Warren Myers : ifttt & box drive my desktop backgrounds … with a little cron happiness

March 26, 2015 06:15 PM

I love that OS X lets me change my background on a schedule (I use every 30 minutes now).

But I don’t like having to find pictures to populate my desktop menagerie with.

Enter completely SFW backgrounds via RSS feeds!

Using IFTTT, I watch for new items from a variety of daily photo feeds, and upload the new items to a folder in my Box account. I have that folder set to be the source for my desktop backgrounds, and bingo bango we have automated new images coming to enjoy!

The recipe I’m using is available for you to grab here. (I have several running, but you can use any RSS feed you’d like.)

Also, to ensure I don’t end up with duplicate images (eg from the Bing images feed), I have the following running as a cron job (thanks to Unix.SE for helping me figure it out):

md5 -r * | sort | awk 'BEGIN{lasthash = ""} $1 == lasthash {print $2} {lasthash = $1}' | xargs rm

That script removes any files with duplicate MD5 sums from the folder I keep the images in (note – you should put the actual path to your folder in your cron job).

Eric Christensen : For discussion: Orphaned package in Fedora

March 26, 2015 03:38 PM

The Fedora Security Team (FST) has uncovered an interesting problem.  Many packages in Fedora aren’t being actively maintained meaning they are unofficially orphaned.  This is likely not a problem since at least some of these packages will happily sit there and be well behaved.  The ones we worry about are the ones that pick up CVEs along the way, warning of unscrupulous behaviour.

The FST has been plugging away at trying to help maintainers update their packages when security flaws are known to exist.  So far we’ve almost hit the 250 bug level.  Unfortunately we forced a policy that still isn’t perfect.  What do you do with a package that is no longer is supported and has a known vulnerability in it?  Unless you can recruit someone to adopt the package the only responsible choice you have is to retire the package and remove it from the repositories.

This, of course, leads to other problems, specifically that someone has that package installed and they know not that the package is no longer supported nor do they know it contains a security vulnerability.  This morning, during the FST meeting, we discussed the problem a bit and I had an idea that I’ll share here in hopes of starting a discussion.

The Idea

Create a file containing all the packages that have been retired from a repository and perhaps a short reason for why this package has been retired.  Then have yum/dnf consume this information regularly and notify the user/admin when a package that is installed is added to this list.  This allows the system admin to become aware of the unsupported nature of the package and allows them to make a decision as to whether or not to keep the package on the system.

Okay, discuss…

Eric Christensen : A change in thinking…

March 26, 2015 02:32 AM

When I entered the information security world in late 2001 I received training on communications technologies that included a significant interest in confidentiality.  Obviously the rest of the trifecta, integrity and availability, were also important but maintaining communications security was king.

Now, almost fifteen years later, I’m still focused on the trifecta with confidentiality coming out with a strong lead.  But my goals have changed.  While confidentiality is an important piece of the puzzle, for privacy and other reasons, I feel it should no longer be king with my work and writing.

Over the coming weeks I plan to focus on the availability of data.  And not just whether or not a file is on a server somewhere but diving into the heart of the availability problem.  File format standards, flexibility of the data to be used with accessibility tools, ability to translate the words into other languages to ease sharing, and the ability to move the information to other forms of media to improve access are all topics I want to cover.

I’m largely writing this as a reminder of ideas I want to research and discuss but I hope this gets other people thinking about their own works.  If you have a great idea don’t you want to make it easier for other people to consume your thoughts and be able to build on them?  Unfortunately the solution isn’t simple and I suspect much will be written over time about the topic.  Hopefully we’ll have a solution soon before that StarWriter file you have stored on a 5.25″ floppy drive is no longer readable.

Scott Schulz : The Martian by Andy Weir

March 22, 2015 01:02 PM

I am about 90% through Andy Weir's The Martian book, and I gotta say, this is one fantastic read.

Written in large part as log entries by an astronaut named Mark Watney, it is different enough from the average SF (Sci-Fi) work in that regard alone, but then Andy includes enough geekery to really make things interesting. I won't go into any more detail, but if you are a geek (check), who is into spaceflight (check), and Mars exploration (check), then this is one book you need to read.

And better yet, they are nearly complete with the filming of the movie (starring Matt Damon as Mark Watney, for those of you who care about such things), so that should be out later this year.

The Martian by Andy Weir

Amazon Link: http://amzn.com/0553418025

Mark Turner : NSA and spyware

March 21, 2015 03:45 PM

NSA planting spyware on a Cisco router

NSA planting spyware on a Cisco router

The photo that disturbed Cisco so much, the one showing the NSA tampering with a Cisco router, actually does not concern me as much as previous reports of NSA spying. The photo shows NSA doing what it should be doing, going after the bad guys. They have a specific router going to a specific customer and they’re using good old-fashioned hard work to gain their access. I can only assume that the target of this investigation is worthy of such attention and its targeting has been duly legally authorized.

The other thing this photo shows me is that NSA opted to plant its spyware using physical means rather than network means. If NSA has some sort of super-secret backdoor into Cisco firmware it certainly isn’t apparent from this photograph.

Cisco can of course decide it wants to make it difficult for these NSA operations to succeed and that’s the company’s prerogative. Certainly this photograph can cause the company’s customers to question Cisco’s security and can hurt its business. Even so, if NSA wants to load its firmware on boxes one by one and hands-on in a legally-authorized pursuit of a true intelligence target, I suppose I’m ok with that.

Mark Turner : Cisco Shipping Hardware To Bogus Addresses To Throw Off NSA Intercept-And-Implant Efforts | Techdirt

March 21, 2015 03:30 PM

Cisco became an inadvertent (and very unwilling) co-star in the NSA Antics: Snowden Edition when its logo was splashed across the web by a leaked document detailing the agency’s interception of outbound US networking hardware in order to insert surveillance backdoors.

It moved quickly to mitigate the damage, sending a letter to the President asking him and his administration to institute some safeguards and limitations to protect US tech companies from the NSA’s backdoor plans. To date, there has been no direct response. So, Cisco has decided to handle the problem itself.

via Cisco Shipping Hardware To Bogus Addresses To Throw Off NSA Intercept-And-Implant Efforts | Techdirt.

Mark Turner : New Hampshire legislatures kill fourth graders’ bill and dreams.

March 19, 2015 11:40 PM

What assholes.

Last Thursday, fourth graders from Hampton Falls, New Hampshire visited their state legislature to observe a bit of democracy in action. The children had previously proposed House Bill 373, establishing the Red Tail Hawk as the New Hampshire State Raptor, as part of a civics lesson in how bills become laws. Their measure had already sailed out of the Environmental and Agriculture Committee. Now the young students gathered in the House galley to watch their bill pass its next hurdle.

via New Hampshire legislatures kill fourth graders' bill and dreams..

Mark Hinkle : Presentation – Linux Collab Summit – Cloud 2.0: Containers, Microservices and Cloud Hybridization

March 19, 2015 01:09 PM

Presented at Linux Collaboration Summit 2015 in Santa Rosa, CA on February 20th, 2015.


In a very short time cloud computing has become a major factor in the way we deliver infrastructure and services. Though we’ve quickly breezed through the ideas of hosted cloud and orchestration. This talk will focus on the next evolution of cloud and how the evolution of technologies like container (like Docker), microservices the way Netflix runs their cloud) and how hybridization (applications running on Mesos across Kubernetes clusters in both private and public clouds).


Technorati Tags: , ,

Mark Turner : A handsome exhibit

March 18, 2015 01:57 PM

It would make a cool art project to cast the hands of people who work in various vocations and display them together.

Mark Turner : Hand modeling

March 18, 2015 01:47 PM

Over the past few weeks I’ve gotten a taste of what life must be like for a hand model. Well, except for the fame and money part, of course.

I bought a lifecasting starter kit for my birthday. The problem of having a January birthday is that one’s skin is rarely in good shape from the bone-dry winter air. I’d been waiting a while for the cracks in my knuckles to heal. When they finally did, I managed to slice my right index finger when I was repairing the dishwasher last weekend. Fingertip injuries take a surprisingly long time to heal!

Ever since the dishwasher injury I’ve been overly careful with my hands, paranoid that I’ll cut myself again and have to delay casting my hand another week or more. On the other … hand (sorry, couldn’t resist), it’s been a good realization that the perfect body is a myth. We all have flaws that we conveniently overlook.

Perhaps it’s more realistic for me to cast my hand as it typically is: covered in cuts, grease, or ink; with blisters born from bicycling, yard work, or guitar-playing. Perhaps my nails will be worn down or torn from prying open computers or flattened by a misdirected hammer blow. This would be the most realistic depiction of my hands.

One of life’s secrets is learning to wear one’s scars as badges of honor.

Mark Turner : Google View

March 18, 2015 10:13 AM

Sitting in the dentist’s chair, enduring the agony of another teeth cleaning yesterday, I thought of the perfect use for the Google Fiber system coming to Raleigh.

I was being forced to watch Time Warner Cable’s News14 channel in front of me and thinking about how TWC’s local news model works. It didn’t take many minutes of watching the video (thankfully without audio, as the suction hose was often going) to realize how boilerplate it is. The TWC guys have an establishing shot, then zoom in on something dumb like police lights reflecting off the stolen car, then move on to another thing. It was obvious that the video doesn’t really tell the story – in fact, it is repetitive and dull. I could choose not to look up between rinses and feel like I didn’t really miss anything.

Then I thought about Capital Broadcasting, and how many broadcasters are able to do what they do because they ponied up decades ago for broadcast licenses and expensive studios. TWC didn’t have to compete for a license – they have all the bandwidth they need. They’re able to do what they do because most people’s television now gets routed through a coaxial cable. There is no need to build a transmitter anymore.

But TV habits are quickly changing, as I’ve written about before. People aren’t watching TV on TVs anymore. Increasingly, people watch their shows on devices, hooked to the Internet.

I thought about how Little Raleigh Radio tries harder to tell the story of Raleigh. I read earlier yesterday how Google Fiber gives free broadband to community organizations. There’s an opportunity here!

