UK Linux User Groups

Start: 2013-03-09 11:00 End: 2013-03-09 17:00

This month we are at LiNCORE offices (part of the ReigateHub) in Reigate on 9th March. Our thanks go to Jay Bennie for hosting us.

Bring a 'box', bring a notebook/netbook, bring anything that might run Linux, or just bring yourself and enjoy socialising, learning, teaching or simply chilling out!

New members are very welcome. We're not a cliquey bunch, so you won't feel out of place! Usually between 15 and 30 people come along.

While migrating one of my VPS servers to Arch Linux I deployed Uncomplicated Firewall (UFW) to handle basic firewalling duties. I like ufw as it provides simple host-based firewall management and, in my opinion, one of the better projects to come out of the Ubuntu camp.

Install ufw as follows.

sudo pacman -Syy -noconfirm --needed ufw

Configuring ufw is simple but make sure you have console access to the host you are configuring just in case you lock yourself out.

NOTE! When enabling ufw the chains are flushed and connections may be dropped. You can add rules to the firewall before enabling it however, so if you are testing ufw on a remote machine it is recommended you perform...

ufw allow ssh/tcp

...before running sudo ufw enable. Once the firewall is enabled, adding and removing rules will not flush the firewall, although modifying an existing rule will.

Set the default behaviour to deny all incoming connections.

sudo ufw default deny

Open up TCP port 22 but with rate limiting enabled which will deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. Ideal for protecting sshd but you should conisder other SSH brute force defense techniques as well.

sudo ufw limit tcp/22

I'm hosting a few websites on my VPS so I open http and https.

sudo ufw allow 80/tcp sudo ufw allow 443/tcp

I have a static IP address at home so I allow unfiltered access to the VPS from that IP. I've used a bogus IP address in the example below.

sudo ufw allow from 10.0.0.0/32

Enable the ufw systemd unit.

sudo systemctl enable ufw sudo systemctl start ufw

However, ufw is not enabled at this point. To enable the firewall you also have to do the following.

sudo ufw enable

You can see the status of the firewall using sudo ufw status.

On low-end servers it might be beneficial to disable logging.

sudo ufw logging off

At this point you should have a basic firewall configured and ufw help or the references below will assist you.

References

• https://wiki.archlinux.org/index.php/Uncomplicated_Firewall
• https://wiki.ubuntu.com/UncomplicatedFirewall
• https://launchpad.net/ufw

Impatient to get home! (@ Gate E20) 4sq.com/ZmKrPo

Collective Motion of Moshers at Heavy Metal Concerts. I love that this exists. j.mp/XY4ZAY via Danny Yee’s blog.

I've decide to migrate one of my servers to Arch Linux. I'm not sure that a rolling release distro really suits servers but I've enjoyed using Arch Linux over the last year on my workstations and the only way to assess it's suitability on a server is to try it. So, I've decide to migrate my blog to an Arch Linux server.

This blog post describes how to install Nikola on Arch Linux. Nikola is a static site and blog generator written in Python that I've been using for a few months.

First you'll need Python and virtualenvwrapper so read my Python and virtualenv on Arch Linux and Ubuntu blog post and get yourself equiped.

Install the Nikola 5.4.2 dependencies.

sudo pacman -S --noconfirm --needed freetype2 libxslt libxml2 sudo packer -S --noconfirm --noedit libjpeg6

Create a virtualenv for Nikola.

mkvirtualenv -p python2.7 --use-distribute nikola-542

You will notice your shell prompt has changed to indicate that the nikola-542 virtualenv is now active. Install Nikola and the optional libraries I use.

pip install http://nikola-generator.googlecode.com/files/nikola-5.4.2.zip pip install bbcode markdown requests webassets peewee feedparser

Nikola is now installed. nikola help and the Nikola Handbook will assist you from here on.

#cmobff cmo of geometrixx is concerned? She may be fictional but the awesome charting demo is very real. #adobesummit

#sweetemotion because the world needs more spider charts.
Love the animated rainbow flower though.

