Bored chicken with last year's distro

They started the upgrade by reading the CD sleeve carefully

Clarabelle reads the fine manual

and then installed the new Kubuntu 11.04 on a piece of string in the run so they can peck at it and check their feathers in the mirror.

Installing Kubuntu 11.04

After the upgrade I took their old Kubuntu 10.10 CD and gave it a bit of a wash, when it stopped smelling too much I put it in my laptop and booted it, there was a bit of a crack on the outside edge and it didn’t fully boot, but it got to the bootloader and did about 15 seconds of productive loading before it failed. Check back in 6 months to find out how the Kubuntu 11.04 CD boots.

So now we need to decide how best to use the remaining 49 Kubuntu CDs, 50 Ubuntu Server CDs and 250 Ubuntu CDs. Preferably in a slightly less frivolous way than entertaining livestock.

Now that shipit has stopped doing individual CD requests we are going to reserve some for people on dialup who want CDs. The procedure for this is as follows.

• Email me, alanbell at ubuntu.com with a clear subject line saying you would like a CD.
• I will then respond with my snail mail address.
• You send me a stamped self addressed envelope big enough to hold a CD.
• I put CD in envelope and send it back to you.

So this is mildly inconvenient, and costs you more than free, but only about a quid, in postage. If you are on dialup (or an obsessive Ubuntu CD collector) this is still well worth doing, those on broadband have probably already got the .iso and burned it already.

Another batch will go to people distributing recycled PCs pre-installed with Ubuntu like Remploy I want these PCs to go out with an official CD in the pack, and some information about the LoCo team for the end user. Any company or charity involved with recycling PCs for distribution in the UK through the RaceOnline initiative or anything else is welcome to contact me to arrange CDs and help with doing an OEM build image for cloning (so on first boot it asks the user their name). These kind of organisations are not going to engage Canonical services, they just don’t have the margins, working constructively with them is certainly something we can do as a community team.

The rest will go to events and conferences where we have a presence, which means we need to have a presence at some events. I would really like the team to run a few bring-a-box installfests at university computing societies. If you want to help organise one that would be great, I am happy to support it with CDs and help get some people along to help.

If you have further ideas on how to use the CDs then do comment here, on the Ubuntu-UK mailing list or at the next team meeting on IRC.

This year we have a new plan, the Gobby server is still available as a fallback, but we also have an etherpad server which I have been helping to get integrated into the main summit schedule. So the way this works is the summit website is a series of pages like this one: http://summit.ubuntu.com/uds-o/2011-05-09/ which list all the sessions going on. Each one has a little pen and pad icon on it, click that and you get to a page providing all the information about that one session, the time, room etc at the top, and the list of attendees and links to blueprints and wiki pages at the bottom. In the middle is the pad, where you can type stuff. There is no save button, everything is saved all the time.

For example have a look at http://summit.ubuntu.com/uds-o/meeting/community-o-unity-developer-participation/ you can see at the top I have put some hashtags (they will become clickable links when that bit gets turned on) and you can just type freeform text. If you are the first person to open a particular notes page there is a big button to click on to create the pad. We might jiggle the theme about in the next few days to add a panel at the side where you can see the names of the people typing in the pad. This approach means that the schedule itself is the index to the notes pages, the notes just work in a browser, on any platform and through firewalls and proxies with no special configuration. I hope (and I am pretty confident) that this will enhance the work done at UDS by people there in person and following on remotely.

In this post I’ll describe our current way of providing SSL encrypted access to a shiny new OpenERP server running on Ubuntu 10.04 LTS Server.

We’re using the Apache webserver to act as a proxy and do SSL termination for web client access and for WebDAV/CalDAV access. The GTK client will also be running over an encrypted XMLRPC link directly to the OpenERP Server. Apache is the most widely used webserver in the world and there is oodles of documentation about it so I do not plan to go into any great detail about the configuration choices. One document that is worth pointing out however is the information about how to configure and administer Apache specifically under Debian/Ubuntu. The way Apache is packaged and set up is quite different from most other Linux distributions. A very useful document can be found here /usr/share/doc/apache2.2-common/README.Debian.gz on your server.

