage correspondant à votre nom. Dans le menu apparaissant, selectionnez ‘GNOME’ puis loguez vous.

Pour respecter le travail de l’auteur du billet original, celui-ci est placé sous la licence suivante: Paternité – Pas d’Utilisation Commerciale – Pas de Modification 2.0 France (CC BY-NC-ND 2.0)

Source

Également à lire.....

Antidote RX v8 dans Ubuntu 11.10

Éric Noël, 09/10/2011 | Source: //Cybercarnet du ProfNoël » ubuntu

Le correcteur d’orthographe Antidote dans sa version huit n’est officiellement supporté que pour Ubuntu 8.04. Mais jusqu’à la version 10.10, je n’ai eu aucun souci avec l’installation de celui-ci. Je n’avais même pas remarqué le problème avec 11.04 (ma 11.04 était une 10.10 mises à jour), mais lors d’une nouvelle installation de 11.04, pas possible d’y arriver sans bidouiller un brin.

Antidote n’est pas un logiciel libre, j’aurais pu aussi intituler ce billet : « c’est compliqué quand ce n’est pas libre », mais puisque que ça se passe dans Ubuntu, je publie.

Alors, voici ce que j’ai appliqué afin de pouvoir utiliser ma version d’Antidote RX v8 (la H60).

Les manipulations qui suivent nécessitent des manipulations à effectuer avec des droits superutilisateurs (root) dont le mauvais usage peut engendrer des effets néfastes pour votre système. Je ne suis donc pas responsable de vos erreurs.

Tout d’abord, j’ai installé normalement Antidote v7 et ensuite j’ai appliqué le patch pour la v8. Jusqu’à 10.10 c’était terminé, un sudo antidote et on pouvait utiliser la chose.

Depuis Ubuntu 11.10

Sous 11.10 on obtient le message d’erreur suivant:

antidote: error while loading shared libraries: libssl.so.6: cannot open shared object file: No such file or directory

La librairie libssl.so.6 semble avoir été remplacée par la libssl.so.1.0.0, pour y remédier j’ai crée le lien symbolique suivant dans les dossiers d’Antidote:

sudo ln -s /lib/i386-linux-gnu/libssl.so.1.0.0 /usr/local/Druide/Antidote/lib/libssl.so.6

Mais un problème semblable existe aussi pour le fichier libcrypto.so.6 puisqu’on obtient le message d’erreur suivant:

antidote: error while loading shared libraries: libcrypto.so.6: cannot open shared object file: No such file or directory

La librairie libcrypto.so.6 semble aussi avoir été remplacée par la libcrypto.so.1.0.0, pour y remédier j’ai également crée le lien symbolique suivant dans les dossiers d’Antidote:

sudo ln -s /lib/i386-linux-gnu/libcrypto.so.1.0.0 /usr/local/Druide/Antidote/lib/libcrypto.so.6

Il faut maintenant remédier à l’erreur suivante:

antidote: symbol lookup error: /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2: undefined symbol: dbus_watch_get_unix_fd

Nous aurons besoin d’une version de libdbus-glib datant de l’époque de la sortie d’Antidote. Il faudra télécharger cette version (ne pas l’installer), la décompresser et ensuite copier les fichiers vétustes dans les répertoires d’Antidote.

wget http://security.ubuntu.com/ubuntu/pool/main/d/dbus-glib/libdbus-glib-1-2_0.74-2ubuntu0.1_i386.deb
dpkg -x libdbus-glib-1-2_0.74-2ubuntu0.1_i386.deb .
sudo cp usr/lib/* /usr/local/Druide/Antidote/lib/.

Et pour terminer, nous aurons à gérer l’erreur suivante:
D-Bus library appears to be incorrectly set up; failed to read machine uuid: Failed to open "/usr/local/var/lib/dbus/machine-id": Aucun fichier ou dossier de ce type

Le fichier machine-id existe dans /var/lib/dbus/. Il nous faudra donc créer un lien, mais d’abord assurons-nous que l’arborescence existe.

cd /usr/local/
sudo mkdir var
cd var/
sudo mkdir lib
cd lib/
sudo mkdir dbus
sudo ln -s /var/lib/dbus/machine-id /usr/local/var/lib/dbus/machine-id

Et voilà, ça devrait fonctionner…..

