Three must haves in Fedora 26


I’ve been using Fedora ever since it came out back in 2003. The developers of Fedora and the greater community of contributors have been doing a amazing job in incorporating features and functionality that subsequently has found its way into the downstream Red Hat Enterprise Linux distributions.

There are lots to cheer Fedora for. GNOME, NetworkManager, systemd and SELinux just to name a few.

Of all the cool stuff, I particularly like to call out three must haves.

a) Pomodoro – A GNOME extension that I use to ensure that I get the right amount of time breaks from the keyboard. I think it is a simple enough application that it has to be a must-have for all. Yes, it can be annoying that Pomodoro might prompt you to stop when you are in the middle of something, but you have the option to delay it until you are done. I think this type of help goes a long way in managing the well-being of all of us who are at our keyboards for hours.

b) Show IP: I really like this GNOME extension for it does give me at a glance any of a long list of IPs that my system might have. This screenshot shows ten different network end points and the IP number at the top is that of the Public IP of the laptop. While I can certainly use the command “ifconfig”, while I am on the desktop, it is nice to have it needed info tight on the screen.

 

 

c) usbguard: My current laptop has three USB ports and one SD card reader. When it is docked, the docking station has a bunch more of USB ports. The challenge with USB ports is that they are generally completely open ports that one can essentially insert any USB device and expect the system to act on it. While that is a convenience, the possibility of abuse isincreasing given rogue USB devices such as USB Killer, it is probably a better idea to deny, by default, all USB devices that are plugged into the machine. Fortunately, since 2007, the Linux kernel has had the ability to authorise USB devices on a device by device basis and the tool, usbguard, allows you to do it via the command line or via a GUI – usbguard-applet-qt. All in, I think this is another must-have for all users. It should be set up with default deny and the UI should be installed by default as well. I hope Fedora 27 onwards would be doing that.

So, thank you Fedora developers and contributors.

 

 

Quarter Century of Innovation – aka Happy Birthday Linux!


Screenshot from 2016-08-25 14-35-23

Happy Birthday, Linux! Thank you Linus for that post (and code) from a quarter of a century ago.

I distinctly remember coming across the post above on comp.os.minix while I was trying to figure out something called 386BSD. I was following the 386BSD development by Lynne Jolitz and William Jolitz back when I was in graduate school in OSU. I am not sure where I first heard about 386BSD, but it could have been in some newsgroup or the BYTE magazine (unfortunately I can’t find any references). Suffice to say, the work of 386BSD was subsequently documented by the Dr. Dobb’s Journal from around the 1992. Fortunately, the good people at Dr. Dobb’s Journal have placed their entire contents on the Internet and the first post of the port of 386BSD is now online.

I was back in Singapore by then and was working at CSA Research doing work in building networking functionality for a software engineering project. The development team had access to a SCO Unix machine but because we did not buy “client access licenses” (I think that was what it was called), we could only have exactly 2 users – one on the console via X-Windows and the other via telnet. I was not going to suggest to the management to get the additional access rights (I was told it would cost S$1,500!!) and instead, tried to find out why it was that the 3rd and subsequent login requests were being rejected.

That’s when I discovered that SCO Unix was doing some form of access locking that was part of the login process used by the built-in telnet daemon. I figured that if I can replace the telnet daemon with one that does not do the check, I can get as many people telnetting into the system and using it.

To create a new telnet daemon, I needed the source code and then to compile it. SCO Unix never provided any source code. I managed, however, to get the source code to a telnet daemon (from I think ftp.stanford.edu although I could be wrong).

Remember that during those days, there was no Internet access in Singapore – no TCP/IP access anyway. And the only way to the Internet was via UUCP (and Bitnet at the universities). I used ftpmail@decwrl.com (an ftp via email service by Digital Equipment Corporation) to go out and pull in the code and send it to me via email in 64k uuencoded chunks. Slow, but hey, it worked and it worked well.

Once I got the code, the next challenge was to compile it. We did have the C compiler but for some reason, we did not have the needed crypto library to compile against. That was when I came across the incredible stupidity of labeling cryptography as a munition by the US Department of Commerce. Because of that, we, in Singapore, could not get to the crypto library.

After some checking around, I got to someone who happened to have a full blown SCO Unix system and had the crypto library in their system. I requested that they compile a telnet daemon without the crypto library enabled and to then send me the compiled binary.

