August 22, 2014

ppc64le libreoffice
LibreOffice is now ported to ppc64le. make passes, testtools passes and the resulting application is capable of headlessly converting documents to pdf. There's no reason to think it's any less capable of anything else as any other port but I don't actually have a ppc64le and transatlantic ssh tunnels aren't conducive to extensive UI testing.

The tricky bit of the port as always is the uno bridge, especially because the ABI was changed for little endian

https://bugs.openjdk.java.net/browse/JDK-8035647 is handy to get the links to the original elf v2 abi change commits to gcc/libffi

https://ghc.haskell.org/trac/ghc/ticket/8965 is handy to get a friendlier translation of the change where if gcc can see that the arguments to the function to be called will fit in registers then no argument save area is created which stumped me for a while
Asus Maximus VI Gene – Error 55

It’s been quite a while since I built a computer but I decided to give it a try for a new hypervisor/NAS box at home. I picked up an Asus Maximus VI Gene motherboard since it had some good parts installed and it seems to work well with Linux. This was my first time doing water cooling for the CPU and I picked up a Seidon 240M after getting some recommendations.

Rubber hits the road

Once everything was in the box and the power was applied, I was stuck with an error code. There’s a two-digit LCD display on the motherboard that rapidly flips between different codes during boot-up. If it stays on a code for a while and you don’t get any display output, you have a problem. For me, this Asus Q code was 55.

The manual says it means that RAM isn’t installed. I pulled out my four sticks of RAM and reseated all of them. I still got the same error. After reading a bunch of forum posts, I ran through a lot of troubleshooting steps:

  • Reseat the RAM
  • Try one stick of RAM and add more until the error comes back
  • Reseat the CPU cooler (at least three times)
  • Reseat the CPU (at least three times)
  • Upgrade the BIOS
  • Clear the CMOS
  • Curse loudly, drink a beer, and come back

I still had error 55 and wasn’t going anywhere fast. After some further testing, I found that if I left the two RAM slots next to the CPU empty, the system would boot. If I put any RAM in the two left RAM slots (A1 and A2), the system wouldn’t boot. Here’s an excerpt from the manual:

Asus Maximus VI Gene Motherboard CPU/memory layout

CPU is on the left. RAM slots are A1, A2, B1, B2, left to right.

Fine-tuning the Google search

I adjusted my Google terms to include “A1 A2 slots” and found more posts talking about CPU coolers being installed incorrectly. Mine had to be correct — I installed it four times! I decided to try re-installing it one last time.

When I removed the CPU cooler from the CPU, I noticed something strange. There are four standoffs around the CPU that the cooler would attach to with screws. Those standoffs screwed into posts that connected to a bracket on the back of the motherboard.

Asus motherboard cpu cooler standoff

The lower two standoffs are highlighted.

I removed the two standoffs that were closest to the A1/A2 RAM slots and noticed something peculiar. One side of the standoff had a black coating that seemed a bit tacky while the other side of the standoff was bare metal. Three of the standoffs had the black side down (against the board) while one had the black side up. I unscrewed that standoff and found that the bare metal side was wedged firmly onto some connections that run from the CPU to the A1/A2 RAM slots. Could this be the issue?

Eureka

After double-checking all of the CPU cooler standoffs and attaching the cooler to the board, I crossed my fingers and hit the power button. The machine shot through POST and I was staring down a Fedora logo that quickly led to a GDM login.

Badly installed cpu cooler standoff

The culprit

I don’t talk about hardware too often on the blog, but I certainly hopes this helps someone else who is desperately trying to find a solution.

The post Asus Maximus VI Gene – Error 55 appeared first on major.io.

Windows – virt-manager
<script></script>

I’m currently running a Centos 6.5 virtual host, it’s just setup to use kvm etc. As a Fedora user, I can just install the virt-manager software on my machine and use this to setup my virtual machines. Yes I know I can use it all from command line, but this is all about the gui.

Sometimes [I dual boot my laptop] I’m in windows, so was wondering if you could run virt-manager under windows. Well it turns out you can. There are a few prerequisites you need to do before you get it running, but here’s how I got it running on my systems. This is for a windows 7 machine, I’ve not tested it on windows 8

If you don’t have it already install in on your virtual host

yum -i install virt-manager

Edit /etc/ssh/sshd_config and make sure that X11Forwarding is set to yes [if it’s not change it, save file and restart sshd

On the host install xorg-x11-xauth

On the client you’ll need to install a xwindow system so I downloaded this from XMING

http://sourceforge.net/projects/xming/ – just install it accepting all the defaults then run it. it should put a little icon in your system tray.

now you’ll need the ssh client. I use putty

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

run putty

add the ip you want to connect to, username and password etc, then setup X11 options

LinuxKVMManagingKVMGuestUsingVirt-ManageronWindows_image01-300x289

Now something I had to add was the X-Display location, I added localhost:0 into that box

once you’ve connected to the server, log is an root and run virt-manager

 

 

 

 

 

 

When I did it, I got this, check out the fonts….wow they suck

virt-manager

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

well to fix that, you need to install certain fonts on the host

yum install dejavu-lgc-sans-fonts

Sorted….well it was for me.

The post Windows – virt-manager appeared first on Paul Mellors [dot] NET.

flattr this!

Okay, this is a neat attack…

This morning I received an email from my “administrator” saying that I needed to validate my email address within the next 48 hours or my email account would be suspended.  Seeing as how I’m my own email administrator, I couldn’t remember sending out such a message, I decided that this was likely spam.  I’m always interested in seeing how these attacks are actually going to be played out so I clicked on the link.

OWA Verify Screen

OWA Verify Screen

Neat, Microsoft-y looking screen!  And it looks like the backend is WordPress!  It looks like the attacker is using the account system in WordPress to collect the information.  When you submit your information for validation you get this response:

Your information was successfully submitted, please ensure that you entered your email details correctly; to enable us complete your security updates. If you have entered your details wrongly kindly click back and refill in details correctly.

N.B Please be informed that filling in the wrong details will be resulting to the deactivation of your email address.

I’m guessing my address will not be closed down, since I did not provide my correct email information.  I don’t know, maybe I’ll disable my own email… you know, just for the weekend.


Eclipse Luna for Fedora 20

If you are a Fedora Eclipse user, then you're probably saddened since the release of Eclipse Luna (4.4) because you are still using Eclipse Kepler (4.3) on Fedora 20.

Well, be saddened no longer because Eclipse Luna is now available for Fedora 20 as a software collection!

A software collection is simply a set of RPMs whose contents are isolated from the rest of your system such that they do not modify, overwrite or otherwise conflict with anything in the main Fedora repositories. This allows you install multiple versions of a software stack side-by-side, without them interfering with one another. More can be read about this mechanism on the software collections website.

The Eclipse Luna software collection lives in a separate yum repository, which must be configured by clicking on this link to install the release package.

Then you can install the whole collection by doing:

$ sudo yum install eclipse-luna

This will install everything you need to run Eclipse Luna (including a bunch of useful plug-ins for Java and C/C++ development) on your Fedora 20 machine. After installation is complete, you may notice Eclipse Luna's shiny new icon appear next to the old one in GNOME.

Luna Launcher

Alternatively, if you ever need to launch Eclipse from a terminal, you can do so with the following command:

$ scl enable eclipse-luna eclipse

And that will launch the specific version of Eclipse from the Eclipse Luna software collection instead of the default Eclipse that comes with Fedora 20.

Happy hacking!

PHP 5.4.32 and 5.5.16

RPM of PHP version 5.5.16 are available in remi repository for Fedora and in remi-php55 repository for  Enterprise Linux.

RPM of PHP version 5.4.32 are available in remi repository Enterprise Linux (RHEL, CentOS...).

security-medium-2-24.pngAs those versions include various security fix, update is strongly recommended.

Version announcements:

PHP 5.5 installation:

yum --enablerepo=remi-php55,remi update php\*

PHP 5.4 Installation:

yum --enablerepo=remi update php\*

And soon in the official updates:

Reminder: Fedora 21 will provides PHP 5.6.

emblem-important-2-24.pngTo be noticed :

  • EL7 rpm are build using RHEL-7.0
  • EL6 rpm are build using RHEL-6.5
  • for php 5.5, the zip extension is now provided by the php-pecl-zip package.
  • a lot of new extensions are also available, see the PECL extension RPM status page

emblem-notice-24.pngInformation, read:

Fedora + Youtube + Hangouts
<script></script>

A few of the Fedora UK team got together last night, with the aid of Mark Terranova, to try and get our heads around Google Hangouts on air. It was a right mishmash of giggles and not knowing what to actually do. It turns out that it’s not just a case of create the hangout, then any one can join, it’s a bit smarter than that. First you have to specify the intended audience, then you have to specify who is actually part of the stream, it took me a little while to figure that out.

The aim of this was to start doing a weekly or even a half monthly podcast/hangout for Fedora, obviously we’ll not just talk about Fedora, but that’ll be the main focus. News, Events etc etc

ok without futher ado, here’s a few muppets getting together and trying to figure out hangouts. Lets Call this the Fedora UK Podcast Alpha 1 :D

<iframe frameborder="0" height="360" id="ytplayer1" src="http://www.youtube.com/embed/Tl0wTluPiJY?origin=http://www.paulmellors.net" type="text/html" width="640"></iframe>

If you can’t see the video, it’s here

The post Fedora + Youtube + Hangouts appeared first on Paul Mellors [dot] NET.

flattr this!

August 21, 2014

Phishing

Kerberos was slow when talking to my demo machine. As part of debugging it, I was making DNS changes, so I pointed my machine directly to the DNS server. It was at my hosting provider, and authoritative for my domain.

As I tend to do, I idly checked Facebook. Its a bad habit, like biting nails. Sometimes I’m not even aware that I am doing it. This time, however, a browser warning brought me up short:

“Security Error: Domain Name Mismatch”

The certificate reported that it was valid for a domain that ended in the same domain name as the nameserver I was pointing at.

Someone just like me had the ability to push up whatever they wanted to the DNS server. This is usually fine: only the Authoritative DNS server for a site is allowed to replicate changes. It did mean, however, that anyone that was looking at this particular DNS server would be directed to something they were hosting themselves. I’m guessing it was a Phishing attempt as I did not actually go to their site to check.

Most of us run laptops set up to DNS from the DHCP server we connect to. Which means that if we are at a Coffee Shop, the local library, or the Gym, we are running against an unknown DNS server. The less trusted the location, the less reason to trust the DHCP server.

This is a nasty problem to work around. There are things you can do to mitigate, such as whitelisting DNS servers. The onus, however, should not be up to the end users. DNSSec attempts to address the issues. Until we have that, however, use HTTPS where ever possible. And check the certificates.

TripleO vs OpenStack HA

One of the topics discussed during the TripleO mid-cycle meetup in RDU was our status in relation to deploying OpenStack in a highly available manner. This had been actively worked on for some time and recently reached a usable state.

Majority of problems seem to come from two factors: 1) we need to guarantee aivalability of external services too like the database and the message broker, 2) despite OpenStack services being roughly designed around a scale-out concept, while attempting to achieve that in TripleO we spotted a number of weak angles, some could be worked around, others could not and need changes in the core service. You're encouraged to try what we have today and help with the rest.

So to try this out, all one needs to do is set a number >= 3 for OVERCLOUD_CONTROLSCALE and controllers will be configured appropriately!:

export OVERCLOUD_CONTROLSCALE=3

Don't forget this only works on a few distros for now. I'd pick some Fedora 20.

On the controllers, MariaDB with Galera (for Fedora) is going to provide for a reliable SQL. There is still some work in progress to make sure the Galera cluster can be restarted correctly should all the controllers go down at the same time but, for single node failures, this should be safe to use.

RabbitMQ is covered too, nodes are clustered and balanced (via HAProxy), queues replicated.

And with regards to the OpenStack services, these are configured in a balancing manner (again, using HAProxy) except for those cases where this wouldn't have worked, notably the Neutron L3 agent and the Ceilometer Central agent, yet these are under control via Pacemaker. Cinder instead remains uncovered as volumes would require a shared storage too for proper HA. A spec has been proposed for this though.

Also, behind the scenes, the Heat template language addon shipped as merge.py and included in tripleo-heat-templates, which allows for example for scaling of the resources definition, is currently going to be removed and replaced with code living entirely in Heat.

And there is more so once you tried, join us on #tripleo @ freenode for the real fun!

Exciting New Eclipse Plug-ins in Fedora

Two exciting new plug-ins are now available in Fedora, a TestNG integration plug-in and the PHP Development Tools (PDT) plug-in.

The TestNG plug-in offers integration for Java projects using TestNG as an alternative to the Junit testing framework. It allows authoring, running and debugging TestNG tests in a similar way to the way you can with Junit tests.

TestNG Action Shot

Read more about the TestNG plug-in at the project website. It is available for Fedora 20 and above and may be installed with the following command:

$ sudo yum install eclipse-testng

The PHP Development Tools (PDT) plug-in attempts to provide a complete PHP IDE. I am not a PHP programmer so I can't tell you much about it, but at over two hundred thousand downloads from eclipse.org for this version alone, it seems pretty popular. It was added to Fedora as a maintainable replacement for the retired PHPEclipse plug-in, so if you were using that in the past please give this a try.

PDT Action Shot

Read more about it on the project website. PDT is also available for Fedora 20 and above and may be installed with the following command:

$ sudo yum install eclipse-pdt

Happy hacking!

New Human Interface Guidelines for GNOME and GTK+

hig-graphic-940

I’ve recently been hard at work on a new and updated version of the GNOME Human Interface Guidelines, and am pleased to announce that this will be ready for the upcoming 3.14 release.

Over recent years, application design has evolved a huge amount. The web and native applications have become increasingly similar, and new design patterns have become the norm. During that period, those of us in the GNOME Design Team have worked with developers to expand the range of GTK+’s capabilities, and the result is a much more modern toolkit.

It has been a long road, in which we have done a lot of testing and prototyping before incorporating new features into GTK+. As a result of that work, GTK+ provides a contemporary lexicon to draw on when designing and implementing applications, including header bars, popovers, switches, view switchers, linked and specially styled buttons, and much more.

There is a downside to all the experimentation that has been happening in software design in recent years, of course – it can often be a bewildering space to navigate. This is where the HIG comes in. Its goal is to help developers and designers take advantage of the new abilities at their disposal, without losing their way in the process. This is reflected in the structure of the new HIG: the guidelines don’t enforce a single template on which applications have to be based, but presents a series of patterns and elements which can be drawn upon. Each of these is accompanied by advice on when each pattern is appropriate, as well as alternatives that can be considered.

The HIG is also designed so that it can grow and evolve over time. The initial version that I have been working on covers the essentials, and there is a lot more ground to be covered. We want to assist people in finding the design that best fits their needs, and we want to make a whole range of creative solutions available.

In writing the HIG, I’ve made an effort to produce a document that is as useful to as many people as possible. While there is an emphasis on integration with GNOME 3, there should be useful material for anyone using GTK+ to create applications. It includes guidelines on creating more traditional desktop applications as well as newfangled ones, and includes advice for those who are responsible for GNOME 2 style apps. Likewise, the new HIG includes guidance on how to design effective cross-platform applications.

