Warren Myers : create your own clustered cloud storage system with moosefs and pydio

April 21, 2015 11:09 AM

This started-off as a how-to on installing ownCloud. But their own installation procedures don’t work for the 8.0x release and CentOS 6.

Most of you know I’ve been interested in distributed / cloud storage for quite some time.

And that I find MooseFS to be fascinating. As of 2.0, MooseFS comes in two flavors – the Community Edition, and the Professional Edition. This how-to uses the CE flavor, but it’d work with the Pro version, too.

I started with the MooseFS install guide (pdf) and the Pydio quick start steps. And, as usual, I used Digital Ocean to host the cluster while I built it out. Of course, this will work with any hosting provider (even internal to your data center using something like Backblaze storage pods – I chose Digital Ocean because they have hourly pricing; Chunk Host is a “better” deal if you don’t care about hourly pricing). In many ways, this how-to is in response to my rather hackish (though quite functional) need to offer file storage in an otherwise-overloaded lab several years back. Make sure you have “private networking” (or equivalent) enabled for your VMs – don’t want to be sharing-out your MooseFS storage to just anyone :)

Also, as I’ve done in other how-tos on this blog, I’m using CentOS Linux for my distro of choice (because I’m an RHEL guy, and it shortens my learning curve).

With the introduction out of the way, here’s what I did – and what you can do, too:


  • spin-up at least 3 (4 would be better) systems (for purposes of the how-to, low-resource (512M RAM, 20G storage) machines were used; use the biggest [storage] machines you can for Chunk Servers, and the biggest [RAM] machine(s) you can for the Master(s))
    • 1 for the MooseFS Master Server (if using Pro, you want at least 2)
    • (1 or more for metaloggers – only for the Community edition, and not required)
    • 2+ for MooseFS Chunk Servers (minimum required to ensure data is available in the event of a Chunk failure)
    • 1 for ownCloud (this might be able to co-reside with the MooseFS Master – this tutorial uses a fully-separate / tiered approach)
  • make sure the servers are either all in the same data center, or that you’re not paying for inter-DC traffic
  • make sure you have “private networking” (or equivalent) enabled so you do not share your MooseFS mounts to the world
  • make sure you have some swap space on every server (may not matter, but I prefer “safe” to “sorry”) – I covered how to do this in the etherpad tutorial

MooseFS Master

  • install MooseFS master
    • curl “http://ppa.moosefs.com/RPM-GPG-KEY-MooseFS” > /etc/pki/rpm-gpg/RPM-GPG-KEY-MooseFS && curl “http://ppa.moosefs.com/MooseFS-stable-rhsysv.repo” > /etc/yum.repos.d/MooseFS.repo && yum -y install moosefs-master moosefs-cli
  • make changes to /etc/mfs/mfsexports.cfg
    • # Allow everything but “meta”.
    • #* / rw,alldirs,maproot=0
    • / rw,alldirs,maproot=0
  • add hostname entry to /etc/hosts
    • mfsmaster
  • start master
    • service moosefs-master start
  • see how much space is available to you (none to start)
    • mfscli -SIN

MooseFS Chunk(s)

  • install MooseFS chunk
    • curl “http://ppa.moosefs.com/RPM-GPG-KEY-MooseFS” > /etc/pki/rpm-gpg/RPM-GPG-KEY-MooseFS && curl “http://ppa.moosefs.com/MooseFS-stable-rhsysv.repo” > /etc/yum.repos.d/MooseFS.repo && yum -y install moosefs-chunkserver
  • add the mfsmaster line from previous steps to /etc/hosts
    • cat >> /etc/hosts
    • mfsmaster
    • <ctrl>-d
  • make your share directory
    • mkdir /mnt/mfschunks
  • add your freshly-made directory to the end of /etc/mfshdd.cfg, with a size you want to share
    • /mnt/mfschunks 15GiB
  • start the chunk
    • service moosefs-chunkserver start
  • on the MooseFS master, make sure your new space has become available
    • mfscli -SIN
  • repeat for as many chunks as you want to have

Pydio / MooseFS Client

  • install MooseFS client
    • curl “http://ppa.moosefs.com/RPM-GPG-KEY-MooseFS” > /etc/pki/rpm-gpg/RPM-GPG-KEY-MooseFS && curl “http://ppa.moosefs.com/MooseFS-stable-rhsysv.repo” > /etc/yum.repos.d/MooseFS.repo && yum -y install moosefs-client
  • add the mfsmaster line from previous steps to /etc/hosts
    • cat >> /etc/hosts
    • mfsmaster
    • <ctrl>-d
  • mount MooseFS share somewhere where Pydio will be able to get to it later (we’ll use a bind mount for that in a while)
    • mfsmount /mnt/mfs -H mfsmaster
  • install Apache and PHP
    • yum -y install httpd
    • yum -y install php-common
      • you need more than this, and hopefully Apache grabs it for you – I installed Nginx then uninstalled it, which brought-in all the PHP stuff I needed (and probably stuff I didn’t)
  • modify php.ini to support large files (Pydio is exclusively a webapp for now)
    • memory_limit = 384M
    • post_max_size = 256M
    • upload_max_filesize = 200M
  • grab Pydio
    • you can use either the yum method, or the manual – I picked manual
    • curl http://hivelocity.dl.sourceforge.net/project/ajaxplorer/pydio/stable-channel/6.0.6/pydio-core-6.0.6.tar.gz
      • URL correct as of publish date of this blog post
  • extract Pydio tgz to /var/www/html
  • move everything in /var/www/html/data to /mnt/moosefs
  • bind mount /mnt/moosefs to /var/www/html/data
    • mount –bind /mnt/moosefs /var/www/html/data
  • set ownership of all Pydio files to apache:apache
    • cd /var/www/html && chown -R apache:apache *
    • note – this will give an error such as the following screen:
    • Screen Shot 2015-04-20 at 16.32.48this is “ok” – but don’t leave it like this (good enough for a how-to, not production)
  • start Pydio wizard
  • fill-in forms as they say they should be (admin, etc)
    • I picked “No DB” for this tutorial – you should use a database if you want to roll this out “for real”
  • login and starting using it

Screen Shot 2015-04-20 at 17.07.51

Now what?

Why would you want to do this? Maybe you need an in-house shared/shareable storage environment for your company / organization / school / etc. Maybe you’re just a geek who likes to play with new things. Or maybe you want to get into the reselling business, and being able to offer a redundant, clustered, cloud, on-demand type storage service is something you, or your customers, would find profitable.

Caveats of the above how-to:

  • nothing about this example is “production-level” in any manner (I used Digital Ocean droplets at the very small end of the spectrum (512M memory, 20G storage, 1 CPU))
    • there is a [somewhat outdated] sizing guide for ownCloud (pdf) that shows just how much it wants for resources in anything other than a toy deployment
    • Pydio is pretty light on its basic requirements – which also helped this how-to out
    • while MooseFS is leaner when it comes to system requirements, it still shouldn’t be nerfed by being stuck on small machines
  • you shouldn’t be managing hostnames via /etc/hosts – you should be using DNS
    • DNS settings are far more than I wanted to deal with in this tutorial
  • security has, intentionally, been ignored in this how-to
    • just like verifying your inputs is ignored in the vast majority of programming classes, I ignored security considerations (other than putting the MooseFS servers on non-public-facing IPs)
    • don’t be dumb about security – it’s a real issue, and one you need to plan-in from the very start
      • DO encrypt your file systems
      • DO ensure your passwords are complex (and used rarely)
      • DO use key-based authentication wherever possible
      • DON’T be naive
  • you should be on the mailing list for MooseFS and Pydio forum.
    • the communities are excellent, and have been extremely helpful to me, even as a lurker
  • I cannot answer more than basic questions about any of the tools used herein
  • why I picked what I picked and did it the way I did
    • I picked MooseFS because it seems the easiest to run
    • I picked Pydio because the ownCloud docs were borked for the 8.0x release on CentOS 6 – and it seems better than alternatives I could find (Seafile, etc) for this tutorial
    • I wanted to use ownCloud because it has clients for everywhere (iOS, Android, web, etc)
    • I have no affiliation with either MooseFS or Pydio beyond thinking they’re cool
    • I like learning new things and showing them off to others

Final thoughts

Please go make this better and show-off what you did that was smarter, more efficient, cheaper, faster, etc. Turn it into something you could deploy as an AMID on AWS. Or Docker containers. Or something I couldn’t imagine. Everything on this site is licensed under the CC BY 3.0 – have fun with what you find, make it awesomer, and then tell everyone else about it.

Mark Turner : Liberals and the racist label

April 21, 2015 01:23 AM

Our local, world-famous RPD beat officer posted to the East CAC Facebook page today about his upcoming meeting with the owners of the local shopping center and asked neighbors what things he should discuss with the owners. Several citizens posted thoughtful, helpful critiques of the shopping center, though a few noted how some teens who sometime loiter in the parking lot make them nervous.

This made one neighbor uncomfortable. She responded:

“I’ve shopped at [this store] regularly for five years and I have never–not once–been solicited, approached, or bothered in any way, shape, or form by teenagers or loiterers. I’m confused as to where this concern is coming from (and yeah, I know there was that big fight there a month or so ago) Frankly, it’s making me a little bit uncomfortable, as this thread seems to be a bunch of white people talking about how to make the neighborhood shopping center a better place. A good conversation, for sure, but are (black) teenagers hanging out outside of a local grocery store really a safety concern?”

This led me to dryly remark on Twitter:

“The community discussion made it all the way to 31 posts before a white person accused the other white people of being racist.”

It was a great community discussion, full of good suggestions for the shopping center but as soon as one or two people mentioned feeling uncomfortable by the people hanging out suddenly they were branded racists.

The way I see it there are two types of people: those who give a shit about others and those who do not. You’d be surprised at how well this sums people up. I do my best to treat everyone the way I want to be treated. If you’re good people, it doesn’t matter what color you are: you’re good people and I will be proud to be associated with you.

That said, when a fellow liberal throws a nasty label on others in a holier-than-thou attempt at liberal one-upmanship it really boils my blood. Nowhere in the earlier conversation had anyone mentioned anything about race until the accuser did. In fact, the conversation was perfectly reasonable up until that point, where it took an extreme left turn into name-calling.

Have there been problems at that shopping center? Yes. Even some frightening ones. Still, I consider it safe enough that I have no concern with Kelly shopping there alone. When we moved here, though, the first shopping center story I heard was that of the elderly mother of a well-known community activist getting mugged in the parking lot. She was African-American and to my knowledge no one accused her of being racist.

It was this particular crime that spurred me to urge that Raleigh Police Department boost its presence in the shopping center. This effort led to the opening of the shopping center’s RPD Neighborhood Office, a place in the shopping center where for three years beat officers could stop in and do paperwork or meet with community members. I was disappointed to see the office close last year without much fanfare. Fortunately, the shopping center has progressed to the point that the office is really no longer needed.

