News aggregator

Jonathan McDowell: Forms of communication

Planet ALUG - Thu, 26/06/2014 - 23:39

I am struck by the fragmentation in communication mechanisms. Let's look at how I have communicated with my friends in the past few days:

  • Phone call
    Tried and tested, though I tend to avoid them. I've made some deliberate calls to sort out immediate plans, and at least one accidental call caused by user error which resulted in talking to someone it was good to hear from.
  • Text message
    Again, reasonably tried and tested. I miss the inability to use Google Voice when I'm in the UK; I'd much rather read and compose text messages from my web browser when I'm near a computer than type them on my phone, even if it does have a keyboard.
  • Email
    One of my favourite methods of communication. Suitable for quick messages or longer screeds. I can throw links in and expect you to be able to click them. I can put lots of detail so that everything is covered easily. I can confuse you by quoting correctly. I guess while I do read email on my phone I'm less likely to reply there as I'm always a bit embarrassed how the clients cope with replies.
  • IRC
    Like, I suspect, many readers of my blog posts, I'm still a daily user of IRC. There are friends I keep in touch with mostly via this method. It's great. It's like Twitter for old people and much better in many ways.
  • Skype
    This started out as a work thing. It was the way in which the Belfast office communicated with the US, it become the way the Belfast office communicated with each other and when I moved on it was the way in which I kept in contact with a group of people I consider good friends. It's great for calls (I feel bad saying that, but it's an idea executed well across multiple platforms and any other VOIP stuff I've played with has been much more of a hassle), but the one to one and group chat functionality is pretty spot on as well. Also has the advantage that I can turn it off and mostly not end up with work queries.
  • Google Hangouts
    I actually quite like these. They work on my phone, I can poke them from a web browser, I can dump more than just text into them. IRC is better in some ways, but I do like the additional flexibility I get from a Hangout. It doesn't play well with people who haven't drunk the Google koolaid, which is the main reason I haven't managed to convince the Skype group chat group to move it over here.
  • Facebook messenger
    I hate this. On the face of it there's not a lot of difference between it and Hangouts, but the app wants more and more privileges, I'm less likely to be logged into Facebook (e.g. I avoid it at work, whereas there are good reasons I'd be logged into my Google account there, though less so since the demise of Reader) and I don't think it's as nicely implemented. However there are a few people who it's easiest to get hold of via this method. And there's a certain amount of mesmerisation by the floaty wee faces it invokes on my phone.

While some of these work better for me than others really what I'd like is to use fewer of them, and I can't see that happening any time soon. I don't want to have to run a handful of different messaging apps on my phone. I also don't want to be limited to only using my laptop or my phone for something - I'd much prefer to be able to pickup the phone, laptop or tablet depending on what I'm up to and have my full range of communication available. Some of these things can be aggregated together, but that will then lose some of the advantages. And I'm sure that even if I got rid of one or two of the above there'd be something to fill the gap along shortly (I have, for example, so far completely avoided WhatsApp).

Categories: LUG Community Blogs

MJ Ray: New comments methods

Planet ALUG - Wed, 25/06/2014 - 21:04

After years of resisting it, I’ve added the least evil Twitter/Facebook comments plugin I could find to this blog as a test and updated the comments policy a little.

Please kick the tyres and try commenting to see if it works, phase.

Categories: LUG Community Blogs

Steve Kemp: So I accidentally ... a service.

Planet HantsLUG - Mon, 23/06/2014 - 20:44

This post is partly introspection, and partly advertising. Skip if it either annoys you.

Back in February I was thinking about what to do with myself. I had two main options "Get a job", and "Start a service". Because I didn't have any ideas that seemed terribly interesting I asked people what they would pay for.

There were several replies, largely based "infrastructure hosting" (which was pretty much 50/50 split between "DNS hosting", and project hosting with something like trac, redmine, or similar).

At the time DNS seemed hard, and later I discovered there were already at least two well-regarded people doing DNS things, with revision control.

So I shelved the idea, after reaching out to both companies to no avail. (This later lead to drama, but we'll pretend it didn't.) Ultimately I sought and acquired gainful employment.

Then, during the course of my gainful employment I was exposed to Amazons Route53 service. It looked like I was going to be doing many things with this, so I wanted to understand it more thoroughly than I did. That lead to the creation of a Dynamic-DNS service - which seemed to be about the simplest thing you could do with the ability to programatically add/edit/delete DNS records via an API.

