November 25, 2014

Fedora 21 review
A review of Fedora 21 compared to previous versions
Open Seat on the Fedora Server Working Group

This past week, David Strauss chose to step down from his position on the Fedora Server Working Group, citing a lack of alignment with his current work usage. The Fedora Server SIG would like to thank David for his contributions up to this point and wish him well.

This means that there is currently a vacancy in the Fedora Server Working Group. The Working Group is the nine-person volunteer body that oversees the development, testing, release, documentation, marketing and evangelism of the Fedora Server. Membership on this Working Group is a moderate commitment requiring a participation of a minimum of two hours a week, one hour of which being the (usually) weekly meeting.

Membership on the Fedora Server Working Group does not require you to be a developer, tester or administrator. Anyone who is interested in advancing any of the Fedora Server’s goals is eligible to self-nominate. Document-writers, translators, Fedora Ambassadors, end-users and anyone else can become a part of this team.

If you feel that you are interested in becoming more involved with the Fedora Server, we encourage you to self-nominate by joining the Fedora Server mailing list and sending a self-introduction and nomination email to that list. We will have open nominations from now until Tuesday, December 9th, where we will vote on the new member at the weekly meeting.

If you self-nominate but aren’t selected to serve on the Working Group, do not fret! The Server SIG is open to all and the Working Group will always listen to your advice and concerns, so please stick around! While the Working Group is the final authority and voting body when disagreements come up or official decisions (like branding) need to be made, we are not the only people working on the Fedora Server. The Server SIG is small today, but growing. We would very much like to have you join us.

server-large

Red Hat hiring an Erlang/RabbitMQ expert

Apply here


Server Working Group Weekly Meeting Minutes (2014-11-25)

<html> <head> <meta content="text/html;charset=UTF-8" http-equiv="Content-type"/>
<style type="text/css"> /* This is for the .html in the HTML2 writer */ body { font-family: Helvetica, sans-serif; font-size:14px; } h1 { text-align: center; } a { color:navy; text-decoration: none; border-bottom:1px dotted navy; } a:hover { text-decoration:none; border-bottom: 0; color:#0000B9; } hr { border: 1px solid #ccc; } /* The (nick, time) item pairs, and other body text things. */ .details { font-size: 12px; font-weight:bold; } /* The 'AGREED:', 'IDEA', etc, prefix to lines. */ .itemtype { font-style: normal; /* un-italics it */ font-weight: bold; } /* Example: change single item types. Capitalized command name. /* .TOPIC { color:navy; } */ /* .AGREED { color:lime; } */ </style>

</head> <body>

#fedora-meeting-1: Server Working Group Weekly Meeting (2014-11-25)

Meeting started by sgallagh at 16:01:28 UTC (full logs).

Meeting summary

  1. roll call (sgallagh, 16:01:31)
  2. Agenda (sgallagh, 16:04:52)
    1. Agenda Item: Empty WG Seat (sgallagh, 16:05:12)
    2. Agenda Item: Status check on Fedora 21 (sgallagh, 16:05:12)
    3. Agenda Item: Fedora 22 Planning (sgallagh, 16:05:12)
    4. Agenda Item: Ambassador materials (sgallagh, 16:07:31)

  3. Empty WG Seat (sgallagh, 16:08:03)
    1. https://fedoraproject.org/wiki/Server/Governance_Charter (sgallagh, 16:09:26)
    2. ACTION: simo to write up a first draft of a blog post describing our decision-making process and how it’s not restricted to WG members (sgallagh, 16:21:03)
    3. ACTION: sgallagh to announce the search for WG candidates on devel-announce@ and the Fedora Magazine (sgallagh, 16:29:36)

  4. Status check on Fedora 21 (sgallagh, 16:30:11)
    1. ACTION: stefw to check up on a second iteration of the Cockpit branding (sgallagh, 16:32:41)
    2. quick note for TC4 testers today: the openldap package on the media is newer than the one on most of the mirrors, so domain controller deploys won’t work until the mirrors sync. (sgallagh, 16:39:01)
    3. The test matrix for Fedora Server has been redesigned for TC4 and later. It includes the new criteria we voted on last week. (sgallagh, 16:40:42)
    4. https://bugzilla.redhat.com/show_bug.cgi?id=1155228 was closed, that’s why i didn’t have them on the list. (adamw, 16:46:53)
    5. ACTION: sgallagh to update the bodhi bugs for productimg packages to note that they fix 1155228 (sgallagh, 16:48:12)

  5. Fedora 22 Planning (sgallagh, 16:50:56)
    1. Skipped in favor of Ambassador discussion (sgallagh, 16:51:05)

  6. Ambassador materials (sgallagh, 16:51:23)
    1. http://scarlett.frields.org:5000/server/ (sgallagh, 16:54:45)
    2. http://stg.getfedora.org/server/ is the more up to date stg one now. ;) (nirik, 16:56:06)
    3. http://stg.getfedora.org/server/ (sgallagh, 16:56:26)
    4. any feedback on those pages, please take them to the websites team… #fedora-websites or their trac. (sgallagh, 16:58:10)
    5. http://fedorahosted.org/fedora-websites (sgallagh, 16:58:23)
    6. https://fedorahosted.org/marketing-team/ticket/176 (tuanta, 17:01:08)
    7. https://fedoraproject.org/wiki/Fedora_21_talking_points (nirik, 17:01:16)

Meeting ended at 17:02:38 UTC (full logs).

Action items

  1. simo to write up a first draft of a blog post describing our decision-making process and how it’s not restricted to WG members
  2. sgallagh to announce the search for WG candidates on devel-announce@ and the Fedora Magazine
  3. stefw to check up on a second iteration of the Cockpit branding
  4. sgallagh to update the bodhi bugs for productimg packages to note that they fix 1155228

Action items, by person

  1. sgallagh
    1. sgallagh to announce the search for WG candidates on devel-announce@ and the Fedora Magazine
    2. sgallagh to update the bodhi bugs for productimg packages to note that they fix 1155228
  2. simo
    1. simo to write up a first draft of a blog post describing our decision-making process and how it’s not restricted to WG members
  3. stefw
    1. stefw to check up on a second iteration of the Cockpit branding

People present (lines said)

  1. sgallagh (108)
  2. simo (28)
  3. nirik (26)
  4. tuanta (21)
  5. adamw (17)
  6. mitr (11)
  7. zodbot (10)
  8. stefw (5)
  9. junland (5)
  10. davidstrauss (0)
  11. mizmo (0)

Generated by MeetBot 0.1.4. </body></html>

Arriva Fedora 21 – cosa ci aspetta?

Fedora 21, anche conosciuta come fedora.next, uscirà tra 2 settimane e introdurrà una serie di novità, sia dal punto di vista delle features sia per quanto riguarda le immagini distribuite. Vorrei riassumere qui alcuni punti cardine per aiutare gli utenti ad orientarsi e a capire il perché di certe scelte, ma non è e non potrà essere il post risolutivo per capire tutti i dettagli.

Logo_fedora-next-unofficial

Già il ciclo di rilascio di un anno fa capire quanto lavoro c’è stato dietro a questa release, è stato saltato un ciclo di rilascio intero e nel 2014 ancora non abbiamo visto alcun rilascio di Fedora. Questo significa anche, che Fedora 20 sarà supportata per un periodo più lungo del solito. L’idea di un rilascio diverso di Fedora proviene dal Flock 2013, in cui per la prima volta si è parlato di questo approccio e dei vantaggi che esso comporta, ma tutti si sono resi conto che questo avrebbe  comportato anche un lavoro enorme e uno sforzo eccezionale da parte di tutta la community per realizzarlo. Allora qualcuno si è subito chiesto, e le voci che si sentono ancora adesso dicono: Ma perché Fedora.next?

La risposta non è così semplice come potrebbe sembrare, direi che la risposta parte da più lontano e forse addirittura qualche anno fa. Facciamo un passo indietro allora. Cosa è successo negli ultimi anni?

  • Le immagini ISO non stavano più su un CD ma sono diventate sempre più grandi, prima raggiungendo e poi sforando 1 GB di dimensione. Le nuove features nelle ultime due release spingono la versione live verso 1,5GB invece che verso il basso.
  • Il DVD di installazione contiene più di 4GB di software; un utente medio utilizza, in un’installazione “normale” forse il 30-40% del software presente, per trovarsi successivamente ad aggiornare gran parte dei pacchetti installati perché già obsoleti. Il risultato è un traffico dati inutile per l’utente di almeno 3GB.
  • Negli ultimi anni si sono aggiunte nuove immagini, prima ARM, che con le sue immagini poi è diventato architettura primaria, poi si sono aggiunte anche PPC64 e s390, considerate architetture secondarie, e infine c’è stato quello che ha fatto probabilmente scattare la molla, le immagini Cloud. Tutte versioni che fino a qualche anno fa non esistevano e che hanno portato a una confusione di immagini ad ogni rilascio di Fedora.

L volontà quindi è stata quella di semplificare il rilascio e di creare delle immagini adatte a diversi “use-cases”, ovvero immagini pre-costruite per utilizzi differenti, da qui la distinzione di quello che avrebbe indicato i prodotti:

  1. Workstation (per l’utente Desktop)
  2. Server
  3. Cloud (con varie immagini, sia per Cloud privati che pubblici)

Un esempio molto calzante in questo caso sono i LEGO! Invece di fornire agli utenti una scatola con 1000 pezzi di lego, dai quali ogni utente può costruirsi quello che gli piace, si vuole dare all’utente dei SET di LEGO già confezionati. Uno per l’astronave, uno per la costruzione di case e uno per giocare alla fattoria. Ogni set ha un obiettivo differente, ma se l’utente lo desidera, può utilizzare qualsiasi pezzo di LEGO dalla scatola dei 1000 pezzi per aggiungere quello che gli manca per il suo utilizzo preferito.

Lo stesso meccanismo è per i tre prodotti Fedora citati prima. Hanno un target ben preciso, ma tutti e tre si interfacciano con gli stessi repository, quindi è possibile installare applicazioni server su una workstation e viceversa, l’utente più esperto lo farà e utilizzerà quello che gli piace di più, un utente medio invece troverà nelle immagini preconfezionate tutto quello che gli serve per utilizzare Fedora al meglio.

Le immagini che vedremo sono poche, e benché tutte le versioni sono ottimizzate per hardware a 64bit, vengono (ancora) fornite immagini a 32bit. Non ha alcun senso, come spesso si vede, installare una versione 32bit su hardware 64bit! Non voglio tediare nessuno con la costruzione della ISO e i WORKING GROUP, è importante sapere che è stato abbandonato la differenziazione per Desktop Environment. Il DE è un di cui, fa parte di un anello esterno come dovrebbe essere, molto più importanti sono gli anelli che riguardano il cuore e la base. Ambienti di sviluppo, come stacks o environments ci sono ma possono essere considerate ‘secondarie’ ai fini dell’immagine stessa.