NB: For the purposes of this how to, we’ll be using self-signed certificates. A discussion of the pros and cons of this choice is beyond the scope of this article.

Step 1. Install Apache and required modules

On your server install apache2 by typing

sudo apt-get install apache2

Now we’ll tell apache that we want to use a few modules (mod_ssl, mod_proxy, mod_proxy_http, mod_headers and mod_rewrite [optional]) that are not enabled by default:

sudo a2enmod ssl proxy_http headers rewrite

Next, we need to generate a SSL certificate and key.

Step 2. Create your cert and key

I create the files in a temporary directory then move them to their final resting place once they have been built (the first cd is just to make sure we are in our home directory to start with):

cd
mkdir temp
cd temp

Then we generate a new key, you will be asked to enter a passphrase and confirm:

openssl genrsa -des3 -out server.pkey 1024

We don’t really want to have to enter a passphrase every time the server starts up so we remove the passphrase by doing this:

openssl rsa -in server.pkey -out server.key

Next we need to create a signing request which will hold the data that will be visible in your final certificate:

openssl req -new -key server.key -out server.csr

This will generate a series of prompts like this: Enter the information as requested:

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:The Client’s Company

And finally we self-sign our certificate.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

We only need two of the files in the working directory, the key and the certificate. But before we can use them they need to have their ownership and access rights altered:

sudo chown openerp:root server.crt server.key
sudo chmod 640 server.crt server.key

And then we put them in a sensible place:

sudo mkdir /etc/ssl/openerp
sudo chown openerp:root /etc/ssl/openerp
sudo chmod 710 /etc/ssl/openerp
sudo mv server.crt server.key /etc/ssl/openerp/

Now the key and certificate are safely stored away, we can tell Apache where they are:

Step 3. Create the Apache site configuration file

We create a new Virtual Host configuration file

sudo nano /etc/apache2/sites-available/openerp-ssl

with the following content:

<VirtualHost *:443>

SSLEngine on
SSLCertificateFile /etc/ssl/openerp/server.crt
SSLCertificateKeyFile /etc/ssl/openerp/server.key

ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyVia On

ProxyPass /webdav/ http://127.0.0.1:8069/webdav/
<Location /webdav/ >
ProxyPassReverse /webdav/
<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT MOVE COPY DELETE LOCK UNLOCK>
Order Deny,Allow
Allow from all
Satisfy Any
</Limit>
</Location>

ProxyPass / http://127.0.0.1:8080/
<location / >
ProxyPassReverse /
</location>

RequestHeader set "X-Forwarded-Proto" "https"

# Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1

</VirtualHost>

Note there are two Proxy configurations. One for /webdav/ and one for /. If you do not intend to use WebDAV or CalDAV then you can remove that section. But essentially, we are telling apache that WebDAV traffic needs to go to the XMLRPC port on the OpenERP server, and normal web traffic needs to go to the web client that is listening on port 8080. The order is also important. If / came before /webdav/ then it wouldn’t work.

And then we can enable the new site configuration.

sudo a2ensite openerp-ssl

Optionally, you can use mod_rewrite to redirect any normal (non-encrypted) web browser traffic to the SSL port (443).

To do this, add the following lines (outside of the <directory> config blocks) into the file /etc/apache2/sites-available/default

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]

Step 4. Change the OpenERP server and web-client configuration files

The next step is to re-configure the OpenERP server and Web client so that the non-encrypted services are not accessible from the outside world.

In /etc/openerp-server.conf the two non-encrypted services will only listen on localhost, i.e. not from external connections so in effect only traffic from Apache will be accepted. We also tell the XMLRPC-SSL service where to find the necessary key and certificate.

Make the following changes:

sudo nano /etc/openerp-server.conf

xmlrpc = True
xmlrpc_interface = 127.0.0.1
xmlrpc_port = 8069

netrpc = True
netrpc_interface = 127.0.0.1
netrpc_port = 8070

xmlrpcs = True
xmlrpcs_interface =
xmlrpcs_port = 8071
secure_pkey_file = /etc/ssl/openerp/server.key
secure_cert_file = /etc/ssl/openerp/server.crt

If you want to have WebDAV/CalDAV access add the following at the bottom of the config file.

