Planet Linux Australia

Syndicate content
Planet Linux Australia - http://planet.linux.org.au
Updated: 13 min 55 sec ago

Sridhar Dhanapalan: Twitter posts: 2014-07-21 to 2014-07-27

Mon, 2014-07-28 01:27

Andrew Pollock: [life] Day 176: Museum and swimming

Thu, 2014-07-24 23:26

Today was a pretty chill day, after yesterday's crazy busy one.

Zoe jumped into bed with at 5:40am, but snoozed again until about 6:30am. It was exciting to get up and watch the inverter showing an ever-increasing power production as the sun rose.

I let Zoe choose what she wanted to do, which is code for "I had nothing in particular planned". She chose the museum by bus this morning, so we were out the door by 9am and on a bus not long after.

The museum had never mailed out my new membership cards from a month ago, so I stopped by the tickets desk first to try and sort that out. They were very apologetic, and gave me two free tickets to Deep Oceans show. They're valid until October, so we'll go back and check that out another day.

Zoe mostly just wanted to go to the Science Centre, so after some morning tea, we headed over there. The place was almost totally empty, so we had free run, which was pretty cool. That took us through until lunch time.

I was trying to make the 12:34pm bus home, but we managed to miss it by maybe 20 metres, which was a bit of a bummer. The lady who did the indoor air quality testing was going to come back at some point after 1pm. Fortunately she didn't end up coming until closer to 2pm, so we were fine getting the 1:04pm bus instead.

After she'd been, we briefly dropped in on one of our neighbours on the way out to grab a few things for dinner from the Hawthorne Garage.

Zoe wanted to go to the pool, which was going to be a bit tight, but we made it out to Colmslie for a brief splash around in the pool before I had to get home to put dinner on.

I wanted to get out to a seminar about company boards at 5:30pm, and Sarah was coming around to babysit Zoe for me, so I wanted to get dinner on the table at 5 before I had to leave. That didn't work out quite to plan, so I had to leave with dinner about 15 minutes from being ready.

I managed to order a taxi and get it almost immediately, and it got me into the city within 15 minutes, which was pretty good. On the way home afterwards, I managed to hail a taxi within minutes of leaving the building, so overall, the transport piece worked really well.

The seminar itself was vaguely interesting. I'm curious about getting on a company board, as I think it could be a good use of my experience, and also a non-9-to-5 way of making some income. I'm not quite sure how to get that first board seat though, and exactly what to expect from a time commitment.

Matt Palmer: First Step with Clojure: Terror

Thu, 2014-07-24 11:25
$ sudo apt-get install -y leiningen [...] $ lein new scratch [...] $ cd scratch $ lein repl Downloading: org/clojure/clojure/1.3.0/clojure-1.3.0.pom from repository central at http://repo1.maven.org/maven2 Transferring 5K from central Downloading: org/sonatype/oss/oss-parent/5/oss-parent-5.pom from repository central at http://repo1.maven.org/maven2 Transferring 4K from central Downloading: org/clojure/clojure/1.3.0/clojure-1.3.0.jar from repository central at http://repo1.maven.org/maven2 Transferring 3311K from central [...]

Wait… what? lein downloads some random JARs from a website over HTTP1, with, as far as far I can tell, no verification that what I’m asking for is what I’m getting (has nobody ever heard of Man-in-the-Middle attacks in Maven land?). It downloads a .sha1 file to (presumably) do integrity checking, but that’s no safety net – if I can serve you a dodgy .jar, I can serve you an equally-dodgy .sha1 file, too (also, SHA256 is where all the cool kids are at these days). Finally, jarsigner tells me that there’s no signature on the .jar itself, either.

It gets better, though. The repo1.maven.org site is served by the fastly.net2 pseudo-CDN3, which adds another set of points in the chain which can be subverted to hijack and spoof traffic. More routers, more DNS zones, and more servers.

I’ve seen Debian take a kicking more than once because packages aren’t individually signed, or because packages aren’t served over HTTPS. But at least Debian’s packages can be verified by chaining to a signature made by a well-known, widely-distributed key, signed by two Debian Developers with very well-connected keys.

