Three must haves in Fedora 26


I’ve been using Fedora ever since it came out back in 2003. The developers of Fedora and the greater community of contributors have been doing a amazing job in incorporating features and functionality that subsequently has found its way into the downstream Red Hat Enterprise Linux distributions.

There are lots to cheer Fedora for. GNOME, NetworkManager, systemd and SELinux just to name a few.

Of all the cool stuff, I particularly like to call out three must haves.

a) Pomodoro – A GNOME extension that I use to ensure that I get the right amount of time breaks from the keyboard. I think it is a simple enough application that it has to be a must-have for all. Yes, it can be annoying that Pomodoro might prompt you to stop when you are in the middle of something, but you have the option to delay it until you are done. I think this type of help goes a long way in managing the well-being of all of us who are at our keyboards for hours.

b) Show IP: I really like this GNOME extension for it does give me at a glance any of a long list of IPs that my system might have. This screenshot shows ten different network end points and the IP number at the top is that of the Public IP of the laptop. While I can certainly use the command “ifconfig”, while I am on the desktop, it is nice to have it needed info tight on the screen.

 

 

c) usbguard: My current laptop has three USB ports and one SD card reader. When it is docked, the docking station has a bunch more of USB ports. The challenge with USB ports is that they are generally completely open ports that one can essentially insert any USB device and expect the system to act on it. While that is a convenience, the possibility of abuse isincreasing given rogue USB devices such as USB Killer, it is probably a better idea to deny, by default, all USB devices that are plugged into the machine. Fortunately, since 2007, the Linux kernel has had the ability to authorise USB devices on a device by device basis and the tool, usbguard, allows you to do it via the command line or via a GUI – usbguard-applet-qt. All in, I think this is another must-have for all users. It should be set up with default deny and the UI should be installed by default as well. I hope Fedora 27 onwards would be doing that.

So, thank you Fedora developers and contributors.

 

 

Advertisements

Quarter Century of Innovation – aka Happy Birthday Linux!


Screenshot from 2016-08-25 14-35-23

Happy Birthday, Linux! Thank you Linus for that post (and code) from a quarter of a century ago.

I distinctly remember coming across the post above on comp.os.minix while I was trying to figure out something called 386BSD. I was following the 386BSD development by Lynne Jolitz and William Jolitz back when I was in graduate school in OSU. I am not sure where I first heard about 386BSD, but it could have been in some newsgroup or the BYTE magazine (unfortunately I can’t find any references). Suffice to say, the work of 386BSD was subsequently documented by the Dr. Dobb’s Journal from around the 1992. Fortunately, the good people at Dr. Dobb’s Journal have placed their entire contents on the Internet and the first post of the port of 386BSD is now online.

I was back in Singapore by then and was working at CSA Research doing work in building networking functionality for a software engineering project. The development team had access to a SCO Unix machine but because we did not buy “client access licenses” (I think that was what it was called), we could only have exactly 2 users – one on the console via X-Windows and the other via telnet. I was not going to suggest to the management to get the additional access rights (I was told it would cost S$1,500!!) and instead, tried to find out why it was that the 3rd and subsequent login requests were being rejected.

That’s when I discovered that SCO Unix was doing some form of access locking that was part of the login process used by the built-in telnet daemon. I figured that if I can replace the telnet daemon with one that does not do the check, I can get as many people telnetting into the system and using it.

To create a new telnet daemon, I needed the source code and then to compile it. SCO Unix never provided any source code. I managed, however, to get the source code to a telnet daemon (from I think ftp.stanford.edu although I could be wrong).

Remember that during those days, there was no Internet access in Singapore – no TCP/IP access anyway. And the only way to the Internet was via UUCP (and Bitnet at the universities). I used ftpmail@decwrl.com (an ftp via email service by Digital Equipment Corporation) to go out and pull in the code and send it to me via email in 64k uuencoded chunks. Slow, but hey, it worked and it worked well.

Once I got the code, the next challenge was to compile it. We did have the C compiler but for some reason, we did not have the needed crypto library to compile against. That was when I came across the incredible stupidity of labeling cryptography as a munition by the US Department of Commerce. Because of that, we, in Singapore, could not get to the crypto library.