So, if a group of loitering teens makes one nervous, does that make one a racist? Having once been a teenage boy, I can say with some authority that any group of unsupervised teenage boys, no matter the race, has innate potential to do stupid things. At the Harris Teeter over in lily-white Cameron Village, teens loitering outside the door have occasionally made me feel uncomfortable. White teens. Teens who often were sitting on the curb in handcuffs by the time I exited the store.

I’m a sailor. I’ve walked some tough streets in my time and I’ve learned how to keep a sharp eye on people when I’m in areas that call for it. I can take care of myself but I understand when a crowd of unruly teens might make someone feel threatened. I don’t belittle them for it, though.

There are enough real examples of racism in the world that there’s no need to make up bullshit ones. Everyone deserves to live in a safe neighborhood. Everyone! Pretending crime doesn’t exist does no one any good, and neither does throwing around damning labels.

Tarus Balog : POSSCON 2015

April 19, 2015 09:32 PM

POSCONN (or the Palmetto Open Source Software Conference) is a regional conference held every year in Columbia, South Carolina. It dawned on me that I travel too much, because when I mentioned to a neighbor that I spent some time in Columbia, she paused and then asked “oh, it’s almost winter down there”. I had to explain that I meant the Columbia that is three hours away and not the Columbia in South America.

I really like regional grassroots open source conferences, but for some reason I was never able to make POSSCON. This year I decided to change that and OpenNMS was even able to sponsor it.

Sponsor Sign

POSSCON is organized by IT-ology, a non-profit dedicated to promoting technology careers for students in kindergarten through 12th grade. I think they must know what they are doing since they really know how to organize conferences (they are also responsible for All Things Open held in Raleigh, North Carolina, each October).

We piled five of us into the Ulf-mobile and drove down Monday night. Ben came along even though Tuesday was his birthday, so we decided to go out on Monday night to celebrate. There are a number of highly rated restaurants in the downtown Columbia area, and with my penchant for vintage cocktails and Ben’s taste for whiskey we decided on Bourbon. It was a wonderful evening and for his birthday we bought him a flight of Pappy Van Winkle, an incredibly difficult to find bourbon. The verdict: it is worth the hype.

Pappy van Winkle bottles

The show officially started on Tuesday and spanned two days. The first day consisted of roughly hour-long talks like most conferences. Where it differed was that the talks were held in different buildings around downtown Columbia. While it made it a little harder to jump from one venue to another, the weather, for the most part, was good.

The opening keynote was held at the Music Farm. As a sponsor we had a table which was also in the auditorium and I really liked that. One of the issues with having any sort of booth is that they are often set off in a side room. If you have booth duty you can’t see any of the presentations, and traffic between presentations is light. This way we had some down time during the presentations and yet got a lot of foot traffic in between them. Seemed to make the day go faster. The mayor of Columbia spoke and claimed to be the only mayor in America who was into open source, but I know of at least one other mayor, the mayor of Portland, Oregon, who attends these shows (I should disclose that the City of Portland is an OpenNMS customer). I didn’t want to bring it up though, ’cause this is a good thing to be proud of.


My presentation on the Linux Desktop was held at the Liberty Tap Room (‘natch) and while it was cool, it wasn’t the best place for presentations. The projector screen was dim (more useful for sports broadcasting at night then for tech talks in the middle of the morning). During one talk I had to listen to the Miller Lite truck idling on the road outside the door as the driver made his delivery.

Mine was the last one of the day, but I wanted to check out the venue so I went early and stayed for a talk on open source licensing (by one of the other sponsors) and one by Jason Hibbets of opensource.com fame.

I thought the presenter of the law talk was pretty brave discussing licensing with Bradley Kuhn in the room, but while I enjoyed the talk I could tell it was over the heads of most of the audience (you have to have lived it to really enjoy the finer aspects of the GPL and enforcement). I liked Jason’s talk, which I had not seen before, on the tools and processes they use at opensource.com to build community.

Jason Hibbets

Toward the end of the day I saw a talk by Erica Stanley on open source and the Internet of Things. It was good but due to the lack of a sound system it was hard to hear everything. I presented after her and didn’t have that problem (grin).

I think my talk on using the Linux Desktop went well. Now three years after leaving Apple I’m still using it and still loving it.

Tuesday evening there was a reception back at Music Farm followed by a speaker/sponsor dinner held at Blue Marlin. Ben, Jess and I ended up at a table with Bradley Kuhn, Erica Stanley and Carol Smith from Google. We talked briefly about the Google Summer of Code. OpenNMS was involved for several years, but these last two years we were not accepted. Last year I was told it was because they wanted to give other projects a chance, and this year, to be quite frank, I don’t think our proposals were strong enough. Instead of complaining like some projects, I am hoping this will motivate the team to do better next year. I think GSoC is a wonderful program and I wish it was around when I was in school, as both the pay and work environment would have been better than the hours I put in at a non-air-conditioned plastic injection molding plant (although I will say the experience motivated me to finish my degree).

Wednesday’s format was a little different. Everything was held at the IT-ology offices, which was good since the weather was rainy all day. It was made up of workshops, and I did two and a half hours on OpenNMS. Everyone seemed to enjoy it.

Overall, it was a great conference. Over 800 people registered and I think they all got their money’s worth. It was also a great way to market Columbia (I know we spent some money there). It has made me look forward to this year’s All Things Open conference (note that the Call for Speakers is open).

Tarus Balog : Review: System 76 Sable

April 18, 2015 05:24 PM

As you might guess, I am a big fan of all things open, and I tend to vote with my wallet. When the need arose to replace some iMacs in the office, I decided to check out the Sable systems offered by Linux-friendly vendor System 76.

System 76 was a sponsor at SCaLE this year (like OpenNMS) and they also sponsored the Bad Voltage Live event where they gave away a laptop and a server, so they already had my goodwill.

Back in 2008 I needed some machines for our training courses, so being an Apple fanboy at the time I bought iMacs. Outfitting training rooms can be problematic if you don’t do training full time because you usually end up with nice systems that you don’t use very often. Seems wasteful, so we decided to use them to run Bamboo and our unit tests for OpenNMS when they weren’t being used for training.

Seth noticed that it was taking those machines around 240 minutes to run the suite of tests versus 160 minutes for the newer iMacs we were using, and this was having a negative impact development (almost everything we do relies on test driven development). Since we were running Ubuntu on the boxes anyway, I decided on a Linux alternative and chose System 76 for the first six replacement systems.

I like all-in-one systems for training since they tend to move around (we use the training room as a conference room when there are no classes). The all-in-one form factor makes them easy to carry. The Sables I ordered came with a 23.6 inch touch screen at 1080p, 3.1 GHz i7 processor, 16GB of RAM and a 500GB SSD for a total price of US$1731.

The ordering process went smoothly (there was one glitch when the original quote was for seven instead of six but it was quickly corrected). I placed the order on March 18th and they shipped a week later on the 25th.

They arrived in six boxes marked AIO PC:

System 76 boxes

I think AIO must be the manufacturer in China, but I couldn’t find a similar system on the web. One box had a smashed-in corner, so I opened it first, but it was packed well enough that the unit wasn’t damaged:

System 76 open box

I removed the packing and pulled the unit out. It was wrapped to protect the screen.

System 76 screen wrap

and the whole unit was covered in plastic wrap to prevent scratches.

System 76 plastic wrap

These units come with a power brick that is external to the system and I ordered them with a Logitech keyboard and mouse. These came in a separate box along with extra cables, etc., for expansion (unlike Apple products, you can actually work on these systems).

System 76 keyboard box

The hardest part about the whole process was figuring out how to turn the darn thing on. I finally found the switch on the back of the system on the lower right side (as you face it). I felt kind of stupid and yes, I even read the little pamphlet that came with it. Perhaps they should add and IKEA-like drawing with the little dude pointing to the switch.

It booted right up into Ubuntu 14.10, and all I had to do was create an account and set the IP address. Ben was then able to get in and deploy our Bamboo image and we were up and running in no time.

System 76 screen

While we still have some iMacs being used, the Sables have, so far, proven to be a solid replacement. I haven’t really used them as a desktop, yet, but they can run our test suite in a little over an hour which is almost a four-fold increase.

System 76 in a line

While Apple doesn’t offer a 24-inch iMac anymore, the 21-inch version with similar processor, RAM and SSD is US$2399, or quite a premium. The Sable is not nearly as thin or stylish as the iMac, but it is a nice looking machine and after struggling this week to correctly replace the hard drive in a late 2009 iMac I appreciate the fact that I can work on these if I need to, and the extra cables shipped with it even encourage me to do so.

And that’s what open is all about.

Mark Turner : Former Obama Pilot: TWA Flight 800 was shot down, here’s why – NY Daily News

April 17, 2015 04:44 PM

I’m glad I’m not the only one.

Was TWA Flight 800 shot out of the sky?As a former pilot, that is a question I get asked about all the time.

I’m no conspiracy theorist, but let’s be clear: Yes. I say it was. And I believe the FBI covered it up.

There are many reasons to disbelieve the official explanation of what happened to TWA 800 almost 19 years ago, on July 17, 1996, off the South Shore of Long Island. There’s hardly an airline pilot among the hundreds I know who buys the official explanation — that it was a fuel-tank explosion — offered by the National Transportation Safety Board some four years later.

Lots can go wrong with an airplane. Engines can fail; they can catch fire. Devices can malfunction. Pilots make errors.

But jets do not explode in midair.

via Former Obama Pilot: TWA Flight 800 was shot down, here's why – NY Daily News.

Mark Turner : Obama to Remove Cuba From State Sponsor of Terror List – ABC News

April 15, 2015 01:59 AM

Obama removes Cuba from the terror sponsor list. I wonder if Raul Castro will remove America from Cuba’s terror sponsor list?

The terror designation has been a stain on Cuba’s pride and a major stumbling block for efforts to mend ties between Washington and Havana.In a message to Congress, Obama said the government of Cuba "has not provided any support for international terrorism" over the last six months. He also told lawmakers that Cuba "has provided assurances that it will not support acts of international terrorism in the future."

via Obama to Remove Cuba From State Sponsor of Terror List – ABC News.

Alan Porter : tar + netcat = very fast copy

April 13, 2015 10:50 PM

I reformatted a hard disk this weekend. In the process, I needed to copy a bunch of files from one machine to the other. Since both of these machines were smaller embedded devices, neither one of them had very capable CPUs. So I wanted to copy all of the files without compression or encryption.

Normally, I would use “rsync -avz --delete --progress user@other:/remote/path/ /local/path/“, but this does both compression (-z) and encryption (via rsync-over-ssh).

Here’s what I ended up with. It did not disappoint.

Step 1 – On the machine being restored:

box1$ netcat -l -p 2020 | tar --numeric-owner -xvf -

Step 2 – On the machine with the backup:

box2$ tar --numeric-owner -cvf - | netcat -w3 box1 2020

Mark Hinkle : Presentation – Crash Course Cloud 2.0

April 13, 2015 06:29 PM

Presentation on the current state of cloud computing and the role that open source, containers and microservices are playing in the cloud.

Presented to Florida Linux Users Exchange on April 9th, 2015

[Link in case embed doesn’t work].


