Planet Linux Australia
As some of you know I’m involved with the Mount Burnett Observatory, a community run astronomical observatory in the Dandenong Ranges of Victoria near Emerald to the south-east of Melbourne. Originally built by Monash University in the early 1970’s it’s 3 years since a small group of people formed a community association, took over the site and starting resurrecting it as an observatory by and for the people. It’s now three years on and by the end of last year we were the second largest astronomical association in Victoria!
This Saturday (24th January) is our third birthday celebration so we’re having an open day running from 1pm through to 6pm with tours, activities, a solar telescope and components from the Murchison Widefield Array (MWA), one of the precursor telescopes to the massive Square Kilometer Array telescope project!
At 6pm we have a barbecue and then at 7pm there will be a talk by Perry Vlahos on what there will be to see in the sky over the coming month. After that we’ll be socialising and, if the weather behaves itself, viewing the stars through the many observatory telescopes.
This item originally posted here:
Mount Burnett Observatory Open Day and Third Birthday – Saturday 24th January 2015
Just over a year ago in Perth, we invited you to a party at our place, and we feel as if that is exactly what #lca2015 has been.
You have Been Awesome guests, and it's been a great party.
We had fantastic feedback from our event venues. MOTAT told us that their volunteer enthusiasts who were staffing the exhibits really enjoyed the intelligent conversations that they had with you. The staff at Sweat Shop said that you were all extremely well behaved which was why they were happy to keep the bar open for as long as you wanted.
We couldn't have asked for more from our guests.
We had a great time, and now it's time to relax for a little while. The videos of the presentations and keynotes are now online, and we're uploading the slides as they come in.Our Thanks To
- Linux Australia for trusting us with this amazing event
- Our Speakers, Miniconf Organisers and Keynote / Plenary presenters
- Linus, Bdale, Andrew and Rusty for the Q&A Session on Friday
- The delegates for joining us in Auckland for #lca2015
- The Sponsors for their contributions to linux.conf.au
- AV, Video and Network Team
- Rego Desk
- Partners Program Team
- Room Runners
- Our Drivers
- Graphics and design team for our website, logos and associated swag
- The ghosts of conferences past
- ...and the team who have spent so much of the last year putting this event together
- 0 - Unclaimed badges or bags at rego desk
- 1 - Virtual session
- 3 - Official social events for our attendees
- 8 - Years since Cherie and Steven first attended #lca2007 in Sydney
- 9 - Participants in our Keynote, Plenary and Q&A Sessions
- 13 - Miniconfs
- 89 - Main Program talks / tutorials
- 470 - Days from being notified that Auckland would host #lca2015 until our closing ceremony
- 650 - Average number of distinct devices on the conference delegate WiFi network
- 715 - Days from the #lca2015 BoF held at #lca2013 in Canberra until the close of #lca2015
- 3113 - Coffees served up by Tuihana Cafe
- 3GB/s - Typical daily peak data utilisation on the conference WiFi network
The whole #lca2015 Auckland team wish the best of luck to the #lca2016 Geelong team...Haere rā
Cherie and Steven Ellis
Well, I’ve said it before and not followed through, but I am intending to blog about various stuff from last weeks LCA over the next month or two.
One things about LCA of course is how much you learn. Especially when you stand up in front of a room to share something and discover errors in your own understanding! In my own case, I had a talk at the Open Hardware miniconf about some security things related to embedded devices. Literally an hour before I had a ping on twitter alterting me to a factual error in my blog, which was also loudly proclaimed in the talk I was about to deliver. Luckily it was only one slide, and the misunderstanding did not impact the rest of the talk (or for that matter, most of the offending blog article.) So I have updated the original blog article with a correction.
Slowly getting back into the swing of things, walked into work at stupid o’clock in the morning. Spending the afternoon at The Edge. Catching up on a few days of this diary.
Gearing up for the LCA debrief at Humbug, trying to not do it so off-the-cuff this year, organising the notes online in our wiki.
Filed under: diary
Waking up in a stupidly muggy Brisbane. Realised how happy I should be at having avoided this weather for a week.
Bussed to work, had to take have a shower when I got into work!
Filed under: diary
Breaky and fancy coffee at..the coffee hangar I think? Then trooped back for the free Air New Zealand exhibit at Te Papa.
Headed to the airport quite early as I was completely drained by this point. The temperature and humidity levels back in Brisbane were quite confronting, I got very little sleep this night.
Filed under: diary
Partook in Geeks On A Train today, from Auckland down to Wellington, quite happy with how it all went. Just about all of the photos in my LCA2015 album are taken on the train.
