Tasker: Total Automation for Android

The Register

US and China wave white flags, hit pause button on trade war

2 days 5 hours ago
Pending tariffs on notebooks, phones, monitors shelved as super powers strike 'prelimary' deal

Chinese officials have announced a preliminary agreement on phase one of negotiations with the United States - and of course US President Trump has leapt onto his favourite digital soap box to add his cents worth.…

These are the droids you're looking for: Softbank launches Japan cafe staffed by bots

2 days 7 hours ago
Probably a better investment than WeWork

If you thought the service at your local Starbucks was robotic and impersonal, you might want to give Softbank’s newest Tokyo cafe a miss. Working alongside the company’s meatbag workers are a small army of Softbank Robotics’ droids, who’ll help serve and entertain the punters, and will even clean up after them.…

Xbox Series X: Gee thanks, Microsoft! Just what we wanted for Xmas 2020 – a Gateway tower PC

2 days 11 hours ago
Redmond tears wrapping on new retro-look gaming console

It's always interesting to see where industrial designers source their inspiration. Tesla, in creating the futuristic CyberTruck, looked to the dystopian world of Blade Runner. Iconic '80s movie Back To The Future directly inspired Nike’s self-lacing MAG kicks. And in creating the upcoming Xbox Series X console, Microsoft's muse was presumably a Gateway tower PC from the 1990s.…

GlaxoSmithKline ditches IR35 contractors: Go PAYE or go home

2 days 12 hours ago
Flexible workforce look to pre-election promises

Contractor organisations are insisting the Tory government sticks to promises to revisit IR35 reforms as it emerges that GlaxoSmithKline is ordering contractors to switch to pay as you earn tax arrangements or leave the company.…

NPM swats path traversal bug that lets evil packages modify, steal files. That's bad for JavaScript crypto-wallets

2 days 22 hours ago
Trio of vulnerabilities made registry full of uncertain code even more of a risk

On Wednesday, NPM, Inc, the California-based biz that has taken it upon itself to organize the world's JavaScript packages into the npm registry, warned that its command line tool, the npm CLI, has a rather serious security vulnerability. Version 6.13.4 has been rushed out with a fix.…

Planet Ubuntu

Stuart Langridge: Pyramid

11 hours 12 minutes ago

I keep wanting this quotation and not being able to remember half the things in the list, so I’m putting it on my website: this is what websites are for.

It’s from The Official Slacker Handbook by Sarah Dunn, which I painstakingly tracked down and purchased a second-hand paper copy of to find this, and it reads:

Adam Weishaupt, founder of the Order of Illuminati, killed George Washington and served himself as our first president for two terms. The Illuminati are ultimately responsible for the French Revolution, the Bolshevik revolution, the American Revolution, the Pope, the Kennedy assassination, the Manson family, the Rockefeller dynasty, the numbers 5, 17, and 23, the New Age movement, the Nazis, UFO visitations, the Universal Price Code, and the pyramid with the eye on the back of the dollar bill.

No comment on whether I believe any of this, but of course that’s just what they want you to think. Fnord.

Ubuntu Blog: How to build ROS 2 Eloquent Snaps

2 days ago

The end of 2019 brings about the latest ROS 2 release – Eloquent Elusor. Despite an ever growing set of features and some changes throughout the ecosystem, packaging with snaps is as easy as always. Let’s go through a quick example!


You’ll need two tools: “snapcraft,” the program that builds snaps, and “multipass,” the VM management tool that is used by snapcraft to conduct snap builds without cluttering your development machine. You can get both of these from the snap store.

At the time of this writing, the latest stable release of snapcraft is version 3.8. Until the next release comes out, in order to build Eloquent snaps, you’ll need to grab it from edge.

$ snap install snapcraft --edge --classic

If you already have snapcraft stable installed, you can change to edge using:

$ snap refresh snapcraft --edge

Multipass is grabbed the same way, requiring the --beta flag since the version at the time of writing is 0.9.0

$ snap install multipass --classic --beta Getting Started Create the snapcraft.yaml

First of all, create a new workspace directory and add a snapcraft.yaml.

~$ mkdir eloquent-snap ~$ cd eloquent-snap/ ~/eloquent-snap$ snapcraft init Created snapcraft.yaml. Go to https://docs.snapcraft.io/the-snapcraft-format/8337 for more information about the snapcraft.yaml format.

Open snap/snapcraft.yaml, and make the following changes:

name: eloquent-talker-listener-arnatious version: "0.1" summary: Eloquent ROS2 Example description: | A ROS2 workspace containing a talker and a listener. grade: devel confinement: strict base: core18 parts: colcon-part: plugin: colcon source: https://github.com/ros2/demos.git source-branch: eloquent colcon-rosdistro: eloquent colcon-source-space: demo_nodes_cpp build-packages: [make, gcc, g++] stage-packages: [ros-eloquent-ros2launch] apps: eloquent-talker-listener-arnatious: command: opt/ros/eloquent/bin/ros2 launch demo_nodes_cpp talker_listener.launch.py plugs: [network, network-bind]

Let’s take an in depth look at this manifest.

name: eloquent-talker-listener version: "0.1" summary: Eloquent ROS2 Example description: | A ROS2 workspace containing a talker and a listener.

This is the metadata any snap requires. The only caveat to this section is that the name must be unique on the snap store. Appending your developer name to the snap is an option to get around this (like I did).

grade: devel confinement: strict base: core18

grade should be either stable or devel, with devel locking out the ability to publish to the “stable” and “candidate” channels.

confinement can be strict, devmode, or classic. These are documented in detail on snapcraft.io, but in short: strict enforces tight confinement, restricting access to the system for security; devmode allows full access without any restriction but logs all accesses that strict would prevent; classic is unconfined, without its own private namespace or other security features.

Generally, you should always target “strict” confinement unless there’s specific features that confinement will prevent. “Classic” snaps, like snapcraft itself or text editors like Visual Studio Code, have no containment and run without protection. Classic snaps need manual approval.

The base keyword specifies the special snap providing things like a minimal set of core libraries for our snap’s runtime environment. We’re just using the “core18” snap, which bundles a minimal rootfs based on Ubuntu Bionic (18.04).

parts: colcon-part: plugin: colcon source: https://github.com/ros2/demos.git source-branch: eloquent colcon-rosdistro: eloquent colcon-source-space: demo_nodes_cpp build-packages: [make, gcc, g++] stage-packages: [ros-eloquent-ros2launch]

Snapcraft builds packages piecemeal, in small parts that are combined together. These are reflected by the part entries in the snapcraft.yaml. colcon-part is specified here as pulling the source code from a remote Github repository, though it can just as easily pull source code from a local directory or any source control system.