Technorati Tags: ,

Warren Myers : keep your wordpress installs up-to-date

April 13, 2015 03:59 PM

I run several websites on my server – nothing heavy, just some various vhosts for Apache.

Many (but not all) of them run WordPress.

At some unknown point (and I haven’t kept the crap that was being used around), over 100,000 files were uploaded to the root directory of one of the websites (the only one, apparently, I did not have cron’d to keep up-to-date with the latest-and-greatest version of WordPress) – most of these were random-named HTML or JavaScript files. Sometime late Thursday night / early Friday morning of last week, some number of those were triggered which launched a DDoS (distributed denial-of-service) attack against a hosting company in England.

After a relatively short period of time (on the order of a couple hours at most), this otherwise-low-traffic site generated 48MB in Apache httpd logs (normal for a given day is on the order of a few dozen to couple hundred kilobytes).

My hosting provider, with no warning, “locked” my server, and sent me an administrative message with the following cryptic email:

Your server with the above-mentioned IP address has carried out an attack on another server on the Internet.

This has placed a considerable strain on network resources and, as a result, a segment of our network has been adversely affected.

Your server has therefore been deactivated as a precautionary measure.

A corresponding log history is attached at the end of this email.

10:00:21.645887 14:da:e9:b3:97:dc > 28:c0:da:46:26:0d, ethertype IPv4 (0x0800), length 1514: > ip-proto-17
10:00:21.646166 14:da:e9:b3:97:dc > 28:c0:da:46:26:0d, ethertype IPv4 (0x0800), length 1514: > ip-proto-17
10:00:21.649166 14:da:e9:b3:97:dc > 28:c0:da:46:26:0d, ethertype IPv4 (0x0800), length 1514: > ip-proto-17
10:00:21.649416 14:da:e9:b3:97:dc > 28:c0:da:46:26:0d, ethertype IPv4 (0x0800), length 1514: > ip-proto-17
10:00:21.649421 14:da:e9:b3:97:dc > 28:c0:da:46:26:0d, ethertype IPv4 (0x0800), length 1514: > UDP, length 8192

Gee, thanks, hosting company – that was informative.

After several hours of back-and-forth with their support group, I was finally able to get a rescue boot environment enabled, a KVM session to that environment, and could start diagnosing the problem(s). First, of course, were the normal checks of dmesg, /var/log/messages, and the like. there was running dig to find out who was being attacked (how I found the target IP belonged to a hosting provider in the UK). Nothing. I was also Googling similar error messages, and finally found a clue (though cannot recall where) that malicious JavaScript can cause messages like those provided to me to be trapped by external logging systems.

This led me to look in /var/log/httpd instead of just /var/log. And there is where I found the unusual log file for my LUG’s website here in Kentucky – bglug-access_log was 48 megabytes. And bglug-error_log was 4.3 MB. As I mentioned above, a typical access_log for that site is closer to ~100 KB.

Opening the ginormous log file showed a host of HTTP 200 response codes for things that looked nothing like WordPress files (things like “qdlrdi-casio-parliament-90treaty.html”). There shouldn’t be HTTP 200 (OK) response codes for non-WordPress files, because it’s a WordPress-powered website.

Running a file listing to screen failed (in the rescue boot environment) – but doing an ls -l > files.out, and then a wc -l files.out showed over 105,000 files in the root directory of the BGLUG website.

To get my server back up and online as quickly as possible, I edited the Apache vhosts.conf and disabled the Blue Grass Linux User Group site and contacted my hosting company as to what the root cause of the issue was, and what I had done to fix it (both needed for them to reenable my system).

After getting the server back online normally, I was able to clear-out all the junk that had been transparently uploaded into the LUG’s site.

One of the biggest annoyances of the whole process (after not having been given any warning from my hosting provider, but just a summary disconnect) was that permissions on the directory for the website were “correct” to have disallowed uploading random junk to the server:
drwxr-xr-x 6 bglug apache 5611520 Apr 11 13:24 bglug

The user bglug had not been compromised (it hasn’t even logged-in in a few months) – and neither was the apache group (which, of course, cannot login, but still).

Apparently, some part of the version of WordPress the site was running (or a plugin) was compromised, and allowed a malicious attacker to upload junk to the server, and spawn this DDoS on my server.

Moral of the story? Keep all your software up-to-date, and monitor your logs for suspicious activity – not sure monitoring would’ve done me good in this case, but it’s a Good Practice™ anyway.

Mark Turner : Flexing the muscle of my electric vehicle

April 12, 2015 02:59 PM

Our Ford Focus Electric

Our Ford Focus Electric

There are many days when I’m driving my electric vehicle (EV) that I’m focused on economy. I will try hard to accelerate smoothly, drive at the speed limit (or sometimes more slowly), and brake as gradually as I can. The reward is high efficiency driving, saving as much money as I can.

Yesterday was not one of those days! Having many different events to attend, stretched from one end of the city to the other, I decided to flex my EV’s muscles. On our Time Of Use (TOU) plan, weekend electricity is super-cheap, so why not have a little fun?

As I drove down 401 yesterday, I sensed the guy behind me was becoming annoyed with my efficient driving. He shifted over a lane in an attempt to pass me. Not only are EVs cheap to drive, they also have a ton of torque just ready and waiting. I let the guy pass but caught up with him at the next light, where we both were lined up.

You think my EV is slow? I mentally challenged him. Watch this!

The light turned green and I gave my EV a goose I normally never give it. It shot so far ahead that I was laughing, a smooth rocket ride right up to the speed limit. Only the motorcycle in front of me took off faster (there are some things an EV can’t catch). At the next light the guy’s expression had changed from distain to one of wonder. Take that!

I’m sure I could easily burn rubber in the Ford Focus Electric (the poor man’s Tesla) if I chose to. Haven’t tried that because I don’t want to wear down its special low-resistance tires. While I will continue to stretch the range of my EV in my everyday driving it’s good to have some fun with it every now and then!

Mark Turner : AON Hewitt thinks people are costs

April 12, 2015 12:29 AM

Here’s AON Hewitt’s page describing its Dependent Verification Services. I’d hate to be one of those “costly, ineligible dependents” that naively believe they have some sort of right to healthcare or something.



Aon Hewitt’s Plan-Smart® and Plan-Guard® dependent eligibility solutions help companies verify that eligible dependents maintain access to anticipated benefits and costly, ineligible dependents are removed from coverage as quickly as possible. Plan-Smart performs a complete audit of an enrolled dependent population. Plan-Guard’s ongoing dependent verification services preserve the integrity of the benefit plans on an ongoing basis and protect the results of the comprehensive audit.

Employees’ dependents drive up to 70 percent of a company’s health care costs, but in extreme cases, as many as 15 percent of dependents may actually be ineligible for coverage because of age, marital status or failure to qualify as a legal dependent. Carrying all those extra people can add thousands—if not millions—to your annual benefit costs. Verifying dependent eligibility, however, can be time-consuming and complicated for your HR staff.

Aon Hewitt’s Dependent Verification Services can verify the eligibility of your employees’ dependents, eliminating that potentially tedious task from your HR staff’s responsibilities. Our knowledgeable and experienced benefit professionals ensure a smooth verification process and measurable results. Working with Aon Hewitt enables you to manage eligibility issues in a more objective environment, which helps mitigate potential participant concerns about sharing sensitive, personal information with their employer.

With Aon Hewitt’s Dependent Verification Services, you can:

Reduce future dependent health care costs
Improve employee understanding of what’s driving health care costs
Reduce compliance risk under Sarbanes-Oxley, ERISA and DOL guidelines

Our Dependent Verification Services can be customized with options such as one-time or periodic verification, full population or random sample of plan participants or an initial amnesty period that allows employees to voluntarily drop ineligible dependents.

A wide variety of companies have used Aon Hewitt’s Dependent Verification Services to verify eligibility among active, inactive, retiree and COBRA populations. With an average reduction in the number of eligible dependents of 8 percent for the initial audit and two to three times that percentage on an ongoing basis, the resulting cost savings are substantial.
Find office locations

Mark Turner : Dependent Verification programs are a stupid idea

April 11, 2015 10:52 PM

Many employers are implementing audits of those employees using their company’s health insurance to verify that the dependents claimed are eligible to receive health insurance benefits. I think this is … well, evil.

Sez the Pittsburgh Post:

Employers like the audits because they are often able to help save on health care costs overnight without reducing benefit levels for employees. One in-depth study by the University of Colorado showed the return on investment for its own audit was 13 to 1, in the first year.

But employees targeted by the audits aren’t always fans.

“It creates a lot of anxiety,” said Richard Kolodziejski, legislative affairs director of the Minnesota Association of Professional Employees, whose 13,000-member union is now in the middle of a 130,000-employee audit covering all of the state’s employees.

Or as the Physicians for a National Health Program says:

Many employers have instituted dependent verification programs in order to ferret out this fraud. Is this really what we want to be doing?

It seems ironic that at a time in our history when theoretically we are attempting to enroll as many individuals as possible in health insurance programs, we are pushing a program designed to disenroll individuals currently covered as dependents when they are not technically entitled to such coverage.

We are expanding yet more administrative excesses which are resulting in the opposite of our policy goals. That is, we are increasing the numbers of uninsured through application of these dependent verification programs.

Wouldn’t it be far simpler to have a system that automatically covers everyone, regardless of dependency status or any other criteria? Instead of advancing policies that make health care coverage a crime, shouldn’t we make health care a right for all?

It would be one thing if employers offered first class insurance programs but gone are the days where one’s employer picked up the lion’s share of healthcare costs. Today’s reality is one of high deductibles and spiraling out-of-pocket charges. Forcing employees who are already footing most of their own healthcare bill to cough up extensive paperwork proving the dependents they claim are actually who they say they are is petty and distrustful.

And what if Joe Employee’s sick five-year-old kid is found to be ineligible for coverage? Can anything good come from kicking the kid off health insurance? The kid is going to be SOL and how do you think Joe is going to feel about working there any longer?

Is there anything more evil than a company that would deny a kid healthcare just to save a few bucks? At a time when we should be getting more people health care coverage, why are so many employers focused on kicking more people off of it?

There is plenty of obscene cost to be trimmed from what passes for this country’s healthcare. Going after kids wouldn’t be the first approach I would take. Dependent verification is a stupid idea being sold to employers by healthcare companies that are only looking to make a buck. As Freakonomics says,

The next time you’re counting up all the reasons why employer-based healthcare insurance is a bad idea, you can include this one, too.

Mark Turner : Lessons learned from a month of EV ownership — Technology Musings — Medium

April 10, 2015 08:34 PM

Good advice from a new EV driver.

I’ve lusted after a Tesla since they debuted, thought seriously about getting a Nissan Leaf too, but it was after I took a test ride in a BMW i3 that I found a perfect happy medium. I picked one up last month and learned plenty in the short time I’ve been driving it. If you’ve ever wondered what it’s like to live with an electric vehicle (EV), here’s a list of things I’ve learned since taking the plunge.

via Lessons learned from a month of EV ownership — Technology Musings — Medium.

