09 Nov 2011

feedPlanet Grep

Thomas Vander Stichele: Mach 1.0.0 “Madera” released

Another November, another Fedora. 16 came out, so it was time to update mach again.

And today I thought, is there any reason mach isn't 1.0 yet ? Am I going to do anything more to this piece of code before I want to call it that ?

And the answer is, no. It's the first Python application I've written, and I'm not particularly proud of the code, but I'm happy I've made good use of it for so long, and that it helped push packaging approaches forward and sparked ideas for the Fedora build system.

Since I didn't like the original code for mach2 (there was a version 1 which was Makefile-based), I started a rewrite with unit tests, better code layout, decent classes for abstracting distro-specific stuff, and so on.

The experience of how mock was created based off mach2 was a slightly sour one however, so I wasn't really motivated to finish the mach3 rewrite. Sometimes that's the drawback of open source - sure, forking is specifically allowed, so don't whine about it when it happens. But when it's done gratuitously, with no serious attempt at collaborating, it doesn't feel like it's in the spirit of open source.

Anyway, that was a long time ago. mach2 as it is today, is done. It really only needs updating for newer versions. As long as it works for me, it's unlikely I will continue mach3, but who knows?

Enjoy the release!

09 Nov 2011 10:56pm GMT

Xavier Mertens: Biology Rules Apply to Infosec?

(Source: www.esa.org)

In biology, it is proven that consanguinity between members belonging to the same group (example: people living in the same closed area or animals from the same breed) may affect their resistance to certain diseases or reduce certain physical characteristics. It's important to keep some level of diversity. The latest Juniper story made me remember the talk about "monoculture" presented at BlackHat Europe 2011.

A few days ago, some parts of the Internet were affected by a bug in Juniper routers BGP update code. If you have a look at the market of the core-routers, it is dominated by two manufacturers: Cisco & Juniper. Routers operated by major ISPs are crucial to maintain the Internet reliable. If most of those devices are coming from a unique manufacturer (or a very limited number of them), you increase the risks to face big issues if they are affected by a bug or a security flaw.

Now, speaking about devices or applications in general (the core-routers were just an example) and from a business point of view, monoculture is positive:

But, putting the layer-8 (the "political layer") aside, monoculture has side effects:

Like in biology, monoculture can generate catastrophic situations in case of a successful attack or major bug. I don't say that big players do a bad job (otherwise they could never reach such part of the market). Just don't behave like a lemming. Choose the solution which match your requirements and not just because "it's a big name".

Do you remember the French movie "Les Rivières Pourpre" ("The Crimson Rivers") with the closed society of Guernon?

09 Nov 2011 1:44pm GMT

Thomas Bouve: Flynn has to spend 10 days at the hospital due to a kidney &...



Flynn has to spend 10 days at the hospital due to a kidney & blood infection :_( (Taken with Instagram at AZ Sint-Lucas)

09 Nov 2011 12:18pm GMT

08 Nov 2011

feedPlanet Grep

Frank Goossens: WP YouTube Lyte 0.9.0: size matters

I uploaded a new version of WP YouTube Lyte to the WordPress SVN repository earlier today. The markdown parser seems to be in a bad mood today and the changes in the readme.txt (the changelog, first and foremost) aren't visible, so here's what's new in this release:

The (slightly smaller) lyte-embedded YouTube video to go with this release: "She wants" by Metronomy (very Japan-esque by the way):

<noscript><a href="http://youtu.be/ntVV3dTo-qw"><img alt="" height="315" src="http://img.youtube.com/vi/ntVV3dTo-qw/0.jpg" width="560" /></a></noscript>
Watch this video on YouTube or on Easy Youtube.

As always, your feedback is welcome in the comments or via the contact form!

Possibly related twitterless twaddle:

08 Nov 2011 9:03pm GMT

Paul Cobbaut: iSCSI mini howto

Some things in life, like iSCSI, are simple!
iSCSI is a protocol that allows you to have SCSI over IP.

