Tarus Balog : OpenNMS 101

January 20, 2017 08:35 PM

One of my favorite things to do is to teach people about OpenNMS. I am one of the main trainers, and I usually run the courses we hold here at OpenNMS HQ. I often teach these classes on-site as well (if you have three or more people who want to attend, it can be cheaper to bring someone like me in for a week than to send them here), and the feedback I got from a recent course at a defense contractor was “that was the best class I’ve ever attended, except for the ones I got to blow stuff up.”.

Unfortunately, a lot of people can’t spare a week away from the office nor do they have the training or travel budget to come to our classes. And teaching them can be draining. While I can easily talk about OpenNMS for hours on end, it is much harder to do for days on end.

To help with that I’ve decided to record the lessons in a series of videos. I am not a video editing wizard, but I’ve found a setup using OBS that works well for me and I do post production with OpenShot.

The first class is called “OpenNMS 101” and we set it up as a video playlist on Youtube. The lessons are built on one another so beginners will want to start with Module 0, the Introduction, although you can choose a particular single episode if you need a refresher on that part of OpenNMS.

My goal is to put up two or three videos a week until the course material is exhausted. That will not begin to cover all aspects of OpenNMS, so the roadmap includes a follow up course called “OpenNMS 102” which will consist of standalone episodes focused on a particular aspect of the platform. Finally, I have an idea for an “OpenNMS 201” to cover advanced features, such as the Drools integration.

I’ve kept the videos as informal as the training – when I make a mistake I tend to own it and explain how to fix it. It also appears that I use “ummmmmmm” a lot as a place holder, although I’m working to overcome that. I just posted the first part of “Module 4: Notifications” and I apologize for the long running time and the next lessons will be shorter. I had to redo this one (the longest, of course) as during the first take I forgot to turn on the microphone (sigh).

We have also posted the slides, videos and supporting configuration files on the OpenNMS project website.

I’d appreciate any feedback since the goal is to improve the adoption of OpenNMS by making it easier to learn. Any typos in the slides will be fixed on the website but I am not sure I’ll be able to redo any of the videos any time soon. I think it is more important to get these out than to get them perfect.

Perfection is the enemy of done.

Eric Christensen : A response to ‘Strong Encryption and Death’

January 20, 2017 07:10 PM

I recently read an article on the TriLUG blog mirror discussing access to data after the death of the owner.  I’ve also given this a lot of thought as well and had previously come to the same conclusion as the original author of the article has:

“I created a file called “deathnote.txt” which I then encrypted using GPG.  This will encrypt the file so that both Bob and Alice can read it (and I can too). I then sent it to several friends unrelated to them with instructions that, upon my death (but not before), please send this file to Bob and Alice.”


To be honest, I didn’t actually go through with this project as there were just too many variables that I hadn’t figured out.  There is a lot of trust involved in this that potentially requires a very small number of people (2) to really hose things up.  It’s not that I wouldn’t trust my “trusted friends” with the responsibility but it potentially makes them targets and two is just a really low threshold for an adversary to recover this information.

What really threw me was that the author also included a copy of his private key in case they couldn’t locate it on his computer to, I’m assuming here, access other data.  I have one word for this: NOPE!

Okay, short of the private key thing, what was proposed was quite logical.  Like I said above, I had a very similar idea a while back.  Springboarding from that idea, I’d like to propose another layer of security into this whole process.

Splitting up the data

So you have your encrypted blob of information that goes to person A when you kick off but you don’t want person A to have it before.  Import some trusted friends and you have a means of providing the information to person A upon your demise.  But letting a single person, or even two people, control this information is dangerous.  What if you could split up that data into further encrypted parts and handed those parts out to several friends?  Then, not one single person would hold all the information.  You’d likely want some overlap so that you wouldn’t need ALL the friends to present the information (maybe it got lost, maybe the friend got hit by the same bus that you did, etc) so we’d want to build in a little redundancy.


Shamir’s Secret Sharing Scheme (ssss) is a neat piece of software that takes some information, encrypts it, and then break it into pieces.  Redundancy can be added so that not all parts are required to reassemble the data (think RAID 5).

“In cryptography, a secret sharing scheme is a method for distributing a secret amongst a group of participants, each of which is allocated a share of the secret. The secret can only be reconstructed when the shares are combined together; individual shares are of no use on their own.”

–From the SSSS website

Implementing the solution

Because ssss can only share relatively small strings (less than 1024 bits), my “death” instructions would likely need to be stored whole as a cipher text and the key (symmetric) being the shared object.

The other piece of this solution would be whom to get to hold the shared bits of keys.  It would likely be best if the individuals were not only trusted but also didn’t know the others involved in the share.  That way there is a smaller chance that these individuals could get together to put the key back together.

Also, if person A is the one holding the cipher text, even if the individuals did find each other they would only have a key and not be able to decode the actual texts.


I’m quite happy that I read the original article and I hope to do the same thing that the author did before I kick the bucket.  I’m quite sure that there are other ways to do what Tarus and I wrote about and actual implementation will vary depending upon the individual, their technical level, and their personal privacy requirements.  This problem, though, is one that deserves to be solved as more and more of our information is kept digitally.

Tarus Balog : OpenNMS Is Once Again on FLOSS Weekly

January 19, 2017 04:52 PM

Way back in 2006 I was invited to be on one of the first FLOSS Weekly shows. That was when it was hosted by Chris Dibona and Leo Laporte. Now it is run by the very capable Randal Swartz, and I was excited to be invited back, ten years later. It was also fun to meet Jonathan Bennett, his co-host, for the first time.

Jeff Gehlbach joined me to chat about OpenNMS and all things FLOSS, and I even thought he got a word or two in edgewise. Like FLOSS Weekly, I think our major achievement is that we are still here and still going strong (grin). The only complaint I could have is that this was episode 418 and I was originally on episode 15 so it would have been cooler to be on three shows ago to make it an even 400, but I’m OCD like that.

FLOSS Weekly

One thing I love about free (libre) and open source software is that it is self-selecting. People choose to use it, and thus there tend to be certain things we all hold in common that makes meeting others involved in FLOSS like immediately making a new friend. Chatting with Randal and Jonathan was more like catching up with old friends, although I’d never talked with them before. I look forward to this as the beginning of a beautiful friendship.

Anyone who has had the misfortune of listening to me drone on about OpenNMS in the past will here a number of “bingo” stories in this show, but we do touch on some new ideas and I think it went really well. Please check it out and let me know what you think.

Tarus Balog : Strong Encryption and Death

January 19, 2017 04:01 PM

I try to use strong encryption wherever I can. While I doubt it will keep my thoughts from prying eyes forever, at least it should make peeking a little harder.

But it dawned on me: what happens when I die? I want to let my business partners see what is on my encrypted desktop and I know my wife will need access to the files on my systems at home. I could share them with her now, but my passphrases are complex and she isn’t very familiar with the operating systems I use.

Now I’m not planning on dying any time soon, in fact I want to live until I am at least 95 and a half. Why that age? Because that is when Halley’s Comet will return. I saw the comet when I was living in California in 1986 and I could care less about seeing it again, but I do want to be the old guy they interview:

“Back in ’86, now that’s 1986 for you young folks, I was livin’ in Los Angeles. The comet was too dim to see in the city, so we drove out to Joshua Tree …”

Halley's Comet 1986

So, how do I safely pass on my important passphrases? This is the solution I chose.

I created a file called “deathnote.txt” which I then encrypted using GPG:

gpg --encrypt --recipient tarus@opennms.com \
    --recipient alice@example.com \
    --recipient bob@example.com deathnote.txt

This will encrypt the file so that both Bob and Alice can read it (and I can too). I then sent it to several friends unrelated to them with instructions that, upon my death (but not before), please send this file to Bob and Alice. I also remembered to include a copy of my GPG private key:

gpg --export-secret-keys -a tarus@opennms.com

Just in case they can’t find it on my systems.

This does require a certain level of trust in my friends, but I am blessed with having several I can count on. As long as I remember to keep it updated this should provide a secure way to pass on this important information, although I hope no one has to use it any time soon.

Tarus Balog : Review: Copperhead OS

January 18, 2017 09:40 PM

A few weeks ago I found an article in my news feed about a Tor phone, and it introduced me to Copperhead OS. This is an extremely hardened version of the Android Open Source Project (AOSP) designed for both security and privacy. It has become my default mobile OS so I thought I’d write about my experiences with it.

TL;DR: Copperhead OS is not for everyone. Due to its focus on security is it not easy to install any software that relies on Google Services, which is quite a bit. But if you are concerned with security and privacy, it offers a very stable and up to date operating system. The downside is that I am not able to totally divorce myself from Google, so I’ve taken to carrying two phones: one with Copperhead and one with stock Android for my “Googly” things. What we really need is a way to run a hypervisor on mobile device hardware. That way I could put all of my personal stuff on a Copperhead and the stuff I want to share with Google in a VM.

I pride myself to the point of being somewhat smug about the fact that I use free software for most of my technology needs, or so I thought. My desktops, laptop, servers, router, DVR and even my weather station all use free and open source software, and I run OmniROM (an AOSP implementation) on my phone. I also “sandbox” my Google stuff – I only use Chrome for accessing Google web apps and I keep everything else separate (no sharing of my contacts and calendar, for example). So, I was unpleasantly surprised at how much I relied on proprietary software for my handy (short for “hand terminal” or what most people call a “mobile phone”, but I rarely use the “phone” features of it so it seems like a misnomer).

But first a little back story. I was sitting on the toilet playing on my mobile device (“playing on my handy” seemed a little rude here) when I came across a page that showed me all of the stuff Google was tracking about my mobile usage. It was a lot, and let’s just say any bathroom issues I was having were promptly solved. They were tracking every call and text I made, which apps I opened, as well as my location. I knew about the last one since I do play games like Ingress and Pokémon Go that track you, but the others surprised me. I was able to turn those off (supposedly) but it was still a bit shocking.

Of course, I had “opted in” to all of that when I signed in to my handy for the first time. When you allow Google to backup your device data, you allow them to record your passwords and call history.

Google Backup Terms

If you opt in to help “improve your Android experience”, you allow them to track your app usage.

Google App Terms

And most importantly, by using your Google account you allow them to install software automatically (i.e. without your explicit permission).

Google Upgrade Terms

Note that this was on a phone running OmniROM, and not stock Google, but it still looks like you have to give Google a lot of control over your handy if you want to use a Google account.

Copperhead OS is extremely focused on security, which implies the ability to audit as much software on the device as possible, as well as to control when and what gets updated. This lead them to remove Google Play Services from the ROM entirely. Instead, they set up F-Droid as the trusted repository. All the software in F-Droid is open source, and in fact all of the binaries are built by the F-Droid team and not the developer. Now, of course, someone on that team could be compromised and put malicious software into the repo, but you’ve got to trust somebody or you will spend your entire life doing code reviews and compiling.

Copperhead only runs on a small subset of devices: the Nexus 6P, the Nexus 5X and the Nexus 9 WiFi edition. This is because they support secure boot which prevents malicious code from modifying the operating system. Now, I happened to have a 6P, so I figured I would try it out.

The first hurdle was understanding their terminology. On the download page they refer to a “factory” image, which I initially took to mean the original stock image from Google. What they mean is an image that you can use for a base install. If you flash your handy as often as I do, you have probably come across the process for restoring it to stock. You install the Android SDK and then download a “factory” image from Google. You then expand it (after checking the hash, of course) and run a “flash-all” script. This will replace all the data on your device, including a custom recovery like TWRP, and you’ll be ready to run Copperhead. Note that I left off some steps such as unlocking and then re-locking the bootloader, but their instructions are easy to follow.

The first thing you notice is that there isn’t the usual “set up your Google account” steps, because, of course, you can’t use your Google account on Copperhead. Outside of missing Google Apps, the device has a very stock Android feel, including the immovable search bar and the default desktop background.

This is when reality began to set in as I started to realize exactly how much proprietary software I used to make my handy useful.

