Planet everlasting

May 19, 2012

Planet Grep

Wim Coekaerts: using ovm_utils

Now that we released Oracle VM 3.1 and I just added ovm_utils 0.5.2 on ARU, it's time to give a few examples/use cases of the utilities :)

The utilities are available for download from http://support.oracle.com search for patch name 13602094.

It's a small 2.5Mb zip file which you should install on the manager node and unzip in /u01/app/oracle/ovm-manager-3. There are manpages for the utilities as well. These are installed in /u01/app/oracle/ovm-manager-3/ovm_utils/man/man8. To make it easy, simply add this to your MANPATH : export MANPATH=/u01/app/oracle/ovm-manager-3/ovm_utils/man.

To use the utilities you need the admin username and password for the manager instance and in general you can just use localhost as the hostname. If you want to be able to connect to a remote manager instance, you have to first enable SSL on the manager node. By default we listen only on 127.0.0.1. There is an option in the utils to make a secure connection, use -X, but again, you first have to enable SSL for this. You can enable secure connections using ovm_utils and the addkeystore command. We have a support note for this.

So the format is something like : ./ovm_managercontrol -u admin -p mypassword -h localhost -c [options...]..
There are quite a few commands in the various utilities at this point. I broke the utilities up into categories :br

Here a a few (hopefully) useful examples:

# ovm_managercontrol -u admin -p Manager -h localhost -c getsessiontimeout

# ovm_managercontrol -u admin -p Manager -h localhost -c setsessiontimeout -T 60

Session timeout is the Oracle VM Console session timeout (connect to a Virtual Machine console). When you have a slow network, the default timeout of 30 seconds might be too short and this lets you set this to a longer (or shorter value).

# ovm_servercontrol -u admin -p Manager -h localhost -c listnfsexports -s server1
Oracle VM Server Control utility 0.5.1.
Connected.
Command : listnfsexports
NFS Exports :
        id         : 0004fb0000230000978a28e2dc85e06b
        client     : ca-srs1
        options    :
        repository : SATA_ST3500320AS_5QM1EYTX
        path       : /OVS/Repositories/0004fb000003000031fac25b24740cca/
---
        id         : 0004fb00002300004b161fd1a0d106b7
        client     : ca-vdi1
        options    : rw,no_root_squash
        repository : SATA_ST3500320AS_5QM1EYTX
        path       : /OVS/Repositories/0004fb000003000031fac25b24740cca/
---
Exit... 

nfs exports are very useful and new in 3.1. It is now possible to export a local ocfs2 repository on a FC, iscsi or local disk device to be exported from an Oracle VM server to the outside world. You define which repository and which client can mount the repository. listnfsexports lists the exports defined on a specific Oracle VM Server.

# ovm_servercontrol -u admin -p Manager -h localhost -c createnfsexport -s server1 
-C ca-vdi1 -o rw,no_root_squash -r SATA_ST3500320AS_5QM1EYTX
Oracle VM Server Control utility 0.5.1.
Connected.
Command : createnfsexport
Creating nfs export for repository 'SATA_ST3500320AS_5QM1EYTX' on server.
Created repository export
Exit... 

Here I have a repository named SATA_ST3500320AS_5QM1EYTX (this happens to be a local disk on server1) and I am exporting that repo through nfs to external server ca-vdi1. So now, on ca-vdi1, I can do mount server1:/OVS/Repositories/0004fb000003000031fac25b24740cca /mnt and I can backup(or restore) files.

# /ovm_servercontrol -u admin -p Manager -h localhost -c deletenfsexport -s server1 
-i 0004fb0000230000978a28e2dc85e06b
Oracle VM Server Control utility 0.5.1.
Connected.
Command : deletenfsexport
Deleting nfs export with ID '0004fb0000230000978a28e2dc85e06b'
Deleted repository export
Exit... 

Simply deleting a repository. You need to specify the UUID of the nfs export, which you can find using listnfsexports.

# ovm_repocontrol -u admin -p Manager -h localhost -c create -r foo -s wopr5 
-i 3600144f057ef8a0000004fb3194b0001
Oracle VM Repository Control utility 0.5.1.
Connected.
Command : create
Found LUN with id '3600144f057ef8a0000004fb3194b0001'
Creating Filesystem...
Creating repository... Please wait...
Create repository completed.
Exit... 

Create a repository on the LUN with a specific UUID. This works around slow storage where we hit a 2 minute timeout.

# ovm_vmcontrol -u admin -p Manager -h ovmm -c vcpuget -v apitest
Oracle VM VM Control utility 0.3.9.
Connected.
Command : vcpuget
Current pinning of virtual CPUs to physical threads : 2,3

Pinning virtual CPU's to physical threads.

# ovm_vmcontrol -u admin -p Manager -h ovmm -c vcpuset -v apitest -s 5,6
Oracle VM VM Control utility 0.3.9.
Connected.
Command : vcpuset
Pinning virtual CPUs
Pinning of virtual CPUs to physical threads '5,6' 'apitest' completed.
A restart of Virtual Machine 'apitest' is required. 

# vm_servercontrol  -u admin -p Manager -h localhost -s server -c events -A all
Oracle VM Server Control utility 0.3.10.
Connected.
Command : events
Server Events
Acknowledging Virtual Machine events
        Virtual Machines on this server :
VM : el5u4_32_pvm_1
VM : el6u1_64_hvm_1
VM : el5u7_64_hvm_1
VM : el5u7_64_pvm_1
VM : el6u1_64_pvm_1
VM : el6u2bd5_32_pvhvm_1
VM : el6u1_32_pvm_1
VM : uek-boot-el5-64
Exit..

Acknowledging events on a given server, including any guest events.

May 19, 2012 05:03 PM

Xavier Mertens: What Are You Sharing with Dropbox?

Dropbox is a well-known online service which allows you to share files between computers. If, in the past few months, new outsiders came on the same market, Dropbox remains the number one. If files are synchronized between Dropbox software clients, they also provide features to share files with third-party who don’t have a Dropbox account. How? By creating “links” to those files. It’s easy: In your Dropbox folder, select a file, right click and select “Dropbox -> Get Link“. Your direct URL will look like this: “http://www.dropbox.com/s/wg0ih0qywujn77y/myfile.zip“. Then, share the URL with your peers who just have to point their browser to it to access your file. Easy!

But if your files are available via HTTP(S), this means that anybody can access them. We just have to guess valid URLs. Guessing the 15-characters strings is doable (brute-force) but will require a lot waste of time. Where can we find plenty of existing URLs? In search engines of course!

I wrote a Google crawler and let it run during approximatively ten days. It was not easy. If Google is a champion to grab our data, they don’t allow extensive use of their search engine! You are often blacklisted and have to fill a CAPTCHA. They present you a  “sorry page” to prove you are not a bot:

But some techniques can be implemented to evade their tests:

• Search across multiple TLD’s (easy, they have all of them
• Change your User-Agent string randomly
• Use open-proxies randomly
• Do NOT use Tor, they blacklist the exit-nodes
• Use other anonymizing services (like anonymouse.org)
• Add random sleep() between queries

My crawler searched for pages containing “http[s]://[dl|www].dropbox/s/*“. For every hit returned by Google, the corresponding URL was also visited to parse and extract the Dropbox shared links. Finally, all found URLs were visited (500.000+ pages were processed) and data downloaded. Of course, a lot of them provided the same content or same links (example: all conversations in forums, mailing-lists archives).

Interesting to mention, when I downloaded all the files in batch from Dropbox, I did not implement special techniques like the ones to search on Google. And I was never blacklisted! I’m just wondering if Dropbox have controls in place? Did they see my traffic?

All the files were reviewed and here are some findings. Let’s start with some statistics:

• 2240 unique Dropbox URLs were found
• 1762 files were downloaded (HTTP 200)
• 116 requests returned an HTTP 403 error
• 332 requests returned an HTTP 404 error
• 45.57 GBytes was downloaded
• The biggest file was 2.09GB (a RAR archive with WAV files).
• Average file size: 26.32MB

A “403” error corresponds to a bad file name (ex: typo error in the URL). A “404” means that the file was removed by the Dropbox user. Here we can already make a conclusion/recommendations. When users share files with open links, they often don’t remove it once the file has been downloaded by the third parties. For me, shared links are temporary links! Dropbox allows to “cancel” a shared link without deleting the file.

What are the most shared file types?

What were the most obscure file type? Just two examples:

• A Fortran source code
• A x86 boot sector

Some filenames were explicit and attracted my attention immediately (like “Report-04-2012.xls“). By doing this exercises, you immediately understand why social engineering attacks are so successful and why people suffer of “clickmania“. It’s really tempting to open such files!

First, the pictures. I was surprised: only one picture was pornographic material. Lot of screenshots and error messages were found. I also saw a lot of pictures of good for sale and, a classic, network schema’s! 50% of the pictures were took using smartphones and contained of course interesting EXIF data (GPS coordinates).

The office documents were also a good source of findings. To briefly resume, I found:

• A list of weapons (!) for sale (pictures, prices, stocks)
• Political documents (propaganda)
• Resumes (with all private details of course)
• Employees lists
• MDB files (Microsoft Access)
• Business plans
• Attorneys documents (infringements reports)
• Meeting minutes
• Manuals (cars, mobile phones, tools)
• Student thesis

The best one was for sure a complete scan of a real-estate contract completed with all details:

(Click to enlarge)

Of course, I scanned the files with an anti-virus (ClamAV). On the 56 executable files found, only 6 were infected with Trojans (3.18%). I also found a lot of Android application packages (*.apk) files. I did not extract meta-data from those Office files but I’m sure I could find interesting stuff too.

Another interesting finding? Developers also enjoy the Dropbox sharing feature. I found lot of source code (HTML, JavaScript, XML, PHP). It’s easy to develop and share your source code, no need to upload your source files, just share them and include them in your applications. However, when you download the file directly, the source code is disclosed. Example: https://www.dropbox.com/s/388v3j55z4210e1/test.php.

What can we conclude from this small analysis? Dropbox links do not reveal who shared the file. There is no way to find back the account owner, except if personal information are disclosed in the shared file. And… they are! Shared files are difficult to exploit to collect information about a target (during the reconnaissance phase of a coming attack). Anyway, keep in mind that shared files can be read by anybody! This feature must be used with due care and attention. If you really need to share sensitive data, encrypt them! Which is always good when sending files into the Dropbox cloud…

May 19, 2012 02:15 PM

Planet openmoko

Harald "LaF0rge" Welte: Announcing the low-power, light-weight sysmoBTS

It hasn't been a secret that when I co-started a company called sysmocom more than a year ago, it was not about opening a webshop that sells cheap phones and DYI electronics kits to the larger community. Rather, it was to develop and sell exciting products surrounding Free Software and mobile communications.

There are of course the more or less obvious things to do, like system integration of OpenBSC and the related software on embedded systems, selling them as appliances including training, support and maintenance service.

However, we of course also want to more than that. Today it is my pleasure to say that the availability of our first BTS product called sysmoBTS has been officially announced.

See the news item, the product page and the data sheet for more information.

To make it very clear in the beginning: sysmoBTS is not an open hardware project. The schematics and layout files are proprietary and not disclosed publicly. Such is the FPGA bitstream and the layer1 inside the DSP.

However, any code running on the integrated ARM processor is available as free software. This includes a yocto/poky-built Embedded Linux distribution featuring u-boot, the Linux kernel (including all kernel modules!), the osmo-bts and OpenBSC software as well as many other Free Software packages.

We think this is a reasonable compromise between espanding a bit from our previous "BSC and above in Free Software" down to a "BTS Layer2 and above" divide. After all, if you use OpenBSC with a BTS from Siemens, Ericsson, Nokia or ip.access, you don't have access to the source code of anything running inside the BTS at all.

sysmoBTS offers some great new capabilities, such as integrating the BSC or even the entire osmo-nitb onto the ARM/Linux processor inside the BTS hardware itself, creating a less than 500gram, 10W power consuming autonomous GSM network.

I'm going to stop marketing here, but I thought it is one of the major milestones for sysmoocm and thus for what I've spent way too much time on in recent months - and thus deserves to be mentioned here on this personal blog.

May 19, 2012 02:00 AM

May 18, 2012

Planet openmoko

Openmoko Admin Blog: svn.openmoko.org and docs.openmoko.org revived

The two services svn.openmoko.org and docs.openmoko.org have been revived from the dead and are available again now.

Furthermore, lots of OS/distribution and individual software upgrades have been made to ensure *.openmoko.org can live for many years to come - last but not least documenting the erratic journeys of an early Linux smartphone project ;)

May 18, 2012 08:08 PM

Planet Grep

Wim Coekaerts: Oracle VM 3.1 released

Today we formally announced the release of Oracle VM Server for x86 3.1. It is available for download from http://edelivery.oracle.com/linux. The software consists of 2 ISO images, the Oracle VM 3.1 Manager iso and Oracle VM 3.1 server iso... You can find the documentation library on the documentation website.

Quite a few enhancements went into this release :

The advantage for customers is that we do an incredible amount of testing on uek2 in terms of performance, network, disk io and scalability/stability in general and now Oracle VM automatically benefits from this additional testing. On top of that, for our partners, they do not have to worry about testing 2 different products in terms of drivers, since we share the exact same code base we have the exact same drivers for our hardware/storage vendors.

You can find more information in the documentation set and in the release notes.

May 18, 2012 07:36 PM

Undeadly

BSDTalk Interview with Peter Hansteen and Henning Brauer

BSDTalk has an almost hour-long interview from BSDCan 2012 with Peter Hansteen and Henning Brauer(henning@); they talk about recent work on OpenBSD.

As a bonus, both Peter and Henning presented at BSDCan; the slides from Peter's PF tutorial and Henning's preview of upcoming queuing changes are online.

