LUG Community Blogs

Steve Engledow (stilvoid): s3cmd ls

Planet ALUG - Fri, 13/05/2016 - 22:22

I'm currently having a very enjoyable holiday with my family in Bodrum. We're staying in an all-inclusive hotel by the beach. This is the first time either of us have ever had such a holiday; we usually like to go rushing around seeing as many sights as we can cram in to a few days before moving on to another place. It's the final night of our time here and I feel like I'm just settling in to it. Next time, we'll do two weeks. (By way of compromise, we had decided to do a week in Bodrum followed by a week in Istanbul/Adapazarı.)

The good

In what feels like a very short week of doing very little, here are some of my highlights:

Bodrum Castle

The castle doesn't look much from the outside and it advertises itself as "Museum of Underwater Archaeology" but once you get through the doors you realise it's a magnificent ruined castle with beautiful gardens and a smattering of museum about the place. We barely stopped to look at the museum pieces (mostly shipwrecks and amphora dredged up from the Aegean) and it took us a good couple of hours to walk around the castle. Do not make the mistake we made in a parallel universe by deciding we didn't fancy a museum that day!

Boat tour

There are a lot of places offering boat tours and I can only vouch for the one we took: Gencel Water Sports. The boat tour takes a full day (ours was 10:30 to 16:30) and stops off at a number of interesting locations around Bodrum. The highlights for me were Aquarium Bay: snorkeling with thousands of fish around; and the place that I can't recall the name of where I ticked off an ambition (I don't know why): to swim to shore. OK it was only 50 metres or so but it was in proper sea and I'm hardly an olympic swimmer ;)

In all, I did a lot of swimming that day.

Tent bar, Gümbet

This bar is hardly a tourist hot spot but it was a short walk from the hotel and we had a really good evening sitting and chatting with the barman (whose name is either Ricardo or Bora depending on which language you ask him in).

Spending a day doing not very much

This really was a revelation! One such day went like this: wake, breakfast, steam room, swim, turkish bath, beer by the pool, lunch, swimming, lazing around by the pool with a beer, swimming, lazing, beer, swimming, lazing, beer, beer and lazing, dinner, rakı, sleep.

As I said, neither of us had ever had a holiday that didn't involve loads of walking and sightseeing. I'm amazed at how much I enjoyed just relaxing.

The bad

On the somewhat less positive side I lost a filling and the hole is really annoying.

The unrealised

Next week: Istanbul, second only to Bruges in my favourite places list :)

Categories: LUG Community Blogs

A Probably Inaccurate History Of LibVirt, KVM and QEMU

Planet SurreyLUG - Mon, 09/05/2016 - 18:38

A while ago I was explaining the difference between QEMU, KVM and LibVirt, and I ended up by emailing this nonsense. I don’t claim it’s accurate, it certainly isn’t. It’s probably not even funny. Enjoy :).

In the beginning there was QEMU, but it was slow and the people grieved.

Then KVM was forked from QEMU with a kernel module to use the CPU’s virtualisation features to work much faster and there was much rejoicing. Linus also rejoiced and welcomed KVM’s kernel module into the mainline kernel.

But the people did not rejoice, as they were mostly using Sun’s VirtualBox (also forked from QEMU).

QEMU awoke from its slumber and joined with KVM and their union caused almost no rejoicing, in fact I am not convinced anyone really noticed.

But the System Administrators were still dissatisfied and complained that there should be standardisation of commands across different hypervisors. And thus LibVirt was born and the System Administrators rejoiced.

Yet still the people used VirtualBox. But lo! The evil Oracle slew the Sun and VirtualBox moved into darkness, and there was much gnashing of teeth and wearing of sackcloth; although this was generally considered a step forwards from the t-shirts that they usually wore.

But still the people could not use QEMU-KVM, without issuing complex incantations, and so Virt-Manager was born and finally the people rejoiced, with much clicking of mice.

The End.

Categories: LUG Community Blogs

Andy Smith: Using a TOTP app for multi-factor SSH auth

Planet HantsLUG - Fri, 06/05/2016 - 17:34

I’ve been playing around with enabling multi-factor authentication (MFA) on web services and went with TOTP. It’s pretty simple to implement in Perl, and there are plenty of apps for it including Google Authenticator, 1Password and others.

I also wanted to use the same multi-factor auth for SSH logins. Happily, from Debian jessie onwards libpam-google-authenticator is packaged. To enable it for SSH you would just add the following:

auth required pam_google_authenticator.so

to /etc/pam.d/sshd (put it just after @include common-auth).

and ensure that:

ChallengeResponseAuthentication yes

is in /etc/ssh/sshd_config.

