Accessibilité, clavier, terminal kitty
Il y a quelques semaines mon clavier a commencé à faire des siennes, toute la première rangée de lettres soudainement ne donnait plus rien, un moment, puis ça se remettait à fonctionner. Avec le temps c’est devenu plus fréquent, jusqu’à pour ainsi dire devenir permanent, ou presque, parfois j’appuie sur une touche et je suis surpris qu’elle fonctionne, ça me réjouit, ça tient dix minutes, une heure, une matinée, puis ça retombe en panne.
Comme ça n’est pas pratique du tout, j’ai branché un clavier et pour continuer à travailler dans les pires positions, il est souvent simplement posé au-dessus du clavier du laptop, ce qui bloque l’accès au touchpad, ce qui amène une confrontation assez désagréable avec l’état de l’accessibilité du web ou des applications.
Confrontation assez désagréable et parfois aussi assez honteuse, quand c’est le lecteur du site de Radio Panik qui ne peut pas être atteint au clavier. La bonne nouvelle c’est qu’il y a tout le nécessaire en terme de documentation pour améliorer ça et donc assez rapidement pour Panik c’était résolu. (avec mes excuses à toutes les personnes que ça a pu ennuyer un jour)
Au-delà du web, ma vie dans un terminal, on se dirait que c’est prévu pour le clavier, que tout va être très bien mais ça n’est pas totalement le cas, par exemple une commande affichera une commande sur laquelle en temps normal il est tout simple de juste cliquer mais le terminal n’offre aucun moyen de faire ça, en tout cas pas le mien.
Mais chance, mon terminal c’est depuis un certain temps kitty ; adopté je ne sais plus quand, un jour de régression dans GNOME Terminal peut-être, ou simplement après avoir regardé GNOME Console (le nouveau terminal de GNOME) et conclu que la direction minimaliste ici ne m’irait absolument pas.
Un des avantages notés à Kitty est un côté « scriptable ». Je n’en avais rien fait jusqu’à présent.
Les extensions sont appelées « kittens » et ça manque un peu de documentation mais en partant de celle qui est là et de quelques exemples, j’ai pu me débrouiller et arriver à ce que maintenant je puisse taper ctrl-maj-b et que ça m’affiche la liste des URL présentes à l’écran, la possibilité d’en choisir une et qu’elle s’ouvre dans mon navigateur.
Dans ~/.config/kitty/urlscan.py, j’ai donc posé l’import de quelques modules,
import re import sys from kitty.boss import Boss from kittens.tui.handler import Handler, result_handler from kittens.tui.loop import Loop, debug from kitty.utils import command_for_open, open_cmd from kitty.fast_data_types import get_options
Ensuite ça démarre dans une fonction main, qui tire de l’écran ce qu’il y a comme URL et lance de quoi en choisir une :
def main(args):
# regex from https://urlregex.com/
matches = re.findall(
r'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+', sys.stdin.read()
)
if not matches:
return ''
handler = Chooser(matches[:10])
loop = Loop()
loop.loop(handler)
return handler.selected_choice
Pour le choix de l’URL, il n’y a pas de possibilité de bloquer sur un simple input() Python, ça se passe donc en utilisant un tout petit peu de l’infrastructure de création d’interface, ça affiche à l’écran les choix et quand une touche est tapée, la méthode on_text() est appelée,
class Chooser(Handler):
def init(self, choices):
self.choices = choices
def initialize(self):
for i, choice in enumerate(self.choices):
print(f'[{i}] {choice}\r')
print('\r')
print('[x] nothing\r')
def on_text(self, text, *args, **kwargs):
if text.strip() == 'x':
self.selected_choice = None
else:
try:
choice = int(text.strip())
except ValueError:
return
self.selected_choice = self.choices[choice]
self.quit_loop(0)
Ensuite, ce choix se trouve retourné par main (le return handler.selected_choice) et ça arrive dans une dernière fonction,
@result_handler(type_of_input='text')
def handle_result(args, data, target_window_id, boss):
if data:
cmd = command_for_open(get_options().open_url_with)
open_cmd(cmd, data)
dont le truc principal est le décorateur result_handler dont le paramètre précise ce qui sera obtenu comme donnée (dans le sys.stdin) (ici 'text' pour le contenu de l’onglet actif, mais 'history' serait possible pour également avoir tout le contenu précédemment affiché dans l’onglet).
Après ça il suffit d’ajouter une ligne map ctrl+shift+b kitten urlscan.py dans le ~/.config/kitty/kitty.conf et le job est fait.
J’imagine même que ça servira encore après réparation du clavier et/ou nouveau laptop, et très certainement ça donne des idées d’autres petites extensions pour faciliter la vie.
Interopérabilité panikdb & airtime
AirTime était un logiciel libre de diffusion radio, c’est ensuite devenu un service en ligne mais un fork du logiciel, rebaptisé LibreTime, a été créé et continue à être développé. Tout ça marche très bien pour pas mal de monde, dont Studio Néau.
Au lancement l’année dernière, il s’agissait d’avoir une diffusion d’émissions uniquement certains jours, certaines heures, ça évolue et une nouvelle formule se lance ces jours-ci, qui diffusera en continu. Cela passera par des rediffusions d’émissions mais également par la diffusion de playlists, et comme à Radio Panik on affiche sur le site du morceau en cours, venait la question de faire la même chose ici.
De manière bien pratique une API très simple est fournie, il suffit d’interroger /api/live-info-v2 et en retour,
{
"station": {
"env": "production",
"schedulerTime": "2023-02-05 16:13:50",
"source_enabled": "Scheduled",
"timezone": "Europe\/Brussels",
"AIRTIME_API_VERSION": "1.1"
},
"tracks": {
"previous": {
"starts": "2023-02-05 16:07:40",
"ends": "2023-02-05 16:11:38",
"type": "track",
"name": "METAL PREYERS - On Her Way",
"metadata": {
[…]
"track_title": "On Her Way",
"artist_name": "METAL PREYERS",
[…]
}
},
"current": {
"starts": "2023-02-05 16:11:37",
"ends": "2023-02-05 16:15:28",
"type": "track",
"name": "Pavel Milyakov & Yana Pavlova - Za Gorami",
"metadata": {
"id": 538,
[…]
"track_title": "Za Gorami",
"artist_name": "Pavel Milyakov & Yana Pavlova",
[…]
},
"next": {
[…]
}
},
"shows": {
[…]
}
}
Une approche pourrait être de modifier le site pour récupérer cette information à la volée (j’avais fait quelque chose de similaire pour Radio Esperanzah! et l’affichage d’informations tirées de Rivendell), mais ici j’ai préféré introduire un nouveau module qui va de manière régulière interroger l’API et alimenter la base de données locales de diffusion des morceaux, comme s’ils avaient été joués par stamina; cela pourra permettre plus facilement des évolutions comme l’affichage sur le site des morceaux qui ont été diffusés.