The new HIG wouldn’t have been possible without the help and hard work of many individuals. It incorporates updated material from the previous version, which was written by Seth Nickell, Calum Benson, Bryan Clark, Adam Elman, and Colin Robertson, many of whom recently helped us to relicense the original HIG.

Credit also has to go to those people who designed and developed all the new capabilities that are documented in the new HIG, including Jon McCann and Jakub Steiner on the design side, as well as the developer/designers who helped to test new patterns and add new capabilities to GTK+ – Cosimo Cecchi, Matthias Clasen, Carlos Garnacho, Alexander Larsson, Benjamin Otte, and many others.

I’d also like to thank the GNOME Documentation Team for their advice and assistance with proofreading.

This being the initial release, I’d love to hear feedback, and I’m sure that there’s plenty to be improved. If you’re interested, you can clone gnome-devel-docs and read the development version using Yelp.

Fedora UK – G+Hangout
<script></script>

A few of the Fedora UK community are getting together this evening to have a general chin wag, there will be Fedora content as well, but we’re just doing this first one as an experiment for a possible future podcast. Non of us have really used hangouts before so I suspect it’s going to be complete bedlam, but fun non the less.

If you fancy joining in or just coming along to have a watch and laugh at our expense then feel free.

Hangout Link

Time it’s going to start is 9pm GMT.

The post Fedora UK – G+Hangout appeared first on Paul Mellors [dot] NET.

flattr this!

Invitation for Saturday Party – FAD at RH, Pune

fad

This post is a call for action. It is to spread the word about fedora event FAD (one day) at Red Hat Pune . For those, who wants to know what FAD is, can read FAD wiki . This FAD is mostly dedicated to testing for Fedora 21 Alpha. We will test different components on Fedora 21 Alpha. If you want to be part of fun, you are most welcome. You can pick up your favorite among these components to test and you will get help if required.

You really don’t need to be an expert in testing or any of these components and we are not at all restricted to only the listed components. If you want to test some other components, feel free to add that in this list.

Many people has shown their interest in Fedora activities and expressed that they want to be active contributor but don’t know exactly from where to start. Specially, after my talk at flock 2014. So this is a very nice opportunity for all of you. You can still do it, just update list of Attendees with your name and come join Saturday party. :)

Thanks to all of you who have already done it.

We also have some swags for you, which are very limited and will be distributed on first come first serve basis, So if you want to get one, be sure to come on time. And yes, you’ll need to get in touch with Siddhesh in advance so that passes can be arranged for your entry into office.


August 20, 2014

Six years as Fedora Ambassador

Six years ago, on August 20th, 2008, I was approved as Fedora Ambassador. There is not six year badge, but here is one close enough.
fas-account-tadpole-with-legs
A lot of things have changed from those days. Getting media, swag and get sponsored to attend events to perform the role of ambassador improved. I have a imaginary dialog that sums up some email exchange six years ago about this issue:

Me: Can I have some media?
X: I can’t send you media
Me: Can I get reimbursed?
X: No, you can’t
Me: If I open a bank account in the US, that will help?
X: No
Me: How can I help change this situation?
X: Stop asking questions?

This was at the time that Latin American Budget for events and promotion where handled by Red Hat office at Brazil. After some time, Fedora took control of this and changes starting to happen.

In any case I started to keep track of things that I spent. That add up to almost a thousand Dollars and I got reibursed in FUDCon Tempe 2011. About one year latter since I start paying stuff. Things started to change at Tempe. Max Spevack came with the idea of getting fedora community credit card. FUDCon Panama 2011 I have some few houndred dollars to be reimbursed again. Finnaly the credit card was issued and things got a lot better. I can’t claim that it is perfect, but it is a huge improvement. Besides the desicion making process to assing funds has been revised and it is a lot more regional driven. There are some quirks about countries and people that can’t be reimbursed by Paypal. Best way is to pay directly with the community credit card, but some stuff can not be purshased directly and have to be reimbursed.
fedora-ambassador-mentor
Along those year I have been working on different parts of Fedora Project. I am Mentor for Ambassadors. I have been on FAmSCo twice in the past and I am currently back in the Committee. I worked some time in the Marketing Team. I wrote for some time Ambassadors beats for the FWN (Fedora Weekly News). I have been involved in Freemedia for almost six years. Now I am a Fedora Project Board Member.
famsco_member
I have run one Release Party every release since Fedora 11. For Fedora 13 I travelled to El Salvador and Guatemala (on my own pocket), to make three release parties with the Managua event in one week. For Fedora 16, I went to Costa Rica (sponsored) to help with a release party.
release-party
At Flock Prague 2014, I stated that I am a pretender. Along those six years a I haven’t become a programer and I haven’t become a system administrator. Some people said that I am pretending to be dumb. Maybe both statements are a little bit true. I have learn a lot of technical stuff along these years, but I haven’t been focussed on one thing.

Most of the time I have been dealing with things that are needed for events. Once I setup a machine with a local repo and also a gateway for internet. This was the ideal setting for running upgrades with poor internet conectivity or even without internet. I also explored how to build local repos for updates from DVD and USB for offline upgrade and installation of key packages not included in Live Media. But I always have had a great internet connection at office and a decent connection at home. So I was able to dowload all this without really needing it for my use. Some how this experiment fell short on my expectations. I never were able to set up a PXE boot server. That was because I did not get to understand how, and then I was busy doing other stuff. When I asked for help for the PXE server, people were busy doing other stuff. In the end, it never come to happen.

Flock Prague 2014 was again an example of this kind of things. I went to governance meetings and Fedora.Next talks, but I wasn’t able to attend a UEFI boot talk or one of the various talks about Docker because I was somewhere else in the previous stated activities.
turbo_jet
There has been fun stuff like building a multy DVD tray computer for burning media, that went down with Fedora 16 inability to reliable handle multiple trays (or it was Fedora 15?). After a while, I just bought a media duplicator because I needed to burn media. This is next to a printer with a media tray, so I can made nice media. This has been a personal spent. Beyond Fedora media, I have been only use the duplicator for burning some Debian and Korora media. It hasen’t been a good return over investment. I haven’t look for any business for this setup. Althoug it has been fun when a group get together to make a burning meeting.

Burning meeting

Probably this looks like rambling over old memories. I should move into future stuff. At the local community, we have been organizing FUDCon Managua 2014. As a local community we have been talking on how to grow up in knowledge and fun, most likely we will start a Hacker Space after FUDCon. I think that the current Ambassador role and the current proccess to alocate funds has become outdated and as part of FAmSCo I want to set things in motion to change that. But most important of all, after FUDCon I want to start learning things that I like or that I need. Probably I will need to find my replacement on the local community and other activities on the Fedora Project.

Sometimes I think if I have been proactive and making the most as a Fedora collaborator for the Project or not. In the other hand my day job has nothing to do with any kind of software or system administration. Every time that somebody comes with the proposal that every candidate to Fedora Ambassador should be a collaborator to other team in the Project before been aproved on the Ambassador’s team, I can said that I would not be on the Project if that were enforced. Then, I think that I have done something on these past years.

Greatest Threat: Yellow Sticky of Doom

We now get to what I consider the greatest threat to computer security: the Yellow Sticky of Doom!

Yellow Sticky

Passwords written down on yellow sticky notes. These are everywhere.

What is the difference between a secure facility and an insecure facility? In an insecure facility the yellow sticky notes are stuck to monitors. In a secure facility the yellow sticky notes are stuck to the bottom of the keyboard. In really secure facilities they are in desk drawers – and maybe even locked up!

The solution is obvious: ban people from writing down their passwords!

Except that this won’t work. Full stop. Period. Won’t. Work.

Why? Because passwords are crap for security.

Passwords that are difficult to guess or to crack with a brute force attack are impossible for people to remember – look at the ones in the yellow sticky above! All of these passwords were produced by a password generator with a high security setting. Anyone who can remember one of these passwords scares me!

Consider the usual guidelines for producing a secure password: 12-16 characters, no dictionary words, a combination of upper case, lower case, numbers, and punctuation. And changed every 1-6 months.

Right….

Human brains don’t work this way.

Correct Horse Battery Staple

If you want people to actually remember passwords, consider the way the human brain works. Look at XKCD on Password Strength: this is an example of a password that a human can remember. It builds on the way the mind and memory work, through chunking, context, and pattern recognition. Correct Horse Battery Staple has become an Internet meme – a code term referencing a way to make passwords somewhat work.

But, can your system handle it? Do you allow passwords this long? Do you allow spaces in passwords?

And look at your policies. If a person can remember a word, it is in a dictionary! The only thing a “no dictionary words” policy does is guarantee that passwords will be written down.

At a minimum, encourage pass phrases rather than classical passwords.

If you actually care about security, implement multi-factor authentication – a combination of what you know, what you have, and what you are.

Traditional passwords serve only one purpose - to allow you to blame innocent users for your mistakes. They are no longer an effective security or authentication mechanism. Forget trying to stop people from writing them down and get serious about security.

Get rid of the Yellow Sticky of Doom by making it obsolete!


[Aug 2014] Red Hat JBoss Enterprise Java EE Containers Presentation

RED HAT JBOSS ENTERPRISE JAVA EE CONTAINERS

Dear *,

Few days ago, I did a presentation on Red Hat JBoss Enterprise Java EE Containers
If your company or you are based in BeNeLux and are interested by this presentation, just let me know and I will try to arrange a meeting for you.

N.B. You can also find it in Mojo.

BR
Frederic


Open source: Debunking the myths

<iframe class="youtube-player" frameborder="0" height="289" src="http://www.youtube.com/embed/cEfdSSfyMGs?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="460"></iframe>

/f


10 years and continuing

Ten years ago I started a Linux Users Group in Durgapur as I thought that is the only way to go forward. All most no one in the colleges had enough idea other than couple of users in each college. “Learn and teach others”, the motto was very much true from day one and it still holds the perfect place in the group.

The group started with help from a lot of people who were from different places, mostly the ilug-kolkata chapter. Sankarshan, Runa, Sayamindu, Indranil, Soumyadip they all helped in many different ways. Abhijit Majumder, who is currently working as Assistant Professor in IIT Mumbai, donated the money for the domain name in the first year.

After one year, I moved to Bangalore for my job and gave a talk in foss.in about that first year’s journey of the group. The focus of the group also changed from just being a user group to a like minded contributors group.

Then from 2008 I started the summer training program, the 7th edition is currently going on. This program actually helped to keep doing the rolling release of contributors from the group. People from different countries participated in the sessions, they became contributors to many upstream projects.

I have to admit that we are close to the Fedora Project and Python, as many of us work on and use these two projects everyday.

We managed to have couple of meetings before, 2006, 2007. We will be meeting again from 29th August to 2nd September in NIT Duragapur, most of the active members are coming down to Durgapur, day times we will be spending in few talks and workshops. From evening we will be busy in developer sprints.

Suchakra Sharma made the new logo and tshirt design for the event.

dgplug logo

The event page is up and the talk schedule is also up with help from Sanisoft. We are using their beautiful conference scheduler application for the same. Come and meet us in Durgapur.

August 19, 2014

“Bootcamp” talks on Air Mozilla

Thanks to Jonathan Lin and Spencer Hui some of the talks that were presented at the recent “bootcamp” are appearing on Air Mozilla and more will do so as we get them ready. They’re all in Air Mozilla’s engineering channel: https://air.mozilla.org/channels/engineering/

Implementing type widening

In this installment of our series on type coercions, we’re going to introduce a way to support type widening in a language interpreter. We’ll present a general approach based on semilattices of types and a particular implementation of this approach that uses a straightforward encoding in Scala’s type system. We’ll work from a simple interpreter to allow for a clear exposition, but our general techniques will be applicable to more involved languages as well.

Widening functions

A widening function maps values from some type T to a wider type U. We can implement a trivial but generic type-widening method based on the partial ordering of types encoded in Scala’s type system:

<figure class="code"><figcaption>Widening example</figcaption>
1
2
3
4
5
6
7
8
9
10
scala> def widen[T,U](t: T)(implicit w: T => U): U = w(t)

scala> val longFive = widen[Int,Long](5)
longFive: Long = 5

scala> val doubleFive = widen[Int,Double](5)
doubleFive: Double = 5.0

scala> val arbitraryFive = widen[Int,BigDecimal](5)
arbitraryFive: BigDecimal = 5
</figure>

Invoking widen[A,B] on an argument of type A will succeed if there is a witness object for A => B. By default, we’ll be able to see the predefined widenings in Scala, including reflexive widenings. Note that there are no implicitly defined narrowings, though:

<figure class="code"><figcaption>Exploring witness objects for predefined widenings</figcaption>
1
2
3
4
5
6
7
8
9
10
scala> implicitly[Int => Double]
res0: Int => Double = <function1>

scala> implicitly[Int => Int]
res1: Int => Int = <function1>

scala> implicitly[Double => Int]
<console>:8: error: No implicit view available from Double => Int.
              implicitly[Double => Int]
                        ^
</figure>

It’s important to note that we could declare other witnesses to A => B for other A and B types and have them in scope; we aren’t constrained by Scala’s predefined definitions or by static relationships between implementation types. (We’ll come back to this point later, when we’re thinking about how to model types in the interpreted language.)

A simply-typed interpreter

We’ll start with a simple interpreter with four kinds of values (integers, doubles, strings, and nulls) and one kind of expression representing numeric addition or string concatenation, depending on the types of its operands. It is a stretch to call the language embodied in this interpreter “typed” (since it has only literal values and expressions but no variables). However, because of the way we’ve encoded the interpreter in Scala, it is impossible to express programs with runtime errors. In particular, it is only possible to create an AddExpression with two arguments that evaluate to values of the same type.

<figure class="code"><figcaption>SimpleInterpreter.scalalink</figcaption>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
object SimpleInterpreter {

  trait Addable[T] {
    def plus(self: T, other: T): Value[T]
  }

  implicit object IntAddable extends Addable[Int] {
    def plus(self: Int, other: Int) = IntValue(self + other)
  }

  implicit object DoubleAddable extends Addable[Double] {
    def plus(self: Double, other: Double) = DoubleValue(self + other)
  }

  implicit object StringAddable extends Addable[String] {
    def plus(self: String, other: String) = StringValue(self + other)
  }

  abstract class Expression[T] {
    def eval: Value[T]
  }

  abstract class Value[T](v: T) extends Expression[T] {
    def eval: Value[T] = this
    def get: T = v
  }

  case class IntValue(v: Int) extends Value(v) {}
  case class DoubleValue(v: Double) extends Value(v) {}
  case class StringValue(v: String) extends Value(v) {}
  case object NullValue extends Value(null) {}

  case class AddExpression[T](lhs: Expression[T], rhs: Expression[T])(implicit ev: Addable[T]) extends Expression[T] {
    def eval: Value[T] = {
      val lv = lhs.eval
      val rv = rhs.eval
      ev.plus(lv.get, rv.get)
    }
  }
}
</figure>

Adding widening

If we have an expression of the form t1 • t2, where the left-hand side is of type T1 and the right-hand side is of type T2, we will be able to convert this to an expression in which both operands have the same type if the following conditions are met:

  1. There must exist some type U such that T1UT2U, and
  2. There must exist widening functions with the signatures T1 ⇒ U and T2 ⇒ U.

