Friday, October 30, 2015

Big Batch Update

Pat released a big batch update this morning along with three security vulnerabilities for all supported Slackware releases back to Slackware 13.0. They are Jasper, NTP, and CURL packages. Please upgrade them if you are still using the old version.

Meanwhile in current there are a lot of new exciting stuff:
  • automake-1.15
  • kernel 4.1.12
  • cmake-3.3.2
  • git-2.6.2
  • make-4.1
  • perl 5.22
  • subversion-1.9.2
  • kdelibs 4.14.13
  • GTK+3-3.18
  • freetype 2.6.1
  • gdk_pixbuf2-2.32.1
  • glib2-2.46.1
  • gstreamer-1.6.0 + gst-plugins-{base,good}-1.6.0
  • gvfs-1.26.1
  • libtiff-4.0.5
  • poppler-0.37.0
  • qca-2.0.3
  • httpd-2.4.17
  • samba 4.3.1
  • vsftpd-3.0.3
  • mesa-11.0.4
  • pixman-0.33.4
  • imagemagic-6.9.2_4
  • xorg-server-1.17.3
  • firefox-41.0.2
  • lots of many other upgraded packages
  • and many new packages:
    • scons
    • ConsoleKit2 (replacing ConsoleKit)
    • gsl
    • libvisio
    • libwpg
    • pygobject3
    • serf
    • libssh2
Make sure to install new packages first before upgrading (especially ConsoleKit2) and don't forget to remove the unused packages (ConsoleKit).

I'm looking forward to see RC1 soon :)

Friday, October 23, 2015

MSB: Change of Plan

There has been an interesting news from MATE developers. They are planning to release MATE 1.12 by the end of this month or in November based on testing. They adjust the development cycle to follow Fedora/Ubuntu release schedule, approximately around 6 month, but there is a feature freeze period for each Linux distribution, so it's very small time frame for adding new features into MATE.

I was planning to build MATE 1.12 for next Slackware and provide GTK+3 build, but that seems impossible as Slackware 14.1 still stayed at GTK+3-3.8, which is very old. I'm looking for possibility to build MATE 1.12 for Slackware 14.1 since they have bumped several dependencies to a newer version and i'm afraid there might be some dependencies that can't be met by Slackware 14.1.

At the moment, i'm building MATE 1.11 on a clean VM and if it turns out to be a success progress, i can provide MATE 1.12 for Slackware 14.1. Current users have no worries since they will be able to compile from sources without having any problems.

Thursday, October 15, 2015

Which GTK+ for MATE 1.12 ?

Master branch of MSB project is now set to follow development releases of MATE (1.11) which will eventually be MATE 1.12. The ROADMAP showed that GTK+3 support is a target for this release (it was postponed during MATE 1.10 cycle, but some distributions such as ARCH Linux have provided GTK+3 builds).

My original plan was to have GTK+3 build for next MATE (1.12) since i'm planning to release MATE 1.12 only for next Slackware (14.2) and Slackware 14.2 should have all the requirement for this new version by the time it is released. At this point, GTK+3 in -current is at 3.16 while upstream have released 3.18. Since -current is a moving target, we don't know which GTK+3 version will be included at the final version.

So i'm asking for your opinion about whether we should build the next MATE spesifically for GTK+3 or keep it like in MATE 1.10 where it was built against GTK+2 libraries.

Saturday, October 10, 2015

Adding More Protection Using Yubico Key

Last week, i saw an interesting offer by Github partnering with Yubico to offer a discounted prize for Yubico products only by verifying via Github. These are the deals:
  • While supplies last, GitHub users can purchase special edition U2F Security Keys for $5 plus shipping and handling (regular price $18; 5,000 special edition keys available).
  • After the special keys are gone, all GitHub users are eligible for a 20% discount on U2F-certified YubiKeys, for a limited time.
  • In addition, all students who are eligible for the Student Developer Pack will receive a 20% discount on any U2F-certified YubiKey.
I have enabled 2FA (Two Factor Authentication) to my email accounts for some time, but i was also interested for Yubico products for a long time, so i decided to take this chance to buy one. Surprisingly shocking to see that the shipping was way more expensive than the product itself (they uses DHL Express), but at the end i bought it anyway. I kinda regret it because i should buy more items considering i'm paying for the same price for the shipping and handling. In short, 3 days later the item arrived at my home after taking a long journey from UK, Germany, Singapore, Jakarta, and finally my hometown, Jogja. Never expected that it was so small and there was only one paper of invoice that came along with it.

I plug the device to my USB port and my Slackware detected it properly. This is the output in dmesg:
usb 2-8: USB disconnect, device number 4
usb 2-8: new full-speed USB device number 5 using ohci-pci
usb 2-8: New USB device found, idVendor=1050, idProduct=0120
usb 2-8: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 2-8: Product: Security Key by Yubico
usb 2-8: Manufacturer: Yubico
hid-generic 0003:1050:0120.0005: hiddev0,hidraw3: USB HID v1.10 Device [Yubico Security Key by Yubico] on usb-0000:00:04.0-8/input0
Next thing i tried to activate the 2FA authentication in GitHub. GitHub provides two methods: Application or SMS. I choose to use the application, which is Google Authenticator. It's available on Google Play (Android) or Apple AppStore (Apple iOS). After 2FA is activated, i tried to register my new device, but i ended with an error. I tried to follow all the steps carefully, but i couldn't get it done. I also tried to register it on GMail and it failed there too. After trying for some time, i decided to stop for a while and get some rest (it's past midnight).

