Planet NYLUG

-LM

The definition of "latest and greatest version" just changed...

I heard some some rumbling that the latest version of Firefox, version 3.5¹, hit the web today.

This is most certainly a big accomplishment and everyone involved has many reasons to be proud of this release. But that's not what I wanted to talk about².

I wanted to step back for a moment and call out a group of really important people that are often overlooked in all the excitement during a major release: the sustaining engineering team³.

They're the group of developers, bug triagers, QA engineers, build engineers, ops engineers, web developers, and project managers who have kept the 300 million and change Firefox 3.0.x⁴ users safe, secure, and stable for over a year now.

Sustaining engineering has never been particularly sexy work.

Often times, the pressures imposed by consumers of "sustaining releases" make it particularly grueling work: risk assessment becomes a large—and often difficult—part of the job. Mistakes can be very costly and affect higher numbers of users. Such users are less tolerant of sometimes-necessary changes. And in the case of many software products, Firefox included, when a security vulnerability is involved, all of these decisions and work needs to be done on a very tight schedule.

These realities are doubly true for an open source project, where the "release early, release often"-mentality⁵ often leaves those who toil away on sustaining efforts appearing in relative obscurity. And since open source capital is about visibility, less visibility can translate to less understanding of the actual work being done and the value these teams and individuals bring not only to the community, but to the end users.

So to those who've done this difficult, thankless work, quietly, consistently, and proudly: you have my thanks. And even though they may not know about you, you have the thanks of every Firefox user who is able to easily click "Check for Updates" to get today's New Hotness (tm), because your work has kept them safe and secure on the web for the past year.

If history is any guide, these tireless souls are already getting ready to do it all over again and take stewardship of 3.5.x after a couple of releases or so.

So take a moment to raise a (virtual) glass to them⁶... and then get back to enjoying the awesomeness that is Shiretoko.

____________________
¹ Back in my day, it was called "Firefox 3.next." P.S. Get off my lawn.
² If you do want to read more about the 3.5 release, try here, here, here, here, here, here, here, here, here, here, here, here,here, here, here,
here, here, here, here, here, here, here, here, here, here, or here.
³ I don't know what Mozilla Corporation calls this team, exactly; unlike some other organization, I don't think (structurally) they split them out; but the function is the same
⁴ And you have to admit... it was a pretty good vintage of Firefox
⁵ Which, don't get me wrong, is critical for any open source project's success
⁶ Or, if you're in a physical localized spot next to them, a real one...

Add black borders around photos on Flickr. It's a userstyle for use in Stylish, a Firefox extension that lets you apply custom CSS to webpages.

In the past, I generally not made weblog entries about creations like this, but it's never too late to start.

20080916-n20080916174714

Continue reading the rest of Building lines over at the Code|Beta Photography

Just wanted to keep people posted as to what's going on in Marketing and the outcome of my trip to Westford last week. As many of you know, I've been thinking about what the next steps we need to take in Fedora Marketing should be. I feel that we have come along way in terms of improving process and that we can go even further while also putting a fresh spin on things. For some time there has been discussion of a "Fedora Magazine" concept; this goes back a couple of years. I really liked the idea and it sort of stuck in my mind all these years and I was thinking we can centralize things around that format. I had a few rough ideas for kickstarting this, but mainly my motivations were to solidify policies and process for what content Marketing creates, who we create it for, the content creation schedule, and how we distribute it.

Last week, I went up to Westford to and I met with Mo and Mel and Stephen Smoogen who was in the house for a visit. We ran through a bunch of ideas and goals for Marketing's future and the idea of a Fedora journal/magazine type setup. The results can be found here: https://fedoraproject.org/wiki/Marketing/Project_FooBar. Mo came up with the name, lol.

There are 5 main goals that we are striving for as you can read on the wiki page. Centralization of Content, well scheduled, recurring and prepared content, design which is consistent with the philosophy of the Design team, standardized "official" feeds for distribution of different forms of content, mechanisms for localization and sharing the media with press or on social news sites.

Feel free to read the wiki page and add/edit, etc. I would like to know what people think of this type of format, and I know people will have many question so I would like those to be voiced now so that we can answer them and make sure we are working to build something that is useful for the community with input from the community.

By the way, here is a screenshot:

Apologies for not blogging as much as I should. I've focused on getting what needed to be done, done.

Tasks that have been completed thus far with a target milestone of using a mock Form, enable persistence of Questions and Values to the database:

Mock out a report form using the domain classes
Using the mocked up schema, generate a simple report form
Design the SQL Schema (for just FacilityDataValue and FacilityDataQuestion)
Write Hibernate Mapping files (for just FacilityDataValue and FacilityDataQuestion)
Write Data Access layer (for FacilityDataValue and FacilityDataQuestion)
Write Service layer (for FacilityDataValue and FacilityDataQuestion)
Refactor the rendering logic to use the JSP and write EL function(s) to check types using instanceof.
Allow a simple the mocked form from Week 1 to save the question answers.

Tasks that are are in progress, soon to be finished with a target milestone of removing the code used to mock up everything from the first few weeks; ability to use the saved schemas for rendering the report form:

Design SQL Schema for the rest of the domain classes
Write mappings for the rest of the domain classes
Support loading the previously saved values for a form/startdate/enddate/location into a page for viewing or editing
Write methods to save the rest of the domain classes in the data access layer
Write methods to save the rest of the domain in the service layer

Now that I have summarized work completed and in progress, let's explain the overall design:

FacilityDataFormSchema serves as the overall representation of the report form in the system.
FacilityDataFormSection is simply that, sections on the form, e.g., monitoring equipment status, stock status of vaccinations, number of people vaccinated, etc.
FacilityDataFormQuestion holds metadata regarding a question.
FacilityDataQuestion is the question itself; it specifies the datatype; it is subclassed for each question datatype; if not subclassed, then the question is considered to be "freetext" -- in other words: just simply a text-based question.

CodedQuestion is a question that has a coded answer. This too is subclassed for each coded question datatype.

StockQuestion is exactly as the name says, to track stock of items such as vaccinations. The coded answers are: "not_stocked_out","stocked_out","expired","not_applicable"
BooleanCodedQuestion is a simple "yes","no","not applicable" type of thing; e.g., "Was there mobile clinic today?"

NumericQuestion is a question which has a numeric answer, e.g., "Number of Adults Vaccinated."

FacilityDataValue is what holds the values entered in the report forms for each question.
FacilityDataReportFormData is a non-persisted class used for retrieving the answers for a specific report.

