Going dotty
Back when the very nice Ubuntu font was initially being developed I did some testing of it using the fontforge application and some looking through the Unicode specification for blocks of characters that should be implemented. There is all sorts of character sets tucked away in the Unicode standard including Klingon and Braille. Sadly the Klingon wishlist has been parked with a status of wontfix but Braille is an interesting one. I was expecting a block of characters in alphabetical order somewhere, but it isn’t quite like that. The specification has all the dot patterns but quite how you type “this is in braille” and get “⠞⠓⠊⠎⠀⠊⠎⠀⠊â ⠀⠃⠗â ⠊⠇⠇⠑” is not defined in Unicode as there are a number of different mapping tables you can use to go from letters to dot patterns. So it would be great if the Ubuntu font had those glyphs, however they would be of limited practical use to most people who are interested in Braille. At this point I should clarify that I do know that Braille patterns on screen or printed flat on paper are as much use as a chocolate teapot, they have to be embossed to be read by the fingers. I am taking a broad interpretation of “people who are interested in Braille” and I am including in that someone who wants to make a simple sign that can be read in Braille perhaps using a bit of sheet metal and a centre punch and teachers wanting to get a class to make labels for their coat pegs with their names in Braille, that kind of thing. So for these use-cases and not for typesetting a book in Braille I have made as my first fontforge project a little font which has Braille dot patterns as the characters. This means you can type something in LibreOffice Writer (or word processor of your choosing) and change the font to see it in Braille. You can print it out and stick things on the dots, (if you want to do the centre punch thing do bear in mind that you need to punch through the back of the paper over the dots or you will make a sign that is mirrored and incomprehensible). So here it is, Libertus Braille, a Free font for simple educational uses of Braille.
A Professional keyboard with an Ubuntu Logo on the super key
Keyboard made from pure awesome
Today I got a new keyboard, nothing unusual and particularly blogworthy in that you might think, but look a little closer, especially at the two little keys on the bottom row that traditionally host two little adverts for a legacy operating system – they are gone! The little flags (previously discussed in the context of Google ChromeOS) are replaced with the Circle of Friends, the Ubuntu Logo that symbolises friendship and freedom. So where, I hear you ask, did I get such a marvel of modern clavicula engineering? Well the answer to that is from our friends at the Keyboard Company where they distribute and customise high end and specialist keyboards. This one is a Filco Majestouch which they modified by replacing the super keys with custom printed ones with the Circle of Friends on. Now you might note the price tag for this keyboard is £95 ex VAT, and yes this is a high end keyboard. It has a solid quality feel to it and the key action is superb. In fact when ordering you can specify one of three different key actions, tactile action, click action or linear action. I got the tactile one, which is not clicky, but has a point of resistance to push past in the travel at the actuation point. Kind of like pushing the accelerator on an automatic car past the bump to get it to kick down a gear.
It also does N Key rollover, which is great. Most cheap keyboards have a matrix of wires and switches that link keys into groups and when pressing multiple keys together this can lead to ambiguous signals that cause ghosting (keys being signalled as pressed which were not) and jamming (keys pressed, but not signaled). This keyboard has each key individually addressable, you can press a whole bunch of keys at once and it will know exactly which ones you have got pressed. This helps for the rapid typist and in gameplay where you might be holding down a bunch of keys to move a character whilst jumping, turning and firing. A missed keypress in this scenario could lead to an almost tragic loss of virtual life.
Qwerty to Steno keyboard mapping
I am not really a gamer, but the N-Key rollover does interest me for a completely different reason, it means I can try out the chorded keyboard typing with Plover. This allows you to write instead of one key at a time by pressing a chord of multiple keys like a court reporter would do on a stenotype machine, this can in theory allow you to communicate at a blistering 250wpm. This open source software reads what you are typing using the steno chords and maps it from a kind of syllable level shorthand into what you intended to say.
If you would like to have one of these fine keyboards you can order them from the keyboard company, at the same price as the version with the flag key, just specify in the additional information box on the order form that you would like the Ubuntu Circle of Friends on the super key. They can ship anywhere and do them in pretty much any international layout, so if you want AZERTY or whatever then they can oblige. I would love to see them listed as a product in the Ubuntu store but as yet I have been unable to contact a human there, if anyone knows how to do that then do leave a comment.
Ubuntu UK LoCo CDs
The allocation of CDs for the Ubuntu UK team arrived yesterday, to the excitement of the chickens. They have been using Kubuntu 10.10 for the last six months and are keen to evaluate the features of 11.04 (I prefer GNOME, the chickens prefer KDE).
Bored chicken with last year's distro
They started the upgrade by reading the CD sleeve carefully
Clarabelle reads the fine manual
and then installed the new Kubuntu 11.04 on a piece of string in the run so they can peck at it and check their feathers in the mirror.
