LinuxPlanet Blogs

By Linux Geeks, For Linux Geeks.

Protect your business against cybercrime – train your own hackers

without comments

Cyber criminals have become relentless in their search to find new ways to attack. According to the 2015 internet security threat report by Symantec, last year alone more than 317 million new pieces of malware were created – that’s almost a million rogue software programmes created each day with the purpose of stealing or sabotaging information.

It’s not only large companies that are a prime target, but small and medium businesses too. Cyber crime costs the global economy $445 billion a year and South Africa about R5.8 billion a year. In Norton’s 2013 cyber crime report, South Africa was ranked third worst in the world in terms of its cyber crime threat. And we’re still a very soft target when it comes to cyber crime

 

Businesses need to step step up their game and take a more proactive stance against cyber threats. And that means having people on the inside that think like hackers.

Certified Ethical Hacker training or CEH training is the next line of defence against cyber attacks. It was developed by the International Council of Electronic Commerce Consultants, known as the EC-Council, and is available here in South Africa from technology company Jumping Bean – an approved training centre for the EC-Council. CEH training helps businesses achieve optimal information security by enabling them to scan, test, hack and secure their own systems.

Mark Clarke, Jumping Bean founder, adds, “By training key staff to become ethical hackers they’ll be able to think like hackers. They’ll know what to look out for, what makes your network and applications vulnerable, how to improve them, how to prevent data theft and fraud from taking place, and what countermeasures to take.”

Jumping Bean’s CEH course is offered to site administrators, security officers and professionals, auditors, computer forensic investigators and anyone who is concerned about the integrity of their IT assets and network infrastructure.

The course involves mastering penetration testing, footprinting and reconnaissance (information gathering), and social engineering. Trainees find out how to scan and sniff networks, evade firewalls and IDSs, crack passwords and cover their tracks. They also find out how to hijack Web servers and Web applications, hack wireless networks and create Trojans, backdoors, viruses and worms.

Written by Nicky Croucamp

August 24th, 2015 at 2:40 am

Posted in Uncategorized

Freedreno on Android: Current Status

without comments

Freedreno now supports dma-buf passing instead of GEM flinks on kitkat-x86, but with a catch. Enabling freedreno’s userspace bo cache in libdrm (bo_reuse=1) results in multiple GEM_SUBMIT calls on the same bo, and the GPU hangchecks after some activity. HACK: setting bo_reuse=0 runs Android smoothly.

While fighting some userspace GEM leaks that showed up with bo cache disabled, I started looking into adding a minigbm (used by chrome-os) backend for msm. The idea was to let GBM deal with hardware specifics and leave gralloc platform independent. Another priority was doing away with GEM names to bring in fd passing. With bo_reuse=1, fd_bo_del() calls would segfault during fd_cache_cleanup(), causing SurfaceFlinger to restart.

After watching `/sys/kernel/debug/dri/0/gem`,counting allocs and frees and scratching my head for a while, I discovered that the GEM leaks lay in AOSP’s default Home launcher, and moving to CyanogenMod’s Trebuchet launcher made the leaks go away.

Making gralloc_drm switch to dma-buf fd’s, I also got to learn how Mesa’s EGL implementation works, and wrote a couple patches ([1] and [2]) to implement __DRI_IMAGE_LOADER DRI extension that helps EGL allocate textures without dealing in flink names. These let a __DRIimage be tied to ANativeWindowBuffer and used for textures.

One possible reason with fd_cache_cleanup() segfault, assumingly, was using an old (3.19) kernel that was missing some related fix, so we decided to switch to 4.2 instead. I had to make some changes to resurrect the android logger driver since it was deprecated after Kitkat + 3.19. I learned of kernel’s Asynchronous IO support, and forward ported logger to be compatible with the kiocb API changes.This didn’t help the segfault, but fixed a screen flicker issue on the sides.

I traced the bo life-cycles through drm_{prime,gem}.c and libdrm, and finally found the problem – importing a bo present in the cache would break the cache bucket, causing any following bo_del()s to crash. The fix turned out to be simple to write, but difficult to point out.

