Planet Linux Australia

Syndicate content
Planet Linux Australia -
Updated: 1 hour 25 min ago

Simon Lyall: 2017 – Wednesday – Session 1

Wed, 2017-01-18 13:02

Servo Architecture: Safety and Performance – Jack Moffitt

  • History
    • 1994 Netscape Navigator
    • 2002 Mozilla Release
    • 2008 multi-core CPU stuff not making firefox faster
    • 2016 CPUs now have on-chip GPUs
    • Very hard to write multi-threaded C++ to allow mozilla to take advantage of many cores
  • How to make Servo Faster?
  • Constellation
    • In the past – Monolithic browser engines
      • Single browser engine handling multiple tabs
      • Two processes – Pool Content processes vs Chrome process
        • If one process dies on a page doesn’t take out whole browser
      • Sanboxing lets webpage copies have less privs
    • Threads
      • Less overhead than whole processes
      • Thread per page
      • More responsive
      • Sandboxing
      • More robust to failure
    • Is this the best we can do?
      • Run Javascript and layout simultaniously
      • Pipeline splitting them up
      • Child pipelines for inner iframes (eg ads)
  • Constellation
    • Rust can fail better
    • Most failures stop at thread boundaries
    • Still do sandbox and privledges
    • Option to still have some tabs in multiple processes
  • Webrender
    • Using the GPU
      • Frees up main CPU
      • Are VERY fast at some stuff
      • Easiest place to start is rendering
    • Don’t browsers already use the GPU?
      • Only in a limited way for compositing
    • Key ideas
      • Retain mode not immediate mode (put things in optimal order first)
      • Designed to render CSS content (CSS is actually pretty simple)
      • Draw the whole frame every frame (things are fast enough, simpler to not try to optimise)
    • Pipeline
      • Chop screen into 256×256 tiles
      • Tile assignment
      • Create a big tree
      • merge and assign render targets
      • create and execute batches
    • Text
      • Rasterize on CPU and upload glyth to GPU
      • Paste and shadow usign the GPU
  • Project Quantum
    •  Taking technology we made in servo and put it in gecko
  • Research in progress
    • Pathfinder – GPU font rasterizer – Now faster than everything else
    • Magic DOM
      • Wins in JS/DOM intergration
      • Fusing reflectors and DOM objects
      • Self hosted JS
    • External colaborations: ML, Power Mngt, WebBluetooth, etc
  • Get involved
    • Test nightlies
    • Curated bugs for new contributors

In Case of Emergency: Break Glass – BCP, DRP, & Digital Legacy – David Bell

  • Definitions
    • BCP = Business continuity Plan
    • A process to prevent and recover from business continuity plans
    • BIP = Business interuptions plan
    • BRP = Recovery plan
    • RPO = Recovery point objective, targetted recovery point (when you last backed up)
    • RTO = Recovery time objective
  • Why?
    • Because things will go wrong
    • Because things should not go even more wrong
  • Create your BCP
    • Brainstorm
    • Identify events that may interrupt, loss access to physical site, loss of staff
    • Backups
      • 3 copies
      • 2 different media/formats
      • 1 offsite and online
      • Check how long it will take to download or fetch
    • Test
    • Who has the Authority
    • Communication chains, phone trees, contact details
    • Practice Early, Practice often
      • Real-world scenarios
      • Measure, measure, measure
      • Record your results
      • Convert your into an action item
      • Have different people on the tests
    • Each Biz Unit or team should have their own BCP
    • Recovery can be expensive, make sure you know what your insurance will cover
  • Breaking the Glass
    • Documentation is the Key
    • Secure credentials super important
    • Shamir secret sharing, need number of people to re-create the share
  • Digital Legacy
    • Do the same for your personal data
    • Document
      • Credentials
      • Services
        • What uses them
        • billing arrangments
        • Credentials
      • What are your wishes for the above.
    • Talk to your family and friends
    • Backups
    • Document backups and backup your documentation
    • Secret sharing, offer to do the same for your friends
  • Other / Questions
    • Think about 2-Facter devices
    • Google and some others companies can setup “Next of Kin” contacts




Simon Lyall: 2017 – Wednesday Keynote – Dan Callahan

Wed, 2017-01-18 11:03

Designing for failure: On the decommissioning of Persona

  • Worked for Mozilla on Persona
  • Persona did authentication on the web
    • You would go to a website
    • Type in your email address
    • Redirects via login page by your email provider
    • You login and redirect back
  • Started centralised, designed to be uncentralised as it is taken up
  • Some sites were only offering login via social media
    • Some didn’t offer traditional logins for emails or local usernames
    • Imposes 3rd party between you and your user.
    • Those 3rd parties have their own rules, eg real name requirements
  • Persona Failed
    • Traditional logins now more common
  • Cave Diving
    • Equipment and procedures designed to let you still survive if something fails
    • Training review deaths and determines how can be prevented
    • “5 rules of accident analysis” for cave diving
  • Three weeks ago switched off Persona
    • Encourage others to share mistakes


  • Just having a free license is not enough to succeed
  • Had a built in centralisation point
    • Protocol designed so browser could eventually natively implement but initially was using it.
    • Relay between provider and website went via Mozilla until browser natively implemented
    • No ability to fork the project
  • Bits rot more quickly online
    • Stuff that is online must be continually maintain (especially security)
    • Need a way to have software maintained without experts
  • Complexity Limits agency
    • Limits who can run project at all
    • Lots of work for those people who can run it
  • A free license don’t further my feeedom if we can’t run the software


  • Prolong Your Project’s Life
  • Bad ideas
    • We used popups and people reflexively closed them
    • API wasn’t great
  • Didn’t measure the right thing
    • Is persona product or infrastructure?
    • Treated like a product, not a good fit
  • Explicitly define and communicate your scope
    • “Solves authentication” or “Authenticate email addresses”
    • Broke some sites
    • Got used by FireFoxOS which was not a good fit
  • Ruthlessly oppose complexity
    • Tried to do too much mean’t it was overly complex
    • Complex hard to maintain and review and grow
    • Hard for newbies to join
    • If it is complex then it is hard to even test that is is working as expected
    • Focus and simplify
    • Almost no outside contributors, especially bad when mozilla dropped it.


