Seth Schoen, Senior Staff Technologist at the Electronic Frontier Foundation in San Francisco, discussed the upcoming Let's Encrypt project... fast and free SSL/TLS certificates for your servers.
There are a few bad spots in the video that I attribute to an SDcard going bad... and yeah, there is some hiss in the audio (internal mic rather than a wireless one)... but overall, very watchable. Enjoy!
Wow, I haven't posted anything new in a quite a while. Been working on remixing Fedora 22 since slightly before the Alpha was released. The Beta was released today. Been remixing EL6 and EL7 (CentOS, Scientific Linux and even OEL)... but enough about that.
This post is to state what presentations I plan to attend at the upcoming LFNW in Bellingham, WA (this weekend). How many LFNWs in a row have I attended? I can't recall.
10:00 - 11:00 AM - G-103, Linux Troubleshooting: Digging Deeper and Understanding the Data
11:30 - 12:30 PM - G-103, Thinking in Git
1:30 - 2:30 PM - G-103, The Dark Arts of SSH
3:00 - 4:00 PM - CC-236, OpenVZ, Virtuozzo Core, and Docker
10:00 - 11:00 AM - CC-114, Introducing new Features for MariaDB 10.1
11:30 - 12:30 PM - G-103, Alan Turing & Friends
1:30 - 2:30 PM - Haskell 104, The Bare-Metal Hypervisor as a Platform for Innovation
3:00 - 4:00 PM - CC-115, Let's Encrypt: A Free Robotic Certificate Authority
I hope to record all of those presentations (presenters willing) and make them available shortly after the event.
There are five of us going this year. One from Glendive, two from Billings, and two from Bozeman. It should be a lot of fun. I've got all of the directions / maps printed out... yeah, I'm old. :) Oh, wait... there is a third person from Bozeman but he is taking a plane and staying with his family... as opposed to driving with us in one vehicle with shared lodging.
Quite a bit was written about this talk when it was first given (Feb 1st, 2015) but the FOSDEM folks just released the video today as a non-streamable MP4 file. They say a webm file will come later. I downloaded it and uploaded it to YouTube but they still haven't converted it to webm yet either. Update: They have webm'ed them now.
Anyway, here's a lower quality (not much to see) webm for you.
Just in case you haven't seen it yet:
They recommend a power supply that can deliver 2 amps.
Update: I ordered one a couple days after the release from Newark. I just got an email the other day (Feb. 19th) saying that it has shipped. I ordered a case later but I think it is coming from the UK and will take a bit longer. I also found a way to get Fedora 21 running on it.
Update 2: See also this.
I just discovered this sit-com from Canada done by CTV... who obviously don't mind sharing their show on YouTube because they have (at a quick glance) every episode of all six seasons posted. Watching the first episode of season 1... for some reason I was reminded of systemd. Have a look for yourself. Enjoy, eh? :)
Oh, and... you're welcome!
I'm a sucker for history videos... and I enjoyed the trip back in time that these were. While I was aware of the feuds that existed in UNIX-land and UNIX-GUI-land back from the early days I didn't witness it personally... so the first two expose some of that. The third video shows what moving from Windows 95 to Windows 98 was like... including the Linux alternative with an interview with Linus himself. Enjoy!
The Computer Chronicles: UNIX (1985)
The Computer Chronicles: UNIX (1989)
Computer Chronicles: Windows 98 and Linux
I stole this from a press release.
Over the past ten years, documentary film has undergone a renaissance, and the art form is more vital than ever. Hosted and curated by local award-winning documentary filmmaker Jason Burlage, The Bozeman Doc Series aims to bring the year's best films from around the world to the Emerson Center, from environmental dramas to political profiles to intimate personal films.
On Thursday, January 22nd, the Bozeman Doc Series will present the most highly acclaimed documentary of the past year, Citizen Four. A real life thriller, unfolding by the minute, Citizen Four gives audiences unprecedented access to filmmaker Laura Poitras and journalist Glenn Greenwald’s encounters with Edward Snowden in Hong Kong, as he hands over classified documents providing evidence of mass indiscriminate and illegal invasions of privacy by the National Security Agency (NSA).
Citizen Four places you in the room with Poitras, Greenwald, and Snowden as they attempt to manage the media storm raging outside, forced to make quick decisions that will impact their lives and all of those around them.
The film not only shows you the dangers of governmental surveillance - it makes you feel them. After seeing Citizen Four, you will never think the same way about your phone, email, credit card, web browser, or profile, ever again.
The New York Times calls the film "Tense & frightening... a primal political fable for the digital age."
One of Time magazine's ten best movies of 2014, Citizen Four is a rare snapshot of history in the making.
Doors open at 6:30 PM, and the films begins at 7:00. Tickets are available at the door or before the show at Cactus Records and Movie Lovers. Tickets are also available online at www.bozemandocseries.org, where you can buy season passes and 7 film punch cards, learn more about the series, and view trailers for upcoming films. The series will continue on Thursdays through April with one screening every two weeks. The Bozeman Doc Series. Real people. Real life. Come see the world.
I just wanted to mention that a lot of the information gathering done by the NSA is also done by commercial entities like Google and other advertising and tracking networks. I'd like to see a documentary film about that too. And now the trailer.
I have run across a few people who are perplexed by
firewalld and I must admit that I was for a while until I did some reading and experimentation. What is
firewalld? It is basically a replacement for the ancient
iptables service on RHEL and Fedora systems. So many of us were just used to manually editing
/etc/sysconfig/iptables and then coping that file from system to system as desired, that the switch to
firewalld was a bit scary. I mean, who wants to learn something new, right?