The first app I needed to install was the Nova Launcher. This is a great Launcher replacement that gives you a tremendous amount of control over the desktop. I looked around F-Droid for replacement launchers, and they either didn’t do what I wanted them to do, or they haven’t been updated in a couple of years.

Then it dawned on me – why don’t I just copy over the apk?

When you install a package from Google Play, it usually gets copied into the /data/apps directory. Using the adb shell and the adb pull commands from the SDK, I was able to grab the Nova Launcher software off of my Nexus 6 (which was running OmniROM) and copy it over to the 6P. Using the very awesome Amaze file explorer, you just navigate to the apk and open it. Now, of course, since this file didn’t come from a trusted repository you have to go under Security and turn off the “trusted sources” option (and be sure to turn it back on when you are done). I was very happy to see that it runs just fine without Google Services, and I was able to get rid of the search bar and make other tweaks.

Then I focused on installing the open source apps I do use, such as K-9 Mail and Wikipedia, both of which exist in F-Droid. I had been using the MX Player app for watching videos, pretty much out of habit, but it was easy to replace with the VLC app from F-Droid.

I really like the Poweramp music player, with the exception that it periodically checks in with the Play store to make sure your license is valid. Unfortunately, this has happened to me twice when I was in an airplane over the ocean, and the lack of network access meant I couldn’t listen to music. I was eager to replace it, but the default Music app that ships with Copperhead is kind of lame. It does a good job playing music, but the interface is hard to navigate. The “black on gray” color scheme is very hard to read.

Default Music Player Screenshot

So I replaced it with the entirely capable Timber app from F-Droid.

Timber Music Player Screenshot

Another thing I needed to replace was Feedly. I’m old, so I still get most of my news directly from websites via RSS feeds and not social media. I used to use Google Reader, and when that went away I switched to Feedly. It worked fine, but I bristled at the fact that it tracked my reading habits. Next to each article would be a number representing the number of people who clicked on it to read it, so at a minimum they were tracking that. I investigated a couple of open source replacements when I was pleasantly surprised to discover that Nextcloud has a built in News service. We have had a really good experience with Nextcloud over the last couple of months, and it was pretty easy to add the news service to our instance. Using OPML I was able to export my numerous feeds from Feedly into Nextcloud, and that was probably the easiest part of this transition. On the handy I used an F-Droid app called OCReader which works well.

There were still some things I was missing. For example, when I travel overseas I keep in touch with my bride using Skype (which is way cheaper than using the phone) so I wanted to have Skype on this device. It turns out that it is in the Amazon App Store, so I installed that and was able to get things like Skype and the eBay and IMDB apps (as well as Bridge Baron, which I like a lot). Note that you still have to allow unknown sources since the Amazon repository is not trusted, and remember to set it back when you are done.

This still left a handful of apps I wanted, and based on my success with the Nova Launcher I just tried to install them from apks. Surprisingly, most of them worked, although a couple would complain about Google Services being missing. I think background notifications is the main reason they use Google Services, so if you can live without that you can get by just fine.

One app that wouldn’t work was Signal, which was very surprising since they seem to be focused on privacy and security. Instead, the default messenger is an app called Silence, which is a Signal fork. It works well, but it isn’t in the Play store (at least in the US due to a silly trademark issue that hasn’t been fixed) and no one I know uses it so it kind of defeats the purpose of secure messaging. Luckily, I discovered that the Copperhead gang has published their own fork called Noise, which removes the Googly bits but still works with the rest of the Signal infrastructure, so I have been using it as my default client with no issues. Note that it is in the F-Droid app but doesn’t show up on the F-Droid website for some reason.

For other apps such as Google+ and Yelp, I rediscovered the world wide web. Yes, browsers still work, and the web pages for these sites are pretty close to matching the functionality of the native app.

There are still some things for which there is no open source replacement: Google Maps, for example. Yes, I know, by using Google Maps I am sharing my location with Google, but the traffic data is just so good that it has saved literally hours of my life by directing me around accidents and other traffic jams. OpenStreetMap is okay and works great offline, but it doesn’t know where the OpenNMS office is located (I need to fix that) and without traffic it is a lot less useful. There is also the fact that I do like to play games like Ingress and Pokémon Go, and I have some movies and other content on Google servers.

I also lost Android Wear. I really enjoy my LG Urbane but it won’t work without Google Services. I have been playing with AsteroidOS which shows a lot of promise, but it isn’t quite there yet.

Note that Compass by OpenNMS is not yet available in F-Droid. We use Apache Cordova to build it and that is not (yet) supported by the F-Droid team. We do post the apks on Github.

To deal with my desire for privacy and my desire to use some Google software, I decided to carry two phones.

On the Nexus 6P I run Copperhead and it has all of my personal stuff on it: calendar, contacts, e-mail, etc. On the Nexus 6 I am running stock Google with all my Googly bits, including maps. I still lock down what I share with Google, but I feel a lot more confident that I won’t accidentally sync the rest of my life with them.

It sucks carrying two phones. With the processors and memory in modern devices I’m surprised that no one has come up with a hypervisor technology that would let me run Copperhead as my base OS and stock Google in a VM. Well, not really surprised since there isn’t a commercial motivation for it. Apple doesn’t have a reason to let other software on its products, and Google would be shooting itself in the foot since its business model involves collecting data on everything. I do think it will happen, however. The use case involves corporations, especially those involved in privacy sensitive fields such as health care. Wouldn’t it be cool to have a locked down “business” VM that is separate from a “personal” VM with your Facebook, games and private stuff on it.

As for the Copperhead experience itself, it is pretty solid. I had a couple of issues where DNS would stop working, but those seem to have been resolved, and lately it has been rock solid except for one instance when I lost cellular data. I tried reseting the APN but that didn’t help, but after a reboot it started working again. Odd. Overall is it probably the most stable ROM I’ve run, but part of that could be due to how vanilla it is.

Copperhead is mainly concerned with security and not extending the Android experience. For example, one feature I love about the OmniROM version of the Alarm app is the ability to set an action on “shake”. For example, I set it to “shake to dismiss” so when my alarm goes off I can just reach over, shake the phone, and go back to bed. That is missing from the stock ROM (but included in AOSP) and thus it is missing from Copperhead. The upside is that Copperhead is extremely fast with updates, especially security updates.

The biggest shortcoming is the keyboard. I’ve grown used to “gesture” typing using the Google keyboard, but that is missing from the AOSP keyboard and no free third party keyboards have it either. I asked the Copperhead guys about it and got this reply:

If the open-source community makes a better keyboard than AOSP Keyboard, we’ll switch to it. Right now it’s still the best option. There’s no choice available with gesture typing, let alone parity with the usability of the built-in keyboard. Copperhead isn’t going to be developing a keyboard. It’s totally out of scope for the project.

So, not a show stopper, but if anyone is looking to make a name for themselves in the AOSP world, a new keyboard would be welcome.

To further increase security, there is a suggestion to create a strong two-factor authentication mechanism. The 6P has a fingerprint sensor, but I don’t use it because I don’t believe that your fingerprint is a good way to secure your device (it is pretty easy to coerce you to unlock your handy if all someone has to do is hold you down and force your finger on to a sensor). However, having a fingerprint and a PIN would be really secure, as the best security is combining something you have (a fingerprint) with something you know (a PIN).

So here was my desktop on OmniROM:

Old Phone Desktop

and here is my current desktop:

New Phone Desktop

Not much different, and while I’ve given up a few things I’ve also discovered OCReader and Nextcloud News, plus the Amaze file manager.

But the biggest thing I’ve gained is peace of mind. I want to point out that it is possible to run other ROMs, such as OmniROM, without Google Services, but they aren’t quite as focused on security as Copperhead. Many thanks to the Copperhead team for doing this, and if you don’t want to go through all the work I did, you can buy a supported device directly from them.

Warren Myers : kvp is a lousy way to teach

January 16, 2017 11:58 AM

Recently on one of the podcasts I listen to, I heard an offhanded comment made about how history is taught not in patterns but as facts. For example, “On the 18th of April in ’75, hardly a man is now alive, who remembers that famous day and year”.

Rarely are the “whys” explained – understandably so at early ages, but not understandably as maturation happens.

“Teaching” in so many subjects has become memorization of what really amount to key-value pairs. Like, Columbus: 1492. Norman invasion: 1066. Etc.

Certainly, facts are important. And some things truly are best learned in a rote memorization form – for example, the multiplication table through 12, 15, or 25. But what about states and their capitals? Sure, they’re “pairs” – but are they more?

This is awesome if you’re a trivia nut. But if you’re not, or you truly want to learn the material – not merely pass a test or regurgitate facts – then you need to understand more than just the “facts”.

Outside history classes, it’s especially prevalent in math – very little (if any) time is taken to explain why the quadratic formula works (or even what it is), instead algebra students are expected to just learn and use it.

My late aunt, who did a lot of tutoring in her life, summed-up the problem with algebra (and other math subjects past elementary school) thusly: before algebra, we give a problem like “3 plus box is 9; what goes in the box?” but in algebra, we swap the box for a t or x or g, and we freak out. She would teach the facts, but [almost] never without the whys.

The whys are illustrated and analyzed very well in some books – like Why Nations Fail (review). But, sadly, they’re not given in more places.

We definitely need more good teachers who want their students to understand not merely enough to pass the class (or the test), but to cultivate the curiosity we’re all born with to become lifelong learners.

First step: stop “teaching” as key-value pairs.

Mark Turner : FamilyTreeNow and privacy

January 14, 2017 03:47 PM

Many people are concerned about how a so-called genealogy site called FamilyTreeNow.com makes anyone’s name, current and former addresses, and age available online. What’s important to note, however, is that this information has always been out there, available to just about anyone. As the Fortune article below points out, the United States has piss-poor privacy protections. If any good can come from stalker-friendly sites like FamilyTreeNow, it’s that they might spur citizen outrage and greater regulation on who can know what.

The cynic in me bets it will never happen. The nosiness of governments and the corporate plutocracy knows no bounds.

People began scrambling this week to erase their name from an obscure website called Family Tree Now after discovering a remarkable amount of personal information on the site—including age, home addresses (current and past) and names of family members and loved ones.

A friend called my attention to the site earlier this week after finding it contained detailed and accurate records about both her and mother. All you have to do is put in your name and state. I tried it out too and it immediately showed places I lived as well the name of a former partner. It’s pretty unsettling.

Source: Family Tree Now Discloses Personal Data That’s Hard to Remove | Fortune.com

Warren Myers : apple tv – how apple can beat amazon and google

January 13, 2017 05:33 PM

In e99 of Exponent, Ben Thompson makes a compelling case for his idea that Amazon Echo (Alexa) is an operating system – and that Amazon has beaten Apple (with Siri) and Google Home (with Assistant) at the very game they both try to play.

And I think he’s onto the start of something (he goes on to elaborate a bit in his note that Apple TV turned 10 this week (along with the little thing most people have never heard of, iPhone)).

But he’s only on the *start* of something. See, Apple TV is cheaper than Amazon Echo – by $30 for the entry model (it’s $20 more for the model with more storage). Echo Dot is cheaper, but also is less interesting (imo). And Alexa doesn’t have any local storage (that I know of).

And neither of them will stream video.

By Apple TV has something going for it – it *already* has Siri enabled. In other words, it has the home assistant features many people want, and does video and audio streaming to boot.

It handles live TV via apps like DIRECTV or Sling. And Netflix and other options for streaming (including, of course, iTunes).

Oh, and it handles AirPlay, so you can plop whatever’s on your iPhone, iMac, etc onto your TV (like a Chromecast).

But Apple doesn’t seem to focus on any of that. They have a device which, by all rights, ought to be at least equal (and probably superior to) with its competition – but they seem to think their competition is Roku or the Fire Stick. From a pricing perspective, those are the wrong folks to be considering your competition.

It’s Google and Amazon Apple should have in its sights – because Apple TV *ought* to beat the ever living pants of both Home and Echo.

If HomeKit exists on Apple TV, and you have Siri on Apple TV, why is it not the center of home automation?