Not all my users will have MFA enabled though, so to skip prompting for these I use:

auth required pam_google_authenticator.so nullok

Finally, I only wanted users in a particular Unix group to be prompted for an MFA token so (assuming that group was totp) that would be:

auth [success=1 default=ignore] pam_succeed_if.so quiet user notingroup totp auth required pam_google_authenticator.so nullok

If the pam_succeed_if conditions are met then the next line is skipped, so that causes pam_google_authenticator to be skipped for users not in the group totp.

Each user will require a TOTP secret key generating and storing. If you’re only setting this up for SSH then you can use the google-authenticator binary from the libpam-google-authenticator package. This asks you some simple questions and then populates the file $HOME/.google_authenticator with the key and some configuration options. That looks like:

T6Z2KSDCG7CEWPD6EPA6BICBFD4KYKCSGO2JEQVII7ZJNCXECRZPJ4GJHD3CWC43FZIKQUSV5LR2LFFP " RATE_LIMIT 3 30 1462548404 " DISALLOW_REUSE 48751610 " TOTP_AUTH 11494760 25488108 33980423 43620625 84061586

The first line is the secret key; the five numbers are emergency codes that will always work (once each) if locked out.

If generating keys elsewhere then you can just populate this file yourself. If the file isn’t present then that’s when “nullok” applies; without “nullok” authentication would fail.

Note that despite the repeated mentions of “google” here, this is not a Google-specific service and no data is sent to Google. Google are the authors of the open source Google Authenticator mobile app and the libpam-google-authenticator PAM module, but (as evidenced by the Perl example) this is an open standard and client and server sides can be implemented in any language.

So that is how you can make a web service and an SSH service use the same TOTP multi-factor authentication.

Categories: LUG Community Blogs

Mick Morgan: raid performance

Planet ALUG - Mon, 02/05/2016 - 16:46

I have recently been building a new NAS box (of which, possibly, more later). In fact the build is really a rebuild because I initially built the server about three years ago in order to consolidate a bunch of services I was running on assorted separate servers into one place. That first build was a RAID 1 array of two 2 TB disks (to give me a mirrored setup with a total of 2 TB store). At the time that was sufficient to hold all my important data (backed up both to other networked devices and to standalone USB disks for safety). But I have just upgraded my main desktop machine to a nice shiny new core i7 Skylake box with 16 GB of DDR4 and a 3 TB disk. That disk is already two thirds full (my old machine had a rather full 2 TB disk). This meant that my NAS backup storage requirements exceeded the capacity of my RAID 1 setup. Adding disks wouldn’t help of course because all that would do is add mirror capability rather than capacity. So I decided to upgrade the NAS and bought a bunch of new 2 TB disks with the intention of setting up a RAID 5 array of 4 disks, thus giving a total storage capacity of 6 TB (8 TB minus 2 TB for parity). Furthermore I initially looked at using FreeNAS rather than my usual debian or ubuntu server with software RAID simply because it looked interesting and, with plugins, could probably meet most of my requirements. But I could not get the software to install properly and after three abortive attempts I gave up and decided that I didn’t really like freeBSD anyway….

So I opted to go back to mdadm on linux – at least I know that works. Better still I would be able to retain all my old setup from the old RAID 1 system without having to worry about finding plugins to handle my media streaming requirements, or owncloud installation, for example.

My previous build was on debian (which is by far my preferred server OS) but ubuntu server has recently been released in a LTS version at 16.04 and I thought it might be fun to try that instead. So I did. (For any readers who have not tried installing linux on a RAID system there are plenty of sites offering advice, but the official ubuntu pages are pretty good). During the build I hit what I initially thought was a snag because the installation seemed to get stuck at around the 83% level when it was apparently installing the linux kernel image and headers. Indeed I confess that on the first such installation I pulled the plug after about three hours of no apparent activity because I was beginning to think that there might be something wrong with my hardware (the earlier FreeNAS failures worried me). My on-line searches for assistance were initially not particularly helpful since none of the huge number of sites advising on software RAID installation bothered to mention that initial RAID 5 build (or rebuild) using large capacity disks takes a very long time because of the need to calculate the parity data. Incidentally, it is this parity data and its layout that gives RAID 5 its write performance penalty.

