xml version='1.0' encoding='UTF-8' Bloghttps://www.ii0fi.com//blog/feedBlog feedhttp://www.rssboard.org/rss-specificationPython FeedgenSun, 12 Jul 2020 16:05:11 +0000Bloghttps://www.ii0fi.com//blog/ubuntu-aws-graviton2<p>This article originally appeared on Joshua Powers&#8217; blog Ubuntu is the industry-leading operating system for use in the cloud. Every day millions of Ubuntu instances are launched in private and public clouds around the world. Canonical takes pride in offering support for the latest cloud features and functionality. As of today, all Ubuntu Amazon Web [&hellip;]</p> <div class="wp-block-image"><figure class="aligncenter"><img src="https://admin.insights.www.ii0fi.com/wp-content/uploads/90e6/ubuntu-cloud.png" alt="" class="wp-image-97038" /></figure></div> <p><em>This article originally appeared on <a href="https://powersj.io/post/ubuntu-aws-graviton2/">Joshua Powers&#8217; blog</a></em></p> <p>Ubuntu is the industry-leading operating system for use in the cloud. Every day millions of Ubuntu instances are launched in private and public clouds around the world. Canonical takes pride in offering support for the latest cloud features and functionality.</p> <p>As of today, all Ubuntu Amazon Web Services (AWS) Marketplace listings are now updated to include support for the new Graviton2 instance types. <a href="https://aws.amazon.com/ec2/graviton/">Graviton2</a> is Amazon’s next-generation ARM processor delivering increased performance at a lower cost. This announcement includes three new instances types:</p> <ul><li>M6g for general-purpose workloads with a balance of CPU, memory, and network resources</li><li>C6g for compute-optimized workloads such as encoding, modeling, and gaming</li><li>R6g for memory-optimized workloads, which process large datasets in memory like databases</li></ul> <p>Users on Ubuntu 20.04 LTS (Focal) can take advantage of additional optimizations found on newer ARM-based processors. The large-system extensions (LSE) are enabled by using the included libc6-lse package, which can result in orders of magnitude performance improvements. Ubuntu 18.04 LTS (Bionic) will shortly be able to take advantage of this change as well. Additionally, Amazon will soon launch instances with locally attached NVMe storage called M6gd, C6gd, and R6gd. With these instance types, users can further increase performance with additional low-latency, high-speed storage.</p> <p>Launch Ubuntu instances on the AWS Marketplace today:</p> <ul><li><a href="https://aws.amazon.com/marketplace/pp/B087RLZNXK">AWS Marketplace &#8211; Ubuntu 20.04 LTS (Focal)</a></li><li><a href="https://aws.amazon.com/marketplace/pp/B07KTB9TV5">AWS Marketplace &#8211; Ubuntu 18.04 LTS (Bionic)</a></li><li><a href="https://aws.amazon.com/marketplace/pp/B07KTDC2HN">AWS Marketplace &#8211; Ubuntu 16.04 LTS (Xenial)</a></li></ul> Joshua Powers (Joshua Powers)AWScloud乐天堂fun88备用网址Ubuntu 乐天堂fun88备用网址Thu, 09 Jul 2020 23:08:19 +0000Bloghttps://www.ii0fi.com//blog/how-to-manage-snap-updates<p>Updates are an integral part of the software lifecycle. Quite often, they bring improvements, vital security patches &#8211; and sometimes, unfortunately, bugs, too. In mission-critical environments, it is important to assert a high degree of oversight and precision over updates. Snaps come with a built-in automatic update mechanism, whereby snaps are refreshed to a new [&hellip;]</p> <p>Updates are an integral part of the software lifecycle. Quite often, they bring improvements, vital security patches &#8211; and sometimes, unfortunately, bugs, too. In mission-critical environments, it is important to assert a high degree of oversight and precision over updates.</p> <p>Snaps come with a built-in automatic update mechanism, whereby snaps are refreshed to a new version whenever there’s a new release in the Snap Store. Typically, the refresh occurs four times a day, and in the vast majority of cases, they will complete seamlessly, without any issues. However, there are cases when and where snap updates need to be deferred or postponed, or simply managed with a greater, more refined level of control. There are several ways the users can achieve that.</p> <h1>Snap (refresh) control</h1> <p>The snap updates schedule is governed by four system-wide options. These include:</p> <ul><li>Refresh.timer &#8211; Defines the refresh frequency and schedule. You can use this parameter to set when the snaps will refresh, so this does not conflict with your other activities &#8211; like work meetings, data backups, or similar.</li><li>Refresh.hold &#8211; Delays the next refresh until the defined time and date. The hold option allows you to postpone updates for up to 60 days. In combination with the timer option, you can set very specific time windows for when the snaps are updated.</li><li>Refresh.metered &#8211; Pauses refresh updates when the network connection is metered. By default, snap refresh is enabled over metered connections. However, to conserve data, you can pause the refreshes on such networks.</li><li>Refresh.retain &#8211; Sets how many revisions of a snap are stored on the system. By default, the last three revisions of the installed snap will be kept.</li></ul> <p>The combination of these four factors gives users quite a fair bit of flexibility in how they control the snap updates. In particular, the timer and hold can be used to create set windows for updates, allowing you to perform any necessary pre- and post-update tasks, like functionality checks, data backups, and more.</p> <h1>The time-snap continuum</h1> <p>Let’s have a look at some practical examples. For instance, you may want to set your snap updates only to run overnight, between 01:00 and 02:00 (in the 24h format).</p> <pre class="wp-block-preformatted">sudo snap set system refresh.timer=01:00-02:00</pre> <p>After you set the schedule window, you can check what the system reports:</p> <pre class="wp-block-preformatted">snap refresh --time<br>timer: 01:00-02:00<br>last: today at 12:38 PST<br>next: tomorrow at 01:00 PST</pre> <p>There are <a href="https://snapcraft.io/docs/keeping-snaps-up-to-date">quite a few variations available</a>, including the ability to set the schedule at specific hours or time windows for each day of the week, you can omit some days, and you can also set in which particular week of a month you may want to run the update. You can use values 1-4, e.g.: mon3 will be the third Monday of the month, while 5 denotes the last week in the month, as no Earthly calendar currently has more than 31 days.</p> <p>Setting the hold interval takes a specific date format, as it needs to conform to RFC 3339. This may sound like a page straight out of the Vogon book on time management, so you can use the following command to convert dates into the right format:</p> <pre class="wp-block-preformatted">date --date="TMZ YYYY-MM-DD HH:MM:SS" +%Y-%m-%dT%H:%M:%S%:z</pre> <p>For instance:</p> <pre class="wp-block-preformatted">date --date="PST 2020-08-01 13:00:00" +%Y-%m-%dT%H:%M:%S%:z<br>2020-08-01T13:00:00+01:00</pre> <p>Then, you can set the refresh value with the formatted date string:</p> <pre class="wp-block-preformatted">sudo snap set system refresh.hold=2020-08-01T13:00:00+01:00</pre> <pre class="wp-block-preformatted">sudo snap get system refresh.hold<br>2020-08-01T13:00:00+01:00</pre> <p>Once the refresh hold is in place, you can check the refresh schedule:</p> <pre class="wp-block-preformatted">snap refresh --time<br>timer: 01:00-02:00<br>last: today at 12:38 PST<br>hold: in 31 days, at 13:00 PST<br>next: tomorrow at 01:00 PST (but held)</pre> <p>As you can see, the information now combines parameters both from the timer and hold settings. The next update is meant to be tomorrow at 01:00, as defined by the timer, but it will be held &#8211; for 31 days &#8211; until the update deferment expires.</p> <p>Similarly, you can configure the updates on metered connections. Setting the value to <em>hold</em> will prevent updates, while changing the value to <em>null</em> will allow updates to resume. </p> <pre class="wp-block-preformatted">sudo snap set system refresh.metered=hold</pre> <pre class="wp-block-preformatted">sudo snap set system refresh.metered=null</pre> <p>Again, you can combine this option with the timer and hold settings to create a granular and precise update schedule that will not interfere with your critical tasks, ensure maximum consistency, and also allow you to receive the necessary functional and security patches.</p> <p>Then, occasionally, you may want to check which snaps will update on next refresh. This will give you an indication of the pending list of new snap revisions your system will receive:</p> <pre class="wp-block-preformatted">snap refresh --list<br>Name &nbsp; &nbsp;&nbsp;&nbsp; Version&nbsp; Rev&nbsp;&nbsp;&nbsp; Publisher &nbsp; Notes<br>lxd&nbsp; &nbsp; &nbsp;&nbsp;&nbsp; 4.3&nbsp; &nbsp;&nbsp;&nbsp; 16044&nbsp; canonical✓&nbsp; -<br>snapcraft&nbsp; 4.1.1&nbsp;&nbsp;&nbsp; 5143 &nbsp; canonical✓&nbsp; classic</pre> <p>Now, the full list of installed snaps is longer. For example, the system currently has lxd version 4.2 installed:</p> <pre class="wp-block-preformatted">snap list lxd<br>Name&nbsp; Version&nbsp; Rev&nbsp;&nbsp;&nbsp; Tracking &nbsp; &nbsp;&nbsp;&nbsp; Publisher &nbsp; Notes<br>lxd &nbsp; 4.2&nbsp; &nbsp;&nbsp;&nbsp; 15878&nbsp; latest/stable&nbsp; canonical✓&nbsp; -</pre> <h1>Refresh awareness</h1> <p>This is <a href="https://snapcraft.io/blog/experimental-feature-snap-refresh-awareness-and-update-inhibition">another feature</a> that you can use to control the updates. In some cases, you may be running a vital task that must not be interrupted in any way. To that end, you can use refresh awareness to make sure the application will not be updated while running. If you try to run a manual snap update while it’s running (and you’re using the awareness feature), you will see a message like below:</p> <pre class="wp-block-preformatted">snap refresh okular --candidate<br>error: cannot refresh "okular": snap "okular" has running apps (okular)</pre> <h1>Summary</h1> <p>Automatic updates can never be a blanket solution for all use cases. Desktop, 乐天堂fun88备用网址 and IoT environments all have their particular requirements and sensitivity, which is why snapd comes with a fairly extensive update control mechanism. The combination of timed schedules, update delay of up to 60 days, metered connections functionality, and snap refresh awareness and update inhibition offer a wide and pragmatic range of options and settings, through which the users can create a robust, reliable software update regime. Furthermore, business customers can configure their own <a href="https://docs.www.ii0fi.com/snap-store-proxy/en/">snap store proxy.</a></p> <p>Hopefully, this article clears some of the fog surrounding snap updates, and what users can do with them. If you have any comments or suggestions, please join <a href="https://forum.snapcraft.io/">our forum</a> for a discussion.</p> <p>Photo by <a href="https://unsplash.com/@cleipelt?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Chris Leipelt</a> on <a href="https://unsplash.com/?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText">Unsplash</a>.</p> Igor Ljubuncic (Igor Ljubuncic)snapcraft.iosnapdSnapsupdatesThu, 09 Jul 2020 11:14:08 +0000Bloghttps://www.ii0fi.com//blog/microk8s-ha-tech-preview-is-now-available<p>High availability (HA) for MicroK8s, the lightweight Kubernetes, is now available as a tech preview for Linux, Windows and macOS. The Kubernetes control plane can now be distributed across multiple nodes, bringing resiliency to the cluster while maintaining a low footprint using Dqlite, the distributed SQL engine as the Kubernetes datastore. On Linux, you can [&hellip;]</p> <p>High availability (HA) for <a href="https://microk8s.io/">MicroK8s</a>, the lightweight Kubernetes, is now available as a tech preview for Linux, Windows and macOS. The Kubernetes control plane can now be distributed across multiple nodes, bringing resiliency to the cluster while maintaining a low footprint using <a href="https://dqlite.io/">Dqlite</a>, the distributed SQL engine as the Kubernetes datastore.</p> <p>On Linux, you can download and test highly available MicroK8s from the &#8216;ha-preview&#8217; branch:</p> <pre class="wp-block-preformatted">sudo snap install microk8s --classic --channel=latest/edge/ha-preview</pre> <p>If you already have MicroK8s, learn how to upgrade to the ha-preview channel and set up your MicroK8s HA cluster in the <a href="https://microk8s.io/docs/high-availability">MicroK8s HA documentation</a>.&nbsp;</p> <p>If you want to test the HA feature on <a href="https://microk8s.io/docs/install-alternatives#heading--windows">Windows</a> and <a href="https://microk8s.io/docs/install-alternatives#heading--macos">macOS</a>, follow the corresponding installation instructions and run the following command after the installation is complete:</p> <pre class="wp-block-preformatted">multipass exec microk8s -- sudo snap refresh microk8s --classic --channel=latest/edge/ha-preview</pre> <p>Note that the ha-preview version comes with the high availability feature enabled by default. This means that adding at least two nodes to the cluster will automatically form a highly available control plane across the three nodes.</p> <p>Once you have added the additional nodes to the HA cluster, microk8s status output will look like this:</p> <figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/BK_midVQ_jKcl-mGyk3dMa7kxNOJHUTxL1VYAQMUOGm4bMzI3WPwwWhQWpkYvrkCYPiETUscamnqxm2ENc2DlG4fOYV0YTLsdSk9uxlA7pXVb9OOWvcUJpzYgMtTGJNzOwI3evio" alt=""/></figure> <p>We would love to hear your feedback on this new feature, so feel free to reach out to our team on <a href="https://discuss.kubernetes.io/c/general-discussions/microk8s">Discourse</a>, the <a href="http://slack.kubernetes.io/">Kubernetes Slack</a> #microk8s channel or raise any bugs you might find on <a href="https://github.com/ubuntu/microk8s/issues/">MicroK8s GitHub</a>.