Planet ALUG

Syndicate content
Planet ALUG - http://planet.alug.org.uk/
Updated: 47 min 30 sec ago

Chris Lamb: start-stop-daemon: --exec vs --startas

1 hour 7 min ago

start-stop-daemon is the classic tool on Debian and derived distributions to manage system background processes. A typical invokation from an initscript is as follows:

start-stop-daemon \ --quiet \ --oknodo \ --start \ --pidfile /var/run/daemon.pid \ --exec /usr/sbin/daemon \ -- -c /etc/daemon.cfg -p /var/run/daemon.pid

The basic operation is that it will first check whether /usr/sbin/daemon is not running and, if not, execute /usr/sbin/daemon -c /etc/daemon.cfg -p /var/run/daemon.pid. This process then has the responsibility to daemonise itself and write the resulting process ID to /var/run/daemon.pid.

start-stop-daemon then waits until /var/run/daemon.pid has been created as the test of whether the service has actually started, raising an error if that doesn't happen.

(In practice, the locations of all these files are parameterised to prevent DRY violations.)

Idempotency

By idempotence we are mostly concerned with repeated calls to /etc/init.d/daemon start not starting multiple versions of our daemon.

This might not seem to be particularly big issue at first but the increased adoption of stateless configuration management tools such as Ansible (which should be completely free to call start to ensure a started state) mean that one should be particularly careful of this apparent corner case.

In its usual operation, start-stop-daemon ensures only one instance of the daemon is running with the --exec parameter: if the specified pidfile exists and the PID it refers to is an "instance" of that executable, then it is assumed that the daemon is already running and another copy is not started. This is handled in the pid_is_exec method (source) - the /proc/$PID/exe symlink is resolved and checked against the value of --exec.

Interpreted scripts

However, one case where this doesn't work is interpreted scripts. Lets look at what happens if /usr/sbin/daemon is such a script, eg. a file that starts:

#!/usr/bin/env python # [..]

The problem this introduces is that /proc/$PID/exe now points to the interpreter instead, often with an essentially non-deterministic version suffix:

$ ls -l /proc/14494/exe lrwxrwxrwx 1 www-data www-data 0 Jul 25 15:18 /proc/14494/exe -> /usr/bin/python2.7

When this process is examined using the --exec mechanism outlined above it will be rejected as an instance of /usr/sbin/daemon and therefore another instance of that daemon will be incorrectly started.

--startas

The solution is to use the --startas parameter instead. This omits the /proc/$PID/exe check and merely tests whether a PID with that number is running:

start-stop-daemon \ --quiet \ --oknodo \ --start \ --pidfile /var/run/daemon.pid \ --startas /usr/sbin/daemon \ -- -c /etc/daemon.cfg -p /var/run/daemon.pid

Whilst it is therefore less reliable (in that the PID found in the pidfile could actually be an entirely different process altogether) it's probably an acceptable trade-off against the case of running multiple instances of that daemon.

This danger can be ameliorated by using some of start-stop-daemon's other matching tests, such as --user or even --name.

Categories: LUG Community Blogs

Mick Morgan: department of dirty

Wed, 23/07/2014 - 13:42

Like most ‘net users I get my fair share of spam. Most of it gets binned automatically by my email system, but of course some still gets through so I am used to hitting the delete button on random email from .ru domains offering me the opportunity to “impress my girl tonight”.

Most such phishing email relies on the recipient being dumb enough, naive enough, or (possibly) drunk enough to actually click through the link to the malicious website. I was therefore more than a little astonished at an email I received today from the open rights group. That email is given below in its entirety (I have obfuscated my email address for obvious reasons).

From: Department of Dirty
To: xxxxxxxx@yyy.zzz
Subject: Cleaning up the Internet
Date: Wed, 23 Jul 2014 07:14:18 -0400 (EDT)

Dear Mick,

Ever thought the internet was just too big? Want to help clean up online filth?

*Welcome to the Department of Dirty*

Watch the Department tackling its work here: www.departmentofdirty.co.uk and share our success, as we stop one man try to get one over us with his ‘spotted dick recipe’:

Department of Dirty Video: http://www.departmentofdirty.co.uk/

The Department of Dirty is working with internet and mobile companies to stop the dirty internet. We are committed to protecting children and adults from online filth such as:

*Talk to Frank: This government website tries to educate young people about drugs. We all know what ‘education’ means, don’t we? Blocked by Three.
*Girl Guides Essex:
They say, ‘guiding is about acquiring skills for life’. We say, why would young girls need skills? Blocked by BT.
*South London Refugee Association:
This charity aims to relieve poverty and distress. Not on our watch they don’t. Blocked by BT, EE, Sky and VirginMedia

This is just the tip of the iceberg.

We need you to help us take a stand against blogs, charities and education websites, all of which are being blocked [1]. It’s time to stop this sick filth. Together, we can clean up the internet.

http://www.departmentofdirty.co.uk

Sincerely,

Your Department of Dirty representative

[1] You can find out what we’re blocking at this convenient website: https://www.blocked.org.uk/

[DISCLAIMER] This email has come from the Open Rights Group. This email was delivered to: xxxxxxxx@yyy.zzz If you wish to opt out of future emails, you can do so here.

