Episode #26


Direct download links: MP3 & Ogg

Reflections on OggCamp – Martin Wimpress interview, the MATE desktop

Toggle full show notes
 
0:05:42   News

Distro News
Debian may drop kFreeBSD from the Jessie release
Guix switching to eudev

Odds ‘n’ Sods
Netflix Now Works On Ubuntu, No Hacks Required
CloudFlare gives Internet a present: free, no-hassle “Universal” SSL
WPScan Vulnerability Database a New WordPress Security Resource
German City Gummersbach Drops Windows XP and Gets SUSE with a MATE Desktop

Our Benevolent Overlords
Google announces Drive for Education: free, unlimited storage & more security
Chromebooks for Work: More manageable for IT, more powerful for users
Adobe joins the Chromebook party, starting with Photoshop
A simpler, faster way to use Hangouts on your desktop
Focus On The User and semi-counterpoint

Previously Mentioned: Updates
Operating System U
[Bad]USB ‘Patch’ Skirts More Effective Options
Linux Foundation certifications are taking off
Shellshock – David A. Wheeler

Seen Elsewhere
CSS: It was twenty years ago today — an interview with Håkon Wium Lie
IoT? Hold my pint, I got this: ARM crafts one OS to rule them all
imp: Consumer-Focused Open Source Computer

0:45:47   First Impressions

Time pressures meant that we decided to push Joe’s look at GALPon MiniNo back until the next show.

0:46:10   Reflections on OggCamp

Another OggCamp has now been and gone. For two of your hosts, it was their first venture into the world of the unconference – so how did we find it?

0:54:17   Feedback

A huge thank you to johanv and an anonymous donor on Flattr, and to Daniel Asante and James Quilter for their PayPal donations. Daniel Roßbach became the latest person to join the other exalted members of our Monthly Supporter program – many thanks, Daniel.

Another slightly abbreviated Feedback section this time – to allow for our extended interview with Martin – so an upfront thanks to Torin Doyle, Stilvoid, Dale Visser, Nathan D Smith, Steven Rosenberg, Daniel, and everyone on Twitter and G+ for their thoughts and comments. And thanks to Popey for the mention on the latest Ubuntu UK podcast.

pseudomorph and SonOfNed were just two of the listeners who got in touch following our look at the Sunflower file manager last time, with comments that back up a drum we frequently bang on the show – there really is a demand out there for highly functional, keyboard-driven and aesthetically pleasing software. Are you listening, Canonical and Red Hat?

Marktech answered Jesse’s pleas on the Android calendar front by suggesting he take a look at Touch Calendar, an app also endorsed by Craig. Throwing some alternatives into the mix, Glen Skiner suggested Jesse consider Jorte or Business Calendar.

Joel offered his thoughts on a number of topics, and wondered if we’d considered the arkOS project for a Pi-based self-hosted cloud solution; and Christian helped remind us all that different distros suit different use-cases.

We always welcome feedback on the show – after all, it is the only way that we can improve – and not everything that we receive is positive. We read out and briefly talked about an email from Mark, who had some polite, but firm, opinions on his perception of Joe’s negativity. And, for a bit of balance, we also read out a mail congratulating us on nearing our first anniversary.

So, whether bouquets or brickbats, please keep the feedback coming. Apart from rare opportunities in meatspace such as OggCamp, it’s the only way for us to ensure that what we do remains interesting and relevant to all of you – which is really rather the point, isn’t it? Thanks :)

1:07:08   The MATE Desktop

We had a fascinating chat with Martin Wimpress about the MATE desktop project. Although started as a reaction against the changes introduced in GNOME 3, MATE has grown into a coherent and fairly lightweight platform that provides an alternative for all of us who find the traditional desktop paradigm more to our liking. But that’s not where Martin wants to leave things – listen on to find out how he wants to leverage the platform to help introduce more people to the broader free culture community; what his thoughts were on how a couple of well-known distros differ in their approach towards development, and how the (still unofficial) Ubuntu MATE flavour is taking the world by storm.