To be continued…

Warren Myers : seems i’m not the only one who thinks apple could make cars

March 16, 2015 01:55 PM

Dallas News ran a story recently on Apple being positioned to be a car maker.

Their reasoning:

  1. Cash (~$180B)
  2. It’s “ultimately” mobile
  3. They have “car guys” already
  4. Strong retail network
  5. They’re already global

I think it more likely they’d buy an existing manufacturer, and then Apple-ify them – but the arguments are strong that an Apple Car will be here sooner rather than later.

Mark Turner : Google Fiber: Kansas City offers Charlotte ‘Digital Divide’ lessons | The Charlotte Observer The Charlotte Observer

March 16, 2015 01:39 PM

CharO talks about Google Fiber and the Digital Divide

In a past job in Kansas City, Julie Porter was part of an intense, door-to-door campaign to get residents in economically challenged, mostly minority neighborhoods to sign up for Google’s high-speed Internet service.

Community organizers didn’t want residents in these areas to face an even wider Digital Divide.

Now the head of a Charlotte housing agency, Porter has urged local leaders here to get an early start encouraging residents to embrace broadband service, long before Google Fiber makes its planned Charlotte debut.

“It was just very, very challenging,” said Porter, president of the Charlotte-Mecklenburg Housing Partnership, of the Kansas City situation. “I wanted to make sure that Charlotte didn’t have the same experience.”

via Google Fiber: Kansas City offers Charlotte ‘Digital Divide’ lessons | The Charlotte Observer The Charlotte Observer.

Magnus Hedemark : State of the Nerd Report

March 14, 2015 08:55 PM

I’ve never really consistently given this personal blog of mine much love. Instead, I’ve tried to support larger soapboxes from which to either share my own stories or coordinate and recruit for others.

I’ve done a good bit of writing over the last couple of years for Red Hat, and now for Bronto. I had a piece on OpenSource.com that got a good bit of traction. But most of my writing for the last four months has been going into Autism Daily Newscast.

ADNewscast reached out to me last December through social media and asked if I might like to contribute a guest article from the perspective of an Autistic professional to help others like me to get started in their careers. I submitted the article, and it was well-received, so they asked if I’d like to write another.

Next thing you know, I’d become a Staff Writer, and was in charge of the weekly Careers column. I don’t always know what I’m going to write about next, but it’s been good for me to knock out an article every week and to get into the habit of writing regularly.

Then last week my Editor in Chief asked if I’d like to take on a larger role with the site and join the team of Editors. I did accept that role, and it’s proving to be a rewarding one.

I am autistic. This is not something that was known to me or the people around me for most of my life. But I know it now. And so much of the mysteries of my life make sense now. How come people sometimes say I talk too much? Or too little? How come I sometimes don’t know when to shut up? Or sometimes I can’t speak at all? Why, during periods of prolonged stress (often over really petty things) do I hide in a dark, quiet place and just silently decompress? Why do I have a long trail of broken but intense friendships smoldering in my wake? Most of these mysteries have now been answered with that new fundamental understanding of my self.

I’ve since been “out” about it more. I’ve made my needs known. I’ve engaged in self-advocacy, because those who claim to speak for people like me are often not themselves autistic. The largest Autism advocacy groups that you can think of have no legitimacy. So now I have to face people who dismiss me as being “too high functioning to understand their child’s needs”.

Thirty years ago, I was your autistic child. I was the kid that quietly read the dictionary from cover to cover, and then moved on to the encyclopedia. I was the kid who had memorized the taxonomic classification of every fish species in the public aquarium. I was the kid who would “spaz” (melt down) or simply and quietly shut down when things got to be too tough. I was the kid who was always being told “look me in the eye”, even (especially) when it seemed impossible for me to do so.

I know what it means to be that autistic kid, even if I didn’t know that I was autistic at the time. I’m very comfortable in knowing that I’m in a stronger position to advocate for autism than the parents who have never walked a mile in my own shoes.

As such, I’ve largely been disengaged from tech geekery at home for awhile. I’m getting more and more plugged in to the community of my peers, finding my voice, getting more comfortable with the knowledge that I am different and I do need and deserve some understanding in order to better succeed in this world.

And I’m not going to fight this just for myself; I’m going to fight it so my autistic daughter, who I understand better than Autism Speaks ever will, can enjoy a better chance of success when it’s time for her to live as an adult in this world that will never understand her.

Mark Turner : The magically-filling fuel tank

March 14, 2015 02:00 PM

Earlier this week I got to experience a phenomenon very unique to electric vehicles.

I was driving out of the parking deck at work on a warm day that had started much cooler. Batteries are sensitive to temperature and don’t provide less power when it’s cooler. My electric car had dialed back its expected range on my cooler morning commute and kept it there as my car waited in the cool parking deck for me to get off of work.

As I drove out at the end of the day, the car’s thermometer rose briskly as it went from the cool parking deck to the warm afternoon air. I watched in amusement as my car’s range began increasing as I drove! It was like someone was adding fuel to my tank! I gained 20 miles of range on a six-mile drive.

Only in an electric car can one drive somewhere and actually get an increase in range!

Mark Turner : Book idea: Malcom McLean

March 13, 2015 05:24 PM

I became fascinated yesterday of a relatively-unsung North Carolina hero, Malcom McLean. It’s not much of a stretch to say McLean more or less revolutionized world trade with his invention of the standardized shipping container. Not bad for a truck driver from Maxton, NC who only had a high school education.

Someone ought to tell his story.

Mark Turner : LTE on Skip Stam

March 13, 2015 05:19 PM

I sent this to the N&O regarding Rep. Paul “Skip” Stam’s apparent reversal of support for redistricting reform.

It is disappointing to see Rep. Paul “Skip” Stam, once a champion of redistricting reform, backing a bill that quite plainly gerrymanders the Wake County Commission. We the voters lose again.

My original version called Stam “long a champion,” but it appears his days of championing redistricting reform are over. I hope one version or another makes it to print.

Tarus Balog : Minnesota Twins and Dev Jam

March 13, 2015 04:48 PM

Just got our stack o’ Twins tickets for this year’s OpenNMS Dev Jam.

It’s become something of a tradition, and we’re back in left field so maybe the Twins will win.

Even Ulf gets to go:

I’ll be opening up Dev Jam registration in April so be sure to save the dates.

Tarus Balog : Free OpenNMS Workshop in Berlin – 30 March 2015

March 12, 2015 07:50 PM

If you happen to speak German and can get to Berlin on March 30th, Ronny Trommer will be giving a day long workshop on OpenNMS.

No promises, but afterward there will probably be beer.

Jesse Morgan : Yak Shaving: VMWare Update Edition.

March 12, 2015 07:44 PM

  1. Review nessus report, see Samba needs patching.
  2. Patch Samba.
  3. While retesting, I notice ESX has a patch that needs implementing.
  4. Find out they released 6.0 today. Rather than upgrading to 5.5.1 then 6.0, I look into upgrading directly to 6.0
  5. While looking to implement that I research updatemanager, which I can’t use since I don’t have a windows server to install it on.
  6. So I look at doing it manually, and find out that I need to upgrade vcenter first, since vcenter can’t manage esx hosts that are a higher version.
  7. I find https://www.youtube.com/watch?v=QXOkUVhIOA8 which seems to be exactly what I need.
  8. Spend half an hour looking for OVA file similar to what was used for 5.5. It does not exist.
  9. identify vcenter appliance download for 6.0. Download 3 gig ISO. Not an exact match, but close.
  10. mount ISO locally. Setup file says “vCenter Server Appliance installer cannot run on Linux. It must be run on Windows.”
  11. Spend half an hour searching for the friggen OVA.
  12. Someone clues me in that “vcsa/vmware-vcsa” on the iso is actually the OVA file. Copy that from readonly ISO to local disk, rename it as vmware-vsca-6.0.ova
  13. go to vcenter server web client, navigate to datastore.
  14. See coworker set off alarms on one datastore for being overused. Need to look into that later.
  15. Find out that I need to install a browser plugin to upload a friggen file to their web interface.
  16. Download plugin, install it.
  17. plugin doesn’t appear, realize that it installed in the wrong place.
  18. research how to uninstall the stupid plugin, then reinstall it to the right place. Still doesn’t show.
  19. Someone suggests using OVAtool. I don’t even remember what that does or if it’ll even help me. I don’t know if it works on linux, if I can install it on my workstation, or where to even find it.
  20. restart chrome; lose half of my tabs when the second window doesn’t reappear. plugin still doesn’t work.

