Tag Archives: UI

Latest Raspberry Pi OS update – May 2020

Post Syndicated from Simon Long original https://www.raspberrypi.org/blog/latest-raspberry-pi-os-update-may-2020/

Along with yesterday’s launch of the new 8GB Raspberry Pi 4, we launched a beta 64-bit ARM version of Debian with the Raspberry Pi Desktop, so you could use all those extra gigabytes. We also updated the 32-bit version of Raspberry Pi OS (the new name for Raspbian), so here’s a quick run-through of what has changed.

NEW Raspberry Pi OS update (May 2020)

An update to the Raspberry Pi Desktop for all our operating system images is also out today, and we’ll have more on that in tomorrow’s blog post. For now, fi…

Bookshelf

As many of you know, we have our own publishing company, Raspberry Pi Press, who publish a variety of magazines each month, including The MagPi, HackSpace magazine, and Wireframe. They also publish a wide range of other books and magazines, which are released either to purchase as a physical product (from their website) or as free PDF downloads.

To make all this content more visible and easy to access, we’ve added a new Bookshelf application – you’ll find it in the Help section of the main menu.

Bookshelf shows the entire current catalogue of free magazines – The MagPi, HackSpace magazine and Wireframe, all with a complete set of back issues – and also all the free books from Raspberry Pi Press. When you run the application, it automatically updates the catalogue and shows any new titles which have been released since you last ran it with a little “new” flash in the corner of the cover.

To read any title, just double-click on it – if it is already on your Raspberry Pi, it will open in Chromium (which, it turns out, is quite a good PDF viewer); if it isn’t, it will download and then open automatically when the download completes. You can see at a glance which titles are downloaded and which are not by the “cloud” icon on the cover of any file which has not been downloaded.

All the PDF files you download are saved in the “Bookshelf” directory in your home directory, so you can also access the files directly from there.

There’s a lot of excellent content produced by Raspberry Pi Press – we hope this makes it easier to find and read.

Edit – some people have reported that Bookshelf incorrectly gives a “disk full” error when running on a system in which the language is not English; a fix for that is being uploaded to apt at the moment, so updating from apt (“sudo apt update” followed by “sudo apt upgrade”) should get the fixed version.

Magnifier

As mentioned in my last blog post (here), one of the areas we are currently trying to improve is accessibility to the Desktop for people with visual impairments. We’ve already added the Orca screen reader (which has had a few bug fixes since the last release which should make it work more reliably in this image), and the second recommendation we had from AbilityNet was to add a screen magnifier.

This proved to be harder than it should have been! I tried a lot of the existing screen magnifier programs that were available for Debian desktops, but none of them really worked that well; I couldn’t find one that worked the way the magnifiers in the likes of MacOS and Ubuntu did, so I ended up writing one (almost) from scratch.

To install it, launch Recommended Applications in the new image and select Magnifier under Universal Access. Once it has installed, reboot.

You’ll see a magnifying glass icon at the right-hand end of the taskbar – to enable the magnifier, click this icon, or use the keyboard shortcut Ctrl-Alt-M. (To turn the magnifier off, just click the icon again or use the same keyboard shortcut.)

Right-clicking the magnifier icon brings up the magnifier options. You can choose a circular or rectangular window of whatever size you want, and choose by how much you want to zoom the image. The magnifier window can either follow the mouse pointer, or be a static window on the screen. (To move the static window, just drag it with the mouse.)

Also, in some applications, you can have the magnifier automatically follow the text cursor, or the button focus. Unfortunately, this depends on the application supporting the required accessibility toolkit, which not all applications do, but it works reasonably well in most included applications. One notable exception is Chromium, which is adding accessibility toolkit support in a future release; for now, if you want a web browser which supports the accessibility features, we recommend Firefox, which can be installed by entering the following into a terminal window:

sudo apt install firefox-esr

(Please note that we do not recommend using Firefox on Raspberry Pi OS unless you need accessibility features, as, unlike Chromium, it is not able to use the Raspberry Pi’s hardware to accelerate video playback.)

I don’t have a visual impairment, but I find the magnifier pretty useful in general for looking at the finer details of icons and the like, so I recommend installing it and having a go yourself.

User research

We already know a lot of the things that people are using Raspberry Pi for, but we’ve recently been wondering if we’re missing anything… So we’re now including a short optional questionnaire to ask you, the users, for feedback on what you are doing with your Raspberry Pi in order to make sure we are providing the right support for what people are actually doing.

This questionnaire will automatically be shown the first time you launch the Chromium browser on a new image. There are only four questions, so it won’t take long to complete, and the results are sent to a Google Form which collates the results.

You’ll notice at the bottom of the questionnaire there is a field which is automatically filled in with a long string of letters and numbers. This is a serial number which is generated from the hardware in your particular Raspberry Pi which means we can filter out multiple responses from the same device (if you install a new image at some point in future, for example). It does not allow us to identify anything about you or your Raspberry Pi, but if you are concerned, you can delete the string before submitting the form.

As above, this questionnaire is entirely optional – if you don’t want to fill it in, just close Chromium and re-open it and you won’t see it again – but it would be very helpful for future product development if we can get this information, so we’d really appreciate it if as many people as possible would fill it in.

Other changes

There is also the usual set of bug fixes and small tweaks included in the image, full details of which can be found in the release notes on the download page.

One particular change which it is worth pointing out is that we have made a small change to audio. Raspberry Pi OS uses what is known as ALSA (Advanced Linux Sound Architecture) to control audio devices. Up until now, both the internal audio outputs on Raspberry Pi – the HDMI socket and the headphone jack – have been treated as a single ALSA device, with a Raspberry Pi-specific command used to choose which is active. Going forward, we are treating each output as a separate ALSA device; this makes managing audio from the two HDMI sockets on Raspberry Pi 4 easier and should be more compatible with third-party software. What this means is that after installing the updated image, you may need to use the audio output selector (right-click the volume icon on the taskbar) to re-select your audio output. (There is a known issue with Sonic Pi, which will only use the HDMI output however the selector is set – we’re looking at getting this fixed in a future release.)

Some people have asked how they can switch the audio output from the command line without using the desktop. To do this, you will need to create a file called .asoundrc in your home directory; ALSA looks for this file to determine which audio device it should use by default. If the file does not exist, ALSA uses “card 0” – which is HDMI – as the output device. If you want to set the headphone jack as the default output, create the .asoundrc file with the following contents:

defaults.pcm.card 1
defaults.ctl.card 1

This tells ALSA that “card 1” – the headphone jack – is the default device. To switch back to the HDMI output, either change the ‘1’s in the file to ‘0’s, or just delete the file.

How do I get it?

The new image is available for download from the usual place: our Downloads page.

To update an existing image, use the usual terminal command:

sudo apt update
sudo apt full-upgrade

To just install the bookshelf app:

sudo apt update
sudo apt install rp-bookshelf

To just install the magnifier, either find it under Universal Access in Recommended Software, or:

sudo apt update
sudo apt install mage

You’ll need to add the magnifier plugin to the taskbar after installing the program itself. Once you’ve installed the program and rebooted, right-click the taskbar and choose Add/Remove Panel Items; click Add, and select the Magnifier option.

We hope you like the changes — as ever, all feedback is welcome, so please leave a comment below!

The post Latest Raspberry Pi OS update – May 2020 appeared first on Raspberry Pi.

A new Raspbian update

Post Syndicated from Simon Long original https://www.raspberrypi.org/blog/a-new-raspbian-update/

The last major release of Raspbian was the Buster version we launched alongside Raspberry Pi 4 last year. There was a minor release a couple of months later, which was mostly just bug-fixes for the first release (hence no blog post), but today’s release has a few changes that we thought it was worth bringing to your attention.

File manager changes

We previously made some significant changes to the PCmanFM file manager included as part of the Raspberry Pi Desktop; we added a cutdown mode which excludes a lot of the less commonly used functionalities, and we set this as the default mode.

One of the things we removed for this mode is the Places view, an optional view for the left-hand pane of the window which provides direct access to a few specific locations in the file system. We felt that the directory browser was more useful, so we chose to show that instead. But one useful feature of Places is that it displays external devices, such as USB drives, and these are somewhat awkward to find in the file manager otherwise.

So for this release, the Places view has been reinstated, but rather than being a separate switchable view, it is a small panel at the top of the directory browser. This hopefully gives the best of both worlds: easy access to USB drives, and a directory view. You can customise what is shown in the Places view on the Layout page of the file manager Preferences dialogue, or you can turn it off completely if you’d rather just have the directory browser.

PCmanFM file manager on Raspbian

There are a few other small changes to the file manager: there is now a new folder icon on the taskbar, and the expanders in the directory browser (the little triangles next to directory names) are now only shown when a directory has subdirectories.

Finally, the folder and file icons used in the file manager have been replaced with some new, cleaner designs. These are designed to make it more obvious at a glance what sort of file an icon represents, and also to fit better with the slightly flatter GUI appearance we moved to for Buster.