It was nice disconnecting from the conference and technology for a bit. And I have a feeling that the trip will be quite an important one to remember in the future.
Filed under: diary
Interactive map for this route.
Tags for this post: blog pictures 20150120-geocaching photo canberra tuggeranong bushwalk geocaching
Related posts: Lunchtime geocaching; Big Monks; Geocaching in the evening, the second; Geocaching in the evening; Point Hut Cross to Pine Island; A walk around Mount Stranger
The morning keynote really did feel like a kick in the guts to all the work that we’ve been doing, and is a horrible tail end to a conference that started with the wonderful community leadership summit. I later quipped that keynotes should be at the end of the day in case the only rational response was drinking.
Fortunately there was a light hearted Paul McKenny talk later in the day that lifted my spirits.
And on an even better note, the main organiser for Geelong is not going to put up with such shit from Linus.
Filed under: diary
As I mentioned on Twitter last week, I’m very happy SUSE was able to support linux.conf.au 2015 with a keynote giveaway on Wednesday morning and sponsorship of the post-conference Beer O’Clock at Catalyst:
— Tim Serong, Esquire (@tserong) January 13, 2015
For those who were in attendance, I thought a little explanation of the keynote gift (a Samsung Galaxy Tab 4 8″) might be in order, especially given the winner came up to me during the post-conference drinks and asked “what’s up with the tablet?”
To put this in perspective, I’m in engineering at SUSE (I’ve spent a lot of time working on high availability, distributed storage and cloud software), and while it’s fair to say I represent the company in some sense simply by existing, I do not (and cannot) actually speak on behalf of my employer. Nevertheless, it fell to me to purchase a gift for us to provide to one lucky delegate sensible enough to arrive on time for Wednesday’s keynote.
I like to think we have a distinct engineering culture at SUSE. In particular, we run a hackweek once or twice a year where everyone has a full week to work on something entirely of their own choosing, provided it’s related to Free and Open Source Software. In that spirit (and given that we don’t make hardware ourselves) I thought it would be nice to be able to donate an Android tablet which the winner would either be able to hack on directly, or would be able to use in the course of hacking something else. So I’m not aware of any particular relationship between my employer and that tablet, but as it says on the back of the hackweek t-shirt I was wearing at the time:
Some things have to be done just because they are possible.
Not because they make sense.
Interactive map for this route.
Tags for this post: blog pictures 20150119-geocaching photo canberra tuggeranong bushwalk geocaching
Related posts: Another lunch time walk; Big Monks; Geocaching in the evening, the second; Geocaching in the evening; Point Hut Cross to Pine Island; A walk around Mount Stranger
When you boot Fedora with a corruption which is not automatically repaired when systemd runs fsck -a then you are asked on the console if to enter single user mode, or if to continue. If you choose to enter single user mode then you'll find that you can't run fsck /dev/md0 as the root filesystem is mounted.
Dracut has a debugging mode with named breakpoints: it will boot up to the break-point, and then dracut will drop the console into a shell.
This is useful for solving a corrupted root filesystem, we can boot up to just before the disk is mounted, breakpoint into the Dracut shell, and then run fsck on the yet-to-be-mounted root filesystem. To do this temporarily add the Dracut breakpoint parameterdracut.break=pre-mount
to the Linux kernel.
In Fedora you do can temporarily modify the Linux kernel parameters by pressing e at the Grub bootloader prompt, arrow-ing down to the "linux" command, adding the parameter to the end of that line, and pressing F10 to run the Grub command list you see on the screen.
Dracut will load the logical volumes, assemble any RAID, and then present a shell on the console. Say fsck /dev/md0 (or whereever /etc/fstab says your / filesytem lives) and then reboot. This is a world easier than booting from a CD or USB and working out which partitions are on what logical volumes, and which logical volumes are in which RAID devices.
Breakpoints are a very fine feature of Dracut and, as this blog posting shows, very useful for solving problems which appear during the early stages of booting the machine.
The data is taken entirely from the linked pdf with one exception: N3664 is a clarification that permits optimization, not a requirement for compliance. Compilers that do not perform this optimization are no less compliant with C++14. I’ve recomputed the percentages for all compiler versions to take this into account.
In addition to the references from the previous post, the approval date of C++14 was taken from http://en.wikipedia.org/wiki/C++14
We were camping underneath a wattle tree, and this wattle tree seemed very popular with the rainbow lorikeets, so we were up at 5:30am, literally with the birds. Zoe was still very excited about camping.