Installing Kubuntu 11.04
After the upgrade I took their old Kubuntu 10.10 CD and gave it a bit of a wash, when it stopped smelling too much I put it in my laptop and booted it, there was a bit of a crack on the outside edge and it didn’t fully boot, but it got to the bootloader and did about 15 seconds of productive loading before it failed. Check back in 6 months to find out how the Kubuntu 11.04 CD boots.
So now we need to decide how best to use the remaining 49 Kubuntu CDs, 50 Ubuntu Server CDs and 250 Ubuntu CDs. Preferably in a slightly less frivolous way than entertaining livestock.
Now that shipit has stopped doing individual CD requests we are going to reserve some for people on dialup who want CDs. The procedure for this is as follows.
- Email me, alanbell at ubuntu.com with a clear subject line saying you would like a CD.
- I will then respond with my snail mail address.
- You send me a stamped self addressed envelope big enough to hold a CD.
- I put CD in envelope and send it back to you.
So this is mildly inconvenient, and costs you more than free, but only about a quid, in postage. If you are on dialup (or an obsessive Ubuntu CD collector) this is still well worth doing, those on broadband have probably already got the .iso and burned it already.
Another batch will go to people distributing recycled PCs pre-installed with Ubuntu like Remploy I want these PCs to go out with an official CD in the pack, and some information about the LoCo team for the end user. Any company or charity involved with recycling PCs for distribution in the UK through the RaceOnline initiative or anything else is welcome to contact me to arrange CDs and help with doing an OEM build image for cloning (so on first boot it asks the user their name). These kind of organisations are not going to engage Canonical services, they just don’t have the margins, working constructively with them is certainly something we can do as a community team.
The rest will go to events and conferences where we have a presence, which means we need to have a presence at some events. I would really like the team to run a few bring-a-box installfests at university computing societies. If you want to help organise one that would be great, I am happy to support it with CDs and help get some people along to help.
If you have further ideas on how to use the CDs then do comment here, on the Ubuntu-UK mailing list or at the next team meeting on IRC.
Speak to me!
Ubuntu comes with a built in speech synthesizer and an application called Orca which acts as a screen reader. Orca “looks” at what is on the page, decides what to say, then passes what it has to say to an intermediate service called speech dispatcher. Speech dispatcher then decides which voice synthesizer to use and gets the text read out. It is designed so that it could use different synthesizers for different languages, or different voices. So the chain is like this:
Application that wants to speak “hello world” -> speech dispatcher -> speech synthesizer -> audio output
By default the speech synthesizer is one called espeak which has a number of synthetic voices (they sound like a robot should sound). You can try this now, go to a terminal window and enter the following:
spd-say "hello world"
If all is working you should hear your computer talking. So this is the default voice that is included on the size restricted Ubuntu CD. Whilst espeak is pretty good and synthetic voices perform well when speeded up (some blind people listen very very fast) there are more realistic voices and more sophisticated speech synthesizers available. The one I think is probably the most promising is called OpenMARY. This has a range of voices available including a number based on the rather good Hidden Markov Model technique. OpenMARY runs as a web server with a REST API, you go to the right URL and you get back a .wav file with the sound you asked for. Feel free to have a play with an OpenMARY server I installed on one of our servers, I have installed a bunch of decent hmm voices, try saying different things with them. So this is all rather fun and you can hear the difference in quality between the rather robotic espeak and the nearly human sounding OpenMARY, the next step is to get it working through speech dispatcher.
To do this I am using the speech dispatcher generic module which is a simple way of getting them to play together. Writing a proper module specific to OpenMary would allow a few more features to be used. To try this out we will be installing just a configuration file on your machine which tells speech dispatcher to pass the text it wants to say out to our OpenMARY server on the internet, you get back a wav file and it plays it. This is just meant for playing about really, don’t rely on our server to be there all the time and this also means that if I felt like it I could look at a log file on the server and see what you are saying (I can’t be bothered, and I don’t care what you say).
- Check that spd-say “hello world” actually works. If it doesn’t then go fix that first.
- Download the config file from http://people.ubuntu.com/~alanbell/openmary.conf
wget http://people.ubuntu.com/~alanbell/openmary.conf
- Copy the config file to /etc/speech-dispatcher/modules/
sudo cp openmary.conf /etc/speech-dispatcher/modules/
- edit the speech dispatcher config to load your new module configuration file
sudo nano /etc/speech-dispatcher/speechd.conf
- Find the bit with all the AddModule lines (most are commented out with a #) and add a line containing:
AddModule "openmary" "sd_generic" "openmary.conf"
- Save and exit
Ctrl+x, y
- stop the speech dispatcher service if it is running
sudo killall speech-dispatcher
- Try it out
spd-say -o openmary "hello world"
If you want to run your own openmary server locally (possibly better performance, works offline, more privacy) then edit the openmary.conf file and change the mumble.libertus.co.uk bits to localhost (or whatever server you want to point it at). To use your new voice in Orca go to the preferences window and select speech dispatcher and openmary as the synthesizer. The generic module only seems to allow you to use the default voice (it doesn’t report the list of voices available back to Orca). A proper module would do that and get other features available for Orca to control. If anyone wants to help with that it would be great.