Mark Turner : Silent running

April 10, 2015 04:57 PM

I’ve driven an electric car for about 5 months now and discovered a curious effect: Electric cars are invisible to wildlife. Several times I’ve driven right up on a bird, car, or squirrel standing in the road and they only move when I’m within a split second of hitting them. You would think that just the sight of an approaching vehicle would be enough to send them scurrying but this does not appear to be the case. Critters apparently depend on the noise of vehicles for detection the same way many people do.

Not all people have trouble spotting electric cars. I drive our EV to and from my job on a college campus (NCSU’s Centennial Campus). Every day I pass students walking right near the road, often heads down and staring at their smartphones. Not once have any of these students stepped off into the road in front of me. I think it helps that bicycles are a popular mode of travel here as it may condition pedestrians not to rely on their hearing.

The only time I was concerned was a few weeks ago as I was passing the state school for the blind. A blind gentleman was on the Pullen Park side of Ashe Avenue and seemed confused as I was driving by. He was on the other side of the road from me so there was no immediate danger of him stepping into the road. Even so, I wonder what our blind citizens think of electric vehicles, as silent as they are.

Mark Turner : Baltimore Police used secret technology to track cellphones in thousands of cases – Baltimore Sun

April 09, 2015 08:43 PM

"In Baltimore, they’ve been using this since 2007, and it’s only been in the last several months that defense attorneys have learned enough to start asking questions," he said. "Our entire judicial system and constitution is set up to avoid a ‘just trust us’ system where the use of invasive surveillance gear is secret."

via Baltimore Police used secret technology to track cellphones in thousands of cases – Baltimore Sun.

Mark Turner : Drip drip drip

April 09, 2015 05:49 PM

I was showering this morning when I realized that the water pressure isn’t what it used to be. There is no cut-off valve for the shower (or at least, any accessible valve), so I began to wonder what might account for the weak water. It’s true that a pipe from our water heater busted last fall but that was fixed up better than new by our ace plumber, Allen Baker. There was no other water running in the house at the time, so what is left?

Then it hit me (an idea, not the water). Last year, we were on the end of Tonsler Drive and the end of the water line. When the new Oakwood North subdivision went in, it extended this water line. I didn’t notice any drop in pressure initially since the homes were only slowly becoming occupied. Now that the neighborhood is almost built out there are now a lot of morning showers competing for the same water pressure.

It reminded me of the scene from There Will Be Blood: the new neighbors are drinking my milkshake!

Warren Myers : the loss of the shared social experience

April 08, 2015 12:28 PM

On a recent trip I met up with an old friend and his wife for dinner. As conversation progressed, I mentioned my wife and I have been watching M*A*S*H on Netflix. Waxing nostalgic for a moment, he told me that his parents let him stay up to watch the series finale in 1983.

And then he said something that I found fascinating: “you know, there’s nothing like that today – there’s no shared social experience you can expect to talk about the next day with your coworkers, friends, etc.”

And it’s true – sure, there are local shared experiences (NCAA games, etc), but there is nothing in today’s society that brings us all to the same place (even separately) like TV did in the pre-streaming and -DVR era.

There used to be top-rated programs that you could reasonably expect that a high percentage of your coworkers watched (M*A*S*H, The Cosby Show, ER, Friends, Cheers, All in the Family, Family Matters, etc). There still are highly-rated programs – but they’re very very different from what they used to be. Some of this, of course, comes from the rise of cable networks’ programming efforts (The Sopranos, Mythbusters, Mad Men, Breaking Bad, Game of Thrones, Stargate SG1, The Walking Dead, Switched at Birth, Secret Life of the American Teenager, Outlander, and more). Some of this comes from the efforts of streaming providers (House of Cards, Orange is the new Black, Farmed and Dangerous, etc). And there are still great shows on broadcast TV (Once Upon a time, CSI, Person of Interest, etc). But they’re different than what they used to be.

Not different merely because of better acting (sometimes it’s worse), better writing (same critique applies), better filming (Revolution – I’m looking at you as the antiexample of good filming, and why you got canceled after just two seasons), better marketing, or better special effects.

But mostly they’re different it’s because we, as a culture, have decided we do not want to be tied to an arbitrary time-table dictated to us by the Powers That Be™ at The Networks™. With the rise in un-tie-ability given to consumers, first with VCRs, then VCR+, then TiVo, and now DVRs and streaming options everywhere, even though we’ve been getting bilked on film time (an “hour long” program in the early 80s was 48-49 minutes of screen time, today it’s ~42 minutes – that’s a huge amount of added advertising time) from our programs, we have ways of compressing and massaging our watching to our personal schedules. Can’t be home in time to catch insert-name-of-series-here? No problem! It’ll be on Hulu or Amazon Prime tomorrow, or your DVR will catch it for you. Or it’ll be on Netflix in a few months.

And if you get it on Amazon Prime or Netflix, there’ll be no ads. Hulu may have a few, but they’re still shorter than what was shown on ABC the night before.

It used to be that the Superbowl was a major sporting event at the beginning of each year when the culmination of 17 weeks of regular season play, and a few playoff games, showed us just who was the best football team out there.

No more.

Now the Superbowl is a chance to see new commercials from scores of companies – each of whom has spent millions just to get the ad on TV, let alone film it – and maybe catch a little bit of a game on the side. (Unless you happen to care about the Seattle Seahawks – but I digress.)

Before widespread adoption of TV, the shared social experience would’ve had to have surrounded radio programs (perhaps The Lone Ranger, or Orson Welles’ production of The War of the Worlds).

And prior to widespread radio, what shared social experiences did society (not just little pockets) have? Gladiatorial combat in ancient Rome? The Olympic Games?

Which really means that shared social experiences a la the M*A*S*H finale are an historical aberration – something that came to be less than a century ago, and which lasted less than a century. Something as fleeting as the reign of clipper ships in transport, from a grand historical perspective.

And maybe that’s a Good Thing™ – society being drawn together over common experiences isn’t, necessarily, bad: but is it necessarily good? That’s the question that has been bugging me these last couple weeks – and which probably will for some time to come.

What say you – is it a loss, a gain, or just a fact that these shared social experiences are no more?

Tarus Balog : ♫ To Be Thick as a Brick ♫

April 07, 2015 04:44 PM

In keeping with the musical theme this week, I thought it would be cool to post about a little bit of OpenNMS “bling” now featured at the Chatham County Public Library in Pittsboro, NC.

OpenNMS Brick

We like to both talk about OpenNMS as well as support the local community, so when I found out that the library was raising money by selling personalized bricks, I thought it would be cool to get one.

OpenNMS Brick

We also have one to be installed at the Tesla Museum. I’m going to have to take a road trip to get a picture of that one, or see if Jeremy Garcia will drive over when it is open and take one for us.

Mark Turner : My first long-distance EV trip

April 07, 2015 01:44 AM

Too close for comfort!

Too close for comfort!

Over the past week I’ve made several trips to visit my seriously ill friend Scott Greenough out at UNC Hospital. I don’t always have the option of taking our Kia Sorento, so I often top off the juice in our Ford Focus Electric and hit the road.

Driving an EV longer distances requires one to do a little math, particularly if one is unsure a charging station can be found at the destination. I figured with my top range of about 75 miles, I would have more than enough to get there. The PlugShare app showed a ChargePoint charging station in the parking deck across from the hospital, so I figured I would be good to go.

I drove it in the Kia the first night and spent a little time beforehand walking around the parking decks in search of the charger. Walking through all three decks, checking every corner, I failed to find any charger. On the PlugShare app, no one had ever checked in at this station. The only thing worse than not knowing where a charger is is thinking that you know where it is and it not being there!

I drove the Focus there the second night, knowing there was no charger but thinking I might get lucky and find a regular outlet with which to charge. To my disbelief, there was no conduit anywhere to be found in the parking deck save the row right next to the attendant booth and handicap parking. No way could I plug in and use that. Instead of taking home a full charge and cruising at highway speeds, I wound up limping home, driving well below the speed limit and hoping I wasn’t too much of a hazard. It turns out I made it out and back successfully on one charge: a 66-mile round trip. Whew!

The second trip out there I did things a little differently. I didn’t have enough in reserve and, thinking I might economize by taking Highway 54 rather than I-40, I peeled off the interstate at Apex. While it’s true that driving around 50 MPH is more economical than driving 70 on I-40, the backroads are also not as direct. I wound up driving more miles and losing energy with frequent stops at traffic lights. I arrived home on electric fumes, with only 5 miles left on the batteries. Lesson learned: wind drag at highway speeds might sap an EV’s economy but a direct course beats a roundabout one.

Buddy, can you spare some electrons?

Buddy, can you spare some electrons?

Friday night was the night I got wise. An EV owner has a rental business about a 5 minute walk behind the hospital parking decks. I found his charging station on PlugShare and was delighted to be able to not only fully charge my car but to avoid paying for parking at the deck. My trip home was at highway speeds with 22 miles to spare. Success!

Knowing I could get home either way, I decided to economize on Saturday. My trip out to Chapel Hill was done around 60 MPH. To my surprise, I was not alone at driving this speed. I didn’t stand out at all. My efforts paid off when I rolled up to the hospital deck with 50 miles of capacity left (down from 80 at the start). This allowed me to get home worry-free at highway speeds again. Saving on the front end of the trip gave me more flexibility for the return trip.

A big help with the EV on longer trips is the navigation system. The system asks if you’ll be charging at your destination. By answering yes, the car computes the range you will have left once you get there (displayed as the “surplus”). This lets you employ your range-saving tricks as you go, knowing what you’ll have left once you get there. As long as your surplus value remains positive, you know you’ll be able to get back home.

Bottom line? Longer-range EV trips can be done. I’ve gained confidence in how to stretch my EV’s range, and how to calculate my odds of returning without an emergency charge. It opens up the Triangle for exploring in my electric vehicle. In a future post I’ll tell you what I’ve learned about the Triangle and EVs. Happy driving!

Mark Turner : Why skeptics think a South Carolina sailor lied about being lost at sea for 66 days – The Washington Post

April 05, 2015 11:23 PM

This guy is a liar and a nutcase to boot.

It’s rare that a man is lost at sea and returns home looking even healthier than before he disappeared.

But that’s exactly what skeptics of Louis Jordan have pointed out as they question the 37-year-old’s miraculous account of surviving 66 days adrift in the Atlantic Ocean.

via Why skeptics think a South Carolina sailor lied about being lost at sea for 66 days – The Washington Post.

Tarus Balog : ♫ The Lunatic is on My Web ♫

April 04, 2015 04:08 PM

The TL;DR of it is that I needed to create a new forum called OpenNMS Connect. This will be a place for OpenNMS Meridian users (especially those that don’t purchase support) to ask questions. I tried a number of different applications until I decided to take a chance on a project called Luna. So far I’ve been happy.

When I first started my quest for forum software a couple of month ago, I did what most geeks do and did a search for it. I found a very helpful Wikipedia page (‘natch).

