Security updates have been issued by Arch Linux (lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS (firefox), Debian (imagemagick), Fedora (exiv2, LibRaw, and love), Gentoo (chromium), Mageia (kernel, librelp, and miniupnpc), openSUSE (curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat (Red Hat OpenStack Platform director), and Ubuntu (firefox).
Security updates have been issued by Debian (django-anymail, libtasn1-6, and postgresql-9.1), Fedora (w3m), Mageia (389-ds-base, gcc, libtasn1, and p7zip), openSUSE (flatpak, ImageMagick, libjpeg-turbo, libsndfile, mariadb, plasma5-workspace, pound, and spice-vdagent), Oracle (kernel), Red Hat (flash-plugin), SUSE (docker, docker-runc, containerd, golang-github-docker-libnetwork and kernel), and Ubuntu (libvirt, miniupnpc, and QEMU).
Security updates have been issued by Arch Linux (linux-hardened, linux-lts, linux-zen, and mongodb), Debian (gdk-pixbuf, gifsicle, graphicsmagick, kernel, and poppler), Fedora (dracut, electron-cash, and firefox), Gentoo (backintime, binutils, chromium, emacs, libXcursor, miniupnpc, openssh, optipng, and webkit-gtk), Mageia (kernel, kernel-linus, kernel-tmb, openafs, and python-mistune), openSUSE (clamav-database, ImageMagick, kernel-firmware, nodejs4, and qemu), Red Hat (linux-firmware, ovirt-guest-agent-docker, qemu-kvm-rhev, redhat-virtualization-host, rhev-hypervisor7, rhvm-appliance, thunderbird, and vdsm), Scientific Linux (thunderbird), SUSE (kernel and qemu), and Ubuntu (firefox and poppler).
Post Syndicated from Deepak Suryanarayanan original https://aws.amazon.com/blogs/compute/delivering-graphics-apps-with-amazon-appstream-2-0/
Sahil Bahri, Sr. Product Manager, Amazon AppStream 2.0
Do you need to provide a workstation class experience for users who run graphics apps? With Amazon AppStream 2.0, you can stream graphics apps from AWS to a web browser running on any supported device. AppStream 2.0 offers a choice of GPU instance types. The range includes the newly launched Graphics Design instance, which allows you to offer a fast, fluid user experience at a fraction of the cost of using a graphics workstation, without upfront investments or long-term commitments.
In this post, I discuss the Graphics Design instance type in detail, and how you can use it to deliver a graphics application such as Siemens NX―a popular CAD/CAM application that we have been testing on AppStream 2.0 with engineers from Siemens PLM.
Graphics Instance Types on AppStream 2.0
First, a quick recap on the GPU instance types available with AppStream 2.0. In July, 2017, we launched graphics support for AppStream 2.0 with two new instance types that Jeff Barr discussed on the AWS Blog:
- Graphics Desktop
- Graphics Pro
Many customers in industries such as engineering, media, entertainment, and oil and gas are using these instances to deliver high-performance graphics applications to their users. These instance types are based on dedicated NVIDIA GPUs and can run the most demanding graphics applications, including those that rely on CUDA graphics API libraries.
Last week, we added a new lower-cost instance type: Graphics Design. This instance type is a great fit for engineers, 3D modelers, and designers who use graphics applications that rely on the hardware acceleration of DirectX, OpenGL, or OpenCL APIs, such as Siemens NX, Autodesk AutoCAD, or Adobe Photoshop. The Graphics Design instance is based on AMD’s FirePro S7150x2 Server GPUs and equipped with AMD Multiuser GPU technology. The instance type uses virtualized GPUs to achieve lower costs, and is available in four instance sizes to scale and match the requirements of your applications.
|Instance||vCPUs||Instance RAM (GiB)||GPU Memory (GiB)|
The following table compares all three graphics instance types on AppStream 2.0, along with example applications you could use with each.
|Graphics Design||Graphics Desktop||Graphics Pro|
|Number of instance sizes||4||1||3|
|GPU memory range||1–8 GiB||4 GiB||8–32 GiB|
|Memory range||7.5–61 GiB||15 GiB||122–488 GiB|
|Graphics libraries supported||AMD FirePro S7150x2||NVIDIA GRID K520||NVIDIA Tesla M60|
|Price range (N. Virginia AWS Region)||$0.25 – $2.00/hour||$0.5/hour||$2.05 – $8.20/hour|
|Example applications||Adobe Premiere Pro, AutoDesk Revit, Siemens NX||AVEVA E3D, SOLIDWORKS||AutoDesk Maya, Landmark DecisionSpace, Schlumberger Petrel|
Example graphics instance set up with Siemens NX
In the section, I walk through setting up Siemens NX with Graphics Design instances on AppStream 2.0. After set up is complete, users can able to access NX from within their browser and also access their design files from a file share. You can also use these steps to set up and test your own graphics applications on AppStream 2.0. Here’s the workflow:
- Create a file share to load and save design files.