-Edit-
As Stephane Graber pointed out you may need the sox and curl packages for this to work, I thought they were part of the default install, but maybe not. The bit that makes the magic happen is this line:
"curl \"http://mumble.libertus.co.uk:59125/process?INPUT_TEXT=`echo $DATA|sed 's/ /%20/g'`&INPUT_TYPE=TEXT&OUTPUT_TYPE=AUDIO&AUDIO=WAVE_FILE&LOCALE=en_GB&VOICE=$VOICE\" > $TMPDIR/openmary.wav && play $TMPDIR/openmary.wav >/dev/null"
which inserts $DATA (The phrase it wants to say) and $VOICE into a URL which returns a wav file, curl retrieves the file and we output it to /tmp/openmary.wav. Then we use the play command to turn the wav file we just downloaded into sound.
Taking Notes at UDS
The Ubuntu Developer Summit is coming up real soon now, starting Monday 9th May. For those not familiar with it this is a week long summit where developers and contributors to the Ubuntu project figure out what they are going to work on over the course of the next 6 month release cycle leading up to the Oneiric Ocelot release in October this year (11.10). I am not going to this UDS, it is over in Budapest and I just haven’t got the time available because we are just too busy doing OpenERP implementations for our customers. I may have a bit of time here and there to join in the live audio sessions and collaborative notetaking and action planning that goes on. Historically this has been done using the collaborative text editor “Gobby” which has been a source of frustration and lost data for several UDS events 🙁
This year we have a new plan, the Gobby server is still available as a fallback, but we also have an etherpad server which I have been helping to get integrated into the main summit schedule. So the way this works is the summit website is a series of pages like this one: http://summit.ubuntu.com/uds-o/2011-05-09/ which list all the sessions going on. Each one has a little pen and pad icon on it, click that and you get to a page providing all the information about that one session, the time, room etc at the top, and the list of attendees and links to blueprints and wiki pages at the bottom. In the middle is the pad, where you can type stuff. There is no save button, everything is saved all the time.
For example have a look at http://summit.ubuntu.com/uds-o/meeting/community-o-unity-developer-participation/ you can see at the top I have put some hashtags (they will become clickable links when that bit gets turned on) and you can just type freeform text. If you are the first person to open a particular notes page there is a big button to click on to create the pad. We might jiggle the theme about in the next few days to add a panel at the side where you can see the names of the people typing in the pad. This approach means that the schedule itself is the index to the notes pages, the notes just work in a browser, on any platform and through firewalls and proxies with no special configuration. I hope (and I am pretty confident) that this will enhance the work done at UDS by people there in person and following on remotely.
How to install OpenERP 6.0 on Ubuntu 10.04 LTS Server (Part 2 – SSL)
This article follows on (hopefully not unsurprisingly) from part 1.
In this post I’ll describe our current way of providing SSL encrypted access to a shiny new OpenERP server running on Ubuntu 10.04 LTS Server.
We’re using the Apache webserver to act as a proxy and do SSL termination for web client access and for WebDAV/CalDAV access. The GTK client will also be running over an encrypted XMLRPC link directly to the OpenERP Server. Apache is the most widely used webserver in the world and there is oodles of documentation about it so I do not plan to go into any great detail about the configuration choices. One document that is worth pointing out however is the information about how to configure and administer Apache specifically under Debian/Ubuntu. The way Apache is packaged and set up is quite different from most other Linux distributions. A very useful document can be found here /usr/share/doc/apache2.2-common/README.Debian.gz on your server.
NB: For the purposes of this how to, we’ll be using self-signed certificates. A discussion of the pros and cons of this choice is beyond the scope of this article.
Step 1. Install Apache and required modules
On your server install apache2 by typing
sudo apt-get install apache2
Now we’ll tell apache that we want to use a few modules (mod_ssl, mod_proxy, mod_proxy_http, mod_headers and mod_rewrite [optional]) that are not enabled by default:
sudo a2enmod ssl proxy_http headers rewrite
Next, we need to generate a SSL certificate and key.
