The Orca open-source screen reader and magnifier software used by default in numerous GNU/Linux operating systems has been updated today, May 16, 2016, to version 3.20.2.
As usual, we’ve managed to fetch the internal changelog to tell you what’s new in this release, which is being distributed as part of the recently announced GNOME 3.20.2 desktop environment.
As such, Orca 3.20.2 arrives today with various performance improvements, such as support for cache results for the shouldInferLabelFor() function, as well as the ability to verify setting before attempting to generate spoken indentation information.
Moreover, the findObjectInContents() function now receives smarts for embedded children, the application can cache results during filtering contents for the presentation, and it takes in… (read more)
Dejan Petrovic has announced the release of ChaletOS 16.04, a desktop distribution based on Ubuntu and designed for Linux newcomers. The new release focuses mostly on the look and feel of the distribution’s desktop environment: “What is new in new release of ChaletOS? New LTS support, new kernel….
A new development release of the Wine open-source software, which is being used by GNU/Linux and Mac OS X users to run Windows applications and games has been announced today, May 16, 2016, version 1.9.10.
Prominent features of Wine 1.9.10 include Retina support for Mac OS X operating system by implementing a high resolution rendering option, better compatibility for the directory enumeration feature, a bunch of C++ runtime fixes, improvements to the video output, and fixes for 25 reported bugs.
Digging deeper into the changelog for the Wine 1.9.10 release, which we’ve attached at the end of the article for reference, the Soulbringer, Ragnarok Online, Civilization V, TAGAP, TOCA Touring Car Championship, Shogun: Total War, Medieval: Total War, NordicBet Poker, Pac-Man Championship Edition DX+, Stars!, and Caesar IV Demo games received various improvements, so they should work better now.
Office 2007 and AfterEffects CS6 work better with Wine 1.9.10read more)
Cloud is now mainstream, but what’s holding it back, what are the biggest concerns of technology decision makers? Are industry leaders choosing public, private or hybrid clouds? Canonical has commissioned Forrester Consulting to explore enterprise cloud platform trends and adoption. Learn about:
The report summarizes how decision makers really feel about the promise of greater flexibility, scalability, agility and cost savings offered by the Cloud.
The Linuxfx team has launched a new version of their Ubuntu-based distribution. The new release, Linuxfx 7.4.2, features mostly improved hardware support, productivity software and media support. An English translation of the project’s release announcement (Brazilian Portuguese) reads: “This new version of Linuxfx is the latest 7 series….
Networking and communications standards and methodologies are undergoing the greatest transition since the migration from analogue to digital. The shift is from function-specific, proprietary devices to software-enabled commodity hardware.
Why is the transition happening and why is it important?
Read this eBook to:
How many times do you wish everything around you was a tiny bit smarter? A door opens automatically when you come in with bags of groceries. A light switches on when you step in. Entering a password twice in a row isn’t required to unlock your email after you logged in into your desktop.
Home automation has improved greatly in the last decade. Numerous sensors and smart switches are cheaper and more accessible every year. For example, offices and shopping malls in Finland have had automatically opening doors for years. Lights in my office switch off to conserve electricity when I’d get too deep into coding or a debugging session. Darkness is a result of me not moving much in my chair, as if I froze or need to be kicked out for a run.
Fitting single sign-on into the jigsaw
Yet, single sign-on and automated configuration for our tools remains a wish. In the enterprise environment, Linux systems often need to be configured by administrators in advance to allow users do just that: use all available resources. There are countless confusing articles, blog posts, and forum tragedies where a poor soul conquers the world of Kerberos, LDAP, networking file, or print services. Strangers give advice and laugh with an evil grin on attempts to follow the advice. This leaves the original person wishing it worked by itself.
Since 2009, Fedora started to package SSSD. Starting in 2011, FreeIPA also appeared in Fedora. These two projects try to untangle the complexity of corporate protocols. Combining LDAP, Kerberos, DNS, standalone certificate authorities, and a nice user interface, FreeIPA weaved together a set of tools to roll out corporate infrastructure completely based on free software in 10-15 minutes. SSSD, on other hand, made it possible to log in to FreeIPA from client computers where access rights are managed centrally and applied locally. Still, an administrator needs to enroll a client machine manually from the command line to allow its use and applications need to be configured manually too.
Adding machines from a GUI
Fedora 18 and 19 brought another improvement: it was now possible to enroll a client machine to Active Directory and FreeIPA from the graphical interface. Most of the details were discovered automatically. A name of the domain and an account were all you needed. Passwords were still needed to configure access to applications, but for some online resources, GNOME did gain the ability to configure access in a central place. This happens in GNOME Online Accounts. Email access, as well as remote access to file storage were now working after a single step of adding an online account.