[webdav]
enable = True
vdir = webdav

Then in the web client config file /etc/openerp-web.conf make the following changes so that it also only accepts traffic from localhost:

sudo nano /etc/openerp-web.conf

# Some server parameters that you may want to tweak
server.socket_host = “127.0.0.1″

# Set to True if you are deploying your App behind a proxy
# e.g. Apache using mod_proxy
tools.proxy.on = True

# If your proxy does not add the X-Forwarded-Host header, set
# the following to the *public* host url.
tools.proxy.base = ‘https://your-ip-or-domain’

# Set to false to disable CSRF checks
tools.csrf.on = False

That’s it.

Step 5. Try it out

Restart the services to load the new configurations

sudo service openerp-server restart
sudo service openerp-web restart
sudo service apache2 restart

You should not be able to connect to the web client on port 8080 and the GTK client should not connect on either the NetRPC (8070) or XMLRPC (8069) services. For the web access you just need to visit https://your-ip-or-domain and in the GTK client you will need to use port 8071 and choose the XMLRPC (Secure) protocol.

For CalDAV access the URL to a calendar will be something like this:

https://your-ip-or-domain/webdav/DB_NAME/calendars/users/USERNAME/c/CALENDAR_NAME

I hope that is helpful and obviously we’d love to hear comments and suggestions for improvements.

Installing OpenERP isn’t really that hard, but having seen several other “How Tos” on-line describing various methods where none seemed to do the whole thing in what I consider to be “the right way”, I thought I’d explain how we do it. There are a few forum posts that I’ve come across where the advice is just plain wrong too, so do be careful.

As we tend to host OpenERP on servers that are connected to the big wide Internet, our objective is to end up with a system that is:

A: Accessible only via encrypted (SSL) services from the GTK client, Web browser, WebDAV and CalDAV
B: Readily upgradeable and customisable

One of my friends said to me recently, “surely it’s just sudo apt-get install openerp-server isn’t it?” Fair enough; this would actually work. But there are several problems I have with using a packaged implementation in this instance:

• Out-of-date. The latest packaged version I could see, in either the Ubuntu or Debian repositories, was 5.0.15. OpenERP is now at 6.0.3 and is a major upgrade from the 5.x series.
• Lack of control. Being a business application, with many configuration choices, it can be harder to tweak your way when the packager determined that one particular way was the “true path”.
• Upgrades and patches. Knowing how, where and why your OpenERP instance is installed the way it is, means you can decide when and how to update it and patch it, or add custom modifications.

So although the way I’m installing OpenERP below is manual, it gives us a much more fine-grained level of control. Without further ado then here is my way as it stands currently (“currently” because you can almost always improve things. HINT: suggestions for improvement gratefully accepted).

[Update 18/08/2011: I've updated this post for the new 6.0.3 release of OpenERP]

Step 1. Build your server

I install just the bare minimum from the install routine (you can install the openssh-server during the install procedure or install subsequently depending on your preference).

After the server has restarted for the first time I install the openssh-server package (so we can connect to it remotely) and denyhosts to add a degree of brute-force attack protection. There are other protection applications available: I’m not saying this one is the best, but it’s one that works and is easy to configure and manage. If you don’t already, it’s also worth looking at setting up key-based ssh access, rather than relying on passwords. This can also help to limit the potential of brute-force attacks. [NB: This isn't a How To on securing your server...]

sudo apt-get install openssh-server denyhosts

Now make sure you are running all the latest patches by doing an update:

sudo apt-get update
sudo apt-get dist-upgrade

Although not always essential it’s probably a good idea to reboot your server now and make sure it all comes back up and you can still login via ssh.

Now we’re ready to start the OpenERP install.