One useful outcome of my research about RAID 5 build times (which in my case eventually took just over 6 hours) was my discovery of the wintelguy’s site providing an on-line calculator (and much more besides) for RAID performance and capacity. There is even a very useful page allowing you to compare two separate configurations side by side – thoroughly recommended. More worrying, and thought provoking, is the reclaime.com calculator for RAID failure. That site suggests that the probability of successfully rebuilding a RAID 5 array of 4 * 2 TB disks after a failure is only 52.8%.

That is why you need to keep backups…….

Categories: LUG Community Blogs

Chris Lamb: Free software activities in April 2016

Planet ALUG - Sat, 30/04/2016 - 23:20

Here is my monthly update covering a large part of what I have been doing in the free software world (previously):

  • Added Python 3 support to django-template-tests, a tool to perform simple static analysis on Django templates. (#1)
  • Corrected my Chrome extension for the FastMail web interface to not disable the CTRL+Enter keyboard shortcut when authoring emails. (#3)
  • Corrected a subtle bug in my django-staticfiles-dotd "staticfiles" library where the Content-Length HTTP header was calculated incorrectly in the presence of Unicode characters resulting in truncated output. (#2)
  • Various fixes to django-slack, a library to easily post messages to the Slack group-messaging utility from projects using the Django web development framework:
    • Don't require an explicit backend import when using the Celery task queue backend. (#41)
    • Actually generate and send messages asynchronously when using the Celery backend. (#44)
  • Fixed an issue with my local-debian-mirror tool where the option to disable DEP-11 mirroring wasn't working. (#1)
  • Fixed an issue in django-hipchat, a library to easily post messages to the Hipchat group-messaging utility from projects using the Django web development framework where the templates were not includes when installing via PyPI. (#1)
  • Created a quick-and-dirty tool to scrape a Squarespace blog and convert it to a PDF so I can read them on my Kindle e-reader. (tree)
  • Updated django-keyerror — a library to post exceptions to the KeyError.com error tracking service — to silence an AttributeError exception in some error-reporting edge-cases. (commit)
  • Suggested an improvement to the documentation for the upcoming Twitter Bootstrap version for the deprecated .hidden and .show CSS classes. (#19789)
  • Submitted a documentation update to the Ansible server configuration tool's ufw firewall module. (commit)
  • I also blogged about parsing Jenkins CI output to determine job success or failure.
Debian

My work in the Reproducible Builds project was covered in our weekly reports. (#48, #49, #50, #51 & #52)

Uploads
  • redis (2:3.0.7-3) — Adding, amongst some other changes, systemd LimitNOFILE support to allow a higher number of open file descriptors.
RC bugs

I filed 58 FTBFS bugs against agg, basex, c++-annotations, camera.app, cl-babel, cl-lparallel, collab-qa-tools, diagnostics, enjarify, enscript, felix-main, girara, gnome-shell-pomodoro, golang-github-spf13-viper, gst-plugins-base0.10, gstreamer0.10, guessnet, htslib, ifrit, indicator-session, jackson-module-afterburner, kamera, lgogdownloader, libbde, libmlx4, libsqlite3-0:, libykneomgr, nifti2dicom, node-starttls, nuitka, oath-toolkit, pdf-presenter-console, perlbal, poker-engine, pycountry, pysycache, python-oslo.privsep, python-shade, r-cran-tgp, raincat, rapache, resteasy, ruby-crb-blast, ruby-email-reply-parser, ruby-gollum-lib, samtools, sipwitch, sooperlooper, tomcat-maven-plugin, transmission, trivial-features, tuskar-ui, twinkle, twisted-web2, uclmmbase, workrave, xlog & yafc.