- Create an AppStream 2.0 image with Siemens NX installed.
- Create an AppStream 2.0 fleet and stack.
- Invite users to access Siemens NX through a browser.
- Validate the setup.
To learn more about AppStream 2.0 concepts and set up, see the previous post Scaling Your Desktop Application Streams with Amazon AppStream 2.0. For a deeper review of all the setup and maintenance steps, see Amazon AppStream 2.0 Developer Guide.
Step 1: Create a file share to load and save design files
To launch and configure the file server
- Open the EC2 console and choose Launch Instance.
- Scroll to the Microsoft Windows Server 2016 Base Image and choose Select.
- Choose an instance type and size for your file server (I chose the general purpose m4.large instance). Choose Next: Configure Instance Details.
- Select a VPC and subnet. You launch AppStream 2.0 resources in the same VPC. Choose Next: Add Storage.
- If necessary, adjust the size of your EBS volume. Choose Review and Launch, Launch.
- On the Instances page, give your file server a name, such as My File Server.
- Ensure that the security group associated with the file server instance allows for incoming traffic from the security group that you select for your AppStream 2.0 fleets or image builders. You can use the default security group and select the same group while creating the image builder and fleet in later steps.
Log in to the file server using a remote access client such as Microsoft Remote Desktop. For more information about connecting to an EC2 Windows instance, see Connect to Your Windows Instance.
To enable file sharing
- Create a new folder (such as C:\My Graphics Files) and upload the shared files to make available to your users.
- From the Windows control panel, enable network discovery.
- Choose Server Manager, File and Storage Services, Volumes.
- Scroll to Shares and choose Start the Add Roles and Features Wizard. Go through the wizard to install the File Server and Share role.
- From the left navigation menu, choose Shares.
- Choose Start the New Share Wizard to set up your folder as a file share.
- Open the context (right-click) menu on the share and choose Properties, Permissions, Customize Permissions.
- Choose Permissions, Add. Add Read and Execute permissions for everyone on the network.
Step 2: Create an AppStream 2.0 image with Siemens NX installed
To connect to the image builder and install applications
- Open the AppStream 2.0 management console and choose Images, Image Builder, Launch Image Builder.
- Create a graphics design image builder in the same VPC as your file server.
- From the Image builder tab, select your image builder and choose Connect. This opens a new browser tab and display a desktop to log in to.
- Log in to your image builder as ImageBuilderAdmin.
- Launch the Image Assistant.
- Download and install Siemens NX and other applications on the image builder. I added Blender and Firefox, but you could replace these with your own applications.
- To verify the user experience, you can test the application performance on the instance.
Before you finish creating the image, you must mount the file share by enabling a few Microsoft Windows services.
To mount the file share
- Open services.msc and check the following services:
- DNS Client
- Function Discovery Resource Publication
- SSDP Discovery
- UPnP Device H
- If any of the preceding services have Startup Type set to Manual, open the context (right-click) menu on the service and choose Start. Otherwise, open the context (right-click) menu on the service and choose Properties. For Startup Type, choose Manual, Apply. To start the service, choose Start.
- From the Windows control panel, enable network discovery.
- Create a batch script that mounts a file share from the storage server set up earlier. The file share is mounted automatically when a user connects to the AppStream 2.0 environment.
Logon Script Location: C:\Users\Public\logon.bat
net use H: \\path\to\network\share
PING localhost -n 30 >NUL
IF NOT EXIST H:\ GOTO loop
- Open gpedit.msc and choose User Configuration, Windows Settings, Scripts. Set logon.bat as the user logon script.
- Next, create a batch script that makes the mounted drive visible to the user.
Logon Script Location: C:\Users\Public\startup.bat
REG DELETE “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer” /v “NoDrives” /f
- Open Task Scheduler and choose Create Task.
- Choose General, provide a task name, and then choose Change User or Group.
- For Enter the object name to select, enter SYSTEM and choose Check Names, OK.
- Choose Triggers, New. For Begin the task, choose At startup. Under Advanced Settings, change Delay task for to 5 minutes. Choose OK.
- Choose Actions, New. Under Settings, for Program/script, enter C:\Users\Public\startup.bat. Choose OK.
- Choose Conditions. Under Power, clear the Start the task only if the computer is on AC power Choose OK.
