Tag Archives: upnp

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/743575/rss

Security updates have been issued by Arch Linux (linux-hardened, linux-lts, linux-zen, and mongodb), Debian (gdk-pixbuf, gifsicle, graphicsmagick, kernel, and poppler), Fedora (dracut, electron-cash, and firefox), Gentoo (backintime, binutils, chromium, emacs, libXcursor, miniupnpc, openssh, optipng, and webkit-gtk), Mageia (kernel, kernel-linus, kernel-tmb, openafs, and python-mistune), openSUSE (clamav-database, ImageMagick, kernel-firmware, nodejs4, and qemu), Red Hat (linux-firmware, ovirt-guest-agent-docker, qemu-kvm-rhev, redhat-virtualization-host, rhev-hypervisor7, rhvm-appliance, thunderbird, and vdsm), Scientific Linux (thunderbird), SUSE (kernel and qemu), and Ubuntu (firefox and poppler).

Delivering Graphics Apps with Amazon AppStream 2.0

Post Syndicated from Deepak Suryanarayanan original https://aws.amazon.com/blogs/compute/delivering-graphics-apps-with-amazon-appstream-2-0/

Sahil Bahri, Sr. Product Manager, Amazon AppStream 2.0

Do you need to provide a workstation class experience for users who run graphics apps? With Amazon AppStream 2.0, you can stream graphics apps from AWS to a web browser running on any supported device. AppStream 2.0 offers a choice of GPU instance types. The range includes the newly launched Graphics Design instance, which allows you to offer a fast, fluid user experience at a fraction of the cost of using a graphics workstation, without upfront investments or long-term commitments.

In this post, I discuss the Graphics Design instance type in detail, and how you can use it to deliver a graphics application such as Siemens NX―a popular CAD/CAM application that we have been testing on AppStream 2.0 with engineers from Siemens PLM.

Graphics Instance Types on AppStream 2.0

First, a quick recap on the GPU instance types available with AppStream 2.0. In July, 2017, we launched graphics support for AppStream 2.0 with two new instance types that Jeff Barr discussed on the AWS Blog:

  • Graphics Desktop
  • Graphics Pro

Many customers in industries such as engineering, media, entertainment, and oil and gas are using these instances to deliver high-performance graphics applications to their users. These instance types are based on dedicated NVIDIA GPUs and can run the most demanding graphics applications, including those that rely on CUDA graphics API libraries.

Last week, we added a new lower-cost instance type: Graphics Design. This instance type is a great fit for engineers, 3D modelers, and designers who use graphics applications that rely on the hardware acceleration of DirectX, OpenGL, or OpenCL APIs, such as Siemens NX, Autodesk AutoCAD, or Adobe Photoshop. The Graphics Design instance is based on AMD’s FirePro S7150x2 Server GPUs and equipped with AMD Multiuser GPU technology. The instance type uses virtualized GPUs to achieve lower costs, and is available in four instance sizes to scale and match the requirements of your applications.

Instance vCPUs Instance RAM (GiB) GPU Memory (GiB)
stream.graphics-design.large 2 7.5 GiB 1
stream.graphics-design.xlarge 4 15.3 GiB 2
stream.graphics-design.2xlarge 8 30.5 GiB 4
stream.graphics-design.4xlarge 16 61 GiB 8

The following table compares all three graphics instance types on AppStream 2.0, along with example applications you could use with each.

  Graphics Design Graphics Desktop Graphics Pro
Number of instance sizes 4 1 3
GPU memory range
1–8 GiB 4 GiB 8–32 GiB
vCPU range 2–16 8 16–32
Memory range 7.5–61 GiB 15 GiB 122–488 GiB
Graphics libraries supported AMD FirePro S7150x2 NVIDIA GRID K520 NVIDIA Tesla M60
Price range (N. Virginia AWS Region) $0.25 – $2.00/hour $0.5/hour $2.05 – $8.20/hour
Example applications Adobe Premiere Pro, AutoDesk Revit, Siemens NX AVEVA E3D, SOLIDWORKS AutoDesk Maya, Landmark DecisionSpace, Schlumberger Petrel

Example graphics instance set up with Siemens NX

In the section, I walk through setting up Siemens NX with Graphics Design instances on AppStream 2.0. After set up is complete, users can able to access NX from within their browser and also access their design files from a file share. You can also use these steps to set up and test your own graphics applications on AppStream 2.0. Here’s the workflow:

  1. Create a file share to load and save design files.
  2. Create an AppStream 2.0 image with Siemens NX installed.
  3. Create an AppStream 2.0 fleet and stack.
  4. Invite users to access Siemens NX through a browser.
  5. Validate the setup.

To learn more about AppStream 2.0 concepts and set up, see the previous post Scaling Your Desktop Application Streams with Amazon AppStream 2.0. For a deeper review of all the setup and maintenance steps, see Amazon AppStream 2.0 Developer Guide.