May 18, 2012 09:09 AM

May 17, 2012

Planet openmoko

Talpadk: Fixing the colours of youtube videos

I can’t claim to have figured this out by my self…
Source link

EDIT: For whoever had the problem with blue video output – You don’t have to deactivate hardware acceleration. When using Nvidia drivers and VDPAU you should locate libflashplayer.so and run the following command in its directory:

sudo perl -pi.bak -e 's/libvdpau/lixvdpau/g' libflashplayer.so

locate libflashplayer.so
Mine were located in: /usr/lib/flashplugin-nonfree/

May 17, 2012 08:20 AM

May 16, 2012

Planet Grep

Wim Coekaerts: More on templates and first boot configuration

A little while back I wrote something up about building appliances (physical/virtual) using Oracle Linux. We build a whole set of Oracle VM templates and release them on our edelivery site. But some of what we use inside these templates can be more generically applied... Let me explain..

A few years ago we created a Linux rpm called oraclevm-template-config. This is a very small package that contains a number of scripts that esssentially do the following:

These things are very straightforward and we wrote it specifically to build Oracle VM templates but there was nothing specific to Oracle VM or virtualization there. The newer version of this, which we released along with Oracle VM 3.x is very much tied into Oracle VM. In the new version (3.x) we integrate the first boot scripts and the configuration scripts with the Oracle VM VM api where it's now possible to send remote VM messages to configure the VM. So in order to automate deployment and have very integrated and fancy assemblies or Oracle VM based templates, this is the way to go. If, however, you want something very simple, with lcoal console (physical or virtual), where it can be on a physical server where you want to reboot and reconfigure and install, whether this is a VirtualBox VM or an Oracle VM VM or, for that matter any other Virtualization technology based VM. the older version is quite usable. I tend to use that one for the VirtualBox templates that I create all the time.

We just published this rpm on http://public-yum.oracle.com. The rpm can be directly downloaded for Oracle Linux 5, here. Or when you have a system registered with public-yum or with ULN it is also in the add-ons channel. If you have a yum repo config then just enable the addon channel and you can simple type yum install oraclevm-template-config.

So what are some of the basics you can do :

initial install By default when you install template config, you have a service that provides the basic, configure root password, setup local network at what's called firstboot. To enable this to happen at the next reboot (which one can then call firstboot), just simple type /usr/sbin/oraclevm-template --enable. There is a simple default cleanup script which un-configures the network and removes ssh keys : /usr/sbin/oraclevm-template --cleanup. Keep in mind that when you run this script, the network will reset to dhcp and you will lose your network connection if you are in a remote ssh session.

So once you do this and reboot your server or your VM. The next reboot will automatically start /usr/sbin/oraclevm-template --config and go through the questionnaire.

The base configuration script is /etc/sysconfig/oraclevm-template. If you enable the service, you will see RUN_TEMPLATE_CONFIG=YES. This means next boot it will run. There is also a log file /var/log/oraclevm-template.log.

If all you need is a simple way of packaging a VM or configure a physical server that deals with network setup, the above is enough. If you have your own software installed and it can handle IP changes without reconfiguration, then you can create an appliance and once firstboot happens, the configuration is set, network is setup, your application comes up and you're done. However, in some cases you want to run your own scripts and integrate with this template configuration. We also handle that case...

If you write your own shell script (or really any script) that you install on the system, you can add that script to /etc/sysconfig/oraclevm-template and instead of doing the default firstboot run, it will at firstboot (when you call --enable) execute your script instead. Simply by setting TEMPLATE_CONFIG_SCRIPT=/myscript.sh. Inside that script you can do whatever you want... You can also provide a cleanup script for --cleanup, using TEMPLATE_CLEANUPS_SCRIPT=mycleanupscript.sh.

Keep in mind that we do not automatically run --cleanup, this is a manual step. I would recommend doing the following :

We provide a few default function you can include in your own scripts. These functions are defined in /usr/lib/oraclevm-template/functions just source them in your bash script.

ovm_configure_network [dhcp [hostname]] | [static] | [ip_adddress netmask gateway dns_server hostname]

You can call this like ovm_configure_network "dhcp" in your script and it will configure your network that way. If you set it to static then there will be a dialog for entering ip, hostname, gateway, netmask, dns, or if you provide that in your function call it will just set the changes without dialog.

ovm_cleanup_os
A simple OS cleanup. This resets the network to dhcp and cleans up ssh keys.

ovm_disable_firewall
disable iptables

press_anykey
Shows user input to enter a key in your script execution flow

ovm_error_message Displays an error message to the screen and also to /var/log/oraclevm-template.log

ovm_info_message Displays an informational message to the screen and also to /var/log/oraclevm-template.log

ovm_warn_message Displays a warning message to the screen and also to /var/log/oraclevm-template.log

All of the above is very simple, yet very powerful. Like I mentioned in the beginning, I use this all the time when creating both VirtualBox and Oracle VM server templates and it makes my life so much easier. People often write these on their own but I wanted to share how to do this so, when you use Oracle Linux, and/or Oracle VM Server or Oracle VM VirtualBox or anything else, and you're building a cool appliance, physical or virtual, use it and you don't even need a support subscription to download it:)...

May 16, 2012 07:52 PM

Frank Goossens: Firefox Mobile Beta: native UI at last!

The wait is finally over, no need to go through the daily Aurora upgrade process any more; Firefox Mobile 14 beta (available in the Google Play store) is out with all the improvements that were in the Aurora builds.

The main differences with the previous (non-Aurora) versions: Firefox on Android doesn’t use XUL (the Mozilla cross platform UI toolkit) any more, but switched to native Android UI elements. This (and other less visible changes) results in faster startup time, lower memory usage and better overall performance. There’s Flash in it as well, but with ‘tap to play’ option so the impact, I’m happy to report, is pretty limited. And the start-page is pretty nifty, with “Top Sites”, “Tabs from last time” and “Tabs on other computers” on one nice screen.

I must admit I was slightly worried at first, as I couldn’t get Sync to work at all (“could not connect to server” and similar error messages), but after uninstalling Aurora, Firefox Mobile Beta can sync just fine. All in all Firefox Mobile is an even greater browser than it was before.

Possibly related twitterless twaddle:

• While waiting for Firefox Mobile 11
• Mobile browsers: Opera Mobile 12 shines in html5test
• Chrome for Android finally arrives

May 16, 2012 03:28 PM

Joram Barrez: Maven and Activiti users: repository url has changed!

If you are an Activiti and maven user, this will most definitely concern you. As of this morning, the Powers That Be have decided to upgrade our maven repository. As such, the old url (which apparently was an internal url not meant to be spread…) will not work anymore. You now have to use the following url [...]

May 16, 2012 12:45 PM

Undeadly

Rthreads Hackathon Part the Fourth

Philip Guenther(guenther@), the man who got this hackathon rolling, takes the time to organize his post-its:

Sometimes you go into a hackathon knowing exactly what you're going to tackle and it all follows the plan. No, wait, that never happens. There's always something that comes up that ends up eating more of the hackathon than you would have expected.

May 16, 2012 06:18 AM

May 15, 2012

Planet Grep

Guy Van Sanden: Fighting DNS resolving in Ubuntu 12.04 (server)

I recently installed a DNS sever using Ubuntu 12.04.  The server should serve only my exernal domain, but should use an internal server for it's own name resolution.

Setting dns-nameservers to the correct ip in /etc/network/interfaces did not work on this host (but does on all my non-dns hosts).

After some digging, I found the cause: resolvconf always reverts to nameserver 127.0.0.1 which in turn queries the hosts in dns-nameservers.  Because my host is already a nameserver, 127.0.0.1 points to my bind instance instead of a caching daemon.

The solution I found was to put my entries in /etc/resolvconf/resolv.conf.d/head, this way they end up on top of the resolv.conf file and the real DNS server gets queried first!

May 15, 2012 11:48 AM

May 14, 2012

Planet Grep

Jeroen Budts: Drupal Development: some tools and utilities

I finally took the time to make my 'drupaldev'-repository available.

First a short introduction: It is my strong opinion that Drupal modules which are only used during development, such as devel, diff, etc, should never be deployed to production. They shouldn't even be in the repository. Instead, I keep a personal collection of development-modules in a separate repo. Thanks to the fact that Drupal recursively searches for modules inside the modules folder, I can simply create a symlink to my collection of development modules. This allows me to use my preferred modules, even though they are not in the repository for the project.

For Drupal7, I usually just create a symlink, named devmodules7, in sites/all/modules. Like this:

1
2

# from the drupal root of the project
ln -s ~/drupaldev/devmodules7 sites/all/modules/

The repository itself contains a collection of modules, for both Drupal 6 and Drupal 7, and some utility-scripts. After experimenting with copies of the modules and git submodules, I finally settled on drush make to manage the modules. Instead of copying all the modules in my repo, I only keep a make-file for each Drupal version (currently 6 & 7). This makes it really easy to update all the modules, as I can simply run the makefile again. To make this even easier I have added a build script which will run all the drush make-files with the correct arguments:

1

./build

read more

May 14, 2012 09:03 PM

Undeadly

OpenSMTPD Meets SQLite

Gilles Chehade(gilles@) gives us a preview of an upcoming OpenSMTPD feature:

During the r2k12 hackathon in Paris, Marc Espie committed SQLite to OpenBSD's base system.

This has the side effect that OpenSMTPD can start using it and while we agreed that we did not want it as a strong dependency, the backends API allows us to make it a soft dependency that can be removed without breaking the daemon if someone *really* does not want SQLite linked.

Today I decided to give it a try and implement a SQLite backend to the map API. About ten minutes later (yes, really ten minutes !), I had a working prototype that was suboptimal and that didn't make use of SQL capabilities.

An hour later, I have a SQLite backend that will use multiple tables with different structures and that can be used to lookup aliases, virtual domains and credentials for authenticated relaying.

gilles@ walks you through it below the fold.

May 14, 2012 07:04 AM

<i>SSH Mastery</i> Released

The editors are a bit late to the party, but are pleased to belatedly announce the publication of SSH Mastery: OpenSSH, PuTTY, Tunnels, and Keys . From the author, Michael W. Lucas:

Secure Shell (SSH) lets systems administrators securely manage remote systems. But most people only use the bare minimum SSH offers. Used properly, SSH simplifies your job.

You can order the book from the OpenBSD online store, or from a number of other outlets. Mr Lucas explains how, as well as the book, below the fold.

May 14, 2012 07:02 AM

May 12, 2012

Planet Grep

Patrick Debois: Devops Areas - Codifying devops practices

While working on the Devops Cookbook with my fellow authors Gene Kim,John Willis,Mike Orzen we are gathering a lot of "devops" practices. For some time we struggled with structuring them in the book. I figured we were missing a mental model to relate the practices/stories to.

This blogpost is a first stab at providing a structure to codify devops practices. The wording, descriptions are pretty much work in progress, but I found them important enough to share to get your feedback.

Devops in the right perspective

As you probably know by now, there are many definitions of devops. One thing that occasionally pops up is that people want to change the name to extend it to other groups within the IT area: star-ops, dev-qa-ops, sec-ops, ... From the beginning I think people involved in the first devops thinking had the idea to expand the thought process beyond just dev and ops. (but a name bus-qa-sec-net-ops would be that catchy :).

I've started reffering to :

• devops : collaboration,optimization across the whole organisation. Even beyond IT (HR, Finance...) and company borders (Suppliers)
• devops 'lite' : when people zoom in on 'just' dev and ops collaboration.

As rightly pointed out by Damon Edwards , devops is not about a technology , devops is about a business problem. The theory of Contraints tells us to optimize the whole and not the individual 'silos'. For me that whole is the business to customer problem , or in lean speak, the whole value chain. Bottlenecks and improvements could be happen anywhere and have a local impact on the dev and ops part of the company.

So even if your problem exists in dev or ops, or somewhere between, the optimization might need to be done in another part of the company. As a result describing pre-scriptive steps to solve the 'devops' problem (if there is such a problem) are impossible. The problems you're facing within your company could be vastly different and the solutions to your problem might have different effects/needs.

If not pre-scriptive, we can gather practices people have been doing to overcome similar situations. I've always encouraged people to share their stories so other people could learn from them. (one of the core reasons devopsdays exists) This helps in capturing practices, I'd leave it in the middle to say that they are good or best practices.

Currently a lot of the stories/practices are zooming in on areas like deployment, dev and ops collaboration, metrics etc.. (Devops Lite) . This is a natural evolution of having dev and ops in the term's name and given the background of people currently discussing the approaches. I hope that in the future this discussion expands itself to other company silos too: f.i. synergize HR and Devops(Spike Morelli) or relate our metrics to financial reporting.

Another thing to be aware of is that a system/company is continously in flux: whenever something changes to the system it can have an impact; So you can't take for granted that problems,bottle-necks will not re-emerge after some time. It needs continuous attention. That will be easier if you get closer to a steady-state, but still, devops like security is a journey, not an end state.

Beyond just dev and ops

Let's zoom in on some of the practices that are commonly discussed: the direct field between 'dev' and 'ops'.

In most cases, 'dev' actually means 'project' and 'ops' presents 'production'. Within projects we have methodologies like (Scrum, Kanban, ...) and within operations (ITIL, Visble Ops, ...). Both parts have been extending their project methodology over the years: from the dev perspective this has lead to 'Continous Delivery' and from the Ops side ITIL was extended with Application Life Cycle (ALM). They both worked hard on optimize the individual part of the company and less on integration with other parts. Those methodologies had a hard time solving a bottleneck that outside their 'authority'. I think this where devops kicks in: it seeks the active collaboration between different silos so we can start seeing the complete system and optimize where needed, not just in individual silos.

Devops Areas

In my mental model of devops there are four 'key' areas:

• Area 1 : Extend delivery to production (Think Jez Humble) : this is where dev and ops collaborate to improve anything on delivering the project to production
• Area 2 : Extend Operation to project (Think John Allspaw) : all information from production is radiated back to the project
• Area 3 : Embed Project(Dev) into Operations : when the project takes co-ownership of everything that happens in production
• Area 4 : Embed Production(Ops) into Project : when operations are involved from the beginning of the project

In each of these areas there will be a bi-directonal interaction between dev and ops, resulting in knowledge exchange and feedback.