This repository, on the other hand… oy gevalt. There are OpenPGP (GPG) signatures available for each package (tack .asc onto the end of the .jar URL), but no attempt was made to download the signatures for the .jar I downloaded. Even if the signature was downloaded and checked, there’s no way for me (or anyone) to trust the signature – the signature was made by a key that’s signed by one other key, which itself has no signatures. If I were an attacker, it wouldn’t be hard for me to replace that key chain with one of my own devising.

Even ignoring everyone living behind a government- or company-run intercepting proxy, and everyone using public wifi, it’s pretty well common knowledge by now (thanks to Edward Snowden) that playing silly-buggers with Internet traffic isn’t hard to do, and there’s no shortage of evidence that it is, in fact, done on a routine basis by all manner of people. Serving up executable code to a large number of people, in that threat environment, with no way for them to have any reasonable assurance that code is trustworthy, is very disappointing.

Please, for the good of the Internet, improve your act, Maven. Putting HTTPS on your distribution would be a bare minimum. There are attacks on SSL, sure, but they’re a lot harder to pull off than sitting on public wifi hijacking TCP connections. Far better would be to start mandating signatures, requiring signature checks to pass, and having all signatures chain to a well-known, widely-trusted, and properly secured trust root. Signing all keys that are allowed to upload to maven.org with a “maven.org distribution root” key (itself kept in hardware and only used offline), and then verifying that all signatures chain to that key, wouldn’t be insanely difficult, and would greatly improve the security of the software supply chain. Sure, it wouldn’t be perfect, but don’t make the perfect the enemy of the good. Cost-effective improvements are possible here.

Yes, security is hard. But you don’t get to ignore it just because of that, when you’re creating an attractive nuisance for anyone who wants to own up a whole passel of machines by slipping some dodgy code into a widely-used package.

  1. To add insult to injury, it appears to ignore my http_proxy environment variable, and the repo1.maven.org server returns plain-text error responses with Content-Type: text/xml. But at this point, that’s just icing on the shit cake.

  2. At one point in the past, my then-employer (a hosting provider) blocked Fastly’s caching servers from their network because they took down a customer site with a massive number of requests to a single resource, and the incoming request traffic was indistinguishable from a botnet-sourced DDoS attack. The requests were coming from IP space registered to a number of different ISPs, with no distinguishing rDNS (184-106-82-243.static.cloud-ips.com doesn’t help me to distinguish between “I’m a professionally-run distributed proxy” and “I’m a pwned box here to hammer your site into the ground”).

  3. Pretty much all of the new breed of so-called CDNs aren’t actually pro-actively distributing content, they’re just proxies. That isn’t a bad thing, per se, but I rather dislike the far-too-common practice of installing varnish (and perhaps mod_pagespeed, if they’re providing “advanced” capabilities) on a couple of AWS instances, and hanging out your shingle as a CDN. I prefer a bit of truth in my advertising.

Andrew Pollock: [tech] Going solar

Thu, 2014-07-24 00:25

With electricity prices in Australia seeming to be only going up, and solar being surprisingly cheap, I decided it was a no-brainer to invest in a solar installation to reduce my ongoing electricity bills. It also paves the way for getting an electric car in the future. I'm also a greenie, so having some renewable energy happening gives me the warm and fuzzies.

So today I got solar installed. I've gone for a 2 kWh system, consisting of 8 250 watt Seraphim panels (I'm not entirely sure which model) and an Aurora UNO-2.0-I-OUTD inverter.

It was totally a case of decision fatigue when it came to shopping around. Everyone claims the particular panels they want to sell at the best. It's pretty much impossible to make a decent assessment of their claims. In the end, I went with the Seraphim panels because they scored well on the PHOTON tests. That said, I've had other solar companies tell me the PHOTON tests aren't indicative of Australian conditions. It's hard to know who to believe. In the end, I chose Seraphim because of the PHOTON test results, and they're also apparently one of the few panels that pass the Thresher test, which tests for durability.