Day two:

  1. retry chrome plugin, it fails to be detected again.
  2. research to find out that the plugin interface that VMware uses is deprecated, and their plugin only works with archaic versions of chrome
  3. Give up, load windows VM
  4. download the *deprecated* vsphere client for windows
  5. attempt to install vsphere. Installer disappears.
  6. try reinstalling, receive error that installer is in progress, then fails, then receive another failure message regarding .net 3.5
  7. installer refuses to run because an installer is already running.
  8. reboot windows
  9. run installer, installer disappears. Task manager shows background process “windows modules installer worker” using 99% of my disk bandwidth. maybe it’s still working?
  10. after 10 minutes, installer reappears. entire install takes 25 minutes.
  11. Upload OVA to datastore1 so it can be deployed.
  12. Attempt to deploy the OVA template through the web interface. Notified that “The CLient Integration Plugin must be installed to enable OVF functionality.”  (note OVA and OVF are interchangeable at this point.)
  13. Unable to COPY said text from web interface because hell, why not. Text is not selectable; maybe it’s an image?
  14. Attempt to create a new virtual machine from OVA template. Datastores inaccessible.
  15. Attempt to deploy OVA from windows client. Am unable to deploy from datastore (i.e. I must reupload 1.8 gig file again).
  16. Upload template, click through menus and get a brand new “fill in the blank” screen that I don’t recall seeing before. Attempt to fill it out to the best of my ability.
  17. Start Appliance, fails due to password needing to be reset. Web interface does not respond.
  18. After 20 minutes of digging, I delete it.
  19. start over, leaving the form empty.
  20. Similar Message: “Root password is not set. vmdir.password is not set; aborting installation.” Web interface does not respond.
  21. review my notes from the 5.5 install.
  22. dry run installation of 5.5 OVA file;  existing form has 5 fields.; Hostname is the only one really required.
  23. 6.0 OVA has 46 fields; It is unclear how many are required. Perhaps all of them.
    1. if host network mode is set to DHCP, ip address and host network prefix are not required. Default gateway, dns servers, and host identity don’t state if they are required.
    2. SSO Configuration talks about a directory password for replication partner. Is this the 5.5 instance I’m planning to mirror? I don’t think so- I’m pretending this is a stand-alone instance so I can follow the migration video later, which presumes the new instance is already installed but not configured. Setting temporary password for administrator.
    3. leaving the rest of the SSO configuration default
    4. leave database config set to Embedded.
    5. Setting root password in System Configuration (which is different than the Administrator account password set 3 steps ago).
    6. Leaving upgrade configuration blank.
    7. Leave networking properties blank
  24. After finally getting the vcenter 6.0.0 installed, it turns out 6.0.0 no longer uses port 5480, as seen in the first video, which was the only one that came up when searching for upgrades yesterday.
  25. Because, why would the upgrade process from 5.1 to 5.5 be the same as 5.5 to 6.0, right?
  26. Start searching again, find this video which appears to cover what I need.
  27. I install the vmware client integration plugin from the ISO I downloaded previously on the windows VM (which is nearly out of space at this point).
  28. run upgrader from ISO.
  29. Walk through all the options and get to step 4 before getting the message: “vCenterServer FQDN vcenter.foo.com does not match DNS servers “localhost.localdom,localhost” and ip addresses “” from VC certificate. Examine the VC certificate and make sure it is valid and point to vCenter Server FQDN.”
  30. Which if I’m reading correctly, means that before I can upgrade, I have to install a properly signed certificate on 5.5 for…. I’m gonna guess the :5480 interface, which may be a totally different cert than the one for :9443.
  31. research and find that I can circumvent this by setting the cert regeneration flag in the :5480 interface and rebooting vcenter.
  32. try the upgrade tool again
  33. realize 3 seconds after clicking OK that I just started a process of unknown length at 2pm on a friday.
  34. process finishes at 3pm, warns me that my license is about to expire for vcenter(!)
  35. re-enter license, am told it is no longer valid.
  36. panic as I realize our license is for vcenter 5, not vcenter 6.
  37. research and am told that it’s a simple upgrade procedure in the vmware portal to get a new license key for 6.0
  38. go through motions, import new key, everything is awesome.


I owe a tremendous debt of gratitude  towards the guys in #VMware on freenode. without their assistance, I’d probably be under my desk sobbing right now.


MONDAY: I’ll continue by upgrading the esx hosts. I’m sure it’ll go smoothly.


Eric Christensen : Postfix Encryption

March 12, 2015 05:09 PM

I’ve been tinkering with the encryption options in Postfix for a while.  Encryption between clients and their SMTP server and between SMTP servers is necessary to protect the to, from, and subject fields, along with the rest of the header, of an email.  The body of the message is also protected but it’s always better to utilize PGP or S/MIME cryptography to provide end-to-end protection; encryption between clients and SMTP servers doesn’t provide this.

As rolled out now, encryption between SMTP servers is opportunistic encryption and is generally not required.  While doing a review of my mail log I seem to be receiving most personal mail via some encrypted circuit while much of the mail coming out of listservs, like Yahoo! Groups, is not negotiating encryption on connect.  I’ve also noticed that some email providers actually run their incoming email through an external service, I suspect for spam control, before accepting the message into their servers.  Some of these spam services don’t support encryption making it difficult to protect mail in transit.

Postfix documentation is pretty decent.  The project seems to document most settings but sometimes they don’t actually put the entire picture together.  Encryption is one of those things where a complete picture is difficult to put together just by looking at a single page of documentation.

Postfix’s documentation on TLS is fairly complete.  What they miss on that page, forward security, must be found else where.  Until last night, I had missed that last page and now have fixed my configuration to include, what I consider, acceptable settings.

Here’s what I’ve got:


### TLS
# enable opportunistic TLS support in the SMTP server
smtpd_tls_security_level = may
smtpd_tls_eecdh_grade = ultra
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
smtpd_tls_loglevel = 1
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.key
smtpd_tls_CAfile = /etc/pki/tls/certs/mail-bundle.crt
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_received_header = yes
tls_random_source = dev:/dev/urandom
#TLS Client
smtp_tls_security_level = may
smtp_tls_eecdh_grade = ultra
smtp_tls_loglevel = 1
smtp_tls_cert_file = /etc/pki/tls/certs/mail.crt
smtp_tls_key_file = /etc/pki/tls/private/mail.key
smtp_tls_CAfile = /etc/pki/tls/certs/mail-bundle.crt


submission inet n       –       –       –       –       smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous

Those familiar with setting up TLS in Apache will notice a few differences here.  We haven’t defined ciphers or SSL protocols.  This is because this is opportunistic encryption.  We’re just happy if encryption happens, even using EXPORT ciphers, since the alternate is plaintext.  In a more controlled setting you could define the ciphers and protocols and enforce their use.  Until encryption becomes the norm on the Internet (and why shouldn’t it be?) I’ll have to stick with just begging for encrypted connections.

It should also be noted that client-to-SMTP server connections are forced to be encrypted in master.cf as seen in the submission portion.  This was a quick and dirty way of forcing encryption on the client side while allowing opportunistic encryption on the public (port 25) side.

It should be noted that ECC keys can be used with Postfix, which forces good ciphers and protocols, but most email servers have RSA keys established so problems could arise from that.  Dual keys can always be used to take advantage of both ECC and RSA.

As SSLLabs is for testing your web server’s encryption settings, so is CheckTLS for checking your SMTP encryption settings.  These tools are free and should be part of your regular security check of your infrastructure.

Eric Christensen : USB Killer (or maybe it’s a killer via USB?)

March 12, 2015 04:02 PM

A co-worker passed this along to me and I felt this was worthy of further dissemination.


And this, my friends, is why you shouldn’t just plug in random, unknown USB devices.

Tarus Balog : Framing the Net Neutrality Debate

March 09, 2015 06:35 PM

Sorry for the delay in commenting on this, but I’ve been sick with the flu and I’m just now getting back to normal.

Back on February 26th, the FCC voted to treat the Internet as a utility. As a huge fan of “Net Neutrality” I was cautiously optimistic about this, but I was saddened by the fact that the 3-2 vote was along party lines. With the current dysfunctional US government, I was hoping that something as important as a free and open Internet would not be politicized.

Those who would try to control the Internet for their own agenda were quick to respond. Verizon issued a reply that looked like it was created on an old typewriter, implying that ideas created in 1934 (the law that formed the basis of the FCC decision) couldn’t be useful in a modern world. It’s an informal fallacy – instead of trying to describe why the world would be better off with Verizon in control of the Internet, a much harder proposition, they opted to throw a bunch of rhetoric at the problem.

Those against Net Neutrality are going to try to frame the issue as “anti-capitalist”. The problem is that a key component of free markets is “easy entry and exit”. The idea is that if one company is making a profit, competitors will enter in to the marketplace until the overall profit reaches zero. The problem with utilities such as the Internet, electricity and water is that it is not easy to enter or exit the market, which creates barriers to a truly free marketplace. While I can argue that it is uniquely American for a large corporation to try and protect its unfair advantages, it is also anti-capitalist and government should exist to maintain a level playing field.

No, what Verizon dreams about is becoming the Enron of the Internet. I managed to get my hands on a leaked, new “Venron” logo:

Enron demonstrated the problems when you try to mix in greed with a utility. Due to companies such as Enron exerting undue influence in politics, the decision was made to deregulate the generation of electricity in California. Everyone used the same rhetoric being used in the Net Neutrality debate: free markets are the best for the people and “trust us” – why would we want to hurt our own customers? This resulted in skyrocketing energy prices and rolling blackouts throughout the State.

Internet companies such as Verizon are using those same tactics to build opposition to Net Neutrality. Their pet politicians, such as Senator Ted Cruz of Texas (the State responsible for Enron) have been hard at work trying to tie a free Internet to the idea of “too much government” and you can expect them to compare it to everything from the Affordable Care Act to Climate Change.

We need to respond with the simple mantra that a vote against Net Neutrality is a vote for an “Enron of the Internet”. It’s as easy and straightforward as that. Net Neutrality means that no one company, or cabal of companies, can control the Internet – not even the government. It is a vote for freedom and democracy, and anyone who is against that is against the ideals that created our country in the first place.

Yeah, I know that the Constitution is a really old document (even older than 1934) but it has held up pretty well. Let’s make sure that the opponents of a free Internet aren’t allow to disgrace it as well.

Eric Christensen : CERN cares about information security… what about you?

March 08, 2015 04:44 PM

As a security engineer it’s usually difficult for me to endure many of dumb things companies do.  It’s quite sad when a company that prides itself on creating solutions for building internal solutions to protect customer data actually starts pushing its own data out to Google and other “solution” providers.  It’s as if they don’t actually believe in their own products and actually think that a contract will actually protect their data.

So it’s quite refreshing when you run across a group that actually gets information security.  Recently, I ran across the information security bulletins at CERN (particle physics is another interest of mine) and was excited to find a group that actually gets it.  They provide internal, secure solutions for getting their work done without using outside solutions such as Google, Apple, Microsoft, Amazon, and Dropbox cloud solutions (I wish more of the internal solutions were FOSS but…).  In fact, CERN feels externally-hosted solutions are a bad idea for both business and personal uses.  I concur.

Here is a sample of their infosec bulletins:

What about you?  Do you care about the security of your information?