The colcon plugin is used here to build the package, with the colcon-rosdistro argument specified as eloquent, the colcon-source-space specified as the demo_nodes_cpp directory containing just the talker/listener package we care about. We specify the packages that provide the commands we need to build the ROS nodes under build-packages. stage-packages contains ros2launch, as we’ll need the launch verb it provides as part of the entry point to our snap.

apps: eloquent-talker-listener-arnatious: command: opt/ros/eloquent/bin/ros2 launch demo_nodes_cpp talker_listener.launch.py plugs: [network, network-bind]

We need to express how users will interact with this package. Since we’re packaging ~our~ project, we want the snap to expose our project’s verbs. We define these user interactions as “apps” in the apps” section.

In general, these verbs are invoked using <snap-name>.<app>. An entry in apps with the same name as the snap, like “eloquent-talker-listener-arnatious” above, can be invoked with just the snap name. Calling this app invokes the script in the command field, in this case roslaunch-ing the talker/listener system out of the demo_nodes_cpp package.

Lastly, we specify the interfaces the snap needs access to outside of confinement – in this case network and network-bind. This allows the snap to access the network and be accessed from the network, respectively. You can read more about interfaces on the snapcraft site.
Build the Snap
Now that we’ve defined the snapcraft.yaml, we can build the snap itself. Make sure you’re in the correct directory (above the “snap/” directory containing the “snapcraft.yaml”) and invoke “snapcraft.”

~$ cd eloquent-snap ~/eloquent-snap$ snapcraft <omitted for brevity> Snapped colcon-talker-listener-arnatious_0.1_amd64.snap

If you neglected to install multipass earlier, snapcraft may prompt you to do so.

The build process may take several minutes. During that time, the colcon plugin will install rosdep and use it to determine the dependencies specified in the package.xml of the packages, fetching and unpacking them into your snap. At the end, the result is squashed into a .snap file.

Test the Snap

To install the snap we just built before publishing it, we run

~/eloquent-snap$ sudo snap install --dangerous eloquent-talker-listener-arnatious_0.1_amd64.snap eloquent-talker-listener-arnatious 0.1 installed

The --dangerous flag is required to install snaps from locations other than the store. The snapd daemon responsible for running snaps requires any snap to be cryptographically verified from the snap store, unless the --dangerous flag is used.

Finally, we invoke the snap:

$ eloquent-talker-listener-arnatious [INFO] [launch]: All log files can be found below /home/arnatious/snap/eloquent-talker-listener-arnatious/x1/.ros/log/2019-12-11-07-56-04-973199-arnatious-ubuntu-1910 [INFO] [launch]: Default logging verbosity is set to INFO [INFO] [talker-1]: process started with pid [28330] [INFO] [listener-2]: process started with pid [28331] [talker-1] [INFO] [talker]: Publishing: 'Hello World: 1' [listener-2] [INFO] [listener]: I heard: [Hello World: 1] [talker-1] [INFO] [talker]: Publishing: 'Hello World: 2' [listener-2] [INFO] [listener]: I heard: [Hello World: 2] [talker-1] [INFO] [talker]: Publishing: 'Hello World: 3' [listener-2] [INFO] [listener]: I heard: [Hello World: 3] …

The snap runs without issue on the machine, regardless of linux distro or whether ROS is on the machine. You can now push to the the snap store – where anyone running snapd can install and run it.

I hope this gives you a good look at how to build ROS 2 Eloquent snaps! Feel free to ask questions on the Snapcraft forums or on the ROS Forums.

Ubuntu Blog: Building a Rust snap by Example

2 days 10 hours ago

There’s plenty of official documentation which details how to create snaps. We live in the copy/paste generation though. So lets walk through a real-world example you can use as a template, or selectively yoink sections from.

This is the first in a series of posts which break down how to build snaps based on published works in the Snap Store. This week we’re looking at “System Syzygy” , a graphical puzzle game written using Rust and SDL2.


Let’s start with the easy part, the human-readable bit. Here we set out the name of the snap as it would appear in the Snap Store web user interface, and on the command line with snap info syzygy. As the summary is displayed in the command line output of snap info it’s worth keeping it short and sweet. The description can be more meaty, covering details about the application, command line options, keyboard shortcuts and links to help.

Once published however, the summary and description can also be maintained via the Snap Store listing page, but this is a good starting point.

name: syzygy
summary: System Syzygy - A narrative meta-puzzle game
description: |
System Syzygy is a puzzle game, in the style of Cliff Johnson's
The Fool's Errand and 3 in Three, and of Andrew Plotkin's System's

The version number can often be seen either with a version: or version-script: line. However we have used adopt-info to inform snapcraft that the version will be set by a part, further down the yaml. The part name is specified. We’ll come back to this later.

adopt-info: syzygy Base

The base indicates which runtime this snap should be run against. When the syzygy snap is installed on a system, the core18 base snap will be automatically installed too. Essentially this determines the version of libc the application was built against. The core18 base snap is built from Ubuntu 18.04 (LTS) and as such, we should build this snap in a VM or container running the same release.

Other (older) bases are available and in the future newer bases will be made, but today, this is an appropriate base to build with.

base: core18 Architectures

Both the snapcraft build service and launchpad have the capability to build snaps for numerous architectures. However, not all applications may successfully build or run on all of them. Sometimes the dependencies or build tools aren’t available for every CPU architecture, or perhaps the tool-chain is not supported on anything but mainstream architectures.

In the case of System Syzygy, it only builds for 64-bit and 32-bit Intel CPU architectures. Specifying the supported architectures here means the build systems won’t waste time attempting to compile the game on CPUs we know it won’t succeed on.

- build-on: [amd64,i386] Confinement

System Syzygy is a simple, non-networked game. It needs access to take input from the keyboard and mouse, display things on the screen, and play back audio. As such it can be strictly confined.

confinement: strict Grade

Grade is an indicator of the quality of this snap. Initially we might set this to devel while it’s in development. However, in order to be published in the stable or candidate channels in the store, we should set this to stable. Only applications with a stable grade are permitted in the stable and candidate channels.

grade: stable Parts

Parts are the meat of the snap. Here’s where we outline what actually goes inside the package. As System Syzygy is a game written in Rust, and is hosted externally on github, we can list the plugin and the url to the source repository here.

plugin: rust
source: https://github.com/mdsteele/syzygy.gitPartsparts:
plugin: rust
source: https://github.com/mdsteele/syzygy.git override-pull

Many applications are not written with relocatability in mind. The override-pull section may contain anything we might want to do, to manipulate the source code before building it.

System Syzygy makes an assumption about where to load some of the required libraries or assets. We can override this by simply patching the line in the source such that it now points into the directory the snap will be installed to. These are shell commands in a list.