The harder choice was the inverter. I'm told that yield varies wildly by inverter, and narrowed it down to Aurora or SunnyBoy. Jason's got a SunnyBoy, and the appeal with it was that it supported Bluetooth for data gathering, although I don't much care for the aesthetics of it. Then I learned that there was a WiFi card coming out soon for the Aurora inverter, and that struck me as better than Bluetooth, so I went with the Aurora inverter. I discovered at the eleventh hour that the model of Aurora inverter that was going to be supplied wasn't supported by the WiFi card, but was able to switch models to the one that was. I'm glad I did, because the newer model looks really nice on the wall.

The whole system was up at running just in time to catch the setting sun, so I'm looking forward to seeing it in action tomorrow.

Apparently the next step is Energex has to come out to replace my analog power meter with a digital one.

I'm grateful that I was able to get Body Corporate approval to use some of the roof. Being on the top floor helped make the installation more feasible too, I think.

Andrew Pollock: [life] Day 175: Kindergarten, cleaning, swim class and a lot of general madness

Wed, 2014-07-23 23:25

Today was ridiculously busy.

I woke up pretty early, but ended up not getting out of bed until about 7:30am. While I was in the shower, the guy from Origin buzzed to get let in because he wanted to replace the building's hot water meters. Then I raced next door for my chiropractic adjustment.

I got back home, had breakfast, and started cleaning the house, which I mostly finished by 11am, then I biked over for my massage. While I was getting my massage, the solar installer tried calling me because they'd arrived. Fortunately they didn't have to wait too long.

I did a bit more cleaning for 45 minutes, raced out to Grill'D to grab some lunch and then over to Kindergarten to chair the PAG meeting.

After the meeting, I picked up Zoe and Megan, and we went home to see how the solar installers were going.

They were making a spectacular mess, and we didn't have a lot of time before we had to head out again for Zoe's swim class. We drove over to the pool, and discovered a few other kids from Zoe's Kindergarten were in the preceding classes. Zoe's swim school is running a 2 for 1 thing this term because of the cold weather, to try and keep kids enrolled. I figured twice as many swim classes could only help, so jumped at the chance.

Megan was happy to play around while we waited for Zoe to have her class, and then we went home again. The solar installers were just finishing up.

No sooner had they walked out the door and the woman I'd organised to do indoor air quality testing arrived. I'm wanting to rule out living on a busy road having any contribution to Zoe's suspected asthma.

I was making a new Thermomix recipe for dinner, and Laura was coming over for dinner after she picked up Megan's little sister from day care. Dinner turned out really well, but with all of the preceding madness, I didn't get it started until a bit later than I had hoped, and so it was on the table later than I'd have liked.

Once Laura left with her kids, I chucked Zoe in the shower and got her down to bed only about 20 minutes later than normal. She slept through the night last night for Sarah, so I'm hoping she'll sleep through the night again tonight.

Matt Palmer: Per-repo update hooks with gitolite

Wed, 2014-07-23 16:26

Gitolite is a popular way to manage collections of git repositories entirely from the command line – it’s configured using configuration stored in a git repo, which is nicely self-referential. Providing per-branch access control and a wide range of addons, it’s quite a valuable system.

In recent versions (3.6), it added support for configuring per-repository git hooks from within the gitolite-admin repo itself – something which previously required directly jiggering around with the repo metadata on the filesystem. It allows you to “chain” multiple hooks together, too, which is a nice touch. You can, for example, define hooks for “validate style guidelines”, “submit patch to code review” and “push to the CI server”. Then for each repo you can pick which of those hooks to execute. It’s neat.

There’s one glaring problem, though – you can only use these chained, per-repo hooks on the pre-receive, post-receive, and post-update hooks. The update hook is special, and gitolite wants to make sure you never, ever forget it. You can hook into the update processing chain by using something called a “virtual ref”; they’re stored in a separate configuration directory, use a different syntax in the config file, and if you’re trying to learn what they do, you’ll spend a fair bit of time on them. The documentation describes VREFs as “a mechanism to add additional constraints to a push”. The association between that and the update hook is one you get to make for yourself.

The interesting thing is that there’s no need for this gratuitous difference in configuration methods between the different hooks. I wrote a very small and simple patch that makes the update hook configurable in exactly the same way as the other server-side hooks, with no loss of existing functionality.

