blogs

Quite a bit was written about this talk when it was first given (Feb 1st, 2015) but the FOSDEM folks just released the video today as a non-streamable MP4 file. They say a webm file will come later. I downloaded it and uploaded it to YouTube but they still haven't converted it to webm yet either. Update: They have webm'ed them now.

Anyway, here's a lower quality (not much to see) webm for you.

Just in case you haven't seen it yet:

They recommend a power supply that can deliver 2 amps.

Update: I ordered one a couple days after the release from Newark. I just got an email the other day (Feb. 19th) saying that it has shipped. I ordered a case later but I think it is coming from the UK and will take a bit longer. I also found a way to get Fedora 21 running on it.

Update 2: See also this.

I just discovered this sit-com from Canada done by CTV... who obviously don't mind sharing their show on YouTube because they have (at a quick glance) every episode of all six seasons posted. Watching the first episode of season 1... for some reason I was reminded of systemd. Have a look for yourself. Enjoy, eh? :)

Oh, and... you're welcome!

I'm a sucker for history videos... and I enjoyed the trip back in time that these were. While I was aware of the feuds that existed in UNIX-land and UNIX-GUI-land back from the early days I didn't witness it personally... so the first two expose some of that. The third video shows what moving from Windows 95 to Windows 98 was like... including the Linux alternative with an interview with Linus himself. Enjoy!

The Computer Chronicles: UNIX (1985)

The Computer Chronicles: UNIX (1989)

Computer Chronicles: Windows 98 and Linux

I stole this from a press release.

Over the past ten years, documentary film has undergone a renaissance, and the art form is more vital than ever. Hosted and curated by local award-winning documentary filmmaker Jason Burlage, The Bozeman Doc Series aims to bring the year's best films from around the world to the Emerson Center, from environmental dramas to political profiles to intimate personal films.

On Thursday, January 22nd, the Bozeman Doc Series will present the most highly acclaimed documentary of the past year, Citizen Four. A real life thriller, unfolding by the minute, Citizen Four gives audiences unprecedented access to filmmaker Laura Poitras and journalist Glenn Greenwald’s encounters with Edward Snowden in Hong Kong, as he hands over classified documents providing evidence of mass indiscriminate and illegal invasions of privacy by the National Security Agency (NSA).

Citizen Four places you in the room with Poitras, Greenwald, and Snowden as they attempt to manage the media storm raging outside, forced to make quick decisions that will impact their lives and all of those around them.

The film not only shows you the dangers of governmental surveillance - it makes you feel them. After seeing Citizen Four, you will never think the same way about your phone, email, credit card, web browser, or profile, ever again.

The New York Times calls the film "Tense & frightening... a primal political fable for the digital age."

One of Time magazine's ten best movies of 2014, Citizen Four is a rare snapshot of history in the making.

Doors open at 6:30 PM, and the films begins at 7:00. Tickets are available at the door or before the show at Cactus Records and Movie Lovers. Tickets are also available online at www.bozemandocseries.org, where you can buy season passes and 7 film punch cards, learn more about the series, and view trailers for upcoming films. The series will continue on Thursdays through April with one screening every two weeks. The Bozeman Doc Series. Real people. Real life. Come see the world.

I just wanted to mention that a lot of the information gathering done by the NSA is also done by commercial entities like Google and other advertising and tracking networks. I'd like to see a documentary film about that too. And now the trailer.

firewall-config GUIUpdate: Somehow I forgot to mention a GUI for firewalld named firewall-config. Be sure to check that out if you prefer a GUI.

I have run across a few people who are perplexed by firewalld and I must admit that I was for a while until I did some reading and experimentation. What is firewalld? It is basically a replacement for the ancient iptables service on RHEL and Fedora systems. So many of us were just used to manually editing /etc/sysconfig/iptables and then coping that file from system to system as desired, that the switch to firewalld was a bit scary. I mean, who wants to learn something new, right?

Another thing that is scary about firewalld is the complexity of the rules it shows when you do something like: iptables -L

While the configuration, tools and output has dramatically changed... really firewalld makes things easier and more manageable. Really. One of the problems with Linux across distros is that there really hasn't been a standardized way to handle the host-based firewall. Each distro seems to have their own way of doing it... and popular packages like Shorewall have been around for years. I think firewalld tries for a happy medium somewhere between simple and complex and a standard that distros can choose to adopt.

Anyway, here are some basics (as root or via sudo) but if you want more be sure and check out the documentation:

Main documentation: www.firewalld.org/documentation/
Fedora Documentation: fedoraproject.org/wiki/FirewallD
RHEL Documentation: access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html

firewall-cmd --list-all (shows human readable firewall settings)

firewall-cmd --add-service=sshd --permanent (opens up port 22 which is sshd and saves to config)
firewall-cmd --add-service=http --permanent (opens up port 80 which is http and saves to config)
firewall-cmd --add-service=https --permanent (opens up port 443 which is https and saves to config)
firewall-cmd --remove-service=https --permanent (closes port 443 and saves to config)

If you want don't want your changes saved just leave off --permanent.

Want to open arbitrary ports for some service (like voxelands-server for example)? That is easy too:

firewall-cmd --add-port=30000/tcp --permanent

Want UDP? Ok:

firewall-cmd --add-port=30000/udp --permanent

After your changes it doesn't hurt to verify again with:

firewall-cmd --list-all

Want to manage firewalld via a config management system? There is a formula for SaltStack here and supposedly Ansible also supports firewalld.