1) WORKSTATION

color-workstation

E’ sicuramente la versione che verrà scaricata di più e ci sarà un’immagine sola, LIVE, per entrambe le architetture. Il vantaggio della Workstation è che si potrà utilizzare senza installare nulla nel proprio sistema, e avrà a bordo anche tutto il necessario per il developer base. Inoltre ha tutto per la virtualizzazione, da GNOME-Boxes ad altri tool, e infine ha il supporto a Docker incorporato per testare o fare il deploy di applicazioni proprie o di terze parti. Il DE di default è GNOME, ma installare e aggiungere qualsiasi altro DE è possibile farlo in pochi attimi.

2) SERVER

color-server

Un’immagine molto specifica, pensata per un utilizzo server vero e proprio. L’immagine è un DVD di installazione che contiene molti applicativi specifici per la gestione a l’amministrazione di un server Linux.

3) CLOUD

color-cloud

Le immagini a disposizione sono di tipo RAW, quindi compresse, oppure qcow2, per un utilizzo diretto su Openstack. Ci sono due versioni per il Cloud privato, una cosiddetta Base e una Atomic. Molto bella la versione Atomic, perché pensata per essere utilizzata all’interno di un container Docker e può essere utilizzata quasi come GIT. Questo permette la gestione del sistema operativo potendo aggiornare e tornare indietro con facilità, per minimizzare il downtime del proprio Cloud. Naturalmente ci sono anche immagini EC2 per Cloud Pubblici, per ora solo su Amazon, ma a breve sono previsti altri.

Si vedrà che le immagini già per Fedora 22 aumenteranno e la scelta di partire con qualcosa di più contenuto, ma allo stesso tempo completo per l’utente medio, è una scelta intelligente, soprattutto dal punto di vista dei developer che possono concentrarsi sulle immagini proposte. Anche l’utente stesso avrà un vantaggio, perché capirà in pochi attimi qual’è l’immagine giusta per il suo utilizzo.

AGGIORNAMENTI

La risposta è sì :)

Sì, nel senso che si potrà utilizzare FedUp per aggiornare il proprio sistema dalla 20 alla 21, anche selezionando uno dei tre prodotti disponibili. L’opzione –product farà sì che l’aggiornamento installi tutto quello che è incluso nel prodotto prescelto, più i pacchetti che sono installati nel proprio sistema in questo momento come F20. Un esempio:

fedup --network --product=workstation 21

Questo farà sì che il sistema si aggiorni a F21 Workstation. Ovviamente si potrà cambiare il riferimento con altro prodotto.

Sta ad ognuno di noi a questo punto scegliere il metodo che si vuole utilizzare, nuova installazione o aggiornamento. L’opzione della scelta del prodotto toglie molti dubbi sulla qualità dell’aggiornamento stesso.

WHAT’S NEXT?

Fedora 22 poi non è così lontana e si è già al lavoro per essa. Le novità ci saranno e avremo più immagini, probabilmente. I tre prodotti, però, possono vivere una vita indipendente, nel senso che ci possono essere cicli di rilascio più o meno lunghi. E’ anche possibile che in futuro avremo non più tre ma quattro, cinque o sei prodotti. Tutto questo per adesso non esiste se non teoricamente, da sapere però che questo potrebbe accadere.

SCUSA, E LE SPIN?

Come sempre, tutte le spins, come l’immagine Docker o le immagini ARM sono disponibili sul sito http://spins.fedoraproject.org.

Buona Fedora, sono sicuro che vi piacerà!

Pulp 2.6.0-0.1.alpha is available

Pulp 2.6.0-0.1.alpha is available in the testing repositories.

This alpha release includes bugfixes and support for RabbitMQ.

Starting with Pulp 2.6.0 alpha, releases will be GPG signed by the Pulp team. If you use the repo files from the installation page and enable the pulp-2.6-testing repo, this should be configured correctly by default.

Pulp 2.5.0 is released!

The Pulp team is pleased to announce general availability of Pulp 2.5.0.

This release includes the following new features:

  • Improved SELinux policy
  • pulp-admin bash tab completion
  • SSL support for MongoDB connections

Numerous bugs were fixed in 2.5.0. All users are encouraged to upgrade.

Additionally, a “tech preview” release of pulp-docker ships with Pulp 2.5.0. This plugin allows management of Docker repositories. This is not installed by default.

 

Device (sorta) review: Cocoon Grid-It Organizer

I happened to see somewhere (I cannot actually recall now) someone mention the ‘grid-it’ line of organizers and picked up one for my laptop bag.

It’s basically a hard board with lots and lots and lots of straps of various sizes all over one side and a zippered pocket on the other.

You put cables, batteries, whatever through the straps and it keeps them in place. It actually is a great help for me as the fedora laptop bag I use has just one big main compartment, so things mill around in there if they aren’t connected to something. As with many things I find that it usually looks great at the beginning of a trip with everything in place, but gets less so as the trip goes on and things get tossed back in without being put in their place.

For $12 this is a pretty great little device. They of course make them in all sizes and shapes and colors, but they do seem to be pretty handy for organizing that messy laptop bag we all have. ;)

Important Fedora vote concludes today!

The election for the two representative seats on the new Fedora Council ends today at midnight UTC. That’s afternoon or evening in timezones west of the Prime Meridian, so don’t delay. We have email-based interviews with the five candidates to help you make an informed decision:

Read the interviews, and then vote now.

Feed Crawler Page test 2

Second test


El troll

Hoy quiero es escribir algo sobre una persona muy importante y especial no solo para mi si no para Fedora Nicaragua. Esa persona es mi buen amigo Neville Cross, durante varios años se ha esforzado por mantener viva la llama de Fedora en el país y por cuyo esfuerzo se aganado el liderazgo de la comunidad y el puesto de ser el pilar sobre el cual descansa la comunidad local, a demostrado destreza,valor, pero sobre todo amor por Fedora y digo amor, porque he sido testigo del sacrificio que hace, muchas veces sacrifica el tiempo con su familia, su tiempo de descanso, su trabajo, entre otras cosas.

Varias veces he dicho que es una persona “increíble”, porque es sorprendente la capacidad que tiene para resolver  los problemas y la humildad que posee para compartir conocimientos. recuerdo que cuando lo conocí una de las primera palabras que me dijo fue: “las buenas cosas las logras con esfuerzo”. esfuerzo con el cual ha construido una comunidad solidad, disciplinada y ordenada, que año con año sigue creciendo, la mayoría de los miembros de Fedora Nicaragua somos jóvenes entre 15 a 23 años y en lo personal estoy muy agradecido con Neville por darnos de su protección y trasmitir sus ensañases ya que al ser jóvenes carecemos de experiencia  y algunas habilidades de un colaborador de Fedora

IMG00213fedoramatagla 2

Algo que me parece gracioso es que no todo el tiempo te ayudara hacer las cosas, primero te enseña hacer las cosas  y luego observa que las hagas tu solo. jamas voy a olvidar aquel momento que bajo el calor del estrés me dijo “Ya estas grande, tienes que resolver tus problemas, no esperar que alguien mas lo haga por ti”, estoy seguro que si no me hubiera dicho eso jamas hubiera ampliado mi mente y desarrollado habilidades para enfrentar y resolver algún problema.a pesar de las circunstancia siempre muestra disponibilidad para ayudar. A veces me pregunto que vamos hacer cuando Neville no este, que va hacer de la comunidad ? lo mas probable es que nosotros le demos continuidad a su trabajo, cosa que no sera fácil, pero durante todo este tiempo no solo se a preocupado por el estado de la comunidad, si no también de los futuros miembros de la comunidad local que heredaran  los principios y los fundamentos de Fedora project.

IMG00200DSC08174


November 24, 2014

On the last saturday, nov 22, it was my first participation in FGSL located in Goiania in Goias state...
On the last saturday, nov 22, it was my first participation in FGSL located in Goiania in Goias state. Home to several great friends of free software, that are present in other Brazilian events.
The organization of FGSL picked me up at the airport, held my event transportation to the hotel and even paid my lunch, always with a smile.
In the morning period, I set up camp in the area of user groups located on the fifth floor of the building at UFG - Federal University of Goias where talked to people, helped with installation of Fedora 20 and 21, and distribute adhesives.
The afternoon gave the first talk after lunch stop about Fedora.Next in room 308. I returned to the area user group with the interest of Guilherme Santos joining us at Fedora Websites.
The rest of day was a very pleasant conversation with some guys of Annapolis free software community, that convinced Paulo Soares answer questions in the Ask and made Bug Report, and found Thiago Policena interested in be our regional Ambassador.
#fedora #fgsl11 #2erigo #linux  

FGSL 2014


Mapping files to disk, part 2

Part 1

Now I’ve written the second tool of virt-bmap which lets you boot a guest and observe what files it is reading from disk. (NB if you want to try this out you will need a patched libguestfs)

The second tool is an nbdkit plugin, so to use the tool you just do:

$ nbdkit -r bmaplogger file=/tmp/win7.img bmap=/tmp/win7.bmap \
  --run ' qemu-kvm -cpu host -m 2048 -hda $nbd '

and watch the output as the guest boots. Note that the bmap file must have been prepared previously by the virt-bmap tool (see part 1).