The snapcraftctl pull statement instructs snapcraft to do whatever is required to obtain the source as defined by the plugin and source lines above. Then we patch the source files as necessary.

override-pull: | snapcraftctl pull sed -i 's|usr/lib/syzygy|/snap/syzygy/current|' src/gui/loader/path_linux.c override-build

Most applications use standard build tools and common patterns for compiling and installing files. However sometimes they miss out steps we assume as part of a build. The developer may omit installation steps for example, assuming the user will simply run the application directly from the build folder.

In the case of System Syzygy, we need to copy the game assets (fonts, sprites and background images) into the right place. We use the build-time variable SNAPCRAFT_PART_INSTALL as our target. Later in the snapcraft lifecycle the contents of this folder will be assimilated into the final snap.

override-build: | snapcraftctl build mkdir $SNAPCRAFT_PART_INSTALL/data cp -a data/fonts data/sprites data/backgrounds $SNAPCRAFT_PART_INSTALL/data cp -a target/release/syzygy $SNAPCRAFT_PART_INSTALL/bin snapcraftctl set-version $(git -C ../src describe --tags | sed 's/v//')

Finally we use git to extract the version number via git and assign that to the snap with the snapcraftctl statement. This bubbles up via the adopt-info line above to become the version number


System Syzygy has a very small set of build dependencies outside those specified in the rust Cargo.toml. We list the packages which fulfil those build dependencies in the build-packages section of the part. These will be installed by snapcraft before the build starts.

build-packages: - libsdl2-dev stage-packages

Once built, the game leverages a few libraries to draw on the screen and play audio. If we didn’t specify these, the game would not work even if the libraries existed on the host OS. The snap is strictly confined, so cannot see any external libraries, so we list them here to bundle them with the game.

We can discover which packages to add by running snapcraft without specifying any at all. Snapcraft will introspect the binaries shipped in the snap, and list a best-guess array of required packages.

stage-packages: - libglu1-mesa - libsdl2-2.0-0 - libpulse0 Application

The apps stanza is where we setup the environment and expose the binary inside the snap to the outside world. This includes ensuring the binary can find the GL drivers required to paint the game window, and extend the library search path to include the pulseaudio libraries for audio playback.

In addition, the game has an internal environment variable which should point to the game data folder. We use the SNAP runtime environment variable to construct the correct path to the game files configured earlier.

Finally we specify the required plugs to enable the game to draw on the screen, play audio, access the GPU via opengl, and suppress the screensaver.

SHELL: bash
__EGL_VENDOR_LIBRARY_DIRS: $SNAP/etc/glvnd/egl_vendor.d:$SNAP/usr/share/glvnd/egl_vendor.d
command: syzygy
- x11
- pulseaudio
- opengl
- screen-inhibit-control Summary

Building and publishing snaps of applications written in Rust is pretty straightforward. The example above highlights how we can be flexible if the build system requires tweaking, or where an application needs minor patching. A non-graphical Rust app would be simpler than this example by virtue of not needing the SDL, GL and pulse libraries and environment configuration.

Building and distributing a game written in any language is mostly similar to what’s outlined above. Only the part definition changes, the environment and plugs configuration will be mostly common.

We welcome new games and applications in the Snap Store. The developers of snapd, snapcraft and the Snap Store hang out over on the snapcraft forum. Join us there if you have any questions or comments about this article or need assistance building a new snap.

Podcast Ubuntu Portugal: Ep 68 – Salvem a Amazónia

2 days 12 hours ago

Episódio 68 – Salvem a Amazónia. Uma viagem alucinante pelos recantos desse grande manto verde da América do Sul, com breves explicações sobre espécies e costumas dos nativos. Nada disso! Falámos sobre Ubuntu, AWS, Canonical, kernel e muito mais.

  • https://www.thingiverse.com/thing:2288142
  • https://ubuntu.com/blog/canonical-announces-ubuntu-pro-for-amazon-web-services
  • https://ubuntu.com/blog/introducing-the-ubuntu-aws-rolling-kernel
  • https://docs.microsoft.com/en-us/azure-sphere/install/install-sdk-linux
  • https://academy.findmore.pt/ (email de registo em formações: rh [at] findmore.pt )
  • https://fosdem.org
  • https://www.meetup.com/ubuntupt/events/266888646/
  • https://github.com/PixelsCamp/talks
  • https://pixels.camp/
  • https://www.humblebundle.com/books/data-science-no-starch-books?partner=PUP
  • https://www.humblebundle.com/?partner=PUP

Este episódio foi produzido e editado por Alexandre Carrapiço (Thunderclaws Studios – captação, produção, edição, mistura e masterização de som) contacto: thunderclawstudiosPT–arroba–gmail.com.

Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.

Se estiverem interessados em outros bundles se acrescentarem no fim do link para qualquer bundle: ?partner=pup (da mesma forma como no link da sugestão) e vão estar também a apoiar-nos.

Atribuição e licenças

A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da [CC0 1.0 Universal License](https://creativecommons.org/publicdomain/zero/1.0/).

Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

Sean Davis: The New bluesabre.org

2 days 20 hours ago

Behold! And welcome to the new bluesabre.org! If you're a regular, you might have noticed that the site has had a bit of a facelift. After nearly a decade of publishing with Wordpress, I've moved to Ghost. And so far, I'm impressed.

What's New?

It's faster. Ghost is fast without any help, providing all the publishing tools I need and (from what I can tell) none that I don't. To further speed things up, I've optimized all of the images on my site for small download sizes and super-fast loading.

It's more open. Ghost themes, powered by Handlebars templates,  are significantly easier to maintain than Wordpress themes, and you can really go far with the default Casper theme. I've forked the theme with a few minor enhancements, and made it available on GitHub. Meet Mouser.

Left: standard or "light" theme on desktop; Right: "dark" theme on mobile

It's more consistent. Years of blogging included years of varying headers, layouts, and custom CSS. With this move, I'll standardized each page and post to make for a less jarring reading experience. Oh, and it now supports dark themes (as sent by your system or browser).

/usr/bin/google-chrome-stable --force-dark-modePro tip: You can force Chrom(ium) to use dark mode in Linux with a commandline flag.

It's easier for me. Goodbye plugins, hello everything I need to just write. With a nearly upstream theme, an unmodified core, and no plugins to worry about, I can worry about other things like development, blogging, mentorships, and community engagement. It all gets better from here.

What's Next?

With this site migration finally out of the way, it's time to get back to work on Xubuntu 20.04 LTS "Focal Fossa". There's a lot of work to do, and only a few months to do it. In particular, I'd like to get some appearance items out of the way...

  • Greybird-Dark, the new dark variant of the standard Xfce theme, is in master, and is ready for an initial release.
  • We should be able to add the Greybird themes to the gtk-common-themes snap package, enabling a consistent look for Snap packages in Xubuntu.