The reason I’m posting it here is that I tried to submit it to the primary gitolite developer, and was told “I’m not touching the update hook […] I’m not discussing this […] take it or leave it”. So instead, I’m publicising this patch for anyone who wants to locally patch their gitolite installation to have a consistent per-repo hook UI. Share and enjoy!

Russell Coker: Public Lectures About FOSS

Tue, 2014-07-22 19:26
Eventbrite

I’ve recently started using the Eventbrite Web site [1] and the associated Eventbrite Android app [2] to discover public events in my area. Both the web site and the Android app lack features for searching (I’d like to save alerts for my accounts and have my phone notify me when new events are added to their database) but it is basically functional. The main issue is content, Eventbrite has a lot of good events in their database (I’ve got tickets for 6 free events in the next month). I assume that Eventbrite also has many people attending their events, otherwise the events wouldn’t be promoted there.

At this time I haven’t compared Eventbrite to any similar services, Eventbrite events have taken up much of my available time for the next 6 weeks (I appreciate the button on the app to add an entry to my calendar) so I don’t have much incentive to find other web sites that list events. I would appreciate comments from users of competing event registration systems and may write a post in future comparing different systems. Also I have only checked for events in Melbourne, Australia as I don’t have any personal interest in events in other places. For the topic of this post Eventbrite is good enough, it meets all requirements for Melbourne and I’m sure that if it isn’t useful in other cities then there are competing services.

I think that we need to have free FOSS events announced through Eventbrite. We regularly have experts in various fields related to FOSS visiting Melbourne who give a talk for the Linux Users of Victoria (and sometimes other technical groups). This is a good thing but I think we could do better. Most people in Melbourne probably won’t attend a LUG meeting and if they did they probably wouldn’t find it a welcoming experience.

Also I recommend that anyone who is looking for educational things to do in Melbourne visit the Eventbrite web site and/or install the Android app.

Accessible Events

I recently attended an Eventbrite event where a professor described the work of his research team, it was a really good talk that made the topic of his research accessible to random members of the public like me. Then when it came to question time the questions were mostly opinion pieces disguised as questions which used a lot of industry specific jargon and probably lost the interest of most people in the audience who wasn’t from the university department that hosted the lecture. I spent the last 15 minutes in that lecture hall reading Wikipedia and resisted the temptation to load an Android game.

Based on this lecture (and many other lectures I’ve seen) I get the impression that when the speaker or the MC addresses a member of the audience by name (EG “John Smith has a question”) then it’s strongly correlated with a low quality question. See my previous post about the Length of Conference Questions for more on this topic [3].

It seems to me that when running a lecture everyone involved has to agree about whether it’s a public lecture (IE one that is for any random people) as opposed to a society meeting (which while free for anyone to attend in the case of a LUG is for people with specific background knowledge). For a society meeting (for want of a better term) it’s OK to assume a minimum level of knowledge that rules out some people. If 5% of the audience of a LUG don’t understand a lecture that doesn’t necessarily mean it’s a bad lecture, sometimes it’s not possible to give a lecture that is easily understood by those with the least knowledge that also teaches the most experienced members of the audience.

For a public lecture the speaker has to give a talk for people with little background knowledge. Then the speaker and/or the MC have to discourage or reject questions that are for a higher level of knowledge.

As an example of how this might work consider the case of an introductory lecture about how an OS kernel works. When one of the experienced Linux kernel programmers visits Melbourne we could have an Eventbrite event organised for a lecture introducing the basic concepts of an OS kernel (with Linux as an example). At such a lecture any questions about more technical topics (such as specific issues related to compilers, drivers, etc) could be met with “we are having a meeting for more technical people at the Linux Users of Victoria meeting tomorrow night” or “we are having coffee at a nearby cafe afterwards and you can ask technical questions there”.

Planning Eventbrite Events

When experts in various areas of FOSS visit Melbourne they often offer a talk for LUV. For any such experts who read this post please note that most lectures at LUV meetings are by locals who can reschedule, so if you are only in town for a short time we can give you an opportunity to speak at short notice.

I would like to arrange to have some of those people give a talk aimed at a less experienced audience which we can promote through Eventbrite. The venue for LUV talks (Melbourne University 7PM on the first Tuesday of the month) might not work for all speakers so we need to find a sponsor for another venue.