Another thing that is scary about
firewalld is the complexity of the rules it shows when you do something like:
While the configuration, tools and output has dramatically changed... really
firewalld makes things easier and more manageable. Really. One of the problems with Linux across distros is that there really hasn't been a standardized way to handle the host-based firewall. Each distro seems to have their own way of doing it... and popular packages like Shorewall have been around for years. I think
firewalld tries for a happy medium somewhere between simple and complex and a standard that distros can choose to adopt.
Anyway, here are some basics (as root or via sudo) but if you want more be sure and check out the documentation:
Main documentation: www.firewalld.org/documentation/
Fedora Documentation: fedoraproject.org/wiki/FirewallD
RHEL Documentation: access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html
firewall-cmd --list-all(shows human readable firewall settings)
firewall-cmd --add-service=sshd --permanent(opens up port 22 which is sshd and saves to config)
firewall-cmd --add-service=http --permanent(opens up port 80 which is http and saves to config)
firewall-cmd --add-service=https --permanent(opens up port 443 which is https and saves to config)
firewall-cmd --remove-service=https --permanent(closes port 443 and saves to config)
If you want don't want your changes saved just leave off --permanent.
Want to open arbitrary ports for some service (like voxelands-server for example)? That is easy too:
firewall-cmd --add-port=30000/tcp --permanent
Want UDP? Ok:
firewall-cmd --add-port=30000/udp --permanent
After your changes it doesn't hurt to verify again with:
Want to manage firewalld via a config management system? There is a formula for SaltStack here and supposedly Ansible also supports firewalld.
Want to edit a file instead of running
firewall-cmd? That's possible too.
firewalld stores everything somewhere under /etc/firewalld/. In particular the changes listed above would get written to
/etc/firewalld/zones/public.xml. Yeah, it's an "xml" file but make a change or two via firewall-cmd and see what it adds or removes from it and you'll see that it is very easy to monkey-see-monkey-do for those that want to edit the file directly. After updating or replacing any of firewalld's configuration files you want to make firewalld aware of the change with:
systemctl reload firewalld
If you are brave enough to manually edit the config just be aware that you are responsible for your typos.
I've only touched the tip of the iceburg for the most common stuff. Need more info? Yeah, there is a ton of documentation including a couple of man pages.
Looking forward to 2015, we have very exciting news to share on the future on OpenVZ. But first, let's take a quick look into OpenVZ history.
Linux Containers is an ancient technology, going back to last century. Indeed it was 1999 when our engineers started adding bits and pieces of containers technology to Linux kernel 2.2. Well, not exactly "containers", but rather "virtual environments" at that time -- as it often happens with new technologies, the terminology was different (the term "container" was coined by Sun only five years later, in 2004).
Anyway, in 2000 we ported our experimental code to kernel 2.4.0test1, and in January 2002 we already had Virtuozzo 2.0 version released. From there it went on and on, with more releases, newer kernels, improved feature set (like adding live migration capability) and so on.
It was 2005 when we finally realized we made a mistake of not employing the open source development model for the whole project from the very beginning. This is when OpenVZ was born as a separate entity, to complement commercial Virtuozzo (which was later renamed to Parallels Cloud Server, or PCS for short).
Now it's time to admit -- over the course of years OpenVZ became just a little bit too separate, essentially becoming a fork (perhaps even a stepchild) of Parallels Cloud Server. While the kernel is the same between two of them, userspace tools (notably vzctl) differ. This results in slight incompatiblities between the configuration files, command line options etc. More to say, userspace development efforts need to be doubled.
Better late than never; we are going to fix it now! We are going to merge OpenVZ and Parallels Cloud Server into a single common open source code base. The obvious benefit for OpenVZ users is, of course, more features and better tested code. There will be other much anticipated changes, rolled out in a few stages.
As a first step, we will open the git repository of RHEL7-based Virtuozzo kernel early next year (2015, that is). This has become possible as we changed the internal development process to be more git-friendly (before that we relied on lists of patches a la quilt but with home grown set of scripts). We have worked on this kernel for quite some time already, initially porting our patchset to kernel 3.6, then rebasing it to RHEL7 beta, then final RHEL7. While it is still in development, we will publish it so anyone can follow the development process.
Our kernel development mailing list will also be made public. The big advantage of this change for those who want to participate in the development process is that you'll see our proposed changes discussed on this mailing list before the maintainer adds them to the repository, not just months later when the the code is published and we'll consider any patch sent to the mailing list. This should allow the community to become full participants in development rather than mere bystanders as they were previously.
Bug tracking systems have also diverged over time. Internally, we use JIRA (this is where all those PCLIN-xxxx and PSBM-xxxx codes come from), while OpenVZ relies on Bugzilla. For the new unified product, we are going to open up JIRA which we find to me more usable than Bugzilla. Similar to what Red Hat and other major Linux vendors do, we will limit access to security-sensitive issues in order to not compromise our user base.
Last but not least, the name. We had a lot of discussions about naming, had a few good candidates, and finally unanimously agreed on this one:
Please stay tuned for more news (including more formal press release from Parallels). Feel free to ask any questions as we don't even have a FAQ yet.
Merry Christmas and a Happy New Year!
Since Russia has 10 days of holidays in January, I really don't expect anything to be released until late January or more likely in February. One major change in the upcoming RHEL7-based Virtuozzo Core release is the move from the internal chkpoint code to CRIU. Although there are a lot more details and specifics to come, overall I see this as a very possitive move.