October 09, 2015

<figure> <figcaption>src: https://upload.wikimedia.org/wikipedia/commons/thumb/9/9f/Vimlogo.svg/240px-Vimlogo.svg.png</figcaption> </figure>

Everyonceinawhile, you realize you've been brute forcing your way around some tool that you use every day. Too often, for me, that tool ends up being vim...

While I was mass editing the transcripts I used to create the FSF30 wordclouds, I realized I was doing too much manual movery to get to the next misspelled word. In a moment of clarity, I was like "hey, I bet vim has a way to properly do this!" And of course it did!


]s = move cursor to next misspelled word
[s = move cursor to previous misspelled word


The word 'harry' is a proper word, and the word 'potter' is a proper word, but if they are right next to eachother, likely you are not talking about someone persistently accosting a claysmith...

Luckily, vim will let you visually select the words together 'v2e', and then type 'zw' to mark the duo as a "wrong" word. You can then add the correctly capitalized duo of "Harry Potter" to your local dictionary by typing 'v2ezg'.

This will make "harry the potter" not show any misspellings, but "harry potter" will come up as misspelled, and when you spellcheck it, will give the proper caps.

Joli video par le MTQ.
Joli video par le MTQ.
New in Geoclue: Location sharing & convenience library
Apart from many fixes, Geoclue recently gained some new features as well.

Sharing location from phones

If you read planet GNOME, you must have seen my GSoC student, Ankit already posting about this. Basically his work enabled Geoclue to search for, and make use of any NMEA providers on the local network. The second part of this project, involved implementation of such a service for Android devices. I'm pleased that he managed to get the project working in time and even went the extra mile to fix issues with his code, after GSoC.

This is useful since GPS-based location from android is almost always going to be more accurate than WiFi-based one (assuming neighbouring WiFi networks are covered by Mozilla Location Service). This is especially useful for desktop machines since they typically do not have even WiFi hardware on them and have until now been limited to GeoIP, which at best gives city-level accurate location.

This feature was included in release 2.3.0 and you can download the Android app from here.

 Conveniece library

Almost since the beginning of Geoclue2 project, many people complained that using the new API is far from easy and simple, as it should be. While we have good reasons to keep D-Bus API as it is now, the fact that a lot of time passed since I got around to doing anything about this, meant that it was best if D-Bus API was not changed, Geoclue being a system service.

So this week, I took up the task of implementing a client-side library, that not only exposes gdbus-codegen generated API to communicate with the service but also added a convenience helper API to make things very simple. Basically, you just have to call a few functions now if you simply want to get a location fix quickly and don't care much about accuracy nor interested in subsequent location updates.

I only pushed the changes today to git master so if you have any input, now would be the best time to speak up. I wouldn't want to change API after release.
FSF's Nerdy 30
<figure> <figcaption>src: https://openclipart.org/image/300px/svg_to_png/87319/stiGNUcius.png</figcaption> </figure>
Fedora OpenID issues resolved

Fedora OpenID issues resolved

It is very likely that you have seen the issues we had with logging in to Fedora Infrastructure services, or other websites that use Fedora OpenID to authenticate you.

The issue presented itself during login, where as soon as you hit the Login button to submit your username and password, it would spin and wait for sometimes minutes, and retrying the entire process from start would “magically” work most of the time.

I am very excited to tell you that we have found the root cause of this issue, and it has now been resolved.

If you still have problems with Fedora OpenID, either this issue or any other, please file a Fedora Infra ticket at Fedora Infra trac, or ping me on IRC (puiterwijk on FreeNode).

What happened

First, a very little bit of background: in Fedora Infrastructure, we have multiple reverse proxies (at the time of writing 10), which are used to actually request our websites. So when you request any of the Fedora Infra services, your request ends up at any of those 10 reverse proxies, which then passes the request on through our internal network.

Now, Ipsilon authorizes your username and password with the Fedora Account System. But for accessing that, it also uses our reverse proxies.

Now, we have two of these proxies in our main datacenter where all of our servers are hosted. However, since we had no special case for the servers there, it could be that Ipsilon would try to access FAS to verify your user through a proxy all the way over in Europe, which is at the very least suboptimal.

Another part of the issue was that we have two proxies that are on donated machines wich are a little underpowered, and as such could not carry the load that was thrown at them.

So the fix that we have applied is to add a special case for our servers in the main datacenter to always use the two reverse proxies that are local to that datacenter. This means that to verify your username, the request will stay within the datacenter and not cross the big pool of water at least twice.

Easy fix, but it had been slightly tricky to find the cause.