  • Plan for Your Projects Failure
  • “Sometimes that [bus failure] is just a commuter bus that picks up that person and takes them to another job”
  • If you know you are dead say it
    • 3 years after we pulled people off project till officially killed
    • Might work for local software but services cost money to run
    • Sooner you admit you are dead the sooner people can plan to your departure
  • Ensure your users can recover without your involvement
    • Hard to do when you think your project is going to save the world
    • Example firefox sync has a copy of the data locally so even if it dies user will survive
  • Use standard data formats
    • eg OPML for RSS providers
  • Minimise the harm caused when your project goes away



Simon Lyall: 2017 – Tuesday – Session 3

Tue, 2017-01-17 19:03

The Internet of Scary Things – tips to deploy and manage IoT safely Christopher Biggs

  • What you need to know about the Toaster Apocalypse
  • Late 2016 brought to prominence when major sites hit by DDOS from compromised devices
  • Risks present of grabbing images
    • Targeted intrusion
    • Indiscriminate harvesting of images
    • Drive-by pervs
    • State actors
  • Unorthorized control
    • Hit traffic lights, doorbells
  • Takeover of entire devices
    • Used for DDOS
    • Demanding payment for the owner to get control of them back.
  • “The firewall doesn’t divide the scary Internet from the safe LAN, the monsters are in the room”


  • Poor Security
    • Mostly just lazyness and bad practices
    • Hard for end-users to configure (especially non-techies)
    • Similar to how servers and Internet software, PCs were 20 years ago
  • Low Interop
    • Everyone uses own cloud services
    • Only just started getting common protocols and stds
  • Limited Maint
    • No support, no updates, no patches
  • Security is Hard
  • Laziness
    • Threat service is too large
    • Telnet is too easy for devs
    • Most things don’t need full Linux installs
  • No incentives
    • Owner might not even notice if compromised
    • No incentive for vendors to make them better


  • Examples
    • Cameras with telenet open, default passwords (that can not be changed)
    • exe to access
    • Send UDP to enable a telnet port
    • Bad Mobile apps


  • Selecting a device
    • Accept you will get bad ones, will have to return
    • Scan your own network, you might not know something is even wifi enabled
    • Port scan devices
    • Stick with the “Big 3” ramework ( Apple, Google, Amazon )
    • Make sure it supports open protocols (indicates serious vendor)
    • Check if open source firmward or clients exists
    • Check for reviews (especially nagative) or teardowns


  • Defensive arch
    • Put on it’s own network
    • Turn off or block uPNP opening firewall holes
    • Plan for breaches
      • Firewall rules, rate limited, recheck now and then
    • BYO cloud (dont use the vendor cloud)
      • HomeBridge
      • Node-RED (Alexa)
      • Zoneminder, Motion for cameras
  • Advice for devs
    • Apple HomeKit (or at least support for Homebridge for less commercial)
    • Amazon Alexa and AWS IoT
      • Protocols open but look nice
    • UCF uPnP and SNP profiles
      • Device discovery and self discovery
      • Ref implimentations availabel
    • NoApp setup as an alternative
      • Have an API
    • Support MQTT
    • Long Term support
      • Put copy of docs in device
      • Decide up from what and how long you will support and be up front
    • Limit what you put on the device
      • Don’t just ship a Unix PC
      • Take out debug stuff when you ship


  • Trends
    • Standards
      • BITAG
      • Open Connectivity founddation
      • Regulation?
    • Google Internet of things
    • Apple HomeHit
    • Amazon Alexa
      • Worry about privacy
    • Open Connectivity Foundation – IoTivity
      • Open source etc
      • Linux and Docket based
    • Consumer IDS – FingBox
  • Missing
    • Network access policy framework shipped
    • Initial network authentication
    • Vulnerbility alerting
    • Patch distribution

Rage Against the Ghost in the Machine – Lilly Ryan

  • What is a Ghost?
    • The split between the mind and the body (dualism)
    • The thing that makes you you, seperate to the meat of your body
  • Privacy
    • Privacy for information not physcial
    • The mind has been a private place
    • eg “you might have thought about robbing a bank”
    • The thoughts we express are what what is public.
    • Always been private since we never had technology to get in there
    • Companies and governments can look into your mind via things like your google queries
    • We can emulate the inner person not just the outer expression
  • How to Summon a Ghost
    • Digital re-creation of a person by a bot or another machine
    • Take information that post online
    • Likes on facebook, length of time between clicks
  • Ecto-meta-data
    • Take meta data and create something like you that interacts
  • The Smartphone
    • Collects meta-data that doesn’t get posted publicly
    • deleted documents
    • editing of stuff
    • search history
    • patten of jumping between apps
  • The Public meta-data that you don’t explicitly publish
    • Future could emulate you sum of oyu public bahavour
  • What do we do with a ghost?
    • Create chatbots or online profiles that emulate a person
    • Talk to a Ghost of yourself
    • Put a Ghost to work. They 3rd party owns the data
    • Customer service bot, PA
    • Chris Helmsworth could be your PA
    • Money will go to facebook or Google
  • Less legal stuff
    • Information can leak from big companies
  • How to Banish a Ghost
    • Option to donating to the future
    • currently no regulation or code of conduct
    • Restrict data you send out
      • Don’t use the Internet
      • Be anonymous
      • Hard to do when cookies match you across many sites
        • You can install cookie blocker
    • Which networks you connect to
      • eg list of Wifi networks match you with places and people
      • Mobile network streams location data
      • location data reveals not just where you go but what stores, houses or people you are near
      • Turn off wifi, bluetooth or data when you are not using. Use VPNs
    • Law
      • Lobby and push politicians
      • Push back on comapnies
    • For technologiest
      • Collect the minimum, not the maximum

FreeIPA project update (turbo talk) – Fraser Tweedale

  • Central Identity manager
  • Ldap + Kerberos, CA, DNS, admin tools, client. Hooks into AD
  • NAnage via web or client
  • Client SSSD. Used by various distros
  • What is in the next release
    • Sub-CAs
    • Can require 2FA for important serices
    • KDC Proxy
    • Network bound encryption. ie Needs to talk to local server to unencrypt a disk
    • User Session recording