#ontheedge #adobesummit here comes responsive design with edge reflow. About a dozen clicks to mobilise a website. Magic from @keepthebyte

#adobesummit are showing sneaks – previews of possible new features and functionality. Also running a tweet contest real time. Very cool.

Recently there has been some fire flowing about Canonical in the community. These concerns started off as sporadic at first and then we saw a small blog avalanche (blogalanche, if you will) as a number of folks piled onto the ride.

I feel somewhat trapped in the middle of all of this. On one hand I work at Canonical and I believe Canonical are acting in the honorable interests of Ubuntu in helping to build a competitive and forward-looking Free Software platform, but I also feel a sense of personal responsibility when I see unhappy members of our community who are concerned with different aspects of how Canonical engages. Essentially, I sympathize with both sides of this debate; both have the best interests at heart for Ubuntu.

From my perspective there is a balance that needs to be struck. Our community needs to be transparent and open, but also nimble to react to opportunities (such as the convergence story), but also Canonical play an important role in helping us to drive Ubuntu to the masses. We need to be able to work in a way that maintains our Ubuntu values but also gives Canonical the opportunity to get our platform out to the market effectively to reach these users.

I believe one cannot exist without the other; Canonical cannot deliver this vision without our community and Ubuntu would be significantly debilitated if there was no Canonical providing staff, resources, and other investment into Ubuntu. Canonical is not evil, and the community is not entitled; we all just need to step back and find some common ground and remember that we are all in the circle of friends.

This symbol is as potent to me as it was back in 2004.

When I got interested in Linux back in 1998 and wanted to make it my career, my primary motivation was to bring freedom of technology to everyone. This is what attracted me to Ubuntu and ultimately working at Canonical. I don’t want to be rude to other distros who are quite happy within their remit of making a great OS for Linux enthusiasts, but I frankly don’t want to settle for that. I want Ubuntu to be the choice for Linux enthusiasts, but for us to not stop there and also bring Free Software to people who have not yet been blessed by it, and who may be new to technology and the opportunities it provides.

Achieving that goal is not just as simple as making the source code available for the platform and setting up a bunch of mailing lists. It means delivering simple and elegant user experiences built for the needs of our users, consistent and beautiful design, professional-grade quality, strong hardware and software partner relationships, certification across a range of hardware profiles, training, responsive security, diverse marketing and advocacy campaigns, and many other areas. Both Canonical and the community contribute extensively to provide these things that we need to get over that chasm, and importantly, each provides things that the other cannot.

It turns out that building this simple, ubiquitous Free Software experience for everyone is hard. We can’t just settle for the tried and tested approach of pulling the latest upstream software and integrating it into a single Operating System. That is tough, intensive and grueling work in itself, but to achieve the goals I mentioned above we need to be constantly challenging ourselves to innovate and go faster in how we deliver this innovation to our users. We need to always challenge the status quo…not for the sake of being different, but for the sake of not restricting ourselves to tradition and instead helping us to be better at what we do, and ultimately achieve our goals of getting Ubuntu into the hands of more people.

We saw this challenge with Unity: that was a tough, but necessary decision. While we suffered over the firestorm around Unity, I think it ultimately put us in a better position, and now we have a single convergent user interface that spans across multiple devices and we will soon have a single convergent Unity code-base across these devices too. In an era where desktop shipments are down due to the impact of phones and tablets, we are no longer trapped in a form factor that has had a decreasing scope of opportunity for us; the desktop is just one part of our wider convergence vision. This opens up the market for Ubuntu and the Free Software and Open Source values we encompass. While some people in some comment boxes will still bring the hate about Unity, I think that overall it has put us in a position to get Free Software in the hands of more people than if we didn’t make that difficult decision, and the sheer level of interest in Ubuntu for the phone, tablet, TV, and desktop is testament to that.

