Planet Linux Australia

Syndicate content
Planet Linux Australia - http://planet.linux.org.au
Updated: 31 min 5 sec ago

Daniel Patton: While I'm glad Rudd said Sorry...

Tue, 2014-07-01 05:25
I hope it doesn't create a wave of people getting paid out - that's just as much inequality as what happened in the first place. See Penn & Teller - Bullsh!t: Reparations. Disagree? Post a damn comment, I'm sure nobody reads this blog anyway, so I couldn't be offending anyone regardless.

Daniel Patton: New game: Pick that quote

Tue, 2014-07-01 05:25
"It feels really good. It's a good accomplishment. I probably won't ever kill anything else that big," * said.

Now, pick the article - these headlines all came from one page:



A - Eight alive after crash

B - 25 years for earl's widow

C - Boy shoots world's biggest boar

D - $122b for Iraq war

E - All of the above



If you've already read today's edition of the Sunday Herald sun, no points.

Daniel Patton: cake - it's coming down

Tue, 2014-07-01 05:25
I've been meeting with, dealing with & reading up on local magicians quite a bit recently, so I thought I'd share a few of my experiences there, and maybe try to drum up a bit a business.





Glenn Hamilton

The energy of this guy never ceases to amaze me - I wish I had half of it. I'm pretty certain I've read somewhere that he's been voted Melbourne's best children's entertainer at some point (I'm probably doing him a disservice here, I'm sure it was better praise than that). I couldn't find a blog or website for him, unfortunately, but you should be able to reach him through either this email address, or through Ellis & Webster, mentioned below.





Dean Atkinson

Once spent three months sitting under the stage of The Globe Theatre dressed as a fish. I've only seen him at work once, but it was an awesome Mentalism act, from memory. Or did he just fool me into thinking that? It was a bit naughty though, so maybe not for the kiddies.





Ellis & Webster

Most awarded Australian Magicians in history with 22 awards between them. Unfortunately, I've never seen one of their shows, Though I'm keen to catch a show as soon as I can. You can hire magicians to suit a wide range of occasions, including themselves, through their booking service. Webster (the blond) also does a uncanny Jeannie (I dream of Jeannie) impersonation - you can hire her for events for this, too. Also, check out Tim's humorous encounters with telemarketers, there's quite a few fun things there to try.



There's many great Magicians that I've missed out on, as is evident on Ellis & Webster's artist booking page. <subliminal>Hire one for your next function.</subliminal>



Mel8ourne: Magical enough already, more so with these guys in residence.

Daniel Patton: Mel8ourne!

Tue, 2014-07-01 05:25
Melbourne is bidding for the right to host linux.conf.au in 2008! Could you ask for a better location? Is there a cooler and more groovelicious city anywhere? I don't think so.



You. Must. Be. There.



Rusty commands you.

Andrew Pollock: [life] Day 152: Mostly trip preparation

Mon, 2014-06-30 22:25

We had a pretty quiet day today, as I was still trying to kick the dregs of my man cold, and it was cold with a howling wind outside.

The first thing we did when Sarah dropped Zoe off was assemble the IKEA bookshelf I got for her room on the weekend. She now has four shelves instead of two, and so now her books don't have to be precariously balanced on top of another set of shelves. Zoe seemed to enjoy helping me put it together.

After that, we popped out to the bank to sort out some US dollars. The Cash Passport has evolved significantly since we first moved to the US, and the Traveller Card is a pretty nice product.

After a stop at the pharmacy to stock up on pseudo-ephedrine for the flight and a stop at the post office to put the mail on hold, we came back home and put a bunch of the Woolworths Jamie's Garden stickers in Zoe's sticker album.

After that, a lot of TV was watched, and I alternated between watching TV with Zoe and packing. I can now say that I've watched the pilot for the Muppet Show. It wasn't that good. I think I'm on top of the packing, and am generally feeling organised for the trip. The one thing I haven't done yet is book a rental car for the drive from Austin to Dallas on the way home.

Anshu came over for dinner, and I managed to get Zoe to bed a bit early, which should help get us going early in the morning, when Sarah picks us up to take us to the airport.

Russell Coker: Links June 2014

Mon, 2014-06-30 19:26

Russ Albery wrote an insightful blog post about trust, computer security, and training programmers [1]. He makes a good case that social problems in our community decrease the availability of skilled people to write and audit security code.

The Lawfare blog has an insightful article by Dan Geer about “Heartbleed as a Metaphor [2]. He makes some good points about security and design, ways of potentially solving some flaws and problems with the various solutions.

Eben Moglen wrote an insightful article for The Guardian about the way that the NSA spying is a direct threat to democracy [3]

The TED blog has an interesting interview with Kitra Cahana about her work living with and photographing nomads in the US [4]. I was surprised to learn that there’s an active nomad community in the US based on the culture that started in the Great Depression. Apparently people are using Youtube to learn about nomad culture before joining.

Dave Johnson wrote an interesting Salon article about why CEOs make 300* as much money as workers [5]. Note that actually contributing to the financial success of the company is not one of the reasons.

Maia Szalavitz wrote an interesting Slate article about Autism and Anorexia [6]. Apparently some people on the Autism Spectrum are mis-diagnosed with Anorexia due to food intolerance.

Groups of four professors have applied for the job of president and vice-chancellor of the University of Alberta [7]. While it was a joke to apply in that way, 1/4 of the university president’s salary is greater than the salary of a professor and the university would get a team of 4 people to do the job – so it would really make sense to hire them. Of course the university could just pay a more reasonable salary for the president and hire an extra 3 professors. But the same argument applies for lots of highly paid jobs. Is a CEO who gets paid $10M per annim really going to do a better job than a team of 100 people who are paid $100K?

Joel on Software wrote an insightful article explaining why hiring 1/200 applicants doesn’t mean you hire the top 0.5% of workers [8]. He suggests that the best employees almost never apply through regular channels so an intern program is the only way to get a chance of hiring the best people.