After some checking around, I got to someone who happened to have a full blown SCO Unix system and had the crypto library in their system. I requested that they compile a telnet daemon without the crypto library enabled and to then send me the compiled binary.

After some to and fro via email, I finally received the compiled telnet daemon without the crypto linked in and replaced the telnetd on my SCO Unix machine. Viola, everyone else in the office LAN could telnet in. The multi-user SCO machine was now really multi-user.

That experience was what pushed me to explore what would I need to do to make sure that both crypto code and needed libraries are available to anyone, anywhere. The fact that 386BSD was a US-originated project meant that tying my kite to them would eventually discriminate against me in not being able to get to the best of cryptography and in turn, security and privacy. That was when Linus’ work on Linux became interesting for me.

The fact that this was done outside the US meant that it was not crippled by politics and other shortsighted rules and that if it worked well enough, it could be an interesting operating system.

I am glad that I did make that choice.

The very first Linux distribution I got was from Soft Landing Systems (SLS in short) which I had to get via the amazingly trusty ftpmail@decwrl.com service which happily replied with dozens of 64K uuencoded emails.

What a thrill it was when I started getting serialized uuencoded emails with the goodies in them. I don’t think I have any of the 5.25″ on to which I had to put the uudecoded contents. I do remember selling complete sets of SLS diskettes (all 5.25″ ones) for $10 per box (in addition to the cost of the diskettes). I must have sold it to 10-15 people. Yes, I made money from free software, but it was for the labour and “expertise”.

Fast forward twenty five years to 2016, I have so many systems running Linux (TV, wireless access points, handphones, laptops, set-top boxes etc etc etc) that if I were asked to point to ONE thing that made and is still making a huge difference to all of us, I will point to Linux.

The impact of Linux on society cannot be accurately quantified.  It is hard. Linux is like water. It is everywhere and that is the beauty of it. In choosing the GPLv2 license for Linux, Linus released a huge amount of value for all of humanity. He paid forward.

It is hard to predict what the next 25 years will mean and how Linux will impact us all, but if the first 25 years is a hint, it cannot but be spectacular. What an amazing time to be alive.

Happy birthday Linux. You’ve defined how we should be using and adoption technology. You’ve disrupted and continue to disrupt, industries all over the place. You’ve helped define what it means to share ideas openly and freely. You’ve shown what happens when we collaborate and work together. Free and Open Source is a win-win for all and Linux is the Gold Standard of that.

Linux (and Linus) You done well and thank you!

This is quite a nice tool – magic-wormhole


I was catching up on the various talks at PyCon 2016 held in the wonderful city of Portland, Oregon last month.

There are lots of good content available from PyCon 2016 on youtube. What I was particularly struck was, what one could say is a mundane tool for file transfer.

This tool, called magic-wormhole, allows for any two systems, anywhere to be able to send files (via a intermediary), fully encrypted and secured.

This beats doing a scp from system to system, especially if the receiving system is behind a NAT and/or firewall.

I manage lots of systems for myself as well as part of the work I at Red Hat. Over the years, I’ve managed a good workflow when I need to send files around but all of it involved having to use some of the techniques like using http, or using scp and even miredo.

But to me, magic-wormhole is easy enough to set up, uses webrtc and encryption, that I think deserves to get a much higher profile and wider use.

On the Fedora 24 systems I have, I had to ensure that the following were all set up and installed (assuming you already have gcc installed):

a) dnf install libffi-devel python-devel redhat-rpm-config

b) pip install –upgrade pip

c) pip install magic-wormhole

That’s it.

Now I would want to run a server to provide the intermediary function instead of depending on the goodwill of Brian Warner.

 

UEFI and Fedora/RHEL – trivially working.


My older son just enrolled into my alma mater, Singapore Polytechnic, to do Electrical Engineering.  It is really nice to see that he has an interest in that field and, yes, make me smile as well.

