Video: LinuxCon Chicaco 2014 - Linux Kernel Panel

| | | |

Here's the Linux Kernel Panel from a couple of days ago... at LinuxCon Chicago 2014

It was re-encoded in webm format with vp9 / opus and is very low bandwidth... 200kbit video and 96kbit audio. The source material wasn't HD so it really isn't a good example of what vp9/opus can do but it ain't bad. Enjoy.

Video: TedX talk - Richard Stallman

| | | |

I ran across this video recently of Richard Stallman giving a TedX talk on our favorite subject. To spice things up a bit I took the original HD version I had (in ogg format) and re-encoded it with ffmpeg 2.3.2 running on Fedora 21 pre-alpha. I've been re-encoding everything to webm for several years now but finally I can do the newer flavor of webm that uses VP9 as the video codec and OPUS as the audio codec. Oddly on my Fedora 20 desktop none of my standalone media players will play the file. Some will play just the audio, others will play just the video. On Fedora 21 the players do a better job.

How can you view it? Well, vp9/opus in a webm container have been supported by both Firefox and Google Chrome for several releases now... so enjoy it in your web browser. You are using one of those, right? I prefer Firefox because I like freedom rather than an advertising company trying to make products that help themselves out. Enjoy!

Video: Fedora mentioned on TNT's Major Crimes series

|

I ran across this on Monday night. Anyone else watch Major Crimes? Enjoy!

Off-Topic: Lawrence Lessig and the May Day PAC

| | |

If you are a lover of FLOSS like me you are surely aware of Lawrence Lessig... for one or more of the campaigns he has been involved with. NPR had a segment about the progress of the May Day PAC. Enjoy!

20140729_atc_lessig.ogg (1.6MB 3:54)

Off-Topic: NPR All Things Considered segment about ICBMs

|

As some may know, in my youth I enlisted in the United States Air Force for four years. I also did 6 years in the Montana Air National Guard. These days I look like a long-haired hippy. I came to Montana in 1986 when I was stationed at Malmstrom AFB and my career field was Electro-Mechanical Team (EMT) which was basically maintenance of the Minuteman 2 & 3 ICBM program's Launch Control Facility and Launch Facility command and control electronics. I never actually dispatched to any LF nor LCF sites because I got a job in an office that issues maintenance equipment and vehicles to those who do. It was the VECB... Vehicle and Equipment Control Branch. Enough about me.

Anyway, I ran across this segment on NPR's All Things Considered yesterday and really enjoyed it so I thought I'd share. It's in Ogg Vorbis format and should play in a compatible browser. Download link included for those with standalone media players.

20140729_atc_welcome_to_the_nuclear_command_bunker.ogg (3.1MB 7:36)

Here's these second part of the series released today:

20140730_atc_should_america_keep_its_aging_nuclear_missiles.ogg (2.2MB 5:16)

Getting the CCISS RAID controller to work on EL7

| |

As you may have gathered, I really like RHEL 7 and its clones. I have run into one problem though. In Chapter 24 of the RHEL 7 Release Notes they enumerate quite a bit of hardware that they have dropped support for. Included are about 3 pages of RAID controllers and some NICs. I have a few HP Proliant DL380 G5 servers at work that have the HP Smart Array P400 RAID Controller in them and they are no longer officially supported with the release of RHEL 7.0. They work just fine with RHEL 5 and RHEL 6. HP actually has drivers that they provide for RHEL 5 and RHEL 6 but almost no one uses them because the hardware just worked with the stock RHEL kernels. Since the G5 machines (that's generation 5 not PowerPC G5) are 6 or 7 years old now, HP has stopped providing firmeware updates nor will they be providing drivers for newer Linux distros.

Just to verify, I booted one of the servers with the RHEL 7 install DVD and nope... it says there are no hard disks available. :(

The devs over at ElRepo have saved my day. I filed a request for enhancement (RFE) in their Mantis bug tracker system asking if they could build the CCISS driver package for the EL7 kernel. I had an answer within a hour or two... and a test package within a couple of hours. If you aren't familiar with ElRepo, they are a fairly popular third-party repo for EL. Not quite as popular as the Fedora Project's EPEL repo though. One thing ElRepo specializes in is drivers.

