So more and more projects are using github as infrastructure. One of the biggest cases I’ve seen is the Go programming language which allows you to specify “imports” directly hosted on code sharing sites like github and “go get” to get them all before compilation, but also lots of other projects are adopting it like Vim’s Vundle plugin manage which also allows fetching and updating of plugins directly from github. Also I wouldn’t be surprised if one or more other languages’ package managers from pip to npm do this too. I know it’s pretty easy and now cool to do this but…
It isn’t actually infrastructure grade. And that is hilighted well in event’s like this week when they are suffering continuals outages from a massive DDOS attack that some news sources are suspecting might be nation-state based.
How much fun is your ops having deploying your new service when half it’s dependencies are being pulled directly from github which is unavailable? Bit of a strange blocker hm?
Starting 2015 off right by trying to blog more (what it’s March already?). Well, this is as good a place as any to start: Ellis on The Manfred Macx Media Diet from 2012. And then more recently from his newsletter Orbital Operations:
A few times a year, I compare my current practise against this website post I wrote in 2012, to see how I’m stacking up against it. It’s a consideration of a second of Charlie Stross’ near-future sf novel ACCELERANDO. I am quite aware that this is not a thing that normal people do. It is a no-win situation. Because one is comparing oneself and one’s practise to the broad strokes of a fiction. It’s an absurd thing to do to yourself.
But, for me, it’s a cognitive whetstone: it makes me think about the way I’m processing information. And, on what is probably a more vain plane, a way to think about thinking in public.
So bear with me, I’m new at this. And may give up easily.
Everyone crying a video camera in their phone and easy access to viral social media is still catching a generation off guard. The latestish scandal is in Oklahoma where some students in a frat were caught on video which instantly went viral doing a racist chant. They were already kicked off campus by the university and now may face expulsion.
I bought a Sphero unboxed it and was disappointed. Not in the Sphero but in Cyanogenmod on my phone, which sadly was using the latest Installer/stable version which was last updated in August 2014 and had bluetooth connectivity issues. I could pair with the Sphero, but connections dropped quite quickly and often (like never up to a minute)
Apparently this is a know but not high priority issue and has been resolved but no stable release currently forthcoming. So I downloaded the latest nightly build (20140302), followed the instructions from the wiki on flashing (sadly because the installer versions are incompatible with the nightlies I couldn’t just “upgrade” but had to wipe and install) and volia, Bluetooth and the Sphero were working great. Then an hour of signing into all my apps again and everything is good. (Seriously though, if you are going to blow away your phone? Make a ton of notes, go through your apps, because all your authenticators will need a restore plan at minimum. I filled a page with notes in preparation)
I make ample use of SSH tunnels. They are easy which is the primary reason. But sometimes you need something a little more powerful, like for a phone so all your traffic can’t be snooped out of the air around you, or so that all your traffic not just SOCKS proxy aware apps can be sent over it. For that reason I decided to delve into VPN software over the weekend. After a pretty rushed survey I ended up going with StrongSwan. OpenVPN brings back nothing but memories of complexity and OpenSwan seemed a bit abandoned so I had to pick one of its decendands and StrongSwan seemed a bit more popular than LibreSwan. Unscientific and rushed, like I said.
So there are several scripts floating around that will just auto set it up for you, but where’s the fun (and understanding allowing tweeking) in that. So I found two guides and smashed them together to give me what I wanted:
strongSwan 5: How to create your own private VPN is the much more comprehensive one, but also set up a cert style login system. I wanted passwords initially.
strongSwan 5 based IPSec VPN, Ubuntu 14.04 LTS and PSK/XAUTH has a few more details on a password based setup.
Additional notes: I pretty much ended up doing the first one stright through except creating client certs. Also the XAUTH / IKE1 setup of the password tutorial seems incompatible with the Android StrongSwan client, so I used EAP / IKE2, pretty much straight out of the first one. Also seems like you still need to install the CA cert and vpnHost cert on the phone unless I was missing something.