Hopefully this makes up for my lack of updates.

-LM

Everyone with some form of security training should be aware of the fact that information security is commonly defined in terms of Integrity, Confidentiality and Availability. Integrity & Confidentiality is what most security pro's think of when they are securing an infrastructure. We deploy layers of defense, harden applications, encrypt data, develop (implement and monitor) policies and what not.

The availability part is often only addressed in a business continuity / disaster recovery plan. In such a plan, we worry about how a server's outage influences our ability to deliver value to the business and we make educated decisions on the amount of redundancy we need to implement to prevent interruptions or service degradations.

Today's weather is a perfect trigger to go review your business continuity plan. Areas of the USA have been hit by tornado's, the Mid-West is littered with severe weather alerts and other areas are threatened by tropical storms. It has not stopped raining here on the East Coast and it is coming down in buckets.

Are you ready to deal with leaks in the building that houses your primary data processing facilities? Do you have equipment in basements that might be affected by flooding? Have you made your backups (and checked that you can restore them) and stored them in a waterproof location off-site? How quickly can you relocate your critical systems? Do you even know what the critical systems (other than Facebook and Twitter) to your organization are? Is your key personnel aware of the fact that you have a business continuity plan? Are they familiar with it? Do you have an up-to-date call-list? Do you have (several) hardcopies of your plans?

You should have worried about this a long time ago, but if you haven't, now would be a good time to start.

Continue reading the rest of Update on the Snickers Street Slam over at the Code|Beta Photography

Continue reading the rest of Talking about pineapples in the bus over at the Code|Beta Photography

Continue reading the rest of Girl at the park over at the Code|Beta Photography

We’ve recently upgraded to the new version of WordPress and we’ve discovered that the current version of the application we’re using for the Prints Store is causing a couple of issues and we’re looking for a solution to these issues that are generated.

For the time being we are closing down our Prints section and working on getting it resolved. We apologize for the inconvenience that this may cause to you.

-LM

This is gonna be short, sweet and to the point:

Week 1:

I wrote a mock report form with 10 questions (screenshots in a later post)
I then wrote up some code to render it approriately for each question type.

Week 2 (still ongoing):

Designed the SQL schema, and wrote the service/database layer classes for 2 of the classes.
Wrote in the functionality to save the report data to the database.

Will explain the design at a later date.

Ciao!

Every now and then, I need to scratch a technical itch. Fortunately, Chris Christianson had the good taste to post Ceasar's Challenge just as it manifested itself.

The challenge was the following:

4500 00c8 21c4 4000 8006 dee4 c0a8 3c01
c0a8 3c35 0014 0841 ea5d efe1 32e0 3fa1
5018 ffff 2c6d 0000 1f8b 0808 d92d 074a
0203 6669 6c65 005d 8ecb 9104 210c 43ef
1385 4210 fe01 e1b8 7ae8 fc43 1871 d8cb
faa0 924b cf82 4812 6419 3aaa e5b4 2e8e
81fd ec8d 87bd e00f c79f f344 767d 41a3
098e 034f f31b 0c39 3f88 9e89 3a46 18dd
af28 706f f8f0 82f7 5db7 d2d0 fc17 634c
54d6 914c 43ed 72c4 532f 6a72 c329 4925
48cb db9c 8564 2cc4 1baf b81c 7a5c cde9
b7af f4b5 5882 c5f9 45c4 852e 62b1 3f3f
c173 e305 f500 0000

After looking at this for a while, it became obvious that this is a IPv4 packet. The first few bytes (4500) are a dead giveaway. Using the SANS TCP/IP cheat sheet, I was able to confirm that this was indeed an IPv4 packet.

First order of business: get this in a workable format. I started with dumping this in a file (challenge.1) and converting it to binary:

xxd -r -p challenge.1 challenge.2

Opening challenge.2 in a hex editor gave me a little more insight into what I was doing. I used hexedit on Linux and notepad++ on Windows.

The payload of the TCP packet started after 20 bytes (5*32/8), or at offset 0x14. Repeating the process of copying the payload into challenge.3 and making it binary using xxd, I got a resulting file challenge.4. The Linux command-line file challenge.4 told me that it was gzip'ed data.

Copying challenge.4 to challenge.5.gz and gunzipping the file yielded challenge.5, which after viewing it in a hex editor turned out to be another IP packet. This time the packet contained a UDP payload going from source port 23149 to destination port 514 on the same two hosts. The payload of the UDP packet looked like syslog, and that is confirmed by the port numbers:

<15>Jun  3 13:16:19 DDDDDDDD GenericLog    0    VWRS VPHOOLQJ SDFNHW SOHDVH

Remember the title of the challenge? Exactly, a Ceasarian shift. Fortunately, it took not too long to figure out that the offset was '3', which resulted in the answer: STOP SMELLING PACKET PLEASE.

I have recently expanded my involvement with SANS by signing up as a Gold adviser. In addition to guiding students through writing their papers, advisers also review work that has been graded by the primary adviser. This endorsement creates an independent quality control review and makes it harder for sub-par papers to go through.

Some of the papers that I have reviewed recently are worth mentioning:

Robert Vandenbrink authored IOScat - a Port of Netcat's TCP functions to Cisco IOS. In the paper, he describes how to implement netcat-like functionality in Cisco IOS using the Tcl language. Any security pro should know about netcat and be familiar with how to use it, so a paper describing how to bring some of its functionality to IOS is a must read.

As an aside: In a long and dark past, I also used to dabble with that language, and as a matter of fact, it is still the most popular download on this site. The tool I made is used by flightsim fananatics and is called PCProxy

Chris Mohan wrote Virtual Rapid Response Systems. The paper proposes to use virtual machines in incident response scenarios where there is no qualified handler on-site. While the approach may not scale up to large corporate environments without some tweaking, some of the ideas that were proposed are interested and can apply directly to users working for small and medium-sized enterprises.

As always with incident response, make sure that you keep records of what you do. Taking excellent notes is an absolute requirement, as is keeping track of the big pictures. I still develop a tool that assists with the latter: The application for incident response teams (AIRT) supports CSIRTS with the administrative overhead of incident response. The tool is currently in use by several national CSIRTs and institutes for higher education. If you are looking for an incident management product, please drop me a line and we'll talk.

Thanks to Hoff's tweet earlier today, I watched a presentation titled Enterprise Cloud Risk and Security.Not only is the presentation an excellent use of a slide deck (no narration necessary), but some of the observations that are outlined in it are representative of the thought processes of someone who gets it.