It’s been an incredible learning experience where I got to explore a great number of modules up close, that come together to interact and form the display subsystem. I’m excited to stick around, improve support and dig up more items to work on. Thanks Rob, Emil, #freedreno, #android-x86 and #linaro for all the support!

Up next:
I’m looking into the `*ERROR* handle X at index Y already on submit list` + hangchecks that pop up with bo_reuse=1. Also need figure out how to get some games running (dexopt won’t let me install .apks : ( ).


Written by Varad

August 23rd, 2015 at 2:24 pm

What’s Happening With OggCamp Dan?

without comments

The first OggCamp back in 2009

The first OggCamp back in 2009

It’s a question I hear a lot and I’m glad you asked. I’m currently on holiday in France but OggCamp business presses on regardless. Thanks in large part to having a bit of free time and available WiFi. I thought I’d also take the opportunity today to publicly answer some of the most frequently asked questions.

You’ve probably seen that we announced the date and venue a few weeks ago. After many months of wrangling I’m really pleased to say we’ll be back at the John Lennon School Of Art & Design in Liverpool on Halloween weekend 2015. That’s October 31st & November 1st. Obviously I’m thinking we’ll need a Halloween theme of some sort for the artwork. That also brings me neatly onto some organisational differences this year.

A picture of all the podcasters on stage giving out raffle prizes

Oggcamp10 in Liverpool

The organising team has changed a lot as people have gotten busier or just drifted off in different directions. We started OggCamp way back in 2009 and a lot has changed. That’s only natural and we’re all still good friends, no fall outs or drama to report. So you can forget that email to Hello Magazine with the inside scoop on an OggCamp feud sorry, hehe :-)

Myself, Fab and Les Pounder (our erstwhile crew manager) continue from previous years but will be joined by a brand new team. Fab is pretty busy being famous on German TV and radio these days, plus editing a magazine obviously; so he won’t be leading our art and design. He’s still going to host the website and will be tangentially involved but I’ve appointed Jennifer Fenner (a talented Liverpool artist and friend) as creative director. I’m really excited about the ideas she’s already come up with and I’ll share more news as soon as I have it. Earlier in the year I was involved in the runaway success that was Liverpool MakeFest at Central Library. I was only a small part of the organising team but I’ve poached the instigators Mark and Caroline to run our Open Hardware Jam for 2015. As you’ll know we have a good tradition of success with the OHJ but having seen what they achieved earlier in the year I have no doubt Mark and Caroline will take it to new heights.

I’ve also recruited another friend of mine as “Head Of Science” because I’d like to have a science section this year and expand a little. We haven’t worked out the details of that yet but stay tuned for more announcements soon.

Where Are We Right Now?
Another good question. As of now we have a venue, we have a date and we have tickets available via Eventbrite. The website doesn’t look like much yet and but it will all change very soon.

Where should I say in Liverpool?
There is no official hotel this year. I’ve done that in the past and mostly had complaints, so being that there’s no shortage of hotels in the city I’m letting people sort themselves out. Just have a look on LateRooms.com or a similar sites and you’ll be fine. The venue is very near Lime St Station and only 5mins walk from the city centre. It’s really easy to get to. There’s cheap car parking nearby with an NCP on Mount Pleasant that does a whole day for £5 or not much more. Travel is no excuse not to come. Apart from those of you who live in far flung parts of the globe, I’ll let you off.

A shot of the OggCamp welcome session. 6 presenters on stage.

The OggCamp11 Welcome Session – Photo by Robert Main

Do I have to pay to attend?
Nope, it’s the same as previous years. One of the principals of OggCamp I hold most dear is universal access. We welcome all who want to attend. You can book a free ticket and have the same experience as anyone else. So why would you I pay you ask? Well, we have many costs to cover and nobody gets paid to work on OggCamp. The organisers and crew are all volunteers. We need money to make the experience better for everyone. Hire equipment, produce printed materials, feed the crew and much more. If you want to help us out you can buy a donation ticket and do so. We are very grateful!!

This year there’s also what we’re calling a “Delegate ticket”, so what’s the difference? Well to put it simply some people requested a fixed price ticket for various reasons and that’s all there is to it. All tickets will be treated equally.