Orca screen reader

One area of the desktop which we have been wanting to improve for some time is accessibility, particularly for those with visual impairments. To this end, we asked the accessibility charity AbilityNet to assess the Raspberry Pi Desktop to see how usable it was for those with disabilities, and where we could make improvements.

They gave us a lot of very helpful feedback, and their number one suggestion was that we needed to make the Orca screen reader work with the desktop.

Orca is an application which uses synthesised speech to read out menus, window titles, button labels, and the like. It’s a standard Linux application, but people who have tried it on Raspberry Pi found that it didn’t actually work with Raspbian. (When I first installed it, all it did was to make slightly alarming growling noises instead of speaking!)

After quite a bit of fiddling and head-scratching, Orca now works as intended. It will read out many of the pre-installed applications, and should work with a lot of other Linux software packages as well.

Unfortunately, there are a few areas where it won’t work. Orca hooks into various user interface toolkits — the software which is used to draw buttons, menus, etc. on the screen. It is fully compatible with the GTK toolkit (which is used for most of the desktop) and Qt (which is used for the VLC media player and the qpdfview PDF viewer). But many applications (such as Thonny, Sonic Pi, and Scratch) are built on toolkits which are not compatible with the screen reader. Also, the current release of Chromium is not compatible with Orca, but the forthcoming version 80 release, which should be available in a few months, will be Orca-compatible. In the meantime, if you want an Orca-compatible browser, you can install Firefox by entering the following into a terminal window:

sudo apt install firefox-esr

(Please note that we do not recommend using Firefox on Raspbian unless you need Orca compatibility, as it is not optimised for video playback on the Pi in the same way as Chromium.)

Orca screen reader settings dialogue

Orca doesn’t have a menu entry — the settings dialog shown above can be opened by holding down the Insert key and then pressing the space bar, or by typing orca -s into a terminal window.

Please note that Orca currently doesn’t work with Bluetooth audio devices, so we recommend using it with either the Pi’s own HDMI output or headphone socket, or with a USB or HAT external audio device.

Orca can either be installed from Recommended Software, in the Universal Access category, or by entering the following into a terminal window:

sudo apt install orca

This is hopefully just the start of making the Raspberry Pi Desktop more accessible for those with disabilities, as we are planning to do more work in this area in the future.

New Scratch blocks

Scratch 3 has added the ability to load a project from the command line at launch (scratch3 filename.sb3).

There are also two new blocks in the Sense HAT extension, ‘display stage’ and ‘display sprite’. The first of these shows the current stage on the SenseHAT LED array; the second shows the current sprite on the LEDs.

Example output of Sense HAT Scratch extension

Thonny improvements

A lot of work has been done on Thonny to improve performance, particularly when debugging. In previous releases, setting breakpoints caused performance to slow down significantly — this was particularly obvious when running PyGame Zero games, where the frame rate was very slow. The new version is substantially faster, as you can see if you set breakpoints in any of…

Code the Classics

…the Python games from Eben’s book Code the Classics – Volume 1, which are now installable from Recommended Software, and can be found in the Games menu.

Example of Mynapod video game

If you want to look at the code for the games, this can be found in /usr/share/code-the-classics.

Volume control / mixer

In previous releases, there was an Audio Device Preferences application in the main menu to enable device-specific settings to be made for external audio devices. This has now been removed; all these settings are now available directly from the volume plugin on the taskbar: with an external device selected as the output or input device, right-click the volume icon and choose the Output Device Settings… or Input Device Settings… option to open the configuration dialog.

Example of Output Device Settings menu of Raspberry Pi Desktop

Screen blanking

The option to disable the timeout which blanks the screen after a few minutes has been added to Raspberry Pi Configuration. To try and reduce clutter in this application, the options from the System tab are now split across two tabs; all display-related options, including screen blanking, are now on the new Display tab.

Example of Raspberry Pi Configuration menu of Raspberry Pi Desktop

We’ve also been able to reinstate the pixel doubling option for Raspberry Pi 4; this was originally implemented in a manner incompatible with the KMS video driver used on Raspberry Pi 4, but we’ve now found a way to make it work with KMS. (The pixel doubling option is designed to make the Raspberry Pi’s screen easier to use for people with visual disabilities — it doubles the size of every pixel, scaling the entire screen by a factor of two.)

We’ve made one minor change to key shortcuts: in previous versions of Raspbian, the combination Ctrl-Alt-Delete launched the task manager. We felt it might be better to be consistent with the behaviour of Windows PCs since the dawn of time, so now Ctrl-Alt-Delete launches the shutdown options dialog. If you want to access the task manager with a key shortcut, you can now do so using Ctrl-Shift-Escape — also consistent with the behaviour of Windows.

There are also numerous other small bug fixes and robustness improvements across the board.

How do I get it?

The new image is available for download from the usual place: our Downloads page.

To update an existing image, use the usual terminal command:

sudo apt update
sudo apt full-upgrade

We hope you like the changes — as ever, all feedback is welcome, so please leave a comment below!

The post A new Raspbian update appeared first on Raspberry Pi.

Buster – the new version of Raspbian

Post Syndicated from Simon Long original https://www.raspberrypi.org/blog/buster-the-new-version-of-raspbian/

Amid all the furore about the release of a certain new piece of hardware, some people may have missed that we have also released a new version of Raspbian. While this is required for Raspberry Pi 4, we’ve always tried to maintain software backwards-compatibility with older hardware, and so the standard Raspbian image for all models of Raspberry Pi is now based on Buster, the latest version of Debian Linux.

Why Buster?

The first thing to mention about Buster (who was the actual dog in Pixar’s “Toy Story” films, as opposed to the toy one made out of a Slinky…) is that we are actually releasing it slightly in advance of the official Debian release date. The reason for this is that one of the important new features of Raspberry Pi 4 is that the open-source OpenGL video driver is now being used by default, and this was developed using the most recent version of Debian. It would have been a lot of work to port everything required for it back on to Raspbian Stretch, so we decided that we would launch on Raspbian Buster – the only question was whether Buster would be ready before the hardware was!

As it turns out, it wasn’t – not quite. The official launch date for Buster is July 7, so we are a couple of weeks ahead. That said, Buster has been in a “frozen” state for a couple of months now, with only minor changes being made to it, so the version we are releasing is pretty much identical to that which will be officially released by Debian on July 7.

We started using Buster internally in January this year, so it has had a lot of testing on Pi – while we may be releasing it a bit early, you need have no concerns about using it; it’s stable and robust, and you can use apt to update with any changes that do happen between now and July 7 without needing to reinstall everything.

What’s new?

There are no huge differences between Debian Stretch and Debian Buster. In a sad reflection of the way the world is nowadays, most of the differences are security changes designed to make Buster harder to hack. Any other differences are mostly small incremental changes that most people won’t notice, and this got us thinking…

When we moved from Jessie to Stretch, many people commented that they couldn’t actually see any difference between the two – as most of the changes were “under the hood”, the desktop and applications all looked the same. So we told people “you’ve now got Stretch!” and they said “so what?”

The overall appearance of the desktop hasn’t changed significantly for a few years, and was starting to look a bit dated, so we thought it would be nice to give the appearance a mild refresh for Buster. Then people would at least be able to see that their shiny new operating system looked different from the old one!

The new appearance

There has been a definite trend in the design of most computer graphical user interfaces over recent years to simplify and declutter; to reduce the amount of decoration, so that a button becomes a plain box rather than something that resembles a physical button. You can see this in both desktop OSes like Windows, and in mobile OSes like iOS – so we decided it was time to do something similar.

The overall appearance of most of the interface elements has been simplified; we’ve reduced things like the curvature of corners and the shading gradients which were used to give a pseudo-3D effect to things like buttons. This “flatter” design looks cleaner and more modern, but it’s a bit of a juggling act; it’s very easy to go too far and to make things look totally flat and boring, so we’ve tried to avoid that. Eben and I have had a mild tussle over this – he wanted as much flatness as possible, and I wanted to retain at least a bit of curvature, so we’ve met somewhere in the middle and produced something we both like!

We’ve also changed the default desktop for a new one of Greg Annandale’s gorgeous photographs, and we’ve moved to a grey highlight colour.

(If you really don’t like the new appearance, it is easy enough to restore the former appearance – the old desktop picture is still installed, as is the old UI theme.)

Other changes

We’ve been including the excellent Thonny Python development environment in Raspbian for some time now. In this release, it’s now our default Python editor, and to that end, we are no longer including IDLE by default. IDLE has always felt dated and not very pleasant to use, and Thonny is so much nicer that we’d strongly recommend moving to it, if you haven’t already!

(If you’d like an alternative to Thonny, the Mu Python IDE is also still available in Recommended Software.)