The results are interesting. Here is Windows 7 booting (edited down for brevity):

read v /dev/sda
read p /dev/sda1
read f /dev/sda1 /Boot/cs-CZ/bootmgr.exe.mui
read f /dev/sda1 /Boot/BCD
read f /dev/sda1 /Boot/cs-CZ/bootmgr.exe.mui
read f /dev/sda1 /Boot/da-DK/bootmgr.exe.mui
read f /dev/sda1 /Boot/tr-TR/bootmgr.exe.mui
read f /dev/sda1 /Boot/zh-HK/bootmgr.exe.mui
read f /dev/sda1 /Boot/zh-TW/bootmgr.exe.mui
read f /dev/sda1 /bootmgr
read v /dev/sda
read p /dev/sda1
read f /dev/sda1 /Boot/cs-CZ/bootmgr.exe.mui
read f /dev/sda1 /Boot/BCD
read f /dev/sda1 /Boot/da-DK/bootmgr.exe.mui
read f /dev/sda1 /Boot/cs-CZ/bootmgr.exe.mui
read f /dev/sda1 /Boot/da-DK/bootmgr.exe.mui
read f /dev/sda1 /Boot/Fonts/kor_boot.ttf
read p /dev/sda1
read f /dev/sda1 /Boot/cs-CZ/bootmgr.exe.mui
read f /dev/sda1 /Boot/BCD
read f /dev/sda1 /Boot/da-DK/bootmgr.exe.mui
read f /dev/sda1 /Boot/cs-CZ/bootmgr.exe.mui
read f /dev/sda1 /Boot/da-DK/bootmgr.exe.mui
read f /dev/sda1 /Boot/BCD
read f /dev/sda1 /Boot/da-DK/bootmgr.exe.mui
read f /dev/sda1 /Boot/de-DE/bootmgr.exe.mui
read p /dev/sda1
read f /dev/sda1 /Boot/cs-CZ/bootmgr.exe.mui
read f /dev/sda1 /Boot/BCD
read f /dev/sda1 /Boot/da-DK/bootmgr.exe.mui
read f /dev/sda1 /Boot/cs-CZ/bootmgr.exe.mui
read f /dev/sda1 /Boot/da-DK/bootmgr.exe.mui
read f /dev/sda1 /Boot/BOOTSTAT.DAT
read f /dev/sda1 /bootmgr
read f /dev/sda1 /Boot/BOOTSTAT.DAT
read v /dev/sda
read p /dev/sda2
read d /dev/sda2 /
read f /dev/sda2 /Windows/System32/Msdtc/MSDTC.LOG
read d /dev/sda2 /
read f /dev/sda2 /ProgramData/Microsoft/Search/Data/Applications/Windows/MSSres00001.jrs
read d /dev/sda2 /
read d /dev/sda2 /Users
read p /dev/sda2
read d /dev/sda2 /Windows/assembly/NativeImages_v2.0.50727_64
read d /dev/sda2 /Windows
read p /dev/sda2
read d /dev/sda2 /Windows/servicing
read d /dev/sda2 /Windows
read f /dev/sda2 /Windows/System32/config/SAM.LOG1
read p /dev/sda2
read d /dev/sda2 /Windows/System32
read p /dev/sda2
read d /dev/sda2 /Windows/System32/en-US/Licenses/_Default
read d /dev/sda2 /Windows/System32
read p /dev/sda2
read d /dev/sda2 /Windows/System32
read d /dev/sda2 /Windows/System32/Tasks/Microsoft/Windows
read d /dev/sda2 /Windows/System32
read p /dev/sda2
read f /dev/sda2 /Windows/System32/CIRCoInst.dll
read d /dev/sda2 /Windows/System32
read f /dev/sda2 /Windows/System32/clb.dll
read d /dev/sda2 /Windows/System32
read f /dev/sda2 /Windows/System32/cmmon32.exe
read d /dev/sda2 /Windows/System32
read f /dev/sda2 /Windows/System32/cryptnet.dll
read d /dev/sda2 /Windows/System32
[...]
read f /dev/sda2 /Windows/System32/iscsilog.dll
read f /dev/sda2 /Windows/System32/ksetup.exe
read d /dev/sda2 /Windows/System32
read f /dev/sda2 /Windows/System32/ksproxy.ax
read f /dev/sda2 /Windows/System32/NcdProp.dll
read d /dev/sda2 /Windows/System32
read f /dev/sda2 /Windows/System32/nci.dll
read f /dev/sda2 /Windows/System32/profsvc.dll
read d /dev/sda2 /Windows/System32
read f /dev/sda2 /Windows/System32/propsys.dll
read d /dev/sda2 /Windows/System32
read p /dev/sda2
read f /dev/sda2 /Windows/System32/winload.exe
[...]

Here is a Windows server that had McAfee (a “virus scanner”) installed:

read v /dev/sda
read f /dev/sda1 /Boot/BCD
read f /dev/sda1 /bootmgr
read v /dev/sda
read f /dev/sda2 /Program Files (x86)/McAfee/Real Time/log0.txt
read v /dev/sda
read p /dev/sda1
read f /dev/sda1 /Boot/BCD
read f /dev/sda1 /Boot/nl-NL/bootmgr.exe.mui
read f /dev/sda1 /Boot/pl-PL/bootmgr.exe.mui
read f /dev/sda1 /Boot/ru-RU/bootmgr.exe.mui
read f /dev/sda1 /Boot/zh-TW/bootmgr.exe.mui
read f /dev/sda1 /bootmgr
read f /dev/sda1 /Boot/BOOTSTAT.DAT
read f /dev/sda1 /Boot/BCD
read f /dev/sda1 /Boot/Fonts/kor_boot.ttf
read f /dev/sda1 /BOOTSECT.BAK
read f /dev/sda1 /Boot/BCD
read f /dev/sda1 /BOOTSECT.BAK
read f /dev/sda1 /Boot/BCD
read f /dev/sda1 /Boot/BOOTSTAT.DAT
read f /dev/sda1 /Boot/BCD
read f /dev/sda2 /Program Files (x86)/McAfee/Real Time/log4.txt
read f /dev/sda1 /Boot/BCD
read p /dev/sda2
read f /dev/sda2 /Program Files (x86)/Common Files/microsoft shared/DAO/dao360.dll
read f /dev/sda1 /Boot/cs-CZ/bootmgr.exe.mui
read f /dev/sda2 /Program Files (x86)/Common Files/System/msadc/adcjavas.inc
read f /dev/sda2 /ProgramData/McAfee/Common Framework/Mesh/SvcMgr_WPLCLDWA170.log
read f /dev/sda2 /Program Files (x86)/McAfee/Policy Auditor Agent/auditmanager.log
read f /dev/sda2 /Program Files (x86)/Common Files/microsoft shared/DAO/dao360.dll
read f /dev/sda2 /Program Files (x86)/McAfee/Real Time/log7.txt
read f /dev/sda2 /Program Files (x86)/MSBuild/Microsoft/Windows Workflow Foundation/v3.0/Workflow.Targets
read f /dev/sda2 /Windows/ServerEnterprise.xml
read f /dev/sda2 /Windows/inf/setupapi.dev.log
read f /dev/sda2 /Program Files (x86)/McAfee/Real Time/log7.txt
read f /dev/sda2 /Program Files (x86)/Internet Explorer/en-US/jsprofilerui.dll.mui
read f /dev/sda2 /Users/tempadmin/AppData/Local/Microsoft/Internet Explorer/Recovery/High/Last Active/{7101D2F0-982F-11E0-A584-005056A7000F}.dat
read f /dev/sda2 /Program Files (x86)/McAfee/Policy Auditor Agent/Plugins/AuEngineUpdater.dll
read f /dev/sda2 /Windows/System32/clusapi.dll
read f /dev/sda2 /Windows/System32/cmcfg32.dll
read f /dev/sda2 /Windows/winsxs/Backup/amd64_microsoft-windows-com-base_31bf3856ad364e35_6.1.7600.16385_none_69e3281e403684ea_comcat.dll_8571d1d1
read f /dev/sda2 /Windows/System32/comdlg32.dll
read f /dev/sda2 /Windows/SysWOW64/comexp.msc
read f /dev/sda2 /Program Files (x86)/McAfee/Policy Auditor Agent/Schema/linux-definitions-schema.xsd
read f /dev/sda2 /ProgramData/McAfee/Common Framework/Mesh/SvcMgr_WPLCLDWA170.log
read f /dev/sda2 /Windows/SysWOW64/C_10003.NLS
read f /dev/sda2 /Windows/SysWOW64/C_10004.NLS
read f /dev/sda2 /Windows/SysWOW64/C_20005.NLS
read f /dev/sda2 /Windows/SysWOW64/C_21025.NLS
read f /dev/sda2 /Windows/CMAgent/Installer/Providers/ExecutionEngine/providers.catalog
read f /dev/sda2 /Windows/SysWOW64/dfsrHealthReport.xsl
read f /dev/sda2 /ProgramData/McAfee/Common Framework/Mesh/SvcMgr_WPLCLDWA170.log
read f /dev/sda2 /Windows/SysWOW64/C_10003.NLS
read f /dev/sda2 /Windows/SysWOW64/C_10004.NLS
read f /dev/sda2 /Windows/SysWOW64/C_20005.NLS
read f /dev/sda2 /Windows/SysWOW64/C_21025.NLS
read f /dev/sda2 /Windows/CMAgent/Installer/Providers/ExecutionEngine/providers.catalog
read f /dev/sda2 /Windows/SysWOW64/dfsrHealthReport.xsl
read f /dev/sda2 /ProgramData/McAfee/Common Framework/Mesh/SvcMgr_WPLCLDWA170.log
read f /dev/sda2 /Windows/System32/hhctrl.ocx
read f /dev/sda2 /Program Files (x86)/McAfee/Real Time/log2.txt
read f /dev/sda2 /Windows/System32/KBDA1.DLL
read f /dev/sda2 /ProgramData/McAfee/Common Framework/Mesh/SvcMgr_WPLCLDWA170.log
read f /dev/sda2 /Windows/System32/Kswdmcap.ax
read f /dev/sda2 /Windows/SysWOW64/NOISE.CHS
read f /dev/sda2 /Windows/System32/NlsData0003.dll
read f /dev/sda2 /Windows/SysWOW64/RacRules.xml
read f /dev/sda2 /Windows/System32/ROUTE.EXE
read f /dev/sda2 /Windows/SysWOW64/en-US/tapimgmt.msc
read f /dev/sda2 /Windows/SysWOW64/en-US/tpm.msc
read f /dev/sda2 /Windows/System32/TpmInit.exe
read f /dev/sda2 /Program Files (x86)/McAfee/Policy Auditor Agent/oval.db
read f /dev/sda2 /Windows/Microsoft.NET/Framework64/v4.0.30319/ngen.log
read f /dev/sda2 /Program Files (x86)/McAfee/Policy Auditor Agent/Audit.db
read f /dev/sda2 /Windows/System32/winload.exe

I wouldn’t take any of these traces very literally right now. Our method of mapping files to disk blocks is a bit shaky, especially for ntfs-3g. However I did check the major points of the McAfee trace against the raw log and block map and it seems plausible.


How to play audio on another Fedora system

A Fedora laptop is perfect for your everyday tasks, such as Web browsing or listening to media. But as we all know, laptops often lack “oomph” for sound, because they use small speakers that keep them light and easy to carry. Good speakers are usually too heavy to fit into most laptops. If you have nicer computer speakers, chances are you have them hooked to a desktop or other non-portable computer.

If that other computer is running Fedora, it’s easy to configure it to play audio from your laptop and other computers on your network. Here’s how to do it.

(EDIT: You may need to install the pulseaudio-module-zeroconf module on your systems before following this procedure. To check, open a Terminal, and type rpm -q pulseaudio-module-zeroconf at the prompt. If you see a package version, you’re ready to go. If you see no output returned, type su -c ‘yum install pulseaudio-module-zeroconf’ at the prompt to install the package. You’ll need to provide the root password to complete the installation.)

