Scott Dowdle's blog

Off-Topic: Lawrence Lessig and the May Day PAC

| | |

If you are a lover of FLOSS like me you are surely aware of Lawrence Lessig... for one or more of the campaigns he has been involved with. NPR had a segment about the progress of the May Day PAC. Enjoy!

20140729_atc_lessig.ogg (1.6MB 3:54)

Off-Topic: NPR All Things Considered segment about ICBMs

|

As some may know, in my youth I enlisted in the United States Air Force for four years. I also did 6 years in the Montana Air National Guard. These days I look like a long-haired hippy. I came to Montana in 1986 when I was stationed at Malmstrom AFB and my career field was Electro-Mechanical Team (EMT) which was basically maintenance of the Minuteman 2 & 3 ICBM program's Launch Control Facility and Launch Facility command and control electronics. I never actually dispatched to any LF nor LCF sites because I got a job in an office that issues maintenance equipment and vehicles to those who do. It was the VECB... Vehicle and Equipment Control Branch. Enough about me.

Anyway, I ran across this segment on NPR's All Things Considered yesterday and really enjoyed it so I thought I'd share. It's in Ogg Vorbis format and should play in a compatible browser. Download link included for those with standalone media players.

20140729_atc_welcome_to_the_nuclear_command_bunker.ogg (3.1MB 7:36)

Here's these second part of the series released today:

20140730_atc_should_america_keep_its_aging_nuclear_missiles.ogg (2.2MB 5:16)

Getting the CCISS RAID controller to work on EL7

| |

As you may have gathered, I really like RHEL 7 and its clones. I have run into one problem though. In Chapter 24 of the RHEL 7 Release Notes they enumerate quite a bit of hardware that they have dropped support for. Included are about 3 pages of RAID controllers and some NICs. I have a few HP Proliant DL380 G5 servers at work that have the HP Smart Array P400 RAID Controller in them and they are no longer officially supported with the release of RHEL 7.0. They work just fine with RHEL 5 and RHEL 6. HP actually has drivers that they provide for RHEL 5 and RHEL 6 but almost no one uses them because the hardware just worked with the stock RHEL kernels. Since the G5 machines (that's generation 5 not PowerPC G5) are 6 or 7 years old now, HP has stopped providing firmeware updates nor will they be providing drivers for newer Linux distros.

Just to verify, I booted one of the servers with the RHEL 7 install DVD and nope... it says there are no hard disks available. :(

The devs over at ElRepo have saved my day. I filed a request for enhancement (RFE) in their Mantis bug tracker system asking if they could build the CCISS driver package for the EL7 kernel. I had an answer within a hour or two... and a test package within a couple of hours. If you aren't familiar with ElRepo, they are a fairly popular third-party repo for EL. Not quite as popular as the Fedora Project's EPEL repo though. One thing ElRepo specializes in is drivers.

I do recommend staying away from third-party repos and drivers as much as possible but given the fact that the stock RHEL 7 installer says my servers have no hard drives I was stuck. If you don't have any hard drives, you can't do an install. I have never had to use a driver disk with the RHEL installer but I guess such things exist. Not being familiar with them, I just took the kmod-cciss package the ElRepo dev built, copied it to my local repository, added it to the package list of my CentOS LiveDVD kickstart file. Then I used livecd-creator to build a LiveDVD. My personal respin includes GNOME, KDE, Firefox, LibreOffice, GIMP, Inkscape, virt-manager, SPICE, etc... and now the ElRepo kmod-cciss package as well. After building the ISO I burned it to DVD and booted a problem server with it. Bingo, EL7 sees the controller and the disks attached to it now.

Not having used third-party drivers much in the past I was fairly ignorant about them. There are kmod, akmod, and dkms type driver packages. Do you know the differences between them? I mean with something as important to the operation of the system as RAID controller that presents all disks to the system... you don't want it breaking when you upgrade the kernel, right? It is my understanding that kmod-based packages aren't tired to a specific build of the kernel. So the kmod-cciss package I got from ElRepo should (in theory) work with every kernel update for EL 7.0 that comes out. When EL 7.1 comes out, it'll probably be a slightly different branch... and before trying to switch to future 7.1 kernels, I'd probably need to update the kmod-cciss package... or at least that is my understanding.

Anyway, so far it is working great. We'll see if I have any regrets as time goes by. I will definitely take care to be very aware of when kernel updates get installed and always keep a known-to-work kernel around just in case.

Video: Docker Container Security

| |

Red Hat's Dan Walsh is *THE* SELinux expert. He gave a presentation on Docker container security at the recent DockerCon 14. If you have any interest in containers or Docker, this is probably worth viewing. Enjoy!