We’ve made some small tweaks to the taskbar. The ‘eject’ icon for removing USB devices is now only shown if you have devices to eject; it’s hidden the rest of the time. Similarly, if you are using one of the earlier Pis without Bluetooth support, the Bluetooth icon is now hidden rather than being greyed out. Also, the CPU activity gauge is no longer shown on the taskbar by default, because this has become less necessary on the more powerful recent Raspberry Pi models. If you’d still like to use it, you can add it back – right-click the taskbar and choose ‘Add / Remove Panel Items’. Press the ‘Add’ button and you’ll find it listed as ‘CPU Usage Monitor’. While you are in there, you’ll also find the new ‘CPU Temperature Monitor’, which you can add if you’re interested in knowing more about what the CPU is up to.

One program which is currently missing from Buster is Mathematica. Don’t worry – this is only a temporary removal! Wolfram are working on getting Mathematica to work properly with Buster, and as soon as it is ready, it’ll be available for installation from Recommended Software.

A few features of the old non-OpenGL video driver (such as pixel doubling and underscan) are not currently supported by the new OpenGL driver, so the settings for these are hidden in Raspberry Pi Configuration if the GL driver is in use. (The GL driver is the default on Raspberry Pi 4 – older Pis will still use the non-GL driver by default. Also, if using a Raspberry Pi 4 headless, we recommend switching back to the non-GL driver – choose ‘Legacy’ under the ‘GL Driver’ setting in ‘Advanced Options’ in raspi-config.)

If the GL driver is in use, there’s a new ‘Screen Configuration’ tool – this enables you to set up the arrangement of multiple monitors on a Raspberry Pi 4. It can also be used to set custom monitor resolutions, which can be used to simulate the effect of pixel doubling.

Finally, there are a couple of new buttons in ‘Raspberry Pi Configuration’ which control video output options for Raspberry Pi 4. (These are not shown when running on earlier models of Raspberry Pi.) It is not possible on the Raspberry Pi 4 to have both analogue composite video (over the 3.5mm jack) and HDMI output simultaneously, so the analogue video output is disabled by default. 4Kp60 resolution over HDMI is also disabled by default, as this requires faster clock speeds resulting in a higher operating temperature and greater power consumption. The new buttons enable either of these options to be enabled as desired.

How do I get it?

As ever with major version changes, our recommendation is that you download a new clean image from the usual place on our site – this will ensure that you are starting from a clean, working Buster system.

We do not recommend upgrading an existing Stretch (or earlier) system to Buster – we can’t know what changes everyone has made to their system, and so have no idea what may break when you move to Buster. However, we have tested the following procedure for upgrading, and it works on a clean version of the last Stretch image we released. That does not guarantee it will work on your system, and we cannot provide support (or be held responsible) for any problems that arise if you try it. You have been warned – make a backup!

1. In the files /etc/apt/sources.list and /etc/apt/sources.list.d/raspi.list, change every use of the word “stretch” to “buster”.
2. In a terminal,

sudo apt update

and then

sudo apt dist-upgrade

3. Wait for the upgrade to complete, answering ‘yes’ to any prompt. There may also be a point at which the install pauses while a page of information is shown on the screen – hold the ‘space’ key to scroll through all of this and then hit ‘q’ to continue.
4. The update will take anywhere from half an hour to several hours, depending on your network speed. When it completes, reboot your Raspberry Pi.
5. When the Pi has rebooted, launch ‘Appearance Settings’ from the main menu, go to the ‘Defaults’ tab, and press whichever ‘Set Defaults’ button is appropriate for your screen size in order to load the new UI theme.
6. Buster will have installed several new applications which we do not support. To remove these, open a terminal window and

sudo apt purge timidity lxmusic gnome-disk-utility deluge-gtk evince wicd wicd-gtk clipit usermode gucharmap gnome-system-tools pavucontrol

We hope that Buster gives a little hint of shiny newness for those of you who aren’t able to get your hands on a Raspberry Pi 4 immediately! As ever, your feedback is welcome – please leave your comments below.

The post Buster – the new version of Raspbian appeared first on Raspberry Pi.

A new Raspbian update: multimedia, Python and more

Post Syndicated from Simon Long original https://www.raspberrypi.org/blog/raspbian-update-november-2018/

Today we’re releasing a new update for Raspbian, including a multimedia player, updated Thonny, and more. Here’s Simon with everything you need to know.

Updating Raspbian on your Raspberry Pi || Raspberry Pi Foundation

How to update to the latest version of Raspbian on your Raspberry Pi.

VLC Media Player

When I first joined Raspberry Pi, back in the dim and distant past (in reality 2014, but it does seem a long time ago now…), and I started looking at Raspbian, I made a list of the additional features and applications that I thought it needed to be a “complete” modern desktop operating system. Over the years, we’ve managed to tick off most of the items on that list, but one glaring omission has been nagging at me all this time: a decent media player. Windows has Windows Media Player; MacOS has QuickTime Player and iTunes; but we’ve had a big hole where something similar ought to be for Raspbian. It’s been a common request on the forums, and while we’ve had bits and pieces that do some of the job, like the command line OMXPlayer application, we really wanted a nice GUI-based media player.

VLC is one of those programs that “just works” for media playback; it is cross-platform, it has a nice interface, and it plays back pretty much anything you throw at it. It was the player I really wanted to use in Raspbian — but it was unable to access VideoCore’s video decoding hardware, and the software video codecs in VLC were too slow to be anything more than irritating when running on Raspberry Pi, so it really wasn’t worth shipping it. Until now.

After a lot of work (by people far cleverer than me), we are now able to announce that Raspbian includes a fully hardware-accelerated version of VLC. It plays most audio file formats; it uses software codecs for many video formats, and it uses VideoCore’s video engine to accelerate playback of H.264, MPEG-2 and VC-1 video. (Note that you will need to buy additional codec licences for MPEG and VC-1; if you’ve already bought a licence to enable hardware acceleration in OMXPlayer and Kodi, this licence will also enable these codecs for VLC.)

Raspbian update screenshot

This is still a work in progress — we’ve got most of the major bugs out, but there will most likely be the odd glitch, and you’ll probably find that Pi Zero and Pi 1 will still struggle with some content. But once you’ve updated your Pi, you should find that double-clicking on a video file will open it in VLC and play it back with decent quality.

Thonny 3

A couple of years ago, as part of the list of additional features mentioned above, we looked for a nicer Python development environment than IDLE, and we found Thonny — a really elegant combination of a user-friendly IDE with features that are also useful to expert developers. It’s been our standard IDE shipped with Raspbian ever since, and Aivar Annamaa, the developer, has been very responsive to our feedback and requests for new features.

He’s recently released version 3 of Thonny, and this is now the version in Raspbian. Version 3 offers a lot of useful new debugging features, such as breakpoints and an Assistant feature that analyses your code to find bugs that Python’s syntax checker misses. There is a lot more information about Thonny 3 on Aivar’s website — it’s well worth a read.

Raspbian update screenshot

We’ve also made one user interface change this time. We’ve always offered the choice between running Thonny in its regular mode, and a cut-down “simple” mode for beginners, which removes the menus and gives a fixed screen layout. Up until now, switching between the two has happened via different entries in the main Raspberry Pi menu, but that was a bit clumsy. In the new version, simple mode is the default, and you can switch Thonny into regular mode by clicking the link in the top right-hand corner of the window; if you want to switch back to simple mode, select it on the General tab of the Thonny options dialogue, which is available in the Tools menu. (Thonny will always start in the last mode you selected.)

Desktop configuration

One of the other changes we’ve made this time is one that hopefully most people won’t notice!

The configuration of the Raspberry Pi desktop has always been a bit of a mess. Due to the fact that the underlying LXDE desktop environment is made up of a bunch of different programs all running together, trying to set up something like the system font or the highlight colour involves making changes to several configuration files at once. This is why pretty much the first thing I did was to write the Appearance Settings application to try to make this easier than digging around in multiple config files.

Linux desktop applications are supposed to have a global configuration file (usually in the directory /etc/xdg/) that takes effect unless overridden by a local configuration file (in the hidden .config subdirectory of the user’s home directory). Unfortunately, not all the desktop components adhered to this specification. As a result, getting the Appearance Settings application to work involved quite a bit of kludging things about under the hood, and one of these kludges was to always keep a local copy of each of the configuration files and to ignore the global versions.

This worked, but it had the undesirable side effect that any time we wanted to update the appearance of the desktop, we had to delete all the local configuration files so they could be replaced by the new ones, and this meant that any changes the user had made to the configuration were lost. This was quite annoying for many people, so with this release, we’ve tried to stop doing that!

Most of the desktop components have now been modified so that they correctly read the global configuration files, and for future releases, we are going to try to just modify the global versions of these files and not touch the local ones. If we update the configuration, you will see a message informing you that this has happened, but your local files will be left unchanged. To make sure you get the latest configuration, launch Appearance Settings and choose one of the buttons on the “Defaults” tab; doing this will set your desktop to our currently recommended defaults. But if you want to stick with what you’ve already got, just don’t do that! You can even try the new defaults out: press one of the defaults buttons, and if you don’t like the results, just hit Cancel, and your previous configuration will be restored.