- To view your scheduled task, choose Task Scheduler Library. Close Task Scheduler when you are done.
Step 3: Create an AppStream 2.0 fleet and stack
To create a fleet and stack
- In the AppStream 2.0 management console, choose Fleets, Create Fleet.
- Give the fleet a name, such as Graphics-Demo-Fleet, that uses the newly created image and the same VPC as your file server.
- Choose Stacks, Create Stack. Give the stack a name, such as Graphics-Demo-Stack.
- After the stack is created, select it and choose Actions, Associate Fleet. Associate the stack with the fleet you created in step 1.
Step 4: Invite users to access Siemens NX through a browser
To invite users
- Choose User Pools, Create User to create users.
- Enter a name and email address for each user.
- Select the users just created, and choose Actions, Assign Stack to provide access to the stack created in step 2. You can also provide access using SAML 2.0 and connect to your Active Directory if necessary. For more information, see the Enabling Identity Federation with AD FS 3.0 and Amazon AppStream 2.0 post.
Your user receives an email invitation to set up an account and use a web portal to access the applications that you have included in your stack.
Step 5: Validate the setup
Time for a test drive with Siemens NX on AppStream 2.0!
- Open the link for the AppStream 2.0 web portal shared through the email invitation. The web portal opens in your default browser. You must sign in with the temporary password and set a new password. After that, you get taken to your app catalog.
- Launch Siemens NX and interact with it using the demo files available in the shared storage folder – My Graphics Files.
After I launched NX, I captured the screenshot below. The Siemens PLM team also recorded a video with NX running on AppStream 2.0.
In this post, I discussed the GPU instances available for delivering rich graphics applications to users in a web browser. While I demonstrated a simple setup, you can scale this out to launch a production environment with users signing in using Active Directory credentials, accessing persistent storage with Amazon S3, and using other commonly requested features reviewed in the Amazon AppStream 2.0 Launch Recap – Domain Join, Simple Network Setup, and Lots More post.
To learn more about AppStream 2.0 and capabilities added this year, see Amazon AppStream 2.0 Resources.
Security updates have been issued by Debian (augeas, connman, fontforge, freeradius, git, mariadb-10.1, openjdk-7, php5, qemu, qemu-kvm, and tenshi), Fedora (augeas, libsndfile, thunderbird, and xen), Gentoo (AutoTrace and jbig2dec), Mageia (dbus, flash-player-plugin, groovy, groovy18, heimdal, kernel-linus, kmail(kdepimlibs4), libice, libmodplug, miniupnpc, and postgresql9.3/4/6), openSUSE (freeradius-server, gnome-shell, ImageMagick, and openvswitch), and SUSE (java-1_8_0-ibm, libzypp, and postgresql94).
Security updates have been issued by Arch Linux (gajim and libusbmuxd), Debian (perl), Fedora (chromium, chromium-native_client, dropbear, squirrelmail, sudo, and wget), Mageia (git, menu-cache, and pcmanfm), and openSUSE (libupnp).
Security updates have been issued by Arch Linux (postgresql, postgresql-libs, samba, and sudo), Debian (gajim, libpodofo, openldap, pngquant, qemu-kvm, sudo, and tiff), Fedora (lxterminal, menu-cache, and pcmanfm), Gentoo (sudo), openSUSE (libraw, miniupnpc, and sudo), Oracle (kernel, nss, and sudo), Red Hat (kernel and sudo), Scientific Linux (kernel and sudo), Slackware (sudo), SUSE (java-1_6_0-ibm, java-1_8_0-openjdk, openstack-components, and sudo), and Ubuntu (sudo).
Security updates have been issued by CentOS (libtirpc and rpcbind), Debian (libtasn1-3, libtasn1-6, and samba), Fedora (FlightGear, openvpn, and python-fedora), openSUSE (libtirpc and libxslt), Oracle (libtirpc and rpcbind), Red Hat (samba, samba3x, and samba4), Scientific Linux (samba and samba4), SUSE (java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm, samba, and tomcat), and Ubuntu (jbig2dec, miniupnpc, rtmpdump, and samba).
Security updates have been issued by Arch Linux (lynis), CentOS (kdelibs, libtirpc, rpcbind, and samba), Debian (miniupnpc), Fedora (chromium, chromium-native_client, and kernel), Oracle (kdelibs and samba), Red Hat (libtirpc and rpcbind), and Scientific Linux (kdelibs, libtirpc, rpcbind, and samba).