Chaotic Idealism has an interesting article on some of the bogus claims about autism and violence [9].

Salon has an interesting articleby Lindsay Abrams about the way the food industry in the US lobbies for laws to prevent employees from reporting animal cruelty or contamination of the food supply and how drones will now be used for investigative journalism [10].

Jacobin Mag has an interesting article by Geoff Shullenberger about the “Voluntariat”, the people who volunteer their time to help commercial organisations [11]. I don’t object to people voluntarily helping companies, but when they are exploited or when the company also requires voluntary help from the government it becomes a problem. We need some legislation about this.

Laura Hudson wrote an insightful article about how Riot Games solved their online abuse problem [12]. There are ideas in this that can apply to all online communities.

Matt LeMay wrote an interesting article for Medium titled “What (Else) Can Men Do? Grow The Fuck Up” [13]. It’s a general commentary on the treatment of women in geek communities (and most other places).

Foz Meadows wrote an insightful analysis of the attempts of bigots to influence science-fiction [14]. If I had more spare time I’d read some of the books by bigoted authors on the “Sad Puppy Slate” (from a library of course) and see if they lack talent in the same way that Orson Scott Card does.

Racialicious has an interesting article by Phenderson Djeli Clark about the horrible racism and bigotry of H.P. Lovecraft [15]. I have only read two HP Lovecraft stories, one was mediocre and the other (The Horroe at Red Hook) was quite poor – largely due to his inability to write about non-white people.

Grace Wyler wrote an insightful article for Vice magazine about the right-wing terrorists in the US killing cops [16].

Paul Rosenberg wrote an interesting and amusing (for people outside the US) article about the gun crazies in the US [17]. Maybe the gun crazies should have a “loaded assault rifles and tequila” party to follow up on their “gun appreciation day”.

A US TV show made a 4 minute clip of some of the stupid things that Tony Abbott has done [18]. Tony is almost as stupid as Dubya.

Related posts:

  1. Links February 2014 The Economist has an interesting and informative article about the...
  2. Links May 2014 Charmian Gooch gave an interesting TED talk about her efforts...
  3. Links June 2013 Cory Doctorow published a letter from a 14yo who had...

Sridhar Dhanapalan: Twitter posts: 2014-06-23 to 2014-06-29

Mon, 2014-06-30 00:26

Peter Lieverdink: 2014 DrupalCon Austin Road Trip

Sun, 2014-06-29 18:26

It's been nearly two years since I blogged a DrupalCon road trip, so it's high time for another one. Not that there weren't other DrupalCons in between, but the trip to Sydney was rather short. And although we did drive a fair bit before Portland, we ended up where we started, so it was not really a road trip. To get to Prague we took a train, so that was out too. Thus, DrupalCon Austin.

Prior to moving to Boston, @beejeebus house-sat for us for a few weeks whilst @kattekrab and I were in Prague. Courtesy of the US government shut-down his visa was delayed by several months, so he ended up staying for a fair bit longer and introduced us a scary food show called Diners, Drive-ins and Dives.

We also did a few short road trips around Victoria to show him how pretty it was, and so was borne a plan to roadtrip from Los Angeles to Austin, eating ourselves silly along the way.

To get to Austin from Melbourne, you would usually fly to LAX and then onward for several more hours. Since LAX domestic is pretty shithousenot a particularly nice airport to hang out at, we decided we would like to escape it.

To accomplish this, we planned to meet up with beejeebus who would be flying in from Portland. We would then pick up our rental car and leave Los Angeles as soon as possible.

Unfortunately beejeebus missed his flight, so we were stuck at LAX for three hours anyway, waiting for him. Aaargh! *twitch* *twitch*

Las Vegas

Once you leave Los Angeles, there is mostly desert with the odd strip-mall town, which is convenient for lunch. Inspired by The Big Lebowski and lacking DD&D venues, we decided on an in-n-out burger, which actally turned out to be pretty tasty.

After our lunch stop we hit some proper desert highway, as witnessed by the turn-off to Death Valley and the largest solar thermal power plant in the world.

Apart from that, the only thing to see was desolate landscape (but pretty) and giant bill-boards for casinos and jesus (less pretty). You can spot the Nevada state line from miles away - there's a giant casino built right on it.

Las Vegas was ... interesting. A modern shiny city in the middle of nowhere and purely there to provide gambling. We drove up the strip, eyeballing all the famous casinos and the people moving between them. This was the start of the Memorial Day long weekend in the US, and Vegas was positively overflowing with The Wrong Kind Of People™.

Horrified, we stopped. After a quick chat where we all admitted to being quite happy to be somewhere else, we decided to give Las Vegas a miss and push on to our next stop instead.

The landscape changes pretty much immediately south-east of Las Vegas - that's where the Hoover Dam is and the Grand Canyon sort of ends. We didn't stop to look at the dam, as the sun was getting low and we had a lot of driving to do, but we got glimpses of the Colorado River as we drove along.

There are a lot of odd conglomerations of shacks and trailers a few miles off the highway for hundreds of miles either side of Kingman. We weren't sure what they were, but were later told these may be survivalists, living in the middle of nowhere. There are a LOT of them though, so they must like neighbours.

They also all have a flagpole with an american flag out the front, which lead to our first imaginary (because driving) drinking game of the trip. Whenever you see a flag out the front of a house, drink.

As a side-note, this flag-in-front-of-house also happens in Australia and I don't understand it here either. Do people get confused about what the national flag looks like so they need constant reminders?

Every other "town" in this area offered the opportunity to shoot an AK-47 for $35 or had a casino. Weird. We drove ever onward to Flagstaff and then to Sedona.

A bush/forest fire had broken out between Sedona and Flagstaff a few days earlier and our hosts had bought an RV were camping in the next town over to escape the smoke. As Australians, we decided we were used to fire smoke and gratefully took up residence in the accomodation offered. (Thanks Megan & Scott!!!) Kattekrab and I had stayed here for a few days last year as well.