Raspbian update screenshot

One final point on this: in order to get this all to work properly in future, we have had to delete a few local files on this occasion. These are files that most people will never have modified anyway, so this will hopefully not present any problems. But just in case, they have been backed up in the oldconffiles subdirectory of the user’s home directory.

Multiple images

When I first started working on Raspbian, the desktop image file was just under 1GB in size. This has gradually crept up over the years, and now it’s around 1.75GB. While downloading a file of this size isn’t a significant problem for someone with fibre broadband, many people are on slower connections where such large downloads can take hours.

In order to try and address this, for all future releases we will now release two separate images. The default Raspbian release is now a minimal install — it gives you the desktop, the Chromium browser, the VLC media player, Python, and some accessory programs. Running alongside this is the “Raspbian Full” image, which also includes all our recommended programs: LibreOffice, Scratch, SonicPi, Thonny, Mathematica, and various others.

The Recommended Software program that we launched in the last release can be used to install or uninstall any of the additional programs that are in the full image; if you download the minimal image and check all the options in Recommended Software, you will end up with the full image, and vice versa.

Raspbian update screenshot

Hopefully, this means that downloading Raspbian will be easier for people on slower connections, and that you can easily add just the programs you want. The full image is provided for everyone who wants to get everything in one go, or who won’t have access to the internet to download additional programs once their Pi is up and running.

We’ll also continue to produce the existing Raspbian Lite image for people who only want a command-line version with no desktop.

Update Raspbian

Both the new images are available to download from the usual place on our site.

To update an existing image, open a terminal window and use the usual commands:

sudo apt-get update
sudo apt-get dist-upgrade

To install the new VLC media player from a terminal, enter:

sudo apt-get update
sudo apt-get install vlc

As ever, all feedback is welcome, so please leave a comment below!

The post A new Raspbian update: multimedia, Python and more appeared first on Raspberry Pi.

Raspbian update: first-boot setup wizard and more

Post Syndicated from Simon Long original https://www.raspberrypi.org/blog/raspbian-update-june-2018/

After a few months of hiding in a dark corner of the office muttering to myself (just ask anyone who sits near me how much of that I do…), it’s time to release another update to the Raspberry Pi desktop with a few new bits and a bunch of bug fixes (hopefully more fixes than new bugs, anyway). So, what’s changed this time around?

Setup wizard

One of the things about Raspbian that has always been a bit unhelpful is that when a new user first boots up a new Pi, they see a nice desktop picture, but they might not have much of an idea what they ought to do next. With the new update, whenever a new Raspbian image is booted for the first time, a simple setup wizard runs automatically to walk you through the basic setup operations.

Localisation

The localisation settings you can access via the main Raspberry Pi Configuration application are fairly complex and involve making separate settings for location, keyboard, time zone, and WiFi country. The first page of the wizard should make this a little more straightforward — once you choose your country, the wizard will show you the languages and time zones used in that country. When you’ve selected yours, the wizard should take care of all the necessary international settings. This includes the WiFi country, which you need to set before you can use the wireless connectivity on a Raspberry Pi 3B+.

Raspbian update June 2018

There will be some special cases — e.g. expatriates using a Pi and wanting to set it to a language not spoken in their country of residence — where this wizard will not give sufficient flexibility. But we hope that for perhaps 90% of users, this one page will do everything necessary in terms of international settings. (The more detailed settings in Raspberry Pi Configuration will, of course, remain available.)

Other settings

The next pages in the wizard will walk you through changing your password, connecting to the internet, and performing an initial software update to make sure you get any patches and fixes that may have been released since your Raspbian image was created.

Raspbian update June 2018

On the last page, you will be prompted to reboot if necessary. Once you get to the end of the wizard, it will not reappear when your Pi is booted. (If you do want to use it again for some reason, just run it manually by typing

sudo piwiz

into a terminal window and pressing Enter.)

Recommended software

Over the last few years, several third-party companies have generously offered to provide software for Pi users, in some cases giving free licenses for software that normally requires a license fee. We’ve always included these applications in our standard image, as people might never find out about them otherwise, but the applications perhaps aren’t all of interest to every user.

So to try and keep the size of the image down, and to avoid cluttering the menus with applications that not everyone wants, we’ve introduced a Recommended Software program which you can find in the Preferences menu.

Raspbian update June 2018

Think of this as our version of the Apple App Store, but with everything in it available for free! Installing a program is easy: just put a tick in the box to the right, and click “OK”. You can also uninstall some of the preinstalled programs: just untick the respective box and click “OK”. You can even reinstall them once you’ve realised you didn’t mean to uninstall them: just tick the box again and click — oh, you get the idea…

As we find new software that we recommend, or as more manufacturers offer us programs, we’ll add them to Recommended Software, so it’ll be kept up to date.

New PDF viewer

Ever since the first version, Raspbian has included the venerable PDF viewer Xpdf. While this program does work, it’s fairly old and clunky, and we’ve been trying to find something better.

In this release, we are replacing Xpdf with a program called qpdfView, which is a much-improved PDF viewer. It has a more modern user interface, it renders pages faster, and it preloads and caches future pages while you’re reading, which should mean fewer pauses spent waiting for the next page to load.

Raspbian update June 2018

If you want something to read in it, we are now including the latest issue of The MagPi as a PDF file — look in the ‘MagPi’ directory in your home directory ‘pi’.

Other updates

The Chromium browser is now at version 65. We’ve also updated the links to our website in the Help menu, and added a new Getting Started option. This links to some really helpful new pages that walk you through getting your Pi up and running and using some of its key features.

If you have volume up/down buttons on your keyboard, these will now control whatever audio output device is selected, rather than only controlling the internal audio hardware. The resolution has also been increased: each button push increases or decreases the volume by 5% rather than 10%.

If you are using the network icon to reconnect to a wireless network, the passcode for the network will be shown in the connection dialog, so you won’t have to type it in again.

In Raspberry Pi Configuration, you can now enable and disable the serial port console independently of the serial port hardware.

The keyboard layout setting dialogue now makes settings that should be correct both in the desktop and also when the Pi is booted to console.

There are various other small bug fixes and tweaks to appearance and behaviour, but they’re mostly only the sort of things you’d spot if you’re a slightly obsessive user interface developer…

How do I get it?

The new image is available for download from the usual place: our Downloads page. We’ve also updated the x86 image with most of the changes, and that’s up on the page as well.

To update an existing image, use the usual terminal command:

sudo apt-get update
sudo apt-get dist-upgrade

Here’s a quick video run-through of the process:

Updating Raspbian on your Raspberry Pi || Raspberry Pi Foundation

How to update to the latest version of Raspbian on your Raspberry Pi.

To install the new PDF viewer (and remove the old one):

sudo apt-get install qpdfview
sudo apt-get purge xpdf

To install the new Recommended Software program:

sudo apt-get install rp-prefapps

Finally, to install the setup wizard (which really isn’t necessary on an existing image, but just in case you are curious…):

sudo apt-get install piwiz

We hope you like the changes — as ever, all feedback is welcome, so please leave a comment below!

The post Raspbian update: first-boot setup wizard and more appeared first on Raspberry Pi.

EC2 Instance Update – M5 Instances with Local NVMe Storage (M5d)

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/ec2-instance-update-m5-instances-with-local-nvme-storage-m5d/

Earlier this month we launched the C5 Instances with Local NVMe Storage and I told you that we would be doing the same for additional instance types in the near future!

Today we are introducing M5 instances equipped with local NVMe storage. Available for immediate use in 5 regions, these instances are a great fit for workloads that require a balance of compute and memory resources. Here are the specs:

Instance NamevCPUsRAMLocal StorageEBS-Optimized BandwidthNetwork Bandwidth
m5d.large28 GiB1 x 75 GB NVMe SSDUp to 2.120 GbpsUp to 10 Gbps
m5d.xlarge416 GiB1 x 150 GB NVMe SSDUp to 2.120 GbpsUp to 10 Gbps
m5d.2xlarge832 GiB1 x 300 GB NVMe SSDUp to 2.120 GbpsUp to 10 Gbps
m5d.4xlarge1664 GiB1 x 600 GB NVMe SSD2.210 GbpsUp to 10 Gbps
m5d.12xlarge48192 GiB2 x 900 GB NVMe SSD5.0 Gbps10 Gbps
m5d.24xlarge96384 GiB4 x 900 GB NVMe SSD10.0 Gbps25 Gbps

The M5d instances are powered by Custom Intel® Xeon® Platinum 8175M series processors running at 2.5 GHz, including support for AVX-512.

You can use any AMI that includes drivers for the Elastic Network Adapter (ENA) and NVMe; this includes the latest Amazon Linux, Microsoft Windows (Server 2008 R2, Server 2012, Server 2012 R2 and Server 2016), Ubuntu, RHEL, SUSE, and CentOS AMIs.