  1. Log in to the desktop or non-portable system. Open the Software application and search for paprefs or PulseAudio Preferences to find the tool, then click Install to install it. Open the tool once it’s installed.
  2. Go to the Network Server tab, and turn on the options to make the desktop system’s sound cards available on the network, and to disable authentication for an easier experience.paprefs-network-server
  3. Now log in to your laptop, and once again install paprefs on the laptop and run it, using the same process as in Step 1.
  4. Go to the Network Access tab, and turn on the option to make network PulseAudio devices available locally.
    paprefs-network-access
  5. Open the control panel at the top right, and click the settings tool. Open the Sound settings control. In the Output pane, you should see additional sound cards made available through the network. Select the appropriate sound card.

You can repeat Steps 3-5 above for any Fedora computer on your network.

Now you can enjoy the sound of your audio through the better speakers on your non-portable computer!

Security Checklists and the US National Checklist Program

If you are going to perform a security audit you need a checklist.

Let’s spend a minute on this. If you want a predictable outcome, you need a standard process – a standard set of steps to go through to reach that outcome. Basic stuff. But here is the tricky part: people are bad about remembering things and doing things the same way every time. If the results are important, you need a checklist.

Rather than spending a lot of time here, I’m going to hand out a reading assignment: The Checklist Manifesto: How to Get Things Right by Atul Gawande. This is one of the books I strongly recommend everyone should read. Go ahead, I’ll wait until you come back.

OK, welcome back.

Let’s take a look at applying checklists to security. The first suggestion I will make is don’t write checklists from scratch. Find one that is close to what you need and modify it. It takes several iterations and considerable experience to develop a solid process that works – the more you can build on other peoples experience, the less work you have to do. And the better your chances of getting it right!

A good resource for checklists on computer security is the US National Checklist Program. This is a repository of publicly available security checklists to provide detailed guidance on setting the security configuration of operating systems and applications.

Let’s start out with a written checklist – how about the HPLaserJet 4345 MFP Security Checklist. This is a 49 page document detailing how to secure a printer. Yes, a printer. Modern printers are actually servers with a print engine hanging off the side. They can be a major security risk. They have an internal disk drive that stores the documents being printed. Did you securely remove classified documents from the last printer you got rid of?

The document covers threat models, network security, printer settings, and ramifications of the various settings. It includes many screenshots of how to use the Web-based management interface to access and change the many settings.

The good news is that this security guide exists. The bad news is that it is a time consuming manual process to apply it. Speaking of which – who configured your printer when it was installed six years ago? Did they do it right? What has happened in the intervening time? Did someone disable security on the printer so that they could get their job done?

It looks like it is time to print out the security guide and start pointing your browser at all the printers in your organization!

There has got to be a better way to do this. And no, ignoring security until you show up on the front page of the newspaper or in front of a congressional committee isn’t a better way!…


Paratype PT Serif and PT Mono fonts are now available in Fedora

Paratype has a set of nice Latin/pan-Cyrillic typefaces including sans-serif, serif and monospace fonts. The sans-serif typeface, PT Sans, released in 2010 has been part of Fedora for a long time and it is the default font for Cyrillic/Russian. It is a nice font for display in desktop, documents and web.

In 2011, PT Serif and PT Mono were added to the collection. They both are nice looking and very good quality fonts. All the fonts are also made available under OFL (Open Font License) and all it needed was someone to package them for Fedora. Something in my todo list for a long time, couple of weeks ago I have leveraged the spec file of paratype-pt-sans-fonts and packaged the serif and monospaced fonts. Paratype distributes the source tar balls separately for each set and Fedora mandates to create individual packages in such cases. Thanks to the review and comments from Fedora Fonts-SIG, especially Parag Nemade, two new font packages – paratype-pt-serif-fonts and paratype-pt-mono-fonts are now in Fedora repositories.

Obligatory screenshot of both fonts:

Paratype-PT-Serif-Mono-fonts


Tagged: fedora, fonts, rpm
Trust an IP address with firewalld’s rich rules

Managing firewall rules with iptables can be tricky at times. The rule syntax itself isn’t terribly difficult but you can quickly run into problems if you don’t save your rules to persistent storage after you get your firewall configured. Things can also get out of hand quickly if you run a lot of different tables with jumps scattered through each.

Why FirewallD?

FirewallD’s goal is to make this process a bit easier by adding a daemon to the mix. You can send firewall adjustment requests to the daemon and it handles the iptables syntax for you. It can also write firewall configurations to disk. It’s especially useful on laptops since you can quickly jump between different firewall configurations based on the network you’re using. You might run a different set of firewall rules at a coffee shop than you would run at home.

Adding a trusted IP address to a device running firewalld requires the use of rich rules.

An example

Consider a situation where you have a server and you want to allow unrestricted connectivity to that server from a bastion or from your home internet connection. First off, determine your default zone (which is most likely “public” unless you’ve changed it to something else):

# firewall-cmd --get-default-zone
public

We will use 11.22.33.44 as our example IP address. Let’s add the rich rule:

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="11.22.33.44" accept'

Let’s break down what we’re asking firewalld to do. We’re asking to allow IPv4 connectivity from 11.22.33.44 to all ports on the server and we’re asking for that rule to be added to the public (default) zone. If you list the contents of your public zone, it should look like this:

# firewall-cmd --list-all --zone=public
public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client mdns ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
	rule family="ipv4" source address="11.22.33.44" accept

The post Trust an IP address with firewalld’s rich rules appeared first on major.io.

DevConf.cz 2015: Last Call for Papers!

The deadline of the CfP of DevConf.cz 2015 is really close (Dec 1st). So if you’re still thinking about submitting a talk, stop thinking and proceed to an action: CfP online form ;-)

Talks on Fedora or on stuff related to Fedora are especially welcome because the third day of the conference will be Fedora Day where all such talks may find their home.

DevConf.cz is the largest developer conference devoted to Red Hat technologies (Linux, Fedora, JBoss, cloud, virtualization,…). The last edition had almost 100 talks and workshops and around 1000 visitors. The 2015 edition will take place in Brno, Czech Republic on Feb 6-8.

devconf-logo


Fedora 21 weekend upgrading

With the release of a new Fedora getting close (Fedora 21 is currently scheduled for release December 9th), I figured this last weekend was a great time to upgrade the ‘production’ side of my home machines to Fedora 21.

I have 2 pretty important machines. One is my production virthost. It also acts as my firewall and router for all my networks (external, wireless, the test network to the test virthost, the internal network, etc). The second is a vm running on that virthost that is my mail hub, vpn end point and other important functions.

Of course the first thing to do before any major upgrade is to check backups. I run nightly backups with rdiff-backup to my main virthost, but also I have a encrypted external drive I sync those updates to from time to time, and off site where I can upload them too. I made sure everything was synced up and looked good.

The official way to upgrade between Fedora releases is ‘fedup’. However, my main virthost is a bit of a weird setup with raid and encryption and such, so I usually just do a yum update on it, and since I am doing that on the virthost, I usually just do the same on the vm as well. This time (like the last few upgrades) everything went very smoothly. No conflicts or issues with the upgrade transactions on either host, took a bit of time to do them, but finished with no issues.

Then, a quick reboot and I was up in Fedora 21. Well, mostly. I ran into a issue with my ‘internal’ bridge. I had not listed the HWADDR for the network interface that should be on the internal bridge, and Fedora 20’s NetworkManager was fine with figuring it out, but for some reason Fedora 21’s didn’t get it added right. I had to set the HWADDR and restart a number of things. I thne ran into a minor issue with my ipv6 tunnel, but got it sorted in short order.

So, at least for me, Fedora 21 upgrades were as easy as they have always been.

 

OpenMovieNight Phnom Penh

On friday evening I had another OpenMovieNight, this time in Phnom Penh again at Development Innovations. It turned out as a good event we had around 40 participants and after an short talk about copyright, creative commons licenses, open source and free software, we had a lot of fun with the 33 movies I had chosen for the show.

As some already asked in IRC here is the complete list of movies I presented:

Upgrading to Fedora 21

The Fedora Project will soon put out its 21st release.  I’ve been running the pre-release bits for a while now, here are a few observations:

  • Upgrade from Fedora 20 to Fedora 21 via ‘fedup‘ was fast on my SSD disk, and there were no blockers after the reboot – minimal downtime!
  • Bug 740607 – evince no longer can switch to prev / next pages using the buttons or the ctrl+up/down keyboard shortcuts
  • Bug 740608 – gnome-shell’s calendar display overflows from the box if the number of calendar entries are more than some number; the box is always fixed in size.
  • Bug 739991 / Bug 730128 – gnome-terminal doesn’t pass alt+<n> to applications running inside the terminal if there isn’t a tab with that <n>.  This is the most serious regression for me; breaks several workflows for me: my irssi session as well as non-irssi terminals I use for work.  A surprising thing I found out after filing this report is there’s no way to open a closed bug report on gnome bugzilla, which means if some decides the bug isn’t going to be fixed, there’s no option to get new information back on the developers’ radar.
  • Bug 1163747 – memleak in upowerd

The workarounds[1] listed[2] earlier[3] are still in effect for things to work to my liking.

Everything else seems to be working reasonably fine so far, no further regressions.  I am tempted to give KDE a try again, though!

Celebrating Success Of Lohit Project

Hello ,

Last weekend we had the Fuel GILT conference. We had decided to celebrate the success of Lohit Project at the conference. Lohit Project successfully completed it's 10 years this Nov .I would like to share a few things about Lohit Project.



History of Lohit Project :
Font is the most important component for starting a Language computing. Earlier things were not good as far the "Indian Script Font " was Concerned . Red Hat understood this need . In their endeavor to help the open source community ,they purchased Good quality desktop fonts from Modular .Red Hat called it “Lohit” which means "RED" in sanskrit and released it under GPL license. That's how “Lohit” was born !!!

Achievement of Lohit Project :
Lohit Font is the default font for Indian Languages in all open source distribution like Debian,Fedora, Ubuntu, RHEL and Suse. It is used as a Web font in Wikipedia for Indian languages. It is also used in Android and by a few Government departments. The First­touch phone launched with Lohit Gujarati as a default fonts. Lohit Officially supports 22 Indian languages.

Future of Lohit Project - Lohit2 :
         Project for creating standard, reusable, efficient and effective Open type tables for Indian script fonts.This project aims to make font designers life easy by providing them ready to use open type tables.Lohit2 follows Unicode, Open Type, AGL, Language and Government specific standards and provides auto test module.

At the Fuel GILT conference we had a workshop for Lohit Fonts which included a presentation about the Lohit Project. We also had  cake cutting for Lohit's 10th anniversary at the conference.




In the end, I would like to thank Pravin Satpute for taking Lohit Project to such a great height.
         
For further reference:
https://fedorahosted.org/lohit
https://github.com/pravins/lohit2


GTK+ Inspector update

GTK+ Inspector is a debugging tool that is built directly into GTK+ and is available in every GTK+ application by using of the shortcuts Ctrl-Shift-d or Ctrl-Shift-i.