Security updates have been issued by Debian (ejabberd, jhead, and samba), Fedora (chromium, drupal8, empathy, erlang, firefox, icoutils, kernel, knot-resolver, libICE, libupnp, libXdmcp, links, mbedtls, moodle, mupdf, ntp, openslp, R, rkward, rpy, sane-backends, sscg, tcpreplay, thunderbird, and webkitgtk4), Mageia (kernel, kernel-linus, and kernel-tmb), openSUSE (apache2, Chromium, kernel, and virglrenderer), Oracle (kernel), and Slackware (samba).
Security updates have been issued by Arch Linux (linux-grsec and linux-lts), Debian (icoutils, imagemagick, and roundcube), Fedora (freetype, libupnp, libwmf, thunderbird, tor, and w3m), Red Hat (chromium-browser and thunderbird), Scientific Linux (thunderbird), and Ubuntu (icoutils, icu, libevent, pidgin, pillow, and python-imaging).
Security updates have been issued by Arch Linux (chromium, firefox, libxslt, and thunderbird), Debian (firefox-esr, icoutils, and pidgin), Fedora (firefox, freetype, GraphicsMagick, kdelibs, kdelibs3, kernel, libupnp, munin, php-pear-PHP-CodeSniffer, thunderbird, and wireshark), Mageia (flac, flash-player-plugin, potrace, and wireshark), openSUSE (bitlbee, cacti, kdelibs4, kio, lynx, openssh, pax-utils, perl-Image-Info, Wireshark, and xen), and SUSE (qemu).
Fedora has updated docker-latest
(F24: privilege escalation), ed (F25:
denial of service), groovy (F25: code
execution), libnl3 (F25; F24: privilege escalation), opus (F25; F24: code
execution), qemu (F25: multiple
vulnerabilities), squid (F25: two
vulnerabilities), and webkitgtk4 (F25; F24:
Gentoo has updated DBD-mysql
(multiple vulnerabilities), dcraw (denial
of service from 2015), DirectFB (two
vulnerabilities from 2014), libupnp (two
vulnerabilities), lua (code execution from
2014), ppp (denial of service from 2015),
qemu (multiple vulnerabilities), quagga (two vulnerabilities), and zlib (multiple vulnerabilities).
Mageia has updated libpng, libpng12 (NULL dereference bug).
Debian-LTS has updated pdns-recursor (code execution).
Gentoo has updated file (multiple vulnerabilities), libxml2 (multiple vulnerabilities), miniupnpc (denial of service), pidgin (multiple vulnerabilities), vlc (code execution), and xdelta (code execution).
openSUSE has updated ark (42.2, 42.1; SPH for SLE12: code execution), encfs (42.2, 42.1, 13.2: code execution from
2014), gstreamer-0_10-plugins-bad (13.2:
code execution), gstreamer-0_10-plugins-base (13.2: code
(13.2: multiple vulnerabilities), gstreamer-plugins-bad (42.1; 13.2:
three vulnerabilities), gstreamer-plugins-base (42.1; 13.2:
code execution), gstreamer-plugins-good (42.1; 13.2:
multiple vulnerabilities), icinga (14.2,
14.1: two vulnerabilities), icoutils (42.2; 42.1; 13.2: multiple vulnerabilities), openjpeg2 (42.2: multiple vulnerabilities), pcsc-lite (42.2, 42.1, 13.2: privilege
escalation), and python-pycrypto (14.2,
14.1, 13.2: denial of service).
Red Hat has updated kernel
(RHEL6.5: code execution).
Arch Linux has updated lib32-curl
(two vulnerabilities), lib32-libcurl-compat (two vulnerabilities), lib32-libcurl-gnutls (two vulnerabilities), libcurl-compat (two vulnerabilities), libcurl-gnutls (two vulnerabilities), and pcsclite (privilege escalation).
Debian has updated libphp-phpmailer (regression in previous update).
Gentoo has updated firefox (multiple vulnerabilities).
Arch Linux has updated qt5-webengine (multiple vulnerabilities).
Debian-LTS has updated game-music-emu (multiple vulnerabilities), icedove (multiple vulnerabilities), libupnp (code execution), libupnp4 (code execution), most (command execution), nagios3 (two vulnerabilities), php5 (multiple vulnerabilities), tomcat6 (privilege escalation), tomcat6 (regression in previous update), and tomcat7 (privilege escalation).
Fedora has updated firefox (F23:
denial of service), gd (F24: three
vulnerabilities), golang (F23: denial of
service), kernel (F25; F24: out of bounds stack read), perl-DBD-MySQL (F23: two vulnerabilities),
unzip (F25; F24: buffer overflows), and xen (F23: multiple vulnerabilities).
Ubuntu has updated apt (16.10:
regression in previous update).
Debian has updated libupnp (two vulnerabilities).