Depending on where your most pressing 'current' bottleneck manifests itself, you may want to address things in different areas. There is no need to first address things in area1 than area2. Think of them as pressure points that you can stress but requiring a balanced pressure.

Area 1 and Area2 tend to be heavier on the tools side , but not strictly tools focused. Area3 and Area4 will be more related to people and cultural changes as their 'reach' is further down the chain.

When visualized in a table this gives you:

As you can see:

• the DEV and OPS part keep having their own internal processes specific to their job
• the two processes are becoming aligned and the areas extend both DEV and OPS to production and projects
• it's almost like a double loop with area1 and area2 as the first loop and area3 and area4 as the second loop

Note 1: these areas definitely need 'catchier' names to make them easier to remember. Note 2: Ben Rockwoods post on "The Three Aspects of Devops" lists already 3 aspects but I think the areas make it more specific

Area Layers

In each of these areas, we can interact at the traditional 'layers' tools, process, people:

So whenever I hear story , I try to relate it's practice to one of these areas as described above and the layer it's adressing. Practices can have an impact at different layers so I see them as 'tags' to quickly label stories. Another benefit is that whenever you look at an area, you can ask yourself what practices we can do to improve each of these layers. To have a maximum impact on each of the layers, it's clear that the approach needs to be layered in all three.

The ultimate devops tools would support the whole people and process in all of these areas, not just in Area1 (deployment) or Area2 (monitoring/metrics). Therefore a devops toolchain with different tools interacting in each of the areas makes more sense. Also the tool by itself doesn't make it a devops tool: configuration mangement systems like chef and puppet are great, but when applied in Ops only don't help our problem much. Of course Ops gets infrastructure agilitity, but it isn't until it is applied to the delivery (f.i. to create test and development environments) that it becomes 'devops'. This shows that the mindset of the person applying the tool makes it a devops tool, not the tool by itself.

Area Maturity Levels

Now that we have the areas and layers identified, we want to track progress as we start solving our problems and are improving things.

Adrian Cockroft suggested using CMMI levels for devops:

CMMI levels allow you to quantify the 'maturity' of your process. That addresses only one layer (although an equally important one). In a nutshell CMMI describes the different levels as:

1. Initial : Unpredictable and poorly controlled process and reactive nature
2. Managed : Focused on project and still reactive nature
3. Defined : Focused on organization and proactive
4. Quantively Managed : Measured and controller approach
5. Optimizing : Focus on Improvement

All these levels could be applied to dev , ops or devops combined. It gives you an idea at what level process is in, while you are optimizing in an area.

An alternative way of expressing maturity levels is used by the Continuous Integration Maturity Model. It puts a set of practices in levels of maturity: (industry consensus)

1. Intro : using source control ...
2. Novice : builds trigger by commit ...
3. Intermediate : Automated deployment to testing ..
4. Advanced : Automated Functional testing ...
5. Insane : Continuous Deployment to Production ...

Instead of focusing on the proces only , it could be applied to a set of tools, process or people practices. What people consider the most advanced would get the highest maturity level.

Practices, Patterns and principles

A practice could be anything from an anecdotal item to a systemic approach. Similar practices can be grouped into patterns to elevate them to another level. Similar to the Software Design Patterns we can start grouping devops practices in devops patterns.

Practices and patterns will rely on principles and it's these underlying principles that will guide you when and you to apply the pattern or practice. These principles can be 'borrowed' from other fields like Lean, Systems Theory etc, Human Psychology. The principles are what the agile manifesto is about for example.

Slowly we will turn the practices -> patterns -> principles .

Note: I'm wondering if there will be new principles that will emerge from from devops itself or it will be apply existing principle to a new perspective.

A few practical examples:

Below are a few example 'practices' codified in a standard template. The practices/patterns/principles are not yet very well described. The point is more that this can serve as a template to codify practices.

Area Indicators

The idea is to list metrics/indicators that can tracked. The numbers as such might be not be too relevant but the rate of change would be. This is similar to tracking the velocity of storypoints or the tracking of mean time to recovery.

Note: I'm scared of presenting these as metrics to track, therefore I call them indicators to soften that.

Examples would be :

• Tools Layer : Deploys/Day
• Process Layer : Number of Change Requests/Day
• People Layer : People Involved per deploy

This is not yet fleshed out enough , I'm guessing it will be based on my research done for my Velocity 2011 Presentation (Devops Metrics)

Devops Scorecard

To present progress during your 'devops' journey you can put all these things in a nice matrix, to get an overview on where you are at optimizing at the different layers and areas.

Obviously this only makes sense if you don't lie to yourself, your boss, your customers.

Project Teams, Product Teams and NOOPS

Jez Humble often talks about project teams evolving to product teams: largere silos will split of not by skill, but for product functionality they are delivering. Splitting teams like that, has the potential danger of creating new silos. It's obvious these product teams need to collaborate again. You should treat other product teams are external dependencies, just like other Silos. The areas of interaction will be very similar.

Also you can see the term NOOPS as working with product teams outside your company, like you rely on SAAS for certain functions. It's important not only to integrate in each of the areas on the tools layer, but also on the people and process layer. Something that is often forgotten. Automation and abstraction allows you to go faster but when things fail or even changes occur, synchronisation needs to happen.

CAMS and areas

The CAMS acronym (Culture, Automation, Measurement, Sharing) could be loosely mapped onto the areas structure:

• Automation seems to map to Area1: the delivery process
• Measurement seems to map to Area2: the feedback process
• Culture to Area3 : embedded devs in Production
• Sharing to Area4: embedded ops in Projects

Of course automation, measurement, culture and sharing can happen in any of the areas, but some of the areas seem to have a stronger focus on each of these parts.

Conclusion

Devops areas, layers and maturity levels, give us a framework to capture new practices stories and it can be used to identify areas of improvements related to the devops field. I'd love feedback on this. If anyone wants to help, I'd like to bring up a website where people can enter their stories in this structure and make it easily available for anyone to learn. I don't have too much CPU cycles left currently , but I'm happy to get this going :)

P.S. @littleidea: I do want to avoid the FSOP Cycle

May 12, 2012 08:35 AM

May 11, 2012

Planet Grep

Frederic Hornain: [JBoss] Workflow/BPM and Rules Solutions

Dear all,

I am going to do a presentation about “JBoss Enterprise Workflow/BPM and Rules Solutions” in Belgium in May 2012.
If your company or you are based in BeNeLux and are interested by this presentation, just let me know and I will try to arrange a meeting for you.

Ref : http://www.redhat.com/products/jbossenterprisemiddleware/soa/

BR

Frederic

May 11, 2012 04:39 PM

Patrick Debois: Conference time - Summer of 2012

It's the time of year that all conferences are gearing up. Here's a list of conferences I'm speaking or wish I was attending.

• ChefConf 12 - May 15-17 : the place to be if you're anything with chef these days

• GOTOCon Copenhagen - May 21-23 (me speaking) : fun conference and very well organized although a bit too static to my taste.

• Devopsdays Tokyo - May 26: Tokyo was always on my list, I can't go , bummers. Botchagalupe is winning :)

• Atlassian Summit - May 30,June 1 (me speaking) : really proud to be opening the devops track at my current employer. First time my employer has an explicit interest in devops. Go-go atlassian!

• Kanban for Devops , Belgium June 18-19: initially announced that I would be there, and I was very keen on doing so. Work got in the way, so can't make. But if you can , you should! I'm sure @dominica will get your WIP (that is Work in Progress :)

• Velocity - June 25-27 : the uber conference on anything on web and performance

• Devopsdays MountainView - June 28-29 : this year at Google, looking forward to so much fun!

• Webperfdays - June 28 : interesting unconference happening on performance. Happening at the same time as Devopsdays at Google.

• Puppetconf - September 27-28 : and if you're into puppet, or config mgmt in general. A cool place to be , hope I can make it this year

• Velocity Europe - October 2-4 : since the success last year, Velocity Europe strikes again: Web Performance isn't a US only concern!

• Devopsdays Italy - October 6-7 : Rome, sweet rome - sun and devops - the perfect mix

• AppSec USA 2012 - October 23-24 : not 100% sure on this one, but rumors go on a devops track in a security conference - sounds like fun to me.

Busy times .... but .... Fun times!

May 11, 2012 08:35 AM

Frank Goossens: Fix Samsung ICS Exchange connection errors

Since updating my Samsung Galaxy  S II to Ice Cream Sandwich, I’ve regularly been experiencing the dreaded “connection error” in the mail client when trying to fetch mail from the corporate Exchange server. A colleague of mine, who agreed to have me upgrade his SGS2 after I promised  everything worked flawlessly, had the problem even more regularly.

Searching the web turned up this interesting thread on xda-developers, which had amongst others a fix for the adventurous, but also this eye-opening comment:

The messages in question are Read Receipts, Delivery Receipts and similar messages. Once there is one of those in your inbox, you’re stuck until you delete it. [...] A better solution which has worked for me is to create a folder for your receipts. Then, on your PC, create a rule to move the receipts to the folder on arrival. This will obviously also work when your PC is off, as the rules are stored and executed on the server. You will have to create a rule which processes emails on arrival, matches a series of strings in either subject or body of the message and moves them to the folder.

And that’s exactly what I did; mails sent only to me with “Declined:” or “Accepted:” or “Tentative:” or “Read:” or “Not read:” in the subject line are automatically moved into a “tmp” folder. Your mileage may vary (apparently there are other conditions under which the Android/ Samsung mail client has problems downloading items form Exchange), but based on my limited experience up until now, this workaround gets most problematic items in my Inbox out of the way. Now let’s hope Samsung fixes this blatant error (and that it isn’t in the ICS-version on that beautiful Samsung Galaxy S III)!

Possibly related twitterless twaddle:

• Pimping my Samsung Galaxy S II
• 7 days with my Ice Cream Samsung
• Why you shouldn’t rely on ajax’s same origin policy

May 11, 2012 05:05 AM

May 10, 2012

Planet Grep

Frederic Hornain: [ JBPM 5.2.@ ] web management console crashed but there is a solution – Business Process Management

Dear *,

Recently, I tried the JBPM 5.2.0 – JBoss Business Process Management – web management console and I had an application crash when I selected in the left menu the item “Process overview”.

Fortunately there is a solution to that problem which is to add the following line in the part of the build.xml file included in jbpm-installer_5.2.0 directory :

<!– Install reporting AS7 –>
<target name=”install.reporting.into.jboss7″ depends=”check.birt.as7″ if=”birt.download” >
<mkdir dir=”${install.home}/birt”/>
<unzip src=”${install.home}/lib/birt-runtime-${birt.version.as7}.zip”
dest=”${install.home}/birt”/>
<copy todir=”${install.home}/target/jbpm-gwt-console-server-war/WEB-INF/lib”>
<fileset dir=”${install.home}/birt/birt-runtime-${birt.version.as7}/ReportEngine/lib”>
<include name=”*/.jar”/>
<exclude name=”**/org.apache.commons.codec_1.3.0.v201101211617.jar”/>
</fileset>
</copy>

CLICK ON THE PICTURE TO ENLARGE IT

Ref : http://sourceforge.net/projects/jbpm/files/

http://www.jboss.org/jbpm

Best Regards

Frederic

May 10, 2012 07:24 PM

Xavier Mertens: Monitor your Monitoring Tools

We (and I’m fully part of it) deploy and use plenty of security monitoring tools daily. As our beloved data is often spread across complex infrastructures or simply across multiple physical locations, we have to collect interesting information and bring them in a central place for further analysis. That’s called “log management“. Based on your collected events, you can generate alerts, build reports. Nice! But… if systems and applications generate [hundreds|thousands|millions] of events, those ones are processed by the same kind of hardware running some piece of software. Hardware may fail (network outage, power outage, disk crash) and softwares have bugs (plenty of).

This morning, I received several alerts like this:

** Alert 1336642415.2196887: mail  - ossec,
2012 May 10 11:33:35 xxxxxxxx->ossec-monitord
Rule: 504 (level 10) -> 'Ossec agent disconnected.'
Src IP: (none)
User: (none)
ossec: Agent disconnected: 'xxxxxxxx-10.0.0.1'.

This message warns that an OSSEC agent is not alive and is very suspicious. And a few minutes later, same message for another server, and so on, one by one… After a quick check, all servers and network connections were fine. The problem was on the OSSEC server itself. A typo error in a new rule put some processes in a fuzzy state. Killing and the process and restarting properly the OSSEC server solved the problem. This example based on OSSEC is just an introduction to the topic of this quick blogpost: When you deploy security monitoring solutions, be sure to monitor them too!

In parallel to the security checks performed by your log management solution, extra verifications must be performed to control the flow of events and, when required, trigger other types of alerts. A classic situation is when events are pushed to the log management platform. It will  wait passively for incoming events. This can be resumed as “No event received? Everything ok! Let’s have some sleep…“. Examples of suspicious situations:

• You did not receive any new Syslog events from a specific host for x minutes.
  → The Syslog daemon might be down or a network outage prevent UDP packets to reach the Syslog concentrator.
• If you did not process new lines from an Apache log file.
  →Apache might be in trouble or the file system might be full. Can you read the log file? (wrong permissions)
• You did not receive any new alerts for x hours.
  →Your log management system might be overloaded, some process killed or a file system being full.

There are plenty of nightmare example like those. How to prevent them?

• Like any other information system, keep an eye on the system health (control the CPU, memory, storage, processes). Disk space is critical and directly depends on your amount of data and retention policies.
• Send keep-alives to your remote [pollers|sensors|agents] (whatever you name them).
• Control any derivation of your regular events flow (compared to a baseline for a defined period – hourly/daily/etc). Example, is it normal to not see any login events from your Active Directory on a Monday morning?
• Implement queuing mechanisms to prevent events to be lost (when they are automatically pushed to the central system).
• When possible, collect events using pull technologies. If the log management platform has troubles, events won’t be lost and will wait until being retrieved later.