After dismissing the non-open source options, I started looking at the programming language. Now I know I really shouldn’t be a PHP snob (this blog is presented using PHP software) but having been burned in the past with security issues my first inclination is to avoid it.

Now the guys in the office are trying to get me to think all “agile-ly” and so I need a “user story”. For any forum we use it has to support LDAP, for which the story could be “User must be able to access forum using directory services” or better yet “Admin needs a central way of controlling forum access”. We implement LDAP via the FreeIPA project, and it will just be so much easier if we can add and remove people from a particular group and just have it work.

The first project I looked at was Discourse. I was especially interested in a hosted version if I could tie it into our IPA instance. Discourse is kind of the “new hotness” at the moment, but I didn’t see an easy way to implement LDAP. There is a Single Sign On (SSO) option but it would require writing our own authentication page, and it wouldn’t work if we hosted it with them anyway.

The next project that caught my eye was the eXo Platform. It’s written in Java (as is OpenNMS) and it seems to have a ton of features. Perhaps too many. In any case I put the team on it and asked them to get it working with LDAP.

They succeeded in getting LDAP authentication to work, but then hit a ton of other snags. The authenticated users couldn’t access the default /portal/intranet site no matter how often we tweaked the permissions. They could reach the /portal/meridian site but we couldn’t figure out how to change the default portal. And in all cases we couldn’t get the top menu bar to load with an LDAP user which meant you couldn’t log out, etc.

On Friday I decided to see what I could do about it. Friday was a long day.

eXo is one of those companies that produces an open source version of their software as well as a paid version. My three readers know how I feel about that business model, and it made it kind of frustrating to figure out things since I couldn’t tell if the documentation would actually work on the “community” version. Also, to access the forums you need to register, which gets you a couple of spam-y e-mails trying to sell you on their paid version. Not too obnoxious and I can understand why they do it, but it was a little annoying.

It can also be hard to administer. A lot of the configuration is buried in .war files. For example, in order to set the default portal above, you have to unpack portal.war, change it and repack it. In playing around with the system, I decided that while the LDAP authentication is nice, the platform itself is way overkill for what we need. It is huge and on our system took several minutes to start up and would often spike the load with limited users.

So I spent a lot of time looking for alternatives. Unfortunately, the only option I found that had easy to understand LDAP integration was phpBB. When I mentioned that to the team, Jeff threw up in his mouth a little and I wasn’t too happy about that choice either. I don’t have the same prejudices as some, but I felt that its style was a little dated and there have been some serious security issues in the past associated with it.

But for grins I installed phpBB anyway. It was rather easy to do, which made me happy, but then I noticed that it was not easy to make the forum itself private. Another user story is that “Admin requires that only authorized users see the forum”. You can make certain parts of phpBB private, but I kind of wanted the same thing as eXo – an initial log in screen you have to use before accessing the site.

Then it dawned on me that we could just put it in a directory by itself in the web root, say /forum, and then make a pretty splash page on on the site with a link to it. Apache LDAP authentication is something we already figured out and knew worked and I could just require a valid login to access /forum.

This caused another lightbulb to go off. If we are going to do it that way, then why not just put any forum we like behind an LDAP authenticated directory?

The downside would be that users would need to create a forum-specific user if they wanted to add content, but on the upside they could choose their own usernames, thus obfuscating their identities for people who work at sensitive organizations. Thus we could have an LDAP user tied to, say, obama@whitehouse.gov and their forum name could be something totally different, like “Hot Cocoa”.

Yes, I know it is dressing up a bug as a feature, but to me it did seem useful.

Then I thought, hey, let’s revisit Discourse. That turned out to be harder than it would seem

Well, the only way to install Discourse on CentOS is as a Docker container, and at the moment it doesn’t seem to work.

The first time I tried to install it, it died complaining about lack of access to an SMTP server. No where in the instructions did it say you had to modify the app.yml and put in a valid mail server. In any case, I did that and restarted the install.

At one point during the install process I get this:

-- 0:  unicorn (4.8.3) from
Bundle complete! 92 Gemfile dependencies, 189 gems now installed.
Gems in the group development were not installed.
Bundled gems are installed into ./vendor/bundle.

I, [2015-04-04T04:49:47.161747 #38]  INFO -- : > cd /var/www/discourse
&& su discourse -c 'bundle exec rake db:migrate'
2015-04-04 04:49:55 UTC [339-1] discourse@discourse ERROR:  relation "users" does not exist at character 323
2015-04-04 04:49:55 UTC [339-2] discourse@discourse STATEMENT:      SELECT a.attname, format_type(a.atttypid, a.atttypmod),	                     pg_get_expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod
	                FROM pg_attribute a LEFT JOIN pg_attrdef d
	                  ON a.attrelid = d.adrelid AND a.attnum = d.adnum
	               WHERE a.attrelid = '"users"'::regclass
	                 AND a.attnum > 0 AND NOT a.attisdropped
	               ORDER BY a.attnum

which a Google search says to ignore, but then a little while later the install fails with:

RuntimeError: cd /var/www/discourse && su discourse -c 'bundle exec rake db:migrate' failed with return #
Location of failure: /pups/lib/pups/exec_command.rb:105:in `spawn' exec failed with the params {"cd"=>"$home", "hook"=>"bundle_exec", "cmd"=>["su discourse -c 'bundle install --deployment --verbose --without test --without development'", "su discourse -c 'bundle exec rake db:migrate'", "su discourse -c 'bundle exec rake assets:precompile'"]}

on which Google is much less helpful. No matter what I did I couldn’t get past it.

This kind of brings up an issue I have with Docker. Now let’s get this out of the way: I am jealous of the Docker project. We’ve been around for 15 years and gotten little notice whereas they have become huge in a short time. It would be nice if, say, I could get up to four readers on my blog.

But I really, really, really hated how hidden this whole process was. You install software on your system and then load “magic bits” from the Internet and hope it works. I think this is great on a intranet when you need to deploy lots of the same things, but without developing it internally first it was a little scary. When it doesn’t work it is incredibly hard to diagnose. Because the app wouldn’t build I couldn’t play with the database or really do anything, so I just uninstalled and reinstalled numerous times to try to fix this.

Plus, by running in a container, we would then need to modify nginx to use our LDAP configuration and that seems to be much harder than with Apache. I didn’t think it would be easy to just forward requests to the Docker instance, but since I couldn’t get it to work I’ll never know.

By this time I said, screw it, reinstalled phpBB and went home. It’s now about 8pm and I’ve been at it 11 hours.

Well, I have a mild form of OCD, or maybe it’s just being a geek, but I couldn’t let it rest. So early this morning (as in soon after midnight) I discovered a project called Luna (an active project from the aforementioned Wikimedia page).

Luna is the next iteration of the ModernBB project which is in turn is a fork of FluxBB. It’s simple, does almost everything I could want, and was incredibly easy to install. No Docker containers, no large Java app, just some PHP that you drop in your web root. Plus the webUI is built on bootstrap just like OpenNMS.

In about an hour I had it running, had changed the style to match our color palette, and fixed an issue where jquery wasn’t getting loaded by copying it down as a local file.

OpenNMS Luna Website

The downside is that it isn’t production yet. I installed 0.7 and earlier this morning they released 0.8. Jesse fixed an issue with the internal mail system and I have a couple of more issues that I’d like to see fixed, but overall I’m very happy with it. They are aiming to release 1.0 on 13 April.

And I really like their attitude and philosophy. They are self-funded and I love Yannick’s tag line of “You Can Do Anything.”

To help that I sent them 100€. (grin)

Anyway, sorry for the long post. I’ll let you know how it goes.

Mark Turner : Still some fight

April 04, 2015 02:36 AM

Still some fight
Mark Turner, April 2, 2015

I suppose I should offer a disclaimer to let you know that I’m not the official family spokesperson or anything of the sort. I’m just one of several co-authors here. I am not a doctor, nor do I play one on TV. I’m just a close friend of Scott who knows a lot of people care about him. I want to let you know what seems to me to be going on.

I am in a bit of a conundrum here as I have two somewhat conflicting beliefs:
1. Scott is getting the best care he possibly can by being at UNC.
2. Scott is improving, in spite of what his caregivers say.

After spending time with him over the last few nights, I can say he seems much better than he did last week. His mind is sharp, his speech is clearer and stronger, he’s closer to his normal color, and his strength has grown from even the day before. I don’t think Scott is exaggerating much when he calls the “IV IG” he’s been getting “miraculous.” It’s really helped his body boost his platelet count and he is noticeably more active.

Scott is certainly not out of the woods and faces an uphill climb. His kidney numbers from yesterday are discouraging, certainly, but I have a glimmer of hope that his recent improvement might carry over to his kidneys. He gets more lab work done Friday and Saturday. Let’s hope for the best!


Scott, Hang in there. You can & will beat this.
—Bob LeBrun, April 3, 2015

Mark, I am really glad that you posted this, not only because it makes me happy, but I’ve also seen an improvement over the last three nights. I’ve been taking comfort that, wondering if I’m crazy or just seeing what I want to see. But I’ll keep hoping and praying for him.
—Julia Trimmer, April 3, 2015

Scott – Lisa and the Family are thinking of you and praying for your recovery. Hang tough and keep up the fight.
Thanks for the updates Mark.
—Patrick Johnston, April 3, 2015

Hang Tough Scott. Your DBD teammates would like to offer our help if there’s anything that needs to be done around your house, or other errands/projects, etc that we could possibly help out with. Let us know…
—Allan Shang, April 3, 2015

Thank you Mark
I’m in agreement with his improving situation with the conflict on kidney and liver numbers. I think he needs to remain at chapel hill for a while longer to make a more complete determination of his situation. Shout out to you, Jeff and Mandy for all that you three have done for Scott and Erin.

Angels in our backyard.
Bless you
Scott’s brother , Wayne
—Wayne Greenough, April 3, 2015

Mark – thanks for the encouraging update.
Scott – we all want you to keep fighting – You got this bro!
—Greg Newman, April 3, 2015

Good Deal on the IV IG ! Managing 2ndary infections is key when battling a major illness. Carolyn had IG injections after each of her Chemo sessions and it doubled her white cell count when it would have been halved or worse.
—Mike Harris, April 3, 2015
We love you brother…stay strong and keep fighting!
—Todd Pollock, April 3, 2015

No disclaimer necessary. You’re a wonderful friend to dedicate time to keeping Scott’s family and friend network informed. For those of us not close by, we are watching HERE for news on Scott’s condition, your efforts are our lifeline to Scott. He has friends…brothers here in Connecticut who he grew up with who are very concerned, please pass to Scott we are here for him praying for his recovery.
Thank you Mark, for what you’re doing.
—Bill Moryto, April 3, 2015

Stay Strong Scott! Those two beauties need to see your smile & hear your laughter every day!
—Suzanne Ballou Rowell, April 3, 2015

Keep up the fight Scott! Miracles are all around us every day! Sending more love and prayers!
—Heather Dubian, April 3, 2015

My family is sending Prayers for you and your family. Get better Scott…
—dave calverley, April 3, 2015

So sad to hear this tonight! Wishing Scotty and Family all the best! All my years of playing Hockey, I truly enjoyed the time together. Such a positive and fun loving guy! Keep up the fight Scott!! Our thoughts and prayers are with everyone there! Miss you bud!
—Bryan Cox, April 3, 2015

Awesome update! Win the battle Scotty G!
—Brian Allen, April 2, 2015

Come on Scotty – do it. Fight like a mother f*cker. We all love you. ??
—Jen, April 2, 2015

Prayers for you and wishes for a speedy recovery!!! Love, your cousin Stef
—stefanie, April 2, 2015

Mark Turner : Scott is fighting for his life

April 04, 2015 02:23 AM

I was asked to remove my posts from Scott’s CaringBridge site so I decided to repost them here for anyone wishing to continue reading updates about him.