Here are a couple of things to keep in mind about the local NVMe storage on the M5d instances:

Naming – You don’t have to specify a block device mapping in your AMI or during the instance launch; the local storage will show up as one or more devices (/dev/nvme*1 on Linux) after the guest operating system has booted.

Encryption – Each local NVMe device is hardware encrypted using the XTS-AES-256 block cipher and a unique key. Each key is destroyed when the instance is stopped or terminated.

Lifetime – Local NVMe devices have the same lifetime as the instance they are attached to, and do not stick around after the instance has been stopped or terminated.

Available Now
M5d instances are available in On-Demand, Reserved Instance, and Spot form in the US East (N. Virginia), US West (Oregon), EU (Ireland), US East (Ohio), and Canada (Central) Regions. Prices vary by Region, and are just a bit higher than for the equivalent M5 instances.

Jeff;

 

AWS Online Tech Talks – June 2018

Post Syndicated from Devin Watson original https://aws.amazon.com/blogs/aws/aws-online-tech-talks-june-2018/

AWS Online Tech Talks – June 2018

Join us this month to learn about AWS services and solutions. New this month, we have a fireside chat with the GM of Amazon WorkSpaces and our 2nd episode of the “How to re:Invent” series. We’ll also cover best practices, deep dives, use cases and more! Join us and register today!

Note – All sessions are free and in Pacific Time.

Tech talks featured this month:

 

Analytics & Big Data

June 18, 2018 | 11:00 AM – 11:45 AM PTGet Started with Real-Time Streaming Data in Under 5 Minutes – Learn how to use Amazon Kinesis to capture, store, and analyze streaming data in real-time including IoT device data, VPC flow logs, and clickstream data.
June 20, 2018 | 11:00 AM – 11:45 AM PT – Insights For Everyone – Deploying Data across your Organization – Learn how to deploy data at scale using AWS Analytics and QuickSight’s new reader role and usage based pricing.

 

AWS re:Invent
June 13, 2018 | 05:00 PM – 05:30 PM PTEpisode 2: AWS re:Invent Breakout Content Secret Sauce – Hear from one of our own AWS content experts as we dive deep into the re:Invent content strategy and how we maintain a high bar.
Compute

June 25, 2018 | 01:00 PM – 01:45 PM PTAccelerating Containerized Workloads with Amazon EC2 Spot Instances – Learn how to efficiently deploy containerized workloads and easily manage clusters at any scale at a fraction of the cost with Spot Instances.

June 26, 2018 | 01:00 PM – 01:45 PM PTEnsuring Your Windows Server Workloads Are Well-Architected – Get the benefits, best practices and tools on running your Microsoft Workloads on AWS leveraging a well-architected approach.

 

Containers
June 25, 2018 | 09:00 AM – 09:45 AM PTRunning Kubernetes on AWS – Learn about the basics of running Kubernetes on AWS including how setup masters, networking, security, and add auto-scaling to your cluster.

 

Databases

June 18, 2018 | 01:00 PM – 01:45 PM PTOracle to Amazon Aurora Migration, Step by Step – Learn how to migrate your Oracle database to Amazon Aurora.
DevOps

June 20, 2018 | 09:00 AM – 09:45 AM PTSet Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tools – Learn how to set up a CI/CD pipeline for deploying containers using the AWS Developer Tools.

 

Enterprise & Hybrid
June 18, 2018 | 09:00 AM – 09:45 AM PTDe-risking Enterprise Migration with AWS Managed Services – Learn how enterprise customers are de-risking cloud adoption with AWS Managed Services.

June 19, 2018 | 11:00 AM – 11:45 AM PTLaunch AWS Faster using Automated Landing Zones – Learn how the AWS Landing Zone can automate the set up of best practice baselines when setting up new

 

AWS Environments

June 21, 2018 | 11:00 AM – 11:45 AM PTLeading Your Team Through a Cloud Transformation – Learn how you can help lead your organization through a cloud transformation.

June 21, 2018 | 01:00 PM – 01:45 PM PTEnabling New Retail Customer Experiences with Big Data – Learn how AWS can help retailers realize actual value from their big data and deliver on differentiated retail customer experiences.

June 28, 2018 | 01:00 PM – 01:45 PM PTFireside Chat: End User Collaboration on AWS – Learn how End User Compute services can help you deliver access to desktops and applications anywhere, anytime, using any device.
IoT

June 27, 2018 | 11:00 AM – 11:45 AM PTAWS IoT in the Connected Home – Learn how to use AWS IoT to build innovative Connected Home products.

 

Machine Learning

June 19, 2018 | 09:00 AM – 09:45 AM PTIntegrating Amazon SageMaker into your Enterprise – Learn how to integrate Amazon SageMaker and other AWS Services within an Enterprise environment.

June 21, 2018 | 09:00 AM – 09:45 AM PTBuilding Text Analytics Applications on AWS using Amazon Comprehend – Learn how you can unlock the value of your unstructured data with NLP-based text analytics.

 

Management Tools

June 20, 2018 | 01:00 PM – 01:45 PM PTOptimizing Application Performance and Costs with Auto Scaling – Learn how selecting the right scaling option can help optimize application performance and costs.

 

Mobile
June 25, 2018 | 11:00 AM – 11:45 AM PTDrive User Engagement with Amazon Pinpoint – Learn how Amazon Pinpoint simplifies and streamlines effective user engagement.

 

Security, Identity & Compliance

June 26, 2018 | 09:00 AM – 09:45 AM PTUnderstanding AWS Secrets Manager – Learn how AWS Secrets Manager helps you rotate and manage access to secrets centrally.
June 28, 2018 | 09:00 AM – 09:45 AM PTUsing Amazon Inspector to Discover Potential Security Issues – See how Amazon Inspector can be used to discover security issues of your instances.

 

Serverless

June 19, 2018 | 01:00 PM – 01:45 PM PTProductionize Serverless Application Building and Deployments with AWS SAM – Learn expert tips and techniques for building and deploying serverless applications at scale with AWS SAM.

 

Storage

June 26, 2018 | 11:00 AM – 11:45 AM PTDeep Dive: Hybrid Cloud Storage with AWS Storage Gateway – Learn how you can reduce your on-premises infrastructure by using the AWS Storage Gateway to connecting your applications to the scalable and reliable AWS storage services.
June 27, 2018 | 01:00 PM – 01:45 PM PTChanging the Game: Extending Compute Capabilities to the Edge – Discover how to change the game for IIoT and edge analytics applications with AWS Snowball Edge plus enhanced Compute instances.
June 28, 2018 | 11:00 AM – 11:45 AM PTBig Data and Analytics Workloads on Amazon EFS – Get best practices and deployment advice for running big data and analytics workloads on Amazon EFS.

AWS Resources Addressing Argentina’s Personal Data Protection Law and Disposition No. 11/2006

Post Syndicated from Leandro Bennaton original https://aws.amazon.com/blogs/security/aws-and-resources-addressing-argentinas-personal-data-protection-law-and-disposition-no-112006/

We have two new resources to help customers address their data protection requirements in Argentina. These resources specifically address the needs outlined under the Personal Data Protection Law No. 25.326, as supplemented by Regulatory Decree No. 1558/2001 (“PDPL”), including Disposition No. 11/2006. For context, the PDPL is an Argentine federal law that applies to the protection of personal data, including during transfer and processing.

A new webpage focused on data privacy in Argentina features FAQs, helpful links, and whitepapers that provide an overview of PDPL considerations, as well as our security assurance frameworks and international certifications, including ISO 27001, ISO 27017, and ISO 27018. You’ll also find details about our Information Request Report and the high bar of security at AWS data centers.

Additionally, we’ve released a new workbook that offers a detailed mapping as to how customers can operate securely under the Shared Responsibility Model while also aligning with Disposition No. 11/2006. The AWS Disposition 11/2006 Workbook can be downloaded from the Argentina Data Privacy page or directly from this link. Both resources are also available in Spanish from the Privacidad de los datos en Argentina page.

Want more AWS Security news? Follow us on Twitter.

 

Microsoft acquires GitHub

Post Syndicated from corbet original https://lwn.net/Articles/756443/rss

Here’s the
press release
announcing Microsoft’s agreement to acquire GitHub for a
mere $7.5 billion. “GitHub will retain its developer-first
ethos and will operate independently to provide an open platform for all
developers in all industries. Developers will continue to be able to use
the programming languages, tools and operating systems of their choice for
their projects — and will still be able to deploy their code to any
operating system, any cloud and any device.

Build your own weather station with our new guide!

Post Syndicated from Richard Hayler original https://www.raspberrypi.org/blog/build-your-own-weather-station/

One of the most common enquiries I receive at Pi Towers is “How can I get my hands on a Raspberry Pi Oracle Weather Station?” Now the answer is: “Why not build your own version using our guide?”

Build Your Own weather station kit assembled

Tadaaaa! The BYO weather station fully assembled.

Our Oracle Weather Station

In 2016 we sent out nearly 1000 Raspberry Pi Oracle Weather Station kits to schools from around the world who had applied to be part of our weather station programme. In the original kit was a special HAT that allows the Pi to collect weather data with a set of sensors.