Tarus Balog : Dell, Rhymes with Fail

March 06, 2015 07:03 PM

Yes, I am a bit frustrated at the moment. This post is something of a plea that someone within the huge organization known as the Dell Computer company has a clue and can help me out. Before you think I’m just a big hater, here is a shot of one of our computer racks:

As you can tell, we do use a lot of Dell hardware (and yes, there is an HP box squeezed in the middle there).

I work hard. As a result of that, I feel I deserve nice things, and what I really want right now is a nice laptop. But I want a laptop that runs Linux well.

I’ve looked at the systems from System76, but I want a higher density screen than they offer. I would look at the new X1 Carbon from Lenovo, but I’m still angry at them for Stoopidfish, and while I plan to wipe any laptop I get from any vendor I still think it will be some time before I can give them money.

No, I like to support Linux-friendly vendors, so I recently ordered the Dell M3800 laptop, Ubuntu edition. I ordered it on February 2nd.

A couple of my three blog readers have contacted me eager for my review, but I wasn’t able to publish it because I have yet to receive the laptop. In fact, it appears my original order has been canceled. Here is the story.

I placed the order on the 2nd, and got an estimated delivery date of the 18th. That would have been perfect as I would have the new machine just before SCaLE. Unfortunately, it was not to be, and my estimated delivery date was pushed out until the 26th.

Well, the 26th came and went with no update from Dell. I finally decided to contact them and I was told they would expedite my case.

This week I was told that “I regret to inform you that we are not able to process the order 769577335 due to configuration mismatch.”


You drag me along for a month and then tell me that there is a “configuration mismatch”? Now I have to reorder and go through the whole process again? Plus, there was no “mea culpa” and no offer of, heck, free shipping or an expedited order – just “so sorry, try again”.


Like an idiot, I decided to try again.

I got to the order page, and that’s when I found out what the magical “configuration mismatch” was. It turns out that you can’t order a Dell M3800 laptop with Ubuntu and a second hard drive.


In the configuration I want, I want a 256GB SSD for the primary drive and a 1TB HDD for the secondary drive. That should make the operating system fast while giving me lots of room for files and git repos on the slower HDD.

But when I check it, I get this error:

Choosing Windows makes it go away.

I was dumbfounded. The issue that kept me from getting my laptop, and it appears the issue that will keep me from getting this laptop at all, it that Dell doesn’t know how to deal with a second hard drive on Ubuntu.

Just to make sure, I did one of those chat-thingies:

Time 	                Details
03/06/2015 10:24:51AM 	Session Started with Agent (Jayant K S)
03/06/2015 10:24:51AM 	Tarus Balog: "."
03/06/2015 10:24:59AM 	Agent (Jayant K S): "Welcome to Dell US Small Business Chat! My name is Jayant Kumar Singh and I will be your Dell.com Sales Chat Expert. I can be reached at jayant_k_singh@dell.com or via phone at 1-800-289-3355 ext. 4166817. How may I help you today?"
03/06/2015 10:25:07AM 	Agent (Jayant K S): "Hi Tarus :-)"
03/06/2015 10:25:26AM 	Tarus Balog: "I'm trying to order a Dell M3800 laptop with Ubuntu, but it tells me I can't get a secondary hard drive with Ubuntu, only Windows. Is this true?"
03/06/2015 10:25:52AM 	Agent (Jayant K S): "I am sorry about the inconveinence. Glad you chatted in today, I will try my best to help you"
03/06/2015 10:25:57AM 	Agent (Jayant K S): "Let me check"
03/06/2015 10:27:17AM 	Tarus Balog: "I get that error"
03/06/2015 10:27:26AM 	Tarus Balog: "and it goes away if I choose Windows"
03/06/2015 10:27:37AM 	Agent (Jayant K S): "ok"
03/06/2015 10:29:55AM 	Agent (Jayant K S): "I am working on it please stay connected"
03/06/2015 10:30:14AM 	Tarus Balog: "ok"
03/06/2015 10:32:12AM 	Agent (Jayant K S): "how much boot drive space do you need and how much for the second"
03/06/2015 10:33:24AM 	Tarus Balog: "I was going to order a 256GB SSD for primary and 1TD HDD for secondary"
03/06/2015 10:34:12AM 	Agent (Jayant K S): "Give me 1 Minute"
03/06/2015 10:36:53AM 	Agent (Jayant K S): "I am sorry the second hard drive is not allowed"
03/06/2015 10:37:44AM 	Tarus Balog: "Okay"

My guess is that the Dell provisioning process is so rigid that when it comes to Ubuntu they don’t know how to mount the second drive. This causes the whole thing to fall apart. I don’t know why just mounting it as /data isn’t acceptable, but just when I thought Dell was getting it together when it comes to Linux it appears it is just so much black magic to them.

My hope is that someone from the Dell Linux team will actually see this post and will reply. There is only one thing I really want to know and I have not been able to find out: are there any special PPA’s that ship with the Ubuntu version of the M3800 for drivers, etc. If not, then I’ll buy the Windows version, wipe it and at least have the hardware I want. Yes, it costs me over a $100 more for something I’ll just throw away, but at least I’ll have my laptop issue solved.

This whole process has really soured me on a brand I used to like. My current laptop is the Dell XPS 13 Ubuntu version I bought several years ago and I still like it – I just need more screen real estate. I see now why Apple is able to dominate this market. They always under-promised and over delivered (I never had an Apple order show up late and most showed up a day or more early). I never got some crazy “configuration mismatch” errors when trying to place an order.

And in the few times that Apple made a mistake, they went out of their way to make it better.

Mark Turner : ‘Homebrew’ email servers: Genius as well as sneaky? :: WRAL.com

March 06, 2015 06:19 PM

No, it’s not always a room filled with wires and glowing blue lights. It’s probably not even the size of your furnace. The personal email server used by Hillary Rodham Clinton during her time as secretary of state was probably about the size of your office desktop computer and could have been tucked quietly in a corner somewhere.

She’s come a long way since 1997, when Clinton’s staff bought the then-first lady a copy of the book "E-Mail for Dummies."

Setting up your own email server is something only the geekiest of tech geeks do because of the serious hassles involved, including spending every waking hour fending off spam. Like brewing your own beer, it’s typically done just for fun — a way to challenge your smarts and fill the time. It also appeals to those who fear the government is sniffing around and could compel companies like Google or Yahoo to release customer data.

via 'Homebrew' email servers: Genius as well as sneaky? :: WRAL.com.

Mark Turner : Historic moment: Saudi Arabia sees End of Oil Age coming and opens valves on the carbon bubble – EnergyPost.eu

March 06, 2015 02:33 AM

This is a fascinating read about the oil market that took me a while to really get, but it finally makes sense.

Tl;dr The Saudis are selling all the oil they can now because they’re worried that oil is quickly becoming obsolete. They’d rather sell at a drastic discount than be left with oceans of oil but no buyers.

Most analysts believe Saudi Arabia refuses to cut production because it wants to shake out its higher-cost competitors or because it wants to punish Iran and Russia. There may be some truth in those theories, writes Elias Hinckley, strategic advisor and head of the energy practice with international law firm Sullivan and Worcester, but they miss the deeper motivation of the Saudis. Saudi Arabia, he says, sees the end of the Oil Age on the horizon and understands that a great deal of global fossil fuel reserves will have to stay underground to avoid catastrophic global warming. “That’s why it has opened the valves on the carbon asset bubble.”

via Historic moment: Saudi Arabia sees End of Oil Age coming and opens valves on the carbon bubble – EnergyPost.eu.

Mark Turner : Separate And Unequal: Gen. Petraeus Facing Mild Wrist Slap For Leaking Eight Books Full Of Classified Info To His Mistress

March 04, 2015 05:46 PM

Can’t wait to see Ed Snowden offered the same sweet deal. I’m sure that will happen, right?

The administration still wants to punish whistleblowers and leakers, but only if it can do it with logic borrowed from Animal Farm. When it comes to prosecution, some leakers are more equal than others.

John Kiriakou — who exposed a single CIA operative’s name while exposing its waterboarding tactics — spent more time in jail than former CIA director Leon Panetta, who has spent (at last count) a grand total of 0 days locked up for leaking tons of classified info to Zero Dark Thirty’s screenwriter, Mark Boal.

Of course, some leaks just aren’t leaks, at least not according to the government. Kiriakou’s were wrong. Panetta’s were right. And Kiriakou spent three years in prison for a lesser "crime."

via Techdirt..

Mark Turner : Detectives suspect inside job in North Carolina gold heist | abc11.com

March 04, 2015 05:36 PM

Stating the obvious, exhibit 34,532.

Search warrants obtained by ABC11 show that detectives suspect an inside job in the robbery of $4.8 million worth of gold from a truck along I-95 Sunday.It was originally reported that guards working for Transvalue Inc. of Miami said they pulled off to the side of the interstate about 6:30 p.m. after their vehicle began having mechanical problems.

But the warrants made public Wednesday show a passenger in the truck said he was feeling sick and requested the truck pull over so he could vomit.

via Detectives suspect inside job in North Carolina gold heist | abc11.com.

Mark Turner : Clinton ran own computer system for her official emails :: WRAL.com

March 04, 2015 05:35 PM

Hillz got mad skillz, running her own mailserver. Who knew she was a 7337 hacX0R?

The computer server that transmitted and received Hillary Rodham Clinton’s emails — on a private account she used exclusively for official business when she was secretary of state — traced back to an Internet service registered to her family’s home in Chappaqua, New York, according to Internet records reviewed by The Associated Press.

The highly unusual practice of a Cabinet-level official physically running her own email would have given Clinton, the presumptive Democratic presidential candidate, impressive control over limiting access to her message archives. It also would distinguish Clinton’s secretive email practices as far more sophisticated than some politicians, including Mitt Romney and Sarah Palin, who were caught conducting official business using free email services operated by Microsoft Corp. and Yahoo Inc.

via Clinton ran own computer system for her official emails :: WRAL.com.

Mark Turner : Google in talks on phone network in US: executive, Technology – THE BUSINESS TIMES

March 04, 2015 01:46 PM

Interesting report that Google intends to become an MVNO (reselling wireless service).