FTP Team

As a Debian FTP assistant I ACCEPTed 135 packages: aptitude, asm, beagle, blends, btrfs-progs, camitk, cegui-mk2, cmor-tables, containerd, debian-science, debops, debops-playbooks, designate-dashboard, efitools, facedetect, flask-testing, fstl, ganeti-os-noop, gnupg, golang-fsnotify, golang-github-appc-goaci, golang-github-benbjohnson-tmpl, golang-github-dchest-safefile, golang-github-docker-go, golang-github-dylanmei-winrmtest, golang-github-hawkular-hawkular-client-go, golang-github-hlandau-degoutils, golang-github-hpcloud-tail, golang-github-klauspost-pgzip, golang-github-kyokomi-emoji, golang-github-masterminds-semver-dev, golang-github-masterminds-vcs-dev, golang-github-masterzen-xmlpath, golang-github-mitchellh-ioprogress, golang-github-smartystreets-assertions, golang-gopkg-hlandau-configurable.v1, golang-gopkg-hlandau-easyconfig.v1, golang-gopkg-hlandau-service.v2, golang-objx, golang-pty, golang-text, gpaste, gradle-plugin-protobuf, grip, haskell-brick, haskell-hledger-ui, haskell-lambdabot-haskell-plugins, haskell-text-zipper, haskell-werewolf, hkgerman, howdoi, jupyter-client, jupyter-core, letsencrypt.sh, libbpp-phyl, libbpp-raa, libbpp-seq, libbpp-seq-omics, libcbor-xs-perl, libdancer-plugin-email-perl, libdata-page-pageset-perl, libevt, libevtx, libgit-version-compare-perl, libgovirt, libmsiecf, libnet-ldap-server-test-perl, libpgobject-type-datetime-perl, libpgobject-type-json-perl, libpng1.6, librest-client-perl, libsecp256k1, libsmali-java, libtemplates-parser, libtest-requires-git-perl, libtext-xslate-perl, linux, linux-signed, mandelbulber2, netlib-java, nginx, node-rc, node-utml, nvidia-cuda-toolkit, openfst, openjdk-9, openssl, php-cache-integration-tests, pulseaudio, pyfr, pygccxml, pytest-runner, python-adventure, python-arrayfire, python-django-feincms, python-fastimport, python-fitsio, python-imagesize, python-lib389, python-libtrace, python-neovim-gui, python3-proselint, pythonpy, pyzo, r-cran-ca, r-cran-fitbitscraper, r-cran-goftest, r-cran-rnexml, r-cran-rprotobuf, rrdtool, ruby-proxifier, ruby-seamless-database-pool, ruby-syslog-logger, rustc, s5, sahara-dashboard, salt-formula-ceilometer, salt-formula-cinder, salt-formula-glance, salt-formula-heat, salt-formula-horizon, salt-formula-keystone, salt-formula-neutron, salt-formula-nova, seer, simplejson, smrtanalysis, tiles-autotag, tqdm, tran, trove-dashboard, vim, vulkan, xapian-bindings & xapian-core.

Categories: LUG Community Blogs

Jonathan McDowell: Notes on Kodi + IR remotes

Planet ALUG - Tue, 26/04/2016 - 21:32

This post is largely to remind myself of the details next time I hit something similar; I found bits of relevant information all over the place, but not in one single location.

I love Kodi. These days the Debian packages give me a nice out of the box experience that is easy to use. The problem comes in dealing with remote controls and making best use of the available buttons. In particular I want to upgrade the VDR setup my parents have to a more modern machine that’s capable of running Kodi. In this instance an AMD E350 nettop, which isn’t recent but does have sufficient hardware acceleration of video decoding to do the job. Plus it has a built in fintek CIR setup.

First step was finding a decent remote. The fintek is a proper IR receiver supported by the in-kernel decoding options, so I had a lot of flexibility. As it happened I ended up with a surplus to requirements Virgin V Box HD remote (URC174000-04R01). This has the advantage of looking exactly like a STB remote, because it is one.

Pointed it at the box, saw that the fintek_cir module was already installed and fired up irrecord. Failed to get it to actually record properly. Googled lots. Found ir-keytable. Fired up ir-keytable -t and managed to get sensible output with the RC-5 decoder. Used irrecord -l to get a list of valid button names and proceed to construct a vboxhd file which I dropped in /etc/rc_keymaps/. I then added a

fintek-cir * vboxhd

line to /etc/rc_maps.cfg to force my new keymap to be loaded on boot.

That got my remote working, but then came the issue of dealing with the fact that some keys worked fine in Kodi and others didn’t. This seems to be an issue with scancodes above 0xff. I could have remapped the remote not to use any of these, but instead I went down the inputlirc approach (which is already in use on the existing VDR box).

For this I needed a stable device file to point it at; the /dev/input/eventN file wasn’t stable and as a platform device it didn’t end up with a useful entry in /dev/input/by-id. A ‘quick’

udevadm info -a -p $(udevadm info -q path -n /dev/input/eventN)

provided me with the PNP id (FIT0002) allowing me to create /etc/udev/rules.d/70-remote-control.rules containing

KERNEL=="event*",ATTRS{id}=="FIT0002",SYMLINK="input/remote"

Bingo, a /dev/input/remote symlink. /etc/defaults/inputlirc ended up containing:

EVENTS="/dev/input/remote" OPTIONS="-g -m 0"

The options tell it to grab the device for its own exclusive use, and to take all scancodes rather than letting the keyboard ones through to the normal keyboard layer. I didn’t want anything other than things specifically configured to use the remote to get the key presses.