I will contact Linux companies that are active in Melbourne and ask whether they would be prepared to sponsor the venue for such a talk. The fallback option would be to have such a lecture at a LUV meeting.

I will talk to some of the organisers of science and technology events advertised on Eventbrite and ask why they chose the times that they did. Maybe they have some insight into which times are best for getting an audience. Also I will probably get some idea of the best times by just attending many events and observing the attendance. I think that the aim of an Eventbrite event is to attract delegates who wouldn’t attend other meetings, so it is a priority to choose a suitable time and place.

Finally please note that while I am a member of the LUV committee I’m not representing LUV in this post. My aim is that community feedback on this post will help me plan such events. I will discuss this with the LUV committee after I get some comments here.

Please comment if you would like to give such a public lecture, attend such a lecture, or if you just have any general ideas.

Related posts:

  1. Sex and Lectures about Computers I previously wrote about the appropriate references to porn in...
  2. Phone Based Lectures Early this month at a LUV meeting I gave a...
  3. Car vs Public Transport to Save Money I’ve just been considering when it’s best to drive and...

Andrew Pollock: [debian] Day 174: Kindergarten, startup stuff, tennis

Tue, 2014-07-22 19:25

I picked up Zoe from Sarah this morning and dropped her at Kindergarten. Traffic seemed particularly bad this morning, or I'm just out of practice.

I spent the day powering through the last two parts of the registration block of my real estate licence training. I've got one more piece of assessment to do, and then it should be done. The rest is all dead-tree written stuff that I have to mail off to get marked.

Zoe's doing tennis this term as her extra-curricular activity, and it's on a Tuesday afternoon after Kindergarten at the tennis court next door.

I'm not sure what proportion of the class is continuing on from previous terms, and so how far behind the eight ball Zoe will be, but she seemed to do okay today, and she seemed to enjoy it. Megan's in the class too, and that didn't seem to result in too much cross-distraction.

After that, we came home and just pottered around for a bit and then Zoe watched some TV until Sarah came to pick her up.

Andrew Pollock: [debian] Day 173: Investigation for bug #749410 and fixing my VMs

Tue, 2014-07-22 14:26

I have a couple of virt-manager virtual machines for doing DHCP-related work. I have one for the DHCP server and one for the DHCP client, and I have a private network between the two so I can simulate DHCP requests without messing up anything else. It works nicely.

I got a bit carried away, and I use LVM to snapshots for the work I do, so that when I'm done I can throw away the virtual machine's disks and work with a new snapshot next time I want to do something.

I have a cron job, that on a good day, fires up the virtual machines using the master logical volumes and does a dist-upgrade on a weekly basis. It seems to have varying degrees of success though.

So I fired up my VMs to do some investigation of the problem for #749410 and discovered that they weren't booting, because the initramfs couldn't find the root filesystem.

Upon investigation, the problem seemed to be that the logical volumes weren't getting activated. I didn't get to the bottom of why, but a manual activation of the logical volumes allowed the instances to continue booting successfully, and after doing manual dist-upgrades and kernel upgrades, they booted cleanly again. I'm not sure if I got hit by a passing bug in unstable, or what the problem was. I did burn about 2.5 hours just fixing everything up though.

Then I realised that there'd been more activity on the bug since I'd last read it while I was on vacation, and half the investigation I needed to do wasn't necessary any more. Lesson learned.

I haven't got to the bottom of the bug yet, but I had a fun day anyway.

linux.conf.au News: Our Call For Papers has closed

Mon, 2014-07-21 22:27

The Call For Papers is now closed. The last 6 weeks has been very exciting as we’ve watched all of those paper submissions flow in.

To those of you who have submitted a presentation to us - good luck, and thank you! You should hear from us in September whether you have succeeded.

There are more and more wonderful things happening each day.

The LCA 2015 Auckland Team

Francois Marier: Creating a modern tiling desktop environment using i3

Mon, 2014-07-21 22:09

Modern desktop environments like GNOME and KDE involving a lot of mousing around and I much prefer using the keyboard where I can. This is why I switched to the Ion tiling window manager back when I interned at Net Integration Technologies and kept using it until I noticed it had been removed from Debian.