Jerome, Prescott and Camp Verde

Just like a year earlier, we planned to use Sedona as our base for daytrips to local(-ish) attractions. Unfortunately, Oak Creek Canyon was out of bounds, as that was on fire.

Our hosts suggested we do a little drive into the hills in order to escape the smoke. First to the old mining town of Jerome. This is a very cute little town, with some interesting looking shops and bars. It also boasts the deepest mine shaft on the continent.

Being up in the hills, Jerome offered a rather dramatic view of the Slide Fires north of Sedona. This being the holiday weekend, downtown was overrun by tourists, so we decided to drive over the top of Mingus Mountain and on to Prescott, where we would either visit a whisky bar or press on to Camp Verde to see some native american cliff dwellings and a deep well.

It turns out that to one side of Prescott, there's a beautiful granite formation and we passed through this on our way into town. 

Due to jetlag, we left Sedona quite late and thus got to Prescott pretty late as well. We decided to give the whisky bar a miss in favour of some more cultural pursuits and after buying to insanely hot corn chips to snack on (try to make beejeebus cry by whispering "tacky fuego" to him) we set off to Camp Verde. Sadly, we left it too late and we didn't arrive until just after 5pm. We got a wave from the ranger who had obviously just closed the gate :-(

So we decided to head back to Sedona for an early night. On the way, we stopped at Bell Rock just south of Sedona for a leg-stretch and some pretty amazing scenery.

Though beejeebus really wanted to see a snake, we didn't this time around. What we did see was a rather impressive smoke column to the north...

Grand Canyon - Desert View

About a two hour drive north of Sedona is the Grand Canyon south rim. Kattekrab and I had been to the village part last year, so this time, with agreement from beejeebus, we decided to drive a bit further and go to Desert View instead. This turns out to have been a good decision, as we got to see a bunch of wildlife along (and on) the road - mostly elk.

Desert View itself is a rather pretty look-out over the wideing eastern end of the Grand Canyon, with mesas in the distance.

An artist has built an olde-looking tower which offers beautiful views of the Canyon, if you can get past the people taking selfies on the narrow staircase.

After Desert View, we backtracked a little bit to park the car and go for a walk along the south rim towards the South Kaibab trail head, which is very pretty indeed!

Unfortunately, the trail head itself is extremely unsuitable for people with vertigo. Walking along the start of the trail turns out to be pretty tricky when you aren't able to move your legs.

We got our second encounter with local wildlife at the trail head too. A squirrel heard me unwrap a muesli bar and clearly heard that sound before, as it made straight for me.

It is my policy to never feed plague-squirrels though, so it missed out.

On the way back to Sedona, we hit our first DD&D venue: Salsa Brava. It's a rather unassuming looking place along the highway, but it's packed inside. We had no booking, but luckily we didn't have too long to wait for  a table. After ordering some delicious margaritas, I decided to order "What Guy had" - a navajo fry-bread pulled pork taco. And omg, it was delicious! +10 would go again :-)

Sedona

Due to a wind change, the smoke had mostly cleared for our final day in Sedona and after waiting out the hottest part of the day we decided to climb Cathedral Rock. I'd been up this rock the year before, but kattekrab injured herself and wasn't able to climb the steep middle section that time. It's absolutely stunning though, so happily she got a second chance.

I may have gone slightly overboard with the photos of Cathedral, but it really is very pretty and offers views of the yellow and red mountains all around. We climbed in the afternoon, so got sunset colours at the top and on our way back down.

We finished a rather lovely day with dinner with our hosts at an incongruous german restaurant in Cornville followed by a drink at the local pub, where a scary local discovered we "we'en't from 'round here" ;-)

Winslow (Barringer Crater)

One of the things that has been on my bucket list for a long time is Barringer Crater (probably better known as Meteor Crater). We didn't get to see it last year because we ran out of time. Happily, this year our next stop after Sedona was Albuquerque and the crater is on the way!

Not far out of Flagstaff the landscape changes from pine forest into shrubby desert and becomes pretty flat. That means you can see the crater rim from a long way off and appreciate how huge it is. The rim might not be tall, but it is very very wide!

The crater is privately owned and the owners have built a small museum on the north rim. I ran straight through it for a view of the second largest hole in the ground I'd see on this trip.

There is a bit of a hill on one corner and from there you get a good sense of the crater and the flat desert landscape beyond.

At the bottom of the crater are the remains of a few drilling attempts (to find the meteorite) and a life-size model of an astronaut.

If the stomping tourists disappear and you just hang out for a while, the locals will come out to say hello :-)

The museum is a bit daggy, but I suppose that was to be expected. Not all visitors are obsessed or would know the history of the crater. I did get a t-shirt though, and various delicious cactus-flavoured margarita ingredients!

The crater is most impessive, but like the Grand Canyon it's so big that it's just impossible to get a good sense of its size when you're standing on the edge.

Albuquerque

Our planned stop for that evening was Albuquerque and kattekrab had enquired about local Drupalistas. @teampoop replied that there was a local tech meetup that evening, so we drove along route 66 all day to get there in time (which we failed to do, as there was apparently a 1 hour time difference between Arizona and New Mexico)

Route 66 was a bit sad, as it turned out. Apart from a bunch of places clustered around very blingy casinos, most towns are now ghost towns or fast on the way to becoming ghost towns.

We were told later that the combination of cheap flights and the raising of the speed limit from 55 to 75mph means that people no longer need to stop overnight at a small town, they can drive from major city to major city in a day. As we did, I suppose. Still, no diner lunch along the way for us :-(  Very pretty country-side though in that part of New Mexico, straight out of cowboy movies.

We didn't have any accommodation booked for Albuquerque, but the Rio Grande had rooms with hot showers and is very nice indeed!

After a quick frshening-up, we headed into town to meet the friendly locals for a snack and drink at beer.js. We didn't talk much about JavaScript, but we did meet @teampoop and @helennoat for a fun evening. Just before we left, we got a breakfast recommendation for the next morning.