The original Raspberry Pi Oracle Weather Station HAT – Build Your Own Raspberry Pi weather station

The original Raspberry Pi Oracle Weather Station HAT

We designed the HAT to enable students to create their own weather stations and mount them at their schools. As part of the programme, we also provide an ever-growing range of supporting resources. We’ve seen Oracle Weather Stations in great locations with a huge differences in climate, and they’ve even recorded the effects of a solar eclipse.

Our new BYO weather station guide

We only had a single batch of HATs made, and unfortunately we’ve given nearly* all the Weather Station kits away. Not only are the kits really popular, we also receive lots of questions about how to add extra sensors or how to take more precise measurements of a particular weather phenomenon. So today, to satisfy your demand for a hackable weather station, we’re launching our Build your own weather station guide!

Build Your Own Raspberry Pi weather station

Fun with meteorological experiments!

Our guide suggests the use of many of the sensors from the Oracle Weather Station kit, so can build a station that’s as close as possible to the original. As you know, the Raspberry Pi is incredibly versatile, and we’ve made it easy to hack the design in case you want to use different sensors.

Many other tutorials for Pi-powered weather stations don’t explain how the various sensors work or how to store your data. Ours goes into more detail. It shows you how to put together a breadboard prototype, it describes how to write Python code to take readings in different ways, and it guides you through recording these readings in a database.

Build Your Own Raspberry Pi weather station on a breadboard

There’s also a section on how to make your station weatherproof. And in case you want to move past the breadboard stage, we also help you with that. The guide shows you how to solder together all the components, similar to the original Oracle Weather Station HAT.

Who should try this build

We think this is a great project to tackle at home, at a STEM club, Scout group, or CoderDojo, and we’re sure that many of you will be chomping at the bit to get started. Before you do, please note that we’ve designed the build to be as straight-forward as possible, but it’s still fairly advanced both in terms of electronics and programming. You should read through the whole guide before purchasing any components.

Build Your Own Raspberry Pi weather station – components

The sensors and components we’re suggesting balance cost, accuracy, and easy of use. Depending on what you want to use your station for, you may wish to use different components. Similarly, the final soldered design in the guide may not be the most elegant, but we think it is achievable for someone with modest soldering experience and basic equipment.

You can build a functioning weather station without soldering with our guide, but the build will be more durable if you do solder it. If you’ve never tried soldering before, that’s OK: we have a Getting started with soldering resource plus video tutorial that will walk you through how it works step by step.

Prototyping HAT for Raspberry Pi weather station sensors

For those of you who are more experienced makers, there are plenty of different ways to put the final build together. We always like to hear about alternative builds, so please post your designs in the Weather Station forum.

Our plans for the guide

Our next step is publishing supplementary guides for adding extra functionality to your weather station. We’d love to hear which enhancements you would most like to see! Our current ideas under development include adding a webcam, making a tweeting weather station, adding a light/UV meter, and incorporating a lightning sensor. Let us know which of these is your favourite, or suggest your own amazing ideas in the comments!

*We do have a very small number of kits reserved for interesting projects or locations: a particularly cool experiment, a novel idea for how the Oracle Weather Station could be used, or places with specific weather phenomena. If have such a project in mind, please send a brief outline to [email protected], and we’ll consider how we might be able to help you.

The post Build your own weather station with our new guide! appeared first on Raspberry Pi.

Storing Encrypted Credentials In Git

Post Syndicated from Bozho original https://techblog.bozho.net/storing-encrypted-credentials-in-git/

We all know that we should not commit any passwords or keys to the repo with our code (no matter if public or private). Yet, thousands of production passwords can be found on GitHub (and probably thousands more in internal company repositories). Some have tried to fix that by removing the passwords (once they learned it’s not a good idea to store them publicly), but passwords have remained in the git history.

Knowing what not to do is the first and very important step. But how do we store production credentials. Database credentials, system secrets (e.g. for HMACs), access keys for 3rd party services like payment providers or social networks. There doesn’t seem to be an agreed upon solution.

I’ve previously argued with the 12-factor app recommendation to use environment variables – if you have a few that might be okay, but when the number of variables grow (as in any real application), it becomes impractical. And you can set environment variables via a bash script, but you’d have to store it somewhere. And in fact, even separate environment variables should be stored somewhere.

This somewhere could be a local directory (risky), a shared storage, e.g. FTP or S3 bucket with limited access, or a separate git repository. I think I prefer the git repository as it allows versioning (Note: S3 also does, but is provider-specific). So you can store all your environment-specific properties files with all their credentials and environment-specific configurations in a git repo with limited access (only Ops people). And that’s not bad, as long as it’s not the same repo as the source code.

Such a repo would look like this:

project
└─── production
|   |   application.properites
|   |   keystore.jks
└─── staging
|   |   application.properites
|   |   keystore.jks
└─── on-premise-client1
|   |   application.properites
|   |   keystore.jks
└─── on-premise-client2
|   |   application.properites
|   |   keystore.jks

Since many companies are using GitHub or BitBucket for their repositories, storing production credentials on a public provider may still be risky. That’s why it’s a good idea to encrypt the files in the repository. A good way to do it is via git-crypt. It is “transparent” encryption because it supports diff and encryption and decryption on the fly. Once you set it up, you continue working with the repo as if it’s not encrypted. There’s even a fork that works on Windows.

You simply run git-crypt init (after you’ve put the git-crypt binary on your OS Path), which generates a key. Then you specify your .gitattributes, e.g. like that:

secretfile filter=git-crypt diff=git-crypt
*.key filter=git-crypt diff=git-crypt
*.properties filter=git-crypt diff=git-crypt
*.jks filter=git-crypt diff=git-crypt

And you’re done. Well, almost. If this is a fresh repo, everything is good. If it is an existing repo, you’d have to clean up your history which contains the unencrypted files. Following these steps will get you there, with one addition – before calling git commit, you should call git-crypt status -f so that the existing files are actually encrypted.

You’re almost done. We should somehow share and backup the keys. For the sharing part, it’s not a big issue to have a team of 2-3 Ops people share the same key, but you could also use the GPG option of git-crypt (as documented in the README). What’s left is to backup your secret key (that’s generated in the .git/git-crypt directory). You can store it (password-protected) in some other storage, be it a company shared folder, Dropbox/Google Drive, or even your email. Just make sure your computer is not the only place where it’s present and that it’s protected. I don’t think key rotation is necessary, but you can devise some rotation procedure.

git-crypt authors claim to shine when it comes to encrypting just a few files in an otherwise public repo. And recommend looking at git-remote-gcrypt. But as often there are non-sensitive parts of environment-specific configurations, you may not want to encrypt everything. And I think it’s perfectly fine to use git-crypt even in a separate repo scenario. And even though encryption is an okay approach to protect credentials in your source code repo, it’s still not necessarily a good idea to have the environment configurations in the same repo. Especially given that different people/teams manage these credentials. Even in small companies, maybe not all members have production access.

The outstanding questions in this case is – how do you sync the properties with code changes. Sometimes the code adds new properties that should be reflected in the environment configurations. There are two scenarios here – first, properties that could vary across environments, but can have default values (e.g. scheduled job periods), and second, properties that require explicit configuration (e.g. database credentials). The former can have the default values bundled in the code repo and therefore in the release artifact, allowing external files to override them. The latter should be announced to the people who do the deployment so that they can set the proper values.

The whole process of having versioned environment-speific configurations is actually quite simple and logical, even with the encryption added to the picture. And I think it’s a good security practice we should try to follow.

The post Storing Encrypted Credentials In Git appeared first on Bozho's tech blog.

Friday Squid Blogging: Do Cephalopods Contain Alien DNA?

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/06/friday_squid_bl_627.html

Maybe not DNA, but biological somethings.

Cause of Cambrian explosion — Terrestrial or Cosmic?“:

Abstract: We review the salient evidence consistent with or predicted by the Hoyle-Wickramasinghe (H-W) thesis of Cometary (Cosmic) Biology. Much of this physical and biological evidence is multifactorial. One particular focus are the recent studies which date the emergence of the complex retroviruses of vertebrate lines at or just before the Cambrian Explosion of ~500 Ma. Such viruses are known to be plausibly associated with major evolutionary genomic processes. We believe this coincidence is not fortuitous but is consistent with a key prediction of H-W theory whereby major extinction-diversification evolutionary boundaries coincide with virus-bearing cometary-bolide bombardment events. A second focus is the remarkable evolution of intelligent complexity (Cephalopods) culminating in the emergence of the Octopus. A third focus concerns the micro-organism fossil evidence contained within meteorites as well as the detection in the upper atmosphere of apparent incoming life-bearing particles from space. In our view the totality of the multifactorial data and critical analyses assembled by Fred Hoyle, Chandra Wickramasinghe and their many colleagues since the 1960s leads to a very plausible conclusion — life may have been seeded here on Earth by life-bearing comets as soon as conditions on Earth allowed it to flourish (about or just before 4.1 Billion years ago); and living organisms such as space-resistant and space-hardy bacteria, viruses, more complex eukaryotic cells, fertilised ova and seeds have been continuously delivered ever since to Earth so being one important driver of further terrestrial evolution which has resulted in considerable genetic diversity and which has led to the emergence of mankind.