Mark Turner : Cheap Thoughts: Rethinking sidewalks

January 11, 2017 03:01 AM

An unusable sidewalk

On my way back from dropping the kids off from school last week, I waited at a Hargett Street intersection while a man in a motorized wheelchair passed by me, riding in the street. I wondered why this man chose not to ride on the sidewalk, which seemed much safer. He had no lights nor reflectors and seemed an easy target for an inattentive driver.

I’ve also seen several disabled people in wheelchairs riding in Johnson Street between Glenwood and Boylan Avenues, probably residents of Glenwood Towers. Why do they choose to ride in the road when there’s a perfectly good sidewalk right there?

Then I realized it’s probably the same reasons runners don’t run on sidewalks: sidewalks are horrible for actually getting around. Why? Not only are Raleigh’s sidewalks frustratingly incomplete, the sidewalks Raleigh does have offer their users a chance to trip every four feet.

The problem with sidewalks is that we make them out of concrete. In a perfect world of straight, level roads and vegetation that stays within its lines, a sidewalk once installed would offer a smooth respite from traffic. Instead, roots intrude, cracks develop, ground shifts, and soon you have a jumble of concrete slabs that present a navigation challenge to even the fittest of us. Who wants to be constantly watching their feet instead of seeing the world around us? No wonder runners don’t abide sidewalks and our disabled population eschews them.

So, do we stop putting in sidewalks? We still need some way of getting people around safely. Raleigh has over 110 miles of asphalt-covered greenways that present a smooth, predictable surface for exercise. Some of these run alongside Raleigh roads (Falls of Neuse, for instance) and are very popular. Unfortunately, asphalt pavers tend to be big and paving people’s front yards with asphalt would be extremely disruptive. There’s gotta be a middle ground of some sort: something that isn’t step-trip-step-trip concrete slabs but also not a giant engineering hassle like front-yard asphalt. A smooth, pebble-filled path comes to mind but that’s not practical, either.

What is a good material that offers a seamless path and yet is easy to install and maintain? Perhaps something that could be stitched together on site? What does the ultimate sidewalk look like?

Mark Turner : Police pay letter to the editor

January 11, 2017 02:24 AM

I sent this letter to the editor to the N&O last week when I saw the paper was recirculating the video Jill Knight shot of Hallie and Travis pounding our neighborhood officer, Officer Boyd, with snowballs. This past fall, Officer Boyd broke the news to me that he was leaving and announced his replacement at the November 21st East CAC meeting. I am sorry to see Raleigh lose such a talented officer and wanted to do something about it.

It was bittersweet to see the N&O reshare Jill Knight’s video of my kids pummeling Raleigh Police Officer J.D. Boyd in a snowball fight. Sadly, there will be no rematch: Officer Boyd has quietly left RPD for another area police department. Unfortunately, he is one of many.

Retaining first responders with deep knowledge of the areas and people they serve is critical to our safety. It’s time for the City of Raleigh to offer truly competitive pay and benefits for our men and women in uniform.

The N&O hasn’t run it yet and I don’t know if I am thankful for that or not. With this week’s dismal snow and ice only now melting around the city, few people would’ve seen it had it been run. But will it see the light of day? Who knows? I hope so, though, because I think city leaders need to hear it.

The paper might also not be thrilled with me for loudly tweeting that they missed four days’ worth of deliveries to me to start off the year. I did get my paper the day but have been paperless due to the storm up until today. I hope the N&O and I are still BFFs, though, because I think what they do is important.

Tarus Balog : Monitoring Certificates with OpenNMS

January 06, 2017 05:47 PM

Awhile ago I posted about how easy it was to implement SSL certificates using Let’s Encrypt.

The main issue that people encounter is that the certificates do expire, and while you can set up a cron job to automatically update them, sometimes it doesn’t work. This is why I like to use OpenNMS to check the expiration date of all the certificates I use on the network.

The documentation for the SSLCertMonitor is pretty detailed, and it can be used for almost any cert, not just the one for HTTPS. The example shows configuration for SMTPS and IMAPS as well.

SSLCertMonitor Example

What it doesn’t show is how to discover these services. You could, of course, just provision them directly via a requisition, but I’m lazy so I set up the TCP detector to look for those services on their well known ports.

SSLCertMonitor Detectors

This may result in a false positive if, for some reason, the port was in use by another application, but in practice I haven’t seen it yet.

So now I can rest assured that all my important SSL-based services have valid certificates and there shouldn’t be any interruption in service due to one expiring.

SSLCertMonitor Services Displayed

Mark Turner : Getting my head back into the game

January 06, 2017 03:47 AM

Returning to Earth. Or Atlanta. Close enough.

I spent New Year’s day worshiping the Porcelain God but not because I’d celebrated on New Year’s Eve. No, my body has a way of freaking out all on its own and opted to do so a day after we returned from our trip to Spain. For the next two days, I felt disinclined to lift my head from the couch or bed save for the inevitable Call To Prayer. what a way to be welcomed home! If there’s a positive note in this episode, at least I waited until our vacation was over to get sick.

I began to think that perhaps the routine of going back to work might help speed my recovery. Then That got me questioning my routines and the effect that travel has on them. Never do I return from travel the same person as when I left. I love exploring new places and cultures. I love breaking out of the bubble I hole myself up in every day without knowing it. When you steps out of that bubble and consider how big the world is – how expansive your choices are if you only consider the bigger picture – that’s a powerful thing. The stage you’ve been playing on doesn’t look as big as it once did.

What are you settling for? How do you choose to spend the precious fleeting moments of life that you’ve been gifted? What goals or dreams have been in front of you all along, yours if you’d simply notice?

Travel also grants an appreciation of the things that matter. I was fortunate to have my family along for this journey. I value a stable, familiar environment for my kids to grow up in. At the same time, I want travel to give them a taste of their wider choices and options, as well as an appreciation for what’s in their own bubbles. Are they going to dream small, or big? What will fit inside the walls or bubbles that surround them?

As humans we fall easily into habits and routines and often forget that there is so much more to life. We focus too small. We put on blinders and then complain that that’s all there is. How silly.

So, after this particular trip abroad I’ve decided to fight the urge to fit comfortably back inside my bubble. I will question myself when my first response to an interesting new idea is “well, I can’t do that …” because that’s my bubble talking. You get what you go after, and when you prove to yourself you can survive a trip outside of your comfort zone then those walls will never define you again.

Am I going to get my head back into the game? My head will be in the game, all right. It’s just that the game has gotten bigger.

Mark Turner : Spain, Part II

December 30, 2016 02:53 PM

After a restless night, still not used to the time change, we awoke to start the day with a free walking tour of Madrid through New Tour. We met at Plaza Mayor and joined the English-version of the tour, led by our tour guide, Ramon Amoros.

Ramon, our Madrid tour guide

Ramon is a twenty-four year old Argentinian who has lived in Madrid for ten years, first coming to Madrid to study as an illustrator. When the Spanish economy tanked, he considered moving to Berlin but chose to stay in Spain. His brother suggested he take the tour guide gig and he has been doing it now for two years. He speaks fluent English and could easily pass as American. Leading tours is his only job and he is very good at it: a very smart, funny guy. His illustrations are quite impressive, too.

Ramon led us around key sites of Madrid and pointed out the various statues in the plazas we visited, interweaving his descriptions with information on the personalities involved. We heard about the Builder King, the Loser King, and also the Lazy King. We also learned how famed astronomer Gallileo Galelli was consulted to help build the world’s first bronze statue with a horse rearing up. Gallileo was the one who suggested the first half of the statue be hollow, with the full weight added to the hind legs. It was an impressive feat.

We visited a flamenco bar, stopped in for a long break at a sandwich stop, spent some time in front of the royal palace snapping photos, and viewed part of the original walls that once surrounded the city, all the while learning about the history behind each place. At the end I felt I had learned a thing or two about the country.

Seeing Madrid

After our walking tour we chilled out for a quick moment at our apartment. Then we headed out again to visit the park on the western side of town with an Egyptian tomb in it. Travis had wanted to see this place and Ramon told us it had some of the best sunset views in Madrid, too. We walked around the gardens to the top of the hill on the western edge and peered out over the city. A busker playing Spanish guitar sang close by and I bought his CD for 3 Euro.

Kelly and Hallie then left to go shopping while Travis and I waited around for the tomb museum to open. He and I waited for 45 minutes or so before being let in but it was interesting once we were in. Hieroglyphs told of ancient ceremonies and plaques in Spanish described the uses of the tiny rooms inside. The tomb itself was gifted to Spain and moved to this park in 1970 when it was in danger of repeated flooding at its original site in Egypt. It was a good taste of what we might see when we one day get to Egypt.

Our next venture out was the Prado museum where we viewed Picasso and Dali paintings. We also enjoyed riding the artsy glass elevators. Then we enjoyed a dinner off the beaten tourist path at La Buha, where we were the only ones who spoke English and dined on tortillas, tostas, and good wine, though Travis was not enraptured with his ham-heavy entree.

Madrid’s Egyptian tomb

That was about all we could muster for this day. We walked back to our apartment and were all in bed by 10 PM, again spending another restless night as our circadian clocks struggled with the time change and the holiday revelry continued into the night.

Mark Turner : Madrid bans half of cars from roads to fight air pollution | World news | The Guardian

December 30, 2016 07:40 AM

Madrid’s city council has implemented restrictions on cars in an effort to combat persistent smog. While battling smog is a good thing, the measure does not restrict mopeds and motorcycles, which cause more smog than cars do and seem to me to be far more prevalent in the city.

Madrid has ordered half of most private cars off the roads on Thursday to tackle worsening air pollution, a first in Spain.

The restrictions will operate between 6.30am and 9pm. The city council said in a statement: “vehicles with even-number registration plates will be allowed to drive around on even-number days and cars with odd-number registration plates on odd-number days.”

The measure is activated when levels of harmful nitrogen dioxide in the atmosphere go above 200 microgrammes per cubic metre in at least two measuring stations for two days running, and if the air is unlikely to clear imminently.

Source: Madrid bans half of cars from roads to fight air pollution | World news | The Guardian

Mark Turner : Spain, Part I

December 27, 2016 11:07 AM

At the end of a long journey on the way to Madrid.

I am writing this on one of Spain’s impressive high-speed trains, leaving Barcelona for Seville at 275 kph. It is 9:52 AM CET. We are on the home stretch of our trip to Spain, having spent the first four days in Madrid and the next four in Barcelona. After this six-hour-long train trip we will have a few days in Seville before returning to Madrid for the night.

Spain has been a wonderful experience, in spite of our not really speaking the language. We’ve soaked up the culture and the sights and walked many kilometers around the streets of Madrid and Barcelona. Now we head to what many call the most beautiful, most Spanish city: Seville.

Our trip began midafternoon on 21 December when we arrived at RDU for our flight. A lengthy wait at the Delta counter was rewarded with all four of us getting TSA Pre-flight status and bypassing the long, holiday security lines. Soon we were seated on our Boeing 757-200S for the long trip across the Atlantic.

I had my reservations about being crammed into a 757 for such a long flight but there were two things in our favor. First, it was a red-eye flight so my body would be somewhat used to being still. Second, the family had four seats right next to each other (1+3, right side). Kelly said up-front that she didn’t want the middle seat so I volunteered for it. Surprisingly, it was very comfortable. I got up once to use the lavatory and then used my travel pillow to get a few winks in here and there. Before I knew it we were cruising over the dark, sleeping hills of Ireland on our way to Paris.

At Charles De Guille airport, we wound our way through the labyrinthine of corridors reserved for pre-customs travelers and had our passports stamped. We then wandered through the crowded airport on our way to our gate, where we watched our bags closely before boarding. The Air France flight to Madrid was on an Airbus, and we laughed when the flight attendant handed an open box of croissants to us to handle with our germy hands.

Finally at the Madrid airport, I was hyper-alert for pickpockets and thieves but did not see any. We effortlessly picked up our bags, hired a taxi, and headed to our apartment near the city center. Our cabbie spoke no English but said the name “Trump” and pretended to go into convulsions. We perfectly understood. Kind of sad that even if we leave the country we can’t get away from our cretin President-Elect.