This weekend (Saturday), after pushing the public update for SBo project, i boot into my Windows and tried the same thing: register the device in GitHub and GMail. It all worked without any problem.

So i searched Google for more references and i found some interesting article about udev rules for this Yubico key. There are two different articles about this rules and i tried to applied them all, but it failed too, until this evening i found a discussion in ArchLinux's Forum. It gave me an idea about the rules and i finally applied the changes and voila, it's now working properly under my Linux machine.

So the problem is all about permission.I confirmed it by creating a Slackware package for libu2f-host (submitted to SBo as well) and test the C-based API library. First, i tried using normal account and it failed because it couldn't find the device. Next i tried with root account and it worked fine. I got the results as i expected, so i guess it's just a matter of permission. To solve it, make a new file called 90-yubikey.rules and place it in /etc/udev/rules.d/90-yubikey.rules with these content:
# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.

ACTION=="add|change", SUBSYSTEM=="hidraw", \
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0120|0401|0403|0405|0407|0410", \
  MODE="0660", GROUP="plugdev"
and run udevadm trigger. You need to make sure your device idProduct is listed in the rules file. See the bold line in the dmesg output above. That's how you get the idVendor and idProduct values. With this in place, this new device is activated and ready to be used

Here are some screenshots when trying to login to GMail and GitHub after the new setting is used:

They provice fallback alternatives just in case you forgot to bring your device. Please make sure you have the backup recovery code ready just in case all alternatives failed.

I wish Yubico can add Firefox to the supported browser soon as it's my default browser.

There's one minor issue left, which is to use Yubico with iPad. According to this article and this entry in FAQ, i can use Yubico key with my iPad 3, however the device doesn't blink when i point my browser to the demo site. Anyway, that's fine for now.

Friday, October 9, 2015

Working Towards MATE 1.12

MATE developers have started to work towards MATE 1.12 and they have bumped several packages to 1.11.0 even though only 2 packages were published under 1.11.0 version (for now).

I also use this chance to make some changes to the SlackBuilds to match next Slackware release, which is to make the default ARCH for x86 is i586 although it will still build normally for i486.

That said, master branch is now diverging from 14.1-mate-1.10 branch which will exclusively track and build packages for stable releases (14.1) only. Master branch is now following development version of MATE, thus there's a chance for new deps in the future. For those who are building from source and living in stable releases, please make sure to checkout 14.1-mate-1.10 branch.

MATE's ROADMAP is also updated with the new goal. Hopefully all of them can be implemented in this cycle.

Friday, October 2, 2015

Security Updates: Firefox, Thunderbird, Seamonkey, and PHP

Four security updates were released this morning and they are the usual Mozilla trio packages and PHP. They were released for 14.0, 14.1, and current branches.

Along with this batch of update, Pat also pushed some update to current including:
  • pkgtool bumped to 14.2 with lots of performance improvements
  • mozilla-nss upgraded to 3.20
  • php upgraded to 5.4.45 (stable) and 5.6.13 (current)
  • libXi upgraded to 1.7.5
  • libxcb upgraded to 1.11.1
  • mesa upgraded to 11.0.2
  • xf86-video-{chips,s3virge,sis} upgraded to latest version

Thursday, October 1, 2015

Poll Results and New Poll

It's been late for one month already, but it's better to be late than no post at all. So few months ago i asked which DE that people wished to be included in the future Slackware releases. Here are the results:
  44 (26%)
  29 (17%)
  25 (15%)
  11 (6%)
  30 (18%)
  34 (20%)
  51 (30%)
  7 (4%)
  21 (12%)

MATE is the highest votes with 30% followed by Cinnamon and LxQT. I'm not that surprised since many people loved the old GNOME2 and since MATE is based on it, it has high number of people who wished it to be included. Cinnamon is also quite interesting since it provides modern desktop with modern technology and it's still relatively new, but it has attracted many people already.

While i don't have any authority to give a decision whether all those options will be included in next Slackware or not, here's a good solution:
I'm also announcing new question for next poll. It's all about PHP. PHP 5.6 is still used in -current as of today (October 1 2015), but it will be supported until August 2016 and receive security updates until July 2017. Meanwhile, PHP 7.0 is approaching and it has reached RC3.
Which PHP version should be included in the next Slackware release?

Last 2 Batch of Updates

There were 2 batch of updates in current after my last post and i didn't have time to write a blog post about them due to my heavy load in the office in last few weeks.

The last two updates brings more up to date packages:
  • smartmontools 6.4
  • cdrtools 3.01
  • ddrescue 1.20
  • ccache 3.2.3
  • libjpeg-turbo 1.4.2
  • libtasn1 1.4.7
  • mozilla-firefox 41.0
  • hplip 3.15.9
  • sqlite
  • llvm 3.7.0
  • stunnel 5.23
  • mesa 11.0.0
  • xf86-video-intel git20150915_23986f0
Some other packages are being rebuilt to fix some problems found and reported by users in LQ.