Since I last wrote about it, a number of things have changed, so it is time to give an update on the state of GtkInspector as of GTK+ 3.15.2.

The UI has been revamped a bit to make best use of the limited space in the inspector window.  Some of our newer widgets, such as GtkStackSwitcher, GtkSidebar and GtkSearchEntry, were helpful here:

InspectorInspectorInspectorThe object list has a new search implementation. It tries to deal better with search in a tree than the built-in search in GtkTreeView. Please try it and let me know what you think.

InspectorWe’ve added a new feature: object statistics. This is made possible by corresponding new functionality in GLib. To enable it, run your application with

GOBJECT_DEBUG=instance-count

InspectorThe inspector is now using a separate display connection.  This isolates it from many of the changes that you can make in it, such as CSS tweaks:

InspectorAfter 3.14, we have started to integrate OpenGL rendering into GTK+.  This is reflected in the inspector, which shows information about the OpenGL stack and offers some GL-related debug settings:

InspectorMore recently, I’ve spent my coding time helping to make glade support all of the new GTK+ widgets and features.  We are not quite there yet, but you can already use client-side decorations, GtkHeaderBar, GtkSearchBar, GtkStack, GtkStackSwitcher and GtkSidebar with glade from git master.

GladeI hope to add a few more new widgets to this list soon.  My personal goal for this effort is to use glade for all the ui files inside GTK+.

November 23, 2014

Activities from Mon, 17 Nov 2014 to Sun, 23 Nov 2014

Activities

Activities Amount Diff to previous week
Badges awarded 619 -02.06%
Builds 16714 +17.95%
Copr build completed 3693 -26.33%
Copr build started 3694 -26.31%
Edit on the wiki 528 -25.95%
FAS user created 99 -02.94%
Meeting completed 29 -00.00%
Meeting started 27 -10.00%
New packages 88 -32.82%
Posts on the planet 84 +05.00%
Retired packages 0 NA
Updates to stable 429 -17.34%
Updates to testing 623 -21.73%

Top contributors of the week

Activites Contributors
Badges awarded lorenzodalrio (11), psavelye (8), aserban (7)
Builds karsten (6860), pbrobinson (4863), sharkcz (2185)
Copr build completed rhscl (688), mosquito (365), nalimilan (358)
Copr build started rhscl (688), mosquito (365), nalimilan (359)
Edit on the wiki pwhalen (33), satellit (22), roshi (18)
Meeting completed nirik (6), danofsatx-work (5), sgallagh (5)
Meeting started randomuser (2), sgallagh (2), Sparks (1)
New packages jchaloup (20), anishpatil (9), tomh (9)
Posts on the planet dustymabe (10), admin (9), kevin (7)
Retired packages  
Updates to stable remi (36), siwinski (27), psabata (23)
Updates to testing remi (36), limb (17), mcpierce (17)
Mapping files to disk

Wouldn’t it be cool if you could watch a virtual machine booting, and at the same time see what files it is accessing on disk:

reading /dev/sda1 master boot record
reading /dev/sda1 /grub2/i386-pc/boot.img
reading /dev/sda1 /grub2/i386-pc/ext2.mod
reading /dev/sda1 /vmlinuz
...

You can already observe what disk blocks it is accessing pretty easily. There are several methods, but a quick one would be to use nbdkit’s file plugin with the -f -v flags (foreground and verbose). The problem is how to map disk blocks to the files and other interesting objects that exist in the disk image.

How do you map between files and disk blocks? For simple filesystems like ext4 you can use the FIBMAP ioctl, and perhaps adjust the answer by adding the offset of the start of the partition. However as you get further into the boot process you’ll probably encounter complexities like LVM. There may not even be a 1-1 mapping since RAID means that multiple blocks can store a single file block, and tail packing and deduplication mean that a block can belong to multiple files. And of course there are things other than plain files: directories, swap partitions, master boot records, and boot loaders, that live in and between filesystems.

To solve this I have written a tool called virt-bmap. It takes a disk image and outputs a block map. To do this it uses libguestfs (patched) to control an nbdkit instance, reading each file and recording what blocks in the disk image are accessed. (It sounds complicated, but virt-bmap wraps it up in a simple command line tool.) The beauty of this is that the kernel takes care of the mapping for us, and it works no matter how many layers of filesystem/LVM/RAID are between the file and the underlying device. This doesn’t quite solve the “RAID problem” since the RAID layers in Linux are free to only read a single copy of the file, but is generally accurate for everything else.

$ virt-bmap fedora-20.img
virt-bmap: examining /dev/sda1 ...
virt-bmap: examining /dev/sda2 ...
virt-bmap: examining /dev/sda3 ...
virt-bmap: examining filesystem on /dev/sda1 (ext4) ...
virt-bmap: examining filesystem on /dev/sda3 (ext4) ...
virt-bmap: writing /home/rjones/d/virt-bmap/bmap
virt-bmap: successfully examined 3 partitions, 0 logical volumes,
           2 filesystems, 3346 directories, 20585 files
virt-bmap: output written to /home/rjones/d/virt-bmap/bmap

The output bmap file is a straightforward map from disk byte offset to file / files / object occupying that space:

1 541000 541400 d /dev/sda1 /
1 541400 544400 d /dev/sda1 /lost+found
1 941000 941400 f /dev/sda1 /.vmlinuz-3.11.10-301.fc20.x86_64.hmac
1 941400 961800 f /dev/sda1 /config-3.11.10-301.fc20.x86_64
1 961800 995400 f /dev/sda1 /initrd-plymouth.img
1 b00400 ef1c00 f /dev/sda1 /grub2/themes/system/background.png
1 f00400 12f1c00 f /dev/sda1 /grub2/themes/system/fireworks.png
1 1300400 1590400 f /dev/sda1 /System.map-3.11.10-301.fc20.x86_64

[The 1 that appears in the first column means “first disk”. Unfortunately virt-bmap can only map single disk virtual machines at present.]

The second part of this, which I’m still writing, will be another nbdkit plugin which takes these maps and produces a nice log of accesses as the machine boots.


Updated instructions for using QEMU, UEFI, and Secureboot
Last year I started a wiki page about testing Fedora's Secureboot support with KVM. Just now I've cleaned up the page and modernized it for the current state of virt packages in F21:

https://fedoraproject.org/wiki/Using_UEFI_with_QEMU

The Secureboot steps are now at:

https://fedoraproject.org/wiki/Using_UEFI_with_QEMU#Testing_Secureboot_in_a_VM

The main change is that nowadays the virt tools know how to create persistent configuration storage for UEFI, so you can setup Secureboot once. Previously you had to do all sorts of crazy things to turn on Secureboot for each restart of the VM.
MapReduce: Compression and Input Splits

This is something that always rise doubts:

When considering compressed data that will be processed by MapReduce, it is important to check if the compression format supports splitting. If not, the number of map tasks may not be the expected.

Let’s suppose an uncompressed file stored in HDFS whose size is 1 GB: With a HDFS block size of 64 MB, the file will be stored as 16 blocks, and a MapReduce job using this file as input will create 16 input splits, each processed independently as input to a separate map task.

Now if the file is a gzip-compressed file whose compressed size is 1 GB: As before, HDFS will store the file as 16 blocks. But, creating a split for each block will not work since it is impossible to start reading at an arbitrary point in the gzip stream, and therefore impossible for a map task to read its split independently of the others.

In this case, MapReduce will not try to split the gzipped file, since it knows that the input is gzip-compressed (by looking at the filename extension) and that gzip does not support splitting.

At this scenario a single map will process the 16 HDFS blocks, most of which will not be local to the map (it will have additionally a data locality cost).

This Job, will not parallelize as expected, it will be less granular, and so may take longer to run.

The gzip format uses DEFLATE to store the compressed data, and DEFLATE stores data as a series of compressed blocks. The problem is that the start of each block is not distinguished in any way that would allow a reader positioned at an arbitrary point in the stream to advance to the beginning of the next block, thereby synchronizing itself with the stream. For this reason, gzip does not support splitting.

Here we have a summary of compression formats:

hadoop_spplitable_formats(a)  DEFLATE is a compression algorithm whose standard implementation is zlib. There is no commonly available command-line tool for producing files in DEFLATE format, as gzip is normally used. (Note that the gzip file format is DEFLATE with extra headers and a footer.) The .deflate filename extension is a Hadoop convention.

Source: Hadoop The Definitive Guide.

 


Some simple ansible tricks

ansible is very handy for one-off tasks like gathering quick info or running commands over a group, so I thought I would share some of those today:

Filtering on facts:

  • ansible -m setup -a ‘filter=ansible_distribution_version’ -o all (This runs the setup module on all hosts and filters on the ansible_distribution_version, so ’20’ for Fedora 20, etc. Note also that we are passing -o which means to put all the information on one line, this is very handy for grepping output).
  • ansible -m setup -a ‘filter=ansible_selinux*’ all (Runs the setup module and filters out the selinux info. Note that this is a array with more info, like config and runtime, etc)

Looking for specific information:

  • ansible -a ‘ps aux | grep puppet’ -m shell proxies (This runs the command on all hosts in the proxies group and shows output. Note that here we are using the ‘shell’ module instead of the default command module. This is because command doesn’t understand pipes and such, so you need a full shell module.)
  • ansible -m virt -a ‘command=freemem’ virthost (This uses the virt module and shows free memory on the virthost)

Docs on ansible modules:

  • Of course there’s google and duckduckgo and the ansible project web pages, but if you want to look up something quickly about an ansible module, use ‘ansible-doc’ command line. Just ‘ansible-doc shell’ for example to get all the info about the shell module, it’s arguments, etc.

It’s super easy to get started using ansible this way. All you have to do is install it on your control host and have ssh connectivity to the hosts you want to run things on.

My talk at the CentOS Dojo Pune 2014

I spoke at the CentOS Dojo in Pune yesterday on new features available in CentOS release 7.0 since the 6 release.  Slides are available here: What’s New in Virtualization.  The event was organized by the Pune GNU/Linux Users Group (PLUG) for the CentOS project.

My talk was scheduled as the last talk of the day.  I was already quite tired by the time the talk started, and was totally exhausted when it finished.

There were about 30 people attending, with some of them having already used KVM.  There were quite a few questions related to KVM and how it compares to other hypervisors, and about features supported by KVM.  I was happy with the interaction, as well as the questions I received.  It showed a nice interest towards virtualization and KVM.

Also nice to see that some were using virt-manager, oVirt, etc., already.  I couldn’t always answer everything related to the higher levels, but pointed people at bugzilla for bugs and the mailing lists for questions.