After some to and fro via email, I finally received the compiled telnet daemon without the crypto linked in and replaced the telnetd on my SCO Unix machine. Viola, everyone else in the office LAN could telnet in. The multi-user SCO machine was now really multi-user.

That experience was what pushed me to explore what would I need to do to make sure that both crypto code and needed libraries are available to anyone, anywhere. The fact that 386BSD was a US-originated project meant that tying my kite to them would eventually discriminate against me in not being able to get to the best of cryptography and in turn, security and privacy. That was when Linus’ work on Linux became interesting for me.

The fact that this was done outside the US meant that it was not crippled by politics and other shortsighted rules and that if it worked well enough, it could be an interesting operating system.

I am glad that I did make that choice.

The very first Linux distribution I got was from Soft Landing Systems (SLS in short) which I had to get via the amazingly trusty ftpmail@decwrl.com service which happily replied with dozens of 64K uuencoded emails.

What a thrill it was when I started getting serialized uuencoded emails with the goodies in them. I don’t think I have any of the 5.25″ on to which I had to put the uudecoded contents. I do remember selling complete sets of SLS diskettes (all 5.25″ ones) for $10 per box (in addition to the cost of the diskettes). I must have sold it to 10-15 people. Yes, I made money from free software, but it was for the labour and “expertise”.

Fast forward twenty five years to 2016, I have so many systems running Linux (TV, wireless access points, handphones, laptops, set-top boxes etc etc etc) that if I were asked to point to ONE thing that made and is still making a huge difference to all of us, I will point to Linux.

The impact of Linux on society cannot be accurately quantified.  It is hard. Linux is like water. It is everywhere and that is the beauty of it. In choosing the GPLv2 license for Linux, Linus released a huge amount of value for all of humanity. He paid forward.

It is hard to predict what the next 25 years will mean and how Linux will impact us all, but if the first 25 years is a hint, it cannot but be spectacular. What an amazing time to be alive.

Happy birthday Linux. You’ve defined how we should be using and adoption technology. You’ve disrupted and continue to disrupt, industries all over the place. You’ve helped define what it means to share ideas openly and freely. You’ve shown what happens when we collaborate and work together. Free and Open Source is a win-win for all and Linux is the Gold Standard of that.

Linux (and Linus) You done well and thank you!

Congratulations NUS Engineers Class of 2016!


My speech at the Commencement of NUS Faculty of Engineering on July 12, 2016 at 3:00 pm.

Mr Neo Kian Hong, Member, NUS Board of Trustees, Distinguished Guests, Friends and Families of Graduands, Graduating Class of 2016, Ladies and Gentlemen, Good afternoon.

To the class of 2016, both my wife and I would like to extend our heartiest congratulations to all of you.

There are, here today, 515 graduates of which 106 getting joint bachelor’s, 3 with multi-disciplinary, 244 bachelor’s in computer and electrical engineering, 115 masters, and 47 PhDs degrees.

In a word, wow. What a fantastic collection of talent, potential and promise. A brain trust that would rival any other. The 2016 World University Ranking by Times Higher Education for Engineering and Technology, ranks NUS lucky 13th globally. Your alma mater is shining and you can rightly be proud of it! Surely that deserves a hearty round of applause!

I feel at home in the company of people who value the pursuit of knowledge with the vision to make this a better world. Engineers are dreamers, doers, builders, risk takers. Engineers are weird like that. That’s in our DNA. Our ethos.

As a child, I was enthralled with the idea of being able to walk on the moon. I wanted to become an astronaut. It has not happened, yet, but that goal has helped open up for me a vast vista of possibilities and opportunities. In its own way, that interest led me down the path of becoming a ham radio operator, 9v1hp is my call sign if you want to QSO, pursuing electrical and electronics engineering, and then computer engineering and computer science.

It was done during the time when technology, largely driven by the NASA space program’s need for high performance computing and semiconductor devices, was showing the way to bring to life, some of the ideas of what was essentially in science fiction.

It was a time when, much of the things we take for granted today, were mere ideas in Isaac Asimov‘s visions of tomorrow.

There is a wonderful interview of Asimov done by Bill Moyers in which they discuss education.

Let me quote you the following:

Bill Moyers asks:

Do you think we can educate ourselves, that any one of us, at any time, can be educated in any subject that strikes our fancy?