Minimum viable magic

Politely socially engineering IRL using sneaky magician techniques – Alexander Hogue

  • Puttign things up your sleeve is actually hard
  • Minimum viable magic
  • Miss-direct the eyes
  • Eyes only move in a straight line
  • Exploit pattern recognition
  • Exploit the spot light
  • Your attention is a resource


Simon Lyall: 2017 – Tuesday – Session 2

Tue, 2017-01-17 15:03

Stephen King’s practical advice for tech writers – Rikki Endsley

  • Example What and Whys
    • Blog post, press release, talk to managers, tell devs the process
    • 3 types of readers: Lay, Managerial, Experts
  • Resources:
    • Press: The care and Feeding of the Press – Esther Schindler
    • Documentation: RTFM? How to write a manual worth reading


  • “On Writing: A memoir of the craft” by Stephen King
  • Good writing requires reading
    • You need to read what others in your area or topic or competition are writing
  • Be clear on Expectations
    • See examples
    • Howto Articles by others
    • Writing an Excellent Post-Event Wrap Up report by Leslie Hawthorn
  • Writing for the Expert Audience
    • New Process for acceptance of new modules in Extras – Greg DeKoenigserg (Ansible)
    • vs Ansible Extras Modules + You – Robyn Bergeon
      • Defines audience in the intro


  • Invite the reader in
  • Opening Line should Invite the reader to begin the story
  • Put in an explitit outline at the start


  • Tell a story
  • That is the object of the exercise
  • Don’t do other stuff


  • Leave out the boring parts
  • Just provides links to the details
  • But sometimes if people not experts you need to provide more detail


  • Sample outline
    • Intro (invite reader in)
    • Brief background
    • Share the news (explain solution)
    • Conclude (include important dates)


  • Sample Outline: Technical articles
  • Include a “get technical” section after the news.
  • Too much stuff to copy all down, see slides


  • To edit is divine
  • Come back and look at it afterwards
  • Get somebody who will be honest to do this


  • Write for


  • Q: How do you deal with skimmers?   A: Structure, headers
  • Q: Pet Peeves?  A: Strong intro, People using “very” or “some” , Leaving out import stuff




Simon Lyall: 2017 – Tuesday Session 1

Tue, 2017-01-17 13:03

Fishbowl discussion – GPL compliance Karen M. Sandler

  • Fishbowl format
    • 5 seats at front of the room, 4 must be occupied
    • If person has something to say they come up and sit in spare chair, then one existing person must sit down.
  • Topics
    • Conflicts of Law
    • Mixing licences
    • Implied warrenty
    • Corporate Procedures and application
    • Get knowledge of free licences into the law school curriculum
  • “Being the Open Source guy at Oracle has always been fun”
  • “Our large company has spent 2000 hours with a young company trying to fix things up because their license is not GPL compliant”
  • BlackDuck is a commercial company will review your company’s code looking for GPL violations. Some others too
    • “Not a perfect magical tool by any sketch”
    • Fossology is alternative open tool
    • Whole business model around license compliance, mixed in with security
    • Some of these companies are Kinda Ambulance chasers
    • “Don’t let those companies tell you how to tun your business”
    • “Compliance industry complex” , “Compliance racket”
  • At my employer with have a tool that just greps for a “GPL” license in code, better than nothing.
  • Lots of fear in this area over Open-source compliance lawsuits
    • Disagreements in community if this should be a good idea
    • More, Less, None?
    • “As a Lawyer I think there should definitely be more lawsuits”
    • “A lot of large organisations will ignore anything less than [a lawsuit] “
    • “Even today I deal with organisations who reference the SCO period and fear widespread lawsuits”
  • Have Lawsuits chilled adoption?
    • Yes
    • Chilled adoption of free software vs GPL software
    • “Android has a policy of no GPL in userspace” , “they would replace the kernel if they could”
    • “Busybox lawsuits were used as a club to get specs so the kernel devs could create drivers” , this is not really applicable outside the kernel
    • “My goal in doing enforcement was to ensure somebody with a busybox device could compile it”
    • “Lawyers hate any license that prevents them getting future work”
    • “The amount of GPL violations skyrocketed with embedded devices shipping with Linux and GPL software”
  • People are working on a freer (eg “Not GPL”) embeded stack to replace Android userspace: Toybox, Toolbox, No kernel replacement yet.
  • Employees and Compliance
    • Large company helping out with charities systems unable to put AGPL software from that company on their laptops
    • “Contributing software upstream makes you look good and makes your company look good” , Encourages others and you can use their contributions
    • Work you do on your volunteer days at company do not fill under software assignment policy etc, but they still can’t install random stuff on their machines.
  • Website’s often are not GPL compliance, heavy restrictions, users giving up their licenses.
  • “Send your lawyers a video of another person in a suit talking about that topic”

U 2 can U2F Rob N ★

  • Existing devices are not terribly but better than nothing, usability sucks
  • Universal Two-Factor
    • Open Standard by FIDO alliance
    • USB, NFC, Bluetooth
    • Multiple server and host implimentations
    • One device multi-sites
    • Cloning protection
  • Interesting Examples
  • User experience: Login, press the button twice.
  • Under the hood a lot more complicated
    • Challenge from site, send must sign challenge (including website  url to prevent phishing site proxying)
    • Multiple keypairs for each website on device
    • Has a login counter on the device included in signature, so server can panic then counter gets out of sync from a cloned device
  • Attestation Certificate
    • Shared across model or production batch
  • Browserland
    • Javascript
    • Chrome-based support are good
    • Firefox via extension (Native “real soon now”)
    • Mobile works on Android + Chrome + Google Authenticator


Simon Lyall: 2017 – Tuesday Keynote – Pia Waugh

Tue, 2017-01-17 11:03

BTW: Conference Streams are online at

The Future of Humans – Pia Waugh

At a tipping point, we can’t reinvent everything or just do the past with shinny new things.

