Mark Turner : Ebola research: Fever not a surefire sign of infection – LA Times

October 22, 2014 07:41 PM

If we’re only looking for fever while screening Ebola victims, we may be missing 13% of cases. Yikes.

For public health workers screening more than 1,000 air travelers who arrive each week in the United States from Ebola-stricken West Africa, one symptom above all others is supposed to signal danger: fever.

So long as an individual’s temperature does not exceed 101.5 degrees and there are no visible symptoms of Ebola, health authorities say it should be assumed the person is not infectious.

Yet the largest study of the current outbreak found that in nearly 13% of “confirmed and probable” cases in Liberia, Sierra Leone, Guinea and elsewhere, those infected did not have fevers.

via Ebola research: Fever not a surefire sign of infection – LA Times.

Tarus Balog : Internet of Silos

October 22, 2014 07:03 PM

My friend Phil sent me a link to a Gartner article listing the “Top 10 Strategic Technology Trends for 2015” and I wasn’t surprised to see the “Internet of Things” at number two.

Now that mobile computing has become ubiquitous, there is a rush to network connect everything. Plus, there is a lot of money in it – take a look at the Nest acquisition. I’m not really certain this is a Good Thing™. My experience with low end network devices shows that corners that can be cut often are (i.e. crappy SNMP agents) and my guess is that in this rush to get things out the door we will end up with some serious issues.

One thing that can circumvent this is open source. By making the code transparent, especially for medical devices, there is a strong chance that major issues could be identified and corrected.

If, and that is a big “if”, we could get people to standardize around various open source software for the IoT there is a chance we can prevent the “Internet of Silos”. I first heard that term in a BBC article where it was announced that ARM (a British company) was creating an open source programming language for devices powered by its chips.

As you might expect, the article was short on specifics, but if the language is any good and the license is permissive, perhaps other chip manufacturers will port it. At a minimum it should encourage companies like Intel to also open source the technology used for their chips and the community might be able to build wrappers around both of them.

No matter what happens, we hope to support any management capabilities they introduce. We are actively working on making OpenNMS almost infinitely scalable to be able to handle the needs of the IoT, from insanely fast data storage (Newts) to highly distributed polling and data collection (Minion). We hope that the open nature of the platform will encourage more and more product vendors to use OpenNMS for their element management system, and then at least on the management front we can prevent the silos.

Warren Myers : draft day – the second football movie of the year

October 22, 2014 03:14 PM

And while not as good as When The Game Stands Tall, still a very good movie.

The parents’ guide warnings from IMDB may be helpful – there’s more language than needed for the story-telling, though I guess that’s what brought it into the PG13 range instead of PG.

I’m not a huge fan of sports movies in general, but some are good (especially the ones that aren’t really sports movies (like For Love of the Game, another Kevin Costner film)). I’m happy to be able to add this one to my list of enjoyable stories.

Mark Turner : Falls whitewater letter to the editor

October 21, 2014 06:02 PM

I just wrote this to the N&O:

Thanks to the N&O for advocating again for a whitewater park. I recall the excitement I felt when the Falls Whitewater Park Committee appeared before Raleigh’s parks board with its proposal to fund construction of this park. I urge whitewater enthusiasts to visit and give generously to make this spectacular park a reality.

Mark Turner : I Saw Firsthand How Nuts Airlines Are Getting With Ebola Fear

October 21, 2014 05:17 PM

USAirways flight attendants had a full-fledged freakout Sunday at RDU Airport over a passenger they suspected of having Ebola, according to one local blogger. How did these superhero flight attendants, presumably not experts in infectious diseases, diagnose Ebola you ask? The woman had an African accent and asked for a club soda.

Yesterday I took a US Airways flight from Raleigh-Durham to Washington, DC to drive some Hellcats. So far so good, right? Across the aisle from me was a woman, from Boston, who was feeling a bit queasy. She asked the flight attendant for some club soda. They responded by trying to kick her off the plane. Any idea why?

If we’re absolutely being honest, there were two very simple reasons why: the woman was black, and had an African accent. In the popular culture of panic, those two factors seem to be enough to turn an entire plane full of people around and return to the gate to attempt to kick a paying traveler off a plane.

via I Saw Firsthand How Nuts Airlines Are Getting With Ebola Fear.

Mark Turner : N&O changes

October 20, 2014 05:34 PM

Gary Pearce weighed in on the News and Observer’s recent print changes so I figured I should do the same.

During our fair visit Friday, I stopped by the N&O booth and chatted with one of the reps there. I volunteered that I liked the new changes to the paper (the local section and front section have been merged) and was told that I’m “one out of a million.” Apparently the feedback from subscribers has been mostly negative.

I pay more attention to the local stories since that’s something the N&O can cover better than anyone else. I like that the local coverage is getting more prominent.

On the other hand, though, I do have to fight with my daughter (mainly) for a section of paper to read in the mornings. Not having a front and local section makes it difficult to share.

I certainly don’t blame the N&O for experimenting, though. I think any newspaper that doesn’t try to change and adapt in these times is at risk of extinction in these fast-moving times for journalism.

Warren Myers : fallen angels by walter dean myers

October 20, 2014 04:14 PM

When I reviewed Germline by T C McCarthy, I mentioned it reminded me of a scifi-ified version of a book I’d read years ago about the Vietnam War.

I came across that book today, and it is entitled “”Fallen Angels” by Walter Dean Myers (which, ftr, I only bought in the first place because he had my last name).

I would heartily NOT recommend you read it if you are at all offended by foul language, as it is rife with it. But it is also a gritty story told from the perspective of someone who was living it every day.

Mark Turner : Spankings

October 20, 2014 02:28 AM

A Facebook friend (one who does not share my political outlook) forwarded a photo that illustrated the value of spanking. It showed a kid getting beat, with the caption “with more of this, there would be less of this,” showing a trio of young men dressed as gang members. I shook my head.

It reminded me of a spectacle I came across as I was on my way to the Player’s Retreat Saturday afternoon. As I was pulling into the parking lot, a father was loading his kids into his car. The father was shouting at his misbehaving kids to get in the car. His young son, probably four years old at the most, was defiantly yelling back at his dad, echoing his very same tone. As I rolled by, I saw the father’s hand smack the boy’s rear hard before the father loaded his son into the car. I thought the show was over but when I got out of my car I was appalled to hear the father screaming at the top of his voice “that is enough!” He was so loud I heard him across the parking lot even with his windows rolled up. He then drove off and I just shook my head. If his kids weren’t terrified before, they were now.

I wonder if the father could hear the echo of himself in his son’s voice right then. I wonder if he realized that he is teaching his son that violence is a solution. How powerless that young boy must have felt, and how sad that his father could not connect to his kids in a way that engaged them rather than hurt them.

I’m not a perfect father by any stretch but one thing I learned early on is that if I ever raise my voice with my kids, I’ve already lost. If I’m shouting I’m admitting defeat. I’m admitting that I have no cards left to play, that it’s become an I’m-bigger-than-you-are game. I don’t want my kids to grow up thinking that might makes right and that throwing a tantrum is the way to get what you want. This parent was throwing a tantrum just as big as his son’s and he should have been old enough to know better.

It seems to me that the world would be better off if we all worked harder at listening to each other. That’s something that starts at home.

Mark Turner : Twitches and fatigue

October 20, 2014 02:12 AM

My initial optimism about the magnesium supplements helping with the muscle twitches I’ve had has worn off. The twitching has continued, spread out all over my body now. In fact, one night last week I felt the muscles between my shoulder blades twitch when I was sleeping – waking me up. It’s the biggest damn pain in the ass.

To top it off, we had only walked about the fairgrounds for about an hour before I started feeling very fatigued. I felt like my arm and leg muscles were slow as molasses. It dawned on me that night that I am finally able to effectively define fatigue versus simple tiredness. Fatigue is like tiredness but without the mental urge to sleep. Fatigue is not having any energy while still maintaining the will to do something. The mind is willing but the body unable. It seems that the fatigue that would once make a visit to me for a few weeks every year or so has begun to occur far more frequently and persistently. And it really sucks. I’m tired when I have no right to be and it’s starting to affect my quality of life.

I hope to revist my doctors soon to discuss next steps. This journey is obviously not over yet.

Mark Turner : Weekend update

October 20, 2014 02:05 AM

It’s been a busy weekend. Friday morning was the press conference and the official kickoff of the Parks bond campaign. NFL stars Torrence and Terry Holt joined other city officials to urge passage of the bond. As the marketing co-chair of the bond committee, I helped plan the press conference and some of the talking points used. The location of the Chavis carousel was perfect, the weather was perfect, the messaging was perfect, and it all just came together. What’s more, I was able to collect the photographs of many attendees, all to add to our “I Flip 4 Parks” social media campaign. Oh, and the official website,, was unveiled as well. Marketing has been a group effort, with the Raleigh Chamber pitching in as well as committee members Jeff Tippett (committee chair), myself, and Patrick Buffkin (speakers chair). The website was designed by Scott Reston with video provided by Napoleon Wright. Everyone did a super job!

Friday afternoon was the visitation for Thomas Crowder, held in the lobby of Meymandi auditorium. There was a huge turnout of people paying their respects. I was glad to meet many of Thomas’s family and say hello to those I’ve already met.

We left Friday afternoon for the North Carolina State Fair. Normally I would rather get a root canal than go to the fair, but it turned out to be a pleasant experience – far less crowded than we expected. We did a lot of walking around before the kids settled on riding a roller coaster. We then grabbed some pizza, watched a few tractor pulls take place, and then wandered over to ride the front Ferris wheel. The Ferris wheel is still my favorite ride at the fair, where you can spend lots of time sitting comfortably and enjoying the view. Soon afterward, with some of us starting to drag, we headed home.

Hallie’s soccer game was canceled as she was playing at a field at Heritage High School and it was the only field in the whole system that was closed for wet conditions. The season-end party and kid-parent scrimmage still took place, though, with the parents winning. The coach was angry with his girls, though, as they played much more aggressively against the parents than they did during their real opponents!

I had to bow out of the soccer festivities, though, in order to attend Thomas’s funeral. A large crowd filled West Raleigh Presbyterian Church for the service, which was scripted by Thomas ahead of time. In addition to the remembrances and hymns the songs “What a Wonderful World” and “Spirit in the Sky” were played, with the crowd clapping along as they exited.

I walked out of the funeral with misty eyes and feeling sad. There were lots of friends there but I didn’t really feel like talking. I spoke with a few friends for a few minutes and then headed over to the after-service celebration at the Player’s Retreat, a favorite haunt of Thomas’s. A beer, some snacks, a few old and new friends, and several engaging conversations later and I was feeling upbeat again. It was clear that the folks who cared for Thomas and his work were not in any mood to slack off now that he’s gone.

I got back home about the time Kelly and the kids returned from the soccer party. Then we all cleaned the house before Travis’s friends came over for a night at the Railhawks game and a sleepover. I got mad when I reached the gate of the Railhawks stadium and was turned away because of my “detachable lens” camera. I steamed about this for a half-hour before I started to enjoy the game. What a stupid rule! It was Travis’s birthday party, he got to spend some time on the field as a “player escort” before the game, and I couldn’t even take a decent goddamn picture of him because my telephoto camera had to stay in the car. Travis enjoyed the game, though, and the boys stayed up late watching a movie.