At this point Kodi refused to actually do anything with the key presses. Looking at ~kodi/.kodi/temp/kodi.log I could see them getting seen, but not understood. Further searching led me to construct an Lircmap.xml - in particular the piece I needed was the <remote device="/dev/input/remote"> bit. The existing /usr/share/kodi/system/Lircmap.xml provided a good starting point for what I wanted and I dropped my generated file in ~kodi/.kodi/userdata/.

(Sadly it turns out I got lucky with the remote; it seems to be using the RC-5x variant which was broken in 3.17; works fine with the 3.16 kernel in Debian 8 (jessie) but nothing later. I’ve narrowed down the offending commit and raised #117221.)

Helpful pages included:

Categories: LUG Community Blogs

Debian Bits: Debian welcomes its 2016 summer interns

Planet HantsLUG - Sun, 24/04/2016 - 20:00

We're excited to announce that Debian has selected 29 interns to work with us this summer: 4 in Outreachy, and 25 in the Google Summer of Code.

Here is the list of projects and the interns who will work on them:

Android SDK tools in Debian:

APT - dpkg communications rework:

Continuous Integration for Debian-Med packages:

Extending the Debian Developer Horizon:

Improving and extending AppRecommender:

Improving the debsources frontend:

Improving voice, video and chat communication with Free Software:

MIPS and MIPSEL ports improvements:

Reproducible Builds for Debian and Free Software:

Support for KLEE in Debile:

The Google Summer of Code and Outreachy programs are possible in Debian thanks to the effort of Debian developers and contributors that dedicate part of their free time to mentor students and outreach tasks.

Join us and help extend Debian! You can follow the students weekly reports on the debian-outreach mailing-list, chat with us on our IRC channel or on each project's team mailing lists.

Congratulations to all of them!

Categories: LUG Community Blogs

Jonathan McDowell: Going to DebConf 16

Planet ALUG - Mon, 18/04/2016 - 14:12

Whoop! Looking forward to it already (though will probably spend it feeling I should be finishing my dissertation).

Outbound:

2016-07-01 15:20 DUB -> 16:45 LHR BA0837 2016-07-01 21:35 LHR -> 10:00 CPT BA0059

Inbound:

2016-07-10 19:20 CPT -> 06:15 LHR BA0058 2016-07-11 09:20 LHR -> 10:45 DUB BA0828

(image stolen from Gunnar)

Categories: LUG Community Blogs

Jonathan McDowell: Going to DebConf 16

Planet ALUG - Mon, 18/04/2016 - 14:12

Whoop! Looking forward to it already (though will probably spend it feeling I should be finishing my dissertation).

Outbound:

2016-07-01 15:20 DUB -> 16:45 LHR BA0837 2016-07-01 21:35 LHR -> 10:00 CPT BA0059

Inbound:

2016-07-10 19:20 CPT -> 06:15 LHR BA0058 2016-07-11 09:20 LHR -> 10:45 DUB BA0828

(image stolen from Gunnar)

Categories: LUG Community Blogs

Debian Bits: DPL elections 2016, congratulations Mehdi Dogguy!

Planet HantsLUG - Sun, 17/04/2016 - 17:40

The Debian Project Leader elections finished yesterday and the winner is Mehdi Dogguy! Of a total of 1023 developers, 282 developers voted using the Condorcet method.

More information about the result is available in the Debian Project Leader Elections 2016 page.

The new term for the project leader starts today April 17th and expire on April 17th 2017.

Categories: LUG Community Blogs

Bring-A-Box, Saturday 11 June 2016, All Saints, Mitcham

Surrey LUG - Fri, 15/04/2016 - 19:54
Start: 2016-06-11 12:00 End: 2016-06-11 12:00

We have regular sessions on the second Saturday of each month. Bring a 'box', bring a notebook, bring anything that might run Linux, or just bring yourself and enjoy socialising/learning/teaching or simply chilling out!

This month's meeting is at the All Saints Centre, Mitcham, Surrey.  CR4 4JN

New members are very welcome. We're not a cliquey bunch, so you won't feel out of place! Usually between 15 and 30 people come along.

Categories: LUG Community Blogs

Bring-A-Box, Saturday 14th May 2016

Surrey LUG - Fri, 15/04/2016 - 19:50
Start: 2016-05-14 12:00 End: 2016-05-14 12:00

Venue to be found.  Watch this space!  No!  Better still, find a venue and discuss it on the mailing list!