I do recommend staying away from third-party repos and drivers as much as possible but given the fact that the stock RHEL 7 installer says my servers have no hard drives I was stuck. If you don't have any hard drives, you can't do an install. I have never had to use a driver disk with the RHEL installer but I guess such things exist. Not being familiar with them, I just took the kmod-cciss package the ElRepo dev built, copied it to my local repository, added it to the package list of my CentOS LiveDVD kickstart file. Then I used livecd-creator to build a LiveDVD. My personal respin includes GNOME, KDE, Firefox, LibreOffice, GIMP, Inkscape, virt-manager, SPICE, etc... and now the ElRepo kmod-cciss package as well. After building the ISO I burned it to DVD and booted a problem server with it. Bingo, EL7 sees the controller and the disks attached to it now.

Not having used third-party drivers much in the past I was fairly ignorant about them. There are kmod, akmod, and dkms type driver packages. Do you know the differences between them? I mean with something as important to the operation of the system as RAID controller that presents all disks to the system... you don't want it breaking when you upgrade the kernel, right? It is my understanding that kmod-based packages aren't tired to a specific build of the kernel. So the kmod-cciss package I got from ElRepo should (in theory) work with every kernel update for EL 7.0 that comes out. When EL 7.1 comes out, it'll probably be a slightly different branch... and before trying to switch to future 7.1 kernels, I'd probably need to update the kmod-cciss package... or at least that is my understanding.

Anyway, so far it is working great. We'll see if I have any regrets as time goes by. I will definitely take care to be very aware of when kernel updates get installed and always keep a known-to-work kernel around just in case.

Video: Docker Container Security

| |

Red Hat's Dan Walsh is *THE* SELinux expert. He gave a presentation on Docker container security at the recent DockerCon 14. If you have any interest in containers or Docker, this is probably worth viewing. Enjoy!

Opinion: Is online privacy lost? Forever?

|

I have a Barnes & Noble Nook HD+ Android-based tablet. I put a fairly recent version of CyanogenMod on it. I mainly bought it because it has fairly nice hardware specs at a fairly low price even if it is missing some features. I bought it because I felt that as an IT person that I must keep up with mobile technology and software. I sit at a computer all day at work. I have a desktop at home that I use a lot even if I'm not sitting directly in front of it. I have a netbook and I frequently use a more powerful laptop from work. I'm not really mobile very often... except when I'm either in the car or on the Streamline bus to/from work. I don't want to pay for multiple Internet access services so I don't have a data plan nor a cell phone.

What Privacy? - Another aspect of mobile devices is the software environments they run and how there is virtually no privacy offered by them. Again, I'm not really a privacy nut. No, no, really. I have my tablet that I don't use much... but I turn it on periodically so it can update a dozen or more apps. Every once in a while one or more of the apps will not auto-update because they are wanting to change their permissions. Take today for example. I charged up the tablet, turned it on... and 15 apps updated but the 16th one needed approval. It was the Google Search app... which is very much a core program provided by Google with Android. It wanted the following permissions:

1) Device and App history, 2) Identity, 3) Contacts/Calendar, 4) Location, 5) SMS, 6) Phone, 7) Photos/Media/Files, 8) Camera/Microphone, 9) Wi-Fi conneciton information, 10) Device ID and call information, and 11) Other

It turns out that Other is "Contacts data in Google accounts".

You'd think that Google would be a model citizen and an example for their third-party developers. Well they are, but in a bad way. Android created this whole permission ecosystem as a way for users to have more control over what gets shared with the software companies and their outside world. As time has passed it appears that almost no one cares what permissions an app asks for... they will grant whatever they ask for... because they want to use the application. In fact some wish the acceptance process was automated so they wouldn't even be asked.

The saying goes that some free-of-cost software (not to be confused with Free and Open Source Software) is paid for with privacy... and that is very much the truth. It is also true of much of the software people do pay for. The practical reality is that a large number of applications want access to everything just so they can have the data... not that they really need much of it to serve their application function.

Questions That Pop Into My Head - How much data is gathered on a mobile software environment user? How many overlapping, slightly different copies exist across the millions of servers around the world? How much of that data is being troved or intelligently processed for deriving additional information? How much of that is protected with reasonable use policies? How much is sold over and over again? How much of it is collected by governments either by them asking for it or them being a transmission man-in-the-middle? How many of the data collections have been hacked into by unauthorized third-parties who make their own copies or have continuous access? Yeah, lots of fairly intangible questions... that are just mind blowing and numbing at the same time.