Don’t forget: Log management solutions are your best friends when you need to investigate a security incident. There is nothing more frustrating than gaps in your events timeline!

May 10, 2012 06:14 PM

May 09, 2012

Planet Grep

Joram Barrez: Your code might not be as memory-efficient as you thought: a story on loops and autoreleasepools

Do you know that feeling when you spend an afternoon refactoring a bit of code to get a smaller memory footprint, only to notice zero-impact during profiling? That exactly happened to me today. From the Java perspective, it would have made perfect sense. However, Objective C is not Java. And definitely not when talking about memory. [...]

May 09, 2012 09:00 AM

Frank Goossens: 30 jaar geleden; Adieu Gilles!

Ik heb al 30 jaar een zwak voor Formule 1. Dat lijkt misschien vreemd voor iemand met groene sympathieën, maar wie zichzelf niet tegenspreekt, censureert z’n onvolmaaktheid. Soit, schijn-wijsheden daar gelaten, ik was 13 en geabonneerd op het weekblad Kuifje, dat naar aanleiding van de Grote Prijs van België een special over Formule 1 had gemaakt. In het midden een poster van die prachtige bloedrode Ferrari 126 C2. Ferrari was na pionier Renault de 2de constructeur met een turbo-motor en maakte dat jaar met de virtuoze Gilles Villeneuve en de consistent snelle Didier Pironi serieus kans om de wereldkampioen te leveren. Ik was onmiddellijk fan.

Maar tijdens die GP van België liep het anders. Toen ik op zaterdag 8 mei 1982 terugkwam van een wandeling met m’n ouders en vrienden van de familie, hoorde ik op de radio dat Gilles Villeneuve zwaar gecrasht was tijdens de oefenritten. Een dom ongeluk, gevolg van een misverstand tussen 2 ervaren piloten. Het voorwiel van Villeneuve’s Ferrari raakte bij een inhaalmanoeuvre het achterwiel van Jochen Mass’s March, de Ferrari vloog daardoor de lucht in (het “ground effect” werd verbroken) en werd 100m ver gekatapulteerd, landde hard met de neus in de grond, maakte verschillende buitelingen waarbij Villeneuve z’n helm verloor en de wagen verder desintegreerde. De Canadees eindigde uiteindelijk met wat restte van de cockpit, zonder helm, in een vanghek en werd enkele uren later officieel dood verklaard.

Een held minder op de startgrid, maar teamgenoot Pironi leek enkele races later wel goed op weg om wereldkampioen te worden. Tot de GP van Duitsland, waar ook hij zwaar crashte. De Fransman overleefde de klap, maar zou nooit meer racen.

Gisteren reed zoon (en wereldkampioen F1 1997)  Jacques Villeneuve met de Ferrari T4 waarmee z’n vader in 1979 schitterde. Maar als het voor U hetzelfde is, kijk ik liever nog eens naar dit heroïsch duel dat Gilles in 1979 met René Arnoux uitvocht:

Salut Gilles!

Possibly related twitterless twaddle:

• F1: de hond, het been en de wereld (niet) op zijn kop?
• Gilles Peterson & Thom Yorke draaien rare plaatjes
• Muziek om bij te verjaren: Eska

May 09, 2012 05:59 AM

Undeadly

Rthreads Hackathon Part the Third

Still more reports coming in from r2k12: asynchronous DNS resolving, code slavery, and 3rd-party bugs; read on! Read more...

May 09, 2012 04:13 AM

May 08, 2012

Planet Grep

Matt Casters: Better Data for Better Analytics

Dear Kettle friends,

Thursday May 10th, in a few days, I’ll be joining my friend Kasper Sørensen (the founder and lead architect of DataCleaner, a Human Inference data profiling project) in our web seminar (webinar).  We’ll be going over a bit of history, our cooperation model as well as the architecture behind the new data quality features.

Register here: http://www.pentaho.com/resources/events/20120510-better-data-for-better-analytics/

Kasper will also be doing 3 cool live demos on the subjects of data profiling and data quality.

I hope you’ll be able to join the crowd this Thursday May 10th, 10am PST (Los Angeles), 1pm EST (New York) or 7pm CET (Brussels).

We’ll be doing our best to answer your data quality questions simultaneously with the presentation.

See you there!

Cheers,
Matt

May 08, 2012 07:14 PM

May 07, 2012

Undeadly

FrOSCon 2012 Call for Papers

Jochim Selzer writes in to remind us about FrOSCon which, while not specifically BSD-related, may be of interest to our readers:

Call for Papers FrOSCon 2012

The Free and Open Source software conference (FrOSCon), a summer conference for users and developers of FOSS, will again be held on the 25th and 26th of August at the University of Applied Sciences Bonn-Rhein-Sieg in Sankt Augustin near Bonn, Germany. It is organized by the department of computer science in collaboration with the Linux/Unix User Group Sankt Augustin, the student body and the FrOSCon e.V.

May 07, 2012 04:53 PM

Femtechie

femtechie: @Jason I have to second that...awesome

femtechie: @Jason I have to second that...awesome

May 07, 2012 04:12 AM

May 06, 2012

Planet Grep

Kristof Provost: Open sores

After complaining about Microsoft last time I figured I'd do something different this time: I'm going to complain about a piece of open source software.

It needs no introduction, but I'll give it one anyway: The ISC DHCP server and client are the standard DHCP(v4/v6) implementations and they're used all over the place.
Recently I was fixing a bug in a dhclient-script.sh. It incorrectly parsed an IAID value because it contained an '='.

The relevant bits of source code:

	ient_envadd(client, prefix, "iaid", "%s",
			print_hex_1(4, ia->iaid, 12));

Looking a little deeper there's the first disturbing bit:

#define print_hex_1(len, data, limit) print_hex(len, data, limit, 0)
#define print_hex_2(len, data, limit) print_hex(len, data, limit, 1)
#define print_hex_3(len, data, limit) print_hex(len, data, limit, 2)

#define HBLEN 1024
char *print_hex(len, data, limit, buf_num)
        unsigned len;       
        const u_int8_t *data;
        unsigned limit;      
        unsigned buf_num;    
{
        static char hex_buf_1[HBLEN + 1];
        static char hex_buf_2[HBLEN + 1];
        static char hex_buf_3[HBLEN + 1];
        char *hex_buf;

        switch(buf_num) {
          case 0:
                hex_buf = hex_buf_1;
                if (limit >= sizeof(hex_buf_1))
                        limit = sizeof(hex_buf_1);
                break;
          case 1:
                hex_buf = hex_buf_2;
                if (limit >= sizeof(hex_buf_2)) 
                        limit = sizeof(hex_buf_2);
                break;   
          case 2:        
                hex_buf = hex_buf_3;
                if (limit >= sizeof(hex_buf_3))
                        limit = sizeof(hex_buf_3);
                break;
          default:
                return(NULL);
        }

        print_hex_or_string(len, data, limit, hex_buf);
        return(hex_buf);
}

/*      
 * print a string as either text if all the characters
 * are printable or colon separated hex if they aren't
 *        
 * len - length of data 
 * data - input data
 * limit - length of buf to use 
 * buf - output buffer
 */       
void print_hex_or_string (len, data, limit, buf)
        unsigned len;
        const u_int8_t *data; 
        unsigned limit;
        char *buf;
{               
        unsigned i;
        if ((buf == NULL) || (limit < 3))
                return;
          
        for (i = 0; (i < (limit - 3)) && (i < len); i++) {
                if (!isascii(data[i]) || !isprint(data[i])) {
                        print_hex_only(len, data, limit, buf);
                        return;
                }
        }

        buf[0] = '"';
        i = len;
        if (i > (limit - 3))
                i = limit - 3;
        memcpy(&buf[1], data, i);
        buf[i + 1] = '"';
        buf[i + 2] = 0;
        return;
}       

May 06, 2012 09:22 PM

Claudio Ramirez: Screen Calibration on Ubuntu 12.04 with Spyder2 [workaround]

The bad news: the default colour calibration wizard on Ubuntu 12.04 has a bug: awful magenta cast on some screens. Fine on others.

The good news: it works flawlessly using the (graphical) alternative below.

As a enthusiastic photographer (see my latest Perl Fosdem pictures) I am very positive about the colour management integration in the latest Ubuntu (12.04). Sure, colour calibration was possible before, but now it’s an integral part of the system and not a simple add-on. Ubuntu++

Once the reviews are in, I will probably buy the ColorHug open source hardware calibration device. In the meantime I borrowed an old Spyder2 (express) from my father-in-law. I do not recommend buying new devices from Colorvision. The company is known to be very antagonistic to free and open source software. But, if you already have the hardware in a drawer it’s better to use it.

Once you plug in the device, the “Calibration” button will activate and the necessary packages will be installed. However, for this HOWTO it’s easier just to install the software (and its dependencies) from a shell window:

$ sudo apt-get install gnome-color-manager

(This install argyll as a dependency that does the real calibration beneath the GUI.)

This step is only applicable if you have a Spyder 2 device. As mentioned above, the company is not FOSS-friendly and doesn’t even provide technical specifications. You will need the firmware of the device from the Windows driver. If you trust me, you can get mine here [MD5: 007ac5705a3a8ed7edf01569700e6ebf]. Put it in the .local/share/color directory in your home directory (create the needed directories if not present). It was extracted from the 2.3.6 Windows driver for the Spider2 Express (the latest at the time of writing). If you want to create the file yourself, see here. In short: you’ll need the driver CD. If you don’t have it or want/need a more up-to-date version, you’ll need to install the driver and feed the generated .dll to spyd2en: spyd2en -v ./CVSpyder.dll

In the GUI (Dash -> Applications -> Color, or simply type “color” and click the icon), if you select your screen and the “Calibrate…”, the steps offered by the wizard are straight forward. Very easy. While it worked great on the computer of my better half, the generated profile on my own laptop (attached to an external screen) had a terrible magenta cast. Not of the type “your eyes will adapt to it”.

After investigating and looking closely at the profile, it was clear that the profile used a 6500K white balance, instead of the 5000K requested in the wizard (it’s called “Photography and graphics” there). Furthermore, the wizard offered 3 calibrations options: 4, 10 and 20 minutes depending on the desired accuracy. While I chose 4 minutes for testing purposes, the calibration took a long time (an hour or longer). Also, the advanced output in the calibration window (hidden by default) categorised the screen as CRT while it’s a LCD. Because of this, I don’t think the problem is tied to the specific firmware (running the latest available) of the hardware, but rather to gnome-color-manager integration with the device and maybe certain configurations. I don’t have other calibration devices available to test. Bug reported.

dispcalGUI is a OS-agnostic alternative to gnome-color-manager and in fact – just as gnome-color-manager – and GUI on top argyll. Just download the deb (the most recent deb for Ubuntu 11.10 works fine on 12.04). If you double click it, the Ubuntu Software Manager will launch and perform the installation (or just use “dpkg -i” if you are a Debianista at heart).

Now, launch the dispcalGUI application from the Dash or just open a terminal (Ctrl + Alt + t) and type:

$ dispcalgui

Select the Photography profile, your screen (if you have a multi monitor setup) and probe your device (by clicking on the “recycle” arrows) and give your profile a more recognisable name and a location. I use brand_model_calibrationDevice, e.g. Samsung_SyncMaster2443FW_Spyder2Express). Click on Calibrate and Profile and go read a book or take some pictures (it will take a lot longer than 20 minutes, probably an hour). If you wish you can skip the white point and black level, YMMV.

Now go back to the Ubuntu Color Settings as above and add the new created profile by selecting your screen, then click “Add profile”, select other and choose the path you save the monitor profile.

Your monitor is now calibrated!

May 06, 2012 12:35 PM

Patrick Debois: Monitoring URLs by the thousands in Nagios

10K websites x 5 URL's to monitor

For our Atlassian Hosted Platform, we have about 10K websites we need to monitor. Those sites are monitored from a remote location to measure responsetime and availability. Each server would have about 5 sub URLs on average to check, resulting in 50K URL checks.

Currently we employ Nagios with check_http and require roughly about 14 Amazon Large Instances. While the nagios servers are not fully overloaded, we make sure that all checks would complete within a 5 minutes check cycle.

In a recent spike we investigated if we could do any optimizations to:

• use less server resources, not only to reduce costs but also avoiding the management of multiple nagios servers which don't dynamically rebalance checks across multiple nagios hosts.
• have all checks complete within a smaller window (say 1 minute), as this would increase our MTTD

While looking at this, we wanted the technology to be reusable with our future idea of a fully scalable and distributed monitoring in mind (think Flapjack or the new kid on the block Sensu). But for now, we wanted to focus on the checks only.

In the first blogpost of the series we look at the integration and options within Nagios. In a second blogpost we will provide proof of concept code for running an external process (ruby based) to execute and report back to nagios. Even though Nagios isn't the most fun to work with, a lot of solutions that try to replace it, focus on replacing the checks section. But Nagios gives you more the reporting, escalation, dependency management. I'm not saying there aren't solutions out there, but we consider that to be for another phase.

Check HTTP

The canonical way in Nagios to run a check is to execute Check_http.

F.i. to have it execute a check if confluence is working on https://somehost.atlassian.net/wiki , we would provide the options:

• -H (virtual hostname), -I (ipaddress) , -p (port)
• -u (path of url) , -S (ssl) , -f follow (follow redirects)

• -t (timeout)

  $ /usr/lib64/nagios/plugins/check_http -H somehost.atlassian.net -p 443 -u /wiki -f follow -S -v -t 2 HTTP OK: HTTP/1.1 200 OK - 546 bytes in 0.734 second response time |time=0.734058s;;;0.000000 size=546B;;;0

Some observations:

1. For each check configure Nagios will fork twice and exec check_http, avoiding this would improve performance as fork is considered expensive.
2. If we were to have many URL's on the same host, we can't leverage connection reuse, making it less efficient
3. For status checking, we can configure it to use the -J HEAD if our check doens't rely on the content of the page (saving on transfer time and reduce check time)
4. Redirects: not an issue of Nagios, but we currently have quite a few redirects going from the login-page logic, reducing those would again improve check time.