BOOK A TICKET NOW

Who will be speaking?
At the moment I honestly don’t know. It’s what I like to call a “hybrid Barcamp model” so most of the content comes from the attendees and it’s always good. Trust me. We usually cheat a little and have a few scheduled speakers and sessions to advertise with. It seems people like to know a bit about what they’re going to see before they arrive. That’s fair enough. I have some ideas for speakers but if you have requests or suggestions do let me know in the comments here.

If you would like to sponsor the event or know of a company who might then please feel free to get in touch as well obviously. You can always drop me an email to – dan@danlynch.org

That’s all I have to report for now so I will return to my holiday and hit this with a vengance upon my return to the UK soon.

Until then au revoir my friends,

Dan

Flattr this!

Written by Dan

August 22nd, 2015 at 4:17 pm

Posted in event

Ubuntu Phone and Unity vs Jolla and SailfishOS

without comments

With billions of devices produced, Android is by far the most common Linux-based mobile operating system to date. Of the less known competitors, Ubuntu phone and Jolla are the most interesting. Both are relatively new and neither one has quite yet all the features Android provides, but they do have some areas of innovation where they clearly lead Android.

Jolla phone and Ubuntu phone (Bq Aquaris .45 model)

Jolla phone and Ubuntu phone (Bq Aquaris 4.5 model)

Jolla is the name of the company behind the SailfishOS. Their first device entered stores in the fall of 2013 and since then SailfishOS has received many updates and SailfishOS 2.0 is supposed to be released soon together with the new Jolla device. A review of the Jolla phone can be read in the Seravo blog article from 2013. Most of the Jolla staff are former Nokia employees with lots of experience from Maemo and Meego, which SailfishOS inherits a lot from.

Ubuntu phone is the name of the mobile operating system by Canonical, famous from the desktop and server operating system Ubuntu. The first Ubuntu phones entered stores in the winter of 2015. Even though Ubuntu and also Ubuntu phone have been developed for many years, they can still be considered runner-ups in comparison to Jolla, because they have much less production usage experience with the bug fixes and incremental improvements it brings. A small review of the Ubuntu phone can also be read in the Seravo blog.

In comparison to Android, both of these have the following architectural benefits:

  • based on full-stack Linux environments which are much more generic and universal than the Android’s somewhat limited flavour of Linux
  • utilizes Qt and QML technologies to deliver modern user experience with smooth and fast graphics instead of a Java virtual machine environment like Android does
  • are to their development model more open and provide better opportunities for third parties to customize and contribute
  •  are not tied to the Google ecosystem, which to some user groups is a vital security and policy benefit

The last point about not being tightly knit to an ecosystem can also be a huge drawback. Users have learned to expect that their computing is an integrated experience. The million dollar question here is, will either one grow big enough to form it’s own ecosystem? Even though there are billions of people in the world who want to use a mobile phone, there probably isn’t enough mindshare to support big ecosystems around both of these mobile operating systems, so it all boils down to which of these two is better, which one is more likely to please a bigger share of users?

To find an answer to that we did some basic comparisons.

Ease of use

Both of these fulfill the basic requirements of a customer grade product. They are localized to multiple languages, well packaged, include interactive tutorials to help users learn the new system and they include all the basic apps built-in, including phone, messages, contacts, email, camera, maps, alarm clock etc.

The Ubuntu phone UI is somewhat familiar to anyone who has used Ubuntu on the desktop as it uses the Unity user interface by Canonical. In phones the Unity version is 8, while the latest Ubuntu 15.04 for desktops still ships Unity 7 series. In Unity there is a vertical bar with favourite apps that appears to the left of the screen. Instead of a traditional home screen there is the Dash, with search based views and also notification type of views. To save screen estate most menus and bars only appear on swipe across one of the edges. Swipe is also used to switch between apps and to return to the Dash screen.

The UI in the Jolla phone is mostly unlike anything most people have ever seen. The general look is cool and futuristic with ambient themes. The UI interaction is completely built around swiping, much like it was in the Nokia N9 (Meego variant). Once you’ve used a little bit the device and get familiar with the gestures, it is becomes incredibly effortless and fast to use.