Does I sound like I'm complaining? Does it do any good to complain? Sorry. :)

Divided and Conquered - Some people are completely oblivious to privacy concerns. Some people are somewhat aware but don't think there is anything they can do about it so they just live with it. Others think it is just the way things are and need to be if you want the benefits of intelligent software. How many don't even try to understand any of it because it is too darn complicated?

Rebels With A Cause - Yet... some... other people... are building different systems that seem to care about privacy. I saw a few blog posts on Fedora Planet today. One was entitled, Desktop Containers - The Way Forward. Another, Sandboxed applications for GNOME. And yet another, Project Atomic + Docker: A post-package world?. The main focus on those is using application containers to change how software is developed and distributed... but in the context of this blog post... how they can also provide application isolation which translates into better privacy.

Wow, someone seems to still care about privacy. Everything isn't lost... but then again... how successful will such projects be? ...and being on Linux, how much market penetration will they really get into the masses currently giving everything away with their mobile lives? I also have to wonder just how many of the developers of these projects are also mobile users giving away their own data?

Same As It Ever Was - Another sad thing about this is that the mobile world is really only following the pattern of the desktop world. Well, more precisely, the web browser world. While a web browser application on the desktop operating system may not be accessing all of the data from other programs and sharing it with the browser maker... be certain that the vast majority of web sites are trying to gather as much information about the user as possible. Tiny bits and pieces of content on each web page, most of it hosted on servers other than the one providing the main content, are analyzing the web browser environment to determine the best way to gather information. If the browser has "Do Not Track" features, then they are trying to find ways around that... and there are tons of ways. Various commercial data gathering services are busy sharing their bits with others' bits to correlate information to derive yet more information. They pretty much know what websites we visit, what files we download, what we search for... what we care about and don't care about... and some form of who we are. They don't really care about knowing us, they just want to use all the information to increase their bottom lines.

How different is desktop computing than mobile? A lot but not so much. And we just take it, don't we? Well, to some degree. There are tools out there. Some of them simple browser add-ons like AdBlock Plus, HTTPS Everywhere, Ghostery, etc... that help end users get some understanding of what is going on and offer a little better control on how they are being (ab)used. Then there is Tor, The Onion Router... and a few mini-home-router projects that are trying to make anonymity somewhat possible. And of course there are some in government who think that people who care about such things and use such products might have something to hide... and need even more scrutiny.

While I don't have (much) anything to hide, I don't like the idea of being bare naked for anyone wanting to have a peek. How about you?

What is the way forward? - Is privacy already gone forever with the war being lost... or are there still some battles that may determine better outcomes for a subset of the human population? I guess I'll just have to wait and see. In the mean time, I continue to fight off the little voice in my head that says I need a smart phone... and I try to learn more about and utilize some of the desktop tools that make me look suspicious. :) Oh, and I didn't even bring up... Ocial_Say Etworks_Nay, did I?

CentOS 7 Released

| |

The mirrors are syncing and the release announcement has been made... although the main website needs to be updated... and oddly distrowatch.com is dead.

Anyway, I uploaded contributed OpenVZ OS Templates built from the the final release with updates applied... and I have a LiveDVD that includes GNOME3, KDE4, Firefox, LibreOffice, GIMP and Inkscape for anyone who is interested.

I'm guessing Scientific Linux 7 will be out in another two weeks.


Scientific Linux 7 Alpha released - LiveDVD and OS Templates built

| | |

One of the Scientific Linux developers sent out an announcement to the SL-devel mailing list just a couple of hours ago about SL 7 Alpha being released. They have a netinstall CD iso and a 6GB DVD. I got the entire tree downloaded in about 30-ish minutes... and got to work building a LiveDVD as well as OpenVZ OS Templates... using the scripts I had used for CentOS and Oracle... again with a tiny bit of editing.

Everything built and I have a LiveDVD that is 1.5GB in size that includes GNOME3, KDE4, Firefox, LibreOffice, GIMP, and Inkscape. What more does a person need? :)