Next improved release of Lohit Devanagari 2.95.0 with Latin and ttfautohinted.
    Last release of Lohit Devanagari we did in Feb 19, 2014. During the time number of improvements happened in Lohit Devanagari. Today releasing its next version with all the improvements. [1]

    Following are the improvements:
    1. Added Latin from https://github.com/etunni/lohit-latin
            Yes, This happened :)
            I would like to thanks Dave for this, who helped to get Latin for Devanagari done from  Eduardo Rodriguez Tunni. Now one will not feel major difference while rendering of Lohit Devanagari text with Latin since Lohit has Latin coverage itself.


    2. One of the requirement of ttfautohint is to have Latin support in fonts. (AFAIK) Due to this we were not using ttfautohint for building Lohit Devanagari. Now since we have Latin in Lohit Devanagari, we have started building ttf with ttfautohint. It means Lohit Devanagari now requires ttfautohint as a build requirement.

    2. We started compiling feature file with Adobe font development kit. (AFDKO).
            As announced earlier as well.
            Feature file of Lohit Devanagari was not compiling in OTM. [2] Root cause of problem was fontforge is bit relax while validating feature file. Had good discussion with Dave and Frank on this and finally we decided to compile feature file with AFDKO. [3]

            This also helped us to further identified issues in feature file and we fixed those issues in feature file.

    3. Updated sfd file with resolved issues regarding Marathi locale (issue id on github: #46,#47)
            These were local related issues not tested well earlier.

    4. Improved Vedic accent positioning issues. Resolves issue #https://github.com/pravins/lohit2/issues/11

    5. Added new characters uni1cf5 and uni1cf6

    Looking forward for Dave's more support to add Latin in all Lohit script fonts. Enjoy improved version of Lohit Devanagari.  Please report if any issues at github [4]. I have updated fedorahosted.org/lohit [5] page with download details

    I want to verify Lohit Devanagari with Hindi script gramme [6] and make sure it follows all rules. Soon i am going to ping some linguist who can help into this.

Cheers,
Pravin Satpute
1. https://fedorahosted.org/releases/l/o/lohit/lohit-devanagari-ttf-2.95.0.tar.gz
2. https://github.com/pravins/lohit2/issues/13
3. https://github.com/adobe-type-tools/afdko
4. https://github.com/pravins/lohit/issues/new
5. https://fedorahosted.org/lohit/
6. http://www.tdil-dc.in/index.php?option=com_vertical&parentid=79&lang=en
How to adjust LVM size?
Here are some of my simple notes for shrinking or extending the file system:

It is assumed that the target to adjust is /dev/vg0/root and the file system is ext2/3/4.

    View LVM information

    sudo lvdisplay

    Increase its size by 10G

    Online resizing is not a problem.
    sudo lvextend -L +10G /dev/vg0/root

    Apply the changes
    sudo resize2fs /dev/vg0/root

    Decrease its size by 1G

    This operation needs to be done offline. So, you can use a live CD for the root partition. Otherwise, you may un-mount your partition first.

    Perform a disk check first
    sudo e2fsck -f /dev/vg0/root
    Resize the file system
    sudo resize2fs /dev/vg0/root
    Reduce the volume
    sudo lvreduce -L -1G /dev/vg0/root

    Use df to check whether the change is applied.

    November 22, 2014

    Encrypt Everything: How to encrypt the disk to protect the data
    Recently, at BrowserStack.com, some of our services got compromised. We use Amazon Web Services extensively. The person (or group) who attacked us mounted one of our backups and managed to steal some of the data. We could have prevented this simply by ensuring that we use encrypted disks which would have made this attack useless. Learning from our mistakes, we have recently started encrypting everything and I am going to show you how to do that. One point worth noting here is that Amazon AWS does provide encryption support for the EBS volumes but that is transparent and would not help in case of the account getting compromised. I am going to use dm-crypt which is supported by Linux kernel so the steps are quite generic and would work on any kind of disk, on any kind of environment, including Amazon AWS, Google Compute Engine, physical disks in your datacenter.

    Our goal is to encrypt /home. To achieve this, we'll attach a disk, encrypt it, move the entire /home data to this disk and create a symbolic link to /home.

    Step1: We are going to use Linux Unified Key Setup. For that we need to install cryptsetup package.
    # yum install cryptsetup

    Step2: While using AWS, never attach the volume to be encrypted while launching the instance. If we do so, the instance will fail to boot up next time because it'll ask for decryption password while booting up which is not possible to supply in AWS. Still if it is absolutely mandatory to do this then I suggest trying to remove entries from fstab and crypttab but it is much easier to just attach the disk after the launching of the instance is done. Assuming that the attached disk is available at /dev/xvdf, we'll setup the encryption now.
    # cryptsetup -y -v luksFormat /dev/xvdf
    WARNING!
    ========
    This will overwrite data on /dev/xvdf irrevocably.

    Are you sure? (Type uppercase yes): YES
    Enter LUKS passphrase:
    Verify passphrase:

    Command successful.


    We can verify the encryption parameters as well. Default is AES 256 bit.
    # cryptsetup luksDump /dev/xvdf

    Step3: We'll open the device and map it to /dev/mapper/home so that we can use it.
    # cryptsetup luksOpen /dev/xvdf home
    Enter passphrase for /dev/xvdf:


    Step4: This step is optional. To further protect our data, we can zero out the entire disk before even creating the filesystem.
    # dd if=/dev/zero of=/dev/mapper/home

    Step5: Now we'll create a filesytem
    # mkfs.ext4 /dev/mapper/home

    Step6: Let us mount and copy the data from /home
    # mkdir /myhome
    # mount /dev/mapper/home /myhome
    # cp -a /home/* /myhome/
    # rm -rf /home
    # ln -s /myhome /home

    Great! Our /home directory is encrypted. But wait a minute.. this approach has a short coming. We have deliberately designed it so that the disk won't auto-mount during the boot because there is no way to give it a password in cloud environment during the boot. Since the disk won't mount, we won't be able to ssh into the machine because the authorized_keys file is kept inside the home directory of the user. To address this problem, either change the "AuthorizedKeysFile" in sshd_config or create a user with home directory in /var/lib or /opt and grant sudo for cryptsetup and mount commands. So after reboot, if we take the first approach, we would be able to ssh without any problem or we'll ssh via other user, mount the encrypted drive and then use it normally.

    $ ssh mountuser@<ip>
    $ sudo /sbin/cryptsetup luksOpen /dev/xvdf home
    $ sudo /bin/mount /dev/mapper/home /myhome/


    Couple of points to remember:
    • Do not forget the LUKS password. It cannot be retrieved, if lost.
    • Try it a couple of times on staging machines before doing it on the machines that matter.


    Some Fedora Infrastructure stats – 2014-11-22

    Some possibly interesting stats for folks about Fedora’s Infrastructure (collected this morning by ansible, look for a post about that soon)

    • Amusingly, we currently have exactly 400 “instances”. Thats hardware servers, vm’s, cloud instances, etc. There’s more cloud instances that are transitory that aren’t covered in this as well.
    • 2 instances are down (1’s a arm SOC with a bad drive, 1 is a persistent cloud instance we haven’t spun up yet).
    • OS breakdown: 154 are Fedora 20, 135 are RHEL 6, 105 are RHEL 7, 3 are Fedora 19, 3 are Fedora 21 (Thats right, we have more Fedora instances than RHEL anymore)
    • Selinux breakdown: 229 are enforcing, 166 permissive, and 3 are disabled (one of those needs to be, the other 2 should get fixed)
    • Hosts still in our old puppet setup: 67 (expect this to drop after our FAD in early december)

    Expect RHEL6 numbers to go down to 0 over the next few months. We are already almost at 50% RHEL7, and so far it’s been great to work with.

    Hopefully early next year we can finally retire puppet as well.

    UPDATE: I meant to say we had more Fedora Instances than any other single OS. (Seeing RHEL6 and RHEL7 as different). Of course total RHEL is still higher than Fedora instances.

    November 21, 2014

    Running F21 aarch64 with QEMU, libvirt, and UEFI
    I just wrote up a wiki page describing how to run F21 aarch64 bits with QEMU, libvirt, and UEFI:

    https://fedoraproject.org/wiki/Architectures/AArch64/Install_with_QEMU

    This was tested on x86 but the same steps should work if running on real aarch64 HW.
    Endless Firefox discussion on fedora list

    There is a seemingly endless topic about Firefox putting ads in (https://lists.fedoraproject.org/pipermail/devel/2014-November/204272.html).  The various camps in this disagreement can be summarised into:

    • Ad? Ads are evil, full stop
    • Might confuse end users into thinking Fedora endorses companies being advertised
    • Remove Firefox as default (though no suggestions as to what this should be have been made)
    • Mozilla have to get money from somewhere
    • Can this topic be closed now, before life get even shorter

    Me? Well I guess I’m in the Mozilla need money from somewhere, as they do have people to pay.  I’m also a tad annoyed by the positioning of end users are easy to confuse idiots, as they are not.

    Fedora Community Action and Impact job opening (Red Hat OSAS)

    We don’t have an official job posting for this yet (soon, I think), but in the meantime, I’ve been told that candidates should email interest and resume to Andy Pittaluga apittalu at redhat.com with subject line “Fedora Community”.

    If you are interested, or know any other good potential candidates, please send this on.

    Fedora Community Action and Impact Lead

    Red Hat’s Open Source and Standards group funds a full-time position to lead initiatives to grow the Fedora user and developer communities, and to make Red Hat / Fedora interactions even more transparent and positive. The Fedora community budget comes to us through OSAS, and this position facilitates decision-making on how to best focus that to meet our collective objectives.

    The successful applicant for this job will be appointed to the Community Action and Impact seat on the Fedora Council, Fedora’s top-level community leadership and governance body. The Council is responsible for stewardship of the Fedora Project as a whole, and supports the health and growth of the Fedora Community.

    The person in this position will:

    • Hold the Community Action and Impact seat on the Fedora Council.
      • Work with other Council members to identify the short, medium, and long term goals of the Fedora community and to organize and enable the project to best achieve them
      • Primary Council member with responsibility for the development
      • Participate in decision-making about use of trademarks, project structure, community disputes or complaints, and other such issues
      • This seat holds a full Council membership, not an auxiliary or advisory role
    • Design and spearhead special initiatives to grow user and contributor bases
    • Implement metrics for community engagement, participation, and satisfaction; create and execute projects to improve those metrics; report regularly on progress and adjust approach as needed
    • Identify opportunities to engage new contributors and community members; align project around supporting those opportunities
    • Communicate community needs to Red Hat and participate in regular meetings with internal Red Hat stakeholders; align Red Hat participation in Fedora beyond platform engineering
    • Represent Red Hat’s stake in Fedora community success
    • Improve on-boarding materials and presentation of Fedora to new Red Hat hires; develop standardized materials on Fedora which can be used at Red Hat globally.
    • Work with Fedora Council and OSAS to determine annual Fedora Budget
    • Ensure that budget is published and tracked transparently, with a public page indicating how each year’s budget is earmarked and its current state.
    • Participate in planning and organizing Fedora’s Flagship events each year, including:
      • Flock
      • DevConf.cz
      • Regional FUDCons
      • Fedora Activity Days
      • Red Hat Summit presence
    • 3-5× week, major communications to Fedora Magazine or other mass communication channel to talk about community goals/progress and general community boosting

    Skills:

    This job requires exceptional communication and organizational skills. Strong experience with the Fedora Project or a comparable open source community is essential, as is a strong technical background.