N.B.: The reason this was not a problem before Ipsilon was because we had exactly this special case in when we were using FedOAuth, but I had forgot to transfer it during the migration to Ipsilon.

Batch of new updates [#2/2015]

Packages list which i have recently updated on Fedora:

  • ProDy 1.6.1 (based on Python2) is released on Fedora 22/23 and EPEL6. This package is not compiled yet with Python3 because of missing dependencies on Fedora, neither packaged on EPEL7. However, i have rebuilt extra ProDy packages on a Copr project: ProDy-EPEL6.
  • Available a new rewrited Engauge-digitizer (Engauge6) that updates the older Engauge-digitizer 5; packaged for Fedora 21/22/23 but not for EPEL6/7 because of a missing needed package again (log4cpp).


  • IceCat-38.3.0 has been recently pushed on updates-testing; it updates the older IceCat-31.8.0 in Fedora 21/22/23.

Filed under: Bug Fix, English, EPEL, FedoraPlanet, IceCat, Packaging, ProDy, RHEL, RPM, Sistema
USB Per Port Power Switching

Increasing numbers of single board computers are powered by USB ports using a cable like this:


Wouldn’t it be cool if you could plug these into a USB hub and have the hub individually power up and down the computers? Like a cheap APC power management board.

It turns out you can — with difficulty. The USB standard defines Per-Port Power Switching (PPPS) but unfortunately almost no hub in existence actually supports it. To save a few cents on the BOM, the manufacturers generally leave out the extra power transistors needed to make it work. One guy has modified his USB hub to add the extra part and full marks to him but that’s a lot of effort.

There is one hub which actually supports this: The D-Link DUB-H7, but only the first version (the silver/grey case). In the second version (black case), D-Link too realized their “mistake” and saved on the extra bits.

Armed with this knowledge, I bought one of these from the US (shipping cost 3x the cost of the hub itself).

And it works! Well, for a while.


I used the C hub-ctrl program from this page, and the instructions from here.

# lsusb
Bus 003 Device 005: ID 2001:f103 D-Link Corp. DUB-H7 7-port USB 2.0 hub

Switch off port 7 (right-most port):

# ./hub-ctrl -b 3 -d 5 -P 4 -p 0

Switch on port 7:

# ./hub-ctrl -b 3 -d 5 -P 4 -p 1

The ports are not numbered in the same sequence as the ports on the hub itself. I found by experimentation that the ports correspond as follows. I don’t know if it’ll be the same on every model:

Port hub-ctrl option
1 (left) -P 5
2 -P 6
3 -P 1
4 -P 2
5 -P 7
6 -P 3
7 (right) -P 4

The bigger problem is the hub is fairly unreliable. Switching ports on or off too frequently seems to result in the hub crashing, which appears to only be recoverable by powering the hub off for several seconds.

So I’m not quite there.

Fedora at LinuxCon Europe 2015

This week, another edition of LinuxCon Europe took place in Dublin and as always Fedora was there. The Linux Foundation confirmed our booth quite late, just two weeks before the event, so we didn’t have a lot of time for preparation. On the other hand, we got the stand and three passes for free which was big help because the conference is otherwise very expensive (the standard pass was ~$1000). And I’d like to thank the Linux Foundation for the support.

2015-10-05 10.39.38

Giannis and Jon at Fedora booth

Because we had little time for preparation, our booth was only basic: we had standard swag (Fedora logo stickers, Fedora product stickers, badges, case badges, pens), a stand-up banner, and a laptop showcasing Fedora Workstation 23. Unlike last year, the stand didn’t have the best location, but we still got a reasonable number of visitors. Here are some of my notes from the event:
  • One guy from Fujitsu Finland told us they were using Fedora on mission-critical servers and it turned out to be working fine. They’ve got the latest and greatest, they can adapt to changes earlier (he specifically mentioned systemd), and upgrading from one version of Fedora to another is much easier than to upgrade from one version of RHEL/CentOS to another.
  • A developer from Intel told us that their whole Linux development team was using Fedora. They also ran Fedora on their booth (another booth that ran Fedora was some UEFI organization). I was looking for someone from Intel who has something to do with the Intel video driver development because Retrace Server is full of false positives from the driver, but Intel was mostly represented by embedded Linux team.
  • Some developers asked what laptops we could recommend to run Fedora on because there is no compatibility database. I recommended ThinkPads because I think they still have the best Linux support and they’re still the most popular laptops among Linux developers.
  • Quite a few people asked us why we have two booths at the conference. That was because there was also a booth of Red Hat. A lot of people apparently think that Red Hat and Fedora Project are the same things. Having a separate booth sends a strong message that Fedora is not Red Hat-only thing and it’s, in fact, the most independent among the Red Hat-backed community projects.
  • Even at LinuxCon there are people who have no awareness of Fedora, so paciently kept explaining what Fedora is about and what has to offer. Building awareness in the enterprise ecosystem is IMHO one of the main benefits of being at LinuxCon.
  • It was a bit saddening to see so many Macbooks at LinuxCon. I saw more of them this year than any other year before. Even people from the Linux Foundation were promoting their Linux certifications from Macbooks with OS X.
  • Many visitors asked about the new Fedora products (Workstation, Server, Cloud). Evergreen question was why we have Fedora Server if there is already CentOS. A lot of people apparently associates Workstation with something for developers and serious work only and ask if we have something for end users. Yes, our core target audience are developers, but Fedora is still very much useful for other end users, too. Maybe we should say that more clearly and loundly in our marketing messaging.
2015-10-06 14.10.57