We made pancakes and smoothies for our young guests before handing them back off to their parents. Travis spent time on his computer while I did more bond-related stuff. Then around 2:45, Kelly, Travis, and I hopped on our bikes to ride the new greenway connector from Milburnie Road to Anderson Point Park. It is awesome, exceeding all my expectations! I thought it would be just a ho-hum connector trail, getting greenway users to the beautiful Neuse River Trail. Instead, it is a gem in itself, surrounded by woods, following Crabtree Creek, and with a nice, wide path.

Before we knew we were at Anderson Point, but not before Travis began to feel ill. We turned around and headed back but Travis bonked before we were off the new part of the trail. Kelly sent me back to fetch the car which I did. Soon we were all back home, where Travis soon got sick and spend the rest of the afternoon on the couch. Poor guy. This is not a good way to celebrate one’s tenth birthday.

I spent the evening creating a design for a Time-Of-Use magnet reminder. As a solar PV owner, we’re on a Time-Of-Use schedule with Duke Energy Progress, meaning our electricity costs differently during different parts of the day. My magnet will serve as a convenient reminder for when the rates change so that we can maximize our electric bill savings.

It was a long weekend but a rewarding one.

Scott Schulz : Tweet: How the heck does Numbers from @apple sum 9.44 and…

October 19, 2014 07:39 PM

How the heck does Numbers from @Apple sum 9.44 and 8 and get $18? Is that common core math?

Scott Schulz : Tweet: Lawn mowing is finished. For the season? I should…

October 19, 2014 06:36 PM

Lawn mowing is finished. For the season? I should be so lucky

Magnus Hedemark : Service Oriented Architecture vs. Dunbar’s Number

October 19, 2014 06:14 PM

I’ve got a bit of a problem in that I spend most of my career working in engineering space, but most of my thought capital is spent on larger problems of organizational design, technical strategy, laying down foundations today for problems we’re going to need to solve in a year or more. This frustrates my bosses to no end, who just want me to build a server or swap a bad hard drive out or any other of a number of mundane day to day sysadmin tasks. I’m left without much of an outlet for this stuff besides meetup groups and, when I find the time, blogging. Thanks for humoring me.

One of my frequent frustrations is we tend to carry too much legacy around in how we work, in how we organize. We do things all wrong because, well, that’s how we’ve always done it. But I’m thinking farther out, and I see many operations teams on a collision course with the hard limits of the human brain. To wit: the hierarchical limitations of Dunbar’s number and the human neocortex.

As the theory goes, we can only maintain about 150 human:human relationships before our brain starts demoting less important relationships out into the realm of mere acquaintances, or recognition, or worse yet… a person is completely forgotten. This all comes from when we were hunter-gatherers and we moved past the more primitive great ape behavior of grooming one another to verbal communication as the glue between us. The number can vary from individual to individual, with a lower bound capacity of about 100 to an upper bound capacity of about 250.

But within that ~150 social group, we have layers. There may be about 5 people that we’re intimately familiar with… mother, father, closer siblings, a lover, a best friend. Further out we may have a relatively deep sense of kinship with about 30 or so people, our extended family, our tribe, or in the modern context, our department at work.

Our brains evolved to increase our ability to be social with one another using spoken language as our glue, and gave us enough capacity in the neocortext to maintain the bonds we form. But there are upper limits on the numbers of bonds we can form, with a relatively low limit on the closest bonds, and a relatively higher limit on the looser bonds.

What the hell does this have to do with Service Oriented Architecture?

Mark Burgess has been pioneering the field of Promise Theory, and its practical application in human:machine and machine:machine relationships through the ongoing development of CFEngine. Most of you reading this now have probably indirectly benefited from Burgess’ research by way of using configuration management tools like Puppet or Chef. In his book “In Search of Certainty“, Burgess explores how we have behaviorally taken advantage of the neocortex to build relationships with the machines that we rule over, and that the limitations of our ability to rule over machines is limited by the capacities of our neocortex to maintain those relationships.

In the bad old days of operations engineering, it was not uncommon to see a 1:20 or a 1:30 relationship between sysadmins and servers. I’ve even seen ratios as poor as 1:12, and even worse in Windows shops. In shops like this, our servers were special snowflakes, lovingly built by hand and given cute names. The upper boundary on how many machines we could handle was more of a capacity limit on the neocortex than any sort of time boundary.

If you were lucky enough to work in a LAMP shop back then, and you didn’t have much of a social life hogging up your more intimate Dunbar slots, you had the luxury of having deep, intimate knowledge of your full stack. It wasn’t very complicated. It was within the realm of reason to be a full stack ninja rock star (or whatever the recruiters are calling people like that these days).


When CFEngine came out and inspired the release of other automation tools like Puppet, Chef, etc, we moved to an Infrastructure as Code mentality. This didn’t eliminate the limitations of the neocortex, but it did add a layer of abstraction. Instead of being intimately familiar with individual machines, we now had to become intimately familiar with the roles defined in code. As many shops had fewer than 30 major server roles in production, our brains coped and by all appearances it was Mission Accomplished! We licked that capacity problem, and now one engineer can run 10,000 servers. Indeed, through use of automation, I had at one point in my career been solely responsible for over 4,000 machines at once and still had time left over to help out the Windows guys.

But most of those 4,000 machines shared one role. I’d only consumed one Dunbar slot for over 99% of my domain of responsibility. Of course I could be intimately familiar with it all!

Enter SOA.

Service Oriented Architecture, combined with the rise of cloud, the maturation of configuration management tools, Agile methodologies, etc. represented an ideal confluence of new ways of doing things. We were able to go back to the old school UNIX best practice of making small tools that do specific things really well, and then gluing them together to solve bigger problems. We got better at decomposing big problems into small ones, and solving those small ones with discrete services. This didn’t just solve a lot of technical problems for us, but it also solved some organizational scaling problems. Now engineering teams could truly focus on smaller parts of the service stack, knowing that as long as the interfaces were stable and well-understood, they had a good bit of autonomy on everything that happens inside of their domain space.

But it hasn’t been so awesome on the operations side. In many shops, we’ve still got the age-old problem of development teams tossing things over the wall at operations. And as service offerings get more comfortable embracing SOA, the variety of services that operations engineers are responsible for are growing.

In some cases, growth will exceed the boundaries of a Dunbar layer.

While all of this is going on, the rise of the DevOps movement is placing greater emphasis on our human:human relationships, which is putting even greater strain on the limitations of human biology. The neocortex can only handle so much before somebody gets demoted.

So how do we get back to the operations engineer knowing all the things about all the things? We don’t. It’s a fallacy. You can go through the motions, but at the end of the day, the human mind can only have intimate knowledge of a finite number of entities. And remember, if you try to load them up with more machine contexts to be intimately familiar with, you’re asking them to drop a slot that would go to another human being.

We’ve seen some movement in the DevOps space towards shifting part of the operational burden to product development teams, and in some cases this works very well. But it makes sense, because they are already very familiar with their code. Would building greater intimate familiarity with the operationalizing of that code occupy another Dunbar slot? Or would it just add depth to the slot that is already being consumed by familiarity with the service?

In working this way, the remaining operations team is no longer bothered with intimate familiarity of services running on their infrastructure. Instead they can focus on excellence in providing the Infrastructure as a Service. And if this is comprised of only a few discrete systems, can that then occupy one of the closer orbit slots in the neocortex? This approach would marry better with the social creatures that we’ve evolved to become. We’d use our biological limitations as a strength rather than as a weakness.

Whether it was obvious to the author or not, such a shift happened in “Turn This Ship Around!” by L. David Marquet (an excellent book, by the way). The crew of the Santa Fe, a nuclear submarine in the US Navy, had a crew complement of 135. That fits comfortably into the Dunbar theory of social capacity. One of the things that the captain changed, though, is moving the intimate technical knowledge down the organizational stack, placing decisions in the hands of those closest to the impacted domain space. Marquet realized rather profound improvements in organizational performance and engagement, but I’m not sure that he recognized that part of the reason for this success is restructuring responsibilities around smaller working groups that built deeper, more intimate relationships with their areas of responsibility (and removing himself from the decision space in the process).

Humans make pretty poor machine emulators, but we’ve got tens of thousands of years of experience at being primates. We ought to tap into what we’ve learned about hominid social structures to build more effective engineering organizations. SOA happens to offer up some convenient abstraction boundaries for partitioning domain knowledge and responsibilities.

Tarus Balog : Conferences? We Got Yer Conferences

October 19, 2014 01:19 PM

This is my “oh” face

as in “Oh how awesome is All Things Open”.

Last year was the first edition of the All Things Open conference in Raleigh, NC. I was very happy that we could be a sponsor, and the above picture was taken during my talk.

We ended up with about 50% more people than were expected, and the keynotes were standing room only. It was really cool to see such a turnout, especially since it sort of validates the Raleigh area as a center for open source excellence.

This year we will have a booth where you can come by, get some OpenNMS swag, and hear about the pending release of OpenNMS 14 (yes, fourteen) which is only a few days away.

Now, “oh” could also mean “oh-hi-oh” as in the Ohio LinuxFest. Directly after All Things Open, the Ohio LinuxFest will be held in downtown Columbus this weekend. This has been one of my favorite open source conferences, and it looks like this year is going to be no exception.

Unfortunately, I will not be able to make either of those shows due to another commitment. But if you want to see my “oh” face in person, come to the “Oh Ess Em Cee” conference in November.

Last year all three conferences were held the same week, which was very disappointing for me as it was hard to choose which to attend. This year the Open Source Monitoring Conference was pushed out a month and will be held in Nürnberg, Germany, 18-20 November. While mainly thought of as an Icinga and Nagios conference, the organizers have been very inviting of other projects. We have had a presence there for the last couple of years, but I have only personally been once and it was amazing. So many people sign up that they are able to pretty much rent out an entire hotel, so while the conference is always good it is the conversations outside of the presentations that are the most enjoyable.

I’ll be giving a talk on OpenNMS (‘natch) as well as getting up to speed on what else is going on in the monitoring world.

I hope you can make at least one of these shows. You won’t regret it.

Jesse Morgan : Fix for Sonar Breaking After Upgrade

October 16, 2014 06:26 PM

Upgrade is not supported. Please use a production-ready database.


If you’ve ever seen this message after a yum update, you know how infuriating it can be. I was sure I was already using mysql rather than the default h2 database, but everything indicated that was the problem.


It turns out the error was caused when they replaced /opt/sonar/conf/ with a default configuration. If you vimdiff it against /opt/sonar/conf/ you should see the issue.


Let me know if this helps.

Mark Turner : Thomas Crowder

October 15, 2014 01:06 PM

Thomas Crowder wrote the first “What I’ve Learned” column for NCModernist in 2008. Here it is again with some of his words of wisdom.

Raleigh native Thomas Crowder began his career as a draftsman with Holloway and Reeves Architects in 1973. In 1976 he moved to Bartholomew and Wakeham Architects until forming his own firm ARCHITEKTUR in 1993.

Crowder was one, if not the last, of North Carolina’s architects to become registered without formal architecture education, grandfathered under NCARB’s apprenticeship program which was abolished in 1984.

In the early 1980s he worked with Harwell Hamilton Harris on additions and renovations to a house for Kathy and Norman Bartholomew, which Harris originally designed for NCSU Professor Duncan Stuart.Crowder served multiple terms on the Raleigh Planning Commission and the Raleigh City Council.

Crowder wrote the very first article in NCMH’s What I’ve Learned series in March 2008:

via Thomas Crowder.

Mark Turner : Thomas Crowder

October 15, 2014 02:21 AM

I began this post back on 25 September, the day Thomas Crowder resigned from the Raleigh City Council. I had to stop writing because it felt like an obituary and it was too soon for that. Thomas passed away this afternoon.