The Ubuntu phone UI looks crisp and clean, but it requires quite a lot of effort to do basic things. After using both devices for a few months Jolla and SailfishOS feels simply better to use. Most of the criticism of Ubuntu’s Unity on desktop also applies to Unity in Ubuntu phone:

  • In Ubuntu the app bar only fits a few favourite apps nicely. If you want browse the list of all apps, you need to click and swipe many times until you arrive at the app listing. In comparison to Gnome 3 on the desktop and how it is done in Jolla phones, accessing the list of installed applications is just one action away and very fast to do.
  • Switching between open apps in Ubuntu is slow. The deck of apps looks nice, but it only fits four apps at a time, while in Gnome 3 opening the shell immediately shows all open windows and in Jolla the main view also shows all open apps. In Jolla there is additionally so called cover actions, so you can control some features of the running apps directly from the overview without even opening them.
  • Search as the primary interaction model in a generic device does not work. Ubuntu on the desktop has shown that it is too much asked for users to always know what they want by name. In the Ubuntu phone search is a little bit less dominant, but still searches and scopes are quite central. The Unity approach is suboptimal, as users need to remember by heart all kinds of names. The Nokia Z launcher is a much better implementation of a search based UI, as it can anticipate what the user might want to search in the first place and the full list of apps is just one touch gesture away.

Besides having a fundamentally better UI, the Jolla phone seems to have most details also done better. For example, if a user does not touch the screen for a while, it will dim a bit before shutting down, and if a user quickly does some action, the screen wakes up again to the situation where it was. In Ubuntu, the screen will simply shut off after some time of inactivity and it requires the user to open the lock screen, possibly entering a PIN code, even if the screen was shut off only for a second. Another example is that in Jolla, if the user rotates the device but does not want the screen orientation to change, the user only needs to touch the screen while turning it. In Ubuntu the user needs to go to the settings and lock the rotation, and can only then return to the app they where using and turn the device without an undesired change in rotation. A third example is that in Jolla you can “go back” in most views by swiping back. That can be done easily with either thumb. In fact the whole SailfishOS can be used with just one hand, let it be the right or the left hand. In Ubuntu navigating backwards requires the user to press an arrow icon in the upper left corner, which is impossible to do with your thumb if you hold the device with your right hand, so you often end up needing to use two hands while interacting with the Ubuntu phone UI.

To be fair, Ubuntu phone is quite new and they might not have discovered these kind of shortcomings yet as they haven’t got real end user feedback that much. On the other hand, the Unity in Ubuntu desktops has not improved much over time despite all criticism received. Jolla and SailfishOS had mostly all things done correctly from the start, which maybe means it was simply designed by more competent UI designers.

App switching Apps list Settings view. Jolla ambient theme image visible in the background

Browser experience

Despite all cool native apps and the things they can do, our experience says that the single most app in any smart device is still the Internet browser. Therefore it is essential that the browser in mobile devices is nothing less than perfect.

Both Ubuntu and Jolla have their own browser implementations instead of using something like Google Chrome as such. As the screenshot below shows, both have quite similar look and feel in their browsers and there is also support for multiple tabs.

Built-in browser Browser tabs

Performance and battery life

As both Ubuntu phone with Unity and Jolla phone with SailfishOS are built using Qt and QML it is no surprise both have very fast and responsive UIs that render smoothly. This is a really big improvement over average Android devices, which often suffer from lagging rendering.

Ubuntu phone has however one big drawback. Many of the apps use HTML5 inside the Qt view, and those HTML5 apps load lots of external assets without prefetching or caching them properly like well made HTML5 apps with offline manifests should do. In practice this means for example that browsing the Ubuntu app store is very fast, but the app icons and screenshots in the active view load slower than what one could ever wait, that is for longer than tens of seconds. This phenomenon is visible in the Ubuntu app store screenshot below.

The Jolla battery life has been measured and documented in our blog previously. When we started using the Ubuntu phone the battery life was terrible and it ran out in a day even when with the screen off all the time. Later upgrades seem to however fixed some drain, as now the battery life is much better. We have however not measured and documented it properly yet.