Started as a Sysadmin, helped her see things as Systems

Trying to make active choices about the future we want,

  • Started building tools, knowledge spread slowly
  • Created cities, people could specialise, knowledge faster
  • Surplus created, much went to rulers, sometimes rulers overthrown, but hierarchy started the same
  • More recently the surplus has got given to people
  • Last 250 years, people have seen themselves as having power, change their future, not just be a peasant.
  • As resources have increased power and resources have been distributed more widely
  • This has kept expanding, – overthrown you boss at work
  • We are on the cusp on a massive skyrocket in quality of live


  • Citizens have powers now that we previously centralized
  • We are now in a time of suplus not scaricity
  • Small groups and individual can now disrupt a country, industry or company
  • We made up all of our society, we can make it again to reflect the present not what was needed in the past.
  • Choose our own adventure or let others choose it for us. We have the option now that we didn’t previously
  • Most people’s eyes glaze over when they here that.
  • “You can’t do that” say many people when they find out what software can do.
  • People switch off their creativity when they come to work.

How Could the World be better

  • Property
    • 3D printing could print organs, food, just about anything
    • Why are we protecting business models that are already out of date (eg copyright) when we couple use them to eliminated scarcity
  • Work and Jobs
    • Everybody is scared about technology taking jobs
    • What do we care about the lose of jobs
    • Why is the value of a person defined by a full-time jobs?
  • Transhumanism
    • tatoos, peicing have been around forever
    • Obsession with the human “normal” , is this a recent thing from the media?
    • Society encourages people towards the Norm
    • Internet has demonstrated that not everybody is normal – Rule 34
    • “If you lose a leg, instead of getting a replacement leg, whey not have seven legs?”
    • Anyone who doesn’t make our definition of Normal is seen as something less even if they have amazing abilities
  • Spaceships
    • Still takes a day to get around the planet
    • If we are going to set up new worlds how are they going to run?
  • Global Citizenship
    • People are seen though the lens of their national citizenship
    • Governments are not the only representative of our rights


  • “How can we build a better world? Luckily we have git”
  • We have the power and knowledge to do things, but not all people do
  • If you are as powerful as the tools you use, where does that leave people who can’t use computers or program?


  • Systemic Change
    • What doesn’t you Doctor say about “scratching your itch” ?
    • Example: “diversity” , how do we deal with the problems that led us to not having it.
  • Who are you building for? Not building for?
  • What is the default position in society? Is it to no get knowledge, power?
  • What does human mean to you
  • Waht do we value
  • What assumptions and bias do you have?
  • How are you helping non-geeks help themselves
  • What future do you want to see?


  • How are Systems changing? How do out policies, assumptions laws reflect the older way?
    • Scarcity -> Surplus
    • Close -> Open
    • Centralise -> Distributed
    • Belief -> Rationalism
    • Win/Lose -> Cooperative competitive
    • Nationalism -> World Citizen
    • Normative Human -> Formative Human
  • I believe the Open Source Culture is a good model for society
  • But in Inventing the future we have to be careful not to drag the legacy systems and values from the past.


Simon Lyall: 2017 SysAdmin Miniconf – Session 3

Mon, 2017-01-16 19:03

Turtles all the way down – Thin LVM + KVM tips and Tricks – Steven Ellis

  • ssd -> partition -> encryption -> LVM -> [..] -> filesystem
  • Lots of examples see the online Slides

Samba and the road to 100,000 user – Andrew Bartlett

  • Release cycle is every 6 months
  • Samba 4.0 is 4 years p;d
  • 4.2 and older are out of security support by Samba team (support by distros sometimes)
  • Much faster adding users to AD DC. 55k users added in 50 minutes
  • Performance issues, not bugs, are now the biggest area of work
    • Customer deploying SAMBA at scale
  • Looking for Volunteers running AD will to run a tshark script
    • What does your busy hour look like?
    • What is the pattern of requests?

The School for Sysadmins Who Can’t Timesync Good and Wanna Learn To Do Other Stuff Good Too – Paul Gear

  • Aim is 1-10ms accuracy
  • Using Standard Linux reference distribution etc
  • Why care
    • Same apps need time sync
    • Log matching
  • Network Time Foundation needs support
  • NTP
    • Not widely understood
    • Unglamorous
    • Daunting documentation
    • old protocol, chequered secrity history
    • The first Google result may not be accurate
  • Set clock
    • step – jump clock to new time
    • slew – gradually adjust the time
  • NTP Assumption
    • The is one true time – UTC
    • Nobody really has it
    • bad time servers may be present
    • networks change

I ran out of power on my laptop at this point so not many more notes. Paul gave a very good set of recommendations and myth-busting for those running NTP though. His notes will be online on the Sysadmin Miniconf site and he has also posted more detail online.


Simon Lyall: 2017 Sysadmin Miniconf – Session 2

Mon, 2017-01-16 17:03

Running production workloads in a programmable infrastructure – Alejandro Tesch

Managing performance parameters through systemd – Sander van Vugt

  • Mostly Demos in this talk too.
  • Using CPUShare parameter as an example
  • systemd-cgtop and systemd-cgls
  • “systemctl show stress1.service” will show available parameters
  • “man 5 systemd.resource-control” gives a lot more details.