The iSCSI Target

The host containing the physical hardware is called the iSCSI target and is easy to setup on Linux using iscsitarget.

aptitude install iscsitarget
aptitude install iscsitarget-dkms (Debian 6)


After enabling it in /etc/default/iscsitarget you can use files, hd devices, partitions, lvm volumes or software raid mdadm devices as 'physical hardware disks'

root@debby6:/etc/iet# cat ietd.conf
Target iqn.2010-02.be.linux-training:storage.lun1
IncomingUser isuser hunter2
OutgoingUser
Lun 0 Path=/iscsi/lun1.img,Type=fileio
Alias LUN1


Where /iscsi/lun1.img is a zeroed file created with

dd if=/dev/zero of=/iscsi/lun1.img count= bs=


Add the device to the allowed list:

root@debby6:/etc/iet# cat initiators.allow
iqn.2010-02.be.linux-training:storage.lun1


and start the server. You should see this:

root@debby6:/etc/iet# cat /proc/net/iet/session
tid:1 name:iqn.2010-02.be.linux-training:storage.lun1

The iSCSI Initiator

The host that connects to this target server is called the Initiator. Most Linux distros have this available as open-iscsi.

aptitude install open-iscsi


A discovery will show available devices on the target:

root@ubu1104:/etc/iscsi# iscsiadm -m discovery -t st -p debby6
192.168.1.31:3260,1 iqn.2010-02.be.linux-training:storage.lun2


Configuration with chap user and password takes a couple of commands:

oot@ubu1104:/etc/iscsi# iscsiadm -m node --targetname "iqn.2010-02.be.linux-training:storage.lun1" --portal "debby6:3260" --op=update --name node.session.auth.authmethod --value=CHAP
root@ubu1104:/etc/iscsi# iscsiadm -m node --targetname "iqn.2010-02.be.linux-training:storage.lun1" --portal "debby6:3260" --op=update --name node.session.auth.username --value=isuser
root@ubu1104:/etc/iscsi# iscsiadm -m node --targetname "iqn.2010-02.be.linux-training:storage.lun1" --portal "debby6:3260" --op=update --name node.session.auth.password --value=hunter2


That's it! Now (re)start the open-iscsi service and use fdisk to see your iSCSI device.

08 Nov 2011 7:47pm GMT

Thomas Bouve: Candy for the @oneagency colleagues! (Taken with Instagram at...



Candy for the @oneagency colleagues! (Taken with Instagram at ONE Agency)

08 Nov 2011 9:42am GMT

Pascal Bleser: gpodder 2 vs 3 in Packman

The gpodder project introduced its new major release 3.0.0 today and, unfortunately, it seems like I didn't pay attention to the complete change announcement, as I just bumped the gpodder package in Packman to 3.0.0 (from 2.18).

Now, gpodder 3.0.0 does introduce a lot of changes, notably in the UI but also regarding its database format and requires migrating the database from 2 to 3. It doesn't seem to have all of the features of 2.20 either. So what happens is that when you just upgrade the gpodder package, you end up with something you don't necessarily want to use. At least as of now.

Upstream will still maintain the 2.x branch for quite a while, and gradually port features from 2 to 3 and, hence, it actually makes sense to do it differently. What I have done now is to revert the gpodder package at Packman to the 2.xx branch (and upgrade to 2.20 at the same time).

If you want to use gpodder 3.0.0, then just install the package gpodder3 instead: zypper or YaST2 will tell you to remove gpodder in order to do so, as you cannot have both installed at the same time (they have file conflicts).

Now, if, in between those changes, you already did the upgrade, do one of the following:

On a side note, please wait a couple of hours (after this blog post) before doing so, as our main repository server is only synced to some mirrors after 4 hours (after 1 hour for most though).

Sorry for the inconvenience.

08 Nov 2011 1:06am GMT

07 Nov 2011

feedPlanet Grep

Les Jeudis du Libre: Mons: Les logiciels libres en entreprise


Le sujet de cette séance : Les logiciels libres en entreprise (voir la description en fin de message)

Thématique : Sysadmin Public : sysadmin, entreprises, étudiants

L'animateur conférencier : Michel Applaincourt (IT-Optics)

Lieu de cette séance : Catégorie technique (ISIMs) de la Haute Ecole de la communauté française en Hainaut, Avenue V. Maistriau, 8a, Salle Académique, 2e bâtiment (cf. ce plan sur le site de l'ISIMs)

La participation sera gratuite et ne nécessitera que votre inscription nominative, de préférence préalable, ou à l'entrée de la séance. Merci d'indiquer votre intention (même incertaine) en vous inscrivant via la page http://jdl-mons-2011-novembre.eventbrite.com/

Cette séance sera suivie d'un verre de l'amitié, offert par l'asbl Pro-graduat qui a pour but de promouvoir les études de Bacheliers professionnalisants organisés par la catégorie technique de la HEH.