[BARCELONA] US Internet giant Google says it is in talks with telecom companies about operating its own mobile phone services in the United States.

"We are actually working with carrier partners. You will see us announce it in the coming months," Sundar Pichai, Google’s senior vice-president for products, said on Monday.

"We don’t intend to be a network operator at scale," however, he added, speaking at the Mobile World Congress, a major telecom trade fair in Barcelona.

The California-based company would become a kind of virtual mobile operator by buying access to existing firms’ networks and selling it on to clients.

via Google in talks on phone network in US: executive, Technology – THE BUSINESS TIMES.

Scott Schulz : SpaceX ABS/Eutelsat-1 Mission

March 02, 2015 10:02 PM

Sat up last night to watch another great launch from the crew over at SpaceX. This time they used the Falcon 9 rocket to launch a pair of satellites (ABS 3A and Eutelsat 115 West B) into their initial orbits. From there, the satellites will maneuver themselves into their final orbit over the upcoming months.

As usual, the launch broadcast featured little in the way of fanfare as would a NASA launch, but they certainly got the job done, and for most of the 20 minutes or so there were approximately 30,000 viewers listed on the LiveStream feed.

SLC-40 Mission Patch

Kevin Sonney : The productivity problem

March 02, 2015 02:02 PM

As is so often the case, I’ve let myself get behind on all of the tasks and projects I need to keep up with. Between work, hobbies, volunteering, &tc it’ REALLY easy to do. Once upon a time, I used the Franklin Planner system, which was pretty awesome. With the advent of the smartphone, though, the need to carry around a paper binder full of calendars and todo lists and project organization seemed silly.

And for a while it was AWESOME. I could put most of what I need into things like OmniFocus, Evernote and Remember the Milk. All these great tools centered around GTD.

But times change, and tools change, and I find myself in a bind with the tooling. I have something like 11 streams of incoming tasks/information, each it’s own “silo” :

Not Work
– GMail
– Google Calendar
– Evernote
– Github
– Trello
– Remember the Milk

– Exchange Mail
– Exchange Calendar
– Jira
– Salesforce
– Confluence
– Sharepoint

And those are the ones I remember of the top of my head. Now, short moving BACK to a paper system just to centralize everything, is there a tool out there that can/does integrate ALL these input streams and will help me organize them all? Some basic requirements :

OS Support :
– Mac (both home & work)
– Linux (home mostly)
– Android
– iOS
Integrations :
– Google/iCal
– Exchange
– Bonus for any of the other listed streams above

Price : Reasonable. Free and OSS preferred

Am I out of my mind in thinking that somewhere there is a tool that can do all that? Or am I going back to the dark ages and going back to killing trees (i.e. paper)?

Mark Turner : Five years gone

March 02, 2015 02:43 AM

It was five years ago today that my close friend Gerry Reid was killed in a freak traffic accident. The days that followed were some of the darkest days of my life, though obviously they don’t even come close to what his family went through.

The scars heal but the wound never goes away. I miss Gerry’s wisdom and humor. Someday we will hoist tasty brews again, my friend. Cheers to you, wherever you are.

Mark Turner : Time stands still?

March 02, 2015 02:37 AM

Kelly and I had a rare night alone last night, having shuffled Hallie off to a friend’s party and Travis off to a sleepover. We settled in on the couch to watch a movie, keeping an eye on the clock on the mantle so we could pick Hallie up from her party in time.

As the clock advanced to our 9:30 departure time, we increased the frequency of checking it, of course. I looked at it at 9:15, turned again to the TV, then checked the time again a few minutes later. It seemed that time was passing more slowly than I had expected but I thought little of it.

The movie was really engaging but I stole another look at the clock. It read 9:25. Wow, that seems like it should have been longer, I thought. The movie was really good, though, so I turned back to the TV.

At last, the clock read 9:30. Kelly and I dutifully switched off the TV and moved towards the garage. I stopped in my tracks when I saw the clock on the stove: It wasn’t 9:30, it was 10:05!

We raced out to the party to pick up Hallie thirty minutes late, apologizing profusely when we got there and offering our lame excuse. Then we dropped off her friend and returned home to bed. Earlier today, I moved the slow clock up to the current time and Kelly and I verified it.

For almost 12 hours now, the clock has kept accurate time. And before our movie began yesterday, the clock was keeping accurate time. For some strange reason from 9 PM to 9:30 PM, the clock was moving about half as fast as it normally does. Neither Kelly nor I can determine why. It was just odd.

Jesse Morgan : wacom Intuos tablet crashes Xorg in Kubuntu

March 01, 2015 04:09 PM

every 1 in 10 times I hook up my Wacom Intuos to Kubuntu, xorg crashes with this lovely message. It’s very irksome.

Linux linwider 3.16.0-28-generic #38-Ubuntu SMP Fri Dec 12 17:37:40 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Kubuntu 14.10

xsetwacom –list devices
Wacom Intuos PT S Pen stylus id: 9 type: STYLUS
Wacom Intuos PT S Finger touch id: 10 type: TOUCH
Wacom Intuos PT S Pen eraser id: 16 type: ERASER
Wacom Intuos PT S Finger pad id: 17 type: PAD


Bus 001 Device 005: ID 056a:0302 Wacom Co., Ltd

[180969.708] (II) config/udev: Adding input device Wacom Intuos PT S Pen (/dev/input/mouse2)
[180969.708] (II) No input driver specified, ignoring this device.
[180969.708] (II) This device may have been added with another device file.
[180969.710] (II) config/udev: Adding input device Wacom Intuos PT S Finger (/dev/input/event16)
[180969.710] (**) Wacom Intuos PT S Finger: Applying InputClass "evdev touchpad catchall"
[180969.710] (**) Wacom Intuos PT S Finger: Applying InputClass "touchpad catchall"
[180969.710] (**) Wacom Intuos PT S Finger: Applying InputClass "Default clickpad buttons"
[180969.710] (**) Wacom Intuos PT S Finger: Applying InputClass "Wacom class"
[180969.710] (II) Using input driver 'wacom' for 'Wacom Intuos PT S Finger'
[180969.710] (**) Wacom Intuos PT S Finger: always reports core events
[180969.710] (**) Option "Device" "/dev/input/event16"
[180969.710] (EE) Wacom Intuos PT S Finger: Invalid type 'stylus' for this device.
[180969.710] (EE) Wacom Intuos PT S Finger: Invalid type 'eraser' for this device.
[180969.710] (EE) Wacom Intuos PT S Finger: Invalid type 'cursor' for this device.
[180969.710] (II) Wacom Intuos PT S Finger: type not specified, assuming 'touch'.
[180969.710] (II) Wacom Intuos PT S Finger: other types will be automatically added.
[180969.710] (--) Wacom Intuos PT S Finger touch: maxX=4096 maxY=4096 maxZ=0 resX=26000 resY=43000 
[180969.710] (II) Wacom Intuos PT S Finger touch: hotplugging dependent devices.
[180969.710] (EE) Wacom Intuos PT S Finger touch: Invalid type 'stylus' for this device.
[180969.710] (EE) Wacom Intuos PT S Finger touch: Invalid type 'eraser' for this device.
[180969.710] (EE) Wacom Intuos PT S Finger touch: Invalid type 'cursor' for this device.
[180969.710] (II) Wacom Intuos PT S Finger touch: hotplugging completed.
[180969.760] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.1/input/input46/event16"
[180969.760] (II) XINPUT: Adding extended input device "Wacom Intuos PT S Finger touch" (type: TOUCH, id 14)
[180969.760] (**) Wacom Intuos PT S Finger touch: (accel) keeping acceleration scheme 1
[180969.760] (**) Wacom Intuos PT S Finger touch: (accel) acceleration profile 0
[180969.760] (**) Wacom Intuos PT S Finger touch: (accel) acceleration factor: 2.000
[180969.760] (**) Wacom Intuos PT S Finger touch: (accel) acceleration threshold: 4
[180969.760] (**) Wacom Intuos PT S Finger pad: Applying InputClass "evdev touchpad catchall"
[180969.761] (**) Wacom Intuos PT S Finger pad: Applying InputClass "touchpad catchall"
[180969.761] (**) Wacom Intuos PT S Finger pad: Applying InputClass "Default clickpad buttons"
[180969.761] (**) Wacom Intuos PT S Finger pad: Applying InputClass "Wacom class"
[180969.761] (II) Using input driver 'wacom' for 'Wacom Intuos PT S Finger pad'
[180969.761] (**) Wacom Intuos PT S Finger pad: always reports core events
[180969.761] (**) Option "Device" "/dev/input/event16"
[180969.761] (**) Option "Type" "pad"
[180969.772] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.1/input/input46/event16"
[180969.772] (II) XINPUT: Adding extended input device "Wacom Intuos PT S Finger pad" (type: PAD, id 15)
[180969.772] (**) Wacom Intuos PT S Finger pad: (accel) keeping acceleration scheme 1
[180969.772] (**) Wacom Intuos PT S Finger pad: (accel) acceleration profile 0
[180969.772] (**) Wacom Intuos PT S Finger pad: (accel) acceleration factor: 2.000
[180969.772] (**) Wacom Intuos PT S Finger pad: (accel) acceleration threshold: 4
[180969.773] (II) config/udev: Adding input device Wacom Intuos PT S Pen (/dev/input/event15)
[180969.773] (**) Wacom Intuos PT S Pen: Applying InputClass "evdev tablet catchall"
[180969.773] (**) Wacom Intuos PT S Pen: Applying InputClass "Wacom class"
[180969.773] (II) Using input driver 'wacom' for 'Wacom Intuos PT S Pen'
[180969.773] (**) Wacom Intuos PT S Pen: always reports core events
[180969.773] (**) Option "Device" "/dev/input/event15"
[180969.773] (II) Wacom Intuos PT S Pen: type not specified, assuming 'stylus'.
[180969.773] (II) Wacom Intuos PT S Pen: other types will be automatically added.
[180969.773] (--) Wacom Intuos PT S Pen stylus: using pressure threshold of 27 for button 1
[180969.773] (--) Wacom Intuos PT S Pen stylus: maxX=15200 maxY=9500 maxZ=1023 resX=100000 resY=100000 tilt=enabled
[180969.773] (II) Wacom Intuos PT S Pen stylus: hotplugging dependent devices.
[180969.773] (EE) Wacom Intuos PT S Pen stylus: Invalid type 'cursor' for this device.
[180969.773] (EE) Wacom Intuos PT S Pen stylus: Invalid type 'touch' for this device.
[180969.773] (EE) Wacom Intuos PT S Pen stylus: Invalid type 'pad' for this device.
[180969.773] (II) Wacom Intuos PT S Pen stylus: hotplugging completed.
(EE) Backtrace:
(EE) 0: /usr/bin/X (xorg_backtrace+0x56) [0x7fb0bba1ce96]
(EE) 1: /usr/bin/X (0x7fb0bb866000+0x1bb099) [0x7fb0bba21099]
(EE) 2: /lib/x86_64-linux-gnu/libc.so.6 (0x7fb0b959a000+0x36eb0) [0x7fb0b95d0eb0]
(EE) 3: /usr/lib/xorg/modules/input/wacom_drv.so (0x7fb0afed0000+0x103c0) [0x7fb0afee03c0]
(EE) 4: /usr/lib/xorg/modules/input/wacom_drv.so (0x7fb0afed0000+0xe00d) [0x7fb0afede00d]
(EE) 5: /usr/lib/xorg/modules/input/wacom_drv.so (0x7fb0afed0000+0x62cf) [0x7fb0afed62cf]
(EE) 6: /usr/lib/xorg/modules/input/wacom_drv.so (0x7fb0afed0000+0x650e) [0x7fb0afed650e]
(EE) 7: /usr/bin/X (0x7fb0bb866000+0x95638) [0x7fb0bb8fb638]
(EE) 8: /usr/bin/X (0x7fb0bb866000+0xbfcc9) [0x7fb0bb925cc9]
(EE) 9: /lib/x86_64-linux-gnu/libc.so.6 (0x7fb0b959a000+0x36eb0) [0x7fb0b95d0eb0]
(EE) 10: /lib/x86_64-linux-gnu/libc.so.6 (close+0x2d) [0x7fb0b968679d]
(EE) 11: /usr/bin/X (xf86CloseSerial+0x21) [0x7fb0bb925521]
(EE) 12: /usr/lib/xorg/modules/input/wacom_drv.so (0x7fb0afed0000+0x5c25) [0x7fb0afed5c25]
(EE) 13: /usr/lib/xorg/modules/input/wacom_drv.so (0x7fb0afed0000+0x9c79) [0x7fb0afed9c79]
(EE) 14: /usr/bin/X (0x7fb0bb866000+0xa4948) [0x7fb0bb90a948]
(EE) 15: /usr/bin/X (0x7fb0bb866000+0xbb5b9) [0x7fb0bb9215b9]
(EE) 16: /usr/bin/X (0x7fb0bb866000+0xbb8f8) [0x7fb0bb9218f8]
(EE) 17: /usr/bin/X (WakeupHandler+0x6b) [0x7fb0bb8c1f1b]
(EE) 18: /usr/bin/X (WaitForSomething+0x1c7) [0x7fb0bba1a247]
(EE) 19: /usr/bin/X (0x7fb0bb866000+0x56fe1) [0x7fb0bb8bcfe1]
(EE) 20: /usr/bin/X (0x7fb0bb866000+0x5b3d6) [0x7fb0bb8c13d6]
(EE) 21: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xf5) [0x7fb0b95bbec5]
(EE) 22: /usr/bin/X (0x7fb0bb866000+0x4576e) [0x7fb0bb8ab76e]
(EE) Segmentation fault at address 0xa9a8
Fatal server error:
(EE) Caught signal 11 (Segmentation fault). Server aborting
Please consult the The X.Org Foundation support 
at http://wiki.x.org
for help. 
(EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information.
(II) AIGLX: Suspending AIGLX clients for VT switch
(EE) Server terminated with error (1). Closing log file.