Put it in my pocket, on my lap, on my desktop, and hang it on my wall.

While making tough decisions is important, it is also important that we maintain our Ubuntu values too. One core value is that our platform and community are open for discussion and participation, so everyone is welcome to help put their brick in the wall. Our archive has long been open and there are many ways to contribute, and while some of these projects were secret before-hand, now everything is out in the open and available for participation. Some may disagree with the rationale of keeping things private, but particularly in the case of Phone and Tablet, the “big-reveal” helped us to have a big splash and generate more press interest and partner inquiries, and thus help us along to our vision.

Importantly though, we made the source and community on-ramp available as soon as we feasibly could. The code for Unity, Ubuntu Touch, and Mir is publicly available, and we are eager to invite people to join and shape those projects. This week we also ran our very first online UDS, with the goal of making the Ubuntu planning process as open and accessible to all as possible, not just those who could travel, and on a more regular cadence. All of the videos, notes and blueprints from that event are archived here. I am confident for the next event we will have an even smoother, better-run UDS, with even more participation.

We are now in a position with a clearly articulated vision around convergence and cloud orchestration, full source availability, daily builds of images, and public mailing lists and IRC channels to have those conversations. Everything is available in public blueprints and tracked at status.ubuntu.com, and we have many outreach campaigns to help our community participate in this vision, such as the core apps project, port-o-thon, regular cadance testing, charm quality improvements, SDK participation, and other areas. Our community should expect our projects to be open, accessible and collaborative, and if they are not, please raise your concerns with the Canonical engineering managers, or talk to me either publicly on my weekly Q&A video hangout at 7pm UTC every Wednesday on Ubuntu On Air, or privately at jono@ubuntu.com, or by contacting me on Freenode IRC – my nick is jono. My door is always open.

Things are never perfect in a community, and I am not suggesting we are perfect either, but I believe we are at the cusp of an incredible opportunity to get Free Software and open technology into the hands of the masses, not just by wishing it to be true, but because there is genuine market opportunity for it to be true.

Post LTS.  You start a rolling release. This gets all the goodness in that you want.  6 months in you take a fortnight out. Week one stabilize, week two ISO testing.  The resulting ISO is then supported with security back ports for the next 6 months till the next ISO is stabilized and so on till you get to the 6 months for the next lts.  Here you go back to the more tried and tested release method so this release is solid, stable and ready for the next 5 years.

This I think gives users a regular cadence they are used to. Gives people like system 76 a regular OEM install it has security back ports from the continuing rolling release.  It gives app devs a set of libs for 6 months that won't change.  And means there is only a fortnight slow down for the devs.

Plus the community driven derivatives can continue to use their current 6 monthly cadence. Everyone is happy :-)

I’m in @paolomoz‘ lab on Experience Driven Commerce at #adobesummit. Impressive to see 50 people build a CQ5.6 eCommerce site from scratch!

Great session by @rogerjwoods & @Danalytix at #adobesummit on analytics & targeting on mobile. Easy as baking a cake! developer.omniture.com

Wife and baby in bed, listening to the Beatles on vinyl, idling in IRC waiting for sleepiness. I very much doubt it'll be long.

Turns out that being a parent is quite hard work. Well, not hard exactly - just tiring. It also comes with a pretty total rearrangement of priorities, intended or otherwise. During the later stages of pregnancy (and even some of the first week or two afterwards) while there was quite a bit of waiting around, I had loads of ideas for things I want to write - some I even started writing. I'm talking code and music here. Now, I can only remember one of them and I doubt I'm going to have time to work on it any time soon :S

I don't know if I'm just overly selfish or summat but I feel almost ready to explode through lack of a creative outlet. Geekery might seem like something on the other end of the scale to "creative" but it really, really isn't. Writing code and writing music feel very similar to me. My code usually runs a bit better than my music sounds though ;)

On the upside, I'm working from home tomorrow so that should at least give me a chance to properly focus on getting some work done.