Si vous êtes intéressé(e) par ce cycle mensuel, n'hésitez pas à consulter l'agenda et à vous inscrire sur la liste de diffusion afin de recevoir systématiquement les annonces, ou à nous contacter à l'adresse jeudisdulibre@loligrub.be

Pour rappel, les Jeudis du Libre se veulent des rencontres autour de thématiques des Logiciels Libres. Les rencontres montoises se déroulent chaque troisième jeudi du mois, et sont organisées dans des locaux et en collaboration avec des Hautes Écoles et Facultés Universitaires du Pôle Hainuyer d'enseignement supérieur impliquées dans les formations d'informaticiens (UMONS, HECFH et Condorcet), et avec le concours de l'A.S.B.L. LoLiGrUB, active dans la promotion des logiciels libres.

Description : Les entreprises basent toutes leur efficacité et leur rentabilité sur l'utilisation de l'outil informatique, et en particulier de leur réseau. Or, depuis quelques années, les logiciels libres permettent de rendre différents services professionnels à coût limité au sein des réseaux informatiques. Il est donc naturel de considérer que les logiciels libres permettent également de couvrir les besoins des entreprises en matière de services réseaux.

Nous allons passer en revue les différents services principaux d'un réseau classique au sein d'une entreprise et présenter les solutions libres qui peuvent répondre aux besoins. Ainsi, les points principaux au sein de l'entreprise sont :

  • la sécurisation du réseau, au travers de :
    • coupe-feu (firewall)
    • le serveur mandataire (proxy Web) et mandataire inverse (reverse proxy)
    • le relais mail avec fonctionnalité antivirus et antispam (mail relay)
    • la connexion réseau privé virtuel (VPN)
  • les services Internet « publics »
    • les serveurs Web
    • la messagerie de courrier électronique
  • les services internes
    • la gestion centralisée des utilisateurs (annuaires LDAP)
    • la gestion de domaine et le partage de fichiers MICROSOFT
    • la sauvegarde des données (backup)

Pour l'ensemble de ces services, nous présenterons une solution libre éprouvée en entreprise.

Ensuite, au-delà de la constitution d'un réseau, il est également utile de pouvoir suivre et surveiller celui-ci. Nous présenterons également quelques solutions libres permettant le « monitoring » et le suivi du réseau :

  • la supervision du réseau et de l'ensemble de services avec NAGIOS
  • la mesure de performance (indices chiffrés) avec CACTI
  • la gestion de help desk et d'inventaire avec GLPI

L'animateur conférencier, Michel APPLAINCOURT est, depuis 10 ans, le fondateur et directeur de la société IT-OPTICS qui occupe aujourd'hui une trentaine de consultants informatiques.

Depuis sa création, IT-OPTICS s'est positionnée comme « intégrateur informatique », analysant et construisant des solutions réseau pour des entreprises à partir d'outils existants. Les logiciels libres ont toujours été envisagés pour leur rapport qualité/prix.

L'ensemble des solutions abordées lors de cette présentation sont les solutions classiquement utilisées chez les clients de IT-OPTICS.

07 Nov 2011 11:25pm GMT

Wouter Verhelst: git-annex awesomeness

So a few days ago, there was this:

21:24 < wouter> hum.
21:24 < wouter> Anyone know of a tool to manage scanned documents?
21:25 < wouter> the idea being that I can tell this tool "here's a bunch of newly-scanned documents", and it will upload them to a server
21:25 < wouter> and it should allow me to easily find a specific file later on
21:25 < wouter> and I'd also like version control there
21:26 < wouter> and I do _not_ want to download the entire repository of scanned documents on my laptop (that's why I have a server)
21:26 < wouter> and perhaps I'd also like a pony to go with that.
21:29 < wouter> oh, yes, and I do _not_ want a webbrowser as the primary interface (that might be okay to look things up, but not to store stuff)

The answer, as it turned out, was git-annex: a tool to manage files with git, without checking them into git.

What, I hear you say? Yes, that sounds a little weird, doesn't it?

Perhaps it's easiest to explain with a little example.

$ git annex add 2011-11-07-belgacom.pdf
$ ls -l 2011-11-07-belgacom.pdf
lrwxrwxrwx 1 wouter wouter 191 nov  7 14:46 2011-11-07-belgacom.pdf ->
../.git/annex/objects/xx/3F/SHA256-s1537334--c44e1a057e247bfe7c196ac146c8a0ca32096c0b10df6c18fd3f1c2e99ecddbf/SHA256-s1537334--c44e1a057e247bfe7c196ac146c8a0ca32096c0b10df6c18fd3f1c2e99ecddbf

The file is now known to git-annex, and I can have it do all kinds of useful things with it now:

$ git annex drop 2011-11-07-belgacom.pdf
drop 2011-11-07-belgacom.pdf (unsafe)
  Could only verify the existence of 0 out of 1 necessary copies

  No other repository is known to contain the file.