Now, I’m an ORG supporter (i.e. I am a paying member) and I am sure that someone, somewhere in ORG thought that this email campaign was a great idea. After all, it follows up the ORG’s earlier research on the fairly obvious stupidities arising from the implementation of Dave’s anti-porn campaign, it looks “ironic”, and it uses a snappy domain name which has shades of Monty Python about it. But I’m sorry, in my view this most certainly is not a good idea and I’m sure that ORG will come to regret it.

One of the most fundamental pieces of advice any and every ‘net user is beaten up with is “do not click on links in unsolicited emails”. In particular, the advice normally goes on – “if that email is from an unknown source, or has in any way a supicious from address you should immediately bin it”.

This email comes from an unknown address with a wonderfully prurient domain name. Even if it is successful and gets to the intended email inbox [1], it then relies on the recipient breaking a fundamental security rule. It does this by encouraging him (this looks to be male targeted) to click on a link which the naive might believe leads to a porn video.

How exactly is that going to help?

([1] Note. It got to my email inbox because the email system at e-activist.com which sent it is allowed by my filters.)

Categories: LUG Community Blogs

MJ Ray: Three systems

Tue, 22/07/2014 - 04:59

There are three basic systems:

The first is slick and easy to use, but fiddly to set up correctly and if you want to do something that its makers don’t want you to, it’s rather difficult. If it breaks, then fixing it is also fiddly, if not impossible and requiring complete reinitialisation.

The second system is an older approach, tried and tested, but fell out of fashion with the rise of the first and very rarely comes preinstalled on new machines. Many recent installations can be switched to and from the first system at the flick of a switch if wanted. It needs a bit more thought to operate but not much and it’s still pretty obvious and intuitive. You can do all sorts of customisations and it’s usually safe to mix and match parts. It’s debatable whether it is more efficient than the first or not.

The third system is a similar approach to the other two, but simplified in some ways and all the ugly parts are hidden away inside neat packaging. These days you can maintain and customise it yourself without much more difficulty than the other systems, but the basic hardware still attracts a price premium. In theory, it’s less efficient than the other types, but in practice it’s easier to maintain so doesn’t lose much efficiency. Some support companies for the other types won’t touch it while others will only work with it.

So that’s the three types of bicycle gears: indexed, friction and hub. What did you think it was?

Categories: LUG Community Blogs

Chris Lamb: Disabling internet for specific processes with libfiu

Mon, 21/07/2014 - 19:26

My primary usecase is to prevent testsuites and build systems from contacting internet-based services. This, at the very least, introduces an element of non-determinism and malicious code at worst.

I use Alberto Bertogli's libfiu for this, specifically the fiu-run utility which part of the fiu-utils package on Debian and Ubuntu.

Here's a contrived example, where I prevent Curl from talking to the internet:

$ fiu-run -x -c 'enable name=posix/io/net/connect' curl google.com curl: (6) Couldn't resolve host 'google.com'

... and here's an example of it detecting two possibly internet-connecting tests:

$ fiu-run -x -c 'enable name=posix/io/net/connect' ./manage.py text [..] ---------------------------------------------------------------------- Ran 892 tests in 2.495s FAILED (errors=2) Destroying test database for alias 'default'...

Note that libfiu inherits all the drawbacks of LD_PRELOAD; in particular, we cannot limit the child process that calls setuid binaries such as /bin/ping:

$ fiu-run -x -c 'enable name=posix/io/net/connect' ping google.com PING google.com (173.194.41.65) 56(84) bytes of data. 64 bytes from lhr08s01.1e100.net (17.194.41.65): icmp_req=1 ttl=57 time=21.7 ms 64 bytes from lhr08s01.1e100.net (17.194.41.65): icmp_req=2 ttl=57 time=18.9 ms [..]

Whilst it would certainly be more robust and flexible to use iptables—such as allowing localhost and other local socket connections but disabling all others—I gravitate towards this entirely userspace solution as it requires no setup and I can quickly modify it to block other calls on an ad-hoc basis. The list of other "modules" libfiu supports is viewable here.

Categories: LUG Community Blogs

Mick Morgan: drip

Mon, 21/07/2014 - 16:23

I get my domestic ADSL connectivity from the rather excellent people at Andrews and Arnold.

Here’s why. And this is the original reason I moved to them.

They also happily take (and similarly reply to) GPG encrypted support questions.

Good guys. Thoroughly recommended.

Now can you /really/ see BT doing any of that?

‘thought not.

Categories: LUG Community Blogs

Jonathan McDowell: On the state of Free VoIP

Thu, 17/07/2014 - 23:08

Every now and then I decide I'll try and sort out my VoIP setup. And then I give up. Today I tried again. I really didn't think I was aiming that high. I thought I'd start by making my email address work as a SIP address. Seems reasonable, right? I threw in the extra constraints of wanting some security (so TLS, not UDP) and a soft client that would work on my laptop (I have a Grandstream hardphone and would like an Android client as well, but I figure those are the easy cases while the "I have my laptop and I want to remain connected" case is a bit trickier). I had a suitable Internet connected VM, access to control my DNS fully (so I can do SRV records) and time to read whatever HOWTOs required. And oh my ghod the state of the art is appalling.

