Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. It uses BubbleWrap in the low level to do the actual sandboxing. In simple terms, you can think Flatpak as a as a very simple and easy way to use desktop applications in containers (sandboxing). Yes, containers, and, yes, it is for desktop applications in Linux. I was looking forward to use hexchat-otr in Fedora, but, it is not packaged in Fedora. That is what made me setup an AppVM for the same using flatpak.

I have installed the flatpak package in my Fedora 29 TemplateVM. I am going to use that to install Hexchat in an AppVM named irc.

Setting up the Flatpak and Hexchat

The first task is to add flathub as a remote for flatpak. This is a store where upstream developers package their application and publish.

flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

And then, I installed the Hexchat from the store. I also installed the version of the OTR plugin required.

$ flatpak install flathub io.github.Hexchat
<output snipped>

$ flatpak install flathub io.github.Hexchat.Plugin.OTR//18.08
Installing in system:
io.github.Hexchat.Plugin.OTR/x86_64/18.08 flathub 6aa12f19cc05
Is this ok [y/n]: y
Installing: io.github.Hexchat.Plugin.OTR/x86_64/18.08 from flathub
[####################] 10 metadata, 7 content objects fetched; 268 KiB transferr
Now at 6aa12f19cc05.

Making sure that the data is retained after reboot

All of the related files are now available under /var/lib/flatpak. But, as this is an AppVM, this will get destroyed when I will reboot. So, I had to make sure that I can keep those between reboots. We can use the Qubes bind-dirs for this in the TemplateVMs, but, as this is particular for this VM, I just chose to use simple shell commands in the /rw/config/rc.local file (make sure that the file is executable).

But, first, I moved the flatpak directory under /home.

sudo mv /var/lib/flatpak /home/

Then, I added the following 3 lines in the /rw/config/rc.local file.

# For flatpak
rm -rf /var/lib/flatpak
ln -s /rw/home/flatpak /var/lib/flatpak

This will make sure that the flatpak command will find the right files even after reboot.

Running the application is now as easy as the following command.

flatpak run io.github.Hexchat

Feel free to try out other applications published in Flathub, for example, Slack or the Mark Text

AWS recently announced their new fleet of A1 EC2 instances which is powered by ARM at AWS re:Invent.

Gladly, the Fedora Kernel Team (Laura Abbott, Justin Forbes and Jeremy Cline) and Peter Robinson had already everything in place. The only missing piece was to add the support to fedimg to create arm64 based AMIs.

With the release of fedimg==2.4.0 (thanks to Patrick),  the new AMIs were happily getting uploaded to AWS and with a slight delay, Fedora had the support for the arm64 along with the x86_64 AMIs.

Known issues?

One of the issues which I faced was the instance getting ready takes some time which is almost 5 minutes. But work is on the way to make the experience better.

Availability?

A1 instances are currently supported only in selected regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland).

Also not all the availability zones are supported, so while launching instances you might see this error:

An error occurred (Unsupported) when calling the RunInstances operation: Your requested instance type (a1.large) is not supported in your requested Availability Zone (us-west-2b). Please retry your request by not specifying an Availability Zone or choosing us-west-2c, us-west-2a.

which I found linked to the subnet's availability zone. So, you might need to change the subnet's availability zone to launch the instance.

For any more issues, drop in to #fedora-arm or #fedora-cloud IRC channel on Freenode.

Read the official announcement here.

I have been maintaining my blog. It is a self hosted Ghost blog, where I have my theme as Casper, the Ghost default. In the recent past, September 2018, Ghost has updated its version to 2.0. Now it is my time to update mine.

It is always advisable to test it before running it into production server. I maintain a stage instance for the same. I test any and all the changes there before touching the production server. I did the same thing here also.

I have exported Ghost data into a Json file. For the ease to read I have prettified the file. I removed the old database and started the container for the new Ghost. I reimported the data into the new Ghost using the json file.

I had another problem to solve, the theme. I used to have Casper as my theme. But the new look of it, is something I do not like for my blog, which is predominantly a text blog. I was unable to fix the same theme for the new Ghost. Therefore I chose to use Attila as my theme. I did some modifications, uploaded and enabled it for my blog. A huge gratitude to the Ghost community and the developers, it was a real smooth job.

For the last couple of months, the SecureDrop team is working on a new set of applications + system for the journalists, which are based on Qubes OS, and desktop application written particularly for Qubes. A major portion of the work is on the Qubes OS part, where we are setting up the right templateVMs and AppVMs on top of those templateVMs, setting up the qrexec services and right configuration to allow/deny services as required.