    Choose to accentuate the positive

    A number of folks have been talking about “choice” in open source recently.

    See the classic post by Adam Jackson: Linux is not about choice and Will Woods followup: two fallacies as well as a google+ post by Greg Kroah-Hartman: here

    I broadly agree with all of them, but I’d like to talk about a related thing here.

    Folks are free to choose how to spend their time and energy, free to ask others to spend time or energy (which of course those people are free to ignore or decide not to do) and free to use whatever software they like. Thats all great.

    I’d like to further posit that the most efficent way to get people to help you with your choices and spend their time and energy on making those choices happen is simple: “Strive to be positive”. If someone is working on software you dislike and don’t have any intention of using, move on, and instead work on what you DO intend to use or find agrees with your choices. Choosing to spend your time and energy knocking down people doing things (especially if you don’t agree with them) just makes you waste your energy on that and slows down the people you are flaming. I’d also posit that it makes your life full of negatives and much less enjoyable for both you and people you are flaming.

    If you find you are in a discussion where you can’t find a way to be positive, it’s time to back away and go do something that is.

    The first APAC Ambassadors FAD for annual budget planning
    We have finished the first ever FAD for APAC Ambassadors for annual budget planning in Phnom Penh at the last weekend. As other participants like Sirko or Siddesh wrote some nice summary reports (day 0, 1 and 2), I would not like to repeat those more. Instead of those, I would like to tell you […]
    PostBooks 4.7 packages available, xTupleCon 2014 award

    I recently updated the PostBooks packages in Debian and Ubuntu to version 4.7. This is the version that was released in Ubuntu 14.10 (Utopic Unicorn) and is part of the upcoming Debian 8 (jessie) release.

    Better prospects for Fedora and RHEL/CentOS/EPEL packages

    As well as getting the packages ready, I've been in contact with xTuple helping them generalize their build system to make packaging easier. This has eliminated the need to patch the makefiles during the build. As well as making it easier to support the Debian/Ubuntu packages, this should make it far easier for somebody to create a spec file for RPM packaging too.

    Debian wins a prize

    While visiting xTupleCon 2014 in Norfolk, I was delighted to receive the Community Member of the Year award which I happily accepted not just for my own efforts but for the Debian Project as a whole.

    Steve Hackbarth, Director of Product Development at xTuple, myself and the impressive Community Member of the Year trophy

    This is a great example of the productive relationships that exist between Debian, upstream developers and the wider free software community and it is great to be part of a team that can synthesize the work from so many other developers into ready-to-run solutions on a 100% free software platform.

    Receiving this award really made me think about all the effort that has gone into making it possible to apt-get install postbooks and all the people who have collectively done far more work than myself to make this possible:

    Here is a screenshot of the xTuple web / JSCommunicator integration, it was one of the highlights of xTupleCon:

    and gives a preview of the wide range of commercial opportunities that WebRTC is creating for software vendors to displace traditional telecommunications providers.

    xTupleCon also gave me a great opportunity to see new features (like the xTuple / Drupal web shop integration) and hear about the success of consultants and their clients deploying xTuple/PostBooks in various scenarios. The product is extremely strong in meeting the needs of manufacturing and distribution and has gained a lot of traction in these industries in the US. Many of these features are equally applicable in other markets with a strong manufacturing industry such as Germany or the UK. However, it is also flexible enough to simply disable many of the specialized features and use it as a general purpose accounting solution for consulting and services businesses. This makes it a good option for many IT freelancers and support providers looking for a way to keep their business accounts in a genuinely open source solution with a strong SQL backend and a native Linux desktop interface.

    Predictable Network Interface Names
    Predictable Network Interface Names:

    Even if quite “old”, one nice feature of systemd.

    Inkscape Workshop Phnom Penh

    I had yesterday the opportunity to give an Inkscape workshop at Development Innovations Cambodia in Phnom Penh. The participatns was only from several NGO’s, so called multiplicators and it turned out great. One day isnt that much time, to learn enough about Inkscape to use it in a professional way, but you can get at least the foundations to use it and learn more by yourself. But we had a lot of fun together and there was really some talented people amongst the 23 participants and the best two of them had already Fedora stickers on their laptop, so Open Source community in Cambodia begins to grow.

    November 20, 2014

    The State of the Cloud Working Group and Fedora 21 Cloud

    As Fedora 21 approaches, let’s take a bit to examine the state of the Cloud Working Group (WG) — or, more importantly, the releases that are coming your way very soon! With Fedora 21 you’ll have two distinct Fedora “flavors” from the Cloud WG: ready to run images for public and private clouds, and Fedora 21 Atomic Host. And, to pique the buzzword crowd’s interest, here’s a spoiler – we’ll be talking about Docker.

    Today the Cloud Working Group held / is holding a Atomic Test Day to take a look at the state of the Fedora 21 Atomic Host that’s brand new in Fedora 21. The Test Day went quite well, we found a number of bugs without anything exploding massively, and folks provided really excellent feedback.

    First, let’s take a look at what you’re getting with Fedora 21. We have the base image, which isn’t entirely new. We’ve offered a cloud image suitable for deployment on EC2, OpenStack, etc. for a while now. It was a “first-class citizen” in Fedora 20, and (once again) it’s a major focus for the release effort.

    The base image is a tailored set of packages that are specially targeted at the cloud environment. These images should be an excellent base for developing and deploying services and applications in private clouds like OpenStack and Apache CloudStack or an public IaaS environment like Amazon Web Services (AWS).

    Atomic Base Image

    What’s totally new in Fedora 21 is the Atomic Host Image. What’s this Atomic business, you may well ask?

    In April, Project Atomic was unveiled as a community of practice to develop a platform for running Docker containers. This means having a tailored platform build from an existing operating system (e.g., Fedora), that allows “atomic” updates and has just the tools you need to run and orchestrate Docker containers. (It also should make a nifty platform for developing containers as well!)

    The idea is that a lot of folks now want to build apps and services using containers, but they still use general purpose OSes for many existing applications. Also, the components we need to build the Docker host OS exist in Fedora (or CentOS, or RHEL), so there’s no reason to re-create the wheel in building the Docker host.

    Atomic uses rpm-ostree to create the Fedora Atomic image, and then allows users or admins to use rpm-ostree for updates. An update is an “atomic” unit that can rolled back in the event there’s a bug or issue that impacts deployed applications. RPM is a great technology for packages, but it was only envisoned to go one way – forward. The beauty of rpm-ostree is that it lets you revert to a previous state of the host OS with a single command. It also offers some interesting additional features, like switching between trees for two different systems, but we’re not offering those kinds of updates/options yet.

    The Atomic image will also feature Kubernetes and Cockpit for working with Docker. Cockpit is looking great, the team there has done a fantastic job of adding features and polish, and getting a stable version ready to ship with Fedora 21. We’ll be talking about Kubernetes much more in the future, and have some features on Cockpit on the Magazine soon. (Note that Cockpit is also available with Fedora 21 Server!)

    Docker, Docker, Docker?

    It bears mentioning that the Docker base image has been split out from the Cloud Working Group to the Base Working Group, though (obviously) we’ll still be making heavy use of it in cloud environments. A big kudos to the Base Working Group folks who’ve taken that on and are doing great work in getting it into shape for Fedora 21.

    The big take-away on Docker, though, is that the Fedora 21 release will have an “official” Docker image. You can use the Fedora 21 Atomic base image with the F21 Docker image to test Docker features, or use Atomic to run Docker to test your containerized applications.

    How do I do this? Just run sudo docker pull fedora:21 and you’ll get the latest Docker image for Fedora.

    Where We’re At, Where We’re Going – Join Us!

    As you can see, there’s a lot of exciting stuff going on in the Cloud territory. However, we still have a lot of work to do on testing, packaging, and developing documentation for best practices.

    Have questions? Ask us on the cloud mailing list (cloud@lists.fedoraproject.org), or in #fedora-cloud on Freenode.

    CONVOCAÇÃO: Reunião de Colaboradores do Projeto Fedora de Chapecó e Região
    Bora fuçar no Fedora, pessoal!

    CONVOCAÇÃO: Reunião de Colaboradores do Projeto Fedora
    QUANDO: Sábado 29/Novembro, das 14h às 18h
    ONDE: Lab B202 (Bloco B) da UNOESC Chapecó

    Chamamos todos os atuais colaboradores do Projeto Fedora de Chapecó e região, bem como os interessados em se tornarem contribuidores deste grande projeto, para uma reunião de trabalho e habilitação de novos contribuidores, a se realizar no Lab B202 da UNOESC Chapecó, na tarde do sábado dia 29 de Novembro, a partir das 14h.

    Se você já é colaborador e anda meio parado, venha encontrar seus colegas e receber uma nova dose de motivação! Se você tem vontade de participar de uma grande comunidade global de desenvolvimento de Software Livre, crescendo como pessoa e como profissional, venha aprender os primeiros passos conosco, e encontrar novos amigos!

    A proposta de trabalho e estudo é a seguinte:
    • O que é, como se organiza e como funciona o Projeto Fedora;
    • Como instalar e utilizar o Sistema Operacional Fedora;
    • Como contribuir para o desenvolvimento do Fedora;
    • "Prática" com criação de contas no Fedora Account System, apresentação nas listas de emails dos grupos de trabalho de interesse dos presentes, canais de IRC onde a comunidade se encontra, etc.
    O ambiente será informal e prático, como um grande trabalho em grupo. Venha aprender e fuçar no Projeto Fedora conosco!

    Tragam seus laptops, pendrives (para criação de imagens Live de uso e instalação) e a vontade de realizar algo novo.
    OPW Fedora Badges Intern… A Year Later!

    I can’t believe that my internship started almost a year ago! I participated in the seventh session of the Outreach Program for Women working on Fedora Badges. Time has gone by so quickly! Since my internship ended in March I have continued to stay active on the Fedora Badges project, creating more badge designs and helping others design their own. To date I have designed or collaborated on 97 badge designs in the Fedora Badges system.

    This past week I had the opportunity to visit my mentor Máirín Duffy at Red Hat’s Office in Westford, MA. I learned a lot about Fedora.Next and website design. I helped to gather and create content for a new website that will be serving up three flavors of Fedora downloads; Developer, Server and Cloud. I created illustrations, backgrounds and photographs. During my stay I also had the chance to meet my other mentor Ryan Lerch and see a few familiar faces from Flock.