Let's start with getting a SIP server up and running. I went with repro which seemed to be a reasonably well recommended SIP server to register against. And mostly getting it up and running and registering against it is fine. Until you try and make a TLS SIP call through it (to a sip5060.net test address). Problem the first; the StartCom free SSL certs are not suitable because they don't advertise TLS Client. So I switch to CACert. And then I get bitten by the whole question about whether the common name on the cert should be the server name, or the domain name on the SIP address (it's the domain name on the SIP address apparently, though that might make your SIP client complain).

That gets the SIP side working. Of course RTP is harder. repro looks like it's doing the right thing. The audio never happens. I capitulate at this point, and install Lumicall on my phone. That registers correctly and I can call the sip:test.time@sip5060.net test number and hear the time. So the server is functioning, it's the client that's a problem. I try the following (Debian/testing):

  • jitsi - Registers fine, seems to lack any sort of TURN/STUN support.
  • ekiga - No sign of TLS registration support.
  • twinkle - Not in testing. A recompile leads to no sign of an actual client starting up when executed.
  • sflphone - Fails to start (Debian bug #745695).
  • Empathy - Fails to connect. Doesn't show any useful debug.
  • linphone - No TLS connect (Debian bug #743494).

I'm bored at this point. Can I "dial" my debian.org SIP address from Lumicall? Of course not; I get a "Codecs incompatible" (SIP 488 Not Acceptable Here) response. I have no idea what that means. I seem to have all of the options on Lumicall enabled. Is it a NAT thing? A codec thing? Did I sacrifice the wrong colour of goat?

At some point during this process I get a Skype call from some friends, which I answer. Up comes a video call with them, their newborn, perfect audio, and no hassle. I have a conversation with them that doesn't involve me cursing technology at all. And then I go back to fighting with SIP.

Gunnar makes the comment about Skype creating a VoIP solution 10 years ago when none was to be found. I believe they're still the market leader. It just works. I'm running the Linux client, and they're maintaining it (a little behind the curve, but close enough), and it works for text chat, voice chat and video calls. I've spent half a day trying to get a Free equivalent working and failing. I need something that works behind NAT, because it's highly likely when I'm on the move that's going to be the case. I want something that lets my laptop be the client, because I don't want to rely on my mobile phone. I want my email address to also be my VoIP address. I want some security (hell, I'm not even insisting on SRTP, though I'd like to). And the state of the Open VoIP stack just continues to make me embarrassed.

I haven't given up yet, but I'd appreciate some pointers. And Skype, if you're hiring, drop me a line. ;)

Categories: LUG Community Blogs

Steve Engledow (stilvoid): Quayside

Mon, 14/07/2014 - 23:22

Docker is the new best thing ever.

The technology behind it is pretty cool. It works very well and it's incredibly easy to just make things work.

But that's not the best bit!

My favourite thing about Docker is that it's simple to explain to semi-technical folks and better yet, it's easy to get people enthusiastic about it.

As I've previously mentioned, simplicity is something I aspire to in all things and the fact that "post-technical" [cheers Goran ;)] types get excited about how Docker can be used to break your services down into small components that you thread together makes my life that much easier when I'm trying to "sell" the benefits of doing so.

I have failed at sentence construction. Maybe I need to dockerise [eww] that.

Categories: LUG Community Blogs

James Taylor: SSL / TLS

Thu, 10/07/2014 - 15:09

Is it annoying or not that everyone says SSL Certs and SSL when they really mean TLS?

Does anyone actually mean SSL? Have there been any accidents through people confusing the two?


Categories: LUG Community Blogs

James Taylor: Cloud Computing Deployments … Revisited.

Thu, 10/07/2014 - 15:09

So its been a few years since I’ve posted, because its been so much hard work, and we’ve been pushing really hard on some projects which I just can’t talk about – annoyingly. Anyways, March 20th , 2011 I talked about Continual Integration and Continual Deployment and the Cloud and discussed two main methods – having what we now call ‘Gold Standards’ vs continually updating.

The interesting thing is that as we’ve grown as a company, and as we’ve become more ‘Enterprise’, we’ve brought in more systems administrators and begun to really separate the deployments from the development. The other thing is we have separated our services out into multiple vertical strands, which have different roles. This means we have slightly different processes for Banking or Payment based modules then we do from marketing modules. We’re able to segregate operational and content from personally identifiable information – PII having much higher regulation on who can (and auditing of who does) access.

Several other key things had to change: for instance, things like SSL keys of the servers shouldn’t be kept in the development repo. Now, of course not, I hear you yell, but its a very blurry line. For instance, should the Django configuration be kept in the repo? Well, yes, because that defines the modules and things like URLs. Should the nginx config be kept in the repo? Well, oh. if you keep *that* in then you would keep your SSL certs in…

So the answer becomes having lots of repo’s. One repo per application (django wise), and one repo per deployment containing configurations. And then you start looking at build tools to bring, for a particular server or cluster of servers up and running.

The process (for our more secure, audited services) is looking like a tool to bring an AMI up, get everything installed and configured, and then take a snapshot, and then a second tool that takes that AMI (and all the others needed) and builds the VPC inside of AWS. Its a step away from the continual deployment strategy, but it is mostly automated.


Categories: LUG Community Blogs

Chris Lamb: Lotteries

Thu, 10/07/2014 - 14:00

The cliché is that lotteries are a tax on the mathematically illiterate.