Categories: LUG Community Blogs

Jonathan McDowell: Software in the Public Interest contributing members: Check your activity status!

Planet ALUG - Wed, 13/04/2016 - 13:04

That’s a longer title than I’d like, but I want to try and catch the attention of anyone who might have missed more directed notifications about this. If you’re not an SPI contributing member there’s probably nothing to see here…

Although I decided not to stand for re-election at the Software in the Public Interest (SPI) board elections last July, I haven’t stopped my involvement with the organisation. In particular I’ve spent some time working on an overhaul of the members website and rolling it out. One of the things this has enabled is implementation of 2009-11-04.jmd.1: Contributing membership expiry, by tracking activity in elections and providing an easy way for a member to indicate they consider themselves active even if they haven’t voted.

The plan is that this will run at some point after the completion of every board election. A first pass of cleanups was completed nearly a month ago, contacting all contributing members who’d never been seen to vote and asking them to update their status if they were still active. A second round, of people who didn’t vote in the last board election (in 2014), is currently under way. Affected members will have been emailed directly and there was a mail to spi-announce, but I’m aware people often overlook these things or filter mail off somewhere that doesn’t get read often.

If you are an SPI Contributing member who considers themselves an active member I strongly recommend you login to the SPI Members Website and check the “Last active” date displayed is after 2014-07-14 (i.e. post the start of the last board election). If it’s not, click on the “Update” link beside the date. The updated date will be shown once you’ve done so.

Why does pruning inactive members matter? The 2015 X.Org election results provide at least one indication of why ensuring you have an engaged membership is important - they failed to make a by-laws change that a vast majority of votes were in favour of, due to failing to make quorum. (If you’re an X.org member, go vote!)

Categories: LUG Community Blogs

Jonathan McDowell: Software in the Public Interest contributing members: Check your activity status!

Planet ALUG - Wed, 13/04/2016 - 13:04

That’s a longer title than I’d like, but I want to try and catch the attention of anyone who might have missed more directed notifications about this. If you’re not an SPI contributing member there’s probably nothing to see here…

Although I decided not to stand for re-election at the Software in the Public Interest (SPI) board elections last July, I haven’t stopped my involvement with the organisation. In particular I’ve spent some time working on an overhaul of the members website and rolling it out. One of the things this has enabled is implementation of 2009-11-04.jmd.1: Contributing membership expiry, by tracking activity in elections and providing an easy way for a member to indicate they consider themselves active even if they haven’t voted.

The plan is that this will run at some point after the completion of every board election. A first pass of cleanups was completed nearly a month ago, contacting all contributing members who’d never been seen to vote and asking them to update their status if they were still active. A second round, of people who didn’t vote in the last board election (in 2014), is currently under way. Affected members will have been emailed directly and there was a mail to spi-announce, but I’m aware people often overlook these things or filter mail off somewhere that doesn’t get read often.

If you are an SPI Contributing member who considers themselves an active member I strongly recommend you login to the SPI Members Website and check the “Last active” date displayed is after 2014-07-14 (i.e. post the start of the last board election). If it’s not, click on the “Update” link beside the date. The updated date will be shown once you’ve done so.

Why does pruning inactive members matter? The 2015 X.Org election results provide at least one indication of why ensuring you have an engaged membership is important - they failed to make a by-laws change that a vast majority of votes were in favour of, due to failing to make quorum. (If you’re an X.org member, go vote!)

Categories: LUG Community Blogs

Chris Lamb: Parsing Jenkins log output to determine job status

Planet ALUG - Mon, 11/04/2016 - 18:28

I recently made the same mistake a number of times when adding new hosts to my Ansible configuration and decided to ensure it couldn't happen again. The specifics of this particular issue were that whilst I had added the hostname to inventory file, I had neglected to add the host to the relevant group in my playbook:

oldhost newhost [mygroup] oldhost # missing newhost here

ansible-playbook would output no hosts matched but crucially return with an successful exit code. My continuous integration system (Jenkins) would infer that the task was successful and not notify me that anything was wrong:

$ ansible-playbook deploy-mygroup.yml --limit-hosts=newhost <snip> PLAY [deploy] ************************************************* skipping: no hosts matched PLAY RECAP **************************************************** [ERROR]: No plays were matched by any host. $ echo $? 0

This seemed to violate a few principles to me (at the very least due of the "loud" use of ERROR without the corresponding return code) so I filed a pull request against Ansible that added an optional --error-if-no-plays-matched switch:

$ ansible-playbook [..] --error-if-no-plays-matched <snip> [ERROR]: No plays were matched by any host. $ echo $? 1

In the end, upstream decided to pass on it as it could be implemented via a plugin system and desiring an immediate and potentially more-general solution I briefly looked into parsing the ansible-playbook output before moving onto parsing the Jenkins log itself.

