Linux.conf.au 2015 – Day 1 – Session 1 – Containers

Clouds, Containers, and Orchestration Miniconf

 

Cloud Management and ManageIQ – John Mark Walker

  • Who needs management – Needs something to tie it all together
  • New Technology -> Adoption -> Proliferation -> chaos -> Control -> New Technology
  • Many technologies follow this, flies under the radar, becomes a problem to control, management tools created, management tools follow the same pattern
  • Large number of customers using hybrid cloud environment ( 70% )
  • Huge potential complexity, lots of requirements, multiple vendors/systems to interact with
  • ManageIQ
    • Many vendor managed open source products fail – open core, runt products
    • Better way – give more leeway to upstream developers
    • Article about taking it opensource on opensource.com. Took around a year from when decision was made
    • Lots of work to create a good open source project that will grow
    • Release named after Chess Grandmasters
    • Rails App

 

LXD: The Container-Based Hypervisor That Isn’t –  Tycho Andersen

  • Part of Openstack
  • Based on LXC , container based hypervisor
  • Secure by default: user namespaces, cgroups, Apparmor, etc
  • A EST API
  • A daemon that doesn’t hypervisory things
  • A framework for maintaining container based applications
  • It Isn’t
    • No network configuration
    • No storage management – But storage aware
    • Not an application container tool
    • handwavy difference between it and docker, I’m sure it makes sense to some people. Something about running an init/systemd rather than the app directly.
  • Features
    • Snapshoting – eg something that is slow to start, snapshot after just starts and deploy it in that state
    • Injection – add files into the container for app to work on.
    • Migration – designed to go fairly fast with low downtime
  • Image
    • Public and private images
    • can be published
  • Roadmap
    • MVP 0.1 released late January 2015
    • container management only

 

Rocket and the App Container Spec – Brandon Philips

  • Single binary – rkt – runs everywhere, systemd not required
  • rkt fetch – downloads and discovers images ( can run as non-root user )
  • bash -> rkt -> application
  • upstart -> rkt -> application
  • rkt run coreos.com/etcd-v2.3.1
  • multiple processes in container common. Multiple can be run from command line or specified in json file of spec.
  • Steps in launch
    • stage 0 – downloads images, checks it
    • Stage 1 – Exec as root, setup namespaces and cgroups, run systemd container
    • Stage 2 – runs actual app in container. Things like policy to restart the app
    • rocket-gc garbage collects stuff , runs periodicly. no managmanent daemon
  • App Container spec is work in progress
    • images, files, compressed, meta-data, dependencies on other images
    • runtime , restarts processes, run multiple processes, run extra procs under specified conditions
    • metadata server
    • Intended to be built with test suite to verify
Share

Links: Efficient Software, West Wing history, $20k houses, Damn boomers

Share

Another run in with the Electoral Commission

After already having trouble Electoral Commission banning photography in polling places I now get a threatening email from them.

Yesterday I made this Tweet:

 

and today I get the following email

Subject: Electoral Commission complaint – London exit poll posted on Twitter account

Dear Simon,

The Electoral Commission has received a complaint with regard to an exit poll being taken and then published on the Twitter account of @slyall. We understand that this is your Twitter account.

Under section 197(1)(d) of the Electoral Act 1993, it is an offence to conduct a public opinion poll of persons who have voted (exit polls). Section 197(1)(d) states:

197 Interfering with or influencing voters
(1) Every person commits an offence and shall be liable on conviction to a fine not exceeding $20,000 who at an election—
(d) at any time before the close of the poll, conducts in relation to the election a public opinion poll of persons voting before polling day

In order to assist the Commission in considering this complaint, could you please provide the following information:

1.         Who conducted the exit poll and when was it conducted?
2.         How did you receive this information?
3.         Any other information you believe to be of relevance to the Commission’s consideration.
4.         How you might remedy this matter.

Can you please provide the above information by 5pm, Friday 19 September 2014. In the first instance, to avoid further complaints, you may wish to remove the Twitter post.

Please telephone me if you wish to discuss this further.

Update

I replied with:

I saw this:
http://www.reddit.com/r/newzealand/comments/2gidem/kiwi_did_exit_polling_out
side_london_embassy_note/

and copied it to twitter.