Mark Turner : Google Wants To Help You Buy Solar Panels For Your House. Seriously. | ThinkProgress

February 28, 2015 08:41 PM

It’s a shame this type of innovation is blocked by North Carolina law.

If you to want to install solar panels on your roof but haven’t yet because it’s too expensive, Google really wants to help.

The search giant, valued at $370 billion, is once again boosting its investment in SolarCity’s residential solar power model by $300 million, both companies announced Thursday. Combined with a new financing structure from SolarCity, the companies say this will result in a new fund worth $750 million to help install distributed rooftop solar on homes across the country.

via Google Wants To Help You Buy Solar Panels For Your House. Seriously. | ThinkProgress.

Mark Turner : This Is How Verizon Bullshits You | Maximum PC

February 28, 2015 08:39 PM

Verizon hates regulation, but when it hurts their greedy business model.

The fact that Verizon is releasing this kind of PR stunt designed to tell you, the public, that the FCC is using an outdated regulation not suitable for the modern technology era, is complete horse shit. The PR machine at Verizon is essentially spitting in your face, thinking you won’t even notice because it knows the majority of the public is too ignorant of what actually goes on behind the scenes and that most people don’t really have the time to dig through reports and papers.

Up until today, Verizon was freely using Title II on and off wherever it felt it could cut costs and fund infrastructure using public funds. It’s now only making a play that the FCC’s rules are unfit for modern society because the new rules will hurt its revenue stream from content providers.

via This Is How Verizon Bullshits You | Maximum PC.

Tarus Balog : SCaLE 13x – Days Two and Three

February 28, 2015 03:36 PM

[Note: Today marks the start of my thirteenth year of blogging about open source. Wow]

Sorry for the delay in getting this post written. We’ve had a couple of bouts of winter weather in North Carolina this week and it has really messed up the schedule. This was quite unlike the beautiful weather we experienced in Los Angeles for SCaLE 13x.

Saturday, Day Two for me, was a long one. The expo floor was open for eight hours so outside of giving my talk and lunch I was pretty much in the booth. I think my talk was well received, but Jeff’s talk later in the day was standing room only. I was told that the talks were being streamed live so I hope to see archived recordings soon.

I missed Jeff’s talk because I was in the booth giving away another set of MC Frontalot CDs. The winner did not want to be identified, so I don’t have a picture.

I didn’t take many pictures that day (we were too busy) but I did get a lot that evening. There was a game night with food and a bar, and that’s where the OpenNMS-sponsored Frontalot show was held.

Before the main festivities, they opened up the room for kids. They had a bunch of games set up. Jess told me that this was “Super Smash Brothers” (I think) at the Mario Kart stage.

About 9:30pm Damian started his set.

I think it was well received – I at least had fun. He hit all of my favorites with the exception of “Critical Hit” and this was the first show I’ve been to that he also had video. For those songs with official videos, those were played, but he’d also arranged some graphics for the others. I thought “Victorian Space Prostitute” worked particularly well, although Jess was the only one I think who recognized all the cosplay.

After the show there was a raffle. Colleen did a lot of the giveaways but since I had to spend the entire weekend in the booth I didn’t get to play (sniff).

I did get a nice picture of another SCaLE organizer, Ilan with his lovely bride:

After the show I ran into Jono Bacon and most of the Bad Voltage crew.

Jono seemed convinced that I looked like George Jetson:

but I think I much more rock the Fred Flintstone:

Comments? I doubt it is as divisive as the color of that dress.

[Note: Does any else remember that short lived show Wait Till Your Father Gets Home? Hanna-Barbera’s The Flinstones was set in the past, and The Jetsons was set in the future, and this was the show for the present. Yes, I’m old]

As the evening wound down I helped Damian get his gear back to the hotel and then we hit the bar in the Hilton. I had met the wonderful Stuart Langridge earlier, so I offered to buy him a drink (and learned that there should be no fruit in beer) and before you knew it we had a nice little crowd in our little corner of the bar. While I love going to conferences for the things I learn, sometimes it is the moments around the conference that create the most memories.

On Sunday I managed to hit the booth right on time (at the ungodly hour of 10am) and then, before you knew it, it was over. The wonderful Cynthia Aguilera was the winner of our third and last set of Frontalot CDs.

After we got everything packed up for the trip home, I just kind of crashed. We ended up watching the Oscars and then going to bed.

Thanks to everyone who made this year’s SCaLE conference awesome, and you can next catch us as April’s POSSCON.

Tarus Balog : Electronic Program Guide Changes at Schedules Direct

February 26, 2015 06:09 PM

I just noticed that my OpenELEC, Kodi and Tvheadend based DVR was no longer updating the Electronic Program Guide (EPG).

I would get the error:

Service description 'http://docs.tms.tribune.com/tech/tmsdatadirect/schedulesdirect/tvDataDelivery.wsdl' can't be loaded: 500 Can't connect to docs.tms.tribune.com:80 (Connection timed out)

when running the fetch script.

Digging around, I found out the reason is that the Gracenote service is being discontinued and thus some URLs have changed.

I use a script called tv_grab_na_dd from the Debian (wheezy) xmltv-utils package. Version 0.5.63-2 doesn’t appear to use the new URLs. The link above suggests adding:  docs.tms.tribune.com webservices.schedulesdirect.tmsdatadirect.com

to /etc/hosts and that worked well for me. Of course, if the IP address for Schedules Direct ever changes it will need to be updated.

It looks like this is fixed in xmltv-utils version 0.5.66.

Jesse Morgan : Please Steal This Idea.

February 25, 2015 04:19 PM

Someone take this idea and run with it; just make sure it’s free to use. I don’t have the time for it and it’s too great not to write down.


The idea? A simple graph paper map maker. Nothing with fancy graphics like campaign cartographer or FantasticMapper, Just a simple graph paper mapper.

The interface consists of two major parts- the map window and the collapsible sidebar.