So, as part of the preparations for the new program, the school does need the use of software as part of the curriculum. Fortunately, to get a computer was not an issue per se, but what bothered me was that the school “is only familiar with windows” and so that applications needed are also meant to run on windows.

One issue led to another and eventually, we decided to get a new laptop for his work in school. Sadly, the computer comes only with windows 8.1 installed and nothing else. The machine has ample disk space (1TB) and the system was set up with two partitions – one for the windows stuff (about 250G) and the 2nd partition as the “D: drive”. Have not seen that in years.

I wanted to make the machine dual bootable and went about planning to repartition the 2nd partition into two and have about 350G allocated to running Fedora.

Then I hit an issue.  The machine was installed with Windows using the UEFI. While the UEFI has some good traits, but unfortunately, it does throw off those who want to install it with another OS – ie to do dual-boot.

Fortunately, Fedora (and RHEL) can be installed into a UEFI enabled system. This was taken care of by work done by Matthew Garrett as part of the Fedora project. Matthew also received the FSF Award for the Advancement of Free Software earlier this year. It could be argued that perhaps UEFI is not something that should be supported, but then again, as long as systems continue to be shipped with it, the free software world has to find a way to continue to work.

The details around UEFI and Fedora (and RHEL) is all documented in Fedora Secure Boot pages.

Now on to describing how to install Fedora/RHEL into a UEFI-enabled system:

a) If you have not already done so, download the Fedora (and RHEL) ISOs from their respective pages. Fedora is available at https://fedoraproject.org/en/get-fedora and RHEL 7 Release Candidate is at ftp://ftp.redhat.com/pub/redhat/rhel/rc/7/.

b) With the ISOs downloaded, if you are running a Linux system, you can use the following command to create a bootable live USB drive with the ISO:

dd  if=Fedora-Live-Desktop-x86_64-20-1.iso of=/dev/sdb

assuming that /dev/sdb is where the USB drive is plugged into. The most interesting thing about the ISOs from Fedora and RHEL is that they are already set up to boot into a UEFI enabled system, i.e., no need to disable in BIOS the secure boot mode.

c) Boot up the target computer via the USB drive.

d) In the case of my son’s laptop, I had to repartition the “D: drive” and so after boot up from the USB device, I did the following:

i) (in Fedora live session): download and install gparted (sudo yum install gparted) within the live boot session.

ii) start gparted and resize the “D: drive” partition. In my case, it was broken into 2 partitions with about 300G for the new “D: drive” and the rest for Fedora.

e) Once the repartitioning is done, go ahead and choose the “Install to drive” option and follow the screen prompts.

Once the installation is done, you can safely reboot the machine.

You will be presented with a boot menu to choose the OS to start.

QED.

 

Getting a good grip on the haze conditions


I feel that with DPM Tharman Shanmugaratnam’s speech this past Monday, June 17 2013, at the eGov Global Exchange event about the Singapore government going whole hog with 100% machine readable data on the data.gov.sg, was excellent. Finally, there is some sanity in government with regards to data (that has already been paid for by tax dollars) should be open and freely available.  No more discussion about “monetizing” the tax-payer-paid data. Let the public do as they please with the data.

So, it is with that as a background, that I want to see how best was can get the following done to address the haze conditions (as seen in the NASA satellite image) with the population that is at risk.

This is what we have in terms of data:

a) Data from the National Environment Agency regarding the Pollutant Standard Index and the PM2.5 values.

b) AirNow.gov US government site that gives a co-relation between the various data measurements

The NEA PSI data is only shown on the site for the current 24 hour period and nothing is shown of the previous days.  I don’t see any link on their site to look at earlier data. As such, I’ve set up a public document on Google Docs.

Now what I’d like to see is the mashing up of the data with maps and other relevant information such as construction sites where there are workers outdoors and to see how quickly we can pull in the right resources to assist.  There is already an effort underway  (also geek.sg) to make sure that those populations at risk because of lack of information and/or safety equipment like N95 masks are reached and provided for.

[Update at 7:25 pm June 22, 2013]

Looks like the NEA site is transforming in a good way.  You can get historical data now.