And an excellent recommendation it was - Frontier Restaurant. It hasn't been on DD&D, but maybe it should be. The huevos rancheros set me right for the rest of a long morning of driving.

Roswell

For no other reason than to be able to say I've been to Roswell, New Mexico, I decided we had to go to Roswell, New Mexico. So we did. 

Roswell is a pretty normal small town and apart from the UFO museum (we passed) and the odd green alien on a bill-board it looks pretty normal. We went on a bit of a wild goose-chase looking for the UFO crash site (which someone had helpfully added to FourSquare) but that turned out to be the stadium out the back of some religious compound.

It wasn't a total bust though, on the way to the supposed crash site we passed the abandoned old Roswell airport terminal, which was due to be demolished shortly and it made for a lovely photo opportunity :-)

After that detour, we had philly cheesesteaks for lunch at Big D's Downtown Dive (delicious!) before hitting the road again.

We decided to get as close to Austin as wel could that day, leaving a relatively small amount of driving for the final day of our trip.

Leaving Roswell, we could tell we were getting closer to Texas, as the oil pumps started to get pretty thick on the ground. As not many people live out that way, the pumps replaced the flag poles for our drinking game.

There wasn't much to see or do along the way, apart from taking a mocking vanity photo for @texas as the state line, so we mostly just drove, until we ran very low on fuel at Lamesa. Luckily, Lamesa had a service station. Unluckily, it took us four attempts plus the help of a puzzled local to get the fuel pump going :-)

We finished the day's drive at San Angelo, only a few hours from Austin.

San Angelo

What can I say about San Angelo? It has a road.

Actually, it has a road with a classic 60s diner that hasn't changed since the 60s and that's where we a had a disgusting delicious diner breakfast, served by none other than Roxie.

After breakfast we eventually drove down from the desert highlands, past a lot more Drink!oil pumps. I noticed that enterprising oil barons have started planting wind turbines on their oil fields!

As we neared Austin, the vegetation got a lot lusher and greener, which was pretty nice after a week of driving through desert. In the end, we did around 2100 miles in six days. Pretty impressive :-)

Austin

I decided to give the actual Drupal conference a miss, but do a bit of work in the coders lounge/sprint rooms during the day and catch up with people in the evenings.

That gave me a chance to explore Austin a bit in the mornings and eat my way around as required. 

The river that runs through the city, also named Colorado, but not the same as the one that goes through the Grand Canyon (actually, this one seems to start at Lamesa where we had flues troubles) has walking paths along it, and I spent most mornings wandering around there, looking at turtles and graffiti.

A new walking/cycling track that actually sits on the river was under contruction across from the hotel and I managed to sneak past the construction workers for a sneak preview on Friday :-)

As for the other part, eat I did. A lot of BBQ, at Lamberts, Moonshine and Ironworks. I also finally got the opportunity to sample the famous "chicken and waffles" that @stephelhajj had kept talking about, at Diner 24.

And it was delicious, with maple syrup and tabasco - breakfast of champions! And lunch and dinner too!

Other stand-outs were the deliciously disgusting chilli cheese waffle fries and the nototious p.i.g (a hot-dog with mac & cheese on it) at Franks.

I managed to get beejeebus to one more DD&D venue as well, in Austin. We had very tasty burgers (twice!) at Casino El Camino, which turned out to be just behind the conference center.

Now, back to planning the next road trip!

Tags: drupalconroad triprocksspace

Matt Palmer: Adventures in DNSSEC

Sun, 2014-06-29 18:26

DNSSEC is one of those things that have been on the “I should poke at that sometime” list, but today I decided to actually get in and play around with it. Turns out it’s pretty trivially easy to setup, but I got bitten by a few “gotchas” during testing, that I thought worthwhile to document. Since I like to explain things, a lot of this article isn’t “how to” so much as “how does”.

Configuring The Resolver

First off, you need a resolver1 that you can trust, and which implements DNSSEC validation. In theory, you could use your ISP’s resolvers (if they’re DNSSEC-enabled), or even Google’s public resolvers (8.8.8.8 and 8.8.4.4), but it’s really not recommended – how much do you trust those, really? More importantly, how much do you trust the network path between them and you? Frankly, running a local on-host caching resolver is trivial, consumes next-to-no resources, and is highly recommended. It’s what I did.

I used unbound, finally casting free the venerable dnscache, which has served me well for many years. I chose unbound because it fits the “do one small thing, and do it well” philosophy that I cherish (unlike BIND), and because it’s what all the cool kids appear to be using these days. Installing it was as simple as apt-get install unbound – it’s available in pretty much every distro, I believe.

Out of the box, unbound in Debian wheezy comes configured for DNSSEC validation. Other methods of installation might not be so amenable, so just make sure your unbound.conf liiks like this, so that DNSSEC is enabled:

server: auto-trust-anchor-file: "/var/lib/unbound/root.key" val-log-level: 2

The val-log-level line isn’t strictly required, but I found it useful to have unbound log info on validation failures to syslog. Season to taste.

You also have to configure your system to actually use your new, shiny local resolver. Editing /etc/resolv.conf would, in an ideal world, work Just Fine, but between Magical Unhelpful Pixies (I’m looking at you, NetworkManager) and DHCP, it often isn’t that easy. Ultimately, though, you should configure your system so that the only resolver in /etc/resolv.conf is always 127.0.0.1. Anything else is a security hole waiting to happen. If you’re using DHCP and a recent version of ISC dhclient, adding supersede domain-name-servers 127.0.0.1; to dhclient.conf should do the needful.

Weighing the (Trust) Anchor

Whatever local resolver you choose, you need to tell it about “trust anchors”. This is a key (or keys) which are trusted to sign all the other data that the resolver will find. Like the rest of the DNS, DNSSEC is hierarchical, and you need to know who to “start with” before you can start.

To resolve a name using DNS, you ask the “root servers” for the answer to a question (say, “what is the address of www.example.com?”). The root server doesn’t know the answer, but it knows who to ask, and it tells you where to go (typically, “go ask the DNS servers for .com, which are X, Y, and Z”). Then you ask those servers, and they probably don’t know, but they know who to ask, and they tell you to go ask those servers. This continues until you finally get a server which says, “oh, yes, I know the answer to that!” and hands over the information you’re after.