Main Window

The main window looks like an unblemished minesweeper screen with a giant crosshair segmenting it into 4 parts. There is both a horizontal and vertical scrollbar. only 1/2 of the window is showing according to the scrollbars, meaning you can scroll left or right, up or down. In the bottom corner is a zoom tool similar to google maps.


The sidebar appears as a small button on the left that folds out when clicked. it contains a vertical accordion menu with the following headers:


[S]elect mode will let you click on an object underneath the cursor. multiple clicks will cycle focus on the next item in the stack underneath the cursor. This could be a Feature, Interior Wall, or Path.


[E]xcavate has two main options to toggle between- Excavate (default) and Fill. While these are excavated, clicking on squares in the main window will either be emptied or filled in. Using the shift key reverses the active option- Excavate becomes Fill and vice versa. Excavate is the default tool when the page is loaded.


[W]all would be relatively straight forward. it would only affect existing exterior walls, either in part, whole, or individual lengths. Options would include smooth, rough, and natural.

Interior Wall

[I]nterior Wall has several options and two modes. The primary mode “Snap” would snap the grid between two excavated squares; the secondary mode “Free” would allow straight lines to be drawn between two arbitrary points. Clicking and Dragging will draw out a temporary path until the mouse is released. Using the shift key lets you a rectangle of interior walls.  Options would include walls (default), half walls, engraved walls, magical forcefields, cliffs/ledges, ruined walls, lower level walls, walls with arrow slits, water lines, etc.


[D]oors would have several options, all of which snaps to and highlights a border between two squares. This would work between two dug squares or a dug and filled square (i.e. a fake/useless door). Options would include regular door (default), double door (2 squares long), secret door, portcullis, false door etc.


[F]eatures can be placed and resized on any map, and is layered between the floor tiles and the walls, allowing for things like puddles to be half-covered. This will contain a block of highlightable icons, which will let you draw an item that can be moved, resized, or spun. Icons include stairs (default), circular stairwell, debris, water, pit, pillar, altar, chair, throne, table, crate, barrel, fireplace, statue, well, sarcophagus, dias, bridge, carpet, etc.



[T]rap behavior would be dictated by type, but would mostly act like Features. Options would include pit traps (default), spike traps, blade traps, poison gas, etc.


[P]ath would allow you to draw a simple line from point A to point B. This could be a dispersed “sandy” type line, a dashed, dotted or solid line of configurable width.


[O]ptions would contain:

  • Line color (black, blue, gray)
  • Grid (none, excavated areas, all areas)
  • Grid Fade (100%, 50%, 25%)
  • Grid Color (black, blue, gray)
  • Border (click and drag region to be included in PNGs
  • Show Compass checkbox
  • Show scale checkbox
  • Tile Pattern (none, granite, stone, etc)
  • Fill Pattern (none, stone, line color, black)
  • square scale (5ft, 10ft, other)


[S]ave would give you the option of saving the output (SVG) to google drive, locally, or exporting to PDF if a border is not defined, it will do a best guess.


Right click would drag the map; +/- would zoom, arrow keys would pan. The map will pan infinitely in any direction, based off the centerpoint.

Hotkeys would include:

  • [S]elect mode
  • [E]xcavate
  • [I]nterior Wall
  • [D]oors
  • [F]eatures
  • [T]rap
  • [P]ath
  • [O]ptions
  • [S]ave
  • [ctrl+z] undo
  • [ctrl+shift+z] redo
  • standard copy/cut/paste

So that’s the idea that’s been kicking around in my head. If you’re a UI person and interested in helping me, I’d be glad to help give guidance on functionality, but I don’t have the time to develop it myself.

Alan Porter : Merging multiple git projects into one

February 22, 2015 09:04 PM

Over the last few months, my daughter Sydney and I have been working on Python programming assignments. I showed her that we can occasionally make a snapshot of our work using git, so if we mess something up, we can always get back to our previous checkpoint.

So we got into the habit of starting off new assignments with “git init .“.

Recently, though, I decided I wanted to host a copy of her assignments on my home file server, so we could check out the assignments on her computer or on mine. In the process, I decided to merge all of the separate assignments into a single git project. As a matter of principle, I wanted to preserve the change histories (diffs and author and dates — but not necessarily the old SHA hashes, which would have been impossible).

I did some searching on the topic, and I found a variety of solutions. One of them used a perl script that sent me off into the weeds of getting CPAN to work. A couple of good posts (here and here) used branches for each assignment, and then merged all of the branches together. The results were OK, but I had the problem where the assignment files started off on their own top-level directory, and then I later moved the files to their own assignment subdirectories. I really wanted to rewrite history so it looked like the files were in their own subdirectories all along.

Then I noticed that my daughter and I had misspelled her name in her original “git config –global”. Oops! This ended up being a blessing in disguise.

This last little snag got me thinking along a different track, though. Instead of using branches and merges to get my projects together, maybe I could use patches. That way, I could edit her name in the commits, and I could also make sure that files were created inside the per-assignment directories!

So I whipped up a little shell script that would take a list of existing projects, iterate through the list, generate a patch file for each one, alter the patch file to use a subdirectory, (fix the mis-spelled name), and then import all of the patches. The options we pass to git format-patch and git am will preserve the author and timestamp for each commit.



git init .

for remoteProject in $remoteProjects ; do
   echo "remote project = $remoteProject"
   subProject=$(basename $remoteProject)
   ( cd $remoteProject ; git format-patch --root master --src-prefix=AAAA --dst-prefix=BBBB --stdout ) > $subProject.patch
   # essential file path fixes
   sed -i -e "s|AAAA|a/$subProject/|g" $subProject.patch
   sed -i -e "s|BBBB|b/$subProject/|g" $subProject.patch
   sed -i -e "s|/$subProject/dev/null|/dev/null|g" $subProject.patch
   # other fixes, while we're here
   sed -i -e 's/syndey/sydney/g' $subProject.patch
   # bring the patch into our repo
   git am --committer-date-is-author-date < $subProject.patch
   # clean up
   rm $subProject.patch

exit 0

I think this solution works nicely.

The one with the separate branches above was kind of cool because a git tree would show the work we did on each assignment. But in the end, the linear history that we produced by using patches was just as appropriate for our project, since we actually worked on a single homework assignment each week.

I suppose I could combine the two solutions by creating a branch before doing the "git am" (git "accept mail patch") step. That is left as an exercise for the reader.

Tarus Balog : SCaLE 13x – Day One

February 21, 2015 04:50 PM

Well, technically it was Day Two, but with the launch of the new OpenNMS Group website, our Meridian product, and actually trying to finish up my slides for my SCaLE presentation, it was the first day I actually made it to the show.

I love this show. It was the first real grassroots open source conference I ever attended (at Scale 5x back in 2007) and it was amazing. I haven’t been able to make as many of them as I would have liked (they scheduled one on Valentine’s Day once) but I always welcome the opportunity. This year they can accommodate 3000 attendees and while they haven’t released actual numbers, that is a lot of geeks.

I spent almost all of the day in the expo hall. We introduced the new Horizon/Meridian booth:

which I think turned out well. I also got to wander around and talk with a few of the other projects that are here. One was the Kodi team:

and having used it for several weeks now I think it is an amazing piece of software. I also got to talk briefly with Jeremy Sands, one of the organizers of the SouthEast LinuxFest:

and I should point out that the dates have been set for the conference this year (12-14 June) and the RFP is now open.

My talk at SCaLE is about the changing nature of open source, and it has never been a better time to be involved if you want a job. At most shows I see signs like this:

and there is even a career booth hosted by Disney, of all companies:

We had a nice amount of booth traffic. The OpenNMS shirts went in the first hour (should have brought more) and in honor of MC Frontalot performing on Saturday night, we are giving away signed sets of all six of his CDs.

The Friday winner was Ganeshbaba who registered at the very last minute, but we still have two more sets to give away.

Anyway, if you are at the show be sure to stop by and if you aren’t, well, why the heck aren’t you here?

Eric Christensen : RC4 prohibited

February 19, 2015 03:25 PM

Originally posted on securitypitfalls:

After nearly half a year of work, the Internet Engineering Task Force (IETF) Request for Comments (RFC) 7465 is published.

What it does in a nutshell is disallows use of any kind of RC4 ciphersuites. In effect making all servers or clients that use it non standard compliant.

View original

Scott Schulz : Star Trek Coins

February 17, 2015 09:02 PM

The Perth Mint in Australia are releasing a series of ten coins featuring (five of each) captains and starships from the various Star Trek series.

The coins are 99.9% pure silver, and while collectible, are also legal tender in Tuvalu, in case you happen to be down that way. The biggest downside is the price: At the AUD to USD exchange rate today, they are running approximately $82 US Dollars each, a pretty hefty markup given that silver is currently trading at $16.51 per ounce.

Either way, they are worth a look if you are a serious Star Trek collector or aficionado.

Star Trek Coins

Reference URL: http://www.perthmint.com.au/catalogue/star-trek-the-original-series.aspx

Tarus Balog : OpenNMS Horizon 15.0.1 Released

February 12, 2015 06:06 PM

Just a quick note to let everyone know that OpenNMS 15.0.1 has been released. This is the first bug fix release for OpenNMS 15, and if you are running it I strongly suggest you upgrade.

As we are working to complete our transition to Hibernate (which will allow OpenNMS to use any database backend, not just PostgreSQL) we discovered an old issue where, under certain circumstances, duplicate outage records could be created. When this happened under the new code, it would cause an exception and the outages would never be cleared. This has been corrected.