Thomas Crowder

Thomas Crowder

I’ve been in a funk for the past few days after hearing that the health of my friend Thomas Crowder has taken a dramatic turn for the worse.

I first met Thomas in person during the 2007 election when he appeared at the League of Women Voters candidate forum. He reminded me a bit of John Wayne, larger than life.

The last time I saw him was about a year ago. We were outside the Raleigh Times one morning when he suddenly stopped speaking and stared at me.

“How’s it feel to be getting older?” he asked with a chuckle.

I was completely bewildered. “What do you mean?”

He gestured at my face. “You’ve got one of those wild, old-man hairs growing on the top of your nose.”

Thomas would occasionally grill me about a parks board vote whenever I stood before Council. It would drive me crazy at the time but I had to admit that the man knows his stuff. If I had a beef with him it was that he represented his district so well. Too well. He’s always been a fierce advocate for District D. Why couldn’t my district councilors get things done the way Thomas did?

Early on in my service as the chair of the East Citizens Advisory Council I was invited to attend one of the community meetings held in Thomas’s district. It was 8 o’clock on a Saturday and the room was packed. Thomas was there as he was for nearly every meeting. I grumble when our daughter has an occasional soccer game at 8 AM but Thomas routinely attended these meetings. He didn’t get paid to do it and there weren’t any TV cameras around. He just did it because he was dedicated to his neighborhood.

A.B. Combs Elementary last week held its “walk to school” event as they have done for decades, only this year was the first in 18 years that Thomas hadn’t joined in. The school dedicated this year’s walk to Thomas in his honor.

Occasionally, meeting at a city function would allow us to chat. “So, when are you going to run for council?” he would ask me. I would always beg off but I do think he really wanted to know.

Thomas was dedicated – extremely dedicated – and absolutely loyal to his constituents. He could seem intimidating at times but his heart was in the right place. His heart was in his city council work. He always called it like he saw it and was never afraid to share his opinion.

As I was eating dinner this evening at home my hand absent-mindedly brushed my face and for a moment I felt the Horn Hair again on my nose. As I reached up to pluck it, the memory of my amusing encounter with Thomas flashed in my mind. It was twenty minutes later that I learned he had passed away.

Mark Turner : Canadian Public Health Agency scrubs Ebola website

October 14, 2014 02:07 AM

As I touched on in the previous post, I recently came across some websites that reported that the Canadian Public Health Agency had recently changed the description on their website of research that suggests that Ebola can be spread through the air. The changes soften what was once an alarming statement about the spread. Here’s the August 2014 version:

In the laboratory, infection through small-particle aerosols has been demonstrated in primates, and airborne spread among humans is strongly suspected, although it has not yet been conclusively demonstrated

Ebola airborne transmission is strongly suspected

“In he laboratory, infection through small-particle aerosols has been demonstrated in primates, and airborne spread among humans is strongly suspected, although it has not been conclusively demonstrated.”

Now here’s the September 2014 version:

In laboratory settings, non-human primates exposed to aerosolized ebolavirus from pigs have become infected, however, airborne transmission has not been demonstrated between non-human primates

Ebola airborne transmission is not demonstrated.

“In laboratory settings, non-human primates exposed to aerosolized ebolavirus from pigs have become infected, however, airborne transmission has not been demonstrated between non-human primates.”

No explanation was provided for the change in the wording, which removed “strongly suspected” and changed “not been conclusively demonstrated” into “not been demonstrated.”

Now, aside from the obvious fame and fortune, being a Wikipedia editor has also brought me an inclination for checking references. There are several sources cited for each version.

The August version lists these citations (1,6,13):

Plague. (2004). In R. G. Darling, & J. B. Woods (Eds.), USAMRIID’s Medical Management of Biological Casualties Handbook (5th ed., pp. 40-44). Fort Detrick M.D.: USAMRIID.

Mwanatambwe, M., Yamada, N., Arai, S., Shimizu-Suganuma, M., Shichinohe, K., & Asano, G. (2001). Ebola hemorrhagic fever (EHF): mechanism of transmission and pathogenicity. Journal of Nippon Medical School = Nihon Ika Daigaku Zasshi, 68(5), 370-375.

Feigin, R. D. (Ed.). (2004). Textbook of Pediatric Infectious Diseases (5th ed.). Philadelphia, USA: Elsevier, Inc.

Interestingly, the September a citation list almost completely different ( Footnote 1 Footnote 10 Footnote 15 Footnote 44 Footnote 45.

Plague. (2004). In R. G. Darling, & J. B. Woods (Eds.), USAMRIID’s Medical Management of Biological Casualties Handbook (5th ed., pp. 40-44). Fort Detrick M.D.: USAMRIID.

Mwanatambwe, M., Yamada, N., Arai, S., Shimizu-Suganuma, M., Shichinohe, K., & Asano, G. (2001). Ebola hemorrhagic fever (EHF): mechanism of transmission and pathogenicity. Journal of Nippon Medical School.68(5), 370-375.

Bausch, D. G., Jeffs B.S.A.G, & Boumandouki, P. (2008). Treatment of Marburg and Ebola haemorrhagic fevers: a strategy for testing new drugs and vaccines under outbreak conditions. Antiviral Res., 78(1), 150-161.

Reed, D. S., Lackemeyer, M. G., Garza, N. L., Sullivan, L. J., & Nichols, D. K. (2011). Aerosol exposure to Zaire ebolavirus in three nonhuman primate species: differences in disease course and clinical pathology. Microbes and Infection, 13(11), 930-936.

Twenhafel, N. A., Mattix, M. E., Johnson, J. C., Robinson, C. G., Pratt, W. D., Cashman, K. A., Wahl-Jensen, V., Terry, C., Olinger, G. G., Hensley, L. E., & Honko, A. N. (2012). Pathology of experimental aerosol Zaire ebolavirus infection in rhesus macaques. Veterinary Pathology Online, 0300985812469636.

Interestingly, neither version of this section cites the alarming study the Canadian Public Health Agency’s own researchers conducted in 2012 which suggests airborne transmission of Ebola. That citation is #46 in the article:

Weingartl, H. M., Embury-Hyatt, C., Nfon, C., Leung, A., Smith, G., & Kobinger, G. (2012). Transmission of Ebola virus from pigs to non-human primates. Scientific reports, 2.

The Twenhafel study cited above appears to be based on the Weingartl study and was published in December 2012. Rather than disprove the Weingartl study, the Twenhafel study highlights the pathogenesis of the virus, marveling in its efficiency.

So what changed between August and September to warrant watering down the language? The citations certainly don’t tell the story. Most of the articles cited predate the 2012 Twenhafel study. Neither version even cites the Twenhafel study.

Did the researchers suddenly have second thoughts a full two years after their report was published in the peer-reviewed journal Scientific Reports. Dr Gary Kobinger, who participated in the study, seemed pretty convinced when interviewed by the BBC at the time:

“What we suspect is happening is large droplets – they can stay in the air, but not long, they don’t go far,” he explained.

“But they can be absorbed in the airway and this is how the infection starts, and this is what we think, because we saw a lot of evidence in the lungs of the non-human primates that the virus got in that way.”

Still, Dr. Kobinger did stress that this transmission isn’t like influenza:

“The reality is that they are contained and they remain local, if it was really an airborne virus like influenza is it would spread all over the place, and that’s not happening.”

With the news that Saturday one of the nurses treating Thomas Duncan, 26-year-old Nina Pham, has fallen ill to Ebola, Dr. Frieden of the CDC blamed a “breach of protocol” on her infection. On Sunday, Dr. Freiden backpedaled on his placing the blame:

Frieden also apologized for remarks on Sunday, when the nurse’s infection was first disclosed, that suggested she was responsible for a breach in protocols that exposed her to the virus. Some healthcare experts said the comments failed to address deep gaps in training hospital staff to deal with Ebola.

“I’m sorry if that was the impression given,” Frieden said. He said the agency would take steps to increase the awareness of Ebola at the nation’s hospitals and training for staff.

How is it that a well-trained nurse in a state-of-the-art Western hospital who claimed to be following proper procedure still become infected with Ebola? I wonder just what the experts know that we don’t know.

Mark Turner : AP News : Dallas health worker tests positive for Ebola

October 13, 2014 01:38 PM

The head of the CDC insists the nurse who became infected with Ebola Saturday made a “breach of protocol,” though the nurse is said to be at a loss to identify what the breach might have been.

In 2012, Canadian researchers produced evidence (published in the peer-reviewed journal Nature) that suggests Ebola can be spread through the air. Some websites claimed the government of Canada’s Public Health Agency recently watered-down the description of this research on its website. The Internet Archive’s Wayback machine appears to confirm reports of alteration. Compare the snapshot from August 7th:

In the laboratory, infection through small-particle aerosols has been demonstrated in primates, and airborne spread among humans is strongly suspected, although it has not yet been conclusively demonstrated

Ebola airborne transmission is strongly suspected

… with the one on September 16th:

In laboratory settings, non-human primates exposed to aerosolized ebolavirus from pigs have become infected, however, airborne transmission has not been demonstrated between non-human primates

Ebola airborne transmission is not demonstrated.

What if what some of the experts are saying is true, that Ebola may have become airborne? Why would the Canada Public Health Agency change the website description of peer-reviewed research? What if we are only slightly less unprepared for Ebola than these African countries? Are we being told the truth about Ebola?

DALLAS AP – A “breach of protocol” at the hospital where Ebola victim Thomas Eric Duncan was treated before his death led to the infection of a health care worker with the deadly virus, and other caregivers could potentially be exposed, federal health officials said Sunday.

The hospital worker, a woman who was not identified by officials, wore protective gear while treating the Liberian patient, and she has been unable to point to how the breach might have occurred, said Dr. Tom Frieden, head of the Centers for Disease Control and Prevention. Duncan was the first person in the U.S. diagnosed with Ebola.

via AP News : Dallas health worker tests positive for Ebola.

Mark Hinkle : CloudOpen 2014 – Mixing Your Open Source Cloud Cocktail

October 13, 2014 12:39 PM

Here’s the presentation I gave at the Linux Foundation’s CloudOpen in Dusseldorf on October 13, 2014 titled Mixing Your Open Source Cloud Cocktail

Add two parts virtualization, one part orchestration add a little networking shake and pour. Unfortunately cloud computing isn’t that easy but then again not all clouds are the same and tastes may vary. This talk will discuss how the varying open source technologies like OpenStack, Docker, LXC and others can be mixed together to make something that appeals to the needs of a wide variety of users. There’s also no problem in abstaining from building your own cloud but still benefiting from the open source tooling to maximize the benefits of the public cloud.


Warren Myers : preach the need for change, but never reform too much at once – law 45 – #48laws by robert greene

October 13, 2014 12:18 PM

Law 45

Everyone understands the need for change in the abstract, but on the day-to-day level people are creatures of habit. Too much innovation is traumatic, and will lead to revolt. If you are new to a position of power, or an outsider trying to build a power base, make a show of respecting the old way of doing things. If change is necessary, make it feel like a gentle improvement on the past. –Robert Greene, The 48 Laws of Power (review)

Tarus Balog : Why There Will Never Be Another Red Hat

October 13, 2014 09:00 AM

My friend Nick sent me a link to a post called “Why There Will Never Be Another Red Hat: The Economics Of Open Source“. It immediately pushed a bunch of my buttons before I read the first word of the article.

First, it was from TechCrunch. I have nothing against TechCrunch and I respect a lot of their work, but they are Silicon Valley-centric, if not the main mouthpiece, and thus I have to take that bias into account when reading their articles. What works in the Valley doesn’t necessarily translate to the world as a whole, which is why a lot of Valley companies seem to quickly plateau after an initial success.