<br></p> Alex Chalkias (Alex Chalkias)hahigh availabilitykubernetesMicroK8stech previewThu, 09 Jul 2020 07:00:48 +0000Bloghttps://www.ii0fi.com//blog/canonical-enables-linux-desktop-app-support-with-flutter<p>By Chris Sells (Google) &amp; Ken VanDine (Canonical) Google’s goal for Flutter has always been to provide a portable framework for building beautiful UIs that run at native speeds no matter what platform you target. To validate this capability, we started by focusing on the mobile platforms, Android and iOS, where we’ve seen more than [&hellip;]</p> <p><em>By Chris Sells (Google) &amp; Ken VanDine (Canonical)</em></p> <p>Google’s goal for Flutter has always been to provide a portable framework for building beautiful UIs that run at native speeds no matter what platform you target. To validate this capability, we started by focusing on the mobile platforms, Android and iOS, where we’ve seen more than 80,000 fast, beautiful Flutter apps published to Google Play.<br></p> <p>To build on this success, for more than a year we’ve been expanding our focus to include desktop-class experiences, both for the web and for the desktop OSes: macOS, Windows and Linux. This work includes extensive refactoring of the engine to support desktop-style mouse and keyboard input as well as resizable top-level windows. It also includes new UI capabilities that adapt well to desktop, like Material Density support and the NavigationRail and experiments with deep integration into the underlying desktop OS with experiments in Dart:FFI and access to the system menu bar and standard dialogs. All of this work was to ensure that in addition to being suitable for mobile-style experiences, Flutter is ready to handle full-featured, full-sized desktop apps.<br></p> <p>It has long been our vision for Flutter to power platforms. We’ve seen this manifest already at Google with products like <a href="https://developers.googleblog.com/2019/05/Flutter-io19.html">the Assistant </a>so now we&#8217;re thrilled to see others harnessing Flutter to power more platforms. Today we are happy to jointly announce the availability of the Linux alpha for Flutter alongside Canonical, the publisher of <a href="https://www.ii0fi.com/">Ubuntu</a>, the world’s most popular desktop Linux distribution.</p> <h2>Why Flutter for Linux?</h2> <p>Last year, when Google announced desktop-class application support with Flutter, Canonical saw an exciting opportunity to make Linux distributions, including Ubuntu, an attractive target platform for Flutter app developers. Flutter’s native cross-platform story is growing rapidly and Canonical wanted to be at the vanguard. By enabling desktop Linux support in Flutter, Canonical is making it very easy for application developers to publish their apps for Linux users via the Snap Store, the app store for Linux. By making Linux a first class Flutter platform, Canonical is inviting application developers to publish their apps to millions of Linux users and broaden the availability of high quality applications available to them.<br></p> <p>There were a number of things about Flutter that were exciting for Canonical:</p> <ul><li>Fast growing ecosystem of application developers</li><li>Multiple platform support</li><li>Highly optimised native applications</li><li>Modern UI framework supporting declarative, reactive and composable widgets</li><li>Rich development platform using Visual Studio Code, Android Studio and IntelliJ</li></ul> <p>Google’s initial announcement started with an alpha release supporting macOS and plans for Linux and Windows. Canonical is making a significant investment in Flutter by dedicating a team of developers to work alongside Google’s developers to bring the best Flutter experience to the majority of Linux distributions. Canonical will continue to collaborate with Google to further improve Linux support and maintain feature parity with the other supported platforms.</p> <h2>Flokk: Proving Flutter’s readiness for the desktop</h2> <p>To demonstrate that Flutter was ready for the desktop, we worked with the designers and developers at <a href="http://gskinner.com/">gskinner.com</a> to create an innovative, beautiful Flutter desktop app. Flokk is a real-world app that works with real-world data, specifically your Google Contacts list. </p> <figure class="wp-block-embed-youtube aligncenter wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper"> <iframe width="540" height="304" src="https://www.youtube.com/embed/cTFJcq7UTRY?feature=oembed" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> </div></figure> <p>In addition to being able to manage your contacts, including searching contacts, adding new contacts and editing existing contacts, Flokk also allows you to associate GitHub and Twitter handle information with your contacts.<br></p> <figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/2UcfcBw9YC38-MMQwOLUd86EziSZm_Zh-zAYkjm50chOi-rQchcrKsroz3sb89RjoCi2CziI9omjg-8IGGS1x_gCNQ2d7MrIO8FKKvlShopIh_qjE2Zch9wiFQ_jjzk8z9rNyG33v4D_ZEFmuA" alt=""/></figure> <p>The display of GitHub and Twitter notifications turns your contacts into your own personal social network. And if you’re not seeing your favorite social networks in Flokk Contacts, then the good news is that Flokk is <a href="https://github.com/gskinnerTeam/Flokk/">completely open source</a>, so you can submit a PR to add your favorite.<br></p> <p>In addition to innovating in the social space, Flokk uses Flutter features to look and feel great. As just one example, the dark theme not only switches the colors but animates the changes as it does so.<br></p> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/xCu4lLZ9a-eQ8zF1O0YeO_KBSxJwB-GP_wKFMjVKbGlEmgtEhqf9ROZRBr8QwHM5i4eXBsgqwLH9jux-jl4-iKPFk4DWexaiSTMMnSCMzIHkYUcw84bboIbq-Ue4uuJK885ducrMavuI6sgD7g" alt=""/></figure> <p>The creative team behind the Flokk Contacts app was led by <a href="http://gskinner.com/">Grant Skinner</a>, who’s well known for both excellence in design and implementation of innovative user experience. Grant had this to say about working with Flutter on Linux:<br></p> <p><em>“Building the Flokk Contacts app was a breeze! We were able to apply all our previous expertise in Flutter to target Linux with virtually no adjustments, and the app runs fantastically. Working with the Canonical team was a wonderful experience; they were enthusiastic, engaged, and passionate about making Flutter better not just for Linux, but for every platform. It was an amazing project, and I’m thrilled to be able to target another major OS with Flutter.” &#8211;Grant Skinner</em><br></p> <p>If you’d like to use the Flokk app on your Linux machine, you can download the latest release on <a href="https://github.com/gskinnerTeam/Flokk/releases">GitHub</a>. Or, if you’re running snapd, you can download the Flokk App from the <a href="https://snapcraft.io/flokk-contacts">Snap Store</a>.</p> <h2>Easy install of Flutter on Linux</h2> <p>Now that you’ve seen how well Flutter works for desktop-class applications, especially on Linux, you’re going to want to get it running on your own Linux machine. To make that as simple as possible, we’re pleased to provide the Flutter SDK for Linux as a snap in the <a href="https://snapcraft.io/flutter">Snap Store.</a> The Flutter SDK snap provides everything needed to develop Flutter apps on your favorite Linux distribution. No need to install a bunch of development dependencies; simply install the Flutter SDK snap and your favorite IDE and you have everything you need to create, build and publish your applications for Linux.<br></p> <p>For example, if you would like to get started developing Flutter applications for Linux and your IDE of choice is Visual Studio Code, this is all you need to do at your Linux terminal:<br></p> <pre class="wp-block-preformatted">$ snap install --classic flutter</pre> <pre class="wp-block-preformatted">$ snap install --classic code</pre> <pre class="wp-block-preformatted">$ code --install-extension dart-code.flutter<br></pre> <p>If you also want to use Linux to develop mobile apps, you can do so by installing the Android SDK or Android Studio (which includes the Android SDK). For more information on the Flutter SDK as a snap, see <a href="https://snapcraft.io/flutter">https://snapcraft.io/flutter</a></p> <h2>Flutter for Linux desktop</h2> <p>Once you have the Flutter SDK installed on your Linux machine, to build a desktop app, you need to access the Flutter dev (or the master) channel and to enable Linux desktop support:<br></p> <pre class="wp-block-preformatted">$ flutter channel dev</pre> <pre class="wp-block-preformatted">$ flutter upgrade</pre> <pre class="wp-block-preformatted">$ flutter config --enable-linux-desktop<br></pre> <p>Now when you create a new Flutter project, you’ll get a Linux subdirectory that will enable you to run as a desktop app that runs on your Linux machine:<br></p> <pre class="wp-block-preformatted">$ flutter create counter</pre> <pre class="wp-block-preformatted">$ cd counter</pre> <pre class="wp-block-preformatted">$ flutter run -d linux</pre> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/cEyBMSXjosymswv1yeaBbJynlJPN1GZ0EqRiWAIOqZRPoPdwq16khbiSjwiJofPua9AfWv1t9zluDBEPelEVPTsAk5HvfGzgGVhFsJGwleC12mEQezjCV-sBMJ6m50XiCu-gy8tq42qNt9Qu3w" alt=""/></figure> <p>What you’ll get is a shiny new Linux app built with Flutter running on the latest stable version of GTK+. If you have an existing Flutter project to which you’d like to add Linux support after you have Linux enabled, you can add the Linux subfolder like so:<br></p> <pre class="wp-block-preformatted">$ cd my_flutter_app</pre> <pre class="wp-block-preformatted">$ flutter create .<br></pre> <p>This will create the Linux subfolder with the Runner project that you need to build and run your Flutter app on the Linux desktop.</p> <h2>Accessing native code in Linux from Flutter</h2> <p>In addition to supporting the desktop by writing Dart to create Flutter widgets, your Linux desktop apps can also access all of native Linux using <a href="https://flutter.dev/docs/development/platform-integration/platform-channels">platform channels</a> or <a href="https://dart.dev/guides/libraries/c-interop">the Dart Foreign Function Interface for C/C++</a>. Or, if you’d like to reuse pre-existing code, you can <a href="http://pub.dev/flutter/packages?platform=linux">find that code on pub.dev</a>, Dart and Flutter’s package manager site. Most of the packages you’ll find on pub.dev will be pure Dart, most of which will work just fine in your Linux app. Some packages, called plugins, have native code in them that are specific to one or more platforms. As part of this release, we’ve published three plugins on pub.dev that use native functionality of Linux:<br></p> <ul><li><a href="https://pub.dev/packages/url_launcher">url_launcher</a>: launch the default browser at a URL provided</li><li><a href="https://pub.dev/packages/shared_preferences">shared_preferences</a>: user preferences shared between app sessions</li><li><a href="https://pub.dev/packages/path_provider">path_provider</a>: path information about special-purpose folders, e.g. downloads, pictures, etc.</li></ul> <p>Each of these plugins is available for you to use in your apps as well as examples of how to access Linux natively from your Flutter code, like <a href="https://github.com/flutter/plugins/tree/master/packages/url_launcher/url_launcher_linux/">the Linux implementation of url_launcher</a>.</p> <h2>Deploying to the Snap Store</h2> <p>To deploy your Flutter app to the Snap Store, you’ll first need to install Snapcraft, the tool that you will use to build and publish your application as a snap:<br></p> <pre class="wp-block-preformatted">$ sudo snap install snapcraft --classic<br></pre> <p>To drive the Snapcraft tool, you’ll need to create a snapcraft.yaml file in your app’s project folder. As one example, this is the one for Flokk:<br></p> <pre class="wp-block-preformatted">name: flokk-contacts<br>version: 1.0.0<br>summary: Flokk Contacts<br>description: A fresh and modern Google Contacts manager that integrates with GitHub and Twitter.<br>confinement: strict<br>base: core18<br>grade: stable<br><br>apps:<br> flokk-contacts:<br> command: flokk-contacts<br> extensions: [flutter-master]<br> plugs:<br> - network<br><br>parts:<br> flokk-contacts:<br> source: .<br> plugin: flutter<br> flutter-target: lib/main.dart # The main entry-point file of the application</pre> <p>In the folder with your snapcraft.yaml file, you can now run snapcraft to build a snap of your application.<br></p> <pre class="wp-block-preformatted">$ snapcraft<br></pre> <p>If all goes well, this will produce a file in your current working directory like &#8220;flokk-contacts_1.0.0_amd64.snap&#8221;<br></p> <p>Once you&#8217;ve <a href="https://snapcraft.io/docs/creating-your-developer-account">setup your account</a> for publishing in the Snap Store, you’re now ready to publish your snap:<br></p> <pre class="wp-block-preformatted">$ snapcraft login</pre> <pre class="wp-block-preformatted">$ snapcraft register flokk-contacts #(registers the snap name in the store, these must be unique)</pre> <pre class="wp-block-preformatted">$ snapcraft upload flokk-contacts_1.0.0_amd64.snap --release edge&nbsp;<br></pre> <p>This will upload it to the Snap Store and attempt to publish it to the <a href="https://snapcraft.io/docs/channels#heading--risk-levels">edge channel</a>. Once your application is published in the edge channel it can be installed either via the Snap Store Desktop client or using the command line:<br></p> <pre class="wp-block-preformatted">$ snap install --edge flokk-contacts<br></pre> <p>For more details on building your first snap and publishing it in the Snap Store, see <a href="https://snapcraft.io/first-snap#flutter">https://snapcraft.io/first-snap#flutter</a> for a guided tutorial.