A huge thank you to Martin for taking the time to talk with us, and we’ll definitely be bringing him back on the show in the future for further updates. And if you do want to give Ubuntu MATE a spin, please help Martin out by using a torrent rather than the direct ISO download – until it does become an official Ubuntu release, he won’t have the Canonical server infrastructure behind him.

As we mentioned on the show, we have an exclusive Ubuntu MATE T-shirt to give away to a Luddites listener. No naff competition or catches involved, just an honest to goodness freebie from Martin and ourselves to one of you. For a chance of bagging the T, simply leave a comment on the post over at our G+ Community, and we’ll randomly choose the recipient during the recording of our next show. Good luck!


Linux LudditesAs ever, we’d welcome your feedback about the show either here on our website, via a mail to show@, on Twitter @linuxluddites, or over at our G+ Community page.

Thanks for listening.

27 comments

  1. Jon The Nice Guy

    Hi Paddy, Joe and Jessie,

    I’m still making my way through the show at the moment but I’m interested in an offhand content made by Paddy about the nonessential use of TLS by websites. I’ve added TLS certificates to all my websites (barring one on a shared host I haven’t found the time to update yet) to ensure that the content rendered by my scripts and code are untampered with by interim service providers. Yes, there are some cases where it probably isn’t a requirement (the shipping of media files for example) but on the whole I think an unencrypted internet is generally a worse place to be than an encrypted one, and I’d like to know your thoughts on that.

    All the best, and thanks for the show,

    JonTheNiceGuy

    • SonOfNed

      Paddy’s comment made me rub my chin as well. I’m not sure what all the assumptions were that went into Paddy’s perspective, but I’m guessing that it may be along the lines that the administrative burden of managing certificates is not justified for web services that provide seemingly non-sensitive data and services.

      As Jon notes, one less obvious but enormous value of encrypted internet connections is protection for the client from code injection, especially Javascript injection for Browsers, by any of the intermediary network servers/devices between the client and its desired internet service. While the current certificate infrastructure is not immune to attacks by sophisticated government agencies (who can subvert Certificate Authorities), encrypted connections raise the bar tremendously for malicious code attacks by cyber criminals.

      It’s not just Cyber Criminals however, Internet Service Providers are also starting to use code injection into their customers’ traffic to pursue their own nefarious ends. The article linked to below cites Comcast injecting code for ads, but technically a lot of other devious uses are possible (think monitoring and user data privacy abuse).

      http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/

      I realize that the current certificate authority infrastructure needs improvement, and certificate administration is a real burden on web admins, but I believe that pervasive encryption of web traffic will be crucial in reversing the draconian trends we are currently seeing in the evolution of the web. I’ll go beyond Jon’s perspective that ‘an unencrypted internet is generally a worse place to be..’ and say that “eventually, an unencrypted internet may become a place that none of us want to be, but have no options”.

      • SonOfNed

        A clarification on the article about Comcast injecting ads into internet traffic:

        Comcast’s defense when this practice was discovered was the claim that they are only (currently) doing this to traffic for their ‘public’ WiFi hotspots. But when Comcast says ‘public’, that does not mean free of cost. One must be a paying Comcast subscriber in order to log into their ‘public’ hotspots.

        The point being, Comcast is glad to inject code into the internet traffic of their paying customers. (AT&T also has similar programs and possibly other ISPs now have them too).

        This is legal in the USA, and I suspect, will become common place in the absence of meaningful net neutrality regulation and the dominance of regional ISP monopolies. (Even if the USA had regulations prohibiting this practice, nothing would prevent providers from routing traffic through countries with no such protections.)

        Pervasive encryption of web traffic is the only antidote that I can see for this scourge. If anyone else knows of alternative solutions, I’d be very interested to hear.