Finding U is simply finding the least upper bound of T1 and T2 on a semilattice of types. Once we have this least upper bound, if we also have appropriate widening functions, we can convert both t1 and t2 to values of the same type. In the following code, we extend our simple interpreter by modeling interpreter types in Scala, making types properties of values, and adding widening conversions to AddExpression by explicitly encoding the partial ordering of types — in this case, based on a relationship between the nativeType type member of each Type class. (We’re doing widening statically through Scala’s type system in this case, but there’s no reason why we couldn’t take a similar approach dynamically, handling errors by raising exceptions at runtime.)

<figure class="code"><figcaption>WideningInterpreter.scalalink</figcaption>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
object WideningInterpreter {
  import scala.language.implicitConversions

  sealed abstract class Type {
    type nativeType <: Any
  }
  class IntType extends Type {
    override type nativeType = Int
  }
  class DoubleType extends Type {
    override type nativeType = Double
  }
  class StringType extends Type {
    override type nativeType = String
  }

  abstract class Expression[K <: Type] {
    def eval: Value[K]
  }

  class Value[K <: Type](v: K#nativeType) extends Expression[K] {
    def eval: Value[K] = this
    def get: K#nativeType = v
  }

  case class IntValue(v: Int) extends Value[IntType](v) {}
  case class DoubleValue(v: Double) extends Value[DoubleType](v) {}
  case class StringValue(v: String) extends Value[StringType](v) {}

  sealed trait Addable[K <: Type] {
    def plus(self: K#nativeType, other: K#nativeType): Value[K]
  }

  implicit object IntAddable extends Addable[IntType] {
    def plus(self: Int, other: Int) = IntValue(self + other)
  }

  implicit object DoubleAddable extends Addable[DoubleType] {
    def plus(self: Double, other: Double) = DoubleValue(self + other)
  }

  implicit object StringAddable extends Addable[StringType] {
    def plus(self: String, other: String) = StringValue(self + other)
  }

  // We need some way to constrain our generic widening operators so
  // that an expression with identical operand types won't have an
  // ambiguous implicit argument.  One way to do this is to make sure
  // that one of the widening functions will only apply if the arguments
  // are of different types.  

  // These type inequality instances are taken from an answer Miles Sabin 
  // gave on StackOverflow:  http://stackoverflow.com/a/6944070

  trait =!=[A, B]
  implicit def neq[A, B] : A =!= B = null
  implicit def neqAmbig1[A] : A =!= A = null
  implicit def neqAmbig2[A] : A =!= A = null

  implicit def leftWiden[T <: Type, U <: Type](v1: Value[T], v2: Value[U])
      (implicit conv: (T#nativeType => U#nativeType)): (Value[U], Value[U]) =
    (new Value[U](conv(v1.get)), v2)

  implicit def rightWiden[T <: Type, U <: Type](v1: Value[U], v2: Value[T])
      (implicit neq: T =!= U,
                conv: (T#nativeType => U#nativeType)): (Value[U], Value[U]) =
    (v1, new Value[U](conv(v2.get)))

  case class AddExpression[T <: Type, U <: Type, V <: Type]
      (lhs: Expression[T], rhs: Expression[U])
      (implicit widen: (Value[T], Value[U]) => (Value[V], Value[V]), adder: Addable[V]) extends Expression[V] {
    def eval = {
      val lv = lhs.eval
      val rv = rhs.eval
      val args = widen(lv, rv)
      adder.plus(args._1.get, args._2.get)
    }
  }
}
</figure>

In WideningInterpreter we extend AddExpression to allow it to have two potentially distinct argument types (Value[T] and Value[U]) and by requiring evidence of an implicit conversion from a pair of values with distinct types to a pair of values with the same type.1 We define two witness functions, leftWiden for the case in which the left element of the pair is narrower than the right, and rightWiden for the case in which the right element of the pair is narrower than the left. In both cases, we determine that a type T is narrower than another type U if Scala knows how to widen values of the representation type (Type#nativeType) of T to the representation type of U; this is the case if an implicit resolution exists for the conv argument.

The problem we might encounter is that, because our partial ordering is reflexive, if T and U are the same type, then there will be witnesses both for T#nativeType => U#nativeType and U#nativeType => T#nativeType. So if we were to have naive implementations of leftWiden and rightWiden that only depended on evidence of such a conversion, Scala would be unable to unambiguously resolve which would apply in the case of monomorphic AddExpressions. We resolve this problem by adding a test for type inequality (due to Miles Sabin) to the implicit argument list of rightWiden, so that it will not apply if the arguments are of the same type.2

Note that the partial ordering among interpreter types (IntType, DoubleType, and StringType) does not depend on Scala-level subtyping relationships between interpreter types. This is important because in a more realistic language we will want the flexibility to model data types independently of properties of our object-language implementation. Instead, we have a generic partial ordering in this example based on predefined relationships between representation types, and we could extend the partial ordering to other types by adding other instances of =>[A,B] for other types of interest.

For a small number of interpreter types, we could also explicitly encode the partial ordering, as in the example below:

<figure class="code"><figcaption>A more explicit partial ordering encodinglink</figcaption>
1
2
3
4
5
implicit def intDoubleWiden(v1: Value[IntType], v2: Value[DoubleType]): (Value[DoubleType], Value[DoubleType]) =
  (DoubleValue(v1.get.toDouble), v2)

implicit def doubleIntWiden(v1: Value[DoubleType], v2: Value[IntType]): (Value[DoubleType], Value[DoubleType]) =
  (v1, DoubleValue(v2.get.toDouble))
</figure>

Since in this example we have a total ordering among types, we can also easily widen one argument at a time by adding a witness object for the least upper bound of T and U,3 as in the example below:

<figure class="code"><figcaption>A partial ordering encoding that finds appropriate widenings one argument at a timelink</figcaption>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
implicit def widen[T <: Type, U <: Type](v1: Value[T])
    (implicit conv: (T#nativeType => U#nativeType)): (Value[U]) =
  new Value[U](conv(v1.get))

implicit def reflexiveWiden[T <: Type](v1: Value[T]): Value[T] = v1

trait LT[T <: Type, U <: Type] {}
implicit def intDoubleLT: LT[IntType, DoubleType] = null

trait WiderThan[T <: Type, U <: Type, V <: Type] {}
implicit def rightWider[T <: Type, U <: Type, V <: Type]
  (implicit rw: LT[T, U],
            conv2: (U#nativeType => V#nativeType),
            conv1: (T#nativeType => V#nativeType)): WiderThan[T,U,V] = null

implicit def leftWider[T <: Type, U <: Type, V <: Type]
  (implicit rw: LT[U, T],
            conv2: (T#nativeType => V#nativeType),
            conv1: (U#nativeType => V#nativeType)): WiderThan[T,U,V] = null

implicit def reflWider[T <: Type]: WiderThan[T, T, T] = null

case class AddExpression[T <: Type, U <: Type, V <: Type]
    (lhs: Expression[T], rhs: Expression[U])
    (implicit lub: WiderThan[T, U, V],
              widenLeft: Value[T] => Value[V],
              widenRight: Value[U] => Value[V],
              adder: Addable[V]) extends Expression[V] {
  def eval = {
    val lv = widenLeft(lhs.eval)
    val rv = widenRight(rhs.eval)
    adder.plus(lv.get, rv.get)
  }
}
</figure>

Again, a similar approach would be applicable in an untyped Scala representation of interpreter-language types: we could represent types as terms, implement the least-upper-bound relation as a partial function mapping from a pair of terms to the least upper bound of the pair, and implement widenings as functions taking a value and a term representing the type to widen to.


  1. See the signature for the widen implicit argument to AddExpression: (Value[T], Value[U]) => (Value[V], Value[V])

  2. This type-inequality test will fail if it is given two identical types because both neqAmbig1 and neqAmbig2 will both be applicable.

  3. It occurred to me while developing these examples that using witness objects in this way is a lot like forward-chaining logic programming. (Note that we use negation-as-failure in implicit resolution when testing for type inequality and we use implicit arguments to guide further implicit resolution with the WiderThan witness.) Unsurprisingly, it turns out that other people have had the same idea! See the discussion on this post or this talk for two examples.

Implicit type coercion support in existing database systems

In my last post, I introduced two kinds of implicit type coercions that can appear in database query languages: type widenings, in which values are converted to wider types (e.g. from an int to a long or double), and type translations, in which a value of some type T might be converted to one of an unrelated type U if it is used where a value of U is expected. In this post, we’ll look at what sort of type coercions are available in Apache Hive and (in less detail) Microsoft SQL Server.

Implicit conversions in Apache Hive

Apache Hive features several kinds of types, many of which are also present in ANSI SQL with similar definitions:

  1. hardware-supported integral types, such as tinyint (one byte), smallint (two bytes), int (four bytes), and bigint (eight bytes);
  2. hardware-supported floating-point types, such as float (single-precision, four bytes) and double (double-precision, eight bytes);
  3. decimal values (38 digits precision in Hive 0.11 and 0.12; arbitrary-precision in Hive 0.13.0 and later);
  4. date and time types, such as timestamp and date;
  5. string types, including string (of arbitrary length), varchar[N] (of arbitrary length but less than N characters), and char[N] (of exactly N characters, possibly padded with spaces);
  6. boolean values;
  7. binary values (sequences of bytes); and
  8. compound values made up of Hive types: homogeneous arrays with some element type, maps containing keys of one type and values of another, and C-style struct and union types.

Hive supports some widenings and narrowings between these types.1 Among the hardware-supported numeric types, values can be widened but not narrowed.2 Strings can be narrowed to be used as varchar values; converting a string value to a varchar[N], where N is insufficient to hold the contents of the string, will cause the string to be truncated to N characters. It is also possible (as of Hive 0.13) to supply a decimal argument to many numeric functions that expect a double input, although in most cases the function will only process a double approximating the supplied arbitrary-precision value.

Hive also supports type translations to and from string values. Hive permits implicitly converting a value of any type (with the exception of boolean and binary) to a string. String representations of double or decimal values (but not the smaller integral or floating-point types) can also be converted to values of those types.

Hive supports widenings as part of object comparisons; the FunctionRegistry.getCommonClassForComparison method returns the least upper bound of two types. The code excerpt below shows how Hive also explicitly encodes which widenings and translations are permissible:

<figure class="code"><figcaption>excerpted from Hive 0.12’s FunctionRegistry.javalink</figcaption>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
public static boolean implicitConvertable(PrimitiveCategory from, PrimitiveCategory to) {
  if (from == to) {
    return true;
  }

  PrimitiveGrouping fromPg = PrimitiveObjectInspectorUtils.getPrimitiveGrouping(from);
  PrimitiveGrouping toPg = PrimitiveObjectInspectorUtils.getPrimitiveGrouping(to);

  // Allow implicit String to Double conversion
  if (fromPg == PrimitiveGrouping.STRING_GROUP && to == PrimitiveCategory.DOUBLE) {
    return true;
  }
  // Allow implicit String to Decimal conversion
  if (fromPg == PrimitiveGrouping.STRING_GROUP && to == PrimitiveCategory.DECIMAL) {
    return true;
  }
  // Void can be converted to any type
  if (from == PrimitiveCategory.VOID) {
    return true;
  }

  // Allow implicit String to Date conversion
  if (fromPg == PrimitiveGrouping.DATE_GROUP && toPg == PrimitiveGrouping.STRING_GROUP) {
    return true;
  }
  // Allow implicit Numeric to String conversion
  if (fromPg == PrimitiveGrouping.NUMERIC_GROUP && toPg == PrimitiveGrouping.STRING_GROUP) {
    return true;
  }
  // Allow implicit String to varchar conversion, and vice versa
  if (fromPg == PrimitiveGrouping.STRING_GROUP && toPg == PrimitiveGrouping.STRING_GROUP) {
    return true;
  }

  // Allow implicit conversion from Byte -> Integer -> Long -> Float -> Double
  // Decimal -> String
  Integer f = numericTypes.get(from);
  Integer t = numericTypes.get(to);
  if (f == null || t == null) {
    return false;
  }
  if (f.intValue() > t.intValue()) {
    return false;
  }
  return true;
}
</figure>

To see how Hive actually performs type coercions, we’ll have to take a step back and look at Hive’s architecture for defining functions.3 Hive has two interfaces for defining functions: UDF, which models a simple function with simply-typed arguments and a simply-typed return value, and GenericUDF, which models functions that can operate on and return values of compound types.

Subclasses of UDF include at least one method called evaluate (of arbitrary argument and return types); this is what gets called when the user-defined function is evaluated. Due to their flexible signatures, these evaluate methods are not specified in any interface and instead found via Java reflection. By contrast, a GenericUDF must support an initialize method that takes an array of ObjectInspector instances (essentially adapters from arbitrary types to concrete object values) and an evaluate method taking an array of DeferredObject instances (essentially futures representing objects).

The initialize method in GenericUDF is invoked with ObjectInspector instances corresponding to actual parameters; if the actuals aren’t implicitly convertible to the proper types, it will fail. Otherwise, it will return an ObjectInspector instance for the return type. As a simple example, see the initialize method in the class providing Hive’s implementation of the SQL CONCAT function:

<figure class="code"><figcaption>excerpted from Hive 0.12’s GenericUDFConcatWS.javalink</figcaption>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
@Override
public ObjectInspector initialize(ObjectInspector[] arguments) throws UDFArgumentException {
  if (arguments.length < 2) {
    throw new UDFArgumentLengthException(
        "The function CONCAT_WS(separator,[string | array(string)]+) "
          + "needs at least two arguments.");
  }

  // check if argument is a string or an array of strings
  for (int i = 0; i < arguments.length; i++) {
    switch(arguments[i].getCategory()) {
      case LIST:
        if (isStringOrVoidType(
            ((ListObjectInspector) arguments[i]).getListElementObjectInspector())) {
          break;
        }
      case PRIMITIVE:
        if (isStringOrVoidType(arguments[i])) {
        break;
        }
      default:
        throw new UDFArgumentTypeException(i, "Argument " + (i + 1)
          + " of function CONCAT_WS must be \"" + serdeConstants.STRING_TYPE_NAME
          + " or " + serdeConstants.LIST_TYPE_NAME + "<" + serdeConstants.STRING_TYPE_NAME
          + ">\", but \"" + arguments[i].getTypeName() + "\" was found.");
    }
  }

  argumentOIs = arguments;
  return PrimitiveObjectInspectorFactory.writableStringObjectInspector;
}
</figure>

Note that the above verifies both the correct number of arguments and the correct types of each argument before returning an ObjectInspector instance for writable strings. The evaluate method then invokes DeferredObject.get() on each argument, converts them to String values using built-in coercions, and concatenates them together, returning the result as a text value.

Plain UDF instances and GenericUDF instances alike are stored in Hive’s function registry, but the former are converted to GenericUDF instances first by wrapping them GenericUDFBridge, which is a proxy that uses Java introspection on the underlying UDF instance to determine what a function’s expected argument types are; it can then convert actual parameters to values of appropriate types using built-in coercions at execution time.