</p> <h2>Flutter Linux desktop samples</h2> <p>The Flokk Contacts app is an excellent example of a real-world Flutter app targeting the Linux desktop. For a simpler sample, you can check out <a href="https://github.com/flutter/samples/tree/master/experimental/desktop_photo_search">the Photo Search app</a>, which was also built specifically to show off desktop features.</p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/s_hYnCpVTFD-xrcr1yWgoHa_f0I4U62D5UdSuqxq9pQh-qkHQAtq8lueSykcX3wrdf6PcMyV7wbXCxQ2honfm2kRSmcx0Pqf2vFefgc--kCctE_5HU-zfmqqKeGE7d4uOKlTH6ynrDcgcLDM4g" alt=""/></figure> <p>Photo Search is a simple online photo search app that uses several plugins to access native platform functionality, supporting both macOS and Linux.</p> <p>For an example of a Linux desktop app with step-by-step instructions, I recommend <a href="https://codelabs.developers.google.com/codelabs/flutter-github-graphql-client/index.html#0">the Write a Flutter desktop application codelab</a>, which walks you through using OAuth and GraphQL to build a GitHub client in Flutter.</p> <figure class="wp-block-image"><img src="https://miro.medium.com/max/803/0*vktUouQPnTpgk0Ko.png" alt="Image for post"/></figure> <p>For a more comprehensive app that exercises much more of the surface area of Flutter as well as providing several little applets, then I recommend <a href="https://github.com/flutter/gallery">the Flutter Gallery</a>, which was redesigned last year to support desktop as well as mobile. If you’d like to see that in action, you can check that out <a href="https://snapcraft.io/flutter-gallery">on the Snap Store</a>, too.<br></p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/Vp6uVZaw1bpi1Botcp3iAUHC-DITsnbz2NV4cu6era7LNSV34SjijYA7KM6ycI58sM3FeKmvnDCBiQYPV2GXZgYdoWMk3UhKorNPWuYYT2mlfRP4vMPi0ahzPHjwS3a28_8OA47C3z7-ywibUA" alt=""/></figure> <p>One more desktop app shows off the fun side of Flutter is a multi-player game built by Thorsten Lorenz called <a href="https://thlorenz.com/batufo/">batufo</a>. Set against a beautiful backdrop, it allows players from all over the world to compete against each other in real time.</p> <figure class="wp-block-image"><img src="https://admin.insights.www.ii0fi.com/wp-content/uploads/c0c2/batufo.gif" alt="" class="wp-image-97022"/></figure> <p>Thorsten has been building this game to support multiple Flutter platforms including Linux, macOS, Android and iOS. If you’d like to see how he did it and follow along with future updates, he makes his coding sessions available as <a href="https://thlorenz.com/batufo/#watch">videos</a> and <a href="https://github.com/thlorenz/batufo">the code available on GitHub</a>. To install this from Linux, you can pull it down from the <a href="https://snapcraft.io/batufo">Snap Store.</a></p> <h2>Summary</h2> <p>With this alpha release and the close partnership between Google and Canonical, Linux developers get Flutter support for their operating system of choice. Install the <a href="https://snapcraft.io/flutter">Flutter SDK via snap</a>. Build and test your desktop app on Linux using Visual Studio Code or Android Studio. Deploy your app to the Snap Store. For the latest details, see <a href="http://flutter.dev/desktop">the desktop page on flutter.dev</a>. And above all else, <a href="https://github.com/flutter/flutter/issues">make sure to provide feedback</a> so that we can continue making Flutter the best it can be on Linux, as we strive to do for every supported Flutter platform.<br></p> <p>Flutter for Linux from the Canonical team is a giant step forward for our dream of making Flutter the best way to build an app no matter what platform you’re targeting. Targeting the desktop has made the Flutter engine that much more adaptable to a long tail of devices that Google itself can’t support directly but for which we plan to continue to build partnerships and to enable the ecosystem.<br></p> <p>Wherever there are devices that need fast, beautiful apps, that’s where we want Flutter to be.<br></p> Canonical (Canonical)DesktopFlutterGoogleLinuxsnapcraft.ioSnapsWed, 08 Jul 2020 15:00:56 +0000Bloghttps://www.ii0fi.com//blog/design-and-web-team-summary-8th-july-2020<p>The web team here at Canonical run two-week iterations. Here are some of the highlights of our completed work from this iteration. Web squad Our Web Squad develops and maintains most of Canonical’s promotional sites like www.ii0fi.com, canonical.com and more. USNs on www.ii0fi.com Ubuntu security notices can now be found under https://www.ii0fi.com/security/notices, bringing a much [&hellip;]</p> <p>The web team here at Canonical run two-week iterations. Here are some of the highlights of our completed work from this iteration.</p> <h2>Web squad</h2> <p>Our Web Squad develops and maintains most of <a href="https://github.com/search?q=topic%3Awebsite+org%3Acanonical-web-and-design&amp;type=Repositories">Canonical’s promotional sites</a> like <a href="https://www.ii0fi.com/">www.ii0fi.com</a>, <a href="https://canonical.com/">canonical.com</a> and more.<br></p> <h3>USNs on www.ii0fi.com</h3> <p>Ubuntu security notices can now be found under <a href="https://www.ii0fi.com/security/notices">https://www.ii0fi.com/security/notices</a>, bringing a much needed visual refresh. Some pages (LSNs) are still living under <a href="https://usn.www.ii0fi.com">https://usn.www.ii0fi.com</a> but most of the content should now be accessible via the new pages.<br></p> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/3BKgzMleB6HFv_0V6xyJ31h4H2k1Kgw7faDV6HqBWdHM6ozPKCwQwTshBn-CalkzEKf2_kOYzQ_0D_3Gq3fr-F_DCN48V6aUgKQ65KIQtXcleO0nsMV4hCQzYnH19NSaPUbkvoiV" alt=""/></figure> <h3>Social media banner generator</h3> <p>All artwork produced and available via the websites were hand created by the designers on the web team. We would like to reduce the time spent here by creating a new tool to generate social media images for marketing purposes for use in social media posts, meta images etc.</p> <figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/xl7jhtvEuxuDAHOuhsCcP5KIyrGVcqyYjdoOrdyiaZ96U1m8PEWo8Iasf8XJKpCiccCPsWCv5sUqMTMHg8vXqs5MtU4Fx3ELGQQCfiWf1rJBNCs3Fv0-M4Y72HF1EHTRxPYEM6BK" alt=""/></figure> <h2>Brand</h2> <p>The Brand team develop our design strategy and create the look and feel for the company across many touch-points, from web, documents, exhibitions, logos and video.<br></p> <h3>Document Hierarchy</h3> <p>We shortlisted designs and applied rules to the chosen designs to make a cohesive set of documents to move forward with.</p> <figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/cMfAZe8YK1wX8H_7gbm34Bi8hpkvMS5v8c4xR42TIZzFiR2hxSeAgXGLJlIUCk3lCZT_H4aBQdpjnOeoJejbQIfZayatD0oufnAPUekC0oL5HEqpfiF1L171GXs7ba3h7rofvlzD" alt=""/></figure> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/kOg7hsnws23b3vqAWQ1CNOMKMZihsDAp6tveGKl3Tjd3CI54hdOvzml5iqPLWE5cEGLZ2sCIrz4-LBCgCogVzuKwkycU3913nJM1Dk9Z7r1u8Rx_pTRL_OSGBrtkYOSFsn9PlPdz" alt=""/></figure> <h3>Automotive illustrations</h3> <p>We created a number of illustrations for the upcoming automotive page refresh in collaboration with the IoT PM’s.</p> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/WEalHaByN1WbxfDZnYQPtBR-qQsXcPKAfJJWVuoJBnnyoWPL3TorTo2W3hVR12YzwBagwIHu0h-gPQgAZogezs3R6llDPrI9NKLI34FYMxrbGcTPhhwM5eJhIz7quNhcwRH_Woh6" alt=""/></figure> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/WP4hbm03uHHG3RvWW9A4HObv4Z4niFvsoTbBQIJ7vBhEjs8eNL8pZkSOQQQ_OwDJVuc4VZ4v7j5Kk4OtitAJg5Q9eq4BaUHNjkAM8eeOq71JqIAYNtuc5igBGHr3VIZUvXwYShQz" alt=""/></figure> <h3>Social media banner generator</h3> <p>Working in collaboration with the web developers we defined a number of scenarios for the social media banners in order for them to build in the variables for the tool.</p> <figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/4lQ5H-ORNMqD47iNRjPIwW1It_l6xSASfId7eVP8TuUoWErjs5FBaXFppkieWVPS8p1wTqit0c7DfVTS3yYLG9C7qsuJcCquUE-eWIdIVGyBgCACBK-yaygcpHAo-0Pw95ZLQftr" alt=""/></figure> <h3>Snapstore video</h3> <p>In this iteration, we sketched up the ideas for the main animation frames of the Snapstore explanation video.</p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/INT9NCK7fuqwR3MdZQq4rlm2E0xw2hH4wUN3HGfRlrBcYZSg5z4nx3j1RyjiBHC8w4z11O9myal0ZE5_Pw630EkJ3fijfVdHr8ivjF2pZ2INu5AqD8OzUYx_JcoTnpsID_pRUTcJ" alt=""/></figure> <h3>Charm Hub</h3> <p>We helped the Charm Hub team with some illustration work and experimentation around the Charm Store cards that are currently being updated.</p> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/DBRPUOFngk4QEI9hI01Ied5tL-VRS_dhpPIsY1idPWYwG9igLOVsyT7VGote953Hi-rsQCHYmKwA_Y4oOmvB3-Xg06scYr7W-vd-retdQPAxMyq83LIxNIr8Rml4MykjcfX2U7dU" alt=""/></figure> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/OTdNvO5EmwJz5BQZM6s32a17xHZzx_bgiR859fiLFv6Ez2NloEJhZe9DzC0N8Dmq7jOtnWAiOppNJJDvIWAoEuf4SapmNtujNJimsgwM5oI723POCyX6Dg4iVmcp6CUOudnlGTFi" alt=""/></figure> <h3>Design team icon</h3> <p>We were asked to produce an icon for the design team to use across applications we all collaborate on and for wider use, in this iteration we developed the chosen designs for final selection.</p> <figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/xUhXfb58VaKkXbXO-1SPrIKpXsII1saqA4Baecn_4IR0l0eAs7Ntuflay5dejn9Fj2I9W94mf4xINGNwrlU1w7zatlGO_BwbTpZhtcf5Nyn-TkoZzo42ZoIghlb3ip14AJ0xZsi2" alt=""/></figure> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/BtJp1VfztTSYxbrFMM8rrHdACArWm4vDaDblUyFfe6nAJPcB123ex-BSdEyk8TbO9VPFvS-8Vf0MXVv3LdEx4DfSLj5REyOggdlpNt4DJ90pelxHmoS-s3XRn1uodP8znvz5hlfH" alt=""/></figure> <h2>MAAS</h2> <p>The MAAS squad develops the UI for the <a href="https://launchpad.net/maas">MAAS project</a>.<br></p> <h3>Deploy with custom cloud-init UI</h3> <p>Our cloud-init designs have been finalised and are currently in development, stay tuned for MAAS 2.9. The goal of this feature is to create parity with our API.  You will be able to customise your cloud configuration with cloud-init user data. </p> <p>The current feature includes:</p> <ul><li>Allowing code paste and reading from uploaded file</li><li>Users are able to edit the user data from the snippet area</li><li>At this stage, we only allow one file/snippet upload</li></ul> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/XULQAb0mFGTSW7PzOllI8zcd5HL_13wGDdocMPp0QiYvWjhnIDuKMBQ7TulA3J_byeyduQLzm9Oyv4KQs5nQbW-RpJT264r6w86KdDIdeHC6MANB1KQ4rfJiB3OQY4l4kh4FIa0Q" alt=""/></figure> <h3>KVM Charts</h3> <p>Our second phase of React migration project is merely focussed on KVM; KVM listing and KVM details. In our earlier design work, we have been exploring different ways to represent KVM resources data in order to reflect the truth and minimise confusion.&nbsp;<br></p> <figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/Yt6T9wN989JZfGQFo00cPERweiLF4QWtAalMHcMq2MK5QgAoH98Vm4Jk1lXBxbKd-OVyqcbyUwY8wxHpg5ys2IIYMPfc1pDxJ2ws_-BJ-QxkK0XvRY7x0I5hg0GnfEMAO-v3w7ga" alt=""/></figure> <p>One of the things that we discovered from our user interviews is that the word “used” vs “available” created confusion for our users. Because our users interpreted these resources as actually used. Whereas in reality, the data represented here is the amount of resources that our users assigned to their KVMs.&nbsp;<br></p> <p>The concept of overcommit still remains as a big design challenge for our team. The current solution that we choose is to make the information expander clearer and add visual cues to help highlight the important aspects of KVM resources. The bigger question we want to answer is how might we show these graphs in ways that are useful and accurate?<br></p> <h3>In-app release notification on the way</h3> <p>Our data has shown that about less than 10% of our users updated MAAS to the newest version of MAAS in the past releases. So our goal is to expand the announcement channel to MAAS-app to help promote our new release. For MAAS 2.9 our goal is to create the simplest version of the notification component for new release announcements and from here we will try to see this as a starting point to scale our notifications forward.</p> <h2>JAAS</h2> <p>The JAAS squad develops the UI for the <a href="https://jaas.ai">JAAS store</a> and <a href="https://jaas.ai/models">Juju dashboard</a> projects.</p> <h3>Analysis of the user interview for the Dashboard</h3> <p>In this iteration, we analysed the user testings for JAAS model detail pages and summarised the findings into a report. The team had an initial discussion to prioritise actions into ‘Quick wins’ to fix and ‘Long term’ for feature exploration. The rest of the issues will be discussed in the next iteration.<br></p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/nQxYULCq8Dp_6gHBXl5y3Cs-p5fxsf9-S9AxVALKJgRvBehMiax02psEJOAyo_uNRXAx8gmXlKJiNdvuY27wV3-YErVlJWjZZna3INPiEgq4rrEzgjC0a9Py5ontVITcnj6TmtmT" alt=""/></figure> <h3>Building the search and filter pattern</h3> <p>The team is building the ‘Search and Filter’ pattern on the Dashboard, in order to provide to the users the possibility of complex search queries. You can<a href="https://discourse.juju.is/t/dashboard-combo-search-and-filter-pattern/3185"> read more about this on Discourse</a>.<br></p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/dMKinIR5x8cib-YQOo_tmUtHcbRl66cr2FIUDj_QTLVASuuRcw_o0wVZFvjyLPL3sHCXpzq8AUzuUz1cGCzASNKrdPrq--OsTbe9POWG63SF30RtJe1olb0YAUMXHKEmdoabGuw4" alt=""/></figure> <h3>Web CLI &#8211; an exploration</h3> <p>The team is investigating what we’re calling the Juju wCLI. It is a simulated Juju CLI in the browser that performs the necessary API calls under the hood to perform the same actions the Juju CLI does in your local shell. This gives us the ability to enhance the CLI commands and responses while iterating quickly to find the best interactions.