Second, continuing the theme of Valley biases, I strongly believe Red Hat doesn’t get the respect it deserves because it is headquartered down the road from us in North Carolina and not California. There is a strong sense of “you can’t make it if you aren’t here” in the Valley and that extends to a somewhat dismissive view of Red Hat. Plus, I have a big ol’ man-crush on Jim Whitehurst as he is the most successful tech CEO I know that really, really “gets” open source and thus anyone trying to tell me about the “economics of open source” without respecting Red Hat starts off on my bad side.

Finally, the author is currently at the VC firm Andreessen Horowitz, or A16Z as those of us in the know refer to it. In last year’s investment tour I met with a large number of people in the Valley, and the guy I met from A16Z was easily the worst of the bunch. He made the caricatures of the Silicon Valley TV show look mild. He had no interest in us since we weren’t in California and he was more concerned with who we knew than what we did. I left that popularity crap behind in high school. Granted, we only rated an audience with the lower levels of the company, which overall does have a pretty solid reputation on Sand Hill Road, but still it was almost insulting.

Let’s just say my bullshit meter was halfway to pegged before I started the first sentence.

However, I found most of the article to be spot on. In my “Is Open Source Dead?” post I talked about how open source is both greatly increasing while the classic ideals of open source (i.e. free software for everyone) seem to be going away.

My own philosophy is that, at least for certain large and complex (i.e. expensive) software, the proprietary software model is doomed. Customer needs are changing so fast that no closed system can really keep up, and we’ve seen that in the biggest OpenNMS customers. I spent the last week in Ireland and the client was complaining that before they started using OpenNMS, whenever they needed some new functionality in their management solution the proprietary vendor took too long, cost too much and delivered too little to be worth it. Using a free platform like OpenNMS made it much easier to adapt the tool to their business workflow, instead of having to change it to meet the workflow of the management software. There is value in that – value that can be monetized.

Peter Levine started to win me over with “Red Hat is a fantastic company” (grin) and I as I read on I found my head nodding in agreement. He states

Unless a company employs a majority of the inventors of a particular open source project, there is a high likelihood that the project never gains traction or another company decides to create a fork of the technology.

While I estimate OpenNMS has around 40 to 50 active contributors, at least 15 of those are on my payroll, either directly or indirectly as contractors. While I definitely would like to increase the overall number, we are growing fast enough that we can usually hire someone who contributes a lot to the project, and then, since they can spend their full time on it, we as a group continue to contribute greater and greater amounts of the overall code. When I started out on my own back in 2002, I think at least half of the code came from outside of the .com side of things. Now it is probably closer to 5% or less. It has managed to let us focus on our direction for the application.

Then Levine continues:

To make matters worse, the more successful an open source project, the more large companies want to co-opt the code base. I experienced this first-hand as CEO at XenSource, where every major software and hardware company leveraged our code base with nearly zero revenue coming back to us. We had made the product so easy to use and so important, that we had out-engineered ourselves. Great for the open source community, not so great for us.

I’ve heard this tale from a number of people. Become successful and someone like IBM could dump 100 developers on your project and take it over. While we haven’t experienced it directly (rarely do people tell me OpenNMS is “easy to use”), we are constantly finding out about companies who have either based products on OpenNMS or used OpenNMS to provide services for profit. I think this is great, but it would be nice to capture some of that effort back into the project, either in the form of contributions or cash. It is one reason that the next major release of OpenNMS will be published under the Affero GPL.

So, with all this doom and gloom, what is the solution? Levine’s answer is “sell open source as a service”. I couldn’t agree more. This is exactly what we pitched to A16N. It’s something of a “win/win”.

This recipe – combining open source with a service or appliance model – is producing staggering results across the software landscape. Cloud and SaaS adoption is accelerating at an order of magnitude faster than on-premise deployments, and open source has been the enabler of this transformation.

If you have the in house development staff to leverage open source, it makes sense to become active in the community. David just finished a five stop roadshow in both the US and Europe describing the OpenNMS roadmap over the next year as we position the product for the Internet of Things. He met with our largest customers and all of them are eager to get involved, many pledging, OpenDaylight style, to provide the project with developers. They get input into the direction of the product and we get great open source code.

But what if you aren’t a large medical information company or a worldwide financial institution? You may need what OpenNMS can provide but don’t have the time to build in the workflow or customize it. We will have a solution for you.

The only issue I ended up having with the article was when he compared Red Hat to Microsoft, Oracle, Amazon, etc. Sure there might not be another Red Hat, but I don’t expect to see another Microsoft (operating systems and office suites), Oracle (enterprise software), or Amazon (online product distribution) either. This doesn’t mean that there won’t be new mega-companies. In ten years I expect there will be some huge companies that no one today knows about, probably in the areas of 3D printing and biotech (specifically integrating tech into the human body). Enterprise software companies will be represented by a number of large-ish but nimble companies leveraging open source, and I wouldn’t count out Red Hat just yet as they too are pivoting to follow this new business model.

I want to close with one little story. I spent last week in Ireland where I just happened to be in Dublin where the band Wheatus was touring with my friend Damian (MC Frontalot) opening. They had a grueling schedule (shows almost every night) but I managed to see their concert and talk with them afterward.

Damian has just released a new album (it’s excellent, buy it) and he closed his set with “Charity Case” which includes the lyric:

It’s true:
Frontalot’s destitute.
I need you
to buy my CD so I can buy food.

He often pokes fun on the changing nature of the music business (his song “Captains of Industry” suggests that he is not a musician but instead is in the T-shirt business), and we talked about various business models. I pointed out that acts like Elton John are living the high life from work that basically peaked in the 1970s, and that sort of “royalties for life” model is gone. In its place are artists who sell directly to their fans, often including personalized premiums for a higher price, and touring. The band Phish tours extensively and they make millions, all the while encouraging their fans to bootleg their music, something old school musicians wouldn’t think to do.

At this point Brendan, the founder and front man of Wheatus, joined us and stated “there is nothing an old musician can teach a young one about the music business”. That quote really resonated with me.

In summary, I really enjoyed this article. It mirrored a lot of our thoughts over the last year as we seek to make OpenNMS successful. Remember, our plan is for OpenNMS to be *the* de facto management solution of choice and for that to happen will take a lot of work as well as money. But one thing that we will continue to do to emulate Red Hat is to keep publishing as much software as possible under an OSI-approved open source license.

That is still a key to our success: OpenNMS will always be free and OpenNMS will never suck.

Mark Turner : Love wins

October 13, 2014 02:13 AM

Deputy Biggs asks the crowd of supporters to move upstairs

Deputy Biggs asks the crowd of supporters to move upstairs

As I get older, but especially once I became a father, I started to really wonder why our world is so full of death and destruction, of war and greed. Though I am a veteran of the Navy I no longer take lightly willingly doing something that might make another suffer or die, “enemy” or not. I’m fortunate to have never seen that kind of action; I’ve seen enough of others’, though, to know how pointless it all is. The world could use a little less hate and a little more love.

This thought is always on my mind when the topic of what was once called “gay marriage” comes up. I’m a live-and-let-live kind of guy. If two adults want to commit to each other in marriage, what the hell does my opinion matter? Isn’t America about life, liberty, and the pursuit of happiness? Is there nothing that better embodies those ideals than the right to wed the person you love?

It wasn’t even a week ago that the U.S. Supreme Court quietly declined an opportunity to hear several gay marriage cases pending before it. Doing so let the lower court decisions stand, making those decisions law. The decision surprised everyone, experts alike, and slowly the realization dawned that soon everyone could become legally married in North Carolina.

Rumors began to circulate Friday that one of two federal judges involved in North Carolina’s cases might issue a ruling. My lunch appointment canceled at the last minute, allowing me to change plans and visit the Wake County Courthouse downtown during my lunch break. A crowd of about 50 people waited at the doorstep of the Register of Deeds, frantically refreshing their Twitter feeds in anticipation of the ruling. As I walked into the building, Chad Biggs, the gay Wake County deputy featured in that day’s newspaper article, was walkng out of the building in his deputy uniform. He appeared in the lobby again a few minutes later, dressed in a sport coat.

I spied my friend Betsy Kane across the hallway and chatted with her about what was happening. All around us were couples and supporters, simultaneously giddy and wary that this day they had long awaited might end uneventfully. I snapped photos of those present and took in the excitement. This was a historic day, there was no doubt about it. I might just get to witness history.

A deputy writes down contact info for couples hoping to wed

A deputy writes down contact info for couples hoping to wed

The head deputy grew more nervous as the crowd began to swell. To keep order, he asked that only those couples hoping to marry should remain in the lobby. Others were to wait in an empty upstairs courtroom until word came down. I shuffled up the stairs along with others to Courtroom 204, where supporters took to the gallery, posed at the judge’s bench, and continued their frantic Twitter refreshes as they waited.

As it approached 1:30 I decided I could no longer ignore my expired parking space and bid goodbye to Betsy. It was not clear by then that anything would happen. Indeed, it was not well after 5 PM that Judge Cogburn signed the order striking down Amendment One. By then the Register of Deeds had closed, though it soon reopened. Crowds cheered minutes later as the first couples were wed. Close to 60 were wed before the office closed at 9 PM.

Since then I have been feeling very proud of my state, even though the decision did not come willingly to the current government. The event has me excited about the future again, that there’s nothing that can’t be accomplished if one is willing to stay focused. And it also has motivated me more than anything to make sure that next month’s election I do all I can to assist those who won this battle and to hold accountable those who prolonged it.

More North Carolinians now know that their love counts, too. Love wins, and what’s not to like about that?

Scott Schulz : Tweet: Damn sky is falling it is raining so hard here #NC…

October 11, 2014 09:59 PM

Damn sky is falling it is raining so hard here #NCwx

Eric Christensen : Automated configuration analysis for Mozilla’s TLS guidelines

October 09, 2014 09:14 PM

My friend Hubert has been doing a lot of work to make better the world a little safer.  Glad he’s getting some recognition.  Here’s a great article on testing your server for proper SSL/TLS configurations.

Scott Schulz : Tweet: un, @rdio really? From the Dracula Untold soundtr…

October 09, 2014 04:37 PM

un, @Rdio really? From the Dracula Untold soundtrack, to Bette Midler Christmas songs? Methinks it is time to tweak the autoplay thing.

Mark Turner : Fantastic nerves

October 09, 2014 03:46 PM

I got the word back from my neurologist this morning regarding the nerve tests done Tuesday. The doc says my nerves look “fantastic,” so good that we didn’t even have to do the actual EMG test. He suggested I keep up the mineral supplements and he would see me again in a few months.

So, I’m still not completely sure what’s up with the twitches but it doesn’t appear to be nerve damage. Whew!

Tarus Balog : Using an XML Parser

October 09, 2014 01:21 PM

You know when the XML nerds say not to use regular expressions to parse XML? They’re right.

As part of a less is more project, we wanted to remove the tags from all of the OpenNMS event files. We spent much of the morning playing with a number of methods to find and replace with empty space those tags, and we failed. We came close a couple of times, but then some weird aspect of formatting (tags that spanned multiple lines, some with spaces and some without, etc.) would foil it.

Then I found out about xmlstarlet. We installed it and ran:

xml ed -L -d "/events/event/alarm-data" [filename]

and it just worked. Pipe that bad boy through find and you are good to go.

While I don’t think the option exists, it would be cool if instead of deleting the tag we could just comment it out, but that doesn’t seem to be currently possible.