Scott is fighting for his life

Mark Turner, April 2, 2015
Scott has been in the hospital since mid March with terminal liver failure and is fighting for his life. He and his
wife Erin have asked me to set up this CaringBridge site for friends and well-wishers to keep up with his


Hey old buddy… Please hang in there and fight hard. We love you.
—Jonathan Chapman, April 2, 2015

You’re in our thoughts Scott. Stay strong friend!
—Russ Constantine, April 2, 2015

Sending massive amounts of healing energy your way, Scott.
—Barbara Gilly, April 2, 2015

Just read Michael Beaulieu’s message informing us of your condition. I was shocked, to say the least, but I have
great faith that God will listen to our prayers, therefore I am thinking that He will grant you full recovery. Just
don’t give up and keep trucking…don’t forget to pray though, that is the key to success. I am sending you my get
well prayers All our love from the Raymond’s family, in Connecticut.
—Charleen Raymond, April 2, 2015

Thinking of you playing that guitar and singing Johnny Cash my friend. Praying hard for you and the girls.
Sending tons of strength your way.
—Canady Thomas, April 2, 2015

Hang in there buddy. Wishing you all the best.
—Mike Marks, April 2, 2015

Prayers for you Scott, and to your family. May God Bless you all.
—Lisa Raffia, April 2, 2015

Sending you strength and prayers to you, Erin, and family. You have two beautiful girls that love you. Fight for
—Jennifer Lantry, April 2, 2015

So much love, prayers and strength being sent to you! Keep fighting!
—Heather Dubian, April 2, 2015

Praying…so hard. Fight Scott. Fight.
—Kathleen, April 2, 2015

Dude! What’re you doing??!! Get better!!!
Positive vibes for you and your wife.
—Annette Houle, April 2, 2015

The Beaulieu’s are praying for you – love you like a brother!
—Michael Beaulieu, April 2, 2015

Mark, thanks so much for setting this up! I am really glad to see it and I think Scott needs to know how many
people love him. There are a lot of Scotty fans out there!
—Julia Trimmer, April 2, 2015

Thinking about you and your family Scott! I know with all the love and support of your friends and family you
will make a quick recovery. Please let us know if there is anything we can do!
—Beth Marshall, April 2, 2015

Prayers to Scott, Erin and family. Always have great memories of Fermi hockey.
—Peter Smith, April 2, 2015

Praying for you Scott. So sorry to hear this news and believing for a miracle!
—Wayne Sombric, April 2, 2015

Sending love and prayers your way!
—Chrystal Ingersoll, April 2, 2015

Sending love and prayers to you!
—Allison Fuller Pike, April 2, 2015

Tarus Balog : OpenNMS on Bad Voltage

April 02, 2015 09:10 PM

I had to go back through my notes, but I first met Jono Bacon on April 12th, 2008 at a LugRadio Live show in San Francisco. Jeremy Garcia, the founder of LinuxQuestions.org, I didn’t meet until this year’s SCaLE conference, but I had been following that site since at least 2009 (or at least that the oldest e-mail I still have from it). Those two guys make up half of the team behind the Bad Voltage podcast.

The other half consists of Stuart “No Fruit in Beer” Langridge and Bryan “Puffy Nipples” Lunduke, both nicknames earned at SCaLE (where they did their first live show). Stuart, the more social and less-sickly of the pair, joined us for a few drinks one evening during the conference, but I have yet to meet Bryan face to face.

Which is probably a good thing, because the few seconds I saw said face on a Google hangout this week, well, it wasn’t pretty. Ebola is nothing to joke about so I shall leave it at that, but let’s just say he was under the weather.

I was on the Hangout because the guys asked me to come on Bad Voltage. The first time I was invited was a couple of weeks ago when the taping was on a Thursday. I couldn’t make that one, so considering the history of this crew I was a little suspicious when they asked me to chat on April Fool’s Day.

Of course, this is when I found out that Bryan was deathly ill and wouldn’t be joining us, and even my thick brain can detect a pattern. Dodges me at SCaLE even with the promise of free booze. Ditches me during the one time I’m on his show. I know when I’m not wanted.

The string of “coincidences” continued during the taping when Jono’s app crashed a few minutes into our chat. In 38 shows it had never happened before and so we had to start over, and the guys were good sports and laughed at all the right moments as I repeated my stories. April Fool’s Day is also my wedding anniversary, so they got a small slice of what it is to live with me and have to suffer through my stories over and over (she’s stuck with me for 22+ years so I guess that is one miracle for her sainthood, two to go).

Anyway, after the technical glitches were sorted and Bryan was done snubbing me, I thought the chat went pretty well. It’s hard for me to fit anything into ~10 minutes and I left stuff out that I would have liked to say, but I hope it gets people interested in OpenNMS. In any case, even without my bit (or should I say especially without my bit) the show is always entertaining and you should check it out. You’ll get the occasional F-bomb and sometimes references to moose genitalia, but overall it is pretty safe for work.

Anyhoo – check it out and let me know what you think:

Bad Voltage 1×39: Ambitious but Rubbish

Mark Turner : Scott Greenough is gravely ill

April 02, 2015 04:46 PM

Scott Greenough

Scott Greenough

I have been preoccupied for over a week as my close friend Scott Greenough has been battling for his life. He’s in the hospital now with terminal liver failure and everyone is concerned that he might not make it.

I set up a Caring Bridge site for Scott last night for his friends and loved ones to share their thoughts and follow his progress. You can check it out here.

Please keep him in your thoughts and prayers!

Update: I have created a separate blog for updates on Scott. See the Scott Greenough page.

Tarus Balog : OpenNMS at POSSCON, 14-15 April

April 01, 2015 04:23 PM


I love the fact that with the possible exception of OSCON (which has blacklisted me as a speaker for some reason), the main open source conferences all tend to be grassroots, regional affairs. I love going to them and find them to be much better than the commercial and corporate shows.

One I have never been able to attend is POSSCON. Although only one state away, my schedule has not worked out to allow me to go. I’ve heard a number of good things about it, so this year I was determined to attend and The OpenNMS Group is even a gold sponsor.

We will have be a booth where you can come by and see the new OpenNMS shiny, and I will be giving a talk on the first day about switching to the Linux Desktop, and on the second day there will be a workshop on using OpenNMS.

Hope to see you there.

Warren Myers : please reply at top

April 01, 2015 02:00 PM

There is a constant war over top-repliers, bottom-repliers, and inline-repliers.

If you’re replying to an email, reply at the top. Unless there is some overarching need to reply inline (hint – it is very very rare).

Bottom-replying makes me have to reread all the crap that has been left from previous messages before I get to what you wrote – what a phenomenal waste of time*!

Just reply at the top. Like every sane person does.


*Yes, you should also trim whatever you don’t need when you reply – but that’s another story.

Mark Turner : Google Fiber introduces Dialup Mode

April 01, 2015 10:37 AM

Google Fiber wants to slow things down a bit, so they’ve added Dialup Mode to Google Fiber.

Happy April 1st!

Mark Turner : Daylight Saving Time for Electricity

March 31, 2015 01:59 PM

Today (or maybe tomorrow? I’m still not sure) is the day that the hours change for those of us on Duke Energy Progress’s Time Of Use (TOU) electric billing plans. When you’re a grid-tied solar electricity provider like we are, Duke puts you on a TOU plan so that you are encouraged to use most of your electricity off-peak. The change in electric season is like Daylight Saving Time for our electric bills.

Peak hours in winter are from 6 AM to 1 PM and from 4 PM to 9 PM. Summer peak hours are from 10 AM to 9 PM. This means we can run our dryer or charge our electric car in the morning, rather than hold off until after 9 PM, which is a good thing.

I made a handy chart to help keep track of these schedules but haven’t shared it yet since I want to incorporate suggestions that Kelly made. Hopefully I’ll get it posted soon.

Mark Hinkle : OpenSource.com – Open source and DevOps aren’t mandatory, but neither is survival

March 31, 2015 02:28 AM

I recently wrote an article for OpenSource.com – Open source and DevOps aren’t mandatory, but neither is survival This article is part of the Easy DevOps column coordinated by Greg Dekoenigsberg, VP of Community at Ansible. Share your stories and advice that helps to make DevOps practical—along with the tools, processes, culture, successes and glorious/inglorious failures from your experience by contacting us at devops-stories@redhat.com.

Technorati Tags:

Tarus Balog : OpenNMS at Fifteen

March 30, 2015 12:14 PM

It was fifteen years ago today that the OpenNMS Project was registered on Sourceforge.

OpenNMS Sourceforge Summary

The project itself was started sometime in 1999, but I wasn’t around then as I didn’t get involved until 2001. I’ve been told that it started in July of that year, but since an open source project really doesn’t exist until something gets shared, it seems that March 30, 2000, is as good a day as any to mark the birth of OpenNMS.

I went poking around on the site and wasn’t able to find the very first thing posted there. I believe it was a mockup of an administration console using the Java Swing toolkit that never actually made it into the product. While I believe the code is still in there somewhere, in switching from CVS to SVN to git, dates do get a little corrupted and I couldn’t find it.

Anniversaries don’t really mean that much in practical terms. In moving from Sunday, March 29th, to Monday, March 30th there was no substantial change in OpenNMS at all. But it does lend itself to a bit of reflection, and fifteen years is a lot of time on which to reflect.

While I have been working on OpenNMS most of my professional career, I didn’t start it. People much smarter than me did, and that has pretty much been the story of my life. My only true talent is getting intelligent and creative people to work with me, and the rest of my career is just basking in their reflected glory. In 2002, the original founders decided to stop working on the project, but I saw its potential and was able to become its maintainer.

My original plan was to simply remain a company of one and provide consulting services around OpenNMS. That didn’t work out so well, as I soon realized that it could be much bigger than one person. In September of 2004, The OpenNMS Group was born in part to insure that the OpenNMS platform would always be around. We wanted to build something amazing, and this was reflected in our goal “to make OpenNMS the de facto management platform of choice.”

Being pretty much a group of technical people, we didn’t know we were doing things wrong. For a business plan we chose “Spend less money than you earn.” For a mission statement we liked “Help Customers – Have Fun – Make Money”. I put forth my two desires that OpenNMS should never suck and that OpenNMS should always be free software. We just took it from there.