I have no further knowledge of the photo or poll or the people who took it
or even if it actually took place.

and did nothing else. A couple of days later he emailed me with.

Thanks for getting back to us. The Commission understands that the original
tweet in respect of the exit poll has been removed and the Commission is not
taking any further action on the matter.

Thanks again for prompt reply which was much appreciated.

which was a little strange since neither me nor anybody else had removed anything. A little weird and one reason I don’t feel confident with these guys running voting over the Internet.

Share

NZ banning photography from polling places

I just saw on reddit that the New Zealand electoral commission is banning photography from polling places under the grounds that they impeded other voters at the polling and could influence other voters who see the photos. Specifically they say:

Photography in a voting place and sharing photographs on social media

While the Electoral Commission encourages people to take and share photos of themselves with their ‘I’ve voted’ sticker once they’re outside the voting place and unlikely to interrupt or inconvenience other voters, the Commission will be putting up ‘No taking photos’ signs inside all voting places and advance voting places.

The increased interest in voters taking ‘selfies’ inside voting places raises concerns about congestion and disturbance in voting places and can breach other rules in the Electoral Act regarding campaigning on election day and protecting the secrecy of voting.

Voting Place Managers have to ensure that voting proceeds smoothly, that voters are not impeded, and that order is maintained in voting places.  Voting places are for the purpose of voting and people should not remain in the voting place for other purposes.  The increased interest in voters taking ‘selfies’ inside voting places has the potential to create congestion and disturbance and for this reason Managers will be putting up ‘no photography signs’.

Publishing anything on election day that could potentially influence another voter is strictly prohibited, and photos taken earlier in the voting period that are shared, re-shared or reposted on election day could fall foul of the Electoral Act.

If a person posts an image of their completed ballot paper on social media on election day or in the three days prior to election day this is likely to be an offence under section 197 of the Act, which carries a potential penalty of a fine not exceeding $20,000. Section 197 of the Act prohibits a range of activities including:

  • the publication of any statement on election day that is likely to influence voters (section 197(1)(g); and
  • the distribution of an imitation ballot paper on election day or the 3 days before election day indicating the candidate/party for whom any person should vote or having thereon any other matter likely to influence a voter.

It also potentially exposes the voter’s friends to the risk of breaching the rules if they share, re-share or repost the voter’s ‘selfie’ on election day.

As there are risks of congestion and disturbance to other voters and risks with publishing or distributing material that includes a ballot paper, particularly in a medium where material will continue to be published– the Commission will not allow voters to take photos inside voting places.  We will be placing ‘no photos’ signs up in voting places.  Returning Officers will still be able to give permission to candidates for filming in voting places.  Permission for candidates will only be given on the condition that there is no filming behind voting screens, no filming of completed or uncompleted voting papers, and no activities that disrupt voting in the voting place.

I found the reasons they give a little dubious and a complete ban overkill so I’ve written the following to them:

Hello,

I am concerned about the recently published social media policy:

http://www.elections.org.nz/parties-candidates/all-participants/use-social-media

specifically the section banning all photography from polling places.

In the past two elections I have taken photos of the polling place I attended and my unmarked ballot paper and uploaded these to the Wikipedia. These photos (and similar ones) have been used to illustrate photos about elections and even cardboard furniture as well as being used on other sites. Even the official blog of the NZ ambassador to the Philippines used one. http://blogs.mfat.govt.nz/andrew-matheson/elections-theyre-important.

I am thus concerned that there appears to be a new policy that bans all photographs except limited ones by members of the media. This seems to go against the openness of our electoral process and the grounds that are given for the ban are very weak.

The matter of influencing other voters can be dealt with by requesting that photos only be published after voting has closed. Similarly I’m sure there are already rules to handle people who take too long to vote when there are long lines. A specific rule against photographing filled out ballots will also address concerns about voters proving to others they have voted a specific way.

In summary I very much hope you can replace a ban of photography with a more targeted rules against specific problems.

Simon Lyall

 

I receive a reply back from the Electoral Commission:

Dear Mr Lyall,

Photography in the voting place has only ever been allowed with the prior permission of the Returning Officer, but the number of photos being
taken without prior permission has increased hugely this year.  I understand that you feel that people could be allowed to take photos but be
advised not to publish the photos until after 7pm on election day – but unfortunately this is not what voters were doing.