Implicit conversions in Microsoft SQL Server

While we can’t examine conversions supported in Microsoft SQL Server in as great detail as we can with Apache Hive (since the source for SQL Server isn’t available), the published documentation indicates which conversions are supported. In brief, SQL Server supports most of the same kinds of type coercions as Hive, with the following additions:

  1. bidirectional implicit translation from char[N] and varchar[N] to all numeric types (not merely double and decimal, as in Hive);
  2. financial types (money and smallmoney) are supported and can be implicitly translated to and from numeric types;
  3. bidirectional implicit translation between timestamp values to and from character and integral types;
  4. the sql_variant type, which can receive values of most types via implicit conversions but must be converted with an explicit CAST in contexts expecting a value of a different type; and
  5. various other types (xml, uniqueidentifier, and user-defined types from the CLR) with varying conversion semantics.

These additions are useful but their absence does not limit Hive’s expressive power. In the next post in this series, we’ll look at a general approach to implementing type widening, along with a specific (and statically-safe) realization of this approach using Scala’s type system.


  1. The Hive wiki includes a full conversion matrix.

  2. For example, it is permissible to use a tinyint where an int or double is expected, but not vice versa.

  3. Actually implementing new functions in Hive is outside the scope of this post, but there are lots of resources online if you’re interested. In particular, Matthew Rathbone has a great article about extending Hive with new functions.

Music practice

With the advent of YouTube , there is a plethora of music “lessons” available on the internet. When learning new riffs, however, it is helpful to be able to alter the speed of playback and play selective sections of the lesson.

For some time I have been using audacity, which has the advantage of cross platform availability. However, audacity is a bit of overkill and I find it a bit slow at times.

In addition, when selecting a particular segment within the lesson, skipping dialog or parts already mastered, audacity is a bit “clunky” and somewhat time consuming. Alternately one can splice the lessons with ffmpeg, again somewhat time consuming.

Recently I came across a simple, no frills, light weight solution, “Play it slowly”

Home page

Download (github)

Play it slowly screen shot

Play it slowly is a light weight application but has a simple , clean interface. It is simple to use and has basic features such as:

  1. Slow the speed on playback without altering pitch.
  2. Easily mark, move, and reset sections of a track for playback.
  3. Easy to start/stop/restart playback.

Play is slowly is in the Debian and Ubuntu repositories

sudo apt-get install playitslowly

For Fedora, first install the dependencies:

yum install gstreamer-python gstreamer-plugins-bad-extras

Download the source code from the above link (version 1.4.0 at the time of this writing)

Extract the tarball and install

tar xvzf playitslowly-1.4.0.tar.gz
cd playitslowly-1.4.0
sudo python setup.py install

For additional options see the README or run:

python setup.py --help

Fedora | Webcam | Recording
<script></script>

I’ve been wanting to record my webcam for ages, but never found the right way of doing it, VLC streaming wasn’t brilliant, cheese had lag when recording videos, but I think I’ve found the right solution for me.  Only time will tell when I start to record videos for blog posts.

For the recording of the webcam, which happens to be a Microsoft HD cam, I used Kamoso

It appears to be a KDE app, but you can just install it using

yum -y install kamoso

kamoso

 

 

 

 

 

 

 

 

This recorded the video by default to mkv, which is ok, but when I tried to upload to Facebook, it didn’t like the format.  So I had to convert it to AVI, ffmpeg to the rescue.

I know there are lots of features available for ffmpeg, but I just ran this

ffmpeg -i video_1.mkv -f avi video.avi

It created the AVI which allowed me to upload to facebook,….result.

 

The post Fedora | Webcam | Recording appeared first on Paul Mellors [dot] NET.

flattr this!

Fedora 21 virt test day moved one day to September 11
To avoid two back to back test days, we've moved the Fedora 21 virt test day to September 11th. Landing page is now here:

https://fedoraproject.org/wiki/Test_Day:2014-09-11_Virtualization
Untitled Post

 

Server Working Group Weekly Meeting (2014-08-19)


Meeting started by sgallagh at 15:00:17 UTC
(full logs).

Meeting summary

  1. roll call (sgallagh, 15:00:17)
  2. Agenda (sgallagh, 15:03:35)
    1. Agenda Item: Status of rolekit (sgallagh,
      15:03:36)
    2. Agenda Item: Status of Cockpit (sgallagh,
      15:03:36)
    3. Agenda Item: Open Floor (sgallagh,
      15:03:36)

     

  3. Status of rolekit (sgallagh, 15:04:23)
    1. Major kudos to twoerner and mitr here
      (sgallagh,
      15:05:43)
    2. rolekit in decent shape for F21 Alpha. Clean-up
      and stabilization work will happen for Beta.
      (sgallagh,
      15:09:00)
    3. ACTION: nirik, tuanta
      and handsome_pirate to look into the Database Server Role
      implementation
      (sgallagh,
      15:12:02)
    4. http://reviewboard-fedoraserver.rhcloud.com/
      (sgallagh,
      15:13:22)
    5. https://lists.fedorahosted.org/mailman/listinfo/rolekit-commits
      (sgallagh,
      15:13:54)

     

  4. Status of cockpit (sgallagh, 15:14:39)
    1. Cockpit upstream expects to be stable in time
      for Fedora 21 Beta. A testable version is available today for Fedora
      21 Alpha
      (sgallagh,
      15:20:01)
    2. http://paste.fedoraproject.org/126727/84617421/
      (nirik,
      15:22:35)

     

  5. Open Floor (sgallagh, 15:24:52)
    1. We expect a Fedora 21 Alpha TC3 build
      tomorrow.
      (sgallagh,
      15:29:29)
    2. ACTION: mitr and/or
      sgallagh to test the server presets on Alpha TC3
      (sgallagh,
      15:29:45)


Meeting ended at 15:36:51 UTC
(full logs).

Action items

  1. nirik, tuanta and handsome_pirate to look into the Database Server Role implementation
  2. mitr and/or sgallagh to test the server presets on Alpha TC3

Action items, by person

  1. mitr
    1. mitr and/or sgallagh to test the server presets on Alpha TC3
  2. nirik
    1. nirik, tuanta and handsome_pirate to look into the Database Server Role implementation
  3. sgallagh
    1. mitr and/or sgallagh to test the server presets on Alpha TC3
  4. tuanta
    1. nirik, tuanta and handsome_pirate to look into the Database Server Role implementation

People present (lines said)

  1. sgallagh (58)
  2. nirik (17)
  3. danofsatx (10)
  4. puiterwijk (9)
  5. tuanta (7)
  6. mitr (5)
  7. zodbot (5)
  8. simo (3)
  9. twoerner (2)
  10. robyduck (1)
  11. mizmo (1)
  12. adamw (0)
  13. stefw (0)
  14. davidstrauss (0)

Generated by MeetBot 0.1.4.

<style type="text/css"></style>
Why Fedora, Open Source and conferences rock

I am in love with open source for years. Contributing to a project can consume time, but it gives back way more – for example feedback. If you work closed source and sell your product to a client he can comment on what you did. But you also limit the amount of skills and knowledge you could get back in order to improve a new technology or feature!

Everyone reading this blog should be aware that I am an active fedora project ambassador and love to visit conferences – spreading fedora love all over the place. But what did I get in return? Some might say I get free tickets – yeah you got me here but that’s way less than I actually do. Contributing and going to conferences means meeting a ton of people with an impressive skill set and knowledge I can’t even dream of.

I started to talk about some technology with several people and such a great conversation and skill exchange evolved! Think of reading a book about software architecture in 5 hours – and then remove 4 hours and 30 minutes of the time. That’s what I usually learn from helping people and exchanging knowledge on conferences.

But let’s get more into fedora for now. This project you could rather regard as big is something I would describe as a huge self-organized organism. There are hundreds and more contributors all over the world and everyone contributes to one goal: Release amazing software and be the first with packages in the upstream.

But not only features, also anything related to events is managed autonomously. People notice and event and want to participate? They just open up a new page on the community wiki and go through processes developed by the community itself, whose are optimized continuously. Why? Because of it’s basically a wiki and everyone is invited to hand in improvements.

The key is communication. People pick up anything they are interested in and comment on this – through mailing lists, wiki pages, chat, surveys and issue trackers. By doing peer reviews and implementing committees by themselves people are always free to give their opinion and no one cares about his origin, gender or what ever you could think of. All that counts is skill and constant feedback.

Want to be part? Join the fedora project or any other open source movement! Experienced the same? I’d love to discuss in the comments :-)

New badge: Saucier (Cookbook IV) !
Saucier (Cookbook IV)You have published 30 recipes in the Fedora Cookbook. Scrumptious!
Audit RHEL/CentOS 6 security benchmarks with ansible

Ansible logoSecuring critical systems isn’t easy and that’s why security benchmarks exist. Many groups and communities distribute recommendations for securing servers, including NIST, the US Department of Defense (DoD), and the Center for Internet Security (CIS).

Although NIST and DoD are catching up quickly with newer OS releases, I’ve found that the CIS benchmarks are updated very regularly. CIS distributes auditing tools (with paid memberships) that require Java and they’re cumbersome to use, especially on servers where Java isn’t normally installed.

A better way to audit security benchmarks

I set out to create an Ansible playbook that would allow users to audit and (carefully!) remediate servers. The result is on GitHub. Before we go any further, I’d just like to state that I’m not affiliated with CIS in any way and this repository hasn’t been endorsed by CIS. Use it at your own risk.

Getting the playbook onto a machine is easy:

git clone https://github.com/major/cis-rhel-ansible.git

PLEASE review the README and NOTES files in the GitHub repository prior to running the playbook.

What-Did-You-Do-Chris-Farley-Gif

Seriously. I mean it. This playbook could knock production environments offline.

The tasks are split into sections (just like the CIS benchmarks themselves) and each section is split into Level 1 and 2 requirements.

Benchmark levels

Level 1 requirements provide good security improvements without a tremendous amount of intrusion into production workloads. With that said, they can still cause issues.

Level 2 requirements provide stronger security improvements but they can adversely affect production server environments. This is where you find things like SELinux, AIDE (including disabling prelinking), and some kernel tweaks for IPv6.

How to use it

I strongly recommend some dry runs with Ansible’s check mode before trying to modify a production system. Also, you can run the playbook against a freshly-installed system and then deploy your applications on top of it. Find out what breaks and disable certain benchmarks that get in the way.

The entire playbook takes less than a minute to run locally on a Rackspace Performance Cloud Server. Your results may vary over remote ssh connections, but I was seeing the playbooks complete over ssh within three to four minutes.

You can also review the variables file to find all the knobs you need to get more aggressive in your audits. If you spot something potentially destructive that needs a variable added, let me know (or submit a pull request).

It’s open source

The entire repository is licensed under Apache License 2.0, so please feel free to submit issues, pull requests, or patches.

The post Audit RHEL/CentOS 6 security benchmarks with ansible appeared first on major.io.

New Buffalo DD-WRT Config

I got a new router (for use with Comcast) and I found a Buffalo one at Frys which runs full DD-WRT. Here is some sample configurations I’m using on it at the moment:

#while true ; do sed -i -e 's/default_md.*=.*md5/default_md = sha1/g' /jffs/etc/freeradius/certs/*.cnf ; sleep 1 ; done

iptables -F
iptables -X

iptables -t nat -F
iptables -t nat -X

#for i in `seq 10 90` ; do iptables -t nat -A POSTROUTING -o br0 -s 10.10.10.$i -d ! 10.10.10.10/24 -j MASQUERADE ; done
iptables -t nat -A POSTROUTING -o vlan2 -s 10.10.10.10/24 -j MASQUERADE

ifconfig br0 1337:1337:1337:1337::1337/64 up
ifconfig vlan2 10:10:10:10::7331/64 up

route -A inet6 add ::/0 gw 10:10:10:10::1337

echo > /etc/resolv.conf
echo 'nameserver 4.2.2.1' >> /etc/resolv.conf
echo 'nameserver 8.8.8.8' >> /etc/resolv.conf

interface br0 {
  AdvSendAdvert on;
  prefix 1337:1337:1337:1337::1337/64 {
    AdvOnLink on;
    AdvAutonomous on;
    AdvRouterAddr on;
  };
};

Static Secure ARP UDP Broadcast Client/Server

0normal

2attacker

1attacked

3fixed

arp.c

/*

arm-linux-gnueabi-gcc -static -march=armv7 -o arp.arm arp.c ; chmod 700 arp.arm

./arp.arm "s" "br0" "/jffs/etc/freeradius/users" "10.0.0.20" "10.0.0.200"


gcc -Wall -o arp.xes arp.c ; chmod 700 arp.xes

read -p "pwd: " -s p ; echo ; echo "$p" | ./arp.xes "c" "en0"

*/

#include <arpa/inet.h>
#include <netinet/in.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <sys/socket.h>
#include <time.h>
#include <unistd.h>

#include "sha256.c"

typedef struct userinfo {
	char *i;
	unsigned long t, l, a;
} infodata;

void strp(char *cstr, int clen)
{
	cstr[clen] = '\0';
	while ((clen > 0) && ((cstr[clen-1] == '\r') || (cstr[clen-1] == '\n')))
	{
		--clen;
	}
	cstr[clen] = '\0';
}

void safe(char *cstr)
{
	char *chrs = "0123456789ABCDEFabcdef.:";
	int x, y, l = strlen(cstr), m = strlen(chrs), flag;
	for (x = 0; x < l; ++x)
	{
		flag = 0;
		for (y = 0; y < m; ++y)
		{
			if (chrs[y] == cstr[x])
			{
				flag = 1;
			}
		}
		if (flag == 0)
		{
			cstr[x] = '0';
		}
	}
}

unsigned long ipvf(char *addr)
{
	unsigned long i = 0;
	char *p = NULL, *a = strdup(addr), *t = a;
	while (1)
	{
		p = strchr(a, '.');
		if (p != NULL) { *p = '\0'; }
		i = ((i << 8) + atoi(a));
		a = (p + 1);
		if (p == NULL) { break; }
	}
	free(t);
	return i;
}

int sign(char *pmsg, int size, unsigned long pres, char *skey)
{
	int x;
	char hash[SHA256_LENGTH*4];
	unsigned char hout[SHA256_LENGTH];
	SHA256_CTX hobj;
	
	snprintf(&(pmsg[strlen(pmsg)]), (size / 4) * sizeof(char), " %ld %s", pres, skey);
	
	SHA256_INIT(&hobj);
	SHA256_UPDATE(&hobj, (unsigned char *)pmsg, strlen(pmsg));
	SHA256_FINAL(&hobj, hout);
	for (x = 0; x < SHA256_LENGTH; ++x)
	{
		sprintf(&(hash[x*2]), "%02x", hout[x]);
	}
	hash[SHA256_LENGTH*2] = '\0';
	
	char *rptr = strrchr(pmsg, ' ');
	++rptr;
	strcpy(rptr, hash);
	rptr[SHA256_LENGTH*2] = '\0';
	
	return 0;
}

int vrfy(char *pmsg, int size, char *skey, char *sign, unsigned long rate, unsigned long pres, unsigned long last)
{
	int x;
	char hash[SHA256_LENGTH*4];
	unsigned char hout[SHA256_LENGTH];
	SHA256_CTX hobj;
	
	snprintf(&(pmsg[strlen(pmsg)]), (size / 4) * sizeof(char), " %ld %s", pres, skey);
	