This is not to say that we haven’t met with frustration. Gartner likes to diagram companies on two axes: “Vision” and “Ability to Execute that Vision”. We have a lot of vision, but our business model doesn’t give us a lot of resources to execute that vision quickly.

In order to change this, I spent a lot of time in Silicon Valley looking for an investor. Silicon Valley is pretty much the center of the technology industry, and one would assume that they would know the best way to run a technology based business. But I was pretty much told that you can’t be anyone unless you work in the Valley, you’re too old, and most importantly, you are doing it wrong.

There seems to be a formula they like out there. You raise a bunch of money. You hire as many people as fast as you can. You get as many users as possible and you hope that some larger company will buy you out. They call this an “exit strategy”, and this is supposed to be the focus of the business. Once you “exit” you can do it all again.

The problem, as I see it, is that a lot of companies have to exit before they get bought out. They run out of money, the investors run out of interest or patience, and then they just shutter the endeavor. Sure, you have your prominent billion dollar acquisitions, but in the scheme of things they are a very, very small percentage.

Plus, I’m already doing what I love to do. I really don’t want to do anything else. My chosen field, network management, is huge and I can always find something interesting in it, such as figuring out the best way to deal with the Internet of Things.

Sure, I believe that there are companies out there that would complement what we do. Ones that have the capital to help OpenNMS grow in a way that doesn’t go against our corporate culture. And while our involvement with such a company would probably be through an acquisition, I don’t see that as much as an “exit” as an evolution. I wouldn’t do the deal if I didn’t think I’d want to continue to work on the project, so I wouldn’t be going anywhere.

I see this post has become more about the business side of OpenNMS than the project itself, but I felt it was important to think about how our business philosophy permeates the project. Thus I thought it was serendipitous that Ben sent me a link to an article about an alternative to the “exit strategy” called the “exist strategy”.

The Nishiyama Onsen Keiunkan is the world’s oldest business. It is a hot springs hotel in Japan that was founded in 705 and has been run by fifty-two generations of the same family. They have survived and even thrived for 1300+ years by having a relentless focus on their customers. Even though they have only 40 rooms, by any measure you have to call their undertaking a success.

I think there is a huge problem with the tech industry’s focus on the exit. It’s such a short term goal. I expect the goal we set for OpenNMS to take the rest of my life and maybe some time after that. By focusing on an exit the people who usually end up paying for it are your customers, and that just doesn’t strike me as a way to run a business. I’m certain that if the Nishiyama Onsen Keiunkan had focused on growth over service they would have died out a long time ago. Heck, even the company that started OpenNMS closed its doors in 2004. When they weren’t moving fast enough toward their goal for the investors, the did what today we would call “a pivot” and it didn’t work out, even thought that’s what anyone in the Valley would have said was the right decision.

Look, I don’t want to come across as some sort of holier than thou “money is evil” kind of person. I run a business, not a charity. But as a businessman, and not a gambler, I truly believe that our best chance at financial success is to find a way for us deliver the best value we can to our customers. Period. That’s our focus, and any type of “exit” is way down on the list. Heck, the current management team at The OpenNMS Group is ten years older than the rest of the guys, and we’ve even thought of selling the business to them when we wish to retire. Not sure we can do it 52 times, but that is one form of exit that is still in line with an “exist strategy”.

And that’s the thought I want to take into the next fifteen years of OpenNMS. We have a covenant with our users and they have paid us back in kind with their support. This has resulted in a number of other impressive numbers. The OpenNMS Group has prospered for more than a decade. We are getting ready for our tenth OpenNMS Developers Conference, Dev-Jam. We’ve had almost the same number of OpenNMS User Conferences, the next one is in September and hosted by the independent OpenNMS Foundation.

We still have quite a few years to go to match the numbers of the Nishiyama Onsen Keiunkan, but I think that focusing on an “exist strategy” is the way to go. We still have the greatest team of people ever assembled to work on a software project, and while the faces and names have changed over the years, I still feel like I’m standing on the shoulders of giants.

And the view is great from up here.

Mark Turner : Southern again

March 27, 2015 09:27 PM

The family and I were spending a few hours trekking around Raven Rock State Park yesterday when we encountered three senior citizens who were obviously NC natives. They had made their way down the steep stairway to the base of Raven Rock and were looking for someone to take their picture.

“I’ll be happy to take y’alls picture,” I said as they handed me their iPhone. “Y’all just stand together right there.” I snapped two photos of them and grinned as I handed their phone back to them.

When we had climbed the stairs and were out of earshot, Hallie gave me a quizzical look and said, “you were totally Southern back there!”

“Well, that’s how I was raised!” I said as I shrugged and laughed. It doesn’t occur to me that that’s not how I act all the time. I see good country folks and can’t help but slip back into my Southern accent.

I guess the South our kids are growing up in is different than the one I grew up in. I suppose that’s a good thing, them being around people from different backgrounds. Even so, I sure hope I never forget where I am from, and how to speak properly with the good folks who’ve called North Carolina home far longer than I have.

Warren Myers : ifttt & box drive my desktop backgrounds … with a little cron happiness

March 26, 2015 06:15 PM

I love that OS X lets me change my background on a schedule (I use every 30 minutes now).

But I don’t like having to find pictures to populate my desktop menagerie with.

Enter completely SFW backgrounds via RSS feeds!

Using IFTTT, I watch for new items from a variety of daily photo feeds, and upload the new items to a folder in my Box account. I have that folder set to be the source for my desktop backgrounds, and bingo bango we have automated new images coming to enjoy!

The recipe I’m using is available for you to grab here. (I have several running, but you can use any RSS feed you’d like.)

Also, to ensure I don’t end up with duplicate images (eg from the Bing images feed), I have the following running as a cron job (thanks to Unix.SE for helping me figure it out):

md5 -r * | sort | awk 'BEGIN{lasthash = ""} $1 == lasthash {print $2} {lasthash = $1}' | xargs rm

That script removes any files with duplicate MD5 sums from the folder I keep the images in (note – you should put the actual path to your folder in your cron job).

Eric Christensen : For discussion: Orphaned package in Fedora

March 26, 2015 03:38 PM

The Fedora Security Team (FST) has uncovered an interesting problem.  Many packages in Fedora aren’t being actively maintained meaning they are unofficially orphaned.  This is likely not a problem since at least some of these packages will happily sit there and be well behaved.  The ones we worry about are the ones that pick up CVEs along the way, warning of unscrupulous behaviour.

The FST has been plugging away at trying to help maintainers update their packages when security flaws are known to exist.  So far we’ve almost hit the 250 bug level.  Unfortunately we forced a policy that still isn’t perfect.  What do you do with a package that is no longer is supported and has a known vulnerability in it?  Unless you can recruit someone to adopt the package the only responsible choice you have is to retire the package and remove it from the repositories.

This, of course, leads to other problems, specifically that someone has that package installed and they know not that the package is no longer supported nor do they know it contains a security vulnerability.  This morning, during the FST meeting, we discussed the problem a bit and I had an idea that I’ll share here in hopes of starting a discussion.

The Idea

Create a file containing all the packages that have been retired from a repository and perhaps a short reason for why this package has been retired.  Then have yum/dnf consume this information regularly and notify the user/admin when a package that is installed is added to this list.  This allows the system admin to become aware of the unsupported nature of the package and allows them to make a decision as to whether or not to keep the package on the system.

Okay, discuss…

Eric Christensen : A change in thinking…

March 26, 2015 02:32 AM

When I entered the information security world in late 2001 I received training on communications technologies that included a significant interest in confidentiality.  Obviously the rest of the trifecta, integrity and availability, were also important but maintaining communications security was king.

Now, almost fifteen years later, I’m still focused on the trifecta with confidentiality coming out with a strong lead.  But my goals have changed.  While confidentiality is an important piece of the puzzle, for privacy and other reasons, I feel it should no longer be king with my work and writing.

Over the coming weeks I plan to focus on the availability of data.  And not just whether or not a file is on a server somewhere but diving into the heart of the availability problem.  File format standards, flexibility of the data to be used with accessibility tools, ability to translate the words into other languages to ease sharing, and the ability to move the information to other forms of media to improve access are all topics I want to cover.

I’m largely writing this as a reminder of ideas I want to research and discuss but I hope this gets other people thinking about their own works.  If you have a great idea don’t you want to make it easier for other people to consume your thoughts and be able to build on them?  Unfortunately the solution isn’t simple and I suspect much will be written over time about the topic.  Hopefully we’ll have a solution soon before that StarWriter file you have stored on a 5.25″ floppy drive is no longer readable.

Scott Schulz : The Martian by Andy Weir

March 22, 2015 01:02 PM

I am about 90% through Andy Weir's The Martian book, and I gotta say, this is one fantastic read.

Written in large part as log entries by an astronaut named Mark Watney, it is different enough from the average SF (Sci-Fi) work in that regard alone, but then Andy includes enough geekery to really make things interesting. I won't go into any more detail, but if you are a geek (check), who is into spaceflight (check), and Mars exploration (check), then this is one book you need to read.

And better yet, they are nearly complete with the filming of the movie (starring Matt Damon as Mark Watney, for those of you who care about such things), so that should be out later this year.

The Martian by Andy Weir

Amazon Link: http://amzn.com/0553418025

Mark Turner : NSA and spyware

March 21, 2015 03:45 PM

NSA planting spyware on a Cisco router

NSA planting spyware on a Cisco router

The photo that disturbed Cisco so much, the one showing the NSA tampering with a Cisco router, actually does not concern me as much as previous reports of NSA spying. The photo shows NSA doing what it should be doing, going after the bad guys. They have a specific router going to a specific customer and they’re using good old-fashioned hard work to gain their access. I can only assume that the target of this investigation is worthy of such attention and its targeting has been duly legally authorized.

The other thing this photo shows me is that NSA opted to plant its spyware using physical means rather than network means. If NSA has some sort of super-secret backdoor into Cisco firmware it certainly isn’t apparent from this photograph.

Cisco can of course decide it wants to make it difficult for these NSA operations to succeed and that’s the company’s prerogative. Certainly this photograph can cause the company’s customers to question Cisco’s security and can hurt its business. Even so, if NSA wants to load its firmware on boxes one by one and hands-on in a legally-authorized pursuit of a true intelligence target, I suppose I’m ok with that.

Mark Turner : Cisco Shipping Hardware To Bogus Addresses To Throw Off NSA Intercept-And-Implant Efforts | Techdirt

March 21, 2015 03:30 PM

Cisco became an inadvertent (and very unwilling) co-star in the NSA Antics: Snowden Edition when its logo was splashed across the web by a leaked document detailing the agency’s interception of outbound US networking hardware in order to insert surveillance backdoors.

It moved quickly to mitigate the damage, sending a letter to the President asking him and his administration to institute some safeguards and limitations to protect US tech companies from the NSA’s backdoor plans. To date, there has been no direct response. So, Cisco has decided to handle the problem itself.

via Cisco Shipping Hardware To Bogus Addresses To Throw Off NSA Intercept-And-Implant Efforts | Techdirt.