It's easy to have some sympathy for this position. Did you know trying to get rich by playing the lottery is like trying to commit suicide by flying on commercial airlines? These comparisons are superficially amusing but to look at lotteries in this rational way has seems to be in-itself irrational, ignoring the real motivations of the participants.

Even defined as a tax they are problematic – far from being progressive or redistributive, it has always seemed suspect when lottery money is spent proudly on high-brow projects such as concert hall restorations and theatre lighting rigs when—with no risk of exaggeration—there is zero overlap between the people who would benefit from the project and who funded it.

But no, what rankles me more about our lotteries isn't the unsound economics of buying a ticket or even that it's a state-run monopoly, but rather the faux philanthropic way it manages to evade all criticism by talking about the "good causes" it is helping.

Has our discourse become so relative and non-judgemental that when we are told that the lottery does some good, however slight, we are willing to forgive all of the bad? Isn't there something fundamentally dishonest about disguising the avarice, cupidity, escapism and being part of some shared cultural event—that are surely the only incentives to play this game—with some shallow feel-good fluff about good causes? And where are the people doing real good in communities complaining about this corrupting lucre, or are they just happy to take the money and don't want to ask too many awkward questions..?

"Vices are not crimes" claims Lysander Spooner, and I would not want to legislate that citizens cannot make dubious investments in any market, let alone a "lottery market", but we should at least be able to agree that this nasty regressive tax should enjoy no protection nor special privileges from the state, and it should be incapable of getting away with deflecting criticism with a bunch of photogenic children from an inner-city estate clutching a dozen branded footballs.

Categories: LUG Community Blogs

Jonathan McDowell: 2014 SPI Board election nominations open

Mon, 07/07/2014 - 21:13

I put out the call for nominations for the 2014 Software in the Public Interest (SPI) Board election last week. At this point I haven't yet received any nominations, so I'm mentioning it here in the hope of a slightly wider audience. Possibly not the most helpful as I would hope readers who are interested in SPI are already reading spi-announce. There are 3 positions open this election and it would be good to see a bit more diversity in candidates this year. Nominations are open until the end of Tuesday July 13th.

The primary hard and fast time commitment a board member needs to make is to attend the monthly IRC board meetings, which are conducted publicly via IRC (#spi on the OFTC network). These take place at 20:00 UTC on the second Thursday of every month. More details, including all past agendas and minutes, can be found at http://spi-inc.org/meetings/. Most of the rest of the board communication is carried out via various mailing lists.

The ideal candidate will have an existing involvement in the Free and Open Source community, though this need not be with a project affiliated with SPI.

Software in the Public Interest (SPI, http://www.spi-inc.org/) is a non-profit organization which was founded to help organizations develop and distribute open hardware and software. We see it as our role to handle things like holding domain names and/or trademarks, and processing donations for free and open source projects, allowing them to concentrate on actual development.

Examples of projects that SPI helps includes Debian, LibreOffice, OFTC and PostgreSQL. A full list can be found at http://www.spi-inc.org/projects/.

Categories: LUG Community Blogs

Chris Lamb: Strava Enhancement Suite

Sun, 06/07/2014 - 20:55

Today I merged my individual Strava Chrome extensions into a single package, added some features that I thought were still missing and published it to the Chrome Web Store.

It now supports:

  • Infinite scroll: Automatically load more dashboard entries when reaching the bottom.
  • Switch imperial/metric units: Quickly switch from miles/km from the browser address bar.
  • Default to my results: Changes the default leaderboard to "My Results" instead of "Overall" when viewing a segment effort.
  • Hide "find friends": Hide invitations to invite and find friends to Strava
  • "Enter" posts comment: Immediately posts comment when pressing the "enter" / "return" key in the edit box rather than adding a new line.
  • Compare running: Changes the default sport for the "Side by Side comparison" module to running.
  • Running cadence: Show running cadence by default in elevation profile.
  • Variability Index: Calculate a Variability Index (VI) from the weighted average power and the average power, an indication of how 'smooth' a ride was.
  • Estimated FTP: Select "Show Estimated FTP" by default on Power Curve.
  • Running TSS: Estimates a run's Training Stress Score (TSS) from its Grade Adjusted Pace distribution.
  • Standard Google Map: Prefer the "Standard" Google map over the "Terrain" view (experimental).

Needless to say, this software is not endorsed by Strava. Suggestions, feedback and contributions welcome.

UPDATE: Also added more aggregate segment data, leaderboard options, showing running heart rate by default, links to Veloviewer & Race Shape.

View/install in Chrome Web Store.

Categories: LUG Community Blogs

Chris Lamb: Race report: Ironman Austria 2014

Thu, 03/07/2014 - 12:13

I arrived in Klagenfurt early on Thursday before Sunday's race and went to register at the "Irondome" on the shores of Lake Wörthersee. I checked up on my bike at Race Force's HQ and had a brief look around the expo before it got busy.

Over the next few days I met up a number of times with my sister who had travelled—via Venice—to support and cheer me. Only the day before the race did it sincerely dawn on me how touching and meaningful this was, as well as how much it helped having someone close by.

I had planned to take part in as much of the "Ironman experience" as possible but in practice I not only wanted to stay out of the sun as much as possible, I found that there was an unhealthy pre-race tension at the various events so I kept myself at a slight distance.