	SHA256_INIT(&hobj);
	SHA256_UPDATE(&hobj, (unsigned char *)pmsg, strlen(pmsg));
	SHA256_FINAL(&hobj, hout);
	for (x = 0; x < SHA256_LENGTH; ++x)
	{
		sprintf(&(hash[x*2]), "%02x", hout[x]);
	}
	hash[SHA256_LENGTH*2] = '\0';
	
	if (strcmp(hash, sign) != 0) { return -1; }
	if ((time(NULL) - rate) < 3) { return -1; }
	if (pres <= last) { return -1; }
	
	return 0;
}

int find(infodata *objs, int l, char *i)
{
	int x;
	for (x = 0; x < l; ++x)
	{
		if (objs[x].i == NULL) { objs[x].i = strdup(i); return x; }
		if (strcmp(objs[x].i, i) == 0) { return x; }
	}
	return -1;
}

int uniq(infodata *objs, int l, int i, unsigned long a)
{
	int x;
	for (x = 0; x < l; ++x)
	{
		if ((x != i) && (objs[x].a == a))
		{
			return x;
		}
	}
	objs[i].a = a;
	return -1;
}

char *gnet(char *intf, char mode)
{
	char *info = "ifconfig '%s' | sed -e 's/HWaddr/ether/g' -e 's/addr://g' -e 's/Bcast:/broadcast /g' | %s > /tmp/arp.net";
	char *inet = "grep -i 'inet ' | sed -e 's/^.*inet[ ]*\\([^ ]*\\).*$/\\1/g'";
	char *maca = "grep -i 'ether ' | sed -e 's/^.*ether[ ]*\\([^ ]*\\).*$/\\1/g'";
	char *brod = "grep -i 'broadcast ' | sed -e 's/^.*broadcast[ ]*\\([^ ]*\\).*$/\\1/g'";
	char comd[2048];
	FILE *fobj;
	
	bzero(comd, 2048 * sizeof(char));
	
	if (mode == 'i') { snprintf(comd, 1024 * sizeof(char), info, intf, inet); }
	if (mode == 'm') { snprintf(comd, 1024 * sizeof(char), info, intf, maca); }
	if (mode == 'b') { snprintf(comd, 1024 * sizeof(char), info, intf, brod); }
	
	system(comd);
	
	fobj = fopen("/tmp/arp.net", "r");
	bzero(comd, 2048 * sizeof(char));
	fgets(comd, 1024 * sizeof(char), fobj);
	strp(comd, strlen(comd));
	fclose(fobj);
	
	return strdup(comd);
}

void serv(char **args)
{
	/* note: 256 ip address range limit */
	
	int x, y, rlen, sock, bron = 1;
	unsigned long aadr = ipvf(args[4]), badr = ipvf(args[5]), secs;
	char *iadr = gnet(args[2], 'i'), *madr = gnet(args[2], 'm');
	char pass[2048], mesg[2048], temp[2048], sarp[2048];
	infodata last[256];
	FILE *fobj;
	socklen_t slen;
	struct sockaddr_in sobj, cobj;
	
	for (x = 0; x < 256; ++x)
	{
		last[x].i = NULL; last[x].a = 0;
		last[x].t = time(NULL); last[x].l = 0;
	}
	
	sock = socket(AF_INET, SOCK_DGRAM, 0);
	setsockopt(sock, SOL_SOCKET, SO_BROADCAST, &bron, sizeof(bron));
	
	bzero(&sobj, sizeof(sobj));
	sobj.sin_family = AF_INET;
	sobj.sin_addr.s_addr = htonl(INADDR_ANY);
	sobj.sin_port = htons(31337);
	
	bind(sock, (struct sockaddr *)&sobj, sizeof(sobj));
	
	while (1)
	{
		slen = sizeof(cobj);
		rlen = recvfrom(sock, mesg, 1024 * sizeof(char), 0, (struct sockaddr *)&cobj, &slen);
		strp(mesg, rlen);
		
		char *hptr = strrchr(mesg, ' '); if (hptr == NULL) { continue; }
		*hptr = '\0'; ++hptr;
		char *tptr = strrchr(mesg, ' '); if (tptr == NULL) { continue; }
		*tptr = '\0'; ++tptr;
		
		char *mptr = strrchr(mesg, ' '); if (mptr == NULL) { continue; }
		*mptr = '\0'; ++mptr;
		char *iptr = mesg;
		
		fobj = fopen(args[3], "r");
		while (1)
		{
			bzero(pass, 2048 * sizeof(char));
			if (fgets(pass, 1024 * sizeof(char), fobj) == NULL) { break; }
			
			/* note: passwords can not repeat or contain quotes */
			
			if (strstr(pass, "Cleartext-Password") == NULL) { continue; }
			char *aptr = strchr(pass, '"'); if (aptr == NULL) { continue; }
			++aptr;
			char *bptr = strchr(aptr, '"'); if (bptr == NULL) { continue; }
			*bptr = '\0';
			
			y = find(last, 256, aptr);
			if (y < 0) { continue; }
			
			bzero(temp, 2048 * sizeof(char));
			snprintf(temp, 1024 * sizeof(char), "%s %s", iptr, mptr);
			secs = atoi(tptr);
			
			if (vrfy(temp, 2048, aptr, hptr, last[y].t, secs, last[y].l) == 0)
			{
				last[y].t = time(NULL); last[y].l = secs;
				safe(iptr); safe(mptr);
				
				if (uniq(last, 256, y, ipvf(iptr)) < 0)
				{
					if ((aadr <= last[y].a) && (last[y].a <= badr))
					{
						bzero(sarp, 2048 * sizeof(char));
						snprintf(sarp, 1024 * sizeof(char), "arp -d '%s'", iptr);
						printf("exec=[%s]\n", sarp);
						system(sarp);
						
						bzero(sarp, 2048 * sizeof(char));
						snprintf(sarp, 1024 * sizeof(char), "arp -s '%s' '%s'", iptr, mptr);
						printf("exec=[%s]\n", sarp);
						system(sarp);
						
						bzero(sarp, 2048 * sizeof(char));
						snprintf(sarp, 1024 * sizeof(char), "%s %s", iadr, madr);
						sign(sarp, 2048, secs + 1, aptr);
						
						sendto(sock, sarp, strlen(sarp) * sizeof(char), 0, (struct sockaddr *)&cobj, sizeof(cobj));
						printf("sent=[%s]\n", sarp);
					}
					
					else
					{
						printf("erro=[range: %ld <= %ld <= %ld]\n", aadr, last[y].a, badr);
					}
				}
				
				else
				{
					printf("erro=[uniq: %ld]\n", ipvf(iptr));
				}
			}
			
			else
			{
				temp[30] = '\0';
				//printf("erro=[vrfy: (%s...) (%s) (%ld) (%ld)]\n", temp, hptr, secs, last[y].l);
			}
		}
		fclose(fobj);
	}
}

void ahnd(int sig)
{
	printf("No mesg\n");
}

void clnt(char **args)
{
	int sock, bron = 1;
	unsigned long tips, secs;
	char pass[2048], mesg[2048], temp[2048], sarp[2048];
	socklen_t slen;
	struct sockaddr_in cobj;
	
	//char *brod = "255.255.255.255";
	//signal(SIGALRM, ahnd);
	
	struct sigaction sact = { .sa_handler = ahnd, .sa_flags = 0 };
	sigaction(SIGALRM, &sact, NULL);
	
	bzero(pass, 2048 * sizeof(char));
	fgets(pass, 1024, stdin);
	strp(pass, strlen(pass));
	
	while (1)
	{
		char *iadr = gnet(args[2], 'i'), *madr = gnet(args[2], 'm'), *badr = gnet(args[2], 'b');
		
		sock = socket(AF_INET, SOCK_DGRAM, 0);
		setsockopt(sock, SOL_SOCKET, SO_BROADCAST, &bron, sizeof(bron));
		
		cobj.sin_family = AF_INET;
		cobj.sin_port = htons(31337);
		inet_aton(badr, (struct in_addr *)&cobj.sin_addr.s_addr);
		
		bzero(mesg, 2048 * sizeof(char));
		snprintf(mesg, 1024 * sizeof(char), "%s %s", iadr, madr);
		
		secs = time(NULL);
		sign(mesg, 2048, secs, pass);
		
		sendto(sock, mesg, strlen(mesg) * sizeof(char), 0, (struct sockaddr*)&cobj, sizeof(cobj));
		printf("Sent mesg %s with socket %d to %s\n", mesg, sock, badr);
		
		slen = sizeof(cobj);
		bzero(mesg, 2048 * sizeof(char));
		alarm(1);
		recvfrom(sock, mesg, 1024 * sizeof(char), 0, (struct sockaddr *)&cobj, &slen);
		alarm(0);
		strp(mesg, strlen(mesg));
		
		char *hptr = strrchr(mesg, ' '); if (hptr != NULL) { *hptr = '\0'; ++hptr; }
		char *tptr = strrchr(mesg, ' '); if (tptr != NULL) { *tptr = '\0'; ++tptr; }
		
		char *mptr = strrchr(mesg, ' ');
		char *iptr = mesg;
		
		if ((hptr != NULL) && (tptr != NULL) && (mptr != NULL))
		{
			bzero(temp, 2048 * sizeof(char));
			strcpy(temp, mesg);
			
			tips = atoi(tptr);
			*mptr = '\0'; ++mptr;
			
			if (vrfy(temp, 2048, pass, hptr, time(NULL) - 5, tips, secs) == 0)
			{
				safe(iptr); safe(mptr);
				
				bzero(sarp, 2048 * sizeof(char));
				snprintf(sarp, 1024 * sizeof(char), "arp -d '%s'", iptr);
				printf("exec=[%s]\n", sarp);
				system(sarp);
				
				bzero(sarp, 2048 * sizeof(char));
				snprintf(sarp, 1024 * sizeof(char), "arp -s '%s' '%s'", iptr, mptr);
				printf("exec=[%s]\n", sarp);
				system(sarp);
			}
			
			else
			{
				temp[30] = '\0';
				//printf("erro=[vrfy: (%s...) (%s) (%s) (%ld) (%ld)]\n", temp, pass, hptr, tips, secs);
			}
		}
		
		close(sock);
		//break;
		sleep(5);
	}
}

int main(int argc, char **argv)
{
	if (strcmp(argv[1], "s") == 0)
	{
		serv(argv);
	}
	
	if (strcmp(argv[1], "c") == 0)
	{
		clnt(argv);
	}
	
	return 0;
}

sha256.c

#define SHA256_LENGTH 32

#define uchar unsigned char // 8-bit byte
#define uint unsigned int // 32-bit word

// DBL_INT_ADD treats two unsigned ints a and b as one 64-bit integer and adds c to it
#define DBL_INT_ADD(a,b,c) if (a > 0xffffffff - (c)) ++b; a += c;
#define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b))))
#define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b))))

#define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22))
#define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25))
#define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3))
#define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10))

typedef struct {
   uchar data[64];
   uint datalen;
   uint bitlen[2];
   uint state[8];
} SHA256_CTX;

uint k[64] = {
   0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
   0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
   0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
   0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
   0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
   0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
   0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
   0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
};

void SHA256_TRANSFORM(SHA256_CTX *ctx, uchar data[])
{
   uint a,b,c,d,e,f,g,h,i,j,t1,t2,m[64];

   for (i=0,j=0; i < 16; ++i, j += 4)
      m[i] = (data[j] << 24) | (data[j+1] << 16) | (data[j+2] << 8) | (data[j+3]);
   for ( ; i < 64; ++i)
      m[i] = SIG1(m[i-2]) + m[i-7] + SIG0(m[i-15]) + m[i-16];

   a = ctx->state[0];
   b = ctx->state[1];
   c = ctx->state[2];
   d = ctx->state[3];
   e = ctx->state[4];
   f = ctx->state[5];
   g = ctx->state[6];
   h = ctx->state[7];

   for (i = 0; i < 64; ++i) {
      t1 = h + EP1(e) + CH(e,f,g) + k[i] + m[i];
      t2 = EP0(a) + MAJ(a,b,c);
      h = g;
      g = f;
      f = e;
      e = d + t1;
      d = c;
      c = b;
      b = a;
      a = t1 + t2;
   }

   ctx->state[0] += a;
   ctx->state[1] += b;
   ctx->state[2] += c;
   ctx->state[3] += d;
   ctx->state[4] += e;
   ctx->state[5] += f;
   ctx->state[6] += g;
   ctx->state[7] += h;
}

void SHA256_INIT(SHA256_CTX *ctx)
{
   ctx->datalen = 0;
   ctx->bitlen[0] = 0;
   ctx->bitlen[1] = 0;
   ctx->state[0] = 0x6a09e667;
   ctx->state[1] = 0xbb67ae85;
   ctx->state[2] = 0x3c6ef372;
   ctx->state[3] = 0xa54ff53a;
   ctx->state[4] = 0x510e527f;
   ctx->state[5] = 0x9b05688c;
   ctx->state[6] = 0x1f83d9ab;
   ctx->state[7] = 0x5be0cd19;
}

void SHA256_UPDATE(SHA256_CTX *ctx, uchar data[], uint len)
{
   uint i;

   for (i=0; i < len; ++i) {
      ctx->data[ctx->datalen] = data[i];
      ctx->datalen++;
      if (ctx->datalen == 64) {
         SHA256_TRANSFORM(ctx,ctx->data);
         DBL_INT_ADD(ctx->bitlen[0],ctx->bitlen[1],512);
         ctx->datalen = 0;
      }
   }
}

void SHA256_FINAL(SHA256_CTX *ctx, uchar hash[])
{
   uint i;

   i = ctx->datalen;

   // Pad whatever data is left in the buffer.
   if (ctx->datalen < 56) {
      ctx->data[i++] = 0x80;
      while (i < 56)
         ctx->data[i++] = 0x00;
   }
   else {
      ctx->data[i++] = 0x80;
      while (i < 64)
         ctx->data[i++] = 0x00;
      SHA256_TRANSFORM(ctx,ctx->data);
      memset(ctx->data,0,56);
   }

   // Append to the padding the total message's length in bits and transform.
   DBL_INT_ADD(ctx->bitlen[0],ctx->bitlen[1],ctx->datalen * 8);
   ctx->data[63] = ctx->bitlen[0];
   ctx->data[62] = ctx->bitlen[0] >> 8;
   ctx->data[61] = ctx->bitlen[0] >> 16;
   ctx->data[60] = ctx->bitlen[0] >> 24;
   ctx->data[59] = ctx->bitlen[1];
   ctx->data[58] = ctx->bitlen[1] >> 8;
   ctx->data[57] = ctx->bitlen[1] >> 16;
   ctx->data[56] = ctx->bitlen[1] >> 24;
   SHA256_TRANSFORM(ctx,ctx->data);

   // Since this implementation uses little endian byte ordering and SHA uses big endian,
   // reverse all the bytes when copying the final state to the output hash.
   for (i=0; i < 4; ++i) {
      hash[i]    = (ctx->state[0] >> (24-i*8)) & 0x000000ff;
      hash[i+4]  = (ctx->state[1] >> (24-i*8)) & 0x000000ff;
      hash[i+8]  = (ctx->state[2] >> (24-i*8)) & 0x000000ff;
      hash[i+12] = (ctx->state[3] >> (24-i*8)) & 0x000000ff;
      hash[i+16] = (ctx->state[4] >> (24-i*8)) & 0x000000ff;
      hash[i+20] = (ctx->state[5] >> (24-i*8)) & 0x000000ff;
      hash[i+24] = (ctx->state[6] >> (24-i*8)) & 0x000000ff;
      hash[i+28] = (ctx->state[7] >> (24-i*8)) & 0x000000ff;
   }
}


August 18, 2014

15th Aug, Independence Day, a Beggar and a Tea
On this 15th August, afternoon, I was sipping on a tea at a roadside stall, sitting on a bench, waiting for a colleague, when I heard an aged female voice over my head, 'चहा पाजतु का दादा' ('would you help with some tea'). Before I could realize that there was a fairly old couple, woman having a limped leg, and old man, mostly her husband in 70s, were asking the two cab drivers for some tea, the cab drivers responded, 'पाजतु ना' (sure why not). I generally have a strict rule of not heeding to the pleas of beggars (and I have my moral position on that considering the beggar mafia openly ruling the streets in Mumbai), but once in a while some one catches your attention and you just can't help stopping yourself from doing something if not just giving away 2 rupees. This time the instant assurance of the cab driver to buy them two cups of tea caught my eye and especially ear. The old couple did not look exactly like beggars, their clothes were fine for someone from rural area, just helpless people out of home, out of money and without any support at all. The driver asked her about her situation, whether she has a family etc. to which the woman told him about her only son, a drunkard, who is selling off every vessel and nut of the house for his liquor, his beaten up wife has left the house and prefers staying at her parents, even the land and farm in the village are on the way to get sold, the son has lost so much of himself that he even runs after his father with a knife in hand for money for his drink. So finally, they have been thrown out to roam on streets and beg for 2 rupees as the old man could not get any physical work, while woman was already on one leg and a stick in hand. Quite a heart-touching story it was, and for most of it, it looked real.