  (Use --force to override this check, or adjust annex.numcopies.)
failed
git-annex: drop: 1 failed

Oops, we hadn't copied it to anywhere else yet. We don't want to lose our data!

$ git annex move --to server 2011-11-07-belgacom.pdf
move 2011-11-07-belgacom.pdf (checking server...) (to server...)
SHA256-s1537334--c44e1a057e247bfe7c196ac146c8a0ca32096c0b10df6c18fd3f1c2e99ecddbf
     1537334 100%    9.22MB/s    0:00:00 (xfer#1, to-check=0/1)

sent 30 bytes  received 1537668 bytes  1025132.00 bytes/sec
total size is 1537334  speedup is 1.00
ok
$

What just happened? git-annex copied the file to a git remote called "server", and then dropped it from my local copy. It's no longer here! The symlink in my local directory is now a dead link; I can not open it anymore.

But, no worries! If we ever need it again, it's just a single command away.

$ git annex get 2011-11-07-belgacom.pdf
get 2011-11-07-belgacom.pdf (from server...) 
SHA256-s1537334--c44e1a057e247bfe7c196ac146c8a0ca32096c0b10df6c18fd3f1c2e99ecddbf
     1537334 100%    9.58MB/s    0:00:00 (xfer#1, to-check=0/1)

sent 30 bytes  received 1537668 bytes  3075396.00 bytes/sec
total size is 1537334  speedup is 1.00
ok

This allows me to save space on my local laptop while not having to care where the files are -- they're just there. And it gets more awesome if you know that git-annex can store multiple copies of each file (so you have automatic distributed backups, as with regular git), where you can enforce the minimum number of copies. Also, git-annex supports multiple backends -- you can store your data in Amazon S3, or on an encrypted USB drive, or whatever, and have git-annex manage it transparently for you.

I said this already on IRC, but: Joey, I owe you beer.

07 Nov 2011 6:19pm GMT

Dries Buytaert: Acquia U

Due to Drupal's remarkable growth, the demand for Drupal talent continues to exceed the supply. Every Drupal company I talk to -- and I talk to many of them all around the world -- has a difficult time attracting enough qualified Drupal talent. The same is true for Acquia.

To help address that problem we are launching Acquia U, a program to employ and train recent and upcoming college graduates in Drupal. We will enroll these candidates in an intensive 6 month paid training program.

Selected candidates will start the training with six weeks of hands-on, classroom-style training in Drupal. After this initial training, they will rotate through Acquia's support, engineering and professional services teams, through select Acquia partner projects, and continue to receive on-the-job instruction and training. Candidates will spend 6 weeks in each team. Combined, this program will give candidates 6 months of real-world experience, and give participants insight into available work in Drupal.

At the end of the program, candidates will become part of one of the teams at Acquia. We believe that this effort, and similar ones undertaken by our partners and customers, will create some of the key Drupal contributors of the future.

We're very excited about this program so let us know if you are interested!

07 Nov 2011 5:51pm GMT

Laurent Gatto: Finally printing on our Epson Aculaser C1100 printer

Following Marc Higgins advices on this ubuntu forum thread (January 2nd, 2010 post):

$ wget http://000it.com/files/epson_c1100/epson_c1100_install.tar.gz
$ tar -zxvf epson_c1100_install.tar.gz

$ sudo dpkg -i *.deb

07 Nov 2011 10:31am GMT

Frank Goossens: WP Privacy: Quantcast sneaks back in

After almost a year of peace and quiet, Quantcast tracking code has returned to this blog. As reported by Brian Yang, the stupid hack that stopped the code from being included doesn't work any more. Automattic recently switched to the new Quantcast-code, which instead of using the old-fashioned document.write now gets inserted asynchronously by a DOM-method (insertBefore). I'm looking at ways to stop this from happening or at least limit it one way or the other, but for the time being there's no fix. Bear with me and do speak up (in the comments below of via the contact form) if you think you can help!

Possibly related twitterless twaddle:

07 Nov 2011 6:26am GMT

Dries Buytaert: Movember 2011

It is that time of the year again: Movember!

During November each year, Movember is responsible for the sprouting of moustaches on thousands of men's faces around the world. With their Mo's, these men raise vital funds and awareness for men's health, specifically prostate cancer and other cancers that affect men. One in two men will be diagnosed with cancer in his lifetime, and one out of six with prostate cancer.

Like last year, Acquia's "Mo Drupal" team wants your support as we put our faces to work for this great cause. The Acquia team mo'ed its facial hair on November 1st and for about a week now we have practiced the virtues of fine moustachery, immaculate grooming and growing a moustache for Movember.