Also, as an aside, and a curve ball to make things more dificult, this was done one a new server I am playing with. Even since I’d played with OpenBSD’s pf, I’ve been ruined for iptables. It’s just not as nice. So I’d been hearing about ufw from the Ubuntu community from a while and was curious if it was nicer and better. I figured after several years maybe it was mature enough to use on a server. I think maybe I misunderstood its point. Uncomplicated maybe meant not-featureful. Sure for unblocking ports for an app it’s cute and fast, and even for straight unblocking a port its syntax is a bit clearer I guess? But as I delved into it I realized I might have made a mistake. It’s built ontop of the same system iptables uses, but created all new tables so iptables isn’t really compatible with it. The real problem however is that the ufw command has no way to setup NAT masquerading. None. The interface cannot do that. Whoops. There is a hacky work around I found at OpenVPN – forward all client traffic through tunnel using UFW which involves editing config files in pretty much iptables style code. Not uncomplicated or easier or less messy like I’d been hopnig for.
So a little unimpressed with ufw (but learned a bunch about it so that’s good and I guess what I was going for) and had to add “remove ufw and replace with iptables on that server” to my todo list, but after a Sunday’s messing around I was able to get my phone to work over the VPN to my server and the internet. So a productive time.
- How To Protect SSH With Two-Factor Authentication: Setup google authentication + password login via openssh
- Three-factor authentication with OpenSSH, Google Authenticator and Password: Two factor authentication + pubkey authentication for openssh
So this happened at work
That’s right, after 13 years of being a purely Linux user, work asked if I’d like to be cross trained in Windows/C# development and I said “sure” and here I am.
So first thoughts: VirtualBox’s ability to boot from a harddrive is a massive help, crutch, safety blanket and amazing, I have my origional work Ubuntu install runing off the harddrive in VirtualBox fullscreened on one of my two screens fairly seamlessly interacting with the host Windows (copy/paste etc). Windows 8.1 is less broken than I remember my one half hour of messing around with Windows 8 to be. Also little apps like AltDrag help ease the transition. Although there have been a good few cases of wrong window typing because I’m about 13 years out of practice with click-to-focus. Visual Studios + ReSharper are at least trying to ease the burden of coming up to speed on a new language, environment and code base by making exploring easier, so that’s appreciated (“Find declaration/implementation/usage” are getting a lot of usage from me).
As for a deeper why? Well, my new director basically made a more complelling argument about Visual Studios and C# being good languages for a lot of productivity in a way that clearly got my interest unlike anyone else in the past. Naturally final verdict is TBD (will need some good time on that one), but I appreciate the oppurtunity because this stack isn’t one that would often land in my lap to experiment with and learn on.
So, new learning adventure comenses. We’ll see where this takes me.
Linux Encryption in the Cloud using LUKS on Linode – an excellent guide to setting up a Linode with root disk encryption – 2013
Work around for 14.04 …
CGP Grey released an amazing video today: Humans Need Not Apply, which is basically about how we are now entering our second ecno-techno revolution (the first was with basic atomization and the doing away with a bunch of basic labour as humans and horses were replaced by brainless machinery) where by new smart bots are going to be replacing a whole lot of people in the work force and new high tech jobs are being created at a tiny tiny fraction of the rate of other jobs being destroyed. Paper napkin estimates could place job displacement/unemployment easily from 25% to 45% in the not to distant future. Don’t believe? Charlie Stross has been banging on for a while now about how self driving cars will fairly rapidly replace any other kind of cars which has second order effects like killing any kind of paid driver from limo to taxi to buy to trucker to heavy machinery like at mines to dump truck driver. And the same can be applied across just a shocking number of industries. Seriously though, just go watch the video.