Step 1: Create a file share to load and save design files

To launch and configure the file server

  1. Open the EC2 console and choose Launch Instance.
  2. Scroll to the Microsoft Windows Server 2016 Base Image and choose Select.
  3. Choose an instance type and size for your file server (I chose the general purpose m4.large instance). Choose Next: Configure Instance Details.
  4. Select a VPC and subnet. You launch AppStream 2.0 resources in the same VPC. Choose Next: Add Storage.
  5. If necessary, adjust the size of your EBS volume. Choose Review and Launch, Launch.
  6. On the Instances page, give your file server a name, such as My File Server.
  7. Ensure that the security group associated with the file server instance allows for incoming traffic from the security group that you select for your AppStream 2.0 fleets or image builders. You can use the default security group and select the same group while creating the image builder and fleet in later steps.

Log in to the file server using a remote access client such as Microsoft Remote Desktop. For more information about connecting to an EC2 Windows instance, see Connect to Your Windows Instance.

To enable file sharing

  1. Create a new folder (such as C:\My Graphics Files) and upload the shared files to make available to your users.
  2. From the Windows control panel, enable network discovery.
  3. Choose Server Manager, File and Storage Services, Volumes.
  4. Scroll to Shares and choose Start the Add Roles and Features Wizard. Go through the wizard to install the File Server and Share role.
  5. From the left navigation menu, choose Shares.
  6. Choose Start the New Share Wizard to set up your folder as a file share.
  7. Open the context (right-click) menu on the share and choose Properties, Permissions, Customize Permissions.
  8. Choose Permissions, Add. Add Read and Execute permissions for everyone on the network.

Step 2:  Create an AppStream 2.0 image with Siemens NX installed

To connect to the image builder and install applications

  1. Open the AppStream 2.0 management console and choose Images, Image Builder, Launch Image Builder.
  2. Create a graphics design image builder in the same VPC as your file server.
  3. From the Image builder tab, select your image builder and choose Connect. This opens a new browser tab and display a desktop to log in to.
  4. Log in to your image builder as ImageBuilderAdmin.
  5. Launch the Image Assistant.
  6. Download and install Siemens NX and other applications on the image builder. I added Blender and Firefox, but you could replace these with your own applications.
  7. To verify the user experience, you can test the application performance on the instance.

Before you finish creating the image, you must mount the file share by enabling a few Microsoft Windows services.

To mount the file share

  1. Open services.msc and check the following services:
  • DNS Client
  • Function Discovery Resource Publication
  • SSDP Discovery
  • UPnP Device H
  1. If any of the preceding services have Startup Type set to Manual, open the context (right-click) menu on the service and choose Start. Otherwise, open the context (right-click) menu on the service and choose Properties. For Startup Type, choose Manual, Apply. To start the service, choose Start.
  2. From the Windows control panel, enable network discovery.
  3. Create a batch script that mounts a file share from the storage server set up earlier. The file share is mounted automatically when a user connects to the AppStream 2.0 environment.

Logon Script Location: C:\Users\Public\logon.bat

Script Contents:


net use H: \\path\to\network\share 

PING localhost -n 30 >NUL


  1. Open gpedit.msc and choose User Configuration, Windows Settings, Scripts. Set logon.bat as the user logon script.
  2. Next, create a batch script that makes the mounted drive visible to the user.

Logon Script Location: C:\Users\Public\startup.bat

Script Contents:
REG DELETE “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer” /v “NoDrives” /f

  1. Open Task Scheduler and choose Create Task.
  2. Choose General, provide a task name, and then choose Change User or Group.
  3. For Enter the object name to select, enter SYSTEM and choose Check Names, OK.
  4. Choose Triggers, New. For Begin the task, choose At startup. Under Advanced Settings, change Delay task for to 5 minutes. Choose OK.
  5. Choose Actions, New. Under Settings, for Program/script, enter C:\Users\Public\startup.bat. Choose OK.
  6. Choose Conditions. Under Power, clear the Start the task only if the computer is on AC power Choose OK.
  7. To view your scheduled task, choose Task Scheduler Library. Close Task Scheduler when you are done.

Step 3:  Create an AppStream 2.0 fleet and stack

To create a fleet and stack

  1. In the AppStream 2.0 management console, choose Fleets, Create Fleet.
  2. Give the fleet a name, such as Graphics-Demo-Fleet, that uses the newly created image and the same VPC as your file server.
  3. Choose Stacks, Create Stack. Give the stack a name, such as Graphics-Demo-Stack.
  4. After the stack is created, select it and choose Actions, Associate Fleet. Associate the stack with the fleet you created in step 1.

Step 4:  Invite users to access Siemens NX through a browser

To invite users

  1. Choose User Pools, Create User to create users.
  2. Enter a name and email address for each user.
  3. Select the users just created, and choose Actions, Assign Stack to provide access to the stack created in step 2. You can also provide access using SAML 2.0 and connect to your Active Directory if necessary. For more information, see the Enabling Identity Federation with AD FS 3.0 and Amazon AppStream 2.0 post.

Your user receives an email invitation to set up an account and use a web portal to access the applications that you have included in your stack.

Step 5:  Validate the setup

Time for a test drive with Siemens NX on AppStream 2.0!