In DNSSEC, you get digital signatures that prove that the answers you get from each DNS server you ask are legit, and not forged. So when you ask the root servers, “what is the address of www.example.com?”, they answer, “I don’t know, but go ask DNS servers at addresses X, Y, and Z – and by the way, you can trust this answer is legit because here’s this signature you can check”. To verify a signature is legit, you need to know that the key used to make the signature is trustworthy, and it wasn’t just any ol’ key that made it – similar to how an ink scribble on a page doesn’t mean anything unless you know what the signature you’re looking at should look like.

DNSSEC has two ways to make sure you know who to trust. Firstly, those “trust anchors” I mentioned three paragraphs ago. These are the keys that the root servers use to sign the responses they send out. You tell unbound (or your local DNSSEC-enabled resolver of choice), “if you see a signature provided by this trust anchor key, you can trust it to be legit”. The second way to trust is key is to have someone you already trust say, “oh, you can trust this key, too”. This is done by providing more data in the answer that you get from the root servers. So the full answer you get from the root servers when you ask, “what is the address of www.example.com?” looks like this:

I don’t know, but you should ask the DNS servers at addresses X, Y, and Z. You can trust their answers because they’ll sign their responses with key K. Finally, you can trust that I’m legit because of this signature I’m providing you, generated from key T.

Assuming that T is the trust-anchor key you’ve already told unbound to trust, it can then trust all of the information it got from that first question. When it then goes to DNS server X and asks, “Hey, do you know the address of www.example.com?”, that server can send back its own response saying:

Gee, shucks, I don’t know, but DNS servers at P and Q can help you. You can trust them because they’ll sign responses with key S. And just to show you I’m on the level, check out this nifty signature I made, signed with key K.

Since a server we trust told us to trust key K, and then we got a response signed by key K that told us to trust key S, when we then go and ask server P and get a response signed by S, we’re still demonstrably secure. Neat setup, right?

Anyway, now you know all about trust anchors. How do you set it up? For unbound, it’s capable of “priming” the trust anchor itself. It does this by retrieving a copy of the trust anchor from [a well-known HTTPS URL]((https://data.iana.org/root-anchors/root-anchors.xml), which provides a reasonable measure of security – the trust anchor file should be safe as long as that HTTPS server is trustworthy. For the properly paranoid, you should determine an alternate means of verifying that you have the correct root key (a web search for “DNSSEC root key attestation” would probably be a good start).

Testing

It’s always handy to know that something’s working as you expect. For something that’s important for security, that goes double. So, how do you test that your DNSSEC-capable resolver is, indeed, working as designed?

Well, firstly, you can test that the resolver, by itself, is working. This is simple: do a query for a zone known to have broken DNSSEC. Thankfully, some nice people (Comcast, specifically) have already set this up. You can test a resolver for DNSSEC-correctness with this command:

dig @127.0.0.1 www.dnssec-failed.org

If dig gives you back an IP address, something is broken. The correct, “my DNSSEC works!” response should be a status: SERVFAIL response.

That’s all well and good, but having a resolver that works isn’t much good if nothing’s actually using it. Your system configuration has probably got some other resolvers configured into it (such as those provided by a DHCP server), and you’ll want to make sure those aren’t getting used2. The trivial test is to visit http://www.dnssec-failed.org in your browser. If that comes back with a page, then something’s still wrong.

A more user-friendly test of your DNSSEC configuration is provided by http://dnssectest.sidnlabs.nl/test.php, which will display a page either way, and give you a tick or a cross depending on whether you’re DNSSEC-enabled or not.

One thing to be wary of when you’re doing browser tests is caching. I spent far too long trying to work out why “unbound wasn’t working”, when in actual fact it was working fine, it’s just that both my browser and local caching proxy (squid) were caching DNS requests3. So, even after I’d correctly setup unbound, visiting the test sites was providing me with erroneous results.

Fixing up the browser was simple enough. In Chromium, visiting chrome://net-internals#dns will show you what’s being cached, what resolv.conf settings are being used, and allow you to clear the browser’s resolver cache.

Squid was similarly simple, although it took me a while to figure out that it was causing me grief (software that “just works”, being so rare, tends to slip your mind, and so I often forget that squid is actually doing me good). Restarting squid has the appropriate result (clears the DNS cache), but in the end I decided that having another layer of caching wasn’t going to help significantly when I’ve got an on-host DNS cache already, in unbound. So, I just turned the knobs for DNS caching in squid right down:

negative_dns_ttl 1 second positive_dns_ttl 1 second

And voila! All was well.

In summary…

DNSSEC is cool. It’s easy to get going with, and over time it will provide more and more practical benefits (I am a DANE fanboi). Get started with it now, and you’ll be ahead of the curve.

  1. A “resolver” is a program which takes a name, does all the DNS queries required to get the data associated with that name, and return it to whoever wanted to know. This can be a library which links to a client application, or it can be a separate program which receives DNS requests itself.

    There are usually both types of resolvers in use for a typical Linux system to resolve names. On every machine, in every program, there is the so-called “stub resolver”, which is part of libc, and does nothing except create DNS requests and send them to the addresses listed in resolv.conf. Also present, although not always running on every machine (typically your ISP or network admin has some running for everyone to share) are one or more “recursive resolvers”, which are separate programs which take DNS requests, do all of the queries themselves, and return the result to the stub resolver for presentation to the client program which made the request in the first place.

    You will see this material again.

  2. You can configure dhclient to use your local resolver instead of the DHCP-provided ones by simply setting:

    supersede domain-name-servers 127.0.0.1;

    in your dhclient.conf file.