Isaac Asimov replies:

“The key words here are “that strikes our fancy.” There are some things that simply don’t strike my fancy, and I doubt that I can force myself to be educated in them. On the other hand, when there’s a subject I’m ferociously interested in, then it is easy for me to learn about it. I take it in gladly and cheerfully – what’s exciting is the actual process of broadening yourself, of knowing there’s now a little extra facet of the universe you know about and can think about and can understand. It seems to me that when it’s time to die, there would be a certain pleasure in thinking that you had utilized your life well, learned as much as you could, gathered in as much as possible of the universe, and enjoyed it. There’s only this one universe and only this one lifetime to try to grasp it. And while it is inconceivable that anyone can grasp more than a tiny portion of it, at least you can do that much. What a tragedy just to pass through and get nothing out of it.”

Asimov later goes on to say:

“That’s another trouble with education as we now have it. People think of education as something that they can finish. And what’s more, when they finish, it’s a rite of passage. You’re finished with school. You’re no more a child, and therefore anything that reminds you of school — reading books, having ideas, asking questions — that’s kid’s stuff. Now that you’re an adult, you don’t do that sort of thing anymore.”

Education is never “finished”. It is also not marked by getting pieces of paper, or getting a grade, or even this today’s commencement.

You may have heard of adage “sharpening your saw”. A rusty or dull saw cannot cut you a tree. Sharpening the saw is key to keeping your knowledge fresh, alive and useful. Stop sharpening, you disintegrate.

It is fitting that today’s event is called a “commencement”. You are indeed commencing your next phase of life. It is the culmination of lots of sweat equity you expended to reach a goal, and then to go on to build new things. It is a cycle, not a treadmill. It is a deliberate and positive cycle of life.

There is a word for that. Entropy. And I find entropy a fascinating idea.

You may be wondering why would I want to bring in the “second law of thermodynamics” in the address.

A tl;dr definition of the 2nd law of thermodynamics says that the total entropy of an isolated system always increases over time, or remains constant in ideal cases where the system is in a steady state or undergoing a reversible process. The increase in entropy accounts for the irreversibility of natural processes, and the asymmetry between future and past.

What was that all about, you wonder? What has entropy got to do with today’s proceedings? I hope Carnot, Clausius, Kelvin, Planck and Shannon would grant me this non-scientific postulation of their collective work.

Most of you have spent 4 years in this 111-year old institution, those getting their PhDs, a few more.

From the time you entered this school, entropy in you has been increasing. As knowledge, experience, wisdom and insights flowed from your dedicated faculty and your classmates to you – entropy increased. I say it increased because I am approximating the university as a closed system – as needed by the 2nd law.

When you take formal leave of this school’s lecture theatres, halls and labs, you will start the process of transferring the entropy – knowledge, experience etc – on to the big world outside these walls.

As you stand at the peak of this phase of your life’s adventure, the “you” sitting here is a very different “you” that entered this school. In giving of yourself to the future endeavours that you get into, you will be putting truth into the statement “that the entropy of the universe will always increase”.

By the end of this evening, all of you would hold in your hands a scroll that records your accomplishment. Savour and cherish that moment but only for a moment. It is an indication and acknowledgement that your next stage of possibilities and responsibilities has now been laid in front of you.

I am frequently reminded of a quote attributed to Thomas Jefferson, the 3rd president of the United States.

He said:

He who received an idea from me, receives instruction himself without lessening mine; as he who lights his candle at mine, receives light without darkening mine. Then there is twice as much light.

Ideas are one of those fundamental qualities that make us all human. In other words, Ideas Maketh Homo Sapiens. It remains to be seen if Artificial Intelligence can generate ideas like we do.

Each of us generate hundreds of ideas every day without breaking a sweat. Most of them are not acted upon, but do serve as building blocks for something else, all done subconsciously. The “ah, ha!” moment is an example of that subconscious confluence of ideas.

If you must judge me, judge me by how good my good ideas are and not by how bad my bad ideas were.

I know you are all brimming with ideas of what to do next. I hope you will not be distracted by, what I consider, a falsehood that ideas need to be guarded, locked up and not shared with others.

I come from the world of open collaboration where software source code, the classic example of the embodiment of ideas, is freely shared and improved upon. The business I am part of, Red Hat, built its US$2b revenue business on 100% open source code, all achieved with open collaboration on ideas and code.

My empirical experience has been that when ideas (and code) are shared, they get sharpened and the outcome is both unpredictable and beautiful. And just last week, the source code of Apollo 11 spacecraft was released and it is amazing to read the code and understand the constraints they had to work with in 1969.