"Fundamentally, engineering is about knowing and respecting the limitations of one's materials. ICT systems are built with software being one of the key materials. And software is thoughstuff. For an engineer of thoughtstuff, the limitations of mathematics and cognitive science are the limitations of the material"

Masterson goes on by arguing that "We need to stop thinking in terms of security and start thinking in terms of health". This argument is based on the premise that any time a fairly simple and controlled solution is scaled up, complexity is introduced that invalidates many of the controls meant to keep it secure.

A little later, Masterson introduces another interesting concept: Redundant Arrays of Independent Clouds (RAIC). Brilliant ;) The simple (and compelling) reason for RAIC is a bit of knowledge derived from biology and in particular, ecosystems: diversity = health.

Issues covering legacy security technologies such as firewalls are also briefly touched upon:

"Concept like 'firewall' embody Russellian assumptions, and are only useful in the small. Instead, consider concepts like quarantine, sterilization chambers, and disinfection, for example."

This is not to say that firewalls cannot be useful, but as we see more and more distribution in our computing infrastructure and our data being spread globally, local perimeters will continue to be necessary, but no longer sufficient.

All and all a very interesting presentation in a novel format, bringing some good things to think about. Go watch it.

Continue reading the rest of Trees to be planted over at the Code|Beta Photography

Blackhat just posted the schedule for its 2009 briefings, and as always, the schedule looks impressive. I'm happy to announce that I will be covering the Briefings as a member of the media. Every day, I'll try to get a post out detailing my experiences. Since I haven't decided on the format yet, any feedback is appreciated! This will be my first time at BlackHat, and I am really looking forward to it. Immediately following BlackHat, I'll also hang around at DefCon for two days. I had a blast last year, and I fully expect this year to top that. If you're going to be in Vegas, please drop me a note and we'll try to hook up!

Let's face it--We're addicted! To files that is. More importantly, we are addicted to the massively large and ever increasing storage devices upon which we store those files. Make no mistake though, like any addiction, storing content comes at a cost and usually those costs are paid at the filesystem level. We all want more space and we all want better performance when it comes to disk I/O and a junkie's wishlist never ends.

Fedora 11, when released tomorrow, will be the first distribution to boast the inclusion of ext4, the latest incarnation in the extended file system family, as default. Ext4 brings with it support for larger filesystems, larger single file size and many improvements in almost every imaginable facet. Join me for an interview with Eric Sandeen, renown file system hacker, Red Hat Engineer and Fedora Contributor as he takes on a little trip down Filesystem Alley and explains what filesystems are, where did they come from, why should we care and why they along with Fedora 11 are prepping to take over the WOOOOORLD!

1. Please give is a quick self-introduction and how you got started working on Fedora/Red Hat and filesystems.

I was an electrical engineer by education & career years ago, but in the course of that work I started fiddling with Linux - Red Hat Linux (5?) was actually the first distro I ever used. I worked at SGI for about 6 years on the XFS filesystem, and then moved to Red Hat to work on ext3, ext4, XFS, and other filesystem related bits. I feel lucky to be able to have turned a fun hobby into a paid gig. :)

2. Practically, what is a filesystem and why should the average user care about what filesystem they are using?

A filesystem is the detailed format of how the operating system stores data on disk, and how it manages reading and writing of that data. The filesystem's job, first and foremost, is to keep the user's data intact and accessible, but beyond that, extra features and speed on certain workloads may influence a user's choice of which filesystem to use.

3. Can you give us a brief history on filesystems in Linux? What have been the major milestones?

Linux started out with a very simple filesystem, the Minix filesystem. This was replaced with the "ext" filesystem around 1992. Ext2 showed up around 1993, and the later ext* filesystems been developed from that basic lineage. Around 2000-2001, there was a bit of an explosion of new journaling filesystems for Linux, including ext3, xfs, jfs, and reiserfs. Of those, I'd say that ext3, ext4, and XFS have remained in most active development to this day.

Ext4 development was started about 3 years ago to address scalability & functional limitations of ext3, working on top of the ext3 codebase. Some of the basic features came from work that ClusterFS and Bull had done for Lustre, and other development has happened on top of that. It's been a joint effort by several entities upstream, and we've all worked together to make a good filesystem.

4. In Fedora 4, the default filesystem will be ext4. Fedora 11 will be the first distro to offer ext4 as the default FS. Why is that significant?

I think Fedora has always taken pride in helping to develop new features for Linux, and pushing them as part of the distribution to get these features out to a user base. It's always a bit of a balancing act, because new software inherently has bugs, and users expect any distribution to work well, of course.

The open development process of Fedora has allowed early adopters to test & provide bug reports and feedback on ext4, and the end result, I think, is that we have a very solid ext4 codebase for F11. It was a little rough in the beginning but thanks to all the testers, and the hard work by all the upstream ext4 developers, I feel confident that we're in good shape.

5. What limitations was ext4 developed to overcome and what benefits can we expect to see? There are also new features like the addition of extents and pre-allocation. These specific features are a big win over previous filesystems. Can you tell us more?

One of the primary limitations of ext3, and motivators for ext4, was the relatively small maximum file size (2T) and filesystem size (16T). The allocator in ext3 wasn't particularly efficient either, and the direct/indirect block layout scheme caused some performance bottlenecks.

The ext4 on-disk format allows for up to 1EB filesystems with 4k blocks, although due to user space tool limitations we're still at a 16T maximum filesystem size. Work is currently underway to address this.

Ext4 also has a new allocator, called "mballoc" which can be much more efficient than ext3's old block at a time allocator.

One of the other real bottlenecks to scalability is how well a very large filesystem can be checked and repaired, and modifications to ext4's metadata layout have yielded some very impressive speedups in e2fsck's check times.

Features like extents and delayed allocation have honestly been around for a very long time on other Linux filesystems like XFS, and ext4 implemented these features in part based on that proven track record. Together these features can help give us very efficient allocation patterns.

One other thing that the extent format brings us is much faster deletion of large files compared to ext3 - something which anyone who has had to enable the "slow delete" feature of MythTV may appreciate.

Extents also allow filesystems like ext4 to efficiently track preallocated disk space, allowing applications which use preallocation calls to get more efficient allocation. The transmission bittorrent client and the libvirt tools are a couple of packages in Fedora which make use of this.

6. Fedora has been using LVM and other volume management layers for a while. In fact, Fedora helped pioneer technologies like LVM. How does ext4 play well with these? How does it facilitate use of those technologies?