Le lancement était aujourd’hui et bonne chose, ça a fonctionné, dans les logs sont au fur et à mesure apparus les morceaux :
(I) New track: Track Mouthwork (Michael Giles, Jamie Muir, David Cunningham) (I) Playing at 2023-02-05 15:00:00: Track Mouthwork (Michael Giles, Jamie Muir, David Cunningham) (I) New track: Track Ihmispennut (Kuupuu) (I) Playing at 2023-02-05 15:03:01: Track Ihmispennut (Kuupuu) (I) New track: Track 08 Reverse Deja vu (Demo) (HTRK) (I) Playing at 2023-02-05 15:06:11: Track 08 Reverse Deja vu (Demo) (HTRK)
Et puisque les logs ne font pas tout, c’est aussi apparu sur le site,
En grande partie ce code avait été écrit il y a un an mais laissé de côté quand la décision avait été prise de ne pas diffuser en continu; il y a peu à dire, c’est assez simple, et le finaliser a surtout été une série de détails, logging, packaging, etc.
Speeding up the kernel testing loop
When I create kernel contributions, I usually rely on a specific hardware, which makes using a system on which I need to deploy kernels too complicated or time-consuming to be worth it. Yes, I'm an idiot that hacks the kernel directly on their main machine, though in my defense, I usually just need to compile drivers rather than full kernels.
But sometimes I work on a part of the kernel that can't be easily swapped out, like the USB sub-system. In which case I need to test out full kernels.
I usually prefer compiling full kernels as RPMs, on my Fedora system as it makes it easier to remove old test versions and clearly tag more information in the changelog or version numbers if I need to.
Step one, build as non-root
First, if you haven't already done so, create an ~/.rpmmacros file (I know...), and add a few lines so you don't need to be root, or write stuff in /usr to create RPMs.
$ cat ~/.rpmmacros
%_topdir /home/hadess/Projects/packages
%_tmppath %{_topdir}/tmp
Easy enough. Now we can use fedpkg or rpmbuild to create RPMs. Don't forget to run those under “powerprofilesctl launch” to speed things up a bit.
Step two, build less
We're hacking the kernel, so let's try and build from upstream. Instead of the aforementioned fedpkg, we'll use “make binrpm-pkg” in the upstream kernel, which builds the kernel locally, as it normally would, and then packages just the binaries into an RPM. This means that you can't really redistribute the results of this command, but it's fine for our use.
If you choose to build a source RPM using “make rpm-pkg”, know that this one will build the kernel inside rpmbuild, this will be important later.
Now that we're building from the kernel sources, that's our time to activate the cheat code. Run “make localmodconfig”. It will generate a .config file containing just the currently loaded modules. Don't forget to modify it to include your new driver, or driver for a device you'll need for testing.
Step three, build faster
If running “make rpm-pkg” is the same as running “make ; make modules” and then packaging up the results, does that mean that the “%{?_smp_mflags}” RPM macro is ignored, I make you ask rhetorically. The answer is yes. “make -j16 rpm-pkg”. Boom. Faster.
Step four, build fasterer
As we're building in the kernel tree locally before creating a binary package, already compiled modules and binaries are kept, and shouldn't need to be recompiled. This last trick can however be used to speed up compilation significantly if you use multiple kernel trees, or need to clean the build tree for whatever reason. In my tests, it made things slightly slower for a single tree compilation.
$ sudo dnf install -y ccache
$ make CC="ccache gcc" -j16 binrpm-pkg
Easy.
And if you want to speed up the rpm-pkg build:
$ cat ~/.rpmmacros
[...]
%__cc ccache gcc
%__cxx ccache g++
More information is available in Speeding Up Linux Kernel Builds With Ccache.
Step five, package faster
Now, if you've implemented all this, you'll see that the compilation still stops for a significant amount of time just before writing “Wrote kernel...rpm”. A quick look at top will show a single CPU core pegged to 100% CPU. It's rpmbuild compressing the package that you will just install and forget about.
$ cat ~/.rpmmacros
[...]
%_binary_payload w2T16.xzdio
More information is available in Accelerating Ceph RPM Packaging: Using Multithreaded Compression.
TL;DR and further work
All those changes sped up the kernel compilation part of my development from around 20 minutes to less than 2 minutes on my desktop machine.
$ cat ~/.rpmmacros
%_topdir /home/hadess/Projects/packages
%_tmppath %{_topdir}/tmp
%__cc ccache gcc
%__cxx ccache g++
%_binary_payload w2T16.xzdio
$ powerprofilesctl launch make CC="ccache gcc" -j16 binrpm-pkg
I believe there's still significant speed ups that could be done, in the kernel, by parallelising some of the symbols manipulation, caching the BTF parsing for modules, switching the single-threaded vmlinux bzip2 compression, and not generating a headers RPM (note: tested this last one, saves 4 seconds :)
The results of my tests. YMMV, etc.
| Command | Time spent | Notes |
|---|---|---|
| koji build --scratch --arch-override=x86_64 f36 kernel.src.rpm | 129 minutes | It's usually quicker, but that day must have been particularly busy |
| fedpkg local | 70 minutes | No rpmmacros changes except setting the workdir in $HOME |
| powerprofilesctl launch fedpkg local | 25 minutes | |
| localmodconfig / bin-rpmpkg | 19 minutes | Defaults to "-j2" |
| localmodconfig -j16 / bin-rpmpkg | 1:48 minutes | |
| powerprofilesctl launch localmodconfig ccache -j16 / bin-rpmpkg | 7 minutes | Cold cache |
| powerprofilesctl launch localmodconfig ccache -j16 / bin-rpmpkg | 1:45 minutes | Hot cache |
| powerprofilesctl launch localmodconfig xzdio -j16 / bin-rpmpkg | 1:20 minutes |
(I nearly went with clutterectomy, but that would be doing our old servant project a disservice.)