Between participants the topic of discussion was invariably the weather forecast but I avoided paying much attention as I had no locus of control; I would simply make different decisions in each eventuality. However, one could not "un-learn" that it reached 40°C on the run course in 2012, landing many in hospital.

As this was my first long-distance triathlon with a corresponding investment of training I decided that conservative pacing and decisions were especially prudent in order to guarantee a finish. Ironman race intensity is quite low but this also means the perceived difference between a sustainable and a "suicide" pace is dangerously narrow.

Despite that, my goal was to finish under 11 hours, targeting a 1:20 swim, a 5:30 bike and a 4:00 marathon.

Race day

I got to sleep at around 10PM and awoke early at 3AM, fearing that I had missed my alarm. I dozed for another hour before being woken at 4AM and immediately started on two strong coffees and waited for a taxi.

Over the next 2 hours I ate two Powerbars, a banana and sipped on isotonic energy drink. I also had a gel immediately before the swim, a total of approximately 600 calories. Many consume much more pre-race, but I had not practised this and there would be plenty of time to eat on the bike.

I got to transition as it opened at 5AM and checked over my bags and bike and then made my way slowly to the lake to put on my wetsuit.

Swim
Distance
3.8km / 2.4 miles
Time
1:21:31 (2:08/100m)

I felt my swimming ability to be just on the right of the bell-curve so I lined myself up according to their suggestion. I'm quite good with nerves so in the final ten minutes I kept to myself and remained very calm.

After some theatrics from the organisers, the gun finally went off at 7AM. It was difficult to get my technique "in" straight away but after about 5 minutes I found I could focus almost entirely on my stroke. I didn't get kicked too much and I reached the first turn buoy in good time, feeling relaxed. Between the next two buoys I had some brief hamstring cramps but they passed quickly.

After the second turn I veered off-course due to difficulties in sighting the next landmark—the entrance to the Lend canal—in the rising sun. Once I reached it, the canal itself was fast-moving but a little too congested so I became stuck behind slower swimmers.

The end of the swim came suddenly and glancing at my watch I was pretty happy with my time, especially as I didn't feel like I had exerted myself much at all.

T1
Time
6:30

Due to the size of Ironman events there is an involved system of transition bags and changing tents; no simple container beside your bike. There was also a fair amount of running between the tents as well. Despite that (and deciding to swim in my Castelli skinsuit to save time) I was surprised at such a long transition split – I'm not sure where I really spent it all.

I also had been under the impression volunteers would be applying sunscreen so I had put my only sun spray in the bike-to-run bag, not the swim-to-bike one. However, I found a discarded bottle by my feet and borrowed some.

Bike
Distance
180km / 112 miles
Time
5:30:12 (32.7kph - 20.3mph)

The bike leg consists of two hilly laps just to the south of the Wörthersee.

It felt great to be out on the bike but it soon became frustrating as I could not keep to my target wattage due to so many people on the course. There were quite a few marshalls out too which compounded this – I didn't want to exert any more than necessary in overtaking slower riders but I also did not want to draft, let alone be caught drafting.

This also meant I had to switch my read-out from a 10-second power average to 3-seconds, a sub-optimal situation as it does not encourage consistent power output. It's likely a faster swim time would have "seeded" me within bikers more around my ability, positively compounding my overall performance.

I started eating after about 15 minutes: in total I consumed six Powerbars, a NutriGrain, half a banana, four full bottles of isotonic mix and about 500ml of Coca-Cola. I estimate I took on about 1750 calories in total.

The aid stations were very well-run, my only complaints being that the isotonic drink became extremely variable—the bottles being half-filled and/or very weak—and that a few were cruelly positioned before hills rather than after them.

I felt I paced the climbs quite well and kept almost entirely below threshold as rehearsed. Gearing-wise, I felt I had chosen wisely – I would not have liked to have been without 36x28 in places and only managed to spin out the 52x12 four or five times. Another gear around 16t would have been nice though.

There was quite heavy rain and wind on the second lap but it did not deter the locals or my sister, who was on the Rupitiberg waving a custom "Iron Lamb" banner. It was truly fantastic seeing her out on the course.

On the final descent towards transition I was happy with my time given the congestion but crucially did not feel like I had just ridden 112 miles, buoying my spirits for the upcoming marathon.

T2
Time
3:46

Apart from the dismount line which came without warning and having a small mishap in finding my bike rack, transitioning to the run was straightforward.

Run
Distance
42.175km / 26.2 miles
Time
3:54:21 (5:33/km - 8:56/mile)

The run course consists of two "out-and-backs". The first leads to Krumpendorf along the Wörthersee and the railway, the second to the centre of Klagenfurt along the canal. Each of these is repeated twice.

I felt great off the bike but it is always difficult to slow oneself to an easy pace after T2, even when you are shouting at yourself to do so. I did force my cadence down—as well as scared myself with a 4:50 split for the first kilometer—and settled into the first leg to Krumpendorf.

Once the crowds thinned I took stock and decided to find a bathroom before it could become a problem. After that, I felt confident enough to start taking on fuel and the 10km marker on the return to the Irondome came around quickly.

Over the course of the run I had about three or four caffeinated gels and in latter stages a few mouthfuls of Coke. I tried drinking water but switched to watermelon slices as I realised I could absorb more liquid that way, remaining moving and gaining a feeling of security that comes from simply carrying something.