  1. Open the link for the AppStream 2.0 web portal shared through the email invitation. The web portal opens in your default browser. You must sign in with the temporary password and set a new password. After that, you get taken to your app catalog.
  2. Launch Siemens NX and interact with it using the demo files available in the shared storage folder – My Graphics Files. 

After I launched NX, I captured the screenshot below. The Siemens PLM team also recorded a video with NX running on AppStream 2.0.


In this post, I discussed the GPU instances available for delivering rich graphics applications to users in a web browser. While I demonstrated a simple setup, you can scale this out to launch a production environment with users signing in using Active Directory credentials,  accessing persistent storage with Amazon S3, and using other commonly requested features reviewed in the Amazon AppStream 2.0 Launch Recap – Domain Join, Simple Network Setup, and Lots More post.

To learn more about AppStream 2.0 and capabilities added this year, see Amazon AppStream 2.0 Resources.

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/732179/rss

Security updates have been issued by Debian (augeas, connman, fontforge, freeradius, git, mariadb-10.1, openjdk-7, php5, qemu, qemu-kvm, and tenshi), Fedora (augeas, libsndfile, thunderbird, and xen), Gentoo (AutoTrace and jbig2dec), Mageia (dbus, flash-player-plugin, groovy, groovy18, heimdal, kernel-linus, kmail(kdepimlibs4), libice, libmodplug, miniupnpc, and postgresql9.3/4/6), openSUSE (freeradius-server, gnome-shell, ImageMagick, and openvswitch), and SUSE (java-1_8_0-ibm, libzypp, and postgresql94).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/724293/rss

Security updates have been issued by Arch Linux (postgresql, postgresql-libs, samba, and sudo), Debian (gajim, libpodofo, openldap, pngquant, qemu-kvm, sudo, and tiff), Fedora (lxterminal, menu-cache, and pcmanfm), Gentoo (sudo), openSUSE (libraw, miniupnpc, and sudo), Oracle (kernel, nss, and sudo), Red Hat (kernel and sudo), Scientific Linux (kernel and sudo), Slackware (sudo), SUSE (java-1_6_0-ibm, java-1_8_0-openjdk, openstack-components, and sudo), and Ubuntu (sudo).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/723690/rss

Security updates have been issued by CentOS (libtirpc and rpcbind), Debian (libtasn1-3, libtasn1-6, and samba), Fedora (FlightGear, openvpn, and python-fedora), openSUSE (libtirpc and libxslt), Oracle (libtirpc and rpcbind), Red Hat (samba, samba3x, and samba4), Scientific Linux (samba and samba4), SUSE (java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm, samba, and tomcat), and Ubuntu (jbig2dec, miniupnpc, rtmpdump, and samba).

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/723552/rss

Security updates have been issued by Arch Linux (lynis), CentOS (kdelibs, libtirpc, rpcbind, and samba), Debian (miniupnpc), Fedora (chromium, chromium-native_client, and kernel), Oracle (kdelibs and samba), Red Hat (libtirpc and rpcbind), and Scientific Linux (kdelibs, libtirpc, rpcbind, and samba).

Weekend security updates

Post Syndicated from corbet original https://lwn.net/Articles/718732/rss

Security updates have been issued by Debian (ejabberd, jhead, and samba), Fedora (chromium, drupal8, empathy, erlang, firefox, icoutils, kernel, knot-resolver, libICE, libupnp, libXdmcp, links, mbedtls, moodle, mupdf, ntp, openslp, R, rkward, rpy, sane-backends, sscg, tcpreplay, thunderbird, and webkitgtk4), Mageia (kernel, kernel-linus, and kernel-tmb), openSUSE (apache2, Chromium, kernel, and virglrenderer), Oracle (kernel), and Slackware (samba).

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/717104/rss

Security updates have been issued by Arch Linux (linux-grsec and linux-lts), Debian (icoutils, imagemagick, and roundcube), Fedora (freetype, libupnp, libwmf, thunderbird, tor, and w3m), Red Hat (chromium-browser and thunderbird), Scientific Linux (thunderbird), and Ubuntu (icoutils, icu, libevent, pidgin, pillow, and python-imaging).

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/716959/rss

Security updates have been issued by Arch Linux (chromium, firefox, libxslt, and thunderbird), Debian (firefox-esr, icoutils, and pidgin), Fedora (firefox, freetype, GraphicsMagick, kdelibs, kdelibs3, kernel, libupnp, munin, php-pear-PHP-CodeSniffer, thunderbird, and wireshark), Mageia (flac, flash-player-plugin, potrace, and wireshark), openSUSE (bitlbee, cacti, kdelibs4, kio, lynx, openssh, pax-utils, perl-Image-Info, Wireshark, and xen), and SUSE (qemu).

Security advisories for Monday

Post Syndicated from ris original http://lwn.net/Articles/712296/rss

CentOS has updated java-1.8.0-openjdk (C7; C6: multiple vulnerabilities).

Debian has updated libphp-swiftmailer (code execution), mariadb-10.0 (multiple mostly unspecified vulnerabilities), and openjpeg2 (multiple vulnerabilities).

Debian-LTS has updated groovy (code execution) and opus (code execution).