Our apartment in Madrid was close to Puerto del Sol and within walking distance to nearly everything we could need. We took the stairwell-sized elevator (3 personas, max) up to the fourth floor (5 in American terms) and walked in. There was a decent-sized kitchen/common room. two bedrooms, and a small bathroom in-between. The bedroom with the queen bed was also one with a partition rather than a full wall, not giving much privacy. All windows had light-tight windows, making it difficult to know what time it was when they were closed. The bathroom contained a tiny shower so small that it was easy to bump the faucet while turning around and turn the water off (or turn it to a scalding temperature). Spain has top-notch Internet connectivity, though, and we made use of our apartment’s WiFi to plot our next moves.

Sweet downtime

Once our things were safely in the apartment we ventured out to get some lunch. Not finding (nor caring about) anything fancier, we sat down in the outdoor seating area of a pizzeria and attempted to order in Spanish.

We were seated in the middle of the restaurant’s tent, surrounded by a few families and groups of friends chattering in Spanish. As we chatted in English, I watched a nondescript man in a gray jacket and carrying a black laptop bag walk up to the seating area and began scanning it with his eyes. He then walked right up to an empty table on the perimeter right next to a seated couple lost in each other’s gaze. A group of women at the table next to me blocked my view but I saw the man sit down for no more than ten seconds, perhaps pretending to read the menu. He then stood up, cradling a red backpack in front of his laptop bag, shielded from the lovers’ view. With that, he went walking briskly away. I had just witnessed a theft, less than an hour of being in Spain. The lovers never knew what hit them and I was in disbelief about what I had seen. There would be little letting my guard down for the rest of our time in Spain.

With food in our bellies, we returned the kids to the apartment while Kelly and I went out to buy a Spanish SIM card for our phones. Buying SIM cards was one of the smartest things we’ve done on our trip. At the Vodafone store in Puerta del Sol we purchased two SIM cards for 15 Euro each that gave us 50 minutes of talk, unlimited SMS, and 3 GB of data. We now had Spanish phone numbers, but more importantly we now had the ability to use Google Maps to navigate the country, Google Translate to stumble our way through local interactions, and the ability to contact each other in case we were separated. Supposedly we can also call our family and friends in the U.S. but try as I might I could not get this to work.

Madrid street

What is Madrid like? It’s hard to say since it’s the Christmas holidays. We arrived on 22 December when many stores were closing for Christmas and most people were with their families. That meant we walked down streets lined with closed security doors, covered in graffiti. Occasional cars would roll down the narrow streets but many locals rode mopeds or motorcycles. Those lined the streets. Slick, slate sidewalks were separated from cobblestone streets by steel posts a foot tall. These were perfectly positioned to take out our shins should there be an unguarded moment but we avoided this fate (not that I didn’t worry about it). Most buildings are about 5 stories tall and sunlight filtered through only a few windows of our apartment. It reminded me a lot of the streets of Old San Juan in Puerto Rico.

Spain keeps a different schedule than many Western countries. Spain’s former dictator Francisco Franco not only sympathized with Germany’s Nazi and Italy’s fascist regimes, he put Spain into their time zone even though Spain is actually south of the U.K. This makes the sun rise later and set later than it otherwise would and the workforce responds appropriately. The tradition of a siesta is now falling out of favor but once provided a welcome afternoon break in a long day, when workers would go home to eat lunch and nap. Workers would then return to work at 3 PM to work until 8 PM. Now, many Spanish live too far from their workplace to make siestas practical so there’s some movement towards working a normal workday. Studies also show that the Spanish do not get as much sleep as other countries do, with one in four Spanish going to bed after midnight. It was thus difficult to find many places open between 2 PM and 8 PM.

The Christmas market in Plaza Mayor, Madrid.

After resting a bit at our apartment, we made a quick tour of the Christmas market in Plaza Mayor. Having had our fill, we walked back towards our apartment and sought out some food. The “City Kebab” place near our place served up an unsatisfying meal. Disappointed with the meal but happy to be in Spain, we went to bed around 10 PM.

Holiday decorations above the streets of Madrid

Around our bedtime, the city streets were relatively quiet. They got rowdier around 2 AM (when the bars closed, I suppose) and our heads, which were still six hours behind, did not let us sleep. Kelly paged through Facebook on her phone while I fought unsuccessfully to continue sleeping. Eventually sleep came and I believe we all snoozed until after 9 AM. We could not sleep much longer, though, because a full, exciting day awaited us exploring Madrid!

Scott Schulz : HistoryNet vs Honeywell

December 25, 2016 06:30 PM

A tale of two different kinds of customer support: @HistoryNet vs @Honeywell_Home.

I have been a subscriber to HistoryNet's Civil War Times magazine for a few years now. I don't necessarily read it every month, but I usually download a few months and read those articles of interest to me. In November of this year, I decided to do some catching up so I downloaded the app onto my iPad Pro. When I fired it up, I saw that it was a newer version than I had previously used, and whereas in the past there had been a button to sync to my iTunes account (I am subscribed via the in-app mechanism), that functionality was no longer present. Instead, there was a username/password combo. Since I had never needed one, I tried a few options, including the Forgot your password option with my iTunes email address, all with no success.

I then went to the HistoryNet website, to see if there was a way to sign up for an account and then to tie it to my iTunes account. No joy there either. After spending an hour or so, I gave up, and the next day, I called their support hotline. The woman who answered asked for my name, and my subscriber information. I told her I subscribed via iTunes, and she told me it wasn't their problem, that I should call Apple, and then she hung up. Since Apple did not write the app, I called back and got the same runaround from another support person, despite my explaining that this was their app, and they should be able to provide support for it. Click.

So, to this day, I cannot access my subscription. This is how you completely fail at providing any kind of customer support.

Today, since it is warm outside, we decided to open the doors to let in some fresh air. When I went to the HoneyWell website to turn off our HVAC systems, I found that I couldn't sign in. I tried both Chrome and Firefox, and neither worked. So, I turned to Twitter. I tweeted that I could not sign in, and within two minutes, on Christmas Day nonetheless, a representative had contacted me and we began a conversation. I was finally able to sign in with Safari, and the representative had indicated she would notify the dev team about the issue using the other two browsers.

Now THAT, folks, is how you provide customer support. Kudos to Honeywell and Michaela for their support.

Mark Turner : Jessica Holmes and the Wake Commissioners

December 06, 2016 11:03 PM

Jessica Holmes

Jessica Holmes

The new Wake County Board of Commissioners were sworn in last night and got to the business of picking its chair and vice-chair positions. Sig Hutchinson got unanimous support for Wake Chair while Matt Calabria won a split vote for vice-chair over Jessica Holmes. Jessica, apparently caught up in the moment, then announced she was resigning from the board.

This was a real shame and a shocker. Jessica has pushed some awesome initiatives during her two years on the board and her energy and enthusiasm made you want to cheer for her. Fortunately for all of us, she rescinded her resignation today and will continue to serve.

I am an acquaintance of Jessica and Matt but I know some of the other Wake Commissioners well. I don’t know what Jessica’s reasoning was for resigning (and she has yet to share it) but I do know the people she serves with are good people. I do not believe anyone was out to get her and I think she probably took things more personally than she should’ve. Politics is a long game. You can’t get tripped up by small setbacks.

The folks who think this is a racist or sexist thing (see “good people,” above) aren’t helping matters. The voters of Wake County selected these representatives; if you don’t like the make-up you can blame them. Or better yet, encourage more people of color to run for office. We have some great ones (like Jessica and many others) and could certainly use more. Labeling good representatives “good ol’ boys,” “the MALES,” or “white progressives” simply because they selected someone else as vice-chair is petty and insulting to good public servants. Jessica, to her credit, has not engaged in these characterizations but some of her supporters have and it’s not productive.

I think Jessica’s awesome and I’m thrilled she’s chosen to stay. That said, we don’t need drama, we need unity. Here’s hoping the board (and its supporters) can focus again on the amazing teamwork that has gotten us this far.

Update: apparently she did release a statement:

Yesterday, I shared my plan to resign my position from the Wake County Board of Commissioners. Serving the people of Wake County has been a privilege for which I am incredibly thankful. An opportunity had presented itself to me, and in part out of frustration, I had decided to pursue it. With the long awaited vote for the creation of Wake County’s first ever affordable housing committee, I felt proud for breathing life into an issue that has impacted me and my family and many others across our county and State. With this issue on track, I felt that I could step aside.

The overwhelming voice of my constituents has been for me to lead this work as chair of the affordable housing committee and continue pounding the pavement. This immense response from the community has encouraged me to reconsider this decision. Based on this calling, I am abandoning my original decision to resign and will stay to complete my term as a commissioner serving the community that I love. My apologies to those who were confused or upset by this decision.

Mark Turner : Scratch ANOTHER credit card. Sigh

December 02, 2016 03:35 AM

Kelly was checking her email this morning, expecting to find more birthday greetings. Instead, she turned to me and asked me if I had purchased pizza at Domino’s. Buying pizza at 7 AM is a little … unconventional, so I walked over to see why she would pose such a silly question. Turns out she was reading a “fraud alert” email from our credit card company, showing a purchase at Domino’s sometime today.

Cue the internal cursing and rolling eyes.

A phone call to the credit card company confirmed our fears. Someone had purchased $40 worth of Domino’s pizza in Missouri and used our credit card to do it. Our card was promptly canceled and new ones put in the mail.

It had been less than two weeks that we had those particular cards. Two. Fricking. Weeks (in truth, these new cards had the same number as our old cards but with a different CVV).

Turns out, last night I bought something online just a few hours prior. Rather than buy yet another product from Amazon, I bought it from a mom-and-pop shop. I don’t know for sure but I’m assuming their e-commerce website has been hacked.

This morning I filed a credit card fraud report with Raleigh Police, though I found out after filing it that since the crime didn’t occur in the City of Raleigh it was out of RPD’s jurisdiction. I also called the area PD in Missouri and asked for a detective to call me back. Finally, I left a message at the Domino’s letting them know what had happened. Have not yet heard back from anyone, though I did miss a call from RPD this evening. I figured this incident was more promising for prosecution than the last one since the last time was apparently a road-trip spending spree and it’s a bit easier to figure out who it was who picked up a pizza (or had one delivered). There’s more to go on.

It did get me wondering: who is the victim in this scenario? It was my card used but I don’t have to pay the fraudulent charge. Domino’s traded pizza for a fraudulent payment yet they’ll likely be reimbursed by the credit card company. Finally, the credit card company will likely write off the fraud like the $21.48 billion dollars worth of fraud the industry suffers each year. Now, I am motivated to get these perps some jail time. Domino’s doesn’t five a shit because they got paid, and the credit card company sure ain’t gonna sweat $40 if they’re losing billions elsewhere. Likely outcome? The Pizza Perps walk.

So if no one is willing to go after these crooks, what are the options? A coworker mentioned that some credit card companies offer one-time “virtual credit card numbers” that can be used when making purchases from vendors of unknown honesty (or security). Only my card no longer offers this feature due to lack of demand. I did find mention of an interesting startup called Privacy.com which can tack a virtual number onto your existing credit card but it’s only in “invitation” mode at this stage. I’m hoping I can get in.

In the meantime, I’m thinking we’ll keep at least two cards: one for trusted vendors (Amazon, groceries, airlines, online bills, etc.) and one for untrusted vendors (mom-and-pop stores with dubious security). I’m hoping to lessen the impact of the next credit card breach (because another breach is inevitable, sadly) so that the card we use most (the trusted one) is shielded from unnecessary exposure. We’ll give it a try for a little while and I’ll report back how it works.

Now if you’ll excuse me, I have a zillion automatic payment websites to update. Sigh.

Mark Turner : Raleigh quietly pulled the plug on Camp Ranoca. Why?

November 28, 2016 06:14 PM

We met Kelly’s family at a Virginia state park for our new “Cabin Thanksgiving” tradition. Standing around the campfire Friday night, we were close to exhausting our measly repertoire of camp songs when Hallie and Travis giddily led the others through several zany camp songs they had picked up from their summers at Raleigh’s Camp Ranoca. Anything that gets both of my kids to happily cooperate gets my attention and it was obvious they both looked back fondly on their Camp Ranoca experiences.