Bonne erreur de grammaire…

Également à lire.....

Ubuntu Global Jam event in Montreal

cyphermox, 31/08/2011 | Source: Matt's blog

With the Ubuntu Global Jam fast approaching, the Ubuntu-Quebec community is once again organizing an event to get together, find, track down and fix bugs, in Montreal (and inviting anyone interested in helping out to join us). The event will take place Saturday and Sunday, September 3 & 4, 2011, starting around 9 am.

Many thanks to komputes for doing the work of organizing the event and getting everything ready.

This time, our local Global Jam event will be hosted at the Canonical offices here in Montreal! Huge thanks to management for allowing us to use the office.

So if you're in or around Montreal, come join the local Ubuntu-Qc members and let's make Oneiric really rock! Just so we know what to expect, please make sure you register your presence on the LoCo directory event page. You can also watch our wiki page for more information.



Canonical Canada Limited
4200, boulevard Saint-Laurent
Suite 1200 (12e étage)
Montréal, QC
H2W 2R2
Canada





Avec le Global Jam qui arrive à grand pas, l'équipe Ubuntu-Québec récidive et organise une fois de plus un événement à Montréal et invite ses membres (et tous les intéressés!) à se réunir pour trouver, rapporter et régler des bogues. L'événement se tiendra les Samedi et Dimanche, 3 et 4 septembre 2011, à partir de 9 heures.

Un gros merci va à komputes pour le travail d'organisation de l'événement.

De plus, on tient à remercier Canonical pour avoir accepté d'héberger l'événement!

Si vous êtes dans la région de Montréal, vous êtes donc invités à vous joindre aux membres d'Ubuntu-Qc et nous aider à rendre la version 11.10, Oneiric Ocelot, vraiment parfaite!

Pour nous permettre de savoir combien de personnes sont attendues, n'oubliez pas de signifier votre présence sur la page à cet effet sur le LoCo directory. Vous pouvez également obtenir plus d'information sur notre page wiki.

Voir ci-haut pour l'adresse ;)

Hacking on usb-modeswitch, part 1

cyphermox, 18/06/2011 | Source: Matt's blog

Lately I've been spending time porting the usb_modeswitch_dispatcher tcl script from the usb-modeswitch package to C.

While being a great exercise at both my knowledge of Tcl (almost non-existent) and my knowledge of C; it's also been very interesting so far to look at how things were being done to "switch" USB devices from a storage mode into modem mode.

One of the problems I'm hitting now is balancing between performance and disk space usage. In an attempt to cut down on installed space, usb_modeswitch data has been all compressed into one tarball, comprising 162 small text files with the necessary vendor and product IDs expected before, after switching and the magic message to do the actual switch (see Debian bug 578024 for the rationale for compressing files). Having a compressed tarball is great to save space, but would tend to cause delays at boot time when the file needs to be uncompressed (perhaps multiple times) during boot-up. On the other hand, separate files take more space, which is especially a problem for those who don't need usb-modeswitch on their systems.

I'm now working on quantifying the performance impact between compressed and uncompressed, as well as trying to figure out the actual size impact between both options for the Live CD. Theoretically, there should be little difference or even higher space usage with the compressed tarball on the LiveCD (because you can't really compressed something already compressed). I'll find out and post results here. As for the performance impact, there may not be much to look through the compressed tarball and extract one file from it, but every little bit of gain can help.

Ubuntu Hour - Got a job

IdleOne's Spot, 20/05/2011 | Source: IdleOne's Spot

I met up with the folks from the Ubuntu Quebec team for Ubuntu Hour and we had some lunch. Caught up with the cyphermox who was at UDS-O here are some pics he took and MagicFab who recently was in Haiti setting up 30 or so computers with Ubuntu-Windows dual boots, pics here


Here is a picture taken by one of our team members who just yesterday was approved as an Ubuntu Member. Congratulations Mobidoy!


Left to right, Eric, Matthieu, some dude I don't know who he is and Fabian standing in front of a 2012 convertible Mustang which I had the pleasure of driving today on the way to Ubuntu Hour.


Good news, I also got a job today, start Tuesday morning, Monday is a holiday here and the place is closed.

Did it again.

IdleOne's Spot, 29/04/2011 | Source: IdleOne's Spot

Oneiric Ocelot 11.10