Go for DevOps – Caskey L. Dickson

  • SideBar: The Platform Wars are over
    • Hint: We all won
    • As long as have an API we are all cool
  • Always builds staticly linked binaries, should work on just about any Linux system. Just one file.
  • Built in cross compiler (eg for Windows, Mac) via just enviroment variable “GOOS=darwin” and 32bit “GOARCH=32”
  • Bash is great, Python is great, Go is better
  • Microservices are Services
  • No Small Systems
    • Our Scripts are no longer dozens of lines long, they are thousands of lines long
    • Need full software engineering
  • Sysops pushing buttons and running scripts are dying
  • Platform Specific Code
    • main_linux.go main_windows.go and compiler find.
    • // +build linux darwin     <– At the top of the file
  • “Once I got my head around channels Go really opened up for me”



Simon Lyall: 2017 Sysadmin Miniconf – Session 1

Mon, 2017-01-16 13:03

The Opposite of the Cloud – Tom Eastman

  • Korinates Data gateway – an appliance onsite at customers
  • Requirements
    • A bootable images ova, AMI/cloud images
    • Needs network access
    • Sounds like an IoT device
  • Opoossite of cloud is letting somebody outsource their stuff onto your infrastructure
  • Tom’s job has been making a nice and tidy appliance
  • What does IoT get wrong
    • Don’t do updates, security patches
    • Don’t treat network as hostile
    • Hard to remotely admin
  • How to make them secure
    • no default or static credentials
    • reduce the attack surface
    • secure all networks comms
    • ensure it fails securely
  • Solution
    • Don’t treat appliances like appliances
    • Treat like tightly orchestrated Linux Servers
  • Stick to conserative archetecture
    • Use standard distribution like Debian
    • You can trust the standard security updates
  • Solution Components
    • aspen: A customized Debian machine image built with Packer
    • pando: orchestration server/C&C network
    • hakea: A Django/Rest microservice API in charge
  • saltstack command and control
    • Normal orchestration stuff
    • Can works as a distributed command execution
    • The minions on each server connect to the central node, means you don’t need to connect into a remote appliance (no incoming connections needed to appliance)
    • OpenVPN as Internet transport
    • Outgoing just port 443 and openvpn protocol. Everything else via OpenVPN
  • What is the Appliance
    • A lightly mangled Debian Jessie VM image
    • Easy to maintain by customer, just reboot, activate or reinstall to fix any problems.
    • Appliance is running a bunch of docker containers
  • Appliance authentication
    • Needs to connect via 443 with activation code to download VPN and Salt short-lived certificates to get started
    • Auth keys only last for 24 hours.
    • If I can’t reach it it kills itself.
  • Hakea: REST control
    • Django REST framework microservices
    • Self documenting using DRF amd CoreAPI Schema
  • DevOps Principals apply beyonf the cloud

Inventory Management with Pallet Jack – Karl-Johan Karlsson

  • Goals
    • Single source of truth
    • Version control
    • Scaleable (to around 1000 machines, 10k objects)
  • Stuff stored as just a file structure
  • Some tools to access
  • Tools to export, eg to kea DHCP config
  • Tools as post-commit hooks for git. Pushes out update via salt etc
  • Various Integrations
    • API
    • Salt

Continuous Dashboard – You DevOps Airbag – Christopher Biggs

  • Dashboard traditionally targeted at OPs
  • Also need to target Devs
    • KPIs and
  • Sales and Support need to know everything to
  • Management want reassurance, Shipping a new feature, you have a hotline to the CEO
  • Customer, do you have something you are ashamed of?
    • Take notice of load spikes
    • Assume customers errors are being acted on, option to notify then when a fix happens
    • What is relivant to support call, most recent outages affecting this customer
    • Remember recent behavour of this customer
  • What kinds of data?
    • Tradditionally: System load indicators, transtion numbers etc
    • Now: Business Goals, unavoidable errors, spikes of errors, location of errors, user experience metrics, health of 3rd party interfaces, App and product reviews
  • What should I put in dashboards
    • Understand the Status-quo
    • Continuously
    • Look at trends over time and releases
    • Think about features holisticly
  • How to get there
    • Like you data as much as your code
    • Experiment with your data
    • tools:,, elastic
  • Insert Dashboards into your dev pipeline
    • Code Review, CI, Unit Test, Confirm that alarms actually work via test errors
    • Automate deployment
  • Tools
    • ELK – off the shelf images, good import/export
    • Node-RED – Flow based data processing, nice visual editor, built in dashboarding
    • Blynk – Nice dashboards in Ios or Android. Interactive dashboard editor. Easy to share
  • Social Media integration
    • Receive from twitter, facebook, apps stores reviews
    • Post to slack and monitoring channels
    • Forward to internal groups

The Sound of Silencing – Julien Goodwin

  • Humans know to ignore “expected” alerts during maintenance
    • Hard to know what is expected vs unexpected
    • Major events can lead to alert overload
  • Level 1 – Turn it all off
    • Can work on small scale
  • Level 2 – Turn off a localtion while working on it.
    • What if something happens while you are doing the work?
    • May work with single-service deployments
  • Level 3 – Turn off the expect alerts
    • Hard to get exactly right
  • Level 4 – Change mngt integration
    • Link the generator up to th change mngt automation system
    • What about changes too small to track?
    • What about changes too big for a simple silence?
  • Level 5 – Inhibiting Alerts
    • Use Service level indigations to avoid alerts on expected failures
    • Fire “goes nowhere” alert
  • Level 6 – Global monitoring and preventing over-siliencing
    • Alert if too many sites down
    • Need to have explicit alerts to spot when somebody silences “*”
  • How to get there from here
    • Incrementally
    • Choose a bad alert and change it to make it better
    • Regularly



Simon Lyall: 2017 – Conference Opening

Mon, 2017-01-16 11:03
  • Wear SunScreen
  • Karen Sandler introduces Outreachy and it is announced as the raffle cause for 2017
  • Overview of people
    • 462 From Aus
    • 43 from NZ
    • 62 From USA
    • Lots of other countries
    • Gender breakdown lots of no answers so a stats a bit rough
  • Talks
    • 421 Proposals
    • 80-ish talks and 6 tutorials
    • Questions
      • Please ask questions during the question time
  • Looking for Volunteers – look at a session and click to signup
  • Keynotes – A quick profile
  • All the rooms are booked till 11pm! for BOF sessions
  • Lightning talks, Coffee, Lunch, dinners




Binh Nguyen: Life in Cuba, More Russian Stuff, and More

Mon, 2017-01-16 00:45
Given the recent passing away of Fidel Castro it should make sense that we'd take a look at life inside (and associated aspects of it) of Cuba: Cuban-Americans pour onto the streets of Little Havana after hearing of Castro’s death https://

BlueHackers: BlueHackers session at 2017

Sun, 2017-01-15 20:55

If you’re fortunate enough to be in Tasmania for 2017 then you will be pleased to hear that we’re holding another BlueHackers BoF (Birds of a Feather) session on Monday evening, straight after the Linux Australia AGM.