The other major work was to develop a proxy service (on top of Qubes qrexec service) which will allow our desktop application (written in PyQt) to talk to a SecureDrop server. This part finally gets into two different Debian packages.

1. The securedrop-proxy package: which contains only the proxy tool
2. The securedrop-client: which contains the Python SDK (to talk to the server using proxy) and desktop client tool

The way to build SecureDrop server packages

The legacy way of building SecureDrop server side has many steps and also installs wheels into the main Python site-packages. Which is something we plan to remove in future. While discussing about this during PyCon this year, Donald Stufft suggested to use dh-virtualenv. It allows to package a virtualenv for the application along with the actual application code into a Debian pacakge.

The new way of building Debian packages for the SecureDrop on Qubes OS

Creating requirements.txt file for the projects

We use pipenv for the development of the projects. pipenv lock -r can create a requirements.txt, but, it does not content any sha256sums. We also wanted to make sure that doing these steps become much easier. We have added a makefile target in our new packaging repo, which will first create the standard requirements.txt and then it will try to find the corresponding binary wheel sha256sums from a list of wheels+sha256sums, and before anything else, it verifies the list (signed with developers’ gpg keys).

PKG_DIR=~/code/securedrop-proxy make requirements

If it finds any missing wheels (say new dependency or updated package version), it informs the developer, the developer then can use another makefile target to build the new wheels, the new wheels+sources do get synced to our simple index hosted on s3. The hashes of the wheels+sources also get signed and committed into the repository. Then, the developer retries to create the requirements.txt for the project.

Building the package

We also have makefile targets to build the Debian package. It actually creates a directory structure (only in parts) like rpmbuild does in home directory, and then copies over the source tarball, untars, copies the debian directory from the packaging repository, and then reverifies each hashes in the project requirements file with the current signed (and also verified) list of hashes. If everything looks good, then it goes to build the final Debian package. This happens by the following environment variable exported in the above mention script.

DH_PIP_EXTRA_ARGS="--no-cache-dir --require-hashes"

Our debian/rules files make sure that we use our own packaging index for building the Debian package.

#!/usr/bin/make -f

%:
	dh $@ --with python-virtualenv --python /usr/bin/python3.5 --setuptools --index-url https://dev-bin.ops.securedrop.org/simple

For example, the following command will build the package securedrop-proxy version 0.0.1.

PKG_PATH=~/code/securedrop-proxy/dist/securedrop-proxy-0.0.1.tar.gz PKG_VERSION=0.0.1 make securedrop-proxy

The following image describes the whole process.

We would love to get your feedback and any suggestions to improve the whole process. Feel free to comment in this post, or by creating issues in the corresponding Github project.

23rd November 2018

The Fedora community of Bangalore assembled at the Red Hat Bangalore office. The event was scheduled to start at 1300, but the lunch at the office postponed the event by 45 mins.

Sumantro kicked off the event with a small introduction, following which Vipul gave a introduction of the open source with a short choco chip story.

Sumantro back on stage after that talking about the "What's coming next?", from discussing about GNOME/Pantheon, to Python 2 deprecation, to Ansible, to IoT, to Modularity.

Sinny talked and demoed the shiny new Fedora Silverblue.

Finally, the cupcakes were revealed and the event ended with a group photo.

Vipul sharing the choco chip story

Sumatro on the stage

Sinny demoing Fedora Silverblue

Cupcakes!

Cupcakes!

Sinny aka CoreOS, Silverblue, and KDE

The gathering

I am trying to work on my sys-admin skills for a some time now. I was already maintaining my own blog, I was pondering to learn
Ansible. DGPLUG was planning to create a new Qubes OS mirror. So I took the opportunity to learn Ansible and I set up a new server.

Qubes OS is the operating system built keeping security in mind. As they like to define it as, “reasonably secure operating system”. It being loved by security professionals, activities worldwide.

The mirror contains for both Debian and rpm packages as used by the Qubes Operating system. The mirror is fully operational and mentioned on the official list of Qubes OS.

The dumbest thing you can do is to think you're smart.

We often tend to think we know a lot of things. Things we read, hear or see on whatever source of information may be perceived as just true. However, I think that it is very important to question even the most trivial of best known things. The believe in knowledge does not just kill creativity but can also be dangerous.

