Mozilla Thunderbird 45.0 Released, Fails to Bring GTK3 Integration for Linux

Today, April 13, 2016, Mozilla finally announced the availability of the final release for the highly anticipated Thunderbird 45.0 email, calendar, and news client, for all supported platforms.

After being in development for the past few months, Mozilla Thunderbird 45.0 arrives today in its final form, trying to be in part with its bigger brother, the Mozilla Firefox web browser.

We talked briefly about Mozilla Thunderbird 45.0 about two months ago, when we first spotted the first Beta build…

Docker 1.11 Linux Container Engine Brings over 90 Changes, Adds ARM64 Support

Delayed for one day, the major Docker 1.11 release of the open-source application container engine has been released today, April 13, 2016, and has been made available for download for all supported platforms.

Docker 1.11 is the result of a month’s work, during which it received a total of five RC (Release Candidate) builds. It has thus brought over 90 changes amongst various areas of the Linux container engine, including but not limited to builder, client, distribution, logging, net…

Linux Kernel 4.4.7 LTS Out Now with Multiple x86 Changes, Many Updated Drivers

Immediately after announcing the release of the first maintenance build of Linux kernel 4.5, Greg Kroah-Hartman informed the community about the availability of Linux kernel 4.4.7 LTS.

Linux kernel 4.4.7 is the seventh point release of the latest and most advanced long-term supported (LTS) Linux kernel branch for GNU/Linux operating systems. According to the diff from the previous maintenance build, version 4.4.6, which is used by default in popular operating systems like Ubuntu 16.04 LTS and…

LXD 2.0: Remote hosts and container migration [6/12]

This is the sixth blog post in this series about LXD 2.0.

LXD logo

Remote protocols

LXD 2.0 supports two protocols:

  • LXD 1.0 API: That’s the REST API used between the clients and a LXD daemon as well as between LXD daemons when copying/moving images and containers.
  • Simplestreams: The Simplestreams protocol is a read-only, image-only protocol used by both the LXD client and daemon to get image information and import images from some public image servers (like the Ubuntu images).

Everything below will be using the first of those two.

Security

Authentication for the LXD API is done through client certificate authentication over TLS 1.2 using recent ciphers. When two LXD daemons must exchange information directly, a temporary token is generated by the source daemon and transferred through the client to the target daemon. This token may only be used to access a particular stream and is immediately revoked so cannot be re-used.

To avoid Man In The Middle attacks, the client tool also sends the certificate of the source server to the target. That means that for a particular download operation, the target server is provided with the source server URL, a one-time access token for the resource it needs and the certificate that the server is supposed to be using. This prevents MITM attacks and only give temporary access to the object of the transfer.

Network requirements

LXD 2.0 uses a model where the target of an operation (the receiving end) is connecting directly to the source to fetch the data.

This means that you must ensure that the target server can connect to the source directly, updating any needed firewall along the way.

We have a plan to allow this to be reversed and also to allow proxying through the client itself for those rare cases where draconian firewalls are preventing any communication between the two hosts.

Interacting with remote hosts

Rather than having our users have to always provide hostname or IP addresses and then validating certificate information whenever they want to interact with a remote host, LXD is using the concept of “remotes”.

By default, the only real LXD remote configured is “local:” which also happens to be the default remote (so you don’t have to type its name). The local remote uses the LXD REST API to talk to the local daemon over a unix socket.

Adding a remote

Say you have two machines with LXD installed, your local machine and a remote host that we’ll call “foo”.

First you need to make sure that “foo” is listening to the network and has a password set, so get a remote shell on it and run:

lxc config set core.https_address [::]:8443 lxc config set core.trust_password something-secure

Now on your local LXD, we just need to make it visible to the network so we can transfer containers and images from it:

lxc config set core.https_address [::]:8443

Now that the daemon configuration is done on both ends, you can add “foo” to your local client with:

lxc remote add foo 1.2.3.4

(replacing 1.2.3.4 by your IP address or FQDN)

You’ll see something like this:

stgraber@dakara:~$ lxc remote add foo 2607:f2c0:f00f:2770:216:3eff:fee1:bd67 Certificate fingerprint: fdb06d909b77a5311d7437cabb6c203374462b907f3923cefc91dd5fce8d7b60 ok (y/n)? y Admin password for foo: Client certificate stored at server: foo