Let me know what you think of the new site in the comments below. As for me, back to work I go!

Stephen Michael Kellat: In the aftermath...

2 days 22 hours ago

I should mention I survived surgery. Recovery is taking a while and I'm not having fun. These things pass with time.

Election results have started to come in across the United Kingdom and initial reactions to them were not positive. I already read talk about expatriation from multiple quarters. That's often not a good thing.

In that respect I'll put forward two notions. The first is to not overlook the EB-5 immigrant investor visa program in the USA. For its "Targeted Employment Area" definition that has lower capital levels that you have to put forward…one area targeted is a "rural area". Where am I again? If you can live with some occasional heavy snows, want to try to make a startup (regardless of type) in an area with top hospitals, and want to still have fairly easy access to Canada across Lake Erie frankly I could hook you up a realtor in my local area to get started. The cost of living in this part of Ohio is low and will probably look like what you always thought the mythical Ambridge of Radio 4's The Archers would look like.

As to the second option, go talk to the University of the South Pacific. They're a multi-national institution in the Pacific that provides educational opportunities in several nation-states. They do good work. With the measles outbreak in the independent state of Samoa that has held back some education work while heroic efforts continue to contain the outbreak. The Pacific is a beautiful place to live and if I had fewer family obligations I would be heading back that way to live. If you can't handle the new Brexit reality there are new frontiers in paradise to explore for living and working.

Again, these are just notions. On my part I managed to finish up a patchset to Xubuntu offline documentation while I've been recovering from surgery. I know I have political turmoil here stateside but it doesn't hold me back from helping make Xubuntu fabulous during the Focal Fossa cycle. My pain is a little bit more direct at the moment…

Ubuntu Podcast from the UK LoCo: S12E36 – Desert Strike

3 days 9 hours ago

This week we’ve been making a low latency point-to-point game streaming application, discuss what it takes to create each Ubuntu distro release, bring you some command line love and go over the last of your feedback for 2019.

It’s Season 12 Episode 36 of the Ubuntu Podcast! Alan Pope and Martin Wimpress are connected and speaking to your brain.

In this week’s show:


  • We discuss what happens in each 6 month Ubuntu development cycle and how Ubuntu is created.

  • We share a Command Line Lurve:

  • And we go over all your amazing feedback – thanks for sending it – please keep sending it!

  • Image taken from Desert Strike published in 1992 for PC by Electronic Arts.

That’s all for this year! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Toot us or Comment on our Facebook page or comment on our sub-Reddit.

Jonathan Riddell: KDE’s releases debranding

3 days 10 hours ago

A new step in KDE’s  branding has happened today, or rather debranding.  The old dump of everything we made used to be called just “KDE” and then some projects wanted to release on their own timetable so calling it “KDE” became less accurate.  After a while our flagship Plasma project wanted to release on its own and lots of projects did their own release too but many wanted that faff taken care of for them still so those projects got called “KDE Applications”.  But  that didn’t quite fit either because there were many plugins and libraries among them and many Applications from KDE which were not among them.  So today we removed that brand too and just make releases from a release service, which are source tars that are not very interesting to end users so they get a boring factual release page.

And to keep our users informed the Monthly Apps Update is now published direct on kde.org and covers both self released and release service releases.

And as our website enters the 21 century we now updated the way the stories are published so now anyone can edit or propose patches to them in Git writing Markdown.  So if you know of any new features or developments in our apps which will be released by this time in January then send us a patch.



Jono Bacon: Angela Brown from The Linux Foundation on Delivering Great Events

3 days 23 hours ago

Events are a core element of how businesses engaging with the world. Whether you are attending, speaking at, or organizing an event, you need to have your event game down. The question is: what really goes into a great event, and what is the balance of content, networking, venue, and other ingredients that make events succeed?

Angela Brown should know: she is one of the most talented people in the events business. Leading events at The Linux Foundation, Angela and her team run a broad range of events, all over the world, from small gatherings to conferences spanning tens of thousands. This includes the Open Source Summit, KubeCon, and many.

In this episode of Conversations With Bacon, we unpack Angela’s experience and explore topics including:

  • The core elements of a great event.
  • The ingredients in great content and speakers at events.
  • The role events play in fostering a more diverse and inclusive ecosystem.
  • How Angela has evolved her approach over the years, and the role of feedback.
  • How data drives events, and how attendee interests vary around the world.
  • How to design events for people new to an industry as well as industry veterans.
  • And much more…

Be sure to also check my book, ‘People Powered: How communities can supercharge your business, brand, and teams’, published by HarperCollins Leadership and available now.



Click here subscribe to the show on YouTube

The post Angela Brown from The Linux Foundation on Delivering Great Events appeared first on Jono Bacon.

Ubuntu Blog: Juju 2.7: Enhanced k8s experience, improved networking and more

4 days 10 hours ago

Canonical is proud to announce the availability of Juju 2.7. This new release introduces a range of exciting features and several improvements which enhance Juju across various areas.

To learn more about Juju, visit our page.

Kubernetes extensions

Juju is becoming the simplest way to deploy and manage your container-centric workloads. This release was aimed at bringing more Juju features to k8s charms and more k8s features to Juju.

K8s charms can now define actions, introspect agents, and communicate back to Juju via the addition of juju-run within the pod’s PATH environmental variable. Experienced k8s operators will feel more at home with the ability to set secrets, administer service accounts, and other k8s-native features from their charms directly.

Flexible, adaptive networking in

Network management used to be one of the most frustrating parts when deploying applications to the cloud. Therefore, during this development cycle, Canonical has reworked the internals of how Juju manages networking. This has paid off in the form of added flexibility and opens the door for lots of innovation in this area. 

The most prominent change has been the inclusion of the juju bind command. As a result, users can now define application endpoint bindings to network spaces over time. Previously this capability was only available at the deployment time, so the applications had to be re-deployed in case of any changes on the networking side.

Bulking out bundles

As of Juju 2.7, bundles provide the capability of describing cross-model relations. Cross-model relations allow re-using applications outside of their original model. That allows central services, such as those provided by OpenStack Keystone or Vault, to be accessible from other models.

Cross-model relations also enable applications to bridge clouds. For example, users can deploy a database on bare metal with minimal I/O overhead and a web application, which uses these data, on Kubernetes where high-density is preferred.

Moreover, bundles now support Juju’s trust functionality. Trust allows users to delegate programmatic access to cloud APIs to charms. This allows charms to directly provision storage.

New charm capability: application-level data

Charms are now able to store and retrieve data outside of individual application units. This new functionality is scale-agnostic. Even if the scale of an application is reduced to 0, the data is retained. This effort was driven by a requirement to create a distributed key/value store that is accessible for all units of an application. To set a shared value, charms needed to coordinate between all peers. That’s now reduced to only a single message.