Step 2. Create the OpenERP user that will own and run the application

sudo adduser --system --home=/opt/openerp --group openerp

This is a “system” user. It is there to own and run the application, it isn’t supposed to be a person type user with a login etc. In Ubuntu, a system user gets a UID below 1000, has no shell (well it’s actually /bin/false) and has logins disabled. Note that I’ve specified a “home” of /opt/openerp, this is where the OpenERP server, and optional web client, code will reside and is created automatically by the command above. The location of the server code is your choice of course, but be aware that some of the instructions and configuration files below may need to be altered if you decide to install to a different location.

Step 3. Install and configure the database server, PostgreSQL

sudo apt-get install postgresql

Then configure the OpenERP user on postgres:

First change to the postgres user so we have the necessary privileges to configure the database.

sudo su - postgres

Now create a new database user. This is so OpenERP has access rights to connect to PostgreSQL and to create and drop databases. Remember what your choice of password is here; you will need it later on:

createuser --createdb --username postgres --no-createrole --no-superuser --pwprompt openerp
Enter password for new role: ********
Enter it again: ********

[Update 18/08/2011: I have added the --no-superuser switch. There is no need for the openerp database user to have superuser privileges.]

Finally exit from the postgres user account:

exit

Step 4. Install the necessary Python libraries for the server

sudo apt-get install python python-psycopg2 python-reportlab \
python-egenix-mxdatetime python-tz python-pychart python-mako \
python-pydot python-lxml python-vobject python-yaml python-dateutil \
python-pychart python-webdav

And if you plan to use the Web client install the following:

sudo apt-get install python-cherrypy3 python-formencode python-pybabel \
python-simplejson python-pyparsing

Step 5. Install the OpenERP server, and optional web client, code

I tend to use wget for this sort of thing and I download the files to my home directory.

Make sure you get the latest version of the application files. At the time of writing this it’s 6.0.2 6.0.3; I got the download links from their download page.

wget http://www.openerp.com/download/stable/source/openerp-server-6.0.3.tar.gz

And if you want the web client:

wget http://www.openerp.com/download/stable/source/openerp-web-6.0.3.tar.gz

Now install the code where we need it: cd to the /opt/openerp/ directory and extract the tarball(s) there.

cd /opt/openerp
sudo tar xvf ~/openerp-server-6.0.3.tar.gz
sudo tar xvf ~/openerp-web-6.0.3.tar.gz

Next we need to change the ownership of all the the files to the openerp user and group.

sudo chown -R openerp: *

And finally, the way I have done this is to copy the server and web client directories to something with a simpler name so that the configuration files and boot scripts don’t need constant editing (I call them, rather unimaginatively, server and web). I started out using a symlink solution, but I found that when it comes to upgrading, it seems to make more sense to me to just keep a copy of the files in place and then overwrite them with the new code. This way you keep any custom or user-installed modules and reports etc. all in the right place.

sudo cp -a openerp-server-6.0.3 server
sudo cp -a openerp-web-6.0.3 web

As an example, should OpenERP 6.0.4 come out next, I can extract the tarballs into /opt/openerp/ as above. I can do any testing I need, then repeat the copy command (replacing 6.0.3 obviously) so that the modified files will overwrite as needed and any custom modules, report templates and such will be retained. Once satisfied the upgrade is stable, the older 6.0.3 directories can be removed if wanted.

That’s the OpenERP server and web client software installed. The last steps to a working system are to set up the two (server and web client) configuration files and associated init scripts so it all starts and stops automatically when the server boots and shuts down.

Step 6. Configuring the OpenERP application

The default configuration file for the server (in /opt/openerp/server/doc/) could really do with laying out a little better and a few more comments in my opinion. I’ve started to tidy up this config file a bit and here is a link to the one I’m using at the moment (with the obvious bits changed). You need to copy or paste the contents of this file into /etc/ and call the file openerp-server.conf. Then you should secure it by changing ownership and access as follows:

sudo chown openerp:root /etc/openerp-server.conf
sudo chmod 640 /etc/openerp-server.conf

The above commands make the file owned and writeable only by the openerp user and only readable by openerp and root.

To allow the OpenERP server to run initially, you should only need to change one line in this file. Toward to the top of the file change the line db_password = ******** to have the same password you used way back in step 3. Use your favourite text editor here. I tend to use nano, e.g. sudo nano /etc/openerp-server.conf

Once the config file is edited, you can start the server if you like just to check if it actually runs.