<br></p> <figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/60TDdX-YlSnrJ136ILL2VYQ8i8Nk0VC5plkgxEXG0EYHqjtBMzMQyddhfC27igzd_i298OR0eG6zoH9ZvW0stRfRFgW_C43FJ8FobTfijmfyrVZBeX-xLlaiRcMddoKE9-CMGe0t" alt=""/></figure> <p><a href="https://discourse.juju.is/t/dashboard-juju-web-cli-investigation/3270">Read more on Discourse</a>.</p> <h2>Vanilla</h2> <p>The Vanilla squad designs and maintains the design system and <a href="https://vanillaframework.io">Vanilla framework library</a>. They ensure a consistent style throughout web assets.<br></p> <h3>Update the display property</h3> <p>We updated our web-font loading strategy, so now our Ubuntu web-font is optional on the first load. This improves page loading performance by not making the browser wait for the font files to be downloaded before it can render the text. The first load of the page (if the web-font is not yet cached) will render with fallback font, but any later visit will use Ubuntu web-font downloaded in the background.</p> <figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/bFcNwuuKt8nlEqZ9MTKciDkDOCrp5t7jdyKBRnV1vUEC1BPz2xLRDgsyjeP-7XAwtoooKd2FNm6_MT53nFTEuX8gjaz3gGCDFm6MbrnIfAF576schH_kx6P6eRKzRcEYO-YZiO1y" alt=""/></figure> <h3>New inline-list stretched</h3> <p>We implemented a new variant for our list component that allows to layout the list items across the whole width of the list container using CSS flexbox. This will allow creating some simple horizontal split layouts that previously required custom styles or utilities.<br></p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/X3sLw5uy0RGZKYhaDD3OqZddfRIpPA17VRVwg7WKJi8PNpsImHnhJdfTj87xmGF-_IjPdn1IddlinIeTTbefY4f0b-NMU7835mQqECErCpLPAXTfLBTw0fMB-HgNW4Kjvzw41_ZP" alt=""/></figure> <h3>Application layout</h3> <p>Work continues on the new application layout, which aims to make products like MAAS, JAAS and RBAC feel like a product family. This iteration we focused on:</p> <ul><li>Responsiveness on the extreme ends of the spectrum &#8211; small phones and ultra-wide curved displays</li></ul> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/K-5-J2Ps2P3KXyzr3vJ9VlSPvWqVQfBM8VDMwB6Ew-Vkg7iaxeOd4ETjVnMkEh155yBL2JRueHegMFqY2-aQLPtIrumqAANPaO0l4KcCL6uo1Hrpr2py9Ik64N5LzPf_l86k8yiZ" alt=""/></figure> <figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/E7KL-xqi2nAVxALXkcIDZQoHpRD3sn6HYlFrJs33MWLIDk7vmxKLOwiFrfkjSNYvaA80XJPbzwlc_ec6yxVWrCyzbr-GQUBpjlTvcs4rQ0rX13xIDQMlmzkZJGjGroBIjurKe-CE" alt=""/></figure> <ul><li>Interactions in panels &#8211; from small panels wrapping content to medium panels that enforce height limits, to large panels that attach to the top and bottom edge of the screen, making the full height of the window available to the panel’s contents.</li></ul> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/pRBZ6ZHRvVo6iW8-ebfTTM38pRhL2lQdSEphhNAq9IOYPmcgDtcSvnwJU2KQ2P_erHFlOh-1HpiEy3XmwpDwI3VgvPtvMmHsACj3WDNBPU2xHLYtJKhl9aHY0Fuo6mTuaGKGfiqW" alt=""/></figure> <h3>More consistent active navigation</h3> <p>We’re exploring alternatives to the current navigation “active” state as part of a wider effort to make states across components follow the same design language.<br></p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/EOP2SnQtvkkqSfNvwIr22lOhxPIXWDSxTxCgE8mlAwMN1_IDJEBYiQAiwlm8otsd5Wl-Ngmlf2lUpMrjTuLbzPzC5DI1AvTtpiGBKE7mp9DS_4QXh6N3ZUwEcu5qL6xlVBe8G14s" alt=""/></figure> <h2>Ubuntu</h2> <h3>Documentation enhancements</h3> <p>Our UX and Design team have begun a design process aimed at improving the documentation experience across all our docs resources. As well as a content restructure, it’s likely this will result in enhanced tools for docs writers, and richer ways to present troubleshooting and code snippets.&nbsp;<br></p> <p>We wish good health for you and your families during these uncertain times.<br></p> <p>With &#x2665; from Canonical web team.<br></p> Anthony Dillon (Anthony Dillon)DesignWed, 08 Jul 2020 10:47:22 +0000Bloghttps://www.ii0fi.com//blog/the-state-of-robotics-june-2020<p>ROS, Ripple and reflections – In this month’s edition of The State of Robotics, we’ll tell you about the recently discovered Ripple vulnerability, the latest and greatest in robots reflecting nature, and a dash of news from the ROS universe. Foxy Fitzroy released ROS 2 Foxy Fitzroy was released on June 5 for Ubuntu 20.04. [&hellip;]</p> <p>ROS, Ripple and reflections – In this month’s edition of The State of Robotics, we’ll tell you about the recently discovered Ripple vulnerability, the latest and greatest in robots reflecting nature, and a dash of news from the ROS universe.<br></p> <h3>Foxy Fitzroy released</h3> <p><a href="https://index.ros.org/doc/ros2/Releases/Release-Foxy-Fitzroy/">ROS 2 Foxy Fitzroy</a> was released on June 5 for Ubuntu 20.04. Foxy supports many under-the-covers performance and stability improvements. Two of our favorites that continue improving robot security include a ROS Node Definition Library (NoDL) and enhanced security monitoring.<br></p> <p>NoDL defines configurations for each ROS node and how it interfaces with other nodes. By defining normal behaviors, ROS now can also enforce compliance with those behaviors, and robots can be monitored for abnormal behavior.<br></p> <div class="wp-block-image"><figure class="aligncenter is-resized"><img src="https://lh5.googleusercontent.com/TjdAb9t1V7NxlyC5CHtbT6OolVPRNA5U2Gk8NBdf2qw5yhvEwe2fkf4DImogm744EWpH5eBTnp-I44qVzjP4DyDHPWJJqrLtWmD7TO76cIxAqRCqo4EhFazQ998TsVxnY65lDpr2" alt="" width="358" height="424"/></figure></div> <p>Foxy improves on security monitoring by enabling logging for DDS communications. Once ROS 2 security features are enabled, environment variables can be configured to log security events to a file or publish them through DDS. Now not only can you monitor operational robot behaviors, you can also monitor communications security!<br></p> <p>This LTS release will be supported through May 2023. See <a href="https://www.ii0fi.com/blog/ros-2-foxy-fitzroy-and-its-enhanced-security-monitoring">Kyle Fazzari&#8217;s blog post</a> for more information about ROS Foxy. </p> <p>ROS 2 now also has a rolling release for preparing for the next stable distribution development. <a href="https://index.ros.org/doc/ros2/Releases/Release-Rolling-Ridley/">Rolling Ridley</a> is continuously updated and will at times include breaking changes.</p> <h3>ROSCon 2020 cancelled</h3> <p>We&#8217;re sad to report that, due to the uncertainty surrounding COVID-19,<a href="https://discourse.ros.org/t/roscon-2020-potential-schedule-change/14170/8?u=kyrofa">ROSCon 2020 has been cancelled</a>. It might be more accurate to say &#8220;postponed&#8221; given that it will still be happening in New Orleans in 2021. We&#8217;ll certainly miss all of you till then!</p> <h3>Getting Started with ROS</h3> <p>Interested in getting up-to-speed quickly with ROS? Take a look at the<a href="https://www.youtube.com/channel/UCsVzQYenRLqPf_4IjR-moLw"> Ubuntu Robotics channel on Youtube</a>. The robotics team has started publishing tutorials to get the computer professional up and running quickly with ROS.<br></p> <figure class="wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper"> <iframe width="540" height="304" src="https://www.youtube.com/embed/0w-CRiuuiKk?feature=oembed" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> </div></figure> <p>Videos published so far cover installing ROS Dashing and ROS Foxy on a Raspberry Pi, and installing ROS in a LXD container. Expect to see more videos on simulating robots in a LXD container, and the basic principles used to create ROS 2 robots.<br></p> <h3>World MoveIt! Day</h3> <p>June 2 was the fifth annual<a href="https://moveit.ros.org/events/world-moveit-day/2020/04/28/world-moveit-day-2020.html"> World MoveIt! Day</a>. MoveIt runs on top of ROS, and is the most common library for manipulation; making things like robot arms take actions by planning intricate joint movements. <br></p> <div class="wp-block-image"><figure class="aligncenter"><img src="https://lh3.googleusercontent.com/9b0jK2CPbC_zFGdY3UuEYnOU4BbHzj5yBXalKAsGYO3Adre9ePuPOlGEF1C1GGcxAQGTjP6Wv97qGUu2JxA9_mfYkYuSOImATS7-WcdnrRRJv7jGoc5MAKDOLGuMxuzpNulSGT0g" alt=""/></figure></div> <p>MoveIt has also been ported to MoveIt2 to support ROS 2. This year World MoveIt day was held virtually (no surprises there). It was a day for enthusiasts at all levels to help improve MoveIt and contribute to the codebase by fixing bugs, improving documentation, and starting work on new features.</p> <h3>Ripple 20</h3> <p>On June 16, the<a href="https://kb.cert.org/vuls/id/257161"> CERT/CC released a vulnerability notice</a> about the Treck IP stack, commonly used in embedded systems.</p> <p>Codenamed &#8220;Ripple20&#8221;,<a href="https://www.jsof-tech.com/ripple20/"> this series of vulnerabilities</a> impacts a lightweight implementation of IP commonly used in industrial control systems and medical devices, along with many other common network-enabled devices. Most vulnerabilities are related to improper memory management and can lead to denial-of-service, information disclosure, and potentially arbitrary code execution.</p> <div class="wp-block-image"><figure class="aligncenter"><img src="https://lh6.googleusercontent.com/f-hE9a73Whu4QVSwYVs1DRWR_7DL1JCJ7w8nkCVoTGwS4LXl3isBIBi6I6HcO87xsZlkRg-0IVTD45ZQU8IUBg4zh2xsgSXWvGOODOFbdUlPY_OxHH6HzA0dg4qmWhn4k2-pZ1nP" alt=""/></figure></div> <p>Yet again the announcement underscores the importance of maintaining a software update mechanism for deployed devices.</p> <p>To understand a bit more about what it takes to coordinate disclosure of a widespread embedded systems vulnerability, check out<a href="https://ubuntusecuritypodcast.org/episode-80/"> Episode 80 of the Ubuntu Security Podcast</a> where Robotics team members discuss the vulnerability with the coordinator Vijay Sarvepalli from CERT.<br></p> <h3>Robotics shapes quantum computing</h3> <p>We’ve heard of robot SLAM being improved by<a href="https://doi.org/10.1155/2018/1596080"> state-of-the-art quantum techniques</a> in the past, but what about the other way around?<br></p> <p>A<a href="http://dx.doi.org/10.1038/s41534-020-0286-0"> recent publication</a> in <em>Nature</em> demonstrated how robotics can shape the future of quantum computing. A group of scientists from the University of Sydney adapted techniques from classical estimation used in robotic navigation to improve hardware performance of quantum systems.<br></p> <p>Their method adapts a SLAM approach to measure the performance of one qubit – the basic unit of quantum information – and use that information to estimate the reliability of nearby qubits. A sort of ‘quantum slamming’, if you will. Now there’s a term worthy of a trademark.<br></p> <h3>Robot dog up for sale</h3> <p>After years of viral videos and demonstrating cutting-edge development in robotic biomimicry, Boston Dynamics has finally made its yellow robot quadruped Spot<a href="https://shop.bostondynamics.com/"> available for sale</a>. If you’ve got $75,000 to spare, you can now be the proud owner of this<a href="https://www.youtube.com/watch?v=wlkCQXHEgjA"> seriously agile</a> robot dog.<br></p> <figure class="wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper"> <iframe width="540" height="304" src="https://www.youtube.com/embed/VRm7oRCTkjE?feature=oembed" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> </div></figure> <p>For the time being, the contraption can only be bought for commercial and industrial use in the United States. But it remains an encouraging step in the direction of eventual general public availability.</p> <h3>Build a DIY quadruped at home</h3> <p>If you’re a hands-on person and don’t want to shell out the $75k on a Boston Dynamics’ Spot, you can 3D print and build yourself a <a href="https://engineering.nyu.edu/news/open-source-low-cost-quadruped-robot-makes-sophisticated-robotics-available-all">Solo 8</a> robot. Conceived as a research platform, Solo 8 is an open-source robot that comes packed with multiple gaits and directions, actuated joints for jumping, as well as orientation, posture and stability recovery.<br></p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/U80M3xAGZgebpIagUS1IaqjV4FkhUuO483ViwsqidTtPbup1zAqTe1fR9U7ZrFYhB69SL0syiJvI3BOjIuoSUaJO70ATFij20YNcHb6x4kRAwu6-BJnWy29nv6PyIFgHMJRutJjN" alt=""/><figcaption>Consider Solo8 a bare bones version of the better equipped Spot robot dog. (Source: <a href="https://newatlas.com/robotics/solo-8-quadruped-robot/">New Atlas</a>)</figcaption></figure> <p>So go ahead and download the files, print the parts, buy components from the parts catalog, and put it all together to have your very own robot dog for a few thousand dollars.</p> <h3>Hulk smash with robot arms</h3> <p>Researchers from Université de Sherbrooke revealed a waist-mounted remote controlled hydraulic arm at ICRA this year.<br></p> <div class="wp-block-image"><figure class="aligncenter is-resized"><img src="https://lh3.googleusercontent.com/rsHYDW6iSxtubCKDeMfRuyQIgkk_2wesJS7ifahqR5lLxtnHVL6h399YWuNkov_nDgfk0OkXY-COPsjd_O-LvNVmqLynxj46273Ktmhou154PhflyXMVCqoARrVkgVak30CP1mAX" alt="" width="444" height="335"/><figcaption>Now we can finally handle a drum set. (Source:<a href="https://spectrum.ieee.org/automaton/robotics/robotics-hardware/robotic-third-arm-can-smash-through-walls">IEEE</a>)</figcaption></figure></div> <p>Using magnetorheological clutches and hydrostatic transmissions, the device is supposed to mimic the performance of a human arm and assist its wearer in everyday tasks. Like painting walls, picking vegetables, handling tools, and yes, smashing through walls. Just another day in the life of a robotic limb.