Please don’t hold back on sharing your ideas.

I shall practise what I’ve preached and here’s an idea that I hope some of you will consider picking up:

Electric cars are fun, but the challenge is one of re-charging it. Re-charging is being done today by retrofitting and building new charging infrastructure. And that takes time. So here’s my idea for a start-up which I shall call PowerBuddy:

a) PowerBuddy operates a mobile, battery-powered fleet of “charging vehicles”

b) these charging vehicles are strategically placed all over Singapore

c) As a subscriber to PowerBuddy, your car will be tracked with your permission, so that PowerBuddy will know what the charge level is at all times and, based on pre-arranged settings, provide a quick (or full) recharge wherever the car is parked at.

d) You can then go anywhere and not be worried about running out of juice and more importantly, not have to wait for the current infrastructure to catch up.

I hope some of you here will pick this up, ideate further and execute PowerBuddy. I would be happy to collaborate with you on this. We are engineers, we build solutions to address problems.

Engineering is a profession that loves precision but accepts and is extremely aware of real world approximations.

Any worthy engineer will solve problems in many cases by making assumptions, to a first approximation, and then to iteratively refine the solution until it is good enough. There is a growing community of engineers who recognise that “good enough” engineering is what makes the world happen. I believe in that approximation as well.

It was the French philosopher Voltaire who said: “Perfect is the opposite of Good Enough”. The real world we live in makes it almost impossible to be perfect. Embrace good enough and we can build solutions.

We all love to succeed. But success is a poor teacher – failure, on the other hand, is a fantastic albeit cruel teacher. You can learn lots from failure, but precious little from success.

So, make sure you define success on your own terms, and work to achieve success by your own rules. Fail, fail quick and often, so that you can succeed. And in that process, to build a life you’re proud to live.

Before I conclude, from one engineer to another, well done on becoming an engineer! Together, let’s build a better world.

And finally, thank you NUS for giving me this opportunity to address this afternoon’s commencement (Update: my address starts at around 0:26).

Congratulations Class of 2016.

Thank you.

This is quite a nice tool – magic-wormhole


I was catching up on the various talks at PyCon 2016 held in the wonderful city of Portland, Oregon last month.

There are lots of good content available from PyCon 2016 on youtube. What I was particularly struck was, what one could say is a mundane tool for file transfer.

This tool, called magic-wormhole, allows for any two systems, anywhere to be able to send files (via a intermediary), fully encrypted and secured.

This beats doing a scp from system to system, especially if the receiving system is behind a NAT and/or firewall.

I manage lots of systems for myself as well as part of the work I at Red Hat. Over the years, I’ve managed a good workflow when I need to send files around but all of it involved having to use some of the techniques like using http, or using scp and even miredo.

But to me, magic-wormhole is easy enough to set up, uses webrtc and encryption, that I think deserves to get a much higher profile and wider use.

On the Fedora 24 systems I have, I had to ensure that the following were all set up and installed (assuming you already have gcc installed):

a) dnf install libffi-devel python-devel redhat-rpm-config

b) pip install –upgrade pip

c) pip install magic-wormhole

That’s it.

Now I would want to run a server to provide the intermediary function instead of depending on the goodwill of Brian Warner.

 

UEFI and Fedora/RHEL – trivially working.


My older son just enrolled into my alma mater, Singapore Polytechnic, to do Electrical Engineering.  It is really nice to see that he has an interest in that field and, yes, make me smile as well.

So, as part of the preparations for the new program, the school does need the use of software as part of the curriculum. Fortunately, to get a computer was not an issue per se, but what bothered me was that the school “is only familiar with windows” and so that applications needed are also meant to run on windows.

One issue led to another and eventually, we decided to get a new laptop for his work in school. Sadly, the computer comes only with windows 8.1 installed and nothing else. The machine has ample disk space (1TB) and the system was set up with two partitions – one for the windows stuff (about 250G) and the 2nd partition as the “D: drive”. Have not seen that in years.

I wanted to make the machine dual bootable and went about planning to repartition the 2nd partition into two and have about 350G allocated to running Fedora.

Then I hit an issue.  The machine was installed with Windows using the UEFI. While the UEFI has some good traits, but unfortunately, it does throw off those who want to install it with another OS – ie to do dual-boot.