Want to edit a file instead of running firewall-cmd? That's possible too. firewalld stores everything somewhere under /etc/firewalld/. In particular the changes listed above would get written to /etc/firewalld/zones/public.xml. Yeah, it's an "xml" file but make a change or two via firewall-cmd and see what it adds or removes from it and you'll see that it is very easy to monkey-see-monkey-do for those that want to edit the file directly. After updating or replacing any of firewalld's configuration files you want to make firewalld aware of the change with:

systemctl reload firewalld

If you are brave enough to manually edit the config just be aware that you are responsible for your typos.

I've only touched the tip of the iceburg for the most common stuff. Need more info? Yeah, there is a ton of documentation including a couple of man pages.

Kir posted the following this evening on the OpenVZ blog:

Looking forward to 2015, we have very exciting news to share on the future on OpenVZ. But first, let's take a quick look into OpenVZ history.

Linux Containers is an ancient technology, going back to last century. Indeed it was 1999 when our engineers started adding bits and pieces of containers technology to Linux kernel 2.2. Well, not exactly "containers", but rather "virtual environments" at that time -- as it often happens with new technologies, the terminology was different (the term "container" was coined by Sun only five years later, in 2004).

Anyway, in 2000 we ported our experimental code to kernel 2.4.0test1, and in January 2002 we already had Virtuozzo 2.0 version released. From there it went on and on, with more releases, newer kernels, improved feature set (like adding live migration capability) and so on.

It was 2005 when we finally realized we made a mistake of not employing the open source development model for the whole project from the very beginning. This is when OpenVZ was born as a separate entity, to complement commercial Virtuozzo (which was later renamed to Parallels Cloud Server, or PCS for short).

Now it's time to admit -- over the course of years OpenVZ became just a little bit too separate, essentially becoming a fork (perhaps even a stepchild) of Parallels Cloud Server. While the kernel is the same between two of them, userspace tools (notably vzctl) differ. This results in slight incompatiblities between the configuration files, command line options etc. More to say, userspace development efforts need to be doubled.

Better late than never; we are going to fix it now! We are going to merge OpenVZ and Parallels Cloud Server into a single common open source code base. The obvious benefit for OpenVZ users is, of course, more features and better tested code. There will be other much anticipated changes, rolled out in a few stages.

As a first step, we will open the git repository of RHEL7-based Virtuozzo kernel early next year (2015, that is). This has become possible as we changed the internal development process to be more git-friendly (before that we relied on lists of patches a la quilt but with home grown set of scripts). We have worked on this kernel for quite some time already, initially porting our patchset to kernel 3.6, then rebasing it to RHEL7 beta, then final RHEL7. While it is still in development, we will publish it so anyone can follow the development process.

Our kernel development mailing list will also be made public. The big advantage of this change for those who want to participate in the development process is that you'll see our proposed changes discussed on this mailing list before the maintainer adds them to the repository, not just months later when the the code is published and we'll consider any patch sent to the mailing list. This should allow the community to become full participants in development rather than mere bystanders as they were previously.

Bug tracking systems have also diverged over time. Internally, we use JIRA (this is where all those PCLIN-xxxx and PSBM-xxxx codes come from), while OpenVZ relies on Bugzilla. For the new unified product, we are going to open up JIRA which we find to me more usable than Bugzilla. Similar to what Red Hat and other major Linux vendors do, we will limit access to security-sensitive issues in order to not compromise our user base.

Last but not least, the name. We had a lot of discussions about naming, had a few good candidates, and finally unanimously agreed on this one:

Virtuozzo Core

Please stay tuned for more news (including more formal press release from Parallels). Feel free to ask any questions as we don't even have a FAQ yet.

Merry Christmas and a Happy New Year!

Since Russia has 10 days of holidays in January, I really don't expect anything to be released until late January or more likely in February. One major change in the upcoming RHEL7-based Virtuozzo Core release is the move from the internal chkpoint code to CRIU. Although there are a lot more details and specifics to come, overall I see this as a very possitive move.

This was released by the Linux Foundation yesterday and I thought I'd share. Enjoy!

Lennart Poettering gave a presentation for NLUUG on Nov. 20th, 2014 entitled, "Security Features in systemd". I think veteran system admins would be interested in this stuff. :) Enjoy!

Direct download link: 5_Lennart_Poettering_-_Systemd.webm

Jordan Hubbard... should need no introduction but if you don't know who he is, look him up... anyway, Mr. Hubbard spoke recently at the MeetBSD 2014 conference giving a presentation entitled, "FreeBSD: The next 10 years".

One thing I want to point out is his section on the init system. Here's a direct link to that section that I couldn't figure out to get to with the embedded video. Anyway, in the embedded video feel free to move the play head to about 27 minutes and 32 seconds into it manually if you don't want to watch the whole thing.

So FreeBSD may very well be moving to an init system modeled after Apple's Mac OS X's launchd... and since systemd also borrowed some ideas from launchd (as well as a few other systems)... systemd haters can move to FreeBSD... but how long before it also changes in ways they don't like? Oh, and I like the way Mr. Hubbard refers to systemd. :)

Here's some choice bullet points from one of his slides:

• We need to be open to fundamentally new approaches and ruthlessly cull what is no longer demonstrably useful to the 99%
• We need to be willing to shamelessly steal^H^H^H^H^H adopt things that are working well for others
• We need to take on some big-picture challenges that will appeal to the next generation of hackers (where's the next mountain?)

Enjoy.