Yesterday, I finally merged the work-in-progress branch porting totem to GStreamer's GTK GL sink widget, undoing a lot of the work done in 2011 and 2014 to port the video widget and then to finally make use of its features.
But GTK has been modernised (in GTK3 but in GTK4 even more so), GStreamer grew a collection of GL plugins, Wayland and VA-API matured and clutter (and its siblings clutter-gtk, and clutter-gst) didn't get the resources they needed to follow.
A screenshot with practically no changes, as expected
The list of bug fixes and enhancements is substantial:
- Makes some files that threw shaders warnings playable
- Fixes resize lag for the widgets embedded in the video widget
- Fixes interactions with widgets on some HDR capable systems, or even widgets disappearing sometimes (!)
- Gets rid of the floating blank windows under Wayland
- Should help with tearing, although that's highly dependent on the system
- Hi-DPI support
- Hardware acceleration (through libva)
Until the port to GTK4, we expect a overall drop in performance on systems where there's no VA-API support, and the GTK4 port should bring it to par with the fastest of players available for GNOME.
You can install a Preview version right now by running:
$ flatpak install --user https://flathub.org/beta-repo/appstream/org.gnome.Totem.Devel.flatpakref
and filing bug in the GNOME GitLab.
Next stop, a GTK4 port!
« Gagner la guerre » de Jean-Philippe Jaworski
Grand amateur de fantasy, la plupart de mes lectures sont généralement en anglais. « Gagner la guerre » de Jean-Philippe Jaworski trônait dans ma pile (virtuelle) de lecture depuis un moment, auréolé par ses excellentes critiques et la perspective de lire une œuvre de fantasy en français. Il y était accompagné de « Janua Vera », le recueil de nouvelles dans le même univers précédent le roman.
Jaworski n'a pas usurpé sa réputation d'excellent auteur, son texte est incroyablement bien écrit. Le style et le rythme sont remarquables et je me suis plusieurs fois surpris à relire certains passages rien que pour le plaisir d'en profiter une seconde fois. Le vocabulaire est également extrêmement riche; c'est bien simple, j'ai dû plus souvent utiliser la fonction dictionnaire de ma liseuse que lors de mes lectures en anglais !
L'univers, si bien introduit dans « Janua Vera », est toujours aussi cohérent et plaisant à découvrir. Ce mélange de pseudo-réalisme historique, la ville principale savant mélange de Florence et de Rome antique, saupoudré de magie et de fantasy fonctionne à merveille.
Toutes ces belles qualités sont malheureusement ternies par un propos extrêmement viriliste et des personnages féminins quasi inexistants. On retombe de plain pieds dans les critiques et clichés souvent associés au genre et c'est bien dommage. Cela m'a d'autant plus marqué après les nombreuses œuvres de Brandon Sanderson et Robin Hobb que j'ai lues récemment et qui ont démontré avec brio qu'on pouvait écrire de l'excellente fantasy avec des personnages féminins forts et intéressants. J'ai un peu le même arrière-goût qu'après la lecture de « La Horde du Contrevent » qui tombait dans les mêmes travers, bien que de façon moins marquée. Cela donne l'impression que la fantasy française est restée bloquée au siècle passé et n'arrive pas à sortir des stéréotypes de genre qui ont trop longtemps collés à ce style littéraire.
Du coup si vous avez des recommandations d'auteurs·rices francophones qui arrivent à éviter ces écueils je suis preneur.
Warning: This blog post contains a lot of talk about feelings, loss, and discussion of a suicide.
Recently, I have been thinking a lot about loss. My nephew died just a few months ago, after a short life with Duchennes Muscular Dystrophy. A neighbour recently took her own life, leaving a husband and two children behind. And today I learned that someone I have known for 15 years in the open source world recently passed away through a mailing list post. In each case, I have struggled with how to grieve.
My nephew has been ill for a long time, and we have been open in my family about taking advantage of opportunities we have to spend time with him for the past few years, because we knew he would not live much longer. And yet, death is always a surprise, and when we got a phone call one Saturday in November to let us know that he had passed away in his sleep, my first instincts were logistical. “I have a work trip coming up – when will the funeral service happen? Can I travel to Asia and get home in time, or do I need to cancel my trip? What is the cheapest way to get home? Who should travel with me?” When I got home, the funeral is a multi-day collective grieving, with neighbours, cousins, uncles and aunts arriving to pay their respects, express their condolences, spend time with the family. It was not until we were shovelling dirt on top of the casket that I really thought about the finality of the burial – I will never see my nephew again.
And yet, I was not overwhelmed with grief. I have never really known him intimately. How well do you know a child 25 years your younger, after you leave home and live abroad? How close of a connection do any thirty-somethings have with their teenage nieces and nephews? I second-guessed my emotions. Should I feel sadder? Is there an appropriate way to grieve? In the end, I decided to allow myself to feel the feelings I felt, and not to try to figure out whether I “should” be feeling differently. But avoiding self-judgement was difficult.
Last week, when we got the news about our neighbour, it hit me pretty hard. We knew the family well, had been to barbecues and play-off games in their house. I had coached basketball with her husband, one of their sons was in the team. Initially, we read that she had “passed away suddenly”, it was only through school bus stop gossip that we learned that she had committed suicide. We learned that she had been suffering from depression, that her life had not been easy for the past few months. I felt a great sadness, and also a little guilt. We had enjoyed her company in the past, but I knew nothing of her life. I was about to leave on a work trip, I would miss her memorial service and funeral. I was told that the ceremonies were very emotional, and really felt like the community coming together. The priest leading the service spoke openly about suicide and depression, and my wife said that his ceremony gave her a great sense of peace, removing the veil from some of the awkwardness that she felt around the topic. It gave the community an opportunity to start healing.
But I was not there. Now, I have all of these other thoughts about the appropriate way for me to grieve again. My instinct is to call to their house to express my condolences, but I am afraid to. This time, I find myself comparing my feelings to those of her family. I imagine how they must be feeling. Surely they are devastated, probably angry, maybe even feeling guilty. I think about her sons, the same age as two of my own sons, and I wonder what their lives will be like now. What right do I have to feel grief, or to impose on their grieving to express my feelings to them? How would I react, in the same circumstances, if this acquaintance called to the house a week after a funeral ceremony? And then, I also feel guilt. Sure, we didn’t know each other that well, but could I have been there for her in some way? Was there some way that we could have helped? I think about how alone she must have felt.