Fortunately, Fedora (and RHEL) can be installed into a UEFI enabled system. This was taken care of by work done by Matthew Garrett as part of the Fedora project. Matthew also received the FSF Award for the Advancement of Free Software earlier this year. It could be argued that perhaps UEFI is not something that should be supported, but then again, as long as systems continue to be shipped with it, the free software world has to find a way to continue to work.

The details around UEFI and Fedora (and RHEL) is all documented in Fedora Secure Boot pages.

Now on to describing how to install Fedora/RHEL into a UEFI-enabled system:

a) If you have not already done so, download the Fedora (and RHEL) ISOs from their respective pages. Fedora is available at https://fedoraproject.org/en/get-fedora and RHEL 7 Release Candidate is at ftp://ftp.redhat.com/pub/redhat/rhel/rc/7/.

b) With the ISOs downloaded, if you are running a Linux system, you can use the following command to create a bootable live USB drive with the ISO:

dd  if=Fedora-Live-Desktop-x86_64-20-1.iso of=/dev/sdb

assuming that /dev/sdb is where the USB drive is plugged into. The most interesting thing about the ISOs from Fedora and RHEL is that they are already set up to boot into a UEFI enabled system, i.e., no need to disable in BIOS the secure boot mode.

c) Boot up the target computer via the USB drive.

d) In the case of my son’s laptop, I had to repartition the “D: drive” and so after boot up from the USB device, I did the following:

i) (in Fedora live session): download and install gparted (sudo yum install gparted) within the live boot session.

ii) start gparted and resize the “D: drive” partition. In my case, it was broken into 2 partitions with about 300G for the new “D: drive” and the rest for Fedora.

e) Once the repartitioning is done, go ahead and choose the “Install to drive” option and follow the screen prompts.

Once the installation is done, you can safely reboot the machine.

You will be presented with a boot menu to choose the OS to start.

QED.

 

Why Open Standards and Open Source Matters in Government


I have offered to the powers that be (TPTB) running the various Town Councils in Singapore an opportunity for the open source community to help build an application to manage their respective towns following the unfolding fiasco around their current software solution which is nearing end of life.

I am not surprised to hear comments and even SMS texts from friends who say that I am silly to want to offer to create a solution using open source tools. I can only attribute that to their relative lack of understanding of how this whole thing works and how we can collectively build fantastic solutions for the common good of society not only in Singapore but around the world.

I work for a company called Red Hat. Red Hat is a publicly traded company (RHT on NYSE) and is a 100% pure play open source company. What Red Hat does is to bring together open source software and make it consumable for enterprises. Doing that is not an easy thing. A lot of additional engineering and qualifications have to go into it before corporates and enterprises feel confident to deploy it. Red Hat has been successful in doing all of that because of the ethos of the company in engaging with open source developers (and hiring them as full time employees where appropriate) so that we can help the world gain and use better and higher quality software for everything.

That means that in taking open source software, Red Hat has to ensure that improvements and enhancements done are put back out as well to benefit everyone else and at the same time, at a price, provide a service to enterprises that want to use these tools but also want accountability, support, continued innovation etc. That is the Red Hat business model. We are the corporate entity that enterprises deploying open source tools look to for sanity.

Naturally, everything we create is available to anyone else, including our competition, and, yes, we can be beaten at our own game. That’s the best part. The fact that we can be challenged by others with what we helped create is a fantastic situation to be in as it forces us to constantly innovate (and in the open) and show how we are a responsible open source community member while giving tremendous value to enterprises.

It is in that spirit that I made the offer to help form a team of open source developers in Singapore to create the management system software for the town councils.  Certainly, when the software is built and deployed, the town councils would need to have competent support and there is nothing stopping any of the IT SMEs in Singapore picking up that opportunity. This gives the Town Councils significant advantage in choosing vendors to support their needs while keeping the innovation forthcoming because the code is open.

Here’s an article in an IT publication which I was interviewed about open source and CIOs – yeah, self promotion :-). But, here’s a better article about how open source is so prevalent in the US  government as well (yes, Gunnar is a colleague of mine).

So, the offer to build an open source solution is genuine and sincere. It is not for me to make money out of it per se, but to foster a situation that will create even more opportunities for others to actively participate in create fantastic open source solutions for us not only for the Singapore public sector, but the world.

I hope this offer is taken up seriously by TPTB including parts of IDA and MND. And for the record, this offer has nothing to do with Red Hat.