Fedora has updated docker-latest
(F24: privilege escalation), ed (F25:
denial of service), groovy (F25: code
execution), libnl3 (F25; F24: privilege escalation), opus (F25; F24: code
execution), qemu (F25: multiple
vulnerabilities), squid (F25: two
vulnerabilities), and webkitgtk4 (F25; F24:
multiple vulnerabilities).

Gentoo has updated DBD-mysql
(multiple vulnerabilities), dcraw (denial
of service from 2015), DirectFB (two
vulnerabilities from 2014), libupnp (two
vulnerabilities), lua (code execution from
2014), ppp (denial of service from 2015),
qemu (multiple vulnerabilities), quagga (two vulnerabilities), and zlib (multiple vulnerabilities).

Mageia has updated libpng, libpng12 (NULL dereference bug).

openSUSE has updated perl-DBD-mysql (42.2, 42.1: three vulnerabilities) and xtrabackup (42.2; 42.1: information disclosure).

Oracle has updated java-1.8.0-openjdk (OL7; OL6: multiple vulnerabilities).

SUSE has updated gstreamer-0_10-plugins-good (SLE12-SP1; SLE11-SP4: multiple vulnerabilities).

Security advisories for Tuesday

Post Syndicated from ris original http://lwn.net/Articles/711855/rss

Arch Linux has updated python-crypto (code execution) and python2-crypto (code execution).

CentOS has updated bind (C7; C6; C5: denial of service) and bind97 (C5: denial of service).

Debian-LTS has updated pdns-recursor (code execution).

Fedora has updated bind (F24:
three denial of service flaws), bind99
(F24: three denial of service flaws), and SimGear (F25: file overwrites).

Gentoo has updated file (multiple vulnerabilities), libxml2 (multiple vulnerabilities), miniupnpc (denial of service), pidgin (multiple vulnerabilities), vlc (code execution), and xdelta (code execution).

openSUSE has updated ark (42.2, 42.1; SPH for SLE12: code execution), encfs (42.2, 42.1, 13.2: code execution from
2014), gstreamer-0_10-plugins-bad (13.2:
code execution), gstreamer-0_10-plugins-base (13.2: code
execution), gstreamer-0_10-plugins-good
(13.2: multiple vulnerabilities), gstreamer-plugins-bad (42.1; 13.2:
three vulnerabilities), gstreamer-plugins-base (42.1; 13.2:
code execution), gstreamer-plugins-good (42.1; 13.2:
multiple vulnerabilities), icinga (14.2,
14.1: two vulnerabilities), icoutils (42.2; 42.1; 13.2: multiple vulnerabilities), openjpeg2 (42.2: multiple vulnerabilities), pcsc-lite (42.2, 42.1, 13.2: privilege
escalation), and python-pycrypto (14.2,
14.1, 13.2: denial of service).

Oracle has updated bind (OL7; OL6; OL5: denial of service), bind97 (OL5: denial of service), and docker-engine docker-engine-selinux (OL7; OL6: two vulnerabilities).

Red Hat has updated kernel
(RHEL6.5: code execution).

Scientific Linux has updated bind (SL7; SL5,6:
denial of service) and bind97 (SL5: denial of service).

Security updates for Wednesday

Post Syndicated from ris original http://lwn.net/Articles/710625/rss

Arch Linux has updated lib32-curl
(two vulnerabilities), lib32-libcurl-compat (two vulnerabilities), lib32-libcurl-gnutls (two vulnerabilities), libcurl-compat (two vulnerabilities), libcurl-gnutls (two vulnerabilities), and pcsclite (privilege escalation).

CentOS has updated ghostscript (C7; C6: multiple vulnerabilities).

Debian has updated libphp-phpmailer (regression in previous update).

Debian-LTS has updated libphp-phpmailer (code execution) and libvncserver (two vulnerabilities).

Fedora has updated borgbackup (F25; F24: two
vulnerabilities) and freeipa (F24: two vulnerabilities).

Gentoo has updated firefox (multiple vulnerabilities).

Mageia has updated kernel-linus (multiple vulnerabilities), kernel-tmb (multiple vulnerabilities), libupnp (code execution), and python-html5lib (cross-site scripting).

openSUSE has updated dnsmasq
(42.2, 42.1: denial of service), samba (42.2; 42.1:
three vulnerabilities), and wget (42.2,
42.1: race condition).

Red Hat has updated ghostscript (RHEL7; RHEL6:
multiple vulnerabilities), kernel (RHEL7.1:
denial of service), and systemd (RHEL7.1: denial of service).

Scientific Linux has updated ghostscript (SL7; SL6:
multiple vulnerabilities) and ipa (SL7: two vulnerabilities).

Monday’s security updates

Post Syndicated from ris original http://lwn.net/Articles/709660/rss

Arch Linux has updated qt5-webengine (multiple vulnerabilities).

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).

Debian has updated php5 (unknown), samba (multiple vulnerabilities), tomcat7 (multiple vulnerabilities), and tomcat8 (multiple vulnerabilities).