Photos within the voting place, and particularly those taken of marked ballot papers and behind voting screens, have generated a large number of
complaints to the Commission already, and as a result we have re-looked at our rules around photography.

Voting Place Managers have to ensure that voting proceeds smoothly, that voters are not impeded, and that order is maintained in voting places.
Voting places are for the purpose of voting and people should not remain in the voting place for other purposes.  The increased interest in voters
taking ‘selfies’ inside voting places has the potential to create congestion and disturbance and for this reason Managers will be putting up ‘no
photography signs’.

Returning Officers will still be able to give permission to candidates for media or campaign managers to organise filming in voting places.
Permission will be given on the condition that there is no filming behind voting screens, no filming of completed or uncompleted voting papers,
and no activities that disrupt voting in the voting place.

We absolutely encourage people to take and share photos of themselves with their ‘I’ve voted’ sticker once they’re outside the voting place and
unlikely to interrupt or inconvenience other voters, however people taking selfies while behind the voting screen is not a good idea.

 

 

Share

Updating my personal email setup

I’m in the process of moving my personal hosting from one VPS to another ( I host with Linode and am buying a new virtual machine with a similar spec to my current one for half the monthly price ) and I decided to rearrange my home email. My old setup was:

Internet –> Exim on VPS -> Download via fetchmail to home -> Send to spamassassin and dspam at home -> filtering into mboxes on home workstation  -> read via alpine

The main disadvantages of this were:

  • Had to ssh into home to read email (couldn’t read on my phone)
  • Hard to view images in email or HTML emails
  • Sending via my ISP was unreliable and they are  implementing filters
  • No notification of new email

So I decided to make some changes.

Internet -> Postfix on VPS -> procmail to spamassassin on VPS -> procmail to maildirs -> read via imap

This setup is a lot simpler than the previous one and a bit more mainstream.

  • Since the email is online via imap I can read it directly from alpine or my phone (or another client)
  • Online running one anti-spam program (spamasaasin) instead of two (dspam and spamassassin)
  • Email operations on one server (the VPS) insead of 3 (VPS, workstation, home virtual machine)
  • Sending email straight via VPS instead of home VM and my ISP’s mail server

Details of my setup

There are a lot of HOWTOs on getting email to work via postfix and dovecot. I decided that the main feature I needed were virtual aliases for my domains. I also decided that since I only had a few mailboxes (mine own and two others) I could just create accounts on the server rather than maintain virtual users in postfix/dovecot. The server is running Ubuntu 14.04

Roughly speaking I followed the advice on these two pages by Rimuhosting:

I added these lines to my Postfix’s main.cf

virtual_alias_maps = hash:/etc/postfix/virtual
home_mailbox = Maildir/
mailbox_command = /usr/bin/procmail -a "$EXTENSION" DEFAULT=$HOME/Maildir/ MAILDIR=$HOME/Maildir

Theses lines tell postfix to (1) use the virtual file (see below) (2) deliver to Maildirs (3) use procmail for delivery.

and create a /etc/postfix/virtual file like:

darkmere.gen.nz              20140720
simon@darkmere.gen.nz        simon-mail@cyan.usenet.net.nz
root@darkmere.gen.nz         simon@darkmere.gen.nz

The first line indicates the domain should be used (this option is a little hidden in the virtual manpage) and then their are various addresses. simon-mail is a noshell account and cyan is the name of the server to so the email is delivered locally to it.

The simon-mail account just has a simple .procmailrc file with my various filters and a Maildir to store the email. Spam processing is called by procmail via:

:0 fW
* < 280000
| spamc -u simon-mail -d localhost

:0:
* ^X-Spam-Status: Yes, score=([5-9]|1[0-9]|[2-9][0-9])
.junk/

which just puts all email that looks like spam into a junk folder (which I can check now and then until I’m happy with the filters).

Dovecot for imap worked out of the box except I had to tell it the location of my email. I just edited the file /etc/dovecot/conf.d/10-mail.conf and changed the mail_location setting to:

mail_location = maildir:~/Maildir

For sending email I pretty much followed this guide directly.