/opt/openerp/server/bin/openerp-server.py --config=/etc/openerp-server.conf

It won’t really work just yet as it isn’t running as the openerp user. It’s running as your normal user so it won’t be able to talk to the PostgreSQL database. Just type CTL+C to stop the server.

Step 7. Installing the boot script

For the final step we need to install a script which will be used to start-up and shut down the server automatically and also run the application as the correct user. Here’s a link to the one I’m using currently.

Similar to the config file, you need to either copy it or paste the contents of this script to a file in /etc/init.d/ and call it openerp-server. Once it is in the right place you will need to make it executable and owned by root:

sudo chmod 755 /etc/init.d/openerp-server
sudo chown root: /etc/init.d/openerp-server

In the config file there’s an entry for the server’s log file. We need to create that directory first so that the server has somewhere to log to and also we must make it writeable by the openerp user:

sudo mkdir /var/log/openerp
sudo chown openerp:root /var/log/openerp

Step 8. Testing the server

To start the OpenERP server type:

sudo /etc/init.d/openerp-server start

You should now be able to view the logfile and see that the server has started.

less /var/log/openerp/openerp-server.log

If there are any problems starting the server now you need to go back and check. There’s really no point ploughing on if the server doesn’t start…

OpenERP - First Login

If you now start up the GTK client and point it at your new server you should see a message like this:

Which is a good thing. It means the server is accepting connections and you do not have a database configured yet. I will leave configuring and setting up OpenERP as an exercise for the reader. This is a how to for installing the server. Not a how to on using and configuring OpenERP itself…

What I do recommend you do at this point is to change the super admin password to something nice and strong. By default it is “admin” and with that a user can create, backup, restore and drop databases (in the GTK client, go to the file menu and choose the Databases -> Administrator Password option to change it). This password is written as plain text into the /etc/openerp-server.conf file. Hence why we restricted access to just openerp and root.

One rather strange thing I’ve just realised is that when you change the super admin password and save it, OpenERP completely re-writes the config file. It removes all comments and scatters the configuration entries randomly throughout the file. I’m not sure as of now if this is by design or not.

Now it’s time to make sure the server stops properly too:

sudo /etc/init.d/openerp-server stop

Check the logfile again to make sure it has stopped and/or look at your server’s process list.

Step 9. Automating OpenERP startup and shutdown

If everything above seems to be working OK, the final step is make the script start and stop automatically with the Ubuntu Server. To do this type:

sudo update-rc.d openerp-server defaults

You can now try rebooting you server if you like. OpenERP should be running by the time you log back in.

If you type ps aux | grep openerp you should see a line similar to this:

openerp 708 3.8 5.8 181716 29668 ? Sl 21:05 0:00 python /opt/openerp/server/bin/openerp-server.py -c /etc/openerp-server.conf

Which shows that the server is running. And of course you can check the logfile or use the GTK client too.

Step 10. Configure and automate the Web Client

Although it’s called the web client, it’s really another server-type application which [ahem] serves OpenERP to users via a web browser instead of the GTK desktop client.

If you want to use the web client too, it’s basically just a repeat of steps 6, 7, 8 and 9.

The default configuration file for the web client (can also be found in /opt/openerp/web/doc/openerp-web.cfg) is laid out more nicely than the server one and should work as is when both the server and web client are installed on the same machine as we are doing here. I have changed one line to turn on error logging and point the file at our /var/log/openerp/ directory. For our installation, the file should reside in /etc/, be called openerp-web.conf and have it’s owner and access rights set as with the server configuration file:

sudo chown openerp:root /etc/openerp-web.conf
sudo chmod 640 /etc/openerp-web.conf

Here is a web client boot script. This needs to go into /etc/init.d/, be called openerp-web and be owned by root and executable.

sudo chmod 755 /etc/init.d/openerp-web
sudo chown root: /etc/init.d/openerp-web

You should now be able to start the web server by entering the following command:

sudo /etc/init.d/openerp-web start

Check the web client is running by looking in the log file, looking at the process log and, of course, connecting to your OpenERP server with a web browser. The web client by default runs on port 8080 so the URL to use is something like this: http://my-ip-or-domain:8080

Make sure the web client stops properly:

sudo /etc/init.d/openerp-web stop

And then configure it to start and stop automatically.

sudo update-rc.d openerp-web defaults

You should now be able to reboot your server and have the OpenERP server and web client start and stop automatically.