And now, today, I have learned of the death of someone I would have called a friend. Someone I would regularly meet at conferences, who I got along very well with professionally and personally, two or three times a year. I was not a part of his life, nor he a part of mine. I’ve found myself tearing up this morning thinking about our interactions, realizing that we will never meet again. And once more, I struggle to find the appropriate way to grieve.
I don’t know why I felt compelled to write this – I have debated saving it as a draft, deleting it, writing it in a private text file. But I am sharing it. I think I feel like I missed a part of my education in dealing with loss. I feel like many people missed that part of our education. Maybe by sharing, other people can share their feelings in comments and help me further my own education. Maybe by reading, others who struggle with dealing with loss will realise they’re not alone. Maybe it will achieve nothing more than helping me deal with my own feelings by verbalizing them. Let’s find out…
Rust/GStreamer paid internship at Collabora
Collabora is offering various paid internship positions for 2020. We have a nice range of very cool projects involving kernel work, Panfrost, Monado, etc.
I'll be mentoring a GStreamer project aiming to write a Chromecast sink element in Rust. It would be a great addition to GStreamer and would give the student a chance to learn about our favorite multimedia framework but also about bindings between C GObject code and Rust.
So if you're interested don't hesitate to apply or contact me if you have any question.
Ubuntu 18.04.3 LTS is out, including GNOME stable updates and Livepatch desktop integration
Ubuntu 18.04.3 LTS has just been released. As usual with LTS point releases, the main changes are a refreshed hardware enablement stack (newer versions of the kernel, xorg & drivers) and a number of bug and security fixes.
For the Desktop, newer stable versions of GNOME components have been included as well as a new feature: Livepatch desktop integration.
For those who aren’t familiar, Livepatch is a service which applies critical kernel patches without rebooting. The service is available as part of an Ubuntu Advantage subscriptions but also made available for free to Ubuntu users (up to 3 machines). Fixes are downloaded and applied to your machine automatically to help reduce downtime and keep your Ubuntu LTS systems secure and compliant. Livepatch is available for your servers and your desktops.
Andrea Azzarone worked on desktop integration for the service and his work finally landed in the 18.04 LTS.
To enabling Livepatch you just need an Ubuntu One account. The set up is part of the first login or can be done later from the corresponding software-properties tab.
Here is a simple walkthrough showing the steps and the result:
The wizard displayed during the first login includes a Livepatch step will help you get signed in to Ubuntu One and enable Livepatch:
Clicking the ‘Set Up’ button invites you to enter you Ubuntu One information (or to create an account) and that’s all that is needed.
The new desktop integration includes an indicator showing the current status and notifications telling when fixes have been applied.
You can also get more details on the corresponding CVEs from the Livepatch configuration UI
You can always hide the indicator using the toggle if you prefer to keep your top panel clean and simple.
Enjoy the increased security in between reboots!
Christian recently released bolt 0.8, which includes IOMMU support. The Ubuntu security team seemed eager to see that new feature available so I took some time this week to do the update.
Since the new version also featured a new bolt-mock utility and installed tests availability. I used the opportunity that I was updating the package to add an autopkgtest based on the new bolt-tests binary, hopefully that will help us making sure our tb3 supports stays solid in the futur 
The update is available in Debian Experimental and Ubuntu Eoan, enjoy!
The Great Gatsby and onboarding new contributors
I am re-reading “The Great Gatsby” – my high-school son is studying it in English, and I would like to be able to discuss it with him with the book fresh in my mind – and noticed this passage in the first chapter which really resonated with me.
…I went out to the country alone. I had a dog — at least I had him for a few days until he ran away — and an old Dodge and a Finnish woman, who made my bed and cooked breakfast and muttered Finnish wisdom to herself over the electric stove.
It was lonely for a day or so until one morning some man, more recently arrived than I, stopped me on the road.
“How do you get to West Egg village?” he asked helplessly.
I told him. And as I walked on I was lonely no longer. I was a guide, a pathfinder, an original settler. He had casually conferred on me the freedom of the neighborhood.
In particular, I think this is exactly how people feel the first time they can answer a question in an open source community for the first time. A switch is flipped, a Rubicon is crossed. They are no longer new, and now they are in a space which belongs, at least in part, to them.
When faster WiFi means unusable connection
I recently moved home and got FTTC with PlusNet, the speed is good when measuring (almost the advertised 80Mb/20Mb) but the connection was unusable due to TCP connections hanging every few minutes (very annoying with ssh but screen helps, worse when using a website for a payment and needing to retry and trust you will only be charged once).
Yesterday I decided to sit down and investigate. Router has logs which were quite helpful. A lot of things like OUT: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state: TCP [192.168.1.73]:54426->[46.19.168.229]:443 on ppp3)
This followed the laptop being seen moving from interface ath10 to interface ath00 and it was moving back and forth quite often.
Looking at the logs on one of the laptops those switches looked like wlan0: disconnect from AP b8:d9:4d:41:76:fb for new auth to b8:d9:4d:41:76:fa
What happened is that default settings on PlusNet router is to have “identical” 2.4GHz and 5GHz networks so the devices believe they are the same network and switch between AP, but they are actually different and the connection tracking gets reset each time such switch happens.
Disabling the 5GHz network made my connection usable, I could probably just change its settings to make it separate.
In November 2012 I started running an irregular rebuild of all Mageia packages on x86_64, discarding the built packages, to just detect build breakages.
At first it was running a few times a month, now once a week, except before releases where I run it twice a week.
For the first attempt, on 2012-11-28, we had 10949 packages and 1104 failed to build (10%), by the time of the second attempt 3 weeks later we were down to 6.7% of build failures.
Since then, the distribution has been growing and this has helped detecting packages that needs to be fixed early, really helping for the mass rebuild of each release.
- Mageia 3 was released on 2013-05-01 with 133 failures out of 11008 (1.2%), most of them being random failures due to the use of make -jN.
- Mageia 4 was released on 2014-02-01 with 24 failures out of 11739 (0.2%)
- Mageia 5 was released on 2015-06-20 with 42 failures out of 12455 (0.2%)
- Mageia 6 is going to be released on 2017-07-XX with 0 failures out of 13650 (0%)!