Opinion: Is online privacy lost? Forever?

|

I have a Barnes & Noble Nook HD+ Android-based tablet. I put a fairly recent version of CyanogenMod on it. I mainly bought it because it has fairly nice hardware specs at a fairly low price even if it is missing some features. I bought it because I felt that as an IT person that I must keep up with mobile technology and software. I sit at a computer all day at work. I have a desktop at home that I use a lot even if I'm not sitting directly in front of it. I have a netbook and I frequently use a more powerful laptop from work. I'm not really mobile very often... except when I'm either in the car or on the Streamline bus to/from work. I don't want to pay for multiple Internet access services so I don't have a data plan nor a cell phone.

What Privacy? - Another aspect of mobile devices is the software environments they run and how there is virtually no privacy offered by them. Again, I'm not really a privacy nut. No, no, really. I have my tablet that I don't use much... but I turn it on periodically so it can update a dozen or more apps. Every once in a while one or more of the apps will not auto-update because they are wanting to change their permissions. Take today for example. I charged up the tablet, turned it on... and 15 apps updated but the 16th one needed approval. It was the Google Search app... which is very much a core program provided by Google with Android. It wanted the following permissions:

1) Device and App history, 2) Identity, 3) Contacts/Calendar, 4) Location, 5) SMS, 6) Phone, 7) Photos/Media/Files, 8) Camera/Microphone, 9) Wi-Fi conneciton information, 10) Device ID and call information, and 11) Other

It turns out that Other is "Contacts data in Google accounts".

You'd think that Google would be a model citizen and an example for their third-party developers. Well they are, but in a bad way. Android created this whole permission ecosystem as a way for users to have more control over what gets shared with the software companies and their outside world. As time has passed it appears that almost no one cares what permissions an app asks for... they will grant whatever they ask for... because they want to use the application. In fact some wish the acceptance process was automated so they wouldn't even be asked.

The saying goes that some free-of-cost software (not to be confused with Free and Open Source Software) is paid for with privacy... and that is very much the truth. It is also true of much of the software people do pay for. The practical reality is that a large number of applications want access to everything just so they can have the data... not that they really need much of it to serve their application function.

Questions That Pop Into My Head - How much data is gathered on a mobile software environment user? How many overlapping, slightly different copies exist across the millions of servers around the world? How much of that data is being troved or intelligently processed for deriving additional information? How much of that is protected with reasonable use policies? How much is sold over and over again? How much of it is collected by governments either by them asking for it or them being a transmission man-in-the-middle? How many of the data collections have been hacked into by unauthorized third-parties who make their own copies or have continuous access? Yeah, lots of fairly intangible questions... that are just mind blowing and numbing at the same time.

Does I sound like I'm complaining? Does it do any good to complain? Sorry. :)

Divided and Conquered - Some people are completely oblivious to privacy concerns. Some people are somewhat aware but don't think there is anything they can do about it so they just live with it. Others think it is just the way things are and need to be if you want the benefits of intelligent software. How many don't even try to understand any of it because it is too darn complicated?

Rebels With A Cause - Yet... some... other people... are building different systems that seem to care about privacy. I saw a few blog posts on Fedora Planet today. One was entitled, Desktop Containers - The Way Forward. Another, Sandboxed applications for GNOME. And yet another, Project Atomic + Docker: A post-package world?. The main focus on those is using application containers to change how software is developed and distributed... but in the context of this blog post... how they can also provide application isolation which translates into better privacy.

Wow, someone seems to still care about privacy. Everything isn't lost... but then again... how successful will such projects be? ...and being on Linux, how much market penetration will they really get into the masses currently giving everything away with their mobile lives? I also have to wonder just how many of the developers of these projects are also mobile users giving away their own data?

Same As It Ever Was - Another sad thing about this is that the mobile world is really only following the pattern of the desktop world. Well, more precisely, the web browser world. While a web browser application on the desktop operating system may not be accessing all of the data from other programs and sharing it with the browser maker... be certain that the vast majority of web sites are trying to gather as much information about the user as possible. Tiny bits and pieces of content on each web page, most of it hosted on servers other than the one providing the main content, are analyzing the web browser environment to determine the best way to gather information. If the browser has "Do Not Track" features, then they are trying to find ways around that... and there are tons of ways. Various commercial data gathering services are busy sharing their bits with others' bits to correlate information to derive yet more information. They pretty much know what websites we visit, what files we download, what we search for... what we care about and don't care about... and some form of who we are. They don't really care about knowing us, they just want to use all the information to increase their bottom lines.