I think that will do for this post. It’s long enough as it is!

I’ll do a part 2 in a little while where I’ll cover using apache, ssl and mod_proxy to provide encrypted access to all services.

[UPDATE: Part 2 is here]

BSA SPAM

This spam marketing literature however, is actually a very compelling call to action for those businesses that aren’t already protecting themselves by using Free and Open Source Software. If the image isn’t terribly legible, here are a few of the juicy bits just SCREAMING at you to think very carefully about the software choices you make in your business.

Your boss wouldn’t ask you to steal or commit fraud, would they? So why do they ask you to use unlicensed software?

Note the phrasing: “unlicensed software”. Of course Free software is licensed, so that’s OK then. There are lots of great Free Software licenses.

Here’s the bit where the BSA really start to suggest you should be using Free Software.

Here’s how easy it is to get caught up using illegal software:

• One or more software licenses are bought, but the software is installed on more PCs than the licenses permit
• Software is purchased for an employee’s home PC and is also installed on to a work PC

These activities are perfectly OK and in-fact encouraged with licensed Free software. A Free Software License gives a user the freedom to do these things; It’s called freedom 2: The freedom to redistribute copies so you can help your neighbor.

• Font designs and software are downloaded illegally from the internet

You can download legally lots of font designs from places such as the Open Font Library and Google’s WebFont Library online.

The recently released Ubuntu font is an excellent example of a high quality, freely available font.. You can read about it here, get it from here and even get the font source from here. You may also choose to use the Google Font API to use it freely on your website from here.

And as for downloading “software” well, there’s probably more Free software available for download than the BSA could shake a stick at.

So please, consider carefully what our friends at the BSA have to say and talk your bosses or employees about the choices they make. Using properly licensed software is not hard. You don’t have to be at risk from even making a simple mistake. Using licensed Free software protects you.

If you are in a business and want advice on the choices available there are companies such as our own that can help. The BSA would rather your employees take you to the cleaners…

So, if you know of a company that is using unlicensed software, please let us know now. You could receive a reward of up to £10,000.

As many others do I’m sure, I use ssh terminal sessions a lot. I’ve often got half a dozen open at once either in separate terminals or in Terminator for example. Sometimes if I don’t update them for a reasonable length of time they simply lock up so that I have no response at all. I’ve not actually timed this issue but I expect it is happening somewhere between 10 and 30 minutes of inactivity.

After getting annoyed for the umpteenth time today I finally did some serious searching… I concluded that this lock-up is probably due to my broadband router. It wasn’t happening across the local LAN or when I was connecting from other locations so I already suspected my broadband service. I suspect that it’s a NAT cache timeout or something but that’s not really important.

Several howtos I found discussing various timeout problems suggested editing the ssh config file on the server. This is fine if you know which server(s) you will be connecting too all the time and of course if there don’t happen to be hundreds of them that you need to re-configure. But if you don’t know or do use many machines then that’s not an ideal solution at all.

I think this is though

If you haven’t already got one, make a file in your home ssh directory (on Ubuntu it is normally found in ~/.ssh):

touch ~/.ssh/config

Open it with your favourite editor and enter a line something like this:

ServerAliveInterval 120

Then save and close it. From my initial tests this seems to do the trick nicely.

According to the manual it:

Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server, or 300 if the BatchMode option is set. This option applies to protocol version 2 only. ProtocolKeepAlives and SetupTimeOut are Debian-specific compatibility aliases for this option.

This is one of those things I should have done ages ago. I hope this help others who find their ssh sessions mysteriously hanging.