      • Patrick

        Jon/SonOfNed – I usually think it a cop-out to simply link somewhere else rather than directly answering a question but, in this case, I’m going to do so – for two reasons. Firstly, this piece from El Reg has so many pertinent links in the text that it alone will save me a lot of fingertip skin. Secondly, and disregarding any potential criticisms of appeals to authority, when someone far more eloquent and respected than yours truly has already made part of the case for the prosecution, why not take advantage?

        A few thoughts to follow up on after those links. Firstly, although both are over three years old, the situation has not changed in any meaningful regard. Secondly, whilst the dangers posed by state actors was recognised at that time, I suspect we’re all a little less blasé about the scope of that threat now that we are living in a post-Snowden world.

        Thirdly, although the Register piece touches upon potential certificate revocation problems, I don’t think it really spells out the true horror of the situation.

        Similarly, although El Reg discusses the incredibly lax way in which certificates are handed out (still true; for the cert on this website – only used for mail – all I needed was a regular user email account on the domain and Robert’s your father’s brother) it doesn’t delve into the cost of that certification process. Defenders of the current system tend to place great store by the (supposed) background checks they undertake, and use such (frequently) non-existent checks as one justification for the charges they impose. In truth, though, just like the domain name registrars (and they are frequently one and the same bodies) they are charging customers for a product with zero marginal cost.

        It’s now been over three years since Moxie made that presentation, and introduced Convergence to the world. Tellingly, neither it, nor TACK, another attempt by Marlinspike to move things forwards, has gained any traction. Why? Well the obvious answer is that the current situation suits all concerned – barring the end user. States are happy having just a few points of contact for achieving their snooping aims, and the CAs are happy raking in the cash for basically doing sod-all. And folks like Google gleefully push more business their way by talking about up-weighting the search ranking of sites who have paid the SSL/TLS tax, or preventing secure mail exchange for sites with self-signed certificates. It’s a sweet little cartel.

        Us? Well we can happily carry on blindly trusting a corrupted and rent-seeking regime, or maybe recognise the flaws but consider it the best thing currently on offer. Or we can occasionally make off-the-cuff comments on a podcast to hopefully prod folks to think about the issue ;)
        </rant>

        • SonOfNed

          Thanks Paddy for the well researched rant. The Moxie Marlinspike Defcon talk was so good I ended up watching/reading a bunch of Moxie’s other stuff. I was already aware of CA certificate subversion by some governments, and the Comodo hack, but I didn’t realize the extent of the other problems with the current CA system. I can see how web admins could resent the overhead and expense of implementing a system with questionable reliability in achieving such a crucial role.

          Nonetheless, I still see value in pushing for pervasive encryption. The problems usually cited with CA certificates focus on their unreliability in insuring true authentication between the client and web service end-points. My personal rant is with the problems of the intermediate internet nodes operated by the carriers (ISPs, trans-network carriers, hosting providers, etc.). It was bad enough that these carriers have been gleefully sniffing clear text web traffic for some time now, but the evidence that they are starting to inject code into the traffic of their paying customers just pushes my hot buttons. Pervasive encryption of the traffic seems to me to be the only way to get the carriers to behave as carriers, rather then experimenting with ways to harvest their traffic for additional means of revenue generation.

          Yes, the very big problem of reliable authentication of the end-point web service still remains, but at least encryption removes the carrier nodes as potential manipulators of one’s web traffic (assuming that the carriers can’t get access to troves of CA certificate keys). It’s a small step albeit but a crucial one IMHO.