Overall it wasn’t too hard. The main problem was the fact that there were so many guides (I read over a dozen) each of which differed slightly and which were in many cases designed more much larger sites. I’ve currently got the setup in final testing (it is getting a copy of all my incoming email) and intended to switch over soon. In the short term I’m keeping my old mail folders (all 752 of them adding up to 1.8GB) locally at home but may move them at a later date.

Share

Linux.conf.au 2015 – Getting started

Disclaimer: The below is my personal opinion and does not represent the views of the 2015 LCA organising committee. Some details have been left out, stuff may change, names may be wrong, may contain nuts, etc.

In January 2015 the Linux.conf.au conference will be held in Auckland, New Zealand. Each year the conference brings together 600 ( +-100 ) Linux developers and users for 5 days for talks, chat and social events. LCA 2015 will be the 12th Linux.conf.au I’ve attended (every year since 2004) and the first I’ve helped organise. It will be the 3rd time the conference has been held in New Zealand.

Each year’s LCA is held in a different city by a group who bid for and run it. The Auckland team consists of a “core team” of about 10 under the overall lead of Cherie Ellis, another dozen “supporters” (including me). Others volunteers  will be recruited closer to the time and there are also external groups like the papers committee and people from Auckland University doing various jobs.

The majority of the conference will be held in the Owen G Glenn Building at Auckland University. The is single big building with several large lecture theatres along with big central areas and smaller rooms. The currently plan is for just about the whole conference proper to happen there.

Over half the attendees with probably stay at nearby student accommodation, this is cheap, nearby and lets people mingle with other attendees after-hours. There will also be some planned social events (like the conference dinner) elsewhere in Auckland.

Since January 2014 when Auckland was announced as the winning bid for 2015 the pace has gradually been picking up. Over 30 main positions have been filled (most with both a main and backup person) and the core team is meeting (usually online) weekly and the second supporters meeting is coming up.

The amount of stuff to organise is pretty big. As well as the venues, there is food, travel, accommodation, swag, the programme, the websites, network, dinners, registration, etc etc. A huge amount of stuff which will take up many hours per week for the rest of 2015.

At the end of March there was a “Ghosts visit”, this is where half a dozen previous conference organisers ( “Ghosts of conferences past” ) come over for a weekend to look over the setup and talk to the group. The purpose is twofold, the Ghosts check that everything is on track and look for problems, while the 2015 organisers get to pick the Ghost’s brains

Large Brain possibly belonging to Ghost

Even the Ghosts’ event itself is a small test of the organizers’ ability. They have  to fly, meeting, accommodate, hosts, feed and otherwise look after half a dozen people, a mini rehearsal  for the full conference.

Share

Links: Legal marijuana, curry, LOTR, Moon Towers

Share

Links: Containers, Performance, Backpack Nukes, New Countries

Share

Linux.conf.au 2014 – Day 5 – Finish

Winner Rusty Wrench Award: Andrew Tridgell

 

Host of LCA2015: Auckland!!

Website:

 

Lightning Talks part 2

  • My toothbrush has a serial number
    • after sales support
    • can they find it for me?
    • In the post-Snowden world this should be investigated
  • DIY Book Scanning for Fun
    • Scanned book useful for good reasons
    • diybookscanner.org
  • Freedom Box project update
    • Almost ready for 0.2 release which will be pretty good
  • OneRNG
    • Open Hardware, Random number generator
    • Trustable, see raw or AES whitened
    • trying various options
    • onerng.info
  • Central Coast LUG
    • cclugtmp@gmail.com
  • Bitcoin Myths
    • Anonymous – Nope, all transactions records
    • Bubble – nope, infrastaructer
    • Giant Ponzi scheme – Not sold as investment, no claims
  • dlect – Lecture recording downloader
    • uqlectures.sf.net
    • Looking for help and the extend to other Universities
  • Debian in Australia
    • Trying to get Debian Australia mailing list started
  • Bitcoin architecture applied to capital markets
  • Learning Opportunities in Rocketry Software
    • Maths makes by head hurt
  • Electronic Frontiers Australia
    • Would like to invite you to volunteer and drink beer
  • LA does other things
    • pycon AU in August
    • Drupal camps
    • Barcamp
    • Join a user group
    • hacker space
    • add your blog to our planet

 

Share