This turned out to be straightforward; using the Text-Finder plugin, I configured my Jenkins job to simply error if the log contained the string skipping: no hosts matched:

I am using the Job DSL plugin so that my configuration is backed onto revision control (highly recommended) so I actually used its textFinder publisher rather than the interface above:

publishers { textFinder(/^skipping: no hosts matched$/, '', true, false, false) }

This results in the job "correctly" failing and alerting me:

+ ansible-playbook deploy-mygroup.yml --limit-hosts=newhost <snip> PLAY [deploy] ************************************************* skipping: no hosts matched PLAY RECAP **************************************************** [ERROR]: No plays were matched by any host. Checking console output /var/lib/jenkins/jobs/deploy-mygroup/builds/126/log: skipping: no hosts matched Build step 'Jenkins Text Finder' changed build result to FAILURE Finished: FAILURE
Categories: LUG Community Blogs

Steve Kemp: Recycling old ideas ..

Planet HantsLUG - Sat, 09/04/2016 - 14:47

My previous blog post was about fuzzing and finding segfaults in GNU Awk. At the time of this update they still remain unfixed.

Reading about a new release of mutt I've seen a lot of complaints about how it handles HTML mail, by shelling out to lynx or w3m. As I have a vested interest in console based mail-clients I wanted to have a quick check to see how dangerous that could be. After all it wasn't so long ago that I discovered that printing a fingerprint of an SSH key could be dangerous, so the idea of parsing untrusted HTML is something I could see.

In fact back in 2005 I reported that some specific HTML could crash Mozilla's firefox. Due to some ordering issues my Firefox bug was eventually reported as a duplicate, and although it seemed to qualify for the Mozilla bug-bounty and a CVE assignment I never received any actual cash. Shame. I'd have been more interested in testing the browser if I had a cheque to hang on my wall (and never cash).

Anyway full-circle. Fuzzing the w3m console-based browser resulted in a bunch of segfaults when running this:

w3m -dump $file.html

Anyway each of the two bugs I reported were fixed in a day or two, and both involved gnarly UTF-8/encoding transformations. Many thanks to Tatsuya Kinoshita for such prompt attention and excellent debugging skills.

And lynx? Still no segfaults. I'll leave the fuzzer running over the weekend and if there are no faults found by Monday I guess I'll move on to links.

Categories: LUG Community Blogs

Bring-A-Box, Saturday 9th April 2016, Station pub, W Byfleet

Surrey LUG - Thu, 07/04/2016 - 16:04
Start: 2016-04-09 12:00 End: 2016-04-09 12:00

We have regular sessions on the second Saturday of each month. Bring a 'box', bring a notebook, bring anything that might run Linux, or just bring yourself and enjoy socialising/learning/teaching or simply chilling out!

This month's meeting is at the Station Pub in West Byfleet, Surrey.

New members are very welcome. We're not a cliquey bunch, so you won't feel out of place! Usually between 15 and 30 people come along.

Categories: LUG Community Blogs

Bring-A-Box, Saturday 12th March 2016, Lion Brewery, Ash

Surrey LUG - Thu, 10/03/2016 - 23:09
Start: 2016-03-12 12:00 End: 2016-03-12 12:00

We have regular sessions on the second Saturday of each month. Bring a 'box', bring a notebook, bring anything that might run Linux, or just bring yourself and enjoy socialising/learning/teaching or simply chilling out!

This month's meeting is at the Lion Brewery Pub in Ash, Surrey.

New members are very welcome. We're not a cliquey bunch, so you won't feel out of place! Usually between 15 and 30 people come along.

Categories: LUG Community Blogs

Bring-A-Box, Saturday 13th February 2016, Merstham

Surrey LUG - Mon, 08/02/2016 - 12:58
Start: 2016-02-13 12:00 End: 2016-02-13 12:00

We have regular sessions on the second Saturday of each month. Bring a 'box', bring a notebook, bring anything that might run Linux, or just bring yourself and enjoy socialising/learning/teaching or simply chilling out!