This is too cool!


[harish@phoenix ~]$ traceroute 216.81.59.173
traceroute to 216.81.59.173 (216.81.59.173), 30 hops max, 60 byte packets
 1 registerlafonera.fon.com (192.168.10.1) 2.473 ms 2.937 ms 3.902 ms
 2 cm1.zeta224.maxonline.com.sg (116.87.224.1) 15.342 ms 15.664 ms 16.515 ms
 3 172.20.53.17 (172.20.53.17) 17.175 ms 17.540 ms 18.104 ms
 4 172.26.53.1 (172.26.53.1) 18.865 ms 20.381 ms 20.813 ms
 5 172.20.7.30 (172.20.7.30) 24.398 ms 24.337 ms 24.227 ms
 6 203.117.35.45 (203.117.35.45) 28.237 ms 17.013 ms 16.335 ms
 7 203.117.34.37 (203.117.34.37) 15.227 ms 21.645 ms 21.858 ms
 8 203.117.34.198 (203.117.34.198) 20.962 ms 21.042 ms 20.766 ms
 9 203.117.36.38 (203.117.36.38) 21.584 ms 22.500 ms 22.639 ms
10 paix.he.net (198.32.176.20) 213.814 ms 214.532 ms 216.222 ms
11 10gigabitethernet9-3.core1.sjc2.he.net (72.52.92.70) 209.283 ms 209.811 ms 206.368 ms
12 10gigabitethernet5-3.core1.lax2.he.net (184.105.213.5) 197.110 ms 199.926 ms 203.206 ms
13 10gigabitethernet2-3.core1.phx2.he.net (184.105.222.85) 231.479 ms 234.769 ms 234.712 ms
14 10gigabitethernet5-3.core1.dal1.he.net (184.105.222.78) 246.268 ms 246.252 ms 246.026 ms
15 10gigabitethernet5-4.core1.atl1.he.net (184.105.213.114) 273.176 ms 273.562 ms 273.933 ms
16 216.66.0.26 (216.66.0.26) 257.073 ms 257.860 ms 258.197 ms
17 * * *
18 Episode.IV (206.214.251.1) 279.888 ms 277.874 ms 280.236 ms
19 A.NEW.HOPE (206.214.251.6) 285.736 ms 284.384 ms 285.730 ms
20 It.is.a.period.of.civil.war (206.214.251.9) 291.342 ms 293.745 ms 293.975 ms
21 Rebel.spaceships (206.214.251.14) 295.027 ms 300.389 ms 300.605 ms
22 striking.from.a.hidden.base (206.214.251.17) 300.050 ms 300.106 ms 299.865 ms
23 have.won.their.first.victory (206.214.251.22) 284.885 ms 291.515 ms 293.083 ms
24 against.the.evil.Galactic.Empire (206.214.251.25) 282.759 ms 280.749 ms 280.269 ms
25 During.the.battle (206.214.251.30) 301.951 ms 300.714 ms 297.183 ms
26 Rebel.spies.managed (206.214.251.33) 306.370 ms * *
27 * to.steal.secret.plans (206.214.251.38) 304.887 ms 301.879 ms
28 to.the.Empires.ultimate.weapon (206.214.251.41) 292.549 ms 290.469 ms 291.832 ms
29 the.DEATH.STAR (206.214.251.46) 290.021 ms 281.892 ms 280.153 ms
30 an.armored.space.station (206.214.251.49) 283.677 ms 295.996 ms 285.008 ms
[harish@phoenix ~]$

Good stuff, Episode IV.

In a word, wow!


I am not sure if this is a report that contains stuff taken out of context, but if its true that PM Lee thinks that his government did not have clarity in vision, what does that mean to all the justifications of paying sky-high wages to the “ministers” who were, after all, the ones who should have looked out for us?

I await back-peddling and clarifications before commenting on what appears to me an admission of failure.

While we are talking about failures, let me point a huge failure playing out in the Singapore civil service in the form of the fiasco called the  “Standard Operating Environment”. There is no one in the civil service that has anything positive to say about the fiasco that they have to be living with for the next umpteen years. The amount of tax dollars wasted and continued to be wasted because of the closed, proprietary software chosen is appalling. We need to stop it. Now!