To be honest, there's a lot more work to be done in this area. One of the things which has just recently been addressed upstream is LVM's ability to pass write barriers from the filesystem down to the underlying block device. Write barriers prevent write reordering by the drive. They have a bit of a performance hit, but they're needed to ensure a journaling filesystem's consistency whenever power is lost to a disk with a volatile write cache. Until very recently, LVM didn't pass these barrier requests down at all; this now works upstream for simple LVM volumes, and work is ongoing in this area.

The other area where filesystems and volume managers really need to communicate is in the geometry of the aggregate block device - ideally the filesystem wants to know about the stripe unit and stripe width of a raid5 device, for example, so that it can do efficient, well-aligned allocation and IOs. The XFS userspace utilities are able to extract this information from software raid devices and use it at mkfs time, and honestly this is something that needs to be added to e2fsprogs as well. Again, there is more work going on upstream to address this issue.

7. What are your thoughts on the future of filesystems? What do you think are the features that we should be focusing on? Are we working on pioneering any of these efforts in Fedora?

One of the big pushes is for more active protection of the user's data via checksumming at all levels, as well as management features, such as better ability to use multiple devices for a filesystem. In Linux, a lot of this type of work is being done in the new BtrFS filesystem.

Fedora 11 is a pretty exciting release for filesystems overall, because it also includes an early preview of BtrFS. Josef Bacik, one of our filesystem developers, has been putting a lot of effort into BtrFS upstream. Adventurous users who want to try out BtrFS can do so in F11, and even install the distro onto it by booting the installer with a "secret" boot argument - "icantbelieveitsnotbtr". This is a very early preview, and isn't yet suitable for more than testing for most users, but early testing and bug reporting will be very useful.

8. Do you like any other filesystems that are being used/developed, such as ZFS, which seems to be a big fan favorite and others like BtrFS, Tux3?

ZFS has a lot of nice advertised features, but it's not really available for Linux primarily due to license issues - and I'm not sure the userspace fuse implementation is optimal, but I may be biased as a kernel filesystem developer! BtrFS shows a lot of promise, and Chris Mason and his crew have been developing it at an amazing pace, in my opinion. BtrFS is a pretty fundamental re-thinking of what a Linux filesystem should be.

I can only keep so much in my brain at once, and so have not really kept up with Tux3. The other filesystem that I still think is interesting is XFS, because it has the scalability and feature set that ext4 is striving for in a mature, well-tested (though pretty complex...) code base. Of course, like anything else, it has its strengths and weaknesses. It's also a pretty different beast administratively compared to what people are used to with ext2 and ext3.

9. What is your day to day development cycle look like? Surely, work continues on ext4, but what else are you working on? What do you spend your free time doing?

I do a fair amount of work on ext4 and XFS on a daily basis, and a lot of my time is taken addressing various Fedora and Red Hat Enterprise Linux user & customer bugs. I maintain a few other filesystem-related tools for Fedora and RHEL as well, including e2fsprogs, xfsprogs, xfsdump, blktrace, fio, ffsb, fs_mark, seekwatcher.... this keeps me plenty busy!

I've recently been working on making the xfs regression test suite filesystem-agnostic so that other filesystems can use this basic framework for regression testing; it's been hugely useful for XFS development. We have about 30 tests running on other filesystems now.

There are many other bits and pieces that compete for attention every day, so there's a lot of juggling of priorities. Any filesystem corruption bugs or oopses usually rise to the top.

Free time? I have a family and a 2 kids, so there's not a lot of that! I bike and swim when I can, and to be honest some of my free time is spent.... hacking filesystems. I guess it's in my blood.

10. How are you planning to celebrate the Fedora 11 release tomorrow?

Hm, I'll probably be working on what needs to be done for F12. :)

Anxious for Fedora 11. Can't wait until tomorrow to get your hands on it? Well you can take a sneak preview of what's coming by visiting the Fedora 11 Tour page. On it you'll find an overview of Fedora 11, the Fedora 11 screenshot tour, links to the various pieces of Fedora multimedia we've produced and of course information how and where to download Fedora 11 from starting tomorrow at 10am Eastern.

But now there is the danger of a new form of lock-in. "Cloud-computing"-the delivery of computer services from vast warehouses of shared machines-enables companies and individuals to cut costs by handing over the running of their [enterprise applications] to someone else, and then accessing it over the internet. [..] But customers risk losing control once again, in particular over their data.
The Economist, May 30th-June 5th, p. 18

Others have said it in the past, and more people will say it in the future: The Economist is one of the best newspapers in the world and well worth its price. The publication pleasantly surprises me on many occasions, and this issue is no exception.

While the article is not very long, or even prominently positioned, it does contain a few very important observations: be careful not to lose control when moving existing data into the Cloud, and address the risk of not being able to move data out of the Cloud once it is in there.

We’ve officially opened our store and we hope you enjoy shopping here.

This page will display the news for the store, such as new products that we offer or promotions, or issues we’ve encountered.

For the time being we are still in the process of adding products to our store but if you wish to purchase a print of a photo we don’t have at our store but we do have at our Photo Gallery then feel free to send us a message through the Contact Us page and we’ll place it up on the site.

Payments are done through the PayPal service and they handle all your credit card and billing information. Code|Beta will never ask you for any billing information.

If you have any comments or questions or get an error while shopping then please let us know through the Contact Us page located in any of the Code|Beta Sites.

-LM

Continue reading the rest of Moving through the court over at the Code|Beta Photography

A while ago I read this post from the Epic Edits Blog and one of the pieces of gear that was mentioned by Brian Auer was the split image focusing screen from Haoda Screen which makes custom focusing screens for DSLRs and I instantly wanted one.

I began researching a bit into the subject and found that it was possible to replace the focusing screen found in the Nikon D60, which is the camera that I have, with one that had the split image in the middle, like those vintage SLRs. Since I don’t really have a good quality method of taking a photo of the viewfinder of my camera, I’ll have to look onto the Internet to better explain what this is to those of you who don’t know what a split image focusing screen is…so here we go with a couple of links and images

First we have a photo from Flickr which shows the split image focusing screen

Photo by Juan Buhler

As you may have noticed there is a small circle in the middle of the image and that’s exactly what the split image is all about. The we have the following link which provides a review on one of these focusing screens as well as a link to a more in depth article on how the whole technology works and it’s drawbacks

Continue reading the rest of Split focusing screen over at the Code|Beta Photography

In order to effectively detect and respond to computer security incidents, an incident manager needs information. That information must have sufficient detail and enough coverage. This is why I get a little miffed, when I see a work ticket get closed out with only the following information:

"Lots of these machines were infected with virus. I killed them all."