We can reduce part of the forks by using the use_large_installation_tweaks=1 setting. The benefits and caveats are explained in the docs

Check scheduling

Nagios itself tries to be smart to schedule the checks. It tries to spread the number of service checks within the check interval you configure. More information can be found in older Nagios documentation .

Configuration options that influence the scheduling are:

• normal_check_interval : how long between re-executing the same check
• retry_check_interval : how fast to retry a check if it failed
• check_period: total time for a complete check cycle
• inter_check_delay_method: method to schedule checks (
• service_interleave_factor: time between checks to the same remote host
• max_concurrent_checks: obvious not ?
• service_reaper_frequency : frequency to check for rogue checks

Default for the inter_check_delay_method is to use smart, if we want to execute the checks as fast as possible

• n = Don't use any delay - schedule all service checks to run immediately (i.e. at the same time!)
• d = Use a "dumb" delay of 1 second between service checks
• s = Use a "smart" delay calculation to spread service checks out evenly (default)
• x.xx = Use a user-supplied inter-check delay of x.xx seconds

Distributing checks

When one host can't cut it anymore, we have to scale eventually. Here are some solutions that live completely in the Nagios world:

• Mod Gearman
• DNX - Distributed Nagios Executor
• OCSP Sweeper - Blogpost

Our future solution would have a similar approach to dispatching the checks command and gathering the results back over queue, but we'd like it to be less dependent on the Nagios solution and be possible to be integrated with other monitoring solutions (Think Unix Toolchain philosophy) A great example idea can be seen in the Velocityconf presentation Asynchronous Real-time Monitoring with Mcollective

Submitting check results back to Nagios

So with distribution we just split our problem again in smaller problems. So let's focus again on the single host running checks problem, after all, the more checks we can run on 1 host, the less we have to distribute.

Nagios Passive Checks easily allow you to uncouple the checks from your main nagios loop and submit the check results later. NSCA (Nagios Service Check Acceptor) is the most used solution for this.

NSCA does have a few limitations:

Opsview writes:

• Only the first 511 bytes of plugin out was returned to the master, limiting the usefulness of the information you could display
• Only the 1st line of data was returned, meaning you had to cramp output together
• NSCA communication used fixed size packets which were inefficient
• While results were sent, Nagios would wait for completion, introducing a bottleneck
• If there was a communication problem with the master, results were dropped

This lead them to using NRD (Nagios Result Distributor)

Ryan Writes:

"What no one tells you when you are deploy NCSA is that it send service checks in series while nagios performs service checks in parallel"

This lead him to writing A highperformance NSCA replacement involving feeding the result direct into the livestatus pipe instead of over the NSCA protocol baked into nagios On a similar note Jelle Smet has created NSCAWEb Easily submit passive host and service checks to Nagios via external commands

We would leverage the Send NSCA Ruby Gem

Why is this relevant to our solution? Without employing some of these optimizations, our bottleneck would shift from running the checks to accepting the check results.

Another solution could be run an NRPE server , and we could probably leverage some ruby logic from Metis - a ruby NRPE server

Conclusion

Even after the following optimizations:

• using head vs get
• large installation tweaks
• tuning the inter_check_delay_method
• parallel NSCA submissions vs serial submissions

we can still optimize with:

• avoid the fork process by running all checks from the same process
• reusing the http connection across multiple requests for the same host (potentially even do http pipelining

In the next blogpost we will show the results of proof of concept code involving ruby/eventmachine/jruby and various httpclient libraries.

May 06, 2012 08:35 AM

Pascal Bleser: Speaking of Packman mirrors...

Speaking of Packman mirrors... we're in a pretty sorry state regarding that so if you're aware of sites that do mirror Packman but never told us (I'm aware of the one at yandex.ru, have to get it on that mirror list), or if you can get in touch with some mirror sites near you or even on your continent to ask them to mirror Packman, please do.

They can then simply contact us on our mailing-list (that's packman followed by an "at" sign followed by "links2linux" and a dot and "de" -- grrr to spammers) and we'll get back to them with the details for rsync.

May 06, 2012 12:59 AM

Pascal Bleser: packman.inode.at mirror is down

The Packman mirror at packman.inode.at is down. We don't know yet what happened nor whether it will be back up soon (or not).

In the mean time, please use another mirror in the mean time.

Here's a quick copy'n'paste one-liner you can put in a shell (konsole, gnome-terminal, xterm, urxvt, ...) as root to switch:

perl -p -i.old -e \
's,^(baseurl=).*(/suse/.+)$,${1}http://ftp.halifax.rwth-aachen.de/packman${2}, if /^baseurl=.*packman\.inode\.at.*/' \
/etc/zypp/repos.d/*packman*.repo

May 06, 2012 12:44 AM

May 05, 2012

Planet Grep

Frank Goossens: DDOS’ed by 80legs.com spider?

Just got some heavy traffic from a friggin’ spider with this useragent:

Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620

As changing robots.txt did not help immediately, more drastic measures were needed, so I added this tidbit to .htaccess to stop the fuckers:

SetEnvIfNoCase ^User-Agent$ .*(80legs) HTTP_SAFE_BADBOT
Deny from env=HTTP_SAFE_BADBOT

And now back to me just relaxing and having a bath!

Possibly related twitterless twaddle:

• WP DoNotTrack 0.6.0 and beyond
• WP Privacy: Quantcast sneaks back in
• Why your WordPress blog needs DoNotTrack

May 05, 2012 01:53 PM

Wouter Verhelst: First-rate Linux support by Xerox

When buying hardware for a Linux system, often we need to hunt for their support status by searching for PCI or USB IDs in the kernel source, or by looking up the printer model on the linuxprinting.org (now freedesktop.org) openprinting database, or similar things. This is something I'm used to, and not at all unexpected anymore. And after having done it a thousand times for several customers as well as for myself, it's become routine.

So in that light, I was pleasantly surprised last monday when I delivered and installed a Xerox WorkCentre 3220 at a customer last week to see that they support Linux on the same level as they do Windows and MacOS: the "system requirements" part of the manual contains a section laying out the requirements for a computer running Linux, as does the "troubleshooting" section; and when there are Linux-specific bits to be said, there'll just be a Linux-specific section in the manual to tell you what to do. Also, the CD-ROM that came with the device has a Rock Ridge extension, which means that if you pop it into a Linux system you'll see an installer for CUPS and SANE drivers.

The only criticism I have is that it's an installer, and not an LSB package or some such. But hey, for once I didn't have to fight to get a printer to work properly!

May 05, 2012 09:25 AM

Xavier Mertens: Hack in Paris and La Nuit du Hack (10th Edition)

The French hacking event is back! This year is a special one, it’s the tenth edition of “La Nuit du Hack” which follows the conference “Hack in Paris“. Yes, as the previous editions, there are three distinguished parts in this major event. Trainings are organized from June 18th to 20th (more info here). Then, two days (June 21st – 22nd) of talks with famous speakers. And finally, an “event into the event“: La Nuit du Hack will be held on June 23rd.

During the last edition, 950 hackers registered to follow more talks and participate to the CTP challenge. This year, a public wargame is also available! Feel free to test the 2011 challenges!

I’ll be present the Thursday and Friday to cover the talks and I’ve also some gifts for you: Like for the previous edition, the organization provided me 10  discount codes (-10%) on “conference only” tickets. The contest is now open! The first ten people who drop me an email (xavier{at}rootshell{dot}be) will receive a discount code… (FIFO!)

May 05, 2012 09:03 AM

May 04, 2012

Planet Grep

Floris Lambrechts: Learning git

At work we mainly use Subversion for version control. For what it does, it works fairly well.

But everyone else has been using git for ages (GitHub is hugely popular, and projects like Drupal have also made the switch). Added to that: the few times I’ve tried branching in SVN, the ensuing merges ruined my day — completely.

So I decided to learn git, for professional work (superior branching/merging) and for personal stuff (working with Drupal and GitHub code, among others).

I started at home, archiving my /home/flo/data/ documents in git and syncing it on multiple computers.

Next, I made the jump in a big way at work: I’m now using git-svn for new projects. So I’m using git, while also still publishing the commits to (remote) SVN.

For using this workflow and still knowing what you’re doing, you need to advance fairly high on the git learning curve:

• adding and committing (obviously)
• branching
• stashing changes
• merging branches
• rebasing branches

So far, so good: working with git-svn is going quite smooth.
It turns out git’s merging is nice, but the interactive rebasing (rewording, reordering and squashing commits) before publication is even nicer.

Online resource I’ve appreciated along the way:

• Hg Init, to un-learn the limitations of Subversion
  • Read it twice if you suffer from CVS, Visual SourceSafe or worse symptoms!
• The Git Parable by Tom Preston-Werner
  • Conceptually explains why it’s a good idea to have full-history commits.
• New artisans’ Git from the Bottom up
  • Explains the hashes, trees and blobs that Git is built on.
  • It’s only a pity that this detailed technical approach is given up halfway through the document, where the usual high-level “let’s-draw-some-trees” approach takes over.
• Some nice rants (not always correct though): Steveko 10 things I have about Git, Reinvigorated programmer Git is a Harrier Jump Jet

May 04, 2012 05:04 PM

Wim Coekaerts: building an appliance? physical ? virtual? production quality? use Oracle Linux

Many companies are building appliances these days. Whether they are virtual appliance (VMs) or physical appliances, they all have an embedded OS inside. Now, I have looked at many of them, in particular virtual appliances and a few things struck me as interesting :

So what are some problems with these scenarios?

Well, first of all, even though there is absolutely nothing wrong at all with using community-based and community-maintained distributions (they do a great job), in a commercial setting, or when you build a product that lives on top of it, you need to have the ability to get formal support. Maybe not everyone needs this, but many companies do not have the knowledge (nor should they necessarily) to support the Linux distribution itself and they would want a reasonable formal service level for when something goes wrong, or when to expect something to get released.

Secondly, in the case of using a commercial Linux distribution, there are distribution restrictions and even access restrictions. Certain Linux distribution vendors that offer formal support subscriptions will not give you access to the binaries without a subscription for support services and they also do not let you re-distribute without special agreements or making lots of modifications (or even restrict modifications).

Enter Oracle Linux...

What do you get?

One Enterprise Linux distribution, for all of the above. We make it easy for you. Grab the code, binaries and source, use it, distribute it, build your environments with it, freely, no contracts needed. Need our help, get a support subscription. Choice, open. Virtual, physical, cloud. Not just obfuscated tar balls. No license or activation key, good consistent SLAs for releasing security updates, well tested,... Run Oracle Linux in-house in test and development environments, run it in production environments, use it for customer systems, distribute it, any or all of the above. One distribution that you can manage across all the use cases. No need to manage different versions even if they're similar, no need to make different distribution choices based on your use case and pay/not pay.

http://www.oracle.com/linux
http://public-yum.oracle.com
http://edelivery.oracle.com/linux

May 04, 2012 04:45 PM

Ward Vandewege: International Day Against DRM

May 4th is the International Day Against DRM.

To celebrate, get 50% off all e-books at oreilly.com – today only! Use the code DRMFREE.

May 04, 2012 04:39 PM

Les Jeudis du Libre: Mons, mercredi 16 mai : Créer un moteur de recherche avec des logiciels libres

Robert Viseur

Ce mercredi 16 mai 2012 à 19h se déroulera la neuvième séance montoise des Jeudis du Libre de Belgique.

Attention, du fait du congé légal de l’ascension le jeudi 17 mai, la séance se déroulera la veille !

Le sujet de cette séance : Créer un moteur de recherche avec des logiciels libres

Thématique : Traitement des données

Public : sysadmin, entreprises, étudiants, Analystes-programmeurs

L’animateur conférencier : Robert Viseur est Docteur en Sciences Appliquées, Assistant dans le service d’Économie et de Management de l’Innovation à la Faculté Polytechnique de l’Université de Mons (UMONS) et Ingénieur de recherche Senior au Centre d’Excellence en Technologie de l’Information et de la Communication (CETIC) à Charleroi. Ses domaines d’expertise sont le management de l’Innovation, le logiciel libre et les technologies d’indexation (moteurs de recherche).

Lieu de cette séance : MUNDANEUM, 76 rue de Nimy à 7000 Mons (cf. ce plan sur le site d’Openstreetmap)

La participation sera gratuite et ne nécessitera que votre inscription nominative, de préférence préalable, ou à l’entrée de la séance. Merci d’indiquer votre intention (même incertaine) en vous inscrivant via la page http://jdl-mons-2012-mai.eventbrite.com/

Cette séance sera suivie d’un verre de l’amitié offert par le Mundaneum.

Si vous êtes intéressé(e) par ce cycle mensuel, n’hésitez pas à consulter l’agenda et à vous inscrire sur la liste de diffusion afin de recevoir systématiquement les annonces, ou à nous contacter à l’adresse jeudisdulibre@loligrub.be

Pour rappel, les Jeudis du Libre se veulent des rencontres autour de thématiques des Logiciels Libres. Les rencontres montoises se déroulent chaque troisième jeudi du mois, et sont organisées dans des locaux et en collaboration avec des Hautes Écoles et Facultés Universitaires du Pôle Hainuyer d’enseignement supérieur impliquées dans les formations d’informaticiens (UMONS, HECFH et Condorcet), et avec le concours de l’A.S.B.L. LoLiGrUB, active dans la promotion des logiciels libres.