App ecosystem, SDK and developer friendliness

Both Ubuntu and SailfishOS have their own SDK and QML based native apps. The Jolla phone however includes it’s own implementation of a virtual Java machine, so it supports also Android apps (though not always all features in them). Ubuntu has chosen not to be able to run any kind of Android apps. Oubuntu-jolla-storen the other hand the focus of Ubuntu seems to be on HTML5 apps. At least the maps app in Ubuntu is a plain HTML version of Google Maps and the Ubuntu store is filled with mostly HTML5 apps and real native apps are hard to find. In the Jolla store real native apps and Android apps are easy to spot as Android apps have a green icon next to their entry in the Jolla app store.

Both platforms include features to let the advanced users get a root shell on them. In Jolla one can go to the settings and enable developer mode, which includes activating remote SSH access so that developers can easily access their devices command line interfaces. In Ubuntu it is simply a matter of opening the command prompt app and entering the screen lock PIN code as the password to get access.

SailfishOS package management uses Zypper and RPM packages. In Ubuntu phone Snappy and Deb packages are used.

The interesting thing with Ubuntu is it’s potential to be integrated with the Ubuntu desktop experience. So far in our testing we didn’t notice any particular integration. In fact we even failed to get the Ubuntu phone connected to any of our Ubuntu laptops and desktops, while attaching a Jolla to a Linux desktop machine immediately registers as a USB device with the mount point name “Jolla”. To our knowledge this is however a dimension that is under heavy development at Ubuntu and they should soon reveal some big news regarding the convergence of the Ubuntu desktop and mobile.

For a company like Seravo, the openness of the technology is important. SailfishOS has some disadvantage here, because it includes closed source parts. Much of SailfishOS is though upstreamed into fully open source projects Mer and Nemo. Ubuntu seems to promise that Ubuntu Phone is open source and developed in the public with opportunities for external contributions.

Conclusion

Both of these Linux-based mobile operating systems are interesting. Both share many of pieces of their technology stack, most notably Qt. There really should be more competition to Android. Based on our experiences Jolla and SailfishOS would be the technically and usability wise superior alternative, but then again Ubuntu could be able to leverage on it’s position as the most popular Linux distribution in desktops and servers. The competition is tight, which can have both negative and positive effects. We hope that the competition will fuel innovation on all fronts.

Written by Otto Kekäläinen

August 14th, 2015 at 1:28 am

Jumping Bean selected as Oracle University partner

without comments

Jumping Bean, an up and coming South African technology company that builds custom IT solutions and provides specialised corporate training and support for multiple technology platforms, has been selected as an Oracle University partner.

Oracle University Partner Status Ensure Highest Level of Quality

Training partners are carefully chosen by Oracle University to ensure the highest levels of training on Oracle products; partners like Jumping Bean are guaranteed to provide expert instruction provided by certified and approved instructors.

There are only four other Oracle University partners in South Africa, which makes Jumping Bean part of a select group of approved Oracle trainers in the country. Jumping Bean is now able to offer certified training on products like Oracle ADF and Oracle Database as well as Oracle’s Java and Linux-based products, among others.

Jumping Bean Focused on Oracle's Open Source Technologies

Jumping Bean’s specialised approach to training assists companies in better adopting and optimising open source technologies and platforms. The affiliation with Oracle University means Jumping Bean can assist companies in maximising the value they get from their existing Oracle platforms.

Mark Clarke, Jumping Bean founder and developer, comments: “We’re pleased to have met all the requirements and be counted among the South African affiliates to Oracle University, which sets a high bar for its training partners. It complements the high standard of training courses offered by Jumping Bean and we look forward to assisting our clients in getting the most from their technology through our training courses.”

Jumping Bean Offers High Quality Open Source Training

Jumping Bean is also an affiliate training partner of the Linux Professional Institute and an accredited training centre for the EC Council. Some of the other specialised training courses offered by Jumping Bean include security courses like network security admin, certified ethical hacker and certified security analyst, among many others.

Written by Nicky Croucamp

August 4th, 2015 at 3:33 am

Posted in Uncategorized

JPAUnit Release V0.1 – Mandela Day Release 2015

without comments

JPAUnit is a Java library for assisting with unit testing your JPA code. It  facilitates the initialisation of a database to a known state before commencing units test in Java. It leverages the mapping already done in your application's model that maps Java POJOs to database tables to insert data, defined in XML files into the target database.