Hallie was greatly looking forward to the chance to be a camp counselor this summer at Camp Ranoca. She is excellent with kids and loves the camp experience. Goofiness runs in the family (if you couldn’t tell). She would’ve been great. I was probably as crushed as she was when we found out at the beginning of the year that Raleigh had quietly discontinued Camp Ranoca.

For those who aren’t familiar with Camp Ranoca, it is a summer day camp that the City of Raleigh Parks and Recreation department offered for over four decades (RaNoCa is a contraction of RAleigh, NOrth CArolina). Two generations of kids have grown up collecting mosquito bites, corny songs, swimmer’s ear, and sunburn at the camps held simultaneously at both Umstead Park and Durant Nature Park. There’s even a Facebook page devoted to Camp Ranoca. I would’ve thought the demise of such a beloved camp would’ve been cause for at least some announcement, but no such luck.

When I say “quietly,” I do mean quietly. Google searches turn up nothing. A few stale Google links point to a city webpage that used to have Camp Ranoca information but has since been scrubbed clean. Camp Ranoca isn’t listed in any of the minutes of the Raleigh City Council. All I was able to find is a budget item for the 2016-2017 budget [PDF], showing Camp Ranoca dropping funding from $140,000 last year to just $3,000 this year. Poof. Gone.


Back in February I emailed Diane Sauer, Director of Raleigh’s Parks, Recreation, and Cultural Resources department, asking for more information on Camp Ranoca’s demise. I never got an answer (UPDATE: turns out I used the wrong email address. Whoops.) and didn’t think to follow up until I saw the smiles on my kids’ faces Friday night.

I’m reaching out again to Raleigh’s Parks department to see if I can get the scoop. If Ranoca is gone for good, it deserves a proper send-off.

UPDATE 29 Nov:
I heard back from Scott Payne, Recreation Superintendent, with a detailed explanation to what led to the decision. tl;dr: dwindling demand ended Camp Ranoca. More on that in a future post.

Scott says:

Yes, Camp Ranoca as we knew it for more than 40 years no longer exists as one of our summer camp offerings. In 2015 we acknowledged challenges with delivering the traditional Camp Ranoca: an aging facility for Ranoca West; re-classification of Ranoca North’s home as a nature preserve; and a downward trend in registration for both sites. The Civilian Conservation Corps constructed Camp Whispering Pines located at William B. Umstead State Park hosted Ranoca West for decades, yet the facility had aged to a point where we could no longer sustain a quality experience. Durant Park, home to Ranoca North, was reclassified to Durant Nature Preserve, one of our four (4) nature preserves, with a new emphasis on education of natural environments, a direction supported by the 2014 Park System Plan. The downward trend in registration called to question if a traditional outdoor recreation-based summer camp still met the expectations of our patrons.

At the end of the 2015 summer camp season we made the very difficult (especially for me, my son attended and loved Ranoca) decision to not offer Camp Ranoca for 2016. We notified all of the 2015 Camp Ranoca families by letter of our decision for 2016 and shared information on other similar camp programs offered by the Department for the 2016 season. A team of staff developed an on-line survey instrument on desired summer camps experiences and administered to more than 5,600 attendees of our 2013-2015 summers programs, Camp Ranoca attendees as well as all of our other summer camp and program attendees. Analysis of the results from the survey confirmed patrons highly value outdoor activities such nature lessons, outdoor games, hiking, swimming and boating; however, participation in camp traditions (a Camp Ranoca hallmark) were not valued as highly. With this information and awareness in hand, our creative staff developed for the 2017 summer camp season a new outdoor-recreation focused camp series, “Oak City Adventures.” This series will originate from two (2) hubs, Durant Nature Preserve Park and Walnut Creek Wetland Center, with opportunities for 10-12 year olds as well as 13-15 year olds. The camps will be on the go, leaving each day from their respective “hubs” to visit and enjoy outdoor activities such as boating, swimming, hiking (and for the older group biking and kayking) at outdoor spaces the “City of Oaks” has to offer, Lake Johnson, Lake Wheeler, the Capital Area Greenway System, Neuse River, etc. Durant Nature Preserve now provides a series of smaller, environmental education-focused camps: these offerings were developed and successfully delivered in 2016.

In summary, Camp Ranoca, as we knew it, will not be offered as summer camp; yet, its memories of fun and laughter will live on. The Department now offers a new program, Oak City Adventures, seeking to create new memories of fun and laughter through new exceptional outdoor recreation-based experiences.

So there ya go.

Mark Turner : Need Photos of Raleigh? Mark Turner Says Use His for Free, Please. – Raleigh Agenda

November 28, 2016 05:47 PM

Raleigh Agenda wrote about my public domain photos of Raleigh today.

I first met Mark Turner on the corner of McDowell and Hargett streets for a mysterious “field trip,” as he had called it.

“C’mon, there’s something I want to show you,” he told me, motioning up the street toward DECO. He seemed eager to push past the handshakes and how-do-you-dos, so the adventure could begin. Inside the gift shop, he directed me toward a little basket filled with postcards.

“See that?” he asked, holding up a pack of cards that featured a colorful, sketch-like rendering of the Raleigh skyline. “These are based on the picture of Raleigh that I uploaded to Wikipedia. All the streets line up.”

Sure enough, the skyline sketch—captured from the Western Boulevard overpass, looking northeast in 2008—employed the same angle and details as the picture that accompanies the Raleigh, North Carolina Wikipedia entry. Even a red minivan was echoed on the postcard, eternally stuck in traffic. That’s Turner’s shot, free to anyone who wants to use it.

Source: Need Photos of Raleigh? Mark Turner Says Use His for Free, Please. – Raleigh Agenda

Scott Schulz : Encrypted Evernote Notes with Saferoom

November 24, 2016 04:10 PM

One of the biggest failings of Evernote as it stands is the inability to encrypt notes and/or notebooks. While Evernote does now offer the ability to encrypt the text of a note, any attached documents are not encrypted, so it cannot be used to store financial or tax documents (at least not securely). Note: The other failing (IMHO) is the overly simplistic editor.

So while perusing the Evernote forums the other day, I came across an application called Saferoom which offers the ability to encrypt the entirety of a note. Unfortunately, the workflow is still rather clunky, i.e. one has to move a note to a special Encrypt folder, then encrypt it via the installed Mac app (button click), then move it to wherever you want to keep it, and finally, you have to delete the original note still in the Encrypt folder. Decryption follows a similar procedure.

They are working on a Saferoom Pro app which may offer this functionality via the Right-click menu, but as Evernote has no Mac SDK, they are porting functionality from IOS at this time. However, if you merely want to create and encrypt notes quickly, they do have a Linux app which streamlines a bit of this, but rather than using the Evernote app, the Linux client works in your web browser via a local Python-based website. Since I am using this a fair amount, I thought I'd post my quick install instructions.

I tend to keep most apps and their required modules separated in virtual environments, so the following steps are based around using Virtualenvwrapper, though the pieces could just as easily be installed into the standard system locations. Also, despite being labelled as a Linux application, being Python, it runs fine on a Mac, which is where I am using it.


Create the virtual environment (which auto-activates the environment), and install the dependencies (Note: while they have laid a foundation for Python 3 support, in many places they still use the statement form of print, i.e. print text, so the app is not yet Python 3 compliant):

$ mkvirtualenv saferoom
$ pip install flask requests evernote pycrypto beautifulsoup4

Clone the software from Github and change into that directory:

$ git clone https://github.com/saferoom-app/saferoomlinux saferoom
$ cd saferoom

To use the software, you need to give it an Evernote developer token, available here. Once retrieved, add it to config.ini:

$ vim config.ini

evernote_developer = <put long token ID here >

Create, or add your Saferoom key to the repository (if you are already using the official Mac app, use the same here):

$ python passwd.py

Once those steps are complete, start up the server which can then be accessed at http://localhost:5000.

$ python server.py

One thing I have noticed is that when opening a notebook, depending on the contents I occasionally receive an error message indicate that the contents could not be decoded. It appears that on first pass, they are trying to encode a (probably already encoded) string to UTF-8, which throws the error (it forces Python to try s.decode().encode('UTF-8')). Simply clicking on the notebook again should display the contents properly.

If all is working, you should now be able to browse your notes, and add new encrypted notes and attachments.

Saferoom Add Note

The nice part about using this app, is that it lets you decrypt notes in place. It displays the contents in a popup window immediately, rather than making you go through all of the steps mentioned above.

Saferoom View Note

Best of luck!

Scott Schulz : Encrypted Evernote Notes with Saferoom

November 24, 2016 04:10 PM

One of the biggest failings of Evernote as it stands is the inability to encrypt notes and/or notebooks. While Evernote does now offer the ability to encrypt the text of a note, any attached documents are not encrypted, so it cannot be used to store financial or tax documents (at least not securely). Note: The other failing (IMHO) is the overly simplistic editor.

So while perusing the Evernote forums the other day, I came across an application called Saferoom which offers the ability to encrypt the entirety of a note. Unfortunately, the workflow is still rather clunky, i.e. one has to move a note to a special Encrypt folder, then encrypt it via the installed Mac app (button click), then move it to wherever you want to keep it, and finally, you have to delete the original note still in the Encrypt folder. Decryption follows a similar procedure.

They are working on a Saferoom Pro app which may offer this functionality via the Right-click menu, but as Evernote has no Mac SDK, they are porting functionality from IOS at this time. However, if you merely want to create and encrypt notes quickly, they do have a Linux app which streamlines a bit of this, but rather than using the Evernote app, the Linux client works in your web browser via a local Python-based website. Since I am using this a fair amount, I thought I'd post my quick install instructions.

I tend to keep most apps and their required modules separated in virtual environments, so the following steps are based around using Virtualenvwrapper, though the pieces could just as easily be installed into the standard system locations. Also, despite being labelled as a Linux application, being Python, it runs fine on a Mac, which is where I am using it.


Create the virtual environment (which auto-activates the environment), and install the dependencies (Note: while they have laid a foundation for Python 3 support, in many places they still use the statement form of print, i.e. print text, so the app is not yet Python 3 compliant):

$ mkvirtualenv saferoom
$ pip install flask requests evernote pycrypto beautifulsoup4

Clone the software from Github and change into that directory:

$ git clone https://github.com/saferoom-app/saferoomlinux saferoom
$ cd saferoom

To use the software, you need to give it an Evernote developer token, available here. Once retrieved, add it to config.ini:

$ vim config.ini

evernote_developer = <put long token ID here >

Create, or add your Saferoom key to the repository (if you are already using the official Mac app, use the same here):

$ python passwd.py

Once those steps are complete, start up the server which can then be accessed at http://localhost:5000.

$ python server.py

One thing I have noticed is that when opening a notebook, depending on the contents I occasionally receive an error message indicate that the contents could not be decoded. It appears that on first pass, they are trying to encode a (probably already encoded) string to UTF-8, which throws the error (it forces Python to try s.decode().encode('UTF-8')). Simply clicking on the notebook again should display the contents properly.

If all is working, you should now be able to browse your notes, and add new encrypted notes and attachments.

Saferoom Add Note

The nice part about using this app, is that it lets you decrypt notes in place. It displays the contents in a popup window immediately, rather than making you go through all of the steps mentioned above.

Saferoom View Note

Best of luck!

Warren Myers : vampires vs zombies

November 23, 2016 05:00 PM

A few years ago I wrote about why I like good vampire and zombie stories.

I had an epiphany this week related to that, that I thought you’d all find interesting.

If vampires exist, zombies can not exist [long] in the same universe. Why? Because they’d be eliminating the only source of food for the vampires. And since vampires are, more or less, indestructible (at least to the wiles of marauding zombies), when they eliminated zombie outbreaks, they’d do it quickly and efficiently – and, most likely, quietly.

Mark Turner : NASA Team Claims ‘Impossible’ Space Engine Works—Get the Facts

November 23, 2016 02:55 AM

A paper describing NASA’s spooky new EMDrive microwave propulsion engine has survived peer review. Scientists are still scratching their heads over how this seemingly impossible engine appears to work. Cool!