Description : Lorsque l’on parle de moteur de recherche, les noms de Google, Bing ou Yahoo! viennent immédiatement à l’esprit. La taille de ces moteurs (plusieurs milliards de pages indexées), l’importance des infrastructures (grands centres de données) et la pertinence des résultats de recherche peuvent donner l’impression que les développements spécifiques sont devenus impossibles ou sans intérêt.

La création de moteurs de recherche spécialisés reste cependant possible, et utile pour certains usages particuliers (ex.: moteurs de recherche d’entreprise, mise en place de systèmes de veille, etc.). Pour ce faire, le développeur peut s’appuyer sur les interfaces de programmation (API) généralement mises à disposition par les moteurs de recherche commerciaux mais aussi sur les très nombreux composants et logiciels libres existants. Ces derniers couvrent la collecte des données textuelles, leur analyse, leur indexation et leur présentation.

La présentation reviendra sur les différentes étapes de création d’un moteur de recherche. Les outils libres disponibles, ainsi que leurs limites et cadres d’utilisation privilégiés, seront ensuite présentés.

May 04, 2012 06:17 AM

Wim Coekaerts: understanding memory allocation in oracle vm / xen

As a follow up to my previous blog about cpu topology, I wanted to add a little bit about memory topology and memory allocation in the hypervisor. Most systems these days that are multi-socket are considered NUMA. Even though over the years, the NUMA-factor has gone down drastically,there still is a small amount of memory locality involved.

My test setup is a dual socket server with 36GB memory. You can see this in Oracle VM Manager as part of the server info or directly on the server with xm info :

# xm info 
..
total_memory           : 36852
free_memory            : 25742
..

I have a few VMs running on this server which is why you see memory be lower than total. The 16GB VM is running with tmem enabled and because of that is not using up all memory but only the base memory needed to be active for the workload it's running.

# xm list
Name                                        ID   Mem VCPUs      State   Time(s)
0004fb00000600001668dac79108cb84             2  4096     4     -b----    129.9
0004fb0000060000804bac06a5087809             1  4096     4     -b----    129.4
0004fb0000060000db9c71d539c940ed             3 16000     4     -b----     28.3
Domain-0                                     0  1244    24     r-----    188.0

Let's start with a clean slate and look at some statistics. The following commands will dump detailed memory information on your server :

# xm debug-key u ; xm dmesg. Basically debug info for NUMA memory info. xm dmesg will show you the debug output.

(XEN) 'u' pressed -> dumping numa info (now-0xFE:A1CFFF69)
(XEN) idx0 -> NODE0 start->0 size->4980736
(XEN) phys_to_nid(0000000000001000) -> 0 should be 0
(XEN) idx1 -> NODE1 start->4980736 size->4718592
(XEN) phys_to_nid(00000004c0001000) -> 1 should be 1
(XEN) CPU0 -> NODE0
(XEN) CPU1 -> NODE0
(XEN) CPU2 -> NODE0
(XEN) CPU3 -> NODE0
(XEN) CPU4 -> NODE0
(XEN) CPU5 -> NODE0
(XEN) CPU6 -> NODE0
(XEN) CPU7 -> NODE0
(XEN) CPU8 -> NODE0
(XEN) CPU9 -> NODE0
(XEN) CPU10 -> NODE0
(XEN) CPU11 -> NODE0
(XEN) CPU12 -> NODE1
(XEN) CPU13 -> NODE1
(XEN) CPU14 -> NODE1
(XEN) CPU15 -> NODE1
(XEN) CPU16 -> NODE1
(XEN) CPU17 -> NODE1
(XEN) CPU18 -> NODE1
(XEN) CPU19 -> NODE1
(XEN) CPU20 -> NODE1
(XEN) CPU21 -> NODE1
(XEN) CPU22 -> NODE1
(XEN) CPU23 -> NODE1
(XEN) Memory location of each domain:
(XEN) Domain 0 (total: 318627):
(XEN)     Node 0: 282976
(XEN)     Node 1: 35651

# xm list
Name                                        ID   Mem VCPUs      State   Time(s)
0004fb0000060000804bac06a5087809             4  4096     4     r-----      8.8
Domain-0                                     0  1244    24     r-----    240.9

# xm debug-key u ; xm dmesg
...
(XEN) Memory location of each domain:
(XEN) Domain 0 (total: 318627):
(XEN)     Node 0: 282976
(XEN)     Node 1: 35651
(XEN) Domain 4 (total: 1048576):
(XEN)     Node 0: 1048576
(XEN)     Node 1: 0

# xm vcpu-list 4
Name                                ID  VCPU   CPU State   Time(s) CPU Affinity
0004fb0000060000804bac06a5087809     4     0     0   -b-       4.8 0-3
0004fb0000060000804bac06a5087809     4     1     3   -b-      26.1 0-3
0004fb0000060000804bac06a5087809     4     2     2   -b-       3.5 0-3
0004fb0000060000804bac06a5087809     4     3     1   -b-       2.4 0-3

# xm vcpu-list 6
Name                                ID  VCPU   CPU State   Time(s) CPU Affinity
0004fb00000600001668dac79108cb84     6     0    19   r--       2.2 19-23
0004fb00000600001668dac79108cb84     6     1    23   r--      24.6 19-23
0004fb00000600001668dac79108cb84     6     2    20   -b-       1.4 19-23
0004fb00000600001668dac79108cb84     6     3    22   -b-       1.1 19-23

# xm debug-key u ; xm dmesg
...
(XEN) Memory location of each domain:
(XEN) Domain 0 (total: 318627):
(XEN)     Node 0: 282976
(XEN)     Node 1: 35651
(XEN) Domain 4 (total: 1048576):
(XEN)     Node 0: 1048576
(XEN)     Node 1: 0
(XEN) Domain 6 (total: 1048576):
(XEN)     Node 0: 0
(XEN)     Node 1: 1048576

After starting a 16Gb VM on this server (domain 7), now that 8Gb is allocated, you will see that this 16Gb VM's memory allocation is across the 2 memory nodes :

(XEN) Memory location of each domain:
(XEN) Domain 0 (total: 318627):
(XEN)     Node 0: 282976
(XEN)     Node 1: 35651
(XEN) Domain 4 (total: 1048576):
(XEN)     Node 0: 1048576
(XEN)     Node 1: 0
(XEN) Domain 6 (total: 1048576):
(XEN)     Node 0: 0
(XEN)     Node 1: 1048576
(XEN) Domain 7 (total: 4097012):
(XEN)     Node 0: 2524148
(XEN)     Node 1: 1572864

May 04, 2012 04:55 AM

May 03, 2012

Planet Grep

Wouter Verhelst: Debconf

... is drawing closer again, and today I've booked my flights. I'll be arriving in the early evening on the 1st, and leaving again on the 15th. The flights will be Brussels->London->Miami->Managua, which unfortunately means I'll have to deal with US border control, but hey.

Also, in order to avoid having to get up at early-o-clock on the morning of the 1st, I'll be flying from Brussels to London on an afternoon flight on the 30th, which means I'll have an evening to spare in London. While I've been there a few times before, it's not a city that I've ever actually visited; my previous three visits were limited to Heathrow, King's Cross (IIRC; could be another train station) and driving through the city on my way from (and to) Steve's barbecue last summer.

If anyone will be there as well that night and would like to meet for beer and/or keysigning, I'd be interested.

May 03, 2012 06:40 PM

Lionel Dricot: Bref, j'ai créé un compte Facebook

Je sais que vous allez être déçu, vous mes fidèles lecteurs de la première heure. Peut-être me maudirez-vous, vouerez-vous mon blog aux gémonies. Mais voilà, il faut que je vous le confesse: malgré mes diatribes anti-Facebook , j'ai fini par re-créer un compte.

Hérésie ! Sacrilège ! J'entends déjà à ma porte les chuchotements de l'inquisition libriste qui vont me mener au bûcher.

Mais est-ce que créer un compte Facebook est compatible avec ma philosophie ? N'y vois-je pas une contradiction avec ma défense du Parti Pirate ?

Pas un problème de philosophie

Oui, Facebook est compatible avec ma philosophie et avec celle du Parti Pirate. D'ailleurs, je suis un adepte de Google+ et, d'un point de vue philosophique, rien ne différencie ce dernier de Facebook.

Facebook, comme le reste, est un moyen de communiquer. C'est donc avant tout un outil très positif. En facilitant la communication, Facebook permet beaucoup de belles choses, des échanges insoupçonnés.

Facebook et Google+ posent cependant deux inquiétudes fondamentales: la centralisation, qui rend les deux sociétés toutes puissantes, et le respect de la vie privée. Ce n'est donc pas l'outil Facebook qui est le problème mais la manière dont la société éditrice gère l'outil.

Une utilisation raisonnée

Ces deux problèmes peuvent être plus ou moins contournés en adaptant son usage du réseau social.

Pour la centralisation, on prendra garde de ne jamais compter uniquement sur ce service et de s'assurer de toujours pouvoir contacter les personnes autrement. De même, on prêtera une attention toute particulière à ne pas exclure les personnes n'étant pas sur un réseau centralisé. Par exemple, je ne garantis pas de répondre aux messages Facebook, utilisez mon adresse mail, vous êtes sûrs d'avoir une réponse.

Quand à la vie privée, comptez que tout ce qui transite par Facebook est public, y compris les messages. Si vous n'aimeriez pas que certaines choses apparaissent sur un écran géant de la place de votre ville, alors n'utilisez pas Facebook ou Google+.

J'ai déjà décrit comment je rendais l'impact de Google minimal sur ma vie privée. Pour Facebook, je pousse le vice encore plus loin: je bloque toute URL venant de Facebook dans mon navigateur principal et j'utilise un navigateur entièrement dédié à Facebook.

Franchement…

Soyons honnête : en créant ce compte, je fais le jeu de ces sociétés. Certains diront que j'encourage même à les utiliser. C'est un peu vrai même si, n'étant pas Georges Clooney, je pense que cette influence est très limitée. Peut-être que, au contraire, ma présence sur Facebook peut donner de la lecture à des gens qui ne soupçonnait pas l'existence du logiciel libre ? J'ose le croire, peut-être pour m'auto-justifier.

Promis : tout ce que je posterai sur Facebook sera disponible ailleurs.

Une envie d'élargir l'horizon

Mais la question que certains se posent sans doute est : pourquoi ce soudain revirement ?

En fait, jusqu'à présent, j'ai toujours été dans mon petit univers libriste. Je postais ce que je voulais. Me lisait et répondait qui était intéressé ou tombait par hasard sur mon blog. Ma rencontre avec des pirates m'a fait reconsidérer la question.

Ma vision de la politique c'est la transparence, c'est le contact entre les personnes afin de bâtir une société pour le plus grand nombre. Il faut être réaliste: en restant sur Diaspora, je me ferme à beaucoup de gens, beaucoup d'opinions différentes. Et ce cloisonnement, qu'il soit virtuel, culturel ou géographique, fait tendre vers la radicalisation.

Ignorer une majorité de personnes sous prétexte qu'elles n'ont pas la compréhension que j'ai de l'informatique ou qu'elles ne suivent tout simplement pas mes choix me semble relever de la plus pédante suffisance. Prétendre construire un projet de société en ignorant ces même personnes est pire encore.

Si je n'ai jamais été un parangon de modestie, je me rends compte que dans un exercice aussi compliqué que de se forger une conscience politique, j'ai besoin de l'aide de tous, j'ai besoin de visions divergentes et pas seulement de l'optique geeko-libriste.

Bref, je suis sur Facebook et vous pouvez vous moquer de moi sur mon wall^[1].

Photos par Fernando Siveira et miss_millions

May 03, 2012 02:59 PM

Planet openmoko

Xiangfu Liu: 质量差的电源插座

这个电源插座接了 41 个 Icarus（1000W），一台PC（200W），三个13口的USB HUB，运行了一个月后就变成下图的样子了。插座烧了后，问题是接在这个插座上的电脑的 USB 口全部不好用了。一点电都没有了。还好 Icarus 都还没问题。推荐 80 块以上的电源插座，并把家里质量不好的插座都扔掉。要不然。。。

在 ngzhang 那里学到了一条中国插座定理：插座不拆不能用，或者只买 贝尔金 的或者 APC 的。

May 03, 2012 09:36 AM

Planet Grep

Wim Coekaerts: figuring out cpu topology in oracle vm

I have had a few people in the past ask about CPU topology on Oracle VM and how to figure out which CPUs, cores or threads are used by a VM... Here's a quick overview :

1) get a summary of your server

The xm info command prints out a whole bunch of information about your system.

Look for the lines below in the output for detail on your systems CPUs.

# xm info
...
nr_cpus                : 8
nr_nodes               : 1
cores_per_socket       : 4
threads_per_core       : 2
cpu_mhz                : 3200
...

# xm info
...
nr_cpus                : 12
nr_nodes               : 1
cores_per_socket       : 6
threads_per_core       : 2
...

2) get the cpu topology

The xenpm command lets you print out the thread/core/socket topology on a given server :

# xenpm get-cpu-topology
CPU     core    socket  node
CPU0     0       0       0
CPU1     0       0       0
CPU2     1       0       0
CPU3     1       0       0

# xenpm get-cpu-topology
CPU     core    socket  node
CPU0     0       0       0
CPU1     0       0       0
CPU2     1       0       0
CPU3     1       0       0
CPU4     2       0       0
CPU5     2       0       0
CPU6     3       0       0
CPU7     3       0       0

# xenpm get-cpu-topology
CPU     core    socket  node
CPU0     0       0       0
CPU1     0       0       0
CPU2     1       0       0
CPU3     1       0       0
CPU4     2       0       0
CPU5     2       0       0
CPU6     8       0       0
CPU7     8       0       0
CPU8     9       0       0
CPU9     9       0       0
CPU10    10      0       0
CPU11    10      0       0

3) Show the guest/VM vcpu bindings to physical threads : Use the command xm vcpu-list to list a summary of which virtual CPU is running on which physical CPU.