  3. It also didn’t help that I hadn’t correctly knobbled dhclient the first time around, and so even when I thought I was only resolving against my local unbound server, it was still actually using the DHCP-provided resolvers…

linux.conf.au News: Advice for those of you thinking of submitting a linux.conf.au 2015 proposal

Sun, 2014-06-29 15:27

We have some tips and tricks to help you to submit a successful paper presentation to #LCA2015 right here on our CFP page. With heartfelt thanks to Jacinta Richardson for writing this up for us!

You can also view Michael Davies' presentation from LCA 2014 in Perth which discusses the same point in greater depth.

Important Dates
  • Proposals
    • Call for proposals closes: 13 July 2014
  • Miniconfs
    • Miniconf CFP closes 13 July 2014
  • Conference dates:
    • Early bird registrations open 23 September 2014 (TBC)
    • Conference: Monday 12 January to Friday 16 January, 2015

Michael Fox: Realtek RTL2838 DVB-T tuner on Raspberry Pi with TvHeadEnd success

Fri, 2014-06-27 20:26

I decided to give my DVB-T usb dongle (Realtek RTL2838) another go with the Raspberry Pi and TvHeadEnd. As I thought the newer version of Raspbian if available might address the condition I had previously where I had no dvb device after plugging it in. Older post found here.

It would appear it was a good to check this out again.

I downloaded the latest Raspbian available from the Raspberry Pi site. The version available at the time of this post is the one below;

2013-12-20-wheezy-raspbian.zip

I installed to an SD card and booted my Raspberry Pi.

I plugged in my Realtek RTL2838 tuner and it detected fine and when I checked for the dvb device structure, it was populated all correctly, which never happened previously at all.

[26848.628778] usb 1-1.3: new high-speed USB device number 6 using dwc_otg [26848.741110] usb 1-1.3: New USB device found, idVendor=0bda, idProduct=2838 [26848.741147] usb 1-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [26848.741166] usb 1-1.3: Product: RTL2838UHIDIR [26848.741183] usb 1-1.3: Manufacturer: Realtek [26848.741199] usb 1-1.3: SerialNumber: 00000001 [26848.851456] usb 1-1.3: dvb_usb_v2: found a 'Realtek RTL2832U reference design' in warm state [26848.857238] usbcore: registered new interface driver dvb_usb_rtl28xxu [26848.921368] usb 1-1.3: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [26848.921447] DVB: registering new adapter (Realtek RTL2832U reference design) [26848.965698] usb 1-1.3: DVB: registering adapter 0 frontend 0 (Realtek RTL2832 (DVB-T))... [26849.001551] r820t 0-001a: creating new instance [26849.014447] r820t 0-001a: Rafael Micro r820t successfully identified [26849.021655] Registered IR keymap rc-empty [26849.022183] input: Realtek RTL2832U reference design as /devices/platform/bcm2708_usb/usb1/1-1/1-1.3/rc/rc0/input0 [26849.022231] rc0: Realtek RTL2832U reference design as /devices/platform/bcm2708_usb/usb1/1-1/1-1.3/rc/rc0 [26849.022262] usb 1-1.3: dvb_usb_v2: schedule remote query interval to 400 msecs [26849.035148] usb 1-1.3: dvb_usb_v2: 'Realtek RTL2832U reference design' successfully initialized and connected

And device files

root@raspberrypi:~# ls -la /dev/dvb total 0 drwxr-xr-x 3 root root 60 Jan 1 14:51 . drwxr-xr-x 13 root root 3080 Jan 1 14:51 .. drwxr-xr-x 2 root root 120 Jan 1 14:51 adapter0 root@raspberrypi:~# ls -la /dev/dvb/adapter0/ total 0 drwxr-xr-x 2 root root 120 Jan 1 14:51 . drwxr-xr-x 3 root root 60 Jan 1 14:51 .. crw-rw---T 1 root video 212, 4 Jan 1 14:51 demux0 crw-rw---T 1 root video 212, 5 Jan 1 14:51 dvr0 crw-rw---T 1 root video 212, 3 Jan 1 14:51 frontend0 crw-rw---T 1 root video 212, 7 Jan 1 14:51 net0

Next I configured other tools before compiling and installing the TvHeadEnd per the steps below;

sudo apt-get install unzip libcurl4-openssl-dev pkg-config git build-essential dvb-apps

cd ~

git clone https://github.com/tvheadend/tvheadend

cd tvheadend

./configure

make

sudo make install

At which point I executed the binary via “tvheadend -C” and I could now access the web interface for the TvHeadEnd software via http://raspberrypi_ip:9981/ where I could now see my dvb tuner was detected.

At this point you now have to configure the network and channels according to your region. Can be a bit tricky, but I followed the info available at the post here (step 14). This helped me make sense of the sequence of actions.

Below is a screen grab showing VideoLan Client from my Windows 7 desktop and a web browser in the background attached to the TvHeadEnd which is running on the Raspberry Pi with the RTL2838 tuner.

EDIT: And to get my TvHeadEnd to auto start with boot I performed the following additional steps.

Created /etc/init.d/tvheadend file with the contents below;

#!/bin/bash ### BEGIN INIT INFO # Provides: tvheadend # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network # Should-Start: $syslog # Should-Stop: $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 # Short-Description: start/stop tvheadend Server ### END INIT INFO TVHNAME="tvheadend" TVHBIN="/usr/local/bin/tvheadend" TVHUSER="tvheadend" TVHGROUP="tvheadend" PIDFILE=/var/run/$TVHNAME.pid start() { if [ -e $PIDFILE ]; then PID=$(ps ax | grep -v grep | grep -w $(cat $PIDFILE) | awk '{print $1}') if [ -n "$PID" ]; then echo "$TVHNAME already running (pid $PID)." exit 1 fi fi echo -n "Starting tvheadend: " start-stop-daemon --start --background --pidfile $PIDFILE --make-pidfile --user ${TVHUSER} --exec ${TVHBIN} -- -u ${TVHUSER} -g ${TVHGROUP} -f -C echo "Done." } stop() { if [ -e $PIDFILE ]; then PID=$(ps ax | grep -v grep | grep -w $(cat $PIDFILE) | awk '{print $1}') if [ -n "$PID" ]; then echo -n "Stopping $TVHNAME: " start-stop-daemon --stop --quiet --pidfile $PIDFILE --name ${TVHNAME} echo "Done." else echo "$TVHNAME is not running." fi else echo "$TVHNAME is not running." fi } status() { if [ -e $PIDFILE ]; then PID=$(ps ax | grep -v grep | grep -w $(cat $PIDFILE) | awk '{print $1}') if [ -n "$PID" ]; then echo "$TVHNAME is running (pid $PID)." else echo "$TVHNAME is not running." [ -e $PIDFILE ] && exit 1 || exit 3 fi fi } case "$1" in start) start ;; stop) stop ;; restart) stop && sleep 2 && start ;; *) echo "Usage: $0 [start|stop|restart|status]" && exit 1 ;; esac exit 0