After experimenting with awesome for 2 years and briefly considering xmonad , I finally found a replacement I like in i3. Here is how I customized it and made it play nice with the GNOME and KDE applications I use every day.

Startup script

As soon as I log into my desktop, my startup script starts a few programs, including:

Because of a bug in gnome-settings-daemon which makes the mouse cursor disappear as soon as gnome-settings-daemon is started, I had to run the following to disable the offending gnome-settings-daemon plugin:

dconf write /org/gnome/settings-daemon/plugins/cursor/active false Screensaver

In addition, gnome-screensaver didn't automatically lock my screen, so I installed xautolock and added it to my startup script:

xautolock -time 30 -locker "gnome-screensaver-command --lock" &

to lock the screen using gnome-screensaver after 30 minutes of inactivity.

I can also trigger it manually using the following shortcut defined in my ~/.i3/config:

bindsym Ctrl+Mod1+l exec xautolock -locknow Keyboard shortcuts

While keyboard shortcuts can be configured in GNOME, they don't work within i3, so I added a few more bindings to my ~/.i3/config:

# volume control bindsym XF86AudioLowerVolume exec /usr/bin/pactl set-sink-volume @DEFAULT_SINK@ -- '-5%' bindsym XF86AudioRaiseVolume exec /usr/bin/pactl set-sink-volume @DEFAULT_SINK@ -- '+5%' # brightness control bindsym XF86MonBrightnessDown exec xbacklight -steps 1 -time 0 -dec 5 bindsym XF86MonBrightnessUp exec xbacklight -steps 1 -time 0 -inc 5 bindsym XF86AudioMute exec /usr/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle # show battery stats bindsym XF86Battery exec gnome-power-statistics

to make volume control, screen brightness and battery status buttons work as expected on my laptop.

These bindings require the following packages:

Keyboard layout switcher

Another thing that used to work with GNOME and had to re-create in i3 is the ability to quickly toggle between two keyboard layouts using the keyboard.

To make it work, I wrote a simple shell script and assigned a keyboard shortcut to it in ~/.i3/config:

bindsym $mod+u exec /home/francois/bin/toggle-xkbmap Suspend script

Since I run lots of things in the background, I have set my laptop to avoid suspending when the lid is closed by putting the following in /etc/systemd/login.conf:

HandleLidSwitch=lock

Instead, when I want to suspend to ram, I use the following keyboard shortcut:

bindsym Ctrl+Mod1+s exec /home/francois/bin/s2ram

which executes a custom suspend script to clear the clipboards (using xsel), flush writes to disk and lock the screen before going to sleep.

To avoid having to type my sudo password every time pm-suspend is invoked, I added the following line to /etc/sudoers:

francois ALL=(ALL) NOPASSWD: /usr/sbin/pm-suspend Window and workspace placement hacks

While tiling window managers promise to manage windows for you so that you can focus on more important things, you will most likely want to customize window placement to fit your needs better.

Working around misbehaving applications

A few applications make too many assumptions about window placement and are just plain broken in tiling mode. Here's how to automatically switch them to floating mode:

for_window [class="VidyoDesktop"] floating enable

You can get the Xorg class of the offending application by running this command:

xprop | grep WM_CLASS

before clicking on the window.

Keeping IM windows on the first workspace

I run Pidgin on my first workspace and I have the following rule to keep any new window that pops up (e.g. in response to a new incoming message) on the same workspace:

assign [class="Pidgin"] 1 Automatically moving workspaces when docking

Here's a neat configuration blurb which automatically moves my workspaces (and their contents) from the laptop screen (eDP1) to the external monitor (DP2) when I dock my laptop:

# bind workspaces to the right monitors workspace 1 output DP2 workspace 2 output DP2 workspace 3 output DP2 workspace 4 output DP2 workspace 5 output DP2 workspace 6 output eDP1

You can get these output names by running:

xrandr --display :0 | grep " connected"

Finally, because X sometimes fail to detect my external monitor when docking/undocking, I also wrote a script to set the displays properly and bound it to the appropriate key on my laptop:

bindsym XF86Display exec /home/francois/bin/external-monitor

Dave Hall: Drupal in the Enterprise (aka Vote for my DrupalCon Session)

Mon, 2014-07-21 21:28

TL; DR: [spam]Please vote for my DrupalCon Denver proposal on Drupal workflows in the enterprise.[/spam]

For the last few months I've been working for Technocrat on a new Drupal based site for the Insurance Australia Group's Direct Insurance brands. The current sites are using Autonomy Teamsite.