For those interested in the technical details, I am using iurt (the same as we use on Mageia build system) to rebuild everything, creating a new chroot for each package.
I build 16 packages at once, with -j4, on a virtual machine having 32 cores and 200G ram which I use as tmpfs for the builds.
A full rebuild takes about 20 hours.
Synology PhotoStation password vulnerability
Using a simple shell loop to run "ps ax | grep synophoto_dsm_user", it was possible to get user and password credentials for user on the NAS who had PhotoStation enabled with their DSM credentials.
Fortunately, by default, shell access on the NAS is not available (by ssh or telnet), it has to be enabled by the admin.
Still, it is a bad practise to pass credentials to process using command line, which can be intercepted.
PhotoStation version 6.7.1-3419 or earlier is vulnerable. I've contacted Synology and they should release a security fix really shortly, as well as a CVE for it.
Update (June 13, 2017): Synology has released a CVE and the vulnerability is fixed in PhotoStation 6.7.2-3429 or later. Remember to update this package on your NAS !
Hackweek projet: Let's Encrypt DNS-01 validation for acme.sh with Gandi LiveDNS
Let's Encrypt is a project aimed at providing SSL certificates for free, in an automated way.
I wanted to get a SSL certificate for my Synology NAS. Synology now supports natively Let's Encrypt but only if the NAS accepts incoming HTTP / HTTPS connections (which is not always what you want).
Fortunately, the protocol used by Let's Encrypt to validate a hostname (and generate a certificate), Automatic Certificate Management Environment (ACME) has a alternative validation path, DNS-01, based on DNS.
DNS-01 requires access to your DNS server, so you can add a validation token used by Let's Encrypt server, to ensure you own the domain name you are requesting a certificate for.
There is a lot of ACME implementations, but very few supports DNS-01 validation with my DNS provider (gandi.net).
I ended-up using acme.sh, fully written in shell script and tried to plug Gandi DNS support in it.
After some tests, I discovered Gandi current DNS service is not allowing fast changing DNS zone informations (which is somehow a requirement for DNS-01 validation). Fortunately, Gandi is now providing a new LiveDNS server, available in beta, with a RESTful HTTP API.
I was able to get it working quite rapidly with curl, and once the prototype was working, I've cleaned everything and created a pull request for integrating the support in acme.sh.
Now, my NAS has its own Let's Encrypt certificate and will update it every 90 days automatically. Getting and installing a certificate for another server (running openSUSE Leap) only took me 5 minutes.
This was a pretty productive hackweek !
GStreamer Spring Hackfest 2016
After missing the last few GStreamer hackfests I finally managed to attend this time. It was held in Thessaloniki, Greece’s second largest city. The city is located by the sea side and the entire hackfest and related activities were either directly by the sea or just a couple blocks away.
Collabora was very well represented, with Nicolas, Mathieu, Lubosz also attending.
Nicolas concentrated his efforts on making kmssink and v4l2dec work together to provide zero-copy decoding and display on a Exynos 4 board without a compositor or other form of display manager. Expect a blog post soon explaining how to make this all fit together.
Lubosz showed off his VR kit. He implemented a viewer for planar point clouds acquired from a Kinect. He’s working on a set of GStreamer plugins to play back spherical videos. He’s also promised to blog about all this soon!
Mathieu started the hackfest by investigating the intricacies of Albanian customs, then arrived on the second day in Thessaloniki and hacked on hotdoc, his new fancy documentation generation tool. He’ll also be posting a blog about it, however in the meantime you can read more about it here.
As for myself, I took the opportunity to fix a couple GStreamer bugs that really annoyed me. First, I looked into bug #766422: why glvideomixer and compositor didn’t work with RTSP sources. Then I tried to add a ->set_caps() virtual function to GstAggregator, but it turns out I first needed to delay all serialized events to the output thread to get predictable outcomes and that was trickier than expected. Finally, I got distracted by a bee and decided to start porting the contents of docs.gstreamer.com to Markdown and updating it to the GStreamer 1.0 API so we can finally retire the old GStreamer.com website.
I’d also like to thank Sebastian and Vivia for organising the hackfest and for making us all feel welcomed!
SUSE Ruling the Stack in Vancouver
Last week during the the OpenStack Summit in Vancouver, Intel organized a Rule the Stack contest. That's the third one, after Atlanta a year ago and Paris six months ago. In case you missed earlier episodes, SUSE won the two previous contests with Dirk being pretty fast in Atlanta and Adam completing the HA challenge so we could keep the crown. So of course, we had to try again!
For this contest, the rules came with a list of penalties and bonuses which made it easier for people to participate. And indeed, there were quite a number of participants with the schedule for booking slots being nearly full. While deploying Kilo was a goal, you could go with older releases getting a 10 minutes penalty per release (so +10 minutes for Juno, +20 minutes for Icehouse, and so on). In a similar way, the organizers wanted to see some upgrade and encouraged that with a bonus that could significantly impact the results (-40 minutes) — nobody tried that, though.
And guess what? SUSE kept the crown again. But we also went ahead with a new challenge: outperforming everyone else not just once, but twice, with two totally different methods.
For the super-fast approach, Dirk built again an appliance that has everything pre-installed and that configures the software on boot. This is actually not too difficult thanks to the amazing Kiwi tool and all the knowledge we have accumulated through the years at SUSE about building appliances, and also the small scripts we use for the CI of our OpenStack packages. Still, it required some work to adapt the setup to the contest and also to make sure that our Kilo packages (that were brand new and without much testing) were fully working. The clock result was 9 minutes and 6 seconds, resulting in a negative time of minus 10 minutes and 54 seconds (yes, the text in the picture is wrong) after the bonuses. Pretty impressive.
But we also wanted to show that our product would fare well, so Adam and I started looking at this. We knew it couldn't be faster than the way Dirk picked, and from the start, we targetted the second position. For this approach, there was not much to do since this was similar to what he did in Paris, and there was work to update our SUSE OpenStack Cloud Admin appliance recently. Our first attempt failed miserably due to a nasty bug (which was actually caused by some unicode character in the ID of the USB stick we were using to install the OS... we fixed that bug later in the night). The second attempt went smoother and was actually much faster than we had anticipated: SUSE OpenStack Cloud deployed everything in 23 minutes and 17 seconds, which resulted in a final time of 10 minutes and 17 seconds after bonuses/penalties. And this was with a 10 minutes penalty due to the use of Juno (as well as a couple of minutes lost debugging some setup issue that was just mispreparation on our side). A key contributor to this result is our use of Crowbar, which we've kept improving over time, and that really makes it easy and fast to deploy OpenStack.