I was silently appreciating the cab drivers kindness of lending the tea for two, just then he said something to the woman, something so drastic, unimaginable, sudden and sharp, that it took that moment to a completely different level for me. "Now listen to me, do one thing, both of you, there's a railway-station nearby, just go there. Walk a few yards beyond the platform and then just sleep on the tracks. And ohh yes! bring your son too and make him go under the train before you go." Cruel. Disgusting insults on two lives of more than 70 years by someone in his 30s, in exchange of two 'cutting chai' Rs 6 each. Realization of why one poor showed some pity on another poor, for being able to insult in such a way and enjoy the authority to do so for just 12 bucks was worse than my own cruel rule of ignoring beggars and a little guilt that follows at times. But that was not the end. The woman was adamant for continuation of her son's life, as well as her own. Death was not an option for her, life, no matter what it meant had to be lived. I didn't understand the need of her 2-3 sentences of adamant denial to the man who advised death, but appreciated the will to survive.

Once this was settled, the drivers gone, and couple calmly sipping the tea, I initiated a talk with the woman with no specific plan. As she went on about her helplessness, and as she said 'our nature is of giving not begging, but have to do it', it had both a reflection of a decent past, a little bit of pride, and huge hollowness of everything before survival. With an intent to help in a more meaningful manner, I asked her to stop roaming around like beggars at this age, asked if she knew anything about any charitable organizations nearby. On knowing that the couple knew nothing of the sorts, I gave them options where they could find some help. At least a roof, and some food on daily basis. This included some charitable orphanages, Temple trusts, rich spiritual shrines nearby, including a Balaji temple, Gurudwara, Sai Baba temple, a list of social and govt organizations who could help, and were within few minutes distance by train, the nearest of them being a Buddha vihar at a 5 mins of walking distance. She looked intrigued and willing to consider those suggestions over the option of begging on streets. But then something happened that took me on another mental journey altogether.

This woman, defeated by life, defeated by the conditions, betrayed by her own blood, having been asked to die in exchange of two cutting chai, having lost the meaning of her life if anything was there, came closer and in a slightly lowered voice, repeated the list of places I suggested, took names of all the gods, whose named trusts I suggested, went on adding gods from her own list, and said she will go to any of them, Balaji will do, even Sai Baba will do, "but I will NOT go to the Buddha temple!" Shocked and taken aback, I tried to recompose and asked "why not, its just there, beyond this street" but "No, not that. No Buddha temple!"

My friend had arrived, he called me out, and off we went. I kept looking back for a while, not sure if indeed physically turning my neck or just in my thoughts, but her words kept coming back.

Its not that I didn't get what she meant, she certainly did not know a thing about Buddha's teachings, so there was no way I could take it as an offence against Buddha, also since I wasn't selling her any religion or preaching there, merely advising on what places she could go, being an atheist actually listing most of the temples, her choice of any of them had no bearing on what I should have felt. But why would a woman, in her condition, rather than making a simple choice of where she should go, takes efforts to let me know where she would NOT go, no matter what. So all my educated and intellectual friends, please spare a moment to think over it why this would have happened. Why for a poor Hindu (ahh well there were enough signs on them to suggest that, so don't bring up the stereotypical allegation of stereotyping religion. Sometimes common sense prevails), a Sikh charity is all right, any imaginary god is fine, government is fine, even a Muslim sage is fine, but not a very own Indian real person of the stature of Buddha whose teachings have shaped major part of our accommodating non-violent culture, not so fine? Put your grey cells to work and make me understand the contradiction to the intellectual Indian's constant rhetoric that Buddha is very much Hindu and very much a part of the same system, just another 'panth'(branch), in the same family of spiritual and cultural traditions against the practicality of this unusual separatism.

No, its not just Buddha. Of course he does not fit as well as the intellectuals try to fit him into the Indian Hindu nationalist spiritual rhetoric. But there is something deeper than that. If you know even a little bit about rural Maharashtra, Buddha means only one thing, the new God of the 'untouchable' people, the 'untouchable God'. By all means the emotional journey over the sad life of a poor old couple, took me through several planes and suddenly dropped in the pile of castes. Making me realize that even beggars could have a false-pride, note that its not your good romantic self-esteem, its an outrageous, unnatural, hollow pride. And my dear friends, I know some of you who love me a little extra would be jumping to put the credit of bringing caste into this, but no, it was forced. Forced by the woman thrashed on the roads, by her own son, still having a hollow sense of pride and separatism based on a very 'important(?)' aspect of her life, the caste. Being unnecessarily looked down or rejected by the people with possessions is not at all new for someone from depressed class, but being looked down, for no reason from someone with no possessions, no powers, no resources and no knowledge, only on the basis of a false sense of caste-pride and that hollow dignity was all new experience that intellectual educated Indians will rarely understand. No my dear friends, its not that a beggar cannot look down upon someone, its not that a beggar cannot have a self-esteem, every researcher and every sage who lives on donation amounts and free alms is a beggar, so any beggar with apt possessions in various moral and ethical forms can and should have the dignity, self-esteem, self-respect, but when its based on something as stupid and as ugly as caste, its not a self-esteem, its a farce, ugly farce, that's going on for generations after generations. Its everywhere, and each one of the depressed class human, and not just human but even their God, is facing it every day. I could give number of examples of casteist attitudes and insults thrown towards people I know personally, experiences of my own, but don't want to dilute the intensity of this one experience, they are more of a regular offences, everybody likes to turn blind eye to them. But no matter how much you deny, caste is 'the' en-slaver of Indian mind, just remember how you got married or how in future you would and you would know what I mean. The society and the mind of Indians are still not free from this mental gutter which does transform itself into physical plagues on a regular basis. The freedom is a long awaited dream and far away target. Hope the real freedom will rise some day. May the old couple get to any one of the place and spend their remaining life in peace and in search of meaning, not just bread and pride.

[P.S. So my educated intellectual friends, no matter what your opinions are, on what basis they are formed, and no matter how much you declare yourself not guilty of being part and fuel in this entire scheme of caste based discrimination, atrocious culture and separatism, if you utter a word about caste being just a political tool, not a social evil as much, it being only irrelevant and non-existent or a non-significant problem, and claim that your religion(whichever it is) has no base for this menace, and its the dalits/untouchables that are responsible for its existence, just imagine the level of sanity that would be attributed to you. If there is any anger or bitterness in my words, its not against the poor lady, she is just another slave of the system, so the anger is against this system, against this culture. Also this is not just a random rambling, yes there would be proactive opponents who would ask what's the use of all these rants. But before going into the usefulness of words against actions and before some outrageous good-for-nothing person asks about the evidence of action(the usual 'what have YOU done'), let me remind that I am not obliged to answer that, this is a collection words and thoughts based on personal experience without any specific target, apart from a simple objective of expression and hope that even if some of the people realize how deep rooted the imprints of caste and its false pride and divisiveness are on the Indian mind, even if only a few realize how much disservice this attitude of forced separatism with false superiority is doing towards overall economic, social and spiritual growth of the people of this country and people who follow this culture, even if only one person at a time changes his/her mental attitude on reading such snippets of experiences, it would be enough for this much writing effort. You don't inhale each breath with a plan to change the world, with every breath its only the oxygen that matters, rest goes on independently. Hope sane people get sane message to ponder upon from this slightly painful but a lot more disturbing experience. (uff, see how many defenses one has to be prepared with even before talking about such topics in a supposedly free speech society!)]
Empathy und Contacts momentan unbenutzbar [Update]

Die Gnome Apps Contacts (Kontakte) und Empathy sind momentan nicht benutzbar, da sie beim Start sofort abstürzen. Schuld daran ist die Version 0.9.14-3 von Zeitgeist. Jedoch scheint auch das Bugfix-Update auf Version 0.9.14-4 das Problem nicht zu lösen.

Wer dennoch Empathy und/oder Contacts weiterhin nutzen möchte, muss Zeitgeist manuell auf die Version 0.9.14-2 downgraden. Für x86_64 Systeme lautet der Befehl dazu:

su -c'yum install https://kojipkgs.fedoraproject.org//packages/zeitgeist/0.9.14/2.fc20/x86_64/zeitgeist-0.9.14-2.fc20.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/zeitgeist/0.9.14/2.fc20/x86_64/zeitgeist-libs-0.9.14-2.fc20.x86_64.rpm'

bzw. für i686 Systeme wie folgt:

su -c'yum install https://kojipkgs.fedoraproject.org//packages/zeitgeist/0.9.14/2.fc20/i686/zeitgeist-0.9.14-2.fc20.i686.rpm https://kojipkgs.fedoraproject.org//packages/zeitgeist/0.9.14/2.fc20/i686/zeitgeist-libs-0.9.14-2.fc20.i686.rpm'

Nach dem erfolgten Downgrade sollten Empathy und Contacts sofort wieder benutzbar sein und nicht mehr beim Start abstürzen.

Update

Inzwischen gibt es ein Update auf zeitgeist 0.9.16, welches in Kürze in updates-testing landen sollte und das Problem beheben soll.

Is WebRTC private?

With the exciting developments at rtc.debian.org, many people are starting to look more closely at browser-based real-time communications.

Some have dared to ask: does it solve the privacy problems of existing solutions?

Privacy is a relative term

Perfect privacy and its technical manifestations are hard to define. I had a go at it in a blog on the Gold Standard for free communications technology on 5 June 2013. By pure co-incidence, a few hours later, the first Snowden leaks appeared and this particular human right was suddenly thrust into the spotlight.

WebRTC and ICE privacy risk

WebRTC does not give you perfect privacy.

At least one astute observer at my session at Paris mini-DebConf 2014 questioned the privacy of Interactive Connectivity Establishment (ICE, RFC 5245).

In its most basic form, ICE scans all the local IP addresses on your machine and NAT gateway and sends them to the person calling you so that their phone can find the optimal path to contact you. This clearly has privacy implications as a caller can work out which ISP you are connected to and some rough details of your network topology at any given moment in time.

What WebRTC does bring to the table

Some of this can be mitigated though: an ICE implementation can be tuned so that it only advertises the IP address of a dedicated relay host. If you can afford a little latency, your privacy is safe again. This privacy protecting initiative could be made by a browser vendor such as Mozilla or it can be done in JavaScript by a softphone such as JSCommunicator.

Many individuals are now using a proprietary softphone to talk to family and friends around the world. The softphone in question has properties like a virus, siphoning away your private information. This proprietary softphone is also an insidious threat to open source and free operating systems on the desktop. WebRTC is a positive step back from the brink. It gives people a choice.

WebRTC is a particularly relevant choice for business. Can you imagine going to a business and asking them to make all their email communication through hotmail? When a business starts using a particular proprietary softphone, how is it any different? WebRTC offers a solution that is actually easier for the user and can be secured back to the business network using TLS.

WebRTC is based on open standards, particularly HTML5. Leading implementations, such as the SIP over WebSocket support in reSIProcate, JSCommunicator and the DruCall module for Drupal are fully open source. Not only is it great to be free, it is possible to extend and customize any of these components.

What is missing

There are some things that are not quite there yet and require a serious effort from the browser vendors. At the top of the list for privacy:

  • ZRTP support - browsers currently support DTLS-SRTP, which is based on X.509. ZRTP is more like PGP, a democratic and distributed peer-to-peer privacy solution without needing to trust some central certificate authority.
  • TLS with PGP - the TLS protocol used to secure the WebSocket signalling channel is also based on X.509 with the risk of a central certificate authority. There is increasing chatter about the need for TLS to use PGP instead of X.509 and WebRTC would be a big winner if this were to eventuate and be combined with ZRTP.

You may think "I'll believe it when I see it". Each of these features, including WebRTC itself, is a piece of the puzzle and even solving one piece at a time brings people further out of danger from the proprietary mess the world lives with today.

To find out more about practical integration of WebRTC into free software solutions, consider coming to my talk at xTupleCon in October.

A week of gnome 3 from a Xfce using sysadmin

You don’t see too many of these posts anymore, I suspect because most folks (Myself included) are pretty set in their ways so if they haven’t switched to gnome3, they aren’t as likely to anymore. Mostly I wanted to look at wayland and gnome3 in rawhide has a handy way to do that, so I decided I should try and give gnome another try (it’s been years) and see if it still wasn’t for me. Also, I thought it would be good to get some better up to date info on things to help other users out, even if I did go back to my regular desktop. Also, there has been a fair bit of talk about capturing the ‘sysadmin’ user for Fedora workstation, and since I am a sysadmin, I thought it might help out if I tried things out and pointed out issues I ran into.

Sadly, the wayland/gnome-shell in rawhide right now (at least with my hardware) is very crashy. It’s not really possible to use it day to day and get any kind of feel for things. Also, things like tap to click aren’t possible there and thats way way too disruptive to my workflow to handle right now. So, I decided since I was already trying things out, might as well just give gnome3 under X a shot again. Of course this is rawhide, so some things I ran into could well have been bugs or general brokenness.

Some ground rules I decided for myself: I wouldn’t tell anyone in advance I was doing this (so I could ask them later if they thought I was more or less productive) and I wouldn’t seek help on IRC or mailing lists, only ddg searches or looking around myself.

I probibly spent about an hour configuring my apps and basic stuff so it would be usable at first, then poked at various things as I went along and they bothered me.