You can then list your remotes and you’ll see “foo” listed there:

stgraber@dakara:~$ lxc remote list +-----------------+-------------------------------------------------------+---------------+--------+--------+ | NAME | URL | PROTOCOL | PUBLIC | STATIC | +-----------------+-------------------------------------------------------+---------------+--------+--------+ | foo | https://[2607:f2c0:f00f:2770:216:3eff:fee1:bd67]:8443 | lxd | NO | NO | +-----------------+-------------------------------------------------------+---------------+--------+--------+ | images | https://images.linuxcontainers.org:8443 | lxd | YES | NO | +-----------------+-------------------------------------------------------+---------------+--------+--------+ | local (default) | unix:// | lxd | NO | YES | +-----------------+-------------------------------------------------------+---------------+--------+--------+ | ubuntu | https://cloud-images.ubuntu.com/releases | simplestreams | YES | YES | +-----------------+-------------------------------------------------------+---------------+--------+--------+ | ubuntu-daily | https://cloud-images.ubuntu.com/daily | simplestreams | YES | YES | +-----------------+-------------------------------------------------------+---------------+--------+--------+

Interacting with it

Ok, so we have a remote server defined, what can we do with it now?

Well, just about everything you saw in the posts until now, the only difference being that you must tell LXD what host to run against.

For example:

lxc launch ubuntu:14.04 c1

Will run on the default remote (“lxc remote get-default”) which is your local host.

lxc launch ubuntu:14.04 foo:c1

Will instead run on foo.

Listing running containers on a remote host can be done with:

stgraber@dakara:~$ lxc list foo: +------+---------+---------------------+-----------------------------------------------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+---------------------+-----------------------------------------------+------------+-----------+ | c1 | RUNNING | 10.245.81.95 (eth0) | 2607:f2c0:f00f:2770:216:3eff:fe43:7994 (eth0) | PERSISTENT | 0 | +------+---------+---------------------+-----------------------------------------------+------------+-----------+

One thing to keep in mind is that you have to specify the remote host for both images and containers. So if you have a local image called “my-image” on “foo” and want to create a container called “c2” from it, you have to run:

lxc launch foo:my-image foo:c2

Finally, getting a shell into a remote container works just as you would expect:

lxc exec foo:c1 bash

Copying containers

Copying containers between hosts is as easy as it sounds:

lxc copy foo:c1 c2

And you’ll have a new local container called “c2” created from a copy of the remote “c1” container. This requires “c1” to be stopped first, but you could just copy a snapshot instead and do it while the source container is running:

lxc snapshot foo:c1 current lxc copy foo:c1/current c3

Moving containers

Unless you’re doing live migration (which will be covered in a later post), you have to stop the source container prior to moving it, after which everything works as you’d expect.

lxc stop foo:c1 lxc move foo:c1 local:

This example is functionally identical to:

lxc stop foo:c1 lxc move foo:c1 c1

How this all works

Interactions with remote containers work as you would expect, rather than using the REST API over a local Unix socket, LXD just uses the exact same API over a remote HTTPs transport.

Where it gets a bit trickier is when interaction between two daemons must occur, as is the case for copy and move.

In those cases the following happens:

  1. The user runs “lxc move foo:c1 c1”.
  2. The client contacts the local: remote to check for an existing “c1” container.
  3. The client fetches container information from “foo”.
  4. The client requests a migration token from the source “foo” daemon.
  5. The client sends that migration token as well as the source URL and “foo”‘s certificate to the local LXD daemon.
  6. The local LXD daemon then connects directly to “foo” using the provided token
    1. It connects to a first control websocket
    2. It negotiates the filesystem transfer protocol (zfs send/receive, btrfs send/receive or plain rsync)
    3. If available locally, it unpacks the image which was used to create the source container. This is to avoid needless data transfer.
    4. It then transfers the container and any of its snapshots as a delta.
  7. If succesful, the client then instructs “foo” to delete the source container.

Try all this online

Don’t have two machines to try remote interactions and moving/copying containers?

That’s okay, you can test it all online using our demo service.
The included step-by-step walkthrough even covers it!