How different is desktop computing than mobile? A lot but not so much. And we just take it, don't we? Well, to some degree. There are tools out there. Some of them simple browser add-ons like AdBlock Plus, HTTPS Everywhere, Ghostery, etc... that help end users get some understanding of what is going on and offer a little better control on how they are being (ab)used. Then there is Tor, The Onion Router... and a few mini-home-router projects that are trying to make anonymity somewhat possible. And of course there are some in government who think that people who care about such things and use such products might have something to hide... and need even more scrutiny.

While I don't have (much) anything to hide, I don't like the idea of being bare naked for anyone wanting to have a peek. How about you?

What is the way forward? - Is privacy already gone forever with the war being lost... or are there still some battles that may determine better outcomes for a subset of the human population? I guess I'll just have to wait and see. In the mean time, I continue to fight off the little voice in my head that says I need a smart phone... and I try to learn more about and utilize some of the desktop tools that make me look suspicious. :) Oh, and I didn't even bring up... Ocial_Say Etworks_Nay, did I?

CentOS 7 Released

| |

The mirrors are syncing and the release announcement has been made... although the main website needs to be updated... and oddly distrowatch.com is dead.

Anyway, I uploaded contributed OpenVZ OS Templates built from the the final release with updates applied... and I have a LiveDVD that includes GNOME3, KDE4, Firefox, LibreOffice, GIMP and Inkscape for anyone who is interested.

I'm guessing Scientific Linux 7 will be out in another two weeks.


Scientific Linux 7 Alpha released - LiveDVD and OS Templates built

| | |

One of the Scientific Linux developers sent out an announcement to the SL-devel mailing list just a couple of hours ago about SL 7 Alpha being released. They have a netinstall CD iso and a 6GB DVD. I got the entire tree downloaded in about 30-ish minutes... and got to work building a LiveDVD as well as OpenVZ OS Templates... using the scripts I had used for CentOS and Oracle... again with a tiny bit of editing.

Everything built and I have a LiveDVD that is 1.5GB in size that includes GNOME3, KDE4, Firefox, LibreOffice, GIMP, and Inkscape. What more does a person need? :)

Google: Everything from Cradle to Grave?

|

As most people who know me know, I don't own a smart nor feature cell phone. I do have some "mobile" devices in the family though including two B and N Nook HD+ tablets (one running stock B and N firmware and the other CyanogenMod), a Amazon Kindle Fire HD, and a 1st gen iPad. Just so you know, the iPad was given to my younger son as a gift by a friend of ours who bought a newer iPad.

Some might also know that I'm not a big fan of Google. When they were just starting out and were an underdog, sure... they were great... but the years have passed and now Google is the king of so many things... and they are first an advertising company... because that's where about 80% of their revenue comes from... and they are gathering so much information in so many different areas about so many people... I just find it scary. That isn't to say that I'm paranoid or am a privacy freak. To the contrary... hey I have my address, phone number and email address in the footer of every page on this here website, right? Anyway, I was on Google+ for a while but decided to delete my account... and have been trying to ween myself from as much Google as possible. I use Duck Duck Go for my searches, I avoid using Google online services... but yes I do have a gmail account (I don't use much). I have a YouTube account and as a result a Google+ profile was created for me but I don't use it... although I do occasionally get "notifications" from people who want to add me to a circle or something... ARGH! I do use Google Voice to talk to my parents long distance on my land line.

Anyway... while I'm not that big of a Google fan, I do try to keep up on what they are doing. I would feel more comfortable if Google was broken up into a handful of independent companies... rather than them doing everything. As you probably know, Google has an annual developer conference called Google I/O and this year it was last week and lasted two days. There was a lot of stuff covered but who really has about 3 hours to watch the keynote? Here's a good summary video for those who want the core distilled for them. For some reason the video omits the virtual reality stuff and Google Cardboard... but I'm sure there will be more on that later.

I guess it is now later because here is a video showing some Google Cardboard V/R info.

But wait, there's more. Isn't there always more? Here's a video that does a good job showing Google Wear.

Enjoy!

Oracle Linux 7 RC Released - Another RHEL 7 Clone

| | |

Oracle Linux 7 RC - KDE 4 with FirefoxOracle Linux 7 RC - KDE 4 with FirefoxI noticed on DistroWatch yesterday that Oracle released Oracle Linux 7 RC... with RC being "release candidate". Having done all of the work recently building a CentOS 7 Public QA LiveDVD as well as OpenVZ OS Templates I thought I'd give it a try with Oracle Linux. The race is on. Who will release GA first? CentOS or Oracle?