The first visit to Klagenfurt was unremarkable and I was taking care to not go too hard on the downhill gradients there – whilst going uphill is relatively straightforward to pace, I find downhill running deceptively wearing on your quads and I still had 25km to go.

The halfway point came after returning from Klagenfurt and I was spotted by my sister which was uplifting. I threw her a smile, my unused running belt and told her I felt great, which I realised I actually did.

At about 23km I sensed I needed the bathroom again but the next aid station had locked theirs and for some bizarre reason I then did not stop when I saw a public WC which was clearly open. I finally found one at 28km but the episode had made for a rather uncomfortable second lap of Krumpendorf. I did run a little of the Klagenfurt canal earlier in the week, but I wished I had run the route through Krumpendorf instead – there was always "just another" unexpected turn which added to the bathroom frustration.

In a chapter in What I Talk About When I Talk About Running, Haruki Murakami writes about the moment he first ran past 26.2 miles:

I exaggerate only a bit when I say that the moment I straddled that line a slight shiver went through me, for this was the first time I'd ever run more than a marathon. For me this was the Strait of Gibraltar, beyond which lay an unknown sea. What lay in wait beyond this, what unknown creatures were living there, I didn't have a clue. In my own small way I felt the same fear that sailors of old must have felt.

I was expecting a similar feeling at this point but I couldn't recall whether my longest run to date was 30 or 31km, a detail which somehow seemed to matter at the time. I certainly noticed how uphill the final return from Krumpendorf had suddenly become and how many people had started walking, lying down, or worse.

32km. Back near the Irondome, the crowds were insatiable but extremely draining. Having strangers call your name out in support sounds nice in principle but I was already struggling to focus, my running form somewhat shot.

In the final leg to Krumpendorf, the changes of gradient appeared to have been magnified tenfold but I was still mostly in control, keeping focused on the horizon and taking in something when offered. Once I reached Klagenfurt for the last time at 36km I decided to ignore the aid stations; they probably weren't going to be of any further help and running on fumes rather than take nutrition risks seemed more prudent.

The final stretch from Klagenfurt remains a bit of a blur. I remember briefly walking up a rather nasty section of canal towpath, this was the only part I walked outside of the aid stations which again seemed more important (and worrying) at the time. I covered a few kilometers alongside another runner where matching his pace was a welcome distraction from the pain and feelings of utter emptiness and exhaustion.

I accelerating away from him and others but the final kilometer seemed like an extremely cruel joke, teasing you multiple times with the sights and sounds of the finish before winding you away—with yet more underpasses!—to fill out the distance.

Before entering the finishing chute I somehow zipped up my trisuit, flattened my race number and climbed the finish ramp, completely numb to any "You are an Ironman" mantra being called out.

Overall
Total time
10:56:20

I spent about 15 minutes in the enclave just beyond the finish line, really quite unsure about how my body was feeling. After trying lying down and soaking myself in water, Harriet took me off to the post-race tent where goulash, pizza and about a litre of Sport-Weiss made me feel human again...

(Full results)

Categories: LUG Community Blogs

Mick Morgan: inappropriate use of technology

Mon, 30/06/2014 - 13:49

I have been travelling a lot over the last few months (Czech Republic, Scotland, France, Germany, Austria, Slovenia, Croatia, Italy). That travel, plus my catching up on a load of reading is my excuse for the woeful lack of posts to trivia of late. But hey, sometimes life gets in the way of blogging – which is as it should be.

A couple of things struck me whilst I have been away though. Firstly, and most bizarrely I noticed a significant number of tourists in popular, and hugely photogenic, locations (such as Prague and Dubrovnik) wandering around staring at their smartphones rather than looking at the reality around them. At first I thought that they were just checking photographs they had taken, or possibly that they were texting or emailing friends and relatives about their holidays, or worse, posting to facebook, but that did not appear to be the case. Then by chance I overheard one tourist telling his partner that they needed to “turn left ahead” whilst they walked past me so it struck me that they might just possibly be using google maps to navigate. So I watched others more carefully. And I must conclude that many people were doing just that. I can’t help but feel a little saddened that someone should choose to stare at a google app on a small screen in their hand than look at the beauty of something like the Charles Bridge across the Vlatva.

The second point which struck me was how much of a muppet you look if you use an iPad to take photographs.

Categories: LUG Community Blogs

Brett Parker (iDunno): Sony Entertainment Networks Insanity

Sat, 28/06/2014 - 16:54

So, I have a SEN account (it's part of the PSN), I have 2 videos with SEN, I have a broken PS3 so I can no deactivate video (you can only do that from the console itself, yes, really)... and the response from SEN has been abysmal, specifically:

As we take the security of SEN accounts very seriously, we are unable to provide support on this matter by e-mail as we will need you to answer some security questions before we can investigate this further. We need you to phone us in order to verify your account details because we're not allowed to verify details via e-mail.

I mean, seriously, they're going to verify my details over the phone better than over e-mail how exactly? All the contact details are tied to my e-mail account, I have logged in to their control panel and renamed the broken PS3 to "Broken PS3", I have given them the serial number of the PS3, and yet they insist that I need to call them, because apparently they're fucking stupid. I'm damned glad that I only ever got 2 videos from SEN, both of which I own on DVD now anyways, this kind of idiotic tie in to a system is badly wrong.