Step 2. Create your cert and key
I create the files in a temporary directory then move them to their final resting place once they have been built (the first cd is just to make sure we are in our home directory to start with):
cd
mkdir temp
cd temp
Then we generate a new key, you will be asked to enter a passphrase and confirm:
openssl genrsa -des3 -out server.pkey 1024
We don’t really want to have to enter a passphrase every time the server starts up so we remove the passphrase by doing this:
openssl rsa -in server.pkey -out server.key
Next we need to create a signing request which will hold the data that will be visible in your final certificate:
openssl req -new -key server.key -out server.csr
This will generate a series of prompts like this: Enter the information as requested:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:The Client’s Company
And finally we self-sign our certificate.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
We only need two of the files in the working directory, the key and the certificate. But before we can use them they need to have their ownership and access rights altered:
sudo chown openerp:root server.crt server.key
sudo chmod 640 server.crt server.key
And then we put them in a sensible place:
sudo mkdir /etc/ssl/openerp
sudo chown openerp:root /etc/ssl/openerp
sudo chmod 710 /etc/ssl/openerp
sudo mv server.crt server.key /etc/ssl/openerp/
Now the key and certificate are safely stored away, we can tell Apache where they are:
Step 3. Create the Apache site configuration file
We create a new Virtual Host configuration file
sudo nano /etc/apache2/sites-available/openerp-ssl
with the following content:
SSLEngine on
SSLCertificateFile /etc/ssl/openerp/server.crt
SSLCertificateKeyFile /etc/ssl/openerp/server.keyProxyRequests Off
Order deny,allow
Allow from all
ProxyVia On
ProxyPass /webdav/ http://127.0.0.1:8069/webdav/
ProxyPassReverse /webdav/
Order Deny,Allow
Allow from all
Satisfy Any
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse /
RequestHeader set "X-Forwarded-Proto" "https"
# Fix IE problem (httpapache proxy dav error 408/409)
SetEnv proxy-nokeepalive 1
Note there are two Proxy configurations. One for /webdav/ and one for /. If you do not intend to use WebDAV or CalDAV then you can remove that section. But essentially, we are telling apache that WebDAV traffic needs to go to the XMLRPC port on the OpenERP server, and normal web traffic needs to go to the web client that is listening on port 8080. The order is also important. If / came before /webdav/ then it wouldn’t work.
And then we can enable the new site configuration.
sudo a2ensite openerp-ssl
Optionally, you can use mod_rewrite to redirect any normal (non-encrypted) web browser traffic to the SSL port (443).
To do this, add the following lines (outside of the /etc/apache2/sites-available/default
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
Step 4. Change the OpenERP server and web-client configuration files
The next step is to re-configure the OpenERP server and Web client so that the non-encrypted services are not accessible from the outside world.
In /etc/openerp-server.conf the two non-encrypted services will only listen on localhost, i.e. not from external connections so in effect only traffic from Apache will be accepted. We also tell the XMLRPC-SSL service where to find the necessary key and certificate.
Make the following changes:
sudo nano /etc/openerp-server.conf
xmlrpc = True
xmlrpc_interface = 127.0.0.1
xmlrpc_port = 8069netrpc = True
netrpc_interface = 127.0.0.1
netrpc_port = 8070xmlrpcs = True
xmlrpcs_interface =
xmlrpcs_port = 8071
secure_pkey_file = /etc/ssl/openerp/server.key
secure_cert_file = /etc/ssl/openerp/server.crt
If you want to have WebDAV/CalDAV access add the following at the bottom of the config file.
[webdav]
enable = True
vdir = webdav
Then in the web client config file /etc/openerp-web.conf make the following changes so that it also only accepts traffic from localhost:
sudo nano /etc/openerp-web.conf
# Some server parameters that you may want to tweak
server.socket_host = “127.0.0.1”# Set to True if you are deploying your App behind a proxy
# e.g. Apache using mod_proxy
tools.proxy.on = True# If your proxy does not add the X-Forwarded-Host header, set
# the following to the *public* host url.
tools.proxy.base = ‘https://your-ip-or-domain’# Set to false to disable CSRF checks
tools.csrf.on = False
That’s it.
Step 5. Try it out
Restart the services to load the new configurations
sudo service openerp-server restart
sudo service openerp-web restart
sudo service apache2 restart
You should not be able to connect to the web client on port 8080 and the GTK client should not connect on either the NetRPC (8070) or XMLRPC (8069) services. For the web access you just need to visit https://your-ip-or-domain and in the GTK client you will need to use port 8071 and choose the XMLRPC (Secure) protocol.
For CalDAV access the URL to a calendar will be something like this:
https://your-ip-or-domain/webdav/DB_NAME/calendars/users/USERNAME/c/CALENDAR_NAME
I hope that is helpful and obviously we’d love to hear comments and suggestions for improvements.