          • Patrick

            Hi SonOfNed – your point is well made, and well taken; as those nearest and dearest to me would tell you, I can be a little black-and-white sometimes. However, I guess I’m just not too smitten with the idea of using a costly prophylactic that comes with known manufacturing defects ;)

  2. Jon The Nice Guy Spriggs

    Hi guys, me again :)

    Still haven’t finished listening to the show (listened to a good hour of it on the commute home though! :) )

    Loved hearing you mention my outstanding amazing (broken) talk scheduler! I did my pre-flight checks at 9AM, and spotted that the CFM -> Joind.in (an open source talk rating tool, similar to Lanyrd but where it let’s you rate and comment on the talks) integration had failed (I’d got the URL wrong for the API… little things!) and I went in to fix it. I spotted over 80,000 “user accounts” on the system, that all seemed to have been created by a bug in the OpenID library I use. Sadly, I didn’t get a chance to take a look (seems like I’m missing some logic which says “if you’re looping at this point… BREAK!”) and about 20 minutes later, Mark told me that the site had stopped accepting logins.

    It sounds like at least one of the specific use cases *for* CampFireManager was triggered by Alan’s talk (the system is supposed to reschedule talks into a larger room in the same slot when you hit a “too many!” value, or at least flag up something so the organisers can get crowd control around or perhaps encourage the talk organiser to move into a slot where they can *get* the bigger room).

    Jessie’s comment about “it being nice that people got to put their ticks on the schedule” put me in mind of one of the bugs I have with “conventional” barcamps… which I refer to as “Voting with your sholders” as the initial rush ends up with people fighting for the key slots or rooms. Oh well, at least the fall-back plan wasn’t a disaster, and I think my tag line for the past two years of OggCamps was “How can I wreck your scheduling today” as we had pretty chronic bugs in the system then.

    I’m of two minds whether to dust off my coding jacket and try to write something better for next year (Google seems to be depreciating their OpenID provider, which was the provider I pointed everyone to last year) or just to take Dobbin out the back and let the project rest in a comfortable grave… I know which one my *wife* would prefer I take!

    As to my prior engagement, while my son is 3 years old, and could easily cope with Daddy being away, my daughter is only 4 months old, and when I suggested going to OggCamp my wife was full of encouragement, until she realised that meant doing the bedtime routine for both of them… at the same time… and the closer and closer I got to the OggCamp date, the more she got scared! I’d already prepared the OggCamp crew that I probably couldn’t make it, but confirmed it only two weeks before the event. It was a dreadful shame, as I really hoped to catch up with old friends, and meet yourselves, the Linux Voice team… oh, and get to some talks too!

    Anyway, still listening, may post again soon!

  3. Inscius

    Great show as always, gentlemen.

    The interview with Martin is VERY interesting. Seldom have I heard a project representative do so little ‘marketing talk’, and instead being very concrete, not promising too much and being generally very consistent in the philosophy of the whole project. I am a KDE user – you may scream in agony now ;-) – but MATE does appear like a project both for now and the future. It does sound like its course is set to reasonable and achievable goals.

    Thanks
    Mikael

  4. Frames

    FYI: “Geeks” is exactly how “Guix” would be pronounced in Spanish. That’s probably where they got the funny (for you ;-)) pronunciation from.

  5. Frames

    BTW: I do not think that Win10 has many chances to be more bloated when it’s on the shelves

    Unfortunately, Win 8 is currently available and actually on par or even faster than any of the Linux DE’s that I’ve tried.

    That’s from an Intel GMA950 onwards (which is what I’ve tried), a GMA 900 is a different story: it will struggle and not detect monitor resolutions correctly, since there’s no specific driver for Windows.

    • Nathan D. Smith

      Actually I think there is definitely a possibility for Win10 to get more bloated. We installed the tech preview at work and saw that the only thing they have changed thus far is the UI. Same NT version, same powershell, same IE, etc. The tech preview is apparently just Win8.1 with the traditional start menu, not a full revision. Expect more bloat!

      But you are correct that 8(.1) performs fairly decently, even against Gnome/KDE.

  6. Joel

    Great podcast! Martin is fascinating and well-spoken. Like others, I am now very interested in MATE, and will definitely try it out.

    As a musician/engineer/producer, I am curious to know what you use to record, edit, and produce the show. Would you please share your workflow?

    I have a Linux DAW & music studio, so I’d be glad to bounce ideas back and forth.