<br></p> <h3>Insectoid swarms for planetary exploration</h3> <p>Rovers and humans aren’t the only way to explore alien worlds.<a href="https://techcrunch.com/2020/06/08/swarms-of-autonomous-insect-robots-could-prove-key-to-future-planetary-exploration/"> Swarms of insectoid robots</a> are being studied at a number of companies and research institutions to overcome current limitations in traversing foreign terrains.<br></p> <div class="wp-block-image"><figure class="aligncenter is-resized"><img src="https://lh4.googleusercontent.com/n09cPUkyw2E9-ROGLjnthPtHxpqYEo-56592qGSE-Gb4lnoknB7kU4qU3qZkhjvFQtsdPkI_iwmsQ9xSZChO3_qe6jkaKLFOi48Pq4VoQwizOhB_n2OCZpvhoGAVEGT4tMAY2-8D" alt="" width="574" height="336"/><figcaption>Just the thing we need in 2020. (Source<a href="https://www.festo.com/group/en/cms/10157.htm">Festo</a>)</figcaption></figure></div> <p>As opposed to a singular large vehicular unit, robot swarms have been demonstrated to handle complex problem solving by organizing themselves into subgroups to cooperatively chip at different aspects of a mission in parallel. They are more robust to setbacks and can recover the loss of individual members through redundancy and repurposing.<br></p> <p>This is an exciting field, and with forward-thinking countries like Luxembourg creating<a href="https://www.wired.com/story/luxembourg-asteroid-mining/">ambitious initiatives around asteroid mining</a>, we are enthusiastic about more advances in this niche in the years to come.</p> <h3>Outro</h3> <p>At Canonical we are privileged to have a well-established pattern of remote work and have been glad to help others by sharing our experience of distributed collaboration and operations. Our<a href="https://admin.insights.www.ii0fi.com/2020/03/19/canonical-managed-services-ubuntu-support-covid-19/"> official commercial stance</a> is, please lean on us, we stand ready to help.<br></p> <p>As for all the makers and hackers out there, if you have an open-source project or initiative you’d like us to showcase in this monthly series, shoot us a message on robotics.canonical@canonical.com. We’ll take it from there. That’s it folks, stay safe in July!<br></p> Adi Singh (Adi Singh)juneroboticsROSthestateofroboticsWed, 08 Jul 2020 09:19:01 +0000Bloghttps://www.ii0fi.com//blog/canonical-developer-advocate-named-microsoft-mvp<p>We would like to congratulate Hayden Barnes, a Developer Advocate at Canonical for Ubuntu on WSL, who was awarded MVP (Most Valuable Professional) by Microsoft for 2020-2021 for his contributions to the Windows Subsystem for Linux (WSL) community. The Microsoft MVP Award is awarded annually by Microsoft to technology experts who passionately share their knowledge [&hellip;]</p> <p>We would like to congratulate <a href="https://twitter.com/unixterminal?s=20" target="_blank" rel="noreferrer noopener" aria-label="Hayden Barnes (opens in a new tab)">Hayden Barnes</a>, a Developer Advocate at Canonical for Ubuntu on WSL, who was awarded MVP (Most Valuable Professional) by Microsoft for 2020-2021 for his contributions to the Windows Subsystem for Linux (WSL) community.</p> <figure class="wp-block-image"><img src="https://admin.insights.www.ii0fi.com/wp-content/uploads/4477/haydenbabygenius.jpg" alt="" class="wp-image-96972"/><figcaption><em>Hayden Barnes, pictured above, was a curious innovator from an early age.<br></em></figcaption></figure> <p>The Microsoft MVP Award is awarded annually by Microsoft to technology experts who passionately share their knowledge with the community. This award is a wonderful recognition for how he has empowered WSL users and been a true innovator. <br></p> <blockquote class="wp-block-quote"><p>“For more than two decades, the Microsoft MVP Award is our way of saying ‘Thanks!’ to outstanding community leaders. The contributions MVPs make to the community, ranging from speaking engagements, to social media posts, to writing books, to helping others in online communities, have incredible impact.” </p><cite>&#8211; Microsoft MVP Program</cite></blockquote> <p>Hayden is the founder of WSLConf, the first community conference dedicated to WSL, held March 10-11, 2020. Hayden joined Canonical in 2019 and leads Ubuntu on WSL development and advocacy. He regularly <a href="https://www.ii0fi.com/blog/getting-started-with-cuda-on-ubuntu-on-wsl-2">blogs</a>, speaks at conferences, assists WSL users on social media and GitHub, appears on podcasts, and finds <a href="https://boxofcables.dev/accelerated-kvm-guests-on-wsl-2/">new</a> and <a href="https://boxofcables.dev/running-windows-2000-on-wsl/">interesting</a> uses for WSL. Hayden is also writing a book on advanced WSL to be published by Apress in 2021.<br></p> <p>The WSL team at Canonical has since grown to include myself, <a rel="noreferrer noopener" aria-label="Sohini Roy (opens in a new tab)" href="https://twitter.com/biankaroy_?s=20" target="_blank">Sohini Roy</a>, Product Manager on Ubuntu on WSL, and <a href="https://twitter.com/callmepkwu?s=20" target="_blank" rel="noreferrer noopener" aria-label="Patrick Wu (opens in a new tab)">Patrick Wu</a>, Lead Engineer on Ubuntu on WSL. In collaboration with the Canonical Public Cloud and Field Engineering teams the WSL team provides the most popular Linux distribution for WSL for individual developers and enterprise clients.<br></p> Sohini Bianka Roy (Sohini Bianka Roy)WSLMon, 06 Jul 2020 20:11:46 +0000Bloghttps://www.ii0fi.com//blog/feeling-at-home-in-a-lxd-container<p>In this post, we will see how we can containerize our home in LXD simply managing our personal configuration files &#8211; a.k.a. dotfiles. Yeah dotfiles, named after their common ~/.my_config form, you know, all of those small configuration files lying across our $HOME. In other words, how one can change the house while keeping the [&hellip;]</p> <figure class="wp-block-image is-resized"><img src="https://admin.insights.www.ii0fi.com/wp-content/uploads/589a/container_house.jpg" alt="At Home in a LXD container." class="wp-image-96323" width="640" height="428" /></figure> <p>In this post, we will see how we can containerize our home in LXD simply managing our personal configuration files &#8211; a.k.a. dotfiles. Yeah dotfiles, named after their common <code>~/.my_config</code> form, you know, all of those small configuration files lying across our <code>$HOME</code>. In other words, how one can change the house while keeping the furniture and decoration in place.<br></p> <blockquote class="wp-block-quote"><p> Because there is no place like $HOME<br></p></blockquote> <p>Since we are spending so much time on our machine, be it for work or for fun (maybe both?), we love to tweak our environment to our taste and needs. Change the UX, create some aliases, using a dark theme and what not. Most, if not all of these are saved in some configuration files somewhere. And since we spent so much time making a home for ourselves, wouldn&#8217;t it be great if we could quickly set it up again on a different computer? This is precisely what we are going to see here.</p> <p>In <a rel="noreferrer noopener" aria-label=" (opens in a new tab)" href="https://www.ii0fi.com/blog/ros-development-with-lxd" target="_blank">a previous post</a>, we saw how to set up a <a rel="noreferrer noopener" aria-label=" (opens in a new tab)" href="https://linuxcontainers.org/" target="_blank">LXD</a> container for developing with <a href="https://www.ii0fi.com/robotics/what-is-ros">ROS</a> (now also <a href="https://www.ii0fi.com/blog/installing-ros-in-lxd">available with an accompanying video</a>). Here we will see how we can quickly set up our personal development environment in the said containers and enable a tidy and seamless workflow.</p> <h2>Picking a dotfiles manager</h2> <p>A dotfiles manager is essentially a piece of software that takes care of your configuration files for you. What does that mean? Well I would personally consider the bare minimum features to include versioning, preferably through git, and of course the installation of the files to their correct location, as they are typically expected to be found at a given path. But we may have different expectations from a dotfiles manager based on our needs and habits. Looking on the web for such manager, you may encounter many of them &#8211; find a whole <a href="https://dotfiles.github.io/utilities/" target="_blank" rel="noreferrer noopener" aria-label=" (opens in a new tab)">list of them here</a>. Most of them work off the same principles, being a small set of utils to help manage our dotfiles.<br></p> <p>In this post we settled using <code><a rel="noreferrer noopener" aria-label=" (opens in a new tab)" href="https://www.chezmoi.io/" target="_blank">chezmoi</a></code>. It is vastly popular, <a rel="noreferrer noopener" aria-label=" (opens in a new tab)" href="https://github.com/twpayne/chezmoi" target="_blank">open source</a> and is available as a <a rel="noreferrer noopener" aria-label=" (opens in a new tab)" href="https://snapcraft.io/chezmoi" target="_blank">snap</a> making it usable virtually anywhere. Some other nice features include being git-based, being cli-based, and supporting multi dotfiles repos. It is <code>chezmoi</code> which will set up our home in LXD as we will see.<br></p> <p>You may want to give a look at the aforementioned list of managers and pick one that best answers your needs and expectations. Note that many of them are interchangeable, so you can get started with <code>chezmoi</code> for now and later move to another one as you see fit.<br></p> <p>Alright so how do we get started?</p> <h2>Creating a dotfiles repository</h2> <p>Before creating our dotfiles backup, we need to install the manager. To install <code>chezmoi</code>, nothing easier, simply use the command:</p> <pre class="wp-block-preformatted">$ snap install chezmoi --classic</pre> <p>And we are done.&nbsp;<br></p> <p>We can now create our git-based dotfiles repository and start filling it up. To create the repository managed by <code>chezmoi</code>, simply enter:</p> <pre class="wp-block-preformatted">$ chezmoi init</pre> <p>This command creates an empty repository in <code>~/.local/share/chezmoi</code>.</p> <p>To backup a dotfile and populate our repository, we make use of the <code>add</code> command:</p> <pre class="wp-block-preformatted">$ chezmoi add .bashrc</pre> <p>The command copies the file in the repository managed by <code>chezmoi</code> at <code>~/.local/share/chezmoi/dot_bashrc</code>.<br></p> <p>Now all we have to do is to commit our change and save our repository online. The command,</p> <pre class="wp-block-preformatted">$ chezmoi cd</pre> <p>places us directly in the git repository where we can use the usual git commands,</p> <pre class="wp-block-preformatted">$ git add dot_bashrc<br>$ git commit -m 'add .bashrc'</pre> <p>Finally we can save our dotfiles online, e.g. on GitHub,</p> <pre class="wp-block-preformatted">$ git remote add origin git@github.com:user/dotfiles.git<br>$ git push -u origin master<br></pre> <p>We should now repeat this operation for each and every configuration file we would like to save. Note that if you have secrets in your dotfiles, say some credentials, SSH keys and such, <code>chezmoi</code> offer <a href="https://www.chezmoi.io/docs/how-to/#keep-data-private">many options</a> for your secrets to remain as such.<br></p> <p>With our dotfiles safely backed up online, we will now see how we can quickly set up our environment on a new machine.<br></p> <h2>Quickly setting up a new machine</h2> <p>Whether you bought a new computer or nuked your old hardware with a fresh new distro, you will now witness the true power of <code>chezmoi</code>.<br></p> <p>To install our cosy environment on a fresh distro, all we have to do is,<br></p> <p>1. Install <code>chezmoi</code>&nbsp; </p> <pre class="wp-block-preformatted">$ snap install chezmoi --classic</pre> <p>2. Import our dotfiles</p> <pre class="wp-block-preformatted">$ chezmoi init <a href="https://github.com/username/dotfiles.git">https://github.com/username/dotfiles.git</a></pre> <p>3. Let <code>chezmoi</code> works its magic,</p> <pre class="wp-block-preformatted">$ chezmoi apply<br></pre> <p>Voila! Home sweet home.<br></p> <p>Of course this post is only a quick overview of a given dotfiles manager. I won&#8217;t detail here all of its options and features and let you discover them for yourself in its <a href="https://www.chezmoi.io/docs/quick-start/">documentation page</a>.<br></p> <p>At this point you may be wondering if this is really worth it. You probably install a fresh distro every 2 years or so and completely change hardware even less frequently. So why bother? Well, fellow developer, aren&#8217;t you using containers? If not, you definitely should consider it and check <a href="https://www.ii0fi.com/blog/ros-development-with-lxd">the aforementioned post</a> where we detail a development workflow for ROS in LXD.<br></p> <h2>A disposable tiny home in LXD</h2> <p>If you are like me, trying your best to keep a tidy laptop while messing around with plenty of different software toys, then you may have had one of these days during which you spawn several containers. Containers in which we don&#8217;t have our sweet bash aliases; on our very own machine! But thanks to <code>chezmoi</code> we can now start up a fresh container and have it mimic <code>$HOME</code> in a matter of seconds. Let me demonstrate it for you with a LXD container,<br></p> <pre class="wp-block-preformatted">$ lxc launch ubuntu:20.04 tmp-20-04<br>$ lxc profile add chezmoi tmp-20-04<br>$ lxc ubuntu tmp-20-04</pre> <p>Ahhh, what a cozy tiny disposable home in LXD!