The basics of the build are relatively straight forward, around 1000 nodes, a bunch of views and a bit of glue to hold it all together. Where things get complicated is the workflow. The Financial services sector in Australia is subject to strict control of representations being made about products. The workflow system needs to ensure IAG complies with these requirements.

During the evaluation we found that generally Drupal workflows are based around publishing a single piece of content on the production site. In the IAG case a collection of nodes need to be published as a piece of work, along with a new block. These changes need to be reviewed by stakeholders and then deployed. This led us to build a job based workflow system.

We are using the Features module to handle all configuration, deploy for entities and some additional tools, including Symfony, Jenkins and drush to hold it all together.

I've proposed the session for Drupal Downunder in January and will refine the session based on feedback from there in preparation for Denver. If you want to learn more about Drupal Workflows in the Enterprise, please vote for my session.

Dave Hall: Interacting with the Acquia Cloud API using Python

Mon, 2014-07-21 21:28

The Acquia Cloud API makes it easy to manage sites on the platform. The API allows you to perform many administrative tasks including creating, destroying and copying databases, deploying code, managing domains and copying files.

Acquia offers 2 official clients. The primary client is a drush plugin which can only be downloaded from Acquia Insight. The other is a PHP library which states in the README that it is "[n]ot ready for production usage".

On a recent project using WF Tools we needed some pretty advanced deployment scripts for sites hosted on Acquia Cloud. We had tried using a mix of bash and PHP, but that created a maintenance nightmare, so we switched to Python.

I was unable to find a high quality Python library, so I wrote a python client for the Acquia Cloud API. The library implements all of the features that we needed, so there are a few things missing.

Chaining complex commands together is easy because the library implements a fluent interface. An extreme example of what is possible is below:

import acapi # Instantiate the client c = acapi.Client('user@example.com', 'acquia-token') # Copy the prod db to dev, make a backup of the dev db and download it to /tmp c.site('mysite').environment('prod').db('mysite').copy('dev').backups().create().download('/tmp/backup.sql.gz')

Some of the code is "borrowed" from the Python client for Twilio. The library is licensed under the terms of the MIT license.

I am continuing to develop the library. Consider this a working alpha. Improving error handling, creating a comprehensive test suite and implementing the missing API calls are all on the roadmap. Pull requests are welcome.

The code is PEP 8 (coding standards and PEP 257 (documentation standards) compliant and uses the numpydoc for code documentation.

Check out the Python client for Acquia's Cloud API on github.

Andrew Pollock: [life] Day 170: The flight back

Mon, 2014-07-21 15:26

I have no idea if I'm getting my day numbers right any more with all the crossings of the international date line, but we'll call Friday day 170 and be done with it.

The flight back went pretty well. Zoe had a good time watching some movies, and also slept for a reasonable chunk of the flight. Zoe's cold had progressed into her typical runny nose/nasty cough combination, but neither was particularly bad. She did cough a bit in her sleep, but it didn't seem to stop her sleeping, and she was pretty happy for the duration of the flight. She was definitely impatient to land, because she knew she'd be seeing her mother.

We must have been the first flight into Brisbane on Friday morning, so we breezed through passport control quickly, and the car seat helpfully came out on the same carousel as the suitcases, so we were able to collect everything and exit quarantine relatively quickly.

Sarah met us outside, and dropped me home, and took the day off to spend with Zoe. I used the day to unpack and run a few errands.

I was super impressed with how well Zoe traveled overall. She's such a good little traveler. She's the perfect age/height for her Trunki now, and that made traversing airports at close to normal walking pace very doable. I'm also happy with how I handled solo-parent international travel. I've done a flight to Townsville with Zoe before, and a flight to Melbourne with Zoe and Anshu, but long-haul international for nearly 3 weeks is a totally different ball game, and aside from me needing to learn to pack a bit better when leaving a location (checklists, checklists, checklists!) everything went really well. The only thing I forgot to pack was my own swimwear, and that was easily fixed.