Done? Ok. So maybe now it’s time to talk about Basic Income [or this interesting article] (again) yes? I think we need to just drop any kind of “but it’s supporting the freeloaders” style arguments. Already now I’d argue they aren’t worth your time because there is a lot of evidence in support of many socialist programs and safety nets that even though they do bleed into some of that, over all they are a boon to society as many “able bodied” and “hearty contributor” citizens are able to bounce back more rapidly (or at all). But that’s nothing compared to the fact that very soon half of all of us may be unemployed with more on the way. As CGP Grey mentioned, the Great Depression was at unemployment levels of a “mere” 25%. Anyone want to imagine the economic collapse we’d be facing at higher levels of rampant poverty and starvation and lack of ability to support yourself? If a quarter to half the population around these parts suddenly couldn’t get by? And this will be just about as bad for the other half still employed because they will be deriving their wealth from the economy, which, as we said, will be in free fall collapse. So basically everyone is doomed if that happens.
So again I say, Basic Income. Economy is pretty much defined as the velocity of the flow of money (I’m not an economist). We need people to have money to spend to keep it all working for the few people still “contributing” and extracting additional wealth that way. Also for the reason we don’t want everyone to starve to death in our robot utopia future. Finally we have gotten rid of scarcity and work and yet everyone is poor and starving except the robots and maybe the 1% (maybe)? Only humans…
There’s another effect of this though. Tax. Corporate tax to be exact. If the majority of people aren’t extracting wealth from the economy except in the form of Basic Income, then all the big gains will be made by corporations, that will now be “staffed” largely by robots. If those are the big and really only instruments of economic wealth generation, then that’s where all the tax will have to be extracted from to support all us humans. And hey, why not, because Corporations are people too now you know :)
More and more people are starting to think this way from Switzerland who is actually voting on it in a referendum soon, to The Expanse Series of books I just finished reading incorporating it, to more mentions in the news. I think we need to all start discussing and implementing it pretty quickly, for all our sakes. There is a wide range of ways to do it so lets try to skip over arguing about if and just move to how. We may be starting to run short on time.
Edit: And after posting this I learned about the vibrant community over at the sub-reddit r/BasicIncome so welcome to anyone there visiting, and anyone else? You should head over there and look at all the discussion. Reddit comments here.
Xach Holmon has a new blog entry Keeping a Journal. It’s a good read, encourages journalling privately as a memory aid and refresh that may allow you to make new connections later. It could be an interesting approach to the new social I was mentioning. Start as a journalling app, private, with lot of tagging and meta data options (Xach mentions geo tagging especially for photos). Then add on some good search, and charge for use. Then start layering on top some options to share some posts, evolve posts from private rough drafts to public forms, keep live notes/etc going and volia, a potential privacy focused social network/life blog.
Reading: Cibola Burn
There is a lot of new tech I want to learn this year. To that end I’ve started MongoDB University’s M202: MongoDB Advanced Deployment and Operations which Trulioo is sponsoring me to do in that I can spend sometime at work studying, which is awesome! Other things in no particular order I want to learn about and use before year’s end include:
- C# – This language is seeing a lot of growth in popularity, and is on all platforms (thanks to Mono and Xamarin) and is used by the game industry a lot (mono + unity) and also a lot in server space (.net and Windows). I’ve heard some amazing things about productivity in it and feel it’s past time to take a better look.
- Vagrant – I generally want to play more with VMs and VM managment in general and this tool caught my eye
- Docker - Docker is blowing up in the devops space so it’s again past time I familiarize myself with it
- MongoDB – I have the chance at work to really bring my skills up with Mongo so I’d be a fool not to take full advantage of it and learn to master it (as I’m starting to)
- Go lang – Same. My game is much up wrt it already from work but I can still get better and learn more
- Cluster and devops theory – I’m already helping to run a small cluster of servers but there’s a lot more I can learn and do to make things go smooth and to heklp making scaling up to the next level easier.
- Haskell – I did a little in school, want to give it another more in depth go
Reading: Cibola Burn