For the entire duration of Movember, no hair shall be allowed to grow in the goatee zone - being any facial area below the bottom lip. The complete moustache region, including the entire upper lip and the handlebar zones, will also remain completely shaved. Rest assured, photos will follow!

By growing a moustache, we become walking, talking billboards for the 30 days of November. We raise awareness by prompting private and public conversations about cancer. In addition, we raise funds by seeking out sponsorship.

If you'd like, you can join Acquia's "Mo Drupal" team or you can support me in this cause.

It's hard to get men to talk about prostate and testicular cancer, yet many of us will be diagnosed with it in our lifetime. The brilliance of Movember lies in its appeal to some basic masculine qualities, such as playing on a team, and competing with others. As a man, it's easier to show your support for such an important cause if you're doing so with a group of other men, all wearing a silly moustache. Give these guys a break and make their efforts worthwhile by supporting us! Thanks!

07 Nov 2011 1:57am GMT

06 Nov 2011

feedPlanet Grep

Pascal Bleser: Installing Perl Module RPMs on openSUSE

The additional repository devel:languages:perl has quite a slew of Perl module packages in it (over 2000 at the time of writing).

Hence, if you are often using and requiring Perl modules, it makes a lot of sense to add it to your list of repositories, which you can do with the following command (as root):

zypper addrepo http://r.opensu.se/devel:languages:perl.repo

(if you wonder what r.opensu.se is, read up on it here: r.opensu.se).

A little known fact is that when building RPM packages, there is a post-build script that analyzes the files that are part of the resulting package in order to scan for Perl modules. For each of those Perl modules, it adds a Provides with the Perl name of that Perl module, with a specific notation which is like this: perl(Name::of::the::Perl::package).

As an example, if you need the Perl module Net::SMTP::SSL, you just need to do this:

zypper install 'perl(Net::SMTP::SSL)'

Note that you should indeed put that parameter to the zypper install command into quotes, as if you don't, bash will attempt to interpret the braces and give a syntax error.

Now, in this case, it is fairly simple, as the Perl module Net::SMTP::SSL is provided by the RPM package perl-Net-SMTP-SSL (at least on openSUSE/SLE), so you might have been able to derive the name of the RPM package from the name of the missing Perl module on your own. But that Perl module could very well be part of a package with a different name: for example, the Perl module Class::MOP is not in the RPM package perl-Class-MOP but in the RPM package perl-Moose (because it's part of the Moose CPAN module).

And a last little trick: if you only want to find out which RPM package(s) provides specific Perl modules, you may also use this:

zypper what-provides 'perl(Class::MOP)'

(Note that this one only works on repositories that you have in your list of active repositories, which you can see with zypper repos or zypper lr.)

06 Nov 2011 10:02pm GMT

Ward Vandewege: disk, disk, disk

I started adding 165 TB of disk to one of our clusters today. This is what that looks like - 55 three TB disks:

165 TB

The packaging was not too great; while all disks were well packaged individually, the big boxes that contained the individual drive boxes were flimsy. As a consequence, one of the disks got rather damaged (the one on the right):

damaged disk

I don't know what it got hit with, but it must have been a pretty serious blow. The aluminium enclosure of the drive is severely dented and even cracked; the white line in the image below is an actual crack in the metal:

cracked disk

Back in October 2009 I added 130 TB of disk to another cluster, which looked like this, prior to install:

130TB

That was 65 times WD2002FYPS.

So this time around - almost 18 months later - we get 27% more capacity using 15% fewer drives. Got to love the computer industry and the progress it makes.

06 Nov 2011 8:22pm GMT

Ward Vandewege: Migrate MoinMoinWiki to Redmine

I had a few old MoinMoin installs that were due for an upgrade, and I wanted to migrate them to Redmine.

I found a migration script at norwinter.com, which I improved a bit. It will handle wiki pages with full history as well as attachments. It won't preserve who committed revisions, however - that is hardcoded in the script. So, this is still a hack.

Usage instructions:

a) copy your MoinMoinWiki data/pages directory to the server that runs your redmine install
b) put the migrate_from_moinmoin.rake script in lib/tasks/ in your Redmine install
c) edit the migrate_from_moinmoin.rake script, replace both instances of YOUR@EMAIL.ADDRESS
d) run rake redmine:migrate_from_moinmoin RAILS_ENV="production"
e) provide a unique redmine project id and the path to your MoinMoinWiki data/pages directory

And here is my version of migrate_from_moinmoin.rake.

This script worked well enough for me to import MoinMoinWiki version 1.5.7 to Redmine 1.2.0.

06 Nov 2011 7:39pm GMT