JPAUnit leverages the database abstraction layer already created by JPA data providers to allow tests to target any vendor database that is compatible with your JPA provider.

JPAUnit - Mandela Day Release 2015

In honour of Mandela Day, 18th July 2015, Jumping Bean is pleased to announce the release of version V0.1 of JPAUnit. Release V.01 can be downloaded from GitHub

Written by Mark Clarke

July 19th, 2015 at 1:32 pm

Posted in Uncategorized

Thoughts on Canonical, Ltd.’s Updated Ubuntu IP Policy

without comments

Most of you by now have probably seen Conservancy's and FSF's statements regarding the today's update to Canonical, Ltd.'s Ubuntu IP Policy. I have a few personal comments, speaking only for myself, that I want to add that don't appear in the FSF's nor Conservancy's analysis. (I wrote nearly all of Conservancy's analysis and did some editing on FSF's analysis, but the statements here I add are my personal opinions and don't necessarily reflect the views of the FSF nor Conservancy, notwithstanding that I have affiliations with both orgs.)

First of all, I think it's important to note the timeline: it took two years of work by two charities to get this change done. The scary thing is that compared to their peers who have also violated the GPL, Canonical, Ltd. acted rather quickly. As Conservancy pointed out regarding the VMware lawsuit, it's not uncommon for these negotiations to take even four years before we all give up and have to file a lawsuit. So, Canonical, Ltd. resolved the matter at least twice as fast as VMware, and they deserve some credit for that — even if other GPL violators have set the bar quite low.

Second, I have to express my sympathy for the positions on this matter taken by Matthew Garrett and Jonathan Riddell. Their positions show clearly that, while the GPL violation is now fully resolved, the community is very concerned about what the happens regarding non-copylefted software in Ubuntu, and thus Ubuntu as a whole.

Realize, though, that these trump clauses are widely used throughout the software industry. For example, electronics manufacturers who ship an Android/Linux system with standard, disgustingly worded, forbid-everything EULA usually include a trump clause not unlike Ubuntu's. In such systems, usually, the only copylefted program is the kernel named Linux. The rest of the distribution includes tons of (now proprietarized) non-copylefted code from Android (as well as a bunch of born-proprietary applications too). The trump clause assures the software freedom rights for that one copylefted work present, but all the non-copylefted ones are subject to the strict EULA (which often includes “no reverse engineer clauses”, etc.). That means if the electronics company did change the Android Java code in some way, you can't even legally reverse engineer it — even though it was Apache-licensed by upstream.

Trump clauses are thus less than ideal because they achieve compliance only by allowing a copyleft to prevail when the overarching license contradicts specific requirements, permissions, or rights under copyleft. That's acceptable because copyleft licenses have many important clauses that assure and uphold software freedom. By contrast, most non-copyleft licenses have very few requirements, and thus they lack adequate terms to triumph over any anti-software-freedom terms of the overarching license. For example, if I take a 100% 2-clause-BSD-licensed program and build a binary from it, nothing in the 2-clause-BSD prohibits me from imposing this license on you: “you may not redistribute this binary commercially”. Thus, even if I also say to you: “but also, if the 2-clause-BSD grants rights, my aforementioned license does not modify or reduce those rights”, nothing has changed for you. You still have a binary that you can't distribute commercially, and there was no text in the 2-clause-BSD to force the trump clause to save you.

Therefore, this whole situation is a simple and clear argument for why copyleft matters. Copyleft can and does (when someone like me actually enforces it) prevent such situations. But copyleft is not infinitely expansive. Nearly every full operating system distribution available includes an aggregated mix of copylefted, non-copyleft, and often fully-proprietary userspace applications. Nearly every company that distributes them wraps the whole thing with some agreement that restricts some rights that copyleft defends, and then adds a trump clause that gives an exception just for FLOSS license compliance. Sadly, I have yet to see a company trailblaze adoption of a “software freedom preservation” clause that guarantees copyleft-like compliance for non-copylefted programs and packages. Thus, the problem with Ubuntu is just a particularly bad example of what has become a standard industry practice by nearly every “open source” company.