There is (almost) no useful information in this update.

How did you notice there were viruses on the machine? What tool detected them? How many machines were infected? Which machines were infected? What were those machines used for? Who had access to them? Was it the same virus on all machines, or were there different ones? Which viruses did you find? Was there antivirus installed? Was the antivirus running? Were the antivirus definitions up to date? Was the machine's operating system patched? Which users were logged on locally? What drive mappings did the user have open? How did you kill the viruses? Did you see the virus(es) somewhere else?

Right now, I have no information and as a result I have to declare an information security incident. I get to find an answer to all these questions, probably resulting in a finding that one user does stupid stuff on multiple workstations, or that the office is doing bad stuff as a whole. Either way, I anticipate some very targeted awareness training in my near future.

Oh yes, due to this particular environment, users have local administrator access and are free to mess up there own machines as much as they want.

Authentication is an aspect of computing which many take for granted. What's all the fuss? you think. Username, password and that's that. In the following Q&A session with Bastien Nocera, long time Fedora Contributor and Desktop Renaissance Man, we discover that when it comes to authentication, there is more than meets the finger!

With fingerprint and other biometric authentication options gaining more popularity, its time to get more creative regarding their use. Many laptops have had built-in fingerprint readers for upwards of two years now and Fedora 11, thanks to Bastien and crew, does a solid job of making that option a viable one for Linux desktop user. How did we make this happen for Fedora 11? Will your Fedora laptop one day be able to authenticate you on the web using your finger? Will we ever get GNOME keyring to unlock using a fingerprint? What will Bastien work on next? All this and more if you keep reading below!

1. Can you please give us a quick self introduction and how you got started in Fedora.

Hey, I'm Bastien Nocera, I work for Red Hat, and I've been a GNOME contributor for 10 years. I started using Fedora when I joined Red Hat in 2002, and I've been hooked since :)

2. For at least a couple of years now, many laptop models have had built-in fingerprint readers. They never seemed to work well under Linux, despite various bits and pieces of drivers being out there. Can you tell us more about how this feature came about in Fedora 11? [note: PAM is the pluggable authentication system used on Linux machines to authenticate users. D-Bus is a message bus system, a simple way for applications to talk to one another.]

I've had a Dell laptop with the omnipresent Thomson fingerprint reader for a couple of years, and I was looking at how I could use it, and make it work out-of-the-box in Fedora. At that time, as far as I remember, the only options were the proprietary Upek bits, and thinkfinger, which was a very PAM specific solution.

Around that time, Daniel Drake mentioned that he was working on ‘libfprint’, a library to fold the support of different fingerprint readers, with different capabilities, into one supported API, for his BSc in Computer Science.

I got in at about that point. Daniel and I already had a pretty good idea on how we should be architect support for the fingerprint readers, and Daniel wrote a first pass at the ‘fprintd’ D-Bus daemon to present it at his final year project presentation.

When Daniel presented his project, he put all his code up, and I started working on the D-Bus daemon, cleaning up the API, and implementing various front-ends on top of it.

3. In order to accomplish a lot of this some significant modifications were necessary to other parts of the distro, i.e. DBus, PAM and authentication dialogs. Can you talk to us a little about what type of work needed to be done to get all the pieces to work together.

It was pretty fun getting to use some new technology. We fixed some bugs in ‘libfprint,’ re-did the public API, added developer documentation, added PolicyKit integration, added a PAM module, and wrote a nice UI for all that in the GNOME control-center.

We were pretty much done, and then Ray Strode added support to GDM to get multiple PAM stacks. This meant that the user could choose between logging in with a password, or using the fingerprint reader.

4. What are some of the issues that remain to be worked on if any?

Most of the remaining problems fall slightly outside the scope of this project. ‘libusb1’ needs a bit of reworking to handle devices appearing and disappearing more gracefully. ‘libfprint’ needs bug fixes for existing drivers and more drivers (never-ending story). Finally, we need PAM to die die die (or add multiple PAM stacks support to more front-ends).

5. Where do you see the future of this going? Do you expect that we will one day down the line see encrypted filesystems which require biometric authentication to decrypt? How about extending this capability to authentication on the web?

Hehe. The architecture is there to support those, although security concerns will possibly override that. We're still thinking of ways to integrate LDAP authentication, and get the PAM module to unlock the GNOME keyring for us.

6. You are well known as a long time and very involved Fedora contributor. What are some of the other projects you worked on for this release?

I worked on the (oh-so-controversial) volume control, updated Bluetooth management tools, and wrote/updated a driver for Wacom Bluetooth tablets.

But work has already started for Fedora 12. With Dan Williams, we already added Bluetooth PAN support to NetworkManager, and we're working on the front-end bits now. I'd like to do some more work on my old flames, Totem and Rhythmbox.

I also have a drawer full of Bluetooth devices that I need to work on. I'm half-way done adding Geolocation to Firefox, for Linux platforms, using GeoClue. Hopefully I'll be able to finish that and work on some more devices.

7. What are you going to do to celebrate the release of Fedora 11?

Probably raise my glass to it, and getting cracking on Fedora 12!

I recently added something new to my blog and feed which seems very useful to me and I figured I would share it. I used to have a bunch of buttons to help people submit stories to different social news sites like digg, link aggregators like delicio.us and or to save bookmark them online or other similar services. This took up a lot of space under each post and barely ever worked correctly. Certain links would always end up missing and it would never render right.

Today, I added an "addthis" bar to the bottom of each post. You can see it down below. See it? Its really handy and really cool and when you click on it it will open new overlay or page and let you select where you want this post to go, whether its email, print or sites like digg, facebook, newsvine, technorati, etc. Its pretty cool I suggest everyone give it a try to help simplifying you blog and feed management.

This last weekend I had the opportunity to photograph a basketball tournament which is open to the public and it’s based off the street style where the teams are composed of 3 players each and only half of the court is used.

Continue reading the rest of Street Slam over at the Code|Beta Blog

On Friday, I posted my response to President Obama's Cyberspace Policy Review. Today CNET put up A cybersecurity quiz: Can you tell Obama from Bush? The article goes back in time to 2003 when President George W. Bush also made an attempted to formulate a national strategy to secure cyberspace.

The similarities between the two documents are striking. The real question to ask is: how much progress have we made in the previous 6 years that these same issues still pop up. I'm afraid the answer is: not much. Let's hope the next 6 show some more.