Fedora running at Intel booth

At the end, I’d like to thank the Fedora Project for sponsoring my travel and lodging and Jon Archer and Giannis Konstantinidis for staffing the booth with me.

this comic does assume our previous comic, "how to always avoid small talk forever", has somehow...

Dinosaur Comics originally shared:

this comic does assume our previous comic, "how to always avoid small talk forever", has somehow failed you
Configuring OpenStack to use jumbo frames (MTU 9000)

Controller nodes

Disable puppet :

# systemctl stop puppet
# systemctl disable puppet

Place a given controller into standby mode :

# pcs cluster standby $(hostname)

Update the MTU for all physical NICs being used by either provider or tenant networks :

# echo MTU=9000 >> /etc/sysconfig/network-scripts/ifcfg-eth0

Update the various Neutron related configuration files :

Note that if tenant networks are being used then we need to allow for the overhead of VXLAN and GRE.

# echo “dhcp-option-force=26,8900” > /etc/neutron/dnsmasq-neutron.conf
# openstack-config –set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf
# openstack-config –set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini agent veth_mtu 8900
# openstack-config –set /etc/neutron/l3_agent.ini DEFAULT network_device_mtu 9000
# openstack-config –set /etc/nova/nova.conf DEFAULT network_device_mtu 9000

Reboot to ensure everything persists.

# reboot

Unstandby the node and repeat on the remaining controllers :

# pcs cluster unstandby $(hostname)

Compute nodes

Disable puppet :

# systemctl stop puppet
# systemctl disable puppet

Update the MTU for all physical NICs being used by either provider or tenant networks :

# echo MTU=9000 >> /etc/sysconfig/network-scripts/ifcfg-eth0

Update the OVS plugin configuration file :

# openstack-config –set /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini agent veth_mtu 8900
# openstack-config –set /etc/nova/nova.conf DEFAULT network_device_mtu 9000

Reboot to ensure everything persists.

# reboot

Source: https://access.redhat.com/solutions/1417133

Day 1 of PyCon India 2015

Day one is the first day of main event. I was late to wake up, but somehow managed to reach the venue around 8:30am. Had a quick breakfast, and then moved into the Red Hat booth. Sankarshan, Alfred, Soni were already there. I don’t know the exact reason, but the booth managed to grab the attention of all the people in the venue. It was over crowded :) While the students were much more interested in stickers, and other goodies, many came forward to ask about internship options, and future job opportunities. Alfred did an excellent job in explaining the details to the participants. The crowd was in booth even though the keynote of day one had started. I missed most of keynote as many people kept coming in the booth, and they had various questions.

At 11:30AM, we had our annual Dgplug meetup on the staircase of the venue. It is already known as “dgplug staircase meeting”.We are a virtual group for the most part of the year, but PyCon is the time when we try to meet and discuss various things face to face. Though this year many new members were busy volunteering, so they missed the meeting. We mostly discussed about the summer training, what went wrong, how can we improve etc. Here are two tweets about the same from others.

I had only one talk in my mind (other than the keynotes) which I wanted to attend. It was “Pretty printing in Python” by Shakthi Kannan, a talk about a 3D printer made from the parts available in India, and his experiments with it in both software, hardware level. It was an excellent talk.

During lunch time Anwesha and Py (my daughter) came in. This was Py’s first conference. She really enjoyed it, happily roamed around with Sankarshan, and Chandan for a long time. Here is a family photo in the Red Hat booth.