The right to access these remote resources is usually granted for a week or two. Once the access has expired, you wouldd need to re-enter a password to obtain a new grant. For corporate resources, which often used Kerberos authentication, access would need a grant extension every twenty-four (or fewer) hours due to how Kerberos tickets are issued. While the Kerberos protocol allows renewing tickets in time and SSSD is able to renew them at login (or screensaver unlock), most account types in GNOME Online Accounts were not using this feature.
In a world of the cloud
In a cloud world, most remote applications tend to use HTTP or HTTPS protocols to communicate with your computer. This works just fine with a browser, which assumes a human is there, staring at the screen, answering questions, or clicking buttons. Some applications support more than password-based authentication. In particular, relaying the authentication process to another application became quite common. Web applications often ask for a ‘Social Network’ login. This delegates a password check to an existing remote source. In many cases, this is to Facebook, Google, or your own corporate portal.
Corporate portals often have support for Kerberos. It means your computer can talk to a corporate portal and automatically exchange authentication details if you have a valid Kerberos ticket. A portal then issues a session token that the original application can use to work with you.
libsoup helps make single sign-on possible
Since 2009, GNOME applications weren’t able to enjoy a first-class ride in such environments. Most, if not all of them, use libsoup for the network communication over HTTP or HTTPS protocols. In 2009, libsoup lost the ability to support “Negotiate” authentication. This includes Kerberos and NTLMSSP protocols. It took almost seven years to get a correct implementation back. This was a concerted effort of many people across multiple Linux distributions.
With the GNOME 3.20 release in late March 2016, libsoup added Negotiate authentication support again. If applications are using libsoup directly, they can request to authenticate with Kerberos or NTLMSSP credentials in a transparent way. However, many applications don’t use libsoup directly. Instead, they use a HTML engine called WebkitGTK+. WebkitGTK+ was changed as well to use libsoup’s Negotiate feature if a web site is accessed over HTTPS.
Altogether, this work enables a seemingly simple feature. If a Fedora 24 client is enrolled in FreeIPA or Active Directory, the user can directly go with Epiphany browser to any corporate website that supports Kerberos. By signing in to the system, the user can sign into it without entering any password again. A true single sign-on is now in place, without additional configuration beyond the original enrollment of the system.
Single sign-on with Yubikey
When working with Red Hat Desktop Team on these improvements, I recorded several videos to show how to use single sign-on in Fedora in real life. All of the features demonstrated in the videos are now possible with Fedora 24 Beta, though you can see through the artwork that it was show-cased with a patched Fedora 23 system. In February 2016 Fedora 24 was not yet available.
The first demo shows how to log into the Fedora Workstation as a user from a FreeIPA deployment. First with a password, then with two-factor authentication. A Kerberos ticket is obtained by SSSD after logging in directly over the Internet with the help of a Kerberos proxy. The same ticket is used to join (without a password) to an OpenConnect VPN. As we are part of our corporate environment, we can access the FreeIPA management console.
With the help of the FreeIPA console, we assign a Yubikey USB token to the user. When we try to unlock the screen again, GDM hints that both a first-factor (password) and a second-factor (an HOTP token generated by Yubikey hardware) key need to be entered. On successful login, SSSD renews the Kerberos ticket.
Single sign-on with Google Apps
The second demo shows how Epiphany transparently authenticates with Kerberos against FreeIPA web interface. Note that this user has an email address associated with the account. This email is managed by a Google Apps for Domain deployment. Therefore, we want to allow single sign-on to Google applications without giving Google any of our passwords.
To do so, we use the Ipsilon project. Ipsilon is an identity provider integrated with FreeIPA. Ipsilon implements SAMLv2 protocol and allows Google Apps for Domain to ask Ipsilon for authentication and the identity of the authenticated user. When we attempt to log into Google Apps, we get redirected to our Ipsilon server. The Ipsilon server offers an authentication choice using Kerberos, and the browser automatically signs us in. Ipsilon redirects us back to Google and we are able to access Google applications.
Fedora 24 includes both FreeIPA and Ipsilon to make it possible to configure your own Google Apps for Domain instance to authenticate against your own FreeIPA domain. Follow this article for more details.
ownCloud meets single sign-on
The same can be achieved in other cloud environments. The third video actually shows how this works with ownCloud. ownCloud is a self-hosted file sync and share server. It provides access to your data through a web interface, sync clients, or WebDAV while providing a platform to view, sync and share across devices easily — all under your control.