How badly these practices impact software freedom depends on the strictness and detailed terms of the overarching license (and not the contents of the trump clause itself; they are generally isomorphic0). The task of analyzing and rating “relative badness” of each overarching licensing document is monumental; there are probably thousands of different ones in use today. Matthew Garrett points out why Canonical, Ltd.'s is particularly bad, but that doesn't mean there aren't worse (and better) situations of a similar ilk. Perhaps our next best move is to use copyleft licenses more often, so that the trump clauses actually do more.

In other words, as long as there is non-copylefted software aggregated in a given distribution of an otherwise Free Software system, companies will seek to put non-Free terms on top of the non-copylefted parts, To my knowledge, every distribution-shipping company (except for extremely rare, Free-Software-focused companies like ThinkPenguin) place some kind of restrictions in their business terms for their enterprise distribution products. Everyone seems to be asking me today to build the “worst to almost-benign” ranking of these terms, but I've resisted the urge to try. I think the safe bet is to assume that if you're looking at one of these trump clauses, there is some sort of software-freedom-unfriendly restriction floating around in the broader agreement, and you should thus just avoid that product entirely. Or, if you really want to use it, fork it from source and relicense the non-copylefted stuff under copyleft licenses (which is permitted by nearly all non-copyleft licenses), to prevent future downstream actors from adding more restrictive terms. I'd even suggest this as a potential solution to the current Ubuntu problem (or, better yet, just go back upstream to Debian and do the same :).

Finally, IMO the biggest problem with these “overarching licenses with a trump clause” is their use by companies who herald “open source” friendliness. I suspect the community ire comes from a sense of betrayal. Yet, I feel only my usual anger at proprietary software here; I don't feel betrayed. Rather, this is just another situation that proves that saying you are an “open source company” isn't enough; only the company's actions and “fine print” terms matter. Now that open source has really succeeded at coopting software freedom, enormous effort is now required to ascertain if any company respects your software freedom. We must ignore the ballyhoo of “community managers” and look closely at the real story.


0Despite Canonical, Ltd.'s use of a trump clause, I don't think these various trump clauses are canonically isomorphic. There is no natural mapping between these various trump clauses, but they all do have the same effect: they assure that when the overarching terms conflict with the a FLOSS license, the FLOSS license triumphs over the overarching terms, no matter what they are. However, the potential relevance of the phrase “canonical isomorphism” here is yet another example why it's confusing and insidious that Canonical, Ltd. insisted so strongly on using canonical in a non-canonical way.

Written by Bradley M. Kuhn

July 15th, 2015 at 7:15 pm

Posted in Uncategorized

JPAUnit – A replacement for DBUnit in JPA Unit Tests

without comments

JPAUnit is the result of several days of fighting with Hibernate's 4.3.10 JPA implementation and DBUnit trying to get the two to work together.

Eventually we gave up and decided to write our own library. How hard could it be right? :) Besides after several days of coding in circles around DBUnit it was nice to have a change.

JPAUnit - Light Weight JPA Unit Testing

The JPAUnit repository is on github. There are unit tests that hopefully explain how it works. We have already moved some of our projects over to JPAUnit and the results look promising. No need to leave the comfort zone of JPA to load your unit tests!

How Does JPAUnit Work?

JPAUnit can load DBUnit xml data sets. We didn't want to have to rewrite all those configuration files so we created a parser for DBUnit files.

<?xml version="1.0" encoding="UTF-8"?>
<dataset>
    <SimpleBigDecimalEntity id="1" bigDecimalValue="1000.24" />
    <SimpleBigDecimalEntity id="2" bigDecimalValue="999999999999.9999" />
    <ForeignEntity id="1" simpleBigDecimal_id="1"  stringValue="String Value" />
</dataset>

JPAUnit relies on Java naming conventions for much of its functionality. It expects all entities to expose their id (primary key) via "getId" which returns an int or Integer. It assumes the use of surrogate keys. JPAUnit's init method requires an data set file on the ClassPath, the package name to prepend to class names to find classes on the ClassPath, and an entity manager.