Debian-LTS has updated game-music-emu (multiple vulnerabilities), icedove (multiple vulnerabilities), libupnp (code execution), libupnp4 (code execution), most (command execution), nagios3 (two vulnerabilities), php5 (multiple vulnerabilities), tomcat6 (privilege escalation), tomcat6 (regression in previous update), and tomcat7 (privilege escalation).

Fedora has updated firefox (F23:
denial of service), gd (F24: three
vulnerabilities), golang (F23: denial of
service), kernel (F25; F24: out of bounds stack read), perl-DBD-MySQL (F23: two vulnerabilities),
unzip (F25; F24: buffer overflows), and xen (F23: multiple vulnerabilities).

openSUSE has updated firefox
(42.2, 42.1, 13.2: multiple vulnerabilities), gc (13.2: code execution), and lxc (42.2, 42.1, 13.2: directory traversal).

SUSE has updated kernel
(SLE12-SP1: two vulnerabilities) and xen
(SLE11-SP4: multiple vulnerabilities).

Ubuntu has updated apt (16.10:
regression in previous update).

Security advisories for Friday

Post Syndicated from jake original http://lwn.net/Articles/709455/rss

Arch Linux has updated flashplugin (multiple vulnerabilities) and lib32-flashplugin (multiple vulnerabilities).

Debian has updated libupnp (two vulnerabilities).

Debian-LTS has updated firefox-esr (multiple vulnerabilities) and icu (two vulnerabilities, one from 2014).

Fedora has updated chromium (F25; F24: multiple vulnerabilities),
firefox (F25; F24: denial of service), gstreamer-plugins-bad-free (F24: code
execution), gstreamer-plugins-good (F24:
multiple vulnerabilities), and libgsf (F24: denial of service).

Mageia has updated chromium-browser-stable (multiple vulnerabilities) and firefox (multiple vulnerabilities).

Thursday’s security advisories

Post Syndicated from jake original http://lwn.net/Articles/697563/rss

Arch Linux has updated chromium
(multiple vulnerabilities) and linux-zen (connection hijacking).

Debian has updated gnupg (flawed
random number generation) and libgcrypt20
(flawed random number generation).

Debian-LTS has updated libupnp
(arbitrary file overwrite).

Fedora has updated bind (F23:
denial of service), fontconfig (F23:
privilege escalation), and python3 (F23:
proxy injection).

SUSE has updated xen (SLE12: multiple vulnerabilities,
one from 2014) and yast2-ntp-client (SLE10:
multiple vulnerabilities, most from 2015).

Ubuntu has updated fontconfig
(16.04, 14.04, 12.04: privilege escalation).

Security updates for Monday

Post Syndicated from ris original http://lwn.net/Articles/696693/rss

Arch Linux has updated glibc (two
denial of service vulnerabilities), lib32-glibc (two denial of service
vulnerabilities), and libupnp
(unauthenticated access).

Debian has updated kde4libs (command execution) and lighttpd (man-in-the-middle attacks).

Debian-LTS has updated mongodb (two vulnerabilities), mupdf (denial of service), and openjdk-7 (multiple vulnerabilities).

Fedora has updated curl (F24:
three vulnerabilities), firefox (F23:
multiple vulnerabilities), libgcrypt (F23:
key leak), and xen (F24: multiple vulnerabilities).

Mageia has updated ruby-eventmachine (denial of service).

openSUSE has updated bsdiff
(Leap42.1, 13.2: denial of service), Chromium (Leap42.1, 13.2; SPH for SLE12: multiple
vulnerabilities), java-1_8_0-openjdk (13.2:
multiple vulnerabilities), libvirt
(Leap42.1: authentication bypass), redis (Leap42.1, 13.2; SPH for SLE12: information leak),
and wireshark (Leap42.1, 13.2: multiple vulnerabilities).

Slackware has updated curl (three
vulnerabilities), firefox (multiple
vulnerabilities), openssh (two vulnerabilities), and stunnel (two vulnerabilities).

miranda-upnp – Interactive UPnP Client

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/FqSpMi7YFfo/

Miranda is a Python-based UPnP (Universal Plug-N-Play) client application designed to discover, query and interact with UPNP devices, particularly Internet Gateway Devices (aka, routers). It can be used to audit UPNP-enabled devices on a network for possible vulnerabilities. Miranda was built on and for a Linux system and has been tested on a…

Read the full post at darknet.org.uk

Oh Nine Sixteen

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/oh-nine-sixteen.html

#nocomments y

As a followup to Oh Nine
here’s a little overview of the changes coming with PulseAudio 0.9.16 which will be part of
Fedora 12 (already in Rawhide; I think Ubuntu Karmic (?) will have it

A New Mixer Logic

We now try to control more than just a single ALSA mixer element for volume
control. This increases the hardware volume range and granularity exposed and
should also help minimizing problems by incomplete or incorrect default mixer
initialization on the lower levels.

This also adds support for allowing selection of input/output ports for
sound cards. This is used to expose changing between Mic vs. Line-In for input
source selection and Headphones vs. Speaker for output selection (of course the
list of available port is strictly dependant on what you hardware supports).
The list of available ports is deliberately kept minimal.