We had a shower first, and then I cooked some bacon and eggs for breakfast before heading down to the beach. Eva and Layla were coming to visit us for the day, so I thought we could just meet them on the beach before coming back to the camp site for lunch.
Zoe had a great time playing around in the waves, and then we did some sand play, making sand castles. I showed her how she could dig down to the sea water in the sand above the wave, and we found heaps of small bivalves. Zoe thought they were pretty cool.
Eva and Layla were running a bit late, so we finished up at the beach and met them at the caravan park, where we cooked some hotdogs for lunch, before having a swim in the pool and then heading back to the beach. It was a really nice afternoon.
After they left, we took it easy for a while before going out for fish and chips for dinner and then calling it a night. Zoe was fast asleep by 7pm, despite the light outside the tent.
- More Surveillance Won’t Protect Free Speech http://t.co/8rgN9R7xh4 11:20:10, 2015-01-14
- Your Computer Understands Your Personality Better Than Your Friends Do http://t.co/9wgnIJgc4s 09:42:06, 2015-01-14
- Internet speeds: Australia ranks 44th, study cites direction of NBN as part of problem http://t.co/SUINPJTKPU #auspol 17:27:15, 2015-01-12
SaltStack currently doesn’t set the hostname correctly on Debian/Ubuntu. For example, this won’t work:system: network.system: - enabled: True - hostname: server1.example.com
Here’s a little shell script I wrote, to get around this problem:% cat set_hostname.sh #!/bin/bash hn=$1 hostname $hn echo $hn > /etc/hostname sed -i "1s/.*/127.0.0.1 localhost $hn/" /etc/hosts
Then apply it using cmd.script, for example:foo-hostname: cmd.script: - source: salt://soe/set_hostname.sh - args: foo.bar.com - unless: grep -q "foo.bar.com" /etc/hosts
Today was the big day. Pack up and drive to Bribie Island for two nights camping. This was the first time I've attempted camping since moving back to Australia (and being on my own). I like camping, and Zoe absolutely loves it, but I've found the idea of trying to do it all on my own a bit daunting, and it's taken me this long to get around to tackling it.
We managed to get the car packed up and be on the road by about 9:30am. Zoe was really helpful, and was able to help carry some of the lighter, less bulky stuff down to the car for me, that that was an unexpected bonus. Everything fit reasonably well with half of the back seats folded down.
We made good time getting there, and arrived at the caravan park by about 10:45am, but check in wasn't until 1:30pm, so we pottered around, and ended up back on the calm side of the island and had some lunch in the park there. After lunch, we caught up with Zoe's Great Aunty Pam for an ice cream before returning to the caravan park to check in.
We'd just started pegging down the tent when it became apparent that the very large caravan that was trying to maneuver into the site next to ours wasn't going to fit, so I offered to do a swap with them before I got any further invested in our site, so we had to pull up the tent and start over on the site next door.
This was the first time I'd put up this tent, so there was all the attendant trial and error of putting it up. I've learned all the lessons now, so I'll be better next time. Zoe was again super helpful, and we were able to put the tent up together successfully. It was ridiculously hot, and very sweaty work.
After we got the tent up, we went for a swim in the pool to cool off, before I started on dinner. The first night's dinner was just some spaghetti bolognaise. I'd pre-made the bolognaise at home and frozen it, so I just had to reheat it on the stove. The caravan park had a pretty decent camp kitchen, but I was trying to see how much I could be self-sufficient, so I did all the cooking on the gas stove I'd brought with me.
I got Zoe to bed a little bit later than normal, but she slept pretty well, despite the heat. It took me hours to get to sleep, despite being exhausted, because I found the tent uncomfortably hot. I was really happy with how the set up day had gone though, and Zoe had an absolute ball. It was totally worth all the effort.
We didn't have a lot planned for the day, and given that we were embarking on a camping trip the following day, I decided to keep it that way. As it was, we still managed to have a pretty busy day.
I started the day off with a run, and managed to do 10 kilometres for the first time in ages. It was a dreadful time, but I was going for progress over perfection.
I didn't realise I had a chiropractic adjustment, so I had to go straight to the chiropractor after my run and sweat all over everything. I felt so bad, but I haven't had an adjustment since before Christmas, so it was great.
Then Sarah dropped Zoe off, and I finally got to have a shower and some breakfast. After that, we headed over to the doctor for the obligatory weekly wart freezing appointment. I think it's been the production it has been because the doctor hasn't been able to give it a really decent hit with the liquid nitrogen, but it's definitely shrinking. She was super brave and even let the doctor give it a bit of a scrape with a scalpel to take off some of the top layers of dead skin. I'm grateful that we have the relationship that we do, because she was a bit scared, but she trusted me anyway, and it all worked out fine.