Mr Prime Minister, I made an offer to help set up a Singapore Open Institute that will propel the Singapore public sector rapidly forward with the adoption and use of open source software and make it innovative and forward thinking. The offer still has not been taken up by you or your office.

Let’s make rapid changes and changes for the better. I look forward to hearing from you at h dot pillay at ieee dot org.

Doing the right thing and a proposal


I am glad to read the the Prime Minister has decided to probe the sale the applications (built and paid using tax dollars) by the PAP Town Councils to the PAP-owned company AIM.

<stand up> <applause> <applause> <applause> <applause> <applause> <sit down>

I would like to know the following:

  1. Who will head this?
  2. What kind of time frame will this have to be done by – one month, one year, by next general election?
  3. In the meantime, what happens to the monies that have been spent (and to be spent) in the transaction
  4. Will there be a public disclosure of companies that are PAP-owned and a list of transactions done by them with public sector agencies. I would expect the same from the WP and other political parties as well.

I would also like to hear from the Prime Minister on how we can ensure that all technology used/developed/deployed in any public sector entity in Singapore will FIRST consider open source solutions and failing to find something, then with a request for exemption (RFE), filed, published and approved, to look at non-open source options.

The time is NOW to make the bold and exciting change, Mr Prime Minister. I am sure this is of no concern to you, but rest assured your legacy will be being acknowledged as the Open Source Prime Minister.

While it might be premature to say “well done”, any progress is good progress. Doing the right thing is what this is all about.

As citizens, we need to keep a watchful eye on this probe to ensure that nothing is left unturned and keep the pressure on.

Again, my offer to help build an open source solution to managing Town Council system remains.

Let me take this opportunity to flesh out a proposal of how this can be accomplished.

Proposal

  • We establish a Singapore Open Institute, funded by government and/or corporate sponsors.
  • SOI’s role will be primarily at assessing all the open source solutions being developed around the world especially for government (and education) and finding local use of them. Likewise, local public sector agencies can seek SOI’s help in creating open source solutions.
  • SOI will be the trusted agency that public sector entities will seek advise and clearance in projects they want to undertake.
  • SOI will also create a Public Sector Software Exchange (PSX). The PSX will be open to anyone, anywhere to contribute to as well as to consume code from. All code in PSX could be on a GPLv3 or Apache License v 2 or something Singapore-branded, like the EU open license. PSX will also host SMEs, start-ups and individuals who can provide solutions. Parts of the Instruction Manual will have to be amended as needed to accomodate this.
  • SOI will also be the entity to which requests for exemption (RFE) has to be applied for by public sector agencies before going for closed source products. RFEs will have an expiry period and will be specific to a project.
  • SOI will also be the catalyst in creating and running programming contests, hack-a-thons etc (both with open source software and hardware). This is principally to encourage as many people to learn coding and build solutions.
  • Mindef, Police, SCDF and security related agencies are exempted from SOI but are strongly encouraged to create an equivalent of forge.mil.
  • SOI will also be the thought leader for Open Data, Open Source, Open Hardware and Open Standards.

It is an idea whose time has come for Singapore to act on, Mr Prime Minister.

Let’s do the right thing.

It’s not a contest per se, it’s a Sahana-moment!


So, my 3 am post from January 3rd 2013 is now on http://www.tremeritus.com, probably not a good thing, but then this is the way things move.

For what it’s worth, going by the comments in that post, this is not about scoring points against the Coordinating Chairman or the PAP or the WP.  It is about highlighting the facts in a way that was clearer and not wrapped up in words and more importantly, offering a better way to do things for the betterment of this country.

At the expense of being ridiculed for stating the obvious, all the information and analysis done at 3 am on January 3rd 2013 that is in my original post is from that one media release put out by the Coordinating Chairman on January 2, 2013.

There is confusion about what the various issues which sadly are related albeit tangentially.