Rest of the second half I spent mostly talking with the people in and around the booth. “What do you think about working in Red Hat and upstream projects? What is the difference you feel than working for any other big names?” this question led to an interesting discussion with few SymPy developers. I hope I managed to explain my viewpoints to them properly. That answer anyway should get it’s own blog post :)

This year we also had a childcare facility in the event, and it was amazing. So many kids were inside through out the both days of the event. The parents were extremely happy about the facility. Thank you organisers for making this available to the participants with kids.

October 08, 2015

GLPI version 0.90

GLPI (Free IT and asset management software) version 0.90 is available. RPM are available in remi-test repository for Fedora ≥ 18 and Enterprise Linux ≥ 5

As all plugins projets have not yet released a stable version, so version 0.85 stay available in remi repository.

Available in the repository:

  • glpi-0.90-1
  • glpi-behavior-0.90-1
  • glpi-fusioninventory-
  • glpi-ocsinventoryng-1.2.0-1
  • glpi-reports-1.9.0-1
  • glpi-webservices-1.6.0-1

Attention Warning: for security reason, the installation wizard is only allowed from the server where GLPI is installed. See the configuration file (/etc/httpd/conf.d/glpi.conf) to temporarily allow more clients.

You are welcome to try this version, in a dedicated test environment, give your feedback and post your questions and bugs on:

RPM and this page will be updated regularly until moved to stable (follow this entry).

Track the night sky with Stellarium on Fedora

Ever looked up at the night sky and tried to identify specific celestial bodies out of the millions you can see? Stellarium is an awesome open source planetarium application available in Fedora to help you identify and track objects in the night sky. Basically, it simulates the night sky and provides labels and other tools to help you know what you are actually looking at.

Finding items in the night sky

Stellarium labels the objects in the night sky that are of interest, and provides directional labels as well to help identify the objects in the sky. There are also options to show labels for deep-sky objects and exoplanets.


 Identifying constellations

Stellarium also draws lines between and labels the multiple stars that make up the constellations, and also has a mode that overlays constellation artwork over the simulated sky.


View the night sky from anywhere

You can also set the location to anywhere on Earth (or Mars, or many other bodies) where you want to simulate the night sky



Stellarium can also do a lot more, like view how Supernovae looked from earth at previous points in history, show meteor showers, identify and track satellites around earth like the International Space Station, and also follow specific bodies through the sky. Also, if you have a compatible telescope, you can use stellarium to control the positioning of your telescope.

Stellarium is available in the Official Fedora Repositories, so you can install via the Software application on Fedora Workstation, or via the command line with the command:

sudo dnf install stellarium


dchen’s apache-maven is updated to 3.3.3 for el7 and el6

The repo is located at:


To install this for from yum:

cd /etc/yum.repos.d; sudo wget https://repos.fedorapeople.org/dchen/apache-maven/epel-apache-maven.repo

Fedora 23 Cinnamon Spin -Test Day ( QA )

Hola comunidad, 

Hoy es el día de testeo del spin Cinnamon así que si usas este entorno y quieres ayudarnos en QA te invito a que des una vuelta por la wiki del día de pruebas. La he traducido para que tengan lo necesario para poder ayudar en el testo. pero de todas maneras aquí dejaré los pasos para realizar las pruebas.



  • Tener instalador Fedora 23 con Cinnamon, en caso de querer agregar este entorno ejecuta lo sgte:

sudo dnf install @cinnamon-desktop

  • Descargar la imagen diaría de Fedora 23 Cinnamon y probar desde el Live
  • Tener tu cuenta en FAS (Fedora Account System)
  • Tiempo y ganas de ayudar :)

Además he traducido la wiki del testcase del navegador ya que esta es una de las pruebas a realizar, así tendrán una idea algo mas clara.


Caso de prueba del navegador

  • Corriendo Fedora 23 Cinnamon, abran el navegador de la manera que quieran, vía panel o terminal.
  • Ingresen al FAS https://admin.fedoraproject.org/accounts/ e inicien su sesión.
  • Intenten descargar cualquier archivo desde internet, por defecto el directorio debería de ser “Downloads” o “Descargas” Dependiendo del idioma.