Fedora has updated chromium (F25; F24: multiple vulnerabilities),
firefox (F25; F24: denial of service), gstreamer-plugins-bad-free (F24: code
execution), gstreamer-plugins-good (F24:
multiple vulnerabilities), and libgsf (F24: denial of service).
Debian-LTS has updated libupnp
(arbitrary file overwrite).
Ubuntu has updated fontconfig
(16.04, 14.04, 12.04: privilege escalation).
Mageia has updated ruby-eventmachine (denial of service).
openSUSE has updated bsdiff
(Leap42.1, 13.2: denial of service), Chromium (Leap42.1, 13.2; SPH for SLE12: multiple
vulnerabilities), java-1_8_0-openjdk (13.2:
multiple vulnerabilities), libvirt
(Leap42.1: authentication bypass), redis (Leap42.1, 13.2; SPH for SLE12: information leak),
and wireshark (Leap42.1, 13.2: multiple vulnerabilities).
Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/oh-nine-sixteen.html
As a followup to Oh Nine
Fifteen here’s a little overview of the changes coming with PulseAudio 0.9.16 which will be part of
Fedora 12 (already in Rawhide; I think Ubuntu Karmic (?) will have it
A New Mixer Logic
We now try to control more than just a single ALSA mixer element for volume
control. This increases the hardware volume range and granularity exposed and
should also help minimizing problems by incomplete or incorrect default mixer
initialization on the lower levels.
This also adds support for allowing selection of input/output ports for
sound cards. This is used to expose changing between Mic vs. Line-In for input
source selection and Headphones vs. Speaker for output selection (of course the
list of available port is strictly dependant on what you hardware supports).
The list of available ports is deliberately kept minimal.
Thanks to Bastien the newest GNOME Volume Control now exposes profile/port
switching quite nicely, which he
blogged about. This
screenshot shows how the port (here called ‘Connector’) can be selected
in the new dialog.
The mixer rework also allows us to handle semi-pro/pro sound cards a bit
more flexibly. For example, which profiles/ports are exposed in PulseAudio or
how specific mixer elements are handled can now be controlled by editing .ini
file like configuration files in /usr/share/pulseaudio/alsa-mixer/.
this mail for more information about this.
UPnP MediaServer Support
PulseAudio now integrates with Zeeshan’s fabulous Rygel UPnP/DLNA MediaServer. If enabled
Rygel will automatically expose all local audio devices which are managed by
PulseAudio as UPnP/DLNA MediaServer items which your UPnP/DLNA MediaRenderers
can now tune into. (Meaning: you can now stream audio from your PC directly to
your UPnP DMP (Digital Media Player) device, such as the PS3.) Communication
between Rygel and PulseAudio follows our little Media Server Spec on the
GNOME Wiki. This nicely complements the RAOP (Apple Airport) support we
introduced in PulseAudio 0.9.15. In one of the next versions of
PulseAudio/Rygel we hope to add support for PulseAudio becoming a MediaRenderer
as well. This will then not only allow you to stream from your PC to your
DMP device, but also allows PulseAudio to act as
“networked speaker”, which can be used by any UPnP/AV/DLNA control point, such
as Windows’ Media Player.
Hotplug Support Improved
If you select a particular device as the default for a specific application
or class of streams, then when unplugging the device PulseAudio moves the stream
automatically to another audio device if one exists. New in PulseAudio 0.9.16
is that if you replug the audio device the stream will instantly be moved back,
requiring no further user intervention.
Also, PulseAudio now includes some implicit rules for doing the ‘right
thing’ when finding an audio device for an application. For example, unless
configured otherwise it will now route telephony applications automatically to
Bluetooth headsets if one is connected, in favour of the internal sound card of
Surround Sound Support for Event Sounds
This is more a new feature of libcanberra than
of PulseAudio, but nonetheless: we now support surround for events sounds.
This allows us to play full 5.1 login sounds for example, in best THX cinema
fashion. We’d love to ship a 5.1 sound for login by default in sound-theme-freedesktop.
We’d be very thankful if you would be willing to contribute a sound
here, or two! A sound a bit less bombastic than the famous cinema THX effect
would probably be a good idea though.
And then there’s of course the usual batch of fixes and small improvements.
A substantial number of non-user visible changes have been made as well. For
example, as HAL is now obsolete PulseAudio now moved to udev for its device
discovery needs. We replaced our gdbm support by support for tdb. Also,
we stripped all security senstive code from PulseAudio, and ported it to use
For the upcoming distributions that means that PulseAudio will run as real-time
process by default, improving drop-out safety.
And for some extra PA eye-candy, have a look on Impulse!