Presto! Wow, what just happened? Was that a magic trick? Well there is no magic trick here today, but what we do have is the latest in the Fedora 11 Podcast Series, an Interview with Fedora Contributor Jonathan Dieter on one of the coolest new features on Fedora 11 - presto! Presto allows you to use deltarpms to download only binary ‘diffs’ from whatever packages you already have on your system. For example, if only one file in a released update was change, all you would be downloading would be that one changed file as opposed to the whole new RPM. Starting in Fedora 11 you can use presto and the yum-presto plugin to enable this functionality when downloading updates.

Presto with Jonathan Dieter [7.2MB Ogg Vorbis]

Remember when I said no magic was involved? We actually did have to use some magic to record this podcast because Jon lives far far away--in Lebanon! Using some of that good ole’ Fedora voodoo we were able to get Jon’s thoughts on Presto, how it and deltarpms work, how this idea came to be and what working in and being a Fedora contributor has meant and continues to mean to him and just a little bit about what’s goin' on in Lebanon. Just another example of how great people all around the world come together to build a project, a community and a home called Fedora.

President Obama presented the Cyberspace Policy Review today. The document reports on a changing direction of US cyber security policy under the new Administration. It is less about governance and more about "getting stuff done". The new policy has the potential to bring upon security practitioners interesting times of attention for our trade, acknowledgment of the necessity of our skills and maybe even the odd job opportunity here and there.

Much will depend on the person who will be chosen to fulfill the role of national cybersecurity coordinator and his ability to obtain true buy-in and commitment of the different government organizations.

Quotes like the following are encouraging to read:

"The architecture of the Nation's digital infrastructure, based largely upon the Internet, is not secure or resilient.

[...]

Research on new approaches to achieving security and resiliency in information and communication infrastructure is insufficient. The government needs to increase investment in research that will help address cybersecurity vulnerabilities while also meeting our economic needs and national security requirements.
[...]
International norms are critical to establishing a secure and thriving digital infrastructure.
[...]
Only by working with international partners can the United States best address these challenges, enhance cybersecurity, and reap the full benefits of the digital age"

The plan acknowledges that our networks are not secure, and that this inherent level of insecurity must be addressed by increasing efforts (read: spending) to conduct true fundamental research that is not limited to national boundaries. This is a vision that I can support and which makes me look to the future with a sense of anticipation.

Other writeups worth reading:

Andrew Jacquith's view over at The Forrester Blog for Security & Risk Professionals
Amrit William's view over at his blog.

I am heading over to Jersey City tonight to attend an meeting on Cloud Security, organized by IOActive. Despite Hoff's best efforts, cloud security confuses me. I understand information security and I understand "The Cloud" as well as most other people do (which isn't saying all that much), but I fail to see how combining the two suddenly make a completely new field that is worthy of all the buzz it gets.

We have been dealing with outsourced business functions for a long time and most organizations are used to doing it; some have even gotten quite good at it.

Reading the Cloud Security Alliance's document titled Security Guidance for Critical Areas of Focus in Cloud Computing. If you have not read that document yet, go do it now. If anything, the architectural framework defined in it is very worth while and I hope it will bring the Cloud playing field to adopt similar terminology when talking about identical things.

Keeping in mind Hoff's distinction between the three architectural layers (Infrastructure as a Service, Platform as a Service, and Software as a Service) clearly helps in shaping our perception of risks associated with outsourcing a business function, and it will support defining our responsibilities as an outsourcing organization.

The document provides guidance on how to direct existing efforts to facilitate Cloudification. There isn't all that much in there that is truly new.

The fact that we are struggeling with this shows once more that our field is young and emerging, and that we haven't really even reached adolesence. It is a fun time, but as with all new things, stepping back every now and then to reflect what's going on should also be a priority.

Cutting edge virtualization technology has always been one of Fedora's strong suits and Fedora 11 looks to continue that trend. In an interview with Daniel P. Berrange, Red Hat Virt Team Engineer and Fedora Virtualization guru, we talk about the many key upgrades to virt technology in F11 focusing on areas of usability, performance and security. Fedora 11 will premiere the latest in secure and powerful virtualization technology available to users and developers. With so much to look forward to Fedora 11, it's sure to make your virtualization dreams a reality.

1. Please introduce yourself, and tell us about your work in virtualization and how you got started.

I'm one of the lead developers for the libvirt project and am actively involved in many related areas of open source development (qemu/kvm, xen, gtk-vnc, virt-manager, to name but a few). I also co-maintain many of these packages in Fedora and RHEL, along with many others in Red Hat's virtualization team.

More than three years ago (shortly after transferring into Red Hat's Engineering team, from consulting services) I was working on the OLPC project. We needed a way to easily test the OS images we were building without needing real hardware. As a proof of concept, I hacked up a simple GTK application to run images them under QEMU. At around the same time Daniel Veillard had started the libvirt project and there was a desire for a desktop application to manage Xen using libvirt. So I switched over to the virtualization team, wrote virt-manager for Fedora 6, and my involvement in all areas of open source virtualization grew from there.

2. Many people view the work being done on virtualization as a feature set of major importance and significance. Can you give us a brief overview of some of the changes we can expect to see in Fedora 11?

The open source virtualization development effort is so large now, that it is useful to discuss each stream in turn.

At the lowest layer is obviously the Linux kernel and KVM/QEMU. There has been a major acceleration of development in QEMU and push to merge KVM into the official QEMU source repository. There's ever continuing work on performance, stability, scalability and reliability in KVM. PCI device passthrough is one new feature we're highlighting for Fedora 11. The return of Xen Dom0 was not to be, as the Dom0 paravirt_ops merge with the upstream Linux kernel is still an ongoing process.

At the middle layer is libvirt, providing a consistent management API across different virtualization technologies. New features in libvirt, since F10, include PCI device passthrough for Xen and KVM, the sVirt security driver using SELinux to protect KVM guests from each other, thread safety of all libvirt APIs, improved scalability, reliability and debugging for the libvirtd daemon and support for SCSI HBAs and copy-on-write volumes in the storage management APIs.

The top layer covers end user tools such as virt-install and virt-manager. virt-manager is undergoing a significant (and ongoing) overhaul of its user interface. The first improvements arriving for Fedora 11 are in the guest installation process and storage management capabilities. As guest installation is first task most users try, ensuring this is simple and reliable is key to making a good first impression. Guest desktop interaction is another historical pain point which has been a focus for improvements in Fedora 11.