Mark Turner : Part of the puzzle to be revealed?

October 09, 2014 12:18 AM

Tomorrow is when I talk to the neurologist about the results of Tuesday’s test. The doc has initially diagnosed benign fasciculation syndrome. I’m curious to learn whether he maintains his diagnosis tomorrow.

Twitching continues, mainly in my glutes now. My left bicep has been feeling fatigued for two days, too, though I have not done anything strenuous with it.

On another note, I was checking the Gulf War Illness page on Facebook today when a visitor posted about her veteran husband’s cramp fasciculation syndrome:

Hi every one. My husband has been really sick. Same as most of you. We have been going to civilian docs until a few months ago. He is now in the VA System and still seeing civilian docs to. We thought he might have ALS because he has twitches and cramps, server fatigue, muscle wasting and weakness even though he is still very strong compared to most people. The neurologist 4 years ago DX him with cramping fisiculasion syndrome. He is getting worse all the time. He also has PTSD that until now he has not for treatment for.
We have not filled a claim yet because one thing I have picked up from this group is make sure all our ducks are in a row.
My question is how do you find a doctor that understand Gulf War Syndrome? He also has tinites, sleep apnea, witch we have VA appointments for in the next few months.

That got me doing a little Googling for “Gulf War” and “cramp fasciculation syndrome.” That brought me to a video posted by Jason Blackwood of his muscle twitching.

Seeing that put a chill down my spine. This guy’s twitching looks exactly like mine.

After two decades of mystery, I’m hopeful that I might start getting some answers tomorrow. Wish me luck.

Mark Turner : Gimmie gimmie shock treatment

October 08, 2014 12:49 PM

Yesterday was my appointment to get an EMG and a nerve conduction study done to find out more about my twitchy legs. The technician’s name was Diane and she had me take off my shoes and socks and lie on the table. Diane asked if I was having twitches now and if they were visible. Unfortunately, none were active that I could point her to (though I noticed them again later on the way home).

She then attached a few electrodes to my ankle area and used what is essentially a cattle prod device to run electric shocks into my muscle while a computer charted the responses.

“This is a little more active than I expected,” I told her, not expecting shocks. “I was thinking this would be more passive.”

“Well, we’ve got to check your muscles’ responses to the electricity,” she responded without looking up.

The ankle shocks felt like a series of five small taps and were fairly tolerable. At the end of these five shocks, though, she would poke her cattle prod under my knee to gauge my upper leg.

ZAP! My leg would lurch upward with the shock. After one or two of these larger shocks I decided I could do without them!

“Say, uh, this isn’t demagnetizing my credit cards, is it?” I joked.

Diane laughed. “No, no.”

Then in ten minutes we were done. She asked me to put my shoes back on and she left the room. I saw the computer screen filled with squiggly waveforms and wished later I had snapped a picture of them. With a quick wave at the receptionist desk I was on my way.

As for my twitching, I think the mineral supplements may be helping, though the twitching still has not stopped completely. Once every 15 minutes or so I will notice a twitch in my quadricep or hamstring. They have lessened in intensity and frequency but have not stopped completely.

Tomorrow is my follow-up appointment where I should learn more from my neurologist what it all means. We’ll see.

Tarus Balog : When Less is More

October 07, 2014 06:08 AM

One of the things I’ve noticed in my years of deploying network management solutions is that people can get real excited when they go from having no visibility into their network to being able to see in great detail what’s happening, as when they deploy OpenNMS. The problem then changes from having no information to having too much.

Network geeks like myself tend to be loathe to turn off certain alerts, but sometimes that can be the best thing for an organization.

When OpenNMS was started, workflow was based on events. Events appeared in the browser, events triggered notices, you could acknowledge events – pretty much everything was events. But events can be noisy, especially if you leverage the SNMP trap capability of many devices. This is why we implemented the alarms subsystem. Alarms can take many events and reduce them into a single alarm. Alarm processing can be automated to insure that issues that are important are escalated, and issues that have been cleared can be removed. The alarms list is supposed to be a “to do” list for the NOC staff.

In order to make that happen, it is a good idea to consider each alarm in your system and insure that it is “actionable”. Each alarm comes with two fields for tracking the resolution progress, and these can be used to document the actions taken to fix the alarm.

The “Sticky” memo field is used to annotate a particular instance of an alarm. For example, suppose there was a “link down” alarm due to a circuit being cut by a backhoe. The NOC engineer would be able to note that the repair was in process and maybe even include a case number. Once the issue is resolved the sticky memo goes away.

The “Journal” memo field is permanently associated with the alarm. This is for notes that could be useful the next time the alarm happens, such as “Contact Jim – he knows how to fix this”, etc.

Alarms can be acknowledged, which will remove them from the list of current issues. It is pretty easy to create an automation that can unacknowledge an alarm if it hasn’t been cleared in a particular amount of time. Thus you can automate “reminders” that the issue is still outstanding.

This doesn’t discount the value of events. In OpenNMS, events have become more like log messages. When an alarm happens on a particular node, that node’s page will reflect the events associated with it, which may shed some light onto the problem. But having too many events appear as alarms can overwhelm the NOC staff to the point that they stop using the system.

Unfortunately, often the best way of dealing with network issues involves trial and error. By limiting alarms it is possible to miss something important. But once that happens, alarms can be created to insure it doesn’t happen again. But the opposite, dumping too much information into alarms, will guarantee that alarms will be ignored, greatly increasing the chance that something important will be missed.

I developed my alarm philosophy during my first network management deployment in the early 1990s. I was consulting for a cellular provider and installing HP OpenView Network Node Manager (version 2.2 I believe) and they had me working in the server room. Besides being a bit cold, in the corner was a large UPS that was constantly beeping.

Beep … Beep … Beep

I asked Avery, the guy I was working with, what was wrong and he replied “Oh, it always does that”. At that very moment I decided that if there is an alarm and you don’t do anything to resolve it, just turn it off.

Just remember that OpenNMS is a platform and thus you get to make a lot of the decisions on how best to get it to work with your organization. Consider that when deciding which events to turn into alarms, and then focus on using automations to insure that the most important issues are treated as such.

Jesse Morgan : Prunecluster’s Stories, Volume 1, Part 1: Cragmaw Cave.

October 06, 2014 01:52 PM

So there we were… Cragmaw Cave. We’d just killed a bunch of goblins and had located their leader, known only as “the big one.” The ranger peeks into the small cavern to appraise the situation, then returns to us. “There’s a Bugbear, a worg, and… a goblin in a jester outfit.”

“Whut whut?” I ask. I take my craft seriously. There’s no way the goblin is a properly trained jester. At best he does some pratfalls and slapstick. He ain’t no artist. I cannot let this travesty stand. I fly into the room alone with a series of cartwheels, leaving my fellow travelers dumbstruck. I demonstrated some dance moves and ended with a challenge.

“I CHALLENGE YOU… TO A JEST-OFF!” I spat at the ugly like hack. The worg starts to get up, but the bugbear stops him, enthralled by my performance, “Proceed,” he tells the goblin.

I bust out my iron golem dance while the goblin goes for the snake. *Pssht*, the snake. Anyone can do the snake- hell, my grandma taught me the snake. Figures that a stupid bugbear would like it better. Realising the brute only valued physical prowess and not nuance, I decided to display my acrobatic skills.  The bugbear was awestruck by my ending flourish.

“You’re fired,” the Bugbear said to the goblin, motioning to the worg, who leapt on to the goblin and ripped out his throat.

“You ready for my next trick?” I asked, and began weaving an intricate version of the Dwarven Aristocrats, with just a tinge of magic. Had it worked, he’d have been doubled over on the floor, laughing uncontrollably… unfortunately, he found dwarven culture too refined for his tastes. The bugbear grew violent, at which point I beat a hasty retreat out of the room with bugbear and worg hot on my heels. Boy were they surprised when they found my friends waiting for them around the corner…


If there’s one thing I hate more than an hack jester, it’s an ungrateful crowd.

Mark Turner : BBC News – Caesium: A brief history of timekeeping

October 05, 2014 04:01 PM

This is a fascinating account of the modern tools we use to keep track of time, and the growing problems we face as our drive towards time accuracy conflicts increasingly with the imperfections of our terrestrial and celestrial home.

The frequency of the transition of strontium, for example, is 444,779,044,095,486.71 Hz. A strontium clock developed in the US would only have lost a second since the earth began: it is accurate to a second in five billion years.

The scientists at NPL reckon optical clocks that keep time to within one second in 14 billion years are on the horizon – that’s longer than the universe has been around.

via BBC News – Caesium: A brief history of timekeeping.

Alan Porter : First Performance

October 05, 2014 12:00 AM


This weekend was a first for me. I performed a simple ukulele song on a stage with an audience. The song was “Princess Poopooly” and the venue was the Martin Guitar tent at the IBMA World of Bluegrass street festival.


I’ll admit, “Princess Poopooly” is not a bluegrass song… it’s a silly Hawaiian tune. But the kind folks at the Martin tent invited any and all to come up on stage and show their stuff. Play a song, get a T-shirt.

The performance itself was underwhelming. I’ve never worked with mics before, so it was a little constraining to sit behind two: one for me and one for my ukulele. Halfway through my song, the uke mic dropped out of the stand and into my lap, which led to the most-remembered line of my act: “whoops!” The kids laughed and repeated that one over and over.

This was the realization of a promise I made to myself at last year’s World of Bluegrass festival. After watching a bunch of other folks step up and play (including both of my daughters), I decided that it was time to pick up an instrument myself and learn.

Big thanks to the folks in the audience who cheered me on.

Magnus Hedemark : create a tor-only VLAN with a Raspberry Pi

October 04, 2014 06:33 PM

I’m a big fan of the Tor Project. It’s really encouraging to see more people using it, and more people setting up bridges, relays, and exit nodes.

What I’d like to see more of is publicly available networks that transparently redirect clients’ Internet connectivity through Tor. My first step here is going to be aimed more at someone with the means by which to set up many wireless access points on a campus, like perhaps an office building or a University. In these environments, it is typical for wireless networks to be created on different VLANs, with multiple SSID’s advertised, and each SSID being linked to a different VLAN. Often you might have a staff SSID and a guest SSID.

But because the host is concerned about bad behavior or misuse of the guest network coming back to haunt them, access is extremely locked down. Perhaps they only allow simple web browsing and nothing more. And access is not granted without knowing a guest network password, or having to go through a captive portal.

Let’s dispense with all of that and use an inexpensive Raspberry Pi Model B to create a Tor-only guest VLAN.

I’m going to make a few assumptions up front:

  1. You’ve already got a Raspbian base image installed on your Pi.
  2. It’s plugged into an ethernet switch where untagged traffic transits on a trusted network, and has a route to the public Internet. For the sake of this blog post, we’ll call that vlan1 and assume its native network is
  3. There is a second VLAN configured on this switch, we’ll call it vlan2, and its native network is This is an isolated VLAN with no transit to the Internet.
  4. You’ve already walked through the initial setup menu when logging into your Raspberry Pi for the first time.