Here’s a list of observations, in no particular order:

  • There’s amusingly only 1 gnome extension available that works with the gnome version in rawhide. World clock. I was confused for a bit before I saw the dropdown to have it search for all versions.
  • Of course this meant that I had to search out the magic incantation to disable the version check so other extensions would work. Perhaps this could be added to a UI somewhere? Or at least gnome-tweak-tool?
  • Some extensions still wouldn’t work or install, and I could see no feedback on why. Perhaps allow some kind of log viewing from the extensions setting pref?
  • The two finger scrolling is fine, but I was used to edge scrolling… wish there was an option for it, as it feels more natural to me. Of course it’s only one synclient command away.
  • I am very very very anoyed by not being able to set it to do nothing on lid close on AC power. Of course I can and did, but I had to bypass the settings entirely and add my own startup script with an inhibit. I understand that the default should be for it to suspend, but not allowing users to override this is doing them a disservice. I’d be happy if there was a warning, or even a dconf key that you had to look up, or anything. Just removing any way to do it within gnome makes people go and bypass it (in systemd or via a inhibt script), so you don’t really get anything positive by forcing them to do this other than the impression that you don’t care about their perfectly valid use cases.
  • For many many years I had a small script that I used with xscreensaver. It would listen for lock events and run ‘ssh-add -D’ and tell the keyring to forget my gpg passphrases and tell keepassx to lock. I couldn’t find any way to get gnome screensaver to do this. Would be wonderful if it was a pref. I think there’s lots of folks who don’t want their keys to be unlocked on their laptop while they are away from it. Alternately a timeout after which it would forget, or a option to make it always ask for your passphrase would be welcome.
  • Not natively saving sessions seems odd to me as well. I was easily able to add my apps via gnome-tweak-tool, but why wouldn’t you want to restart all the things someone had running after a relogin? Restarting apps all the time is a waste of time, especially when you run rawhide and reboot daily or so.
  • The message tray doesn’t really do too great with non native gnome apps. Hexchat for example shows up there, but I can’t see any of it’s back notifications or anything. Some notifications appear and then go away, never to be seen again. I’d really love a queue I could scroll through and clear. I gather a revamp of notifications is planned for 3.14, so we will see. Also, it seems some notifications do show up ok from hexchat, so not sure what causes some of them to not stay around.
  • One amusing bit of fallout from disabling suspend on lid close: My laptop has a touchscreen and sometimes when closed the keyboard presses on it somehow and generates events. One night I closed the laptop and went to bed, only to be woken up a short time later by my Girlfriend. She indicated my laptop was making crazy noises. It seems it managed to enable the ‘screen reader’ assist on the lockscreen and was trying to read the garbage in the login box. I then disabled the ‘show assistive menu’ option. ;) I guess no one runs into this because they suspend always on lid close. :(
  • One issue I ran into a few years ago was that I switch between things a great deal. I want it to be fast. I am happy to say that alt-tab is working pretty nicely to switch between applications now. It’s nearly as quick as a desktop change in Xfce. I’m pretty impressed with the advance in graphics handling.
  • A few times now I have had gnome shell suddenly make everything unusably big (like it forgot it’s on a HIDPI display). I haven’t been able to pinpoint what causes this yet, but definitely a anoying bug. When I happens sometimes I need to reboot, sometimes just restart the session/gdm.
  • I wish there was a way to save the positional settings for gnome-terminal better. I can get it to start one on login, but then I need to move it where I want it, start another few, etc. For sysadmin use, terminals are really important. Remebering which were tiled, how many tabs, etc would be very helpful. I finally settled on 2 terminals tiled to each side and running tmux locally on one and the other for remote tmux on our Fedora admin host. Having to set them up each time was a bit of a annoyance tho.
  • https://github.com/hadess/iio-sensor-proxy works nicely (at least until I suspend) for autorotating on my yogo 2 pro. Nice work! :)
  • The “shield” has some issues as many folks have mentioned of late. I would be very happy with the proposed patch that makes it appear on any one keypress and go away on any second keypress. I always use shift or control on screensavers so as not to send input to them I don’t intend or can’t see. It would also be nice if the shield detected the lid was closed and just refused anything until the lid opens.
  • (very minor) The menu has “Location” and says it’s enabled. If I click on that I get a “disable” Option. How about displaying what it thinks my location is there? Or an option to ‘refresh’ or something.
  • I like having a UTC clock, and was able to add one with the panel world clock, but there was no UTC option, I had to read comments to see I needed to select some city in iceland. Please add a UTC option.
  • The brightness I have selected doesn’t seem to persist through reboots. :( systemd correctly resets it when I boot up, but then when I login I get 100% full brightness. Not sure if thats intentional, or a bug.
  • I’m not really using workspaces currently. It seems like they should be more useful, but it just seems like they make things harder to switch between. I suppose if you had several very clearly different tasks that you switched between rarely it could be nice.

So, thats after a week of use. ;) Am I going to stick with it? I’m not fully sure… I think I could be productive and use it full time, but a few of the issues are irritating. I’d put the lid suspend issue at the top, then saving of terminal positions next, followed by the inability to hook into the lockscreen or have options for forgetting ssh/gpg. All the rest are pretty minor overall, and I don’t think I was all that much less productive.

I’ll likely file a few bugs I ran into and chime in on a few more and see what happens over the next few weeks on those…

Type coercions for untyped query languages

In this post, we’re going to introduce two kinds of implicit type conversions that are common in database query languages:

  1. Type widening, in which a value of type T is converted to a value of some wider type T’, where T ⊆ T’. As an example, given the expression b / d, where b holds an unsigned 8-bit value and d holds a double-precision floating-point value, a type-widening conversion would convert the value of b to a double-precision value and use this value as the left-hand operand of a floating-point division.
  2. Type translation, in which a value is transformed to produce a value of some unrelated type. As an example, consider a programming language that evaluates the expression sd / d as floating-point division where d is a double-precision floating-point value and sd is a string value that represents a number.

Type widening is common in typed general-purpose programming languages. For example, in C or Java, a / b is integer division with an integer result if both a and b are integer values but floating-point division — evaluating to the wider of the types of its operands — if either a or b is a floating-point value. Similarly, it is generally possible in such languages to assign a value of a narrower type to a variable of a wider one.

However, type translation (by necessity) only appears in untyped1 languages. This is the case because types are static properties but we cannot in general statically determine whether or not type translations will succeed. By allowing type translation, we are thus necessarily deferring decisions about whether or not a program fragment makes sense in some type system until it executes, and trading some flexibility for the possibility of runtime errors. Some programming communities regard this as an acceptable tradeoff.

Several extant database systems, including Hive, PostgreSQL, SQLite (see also here), and Microsoft SQL Server) support both type widening and type translations, so that one can, for example, take the cosine of the string representing a double-precision floating point value.

In subsequent posts, we’ll look at what type coercions some of these systems support and present general approaches to implementing support for type widening and type coercion in language interpreters, with specific techniques for realizing these general approaches in interpreters implemented in Scala.


  1. It may also appear in languages in which all programs are trivially well-typed and in which the type system thus cannot provide useful static guarantees about runtime behavior. An example such language is Tcl, where everything is a string. (By most definitions of typedness, though, “trivially typed” languages are untyped.)

Fedora Server News Update

Well, we’ve certainly been neglecting this blog lately, haven’t we?

A lot has been happening these last several months on Fedora Server. As we approach the Fedora 21 Alpha date (delayed several times due to events outside our control), now is a good time to look back at the progress that we have made.

I (Stephen Gallagher) gave a detailed talk at the recent Flock conference in Prague on the state of the Fedora Server, highlighting the three primary technologies that we are working on. My friend and colleague Paul Frields wrote up an excellent summary (with link to the video) over at the Fedora Magazine. Check it out!

Bugspad and Future Plans

Code cleaning, and rigourous testing and bug fixing, underwent this week. Tested the instance with bigger datasets, and the tested for response times.
The current code, is also a bit untidy, and needs some refactoring. So, I have started my work on making, a design documentation, with explicit, details,
of the workflow of the application. Currently hand-drafting it, then I would be digitising it(For the time being I am uploading my workflow explanation,
charts which is not of great quality :P ). I have divided the whole workflow, according to urls, and then subdiving it into components, which have an
effect on the performance (especially speed), directly, ie all SQL/Cache queries, being made. This would allow a clear idea, of the purpose, and role
of each component. This would also invite more contributors, and increase the understandability of the current code. Also, it would allow to focus especially,
on the bottlenecks of time in the workflow, and experiment, with different available tools and methods. So, this would be what I would doing into next week. Cheerio!
IMG_20140818_190205468

IMG_20140818_190144592

IMG_20140818_190045239

IMG_20140818_190022250


Threat: Joe the Backhoe Operator

BackhoeSmall

Where Dennis the Weatherman is a proxy for all the threats nature can pose, Joe the Backhoe Operator is a proxy for man-made threats outside the data center.

Backhoe Fade is a familiar term in the telecommunications industry, where it refers to construction activities cutting cables. This can be anything from a single network link to a major fibre optic link affecting millions of people. The classic example is a backhoe operator digging in a field in the middle of nowhere who digs right through a cable, taking out a major telecommunications link.

Closely related to backhoe fade is damage to undersea cables, often from ships dragging anchors across the cables and severing them. And, of course, sharks… How Google Stops Sharks From Eating Undersea Cables

While not necessarily a classical security threat, and not a threat to system integrity in the same way as other threats we have discussed, backhoe fade is a great threat to system availability and business continuity.

Major data centers will typically have multiple redundant, physically separated network connections to allow them to route around network failures.

Unfortunately, it is much less common for individual buildings where people actually work to have such redundant network connections. If the hundreds of people in your office can’t get to the corporate data systems, it really doesn’t matter which end of the cable has been cut…


New badge: Grillardin (Cookbook III) !
Grillardin (Cookbook III)You have published 15 recipes in the Fedora Cookbook. Delicious!
Fedora + Flattr
<script></script>

From time to time, I might, just might, put something on the Fedora Planet that might enjoy or it might help you with a problem you’ve been having, with that in mind, and seeing as hosting doesn’t pay for itself, I’ve added a flattr button to my posts.  Don’t feel you have to contribute anything, I just put it there if you’re feeling generous.

I’ve also been interested in getting more badges, https://badges.fedoraproject.org/ so I’ve joined a few teams that are of interest to me and ones that I can hopefully contribute to.  Let’s see what happens.

I also notice that Flock 2015 is ready for bids, so if you feel you can handle it, then register your tender here - https://fedoraproject.org/wiki/Flock_bid_process

I seriously would like a Flock UK, wonder if I can sort something for the 2016 bid process.

The post Fedora + Flattr appeared first on Paul Mellors [dot] NET.

flattr this!

3D Printing Workflow with InkScape

After some serious pushing from the guys at the office, I finally decided to briefly sum-up my (quite basic, to be honest) 3D-printing work-flow.

Let’s s say you want to 3D-print some of your awesome Fedora Badges. I’ll take the Free Media Badge as an example.

The tools

I use Fedora 20 on a daily basis, so my toolchain consists of

Prep

First-up install the software:
sudo yum install inkscape openscad git

Then clone the Paths2Openscad repo and “install” the extension
git clone https://github.com/rajcze/paths2openscad
cd paths2openscad
ln -s `pwd`/paths2openscad.* ~/.config/inkscape/extensions

Download the badge and open it up in Inkscape.
Screenshot from 2014-08-18 14:00:17

The actual workflow

First up, simplify the badge to the basic shapes you want to have printed:
Screenshot from 2014-08-18 14:04:03

Make sure that all the objects are paths by using Path→Object to Path on each object.
Next-up I usually like to divide the layers visually by height – set the objects’ colours differently for each intended extruded height.

Screenshot from 2014-08-18 14:17:39

Then, change each of the object’s ID to represent its required extruded height. The Paths2Openscad extension uses the object ID as a name for each path, so you will know which object is which path.

Screenshot from 2014-08-18 14:18:53
Screenshot from 2014-08-18 14:18:37
Screenshot from 2014-08-18 14:19:11
Screenshot from 2014-08-18 14:19:25

To export the “model” into OpenScad format, just select all the pieces and hit Extensions→Generate from path→Paths to OpenScad.

If you used my modified version, then there is one neat trick you can use – if you named the objects in a way, that the ID ends in NNN_mm or NNN_NNN_mm pattern (where NNN is any integer), the extension will auto-magically set the heights for you. Just select the “Auto Height” option in the dialog.

Screenshot from 2014-08-18 14:22:41

You can see that the names and heights are set correctly in the exported file by opening, and rendering it in OpenScad:

Screenshot from 2014-08-18 14:24:25Screenshot from 2014-08-18 14:30:43

And that’s about it. I’ll update the post with the picture of 3D printed badge, as soon as I’ll be able to print it :) Happy Cooking!


FlocktoPune 2014 Day-2-3


I attended several talks and workshops at Flock on the third and the last day and found all of them interesting. However I would like to mention a few glimpses of them.

Jens Petersen who is the manager of Red Hat's i18n team (and my manager too) presented a talk with the title 'Fedora i18n past, present, and future'.


Few bullet points of his talk:
(a)  Goal of the Fedora i18n project: "Freedom to read and write in one's own language"
(b) Differences between l10n and i18n
(c) Evolution of Anaconda in terms of i18n
(d)  Evolution of Input method frameworks and next generation input method's architecture
(e) Fedora i18n projects

After his talk, we met "Carlos O'Donell" who is one of the maintainers of Glibc and we had a good discussion about following issues:-
(a) Translation process for man pages
(b) Collation problems in glibc for few Japanese scripts
(c) CLDR and Unicode data.
(d) Collation problems in glibc for Japanese hirgana and katakana scripts

We are looking forward to seeing more collaboration with the glibc team in the future.

I attended "Make tools with fedmsg" workshop by Ralph Bean and slides for the presentation can be found on page.

I found this workshop really useful because we use statusapp to keep a track of our team's weekly and monthly status reports and with the help of fedmsg I can automate at least 30-35% of team status.

Later that day I attended Haïkel's and Parag's package review hackfest


Marina and Owen presented "GNOME newcomers workshop", during workshop Owen described GNOME apps and desktop. During workshop,I had a wonderful chat with Kalev regarding library API issues.

I also attended security talks,Kernel testing and Rpm,dnf talk.
To sum up in a one line, "Flock is awesome, kudos to organizing team!!"
I am really glad to be part of such a passionate community and I would like to thank Fedora/Flock once again for my travel arrangements.

Stabilize videos in Linux with Transcode and Vid-Stab -

Having a camera that record videos was something I always wanted, however, I don’t have a stabilizer, so even if I have an awesome quality, my pulse movement isn’t helpful. That’s why I decided to take a look and see what options do I have in Linux and found Vid-Stab, which allows me to stabilize the image. vid-stab is a plugin for transcode, so first thing your need to do is to install it:

[tatica@susan Descargas]$ su -
[root@susan ~]$ yum -y install transcode

Now, you only need to download the plugin, uncompress it and install it: (Check the latest version at: http://public.hronopik.de/vid.stab/download.php?lang=en )

[tatica@susan Descargas]$ wget -c http://public.hronopik.de/vid.stab/files/vid.stab-0.98b-transcode-1.1-binary-x86_64.tgz
[tatica@susan Descargas]$ tar -zxvf vid.stab-0.98b-transcode-1.1-binary-x86_64.tgz
[tatica@susan Descargas]$ cd vid.stab-0.98b-transcode-1.1-binary-x86_64
[tatica@susan vid.stab-0.98b-transcode-1.1-binary-x86_64]$ ./install.sh

And that’s it, now it’s time to stabilize our video. First step is to generate a trf file where the info about the video frame will be stored and then will be used as source to edit the video itself.