Sridhar Dhanapalan: Twitter posts: 2014-07-14 to 2014-07-20

Mon, 2014-07-21 01:27

Lev Lafayette: Why Linux is the Future of Computing

Mon, 2014-07-21 00:29

Presentation to the La Trobe Valley Linux Miniconference, Saturday July 19, 2014

Tim Serong: The Fridge Magnets

Sun, 2014-07-20 14:27

Last Thursday night was the TasLUG OpenStack 4th Birthday meetup. We had some nice nibbly food, some drinks, and four OpenStacky talks:

  • An update from the OpenStack Foundation (presented by me, with slides provided by the Foundation).
  • A talk about the NeCTAR cloud and using the command line tools to work with images, by Scott Bragg.
  • A talk on spinning up instances with Nova and Heat, by Stewart Wilde.
  • A talk by me on Ceph, and how it can be used as the storage backend for an OpenStack cloud.

We also had some posters, stickers and fridge magnets made up. The fridge magnets were remarkably popular. If you weren’t at TasLUG last night, and you want a fridge magnet, first download this image (the full-res one linked to, not the inline one):

Then, go to Vistaprint and place an order for Magnetic Business Cards, using this image. You can get 25 done for about $10, plus shipping.

Finally, I would like to publicly thank the OpenStack Foundation for supporting this event.

Andrew Pollock: [life] Day 168: Homeward bound

Sat, 2014-07-19 22:25

It's all a bit hazy now, but I think Zoe slept all night and woke up a bit early and came down to my room. Graydon appeared not long after. I made us all breakfast and then got stuck into packing.

After we were all packed up, and Zoe and Graydon had played a bit, Neal took us to REI and Best Buy to do a spot of shopping, and then dropped us at Hertz to pick up the rental car.

After lunch, we packed up the car and headed on our way to Dallas.

The drive went really well. I'd rented some sort of Chevy SUV, and it had a nice interior, and the car radio supported Pandora and had a big display. I stuck Zoe's car seat in the middle, and she was happy being able to see out the front and also see the cover art for what Pandora was dishing up. As I hoped, she napped for a couple of hours on the way up.

The drive took about three and a half hours, and I'd wanted to stop for a break along the way, but missed the exit for the only decent looking rest stop, so pressed on.

We made it to the airport with a comfortable margin of time, and had enough time for dinner. The highlight of the evening was hearing Kim Kardashian get paged twice. Everyone looked at each other and wondered if it was that Kim Kardashian and considered going to the gate she was paged to to find out.

Our flight ended up leaving a little bit late, due to needing to unload some of the cargo to make the distance and also to ensure we didn't arrive before the 5am curfew in Brisbane airport.

BlueHackers: Adverse Childhood Exprience (ACE) questionnaire | acestoohigh.com

Thu, 2014-07-17 19:45

NOTE: the links referred to in this post may contain triggers. Make sure you have appropriate support available.

http://acestoohigh.com/got-your-ace-score/

There are 10 types of childhood trauma measured in the ACE Study, personal as well as ones related to other family members. Once you have your score, there are many useful insights later in the article.

The origin of this study was actually in an obesity clinic.

Stewart Smith: OpenPower firmware up on github!

Thu, 2014-07-17 17:26

With the whole OpenPower thing, a lot of low level firmware is being open sourced, which is really exciting for the platform – the less proprietary code sitting in memory the better in my books.

If you go to https://github.com/open-power you’ll see code for a bunch of the low level firmware for OpenPower and POWER8.

Hostboot is the bit of code that brings up the CPU and skiboot both sets up hardware and provides runtime services to Linux (such as talking to the service processor, if one is present).

Patches to https://github.com/open-power/skiboot/blob/master/doc/overview.txt are (of course) really quite welcome. It shouldn’t be too hard to get your head around the basics.

To see the Linux side of the OPAL interface, go check out linux/arch/powerpc/platforms/powernv -there you can see how we ask OPAL to do things for us.

If you buy a POWER8 system from IBM running PowerKVM you’re running this code.