OK let’s get started:

  • run sudo apt-get update to update the index of available packages
  • run sudo apt-get dist-upgrade to upgrade to the latest versions of installed packages
  • run sudo apt-get install tor to install tor. This will start the tor daemon automatically, which we’re not quite ready for yet.
  • sudo /etc/init.d/tor stop to stop the tor daemon for now
  • sudo apt-get install vlan will give us the ability to set up a tagged vlan interface
  • sudo modprobe 8021q

to enable the kernel module for tagged vlan support

  • sudo echo 8021q >> /etc/modules to persist this change across reboots
  • pi@raspberrypi ~ $ sudo vconfig add eth0 2
    Added VLAN with VID == 2 to IF -:eth0:-
  • sudo ifconfig eth0.2 sets the IP address on the new VLAN interface.
  • Let’s make this permanent. Run sudo vi /etc/network/interfaces and add this:
    auto eth0.2
    iface eth0.2 inet static
  • Outstanding. Let’s go ahead and adjust tor’s configuration to handle transparent proxying for us. Go ahead and sudo vi /etc/tor/torrc and add the following lines to the end of the file:
    AutomapHostsOnResolve 1
    TransPort 9040
    DNSPort 53
  • Go ahead and start tor. sudo /etc/init.d/tor start (but we’re still not done)
  • We’ve got both networks up. We’ve got tor configured to transparently proxy all TCP traffic and DNS queries. But we don’t have anything funneling TCP traffic into tor yet, nor do we have a DHCP server on the VLAN. Let’s continue.
  • Let’s build our Firewall rules. Go ahead and sudo vi /etc/iptables.up.rules and paste the following lines into it:
    :INPUT ACCEPT [1:141]
    :OUTPUT ACCEPT [5:372]
    -A PREROUTING -i eth0.2 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
    -A PREROUTING -i eth0.2 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
    :INPUT ACCEPT [5:616]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -i eth0.2 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -d ! -i lo -j REJECT --reject-with icmp-port-unreachable
    -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
    -A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
    -A INPUT -i eth0 -j REJECT --reject-with icmp-port-unreachable
    -A FORWARD -i eth0 -j REJECT --reject-with icmp-port-unreachable
  • Let’s make the firewall rules persistent. sudo vi /etc/network/if-pre-up.d/iptables
    /sbin/iptables-restore < /etc/iptables.up.rules
  • And this new script needs to be executable: sudo chmod +x /etc/network/if-pre-up.d/iptables
  • We still need a DHCP server. sudo apt-get install isc-dhcp-server
  • Then we have to configure it. sudo vi /etc/default/isc-dhcp-server and change the last line:
  • Blank out the dhcpd.conf file: sudo cat /dev/null > /etc/dhcp/dhcpd.conf
  • sudo vi /etc/dhcp/dhcpd.conf
    ddns-update-style none;
    default-lease-time 600;
    max-lease-time 7200;
    log-facility local7;
    subnet netmask {
      option routers;
      option domain-name-servers;
  • sudo /etc/init.d/isc-dhcp-server start
  • For good measure, since we grabbed updates earlier in this process, it’s probably not a bad idea to sudo reboot
  • Wait until the Raspberry Pi is back up. Try plugging a laptop into a switch port that is untagged on vlan2. You should get a DHCP lease on the network. Go ahead and open a web browser. You should be able to surf.
  • Try going to a site like and see what IP you’re coming from. I just did and it says I’m in Bucharest (I’m really in Raleigh).

Remember, this isn’t perfect anonymity. Your browser cookies, your browsing habits, the plugins you use, etc. can easily give away your identity. The main point of this is to give a clever option for providing guest WiFi services with a lower risk to the service host. This also gives the guests a better shot at reclaiming their privacy and anonymity.

Most ICMP traffic is going to get dropped on the floor with this system, as well as almost all UDP. DNS queries will get captured and redirected through tor. A hidden bonus of this arrangement is that guests can browse .onion hidden services without installing anything on their end. Tor is really a tcp-only network, so forget about running BitTorrent here, or playing your favorite games (which more often than not depend on UDP).

Now that you have a privacy-enhanced VLAN configured, with transit to the Internet handled transparently through Tor, I’ll leave it to you to add one or more wireless access points to this VLAN so that you might share it with others.

Scott Schulz : Tweet: Time must be severely dilated out at @evenote supp…

October 04, 2014 02:37 PM

Time must be severely dilated out at @evenote support / headquarters –


Tarus Balog : OpenNMS-based App Wins Digital Jersey Hackathon

October 03, 2014 05:56 PM

I was delighted to find out that an Android app using OpenNMS as the backend won the “Best App” prize at the first ever Jersey Hackathon.

Note: This is Jersey as in the island and not Jersey as in New.

The Open Alert “Man on Site” app is a small Android application that is designed to track the activities of people working alone at a remote site. From the wiki:

When activated this reports the location of the phone on a regular basis back to a central OpenNMS server. OpenNMS is configured to plot the current location and status of the device on a geographical map (Open Streetmap).

The App has four buttons;

Start Job – This is pressed by the worker when they start lone working on site. This starts a timer in the local App and on OpenNMS. The local timer will generate an alarm on the local device if the user forgets to report in after a set time.

Report In – This must be pressed when prompted by the local timer. If it is pressed both the timer in OpenNMS and the local device will be reset. If it isn’t pressed then OpenNMS will escalate the ‘Man on site’ event to the next level of severity and notify the OpenNMS operator that there is a problem. (Obviously the local timer should be set to 5-10 minutes less than the OpenNMS time out.) OpenNMS will keep escalating the alarm until it is signalled as critical. If the alarm is escalated, then there should be manual processes in place to contact the worker by other means or send someone else to site to make sure they are OK.

Finish Job – This should be pressed when the worker leaves site. The man on site alarm is cleared in OpenNMS and no further escalation takes place.

Panic – If the panic button is pressed, an immediate critical alarm is created in OpenNMS indicating that the worker on site is in trouble and needs help.

OpenNMS maintains a log of all of the movements of the user and also of the time of starting work / stopping work / panic events which could be important for triage if an incident happens.

Congratulations to the authors, Craig Gallen and Mark Wharton, who created this during the 48 hours of the Hackathon. We built OpenNMS to be a platform and not just an application and this is one example of what can be created leveraging it.

More information can be found on the UK OpenNMS Site and the code is available on Github.

Mark Turner : Your Ancestors Didn’t Sleep Like You – Are We Doing It Wrong? | Collective-Evolution

October 03, 2014 12:34 PM

Very interesting. I’d like to try a segmented sleep pattern for a while to see how it makes me feel.

It makes one wonder what lighting up the night has cost us from an evolutionary perspective.

Evidence continues to emerge, both scientific and historical, suggesting that the way in which the majority of us currently sleep may not actually be good for us.

In 2001, historian Roger Ekirch of Virginia Tech published a paper that included over 15 years of research. It revealed an overwhelming amount of historical evidence that humans used to in fact sleep in two different chunks.

via Your Ancestors Didn’t Sleep Like You – Are We Doing It Wrong? | Collective-Evolution.

Tarus Balog : OpenNMS in Dublin

October 02, 2014 12:05 PM

I’ve been to 34 countries so far, and my goal is to hit 50 by the time I’m 50 (which is closer than I’d like). In all that time I’ve managed to miss Ireland, but that is about to change.

Airspeed Telecom is hosting a workshop next Wednesday, October 8th, at the Morrison Hotel in Dublin, described as “probably the hippest & coolest luxury hotel in Dublin city centre”.

That’s just how we roll.

The workshop will feature a case study by Airspeed, as well as a futures roadmap presentation by Dr. Craig Gallen and David Hustace.

Oh, and I’ll be there, too.

If you can make it, please email Liz at

Mark Turner : A room with a 115,000 volt view

October 02, 2014 03:07 AM

Update 14 Oct: Duke Energy Progress tells me this line is 115,000 volts, not 140,000. Post updated to show the true voltage.

401 Oberlin residents never have to charge their cellphones

401 Oberlin residents never have to charge their cellphones

As I’ve occasionally driven by the new 401 Oberlin apartments at the corner of Oberlin Road and Clark Avenue, I’ve begun to notice just how frighteningly close the building is to a high-voltage transmission line paralleling it on Clark Avenue. High voltage lines pulsing with electricity in the neighborhood of 115,000 volts are less than two dozen feet away from the top floor of this building. Scary thought. It’s something that is conspicuously absent from their fancy building renderings, I’ve noticed.

Twenty years ago I rented an apartment with my brother and friend on Thea Lane in southwest Raleigh that was located about 50 feet under the 115Kv transmission lines that run alongside the Beltline. I never thought much about it until the day I was adjusting my tape deck (remember those?), getting ready to record a CD. When I bumped up the gain slightly on my tape recorder, I was surprised to hear an unexpectedly loud hum coming through the tape heads! Yikes! I wasn’t going to wait around for science’s definitive answer on the possible dangers of electrical field exposure, I was ready to get out of there!

Now look at 401 Oberlin, which is twice as close to power lines as I used to be. Electrical field strengths become twice as strong at half the distance, so 401 Oberlin residents are almost certainly swamped in a very strong electrical field.

Bottom line? No way in hell I would ever live there!

I’ve got an inquiry in with Duke Energy Progress to determine how much juice is actually flowing through that transmission line. I’ll update this post if/when I hear back from them.

Mark Turner : Twitches continue

October 02, 2014 02:51 AM

My muscle twitches have continued constantly since I first noted my left knee twitching. Now I get twitches in my upper left quadricep, right quadricep, right foot, both hamstrings, buttocks, left calf muscle, and elsewhere. It seems that at any one point in time there is something twitching. It’s as if someone is tickling me, 24 hours a day. It frequently wakes me up hours before my usual waking time. I’m really starting to wish this would go away but so far it has only gotten worse.

I am set to visit a neurologist tomorrow who can hopefully give me some answers. As I pondered my upcoming visit, I realized I had been assuming the doctor could provide some sort of medicine that might still my twitching enough that it wouldn’t disturb my sleep. Tonight I considered the very unpleasant possibility that the doctor can’t do anything to calm my muscles. Never mind whether this is a symptom of a more serious condition – nevermind the underlying cause – what if I was simply stuck with being invisibly goosed for the forseeable future? This alone would suck.

In the darkest corners of my mind is the fear that the mysterious health issues that have occasionally plagued me for decades have now fully latched onto me, having chewed through my body’s defenses. Pessimistic, I know, and premature since I haven’t seen the neurologist yet, but I admit that whatever is affecting me now has my full attention.

Tarus Balog : Review: OnePlus One Android Phone

October 01, 2014 08:31 PM

I agonize over my technology decisions, often to a point that other people, including free software people, tease me about it. Is my distribution of choice free enough? Is it secure? Is my privacy protected so that I choose exactly what I want to share?

My current Android ROM of choice is OmniROM, and I’ve been quite happy with it. I do have issues with the limited number of phones that are officially supported, but it was my choice of ROM that drove me to buy an HTC One (m7).

I like the HTC. My main complaint is with the horrible battery life, and the phone is somewhat old having been replaced by the m8 which I don’t believe is supported by OmniROM. I’ve been frustrated in that it seems I have to choose between freedom and cool gear.

But maybe that isn’t the case anymore.

My friend Ronny first brought the OnePlus One (OPO) to my attention, and recently, through one of my Ingress friends Audrey, I was able to get an invite to purchase the new OnePlus One handset. While not supported officially by OmniROM as of yet, it is one of the new phones to ship with Cyanogenmod, and since OmniROM is a fork it should be compatible. Plus, it is very similar to the phones from Oppo which are supported by OmniROM, so perhaps support will come when the OPO becomes more widely available.

The first thing I realized when I opened the box is that this handset is a monster. It boasts a 5.5 inch screen at 1920×1080 pixels (full HD) which makes it the same as the new iPhone 6 Plus (401 ppi). It has a 2.5GHz Qualcomm Snapdragon 801 processor and 3GB of DD3 RAM at 1866MHz which makes it fast. I bought the 64GB version (quite a jump from my HTC One’s 16GB) and the 3100mAh battery lasts all day and then some. I thought the size would worry me, but I quickly got use to it. I can even read magazines on it which may cause me to travel less with my Nexus 7, and as my eyes age I’m finding the OPO’s screen to be much to my liking.