# xm vcpu-list 1
Name                                ID  VCPU   CPU State   Time(s) CPU Affinity
0004fb00000600007c351fa24276c63f     1     0     5   -b-    4673.6 5-6
0004fb00000600007c351fa24276c63f     1     1     5   -b-    4534.0 5-6

# xm vcpu-list
Name                                ID  VCPU   CPU State   Time(s) CPU Affinity
0004fb00000600007c351fa24276c63f     1     0     5   -b-    4676.8 5-6
0004fb00000600007c351fa24276c63f     1     1     5   -b-    4537.0 5-6
Domain-0                             0     0     0   -b-     932.1 any cpu
Domain-0                             0     1     6   -b-    1168.0 any cpu
Domain-0                             0     2     7   -b-    1010.8 any cpu
Domain-0                             0     3    11   -b-     903.0 any cpu
Domain-0                             0     4     8   -b-     494.2 any cpu
Domain-0                             0     5     9   r--     773.8 any cpu
Domain-0                             0     6     1   -b-     522.7 any cpu
Domain-0                             0     7     2   -b-     785.1 any cpu
Domain-0                             0     8     4   -b-     473.8 any cpu
Domain-0                             0     9     3   -b-     728.1 any cpu
Domain-0                             0    10    10   -b-     490.8 any cpu
Domain-0                             0    11     0   r--    1219.6 any cpu

4) using ovm_utils ovm_vmcontrol lets a user or admin set and get the cpu/vcpu bindings for a VM through Oracle VM Manager in 3.0.

# ./ovm_vmcontrol -u admin -p Manager1 -h localhost -v apitest -c vcpuget
Oracle VM VM Control utility 0.4.2.
Connected.
Command : vcpuget
Current pinning of virtual CPUs to physical threads : 5,6

Now let's bind the vcpu's to core 0, I just run the following command :

# ./ovm_vmcontrol -u admin -p Manager1 -h localhost -v apitest -c vcpuset  -s 0
Oracle VM VM Control utility 0.4.2.
Connected.
Command : vcpuset
Pinning virtual CPUs
Pinning of virtual CPUs to physical threads  '0' 'apitest' completed.

# xm vcpu-list 1
Name                                ID  VCPU   CPU State   Time(s) CPU Affinity
0004fb00000600007c351fa24276c63f     1     0     0   -b-    4687.6 0
0004fb00000600007c351fa24276c63f     1     1     0   -b-    4547.2 0

May 03, 2012 05:23 AM

May 02, 2012

Planet Grep

Wim Leers: Working at Acquia!

After working at Nascom for a very brief time, I will soon start working at Acquia! I’ll be working on the Spark project as a Senior Software Engineer in the Office of the CTO (OCTO), reporting directly to Dries!

Why I left Nascom

I chose Nascom because I felt it was the best fit for me. I really preferred working for a Belgian company. Nascom seemed to have it all¹, but in the end, it was not a good match. I still stand by my choice of Nascom being the best possible choice I could have made, when limiting my choices to Belgian companies. They’re great. But the spark was missing for me.

Having worked at Facebook, I have grown accustomed to a [certain]7 mindset. It’s definitely not that Nascom had a lot of pointless process, it’s that they’re a project company, not a product company. I prefer the challenge of improving “one thing” over working on many projects for which 90% of the problems are alredy solved and the remaining 10% are either glue code or trivial challenges (this is an oversimplification, of course). This of course proves that Drupal core + contrib are doing what they’re supposed to do. We’re eliminating ourselves, as Dries already wrote in 2007:

[…] any business that disintermediates traditional middlemen by taking advantage of the internet has a good chance of being successful. Products or online services that eliminate middlemen can be incredibly successful. It’s a recipe for success.

With that in mind, what can Drupal eliminate?

…

Of course, the funny part is that by doing so, eventually, we’ll eliminate ourselves … But that’s a good thing, as it would free up a ton of spare time. ;-)

Right now, I want to be challenged, to learn as much as I can.

Until my time at Facebook, I’d mostly been hacking on school projects and on (most of the time: relatively complex) Drupal modules for clients. I never built entire Drupal websites due to likely scope creep which would make this work on the side impossible to combine with school projects’ deadlines. Building entire Drupal websites was the obvious next step, so I expected to like that as much as building Drupal modules. That was a miscalculation.

And there you have it. That’s the reason I decided to leave Nascom — after only one week. I felt extremely bad about leaving them so early — it seemed like I hadn’t given them a proper chance yet. But I’d been working on some of their largest projects in my first week already, so I saw the complexity in those projects. Or rather, the lack of complexity. Which is a proof of their solid craftmanship: after all, less complexity implies less risk, which implies a more stable result, more timely delivered to a more satisfied client. That’s the very nature of project companies: limiting complexity and risk to deliver what their clients expect.

I’m the first to admit that quitting after one week is bordering on insanity. But on the other hand: I was certain of my assessment. Staying longer would benefit neither them nor me: what if I quit in the middle of several projects? That would leave them in a bad state and would make it harder for me to look for a new job. So I tried to limit the damage by quitting quickly.

Why I’m starting at Acquia

My main goal for my next job: a technically challenging job, not necessarily involving Drupal, in an environment that operates according to The Hacker Way (i.e. has the “right” culture, more or less a “start-up culture”). Having talked to hordes of Belgian companies before, I firmly believed I had to look beyond Belgium’s borders to find this …² Hopefully I’d find something where I’d be able to work remotely, because moving was still not an option.

A few weeks after I had left Nascom, I was contacted by Acquia again. Our previous talks (in February) had come to an end due to the fact that moving to the U.K. or the U.S. are no options for me. I want to stay in Belgium. This time around however, it turned out to not be a problem, because I would be working directly for Dries, in his Office of the CTO team.

Angie “webchick” Byron explained what project “Phoenix” (now “Spark”) was all about. They deemed me a good match for this particular project (“improving the authoring UX of Drupal”) and checked whether I was interested in it.
Of course I was interested! :) Especially because this is one of the key areas in which Drupal has been somewhat lacking, and for which it is often criticized. I’ve done some UX work myself, with my Hierarchical Select module (also see the live demo), which is the project I spent most of my free time Drupal time on.

Immediately after having talked to webchick, I postponed talks with all other companies. I even risked losing an excellent offer I’d already received.
I made this bet, because this position at Acquia was perfect. It’s about as close as one can get to a dream job. I’d get paid to continue to do what I used to do in all of my available free time until a while ago: help move Drupal forward³ and thus empowering others⁴. I’d love nothing more than Drupal to gradually become better and better⁵. It would be hard work, but work I’m very passionate about. So it was worth the risk.

After some further talks and Acquia reviewing other candidates for a while, I was then offered a position in Acquia’s Office of the CTO! Hurray!
A crucial reason for Acquia to allow me to work remotely is because I worked remotely with Dries in the past: I’ve worked for Mollom, with Dries, in the summers of 2008 and 2009! That went very well and apparently has resulted in sufficient confidence in my capabilities and work ethic to allow me to work remotely.

So, there you have it. I’ll be working for Acquia, a hot U.S. start-up, from Belgium, on Drupal, directly for Dries, with Angie “webchick” Byron, Gábor Hojtsy, Alex “effulgentsia” Bronstein and others (Acquia is still seeking applications to join the Spark team!), on the project I’ve been most passionate about for the past five years: Drupal.

I’m absolutely thrilled!
I will do my very best in helping Drupal to kick more ass!

• life
• Acquia
• Drupal
• Hasselt University
• Nascom

• Add new comment

May 02, 2012 07:57 PM

Planet openmoko

Chris Lord: Mobile Platform at the Toronto Firefox Work Week

For those that aren't already aware, many Mozillians gathered last week in Toronto to Maximise Synergy. Seeing as there have been updates for the UX team and the Firefox/Mobile UI team, I think it'd be worth having a similar update for mobile platform. Some fantastic work is going on in this area, and people deserve kudos :)

• Kartikaya Gupta (aka kats) continues to do sterling work, fixing an inhuman amount of bugs. Most prominently, kats has been working on our display-port 'strategies', code that allows us to make the most of our rendering time and, thus, reduce checkerboarding. He's also been working on our checkerboard measurement, augmenting and refining our tests and test-method to make sure we're always pushing ourselves. This, alongside much general bug-fixing work.
• Benoit Girard (aka BenWa) is part of the gfx team, all of whom have been helping us out for the past few months, getting our performance back to a competetive level. Benoit's tiled rendering patches finally landed, which make a huge difference to performance. Benoit has also been working on some useful remote profiling tools, which he blogs about here.
• James Willcox (aka snorp) continues to battle Flash to get us the best Flash experience in an Android browser (ironic, right?) snorp's work to get more accurate positioning of Flash elements landed, along with his work to replace elements with a snapshot during page movement on Froyo/Gingerbread, completing the experience.
• Brad Lassey (aka blassey) managed to get enough time to do some coding alongside his usual cat-herding responsibilities, and got us a low-res page cache. This means that in the rare situation that our rendering can't keep up, instead of showing checkerboard, we show a low-resolution rendering of the page. It's possible that this content can go stale, but we find it provides a much better experience than showing either a blank colour or checkerboard. This works much better than any of us expected it to, and for me at least, was the turning point after which I find our browser much easier to recommend.
• And me? I managed to get my retained tiles patch landed. Currently, we render the page into system-memory tiles, which we then upload to the GPU. My patch keeps a hold of the GPU tiles and metrics for a while after they're invalidated. Again, when our renderer can't keep up, it renders these old tiles into the space instead of rendering nothing. This mostly helps quick changes of direction and zooming out after zooming in. I also spent some time fixing up the low-res cache work, then fixing up my fix-ups, as is my custom :) Hopefully, preliminary fixed-position layer support will also land soon.

Much other work also occured, and sorry for missing anyone out that I surely did. It's worth mentioning that the gfx team have been a huge help and have been working extra-hard for months now, helping us get to where we are today (and hopefully beyond!) I had a great (and hard) time during my stay and am very much looking forward to our upcoming release :)

May 02, 2012 02:50 PM

Planet Grep

Xavier Mertens: Integrating OSVDB into Ubuntu/Unity

Recently I upgraded my laptop with the latest Ubuntu release (12.04-LTS). For a few releases, Ubuntu switched from Gnome to Unity and I’m happy to use it since the 11.04 version! I know that this choice has caused a lot of debates between the aficionados of both GUI but it always worked fine for me. Of course, no interface is perfect but it does its job. I just like the way it presents applications and files. Most are accessible with a few key presses. After the upgrade, I made the new proprietary tour and decided to look deeper into the Unity “Dash” feature. This is the main feature of Unity. It allows you to quickly search for information on your local filesystems (applications, files, bookmarks, …) or on the Internet (Wikipedia). To achieve this, the “Dash” uses “Lenses“. And those use “Scopes” that are small scripts which perform the search requests. “Lenses” are based on (briefly resumed):

• A .lens file to let Unity load it
• A daemon with a well-known name on D-Bus
• A D-Bus .service file to let Unity activate the Lens

When Unity is started, it parses the configuration files and spawns the small daemons responsible for the searches. On a stock Ubuntu, you can see the following daemons running:

$ ps ax|grep lens
 2741 ?        Sl     0:05 /usr/lib/unity-lens-applications/unity-applications-daemon
 2743 ?        Sl     0:04 /usr/lib/unity-lens-files/unity-files-daemon
 2745 ?        Sl     0:00 /usr/lib/unity-lens-music/unity-music-daemon
 2747 ?        Sl     0:01 /usr/bin/python /usr/lib/unity-lens-video/unity-lens-video
 2777 ?        Sl     0:00 /usr/lib/unity-lens-music/unity-musicstore-daemon

If you’re interested in learning more about Lenses, there is a good documentation available here. Some people started to write their own Lenses to search for useful online data. Some popular ones are:

• Wikipedia
• Google Contacts
• Youtube
• Torrents
• Flickr

Basically, any website that proposes a search feature can be integrated into Unity as well as any online service! (ex: whois) The daemon needs to send the query based on the provided keywords and format the results into something usable by Unity (via D-Bus).

I decided to learn how to build my own Lens. Why not create one with more focus on information security? What can be interesting to search for if you’re an infosec guy? Vulnerabilities of course! Let’s imagine, you are performing a pentest and you find a unpatched Solaris box running an Apache server. It could be nice to search for vulnerabilities affecting those solutions. That’s the purpose of my Lens: searching the OSVDB database for vulnerabilities.

Type some terms (or dates) and relevant OSVDB entries will be displayed directly in Unity. Click on them to open a browser to the direct page!

(Click to enlarge)

By default (empty search), the latest vulnerabilities are displayed (sorted by time). You can also search for a specific period by specifying a month and a year (ex: “Apr 2012“). The full-text search feature of OSVDB is used (ex: “Cisco IOS 12.1“). There is nothing fancy, most of the code is based on another publicly available Lens. It was first of all a good opportunity for me to write my first piece of code in Python!

Source files are available on github.com. A Debian package (.deb) is ready to be installed. A logout is required to restart Unity and makes it recognize the new Lens. Once installed click on the little “OSVDB” icon on the bottom of your Dash to search for vulnerabilities. Feel free to use it, patch it or submit your comments! Enjoy!

May 02, 2012 02:06 PM

Dieter Plaetinck: Dell crowbar openstack swift

Learned about Dell Crowbar the other day. It seems to be (becoming) a tool I've wanted for quite a while, because it takes automating physical infrastructure to a new level, and is also convenient on virtual.

::Read more

May 02, 2012 09:50 AM

Frank Goossens: Windows 7 does not (always) like IE9

A couple of days ago a neighbor asked if I could have a look at his slightly misbehaving PC; links in emails did not open correctly. He was on an all Microsoft setup, with Windows Seven, IE9 and Outlook. The error was as harsh as it was vague;

According to “wonderfully wise web” that problem is typically caused by a lack of a default browser in Windows 7, but given the fact that IE9 was the only browser installed, that did not make a lot of sense.