So, you phone the number... and now you get stuck with hold music for ever... oh, yeah, great customer service here guys. I mean, seriously, WTF.

OK - 10 minutes on the phone, and still being told "One of our advisors will be with you shortly". I get the feeling that I'll just be writing off the 2 videos that I no longer have access to.

I'm damned glad that I didn't decide to buy more content from that - at least you can reset the games entitlement once every six months without jumping through all these hoops (you have to reactivate each console that you still want to use, but hey).

Categories: LUG Community Blogs

MJ Ray: #coops14 sees last days of Downham Food Co-op

Fri, 27/06/2014 - 11:14

While  cooperatives fortnight is mostly a celebration of how well cooperatives are doing in the UK, this year is tinged with sadness for me because it sees Downham Food Coop stop trading.

This Friday and Saturday will be their last market stall, 9til 1 on the Town Square, aka Clock or Pump square.

As you can see, the downturn has hit the market hard and I guess being the last stall left outside the market square (see picture: it used to have neighbouring stalls!) was just too much. The coop cites shortage of volunteers and trading downturn as reasons for closure.

But if you’re near Downham today or tomorrow morning, please take advantage of this last chance to buy some great products in West Norfolk!

Categories: LUG Community Blogs

Jonathan McDowell: Forms of communication

Thu, 26/06/2014 - 23:39

I am struck by the fragmentation in communication mechanisms. Let's look at how I have communicated with my friends in the past few days:

  • Phone call
    Tried and tested, though I tend to avoid them. I've made some deliberate calls to sort out immediate plans, and at least one accidental call caused by user error which resulted in talking to someone it was good to hear from.
  • Text message
    Again, reasonably tried and tested. I miss the inability to use Google Voice when I'm in the UK; I'd much rather read and compose text messages from my web browser when I'm near a computer than type them on my phone, even if it does have a keyboard.
  • Email
    One of my favourite methods of communication. Suitable for quick messages or longer screeds. I can throw links in and expect you to be able to click them. I can put lots of detail so that everything is covered easily. I can confuse you by quoting correctly. I guess while I do read email on my phone I'm less likely to reply there as I'm always a bit embarrassed how the clients cope with replies.
  • IRC
    Like, I suspect, many readers of my blog posts, I'm still a daily user of IRC. There are friends I keep in touch with mostly via this method. It's great. It's like Twitter for old people and much better in many ways.
  • Skype
    This started out as a work thing. It was the way in which the Belfast office communicated with the US, it become the way the Belfast office communicated with each other and when I moved on it was the way in which I kept in contact with a group of people I consider good friends. It's great for calls (I feel bad saying that, but it's an idea executed well across multiple platforms and any other VOIP stuff I've played with has been much more of a hassle), but the one to one and group chat functionality is pretty spot on as well. Also has the advantage that I can turn it off and mostly not end up with work queries.
  • Google Hangouts
    I actually quite like these. They work on my phone, I can poke them from a web browser, I can dump more than just text into them. IRC is better in some ways, but I do like the additional flexibility I get from a Hangout. It doesn't play well with people who haven't drunk the Google koolaid, which is the main reason I haven't managed to convince the Skype group chat group to move it over here.
  • Facebook messenger
    I hate this. On the face of it there's not a lot of difference between it and Hangouts, but the app wants more and more privileges, I'm less likely to be logged into Facebook (e.g. I avoid it at work, whereas there are good reasons I'd be logged into my Google account there, though less so since the demise of Reader) and I don't think it's as nicely implemented. However there are a few people who it's easiest to get hold of via this method. And there's a certain amount of mesmerisation by the floaty wee faces it invokes on my phone.

While some of these work better for me than others really what I'd like is to use fewer of them, and I can't see that happening any time soon. I don't want to have to run a handful of different messaging apps on my phone. I also don't want to be limited to only using my laptop or my phone for something - I'd much prefer to be able to pickup the phone, laptop or tablet depending on what I'm up to and have my full range of communication available. Some of these things can be aggregated together, but that will then lose some of the advantages. And I'm sure that even if I got rid of one or two of the above there'd be something to fill the gap along shortly (I have, for example, so far completely avoided WhatsApp).

Categories: LUG Community Blogs

MJ Ray: New comments methods

Wed, 25/06/2014 - 21:04

After years of resisting it, I’ve added the least evil Twitter/Facebook comments plugin I could find to this blog as a test and updated the comments policy a little.

Please kick the tyres and try commenting to see if it works, phase.

Categories: LUG Community Blogs

Steve Engledow (stilvoid): tmux

Tue, 17/06/2014 - 11:19

tmux is the best thing ever. That is all.

No, that is not all. Here is how I make use of tmux to make my life measurably more awesome:

First, my .tmux.conf. This changes tmux's ctrl-b magic key binding to ctrl-a as I've grown far too used to hitting that from when I used screen. I set up a few other screen-like bindings too. Finally, I set a few options that make tmux work better with urxvt.