The phone arrived two days after I ordered it via USPS in two separate boxes. There was a thin square one holding the phone

and underneath it a USB cable and a SIM tray removal tool. To remove the OPO SIM you need a longer tool than the standard Apple one, so I’ll have to be sure to carry it with me. In a separate small box was a wall charger.

There was zero paper and no earbuds of any sort, but I would rate the packaging equal to that of other premium products like those from Apple.

Even though it has pretty much the same size screen as the iPhone 6 Plus, the phone itself is slightly smaller and lighter, although thicker (the iPhone is wicked thin – you are almost worried you’ll bend it). The back of the “Sandstone Black” model is coated with a rough textured finish that makes the phone feel solid in your hand and I haven’t come close to dropping it.

Another improvement over the HTC is the camera. The OPO comes with a 13MB Sony Exmor IMX 214 with six physical lenses. It can shoot 4K video (including slow motion) or 720p video at 120fps. It takes nice pictures.

But you could have read that on the website. How does it fare in real life?

I was concerned with the fact it ran Cyanogenmod. When they announced they were going to take on investment to license their code to handset makers, they handled their community poorly (which resulted in the OmniROM fork) and I was worried that the OPO would be “less free”. I was happy to find out that it was very open. Unlocking the phone was the same as with Nexus devices, simple hook it up to your computer and run “fastboot oem unlock”. While I despised the “flat” icon theme that shipped with the device, it took about two taps to change it back. If I wanted a theme that looked like Windows 8 I would have bought an iPhone.

All my usual options were there. I disabled the Google search bar, increased the icon layout grid size and otherwise customized the phone exactly how I wanted it. I rooted the device and used Helium to restore my application settings and the whole conversion took less than an hour.

I did have to make a change to allow the phone to work with my Linux Mint Desktop. The system wouldn’t recognize it when I plugged it in, and I had to edit “/lib/udev/rules.d/69-libmtp.rules” to include the following two lines:

# Added for OPO
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"

After that it was a breeze. Note: that on one system I had to reboot to get it to recognize the phone, but I don’t think I did on the first one. Strange.

There are a few shortcomings. It took me several tries to get it to pair with my Motorola T505 bluetooth speaker, but once paired it seems to connect reliably. The voice recognition sucks like most Android phones. I don’t use Google Now but I shouldn’t have to send information off to a remote server to voice dial a call. I do miss that from my iPhone days when the original (non-Siri) voice dialer rarely made a mistake. Voice dialing on the OPO is usable, though, and there is a rumour that there will be an “OK OnePlus” voice activation feature like on the Moto X but it isn’t there now. No microSD slot, but with 64GB of internal flash memory that is less of an issue and fewer and fewer phones offer that. I also just tested this little dongle I have for accessing microSD cards via the USB port and it worked just fine.

I’m sticking with the stock ROM for now to see what Cyanogenmod will do in the future, but I know that I have the ability to put on my own Recovery and ROM should I so choose. At the moment they are in the “not evil” column, but I was a little worried about their Gallery app. I noticed a new Galley app account on my phone that looked like it was going to sync my pictures somewhere. Some research suggests that it is disabled when autobackup is off, but it would still like a little more transparency about random, non-removable accounts on my phone.

All in all I’ve been very happy with the OnePlus One and I’m eager to see where they take it. I am especially enamored of the the price. At US$349, the black 64GB version is the same price as a 16GB Nexus 5 and half the price of the iPhone 6 Plus. Probably the best bang for the buck in the Android world at the moment, if not phones in general.

Magnus Hedemark : illumos makes a comeback in the homelab

October 01, 2014 04:09 AM

Up until a couple of years ago, I was becoming increasingly active in the illumos community. I’d given a talk on the subject at Triangle DevOps, and indeed my most popular entries on this blog tend to be the ones relating to SmartOS. But something happend in my professional career, a conflict of interests, that compelled me to pull back from that community for awhile. The conflict is now gone, and hot on the heels of illumos Day 2014, my interest is re-invigorated.

The homelab was in a bit of a clunky state. Every time things started getting cool, my Apple Airport Extreme would crap its pants and fail me in strange ways. They can supposedly handle up to 50 clients, but I was killing it with fewer than half of that. I haven’t fixed that problem yet, but I know what I’m going to do. More on that later.

Those of you who’ve been following for awhile know that I’ve got a Dell half-rack in the house, and while it is very lightly populated right now, the “big” hypervisor box is an HP Proliant DL160 G6 with 12 cores and 72GB of RAM. It’s been set up in several configurations, all of which left me wanting for something more elegant.

Tonight, I took the machine apart, extracted the HP RAID controller, and replaced it with an LSI SAS HBA. While illumos can handle the RAID controller just fine, ZFS prefers to have a direct view of every disk.

My distribution of choice for this host is OmniOS. SmartOS is also a really neat OS. I’ve had SmartOS running on my HP Proliant N54L microserver for over 2 years now and it’s been rock solid. I have two main reasons why I’m not expanding the SmartOS footprint in my house right now (that could change on a whim):

  1. I use Ansible to manage my home infrastructure. It can manage almost anything it can ssh into, as long as there is a Python interpreter of some reasonable vintage on the other side. The SmartOS non-global zone has no Python interpreter.
  2. I use IPv6 extensively in my home. In fact, IPv4 is the second class citizen here. IPv6 gets more use internally than IPv4. However, in SmartOS, IPv6 is quite a bit trickier to use. Other illumos flavors make IPv6 incredibly easy to set up.

I fired it up with a pair of 146GB 10KRPM SAS disks that I got on eBay. This is for my root ZFS pool (rpool). The root pool is limited to one virtual device (vdev) which effectively means the capacity will never be larger than the smallest disk in the pool, but I can mirror that device if I want to.

For this reason, I’ve also added 4x 1TB near line SAS disks for my zones ZFS pool. I’ve configured this pool in two mirrored pairs.

There are two more drive bays that have been left empty. There will be at least one SSD added to the zones ZFS pool at some point to take advantage of the hierarchical capabilities of ZFS.

# zpool status
  pool: rpool
 state: ONLINE
  scan: resilvered 37.9G in 0h43m with 0 errors on Wed Oct  1 02:42:51 2014

        NAME                         STATE     READ WRITE CKSUM
        rpool                        ONLINE       0     0     0
          mirror-0                   ONLINE       0     0     0
            c3t5000C5000EEC9B91d0s0  ONLINE       0     0     0
            c2t5000C50006176C41d0s0  ONLINE       0     0     0

errors: No known data errors

  pool: zones
 state: ONLINE
  scan: none requested

        NAME                       STATE     READ WRITE CKSUM
        zones                      ONLINE       0     0     0
          mirror-0                 ONLINE       0     0     0
            c1t5000C50056E1D717d0  ONLINE       0     0     0
            c1t5000C50057BE4CCFd0  ONLINE       0     0     0
          mirror-1                 ONLINE       0     0     0
            c1t5000C50057C45E7Bd0  ONLINE       0     0     0
            c1t5000C50057C45F7Fd0  ONLINE       0     0     0

errors: No known data errors

The OmniOS installer did not mirror the root pool by default, but there are simple instructions for setting this up. Also, the network interface is not configured by default when you first install OmniOS, but it’s super easy to do that, too. I installed the latest r151012 release, which just came out a few days ago. Of course, there was a new bash package waiting for me. A quick pkg update took care of that.

One of the things I really like about this platform is there is nothing extra to install to make use of containers (also called zones in illumos). I pretty much immediately started going to town, building zones on this new box. The only real speed bump I’m hitting is standing up a Jenkins container. I’ve heard that this can be a little tricky, but it’s getting late, so I’ll likely hack on that tomorrow night. I’m setting up Jenkins and some build slaves in order to start building out an OmniOS IPS package repository for all of the software that I care enough about to build my way. Actually, probably multiple repositories; there are some I’ll want to share publicly, I’m sure.

I kind of feel like I need to blog more about this stuff, because I know a lot of super smart engineers who just, for whatever reason, don’t know that there are more tools out there to be used beyond Linux. Linux is great, it has its areas where I will reach for it first. But there are also places where I’d rather run illumos. Hopefully, as I write about it here, curiosity and illumination may follow in others. We’ve not even really started here yet. I’ve just gotten the base OS installed, the ZFS pools set up, and basic networking set up.

Mark Turner : Facebook took my fake-account-spotting ability away

September 30, 2014 11:20 PM

I was disappointed tonight when I discovered that Facebook has taken away my ability to spot fake Facebook accounts. Occasionally, the Facebook groups I administer get requests from suspicious-looking accounts. Often the spammers have recently joined Facebook and have appropriated the photo of another person for their profile photo. Usually the photo is for a hot-looking girl but not always.

When a request to join a group comes in from one of these questionable accounts, the first thing I do it to cut and paste the URL of their profile photo into Google Image Search (GIS). If the account’s fake, GIS will almost always pop up the name of the real person pictured in the photograph. Or there will be multiple hits, showing the same photograph is associated with multiple names. Either way, a Google Image Search has proven a quick way to sniff out fakes.

Facebook has changed the way they display photographs, though. Each image used to be a link to one of Facebook’s own Content Distribution Network (CDN) servers and could be displayed even without logging in to see it. As long as one had the image URL, one could see the image outside of Facebook.

Facebook has recently been adding a UUID (a unique identifier) to the end of each image URL. This UUID won’t work in GIS when it’s left on the URL and without the UUID, Facebook won’t display the image. With no way to turn GIS loose on verifying photos I’m left with having to trust Facebook (ha!) that the noobie asking for access is, in fact, an actual human.

Facebook gets less and less useful every day.

Tarus Balog : Fear of France

September 30, 2014 09:50 PM

For many years I’ve had an irrational fear of France. I don’t speak French and through television and other media I’ve been led to believe that the French are rude and distant, and the small amount of time I’ve spent in that country (or in French speaking Switzerland) did little to allay those fears.

Which is a shame since there are aspects of French culture that really gel with me. Good food and good company, a decent work/life balance and an appreciation for beauty and art are things that are sometimes lacking in my native society. Of course, the anal-retentive part of me would cringe at other aspects of French culture, such as the general lack of urgency over most things, but still I think there is more to love than hate.

For the first few years after I started working with OpenNMS I really couldn’t take a proper holiday. I might be able to squeeze in a three day weekend here and there, but the luxury of unplugging for a couple of weeks was beyond me. A decade later things have changed, so this year Andrea and I decided to take a long holiday with a week in the UK and a week in Paris.

David and I had been in Paris back in 2008 but I’d never really had a chance to see the city. Of course, the reason Andrea and I went had little to do with the art or history of the place: Paris is crazy thick with Ingress portals. Seriously, we flew across the ocean to play a computer game.

This, of course, required the purchasing of a local SIM card. Now one of my favorite things about being involved in OpenNMS is that almost anywhere I go I can find someone who likes the application. I posted a note to the mailing list and got a nice reply from Daniel Ranc. Daniel is a consultant and a professor at INT (Telecom & Management SudParis) and uses OpenNMS as part of his courses.

He recommended that we use SFR, as they had a plan where we could get 2GB of data for 30€. Now the challenge was to find a store.