After years of speculation, a maverick research team at NASA’s Johnson Space Center has reached a milestone that many experts thought was impossible. This week, the team formally published their experimental evidence for an electromagnetic propulsion system that could power a spacecraft through the void—without using any kind of propellant.

According to the team, the electromagnetic drive, or EmDrive, converts electricity into thrust simply by bouncing around microwaves in a closed cavity. In theory, such a lightweight engine could one day send a spacecraft to Mars in just 70 days.

Source: NASA Team Claims ‘Impossible’ Space Engine Works—Get the Facts

Warren Myers : results from running pi-hole for several weeks

November 21, 2016 09:55 PM

I came across pi-hole recently – an ad blocker and DNS service that you can run on a Raspberry Pi in Raspian (or any Debian or Ubuntu (ie Debian-like)) system. Using pi-hole should obviate the need for running ad-blockers in your browser (so long as you’re on a network that is running DNS queries through pi-hole).

I’ve seen some people running it on CentOS – but I’ve had issues with that combination, so am keeping to the .deb-based distros (specifically, I’m running it on the smallest droplet size from Digital Ocean with Ubuntu 16.04).

First the good – it is truly stupidly-simple to get setup and running. A little too simple – not because tools should have to be hard to use, but because there’s not much configuration that goes in the automated script. Also, updating the blacklist and whitelist are easy – though they don’t always update via the web portal as you’d hope.

Second, configuration is almost all manual: so, if you want to use more than 2 upstream DNS hosts (I personally want to hit both Google and Freenom upstream), for example, there is manual file editing. Or if you want to have basic auth enabled for the web portal, you need to not only add it manually, but you need to re-add it manually after any updates.

Third, the bad. This is not a pi-hole issue, per se, but it is still relevant: most devices that you would configure to use DNS for your home (or maybe even enterprise) want at least two entries (eg your cable modem, or home wifi router). You can set only one DNS provider with some devices, but not all. Which goes towards showing how pi-hole might not be best run outside your network – if you run piggy-back DHCP and DNS both off your RPi, and not off the wireless router you’re probably running, then you’re OK. But if your wireless router / cable modem demands multiple DNS entries, you either need to run multiple pi-hole servers somewhere, or you need to realize not everything will end up going through the hole.

Pi-hole sets up lighttpd instance (which you don’t have to use) so you can see a pretty admin panel:


I added basic authentication to the admin subdirectory by adding the following lines to /etc/lighttpd/lighttpd.conf after following this tutorial:

#add http basic auth
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/.htpasswd/lighttpd-htdigest.user"
auth.require = ("/admin" =>
( "method" => "digest",
"realm" => "rerss",
"require" => "valid-user" )

I also have 4 upstream DNS providers in /etc/dnsmasq.d/01-pihole.conf:


I still need to SSLify the page, but that’s coming.

The 8.8.* addresses are Google’s public DNS. The 80.80.* addresses are Freenom’s. There are myriad more free DNS providers out there – these are just the ones I use.

So what’s my tl;dr on pi-hole? It’s pretty good. It needs a little work to get it more stable between updates – but it’s very close. And I bet if I understood a little more of the setup process, I could probably make a fix to the update script that wouldn’t clobber (or would restore) any custom settings I have in place.

Tarus Balog : Network World Reviews OpenNMS

November 21, 2016 04:22 PM

Today Network World published the results of a comparison among open source network monitoring applications. OpenNMS did not win but I was pretty happy with the article.

The main criticism I have is that the winner, Pandora FMS, seems to be the only one of the four reviewed that is more “open core” than “open source”. They have a large number of versions, each with different features, and you have to pay for those features based on the number of monitored devices. It seems to be difficult to have open source software that is limited in this fashion, as anyone should be able to easily remove that limit. Thus I have to assume that their revenue model is firmly based on selling software licenses, which is antithetical to open source. That said, it looks like the review was based on the “community” version of Pandora which does appear to be free software, just don’t expect any of the “enterprise” features to be available in that version any time soon.

I don’t know why I have such a visceral dislike of the “per managed node” pricing model, outside of having to deal with it back in the 1990s and 2000s. It seems like an unnecessary tax on your growth, “hey, customer, for every new device you add you have to pay for another monitoring license.” Plus, in these days of virtualization and microservices it seems silly. Our customers might spin up between 10 and 100 virtual servers as needed and tear them down just as quickly, and I can’t imagine the complexity that would get added to have to manage a license of each one of them.

Network World Comparison

Of the other applications reviewed, I’m not familiar with NetXMS but I do know Zabbix. They, like OpenNMS, are 100% open source and they are great people. It was awesome to finally meet Alexei Vladishev in person at this year’s All Things Open conference.

Alexei Vladishev and Tarus Balog

The only other thing that immediately pushed a button was the sentence “All four products were surprisingly good.” At first I took it to express surprise that free software could also be good, but then I calmed down a bit and figured they meant it was surprising that all four applications were strong.

For the article they installed OpenNMS on Windows. When I read that my heart just sank, because while it does run on Windows our support of that operating system grew out of a bet. We were talking many years ago about Java’s “write once, run anywhere” slogan and I mentioned that if that were true, why don’t we run on Windows? The team took up the challenge and it took two weeks to port. The first week was spent getting the few bits of code written in C to compile on Windows, and the second week on soft-coding the file separator character so that it would use a back-slash instead of a forward-slash. Even on Windows, the comments in the article were really positive, which make me think this whole Java thing isn’t such a bad idea after all (grin).

They used Windows because apparently was an issue with getting OpenNMS installed on CentOS 7, which was a surprise to me, but then Ronny pointed out that there can be some weird conflicts with Java and packages like LibreOffice that I don’t experience since I always do a minimal install. There is a cool installer for CentOS 7 which may help with that. We also maintain Docker images that make installation easy if you are used to that environment.

Fortunately, or unfortunately, not much has been done for OpenNMS on Windows since we got it working. It is fortunate because not much is required to keep OpenNMS running on Windows due to Java, but it is unfortunate because we really don’t have the Windows expertise that would be required to get it to run as a service, create an MSI installer, etc. Susan Perschke, the author of the article, seems to be a Windows-guru so I plan to reach out to her about improving the OpenNMS experience for Windows users.

One thing that is both common and valid is criticism of the web user interface. At the moment we spend most of our time focused on making OpenNMS even more scalable, and thus we don’t have the resources to make the user interface easier to use. That is changing, and most of the current effort goes into Compass™, the OpenNMS mobile app. The article didn’t mention it which means they probably didn’t try it out, which is more a failure on our part to market it versus an oversight on theirs.

They also didn’t talk directly about scalability, although it was listed in the comparison chart (see above). OpenNMS is designed to monitor tens of thousands to hundreds of thousands of devices with our goal to be virtually unlimited in order to address scale on the order of the Internet of Things. That is why we wrote Newts for storing performance data and are working on both the Minion and Underling to easily distribute OpenNMS functionality.

Another reason we haven’t spent much time on the user interface is that our larger customers tend not to use it much. They rely on the ReST interface to integrate their own systems with OpenNMS and on things like the Trouble Ticketing API for alerts. As the paradigm shifts from monitoring devices to monitoring services, we have made improvements to the user interface for such things as “Business Service Monitoring.

But still, it was nice to be included. We don’t do much direct marketing and even though typing “open source network monitoring” into Google returns OpenNMS as the first hit we are often overlooked. Let’s hope they revisit this in a year and we can impress them even more.

Mark Turner : Jon Stewart on President-elect Trump, hypocrisy in America – YouTube

November 19, 2016 10:59 PM

After Jon Stewart left “The Daily Show” last summer, much of the presidential campaign went on without his unique and satirical point of view. Charlie Rose met with Stewart to discuss his new book about the more than 16 years he spent at the Comedy Central program. Stewart was quick to give his post-election analysis.

Mark Turner : Autocracy: Rules for Survival | by Masha Gessen | NYR Daily | The New York Review of Books

November 19, 2016 10:42 PM

However well-intentioned, this talk assumes that Trump is prepared to find common ground with his many opponents, respect the institutions of government, and repudiate almost everything he has stood for during the campaign. In short, it is treating him as a “normal” politician. There has until now been little evidence that he can be one.

More dangerously, Clinton’s and Obama’s very civil passages, which ended in applause lines, seemed to close off alternative responses to his minority victory. (It was hard not to be reminded of Neville Chamberlain’s statement, that “We should seek by all means in our power to avoid war, by analyzing possible causes, by trying to remove them, by discussion in a spirit of collaboration and good will.”) Both Clinton’s and Obama’s phrases about the peaceful transfer of power concealed the omission of a call to action. The protesters who took to the streets of New York, Los Angeles, and other American cities on Wednesday night did so not because of Clinton’s speech but in spite of it. One of the falsehoods in the Clinton speech was the implied equivalency between civil resistance and insurgency. This is an autocrat’s favorite con, the explanation for the violent suppression of peaceful protests the world over.

Source: Autocracy: Rules for Survival | by Masha Gessen | NYR Daily | The New York Review of Books

Mark Turner : The Right Way to Resist Trump – NYTimes.com

November 19, 2016 10:29 PM

Five years ago, I warned about the risk of a Donald J. Trump presidency. Most people laughed. They thought it inconceivable.

I was not particularly prescient; I come from Italy, and I had already seen this movie, starring Silvio Berlusconi, who led the Italian government as prime minister for a total of nine years between 1994 and 2011. I knew how it could unfold.

Now that Mr. Trump has been elected president, the Berlusconi parallel could offer an important lesson in how to avoid transforming a razor-thin victory into a two-decade affair. If you think presidential term limits and Mr. Trump’s age could save the country from that fate, think again. His tenure could easily turn into a Trump dynasty.

Source: The Right Way to Resist Trump – NYTimes.com

Warren Myers : i’m surprised facebook doesn’t offer something akin to aws, gcp, azure, etc

November 18, 2016 09:08 PM

Given the ridiculous popularity of Facebook, their huge datacenter investments, super-resilient computing models, etc, I’m very surprised they haven’t gotten into the cloud computing business like Amazon’s AWS, Google’s Cloud, Microsoft Azure, Digital Ocean, etc.

Tarus Balog : Android Open Source Frustrations

November 18, 2016 06:02 PM

I used to be a huge fan of Apple products, but as they started to lock down their ecosystem the limitations they created started to bother me, so I switched to running as much open source as possible.

It wasn’t, and isn’t always now, easy. One of the gripes I still have against Apple is that their commercial success has spawned a ton of imitators who have decided to lock down their products, quite often without the Apple savvy to back it up. Unfortunately, Google seems to be joining these ranks.

I’m a fan of Google, they do a lot to support open source, and I use a Nexus 6 as my primary “hand terminal” (handy). However, I run alternative software on it, namely OmniROM, which gives me more control over my experience and security.

I pretty much run open source software on all my technology with few exceptions, one being my Android Wear watch. I noticed that there was a new update to Android Wear (version 2.0) so I went to play with it. When I launched the app I got this screen:

Android Wear App Error


So I went off to search for a solution to the error message “This phone has been flashed with an unsupported configuration for companion. you must re-flash it as either signed/user or unsigned/userdebug”. I found a couple of answers that suggested I edit the build.prop file and change




In order to do this, you have to have root access to your phone.


I do root my phone, but I haven’t done it in awhile because Google has introduced this thing called “SafetyNet“. The stated purpose is to prevent malware but in practice what it does is torpedo people like me who actually want to control the software on the devices they own. If you install a custom ROM or have root access, certain applications will not run.

Now I have to choose between running the Android Wear app or, say, Pokémon Go. I chose Android Wear (I pretty much finished Pokémon Go).

The process: Boot into recovery, install SuperSU, boot into system, use a file editor to edit /system/build.prop and change ro.build.type from “userdebug” to “user”, reboot.

Android Wear Mute

So Android Wear will start now, but to add to the frustration the one feature I hoped they would fix is still broken for me. It used to be that if my watch was actively paired with the phone, it would mute ringing and other audio notifications. It doesn’t (and none of the fixes I’ve found work for me) so now I just remember to decrease the volume on the phone down to “vibrate”.