With every release we also try to make a significant step forward in security of the virtualization stack. In Fedora 11 the focus has been on SELinux to protect guests from each other and SASL to authenticate VNC users.

3. There have been some large changes in virt-manager and libvirt, which are at the core of the user experience when it comes to virtualization. Can you talk to us more about those?

The guest installation process and desktop interaction are the most critical areas for making a good first impression. In the virt-manager re-design the wizard used for installing new guests has been streamlined, cutting out three redundant steps. Where possible, it will automatically detect the type of operating system being installed and choose the best configuration options to optimize for this OS, no longer requiring the user to figure this out for themselves.

The installation process now directly utilizes the libvirt storage management APIs to allow easy creation of files in a variety of formats (raw, qcow2, vmdk, etc), allocation of new local disk partitions or LVM volumes and access to LUNs exported by iSCSI targets. This is particularly useful when remotely managing virtualization hosts, allowing regular administrator tasks to be performed from the virt-manager UI without resorting to command line SSH sessions.

The mouse pointer has been a constant source of trouble for virtualization management applications. Getting the guest mouse pointer to track the host pointer is essentially impossible with the standard emulated PS/2 mouse. The solution is to provide a pointer device that supports absolute motion events, instead of relative events that the PS/2 mouse provides. For KVM and Xen, this means adding a USB tablet device, but historically Xorg has not been able to automatically configure this correctly. This is resolved with Fedora 11 guests, finally providing a guest pointer that moves in perfect sync with the host, not requiring the pointer to be confined to the guest window.

Users with non-US layout keyboards have also had a hard time getting their guests to support input of accented/special characters. The VNC protocol has now been extended to allow the hardware keycodes to be passed directly from the VNC client to the guest OS without any intermediate translation step. This should allow the guest OS complete control over the keyboard layout mapping, without a need for any special settings on the host.

The final piece of work was to increase the guest desktop resolution. The real Cirrus video card that QEMU emulates would never have done more than 800x600, but there are tricks that can be done in a virtual world. Thus a simple change to the Xorg cirrus driver allows it to detect that it is using a Cirrus card emulated by QEMU and increase the guest desktop resolution to 1024x768. Still not great by today's standards, but better than before. Longer term plans involve replacing the cirrus driver in QEMU with something more virtualization friendly.

4. Also, as people should note, there has been a lot of work done surrounding KVM and getting that well integrated into Fedora. How has that work been going, and has anything significant been done in that area in this release?

Fedora was the first major Linux distribution to integrate KVM back in the Fedora 7 release. It became the default virtualization technology in Fedora 9, when it became clear we could no longer maintain the separate Xen host kernel until it was merged in the upstream Linux kernel. The great benefit of KVM from an distro integration point of view, is that it is there by default in all new Linux kernels. All that was required in Fedora was to turn on the module build and make sure the modules are always loaded when compatible CPUs are found. libvirt and virt-manager have also both supported KVM since it was first added to Fedora. Thus there hasn't been a need for much additional integration work for KVM. The focus has simply been on improving features available to KVM users via libvirt and virt-manager.

5. Glauber Costa has also done significant work merging KVM and QEMU. Can you explain to us what QEMU is, and why the choice was made to merge it with QEMU? How that is of benefit to the user base?

Earlier Fedora releases have suffered from the divergence of QEMU and KVM code bases. Upstream QEMU has had releases almost 1 year apart, while KVM has been releasing at least once a month, if not more, using snapshots of the QEMU source repository. Thus the features available in QEMU were far behind those available in KVM even though they both shared the same fundamental code base and upstream development stream. It also doubled the work package maintainers had to do for security and bug fixes.

Since Fedora 10 though, the upstream QEMU community has accelerated its release schedule significantly and many of the KVM features have been merged back into the main QEMU code base. Thus we judged that the time was right to attempt to ship a single package containing both QEMU and KVM built from a single code base. For users this means that parity of features between QEMU and KVM, while the reduced burden on our Fedora package maintainers, ensures more timely security and bug fixes. Glauber also took the opportunity to split out all the virtual BIOS files and ROMs from QEMU into separate packages and ensure all are fully built from source using appropriate upstream source releases.

6. Virtualization and security are discussed hand in hand these days, and as the ability to create and use virtualized machines expands there are many security risks involved. Can you speak a bit to the work that was done to improve security both at the kernel and user levels?

In each Fedora release we try to make at least one significant step forward in the security of our virtualization technology. In Fedora 8, libvirt gained support for secure remote management using TLS for encryption and x509 client certificates for authentication, while GTK-VNC, QEMU, KVM and Xen were also all extended to add a VNC extension for TLS encryption providing a secure remote desktop. In Fedora 9 libvirt was further extended to support SASL enabling secure remote management with Kerberos for authentication and PolicyKit for local desktop authentication. Fedora 9 and 10 also increased use of SELinux to protect the host operating system from a compromised or malicious QEMU/KVM process.

The latter still did not provide any protection between guests, so one compromised QEMU process would still potentially be able to compromise another on the same host. Thus James Morris started work on a project known as sVirt, the first results of which are appearing in Fedora 11. The focus has been to provide isolation between guests running on a single host. libvirt directly integrates with SELinux to ensure every QEMU process it launches runs within a dedicated security context, only able to access its own assigned disk images. This protection is enabled by default on all Fedora 11 hosts using libvirt for management. As well as the security benefits, the end user experiance is improved because libvirt will automatically manage SELinux labelling for all guest disks, eliminating a major source of bug reports from previous Fedora releases.

7. These features have all evolved over time in previous Fedora releases and Fedora, as a distribution, has always been a leader in the virtualization realm. Let's talk a bit now about the actual process of developing these features. How many of the improvements and enhancements to virtualization have come about as a direct result of the work done previously? Also, what does the future look like?

Virtualization technology in Fedora is reaping the benefit of very active upstream projects and the significant developer resources of Red Hat's Virtualization Engineering team. The combination of these provide great opportunities for new features to have their debut in Fedora releases.

The ideas for new features come from many sources, some from Fedora end-user experiences and consequent bug reports, some magically arrive on cue from upstream projects, while others are things that look to be important for future RHEL releases. With the PCI device passthrough feature in F11, the core support was all already done by the upstream KVM community. This is a important feature for future RHEL, so Red Hat put resources into a F11 feature to add support to libvirt for PCI passthrough with KVM and Xen and then expose this in virt-manager.