The room is yet to be confirmed, but all details will be updated on the conference wiki at the following address:

We hope to see you there!

OpenSTEM: Getting to know Homo erectus

Sat, 2017-01-14 15:05
Homo erectus, Museum of Natural History, Ann Arbor, Michigan (photo: Thomas Roche)

Homo erectus was an ancient human ancestor that lived between 2 million and 100,000 to 50,000 years ago. It had a larger body and bigger brain than most earlier human ancestors. Although recent debates revolve around how we classify these fossils, and whether they should be broken down into lots of smaller sub-groups, it is generally agreed that Australopithecines in Africa pre-dated the advent of the Homo lineage. Predecessors to Homo erectus, include Homo habilis (“handy man”), a much smaller specimen.

Compared with modern Homo sapiens, which have only been around for the last 200,000 years, Homo erectus, or “upright man,” was very “successful” in a biological sense and lived on the Earth for 10 – 20 times longer than modern humans have been around.

Fossils of H. erectus show that it was the first human ancestor to live outside of Africa – one of the first fossils found was unearthed in the 19th century in Indonesia – others have been found across Asia, including China, as well as Europe and Africa.

A recent interesting summary of information about Homo erectus can be read at OpenSTEM also has a PDF resource on Homo erectus (part of our Archaeology Textbook for Senior Secondary).

Get Hands-On!

If you’re in the greater Brisbane area and would like to have your students touch, compare and otherwise explore human ancestor skulls – talk to us! OpenSTEM has a growing range of 3D printed fossil skulls and our resident archaeologist Dr Claire is available for workshops at primary and high school level (such as Introduction to Archaeology and Fossils).

Silvia Pfeiffer: Annual Release of External-Videos plugin – we’ve hit v1.0

Sat, 2017-01-14 09:51

This is the annual release of my external-videos wordpress plugin and with the help of  Andrew Nimmolo I’m proud to annouce we’ve reached version 1.0!

So yes, my external-videos wordpress plugin is now roughly 7 years old, who would have thought! During the year, I don’t get the luxury of spending time on maintaining this open source love child of mine, but at Christmas, my bad conscience catches up with me  – every year! I then spend some time going through bug reports, upgrading the plugin to the latest wordpress version, upgrading to the latest video site APIs, testing functionality and of course making a new release.

This year has been quite special. The power of open source has kicked in and a new developer took an interest in external-videos. Andrew Nimmolo submitted patches over all of 2016. He decided to bring the external-videos plugin into the new decade with a huge update to the layout of the settings pages, general improvements, and an all-round update of all the video site APIs which included removing their overly complex SDKs and going straight for the REST APIs.

Therefore, I’m very proud to be able to release version 1.0 today. Thanks, Andrew!

Enjoy – and I look forward to many more contributions – have a Happy 2017!

NOTE: If you’re upgrading from an older version, you might need to remove and re-add your social video sites because the API details have changed a bit. Also, we noticed that there were layout issues on WordPress 4.3.7, so try and make sure your WordPress version is up to date.

Matthew Oliver: Make quasselcore listen on port 443

Tue, 2017-01-10 11:04

I use IRC in my day to day job. I am a professional open source developer, so what else would I use.

For the last few years I have been using quassel, the core component sitting on a cloudserver, which allows me to have clients running on my phone, laptop, desktop… really where ever. However sometimes you find yourself at a place that has a firewall that port filters. If your lucky you might be able to ssh, and thereby get away with using an ssh tunnel. But I found it much easier to just get the quasselcore to listen on port 443 rather then the default 4242.

Changing the port it listens on is easy. If your using debian (or ubuntu) you just need to change/add /etc/default/quasselcore to have:


But that is only half the battle. 443 is a privileged port, so the default user quasselcore doesn’t have the rights to bind to that port. So we have 2 options.

  1. run the daemon as root
  2. Use setcap to allow the daemon to bind to privileged ports.

The first is easy, but a little dirty. Simply change the user in either the default file or update the init script. But option 2 is much cleaner, and actually not that hard.

First you need to make sure you have setcap installed:

sudo apt-get install libcap2-bin

Now we simply need to bless the quasselcore binary with the required capability:

sudo setcap 'cap_net_bind_service=+ep' /usr/bin/quasselcore

Now when you start quasselcore you’ll see it listening on port 443:

sudo netstat -ntlp |grep quassel

Tim Riley: 2016 in review

Mon, 2017-01-09 09:01

I had a good run of year in review posts, but fell off the bandwagon lately. It's time to change that. Before I dive into 2016, here's a recap of the intervening years:

2013: Around the world tickets in hand, Misch and I worked, volunteered, and played Japan, Vietnam, Hong Kong, the USA, Finland, Germany, the UK, Spain, and Italy. An amazing time! Attended my first (and only) WWDC and had a blast. Started working on Decaf Sucks 2.0 (you'll hear more about that much later).

2014: Settling back in Canberra and realising we could live for a long time in our (large by world standards) apartment, we renovated a little: new floors, paint, curtains. Made it feel like a whole new place. Misch and I gave birth to Clover, our best and most satisfying team effort yet.

2015: Took our first with-kid overseas trip, and cruised through to Clover's first birthday and our first parenting anniversary (which we celebrated with a giant bánh mì party). Icelab gathered for FarmLab, and we discussed alternatives-to-Rails for the first time. Our grandmothers both passed away, and we spent time with the extended family. Jojo and I held Rails Camp in Canberra in December, where we got to eat cake for Rails' 10th birthday and watch Star Wars with 70 of our friends. Misch and I got pregnant again but sadly lost the little baby at 7 weeks.

Phew. That was some time. Now onto 2016.

At home with the (expanded!) family

Losing a baby at the end of 2016 was a big thing, but thankfully it came at a time when work and other demands scale back, so Misch and I spent some good quality time together and could regroup.

We got a couple of big things done in the beginning of the year. First up, we bought a car! After two years of mostly car-free life, it was time for another way to get around the place. Our little Škoda Fabia does just that, and is fun to drive.