Pokemon Go Blocks root

And, I verified that Pokémon Go will not start now – it hangs on the login screen and then reports an error. This is whether or not SuperSU is enabled, and I think I would have to remove it entirely to get it to work.

Now I know that I can install other apps that will hide the fact that my phone is rooted, but if I do that the terrorists win. I would just rather use apps that don’t force me to give up my rights.

Which brings me to the last frustration. I purchased a bunch of content from Google, but now I can’t access it on this phone. I get “couldn’t fetch license”. This started recently so I believe it has something to do with SafetyNet, but repeated calls to Google Play support yielded no answers.

Google License Error - Deadpool

I have a Google 6P that is stock and doesn’t suffer from the download issue, so it stands to reason that there is some “protection” in place that is preventing me from accessing the content I purchased. I solved the problem by not buying content from Google Play anymore.

I’m pretty certain that it is only going to get worse. Google used to be much better about such things but I think they want to emulate Apple in more ways than one (see the new Pixel phone if you don’t believe me) and that is a shame for all of us.

UPDATE: I found a better way to do this that doesn’t require root. Assuming you have a custom recovery like TWRP, you can simply boot into recovery and then connect the handy to a computer. Using “adb shell” you can then access the system directory and edit the build.prop file directly.

Mark Turner : Obama Is Warning America About Trump’s Presidency. Are You Listening? | New Republic

November 17, 2016 12:55 AM

President Barack Obama’s remarks about Donald Trump in his Monday press conference contained some of the most ominous words I’ve heard since news networks began calling the election for Trump early last Wednesday morning. But you may not have heard them.

It is an understatement to say that Obama’s departure from the White House is occurring under unusual circumstances. He is managing a transition to the presidency of someone he believes is unfit for that office, who has empowered racist hate groups, wants to undo the Obama presidency, and shouldn’t be entrusted with nuclear weapons.
In a tense environment where reporters, government workers, world leaders, and anxious citizens and immigrants understandably are scrutinizing every Donald Trump tweet and utterance and leak, Obama’s closing thoughts on the presidency and his successor will be given short shrift. But the things he says about the transition contain critical information about its progress and his confidence that, on the other side of it, things will run smoothly.

His Monday comments suggests he has very little confidence that they will.

Source: Obama Is Warning America About Trump’s Presidency. Are You Listening? | New Republic

Mark Turner : The Role of Rural Resentment in Trump’s Victory – CityLab

November 16, 2016 10:23 PM

Donald Trump’s victory in Wisconsin last week marked the first time a Republican presidential candidate has won there since 1984. The seemingly massive political shift that took place in this Midwestern U.S. state on Election Day, particularly in its rural counties, has since been thrust into the national spotlight.

In trying to better understand what happened in Wisconsin, and for that matter in the outcome of the election nationwide, one of the first people I wanted to speak with was Kathy Cramer. For almost a decade, the political science professor at the University of Wisconsin-Madison has been inserting herself into the casual political conversations of smaller rural communities in her state—listening, asking questions, and ultimately identifying the common threads she’s been able to uncover.

Source: The Role of Rural Resentment in Trump’s Victory – CityLab

Mark Hinkle : 2016 Guide to the Open Cloud

November 16, 2016 02:47 PM

2016 Guide to the Open CloudThis year I, along with Linux.com Editor-in-Chief Libby Clark, collated the 2016 Guide to the Open Cloud with input from various experts in the cloud computing industry. It’s a directory of this year’s most relevant cloud computing technologies.

The report covers:

  • IaaS
  • PaaS
  • Virtualization
  • Cloud operating systems
  • Container management and automation
  • Unikernels
  • DevOps (complete CI/CD, configuration management, logging and monitoring)
  • Software-defined networking (SDN)
  • Software-defined storage

Download the report from Linux.com for free. 

Mark Turner : Another talk with the Digital Connectors

November 16, 2016 03:17 AM

I was honored again to be invited to speak to the Raleigh Digital Connectors about blogging tonight. Hopefully I inspired some of them to take up writing (and hopefully blogging) on a regular basis. I certainly enjoyed the opportunity to share my experience and look forward to what they create and share with the world.

Mark Turner : T-Mobile trips Google’s security measures

November 16, 2016 03:08 AM

This afternoon Kelly forwarded me an alarming-looking email purportedly from Google and asked me to see if it was a phishing attempt. “Someone has your password,” warned the emails. Kelly is rightfully suspicious of any unexpected email claiming that one’s account is locked or compromised so I thought this was just another phishing attempt.

Fraud or not? Always be on guard!

Fraud or not? Always be on guard!

But then I looked carefully at the message. The headers showed it came from Google. The link included went to an actual Google server. It was legit. Yikes! Did Kelly get hacked?

Some interesting clues were present. First, she got three such emails, one for her account and each kid’s account. The only device on which all three accounts are present is her mobile phone. It had to be something with her phone!

So did her phone get hacked? Not likely. It’s brand new and fully patched. She and the kids all use decent passwords, too. I couldn’t think of any reason her phone could have been hacked.

Another clue was that Google’s emails all listed the exact same time for the alleged hack. It was unlikely that all three accounts would be hacked simultaneously, and even more unlikely they’d be successfully hacked on the very first try!

So if the phone wasn’t hacked, what was going on here? Following the link in Google’s email showed us the IP address associated with the alleged security breach. It was an IPv6 address that whois helpfully told me belonged to … T-Mobile. T-Mobile is the phone carrier of Kelly’s new phone. It was proof that no security breach had taken place.



What I’m guessing happened was that some of the IP addresses T-Mobile hands out to its phone subscribers are simply mapped to the company’s locations around America. Today’s address was listed as being in Seattle. Another one Google flagged on Thursday showed Kelly in Miami. Needless to say, Kelly wasn’t in either of these places. It’s just that Google’s geolocation algorithm thought she was.

I don’t know if T-Mobile or Google is to blame here. It’d be nice perhaps if T-Mobile had reverse-mapped DNS entries that somewhat corresponded to a physical location. Or Google could do a better job of mapping IP addresses to places. Either way, I’m glad Google takes security seriously enough to be watching for funny business with our accounts. Hopefully they can hone their fraud detection a bit more to account for wacky networks like T-Mobile’s.

Warren Myers : a history of hollywood and hacking

November 15, 2016 11:04 PM

As shared in the most recent Crypto-Gram, Bruce Schneier’s monthly newsletter.

  • 1980s – kid hackers, nerds and Richard Pryor
  • 1990s – Techno, virtual reality and Steven Seagal’s Apple Newton
  • 2000s – Real life hackers, computer punks and Hugh Jackman dancing

Mark Turner : How We Broke Democracy (But Not in the Way You Think) – Medium

November 14, 2016 08:15 PM

How Facebook divides us.

Since we feel uncomfortable when we’re exposed to media that pushes back on our perspective (like that weird political uncle you see at a family reunion), we usually end up avoiding it. It requires a lot of effort to change opinions, and generally it feels gross to have difficult chats with people that don’t agree with us. So, we politely decline the opportunity to become their friend, buy their product, read their magazine, or watch their show.

We insulate ourselves in these ‘information ghettos’ not because we mean to, but because it’s just easier.Our own Facebook feed is no different. It is a manifestation of who we are. It was created by us: by the things we have liked in the past, by the friends we have added along the way, and by people that tend to have opinions a lot like ours. It is made by us.

This is self-segregation, and it happens naturally. But the success of Facebook’s algorithm has effectively poured gasoline on this smoldering innate bias.

Source: How We Broke Democracy (But Not in the Way You Think) – Medium

Mark Turner : Bernie Sanders: Where the Democrats Go From Here – The New York Times

November 13, 2016 05:46 PM

Bernie Sanders’ op-ed in the New York Times.

I am saddened, but not surprised, by the outcome. It is no shock to me that millions of people who voted for Mr. Trump did so because they are sick and tired of the economic, political and media status quo.

Working families watch as politicians get campaign financial support from billionaires and corporate interests — and then ignore the needs of ordinary Americans. Over the last 30 years, too many Americans were sold out by their corporate bosses. They work longer hours for lower wages as they see decent paying jobs go to China, Mexico or some other low-wage country. They are tired of having chief executives make 300 times what they do, while 52 percent of all new income goes to the top 1 percent. Many of their once beautiful rural towns have depopulated, their downtown stores are shuttered, and their kids are leaving home because there are no jobs — all while corporations suck the wealth out of their communities and stuff them into offshore accounts.

Source: Bernie Sanders: Where the Democrats Go From Here – The New York Times

Mark Turner : Bernie’s empire strikes back – POLITICO

November 13, 2016 05:45 PM

Supporters of Bernie Sanders’ failed presidential bid are seizing on Democratic disarray at the national level to launch a wave of challenges to Democratic Party leaders in the states.

The goal is to replace party officials in states where Sanders defeated Hillary Clinton during the acrimonious Democratic primary with more progressive leadership. But the challenges also represent a reckoning for state party leaders who, in many cases, tacitly supported Clinton’s bid.

Source: Bernie’s empire strikes back – POLITICO

Mark Turner : In rural-urban divide, U.S. voters are worlds apart | Reuters

November 13, 2016 05:43 PM

Semi-retired Wisconsin pig farmer John Lader does not think much of Donald Trump as a messenger, but voted for what he described as the Republican president-elect’s message of change and economic hope for America.

“The last few years, there hasn’t been much optimism and hope among working people in rural areas in this country,” said Lader, 65, who lives in the farmland outside the southern Wisconsin city of Janesville.

Around 65 miles (105 km) to the northeast in the state’s biggest city of Milwaukee, Jose Boni, who cleans offices at a local university and rents out several homes, heard a different message: Trump’s plan to build a wall on the U.S.-Mexican border and vow to deport the estimated 11 million immigrants who are in the United States illegally, most of whom are Hispanic.

“He doesn’t care about our community or working people, he only cares about himself,” said Boni, 57, an Ecuador-born U.S. citizen.

The different worlds of Lader and Boni help illustrate the rural-urban divide that was critical to the outcome of Tuesday’s U.S. presidential election.

Source: In rural-urban divide, U.S. voters are worlds apart | Reuters

Mark Turner : Elizabeth Warren Gears Up to Battle Donald Trump | Mother Jones

November 11, 2016 05:21 PM

With Democrats reeling from the election, Sen. Elizabeth Warren (D-Mass.), who was one of the leading Trump-blasters of her party, vowed on Thursday to continue battling the president-elect—while adding that she would be delighted to collaborate with him on some of the populist issues he raised during the campaign.

Speaking at the Washington, DC, offices of the AFL-CIO union federation on Thursday, in an event shown on Facebook Live, Warren declared, “If Trump is ready to go on rebuilding economic security for millions of Americans, so am I, and so are a lot of other people—Democrats and Republicans.” She noted that on the campaign trail, Trump had criticized Wall Street’s power in Washington and promised not to cut Social Security benefits—areas of common ground. But Warren, whom Trump derided as “Pocahontas” during the election, warned that if Trump tries to tear down the Dodd-Frank Wall Street reform law—which overhauled the financial industry after the 2008 meltdown—or to gut the Consumer Financial Protection Bureau, she would fight him “every step of the way.”

Source: Elizabeth Warren Gears Up to Battle Donald Trump | Mother Jones

Mark Turner : An App Called Brigade Saw Trump Winning Swing States When Polls Didn’t : All Tech Considered : NPR

November 11, 2016 03:40 PM

In 2016, the polls got it wrong. They failed to predict that Donald Trump was winning key battleground states. But a startup in San Francisco says it spotted it well in advance, not because of the “enthusiasm gap” — Republicans turning out and Democrats staying at home. Instead, the startup Brigade’s data pointed to a big crossover effect: Democrats voting for Trump in droves.

The company built an app that asks a simple question: Which candidate are you going to vote for?

It’s like what boots-on-the-ground organizers do. Though there is one big difference. In the physical world, most people aren’t wearing their candidate button for the 18 months leading up to the election.