Now set the script as executable using below;

sudo chmod 755 /etc/init.d/tvheadend

Create a tvheadend group

sudo groupadd tvheadend

Create a tvheadend user that is part of the video group and tvheadend group.

sudo useradd -g tvheadend -G video -m tvheadend

And now set the initscript tvheadend to startup and shutdown as system does

sudo update-rc.d tvheadend defaults

Andrew Pollock: [life] Day 149: Kinderdance open day, and not much else

Fri, 2014-06-27 19:25

Today was the much anticipated open day for the last Kinderdance class of the term, where I actually get to see what we got for our money.

I'd offered to pick up Sarah and her mother from the city and transport them there and back, since neither of them drive to work, so we got ready early and drove into the city to collect them and then drove over to the Kinderdance venue.

Mum and Dad arrived shortly afterwards, and we all sat at one end of the dance floor to watch the girls perform.

It was really cute. It was, as best I can tell from when I've peeked through the window from the adjacent kitchen, just like any other lesson. The teacher still led the whole thing, but I guess the girls all had it pretty much ingrained in them after 10 weeks.

The theme was "under the sea" so all of the warm ups and actual "dance" routines were all vaguely nautical. It was really great to watch, and Zoe looked like she enjoyed herself. She kept waving and blowing kisses to all of us in the audience.

Mum and Dad came back to my place for lunch afterwards. Zoe and I dropped Sarah and her Mum back in the city first.

After lunch and a bit of a play with grandpa, Mum and Dad left, and then Zoe announced that she wanted to have a nap. I put her to bed, and she probably napped for about 2 and a half hours. It's been a while since I've had nap time to put my feet up, so I used the time to sort through all of the photos from the sports day and Kinderdance. I should have gone through the photos from her birthday party too, but I forgot.

By the time Zoe resurfaced and had some afternoon tea, there wasn't a lot of time left in the day. I had to be available for someone to come and service the building's hot water heater, so we couldn't go out and do any pre-holiday trip shopping.

Sarah arrived to pick up Zoe for the weekend, and that was pretty much it.

That's the end of Kinderdance now. Next term, Zoe's going to try tennis as her extracurricular activity.

Linux Users of Victoria (LUV) Announce: LUV Main July Meeting: SKA and Linux and Innovation Software Patents

Fri, 2014-06-27 14:29
Start: Jul 1 2014 19:00 End: Jul 1 2014 21:00 Start: Jul 1 2014 19:00 End: Jul 1 2014 21:00 Location: 

The Buzzard Lecture Theatre. Evan Burge Building, Trinity College, Melbourne University Main Campus, Parkville.

Link:  http://luv.asn.au/meetings/map

Ewan Barr, Linux and the Square Kilometre Array

The Buzzard Lecture Theatre, Evan Burge Building, Trinity College Main Campus Parkville Melways Map: 2B C5

Notes: Trinity College's Main Campus is located off Royal Parade. The Evan Burge Building is located near the Tennis Courts. See our Map of Trinity College. Additional maps of Trinity and the surrounding area (including its relation to the city) can be found at http://www.trinity.unimelb.edu.au/about/location/map

Parking can be found along or near Royal Parade, Grattan Street, Swanston Street and College Crescent. Parking within Trinity College is unfortunately only available to staff.

For those coming via Public Transport, the number 19 tram (North Coburg - City) passes by the main entrance of Trinity College (Get off at Morrah St, Stop 12). This tram departs from the Elizabeth Street tram terminus (Flinders Street end) and goes past Melbourne Central Timetables can be found on-line at:

http://www.metlinkmelbourne.com.au/route/view/725

Before and/or after each meeting those who are interested are welcome to join other members for dinner. We are open to suggestions for a good place to eat near our venue. Maria's on Peel Street in North Melbourne is currently the most popular place to eat after meetings.

LUV would like to acknowledge Red Hat for their help in obtaining the Buzzard Lecture Theatre venue and VPAC for hosting, and BENK Open Systems for their financial support of the Beginners Workshops

Linux Users of Victoria Inc., is an incorporated association, registration number A0040056C.

July 1, 2014 - 19:00

read more

Andrew Pollock: [life] Day 148: Car washes, play dates and haircuts

Thu, 2014-06-26 22:25

We had one of those comfortably full days today.

Zoe slept really well last night, almost 12 hours. Her cough seems to be markedly better in terms of frequency, but it still sounds pretty bad when she does cough.

We had a leisurely start to the day, and went to the car wash first. Hoppy's Handwash Cafe is a far cry from Lozano's brushless Car Wash (which doesn't even appear to run to a website, it's so low budget). Hoppy's by comparison costs the bomb, but is quite the fancy establishment, with iPads littered all over the place for your (or in my case, your kid's) entertainment, while a display informs you of the progress of your car being washed. It also features a mid-range cafe. Hey, they have babyccinos. I discovered today that they even have some sort of "gun" where you can shoot something at the cars as they travel along the conveyor belt. Not sure if shooting at the staff is encouraged.

Zoe discovered all the windows today as we were trying to leave, so we had to spend some extra time watching how the sausage was made car was washed.