Wall-clock time for SUSE OpenStack Cloud
These two results wouldn't have been possible without the help of Tom and Ralf, but also without the whole SUSE OpenStack Cloud team that works on a daily basis on our product to improve it and to adapt it to the needs of our customers. We really have an awesome team (and btw, we're hiring)!
For reference, three other contestants succeeded in deploying OpenStack, with the fastest of them ending at 58 minutes after bonuses/penalties. And as I mentioned earlier, there were even more contestants (including some who are not vendors of an OpenStack distribution), which is really good to see. I hope we'll see even more in Tokyo!
Results of the Rule the Stack contest
Also thanks to Intel for organizing this; I'm sure every contestant had fun and there was quite a good mood in the area reserved for the contest.
Update: See also the summary of the contest from the organizers.
Deploying Docker for OpenStack with Crowbar
A couple of months ago, I was meeting colleagues of mine working on Docker and discussing about how much effort it would be to add support for it to SUSE OpenStack Cloud. It's been something that had been requested for a long time by quite a number of people and we never really had time to look into it. To find out how difficult it would be, I started looking at it on the evening; the README confirmed it shouldn't be too hard. But of course, we use Crowbar as our deployment framework, and the manual way of setting it up is not really something we'd want to recommend. Now would it be "not too hard" or just "easy"? There was only way to know that... And guess what happened next?
It took a couple of hours (and two patches) to get this working, including the time for packaging the missing dependencies and for testing. That's one of the nice things we benefit from using Crowbar: adding new features like this is relatively straight-forward, and so we can enable people to deploy a full cloud with all of these nice small features, without requiring them to learn about all the technologies and how to deploy them. Of course this was just a first pass (using the Juno code, btw).
Fast-forward a bit, and we decided to integrate this work. Since it was not a simple proof of concept anymore, we went ahead with some more serious testing. This resulted in us backporting patches for the Juno branch, but also making Nova behave a bit better since it wasn't aware of Docker as an hypervisor. This last point is a major problem if people want to use Docker as well as KVM, Xen, VMware or Hyper-V — the multi-hypervisor support is something that really matters to us, and this issue was actually the first one that got reported to us ;-) To validate all our work, we of course asked tempest to help us and the results are pretty good (we still have some failures, but they're related to missing features like volume support).
All in all, the integration went really smoothly :-)
Oh, I forgot to mention: there's also a docker plugin for heat. It's now available with our heat packages now in the Build Service as openstack-heat-plugin-heat_docker (Kilo, Juno); I haven't played with it yet, but this post should be a good start for anyone who's curious about this plugin.
Everyone has been blogging about GUADEC, but I’d like to talk about my other favorite conference of the year, which is GNOME.Asia. This year, it was in Beijing, a mightily interesting place. Giant megapolis, with grandiose architecture, but at the same time, surprisingly easy to navigate with its efficient metro system and affordable taxis. But the air quality is as bad as they say, at least during the incredibly hot summer days where we visited.
The conference itself was great, this year, co-hosted with FUDCon’s asian edition, it was interesting to see a crowd that’s really different from those who attend GUADEC. Many more people involved in evangelising, deploying and using GNOME as opposed to just developing it, so it allows me to get a different perspective.
On a related note, I was happy to see a healthy delegation from Asia at GUADEC this year!
I've recently looked again at this, but this time with the goal of documenting the build process, and making the build as easy as possible to reproduce. This is once again based off gtk-osx, with an additional moduleset containing the SPICE modules, and a script to download/install most of what is needed. I've also switched to building remote-viewer instead of vinagre
This time, I've documented all of this work, but all you should have to do to build remote-viewer for OSX is to run a script, copy a configuration file to the right place, and then run a usual jhbuild build. Read the documentation for more detailed information about how to do an OSX build.
I've uploaded a binary built using these instructions, but it's lacking some features (USB redirection comes to mind), and it's slow, etc, etc, so .... patches welcome! ;) Feel free to contact me if you are interested in making OSX builds and need help getting started, have build issues, ...
FOSDEM 2013 Crossdesktop devroom Call for talks
Proposals should be sent to the crossdesktop devroom mailing list (you don't have to subscribe).
Going to RMLL (LSM) and Debconf!
Next week, I’ll head to Strasbourg for Rencontres Mondiales du Logiciel Libre 2011. On monday morning, I’ll be giving my Debian Packaging Tutorial for the second time. Let’s hope it goes well and I can recruit some future DDs!
Then, at the end of July, I’ll attend Debconf again. Unfortunately, I won’t be able to participate in Debcamp this year, but I look forward to a full week of talks and exciting discussions. There, I’ll be chairing two sessions about Ruby in Debian and Quality Assurance.
It’s been a long time since I blogged about Libgda (and for the matter since I blogged at all!). Here is a quick outline on what has been going on regarding Libgda for the past few months:
- Libgda’s latest version is now 4.2.4
- many bugs have been corrected and it’s now very stable
- the documentation is now faily exhaustive and includes a lot of examples
- a GTK3 branch is maintained, it contains all the modifications to make Libgda work in the GTK3 environment
- the GdaBrowser and GdaSql tools have had a lot of work and are now both mature and stable
- using the NSIS tool, I’ve made available a new Windows installer for the GdaBrowser and associated tools, available at http://www.gnome.org/~vivien/GdaBrowserSetup.exe. It’s only available in English and French, please test it and report any error.
In the next months, I’ll work on polishing even more the GdaBrowser tool which I use on a daily basis (and of course correct bugs).
Webkit fun, maths and an ebook reader
I have been toying with webkit lately, and even managed to do some pretty things with it. As a consequence, I haven’t worked that much on ekiga, but perhaps some of my experiments will turn into something interesting there. I have an experimental branch with a less than fifty lines patch… I’m still trying to find a way to do more with less code : I want to do as little GObject-inheritance as possible!