Two commentaries.

This is almost certainly not true.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Some quick thoughts on the public discussion regarding facial recognition and Amazon Rekognition this past week

Post Syndicated from Dr. Matt Wood original https://aws.amazon.com/blogs/aws/some-quick-thoughts-on-the-public-discussion-regarding-facial-recognition-and-amazon-rekognition-this-past-week/

We have seen a lot of discussion this past week about the role of Amazon Rekognition in facial recognition, surveillance, and civil liberties, and we wanted to share some thoughts.

Amazon Rekognition is a service we announced in 2016. It makes use of new technologies – such as deep learning – and puts them in the hands of developers in an easy-to-use, low-cost way. Since then, we have seen customers use the image and video analysis capabilities of Amazon Rekognition in ways that materially benefit both society (e.g. preventing human trafficking, inhibiting child exploitation, reuniting missing children with their families, and building educational apps for children), and organizations (enhancing security through multi-factor authentication, finding images more easily, or preventing package theft). Amazon Web Services (AWS) is not the only provider of services like these, and we remain excited about how image and video analysis can be a driver for good in the world, including in the public sector and law enforcement.

There have always been and will always be risks with new technology capabilities. Each organization choosing to employ technology must act responsibly or risk legal penalties and public condemnation. AWS takes its responsibilities seriously. But we believe it is the wrong approach to impose a ban on promising new technologies because they might be used by bad actors for nefarious purposes in the future. The world would be a very different place if we had restricted people from buying computers because it was possible to use that computer to do harm. The same can be said of thousands of technologies upon which we all rely each day. Through responsible use, the benefits have far outweighed the risks.

Customers are off to a great start with Amazon Rekognition; the evidence of the positive impact this new technology can provide is strong (and growing by the week), and we’re excited to continue to support our customers in its responsible use.

-Dr. Matt Wood, general manager of artificial intelligence at AWS

Amazon SageMaker Updates – Tokyo Region, CloudFormation, Chainer, and GreenGrass ML

Post Syndicated from Randall Hunt original https://aws.amazon.com/blogs/aws/sagemaker-tokyo-summit-2018/

Today, at the AWS Summit in Tokyo we announced a number of updates and new features for Amazon SageMaker. Starting today, SageMaker is available in Asia Pacific (Tokyo)! SageMaker also now supports CloudFormation. A new machine learning framework, Chainer, is now available in the SageMaker Python SDK, in addition to MXNet and Tensorflow. Finally, support for running Chainer models on several devices was added to AWS Greengrass Machine Learning.

Amazon SageMaker Chainer Estimator


Chainer is a popular, flexible, and intuitive deep learning framework. Chainer networks work on a “Define-by-Run” scheme, where the network topology is defined dynamically via forward computation. This is in contrast to many other frameworks which work on a “Define-and-Run” scheme where the topology of the network is defined separately from the data. A lot of developers enjoy the Chainer scheme since it allows them to write their networks with native python constructs and tools.

Luckily, using Chainer with SageMaker is just as easy as using a TensorFlow or MXNet estimator. In fact, it might even be a bit easier since it’s likely you can take your existing scripts and use them to train on SageMaker with very few modifications. With TensorFlow or MXNet users have to implement a train function with a particular signature. With Chainer your scripts can be a little bit more portable as you can simply read from a few environment variables like SM_MODEL_DIR, SM_NUM_GPUS, and others. We can wrap our existing script in a if __name__ == '__main__': guard and invoke it locally or on sagemaker.


import argparse
import os

if __name__ =='__main__':

    parser = argparse.ArgumentParser()

    # hyperparameters sent by the client are passed as command-line arguments to the script.
    parser.add_argument('--epochs', type=int, default=10)
    parser.add_argument('--batch-size', type=int, default=64)
    parser.add_argument('--learning-rate', type=float, default=0.05)

    # Data, model, and output directories
    parser.add_argument('--output-data-dir', type=str, default=os.environ['SM_OUTPUT_DATA_DIR'])
    parser.add_argument('--model-dir', type=str, default=os.environ['SM_MODEL_DIR'])
    parser.add_argument('--train', type=str, default=os.environ['SM_CHANNEL_TRAIN'])
    parser.add_argument('--test', type=str, default=os.environ['SM_CHANNEL_TEST'])

    args, _ = parser.parse_known_args()

    # ... load from args.train and args.test, train a model, write model to args.model_dir.

Then, we can run that script locally or use the SageMaker Python SDK to launch it on some GPU instances in SageMaker. The hyperparameters will get passed in to the script as CLI commands and the environment variables above will be autopopulated. When we call fit the input channels we pass will be populated in the SM_CHANNEL_* environment variables.


from sagemaker.chainer.estimator import Chainer
# Create my estimator
chainer_estimator = Chainer(
    entry_point='example.py',
    train_instance_count=1,
    train_instance_type='ml.p3.2xlarge',
    hyperparameters={'epochs': 10, 'batch-size': 64}
)
# Train my estimator
chainer_estimator.fit({'train': train_input, 'test': test_input})

# Deploy my estimator to a SageMaker Endpoint and get a Predictor
predictor = chainer_estimator.deploy(
    instance_type="ml.m4.xlarge",
    initial_instance_count=1
)

Now, instead of bringing your own docker container for training and hosting with Chainer, you can just maintain your script. You can see the full sagemaker-chainer-containers on github. One of my favorite features of the new container is built-in chainermn for easy multi-node distribution of your chainer training jobs.

There’s a lot more documentation and information available in both the README and the example notebooks.

AWS GreenGrass ML with Chainer

AWS GreenGrass ML now includes a pre-built Chainer package for all devices powered by Intel Atom, NVIDIA Jetson, TX2, and Raspberry Pi. So, now GreenGrass ML provides pre-built packages for TensorFlow, Apache MXNet, and Chainer! You can train your models on SageMaker then easily deploy it to any GreenGrass-enabled device using GreenGrass ML.

JAWS UG

I want to give a quick shout out to all of our wonderful and inspirational friends in the JAWS UG who attended the AWS Summit in Tokyo today. I’ve very much enjoyed seeing your pictures of the summit. Thanks for making Japan an amazing place for AWS developers! I can’t wait to visit again and meet with all of you.

Randall

1834: The First Cyberattack

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/05/1834_the_first_.html

Tom Standage has a great story of the first cyberattack against a telegraph network.

The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements. Some tried using messengers and carrier pigeons, but the Blanc brothers found a way to use the telegraph line instead. They bribed the telegraph operator in the city of Tours to introduce deliberate errors into routine government messages being sent over the network.

The telegraph’s encoding system included a “backspace” symbol that instructed the transcriber to ignore the previous character. The addition of a spurious character indicating the direction of the previous day’s market movement, followed by a backspace, meant the text of the message being sent was unaffected when it was written out for delivery at the end of the line. But this extra character could be seen by another accomplice: a former telegraph operator who observed the telegraph tower outside Bordeaux with a telescope, and then passed on the news to the Blancs. The scam was only uncovered in 1836, when the crooked operator in Tours fell ill and revealed all to a friend, who he hoped would take his place. The Blanc brothers were put on trial, though they could not be convicted because there was no law against misuse of data networks. But the Blancs’ pioneering misuse of the French network qualifies as the world’s first cyber-attack.

New – Pay-per-Session Pricing for Amazon QuickSight, Another Region, and Lots More

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/new-pay-per-session-pricing-for-amazon-quicksight-another-region-and-lots-more/

Amazon QuickSight is a fully managed cloud business intelligence system that gives you Fast & Easy to Use Business Analytics for Big Data. QuickSight makes business analytics available to organizations of all shapes and sizes, with the ability to access data that is stored in your Amazon Redshift data warehouse, your Amazon Relational Database Service (RDS) relational databases, flat files in S3, and (via connectors) data stored in on-premises MySQL, PostgreSQL, and SQL Server databases. QuickSight scales to accommodate tens, hundreds, or thousands of users per organization.

Today we are launching a new, session-based pricing option for QuickSight, along with additional region support and other important new features. Let’s take a look at each one:

Pay-per-Session Pricing
Our customers are making great use of QuickSight and take full advantage of the power it gives them to connect to data sources, create reports, and and explore visualizations.

However, not everyone in an organization needs or wants such powerful authoring capabilities. Having access to curated data in dashboards and being able to interact with the data by drilling down, filtering, or slicing-and-dicing is more than adequate for their needs. Subscribing them to a monthly or annual plan can be seen as an unwarranted expense, so a lot of such casual users end up not having access to interactive data or BI.