Take a moment to look forward to your long weekend of seasonal festivities with close family, distant relatives, and the not-quite-distant-enough ones. Think of the present opening, the joy of seeing another pair of socks, the screams of rage that inform you that Ben 10 was last years hot thing and a completely inappropriate present to have given this year. Just think about the meal of curiously burned stuffing inside a not-quite-cooked turkey which you will then smother with cranberry jam for no apparent culinary purpose. Spare a moment to consider the bowl of sprouts and the fun of watching adults attempting to fool children into thinking they are edible. Perhaps after the meal someone will suggest that you all play a board game together, won’t that be fun! The best you can hope for is that they will all be asleep before the Dr Who Christmas special starts.

If these thoughts of Christmas have left you in need of a stiff drink, don’t worry you are not alone, and we have a plan. The Ubuntu UK Christmas event will be held at The Hub Islington on December 21st from 7PM. You can register your attendance here (launchpad account required). We would invite you to bring some Christmas and/or Ubuntu themed nibbles and optionally a bottle of something to ward off the cold. Take an evening out to relax with friends and steel yourself for what is to come.

It isn’t just a random talking shop though, there is a very structured and full schedule, in fact you can see it all here http://summit.ubuntu.com/uds-n/ the times are all local to Florida, which means the day starts at 2PM UK time. To participate remotely there are IRC channels for each room and there will be remote audio to listen to, so wherever you are in the world you can get your thoughts and opinions across, and choose bits that you want to contribute to in this cycle.

The whole thing kicks off with a keynote address by Mark Shuttleworth on Monday, where he will set out some of the major themes of the week and of the cycle. To spice things up a bit for all the remote participants we have created a little game to play along from home, click the link to start playing:

ubingo

Rules

• One gulp of $drink for each word said during Mark Shuttleworth’s keynote speech at the Natty Narwhal Ubuntu Developer Summit
• Finish the glass you are on when you complete a line (and pour another)
• Have a shot glass lined up to down if you get all the words
• If you are in a timezone where the sun is not yet over the yard arm, or are not of drinking age or inclination then you might want to use a non-alcoholic beverage, this is of course perfectly acceptable
• Players attending UDS in person should probably not be drinking (or shouting out “House!”)
• Players should join the #ubuntu-UDS channel on freenode to shout out the words they spot (although we might move to a different channel if play becomes disruptive)

The following packages will be REMOVED
cli-common* gbrainy* libappindicator0.1-cil* libart2.0-cil* libgconf2.0-cil*
libglade2.0-cil* libglib2.0-cil* libgmime2.4-cil* libgnome-vfs2.0-cil*
libgnome2.24-cil* libgnomepanel2.24-cil* libgtk2.0-cil*
liblaunchpad-integration1.0-cil* libmono-addins-gui0.2-cil*
libmono-addins0.2-cil* libmono-cairo2.0-cil* libmono-corlib2.0-cil*
libmono-i18n-west2.0-cil* libmono-management2.0-cil* libmono-posix2.0-cil*
libmono-security2.0-cil* libmono-sharpzip2.84-cil* libmono-system2.0-cil*
libndesk-dbus-glib1.0-cil* libndesk-dbus1.0-cil* mono-2.0-gac*
mono-csharp-shell* mono-gac* mono-gmcs* mono-runtime* tomboy*
0 upgraded, 0 newly installed, 31 to remove and 0 not upgraded.

A somewhat more civilized and sensible event follows on Tuesday 12th at Fossbox in London, mainly aimed at charities and the voluntary sector, introducing attendees to the Ubuntu desktop.

On Wednesday 13th there is another event, this one hosted by University College London and aimed mostly at students, but open to all.

On Saturday 16th in Swindon there will be demos and info about Ubuntu at the Museum of Computing, again this event is open to all.

If you are in the area of any of these events then do pop along, either if you haven’t used Ubuntu before and want to find out more, or if you are a seasoned veteran and want to meet other people in your area and talk about Ubuntu.

If you are wondering why there is a bit of a London focus to the events (apart from the Swindon one of course) and you want an event in a city near you then don’t forget *you* can organise events, and ask for help in the ubuntu-uk mailing list to gather support for an event where you want it.