<br></p> <p>That seemed too easy to you? Alright I confess, I used some of my own LXD profile and aliases here. But isn&#8217;t it what this whole post is about? In case you want to use the same kind of shortcuts, allow me to point you once more to our <a href="https://www.ii0fi.com/blog/ros-development-with-lxd">LXD blog post</a>. Anyway, note that the above 3 lines really boils down to,</p> <pre class="wp-block-preformatted">$ lxc launch ubuntu:20.04 tmp-20-04<br>$ lxc exec tmp-20-04 -- sudo --login --user ubuntu<br>...<br>$ snap install chezmoi --classic<br>$ chezmoi init <a href="https://github.com/username/dotfiles.git">https://github.com/username/dotfiles.git</a><br>$ chezmoi apply<br></pre> <p>With this example, I hope that I managed to offer you a glimpse at the power of <code>chezmoi</code> (and more generally of dotfiles managers), especially when coupled to a containerized workflow.<br></p> <p>Before closing, let me give you one last tip. Because we made our containerized workflow rather seamless, it can be easy to lose track of which shell is in a container and which is not. To differentiate them, add the following to your <code>.bashrc</code>:<br></p> <pre class="wp-block-preformatted">function prompt_lxc_header()<br>{<br>&nbsp;&nbsp;if [ -e /dev/lxd/sock ]; then<br>&nbsp;&nbsp;&nbsp;&nbsp;echo "[LXC] ";<br>&nbsp;&nbsp;fi<br>}<br>PS1='$(prompt_lxc_header)'$PS1</pre> <p>When used in a container, a shell prompt in the said container will now look something like:</p> <pre class="wp-block-preformatted">[LXC] ubuntu@tmp-20-04:~$</pre> <p>No more confusion.<br></p> <p><em>Photo by </em><a href="https://en.wikipedia.org/wiki/User:Albert13377/sandbox"><em>Albert13377</em></a><em>&nbsp;on</em><a href="https://unsplash.com/?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText"></a><em> </em><a href="https://commons.wikimedia.org/wiki/File:Sojourner-1-881x589.jpg"><em>Wikimedia Commons</em></a><em>.</em><br></p> Jeremie Deray (Jeremie Deray)LXCLXDROSsc:snap:chezmoiFri, 03 Jul 2020 15:04:37 +0000Bloghttps://www.ii0fi.com//blog/a-snap-confined-shell-based-on-mir-mircade<p>Mircade: An example snap confined user shell There are various scenarios and reasons for packaging a Snap confined shell and a selection of applications together in a confined environment. You might have applications that work well together for a particular task; or, you may want to offer a number of alternative applications and have them [&hellip;]</p> <h1>Mircade: An example snap confined user shell</h1> <figure class="wp-block-image"><img src="https://ubuntucommunity.s3.dualstack.us-east-2.amazonaws.com/optimized/2X/5/56c56d3a1bb0e91168f4605d8ecec072ed2f02a0_2_690x568.png" alt="Screenshot%20from%202020-05-29%2014-57-33" /><figcaption>A snap confined shell running on the desktop</figcaption></figure> <p>There are various scenarios and reasons for packaging a Snap confined shell and a selection of applications together in a confined environment. You might have applications that work well together for a particular task; or, you may want to offer a number of alternative applications and have them available on a wide range of target platforms. Mircade illustrates this approach.</p> <h2>Contents of the Mircade snap</h2> <h3>The user shell</h3> <p>A user shell is a program that allows the user to interact with the computer. It could be as simple as a command-line shell or as complex as a full desktop environment.</p> <p>For Mircade I use a modified example Mir shell (egmde) I’ve presented in other writings. This &#8220;mircade&#8221; version of egmde allows the user to select one of a number of programs and run it all within the Snap confined environment.</p> <pre class="wp-block-code"><code> egmde: source: https://github.com/AlanGriffiths/egmde.git source-branch: mircade plugin: cmake-with-ppa ppa: mir-team/release build-packages: - pkg-config - libmiral-dev - libboost-filesystem-dev - libfreetype6-dev - libwayland-dev - libxkbcommon-dev - g++ stage-packages: - try: [libmiral4] - else: [libmiral3] - mir-graphics-drivers-desktop - fonts-freefont-ttf stage: - -usr/share/wayland-sessions/egmde.desktop - -bin/egmde-launch</code></pre> <h2>The applications</h2> <p>A successful &#8220;bundled&#8221; snap is really down to choosing a compelling set of applications.</p> <p>I’ve taken a bunch of games from the Ubuntu archive and bundled them into the snap. That choice is only an illustration, there&#8217;s no need to choose games, or programs from the archive.</p> <pre class="wp-block-code"><code> neverball: plugin: nil stage-packages: - neverball</code></pre> <p>In this example, most of the applications use SDL2 and all use Wayland. </p> <pre class="wp-block-code"><code> sdl2: plugin: nil stage-packages: - libsdl2-2.0-0 - libsdl2-image-2.0-0 - libsdl2-mixer-2.0-0 - libsdl2-net-2.0-0</code></pre> <p>I&#8217;ve not covered other toolkits in the Mirade example. In spite of this, applications based on GTK, Qt and X11 can also be packaged.</p> <h2>The target platforms</h2> <h3>Running on Ubuntu Core</h3> <p>There are a lot of advantages to running Ubuntu Core on IoT devices, and Mircade shows how a bundle of applications can be delivered for this. When installed on Ubuntu Core, Mircade connects to a Wayland 乐天堂fun88备用网址 (such as mir-kiosk).</p> <h3>Running on Classic Linux</h3> <p>On Ubuntu Classic there are four ways that Mircade can run, the first three are:</p> <ol><li>Connecting to an X11 compositor as a window on a traditional desktop</li><li>Connecting to a Wayland compositor as a fullscreen window on a traditional desktop</li><li>Running directly on the hardware as a graphical login session</li><li></li></ol> <p>For each of these the corresponding interface needs to be connected:</p> <table class="wp-block-table"><tbody><tr><td>Connecting to an X11 compositor</td><td><code>snap connect mircade:x11</code></td></tr><tr><td>Connecting to a Wayland compositor</td><td><code>snap connect mircade:wayland</code></td></tr><tr><td>Running directly on the hardware</td><td><code>snap connect mircade:login-session-control</code></td></tr></tbody></table> <p>The fourth option, typically on an Ubuntu 乐天堂fun88备用网址 installation, is to run in the same way as on Ubuntu Core using a <code>mir-kiosk</code> daemon as to access the hardware.</p> <h2>Security: Snap confinement</h2> <h3>What does ‘confinement’ mean?</h3> <p>Historically, there’s been a high cost of entry to application development and distribution meaning that developers and packagers have had to establish a reputation and trust. Some people may have suspicions of what applications like Microsoft Office or Google Chrome do. Regardless, there’s no realistic fear that Microsoft or Google will steal money from you or hold information on your computer for ransom.</p> <p>Remember, running an application on a computer gives it, and by extension, the developers of that application, access to your computer. Without precautions, it gets access to everything you can access. It is not just running an application requires caution: before running an application you have to install it. Traditional packaging solutions such as .deb and .rpm, give root access to your system to the packagers.</p> <p>Over the years the barrier to entry in application development has become low. Writing an app and getting it into an &#8220;app store&#8221; has never been easier: application development and packaging is no longer the preserve of a few well-known organizations. The basis for trust that used to exist has been eroded.</p> <p>Computers are being trusted with more and more sensitive information. We carry pocket computers with us everywhere and trust them to hold personal information including access to bank accounts, credit cards and medical details.</p> <p>Taking precautions to mitigate the risk posed by untrusted code is where app confinement comes into play. Confining the app at the operating system level restricts its access to your computer to only those things that are needed for it to work.</p> <h3>How does ‘app confinement’ work?</h3> <p>Software developers know that something that sounds simple in the user domain can involve some serious work in the solution domain. App confinement is no exception: we need to consider what the operating system needs to do to confine an app; how that can be controlled; how the user can review and configure the confinement. Mircade provides an example of applications being selected and run with restricted access to the system.</p> <h4>Kernel and userspace</h4> <p>The code running on a computer can be divided into ‘kernel’ and ‘userspace’. The kernel is that part of the operating system that mediates all interaction with hardware and between processes. The userspace is everything that runs within a normal app.</p> <p>If we write a “hello world” application, the code we write runs in userspace. And so does the output function from the library we use (maybe <code>operator&lt;&lt;()</code> , or <code>printf()</code> or …) but at some point it writes to the console and at that point the kernel takes over and, eventually (there may well be further userspace and kernel code executed), some pixels are lit on the screen.</p> <p>Without the kernel code can’t access your files, it can’t access the internet, it can’t access your keyboard, mouse, touchpad, interact with other processes, etc.</p> <p>That makes the interface between userspace and kernel a useful place to restrict the activities of a program.</p> <h4>Snaps and AppArmor</h4> <p>AppArmor is an implementation detail of ‘snap confinement’, which is a component of Canonical’s ‘Snap’ packaging format. Snaps make use of lists of AppArmor rules called ‘interfaces’, each of which covers identifiable capabilities. These interfaces are reviewed by the Snap developers and can be enabled (or disabled) by the end user.</p> <p>These are the permissions used by Mircade:</p> <pre class="wp-block-code"><code>$ snap connections mircade Interface Plug Slot Notes audio-playback mircade:audio-playback :audio-playback - hardware-observe mircade:hardware-observe - manual login-session-control mircade:login-session-control - manual network-bind mircade:network-bind :network-bind - opengl mircade:opengl :opengl - wayland mircade:wayland :wayland manual x11 mircade:x11 :x11 - </code></pre> <h2>Conclusion</h2> <p>The Mircade snap confined shell demonstrates how it is possible to take some applications, a user shell and Snap technology and use them deliver a portable, secure package to multiple Linux platforms including Ubuntu Core, Ubuntu Desktop and many other distros.</p> <p>Targeting multiple platforms is important to the developers of snaps and confinement is important as users of a snap can ensure that it has limited access to their computer and what they are doing with it. </p> <p>Do you have, or know of, a set of applications that would benefit from this approach?</p> <div class="wp-block-media-text alignwide"><figure class="wp-block-media-text__media"><img src="https://snapcraft.io/static/images/badges/en/snap-store-white.svg" alt="Get it from the Snap Store" /></figure><div class="wp-block-media-text__content"> <p class="has-large-font-size"></p> </div></div> <hr class="wp-block-separator" /> <h2>References</h2> <table class="wp-block-table"><tbody><tr><td>Mircade on GitHub</td><td><a href="https://github.com/Mir乐天堂fun88备用网址/mircade">https://github.com/Mir乐天堂fun88备用网址/mircade</a></td></tr><tr><td>Egmde on GitHub</td><td><a href="https://github.com/AlanGriffiths/egmde/">https://github.com/AlanGriffiths/egmde/</a></td></tr><tr><td>The Mir display 乐天堂fun88备用网址</td><td><a href="https://mir-乐天堂fun88备用网址.io/">https://mir-乐天堂fun88备用网址.io/</a></td></tr></tbody></table> Alan Griffiths (Alan Griffiths)IoTmirmir-kiosksc:snap:mir-kiosksnapcraft.ioFri, 03 Jul 2020 13:10:03 +0000Bloghttps://www.ii0fi.com//blog/a-blast-from-the-past-shutter<p>The wheel of software turns, and apps come and go. But the end of development does not always mean the end of usefulness. Sometimes, programs stubbornly remain around, offering a complete experience that can withstand the test of time. Several weeks ago, we talked about how you can preserve old applications with snaps. Today, we [&hellip;]</p> <p>The wheel of software turns, and apps come and go. But the end of development does not always mean the end of usefulness. Sometimes, programs stubbornly remain around, offering a complete experience that can withstand the test of time.</p> <p>Several weeks ago, we talked about <a href="https://snapcraft.io/blog/how-to-preserve-old-software-with-snaps">how you can preserve old applications with snaps</a>. Today, we would like to expand on this concept and talk about Shutter, a feature-rich screenshot application that was rather popular several years ago. Its development has stalled in recent years, and it has become more difficult to install and run it on newer versions of various Linux distributions. But Shutter has gained a new life as a snap.</p> <h1>Old but not obsolete</h1> <p>If you were one of the long-time users of Shutter, you can still enjoy most of its tools and features. If you’ve not used it before, then a short tour is in order. Install the snap and launch the application.</p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/j69h4Kk_08Q4_stJKmBa39B6TnAQig3L2kMHmSfQXVBmWIRWm4a-GRo03MOuBxATPLlVZ0ChNe3QuaOplSbFyXhi-sQ18IzhRM0R_wPR7ApUR8x-4lXSkMxHNYBG98NQhMNR5ubW" alt=""/></figure> <p>Shutter allows you to take screenshots of selections, your entire desktop &#8211; including different workspaces, and individual application windows. Screenshots are displayed in tabs, so you can conveniently scroll through your session gallery. Sessions are also preserved across application restarts.