Oracle is a little different - First of all, I'm not even sure what the name of the thing is. I've heard of OEL (Oracle Enterprise Linux), Oracle Linux, and a few other names. I think I'll just call it OEL. OEL is a pay distro *BUT* they do offer free downloads of their install media as well as updates. Originally updates were pay-only but they opened that up a while back when they had a promotional campaign claiming they were faster with updates than CentOS (turns out they aren't but close). I guess their business plan is you can use OEL for free and have updates... but there are some value add features (like Ksplice and Dtrace, etc) and support that cost extra. To download their iso install media you have to have an account on their system but that is cost-free and it just so happens I already had one because I've downloaded previous releases like OEL6.

Setting up the LiveDVD build environment - I downloaded the install media. I copied all of the .rpm files from the install media to a directory on a local web server and ran "createrepo ." within that directory. Then I made a four line oracle-7-rc.repo file pointing to the local package repo I just made.

Then I booted the install DVD inside of a newly created KVM virtual machine and did an install selecting that I wanted a GUI desktop (this is Server install media and "minimal" is the default) which is GNOME 3... and added to that the KDE desktop environment. After the install was over the machine was up and running. Then I installed the livecd-tools package previously mentioned made by that CentOS guy. Oracle was missing two perl-something-something packages needed for the livecd-tools dependencies so I just copied the missing two packages (along with the livecd-tools packages and epel-release) to my Oracle 7 RC package repo directory and re-ran createrepo. BTW, you don't have to turn off SELinux anymore for livecd-creator to work. That probably changed a long time ago but I only recently noticed. Ding, build environment complete.

Oracle Linux 7 RC - GNOME 3 ClassicOracle Linux 7 RC - GNOME 3 ClassicFixing up the kickstart - Then I copied my centos-7-pubqa.ks kickstart file and modified it. Within that kickstart I had referred to a number of package groups but in my local package repo package groups weren't working well for me. I don't know if package group names are different between CentOS and Oracle (probably) or if I needed more package metadata than I had with my simple, local package repository. As a result I needed to cough up a more complete and accurate package list for my kickstart. Hey, I liked the install I had in my KVM machine so I just did an 'rpm -qa --qf "%{n}\n" | sort > packages.txt' to generate a complete package list with the version portion stripped off suitable for a kickstart file. I emptied out everything in the package section of the kickstart an then just inserted the contents of the packages.txt file. Then I ran livecd-creator giving it the appropriate flags to generate an iso from the kickstart with the desired name (oracle-7-rc-001-x86_64.iso). After about an hour and approximately 1,400 packages... I had a 1.2GB .iso. I then tested that inside of a KVM virtual machine and it worked great... both as a try-it-before-you-install-it Live Desktop... and as an installer too.

OpenVZ OS Template building - I took the scripts (regular and minimal) I had created for CentOS 7 Public QA to build OpenVZ OS Templates and made the minor modifications needed to point to my local Oracle package repo. I had to change a few of the package names (like centos-release became oraclelinux-release and centos-logos became oracle-logos... and had to add in the rhn-client-tools package) and the desired output file name... but other than that, a simple edit. Those took about 10 minutes to build. I copied the .tar.xz files over to an OpenVZ host node and made a few containers to test things out. They worked as expected.

What else is different? - Turns out Oracle didn't have packages for LibreOffice on their install DVD. I thought that was weird because they had GNOME 3, KDE and some desktop applications including Firefox, GIMP, and Inkscape... but no LibreOffice. I assume after GA happens and their full package repositories become available that those packages will be included. The DVD includes just a little shy of 4,300 packages.

Where to go from here? - I will be releasing the OpenVZ OS Templates after Oracle's GA release but I don't think I can publicly release the LiveDVD as that might violate their license agreement. I don't read legalize so I'm not certain, but I just showed you above how you can make your own. I've attached the .ks I used as well as the scripts for OpenVZ to this post. You'll have to put in the correct URL for your own local repo or the one made available by Oracle after GA. And of course you'll want to modify the package set as desired. My kickstart probably has a some junk in it left over from the Fedora kickstart I based it on, but it does build and work just fine. Feel free to clean it up and make it more perfect if you want.

Enjoy!

Weather in Montana?

| | | |

I'm not sure exactly when the big storm was today... but when I got home from work around 7PM it was fairly clear. Driving by a few places in Belgrade on my way home from the bus stop... the lower level parking lots were a bit flooded.

When I got home I saw something weird in my front yard. I mean, this is June 26th... just a few days before the 4th of July holiday, right?

Poorly shot video but you get the point. For some reason Google Chrome doesn't like the webm files I create with ffmpeg anymore... but it will play fine in Firefox.

hail-front-yard-20140626.webm Enjoy.

Syndicate content