I've studied Physics and there is one take-home message that I would like to share. People often hear that physicists have discovered this or that. In most cases this leads to the believe that we know how the world around us works and what it is made of. Actually we don't. The way Physics works is different: It won't tell you how things work or what they are made of, instead it will provide you with a set of tools, models, and theories, derived from observations and previous models and theories, that will often result in pretty good approximations, and predictions of what we're observing in the world around us. This is not better or worse than the truth would be, in fact it's a very pure and straight forward approach that allows us to go far beyond of what seems possible sometimes.

It would in fact be quite optimistic to think that we could understand truth, with the limitations of our nature. We perceive the world in three dimensions, are heavily dependent on language (could write a whole book on that) and have a limited set of senses - but what is worse: we're not even using them. We rely on science and studies instead, loosing more and more the ability to perceive and interpret (and believe in) the signals of our own body. You cannot convince someone that might call himself scientist who knows how thinks work of the efficacy of some compound when you just feel that it is good and right for you. Instead, the compound has to go through several stages of clinical trials, that try to measure safety, tolerability and efficacy in vitro, in animals, in humans. While I understand and appreciate this approach, I often feel like the available tools to assess these domains are not even close to be suitable for that task. As a result, a negative trial will let us know that there is no effect.

It's neither easy nor fun to discuss with someone who is fiercely convinced by something just read in an article. While it's a very good thing to read (or to gather information through other channels), that information should not just be taken for granted because it has been printed in a journal. To question that information at least every once in a while should be a habit.

Last Friday, I was sitting in one of the good coffee shops in Bangalore with my friend. Coffee and discussion is the best combination to release stress. It was looking like a perfect Friday evening until my friend was struck by an idea of asking me a question.

“Let me conduct a quiz.” he said, interrupting our conversation.

“A quiz? Quiz on what?”, I asked.

“On programming”, he said

“What is the level of difficulty then?” I said.

Asking the level of difficulty is important. I never invest my efforts in solving something easy. If he had said easy, I would have ignored to answer, but he said “It is a bit difficult, but not that difficult. I gave a wrong answer to this question in my last interview.”

There was no reason to go back from here. Taking some deep breaths I said, “Please go ahead.”

He stood up, took a tissue paper from a nearby counter and scratched below code on it. ¹ And he asked me by pointing towards that code, “What will be the output of this code?”

def my_function(): l = [0, 1, 2] print(l[30:]) my_function() 

Now it was my turn to give the answer. I looked at the code and tried parsing it in my head — line by line. In my mind, I observed the first line. It was defining a function which seems to be correct. I moved my eyes to the next line. It was defining a variable l of type list and assigning values ranging from 0 to 2. Even this wasn’t looking problematic. So I forwarded to the next line where it was trying to print that variable l by slicing it from starting value 30 to the infinity.

“Well, the start value is 30 which is greater than the length of the list. This should raise an IndexError” I said in my mind. I was about to speak an answer, but suddenly Devil of me flashed.

“It is less than a banana job my dear,” the Devil said to me, “You should take a little advantage of this opportunity my boy.”

Because things were looking in my control, I shook my hands with the Devil.

I said to my friend, “How about betting for some real values?”

Going closer I spoke, “If I answer correctly, You will pay the bill and If I am wrong, This will be a treat from my side.”

He thought for a while and nodded. Now it was my turn to unveil the cards.

I said in a strong voice, “It will raise an IndexError.” And shifted my focus towards the chocolate.

He starred my face for a second and spoke, “Okay. Are you sure about this?”.

This was the hint he gave. I should have taken another shot here. What happens next become a lesson for me.

I said with a flat face, “Yes I am.”

With my answer, he instantly opened his backpack, took his Laptop out and typed the code which he wrote on that tissue.

When I stopped hearing a sound of typing I yelled, “So did I win?”

He turned his laptop towards me and exclaimed, “Not at all!”

When I focused on the screen, the interpreter was printing []. Damn! I lost the bet. Why the hell slice is returning an empty list even when we are trying to slice it with a value which is greater than the length of it! It was surely looking unpythonic behavior. I paid whatever the bill amount was. Entire evening this question was all roaming my mind. After coming home, I decided to justify reasons for returning an empty list instead of raising an IndexError from a slice.

Below are a few reasons justifying such behavior of slice function. I am sharing this with you so that you don’t lose a bet with your friend :) For those who haven’t used slice anytime in their life, I advise to read this tutorial. Reading this guide for understanding how a slice function converts the input values. Especially rule number 3 and 4 referenced there.