# Set the prefix to ^A. unbind C-b set -g prefix ^A bind a send-prefix # Bind c to new-window unbind c bind c new-window -c $PWD # Bind space, n to next-window unbind " " bind " " next-window unbind n bind n next-window # Bind p to previous-window unbind p bind p previous-window # A few other settings to make things funky set -g status off set -g aggressive-resize on set -g mode-keys vi set -g default-terminal screen-256color set -g terminal-overrides 'rxvt-unicode*:sitm@'

And then here's what I have near the top of my .bashrc:

# If tmux isn't already running, run it [ -z "$TMUX" ] && exec ~/bin/tmux

...which goes with this, the contents of ~/bin/tmux:

#!/bin/bash # If there are any sessions that aren't attached, attach to the first one # Otherwise, start a new session for line in $(tmux ls -F "#{session_name},#{session_attached}"); do name=$(echo $line | cut -d ',' -f 1) attached=$(echo $line | cut -d ',' -f 2) if [ $attached -eq 0 ]; then tmux attach -t $name exit fi done tmux -u

Basically, what happens is that whenever I start a terminal session, if I'm not already attached to a tmux session, I find a session that's not already attached to and attach to it. If there aren't any, I create a new one.

This really tidies up my workflow and means that I never forget about any old sessions I'd detached.

Oh and one last thing, ctrl-a s is the best thing in tmux ever. It shows a list of tmux sessions which can be expanded to show what's running in them and you can then interactively re-attach your terminal to one of them. In short, I can start a terminal from any desktop or vt and quickly attach to something that's happening on any other. I use this feature a lot.

Categories: LUG Community Blogs

Steve Engledow (stilvoid): Simple mail transfer pondering

Sat, 14/06/2014 - 01:54

tl;dr I like the MIT license, mutt, tagging things, and synchronising my data between my devices.

Simplicity

As I meander through my life and career, one thing stands out as becoming more and more important as time goes by; I've noticed a definite trend in myself towards desiring simplicity above all else.

When I say that, I don't mean that I have a hankering to live in a cave and subsist on fruit. I like the complicated things that my life involves but I increasingly like to deal with them in simple ways. I find that I don't have the appetite or inclination to see an argument through nor the patience for dealing with irrationality; I'll just state my case clearly and succinctly and step away until everyone has calmed down and can accept my point.

When it comes to code, the difference is clear. If starting something new, I'll write down a set of features I want then refine them until I have a clear idea of how the system works before writing a single line of code. If I'm brave, I'll embrace TDD. In the old days, I'd get a vague idea in my head and design the rest in my head while I'm churning out code.

Recently, as an example, I refactored someone else's code from a general-purpose, multi-featured single class into several small functions that are individually very short and meaningful and all hang together to perform just the required behaviour and nothing else.

This all leads me deeper and deeper into the Unix philosophy (of which I've always been a fan) of having lots of tools that each do one thing well that can be combined in any way necessary. Which leads me into deeper and deeper suspicion of the GNU environment (see my rant about netcat). I'm not saying GNU is bad, it's just that I'm less immediately bought into the GNU way being always the right way.

Related to my bent for simplicity, I choose to license the things I write under the MIT license these days where I'd previously chosen the GPL. Socialism is a nice ideal but in practice it's just too complex to work as intended. Both benevolent dictatorship and co-operative anarchy are much simpler and seem far more likely to result in a better society (though not both at once ;)). I guess that sums up how I feel about the GPL these days. #cueflamewar

Discoveries

With apologies to the Linux Voice crew, here are a few discoveries I've made recently:

offlineimap

I don't know why I hadn't investigated this before but offlineimap has recently made dealing with my email much more bearable. For years I've been switching between various GUI clients and in recent months I'd decided to switch to mutt and make a real go of it. I've been enjoying mutt but not it's in-built IMAP support. Offlineimap means I don't have to care about mutt's weaknesses and I can just focus on its strengths as the best client for reading, replying to, sorting, and above all deleting email :)

notmuch

On a very related note, I also discovered notmuch which is a tool for indexing and tagging a collection of email. I'm now using mutt-kz (because it integrates with notmuch) to sort my email into (virtual) folders based on tags that I apply both through hooks in offlineimap and in the course of dealing manually with my email. Notmuch also makes it very easy to find old emails when I need to refer back to something.

syncthing

I've never been very good at backups. I've never had the patience to set up something robust and to ensure that the right things will be plugged in to the right machines and that they'll be at the right network locations at the right times based on a carefully designed backup schedule. Because of my crappy attitude I've lost some precious data in the past.

Through the Bad Voltage podcast, I discoverd Syncthing which is sort of like a replacement for dropbox except that it synchronises folders between your own machines rather than between your machine(s) and a (possibly evil) server.

To summarise how it works, once you've got the service running on two machines, you copy the ID from each to the other and then specify repositories which are just directories that you give a shared name so that machine A can store files from the "Photos" repository in one place while machine B stores them in another place. Adding extra machines to the network is easy and each repository can be configured to share with any number of the machines in your network.

My current set up is:

Machines:

  • Home desktop machine (media server)

  • Work laptop

  • Linode VPS (where this blog is hosted)

  • My Nexus 4 phone

Repositories:

  • One with an eCryptfs folder where I store private keys and the like - shared between my desktop, laptop, and VPS

  • podcasts - my VPS downloads podcasts into this folder directly from RSS feeds and synchronises to my laptop and phone

  • photos - synced between my desktop, VPS and laptop because I want to make sure I never lose them

It's incredibly simple to use and configure and thus far, it works very well and gives me just what I needed.

Categories: LUG Community Blogs