    Thanks!

    • apache9

      Joel can you describe your setup, it would be very interesting. I’m adding a comment below about Ubuntu Studio in general.

      • Joel

        On my DAW computer I use a distro called AV Linux: http://www.bandshed.net/AVLinux.html
        It actually fits the Luddite mentality quite well. The author, GMaq, considers it as a stable appliance. Instead of trying to incorporate bleeding edge features, he believes it should be solid and reliable, because you can’t risk any kind of breakage for a working studio DAW.

        For hardware, I use an RME Digiface as a PCI card: http://www.rme-audio.de/en_products_digiface.php
        This allows me to use any D/A I want, as long as it has lightpipe connections (optical ADAT).
        I also use a BCF2000 as a motorized fader control surface.

        For software, of course everything goes through JACK. I do tracking, mixing, and mastering in Ardour.
        I used to master using JAMin, but most people aren’t happy with its sound quality nowadays. For the next album I will attempt using plugins directly in Ardour (most likely linuxDSP).
        Artwork I do mostly in Inkscape, but I do this on a different machine.

        I can share lots more details, just let me know what you’re interested in.

        • apache9

          Hey Joel, thanks for the information and also for mentioning KXStudio and AV Linux; on the podcasts awhile back the Luddites also covered Musix (maybe also Dynebolic), which as far as I know are out of date, and Musix wouldn’t even load-up on my machine, which I think was similar to what happened in the review here :)

          It’s good to know what pre-packaged music production & creative suites are out there for Linux, especially for new users, and especially using free software. Here is a nice direct link to what DistroWatch lists as Active, “Multimedia”-focused Linux distributions.

          Full-time music producers probably will lean towards combining external and analog gear with something really stable like Debian, or having a Linux professional build something custom. This is along the lines of what you described (AV Linux is based on Debian; it also uses a low-latency kernel).

          Only thing I’d add to your comments is that for mastering music, traditionally (and not just for vinyl), there is something special in outboard/analog gear, that naturally does not occur in DSP or computers. Lots of folks would even say the same for mixing. Of course it depends on the genre of music, and what the artists want it to sound like, also of course I’m talking about artists releasing music albums or EPs for distribution, not the loads of other possible uses for Free Audio Production software.

          • Joel

            Oh man, the discussion on external/analog could go on for ages. I chose to do all-digital effects/processing only because of start-up cost constraints. But, the important thing is that my setup does not exclude outboard processing, since it is all light-pipe interface – it is extremely flexible.

            By the way, I see that KX Studio is primarily a set of software packages, so you can very easily try it out on your Debian setup without doing any distro-hopping.

  7. Mitlik

    I just found this podcast and absolutey love it. I like the idea that the OS environment should be there to run the computer (and not the computer there to run the OS). The developer interviews are great. I may try out EquinoxDE because of one and while I don’t care for Gnome I couldn’t help but admire Martin’s enthusiasm for Mate. Keep up the good work, I certainly look forward to listening to more.

  8. Nathan D. Smith

    I got to see a USB exploit in the wild from an unexpected source. A coworker was mailed a bit of swag from a vendor. It was somewhat unique in that it was a mini-representation of the company’s enterprise IT product, with the addition of a USB plug dangling on the side. This same coworker, being brave or foolhardy, decided to plug this device into a Windows box to see what it contained. Upon plugging it in, a webbrowser was opened and we were taken to the product’s sales page. This surprised us, as autorun is disabled on all our systems, so this should not have happened. As it turns out, this wasn’t a USB mass storage device at all. We pulled the plug and watched more carefully. When inserted, the device entered a number of keystrokes, namely the Windows key + R, and then the command to get to the webpage. Sure enough, we checked the device manager, and this was an HID which worked by way of playing a keyboard macro.