[tatica@susan Videos]$ transcode -J stabilize -i ORIGINAL.mp4

Once you get the trf file, it’s time to transform the video:

[tatica@susan Videos]$ transcode -J transform -i ORIGINAL.mp4 -y xvid -o STABILIZED.mp4

And that’s it! You can always add more options to improve the output, change the codec or even apply a better movement reduction.

I took the liberty to make a video test and record Gris, our dog. I lost a bit of quality, however, stabilization work just awesome.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/Y-DTBXulhlc" width="560"></iframe>

Youtube Link: https://www.youtube.com/watch?v=Y-DTBXulhlc

flattr this!

Want to join the Red Hat Graphics team?

We have an opening in our Graphics Team to work on improving the state of open source GPU drivers. Your tasks would include working on various types of hardware and make sure it works great under linux and improving the general state of the Linux graphics stack. Since the work would include working on some specific pieces of hardware it would require the candidate to relocate to our Westford office, just north of Boston.

We are open to candidates with a range of backgrounds, but of course previous history with linux kernel codebase or the X.org codebase or Wayland is an advantage.

Please contact me at cschalle-at-redhat-com if you are interested.

FlocktoPune 2014 Day-0-1
This is my first Flock and Fedora conference though I have been contributing in Fedora from past years and eventually it happened in hustle. My plan was to attend GUADEC and Flock together but because of visa issues I could not attend GUADEC this year. This year's Flock was very special to us because  for very first time as a Fedora i18n team, we met each other in person.  It was great to meet each one in person. We exchanged our thoughts on how we can give i18n support to all Fedora products .



First and Second day were packed with great talks which were running in parallel. It was really difficult to choose which one to attend and which one to leave.

On first day Pravin gave talk on fonts in which he mentioned in length about OSFW, open source font world ,one can selectively choose and install fonts. Pravin’s session was then followed by Mike and myself in which we presented on "Text prediction on desktops".

Later in afternoon on first day, there were 3 excellent talks arranged at same time. The topics for afternoon session were
 (a) Fedora Workstation -Goals, Philosophy, and Future
 (b) Python 3 as Default
 (c) Wayland Input Status
I attended Fedora Workstation -Goals, Philosophy, and Future by Christian Schaller. This session was excellent as it highlighted that Desktops are still alive, who says they are dying? This session in particular was attended by large amount of people. The hall was jam pack with people standing, interested in Chritian’s talk. In his talk, Christian mentioned that Fedora Desktop's they are also considering use cases for Developers.This is very interesting for me and feels quite promising.

I must say "Christoph Wickert" had given nice talk on explaining concept behind different Fedora working groups and Fedora products. This talk was mainly intended for ambassadors so that they can explain these products back in community.

Second day started with talk by Stephen Gallagher on Fedora Server Role-ing. I was really impressed by cockpit-project and I would like to contribute to it with i18n work in future.

I attended “UEFI: The Great Satan and You” by Adam. I was curious about secure boot options and was quite happy to attend as explained it really well. There were lot of interesting questions from the audience especially about Microsoft and FSF's strategy on it.

The talk “NoSql in Fedora Infra” was delivered in Spanish and was also translated in English. I personally would like to see more of NoSql in Fedora. Yohan mentioned various Nosql databases and there use cases and how we can use them in Fedora infra. Ralph highlighted a point that we can use Fedmsg's messages to test performance of the NoSql's databases.

At the end of Second day I attended "Introduction to docker" and "Fedora.next.next: Planning for Fedora 22" talk. It's really exciting to see cool features that are coming in Fedora products.

I would like to thank Flock (Fedora) for my travel sponsorship and arrangements. Those were perfect! I wish to extend my gratitude to Ruth Suehle.
Musings on identity management

This post is an edited version of an email I sent to the Red Hat Identity Management (IdM) team mailing list that outlines the main take-aways from my first few months working on the FreeIPA identity management solution.

I’m over three months into my new gig on the identity management team at Red Hat now, so I would like to share a few thoughts about what I’ve learned about identity management.

I was excited to come into this role because of my innate interest in security and cryptography. I had little practical experience with PKI and security protocols beyond basic X.509/TLS and OpenPGP, so I have been relishing the opportunity to broaden my knowledge and experience and solve problems in this domain.

What I did not understand, when I joined, was just how much an effective IdM strategy and infrastructure can benefit businesses and large communities in the form of improved security and reduced risk (two sides of the same coin, one could argue) and of course, greater efficiency. The diversity of use cases and the versatility of our software to address these use cases also amazed me.

This added perspective motivates me to seek opportunities to talk to people and find out about their IdM needs and how existing offerings (ours or others) are falling short, and work out what we as a team can do to better meet and even anticipate their needs. It has also given me a foundation to explain to non-technical people what FreeIPA and related projects are all about, and help them understand how our solutions can help their business or community.

I say "community" above because I have begun to see that free software communities represent valuable proving grounds for FreeIPA. For example, a couple of weeks ago during PyCon Australia I was chatting to Nick Coghlan and learned that the Python community is currently struggling with a proliferation of identity silos – developer accounts, PSF memberships and roles, the main website, PyPI, and so on. Yet noone has put their hand up to address this. I didn’t quite commit to writing a PEP to fix all that (yet) but we agreed that this represents a great opportunity to employ FreeIPA to benefit an important project and community – important for our team and for Red Hat as well as for the software industry in general. How many other communities to whom we have links or on whom we rely could benefit from FreeIPA in a similar way? And how much will our solutions be improved, and new innovations discovered, by what we might learn in working with these communities to improve their identity management?

So, that’s most of what I wanted to say, but I want to thank you all for your assistance and encouragement during my first few months. It has been quite a shift adapting to working with a global team, but I am really enjoying working with you on Red Hat IdM and am excited for our future.

August 17, 2014

Servidor PHP5 + Apache + MariaDB server en local con Fedora 20
Como ando profundizando poco a poco en la programación Web y entre tanto framework de cada lenguaje como Zend, Symfony (entre otros) de PHP, Django de Python, Ruby on Rails de Ruby, lenguajes de programación unos orientados a desarrollo Web, otros generalmente para programas o scripts en local... esto acaba siendo un gazpacho de innumerables dimensiones.

Por lo pronto ando mejorando los conocimientos con PHP investigando sobre la orientación a objetos. Así puedo subirme a la "nueva" forma de programar. Y hasta que no domine bien las clases, métodos, atributos y multitud de cosas raras no creo que me vea dentro de un framework como Zend. Eso sí, a finales de este año deberé saber al menos hacer ¡una línea!

Pués, nos subimos al deportivo de las conexiones Web, y montemos el servidor local para trabajar. 

Primero, deberemos instalar los respectivos paquetes, httpd, mariadb-server, php, phpMyAdmin.
$ su -c "yum install php phpMyAdmin mariadb-server httpd"
Segundo, arrancamos los 'demonios' (de daemons en inglés).
$ su -c "systemctl start httpd mysqld"
Tercero, configuramos el servidor MariaDB.
$ su -c "mysql_secure_installation"
Este comando nos generará una serie de preguntas a las que deberemos atender. Generalmente lo que nos importará aquí es que debamos setear la contraseña de root. Que es la que más adelante utilizaremos para acceder a PHPMyAdmin, realizar conexiones con mysqli.... El resto de preguntas con pulsar todo enter no deberíamos tener problemas.

Y por último, una vez finalizada la configuración, accederemos a través de nuestro navegador accedemos a http://127.0.0.1 que es nuestra dirección local dónde tendremos nuestro servidor Web.


Ya tendremos nuestro servidor corriendo. Personalmente, no lo inicio cuando arranque el sistema (boot), porque prefiero lanzarlo solo cuando quiera trastear. Si os interesa mantenerlo iniciado desde el arranque deberéis entonces ejecutar los siguientes comandos:
$ su -c "systemctl enable httpd mysqld"
Para detenerlos.
$ su -c "systemctl stop httpd mysqld"
Antes de finalizar con este post. Os diré que los archivos de nuestros proyectos, o de cualquier cosa que dependa de un servidor, de otro o de ambos queda alojado en el directorio /var/www/html y por último daré un par de consejillos que nos hará la vida un pelín más feliz.

Debuggeando en PHP.

Esto es muy importante, la configuración por defecto de PHP ubicada en /etc/ como php.ini no tiene un buen debug. Esto supongo que está de este modo para utilizar en producción y olvidarse de que 'malechores' se aprovechen de los errores para acceder a los sistemas y 'corromper' o revender los datos de las DBs.

Para ello deberemos editar el fichero /etc/php.ini y modificar estas dos líneas tal que se queden del siguiente modo.
display_errors = On
error_reporting = E_ALL
Una vez hecho esto, reiniciamos el servidor httpd.

¿Permisos? ¿Problem officer?

Cuando pensamos en caliente, no hay nada más pedante que los permisos en GNU/Linux o en sistemas Unix-like. Y cargamos contra ellos. Sin embargo, nos enfriaremos un poco y lo haremos lo más simple posible.

Si vamos a trabajar en una carpeta llamada por ejemplo 'proyectos' en la que dentro de ella, crearemos proyectos independientes basta con hacer lo siguiente:
$ su -c "mkdir /var/www/html/proyectos"
$ su -c "chown tu_usuario:tu_usuario /var/www/html/proyectos"
Si por el contrario vas a poner patás arriba todo el directorio general o principal dónde trabajará el servidor Apache.
$ su -c "chown tu_usuario:tu_usuario /var/www/html/"
Esto es una configuración para un servidor local, ¡no para producción por el amor de dios!

¿Editores de texto? ¡No! Mejor un IDE

¡Cuántos quebraderos de cabeza nos da ya un editor simple de textos! Para eso tenemos un grupo de programas llamados IDE. Un IDE es un Entorno integrado de desarrollo (traducido a mi bardo español) en el que te hará la vida más sencilla a la hora de trabajar con diferentes lenguajes, sean de programación, etiquetas...etc. Te colorean palabras clave, te ayudan a finalizar la sintaxis de los (),[],{}, de las palabras reservadas, textos...

Para que vean un poco a lo que me refiero, en el lado izquierdo tenemos el editor de textos Gedit, y a la derecha Geany. Es notable la diferencia ¿no?
Nota: Gedit también podría actuar como IDE, pero es para dejar un símil de lo que intento explicar.


Personalmente utilizo Geany, es bastante liviano y cumple con lo que necesito ahora mismo. Sublime Text es bastante utilizado y recomendado también. Y por lo visto hay muchos más de ellos como Eclipse, NetBeans...etc ¡Ahí lo dejo a libre elección!

Breves notas explicativas:
  • Apache. Es un servidor Web que mediante el uso del protocolo http y un puerto, el 80 por defecto nos permite interactuar y sobre todo ver los sitios Webs.
  • MariaDB. Es un fork que salió un tiempo después de la adquisión de Sun por parte de Oracle. MySQL es un sistema gestor de base de datos que permite el almacenamiento, consultas... a una base de datos que hayamos creado o a la que nos hayamos conectado previamente.
  • PHPMyAdmin. Es un conjunto de librerías, funciones... que interactúan con el servidor de Apache y MariaDB en este caso para mostrar, modificar, o alterar datos de una base de datos gráficamente mediante una interfaz Web.

Referencias
  • Google
  • PHP.net
  • Geany doc
  • ComunidadPHP
  • StackOverflow
  • Apache Web server
  • Fedora doc
The elections for the Supplementary wallpapers in Fedora 21 are open!

nuancier-f21-votedThe elections for the Supplementary wallpapers in Fedora 21 are now open! Any contributor that has a FAS account, has signed the FPCA and belongs in any other non-cla group can vote.

The badges team have also make a badge for this, and you can earn it after you have cast your vote

The polls will close at 23/8/2013. Go vote now! https://apps.fedoraproject.org/nuancier/elections/

August 16, 2014

Fedora Board proposal

In an email to the Fedora community this week, the Fedora Board asked for comments on a proposed change to how Fedora is governed. Although I haven’t been as active in Fedora as I’d like, I still contribute and I still have opinions on the proposal. The following post is the feedback I provided on the board-discuss mailing list. In accordance with the desire to keep discussion from fragmenting, I have disabled comments on this post.

My initial reaction to this proposal was “what did I just read?” At first glance, it looked like a move from a democracy to a dictatorship. I even used the phrase “the Shuttleworthization of Fedora.” Having taken the time to process the proposal, as well as look at the the accompanying material, my reaction has shifted. In the process of writing about the parts of the proposal I’d like to keep, I realize that I essentially came up with the same proposal in different terms. My two point summary:

  • Lengthen board terms to reduce turnover (I’m not necessarily in favor of the indefinite terms as presented, but one year is too short)
  • Change the board from being entirely at-large to being representative of major constituencies

The Fedora Board, at least from the perspective of an irregular contributor, is indeed a very passive organization. To some degree, I find that appropriate for our community, but I can appreciate the arguments that a more active board would benefit the community and the product we labor to produce. The questions that arise are: “how active should the board be?” and “how do we structure the board such that it meets this need?”

My concern is that we’re addressing the second question before addressing the first. We don’t know where we’re going, but we know how we’re going to get there! The thread on board-discuss back in September was unclear about the intended relationship between a re-imagined board and FESCo. The proposal as presented offers no additional clarity. The proposal talks of leading and doing without really talking about the scope of responsibility. Perhaps that’s the main problem with the board as currently constructed?

flock 2014 wrap up

Flock 2014 has been over for almost a week now and I’ve caught up a bit on sleep and had a bit of time to ponder on the conference, so I thought I would share a wrap up post with those thoughts.

The venue and organization were great! My only minor nit pick at all would be that the talks on the last few days were in classrooms that were a bit too small for the audiences we had. Otherwise from my point of view everything was very very smooth. Many thanks again to the organizers, I know it’s a ton of work and full of stress. I really like the idea of alternating flock between North America and Europe. It’s wonderful to see so many talks I know on line in person, and it’s only fair to let them have the short travel once in a while. :)

There was a lot of positive energy. Everyone was very upbeat in general and wanting to learn and make things better. There were definitely pointed questions in various talks, but all of them I heard were done from a viewpoint of learning or suggesting improvements. I think partially this had to do with that we have committed to a path with Fedora.next and everyone is focusing on how to make that happen and succeed. Next years flock will be interesting as we should know how well Fedora 21 went by then. ;)

As usual there were too many interesting things going on to take them all in at once. I was very happy all the talks were being recorded, so I was able to go back and watch a few things that I didn’t get a chance to get to later.

It will of course depend on the venue next year, but I’d love to see a large room with lots of chairs and tables we could move around for a open hacking room. That way groups could get together to work on something, but allow quick questions between groups and would allow folks just wandering around to see what each group was doing by just hanging out in the room for a bit. Many of us are introverts, so I wonder also if some kind of game or badge quest might be nice to get people talking to each other that normally wouldn’t. Something like a badge for gathering a token from all fesco members or other groups. Something to ponder for next year.

Finally, this flock was a bit bittersweet, because my Friend, co-worker and community member Toshio is moving on to do some other things for a while. He will be dearly missed, and I hope we see him back in a while, richer for his travels,  but only time will tell. Safe travels Toshio.