That little programming was done while studying class field theory, which is pretty nice on the high-level principles and somewhat awful on the more technical aspects. I also read again some old articles on modular forms, but I can’t say that was “studying” : since it was one of the main objects of my Ph.D, that came back pretty smoothly…
I found a few minutes to enter a brick-and-mortar shop and have a look at the ebook readers on display. There was only *one* of them : the sony PRS-600. I was pretty unimpressed : the display was too dark (because it was a touch screen?), but that wasn’t the worse deal breaker. I inserted an SD card where I had put a sample of the type of documents I read : they showed up as a flat list (pain #1), and not all of them (no djvu) (pain #2) and finally, one of them showed up too small… and ended up fully unreadable when I tried to zoom (pain #3). I guess that settles the question I had on whether my next techno-tool would be a netbook or an ebook reader… That probably means I’ll look more seriously into fixing the last bug I reported on evince (internal bookmarks in documents).
With the beginning of the year comes new releases of Libgda:
- version 4.0.6 which contains corrections for the stable branch
- version 4.1.4, a beta version for the upcoming 4.2 version
The 4.1.4’s API is now considered stable and except for minor corrections should not be modified anymore.
This new version also includes a new database adaptator (provider) to connect to databases through a web server (which of course needs to be configured for that purpose) as illustrated by the followin diagram:
The database being accessed by the web server can be any type supported by the PEAR::MDB2 module.
The GdaBrowser application now supports defining presentation preferences for each table’s column, which are used when data from a table’s column need to be displayed:
The UI extension now supports improved custom layout, described through a simple XML syntax, as shown in the following screenshot of the gdaui-demo-4.0 program:
For more information, please visit the http://www.gnome-db.org web site.
I have been a little stuck for some weeks : a new year started (no, that post hasn’t been stuck since january — scholar year start in september) and I have students to tend to. As I have the habit to say : good students bring work because you have to push them high, and bad students bring work because you have to push them from low! Either way, it has been keeping me pretty busy.
Still, I found the time to read some more maths, but got lost on something quite unrelated to my main objective : I just read about number theory and the ideas behind the proof of Fermat’s Last Theorem (Taylor and Wiles’ theorem now). That was supposed to be my second target! Oh, well, I’ll just try to hit my first target now (Deligne’s proof of the Weil conjectures). And then go back to FLT for a new and deeper reading.
I only played a little with ekiga’s code — mostly removing dead code. Not much : low motivation.
Slides from RMLL (and much more)
So, I’m back from the Rencontres Mondiales du Logiciel Libre, which took place in Nantes this year. It was great to see all those people from the french Free Software community again, and I look forward to seeing them again next year in Bordeaux (too bad the Toulouse bid wasn’t chosen).
The Debian booth, mainly organized by Xavier Oswald and Aurélien Couderc, with help from Raphaël, Roland and others (but not me!), got a lot of visits, and Debian’s popularity is high in the community (probably because RMLL is mostly for über-geeks, and Debian’s market share is still very high in this sub-community).
I spent quite a lot of time with the Ubuntu-FR crew, which I hadn’t met before. They do an awesome work on getting new people to use Linux (providing great docs and support), and do very well (much better than in the past) at giving a good global picture of the Free Software world (Linux != Ubuntu, other projects do exist and play a very large role in Ubuntu’s success, etc). It’s great to see Free Software’s promotion in France being in such good hands. (Full disclosure: I got a free mug (recycled plastic) with my Ubuntu-FR T-shirt, which might affect my judgement).
I gave two talks, on two topics I wanted to talk about for some time. First one was about the interactions between users, distributions and upstream projects, with a focus on Ubuntu’s development model and relationships with Debian and upstream projects. Second one was about voting methods, and Condorcet in particular. If you attended one of those talks, feedback (good or bad) is welcomed (either in comments or by mail). Slides are also available (in french):
- L’écosystème du Libre: interactions entre projets amonts, distributions et utilisateurs – lâ€
exemple de Debian et Ubuntu - Méthodes de vote: Comment consulter un groupe de personnes sans fausser le résultat ?
On a more general note, I still don’t understand why the “Mondiales” in RMLL’s title isn’t being dropped or replaced by “Francophones“. Seeing the organization congratulate themselves because 30% of the talks were in english was quite funny, since in most cases, the english part of the talk was “Is there someone not understanding french? no? OK, let’s go on in french.“, and all the announcements were made in french only. Seriously, RMLL is a great (probably the best) french-speaking community event. But it’s not FOSDEM: different goals, different people. Instead of trying (and failing) to make it an international event, it would be much better to focus on making it a better french-speaking event, for example by getting more french-speaking developers to come and talk (you see at least 5 times more french-speaking developers in FOSDEM than in RMLL).
I’m now back in Lyon for two days, before leaving to Montreal Linux Symposium, then coming back to Lyon for three days, then Debconf from 23rd to 31st, and then moving to Nancy, where I will start as an assistant professor in september (a permanent (tenured) position).
On September I finish my studies of computer science, so I start to search a job. I really enjoyed my current job at Collabora maintaining Empathy, I learned lots of things about the Free Software world and I would like to keep working on free software related projects if possible. My CV is available online here.
Do you guys know any company around the free software and GNOME looking for new employees? You can contact me by email to xclaesse@gmail.com
Enterprise Social Search slideshow
Enterprise Social Search is a way to search, manage, and share information within a company. Who can help you find relevant information and nothing but relevant information? Your colleagues, of course
Today we are launching at Whatever (the company I work for) a marketing campaign for our upcoming product: Knowledge Plaza. Exciting times ahead!
I’ve been working wit git lately but I have also missed the darcs user interface. I honestly think the darcs user interface is the best I’ve ever seen, it’s such a joy to record/push/pull (when darcs doesn’t eat your cpu) 
I looked at git add --interactive because it had hunk-based commit, a pre-requisite for darcs record-style commit, but it has a terrible user interface, so i just copied the concept: running a git diff, filtering hunks, and then outputing the filtered diff through git apply --cached.