Thanks to Bastien the newest GNOME Volume Control now exposes profile/port
switching quite nicely, which he
blogged about.
screenshot shows how the port (here called ‘Connector’) can be selected
in the new dialog.

The mixer rework also allows us to handle semi-pro/pro sound cards a bit
more flexibly. For example, which profiles/ports are exposed in PulseAudio or
how specific mixer elements are handled can now be controlled by editing .ini
file like configuration files in /usr/share/pulseaudio/alsa-mixer/.
this mail for more information about this.

UPnP MediaServer Support

PulseAudio now integrates with Zeeshan’s fabulous Rygel UPnP/DLNA MediaServer. If enabled
Rygel will automatically expose all local audio devices which are managed by
PulseAudio as UPnP/DLNA MediaServer items which your UPnP/DLNA MediaRenderers
can now tune into. (Meaning: you can now stream audio from your PC directly to
your UPnP DMP (Digital Media Player) device, such as the PS3.) Communication
between Rygel and PulseAudio follows our little Media Server Spec on the
. This nicely complements the RAOP (Apple Airport) support we
introduced in PulseAudio 0.9.15. In one of the next versions of
PulseAudio/Rygel we hope to add support for PulseAudio becoming a MediaRenderer
as well. This will then not only allow you to stream from your PC to your
DMP device, but also allows PulseAudio to act as
“networked speaker”, which can be used by any UPnP/AV/DLNA control point, such
as Windows’ Media Player.

Hotplug Support Improved

If you select a particular device as the default for a specific application
or class of streams, then when unplugging the device PulseAudio moves the stream
automatically to another audio device if one exists. New in PulseAudio 0.9.16
is that if you replug the audio device the stream will instantly be moved back,
requiring no further user intervention.

Also, PulseAudio now includes some implicit rules for doing the ‘right
thing’ when finding an audio device for an application. For example, unless
configured otherwise it will now route telephony applications automatically to
Bluetooth headsets if one is connected, in favour of the internal sound card of
the computer.

Surround Sound Support for Event Sounds

This is more a new feature of libcanberra than
of PulseAudio, but nonetheless: we now support surround for events sounds.
This allows us to play full 5.1 login sounds for example, in best THX cinema
fashion. We’d love to ship a 5.1 sound for login by default in sound-theme-freedesktop.
We’d be very thankful if you would be willing to contribute a sound
here, or two! A sound a bit less bombastic than the famous cinema THX effect
would probably be a good idea though.

And then there’s of course the usual batch of fixes and small improvements.
A substantial number of non-user visible changes have been made as well. For
example, as HAL is now obsolete PulseAudio now moved to udev for its device
discovery needs. We replaced our gdbm support by support for tdb. Also,
we stripped all security senstive code from PulseAudio, and ported it to use
RealtimeKit instead.
For the upcoming distributions that means that PulseAudio will run as real-time
process by default, improving drop-out safety.

And for some extra PA eye-candy, have a look on Impulse!

PulseAudio FUD

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/jeffrey-stedfast.html

Jeffrey Stedfast

Jeffrey Stedfast seems to have made it his new hobby
In a series of very negative blog postings he flamed my software and hence me
in best NotZed-like fashion. Particularly interesting in this case is the
fact that he apologized to me privately on IRC for this behaviour shortly
after his first posting when he was critizised on #gnome-hackers
only to continue flaming and bashing in more blog posts shortly after. Flaming
is very much part of the Free Software community I guess. A lot of people do
it from time to time (including me). But maybe there are better places for
this than Planet Gnome. And maybe doing it for days is not particularly nice.
And maybe flaming sucks in the first place anyway.

Regardless what I think about Jeffrey and his behaviour on Planet Gnome,
let’s have a look on his trophies, the five “bugs” he posted:

  1. Not directly related to PulseAudio itself. Also, finding errors in code that is related to esd is not exactly the most difficult thing in the world.
  2. The same theme.
  3. Fixed 3 months ago. It is certainly not my fault that this isn’t available in Jeffrey’s distro.
  4. A real, valid bug report. Fixed in git a while back, but not available in any released version. May only be triggered under heavy load or with a bad high-latency scheduler.
  5. A valid bug, but not really in PulseAudio. Mostly caused because the ALSA API and PA API don’t really match 100%.

OK, Jeffrey found a real bug, but I wouldn’t say this is really enough to make all the fuss about. Or is it?

Why PulseAudio?

Jeffrey wrote something about ‘solution looking for a problem‘ when
speaking of PulseAudio. While that was certainly not a nice thing to say it
however tells me one thing: I apparently didn’t manage to communicate well
enough why I am doing PulseAudio in the first place. So, why am I doing it then?