There, we configure Ipsilon to accept authentication requests coming from ownCloud. To do this, a
Right now, using ownCloud and similar WebDAV-based sharing sites with Kerberos is not easy. Lots of work is continuing to improve GNOME Online Accounts to automatically acquire user credentials in case of unattended access to WebDAV resources protected with Ipsilon or similar Identity Providers.
Why does single sign-on matter to Fedora?
Why is all this work important to Fedora? After all, there are few enterprises that use Fedora in production. The answer would actually depend on how you see yourself. With FreeIPA and other solutions like Samba AD domain controller (coming soon to Fedora), it is now easy to deploy your own enterprise-grade environment at home, fully based on free software and independent of any external cloud identity provider. This makes Fedora a perfect place to shape corporate IT future and participate in bringing it to reality.
Fedora allows you to go further as the world today is more connected than before. People often follow where the current job creation rush is. This weaves its own distributed private networks of communication between families, relatives, and friends across borders. Today, these webs rely on social networks and clouds. Sometimes, they are not immune against government invasion. The editions of Fedora give the ability to truly stand on your own, and features like single sign-on make the use of your own communications easier for everyone. We are not getting younger with years, and neither our relatives and friends. User experience improvements make complex systems more accessible and allow the use of more secure technology to protect our environments.
This week the worlds of open source and embedded development are all gathering in Austin for OSCON and the NXP FTF. This is the opportunity for Canonical to showcase the progresses done with Ubuntu Core, a slimmed down version of Ubuntu built for IoT. In a week full of talks of open source communities, Linux, IoT and embedded software in Austin, Ubuntu Core will be demonstrated on two new chipset: the NXP / Freescale i.MX 6 and the HiKey Lemaker edition powered by the Huawei Kirin620 SoC.
At the NXP FTF conference, Canonical will be exhibiting and demoing Ubuntu Core running on the i.MX 6 in an industrial gateways setting. In partnership with Clouplug, an industrial automation set-up will be displayed. Working with computer vision library openCV, a security camera application will be showcased, as well as the upgrade and rollback capabilities of Ubuntu Core. A developer image will be available soon from developer.ubuntu.com.
At OSCON, in addition to the Ubuntu booth, Ubuntu Core will be ever present, both on the Dell booth with the Dell Edge Gateway 5000 (booth 407) and on the Huawei & LeMaker’s (booth 501) with a first demo of Ubuntu Core running on the Hikey LeMaker edition. As announced by LeMaker, an developer image of Ubuntu Core is now available for download from LeMaker and from developer.ubuntu.com. The Hikey Lemaker edition is the second announced 64 bit ARM board and the second 96Boards compatible chipset too to support Ubuntu Core. Powered by the Kirin620 eight-core ARM Cortex-A53 SoC, this is a collaboration between LeMaker, Huawei and Linaro, and the first octa-core 96Boards Consumer Edition.
These two new ARM boards to support Ubuntu Core show it as the Linux of choice to build a variety of managed, secure and revenue generating “things” from industrial to consumer equipment:
If you’re in Austin next week, make sure you meet the Canonical teams and the Ubuntu community whether at OSCON or at NXP FTF! If you’d like to arrange a meeting… just get in touch!
Approximately half a year after its launch, during which time every single copy was sold, the $5 computer, Raspberry Pi Zero, makes a comeback with a built-in camera connector.
Yes, you’re reading it right, Raspberry Pi Founder founder Eben Upton has just emailed everyone subscribed to the project’s marketing channels that a new version of the tiny Raspberry Pi Zero single-board computer (SBC) is now available with what appears to be the most requested “missing” feature, a camera connector.
“Happily, Mike was able to take advantage of the resulting production hiatus to add the most frequently demanded ‘missing’ feature to Zero: a camera connector. Through dumb luck, the same fine-pitch FPC connector that we use on the Compute Module Development Kit just fits onto the right-hand side of the board,” reads today’s announcement.
A custom six-inch adapter cable is also a… (read more)
GNOME To Do is an application that manages a simple set of to-do lists. To Do was built by Georges Stavracas, a frequent contributor to GNOME software including Calendar and Nautilus, during Google Summer of Code. It’s designed to be the best tool to manage what you want to achieve with your projects and daily life.
GNOME 3.20 (available in the upcoming Fedora 24 release) brings many new enhancements, some of which expand the functionality of GNOME To Do. I spoke with Georges about what these changes bring, and what the future holds for To Do.
The biggest new feature is the plugin architecture. The first plugin available is superb support for synchronization with Todoist, allowing tasks in To Do to be seen and edited on mobile and the web. Georges spoke to me about plugins he hopes the community may build for To Do:
I’d personally love to see a plugin that adds a panel with various statistics about my productivity. I want to know what hours I’m more task-killer, which days of the week I solve more tasks, tendencies about the number of tasks I’m completing and more, all with beautiful graphics and interactive charts.