CLI improvements

Juju 2.7 introduces several changes to command-line behaviour to make it easier for both developers and end-users. This includes the commands used to manage clouds and credentials. Users can benefit from numerous improvements, such as “ask-or-tell” approach, region-specific credentials, updating credentials from an input file, adding multiple credentials at once, etc.

For more information about Juju 2.7, please refer to the official release notes.

To learn more about Juju, visit our page

Ubuntu Blog: ObjectBox, database for IoT devices, adopts snaps for simplicity and ease of installation

5 days 6 hours ago

When designers put their heart and soul into making super-fast, easy-to-use software to help take Internet of Things (IoT) apps to the next level, installation of that software needs to meet the same high standards.

ObjectBox is a database and synchronisation solution for rapid, efficient edge computing for mobile and IoT devices. Rather than each device sending all its data back to a cloud/server, ObjectBox enables data storage and processing within the device. Developers get simplicity and ease of implementation with native language APIs instead of SQL. Users can use data on edge devices faster with fewer resources.

Markus Junginger, CTO and co-founder of ObjectBox explains, “Moving decision making to the edge means faster response rates, less traffic to the cloud, and lower costs. We built an edge database with a minimal device footprint of just 1 MB for high on-device performance.” ObjectBox also synchronises data between devices and servers/the cloud for an ‘always-on’ feeling and improved data reliability. With ObjectBox, an application always works – whether the device is online or offline. 

However, user-friendliness of installation and limited user installation options were both concerns. To date, ObjectBox installation had been offered only as a GitHub package. According to Markus, “GitHub is developer-centric. While it’s useful for getting started, we wanted to offer something additional that would broaden our market reach and be easy for users in general”. 

ObjectBox found the installation option it was looking for through the company’s involvement in the EdgeX Foundry™ IoT Edge Platform. This vendor-neutral open source project hosted by The Linux Foundation provides a common open framework for IoT edge computing. EdgeX is also available for download and installation as a snap, the containerised software package for easy, secure installation in any Linux environment, including desktop, cloud, and IoT devices.

When Markus saw how easily the Edge X snap could be downloaded and installed from the Snap Store, he immediately saw the potential of a snap for ObjectBox. As he says, “Although EdgeX is complex, the snap is very easy for users. Whereas in other approaches, like Docker, users must specify the setup location of the file system, they do not need to do this with a snap. Snap updates with new binaries are very simple too.”

The EdgeX snap was a convenient model for ObjectBox to work with. Markus and his team built their own snap based on the EdgeX snap, swapping out the default database and replacing it with ObjectBox. He adds, “We loaded the shared libraries and other library files to get a snap with ObjectBox, EdgeX core, security, and support services, as well as Consul, Kong, Vault, a Java Runtime Environment (JRE), and a set of basic device services, all with a simpler YAML file for installation.”

Markus and ObjectBox believe that improved user discovery and adoption will be among the benefits of using snaps. Snaps will help make the advanced ObjectBox technology accessible to all businesses that want to use IoT to its full potential. Markus says, “We make it easy to handle high data volumes in different sizes of devices and systems. It’s great that installation can now be so easy too. No big instruction manual is required, and all Linux platforms can be served by snaps, from entry level like Raspberry Pi and upwards.”

ObjectBox made it’s snap available in the stable channel of the Snap Store. Publication coincided with the new EdgeX release. Markus says, “As performance is such a vital element for ObjectBox, we’re interested in any performance improvements for snaps in the future, but we’re also pretty happy for the moment.”

What advice does Markus have for other developers thinking about using snaps for the installation of their own software? He says, “Although documentation for snaps is good, it really helps to see an example of how somebody else has done it. For example, with the EdgeX snap, we could see how EdgeX had done it. Talking to other developers also is a great way to pick up a new tool speedily. From a user perspective, snaps are a great tool and I look forward to them being used more and more!”

The ObjectBox snap is available to install here.

Ubuntu Blog: Canonical Announces Support for Kubernetes 1.17

5 days 8 hours ago

Canonical announces full enterprise support for Kubernetes 1.17, with support covering Charmed Kubernetes, MicroK8s and Kubeadm.

MicroK8s will be updated with Kubernetes 1.17 enabling users access to the latest upstream release with a single-line command in under 60 seconds. MicroK8s now brings Machine Learning deployments in seconds with the Kubeflow add-on. MetalLB load balancer add-on is now part of MicroK8s  as well as enhancements, upgrades and bug fixes. With MicroK8s 1.17, users can develop and deploy enterprise-grade Kubernetes on any Linux desktop, server or VM across 42 Linux distros. It’s a full Kubernetes in a small package, perfect for IoT, Edge and your laptop!

Canonical’s Charmed Kubernetes 1.17 will come with exciting changes like CIS benchmarking ability, Snap coherence and Nagios checks.

Charmed Kubernetes 1.17

CIS Benchmark

The Center for Internet Security (CIS) maintains a Kubernetes benchmark that is helpful to ensure clusters are deployed in accordance with security best practices. Charmed Kubernetes clusters can now be checked for how well a cluster complies with this benchmark.

Snap Coherence

Beginning with Charmed Kubernetes 1.17, revisions of snap packages used by `kubernetes-master` and `kubernetes-worker` charms can be controlled by a snap store proxy.

Nagios checks

Additional Nagios checks have been added for the `kubernetes-master` and `kubernetes-worker` charms. These checks enhance the monitoring and reporting available via Nagios by collecting data on node registration and API server connectivity.


A list of bug fixes and other minor feature updates in this release can be found at Launchpad.

MicroK8s 1.17
  • Kubeflow add-on. Give it a try with `microk8s.enable kubeflow`.
  • MetalLB Loadbalancer add-on, try it with `microk8s.enable metallb`.
  • Separate front proxy CA.
  • Linkerd updated to v2.6.0.
  • Jaeger operator updated to v1.14.0.
  • Updating Prometheus operator (latest).
  • Istio upgraded to v1.3.4.
  • Helm upgraded to 2.16.0.
  • Helm status reported in `microk8s.status`.
  • Set default namespace of `microk8s.ctr` to `k8s.io`.
  • Better exception handling in the clustering agent.
  • Fixes in cluster upgrades.
  • `microk8s.inspect` now cleans priority and storage classes.
  • `microk8s.inspect` will detect missing cgroups v1 and suggest changes on Fedora 31.
Kubernetes 1.17 Changes

Cloud provider labels

Cloud provider labels (node.kubernetes.io/instance-type, topology.kubernetes.io/region and topology.kubernetes.io/zone) have now reached general availability. All Kubernetes components have been updated to populate and react on those labels. Cloud provider labels can be used to target certain workloads to certain instance types, ensure that pods are placed on the same zone as the volumes they claim, configure node affinity, etc. All of those specs are portable among different cloud providers. 