Let me try to give a map of the issues that are being looked at.

a) The Ministry of National Development put out a  Town Council Management Report for 2012 on December 14, 2012. Of the 15 town councils, all except for the Aljunied Hougang Town Council scored green in S&CC Arrears Management – Examines the extent of Town Councils’ S&CC arrears that residents have to bear.” AHTC is the only non-PAP Town Council.

b) Because of that red score, the question arose as to what happened? To that extent, the AHTC released their comments.

c) It then was known to all of us that there was a company, Action Information Management Pte Ltd, that was providing the IT solutions to the town councils.

d) That was when the issue blew up with regards to who is AIM, why did this company get to do this business, how did they come to own the IT system etc etc.

So, there are two chunks of issues:

1) The poor performance from the Town Council Management Report 2012 perspective of Aljunied Hougang Town Council

2) Who is this AIM and what is their role in all of this?

Both are important issues. I am in no position to comment on the first point.  That is for the AHTC to address to the satisfaction of the residents of AHTC as well as us Singaporeans.

My interest centers in the second point. As a computing professional, having been in this industry since 1982, this interests  me personally. I am also an advocate of using and growing the use of open source technologies especially in the public sector. The Town Councils are public sector organizations. It pains me to see good money being thrown at IT solutions only for the vendor(s) to obsolete it in a relatively short time, and get the customer to pay up again and again. This becomes even more acute with public sector IT spending. It is yours and my tax dollars that get spent wastefully.

Sure, there as a time when the open source solutions and frameworks did not quite provide good alternatives to address the varied IT needs. But that was a long, long time ago. Today open source is so very prevalent in every nook and corner that there is no longer any justifiable reason not to consider open source first for any IT need, especially in government and public sector.

People who know me would have heard the repeating groove that I have become, in that we need, at least in Singapore, an official government policy to do open source FIRST for all public sector IT procurement and for government agencies to file justifications for exemptions if they want to go with a proprietary solution and these exemptions have to be public knowledge.

Why is that needed? It is because monies spent by publicly funded agencies especially in reusable technologies like software, should not be wasted and locked away in some proprietary solution.

I am not proposing nor suggesting that open source solutions don’t come at a price. They do. They will need to be supported (as any software needs to, open or otherwise). But the huge upside when used in the public sector is that the solution can be worked on and enhanced and re-factored by entities that the public sector organizations could engage. This grows the local, domestic IT sector. It grows it in a way that benefits the local econoomy and SMEs who then get opportunities to become conversant in domains that otherwise will be hard to get into. With the code being open, anyone can contribute, but, and this is the part most people miss out, you STILL NEED commercially contracted support. 

This opens up opportunities to SMEs in Singapore to take up the various solutions to manage and maintain and gain expertise and in the process begin expanding outside Singapore as well.

Eight years ago, as a reservist SCDF officer, I was mobilized to support SCDF’s Ops Lion Heart to help with Search and Rescue after the 2004 Boxing Day Indian Ocean tsunami. My country called me to serve at a time of need and I put on my uniform and was on the ground in Banda Aceh for about two weeks.

The lessons I learned then was that in a disaster situation, the various international agencies and military/civil defense forces on the ground had very little common technology (other than walkie talkies) that could be used to coordinate the work. We, the SCDF, had our comms equipment (we had a Immarsat vsat satellite and satellite phones and GPS devices) but other than that, nothing else to interface with the other forces on the ground. Why? Because each of those entities had their own proprietary software tools to work with. At a time when there was a massive natural disaster, as rescuers we were not assisted by the technologies because of vendor lock-in.

Out of that disaster, came Project Sahana –  put together by Sri Lankan open source developers. Sahana is now a UN sanctioned tool for disaster management.

Why do I bring this up? Because it seems that we are heading to a Sahana-moment in Singapore. Public sector IT services should be decoupled from political parties.  Public sector IT solutions must open up the source code so that there are no opportunities for being taken for a ride.

So, to draw back to the beginning. Mr Coordinating Chairman, this is not a contest per se. This is a genuine offer to help us, the collective us, to do the Right Thing