Next to our hotel was a Bouygues outlet so we stopped there first. The lady in front of us was buying an iPhone 6 Plus (that sucker is huge) but even though it was iPhone launch day, I assume any craziness happened early in the morning. The salesperson told us that a “carte SIM” with 3GB would be 50€, which seemed spendy, so using the hotel wi-fi I found an SFR store a few blocks away (Paris is a very walkable city).

The guy at the SFR store told us that we could buy the SIM card there, but in order to “charge” it we would need to go to the “Tabac”. In Paris a Tabac is a part of a cafe that sells things like cigarettes and lottery tickets and, apparently, mobile phone access. You can identify them by iconic red and white signs.

While I wasn’t sure I fully understood his directions, we found what looked like the right place, but the lady behind the counter said she couldn’t help us. Thinking we had the wrong place, we wandered around for an hour or so until we met a man who told us where to go, which turned out to be the same place we started. This time we tried a little harder, and a gentleman helped out and sold us two “recharge” tickets for 35€ each. Since they worked we figured Daniel was just off on the price, and we happily started hacking portals.

That lasted about a day.

Apparently what we bought had something like a 100MB limit which we promptly exceeded, so this time I used a combination of Chrome and Google Translate to navigate the SFR website. I found the exact plan that Daniel described, but the site wouldn’t accept any of the four credit cards I fed to it (even though a legit-looking confirmation box with the proper bank name popped up each time). So I dutifully copied down the proper plan on a piece of hotel stationery and off we went to the Tabac.

By this time I had picked up more French so I was all “Bonjour, pouvez-vous m’aider, s’il vous plaît” and I handed the lady (the same one as before) my hand written piece of paper and she was able to set us up with no problem. It was the start of my becoming a lot more comfortable in France. We then wandered around our neighborhood and spent a lot of time in the Parc Monceau

My French improvement would continue on Sunday when I actually got to meet Daniel in person. He and his son Lucas picked us up at the hotel and took us to the Île Saint-Louis.

Paris is a roughly circular city as defined by a ring road highway that surrounds it. It is divided into 20 administration zones, called arrondissements. The first arrondissement is an island in the middle of the Seine called the Île de la Cité (home of Notre Dame and the oldest part of Paris) and the others spiral out from there. The Île Saint-Louis is in the 4th arrondissement and our hotel was in the 17th. You can always tell where you are by the post code: 750xx where xx is the arrondissement.

We found a place to park and walked around the island. Daniel and I talked tech while Andrea hacked portals, and we found a nice café for lunch. Parisians love to eat outside and this was no exception, except that we were lucky to be under an awning when a short shower broke out. With that exception and one other evening the weather was perfect for the entire week.

He and Lucas had to run to do some errands after lunch, but we made plans to meet up later in the week.

Most of our time was spent in parks. The public parks in Paris, even the small lesser known ones, are amazing, with priceless works of art available for everyone to enjoy. Since priceless works of art translate easily into Ingress portals, we had a lot of fun wandering around and linking them up. I know I was supposed to be inside the Louvre with thousands of other people, but I have to say that I loved being outside in the nice weather looking at beautiful things.

On Tuesday we faced our usual travel challenge of laundry. It is hard to pack for two full weeks, so we usually plan to do some laundry during our trips. In a lot of countries, like New Zealand, you just drop it off for a “wash, dry and fold” and come back a few hours later. Not so in Paris, but we did find an “laverie automatique”. This is where I learned another lesson of Parisian life: hold on to your coins.

America is one of the few places that doesn’t use what I would call high value coins. Most countries I visit have the equivalent of a one and two dollar coin, whereas in the US the highest value common coin is a quarter dollar. The machines in the laundry required coins and change was pretty much impossible to find. Seriously, there are banks in Paris with “no change” signs on them. Still we managed to scrounge enough together with some strategic purchases from the marché across the street (where the lady was so kind and delightful while she explained that she couldn’t give me more coins) to get the clothes cleaned.

That night we met up with Daniel, Lucas and Daniel’s wife Clarisse at a place called La Gueuze that specialized in Belgian food. While this naturally included Belgian beer (yay!), to me Belgian food is synonymous with mussels (moules).

Here is where I witnessed the most rude event of the whole trip (a minor one), and it was funny because it was between two Frenchmen. We had some confusion on the order. Three of us wanted mussels, but Andrea wanted the set “formula” menu (one appetizer, one main course and a dessert chosen from a list). At first Daniel thought Lucas wanted mussels as well so he ordered four and there was a lot of spirited talking around the table in both French and English. At one point the waiter just sighed, snapped the ticket off his pad, crumbled it up and walked off.

About five minutes later he came back and he and Daniel interacted as if nothing had happened, and we ended up having a nice meal. Lucas showed me a mathematical brain teaser that I hope to try on someone real soon (I got about 60% of it right).

I had snails. I think I would eat pretty much anything doused in butter and garlic.

Earlier we had met Daniel near the Luxembourg Garden, which was just swarming with portals, so on Wednesday we came back and spent several hours there. It was once the grounds for the palace of Marie de’ Medici, and the building is now home to the Senate chamber of the French Parliament. On the grounds are a model that was used for the Statue of Liberty as well as the outstanding Medici Fountain.

On Thursday we did our only real touristy trip by visiting Versailles. I’ve been wanting to visit there for years, especially after reading the Baroque Cycle. I often laugh when people, especially Americans, criticize French military might because if your skin is pale your ancestors lived in fear of King Louis the XIV. The scale of Versailles defies description – the Gardens cover 800 hectares or over three square miles. We spent over ten hours there, and it was really cool to be there in the evening after the crowds had left.

We covered a lot of Paris. We bought a “Paris Visite” ticket that let us ride any public transportation (bus, tram, metro or RER) within the ring road.

The only regret is that I should have gone with the Bouygues SIM card. Not only did I spend too much for ours, the SFR coverage would have issues, especially near Montparnasse. The phone would show 3G but nothing would work. It seemed limited to that one particular area – hey, SFR, if you are reading this, get OpenNMS.

Overall, it was an amazing trip and I’m eager to return. I found the Parisians to be friendly and the city itself very beautiful. It was a little spendy, even with our airfare and hotel being covered by frequent traveler points, so I am motivated to make OpenNMS successful so that I can visit as often as I like.

Scott Schulz : Tweet: Testing new @pushbullet channels. Is support for…

September 30, 2014 04:53 PM

Testing new @pushbullet channels. Is support for them coming to iPhone app in the future? I receive push notification, but not in stream.

Magnus Hedemark : women in open source: revisited

September 30, 2014 12:29 PM

The other day, I posted some thoughts capturing a conversation that happened in the illumos community over the weekend. If you missed it, head over first to The illumos Number That Bothers Me.

The conversation can’t die there. We’ve got to take pro-active steps to better understand how we got into this gender monoculture in the first place, and be catalysts to the change we wish to see in our community. I’ve been looking around a bit since then and found a few resources that should hopefully help to get the ball rolling.

Tarus Balog : Write In “OpenNMS” in Linux Journal’s Reader’s Choice Awards

September 29, 2014 08:00 PM

Not sure what’s going on here, but it seems that once again OpenNMS has been left out as a choice in the Linux Journal Reader’s Choice Awards.

We came in second in 2011 and third in 2012 but they left us out in 2013 and now 2014.

While Nagios tends to run away with it with their readership, perhaps we can write in “OpenNMS” enough to get a mention.

Eric Christensen : Hubert’s TLS Scan results for September 2014

September 29, 2014 07:39 PM

Eric Christensen:

I’ve been enjoying watching these trends.

Originally posted on securitypitfalls:


This time the results are not really different from past month’s ones. About two percent of servers more use SHA-256 signed certificates and 1% more has configuration that allows negotiation of PFS suites.

Small change to reported results: I’ve added “Insecure” entry which counts the number of servers that will use completely insecure cipher suite like single DES, RC2 or export grade ciphers. It doesn’t include the “controversial but not broken” IDEA and SEED ciphers.

SSL/TLS survey of 402742 websites from Alexa's top 1 million Stats only from connections that did provide valid certificates (or anonymous DH from servers that do also have valid certificate installed) Supported Ciphers         Count     Percent -------------------------+---------+------- 3DES                      349454    86.7687 3DES Only                 164       0.0407 AES                       374868    93.0789 AES Only                  1017      0.2525 AES-CBC Only              553       0.1373 AES-GCM                   172322    42.7872 AES-GCM Only              7         0.0017 CAMELLIA                  170577    42.3539 CHACHA20                  15137     3.7585 Insecure                  79666     19.7809 RC4                       355750    88.332 RC4…

View original 1,216 more words

Magnus Hedemark : the illumos number that bothers me (and what we need to do about it)

September 28, 2014 12:44 PM

I just got back late last night from Surge 2014 and illumos Day, which immediately followed Surge the next day. There were some great talks going on, which I’m sure I’ll also be writing about. But the first speaker in particular dropped something on me that’s bothering me, and it should bother pretty much anyone that hears it.

Garrett D’Amore, founder of the illumos project, crawled through all of the commits and made a really interesting discovery. This is a four year old project, and remains relatively obscure (though some very visible things have come out of it, like zfs). In those four years, about 150 unique contributors have committed code into illumos-gate, the shared core of the illumos ecosystem that distributions are built on. Now on the surface, this number sounds pretty wicked cool. illumos is a fairly unknown project, sadly, so to score commits from 150 engineers sounds like a really good thing. Or is it?

Of those 150 unique commiters, 0 of them were women.

Zero. Zilch. Nada. None.

While we all know that, for whatever reason, software development has developed a sad stereotype of being almost exclusively a male pursuit, we’ve made some strides over the last n years in being more inclusive on the gender spectrum. We’re seeing more women not just participating in technology, but leading the way. We get a lot of value out of having women involved in software, not just in the doubling of the size of the potential talent pool, but in having greater diversity of thought and perspective in how we solve tough problems together.

While we’re definitely still far from seeing a 50:50 blending of male and female engineers on software projects and at technical conferences, there is some movement and it’s good, and we need to keep getting better at it. But the dirty little shame of illumos, now brought to the surface by Mr. D’Amore, is we’ve managed to attract none of them into committing code to the crown jewels of the illumos ecosystem.

Now, to the credit of the community, the ~20 people in the room at the time immediately stopped the forward momentum of progressing through the slides and engaged in passionate dialog about contributing factors, a little bit of grasping about what we could do about it. We don’t really understand the full scope of the problem yet, so it’s hard to really identify effective solutions.

Bryan Cantrill of Joyent spoke very passionately about assholes being the bane of the Open Source community, and how effective they are at chasing good people away from the community. Part of the solution, it would seem, is to not allow alienating social behavior to enjoy influence. This line of conversation grew legs, and ran around the room a good bit. We’ve got some more to talk about here.

There was also a good deal of agreement that the illumos community is a friendlier place for new contributors to come and find ways to get involved than many larger (and more prominent) projects. As someone who has sort of nipped around the edges of this community, I have to agree, I’ve found it really easy to get help in a very collaborative way. What we’ve not done a good job at is marketing, at sharing this with people outside of the community, which is part of why I feel it’s important to tweet about what we’re doing, blog about it, speak, etc.

There was a sense in the room that we couldn’t really quantify, but that several openly suspected was there, that women have maybe tried getting involved in the Linux community and several (or maybe many) have been alienated by some of the bad behavior that can often go on in those communities. The question posed, but not yet answered, was how do we get them to come hang out with us and see that we want them to feel welcome and valued here?

I don’t think we really have the answers at all yet. I don’t think we have even asked the right questions yet. But this conversation is crucial to the survival of illumos, so it needs to continue, and it must result in real improvements to our gender diversity.