Volume snapshots

The volume snapshot feature was introduced in Kubernetes 1.12 and is not moving to the beta state. It enables creating snapshots of persistent volumes which can later be used to restore a point-in-time copy of the volume. This provides backup and restore functionality for Kubernetes volumes allowing users to benefit from increased agility with regards to workloads operations.

CSI migration

The CSI (container storage interface) migration enables the replacement of existing storage plugins with a corresponding CSI driver. Prior to CSI, Kubernetes provided a variety of so-called “in-tree” storage plugins which were part of the core Kubernetes code and shipped together with Kubernetes binaries. In order to resolve the issues associated with an ongoing support of storage plugins, CSI was introduced in Kubernetes 1.13. The migration feature is now available in the beta state. The entire process aims to be fully transparent to the end-users. 

Windows-specific options

This feature provides enhancements in the Kubernetes pod spec to capture Windows-specific security options. This includes external resources and the RunAsUserName option which allows users to specify a string that represents a username to run the entrypoint of Windows containers. This increases the security of the workloads and provides an easy-to-use interface for defining those options.

Other changes

  • Topology aware routing of services feature is now available in an alpha state
  • Taint node by condition feature has graduated to a stable state
  • Configurable pod process namespace sharing feature has graduated to a stable state
  • Schedule DaemonSet pods by kube-scheduler feature has graduated to a stable state
  • Dynamic maximum volume count feature has graduated to a stable state
  • Kubernetes CSI topology support feature has graduated to a stable state
  • Provide environment variables expansion in SubPath mount feature has graduated to a stable state
  • Defaulting of custom resources feature has graduated to a stable state
  • Move frequent kubelet heartbeats to lease API feature has graduated to a stable state
  • Break apart the Kubernetes test tarball feature has graduated to a stable state
  • Add watch bookmarks support feature has graduated to a stable state
  • Behavior-driven conformance testing feature has graduated to a stable state
  • Finalizer protection for service load balancers feature has graduated to a stable state
  • Avoid serializing the same object independently for every watcher feature has graduated to a stable state
  • An ongoing support of the IPv4/IPv6 dual stack
Get in touch

If you are interested in Kubernetes support, consulting, or training, please get in touch!

Ubuntu Blog: CVE patching is not making your Linux secure

5 days 9 hours ago

Would you like to enhance your Linux security? Do you wonder what factors should be considered when evaluating your open source security from both – the infrastructure and the application perspectives? Are you keen to learn the Ubuntu security team approach? I’ve learned that CVE patching is indeed an important puzzle, but without a structured approach, professional tools and well-defined processes in place, your Linux environment will not be secure.

What do Linux security experts say?

I got inspired by all these questions during the Open Source Security Summit, which was followed by the Linux Security Summit. I really enjoyed a week full of keynotes, workshops and meaningful conversations. So much so that, in my notebook, I noted down some really good quotes about the Linux security. For instance, Kelly Hammond from Intel opened her keynote by saying that “security is like doing the laundry or the dishes – it’s never done”. Working with the Ubuntu security team on a daily basis, I couldn’t agree more.

Linux security is more complicated than fixing CVEs

Fixing CVEs is a continues job that all Linux security teams focus on. In his keynote, Greg Kroah-Hartman from the Linux Foundation looked at this problem from the kernel perspective. In his exact words “CVEs mean nothing for the kernel” because very few CVEs are ever going to be assigned for the kernel. A stable Linux kernel receives 22-25 patches every day without any CVE process involved. So Greg’s position on the Linux security comes down to always using the latest stable kernel and not worrying about CVEs.

What is a CVE?

CVEs are known Common Vulnerabilities and Exposures maintained by Mitre, a not-for-profit organisation. Its goal is to make it easier to deal with cybersecurity threats by providing a unified framework. Anyone can file a CVE which then can then be evaluated by a vendor or a publisher of a product. As of today the CVE database it consists of 127111 entries. Ubuntu security team receives, reviews and prioritises multiple CVEs every day.

Security has multiple layers

From the security standpoint, Canonical (the publisher of Ubuntu) has two teams: the kernel team and the security team.

The Ubuntu Kernel team has multiple security-related initiatives, including:

  • A short kernel release cycle, which is like a flu shot to the Ubuntu kernel. Every 3 weeks, Canonical delivers the latest stable kernel with all security patches in place. 
  • Kernel Livepatch, a security-focused product which allows automatic patching of the kernel without reboots. It is free for personal use. For commercial use, it is part of the Ubuntu Advantage for Infrastructure

The Ubuntu Security team has multiple initiatives including:

  • Proactive security: the team examines the source code to identify treads and problem patterns. For example, before adding any new package to the main Ubuntu repository, each source code package needs to be signed-off by the security team.
  • CVE patching: which is done on multiple levels. As mentioned above, CVEs are coming from various sources, so first, they need to be evaluated. Canonical is one of the most distributed companies in the world, so there is always someone ready to assess the threat. Each CVE is then prioritized according to the Ubuntu CVE Priority Descriptions.
Quantify your security score

According to Greg Kroah-Hartman from the Linux Foundation, “if you are not using a supported Linux distribution kernel, or a stable/ longterm kernel, you have an insecure system”. Ubuntu users can benefit from the Kernel Livepatch and 5 years of standard support, which can be extended to 10 years under the ESM (Extended Security Maintenance). Both ESM and Kernel Livepatch are included in the Ubuntu Advantage for Infrastructure offering.

Ubuntu is built with security in mind, so the team evaluates the effectiveness of security initiatives by defining and carefully monitoring security metrics. As mentioned earlier, security at Canonical is a 24/7 job. In the CVE context, we are using a distributed team of security experts, structured processes and professional tools to prioritize each CVE. Our goal is to provide a patch for the most impactful security threats as quickly as possible. That is why, on average a CVE of critical priority is patched in less than a day, and a CVE of high priority is patched in less than a week.

If you’d like to learn more, check out our latest “Linux security with Ubuntu” webinar.

Photo by Hans-Peter Gauster on Unsplash

The Fridge: Ubuntu Weekly Newsletter Issue 608

6 days 2 hours ago

Welcome to the Ubuntu Weekly Newsletter, Issue 608 for the week of December 1 – 7, 2019. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Ubuntu Blog: Canonical sponsors WSLConf at Microsoft HQ

6 days 8 hours ago

Canonical is announcing today it will be a featured sponsor of WSLConf, the first conference dedicated to the Windows Subsystem for Linux (WSL) platform. WSLConf is scheduled for March 10th-11th, 2020 and is being held on the campus of Microsoft’s headquarters in Redmond, Washington. The conference brings together developers, start-up founders, academics, enterprise, community members, and teams from Microsoft and Canonical around Windows Subsystem for Linux. The conference will include two densely-packed days of presentations and workshops on the latest developments on the rapidly evolving platform.