Source: An App Called Brigade Saw Trump Winning Swing States When Polls Didn’t : All Tech Considered : NPR

Mark Turner : President Trump: How and Why

November 11, 2016 03:24 PM

Satirst Tom Walker’s Jonathan Pie character rightfully rips the Democratic Party for losing to Trump.

Tarus Balog : 2016 All Things Open

November 10, 2016 07:17 PM

I made the decision to stop going to conferences for 2016, but I made an exception for All Things Open (ATO). Not only is it an amazing show, it’s also in my back yard, and the combination is not something I can pass up.

I love conferences. My favorite track is always the “hallway” track and I really enjoy spending time with people that I tend only to see these events. The problem is that I started to do the math.

In 2015, due to work travel, I was gone part or all of 26 weekends (I travel about 50% of the time, and often that means I head out on Sunday and back on Saturday). That leaves 26 weekends free. Of those, at least 10 are taken up with vacations, holidays, birthdays and other social engagements, leaving me just 16 or so weekends to myself. If I do 5 to 10 conferences, most of which are held over a weekend, I’m left with less than a weekend a month.

Plus, OpenNMS is going like gang-busters, so I really need to focus on that business. While I love open source conferences, we don’t get many customers out of them (one exception is the Ohio Linuxfest which seems to attract a large number of OpenNMS users) so it can be hard to justify the time (although they are a whole lot of fun).

Anyway, since ATO was the main show I was going to be involved with this year, we decided to host a party that first night. I also submitted some papers, and to my surprise two of them were accepted.

I headed out on Tuesday afternoon, as the wonderful team at opensource.com was hosting a gathering for contributors that night. That was a lot of fun and a number of us ended up at Foundation afterward. As a cocktail enthusiast I had always wanted to visit, but it is about an hour from my house I don’t want to drink and drive. Since I was staying downtown for the event, that issue went away and I had a great time.

The conference was held in the Raleigh Convention Center, and you could see the registration desk from my hotel room.

ATO - View from Marriott

Wednesday was start of the conference. ATO is organized by Todd Lewis, the nicest guy in open source, and he kicked off the keynotes.

ATO - Todd Lewis

Todd’s superpower is organization, and not only did the conference run smoothly, he got some great speakers. Jim Whitehurst, the CEO of Red Hat, did a talk on the social benefits of open source.

ATO - Jim Whitehurst

We also got a talk from Mark Hinkle, the VP of Marketing of the Linux Foundation. He was recruited at the last minute due to a cancellation, and I thought he did a good job especially considering his time to prepare (unlike normal, I actually had my presentations done at least a week before the conference).

ATO - Mark Hinkle

He started off with some “separated at birth” pictures between punk rockers and open source personalities, which reminded me of something that hit me when it was announced that the DB Cooper investigation was being closed.

ATO - DB Cooper and Jim Whitehurst

I think Jim was about four years old when DB Cooper hijacked that plane, but the similarity is striking.

Another keynote speaker was Jono Bacon.

ATO - Jono Bacon

Always (well, usually) interesting, I love how he has been working the relatively new field of behavioral economics into his talks of late. It is the study of how human psychology can impact economic decision-making and I think it has a lot of relevance in a field where businesses often tout the word “free”. By understanding how we behave we can better align our communities to meet the needs and desires of their participants.

After the keynotes were the individual sessions. I had two back-to back.

ATO - Tarus Balog

Thanks to Ben for the picture, which captures me in my full “Fred Flintstone” glory. Click on the pic below if you want to see the slides, and I did a interview for DZone on my talks. I did embed some video which won’t show up on the PDF, though.

My first talk was on the challenges facing us with the Internet of Things, especially when it comes to monitoring.

ATO - Silos Presentation

It was lightly attended but everyone who came seemed to get a lot out of it.

Right after that I did a new, updated version of my open source business talk.

ATO - Business Presentation

That one was standing room only, and I was really pleased with the feedback. One guy was telling me that he has seen a number of presentations about running an open source business but mine was the only one with concrete examples. I’m glad folks liked it.

Once my talks were done it was time for lunch and I was pretty much done with my obligations. The main one left was to help prepare for the OpenNMS Group sponsored concert at King’s Raleigh. We had hired MC Frontalot and his band to play a show in Portland, Oregon for OSCON, and the Doubleclicks opened. It was so much fun we decided it would be cool to bring it closer to home.

ATO - Doubleclicks

If you haven’t heard of the Doubleclicks you should check out their music. Even if you have, you might want to familiarize yourself with their catalog, especially if, like I did, you think it would be funny to shout out “Freebird!” in the middle of their show (ouch).

ATO - Mc Frontalot

The MC Frontalot set was really tight as well. I love working for professionals. We when got there and there was no keyboard and half the drum kit was missing, I was a mess. They calmly got it all sorted and then really kicked it during the show. They premiered “Freedom Feud” – a song we commissioned about free software. Front is still working on the final master and we have a video in production, so look for it to be posted soon, and thanks to Ben for the concert pics.

Even though I didn’t get to bed until about 04:30 (we eventually ended up in the hotel listening to some tracks Front is writing for the next album that’s all about the Internets) I was back up at 08:00 for Day Two of ATO. With my responsibilities out of the way it was nice to listen to the talks and visit with all the cool people in attendance.

Many thanks to everyone who came to my talks, to Todd and Company for a great show, and to OpenNMS for hosting a party for all my friends. See you next year.

Mark Turner : I am. – Cassie Hewlett

November 10, 2016 06:46 PM

A friend shared this blog post from a Republican college student, who wrote about what it is like to be a Republican college student.

I have reminded my liberal friends of the mistake of dismissing Trump supporters simply as racists (I will be writing more about this when I come up for air from all the stuff going on). The author here is right in reminding everyone of this.

I don’t think Ms. Hewlett is racist. This doesn’t mean she isn’t a little naive.

This paragraph stands out (emphases mine):

Well, I was not sad. While I understand that many people found the result disheartening, I am happy that the Republican party is in office for the next four years. I am happy that trade and markets will once again be free. I am happy that jobs will be brought back into the United States. I am happy that small business owners will finally be able to reap the benefits of hard work and dedication. I am happy that I voted in my first presidential election as a Republican.

Let’s take these one by one.

I am happy that the Republican party is in office for the next four years.

You mean six years of Republican Congressional obstructionism wasn’t enough for you? Running a do-nothing House and Senate? And why do you suppose a Trump presidency headed by a guy who ran against the Republican party establishment will mean smooth sailing for the Republican party?

I am happy that trade and markets will once again be free.

Repeat after me: there is no such thing as a free market. There is no such thing as a free market. It’s a myth. Everyone games the system somehow. Everyone stacks the deck against everyone else. Even if this weren’t the case, trade agreements, treaties and the like don’t get undone overnight. I recall with amusement how Obama was going to change Washington. Didn’t happen then and it won’t happen now.

I am happy that jobs will be brought back into the United States.

It’s a nice dream, isn’t it? Not a chance of it ever happening. As Bruce Springsteen sang in “My Hometown,” those jobs are going, boys, and they ain’t coming back. America competes with the world now. As long as companies have unfettered access to move their factories to any shithole country having no environmental or labor protections this is how it’s going to be.

I am happy that small business owners will finally be able to reap the benefits of hard work and dedication.

Business owners have always been able to reap the benefits of their hard work. Own a business? Good for you. You probably work hard and deserve to feel proud. But don’t forget the people and policies that helped make you successful. Society expects you to pay it forward. Do you love your country enough to invest in it?

Overall, I’ll cut Ms. Hewlett some slack. She’s young and new to how the world really works. Celebrate your victory, Ms. Hewlett, but don’t be too disappointed when things don’t turn out the way you expect them too.

I am not racist. I am not homophobic. I am not sexist. I am not a misogynist. I am for free market. I am for stronger foreign policy. I am for small business. I am for my family. I am Republican.

With the results of the presidential election stirring up a vast amount of emotions, I think it is important to clarify something: just because I am Republican does not mean I am heartless. The point of this is not to debate political policies. It is to highlight what it felt like to be a Republican college student the day after Donald Trump was elected President of the United States.

Source: I am. – Cassie Hewlett

Mark Turner : When ESPN Anchor Finds Out Kaepernick Didn’t Even Vote, He Teaches QB a Lesson He’ll Never Forget

November 10, 2016 05:59 PM


ESPN commentator Stephen A. Smith gave Colin Kaepernick a brutal verbal beatdown Wednesday after he learned the San Francisco 49ers quarterback decided not to vote at all in the 2016 presidential election.

In a fiery and lengthy rant, Smith argued Kaepernick has delegitimized everything he tried to accomplish by first sitting then taking a knee during the national anthem in protest of “oppression” in America.

“As far as I am concerned, Colin Kaepernick is absolutely irrelevant,” Smith said. “I don’t want to see him again; I don’t want to hear from him again; I don’t wanna hear a damn word about anything he has to say about our nation — the issues that we have, racial injustices, needing change, etcetera, etcetera. He comes across as a flaming hypocrite.”

Source: When ESPN Anchor Finds Out Kaepernick Didn’t Even Vote, He Teaches QB a Lesson He’ll Never Forget

Mark Turner : Why the White Working Class Rebelled: Neoliberalism Is Killing Them (Literally) – Juan Cole – Truthdig

November 10, 2016 01:54 PM

I’ll have more election thoughts soon.

The Democratic Party has been the Establishment for eight years, and the Clintons have arguably been the Establishment for 24 years. Since the late 1990s, members of the white working class with high school or less have seen their life-chances radically decline, even to the point where they are dying at much higher rates than they have a right to expect.

A year ago Anne Case and Angus Deaton, Princeton University economists, published a study with the startling finding that since 1999 death rates have been going up for white Americans aged 45-54. It is even worse than it sounds, since death rates were declining for the general population.

One of the big reasons for this increased death rate has been increased use of opiods and other drugs, leading to overdoses, along with liver disease from drinking too much alcohol and increased suicide rates. The problems were especially acute among working class and rural whites with only high school or less, and later studies found that they extended to younger members of this social class in their 20s and 30s. Loss of good-paying manufacturing jobs was clearly a primary reason for this despair.

Source: Why the White Working Class Rebelled: Neoliberalism Is Killing Them (Literally) – Juan Cole – Truthdig

Mark Turner : It was the Democrats’ embrace of neoliberalism that won it for Trump | Naomi Klein | Opinion | The Guardian

November 10, 2016 01:52 PM

More truth. I believe if Bernie Sanders had run against Trump we’d be saying “President-elect Sanders” today.

Here is what we need to understand: a hell of a lot of people are in pain. Under neoliberal policies of deregulation, privatisation, austerity and corporate trade, their living standards have declined precipitously. They have lost jobs. They have lost pensions. They have lost much of the safety net that used to make these losses less frightening. They see a future for their kids even worse than their precarious present.

At the same time, they have witnessed the rise of the Davos class, a hyper-connected network of banking and tech billionaires, elected leaders who are awfully cosy with those interests, and Hollywood celebrities who make the whole thing seem unbearably glamorous. Success is a party to which they were not invited, and they know in their hearts that this rising wealth and power is somehow directly connected to their growing debts and powerlessness.

Source: It was the Democrats’ embrace of neoliberalism that won it for Trump | Naomi Klein | Opinion | The Guardian

Mark Turner : Don’t Panic

November 10, 2016 01:49 PM

Some unexpectedly good political advice from Cracked.Com’s David Wong.

The truth is, most of Trump’s voters voted for him despite the fact that he said/believes awful things, not because of it. That in no way excuses it, but I have to admit I’ve spent eight years quietly tuning out news stories about drone strikes blowing up weddings in Afghanistan. I still couldn’t point to Yemen on a map. We form blind spots for our side, because there’s something larger at stake. In their case, it’s a belief that the system is fundamentally broken and that Hillary Clinton would have been more of the same. Trump rode a wave of support from people who’ve spent the last eight years watching terrifying nightly news reports about ISIS and mass shootings and riots. They look out their front door and see painkiller addicts and closed factories. They believe that nobody in Washington gives a shit about them, mainly because that’s 100-percent correct.

Source: Don’t Panic