</p> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/oXwDHQEJTDpni4C91ddY05MQVl-XHEWgsjsdARWZu379DxnrRFMblAapwy4imyWSGF6R9smh0DrIlyQS-ZzE08QW4fLFsKutbw032BF-_z7YD1MVEi6CyJnAAKG1L3aB0hsbcX6W" alt=""/></figure> <figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/ohL0rwA5sc-cgODGxBwPLw80AZbTiaw8Gq3d99vR-O3H86IqYAJvap4PsPgf-5Kano7V5-Gg-hdBhz1bBpwBLQWZJ69cS82VQaNGUcPIVoWHR7Qfvw2REsPII0_MEBTe7MEI4KxQ" alt=""/></figure> <p>You can also edit images. Shutter comes with an integrated drawing tool, offering a limited if still quite powerful image editing set. This means you do not necessarily have to export your screenshots to a program like GIMP, you can make some basic changes and decorations inside Shutter. You can add layers, type in text, draw various shapes including arrows, or fill parts of the image with different colors.</p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/rr5jUb5PHCi6uJ4bYDM01dhd2uukHFfd8DrEeTZUNx5MHIubqWZ8BC1OUL5zJQuRDyGlr9MJ-K4158ovWEs65tnVkusDVjh11uRSOGrYwhLV3W0N4jPBXiKjGagKxCz69HtMVova" alt=""/></figure> <p>On top of that, the detailed preferences section allows you to tweak your workflow, including image export to online sharing services. This makes Shutter a handy tool for collaboration, in addition to local work with screenshots. Furthermore, you can configure multiple profiles, allowing you to use different settings for specific usage scenarios.</p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/tIKu8zGUuD-g2-sQsrJAdoDdElmF5d-0lwKLSV9WyDj1Ws32CtP7sCeA8617BfrByeO3C3a2HDMMalHSxI6yYM49guJY0Nu45hgWXzcSZcXnLd6BXvhlq7PIS6J_W96I_KMSDZeW" alt=""/></figure> <figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/CJxb3Fx4Sk1FiDor5Og4r2GsCPlk6a4UqsL-Ai_V16uW6e9qFviBx5q4yQuHVjkv018UJMbK03Il8cZtgNCtKCIrFEGUgbjhByagvWhV6VrWZZZXRCpdFYr6FmK3gXSzLcRKCkgq" alt=""/></figure> <h1>Not everything is perfect …</h1> <p>However, certain features do not currently work, including some outstanding problems that were present in Shutter even in the earlier days of its popularity and have not been resolved or patched. Shutter can take screenshots of specific application menus, balloon tips and other overlay elements on the desktop, but this may not necessarily work as intended. Plugins &#8211; a series of automated image modifications like distort, sepia, polaroid and others may also be outdated and not work as expected.</p> <figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/-_r-K3BlPG7dWy1MEBqsme52UWBKWSb9kHU92bp-JYK44zgh0k9gBUYQ51kT-tnLQFL4gDLZwAt1LWxMK4ObZl5D5o9-WBepIH-d8UZKR307fjlH391s4WopmDHRiiuG5dmr9FhN" alt=""/></figure> <h1>This is where you step in!</h1> <p>With Shutter’s functionality enshrined and secure as a snap, users can have a reliable experience on modern Linux distributions, even if the application is no longer available in the standard repository archives. It is packaged using <a href="https://snapcraft.io/docs/snap-confinement">strict confinement</a>, which ensures isolation from the underlying system, and it will run without any library dependency conflict. This means we can focus on trying to improve the functionality where possible &#8211; with Shutter as well as other software.</p> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/xDILGbaTIh9-8MEE0Hzt4h8fp9vLWBlCb13qJOb4LIkBAb6PqrbaeFqLZqIoww0SxXPoe1n3GLPNffDQ7GQi2ZSj9cAX7ug5pB0-KFIX-MsksXi0SvbG4M4wkB3GRmEs6iDQ-5an" alt=""/><figcaption>Snap City needs its heroes …</figcaption></figure> <p><em><br></em>We would like to ask you for your help and ideas. If you have old applications that merit preservation and still have relevant use cases in the modern age, please start a thread on the <a href="https://forum.snapcraft.io/">snapcraft forum</a> so we can discuss the best way to include it in the Snap Store.</p> <p>Moreover, if you think you can assist in helping resolve outstanding bugs in old software currently in the Store catalog, like say Shutter, we would also like to hear from you. Indeed, in the coming weeks, we will have an article that outlines all the different ways you can help and contribute to the development of the snap ecosystem.</p> <p>Superhero photo by<a href="https://unsplash.com/@_alikokab_?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText"> Ali Kokab</a> on<a href="https://unsplash.com/?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText"> Unsplash</a>, main page photo by<a href="https://unsplash.com/@jakobowens1?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText"> Jakob Owens</a> on<a href="https://unsplash.com/?utm_source=unsplash&amp;utm_medium=referral&amp;utm_content=creditCopyText"> Unsplash</a>.</p> Igor Ljubuncic (Igor Ljubuncic)old softwaresc:snap:shuttersnapcraft.ioSnapsThu, 02 Jul 2020 15:46:26 +0000Bloghttps://www.ii0fi.com//blog/data-science-workflows-on-kubernetes-with-kubeflow-pipelines-part-2<p>This blog series is part of the joint collaboration between Canonical and Manceps. Visit our AI consulting and delivery services page to know more. Introduction Kubeflow Pipelines are a great way to build portable, scalable machine learning workflows. It is a part of the Kubeflow project that aims to reduce the complexity and time involved [&hellip;]</p> <p style="text-align:center"><em>This blog series is part of the joint collaboration between Canonical and <a href="https://www.manceps.com/">Manceps</a>. </em><br><em>Visit our <a href="https://www.ii0fi.com/kubeflow/consulting">AI consulting and delivery</a> services page to know more.</em></p> <h3><strong>Introduction</strong></h3> <p><a href="https://www.kubeflow.org/docs/pipelines/overview/pipelines-overview/">Kubeflow Pipelines</a> are a great way to build portable, scalable machine learning workflows. It is a part of the <a href="http://www.kubeflow.org">Kubeflow</a> project that aims to reduce the complexity and time involved with training and deploying machine learning models at scale. For more on Kubeflow, read our <a href="https://www.ii0fi.com/blog/kubernetes-for-data-science-meet-kubeflow">Kubernetes for data science: meet Kubeflow</a> post.<br></p> <p>In this blog series, we demystify Kubeflow pipelines and showcase this method to produce reusable and reproducible data science. &#x1f680; </p> <p>In <a href="https://www.manceps.com/articles/tutorial/data-science-workflows-on-kubernetes-with-kubeflow-pipelines-part-1">Part 1</a>, we covered WHY Kubeflow brings the right standardization to data science workflows. Now, let’s see HOW you can accomplish that with Kubeflow Pipelines.</p> <p>In Part 2 of this blog series, we&#8217;ll work on building your first Kubeflow Pipeline as you gain an understanding of how it’s used to deploy reusable and reproducible ML pipelines. &#x1f680;</p> <p>Now, it is time to get our hands dirty! &#x1f468;&#x1f3fb;&#x200d;&#x1f52c;</p> <h3><strong>Building your first Kubeflow pipeline</strong></h3> <p>In this experiment, we will make use of the fashion MNIST dataset and the <a href="https://www.tensorflow.org/tutorials/keras/classification">Basic classification with Tensorflow</a> example and turn it into a Kubeflow pipeline, so you can repeat the same process with any notebook or script you already have worked on. </p> <p>You can follow the process of migration into the pipeline on this <a href="https://github.com/lildonpancho/manceps-canonical/blob/master/KF_Fashion_MNIST.ipynb">Jupyter notebook</a>.</p> <p>Ready? &#x1f680;</p> <h4><strong>Step 1: Deploy Kubeflow and access the dashboard</strong></h4> <p>If you haven’t had the opportunity to launch Kubeflow, that is ok! You can deploy Kubeflow easily using Microk8s by following the tutorial &#8211; <a href="https://www.ii0fi.com/tutorials/deploy-kubeflow-ubuntu-windows-mac">Deploy Kubeflow on Ubuntu, Windows and MacOS</a>. </p> <p>We recommend deploying Kubeflow on your workstation if you have a machine with 16GB of RAM or more. Otherwise, spin up a virtual machine with these resources (e.g. t2.xlarge EC2 instance) and follow the same deployment process. </p> <p>You can find alternative deployment options <a href="https://www.manceps.com/articles/tutorial/how-to-install-kubeflow-on-various-operating-systems">here</a>.</p> <h4><strong>Step 2: Launch notebook 乐天堂fun88备用网址</strong><br></h4> <p>Once you have access to the Kubeflow dashboard, setting up a Jupyter notebook 乐天堂fun88备用网址 is fairly straightforward. You can follow the steps <a href="https://www.kubeflow.org/docs/notebooks/setup/">here</a>.</p> <figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/evggb22NGleAgtB_ct9TAEQWkJLCBjqlhPRiiOcK_uXG4JIHx5pvqgdpwz5QPdbnK5h_8TBtHzC8PzIL6-jnPaTNDHxzs8vFCL_NLKjDAk4i1DNyMqc7BMnWMxS0zibCaZ_q2GMw" alt=""/></figure> <p>Launch the 乐天堂fun88备用网址, wait a few seconds, and connect to it. </p> <h4><strong>Step 3: Git clone example notebook</strong><br></h4> <p>Once in the Notebook 乐天堂fun88备用网址, launch a new terminal from the menu on the right (New &gt; Terminal).</p> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/iOiqZDkBjNfomD-jS4fPNtji8PW6w_qH5pS5DSlfGvTtuprUAc18XBYf_Nvmon59FSsI7nrWzfEUgFJQqoOqOFaazJYW8jOaWJh7CWRaUgrwrbkG18ONjE72zC982sN476YRTtIh" alt="" style="border:3px solid #eeeeee"><figcaption><br></figcaption></figure> <p>In the terminal, download the notebook from GitHub:</p> <pre class="wp-block-code"><code>$ git clone https://github.com/manceps/manceps-canonical.git</code></pre> <p>Now, open the “KF_Fashion_MNIST” notebook:</p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/L-Jz2pTgRWV0n653kVQ0BAxwujXq_OWhmuZ8uZn6ylErRJGxrOZpArBYc1NiqduvVn6oUBwICviyjLKZCQWkSQ4rWXRnpScNIORxB0Sm0kGydainKvmTxdFqrg_FVQop1DO8zI1M" alt="" style="border:3px solid #eeeeee"><figcaption> <br>Jupyter notebook for this experiment &#8211; download <a href="https://github.com/manceps/manceps-canonical/blob/master/KF_Fashion_MNIST.ipynb">here</a>. <br></figcaption></figure> <h4><strong>Step 4: Initiate Kubeflow pipelines SDK </strong></h4> <p>Now that we’re on the same page, we can kickstart our project together in the browser. As you see, the first section is adapted from the <a href="https://www.tensorflow.org/tutorials/keras/classification">Basic classification with Tensorflow</a> example. Let’s skip that and get on with converting this model into a running pipeline.<br><br>To ensure access to the packages needed through your Jupyter notebook instance, begin by installing Kubeflow Pipelines SDK (<a href="https://www.kubeflow.org/docs/pipelines/sdk/sdk-overview/">kfp</a>) in the current userspace:</p> <pre class="wp-block-code"><code>!pip install -q kfp --upgrade --user</code></pre> <h4> <strong>Step 5:</strong> <strong>Convert Python scripts to docker containers</strong><br></h4> <p>The Kubeflow Python SDK allows you to build lightweight components by defining python functions and converting them using <a href="https://kubeflow-pipelines.readthedocs.io/en/latest/source/kfp.components.html#kfp.components.func_to_container_op"><em>func_to_container_0p</em></a><em>.</em></p> <p>To package our python code inside containers you define a standard python function that contains a logical step in your pipeline. In this case, we have defined two functions: <em>train </em>and<em> predict</em>.</p> <p>The <em>train </em>component will train, evaluate, and save our model.</p> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/hlsWc89LaY-TC7xWHaeUUt5fxZSTWV0A_zpyYqdmOrtiNeU9D34ZajB5CQPOS7jR0XOZswoepXOyCSsQUpl1ZZiORx3WbWeCieE6UWqINtcZW8xGvhoqvVLvdnAb_41KdhQl8HpK" alt=""/></figure> <p>&nbsp;The <em>predict </em>component takes the model and makes a prediction on an image from the test dataset.</p> <pre class="wp-block-code"><code># Grab an image from the test dataset Img = test_images[image_number]</code></pre> <pre class="wp-block-code"><code># Predict the label of the image predictions = probability_model.predict(img)</code></pre> <p>The code used in these components is in the second part of the <a href="https://www.tensorflow.org/tutorials/keras/classification">Basic classification with Tensorflow</a> example, in the “Build the model” section.<br></p> <p>The final step in this section is to transform these functions into container components. You can do this with the <em>func_to_container_op</em> method as follows.<br></p> <pre class="wp-block-code"><code>train_op = comp.func_to_container_op(train, base_image='tensorflow/tensorflow:latest-gpu-py3') predict_op = comp.func_to_container_op(predict, base_image='tensorflow/tensorflow:latest-gpu-py3')</code></pre> <h4><strong>Step 6: Define Kubeflow pipeline</strong></h4> <p>Kubeflow uses Kubernetes resources which are defined using <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#describing-a-kubernetes-object">YAML</a> templates. Kubeflow Pipelines SDK allows you to define how your code is run, without having to manually manipulate YAML files.&nbsp;<br></p> <p>At compile time, Kubeflow creates a compressed YAML file that defines your pipeline. This file can later be reused or shared, making the pipeline both scalable and reproducible.</p> <p>Start by initiating a Kubeflow client that contains client libraries for the Kubeflow Pipelines API, allowing you to further create experiments<em> </em>and runs within those experiments from the Jupyter notebook. </p> <pre class="wp-block-code"><code>client = kfp.Client()</code></pre> <p>We then define the pipeline name and description, which can be visualized on the Kubeflow dashboard.</p> <figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/BY4Ls0iBV2YB5HXJzrXLV_BrsgL4uqQ-VrJr5oUp0aVwG0CR9ozq9jAmtCXkAJBoBbx8WTdtHQ-UY0FMd6q2L3g_JQVPm0Oor9Ltl64ncnwRcDByCkF_pk8aQ-Rq1nO-6ErXPDSf" alt=""/></figure> <p>Next, define the pipeline by adding the arguments that will be fed into it.