Next, we renovated our bathroom! Knowing we'll be living here for many years to come, this was a big and worthwhile upgrade to our home amenity. We splashed out and got a Toto washlet, too. I regret nothing.

And in the last big thing for 2016, we became pregnant again and gave birth to baby Iris Persephone in October. This time around, the room at the Birth Centre was brimming with family. We wanted Clover there, so along came Misch's parents too. Clover's excited cry of "Baby!" upon seeing Iris come into the world is something I'll always remember. Iris' arrival brought another 6 weeks of time at home, which I enjoyed even more now that we're a family of four.

Decaf Sucks 2.0

With Misch's encouragement, I returned to my long stalled effort to release our all-new 2.0 version of Decaf Sucks. Turned out it didn't need all that much; with just a couple of weeks of effort, Max and I got everything wrapped up and released it to the world. It was a weight from my shoulders and I'm happy to finally have it out there.


2016 brought a seismic shift in how I write Ruby applications. After some experimentations with rom-rb and Piotr Solnica's rodakase experiment late in 2015, I knew this was my future. So I dove in and contributed as much as I could to the fledgling set of libraries now known as dry-rb. And we got a lot done. We released a whole bunch of gems, made things "official" with the launch of a website and discussion forum, and expanded the core team of developers to 5.

Along with sharing code, I wanted to start sharing some of the thinking behind the dry-rb style of Ruby app development, so I set about blogging, and managed to publish once a week for a good few months. This culminated with an introductory talk I gave at RedDotRubyConf in Singapore. This was my first conference talk and I relished the opportunity to really polish a particular message. Luckily, I was able to build upon this a repeat performance at Rails Camp in Adelaide and at a Ruby community workshop over in Perth. No doubt, you can expect to hear plenty more from me about dry-rb in 2017 :)


Icelab kicked off 2016 by celebrating our 10th birthday! I think we've built a remarkable little company and work-home to many good people, and I think the next 10 years will be even better.

For me, most of 2016 at Icelab was spent getting us settled onto dry-rb and rom-rb as our preferred stack for server-side applications. We shipped our first production app with these all the way back in February, launched our new website as an open source example app in June, and we have several more big sites that'll see the light of day early in 2017. It took a little while to get over the knowledge and productivity hump, but I feel we've hit a good rhythm with the stack now, and given we're the long-term maintainers of most of the things we ship, it'll be something that I expect will pay dividends for many years to come.

Open source was another big theme for the year. Along with our ongoing contributions to dry-rb, we took an "open source first" approach to any other standalone, reusable pieces of code we wrote. This small shift was a big help in making better design choices right from the beginning. You'll be able to see some of this bear fruit when we take our advanced form builder to 1.0 next year. It's already been an incredibly useful tool across our client projects.

I'm also proud that Icelab began contributing to the open source infrastructure that powers Ruby apps everywhere through our contributions to Ruby Together, which we joined in 2016 as Australia's first Emerald member.

And all the rest

And now I'll collect everything else I could think of into a few broadly categorised lists:

Computer life:

  • I've removed Twitter apps from all my platforms. It's helped me focus.
  • Said goodbye to, the little Rails app I've been running to email me my Twitter favourites. Now that IFTTT can do that same thing, I'm happy to have one less running thing I have to worry about.
  • Sometime in June I surpassed 250,000 all time Icelab chat messages.
  • Mulled many times with my co-workers on how we could run a better kind of tech meet-up in Canberra. Maybe this year!

Software development:

  • Continued my love/hate relationship with Docker, but I think now I've managed to find the right place for it in our development life: standardised production environments, and local dev only when we have to run something unusual.
  • After uncountable years, I'm finally looking away from Heroku as our production environment of choice.
  • Shipped a production iOS app built using Turbolinks for iOS, and it turned out rather nicely. I'd be happy to play with it some more.
  • We settled on Attache as a standard handler for all our file uploads. I feel it is a smart architectural choice (and I was happy to meet its affable creator Choon Keat in Singapore!)
  • We started to build Danger into our CI builds. It's already helpful, and I think we're just scratching the surface.
  • time_math2 is a great little Ruby library and a wonderful archetype for how "expressive" Ruby libraries can be made without Rails-style monkey patches.

Physical things:

  • The Mizudashi cold brew coffee pot I picked up to celebrate the launch of Decaf Sucks 2.0 makes amazing coffee and I've been putting it to good use ever since the weather warmed up. I'm aiming for 100% uptime of cold brew all summer long.
  • The Minaal daily shipped from their Kickstarter campaign and it immediately became my every day carry. A great companion to their larger carry-on bag.


  • After trying innumerable things and never settling, I've finally found a home for all my writing (pieces long, short, random or otherwise): it's Ulysses. What a great app.
  • Castro 2 came out with an ingenious new mechanic and I'm very happy to continue using it. It's helped my jump onto a few new podcasts without the worry of managing them.
  • CarPlay is great. I'll readily admit this was a deciding factor in our new car choice and I wasn't disappointed.
  • Paw is now my one-stop shop for all my HTTP requestin’. Super polished.
  • I'm back on good old and happy to ignore all the we'll-host-your-mail-and-your-passwords offerings that continue to swirl around.

Books, film, TV, etc.

  • Ripped through quite a bit of fiction as I waited for Clover to sleep (happily now she does this on her own). Highlights: Seveneves, Proxima & Ultima, The Prefect, Aurora and the Wool trilogy.
  • I look at my Letterboxd profile and once again resolve to watch more cinema. Anyway, 2016's highlights were The Big Short, Hunt for the Wilderpeople, Easy A, Arrival, Crazy, Stupid Love and of course Rogue One.
  • Subscribing to Netflix has been great. And fits perfectly well with our no-TV household.


  • Cooked all the Filipino food I could think up. It was great to have this as a motivating theme behind all my cooking.
  • And I tried toast and yoghurt for breakfast for the first time. Guess there's always time for new firsts ¯\_(ツ)_/¯.