  • There’s so much more a good audio system needs to provide than just the
    most basic mixing functionality. Per-application volumes, moving streams
    between devices during playback, positional event sounds (i.e. click on the
    left side of the screen, have the sound event come out through the left
    speakers), secure session-switching support, monitoring of sound playback
    levels, rescuing playback streams to other audio devices on hot unplug,
    automatic hotplug configuration, automatic up/downmixing stereo/surround,
    high-quality resampling, network transparency, sound effects, simultaneous
    output to multiple sound devices are all features PA provides right now, and
    what you don’t get without it. It also provides the infrastructure for
    upcoming features like volume-follows-focus, automatic attenuation of music on
    signal on VoIP stream, UPnP media renderer support, Apple RAOP support,
    mixing/volume adjustments with dynamic range compression, adaptive volume of
    event sounds based on the volume of music streams, jack sensing, switching
    between stereo/surround/spdif during runtime, …
  • And even for the most basic mixing functionality plain ALSA/dmix is not
    really everlasting happiness. Due to the way it works all clients are forced
    to use the same buffering metrics all the time, that means all clients are
    limited in their wakeup/latency settings. You will burn more CPU than
    necessary this way, keep the risk of drop-outs unnecessarily high and still
    not be able to make clients with low-latency requirements happy. ‘Glitch-Free’
    fixes all this. Quite frankly I believe that ‘glitch-free’
    PulseAudio is the single most important killer feature that should be enough
    to convince everyone why PulseAudio is the right thing to do. Maybe people
    actually don’t know that they want this. But they absolutely do, especially
    the embedded people — if used properly it is a must for power-saving during
    audio playback. It’s a pity that how awesome this feature is you cannot
    directly see from the user interface.[1]
  • PulseAudio provides compatibility with a lot of sound systems/APIs that bare ALSA
    or bare OSS don’t provide.
  • And last but not least, I love breaking Jeffrey’s audio. It’s just soo much fun, you really have to try it! 😉

If you want to know more about why I think that PulseAudio is an important part of the modern Linux desktop audio stack, please read my slides from FOSS.in 2007.


Many people (like Jeffrey) wonder why have software mixing at all if you
have hardware mixing? The thing is, hardware mixing is a thing of the past,
modern soundcards don’t do it anymore. Precisely for doing things like mixing
in software SIMD CPU extensions like SSE have been invented. Modern sound
cards these days are kind of “dumbed” down, high-quality DACs. They don’t do
mixing anymore, many modern chips don’t even do volume control anymore.
Remember the days where having a Wavetable chip was a killer feature of a
sound card? Those days are gone, today wavetable synthesizing is done almost
exlcusively in software — and that’s exactly what happened to hardware mixing
too. And it is good that way. In software mixing is is much easier to do
fancier stuff like DRC which will increase quality of mixing. And modern CPUs provide
all the necessary SIMD command sets to implement this efficiently.

Other people believe that JACK would be a better solution for the problem.
This is nonsense. JACK has been designed for a very different purpose. It is
optimized for low latency inter-application communication. It requires
floating point samples, it knows nothing about channel mappings, it depends on
every client to behave correctly. And so on, and so on. It is a sound server
for audio production. For desktop applications it is however not well suited.
For a desktop saving power is very important, one application misbehaving
shouldn’t have an effect on other application’s playback; converting from/to
FP all the time is not going to help battery life either. Please understand
that for the purpose of pro audio you can make completely different
compromises than you can do on the desktop. For example, while having
‘glitch-free’ is great for embedded and desktop use, it makes no sense at all
for pro audio, and would only have a drawback on performance. So, please stop
bringing up JACK again and again. It’s just not the right tool for desktop
audio, and this opinion is shared by the JACK developers themselves.

Jeffrey thinks that audio mixing is nothing for userspace. Which is
basically what OSS4 tries to do: mixing in kernel space. However, the future
of PCM audio is floating points. Mixing them in kernel space is problematic because (at least on Linux) FP in kernel space is a no-no.
Also, the kernel people made clear more than once that maths/decoding/encoding like this
should happen in userspace. Quite honestly, doing the mixing in kernel space
is probably one of the primary reasons why I think that OSS4 is a bad idea.
The fancier your mixing gets (i.e. including resampling, upmixing, downmixing,
DRC, …) the more difficulties you will have to move such a complex,
time-intensive code into the kernel.

Not everytime your audio breaks it is alone PulseAudio’s fault. For
example, the original flame of Jeffrey’s was about the low volume that he
experienced when running PA. This is mostly due to the suckish way we
initialize the default volumes of ALSA sound cards. Most distributions have
simple scripts that initialize ALSA sound card volumes to fixed values like
75% of the available range, without understanding what the range or the
controls actually mean. This is actually a very bad thing to do. Integrated
USB speakers for example tend export the full amplification range via the
mixer controls. 75% for them is incredibly loud. For other hardware (like
apparently Jeffrey’s) it is too low in volume. How to fix this has been
discussed on the ALSA mailing list, but no final solution has been presented
yet. Nonetheless, the fact that the volume was too low, is completely
unrelated to PulseAudio.

PulseAudio interfaces with lower-level technologies like ALSA on one hand,
and with high-level applications on the other hand. Those systems are not
perfect. Especially closed-source applications tend to do very evil things
with the audio APIs (Flash!) that are very hard to support on virtualized
sound systems such as PulseAudio [2]. However, things are getting better. My list of issues I found in
is getting shorter. Many applications have already been fixed.

The reflex “my audio is broken it must be PulseAudio’s fault” is certainly
easy to come up with, but it certainly is not always right.