The feature aiming to improve the guest desktop interaction was a result of the persistent stream of bug reports from Fedora users. We had been considering ways to address this over course of several Fedora releases, but it was not until Fedora 11 that all the pieces of the solution finally came together from the various upstream projects.

The security improvements in virtualization have a different origin. Very few end users ever file explicit bug reports asking for the addition of more authentication / encryption features or to use more SELinux. If anything users ask for ability to more easily turn off existing security features. This is a case where the user is not always right. They do want more security, but they just don't know it yet!

As a developer it is necessary to be very proactive with security improvements. This can be particularly challenging work because the solutions often involve working across multiple upstream communities.

Take the VNC SASL authentication feature in Fedora 11 as an example. The first step was to write a specification for a new VNC security extension, have it reviewed and get a code for it allocated by RealVNC. Work on QEMU was required to implement the server side. Work on GTK-VNC was needed for client side. For management tools, work on libvirt was required to get the new security type enabled for guests it launches and finally virt-manager was extended such that it knows how to login. That's five different projects involved for one feature. This is only practical by having a close working relationship with all the upstream communities and carefully coordinating the work there so it all arrives in time for the next Fedora release.

For the future we're happy that libvirt gained support for managing VirtualBox recently and likely to soon have a driver for the Open Nebular cloud management project. Expect more advancements in sVirt, allowing for tighter controls on what a virtual machine can do, for example, ability to restrict network access of guests. libvirt will also gain the ability to manage host network configuration in Fedora 12, removing the need to manually configure bridge devices. Container based virt may make a more formal appearance in Fedora 12 as the native Linux container (LXC) support improves in the kernel and libvirt. The overhaul of the virt-manager user interface also continues.

8. Working on virtualization must be awfully time consuming and involved. Do you enjoy it? What do you do to get away from the pressures of hacking?

Working on open source virtualization technology is a great experience because it is a really interesting and challenging field, having plenty of talented developers to work with and learn from. There is plenty of work still to be done at all levels of the stack from kernel/hypervisor right through to end user applications and not nearly enough time to do it all. I'm fortunate to be able to spread my work between upstream projects, the Fedora community and RHEL releases and maintenance.

As for free time? What free time? :-) I try to find time for a photography, with 4 out of my 5 cameras still using film, rather than digital.

I’ve been trying to get better at Photoshop and one of the things I’ve learned recently is painting and making light images like the one below.

Though I don’t plan on making these for a living it’s a nice idea to play with…maybe create something by mixing painting with a photograph?

-LM

So I’m expanding the horizons a bit with the site and we now have a store open for anyone to purchase prints from the photographs that I take and show here.

We are putting them up, since not all of the photos that I take will be in the store, so there are a few of them. For the time being I will handle all of the orders myself but if it gets too big to handle, which I would most definitely hope for that to happen, then I’ll have someone else handle the orders and shipping but for the time being I’ll handle everything locally. The store can be seen here.

All payments are done through PayPal so I won’t have to fiddle with any of that part.

Now on to the photo of this post

This was taken on one of the trips to a local park.

-LM

An Interview on Fedora 11's enhanced Audio Control with Lennart Poettering

Where would we be without sound? It's the most primitive of communication methods, and yet it has spawned so much technology around it. Whether you're a musician, a DJ, riding a bus to work, or even just stuck in a cubicle listening to the radio somewhere, sound has become an integral part of your daily experiences. When Fedora 11 lands, along with it will land a number of enhancements to the sound subsystem, including unified volume control, per stream and per device monitoring, and proper Bluetooth audio support. I recently caught up with Lennart Poettering, Red Hat Desktop Team Engineer and resident audio guru. Here's what he had to say about the upcoming improvements and what the future holds:

1. Please introduce yourself and give us a brief intro to how you started working on the upcoming audio improvement in F11.

I am Lennart Poettering and have been working for Red Hat in the Desktop Group for two years now this month. I live in Berlin, Germany.

PA has been part of Fedora since F8. Since then we used to ship two volume control appications: the GNOME volume control and a PA (Pulse Audio) specific tool (pavucontrol). The latter was mostly a showcase what can be done with PA and I wrote it mostly as a demo, not because I thought it was any good as an UI.

Of course having these two volume control UIs in Fedora was a situation that badly needed fixing. Especially since both UIs exposed too many unnecessary options: the GNOME volume control exposed a lot of low-level hardware-specific features that only a tiny minority of people actually really understood, and the PA volume control exposed a lot of low-level software features that a slightly larger minority of people only actually really understood.

Now during the last year we reached a point were the feature set of PA for volume controls became very complete (with such things as arbitrary meta data on every stream/device, per-stream and per-device monitoring, hardware volume range extension, "flat" volumes and lots of other stuff) and Jon McCann with help from Bastien Nocera finally took up the work to
fix the UI situation.

They basically designed the new UI from scratch with input from usability experts. It implements many of the features the old pavucontrol tool did, but in a much nicer, streamlined way. Also it integrates sound theme/event sound control with general audio configuraton and volume control in a single UI tool.

2. Can you give us some background on the upcoming changes to the audio subsystem in the Fedora 11 Release?

If you want to know more about the Volume Control, I'd just refer to the Feature page:

https://fedoraproject.org/wiki/Features/VolumeControl

We moved PA 0.9.15 into F11, a nice overview over the new features you can find here:

http://0pointer.de/blog/projects/oh-nine-fifteen.html

However that overview is a bit out-of-date. There are quite a few additional features that went into 0.9.15, most prominently full Bluetooth Audio support: Together with Bastien Nocera and the BlueZ guys I worked to make Bluetooth audio easily accessible -- the bluetooth applet now exposes an easy dialog that allows you to pair and activate a bluetooth headset. After that is done it will automatically appear in PulseAudio. If you need to reactivate it later, you can do that with a simple click in the applet menu. It works surprisingly well. It even works fine for lip-sync video. Which is kind of magic, given that Bluetooth Audio doesn't actually offer any timing interfaces, so syncing up audio with video is not really possible. I spent a lot of time to make sure it does work nonetheless, and it see

Planet NYLUG

July 01, 2009

June 30, 2009

June 23, 2009

June 22, 2009

June 21, 2009

June 19, 2009

June 18, 2009

June 16, 2009

June 15, 2009

June 12, 2009

June 11, 2009

June 10, 2009

June 09, 2009

June 08, 2009

June 06, 2009

June 05, 2009

June 04, 2009

June 03, 2009

June 02, 2009

June 01, 2009

May 29, 2009

May 28, 2009

May 26, 2009

May 23, 2009

May 21, 2009