The complete list of changes is as follows:


  • [NMS-7331] – Outage timeline does not show all outages in timeframe
  • [NMS-7392] – Side-menu layout issues in node resources
  • [NMS-7394] – Outage records are not getting written to the database
  • [NMS-7395] – Overlapping input label in login screen
  • [NMS-7396] – Notifications with asset fields on the message are not working
  • [NMS-7399] – Surveillance box on start page doesn't work
  • [NMS-7403] – Data Collection Logs in wrong file
  • [NMS-7406] – Incorrect Availability information and Outage information
  • [NMS-7409] – Visual issues on the start page
  • [NMS-7423] – Duplicate copies of bootstrap.js are included in our pages
  • [NMS-7425] – Poller: start: Failed to schedule existing interfaces
  • [NMS-7426] – Not monitored services are shown as 100% available on the WebUI
  • [NMS-7427] – The PageSequenceMonitor is broken in OpenNMS 15
  • [NMS-7432] – Normalize the HTTP Host Header with the new HttpClientWrapper
  • [NMS-7433] – Topology UI takes a long to load after login
  • [NMS-7434] – Disabling Notifd crashes webUI
  • [NMS-7435] – The Quick Add Node menu item shouldn't be under the Admin menu
  • [NMS-7437] – The default log level is DEBUG instead of WARN on log4j2.xml
  • [NMS-7452] – CORS filter not working
  • [NMS-7454] – Netscaler systemDef will never match a real Netscaler


  • [NMS-7419] – Read port and authentication user from XMP config
  • [NMS-7438] – Apply the auto-resize feature for the timeline charts

Warren Myers : my tech predictions for 2015

February 12, 2015 02:18 PM

I put these up as a comment on Cringely.com – but they deserve sharing here, too.

In no particular order:
HP-UX retired
Itanium EoL’d (perhaps on an accelerated schedule)
– Solaris truly open-sourced / abandoned by Oracle in favor of OEL
– HP spins-off more business units
– IBM loses 25-35% of its value – and spins-off / sells more business units to make Wall Street happy
– POWER continues to slow; IBM doesn’t understand it needs to stop putting so much money into it until all the engineers have been fired
Z/OS systems grow dramatically – the only place IBM makes *more* money
– people finally realize “cloud” isn’t a “thing” – it’s just renting crap when you need it (perhaps from yourself (private cloud)) and giving it back when you don’t
cloud hosting providers cut prices so things like AWS instances are no longer more expensive than dedicated hardware (see eg http://benmilleare.com/how-shaving-0-001s-from-a-function-saved-us-400-dollars)
– enough of the Old Guard hits retirement age that New School tech can finally make big inroads into stodgy businesses and government (automation, cloud, *aaS, etc)
– buzzword-compliance becomes necessary even for mom-and-pop shops who don’t have computers
Android 6 brings native, “real” 3D to cell phones
– … and iOS 9 makes it look “good”
– there’s a new MacBook Flex that offers touchscreen, a fold-flat-reverse form factor, and 12 hours of battery life; the iPad 5 is the first 5K resolution tablet, with a full day of battery life
– Max OS 10.11, aka Denali, allows users to run iOS apps via a “fat binary” model (harking back to the shift to PowerPC from 68k and then again x86 from PowerPC)
– Apple announces the first non-x86 Macs (starting with the Flex)
Apple buys a car company in cashPorsche or Hyundai (Hyundai would be the smart move – get more electronics manufacturing capability in-house; spin-off heavy industry wing)
Tesla introduces a model that non-millionaires can afford – bringing snazzy competition to the Volt price point
SpaceX sends a mission to Venus, and another to Mars
Square opens an online bank
Uber and Lyft grow, win cases against taxi companies – and local competition pops-up all over the country
– several major metro areas across the US all enter the “gigacity” club
– … but it’s led with smaller metro areas (like Chattanooga has already done)

Scott Schulz : Numerous Exoplanets

February 12, 2015 12:00 AM


Back with a few more numbers for the Numerous app. This time, they are astronomy related.

I have followed with some interest the string of planets discovered over the past decade or so, and the other day I was wondering how many they had found thus far. Well, after a bit of snooping, I found several sites which have data related to exoplanets. Of course, finding the data on the web is nice, but I figured if the data are available, then it must be tracked in Numerous.

I was dreading have to screen scrape one of those sites to get the current counts. Fortunately, I found a site which had an API tied to their data. The NASA Exoplanet Archive located at Caltech offers a SQL-like interface into their data sets, so I have taken three of the numbers of most interest to me and turned them into Numerous data points.

First is a count of all confirmed exoplanets. This includes those confirmed by any means.

All Confirmed Exoplanets

The second is a count of all of those planets confirmed by the NASA Kepler Mission.

Kepler Confirmed Exoplanets

Third, is a count of all of those Kepler planets which fall into what is considered the habitable [1] range. This includes both confirmed and candidate planets.

Kepler Habitable Zone Exoplanets

Links to these Numbers


  1. (180 K < Equilibrium (T) < 310 K) or (0.25 < Insolation (Earth flux) < 2.2)

Tarus Balog : Review: 2015 Dell XPS 13 (9343) Running Linux

February 03, 2015 11:51 PM

In short, it doesn’t run Linux very well. (sigh)

When and if Eric reads this he’s just going to shake his head. For two years in a row now I’ve been lured by the wonders of new laptops announced at CES, and in both years I’ve been disappointed. He tells me I’m stupid for ordering the “new shiny” and expecting it to work, but I refuse to give up my dream.

Luckily this isn’t a huge issue for me since my main machines are desktops, but my second generation Dell XPS 13 “sputnik” is getting a little old. I am really looking forward to a slightly larger screen. The pixel density isn’t great on my laptop, especially compared to what is out now, and I am finding myself a little cramped for screen real estate.

The new XPS 13 is an amazingly beautiful device. I spent over three days trying to get it to work just because it was gorgeous. It had become precious to me.

My precious.

But it was not to be. I first started out with my default desktop, Linux Mint. It installed easily and I was very happy to see that code had been added to deal with the insane size of the screen (3600×1800 pixels). While a few icons were still small (like the reload arrow at the end of the Firefox search bar) most adjusted well, including the icons in the settings window. Great job Cinnamon team.

No, the issue I fought long and hard to fix was the touchpad. Every minute or so it would just freeze:

Feb  1 13:15:48 sting kernel: [ 1746.787178] psmouse serio1: resync failed, issuing reconnect request
Feb  1 13:15:52 sting kernel: [ 1750.722621] psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1
Feb  1 13:15:52 sting kernel: [ 1750.723734] psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1
Feb  1 13:15:52 sting kernel: [ 1750.724642] psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1
Feb  1 13:15:52 sting kernel: [ 1750.725717] psmouse serio1: TouchPad at isa0060/serio1/input0 lost sync at byte 1
Feb  1 13:15:52 sting kernel: [ 1750.737756] psmouse serio1: TouchPad at isa0060/serio1/input0 - driver resynced.
Feb  1 13:15:55 sting kernel: [ 1753.855093] psmouse serio1: TouchPad at isa0060/serio1/input0 lost synchronization, throwing 2 bytes away.
Feb  1 13:15:55 sting kernel: [ 1754.361293] psmouse serio1: resync failed, issuing reconnect request

I found a post that discussed changing out the driver which seemed to help, some but I could never get the problem to go completely away. The amazingly helpful Arch Linux folks suggested some workarounds, but nothing helped. I found it ironic that the touch screen worked fine.

I then switched to Ubuntu, thinking that might help. It didn’t, and along the way I lost audio. It seemed the audio device would just disappear. I tried 14.04, 14.10 and the alpha of 15.04. Also, Ubuntu did not handle the resolution well. While I could adjust the settings, it wasn’t done automatically for me like with Cinnamon, and certain things like the settings window remained tiny and somewhat “clipped”.

I went back to Mint and discovered that now I had wonky audio issues there. Sometimes it would be there and other times not. I stayed on 17.1 but updated the kernel to the 3.19 release candidate, but that didn’t help.

The scariest issue was that on occasion the screen would just go blank. It didn’t kill the system, if I was playing a movie file you could still hear the audio (assuming that was working), but no combination of key strokes would bring it back. I did find that closing the screen (to suspend) and reopening it would fix it for awhile, but I don’t necessarily want to have to do that in the middle of an important presentation.

Note: while the system seemed to suspend and resume okay, the power light didn’t blink to let you know it was still on like on the older XPS 13 model.

Now I’m certain that most of this will be corrected in the next few months. The Broadwell chipset is still pretty new, and rumor has it that Dell plans to support Ubuntu 14.04 on this laptop, but they will have a lot of work to do since it seems to require the 3.18+ kernel for most of the new shiny.

In the meantime I returned it and bought an M3800 preloaded with Ubuntu. While it is a bigger laptop than I’m used to, I like supporting Linux-native products and I will at least have the ability to contact Dell with issues should they arise.

I should point out that, while not quite to Apple standards, Dell has been pretty amazing throughout the process of ordering and returning this laptop. While not ready for prime time, if you are in the market in a couple of months for a small, awesome Linux laptop, be sure to check out the XPS 13. But unless you are a masochist like me, you definitely should wait.

Oh, and if any Dell folks should join the ranks of my three readers, I’m more than happy to test any unit you might send my way (grin).

Tarus Balog : SCaLE 13x – February 2015

January 30, 2015 03:20 PM

We are three weeks away from the Southern California Linux Expo and I am getting really excited about it.

For those of you who are in to OpenNMS then tune in that day because we are making a pretty significant announcement at the show. Be sure to come buy the booth on the expo floor and say “hi” to the team, and both Jeff and I will be speaking (although at least during my talk you probably have better things to go see. For example, have you met our Lord and Savior, Docker?)

We are also incredibly excited that MC Frontalot will be performing. I’m not sure of the exact details but I believe it will be Saturday night.

(Note: I stole that picture from here since I like the fact that he has hair in it, well for certain values of “hair”, and note that link may not be safe for work [nudity])

If you are unfamiliar with his work, be sure to check out his YooToob Channel, and if you are so inclined I strongly recommend reading this well written bit (on Jezebel no less) concerning an issue surrounding a Penny Arcade comic a few years ago that really showcases the type of guy he is. Again, might not be safe for work (language). Be sure to click on the link to the original post for more detail.

If you are still on the fence about SCaLE, perhaps this little nugget will sway you: use Promo Code “ONMS” and get 40% off show registration. It’s cheap at twice the price and one of my favorite events of any year, but we want it to be extra special for 2015.