Mark Turner : New Hampshire legislatures kill fourth graders’ bill and dreams.

March 19, 2015 11:40 PM

What assholes.

Last Thursday, fourth graders from Hampton Falls, New Hampshire visited their state legislature to observe a bit of democracy in action. The children had previously proposed House Bill 373, establishing the Red Tail Hawk as the New Hampshire State Raptor, as part of a civics lesson in how bills become laws. Their measure had already sailed out of the Environmental and Agriculture Committee. Now the young students gathered in the House galley to watch their bill pass its next hurdle.

via New Hampshire legislatures kill fourth graders' bill and dreams..

Mark Hinkle : Presentation – Linux Collab Summit – Cloud 2.0: Containers, Microservices and Cloud Hybridization

March 19, 2015 01:09 PM

Presented at Linux Collaboration Summit 2015 in Santa Rosa, CA on February 20th, 2015.


In a very short time cloud computing has become a major factor in the way we deliver infrastructure and services. Though we’ve quickly breezed through the ideas of hosted cloud and orchestration. This talk will focus on the next evolution of cloud and how the evolution of technologies like container (like Docker), microservices the way Netflix runs their cloud) and how hybridization (applications running on Mesos across Kubernetes clusters in both private and public clouds).

[Sometimes the embed didn’t work so you can also view the presentation here.]

<iframe src=”//www.slideshare.net/slideshow/embed_code/44943541″ width=”425″ height=”355″ frameborder=”0″ marginwidth=”0″ marginheight=”0″ scrolling=”no” style=”border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;” allowfullscreen> </iframe> <div style=”margin-bottom:5px”> <strong> <a href=”//www.slideshare.net/socializedsoftware/2015-linux-collaboration-summit-cloud-20-containers-microservices-and-cloud-hybridization” title=”Cloud 2.0: Containers, Microservices and Cloud Hybridization” target=”_blank”>Cloud 2.0: Containers, Microservices and Cloud Hybridization</a> </strong> from <strong><a href=”//www.slideshare.net/socializedsoftware” target=”_blank”>Mark Hinkle</a></strong> </div>

Technorati Tags: , ,

Mark Turner : A handsome exhibit

March 18, 2015 01:57 PM

It would make a cool art project to cast the hands of people who work in various vocations and display them together.

Mark Turner : Hand modeling

March 18, 2015 01:47 PM

Over the past few weeks I’ve gotten a taste of what life must be like for a hand model. Well, except for the fame and money part, of course.

I bought a lifecasting starter kit for my birthday. The problem of having a January birthday is that one’s skin is rarely in good shape from the bone-dry winter air. I’d been waiting a while for the cracks in my knuckles to heal. When they finally did, I managed to slice my right index finger when I was repairing the dishwasher last weekend. Fingertip injuries take a surprisingly long time to heal!

Ever since the dishwasher injury I’ve been overly careful with my hands, paranoid that I’ll cut myself again and have to delay casting my hand another week or more. On the other … hand (sorry, couldn’t resist), it’s been a good realization that the perfect body is a myth. We all have flaws that we conveniently overlook.

Perhaps it’s more realistic for me to cast my hand as it typically is: covered in cuts, grease, or ink; with blisters born from bicycling, yard work, or guitar-playing. Perhaps my nails will be worn down or torn from prying open computers or flattened by a misdirected hammer blow. This would be the most realistic depiction of my hands.

One of life’s secrets is learning to wear one’s scars as badges of honor.

Mark Turner : Google View

March 18, 2015 10:13 AM

Sitting in the dentist’s chair, enduring the agony of another teeth cleaning yesterday, I thought of the perfect use for the Google Fiber system coming to Raleigh.

I was being forced to watch Time Warner Cable’s News14 channel in front of me and thinking about how TWC’s local news model works. It didn’t take many minutes of watching the video (thankfully without audio, as the suction hose was often going) to realize how boilerplate it is. The TWC guys have an establishing shot, then zoom in on something dumb like police lights reflecting off the stolen car, then move on to another thing. It was obvious that the video doesn’t really tell the story – in fact, it is repetitive and dull. I could choose not to look up between rinses and feel like I didn’t really miss anything.

Then I thought about Capital Broadcasting, and how many broadcasters are able to do what they do because they ponied up decades ago for broadcast licenses and expensive studios. TWC didn’t have to compete for a license – they have all the bandwidth they need. They’re able to do what they do because most people’s television now gets routed through a coaxial cable. There is no need to build a transmitter anymore.

But TV habits are quickly changing, as I’ve written about before. People aren’t watching TV on TVs anymore. Increasingly, people watch their shows on devices, hooked to the Internet.

I thought about how Little Raleigh Radio tries harder to tell the story of Raleigh. I read earlier yesterday how Google Fiber gives free broadband to community organizations. There’s an opportunity here!

To be continued…

Warren Myers : seems i’m not the only one who thinks apple could make cars

March 16, 2015 01:55 PM

Dallas News ran a story recently on Apple being positioned to be a car maker.

Their reasoning:

  1. Cash (~$180B)
  2. It’s “ultimately” mobile
  3. They have “car guys” already
  4. Strong retail network
  5. They’re already global

I think it more likely they’d buy an existing manufacturer, and then Apple-ify them – but the arguments are strong that an Apple Car will be here sooner rather than later.

Mark Turner : Google Fiber: Kansas City offers Charlotte ‘Digital Divide’ lessons | The Charlotte Observer The Charlotte Observer

March 16, 2015 01:39 PM

CharO talks about Google Fiber and the Digital Divide

In a past job in Kansas City, Julie Porter was part of an intense, door-to-door campaign to get residents in economically challenged, mostly minority neighborhoods to sign up for Google’s high-speed Internet service.

Community organizers didn’t want residents in these areas to face an even wider Digital Divide.

Now the head of a Charlotte housing agency, Porter has urged local leaders here to get an early start encouraging residents to embrace broadband service, long before Google Fiber makes its planned Charlotte debut.

“It was just very, very challenging,” said Porter, president of the Charlotte-Mecklenburg Housing Partnership, of the Kansas City situation. “I wanted to make sure that Charlotte didn’t have the same experience.”

via Google Fiber: Kansas City offers Charlotte ‘Digital Divide’ lessons | The Charlotte Observer The Charlotte Observer.

Magnus Hedemark : State of the Nerd Report

March 14, 2015 08:55 PM

I’ve never really consistently given this personal blog of mine much love. Instead, I’ve tried to support larger soapboxes from which to either share my own stories or coordinate and recruit for others.

I’ve done a good bit of writing over the last couple of years for Red Hat, and now for Bronto. I had a piece on OpenSource.com that got a good bit of traction. But most of my writing for the last four months has been going into Autism Daily Newscast.

ADNewscast reached out to me last December through social media and asked if I might like to contribute a guest article from the perspective of an Autistic professional to help others like me to get started in their careers. I submitted the article, and it was well-received, so they asked if I’d like to write another.

Next thing you know, I’d become a Staff Writer, and was in charge of the weekly Careers column. I don’t always know what I’m going to write about next, but it’s been good for me to knock out an article every week and to get into the habit of writing regularly.

Then last week my Editor in Chief asked if I’d like to take on a larger role with the site and join the team of Editors. I did accept that role, and it’s proving to be a rewarding one.

I am autistic. This is not something that was known to me or the people around me for most of my life. But I know it now. And so much of the mysteries of my life make sense now. How come people sometimes say I talk too much? Or too little? How come I sometimes don’t know when to shut up? Or sometimes I can’t speak at all? Why, during periods of prolonged stress (often over really petty things) do I hide in a dark, quiet place and just silently decompress? Why do I have a long trail of broken but intense friendships smoldering in my wake? Most of these mysteries have now been answered with that new fundamental understanding of my self.

I’ve since been “out” about it more. I’ve made my needs known. I’ve engaged in self-advocacy, because those who claim to speak for people like me are often not themselves autistic. The largest Autism advocacy groups that you can think of have no legitimacy. So now I have to face people who dismiss me as being “too high functioning to understand their child’s needs”.

Thirty years ago, I was your autistic child. I was the kid that quietly read the dictionary from cover to cover, and then moved on to the encyclopedia. I was the kid who had memorized the taxonomic classification of every fish species in the public aquarium. I was the kid who would “spaz” (melt down) or simply and quietly shut down when things got to be too tough. I was the kid who was always being told “look me in the eye”, even (especially) when it seemed impossible for me to do so.

I know what it means to be that autistic kid, even if I didn’t know that I was autistic at the time. I’m very comfortable in knowing that I’m in a stronger position to advocate for autism than the parents who have never walked a mile in my own shoes.

As such, I’ve largely been disengaged from tech geekery at home for awhile. I’m getting more and more plugged in to the community of my peers, finding my voice, getting more comfortable with the knowledge that I am different and I do need and deserve some understanding in order to better succeed in this world.

And I’m not going to fight this just for myself; I’m going to fight it so my autistic daughter, who I understand better than Autism Speaks ever will, can enjoy a better chance of success when it’s time for her to live as an adult in this world that will never understand her.

Mark Turner : The magically-filling fuel tank

March 14, 2015 02:00 PM

Earlier this week I got to experience a phenomenon very unique to electric vehicles.

I was driving out of the parking deck at work on a warm day that had started much cooler. Batteries are sensitive to temperature and don’t provide less power when it’s cooler. My electric car had dialed back its expected range on my cooler morning commute and kept it there as my car waited in the cool parking deck for me to get off of work.

As I drove out at the end of the day, the car’s thermometer rose briskly as it went from the cool parking deck to the warm afternoon air. I watched in amusement as my car’s range began increasing as I drove! It was like someone was adding fuel to my tank! I gained 20 miles of range on a six-mile drive.

Only in an electric car can one drive somewhere and actually get an increase in range!

Mark Turner : Book idea: Malcom McLean

March 13, 2015 05:24 PM

I became fascinated yesterday of a relatively-unsung North Carolina hero, Malcom McLean. It’s not much of a stretch to say McLean more or less revolutionized world trade with his invention of the standardized shipping container. Not bad for a truck driver from Maxton, NC who only had a high school education.

Someone ought to tell his story.

Mark Turner : LTE on Skip Stam

March 13, 2015 05:19 PM

I sent this to the N&O regarding Rep. Paul “Skip” Stam’s apparent reversal of support for redistricting reform.

It is disappointing to see Rep. Paul “Skip” Stam, once a champion of redistricting reform, backing a bill that quite plainly gerrymanders the Wake County Commission. We the voters lose again.

My original version called Stam “long a champion,” but it appears his days of championing redistricting reform are over. I hope one version or another makes it to print.

Tarus Balog : Minnesota Twins and Dev Jam

March 13, 2015 04:48 PM

Just got our stack o’ Twins tickets for this year’s OpenNMS Dev Jam.

It’s become something of a tradition, and we’re back in left field so maybe the Twins will win.

Even Ulf gets to go:

I’ll be opening up Dev Jam registration in April so be sure to save the dates.