Ubuntu first partnered with Microsoft to bring Bash on Ubuntu on Windows to users in 2016 with the Windows 10 Anniversary Update. Bash has since evolved into Windows Subsystem for Linux. WSL is a stable and mature Linux platform for cross-platform development, DevOps, and system administration built directly into Windows 10. At Build 2019, Microsoft announced WSL 2 with performance improvements based on a Linux kernel. Ubuntu is the most popular distribution choice for WSL. Ubuntu is continuing it’s leading role on WSL by supporting WSLConf and fostering the development community around WSL.

Some of the scheduled speakers for WSLConf include:

  • Ben Hillis, Lead Software Engineer, Windows Subsystem for Linux, Microsoft
  • Kayla Cinnamon, Project Manager, New Windows Terminal, Microsoft
  • Simon Ferquel, Software Engineer, Docker Desktop for Windows, Docker
  • Hayden Barnes, Developer Advocate, Ubuntu on WSL, Canonical
  • Erika Sweet, Project Manager, Visual Studio, Microsoft
  • Nuno Do Carmo, Senior IT System Analyst, Ferring Pharmaceuticals
  • Carlos Ramirez, Lead Developer, Pengwin, Whitewater Foundry
  • Jinming Wu, Lead Developer, wslutilities
  • Dax MacDonald, Software Engineer, Rancher Labs

Presentations at WSLConf will include the following topics:

  • Build, test, and deploy with Kubernetes on WSL
  • Accelerating Internet of Things development with WSL
  • The latest news from the WSL and Windows Terminal teams
  • Demos of WSL integration with Visual Studio and JetBrains IDEs
  • A technical deep-dive on the new WSL2-based Docker Desktop for Windows
  • Question and answer session with Ben Hillis, the lead developer of WSL
  • How to secure WSL deployments in the enterprise environment
  • WSL for long-time UNIX system administrators

A complete listing of speakers and additional information for WSLConf can be found on wslconf.dev. Conference attendance is free but registration is required and space is limited. A live streaming only option is available for those who cannot travel to Redmond.

Register for WSLConf.

See the Canonical Privacy Notice for Events. Attendees must adhere to the Microsoft Code of Conduct and Ubuntu Code of Conduct. Discounted hotel rates are available until February 10, 2020.

Ubuntu Blog: Updated images of Ubuntu for the Raspberry Pi 2, 3 and 4

6 days 9 hours ago

Updated 32-bit and 64-bit images of Ubuntu for the Raspberry Pi family of devices have just been released. Innovators around the world can now download 32-bit images for the Raspberry Pi 2, 3 and 4, as well as 64-bit images for the Raspberry Pi 3 and 4.

With the new images, USB ports are now fully functional out of the box on the 4GB RAM version of the Raspberry Pi 4. A kernel bug was limiting our official support to the 1GB and 2GB versions of the board. A temporary workaround was proposed to enable USB on the 4GB RAM version. This bug is now fixed, and the limitation lifted.

Raspberry Pi is a first-class platform priority for Ubuntu. Next, we will deliver Ubuntu Server 18.04 LTS and Ubuntu Core on the Raspberry Pi boards. We’re working with the Raspberry Pi foundation to have an officially supported image of Ubuntu available at every new release of a Raspberry Pi board. We will make developers’ favorite operating system always available on makers’ favorite single-board computer. We encourage developers and tinkerers to explore the possibilities that Ubuntu brings to the Raspberry Pi, such as edge computing, Kubernetes clusters, and more.

Last, but not least, we are grateful for the active feedback we continuously receive from the community of Ubuntu users. This feedback fuels our effort to deliver great Ubuntu – not only in the cloud or on desktops, but also on the Raspberry Pi.

Sean Davis: Welcome to Ghost

6 days 21 hours ago
A few things you should know
  1. Ghost is designed for ambitious, professional publishers who want to actively build a business around their content. That's who it works best for.
  2. The entire platform can be modified and customised to suit your needs. It's very powerful, but does require some knowledge of code. Ghost is not necessarily a good platform for beginners or people who just want a simple personal blog.
  3. It's possible to work with all your favourite tools and apps with hundreds of integrations to speed up your workflows, connect email lists, build communities and much more.
Behind the scenes

Ghost is made by an independent non-profit organisation called the Ghost Foundation. We are 100% self funded by revenue from our Ghost(Pro) service, and every penny we make is re-invested into funding further development of free, open source technology for modern publishing.

The version of Ghost you are looking at right now would not have been made possible without generous contributions from the open source community.

Next up, the editor

The main thing you'll want to read about next is probably: the Ghost editor. This is where the good stuff happens.

By the way, once you're done reading, you can simply delete the default Ghost user from your team to remove all of these introductory posts!

Sean Davis: Writing posts with Ghost ✍️

6 days 21 hours ago
Just start writing

Ghost has a powerful visual editor with familiar formatting options, as well as the ability to add dynamic content.

Select your text to add formatting such as headers or to create links. Or use Markdown shortcuts to do the work for you - if that's your thing.

Rich editing at your fingertips

The editor can also handle rich media objects, called cards, which can be organised and re-ordered using drag and drop.

You can insert a card either by clicking the  +  button, or typing  /  on a new line to search for a particular card. This allows you to efficiently insert images, markdown, html, embeds and more.

For example:

  • Insert a video from YouTube directly by pasting the URL
  • Create unique content like buttons or forms using the HTML card
  • Need to share some code? Embed code blocks directly
<header class="site-header outer"> <div class="inner"> {{> "site-nav"}} </div> </header>

It's also possible to share links from across the web in a visual way using bookmark cards that automatically render information from a websites meta data. Paste any URL to try it out:

Ghost: The #1 open source headless Node.js CMSThe world’s most popular modern open source publishing platform. A headless Node.js CMS used by Apple, Sky News, Tinder and thousands more. MIT licensed, with 30k+ stars on Github.GhostWorking with images in posts

You can add images to your posts in many ways:

  • Upload from your computer
  • Click and drag an image into the browser
  • Paste directly into the editor from your clipboard
  • Insert using a URL
Image sizes

Once inserted you can blend images beautifully into your content at different sizes and add captions and alt tags wherever needed.

Image galleries

Tell visual stories using the gallery card to add up to 9 images that will display as a responsive image gallery:

Image optimisation

Ghost will automatically resize and optimise your images with lossless compression. Your posts will be fully optimised for the web without any extra effort on your part.