In order to allow customers to provide all of their users with interactive dashboards and reports, the Enterprise Edition of Amazon QuickSight now allows Reader access to dashboards on a Pay-per-Session basis. QuickSight users are now classified as Admins, Authors, or Readers, with distinct capabilities and prices:

Authors have access to the full power of QuickSight; they can establish database connections, upload new data, create ad hoc visualizations, and publish dashboards, all for $9 per month (Standard Edition) or $18 per month (Enterprise Edition).

Readers can view dashboards, slice and dice data using drill downs, filters and on-screen controls, and download data in CSV format, all within the secure QuickSight environment. Readers pay $0.30 for 30 minutes of access, with a monthly maximum of $5 per reader.

Admins have all authoring capabilities, and can manage users and purchase SPICE capacity in the account. The QuickSight admin now has the ability to set the desired option (Author or Reader) when they invite members of their organization to use QuickSight. They can extend Reader invites to their entire user base without incurring any up-front or monthly costs, paying only for the actual usage.

To learn more, visit the QuickSight Pricing page.

A New Region
QuickSight is now available in the Asia Pacific (Tokyo) Region:

The UI is in English, with a localized version in the works.

Hourly Data Refresh
Enterprise Edition SPICE data sets can now be set to refresh as frequently as every hour. In the past, each data set could be refreshed up to 5 times a day. To learn more, read Refreshing Imported Data.

Access to Data in Private VPCs
This feature was launched in preview form late last year, and is now available in production form to users of the Enterprise Edition. As I noted at the time, you can use it to implement secure, private communication with data sources that do not have public connectivity, including on-premises data in Teradata or SQL Server, accessed over an AWS Direct Connect link. To learn more, read Working with AWS VPC.

Parameters with On-Screen Controls
QuickSight dashboards can now include parameters that are set using on-screen dropdown, text box, numeric slider or date picker controls. The default value for each parameter can be set based on the user name (QuickSight calls this a dynamic default). You could, for example, set an appropriate default based on each user’s office location, department, or sales territory. Here’s an example:

To learn more, read about Parameters in QuickSight.

URL Actions for Linked Dashboards
You can now connect your QuickSight dashboards to external applications by defining URL actions on visuals. The actions can include parameters, and become available in the Details menu for the visual. URL actions are defined like this:

You can use this feature to link QuickSight dashboards to third party applications (e.g. Salesforce) or to your own internal applications. Read Custom URL Actions to learn how to use this feature.

Dashboard Sharing
You can now share QuickSight dashboards across every user in an account.

Larger SPICE Tables
The per-data set limit for SPICE tables has been raised from 10 GB to 25 GB.

Upgrade to Enterprise Edition
The QuickSight administrator can now upgrade an account from Standard Edition to Enterprise Edition with a click. This enables provisioning of Readers with pay-per-session pricing, private VPC access, row-level security for dashboards and data sets, and hourly refresh of data sets. Enterprise Edition pricing applies after the upgrade.

Available Now
Everything I listed above is available now and you can start using it today!

You can try QuickSight for 60 days at no charge, and you can also attend our June 20th Webinar.

Jeff;

 

Hiring a Director of Sales

Post Syndicated from Yev original https://www.backblaze.com/blog/hiring-a-director-of-sales/

Backblaze is hiring a Director of Sales. This is a critical role for Backblaze as we continue to grow the team. We need a strong leader who has experience in scaling a sales team and who has an excellent track record for exceeding goals by selling Software as a Service (SaaS) solutions. In addition, this leader will need to be highly motivated, as well as able to create and develop a highly-motivated, success oriented sales team that has fun and enjoys what they do.

The History of Backblaze from our CEO
In 2007, after a friend’s computer crash caused her some suffering, we realized that with every photo, video, song, and document going digital, everyone would eventually lose all of their information. Five of us quit our jobs to start a company with the goal of making it easy for people to back up their data.

Like many startups, for a while we worked out of a co-founder’s one-bedroom apartment. Unlike most startups, we made an explicit agreement not to raise funding during the first year. We would then touch base every six months and decide whether to raise or not. We wanted to focus on building the company and the product, not on pitching and slide decks. And critically, we wanted to build a culture that understood money comes from customers, not the magical VC giving tree. Over the course of 5 years we built a profitable, multi-million dollar revenue business — and only then did we raise a VC round.

Fast forward 10 years later and our world looks quite different. You’ll have some fantastic assets to work with:

  • A brand millions recognize for openness, ease-of-use, and affordability.
  • A computer backup service that stores over 500 petabytes of data, has recovered over 30 billion files for hundreds of thousands of paying customers — most of whom self-identify as being the people that find and recommend technology products to their friends.
  • Our B2 service that provides the lowest cost cloud storage on the planet at 1/4th the price Amazon, Google or Microsoft charges. While being a newer product on the market, it already has over 100,000 IT and developers signed up as well as an ecosystem building up around it.
  • A growing, profitable and cash-flow positive company.
  • And last, but most definitely not least: a great sales team.

You might be saying, “sounds like you’ve got this under control — why do you need me?” Don’t be misled. We need you. Here’s why:

  • We have a great team, but we are in the process of expanding and we need to develop a structure that will easily scale and provide the most success to drive revenue.
  • We just launched our outbound sales efforts and we need someone to help develop that into a fully successful program that’s building a strong pipeline and closing business.
  • We need someone to work with the marketing department and figure out how to generate more inbound opportunities that the sales team can follow up on and close.
  • We need someone who will work closely in developing the skills of our current sales team and build a path for career growth and advancement.
  • We want someone to manage our Customer Success program.

So that’s a bit about us. What are we looking for in you?

Experience: As a sales leader, you will strategically build and drive the territory’s sales pipeline by assembling and leading a skilled team of sales professionals. This leader should be familiar with generating, developing and closing software subscription (SaaS) opportunities. We are looking for a self-starter who can manage a team and make an immediate impact of selling our Backup and Cloud Storage solutions. In this role, the sales leader will work closely with the VP of Sales, marketing staff, and service staff to develop and implement specific strategic plans to achieve and exceed revenue targets, including new business acquisition as well as build out our customer success program.

Leadership: We have an experienced team who’s brought us to where we are today. You need to have the people and management skills to get them excited about working with you. You need to be a strong leader and compassionate about developing and supporting your team.

Data driven and creative: The data has to show something makes sense before we scale it up. However, without creativity, it’s easy to say “the data shows it’s impossible” or to find a local maximum. Whether it’s deciding how to scale the team, figuring out what our outbound sales efforts should look like or putting a plan in place to develop the team for career growth, we’ve seen a bit of creativity get us places a few extra dollars couldn’t.

Jive with our culture: Strong leaders affect culture and the person we hire for this role may well shape, not only fit into, ours. But to shape the culture you have to be accepted by the organism, which means a certain set of shared values. We default to openness with our team, our customers, and everyone if possible. We love initiative — without arrogance or dictatorship. We work to create a place people enjoy showing up to work. That doesn’t mean ping pong tables and foosball (though we do try to have perks & fun), but it means people are friendly, non-political, working to build a good service but also a good place to work.

Do the work: Ideas and strategy are critical, but good execution makes them happen. We’re looking for someone who can help the team execute both from the perspective of being capable of guiding and organizing, but also someone who is hands-on themselves.

Additional Responsibilities needed for this role:

  • Recruit, coach, mentor, manage and lead a team of sales professionals to achieve yearly sales targets. This includes closing new business and expanding upon existing clientele.
  • Expand the customer success program to provide the best customer experience possible resulting in upsell opportunities and a high retention rate.
  • Develop effective sales strategies and deliver compelling product demonstrations and sales pitches.
  • Acquire and develop the appropriate sales tools to make the team efficient in their daily work flow.
  • Apply a thorough understanding of the marketplace, industry trends, funding developments, and products to all management activities and strategic sales decisions.
  • Ensure that sales department operations function smoothly, with the goal of facilitating sales and/or closings; operational responsibilities include accurate pipeline reporting and sales forecasts.
  • This position will report directly to the VP of Sales and will be staffed in our headquarters in San Mateo, CA.

Requirements:

  • 7 – 10+ years of successful sales leadership experience as measured by sales performance against goals.
    Experience in developing skill sets and providing career growth and opportunities through advancement of team members.
  • Background in selling SaaS technologies with a strong track record of success.
  • Strong presentation and communication skills.
  • Must be able to travel occasionally nationwide.
  • BA/BS degree required

Think you want to join us on this adventure?
Send an email to jobscontact@backblaze.com with the subject “Director of Sales.” (Recruiters and agencies, please don’t email us.) Include a resume and answer these two questions:

  1. How would you approach evaluating the current sales team and what is your process for developing a growth strategy to scale the team?
  2. What are the goals you would set for yourself in the 3 month and 1-year timeframes?

Thank you for taking the time to read this and I hope that this sounds like the opportunity for which you’ve been waiting.

Backblaze is an Equal Opportunity Employer.

The post Hiring a Director of Sales appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.