I’d love to see a plugin that adds support for recurrent daily tasks.
I’d love to see a plugin that turns GNOME To Do in a RPG-like stategy game, where each project is a boss and each task is an enemy. Your character would earn skills and levels according to your experience (i.e. productivity).
And, even more, I’d love to see a plugin that surprises me.
Future Plans for GNOME To Do
I asked Georges about what the future holds for To Do. He’s evidently passionate about the software, with a goal to move it beyond a simple to-do list application:
I have ambitious plans for GNOME To Do. I want to improve other modules of GNOME desktop (like Online Accounts) that will reflect in To Do. Also, I want to add support for subtasks, grouping task lists, integration with other online services, tags and some other things.
One thing that hits me hard is that GNOME To Do is not smart enough for my standards. I want it to be able to learn what I do, automatically organize my tasks, notify me about the progress I’m doing in a given project, have statistics about what makes me more productivity and even suggest me some things to improve my workflow — obviously, all this data would be local and anonymous.
Installing GNOME To Do
Fedora 23 currently has version 3.18 available, with the Fedora 24 Beta (and soon the release) carrying the new 3.20 version. In both releases, you can install GNOME To Do through dnf:
dnf install gnome-todo
Alternatives to GNOME To Do
To Do will evolve into an attractive option for completely managing your tasks. Until all the features you might need are implemented, though, you may want to try one of the other exceptional task list applications available in Fedora.
To install Getting Things GNOME! in Fedora:
dnf install gtg
and for Taskwarrior:
dnf install task
This week in DistroWatch Weekly: Review: FreeBSD 10.3’s new featuresNews: Manjaro’s website certificate expired once more, exploring Unity 8, OpenMandriva switches to Clang, PCLinuxOS has dropped 32-bit support, Debian packages ZFS and Linux is turning 25Questions and answers: Switching from CentOS to Red Hat Enterprise LinuxTorrent corner: AryaLinux,….
There’s still time to pick up a huggable RuneScape icon – baroo!
Push the tech level of Gielinor even further with an update to Invention.
Push the tech level of Gielinor even further with an update to Invention.
ReposDebian developer Petter Reinholdtsen has informed the community about the availability of the latest ZFS for Linux implementation of the ZFS filesystem for Linux kernel-based operating systems.
Today, LinHES maintainer Cecil Watson has announced the release of LinHES R8.4, an open source attempt to make the installation of a GNU/Linux operating system and the MythTV media center software as trivial as possible.
It has been more than a year since we last heard about the LinHES project, as the previous release, LinHES 8.3, was announced on February 20, 2015, but it looks like things are still alive and the developer managed to find some time to update the operating system’s internals.
Therefore, LinHES 8.4 launches today, May 15, 2016, as an alternative to the Mythbuntu and similar products, built around the latest MythTV 0.28 open-source digital video recorder project, Kodi 16.1 media center, and OpenPHT, a fork of the well-known Plex Home Theater software.
Under the hood, LinHES 8.4 remains based on the lightweight and powerful Arch Linux operating system, which means that most of its core … (read more)
Cecil Watson has announced the release of LinHES 8.4, the latest stable version of the specialist Arch-based distribution designed for set-top boxes and home entertainment computers. This release features OpenPHT, a community-driven fork of Plex Home Theatre: “The LinHES development team is pleased to announce the release of….
At the request of many of our readers, we decided to write the following tutorial to teach Ubuntu users how to install the very popular and gorgeous Arc GTK theme in the latest Ubuntu 16.04 LTS (Xenial Xerus) operating system.
First of all, we would like to take a moment and say that it has been a year since we first introduced you, guys, to the Arc GTK theme. During this time, it became one of the most requested and loved Linux desktop themes, adopted lately by numerous GNU/Linux operating systems, including the upcoming Linux Mint 18 “Sarah.”
Now that Ubuntu 16.04 LTS is out and it began invading users’ computers as the latest, most advanced and reliable Ubuntu release ever, many of you want to fully customize it with third-party GTK and … (read more)
One of the main features of Ubuntu Touch (the platform powering the Ubuntu phones and Ubuntu tablets) is scopes. What are scopes? Are they different from apps? Sort of, yes. A good analogy is to consider Apps to be a book on a bookshelf that you take down when you need it, make use of it, and then put it back on your shelf when you’re done. Scopes are like the pages from those books. You can take a page from one of those books and tack it up on a pegboard and read it at a glance. This way you can take multiple pages from multiple books and place them on that pegboard for at-a-glance viewing.