Correction

git-aux isn't written with node as I'd previously stated, because I rewrote it in bash :D

This is Sam when I met him at just 4 days old:

Me and Sam at 4 days old

This is Sam with his Dad, Carl, at New Year 2013, just before Sam was diagnosed with Stage 4 neuroblastoma cancer:

Sam with his Dad, Carl

Yesterday was Sam’s 4th birthday but because he has to have chemotherapy every 10 days at the moment, he’s having to spend it in hospital, sharing his massive chocolate cake with the rest of the ward. When he gets home at the weekend, he’ll get a proper birthday with balloons and more cake!

He has to have chemotherapy for the next 5-6 weeks (80 days in all). The neuroblastoma had woven itself around his internal organs and through his bones but his tests at the six-week half-way point showed that he’s responding really well to this stage of his treatment. All being well, he’ll have a series of other types of treatments for the rest of the year. So the year he turned four won’t be the most fun in his life but it could be one of the most important.

Because relapse rates are high for neuroblastoma, his oncologist at Manchester Children’s Hospital has recommended that Sam receives immunotherapy treatment. This will help Sam’s body fight off any future return of the cancer. The specific type of treatment he needs is currently only available in the US. It will cost £250,000 and can’t be funded by the NHS. So his family have set up the Sam Shaw Appeal on JustGiving with the support of The Neuroblastoma Alliance for anyone who would like to help them by making donations, large or small.

Sam as Bob the Builder

I met Sam’s Mum, Christine, at ballet classes when we were just slightly older than Sam is now. We went to primary and secondary school together and have stayed friends ever since. My little ballet friend is now a grown-up having to deal with this unimaginably shocking and stressful news. She (and her husband and family) are experiencing a year of spending days in hospital for treatment, then days at home while Sam recovers, then more days in hospital for more treatment, interspersed with unscheduled trips to hospital when he gets ill, and accompanied by constant stress, worry, sleeplessness, and pain. “Putting their lives on hold” seems quite a glib expression but they really really are.

On top of all that, they need to raise more money than a house would cost. The treatment this money could buy should help ensure that they don’t have to repeat this experience in future years.

If you can donate anything, that would be brilliant. You can donate online or you can text SAMS67 followed by your amount: £1, £2 £3 £4 £5 or £10, to 70070. If you’re a UK taxpayer, you can Gift Aid donations using either method. Carl has started a Twitter campaign to ask 250,000 people to donate £1 each – some people have more followers than 250,000 followers on Twitter, so if you can retweet his message to your own followers, that would be great too.

Tony blogged about Sam on Monday and we’ve been so touched to see our friends, who don’t know Sam or his family, donating money and sending messages of support. That’s amazing; you’re all amazing!

Sam, Christine, Carl

When I migrated my site to Nikola I wanted to ensure I could manage my blog from the shell, the web, Android smartphone, Android tablet. I took some inspiration from Joe Hewitt's article Dropbox is my publish button and created a free Dropbox account which links to a shared folder on my Dropbox Pro account. I created a simple shell script (invoked via cron every minute) that looks for a trigger file, if the trigger file exists Nikola publishes and deploys the site.

I am able to edit content from anywhere, on any device, and trigger publishing. Very happy.

What follows is how I install Dropbox on headless servers running Arch Linux and Debian/Ubuntu.

Installing Dropbox daemon - all distros

Download the latest Dropbox stable release for 32-bit or 64-bit.

wget -O dropbox.tar.gz "http://www.dropbox.com/download/?plat=lnx.x86" wget -O dropbox.tar.gz "http://www.dropbox.com/download/?plat=lnx.x86_64"

Extract the archive and install Dropbox in /opt.

cd tar -xvzf dropbox.tar.gz sudo mv ~/.dropbox-dist /opt/dropbox sudo find /opt/dropbox/ -type f -exec chmod 644 {} \; sudo chmod 755 /opt/dropbox/dropboxd sudo chmod 755 /opt/dropbox/dropbox sudo ln -s /opt/dropbox/dropboxd /usr/local/bin/dropboxd

Run dropboxd.