As this was a random hack put together over the course of a couple of nights I didn't really expect it to be any more popular than anything else I'd deployed, and with the sudden influx of users I wanted to see if I could charge people. Ultimately many people pretended they'd pay, but nobody actually committed. So on that basis I released the source code and decided to ignore the two main missing features - lack of MX records, and lack of sub-sub-domains. (Isn't it amazing how people who claim they want "open source" so frequently mean they want something with zero cost, they can run, and never modify and contribute toward?)

The experience of doing that though, and the reminder of the popularity of the original idea made me think that I could do a useful job with Git + DNS combined. That lead to DNS-API - GitHub based DNS hosting.

It is early days, but it looks like I have a few users, and if I can get more then I'll be happy.

So if you want to to store your DNS records in a (public) GitHub repository, and get them hosted on geographically diverse anycasted servers .. well you know where to go: Github-based DNS hosting.

Categories: LUG Community Blogs

Tony Whitmore: Tom Baker at 80

Planet HantsLUG - Mon, 23/06/2014 - 18:31

Back in March I photographed the legendary Tom Baker at the Big Finish studios in Kent. The occasion was the recording of a special extended interview with Tom, to mark his 80th birthday. The interview was conducted by Nicholas Briggs, and the recording is being released on CD and download by Big Finish.

I got to listen in to the end of the recording session and it was full of Tom’s own unique form of inventive story-telling, as well as moments of reflection. I got to photograph Tom on his own using a portable studio set up, as well as with Nick and some other special guests. All in about 7 minutes! The cover has been released now and it looks pretty good I think.

The CD is available for pre-order from the Big Finish website now. Pre-orders will be signed by Tom, so buy now!

Pin It
Categories: LUG Community Blogs

Meeting at "The Moon Under Water"

Wolverhampton LUG News - Mon, 23/06/2014 - 10:15
Event-Date: Wednesday, 25 June, 2014 - 19:30 to 23:00Body: 53-55 Lichfield St Wolverhampton West Midlands WV1 1EQ Eat, Drink and talk Linux
Categories: LUG Community Blogs

Andy Smith: How to work around lack of array support in puppetlabs-firewall?

Planet HantsLUG - Mon, 23/06/2014 - 04:28

After a couple of irritating firewalling oversights I decided to have a go at replacing my hacked-together firewall management scripts with the puppetlabs-firewall module.

It’s going okay, but one thing I’ve found quite irritating is the lack of support for arrays of things such as source IPs or ICMP types.

For example, let’s say I have a sequence of shell commands like this:

#!/bin/bash   readonly IPT=/sbin/iptables   for icmptype in redirect router-advertisement router-solicitation \ address-mask-request address-mask-reply; do $IPT -A INPUT -p icmp --icmp-type ${icmptype} -j DROP done

You’d think that with puppetlabs-firewall you could do this:

class bffirewall::prev4 { Firewall { require => undef, }   firewall { '00002 Disallow possibly harmful ICMP': proto => 'icmp', icmp => [ 'redirect', 'router-advertisement', 'router-solicitation', 'address-mask-request', 'address-mask-reply' ], action => 'drop', provider => 'iptables', } }

Well it is correct syntax which installs fine on the client, but taking a closer look it hasn’t worked. It’s just applied the first firewall rule out of the array, i.e.:

iptables -A INPUT -p icmp --icmp-type redirect -j DROP

There’s already a bug in Puppet’s JIRA about this.

Similarly, what if you need to add a similar rule for each of a set of source hosts? For example:

readonly MONITORS="192.168.0.244 192.168.0.238 192.168.4.71" readonly CACTI="192.168.0.246" readonly ENTROPY="192.168.0.215"   # Allow access from: # - monitoring hosts # - cacti # - the entropy VIP for host in ${MONITORS} ${CACTI} ${ENTROPY}; do $IPT -A INPUT -p tcp --dport 8888 -s ${host} -j ACCEPT done

Again, your assumption about what would work…

firewall { '08888 Allow egd connections': proto => 'tcp', dport => '8888', source => [ '192.168.0.244', '192.168.0.238', '192.168.4.71', '192.168.0.246', '192.168.0.215' ], action => 'accept', provider => 'iptables', }

…just results in the inclusion of a rule for only the first source host, with the rest being silently discarded.

This one seems to have an existing bug too; though it has a status of closed/fixed it certainly isn’t working in the most recent release. Maybe I need to be using the head of the repository for that one.

So, what to do?

Duplicating the firewall {} blocks is one option that’s always going to work as a last resort.

Puppet’s DSL doesn’t support any kind of iteration as far as I’m aware, though it will in future — no surprise, as iteration and looping is kind of a glaring omission.

Until then, does anyone know any tricks to cut down on the repetition here?

