LCA2010 – Day 4

I ended up staying up quite late on Wednesday night so I was a little zonked out on thursday morning.

Keynote – Glyn Moody

  • Interviewed people for “rebel code” , found free software people “very nice” even compared to other people in computer industry
  • setup week before Linux kernel first released (Aug 1991)
  • Overview of public Library of science
  • Human Gnome project – DNA inherently digital
  • Bermuda Principles – finished annotated sequences submitted to public database
  • Jim Kent published and got full human gnome into public domain a short time before Celera finished their work and could have patented everything.
  • open data – data is not published just results – example of recent climate data being released, not a big problem if it had already been in public.
  • open notebook , reqular updates on progress
  • History of sharing art – Project Gutenbery 1971  .10 books 1991 , 1000 in 1997.
  • Various free licenses slightly incompatible , hard to convert between, took several goes to get licences correct
  • wikipedia – easy not programmer example of sharing tht people can understand – “open source is wikipedia for code”
  • Open government is more “Shared Source Government” rather than “Open Source Government”
  • Global economic crisis – tragedy of the commons
  • At least the Financial crisis has some winners
  • Very anti financial system, suggest more  “open source” options and commons
  • “if you share stuff you are destrying property, you are taking jobs away from the poor people” – How the debate is being framed

It was noted by one person that this year’s keynotes are more “Freedom” and “High tech”.

Lindsay Holmwood – Flapjack and Monitoring

  • Check – unit test – good bad ugly
  • Monitoring system – monitors for failing checks
  • 3 questions for monitoring systems – next check? , was check okay?, who do we notify? . Fetch , test , notify
  • fetch – lookup
  • test – execute , verify
  • notify – decide , callout
  • traditionally done in single process
  • but it’s an embarrassingly parallel problem
  • parts can be split. fetch+test fetch+notify – pass id/command between
  • precompile checks – so fetch is less expensive
  • transport between processes is the scheduler
  • no data collection when testing (graph seperately)
  • scheduler – workqueue – filled by populator, assigns stuff to notifier and workers
  • Lots of workers can be created (to do test)
  • flapjack – in ruby , talks to nagios plugin format
  • beanstalk – ansyncrnise workqueue service – ubuntu/debian packages
  • beanstalk – producer  puts jobs on beanstalk , consumer takes jobs off
  • uses named tubes (queues) , multiple tubes per instance
  • flapjack-worker – started up by flapjack-worker-manager starts multiple copies on machine. various control commands
  • worker is simple so linear scaling, spread across multiple machines required
  • flapjck-notifier – has manager to start it.
  • notifier has recipients.conf file with list of people to notify
  • notifier.conf – config for various notifiers (MAIL, SMS)
  • APIs – notifiers, filters, systems
  • notifier API – who , when and how sort of stuff.
  • “how many here use puppet – about a dozen – How many use Chef? – none “thanks a shame” “no it’s not”
  • persistence API – store stuff , mysql, couchdb whatever, standard way to store data.
  • filter API – parent checks hierarchy (so don’t check ports if host down)
  • flapjack-admin – pending – nodes , check templates , checks (check template + node ) , batches (group of checks)
  • 3 types of checks
  • Gaugaes – stuff within range – collectd ( point flapjack at collected output )
  • Behavoural tests – cucumber-nagios
  • Trending – reconoiter – growing area
  • collectd – gets stats from anything – nagios bridge – collectd-nagios queries collectd data
  • collectd client – gathers data from node and sends to collectd server
  • collectd forwarding server – agregates, filters and forwards
  • falapjack – crrently gems, soon to be real packages

Bob Edward – Yubikey authentication in a mid-sized organisation

  • Reusable passwords are dead , hard to remeber, something you know which can be shared and discovered, captured, guessed
  • Alternative – One time Passwords – doesn’t matter if captured.
  • examples – RSA keys, SMS based systems, Yubikey, 2 factor authentication
  • Created by Yubico in sweden, open-source
  • Looks like a USB keyboard to a computer, generates a 44 character OTP each time button is pressed. No batteries, 2st 23 characters fixed for each key
  • $12 each in volumn – $40 as one-off
  • Based on secret AES 128-bit key
  • Yubicoships yubikeys with pre-generated IDs and AES keys. Offer publicauthentication, they know secret 128-bit key, need to trust them
  • secret-id+sess+timestamp+session+rand+CRC  string created by key , then encrypted and public ID prepended.
  • Server decrypts , checks checksums and looks to make sure secret-id matches and session and timestamps are incrimented from previous values.
  • Unless you trust and always want to use Yubicom’s servers you should reprogram you keys with your own keys and IDs. Can’t then be used against Yubicom’s server.
  • weaknesses – requires computer with usb port that accepts usb keyboard – some bugs with 1st generation keys – unused generated keys remian live until the next valid key is used
  • You can run your own server fairly easily – ykaserver – various interfaces, postgress database for storage – can also call out to PAM for two-factor authentication
  • softykey – software Yubikey – can use to generate 1-time pad for stuff without usb keyboard interfaces
  • Tested with ssh, VPNs , web logins – mostly use PAM or LDAP method
  • See Linux Journal and

vimperator – automatic launch prog for netbooks

Jan Schmidt – Towards GStreamer 1.0

  • History of dev, faster bits during hackfests, when switched to git etc
  • Overview of last year, switched to git, slowdown when people busyswitched to binary registry
  • Support for various DVD playback  functions, special subtitles etc.
  • I’m not really in this area so I was just listening to get an idea where things are going. A bit too much detail for me at times.

Adam Jackson – The rebirth of Xinerama

  • Once again this was a bit over my head. It does look like the X guys spend a lot of time fighting assumptions built into the protocol and code 10 years ago however.

Stewart Smith et al – Building a Database kernel with Lego Like parts (Drizzle)

  • What would you change about Mysql – Modular architecture
  • Some crazy legacysuff in the Mysql code – good oppertunity to clean
  • move alot of code out of core, especially option parts – understandable and to reduce load – don’t load if you don’t need
  • more code coverage with tests
  • plugin interfaces – protocols, replication , logging, etc
  • modular replication system
  • general refactoring of storage engines
  • “If part of API sucks then fix API rather than work around it”
  • New this week – rot13() powerful encryption
  • Authentication plugins – auth_pam , auth_http
  • Various Logging plugins – logging_query , logging_syslog
  • Drizzle Community – All contributors equally – All project information public – No contributor license agreeements – Release early and often (~2 weeks ) – 100+ contributors , 500+ on mailing list
  • Milestone releases
  • When production release? – waiting to solidfy compatability – Sounds like a few months. – Reliable but still in flux
  • Pacakages to be pushed out to dists once things stable

Afterwards I had some dinner and went to the Professional Deligates networking session.