/usr/local/bin/dropboxd

You should see output like this:

This client is not linked to any account... Please visit https://www.dropbox.com/cli_link?host_id=7d44a557aa58f285f2da0x67334d02c1 to link this machine.

Visit the URL, login with your Dropbox account and link the account. You should see the following.

Client successfully linked, Welcome Web!

dropboxd will now create a ~/Dropbox folder and start synchronizing. Stop dropboxd with CTRL+C.

Arch Linux - systemd

Run Dropbox as daemon with systemd. Create /usr/lib/systemd/system/dropbox@.service with the following content.

[Unit] Description=Dropbox After=local-fs.target network.target [Service] Type=simple ExecStart=/usr/local/bin/dropboxd ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=always User=%I [Install] WantedBy=multi-user.target

Enable the daemon for your user, run the following replace<user> with your username. This will ensure Dropbox is started when the system boots.

sudo systemctl enable dropbox@<user> sudo systemctl start dropbox@<user> Debian/Ubuntu - init.d

Run Dropbox as daemon with init.d. Create /etc/init.d/dropbox with the following content, replacing <user> with your username.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66#!/bin/sh ### BEGIN INIT INFO # Provides: dropbox # Required-Start: $local_fs $remote_fs $network $syslog $named # Required-Stop: $local_fs $remote_fs $network $syslog $named # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # X-Interactive: false # Short-Description: dropbox service ### END INIT INFO DROPBOX_USERS="<user>" DAEMON=/opt/dropbox/dropbox start() { echo "Starting dropbox..." for dbuser in $DROPBOX_USERS; do HOMEDIR=`getent passwd $dbuser | cut -d: -f6` if [ -x $HOMEDIR/$DAEMON ]; then HOME="$HOMEDIR" start-stop-daemon -b -o -c $dbuser -S -u $dbuser -x $HOMEDIR/$DAEMON fi done } stop() { echo "Stopping dropbox..." for dbuser in $DROPBOX_USERS; do HOMEDIR=`getent passwd $dbuser | cut -d: -f6` if [ -x $HOMEDIR/$DAEMON ]; then start-stop-daemon -o -c $dbuser -K -u $dbuser -x $HOMEDIR/$DAEMON fi done } status() { for dbuser in $DROPBOX_USERS; do dbpid=`pgrep -u $dbuser dropbox` if [ -z $dbpid ] ; then echo "dropboxd for USER $dbuser: not running." else echo "dropboxd for USER $dbuser: running (pid $dbpid)" fi done } case "$1" in start) start ;; stop) stop ;; restart|reload|force-reload) stop start ;; status) status ;; *) echo "Usage: /etc/init.d/dropbox {start|stop|reload|force-reload|restart|status}" exit 1 esac exit 0

Enable the init.d script.

sudo chmod +x /etc/init.d/dropbox sudo update-rc.d dropbox defaults Install Dropbox client - all distros

It is recommended to download the official Dropbox client to configure Dropbox and get its status.

wget "http://www.dropbox.com/download?dl=packages/dropbox.py" -O dropbox-cli chmod 755 dropbox-cli sed -i s'/#!\/usr\/bin\/python/#!\/usr\/bin\/env python2/' dropbox-cli sudo mv dropbox-cli /usr/local/bin/

For usage instructions run dropbox-cli help.

Disable LAN Sync

Stop Dropbox from sending LAN Sync broadcasts every 30 seconds over port 17500.

dropbox-cli lansync n

I'm planning to make more use of Dropbox for content management and content delivery, blog posts to follow.

References

• http://www.dropboxwiki.com/Text_Based_Linux_Install
• https://aur.archlinux.org/packages/dropbox/
• https://wiki.archlinux.org/index.php/Dropbox

#adobesummit kicking off here in Salt Lake City