Linux Users of Victoria (LUV) Announce: Annual Penguin Picnic, January 21, 2017

Sun, 2017-01-08 15:04
Start: Jan 21 2017 12:00 End: Jan 21 2017 18:00 Start: Jan 21 2017 12:00 End: Jan 21 2017 18:00 Location: 

Yarra Bank Reserve, Hawthorn.

The Linux Users of Victoria Annual Penguin Picnic will be held on Saturday, January 21, starting at 12 noon at the Yarra Bank Reserve, Hawthorn.

LUV would like to acknowledge Red Hat for their help in obtaining the Carlton venue and Infoxchange for the Richmond venue.

Linux Users of Victoria Inc., is an incorporated association, registration number A0040056C.

January 21, 2017 - 12:00

read more

Sam Watkins: Linux, low power / low heat for summer

Sat, 2017-01-07 21:03

Sometimes I play browser games including  This loads the CPU and GPU, and in this summer weather my laptop gets too hot and heats up the room.

I tried using Chrome with the GPU disabled, but the browser games would still cause the GPU to ramp up to full clock rate. I guess the X server was using the GPU.

google-chrome --disable-gpu # does not always prevent GPU clocking up

So here’s what I did:

For the NVIDIA GPU, we can force the lowest power mode by adding the following to the “Device” section in /etc/X11/xorg.conf:

# Option "RegistryDwords" "PowerMizerEnable=0x0;" Option "RegistryDwords" "PowerMizerEnable=0x1; PerfLevelSrc=0x3333; PowerMizerLevel=0x3; PowerMizerDefault=0x3; PowerMizerDefaultAC=0x3"

Unfortunately the “nvidia-settings” tool does not allow this.  It is necessary to restart the X server in order to change this setting.  Just swap which line is commented out.

Given that we are keeping the GPU cool like this, Chrome works better with the GPU enabled not disabled.

For the CPU, setting “scaling_governor=powersave” does not force the lowest power mode, and the CPU still clocks up and gets hot.  But we can set “scaling_max_freq” to stop Linux from raising the clock speed.  I’m using this shell script “cpu_speed“:

#!/bin/bash cmd=${1-info} cd /sys/devices/system/cpu for cpu in cpu[0-9]*; do ( cd $cpu/cpufreq case "$cmd" in info) echo $cpu `<scaling_cur_freq` `<scaling_min_freq` `<scaling_max_freq` ;; slow) cat cpuinfo_min_freq >scaling_min_freq cat cpuinfo_min_freq >scaling_max_freq ;; fast) cat cpuinfo_min_freq >scaling_min_freq cat cpuinfo_max_freq >scaling_max_freq ;; esac ) done

I can run it with “cpu_speed” to see the current speed, “cpu_speed slow” to fix the clock at the lowest speed, and “cpu_speed fast” to allow the clock to go up to the maximum speed.

This “temperature” script shows the NVIDIA GPUCurrentPerfLevel, GPUCoreTemp, and CPU temperature info:

#!/bin/sh ( set -a : ${DISPLAY:=:0.0} nvidia-settings -q GPUCurrentPerfLevel -q GPUCoreTemp acpi -t ) 2>/dev/null | perl -ne 'print "$1 " if /[:,] (\d+)\./' echo

Finally, I can reduce the screen resolution to decrease the load on the GPU and CPU.  “xrandr” with the NVIDIA driver does not allow me to change the resolution directly, but there is an option to scale the display.  This gives much smoother performance in the browser games, and the lower resolution doesn’t hurt.


xrandr --output DP-2 --scale 0.5x0.5


xrandr --output DP-2 --scale 1x1

Anyway, now I have my laptop set up to run cool by default.  This doesn’t hurt for most things I am doing with it, and I feel it’s less likely to explode and burn down our house.

Lev Lafayette: Installing R with EasyBuild: Which path to insanity?

Sat, 2017-01-07 19:04

There is a wonderful Spanish idiom, "Cada loco con su tema" which is sometimes massacred as the English idiom "To each their own". In Spanish of course it is more accurately transliterated as "Each madman with their topic" which in familiar conversation means the same, has a slightly different and is a more illustrative angle on the subject. With the in mind, which path to insanity does one take with R libraries and EasyBuild? A similar question can also be raised with other languages that have extensions, e.g., Python and Perl.

read more

Ben Martin: Machine Control with MQTT

Sat, 2017-01-07 18:58
MQTT is an open standard for message passing in the IoT. If a device or program knows something interesting it can offer to publish that data through a named message. If things want to react to those messages they can subscribe to them and do interesting things. I took a look into the SmoothieBoard firmware trying to prize an MQTT client into it. Unfortunately I had to back away at that level for now. The main things that I would love to have as messages published by the smoothie itself are the head position, job processing metadata, etc.

So I fell back to polling for that info in a little nodejs server. That server publishes info to MQTT and also subscribes to messages, for example, to "move the spindle to X,Y" or the like. I thought it would be interesting to make a little web interface to all this. Initially I was tempted to throw over websockets myself, but then discovered that you can mqtt right over a ws to mosquitto. So a bootstrap web interface to the CNC was born.

As you can see I opted out of the pronterface style head control. For me, on a touch panel the move X by 1 and move X by 10 are just too close in that layout. So I select the dimension in a tab and then the direction with buttons. Far, far, less chance of an unintended move.

Things get interesting on the files page. Not only are the files listed but I can "head" a file and that becomes a stored message by mosquitto. As the files on the sdcard of the smoothieboard don't change (for me) the head only has to be performed once per file. It's handy because you can see the header comment that the CAM program added to the G-Code so you can work out what you were thinking at the time you made the gcode. Assuming you put the metadata in that is.

I know that GCode has provisions for layout out multiple coordinate spaces for a single job. So you can cut 8 of the same thing at a single time from one block of stock. I've been doing 2-4 up manually. So I added a "Saves" tab to be able to snapshot a location and restore to it again later. This way you can run a job, move home by 80mm in X and run the same job again to cut a second item. I have provision for a bunch of saves, but only 1 is shown in the web page in the below.

This is all backed by MQTT. So I can start jobs and move the spindle from the terminal, a phone, or through the web interface.