Extra information

The main LXD website is at: https://linuxcontainers.org/lxd
Development happens on Github at: https://github.com/lxc/lxd
Mailing-list support happens on: https://lists.linuxcontainers.org
IRC support happens in: #lxcontainers on irc.freenode.net

Enlightenment Developer Days 2016 Takes Place May 14-16, in Paris, France

The development team behind the Enlightenment window manager and desktop environment for GNU/Linux operating systems has published details about the upcoming Enlightenment Developer Days 2016 conference.

As its name suggests, Enlightenment Developer Days 2016 is a great opportunity for aspiring and devoted Enlightenment developers and contributors to meet and share their knowledge, as well as to plan the next releases of the lightweight graphical user interface.

Enlightenment Developer Days …

Linux AIO Passes the 200,000 Downloads Mark, Celebrates with a Zorin 11 Live ISO

We have just been informed by Željko Popivoda from the Linux AIO project that they’ve passed the 200,000 downloads mark and, in celebration of the event, released a Live ISO image for the Zorin OS 11 distro.

The announcement comes as great news for the Linux community, and we would like to congratulate the Linux AIO team for providing us with updated and unique Live ISO images that contain the most popular flavors of many GNU/Linux distributions.

“Linux AIO Zorin 11 is out, and we r…

Linux Kernel 4.5 Gets Its First Point Release, Receives Hundreds of Improvements

Today, April 12, 2016, renowned Linux kernel developer Greg Kroah-Hartman has announced the release of the first maintenance build of the Linux 4.5 kernel series.

We’ve been asked several times in the last couple of weeks when Linux kernel 4.5 will get its first point release, version 4.5.1. So here it is, and just by looking at the appended shortlog, we can tell that it’s a big one, bringing changes to a total of 230 files, with 2,358 insertions and 1,265 deletions.

“I’m an…

pfSense 2.3 BSD-Based Firewall Officially Released with Revamped webGUI, More

Electric Sheep Fencing LLC., through Chris Buechler, today, April 12, 2016, has had the great pleasure of announcing the release of the stable pfSense 2.3 BSD-based firewall operating system.

For those not yet aware of what pfSense is, we can tell you that it’s a freely distributed and open source, fast and feature-rich FreeBSD-based firewall and router operating system that offers load balancing, unified threat management, and multi WAN.

The pfSense 2.3 stable release has been in develo…

GTK+ 3.20.3 Released Ahead of GNOME 3.20.1 with Minor Improvements

The GTK+ 3.20 GUI (Graphical User Interface) toolkit has just received today, April 12, 2016, its third maintenance build, with one day ahead of the planned GNOME 3.20.1 desktop environment release.

During the last couple of days, we’ve noticed a lot of activity on the main GNOME channels, as the development team is updating most of the core components and applications in preparation for the first of two point releases of the GNOME 3.20 desktop environment.

The open-source and cross-plat…

MythTV 0.28 Media Center Arrives with FFmpeg 3.0, H.265 and VP9 Support

The development team of the MythTV open-source media center has announced today, April 11, 2016, the release and immediate availability for download of the MythTV 0.28 update.

According to the release notes, MythTV 0.28 is a pretty important version, which brings WebFrontend, a new component whose main design goal is to replace the MythWeb web interface, as it requires no configuration because it is using the web server built into the backend.

For now, WebFrontend is not mature enough to rep…

Mozilla Firefox 45.0.2 Released for Linux, Windows & Mac OS X with More Bugfixes

Today, April 11, 2016, Mozilla has announced the general availability of the second point release of the Mozilla Firefox 45.0 web browser for all supported platforms, including GNU/Linux, Mac OS X, and Microsoft Windows.

As expected, Mozilla Firefox 45.0.2 is a small maintenance release that resolves a total of five issues discovered since last month first point release, which brought more bug fixes and improvements than expected.

According to the release notes, it looks like Mozilla patches…

Ubuntu Touch OTA-10.1 Hotfix Officially Released for All Supported Ubuntu Phones

As promised, Canonical has released today, April 11, 2016, the first hotfix for the major Ubuntu Touch OTA-10 operating system update announced last week for supported Ubuntu Phone devices.