On the way home, we picked up some mail from the post office. I have to resubmit one unit of my real estate licence course, because I made a mistake, but I passed the other one. I think I'm waiting for one more unit to come back.
After that, we just hung out at home until after lunch, and then went to Woolworths to do some grocery shopping. We ran into Lachlan there, and Zoe and Lachlan had a great time hanging out while we did the grocery shopping.
Instead of getting ready for camping, I decided to have a crack at baking one of the things I want to put in Zoe's school lunchbox, some Hidden Veggie Lunchbox Scrolls. They turned out pretty good, like something you'd get from Baker's Delight. The challenge now is to make space for them in the freezer.
Interactive map for this route.
Tags for this post: blog pictures 20150118-mount_taylor photo canberra tuggeranong bushwalk trig_point
Related posts: Big Monks; A walk around Mount Stranger; Two trigs and a first attempt at finding Westlake; Urambi Trig; Walk up Tuggeranong Hill; A quick walk to Tuggeranong Trig
In computing, a DMZ (demilitarized zone) is a method for separating untrusted traffic from a trusted network. One of the most common implementations of this would be for supporting a publicly accessible server (such as web) on a local internet connection. The server sits in the DMZ and can be accessed from the Internet, but it cannot access the trusted network.
OpenWRT probably needs no introduction, the brilliant open source and community driven Linux based embedded router stack. I run it on my Netgear WNDR3800.
I have an ODRIOD-U3 (little ARM box) running Fedora, which runs a web server. This is what I want to make publicly available in my DMZ.
So, how to create a DMZ in OpenWRT? Some commercial routers have a single button “make a DMZ” and everything is handled behind the scenes for you. Not so with OpenWRT; it’s powerful, transparent, and only does what you tell it to, so we have to create it manually.
My router has a bunch of physical interfaces:
- eth0 (switch)
- eth1 (ethernet)
- wlan0 (wireless card)
- wlan1 (5GHz wireless card)
The eth1 device maps to the physical WAN port on the back of the router. It’s important to note that the physical interfaces may differ from router to router, depending on the chipsets.The Switch
The switch (eth0) includes a number of ports, including the four physical ones on the back of the router, a fifth one that’s not used, as well as one that connects to the CPU.
The switch supports VLANs (virtual LANs), and by default OpenWRT puts all of those ports into VLAN 1. This means that physical connections in those four ports at the back are on the same virtual switch and are able to communicate with each other. You can imagine that if I changed the VLAN of one of those ports to VLAN 10, that the device plugged into that port would no-longer be able to communicate with other devices on the switch. This is the basis for our DMZ.
That VLAN 1 actually creates a new interface on the router:
- eth0.1 (VLAN 1)
The configuration of the switch (including the mapping of ports to VLANs) is available under the switch menu, Network -> Switch.
Note: The port numbers on the switch in OpenWRT do not necessarily map in the right direction to the back of the router. In my case, port 0 on the switch is port 4 on the back of the router.Creating a new VLAN
The first thing we want to do is create VLAN 10 and then assign one of the ports to that VLAN, removing it from VLAN 1.
- Browse to Network -> Switch
- Click Add to make a new VLAN entry
- Set this new entry’s VLAN ID to 10
- In the VLAN 1 row, change Port 0 to off
- In the VLAN 10 row, change Port 0 to untagged
- In the VLAN 10 row, change CPU port to tagged
Setting VLAN to untagged tells the switch to add the appropriate VLAN tag to each ethernet frame as the traffic exits that port. The setting tagged means that the switch should expect that traffic leaving the port has already been tagged, perhaps by the operating system running on the device which is attached to the port.
Port 0 (port 4 on the back of the router) is now in VLAN 10, while the remaining three ports are in VLAN 1 and so it is now isolated from the others. The CPU is also in VLAN 10, else we would not be able to pass any traffic to port 0.
That new VLAN 10 creates a new interface on the router:
- eth0.10 (VLAN 10)
In OpenWRT you create virtual network interfaces which map to physical devices on the router. These are available under the Network -> Interfaces menu.