Next: Publishing Options

Once your post is looking good, you'll want to use the publishing options to ensure it gets distributed in the right places, with custom meta data, feature images and more.

Simos Xenitellis: Running X11 software in LXD containers

6 days 23 hours ago

With LXD you can run system containers, which are similar to virtual machines. Normally, you would use a system container to run network services. But you can also run X11 applications. See the following discussion and come back here. In this post, we further refine and simplify the instructions for the second way to run X applications. Previously I have written several tutorials on this.

Discussion on running X11 applications from within LXD system containers LXD GUI profile

Here is the updated LXD profile to setup a LXD container to run X11 application on the host’s X server. Copy the following text and put it in a file, x11.profile. Note that the bold text below (i.e. X1) should be adapted for your case; the number is derived from the environment variable $DISPLAY on the host. If the value is :1, use X1 (as it already is below). If the value is :0, change the profile to X0 instead.

config: environment.DISPLAY: :0 environment.PULSE_SERVER: unix:/home/ubuntu/pulse-native nvidia.driver.capabilities: all nvidia.runtime: "true" user.user-data: | #cloud-config runcmd: - 'sed -i "s/; enable-shm = yes/enable-shm = no/g" /etc/pulse/client.conf' packages: - x11-apps - mesa-utils - pulseaudio description: GUI LXD profile devices: PASocket1: bind: container connect: unix:/run/user/1000/pulse/native listen: unix:/home/ubuntu/pulse-native security.gid: "1000" security.uid: "1000" uid: "1000" gid: "1000" mode: "0777" type: proxy X0: bind: container connect: unix:@/tmp/.X11-unix/X1 listen: unix:@/tmp/.X11-unix/X0 security.gid: "1000" security.uid: "1000" type: proxy mygpu: type: gpu name: x11 used_by: []

Then, create the profile with the following commands. This creates a profile called x11.

$ lxc profile create x11 Profile x11 created $ cat x11.profile | lxc profile edit x11 $

To create a container, run the following.

lxc launch ubuntu:18.04 --profile default --profile x11 mycontainer

To get a shell in the container, run the following.

lxc exec mycontainer -- sudo --user ubuntu --login

Once we get a shell inside the container, you run the diagnostic commands.

$ glxinfo -B name of display: :0 display: :0 screen: 0 direct rendering: Yes OpenGL vendor string: NVIDIA Corporation ... $ nvidia-smi Mon Dec 9 00:00:00 2019 +-----------------------------------------------------------------------------+ | NVIDIA-SMI 430.50 Driver Version: 430.50 CUDA Version: 10.1 | |-------------------------------+----------------------+----------------------+ | GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC | | Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. | |===============================+======================+======================| ... $ pactl info Server String: unix:/home/ubuntu/pulse-native Library Protocol Version: 32 Server Protocol Version: 32 Is Local: yes Client Index: 43 Tile Size: 65472 User Name: myusername Host Name: mycomputer Server Name: pulseaudio Server Version: 11.1 Default Sample Specification: s16le 2ch 44100Hz Default Channel Map: front-left,front-right Default Sink: alsa_output.pci-0000_01_00.1.hdmi-stereo-extra1 Default Source: alsa_output.pci-0000_01_00.1.hdmi-stereo-extra1.monitor Cookie: f228:e515 $

You can run xclock which is an Xlib application. If it runs, it means that unaccelerated (standard X11) applications are able to run successfully.
You can run glxgears which requires OpenGL. If it runs, it means that you can run GPU accelerated software.
You can run paplay to play audio files. This is the PulseAudio audio play.
If you want to test with Alsa, install alsa-utils and use aplay to play audio files.


We dissect the LXD profile in pieces.

We set two environment variables in the container. $DISPLAY for X and PULSE_SERVER for PulseAudio. Irrespective of the DISPLAY on the host, the DISPLAY in the container is always mapped to :0. While the PulseAudio Unix socket is often located under /var, in this case we put it into the home directory of the non-root account of the container. This will make PulseAudio accessible to snap packages in the container, as long as they support the home interface.

environment.DISPLAY: :0
environment.PULSE_SERVER: unix:/home/ubuntu/pulse-native

This enables the NVidia runtime with all the capabilities, if such a GPU is available. The text all for the capabilities means that it enables all of compute, display, graphics, utility, video. If you would rather restrict the capabilities, then graphics is for running OpenGL applications. And compute is for CUDA applications. If you do not have an NVidia GPU, then these directly will silently fail.

nvidia.driver.capabilities: all
nvidia.runtime: "true"

Here we use cloud-init to get the container to perform the following tasks on the first time it starts. The sed command disables shm support in PulseAudio, which means that it enables the Unix socket support. Additionally, the listed three packages are installed with utilities to test X11 application, X11 OpenGL applications and audio applications.

user.user-data: |
- 'sed -i "s/; enable-shm = yes/enable-shm = no/g" /etc/pulse/client.conf'
- x11-apps
- mesa-utils
- pulseaudio

This command shares the Unix socket of the PulseAudio server on the host to the container. In the container it is /home/ubuntu/pulse-native. The security configuration refers to the host. The uid, gid and mode refer to the Unix socket in the container. This is a LXD proxy device, and binds into the container, meaning that it makes the host’s Unix socket appear in the container.

bind: container
connect: unix:/run/user/1000/pulse/native
listen: unix:/home/ubuntu/pulse-native
security.gid: "1000"
security.uid: "1000"
uid: "1000"
gid: "1000"
mode: "0777"
type: proxy

This part shares the Unix socket of the X server on the host to the container. If $DISPLAY on your host is also :1, then keep the default shown below to X1. Otherwise, adjust the number accordingly. The @ character means that we are using abstract Unix sockets, which means that there is no actual file on the filesystem. Although /tmp/.X11-unix/X0 looks like an absolute path, it is just a name. We could have used myx11socket instead, for example. We use an abstract Unix socket so that it is also accessible by snap packages. We would have used an abstract Unix socket for PulseAudio, but PulseAudio does not support them. The security uid and gid refer to the host.

bind: container
connect: unix:@/tmp/.X11-unix/X1
listen: unix:@/tmp/.X11-unix/X0
security.gid: "1000"
security.uid: "1000"
type: proxy

We make available the host’s GPU to the container. We do not need to specify explicitly which CPU we are using if we only have a single GPU.

type: gpu Installing software

You can install any graphical software. For example,

sudo apt-get install -y firefox

Then, run as usual.

firefox Firefox running in a container. Conclusion

This is the latest iteration of instructions on running GUI or X11 applications and having them appear on the host’s X server.

Note that the applications in the container have full access to the X server (due to how the X server works as there are no access controls). Do not run malicious or untrusted software in the container.


Command Line