public class JpaLoaderForeignEntityTest {

    private static EntityManager em;
    private final String modelPackageName = "za.co.jumpingbean.jpaunit.test.model";

    @BeforeClass
    public static void beforeClass() {
        em = Persistence.createEntityManagerFactory("jpaunittest").createEntityManager();
    }

    @Test
    public void foreignTest() throws ParserException {
        JpaLoader loader = new JpaLoader();
        loader.init("META-INF/foreignentity.xml", modelPackageName, new SaxHandler(), em);
        loader.load();
        em.clear();
        em.getTransaction().begin();
        try {
            Query qry = em.createQuery("Select c from ForeignEntity c where c.stringValue=?");
            qry.setParameter(1,"String Value");
            ForeignEntity ent = (ForeignEntity) qry.getSingleResult();
            BigDecimal result = new BigDecimal("1000.24");
            Assert.assertTrue(MessageFormat.format("Expected {0} but got {1}",result,ent.getSimpleBigDecimal().getBigDecimalValue()),
            result.compareTo(ent.getSimpleBigDecimal().getBigDecimalValue())==0);
        } finally {
            em.getTransaction().commit();
            loader.delete();
        }
    }

}

Release 0.1?

We hope to release version 0.1 for Mandela Day 2015.

Written by Mark Clarke

July 11th, 2015 at 1:42 pm

Posted in Uncategorized

Did You Actually Read the Lower Court’s Decision?

without comments

I'm seeing plenty of people, including some non-profit organizations along with the usual punditocracy, opining on the USA Supreme Court's denial for a writ of certiorari in the Oracle v. Google copyright infringement case. And, it's not that I expect everyone in the world to read my blog, but I'm amazed that people who should know better haven't bothered to even read the lower Court's decision, which is de-facto upheld upon denial by the Supreme Court to hear the appeal.

I wrote at great length about why the decision isn't actually a decision about whether APIs are copyrightable, and that the decision actually gives us some good clarity with regard to the issue of combined work distribution (i.e., when you distribute your own works with the copyrighted material of others combined into a single program). The basic summary of the blog post I linked to above is simply: The lower Court seemed genially confused about whether Google copy-and-pasted code, as the original trial seems to have inappropriately conflated API reimplemenation with code cut-and-paste.

No one else has addressed this nuance of the lower Court's decision in the year since the decision came down, and I suspect that's because in our TL;DR 24-hour-news cycle, it's much easier for the pundits and organizations tangentially involved with this issue to get a bunch of press over giving confusing information.

So, I'm mainly making this blog post to encourage people to go back and read the decision and my blog post about it. I'd be delighted to debate people if they think I misread the decision, but I won't debate you unless you assure me you read the lower Court's decision in its entirety. I think that leaves virtually no one who will. :-/

Written by Bradley M. Kuhn

July 4th, 2015 at 2:30 pm

Posted in Uncategorized

Hot corners fot configuring cinamon desktop

without comments

In cinnamon GUI, we can configure the corners of our desktop to behave the way we want. That is when we move the cursor to any of the four corners of the desktop we can make the system behave in a specific way. For example every time we move the cursor to left corner all windows get minimized and the desktop is shown, or all the active windows are popped up on the screen.

This is possible by use of the Hot corners application.

In cinnamon this is available under preferences as shown below.

 photo in_menu.png

Once we lauch the hot corners application we will be presented with a window as shown below.

 photo hot_corner_window.png

We can see there are four corners highlighted and for each corner there is separate set of activation options. for example let us say we want to view the desktop every time we move the mouse the left top corner of the desktop. In the left top corner of the hot corner window click on the menu and select the option "Show the desktop" .

 photo hot_corner_options.png

There are two check boxes provided below, First one is to show an icon on the desktop which when clicked will behave as we have decided. The second checkbox when enabled will enable the selected behavior when we hover the mouse at the corner.

We can also choose to run a specific command when we move the mouse to a corner by choosing the "Run a command" option from the menu and then entering the command in the text box provided. This can be used for applications that we use very often, like libreoffice or firefox etc.


Written by Tux Think

July 2nd, 2015 at 9:48 am

Posted in Uncategorized