Canonical’s Łukasz Zemczak made the OTA-10.1 official a few minutes ago, but we’ve been tipped earlier by one of our readers (thanks, Sander) about the availability of the hotfix, which has been seeded to users as a phased upgrade during the next 24 hours.

If you’re wondering what’s new in…

Evolution Email and Groupware Client Updated Ahead of the GNOME 3.20.1 Release

The GNOME Project is preparing to unleash the first point release of the GNOME 3.20 desktop environment, version 3.20.1, which should see the light of day sometime around the date of April 13, 2016.

We’re usually monitoring the GNOME channels for any updates on the project, and we can’t help but notice that the Evolution email, calendar, and groupware suite has been updated ahead of the upcoming GNOME 3.20.1 release, along with many other core applications and components.

Evolution 3…

GNOME 3.20 Desktop Environment Now Live for Arch Linux Users

The recently released GNOME 3.20 desktop environment is about to get its first point release, but it looks like it just arrives in the main software repositories of the popular Arch Linux distribution.

GNOME 3.20 was officially unveiled approximately three weeks ago, on March 23, 2016, bringing dozens of new features to both core applications and under-the-hood functionality, such as support for operating system upgrades via GNOME Software, as well as the XDG-Apps technology for installing mu…

You Can Still Pre-Order an Ubuntu Tablet from BQ, Deliveries Start Next Week

We reported at the end of last month that Canonical’s first ever Ubuntu Tablet device, the BQ Aquaris M10 Ubuntu Edition, is available for pre-order, and deliveries should start in the first week of April.

While the tablet is still available for pre-order, BQ postponed the deliveries of Aquaris M10 Ubuntu Edition to the second half of April, most probably because of some shipping issues that should be resolved until then, so the devices should arrive to users in another week or so, depend…

Canonical Is Delighted to Collaborate with Nexenta on Optimizing ZFS for Ubuntu

Today, April 11, 2016, Canonical was proud to announce the extension of their partnership with Nexenta to provide their customers with a joint software-defined storage solution.

The joint solution formed by Nexenta, the world’s most popular OpenSDS (Open Source-driven Software-Defined Storage) developer, in collaboration with Canonical, the company behind one of the world’s most popular Linux kernel-based operating systems, is here to pair the Ubuntu OpenStack platform with the a…

HandyLinux 2.4 Is Based on Debian GNU/Linux 8.4, Iceweasel Replaced with Firefox

The developers of the Debian-based HandyLinux distribution have announced the immediate availability for download of HandyLinux 2.4, a maintenance release in the 2.x stable series of the OS.

HandyLinux 2.4 comes only ten days after the release of the Debian GNU/Linux 8.4 “Jessie” operating system, on which the French distro is now based, offering users new installation mediums that include the latest security patches and software updates pushed upstream.

However, HandyLinux 2.4 has…

Unity Tweak Tool Makes It Easier for Ubuntu Users to Move the Launcher to Bottom

As you may well be aware, Canonical will finally allow Ubuntu users to move the Unity Launcher to the bottom of the screen, thanks to an option contributed by the Ubuntu Kylin developers.

That’s pretty cool and all that, but the option will remain hidden to the naked eye, as the Ubuntu development team is yet to implement a visual option in the System Setting panel for users to easily switch between bottom and left Unity Launcher placement.

Being hidden, the option will not be so easily …

Linux Kernel 4.6 Release Candidate 3 Is Now Available for Download

It’s Sunday evening in the US, so we probably don’t even have to tell our dedicated Linux readers what we’re about to announce in this article because they’re probably already testing Linux 4.6-rc3.

Yes, that’s right, Linus Torvalds has made available his regular Sunday release for the next RC build of the upcoming Linux 4.6 kernel, which early adopters can download and compile as we speak (see download options at the end of the article).

At the moment of writing this art…

Canonical Eases Ubuntu App Development with New Build Dependency Rules

Ubuntu release manager Steve Langasek informs the community about some changes happening to build-dependency handling in Ubuntu 16.04 LTS (Xenial Xerus) and upcoming versions of the widely used operating system.

According to Mr. Langasek, the Ubuntu development team admits that the process of separating Ubuntu packages between the “main” and “universe” software repositories caused the Ubuntu development to be dragged down because the “main” repo also covered buil…