• Reason number one:

  Python lists are more commonly used in iterations. Consider below example:

  numbers = [0, 1, 2, 3] for number in numbers[30:]: print(number) 

  If slice was raising an IndexError, then the above code would have to written like this

  written like like this

  numbers = [0, 1, 2, 3] try: for number in numbers[30:]: print(numbers) except IndexError: pass 

  Or in another way below is also looking reasonable

  numbers = [0, 1, 2, 3] start = 30 if start < len(numbers): for number in numbers[start:]: print(number) 

  Both the approaches are looking little lengthy by an obvious reason. And that reason is to prevent executing loop if there are no elements in it. When we observe the behavior of slice called at for in, it makes sense to return an empty list instead of raising an IndexError.

I am not able to find further reasons to return an empty list instead of raising the IndexError. But I am sure, there will be. If you know any other potential reasons for such behavior of slice, please drop me a mail at jaysinhp at gmail dot com or contact me over Twitter @jaysinhp. I will update the reasons at this post and give credits to you. Thanks for reading this post.

Proofreaders: Geoffrey Sneddon, Elijah, Mahendra Yadav, Dhavan Vaidya,

This is not a technical post; this is something that I have been going through, in life right now. A few months ago, when I left my first job (another time, another post ), I had a plan. I wanted to take few months off and work on my technical knowledge and write amazing software and get a lot of learning out of my little sabbatical.

But I was not able to do that for a few reasons, primo being I had to move homes in Bangalore because my brother got transferred, so the savings that I had set aside wouldn’t be enough. This was not the end. When it rains, it pours apparently. My dad got super sick, he had a growth near his kidney which the doctors diagnosed as cancer. I got really scared with the situation I was going through. The thing about your parents is that no matter how much you fight with them or how much they “control” you; at the end of the day the thought of losing them can scare the hell out of you. For me, they are my biggest support system so I was not scared, I was terrified.

I gave it a really deep thought and took a call. I needed to find a job. The sabbatical could wait. I started applying to companies and talking to people if they needed extra hand at work. One piece of advice – never leave a job unless you have another in hand. Luckily, I had my small pot of gold, savings, so even in this phase I was sustaining myself. Yes, savings are real and you should have a sufficient amount at any given point of your life. This helps you to take the hard decisions and also to think independently (what Jason calls F*ck you money).

It still feels like a nightmare to me. I use to feel that I will wake up and it will all be over. Reality check; it wasn’t a dream so I have to live with it and make efforts to overcome this situation.

Taking up a job for me was important for two reasons,

1. I have to sustain myself
2. I need to have a back up in case my dad needs something (I also have super amazing siblings who were doing the same)

I realised one thing about prayer and God; yes, I believe in God, and I don’t know if prayer works but you definitely get the strength to face your problems and the unknown. I use to call my dad regularly asking how he was doing and some days he could not speak all that much and he use to talk in his weak tone. I use to cry. I was in so much pain although it was not physical or visible. And then, I would cry again.

But tough times teach you a lot, it shows you real friends, it shows you the people you care for and as Calvin’s dad would have said, “It build character!”. I have been through bad times before and the thing about time is , “It changes!”. I knew someday this bad time I am going through will change. Either the agony I am going through will reduce or I will get used to it.

So as I was giving interviews within a month of me moving on from my old job, I was offered one at Clootrack. I like the people who interviewed me and I like that ideas they have been working on. But I have seen people change and I have gone through a bad experiences and at no point of time did I want to repeat past mistakes, so I did a thorough background check before I said yes to them. I got a really good response so here I am working with them.

The accommodation problem that I had was my brother was shifting out of his quarters  and I used to live with him. Well, I helped him pack and I still remember the time when I was bidding farewell to him and my sister-in-law. I had tears in my eyes and after my goodbyes, the moment I stepped in the house I could feel the emptiness and I cried the whole night.  I  could stay at the old place for a week, not more. At this point I can’t thank Abhinav enough that he came as  a support I needed. He graciously let me live with him as long as  I wanted to. Apparently he needed help, paying his bills :P.  This bugger would never accept the fact, he helped me. When dad’s condition was getting bad he gave me really solid moral support. I had also shared my situation with Jason, Abraar, Kushal and Sayan. I received a good amount of moral support from each one of them, specially Jason. I use to tell him everything and he would just calm me down and talk me through it.

So when I shifted to Abhinav’s place all I had was 6 bags and a carton. My whole life was 6 bags and a carton. My office was a 2 hour bus ride one way and another 2 hours to come back. But I didn’t have any problems with this arrangement because this was the least of my problems. I literally use to live out of my bags and I wasn’t sure this arrangement would last long. I had some really amazing moments with Abhinav, I enjoyed our ups and downs and those little fights and leg pulling.