Also note that — like many areas in Free Software — development of the
desktop audio stack on Linux is a bit understaffed. AFAIK there are only two
people working on ALSA full-time and only me working on PulseAudio and other
userspace audio infrastructure, assisted by a few others who supply code and patches
from time to time, some more and some less.

More Breakage to Come

I now tried to explain why the audio experience on systems with PulseAudio
might not be as good as some people hoped, but what about the future? To be
frank: the next version of PulseAudio (0.9.11) will break even more things.
The ‘glitch-free’ stuff mentioned above uses quite a few features of the
underlying ALSA infrastructure that apparently noone has been using before —
and which just don’t work properly yet on all drivers. And there are quite a
few drivers around, and I only have a very limited set of hardware to test
with. Already I know that the some of the most popular drivers (USB and HDA)
do not work entirely correctly with ‘glitch-free’.

So you ask why I plan to release this code knowing that it will break
things? Well, it works on some hardware/drivers properly, and for the others I
know work-arounds to get things to work. And 0.9.11 has been delayed for too
long already. Also I need testing from a bigger audience. And it is not so
much 0.9.11 that is buggy, it is the code it is based on. ‘Glitch-free’ PA
0.9.11 is going to part of Fedora 10. Fedora has always been more bleeding
edge than other other distributions. Picking 0.9.11 just like that for an
‘LTS’ release might however be a not a good idea.

So, please bear with me when I release 0.9.11. Snapshots have already
been available in Rawhide for a while, and hell didn’t freeze over.

The Distributions’ Role in the Game

Some distributions did a better job adopting PulseAudio than others. On the
good side I certainly have to list Mandriva, Debian[3], and
Fedora[4]. OTOH Ubuntu didn’t exactly do a stellar job. They didn’t
do their homework. Adopting PA in a distribution is a fair amount of work,
given that it interfaces with so many different things at so many different
places. The integration with other systems is crucial. The information was all
out there, communicated on the wiki, the mailing lists and on the PA IRC
channel. But if you join and hang around on neither, then you won’t get the
memo. To my surprise when Ubuntu adopted PulseAudio they moved into one of their
‘LTS’ releases rightaway [5]. Which I guess can be called gutsy —
on the background that I work for Red Hat and PulseAudio is not part of RHEL
at this time. I get a lot of flak from Ubuntu users, and I am pretty sure the
vast amount of it is undeserving and not my fault.

Why Jeffrey’s distro of choice (SUSE?) didn’t package pavucontrol 0.9.6
although it has been released months ago I don’t know. But there’s certainly no reason to whine about
that to me
and bash me for it.

Having said all this — it’s easy to point to other software’s faults or
other people’s failures. So, admitting this, PulseAudio is certainly not
bug-free, far from that. It’s a relatively complex piece of software
(threading, real-time, lock-free, sensitive to timing, …), and every
software has its bugs. In some workloads they might be easier to find than it
others. And I am working on fixing those which are found. I won’t forget any
bug report, but the order and priority I work on them is still mostly up to me
I guess, right? There’s still a lot of work to do in desktop audio, it will
take some time to get things completely right and complete.

Calls for “audio should just work ™” are often heard. But if you don’t
want to stick with a sound system that was state of the art in the 90’s for
all times, then I fear things *will have* to break from time to time. And
Jeffrey, I have no idea what you are actually hacking on. Some people
mentioned something with Evolution. If that’s true, then quite honestly,
“email should just work”, too, shouldn’t it? Evolution is not exactly
famous for it’s legendary bug-freeness and stability, or did I miss something?
Maybe you should be the one to start with making things “just work”, especially since
Evolution has been around for much longer already.

Back to Work

Now that I responded to Jeffrey’s FUD I think we all can go back to work
and end this flamefest! I wish people would actually try to understand
things before writing an insulting rant — without the slightest clue — but
with words like “clusterfuck”. I’d like to thank all the people who commented
on Jeffrey’s blog and basically already said what I wrote here

So, and now I am off hacking a bit on PulseAudio a bit more — or should
I say in Jeffrey’s words: on my clusterfuck that is an epic fail and that no desktop user needs?


[1] BTW ‘glitch-free’ is nothing I invented, other OS have been doing something
like this for quite a while (Vista, Mac OS). On Linux however, PulseAudio is
the first and only implementation (at least to my knowledge).

[2] In fact, Flash 9 can not be made fully working on PulseAudio.
This is because the way Flash destructs it’s driver backends is racy.
Unfixably racy, from external code. Jeffrey complained about Flash instability
in his second post. This is unfair to PulseAudio, because I cannot fix this.
This is like complaining that X crashes when you use binary-only

[3] To Debian’s standards at least. Since development of Debian is
very distributed the integration of such a system as PulseAudio is much more
difficult since in touches so many different packages in the system that are
kind of private property by a lot of different maintainers with different
views on things.

[4] I maintain the Fedora stuff myself, so I might be a bit biased on this one… 😉

[5] I guess Ubuntu sees that this was a bit too much too early, too.
At least that’s how I understood my invitation to UDS in Prague. Since that
summit I haven’t heard anything from them anymore, though.