I was pretty confused, checking and re-applying settings while searching the web, but then I found a forum thread in which someone replied that the 64-bits version of IE9 just cannot be set as default browser, ever. Must be that Windows 7 does not really like 64-bits IE9? I did not find an easy way to switch to 32-bits IE9 and as the neighbor did not object, so I installed the most recent stable version of Firefox on his PC and set that as default browser and all was well. IE9 might not be a bad browser, but sometimes even Windows 7 wants you to install an alternative and who are we to disagree?

Possibly related twitterless twaddle:

• Making do with Windows Phone, loving Metro
• Mobile browsers: Opera Mobile 12 shines in html5test
• deredactie.be: “browser is zoekmachine”

May 02, 2012 05:35 AM

Planet openmoko

Andrew Cowie: Upgrading to Precise

The latest release of Ubuntu, version 12.04 aka Precise, has a lot of updates we’ve been waiting on for a while — GNOME 3.4, Haskell 7.4.1, and a huge stack of bugfixes. On the desktop side, quite a number of Linux kernel vs X video modes vs suspend glitches have gone away. That’s fantastic. During most of Oneiric, my laptop was freezing and needing a hard reset at least once a day. Tedious. So I’m quite pleased to report that running Precise, Linux 3.2, gdm, and GNOME 3.4, things are vastly more stable.

Getting upgraded to Precise, however, has not been a pleasant experience.

First we’ve had unattended-upgrades overwriting any configuration stating “no automatic upgrades”. The number of non-technical friends who were set to “security updates only” calling in wondering why a “big upgrade” happened and now their computers don’t work has been staggering. Needless to say we nuked unattended-upgrades from all of our systems a hurry, but for those people it was already too late.

Several desktop upgrades failed half-way through because dpkg suddenly had unresolved symbol errors. Fortunately I was able to work out the missing library binary and manually copy it in from another machine, which was enough to get package system working. Hardly auspicious.

Server side was fraught with difficulty. You cannot yet upgrade from Lucid to Precise. It breaks horribly.

E: Could not perform immediate configuration on 'python-minimal'. Please
see man 5 apt.conf under APT::Immediate-Configure for details. (2)

Brutal. I tried working around it on one system by manually using dpkg, but that just led me into recursive dependency hell:

# cd /var/cache/apt/archvies
# dpkg -r libc6-i686
# dpkg -i libc6_2.15-0ubuntu10_i386.deb
# dpkg -i libc-bin_2.15-0ubuntu10_i386.deb
# dpkg -i multiarch-support_2.15-0ubuntu10_i386.deb
# dpkg -i xz-utils_5.1.1alpha+20110809-3_i386.deb
# dpkg -i liblzma5_5.1.1alpha+20110809-3_i386.deb
# dpkg -i dpkg_1.16.1.2ubuntu7_i386.deb
# apt-get dist-upgrade

Huh. That actually worked on one system. But not on another. Still slammed into the python-minimal failure. For that machine I couldn’t mess around, so I had to give up and did a re-install from scratch. That’s not always feasible and certainly isn’t desirable; if I wanted to be blowing systems away all the time and re-installing them I’d be running Red Hat.

Anyway, I then located this bug about being unable to upgrade (what the hell kind of QA did these people do before “releasing”?) where, very helpfully, Stefano Rivera suggested a magic incantation that gets you past this:

# apt-get install -o APT::Immediate-Configure=false -f apt python-minimal
# apt-get dist-upgrade

(I had tried something very close to this, but didn’t think of doing both apt and python-minimal. Also, it hadn’t occurred to me to use -f. Ahh. For some reason one always sees apt-get -f install not apt-get -f install whatever-package-name).

Ta-da.

AfC

May 02, 2012 02:21 AM

May 01, 2012

Planet Grep

Kris Buytaert: Devops in Munich

Devopsdays Mountainview sold out in a short 3 hours .. but there's other events that will breath devops this summer.
DrupalCon in Munich will be one of them ..

Some of you might have noticed that I`m cochairing the devops track for DrupalCon Munich,
The CFP is open till the 11th of this month and we are still actively looking for speakers.

We're trying to bridge the gap between drupal developers and the people that put their code to production, at scale.
But also enhancing the knowledge of infrastructure components Drupal developers depend on.

We're looking for talks both on culture (both success stories and failure) , automation,
specifically looking for people talking about drupal deployments , eg using tools like Capistrano, Chef, Puppet,
We want to hear where Continuous Integration fits in your deployment , do you do Continuous Delivery of a drupal environment.
And how do you test ... yes we like to hear a lot about testing , performance tests, security tests, application tests and so on.
... Or have you solved the content vs code vs config deployment problem yet ?

How are you measuring and monitoring these deployments and adding metrics to them so you can get good visibility on both
system and user actions of your platform. Have you build fancy dashboards showing your whole organisation the current state of your deployment ?

We're also looking for people talking about introducing different data backends, nosql, scaling different search backends , building your own cdn using smart filesystem setups.
Or making smart use of existing backends, such as tuning and scaling MySQL, memcached and others.

So lets make it clear to the community that drupal people do care about their code after they committed it in source control !

Please submit your talks here

May 01, 2012 07:02 PM

Dries Buytaert: Announcing Spark: authoring improvements for Drupal 7 and Drupal 8

At DrupalCon Denver, I announced the need for a strong focus on Drupal's authoring experience in my State of Drupal presentation. During my core conversation later in the week, I announced the creation of a Drupal 7 distribution named "Spark" (formerly code-named "Phoenix"). The goal of Spark is to act as an incubator for Drupal 8 authoring experience improvements that can be tested in the field.

I hope for Spark to provide a "safe space" to prototype cutting-edge interface design and to build excellent content tools that are comparable with the experience of proprietary alternatives. While not a final list, some initial thinking around the features we want to experiment with is:

• Inline editing and drag-and-drop content layout tools ("true" WYSIWYG)
• Enhanced content creation: auto-save, save as draft and more
• Useful dashboards for content creators
• Mobile content authoring and administration support

The vision behind the Spark distribution is to be "the Pressflow of Drupal authoring experience". Pressflow provided a "spoon" of Drupal 6 with various performance enhancements that made their way into Drupal 7 core while it was in development. The same improvements were made available to Drupal 6 users so they could easily be tested in the field. With Spark, we want to test authoring experience improvements in Drupal 7 on real sites with real users and real content. We also want to target the best improvements for inclusion into Drupal 8 core.

I'm excited to announce that Acquia will fund the Spark distribution. Core developers Gábor Hojtsy and Wim Leers will work on Spark full-time starting in late May. They will work along side Angie Byron (webhchick), Alex Bronstein (effulgentsia), myself and other members at Acquia. While we have some promising candidates so far, Acquia is still seeking applicants to join the Spark team (with a strong preference to candidates located in or willing to move to the Boston area):

• Drupal UX Interaction Designer, who can conceptualize and prototype cutting-edge interface design.
• Senior Front-End Engineer, who eats, sleeps, and breaths JavaScript and jQuery (Drupal experience optional).

The Spark team will collaborate with the Drupal usability and the core development teams.

May 01, 2012 02:55 PM

Planet openmoko

Xiangfu Liu: mForce 200 designed base on Icarus (Icarus 衍生板 mForce200)

mForce200 designed by lijiangchun base on Icarus. you can buy it at his taobao shop, he release designed source files at google code. it have 2 SPARTAN-6 XC6SLX150-FGG484BIV1027 chips, using a big heat sink instead a noise fan. it’s using a ATX power connecter and a strange USB Standard-A receptacle for USB connect.

May 1st, I received the device, after 12 hours test, it give ~200MHS, Utility: 2.6/m. not as good as Icarus. by talking with the author <lijangchu at gmail dot com>, there are two switches missing in this boards. he will send me a new one. then I will test again and update this page.

May 3rd. I received the new boards. this working one give ~380MHS, Utility: ~5.2/m, same as Icarus, from the power meter, idle it needs ~4.6W, mining needs ~20W, mForce 200 cgminer status page: http://downloads.openmobilefree.net/Icarus/miner.mForce200.php

First reaction was: I want my money back
Quality: bad Heat
sinks placement: bad
USB cable: bad (2 USB-A plug on both side)
Power supply/plug: bad (the power cable is already exposed)
Heat sinks: bad (form factor)

Working One:

Two Switches Missing:

May 01, 2012 11:13 AM

Planet Grep

Joram Barrez: Activiti on Mysql : remember to enable innoDB!

Past days, I’ve been doing some Activiti benchmarking. By accident however, I discoverd that all my tables were using the MyISAM storage engine, which is non-transactional. This is *not* a good idea when using Activiti, as the engine does count on transactions for executing processes in a correct way. The DDL statements of Activiti do state [...]

May 01, 2012 07:45 AM

Undeadly

May 1st 2012: OpenBSD 5.1 Released

May 1st 2012, Calgary, Alberta, Canada and elsewhere: OpenBSD project leader Theo de Raadt (deraadt@) today announced the release of and general availability of OpenBSD 5.1, the latest version of the project's namesake operating system, via FTP, HTTP and other network distribution.

In the run-up to the general release, reports of pre-ordered CD sets, T-shirts and other OpenBSD 5.1 merchandise arriving at their destinations have trickled in from Europe and elsewhere.

May 01, 2012 07:40 AM

April 30, 2012

Planet Grep

Les Jeudis du Libre: Bruxelles le 3 mai, Processing depuis Proce55ing

Bruxelles le 3 mai, Processing depuis Proce55ing

Julien Deswaef

Le jeudi 3 mai 2012, aux Jeudis du Libre de Bruxelles il sera question de création multimédia.

• Le sujet de cette séance : Processing depuis Proce55ing - println(« Hello World, I’m an artist. »);
  
• Thématique : création multimédia
  
• L’animateur conférencier : Julien Deswaef (Site perso / @xuv)
• Lieu de cette séance : Betagroup Coworking Brussels at ICAB Business & Technology Incubator - 4 rue des pères blancs – 1040 Bruxelles (cf. ce plan sur le site d’Openstreetmap).
• Horaires: de 19h à 21h, suivi d’un restaurant dans le quartier.

-> S’inscrire <-

println(« Hello World, I’m an artist. »);

Processing

Processing est un outil destiné aux artistes qui désirent se familiariser avec le code comme outil de création. Que l’on soit débutant ou programmeur confirmé, P5 (pour les intimes) offre une large palette d’outils permettant de développer des applications multimédias. À l’aube de son passage à la version 2.0, Julien Deswaef vous propose de plonger dans la communauté bigarrée qui l’entoure, depuis ses origines jusqu’au derniers développements. Il y aura, dans le désordre, des lignes de code, des anecdotes, des exemples, des grands noms, des librairies étranges,… le tout saucé de son expérience personnelle. On fera le tour de Processing comme on fait le tour d’internet…, en commençant par le point.

Une création réalisée avec Processing

Julien Deswaef

Julien Deswaef, artiste multimédia, tant actif dans les espaces de l’image que dans ceux du code, il présente cette capacité de transformer des «idées plastiques» en réalités numériques. Il collabore régulièrement avec des artistes tant dans le monde du spectacle, de la musique que des arts plastiques. Engagé dans le logiciel libre comme principe éthique, il assure avec pertinence la liaison entre les arts plastiques, le monde des images contemporaines de l’événementiel et les aspects les plus pointus en recherche numérique.

Site: http://xuv.be
Twitter: @xuv

Affiche pour les journées du libre organisées par le BxLUG - l'affiche contient le code qui a servi à la générer.

April 30, 2012 08:18 PM

Undeadly

Rthreads Hackathon Part the Second

Following up on our earlier report from r2k12, we have a pair of fresh reports from our illustrious hackers. Read more...

April 30, 2012 11:34 AM

L2TP/IPSec with OpenBSD and npppd

Maxim Bourmistrov writes in to share his L2TP/IPSEC setup using npppd.

An OpenBSD user since 3.2, I deploy OpenBSD on anything what I want to be secure and stable(yes, even -current is STABLE, as long as you know what you are doing).

This guide is split into two sections. The first and major one is server-side configuration. The second is about what should be done on client-side. I use npppd both at home and at the office. My office setup is a bit more complicated than the one described here.

April 30, 2012 11:19 AM

Planet Grep

Joram Barrez: DBCP vs c3p0 vs BoneCP

This weekend, I was running some simple benchmarks for Activiti, when one of my threaded benchmarks using the Activiti engine within Spring consistently hanged until forever (or at least 30 minutes, when I killed it). After some googling, I discovered that this could be due to DBCP not releasing connections. And indeed, when switching to [...]

April 30, 2012 09:35 AM

Planet openmoko

Sean Moss-Pultz

I blocked out a Sunday afternoon and thoroughly enjoyed “reading” Stefan Sagmeister‘s Things I Have Learned In My Life So Far. Maxims are as follows:

1. Helping other people helps me.
2. Having guts always works out for me.
3. Thinking that life will be better in the future is stupid. I have to live now.
4. Starting a charity group is surprisingly easy.
5. Being not truthful always works against me.
6. Everything I do always comes back to me.
7. Assuming is stifling.
8. Drugs feel great in the beginning and become a drag later on.
9. Over time I get used to everything and start taking for granted.
10. Money does not make me happy.
11. My dreams have no meaning.
12. Keeping a diary supports personal development.
13. Trying to look good limits my life.
14. Material luxuries are best enjoyed in small doses.
15. Worrying solves nothing.
16. Complaining is silly. Either act or forget.
17. Everybody thinks they are right.
18. If I want to explore a new direction professionally, it is helpful to try it out for myself first.
19. Low expectations are a good strategy.
20. Everybody who is honest is interesting.

Every seven years Sagmeister shuts down his studio and goes on a year-long sabbatical (no client work). I’m fascinated by that – probably because I lack the courage to try it myself.

April 30, 2012 01:46 AM

Powered by Planet!
Last updated: May 20, 2012 02:04 PM