Categories: LUG Community Blogs

Martin Wimpress: OpenMediaVault on Debian

Planet HantsLUG - Sun, 22/06/2014 - 12:00

At the time of writing OpenMediaVault 0.6 is pre-release. But it is possible to install OpenMediaVault on Debian Wheezy in order to get some testing done.

Install Debian Wheezy on your target VM or test server. Go with the defaults until the 'Software selection' dialogue. Make sure everything is unselected, like this:

[ ] Debian desktop environment [ ] Web server [ ] Print server [ ] SQL database [ ] DNS Server [ ] File server [ ] Mail server [ ] SSH server [ ] Laptop [ ] Standard system utilities

After the install is complete, reboot and login to the new Debian system as root.

Update the repository sources and add the contrib and non-free repositories.

nano /etc/apt/sources.list

It should look something like this:

deb http://ftp.uk.debian.org/debian/ wheezy main contrib non-free deb-src http://ftp.uk.debian.org/debian/ wheezy main contrib non-free deb http://security.debian.org/ wheezy/updates main contrib non-free deb-src http://security.debian.org/ wheezy/updates main contrib non-free # wheezy-updates, previously known as 'volatile' deb http://ftp.uk.debian.org/debian/ wheezy-updates main contrib non-free deb-src http://ftp.uk.debian.org/debian/ wheezy-updates main contrib non-free

Now add the OpenMediaVault repository.

echo "deb http://packages.openmediavault.org/public kralizec main" > /etc/apt/sources.list.d/openmediavault.list

Update.

apt-get update

Install the OpenMediaVault repository key and Postfix.

apt-get install openmediavault-keyring postfix
  • When the 'Postfix Configuration' dialogue is displayed choose No configuration.

Update again and install OpenMediaVault.

apt-get update apt-get install openmediavault
  • When the 'Configuring mdadm' dialogue is displayed enter none.
  • Do you want to start MD arrays automatically? YES
  • When the 'ProFTPD configuration' dialogue is displayed choose standalone.

Initialise OpenMediaVault and reboot.

omv-initsystem reboot

After the reboot you should be able to connect to the OpenMediaVault WebUI and login as admin with the password of openmediavault.

That's it. Get testing.

Categories: LUG Community Blogs

Martin Wimpress: Setting up BitSync on Debian

Planet HantsLUG - Sat, 21/06/2014 - 12:00

I've replaced Dropbox with BitTorrent Sync. In order to do this I've have btsync running on a VPS (2CPU, 2GB, 400GB), my home server and assorted Arch Linux workstations.

I had a couple of reasons for migrating away from Dropbox.

  • Dropbox was costing $100 per year.
  • Dropbox encryption model is weak and I have data security/privacy.

The VPS I am running BitTorrent Sync on costs $50 per year and provides four times the storage. I run btsync on a VPS so that there is always a server "in the cloud" that is available to sync with so that my setup emulates what Dropbox used to do.

All my servers are running Debian and this is how I install btsync on Debian.

sh -c "$(curl -fsSL http://debian.yeasoft.net/add-btsync-repository.sh)" sudo apt-get install btsync

This is how I respond to the prompts:

  • Do you want to define a default BitTorrent Sync instance? : YES
  • BitTorrent Sync Daemon Credentials:
  • BitTorrent Sync Daemon Group:
  • Niceness of the BitTorrent Sync Daemon: 0
  • On which portnumber should BitTorrent Sync listen? 0
  • BitTorrent Sync Listen Port: 12345
  • Do you want BitTorrent Sync to request port mapping via UPNP? NO
  • Download Bandwith Limit: 0
  • Upload Bandwith Limit: 0
  • Web Interface Bind IP Address: 0.0.0.0
  • Web Interface Listen Port: 8888
  • The username for accessing the web interface: yourusername
  • The password for accessing the web interface: yourpassword

As you'll see, I don't use UPNP on my VPS. I elect a specific port (not actually 12345 by the way) and open that port up with ufw. I also only allow access to the WebUI port from another server I own which reverse proxies via nginx.

btsync works really well, I have it syncing hundreds of thousands of files that amount to several hundred gigabytes of data. On my Arch Linux workstations I use the brilliant btsync-gui and BitTorrent Sync is also available for Android.

That said, I still use a free Dropbox account to sync photos from mine and my wife's Android phones. I have a Dropbox instance running on my home file server and everyday it runs a script to automatically import these photos into Plex.

Such a shame, that at the time of writing, btsync is closed source :-( Maybe that will change but if it doesn't SyncThing may well be the answer when it has matured a little.

References
Categories: LUG Community Blogs

Steve Kemp: The perils of the cloud..