Well, my dad is still not in the best of his health, but he is doing better now. I visit my family more frequently now and yes call them regularly with a miss. I realised the value of health after seeing my dad. I went home after a month of joining Clootrack and stayed with him for a whole month and worked remotely, we visited few doctors and they said he is doing better. After coming back I realised I was not getting any time for myself so I shifted to a NestAway near my office. Although I feel I’ve gotten used to the agony, you never know what life has in store for you next.
It feels much better now, though.

I thank God for giving me strength and my friends and family for supporting me in a lot of different ways.

With Courage in my Heart,
And Faith over Head

This year’s Akademy, the annual world summit of KDE, was held in the beautiful city of Vienna, Austria, from 11th to 17th August, 2018. The 7-day event was divided in two parts, with the first 2 days being mostly keynote addresses and different talks by KDE contributors, followed by 5 more days BoFs, and workshops. Just like every other KDE event, this one was also as awesome as it could get.

Welcome party
The evening before the day the conference was scheduled to start, there was a nice welcome party with loads of food and drinks, where I got to catch up with most of the fellow KDE contributors who I hadn’t met for quite some time, and also got to see a lot of new faces as well, talking to whom felt like a breath of fresh air. Overall, it was a warm welcome, and raised everyone’s spirits to get ready for Akademy for the next day.

Conference Day 1
Day 1 was opened by Lydia, our beloved President of KDE. Dan Bielefeld gave the keynote speech, where it was interesting to learn about how free software helps in tackling human rights issues in North Korea. Numerous insightful talks followed it throughout the day. Bhushan’s update on Plasma on mobile devices was interesting, along with David Faure’s talk on how to run KDE softwares without installing them.

Conference Day 2
Day 2 began with the keynote by Claudia Garad where she spoke on how KDE could learn from how Wikimedia faces its hurdles. Aditya Mehra spoke on the visionary Mycroft AI on Plasma. Bhavisha spoke about her contributions to OpenQA. Andreas’ talk on building Automotive ECUs with Yocto was absolutely inspiring. In the Akademy awards, it was great to see deserving individuals being recognised for their amazing contributions.

Social Event
At the end of day 2 of conference, we headed off and met at the nearby Cafe Derwisch – Partycellar to party. Even though there was a looong wait in a queue, it was worth the wait. With loads of food and drinks, and a dance floor, it was the perfect recipe for having fun and socialising. And boy did we make legit use of the dance floor. The party was quite eventful and went way late into the night. It was an evening to remember.

BoFs and Trainings

• In the KDE-India BoF, we discussed the journey of India in KDE so far, the obstacles we faced previously, the best steps we can take for the next conf.kde.in event, among other topics.
  
• The Mycroft BoF taught us how to use the AI, how to add new skills, its progress with Plasma mobile, and the obstacles it faces regarding communicating with 3rd party apps.
• The BoF on the VVAVE Project was particularly interesting to me as it was centred around a music-player app that is similar to the line of software I work on in my current company. We discussed a number of issues, including how to prioritise between online-streaming and playing local files, and how to overcome the technical challenges.
• The training on documentation provided tips and tricks on writing short, informative and comprehensible documents, followed by a hands-on assignment. This was very helpful.

Also, this year is the first time I was able to be a part of the Annual General Meeting, and it was an interesting experience especially for being able to influence the decisions made inside KDE in such a direct and important way.

At the end of the final day, I (among others) got to draw (read scribble) a colorful message about the principles of KDE on a piece of paper, thanks to Lydia. I’m eagerly waiting to see it uploaded somewhere soon!

Hikes, trips and picnics
There was a short walking trip organized on Tuesday evening, August 14, where we walked around interesting parts of the city, with magnificent monuments, churches, libraries, museums, palaces, and sculptures flooded all around. The guide was kind enough to explain the historical significance of each building. Clearly a treat for the eyes and knowledgeable as well. The following day, August 15, we went to Kahlenberg, where we enjoyed the amazing view of the beautiful city of Vienna from above. We also went to the top of one of the towers to take a look at it from even higher. On the final evening of the conference, August 17, we went to have a short picnic somewhere overlooking the Danube river. That was fun as well. Or rather sad, as that was the final day of the conference. My phone is filled with amazing pictures, thanks to all these fun initiatives.

Thank you, KDE, for letting me be a part of this amazing event. Keep rocking!