<br></p> <p>In this case, define the path for where data will be written, the file where the model is to be stored, and an integer representing the index of an image in the test dataset:</p> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/-nxuY1Eboe5jpj9SCmbFnBUHkpuNa27O-QQhzfvAuffx4vrthH7AxgulVMQ5iRzgh0KhCwZH8sUUAeotTK9DqBiC22a0YBruu922fRLhiUTZaZsiENddCd728MwZUxOK29Pm6ZM5" alt=""/></figure> <h4><strong>Step 7: Create a persistent volume</strong></h4> <p>One additional concept we need to add is the concept of <a href="https://kubernetes.io/docs/concepts/storage/persistent-volumes/">Persistent Volumes</a>. Without adding persistent volumes, we would lose all the data if our notebook was terminated for any reason. kfp allows for the creation of persistent volumes using the <a href="https://kubeflow-pipelines.readthedocs.io/en/latest/source/kfp.dsl.html#kfp.dsl.VolumeOp"><em>VolumeOp</em></a> object.<br></p> <figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/i6Tc09_0nrTbAPRQ7bPuZvv6F6x83YSM8KWgO_YZhvQTYyK66qW7U2EZYy1IBSyY-h5PAMQ8BAuwBjumSE1Hfk9V53ZcWraAzLWk8jG2AHM2aHI2Sarjq8epRiMxyOQ9m0ci8TBW" alt=""/></figure> <p><em>VolumeOp</em> parameters include:<br></p> <ul><li><strong>name </strong>&#8211; the name displayed for the volume creation operation in the UI</li><li><strong>resource_name </strong>&#8211; name which can be referenced by other resources.</li><li><strong>size </strong>&#8211; size of the volume claim</li><li><strong>modes </strong>&#8211; access mode for the volume (See <a href="https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes">Kubernetes docs</a> for more details on access mode).&nbsp;</li></ul> <h4><strong>Step 8: Define pipeline components</strong></h4> <p>It is now time to define your pipeline components and dependencies. We do this with <a href="https://kubeflow-pipelines.readthedocs.io/en/latest/source/kfp.dsl.html#kfp.dsl.ContainerOp"><em>ContainerOp</em></a><em>,</em> an object that defines a pipeline component from a container.</p> <figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/x9PXDy_i4UngijEipsHEhvnnDcT8y4xalau_JNZPA5bus94f7Nf82NNvG3N1bguKCylf1qcXqKcynOQc-GLWc8Shyl1OfdpztAb2hOYf3OoXknLwgLlZsGcVdxIqxzHV7vqWEnZQ" alt=""/></figure> <p>The <em>train_op </em>and <em>predict_op </em>components take arguments which were declared in the original python function. At the end of the function we attach our <em>VolumeOp </em>with a dictionary of paths and associated <em>Persistent Volumes</em> to be mounted to the container before execution.<br></p> <p>Notice that while <em>train_op</em> is using the <em>vop.volume</em> value in the <em>pvolumes</em> dictionary, the <em>&lt;Container_Op&gt;.pvolume</em> argument used by the other components ensures that the volume from the previous <em>ContainerOp</em> is used, rather than creating a new one.<br></p> <p>This inherently tells Kubeflow about our intended order of operations. Consequently, Kubeflow will only mount that volume once the previous <em>&lt;Container_Op&gt;</em> has completed execution.<br></p> <p>The final <em>print_prediction </em>component is defined somewhat differently. Here we define a container to be used and add arguments to be executed at runtime.</p> <p>This is done by directly using the <a href="https://kubeflow-pipelines.readthedocs.io/en/latest/source/kfp.dsl.html#kfp.dsl.ContainerOp"><em>ContainerOp</em></a><em> </em>object<em>.</em></p> <figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/bqknHwoO2ymzQNVC_XKHcybWkaj-uOijY_DPzDe0hAmWNfSRmOP5ZED3UC6Ji3E-lmS9tySvF6JC10PKCDalQXTx2w0h05omkLcfKe0cd9JaY3C3kjYhofnoDSxAUHKmXKEypoam" alt=""/></figure> <p><em>ContainerOp</em> parameters include:<br></p> <ul><li><strong>name </strong>&#8211; the name displayed for the component execution during runtime.</li><li><strong>image </strong>&#8211; image tag for the Docker container to be used.</li><li><strong>pvolumes </strong>&#8211; dictionary of paths and associated <em>Persistent Volumes</em> to be mounted to the container before execution.</li><li><strong>arguments </strong>&#8211; command to be run by the container at runtime.</li></ul> <h4><strong>Step 9: Compile and run</strong></h4> <p>Finally, this notebook compiles your pipeline code and runs it within an experiment. The name of the run and of the experiment (a group of runs) is specified in the notebook and then presented in the Kubeflow dashboard. You can now view your pipeline running in the Kubeflow Pipelines UI by clicking on the notebook link <u>run</u>.<br></p> <h3><strong>Results</strong></h3> <p>Now that the pipeline has been created and set to run, it is time to check out the results. Navigate to the Kubeflow Pipelines dashboard by clicking on the notebook link run or <em>Pipelines → Experiments → fasion_mnist_kubeflow</em>. The components defined in the pipeline will be displayed. As they complete the path of the data pipeline will be updated.<br></p> <div class="wp-block-image"><figure class="aligncenter is-resized"><img src="https://lh4.googleusercontent.com/hbElNpy5ambXdkucB_ubSQCVgKp4brFvQyikuVEa3xE45ZPRyvsbhecZkJ78eIUoL_k67Ghv25Ubi-xyWuX5FviJ1qh5rMxaRvcz94jh0yEE5nO2VdpIWCTeloVwR5SeTheJ4xHS" alt="" width="308" height="330"/></figure></div> <p>To see the details for a component, we can click directly on the component and dig into a few tabs. Click on the logs tab to see the logs generated while running the component.<br></p> <figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/9fmojFW4gPeiVUaAuloAxq_pJ365LzPtmnT2cwrbbGvaXqhr4McjdtQRtALzweAjSyLlv-TfMHpqfqr5JD0iJrFKDB0jz0WBbovEK8ZDjgV8-pzh-Bm3D11kGEZpQI03Ufsf2Y0_" alt=""/></figure> <p>Once the <em>echo_result</em> component finishes executing, you can check the result by observing the logs for that component. It will display the class of the image being predicted, the confidence of the model on its prediction, and the actual label for the image.</p> <figure class="wp-block-image is-resized"><img src="https://lh4.googleusercontent.com/qp2fofo5Cd58Igsh1JVuWBEU2YNxwOVGNI6rn5umneub32D--w_pUHjYNHvu4JYbeioqrOBZldpgg_Xu-ROiv2A9bwvnwndrgH4qWw0d9PnUut78QVEqelrHMBlNSNvgkgjbRCDM" alt="" width="415" height="26"/></figure> <h3><strong>Final thoughts</strong></h3> <p>Kubeflow and Kubeflow Pipelines promise to revolutionize the way data science and operations teams handle machine learning operations (MLOps) and pipelines workflows. However, this fast-evolving technology can be challenging to keep up with.<br></p> <p>In this blog series we went through a conceptual overview, in <a href="https://www.manceps.com/articles/tutorial/data-science-workflows-on-kubernetes-with-kubeflow-pipelines-part-1">part 1</a>, and a hands-on demonstration in part 2. We hope this will get you started on your road to faster development, easier experimentation, and convenient sharing between data science and DevOps teams.<br></p> <p>To keep on learning and experimenting with Kubeflow and Kubeflow Pipelines:<br></p> <ol><li>Play with <a href="https://github.com/kubeflow/examples">Kubeflow examples</a> on GitHub</li><li>Read our <a href="https://www.ii0fi.com/blog/kubernetes-for-data-science-meet-kubeflow">Kubernetes for data science: meet Kubeflow</a> post. </li><li>Visit <a href="http://www.www.ii0fi.com/kubeflow">www.ii0fi.com/kubeflow</a></li></ol> <p style="text-align:center"><em>Would you like us to deploy and maintain your Kubeflow deployments? Find out more on Canonical&#8217;s</em><a href="https://www.ii0fi.com/kubeflow/consulting"><em>Kubeflow consulting</em></a><em>&nbsp;page. </em></p> Rui Vasconcelos (Rui Vasconcelos)AIdeep learningKubeflowmachine learningpipelineThu, 02 Jul 2020 09:38:37 +0000Bloghttps://www.ii0fi.com//blog/ceph-encryption-at-rest<p>Do you have a big data center? Do you have terabytes of confidential data stored in that data center? Are you worried that your data might be exposed to malicious attacks? One of the most prominent security features of storage solutions is encryption at rest. This blog will explain this in more detail and how [&hellip;]</p> <p>Do you have a big data center? Do you have terabytes of confidential data stored in that data center? Are you worried that your data might be exposed to malicious attacks? One of the most prominent security features of storage solutions is encryption at rest. This blog will explain this in more detail and how it is implemented in <a href="https://www.ii0fi.com/ceph">Charmed Ceph</a>, Canonical’s software-defined storage solution.</p> <h2>What is data at rest?</h2> <p>Before we dive into encryption, we need to define what data at rest is. There are three states for digital data: data in use, data in transit and data at rest. Data in use refers to active data stored in non-persistent volumes, typically RAM or CPU caches. Data in transit is the state where data is transferred over a network, either private or public. Data at rest means inactive data that is stored physically on persistent storage, i.e. disks, databases, data warehouses, mobile devices, archives, etc. When at rest, data can be subject to malicious threats such as data theft or data corruption by obtaining physical access to the storage hardware. There are multiple security measures to protect data at rest, starting from password protection, federation and data encryption.</p> <h2>What is data encryption at rest?</h2> <p>Encryption at rest is the encoding of data when it is persisted. It is designed to prevent the attacker from accessing unencrypted data by ensuring all raw data is encrypted when stored on a persistent device.&nbsp;<br></p> <p>Encryption at rest addresses a multitude of potential threats. Starting from the lowest threat level like the theft of an HDD device, 乐天堂fun88备用网址 loss, up to extremes such as the compromise of an entire rack of 乐天堂fun88备用网址s or the entire data center, businesses will have peace of mind as long as the stolen data was encrypted. The attacker could still get physical access to the storage, but without the encryption keys, it is significantly more complex and resource-consuming to read the encrypted data.<br></p> <p>Nowadays, most businesses are interested in data security, especially after the introduction of GDPR. Some also need to comply with industry and government regulations such as HIPAA, PCI-DSS and FedRAMP. Encryption at rest is a prerequisite for some of those regulations and Canonical’s <a href="https://www.ii0fi.com/security/certifications">security certification program</a> can help your business stay compliant.</p> <h2>How does encryption at rest work?</h2> <p>Encryption of data on block storage in a Linux environment is quite straightforward. The <a href="https://www.ii0fi.com/kernel">Ubuntu kernel </a>supports the <a href="https://en.wikipedia.org/wiki/Dm-crypt">dm-crypt</a> and <a href="https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup">LUKS</a> utilities, for transparent disk encryption and on-disk encryption key management respectively. However, encryption at rest also requires a key management solution (KMS) to ensure the security of the encryption keys and proper role-based access control (RBAC) definitions.&nbsp;</p> <h2>Ceph encryption at rest</h2> <p>Charmed Ceph supports encryption at rest out-of-the-box both as part of an OpenStack private cloud deployment and as a standalone storage solution. Charmed Ceph is based on a model-driven approach. All <a href="https://www.ii0fi.com/ceph/what-is-ceph">Ceph components</a> are wrapped in charms, that is, code that drives lifecycle management automation.<br></p> <figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/CBM5qSVfiBagMMDeYD4mhwOEaYs6G-8wlt7qJibES1Y7v0t0JmkUDKV79dg0hveqx-mGuGAH_vby9wPofOVLeIeKYra_OA1y9UdKUbImWEZREAE3Bw3-S8IaRssRMcZH4y2VKnY2" alt="Ceph and Vault communication model"/></figure> <p>For Ceph encryption at rest, the selected KMS is <a href="https://www.vaultproject.io/">Hashicorp Vault</a>. Vault is a widely used Encryption-as-a-Service solution that supports centralised key management and key rotation to ensure cryptographic best practices. When booting up, Vault needs to be unsealed in order for services to connect to it and read their encryption keys. Unsealing Vault requires a Master encryption key that needs a number of unseal keys to be unlocked. After initialising Vault, the data center operations team needs to provide a token retrieved from Vault to establish a connection between the Ceph charms and Vault.<br></p> <p>Charmed Ceph uses <a href="https://github.com/openstack-charmers/vaultlocker">Vaultlocker</a> as an integration component between dm-crypt and Vault. Vaultlocker ensures the encryption keys are only ever held in memory locally and stored persistently in Vault, only to be read from Vault into memory during any subsequent operation, such as unlocking or encryption of a block device.<br></p> <p>RBAC is implemented through the Vault charm. The charms use Vault AppRoles to handle communication between Vault and the Ceph cluster. Every storage 乐天堂fun88备用网址 of the Ceph cluster has a specific AppRole (consisting of a role ID and secret) which can only be used from a specific IP address.<br></p> <p>If all of the above sounds fairly complicated, it is mostly because Canonical ensures that the attack surface for Charmed Ceph is the smallest possible. Using Vault and Vaultlocker, Charmed Ceph has a solid approach to data encryption at rest to protect against all possible types of physical device loss in your data center.</p> <hr class="wp-block-separator"/> <p><a href="https://www.ii0fi.com/ceph">Learn more about Charmed Ceph</a> or <a href="https://www.ii0fi.com/ceph#get-in-touch">contact us</a> about your data center storage needs.<br></p> <p>Read our Charm Deployment Guide sections on using <a href="https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-vault.html">Vault</a> and <a href="https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-encryption-at-rest.html">encryption-at-rest</a>.<br></p> Alex Chalkias (Alex Chalkias)cephCharmsCompliancedataencryptionOpenStackrestSecurityvaultThu, 02 Jul 2020 07:00:36 +0000