Planet HantsLUG - Fri, 20/06/2014 - 13:18

Recently two companies have suffed problems due to compromised AWS credentials:

  • Code Spaces
    • The company has effectively folded. Thier AWS account was compromised, and all their data and backups were deleted.
  • Bonsai
    • Within two minutes all their instances were terminated.
    • This is still live - watch updates of the recovery process.

I'm just about to commit to using Amazon for hosting DNS for paying customers, so this is the kind of thing that makes me paranoid.

I'll be storing DNS-data in Git, and if the zones were nuked on the Amazon-side I could re-upload them, but users would be dead regardless - because they'd need to update the nameservers in whois before the re-uploaded data would be useful.

I suspect I need to upload to two DNS providers, to get more redundency.

Currently I have a working system which allows me to push DNS records to a Git repository, and that seamlessly triggers a DNS update (i.e. A webhook trigged by github/bitbucket/whatever).

Before I publish anything I need to write more code, more documentation, and agree on pricing details. Then I'll setup a landing-page at http://dns-api.com/.

I've been challenged to find paying customers before launching, and thus far have two, which is positive.

The DHCP.io site has now been freed. I'm no longer going to try to commercialize it, instead I will only offer the Git-based product as a commercial service. On that basis I upped the service so users could manage up to five names per account, more if you mail me privately and beg ;)

(ObRandom: Google does hosted DNS with an API. They're expensive. I'm surprised I'd not heard of them doing this.)

Categories: LUG Community Blogs

Martin Wimpress: MATE Desktop on Debian Wheezy

Planet HantsLUG - Thu, 19/06/2014 - 22:00

I'm a member of the MATE Desktop team and until recently the majority of my involvement has been focused around Arch Linux.

However, I'm working on a MATE project that is based on a Debian derivative. MATE has recently been accepted into the Debian Backports repository for Wheezy, so I decided to do a "MATE from scratch" on Debian using an old netbook to get familiar with the MATE package naming differences between Arch Linux and Debian.

Install Debian

I installed Debian Wheezy from the netinst ISO to ensure the target install was as minimal as possible. I went with the defaults until the 'Software selection' dialogue, at this point unselect everything except "SSH server". Like this:

[ ] Debian desktop environment [ ] Web server [ ] Print server [ ] SQL database [ ] DNS Server [ ] File server [ ] Mail server [X] SSH server [ ] Laptop [ ] Standard system utilities Debian ISO with Firmware

If you're installing on hardware that requires additional firmware in order for it to work with Linux then use the netinst ISO that includes firmware.

Configure Debian

When the install is finished, reboot and configure Debian a little.

Repositories

You'll need to install lsb-release for the following to work.

apt-get install lsb-release

This is what I put in /etc/apt/sources.list.

cat >/etc/apt/sources.list<<EOF deb http://ftp.uk.debian.org/debian/ $(lsb_release -cs) main contrib non-free deb-src http://ftp.uk.debian.org/debian/ $(lsb_release -cs) main contrib non-free deb http://security.debian.org/ $(lsb_release -cs)/updates main contrib non-free deb-src http://security.debian.org/ $(lsb_release -cs)/updates main contrib non-free # $(lsb_release -cs)-updates, previously known as 'volatile' deb http://ftp.uk.debian.org/debian/ $(lsb_release -cs)-updates main contrib non-free deb-src http://ftp.uk.debian.org/debian/ $(lsb_release -cs)-updates main contrib non-free EOF Backports

MATE is only available in the wheezy-backports repository.

cat >/etc/apt/sources.list.d/backports.list <<EOF deb http://ftp.uk.debian.org/debian $(lsb_release -cs)-backports main contrib non-free deb-src http://ftp.uk.debian.org/debian $(lsb_release -cs)-backports main contrib non-free EOF

Update.

sudo apt-get update

All backports are deactivated by default (i.e. the packages are pinned to 100 by using ButAutomaticUpgrades: yes in the Release files. If you want to install something from backports run:

apt-get -t wheezy-backports install "package" Install MATE Desktop

First install the LightDM display manager.

apt-get install accountsservice lightdm lightdm-gtk-greeter

Now for the MATE Desktop itself.

apt-get -t wheezy-backports install mate-desktop-environment-extras NetworkManager

I typically use NetworkManager, so lets install that too.

apt-get install network-manager-gnome Supplementary

Depending on your hardware you may require CPU frequency utilities or additional firmware.

apt-get install cpufreqd cpufrequtil firmware-linux firmware-linux-nonfree

And, that's it! Reboot and you'll see the LightDM greeter waiting for your login credentials.

References
Categories: LUG Community Blogs
Syndicate content