It supports binary diffs, file additions and removal. It also asks for new files to be added even if this is not exactly how darcs behave but I always forget to add new files, so I added it. It will probably break on some extreme corner cases I haven’t been confronted to, but I gladly accept any patches
Here’s a sample session of git-darcs-record script:
$ git-darcs-record
Add file: newfile.txt
Shall I add this file? (1/1) [Ynda] : y
Binary file changed: document.pdf
Shall I record this change? (1/7) [Ynda] : y
foobar.txt
@@ -1,3 +1,5 @@
line1
line2
+line3
line4
+line5
Shall I record this change? (2/7) [Ynda] : y
git-darcs-record
@@ -1,17 +1,5 @@
#!/usr/bin/env python
-# git-darcs-record, emulate "darcs record" interface on top of a git repository
-#
-# Usage:
-# git-darcs-record first asks for any new file (previously
-# untracked) to be added to the index.
-# git-darcs-record then asks for each hunk to be recorded in
-# the next commit. File deletion and binary blobs are supported
-# git-darcs-record finally asks for a small commit message and
-# executes the 'git commit' command with the newly created
-# changeset in the index
-
-
# Copyright (C) 2007 Raphaël Slinckx
#
# This program is free software; you can redistribute it and/or
Shall I record this change? (3/7) [Ynda] : y
git-darcs-record
@@ -28,6 +16,19 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# git-darcs-record, emulate "darcs record" interface on top of a git repository
+#
+# Usage:
+# git-darcs-record first asks for any new file (previously
+# untracked) to be added to the index.
+# git-darcs-record then asks for each hunk to be recorded in
+# the next commit. File deletion and binary blobs are supported
+# git-darcs-record finally asks for a small commit message and
+# executes the 'git commit' command with the newly created
+# changeset in the index
+
+
+
import re, pprint, sys, os
BINARY = re.compile("GIT binary patch")
Shall I record this change? (4/7) [Ynda] : n
git-darcs-record
@@ -151,16 +152,6 @@ def read_answer(question, allowed_responses=["Y", "n", "d", "a"]):
return resp
-def setup_git_dir():
- global GIT_DIR
- GIT_DIR = os.getcwd()
- while not os.path.exists(os.path.join(GIT_DIR, ".git")):
- GIT_DIR = os.path.dirname(GIT_DIR)
- if GIT_DIR == "/":
- return False
- os.chdir(GIT_DIR)
- return True
-
def git_get_untracked_files():
Shall I record this change? (5/7) [Ynda] : y
# On branch master
# Changes to be committed:
# (use "git reset HEAD file..." to unstage)
#
# modified: document.pdf
# modified: foobar.txt
# modified: git-darcs-record
# new file: newfile.txt
#
# Changed but not updated:
# (use "git add file file..." to update what will be committed)
#
# modified: git-darcs-record
#
What is the patch name? Some cute patch name
Created commit a08f34e: Some cute patch name
4 files changed, 3 insertions(+), 29 deletions(-)
create mode 100644 newfile.txt
Get the script here: git-darcs-record script and put in somewhere in your $PATH. Any comments or improvements is welcome !
Un nouveau laptop, sans windows !
Voilà, j’y pensais depuis longtemps et c’est maintenant chose faite, je me suis acheté un tout nouveau ordinateur portable.
Je l’ai acheté sur le site français LDLC.com et me suis renseigné pour savoir si il était possible d’acheter les ordinateurs de leur catalogue sans logiciels (principalement sans windows). Je leur ai donc envoyé un email, et à ma grande surprise ils m’on répondu que c’était tout a fait possible, qu’il suffi de passer commande et d’envoyer ensuite un email pour demander de supprimer les logiciels de la commande. J’ai donc commandé mon laptop et ils m’ont remboursé de 20€ pour les logiciels, ce n’est pas énorme sur le prix d’un portable, mais symboliquement c’est déjà ça.
Toutes fois je me pose des questions, pourquoi cette offre n’est pas inscrite sur le site de LDLC ? En regardant sous mon tout nouveau portable je remarque une chose étrange, les restes d’un autocollant qu’on a enlevé, exactement à l’endroit où habituellement est collé la clef d’activation de winXP. Le remboursement de 20€ tout rond par LDLC me semble également étrange vue que LDLC n’est qu’un intermédiaire, pas un constructeur, et donc eux achètent les ordinateurs avec windows déjà installé. Bref tout ceci me pousse à croire que c’est LDLC qui perd les 20€ et je me demande dans quel but ?!? Pour faire plaisir aux clients libre-istes ? Pour éviter les procès pour vente liée ? Pour à leur tours se faire rembourser les licences que les clients n’ont pas voulu auprès du constructeur/Microsoft et éventuellement gagner plus que 20€ si les licences OEM valent plus que ça ? Bref ceci restera sans doutes toujours un mistère.
J’ai donc installé Ubuntu qui tourne plutôt bien. J’ai été même très impressionné par le network-manager qui me connecte automatiquement sur les réseaux wifi ou filaire selon la disponibilité et qui configure même un réseau zeroconf si il ne trouve pas de server dhcp, c’est très pratique pour transférer des données entre 2 ordinateurs, il suffi de brancher un cable ethernet (ça marche aussi par wifi mais j’ai pas encore testé) entre les 2 et hop tout le réseau est configuré automatiquement sans rien toucher, vraiment magique ! Windows peut aller se cacher, ubuntu est largement plus facile d’utilisation !
I hate having to write about bugs in the documentation. It feels like waving a big flag that says ‘Ok, we suck a bit’.
Today, it’s the way fonts are installed, or rather, they aren’t. The Fonts folder doesn’t show the new font, and the applications that are already running don’t see them.
So I’ve fixed the bug that was filed against the documentation. Now it’s up to someone else to fix the bugs in Gnome.
Choice and flexibility: bad for docs
Eye of Gnome comes with some nifty features like support for EXIF data in jpegs. But this depends on a library that isn’t a part of Gnome.
So what do I write in the user manual for EOG?
‘You can see EXIF data for an image, but you need to check the innards of your system first.’
‘You can maybe see EXIF data. I don’t know. Ask your distro.’
‘If you can’t see EXIF data, install the libexif library. I’m sorry, I can’t tell you how you can do that as I don’t know what sort of system you’re running Gnome on.’
The way GNU/Linux systems are put together is perhaps great for people who want unlimited ability to customize and choose. But it makes it very hard to write good documentation. In this sort of scenario, I would say it makes it impossible, and we’re left with a user manual that looks bad.
I’ve added this to the list of use cases for Project Mallard, but I don’t think it’ll be an easy one to solve.