On the way home, we picked up some stuff from the Hawthorne Garage to make guacamole. I forgot the tomato, so we had to walk back once we got home.

Zoe's friend Frankie from Kindergarten was coming for lunch, with her Mum Zhenya and little brother Hardy. Hardy was a bit knackered after his swim class, so they ended up coming an hour later than planned, but we killed the time watching Swedish Chef videos on Youtube (Zoe's idea).

Frankie and her Mum and brother arrived for lunch, and I whipped up some chicken quesadillas to go with the guacamole. The kids all had a great time playing after lunch. Today I learned about cardboard box rivets from Zhenya, so I can see some of them in our future.

Zoe and Frankie did a spot of baking after lunch, and then they headed off.

I managed to book in haircuts for both of us in the afternoon, so after a bit of a clean up, we walked to the hairdresser and got our haircuts and then walked home again.

I was feeling lazy, so we had some frozen leftovers for dinner (the real excuse is the dishwasher was still going and the Thermomix bowl was in it).

I got Zoe to bed on time without much of a peep.

Michael Fox: Farewell Bindi

Thu, 2014-06-26 21:26

Today my wife and I had to say farewell to one of our two dogs. Below is a picture of Bindi from lastnight, as always she would be laying on the floor in the home office while I would be doing what it was I had to do. She would always do that, even from when she was a pup.

Bindi was a very loyal friend and would do everything you would tell her. She was a great dog, and will be missed a great deal. She lived a good life and we got to spend 11.5 years with her.

Farewell Bindi, you’ll be forever in our hearts and in our thoughts always. Buddy will miss you and I am sure he will not forget you either, you’ll both meet up with each other again in the future.

Bindi

(12th May 2013): I should add that the issue was a toe tumor. To my surprise based on some recent research this seems to be very common. Something I wasn’t even aware of at the time. Bindi lost her nail several months back, could of been even longer. I do not remember when, just remember it happening and thought nothing of it. But I do believe this nail coming out was probably the linked item to the whole saga. I also remember her limp from time to time, I would check her foot for something caught and find nothing. She would again walk normal. I believe this condition was also related to the tumor in her toe too. Events that I didn’t link until now.

Michael Fox: Backyard Drainage Progress

Thu, 2014-06-26 20:26

Finally got a bit of time in the afternoon today to do more work on the drainage in the backyard. When we got all that rain the other month it highlighted the fact we now needed to do a bit more to allow the excess water to escape, so I started planning to fix the issue or at least make it bearable.

Managed to cut into the main storm water overflow line to the street and put in a junction and tee (used a collar to take up the difference, so that I could insert the new items from the pipe section that was removed), so I could put a surface drain above the tee. I am going to use this surface drain to sit just below existing surface line and insert the rain water tanks hose that drips during the first part of rain into the drain.

You can see the pictures below;

The fabric over the drain is only for the moment, so I don’t spill soil and other material back in it as I back fill it. I am also going to add another surface drain where it meets the pergola too. So I will break the arg line and insert a tee etc.

Michael Fox: Backyard drainage progress – Update 2

Thu, 2014-06-26 20:26

Yesterday since I had to look after the kids for the day, I decided to do more work in the backyard with the drainage. The aim was to setup the drains and back fill with blue metal. As you can see below it came up very good.

Next step is to now back fill with some soil so that we can cover over the area with some other material, as we will be moving the kids big trampoline back to this spot as it won’t be a grassed area any more.

I put the hose in the last drain and left it running for a bit and like my previous test the water will hit the junction and go into the storm water line that goes to the street. So the water naturally finds the path along the trench in which I now have the arg line laid and covered it with blue metal.

Michael Fox: Big W – Total Toy Domination Sale

Thu, 2014-06-26 20:26

The Big W – Total Toy Domination Sale started midnight today, and in true fashion my wife was well prepared. She had already made a list of everything she needed to get and had it written all out along with the prices and page numbers from the catalog.

She left the house at 11:30pm last night to go queue up for opening and was home again by 2:00am today, slept a few more hours and went to work as usual.

It paid off, as she managed to get all the major items that she required, and we decided as a joint present for the kids this year we’d get a Wii U. As our kids love playing the Wii U that our nephew has, so we thought this would be a wicked surprise.

The catalog had a opening special on the Limited Edition – Skylanders Swap Force Basic Set for $198 with 3 additional Skylanders Figures. Not a fan of Skylanders, but bought it due to the cheaper price for the console.

Michael Fox: The many plates from Carnival Spirit Voyage S416

Thu, 2014-06-26 19:26

Our family just recently got back from a cruise on the Carnival Spirit, which was Voyage S416 that set sail from Sydney on May 10th, it returned on the May 18th.

Below is a number of photos of all the plates of food that was consumed during that period. Sometimes my wife and I had different meals, so we could get a good look across the menu.

Totally enjoyed it, hope everyone enjoys the photos. Next time I will document on a pad what I had, so I can name all the meals.

 

Ben Martin: Atmel Atmega1284

Thu, 2014-06-26 10:25
I started tinkering with the Atmega1284. Among other things it gives you an expansive 16kb of SRAM, 2 uarts and of course looking at the chip a bunch more IO. A huge plus is that you can get a nice small SMD version and this 40 pin DIP monster with the same 1284. Yay for breadboard prototypers who don't oven bake each board configuration! The angle of photo seems to include the interesting bits. Just ignore the two opamps on the far right :)





I had trouble getting this to work with a ceramic resonator. The two xtal lines are right next to each other with ground just above but the 3 pins on the resonator were always a bit hard to get into the right configuration for these lines. Switching over to a real crystal and 22pF caps I got things to work. The symptoms I was having with the resonator included non reproducibility, sometimes things seemed to upload sometimes not.  Also, make sure the DTR line is going though a cap to the reset pullup resistor. See the wiring just to the right of the 1284.



I haven't adapted the Arudino makefile to work on this yet, so unfortunately I still have to upload programs using the official IDE. I have the makefile compiling for the 1284 but das blinken doesn't work when I "make upload".