For example, my router has:
- LAN (for my internal local area network)
- WAN (for the external Internet connection)
One or more physical devices are attached to these zones, for example in my case:
- LAN (bridges VLAN 1 eth0.1, wlan1 and wlan0 together)
- WAN (eth1)
The LAN bridge creates a new interface on the router:
- br-lan (bridged LAN)
Once we have created our new VLAN, we want to create a new a interface for the DMZ. In the same way that the VLAN 1 device, eth0.1, is attached to the LAN interface, we will attach VLAN 10 device, eth0.10, to our new DMZ interface.
- Browse to Network -> Interfaces
- Click Add New Interface to make a new DMZ zone
- Set the name of the new interface to DMZ
- Leave the protocol of the new interface to static
- Ensure bridge over multiple interfaces remains unchecked
- For the interface, select only VLAN Interface: “eth0.10″
- Click Submit
You should be presented with a new configuration screen for this interface.
- Set IPv4 address to something in a new range different to LAN, e.g. if your LAN is 192.168.1.1 then set DMZ to 192.168.0.1
- Leave the rest of the settings blank, you do not need to set routes, or IPv6 if you don’t want to
- Click on the Advanced Settings tab
- Ensure Bring up on boot is ticked
- If you don’t want IPv6, untick Use builtin IPv6-management
- Click on the Physical Settings tab, should already be set to eth0.10
- Click on the Firewall Settings tab
- Under Create / Assign firewall-zone select unspecified -or- create and type dmz
- Click Save and Apply
- If you want to run DHCP on your DMZ, then under DHCP Server click Setup DHCP Server button, leave default settings
We now have a new interface or zone called for the DMZ that’s set to use out DMZ VLAN. It has a new firewall policy assigned to it, dmz, which we now need to configure.Firewall
Now we need to configure the firewall to do a few things:
- Allow the DMZ to talk to the WAN zone, so that devices can access the Internet
- Allow the LAN zone to talk to the DMZ, but not the other way around
- Add some traffic rules opening ports 53 and 67, so that devices from the DMZ can access DNS and DHCP services on the router’s DMZ IP address
- Finally, forward the HTTP port (80) from external internet WAN interface onto a device in the DMZ
Let’s do zone settings first.
- Browse to Network -> Firewall
- Under the Zones section on General Settings page, edit the dmz zone
- Leave the name set to dmz
- Set input to reject, so that we drop all incoming packets by default
- Leave output as accept, although you could set this to reject by default but you’ll require specific outgoing rules as required (like for Yum updates)
- Leave Masquerading and MSS clamping disabled
- Under Covered networks ensure that only dmz is selected
- Under the section Inter-Zone Forwarding, ensure Allow forward to destination zones is set only to WAN
- ensure Allow forward from source zones is set only to LAN
- Click Advanced Settings tab
- If you don’t want IPv6, you can set Restrict to address family to IPv4 only
- Tick Enable logging on this zone, so that we can see what’s happening
Now let’s do port forwards.
- Click on the Port Forwards tab
- Under New port forward section, give a name, such as dmz-http
- Set Protocol to TCP
- Set External zone to WAN
- Set External port to 80
- Set Internal zone to DMZ
- Set Internal IP address to your DMZ server, e.g. 192.168.0.100
- Set Internal port to 80
- Click Add when you’re happy
- Repeat for HTTPS port 443 if you want to run a secure server
Finally, let’s finish with traffic rules.
- Click on the Traffic Rules tab
- Under Open ports on router, set a name like dhcp-dns
- Under Protocol, select UDP
- Under Port, set 53
- Click Add
- Find your new rule in the list and click edit
- Set Destination address to your router’s DMZ IP address
- Repeat for DHCP port 67 UDP if you want to use router’s DHCP server, but don’t set the destination address as DHCP is broadcast
If you want to be able to ping the router from the DMZ clients, do this.
- Set a name like ping-dmz
- Set protocol to Other
- Click Add
- In the new configuration page, set Protocol to ICMP
- Set Match ICMP type to echo reply
- Set Source zone to dmz
- Leave Destination zone to Device (input)
- Set Destination address to your router’s DMZ IP address
- Click Save
Remember we told the router to log the DMZ? Well now we can monitor the firewall rules by browsing to Status -> Kernel Log. Here you should be able to see any rejects that are happening, which is useful to work out why something isn’t happening as you expect on the DMZ.
For example, disable the dmz-ping rule and then try to ping the router from your DMZ server. Refresh the Kernel Log and you should see entries appear.Testing
Plug in a device, see if it gets an IP address. Try to ping 188.8.131.52 (Google DNS server), then try to ping google.com.
Set up a web server on your DMZ box, or use netcat to listen on port 80. Get your external IP address from the router, or Google “my ip”. Now get a friend to browse to your IP and see if you see your web server.