  9. Reto

    Marktech answered Jesse’s pleas on the Android calendar.
    Well, I was on the same odyssey, but thank god I came across aCalendar https://play.google.com/store/apps/details?id=org.withouthat.acalendar try the free version, just 1,5MB, a few nice features. See mini tutorial: http://www.tapirapps.de/en/tutorial.html let me know what you think. If you maintain birthdays in your contacts.. awesome feature – it also calculates the age and the change ahead :) copy entries and so on.

    Cheers
    Reto

    • Patrick

      Hi Reto – I too use and love aCalendar. Sadly, the feature that it is missing which Jesse was after is the continuous scrolling in month view. Whilst aCalendar will do it as long as you keep your finger on the screen, when removed the calendar snaps to whichever month it thinks that you want to be looking at. Unless I’m missing a configuration setting somewhere?

  10. Russell Dickenson

    Thank you for the latest episode. Like all those that have gone before, it was very enjoyable and informative.

    I especially liked the interview with Martin Wimpress. I have listened to several interviews with Martin and learned more about the MATE project with every one. I admire and appreciate what the team are doing. While on the topic, is there any way of hiding an application’s title bar in stock MATE, or would I have to use Compiz to achieve this?

    The issue of whether or not Xfce is “dead” is an interesting one. I would say definitely not as I subscribe to several of the project’s mailing lists and upgraded components continue to be released. I don’t know why there has not been a major release of *all* components.

    On the topic of Joe’s negativity, I have been a little put out in hearing some comments by each host. However this is like real life where you will often hear people making statements that may be the opposite of your own views. Everyone has their own tendencies toward or away from specific technologies, also their own perceptions. Listenting to LL challenges my views and gives me food for thought.

    Paddy – you mentioned that ArchLinux and/or Fedora users ought to donate to the show to ease their qualms at using these distributions. I’m in a difficult situation in that I am both a Fedora user *and* Red Hat employee. Can you suggest any way in which I can soothe my tortured soul?

    • Patrick

      My son, for some tortured souls penance must be truly harsh and extend suffering until the end of thy mortal days. To cleanse thyself, go forth and utter the benediction ‘yum install unity-mir’ over all of thine accursed desktops.

      • SonOfNed

        Penance is one approach, but my preference would be for the Linux Luddites homepage to add a One-Click ‘Absolution for Transgressions Against the Luddite Way’ (and amount).

        A pre-paid ‘Indulgences’ would also be useful for those times when we foresee moments of human weakness, the lure of a new release of something ‘shiny and new’ (and likely buggy), something we know a priori we will likely regret.

        Some of us may be followers of the Luddite Way, but we’re talking Luddite 2.0 here. One-Click redemption is the way to go :-)

  11. apache9

    It was really great to hear you guys from the Oggcamp panel, and as Fab said on their podcast, ‘wish there were enough mics for all of you up there! Loved the shirt.

    Does hanging out with Fab mean you guys will start drinking Bullenschluck while recording the podcast?

    But seriously, I wanted to comment that it would be really interesting to hear your feedback sometime on the Ubuntu Studio distribution. It uses the “low latency” version of the Linux Kernel, and as far as I know this is something that you guys haven’t discussed on the show. I wonder what are all the ups and downs of using such a kernel. It also is based on Xfce, so I know that might spark your interest.

    My reaction so far is that Debian (e.g. Wheezy) runs much faster and more stably, compared with Ubuntu Studio (and has all of the same programs available), so I haven’t personally found much use for it, yet. Debian even recognizes and configures my pro-audio interface without problems. I’ll definiately keep looking into the topic though, and as a musican, start putting more effort into helping promote the right free-software creative suite.

    • Joel

      I tried Ubuntu Studio a long time ago on some old hardware. At the time, Ubuntu Studio was too heavy for my hardware, and I got lots of xruns and dropouts – it was unusable.

      Since then, I have updated my hardware and I would like to try Ubuntu Studio again. I’m also interested in checking out KXStudio.

Leave a Reply

Your email address will not be published. Required fields are marked *