    The first project I worked on was an illustration of a computer to display screenshots of various features and interfaces. Drawing this was a lot of fun for me, being one of my first attempts at a more realistic style using Inkscape.

    laptop

    Fedora.Next for Developers will feature some cool packages, so Mo and I came up with creating a “gift package” illustration. Using the established logo for packages, I added on a sweet green bow!

    giftpackage

    Mo, Ryan and I brainstormed some ideas for backgrounds and we decided that I should work on creating a background composed of “Fedora.” I have experience with hand lettering so I had a LOT of fun with this project. Each “Fedora” was hand lettered by me with a pen/marker/nib on paper, scanned and then hand traced using Inkscape. Here you can see my hand drawn letters, details and the final product.

    fedora_handlettering 3fedora_handlettering

    Screen Shot 2014-11-20 at 12.18.15 PMScreen Shot 2014-11-20 at 12.19.05 PMScreen Shot 2014-11-20 at 12.56.55 PM

    handlettering_fedora

    Overall I had a great time meeting my mentors, Mo and Ryan, and using my skills to contribute some well needed graphics. I want to say thanks to them for patiently teaching me about web design and Fedora.Next, and for making my involvement easy and fun!

    panda thank you_small


    In praise of Linux Software Raid

    It may interest some of you to know that we in Fedora Infrastructure use Linux Software Raid (mdraid) on all our servers local disks. Here’s a nice list of reasons why:

    • Portable: If a machine dies, the disks can actually be swapped into any Linux server and be brought up. If you have hardware raid, you need the same controller, by the same company, with the same firmware, which hopefully works the same way on the new different machine. Good luck with that.
    • Consistent: Since we use it everywhere we don’t need to worry about weird obscure binary only command lines from N raid vendors that we have to figure out each time we need to do anything with the raid.
    • Integrated: When a disk fails, we get email/nagios notification. With hardware raid you can get notification, but you have to setup weird binary only junk and hope that it all works, and hope it lets you know before it’s too late.
    • Great Performance: True it doesn’t have dedicated cache or cpu, but host cpus are so performant these days that mdraid just flies.
    • Easy to install: The Fedora/RHEL installer is well integrated to making software raid volumes.
    • Easy to discover: You can easily see how many disks a server has, if they are all ok and other info from the command line.
    • Hot: You can easily hot remove/add disks and migrate raid levels with no downtime. Hardware raid can sometimes do that with it’s binary only command line junk, but often you need to take the machine down into a ‘raid bios’ thing to do it.
    • Upgradable: To get new cool features, all you have to do is upgrade your kernel and userspace tools.
    • Completely open: Tons and tons of people use mdadm and the code is open. Most hardware raid vendors have something in the upstream Linux kernel, but it’s often behind their development or you need to install binary only tools to really maintain it.

    In short, Linux software raid is awesome. :)

    Standing desks

    So around three months ago (yes, I must do a post on that too) I changed roles at Red Hat and moved from constantly travelling and being on customer sites to working from home. As a result I needed to setup a workspace that I could use day to day.

    One thing I’ve always wanted to try is a standing desk. I have back problems, and generally not the best posture, so I thought that would be one way to be able to deal with at least the later, and potentially even the former. The main problem, until recently, is that decent standing desks tend to be very expensive and I didn’t want to needlessly go and spent a lot of extra money for something that would be used for a week and never again. So I decided I would start with a cheap height adjustable desk, which I needed to get anyway due to my height, and then use it as a the basis of a standing desk and then hack it from there. The initial combo I decided on after a lot of looking was the IKEA Galant Height Adjustable Desk at £49 and the IKEA Lack Side table at £8 plus delivery. I figured at less than £100 including delivery if it was terrible I wasn’t wasting a lot of money!

    As it turns out it’s been much better than I ever expected it to be. I initially setup the desk to the height I would want when sitting. At a height of six foot three inches I’m not the shortest of people so when sitting I prefer a higher than average desk. Sitting the Lack table on top of the desk by chance also ended up also giving me the perfect standing height. Bonus! A few quid for some foam gym mats plus a decent height adjustable monitor (the most expensive bit by far!) and I was done! Well mostly, I still haven’t decided on a decent keyboard yet.

    So how does it look? Well a little bit weird to be honest. How does it work? Better than I ever expected as I find I can happily stand at the desk for a full eight hour working day without too much issue and I’ve even done longer (hello Fedora beta release candidates!!) and my back feels better than it has in a long time! I was also trying to decide on a decent but reasonably priced office chair to buy but now I’m not going to bother. Interestingly IKEA has also just launched the BEKANT sit/stand desk which is reasonably priced and has electric motors for raise/lower. It’s likely I’ll end up getting one of these one day but for the moment my IKEA hack is working pretty well.

    Cheap IKEA Standing Desk

    Is Amnesty giving spy victims a false sense of security?

    Amnesty International is getting a lot of attention with the launch of a new tool to detect government and corporate spying on your computer.

    I thought I would try it myself. I went to a computer running Microsoft Windows, an operating system that does not publish its source code for public scrutiny. I used the Chrome browser, users often express concern about Chrome sending data back to the vendor about the web sites the users look for.

    Without even installing the app, I would expect the Amnesty web site to recognise that I was accessing the site from a combination of proprietary software. Instead, I found a different type of warning.

    Beware of Amnesty?

    Instead, the only warning I received was from Amnesty's own cookies:

    Even before I install the app to find out if the government is monitoring me, Amnesty is keen to monitor my behaviour themselves.

    While cookies are used widely, their presence on a site like Amnesty's only further desensitizes Internet users to the downside risks of tracking technologies. By using cookies, Amnesty is effectivley saying a little bit of tracking is justified for the greater good. Doesn't that sound eerily like the justification we often hear from governments too?

    Is Amnesty part of the solution or part of the problem?

    Amnesty is a well known and widely respected name when human rights are mentioned.

    However, their advice that you can install an app onto a Windows computer or iPhone to detect spyware is like telling people that putting a seatbelt on a motorbike will eliminate the risk of death. It would be much more credible for Amnesty to tell people to start by avoiding cloud services altogether, browse the web with Tor and only use operating systems and software that come with fully published source code under a free license. Only when 100% of the software on your device is genuinely free and open source can independent experts exercise the freedom to study the code and detect and remove backdoors, spyware and security bugs.

    It reminds me of the advice Kim Kardashian gave after the Fappening, telling people they can continue trusting companies like Facebook and Apple with their private data just as long as they check the privacy settings (reality check: privacy settings in cloud services are about as effective as a band-aid on a broken leg).

    Write to Amnesty

    Amnesty became famous for their letter writing campaigns.

    Maybe now is the time for people to write to Amnesty themselves, thank them for their efforts and encourage them to take more comprehensive action.

    Feel free to cut and paste some of the following potential ideas into an email to Amnesty:


    I understand you may not be able to respond to every email personally but I would like to ask you to make a statement about these matters on your public web site or blog.

    I understand it is Amnesty's core objective to end grave abuses of human rights. Electronic surveillence, due to its scale and pervasiveness, has become a grave abuse in itself and in a disturbing number of jurisdictions it is an enabler for other types of grave violations of human rights.

    I'm concerned that your new app Detekt gives people a false sense of security and that your campaign needs to be more comprehensive to truly help people and humanity in the long term.

    If Amnesty is serious about solving the problems of electronic surveillance by government, corporations and other bad actors, please consider some of the following:

    • Instead of displaying a cookie warning on Amnesty.org, display a warning to users who access the site from a computer running closed-source software and give them a link to download an open source web browser like Firefox.
    • Redirect all visitors to your web site to use the HTTPS encrypted version of the site.
    • Using spyware-free open source software such as the GNU/Linux operating system (using one of the Debian, Fedora or Ubuntu systems is one of the more common ways to achieve this) and LibreOffice for all Amnesty's own operations, making a public statement about your use of free open source software and mentioning this in the closing paragraph of all press releases relating to surveillance topics.
    • Encouraging Amnesty donors, members and supporters to choose similar software especially when engaging in any political activities.
    • Make a public statement that Amnesty will not use cloud services such as SalesForce or Facebook to store, manage or interact with data relating to members, donors or other supporters.
    • Encouraging the public to move away from centralized cloud services such as those provided by their smartphone or social networks and use de-centralized or federated services such as XMPP chat.

    Given the immense threat posed by electronic surveillance, I'd also like to call on Amnesty to allocate at least 10% of annual revenue towards software projects releasing free and open source software that offers the public an alternative to the centralized cloud.


    While publicity for electronic privacy is great, I hope Amnesty can go a step further and help people use trustworthy software from the ground up.

    Workshop at Smallworld

    I am still in Cambodia and after FAD I had on monday and tuesday an workshop about open source graphic tools at Smallworld Cambodia. It was great as always I like being there, its a nice place and its really nice to see how this young people organize to get an better education. The workshop was really good and there was really talented people amongst the particiants. I even managed to help one to install an Fedora on his laptop. The only thing bad was, that my tuesday morning started not so nice with being fetched in the elevator but I was still on time at the place.

    So Fedora found again more friends in Cambodia, it might need time to get them to contributors but I have hope for it. At least they start using more and more free software and thats a good thing.

    Fedora Cloud SIG update from 2014/11/19

    Last week roshi mailed the new release criteria to the test list. Not much reply in that thread. He will bring this point again to the QA meeting on next Monday (2014-11-24). We also need more hands for testing the images. If you want to help please ping us in the #fedora-cloud channel on freenode.

    Today is the Project Atomic testday. You can find more details about it here.

    jzb will publish the magazine story on Fedora Cloud. It is ready and will be pushed very soon.

    During the openfloor, dustymabe informed that he will be going to the Digital Ocean office and get some more information on how easily we can have released Fedora Cloud images there.

    I have updated my worknotes so that anyone can run my small test suite. You will find more details in this link.

    I will be working as FESCO liaison from the Fedora Cloud SIG, my first duty is to update the Governance page with the current team members.

    On a side note, the third meeting of the CentOS Cloud SIG will happen at around 3pm today, meet us at #centos-devel. The log from the last meeting is already available.

    Shooting yourself in the foot, part 53326: Mozilla
    Step 1: with bad design decisions one after another (Australis is a shining example of that) slide yourself into irrelevance;
    Step 2: when market share goes below some threshold, the main sponsor diminishes (or suspend?) payments;
    Step 3: in retaliation, hurt the users by forcing om them a sub-par alternative as a default;
    Step 4: profit bleed even more angry users and go even faster into irrelevance.

    Brilliant strategy Mozilla!

    Myself, I am still using Firefox for the time being, but that's exclusively due to Gecko.