This month's meeting is at The Feathers Pub, Merstham

42 High St, Merstham, Redhill, Surrey, RH1 3EA ‎
01737 645643 ‎ · http://www.thefeathersmerstham.co.uk

NOTE the pub opens at 12 Noon.

Categories: LUG Community Blogs

David Goodwin: Automated twitter compilation up to 16 June 2014

Planet WolvesLUG - Mon, 16/06/2014 - 16:22

Arbitrary tweets made by TheGingerDog up to 16 June 2014

2014/06/15

  • RT Proud my 8yo girl failed this worksheet. Wish she had failed it even “worse.” #GenderBias
  • 2012/11/03

  • RT #PHP devs. Please satisfy my curiosity and let me know about the frameworks you’ve used recently. Ta. https://twtpoll.com/gw7zecvn991qaxj (plz RT) 2014/06/15
  • RT Best banner at the World Cup so far
  • 2014/06/14

  • RT RT if you believe in freedom & democracy. #Falklands #LiberationDay
  • 2014/06/14

  • RT WordFriday: crosspathy
  • Attempt to pass homeopathy off as credible by combining it with empirically valid medicine.

    https://www.facebook.com/WordFriday/posts/637531733001454

    2014/06/13
  • And back home. Zzzz. Bromsgrove 2014/06/12
  • And now. Time to catch a plane. #snackTime Cyprus 2014/06/11
  • Thankfully I don’t use tweetdeck. Cyprus 2014/06/11
  • RT “US invasion and occupation cost Washington close to a trillion dollars ” – www.theguardian.com/world/2014/jun/11/mosul-isis-gunmen-middle-east-states enough to address climate change… #iraq 2014/06/11
  • RT #Iraq army capitulates to Isis militants in four cities – www.theguardian.com/world/2014/jun/11/mosul-isis-gunmen-middle-east-states what a disaster…well done, Bush and Blair… 2014/06/11
  • RT Twitter worms are so 2011. 2014/06/11
  • RT Tweetdeck XSS flaw leaves users vulnerable to account hijacking bit.ly/1lcEUK8 2014/06/11
  • RT HOW MUCH PIZZA AND COKE DO I HAVE TO FEED YOU NERDS BEFORE YOU SHUT UP ABOUT 80 HOUR WEEKS 2014/03/26
  • RT If one searches for CityLink on Google right now, you get this rather marvellously off message cartoon.
  • 2014/06/10

  • This morning we saw some Roman ruins and a Byzantine castle (mosaics etc)
  • Cyprus 2014/06/10

  • Oh Jesus. It’s raining men ! Cyprus 2014/06/08
  • It’s fun to stay at the YMCA …. You can get yourself clean. You can have a good meal …. Cyprus 2014/06/08
  • Wedding time.
  • Cyprus 2014/06/08

  • RT
  • 2014/06/07

  • The sun lounger things have already been stolen.
  • Cyprus 2014/06/08

  • It is dark early here. #landed Cyprus 2014/06/07
  • Our trusty steed for the next few hours.
  • Solihull 2014/06/07

  • RT Did… Did MongoDB just kill itself because it couldn’t rotate its log file? It did! It fucking did! 2014/06/07
  • Trying to scan this qr code causes my phone to reboot. #nexus4 #android #bug
  • Solihull 2014/06/07

  • Great weather this morning.
  • We woke to continual thunder.

    I think it is time to leave the country.

    Solihull 2014/06/07

  • Airport grammar fall. #bhx
  • Solihull 2014/06/07

  • RT HTTP/1.1 just got a major update. – Evert Pot feedproxy.google.com/~r/bijsterespoor/~3/padm6aekKhA/http-11-updated 2014/06/07
  • RT I love cycling, but it does really piss me off when cyclists cruise through red lights with an arrogance & nonchalance that boils the blood! 2014/06/06
  • RT Burnout.io – Help build a resource for the IT community to combat burnout: buff.ly/S1nWmk 2014/06/06
  • It has arrived ! (@TheMikeBennett‘s awesome book).
  • Bromsgrove 2014/06/06

  • RT But for the sacrifice of many, we may not have been born free. Think of that today if nothing else. #DDay70 #DDay #LestWeForget East, United Kingdom 2014/06/06
  • RT At turned midnight 6/6/2014 my biggest worry is getting home tomorrow. 70 yrs ago many didn’t, I doubt my day will be as life changing #DDay East, United Kingdom 2014/06/06
  • Categories: LUG Community Blogs
    Syndicate content