Aplicando los resultados a la wiki del día de prueba

=== Pruebas Básicas ===

! User
! [[QA:Testcase_desktop_browser|Navegador]]
! [[QA:Testcase_desktop_terminal|Terminal]]
! [[QA:Testcase_desktop_update_graphical|Actualización]]
! [[QA:Testcase_desktop_login|Inicio de Sesión]]
! [[QA:Testcase_audio_basic|Audio]]
! [[QA:Testcase_desktop_panel_basic|Panel]]
! [[QA:Testcase_desktop_automount|Montaje Automático]]
! References
| [[User:SampleUser|Sample User]]
| {{result|none}}
| {{result|pass}}
| {{result|warn}} <ref>Test pass, but also encountered {{bz|54321}}</ref>
| {{result|fail}} <ref>{{bz|12345}}</ref>
| {{result|none}}
| {{result|none}}
| {{result|none}}
| <references/>

La primera sección corresponde a los casos de pruebas, ahí no editen nada. La segunda parte es la que tienen que editar y agregar al final del html y justo antes de “|}”.

Como ven el template es sencillo y consiste en su nombre de usuario seguido de su nombre real, luego el resultado para cada prueba y la referencia al bug que  esté o no reportado. Al final del wiki agregé mis casos de prueba para que vean un ejemplo y puedan implementar los suyos. 

| [[User:asleqia|Carlos Morel-Riquelme]]
| {{result|pass}}
| {{result|pass}}
| {{result|pass}}
| {{result|none}}
| {{result|pass}}
| {{result|pass}}
| {{result|pass}}
| <references/>

A grandes rasgos es eso, no olviden que toda la ayuda es importante y cualquier dudas el canal  #fedora-test-day estará disponible para las consultas. Estaré ahí durante la tarde ayudando, sino mi mail en caso de consultas.


Espero esto sea útil a la comunidad y al software libre. :)

It's Time to End the War On Stupid People

I never knew Sarah Sharp personally, but I was aware of her.

On one hand, it's hard to say how; I've never had particular interest in the USB stack, or much at all outside of the core kernel, and even there I've never managed to actually contribute beyond a couple of cosmetic patches.

On the other hand, it's little mystery at all: Sarah was the first female kernel contributor I'd ever heard of, and the only one I can readily name now. It's an uncomfortable answer, because when someone breaks into a space that doesn't often include their gender or background, we feel we avoid culpability by being nonchalant. No exclusion here, nosiree. Didn't even notice you were a woman. It's comforting and dishonest; when someone breaks a boundary of cultural exclusion, regardless of how your reaction may later be judged, the fact is you notice.

Although apparently nobody noticed when Sarah quietly disappeared over the past year, finally coming out to cite now-familiar complaints about the toxic and hostile atmosphere on LKML and in the kernel community in general.

In an ignorant youth that I'd rather was further away than it is, I remember liking the atmosphere on LKML. Mentioning being in the kernel community seemed to have the same effect on the right kind of crowd as saying you were from Brooklyn did in the early 90s. The threads of LKML were mean streets that would chew you up and spit you out if you weren't tough enough to handle it. But I was, of course. I was tough, you betcha, and only real tough guys have what it takes to stand up for code the way it should be written.

It's not hard to see the appeal, for a certain sort of ego, but there's something deeper. "Nerd" communities gravitate toward this form again and again. Other open source forums, video game communities, 4chan, the marks are similar no matter how distant the topics get. And why? What is it about geeky types that produces this sort of structure?

What is the war on stupid people?

Being cursed with doting parents, I got called a "genius" from a very young age, well on in to my adult years. I had my share of unusual feats, and I liked computers which were proper "genius" things to like, and at some point I took an IQ test and a very impressive number was produced. "Genius" it was then.

Of course, the older I get, the less I'm convinced there really is any such thing. Getting anything meaningful out of as gloriously defective a thing as a human brain, no matter what condition it may be in, is a skill and an art, not a product of ordainment into a pantheon of great thinkers. So I stopped thinking of myself as a genius.

But before I did, I remember thinking everyone else was stupid.

Perhaps it's too much praise, or some failure to notice the dissonance in thinking you're better than everyone else and then also expecting them all to keep up, but I'm hardly the only sufferer of the condition. To a certain sort of mind, stupidity is the chief moral and cultural demon in the modern world. When you have the answer to everything, it suddenly becomes clear that the only thing between the world and paradise is all of those people who just won't fucking listen no matter how many times I explain the most obvious thing God damn them!

It is human nature to define our enemies, and soon the abstract and ill-defined idea of "stupid" begins to take on concrete and fantastically fictional features. It becomes intentional; every futile political debate, every badly indented piece of forgotten code, every near-mishap on the freeway, all engineered by some malevolent demographic of those who wish to fuck everything up for everyone.

And so protectorates are established. Bastions to hold back the encroaching stupid masses. The mean streets of LKML, where yes you will be lambasted and degraded and torn apart daily, but you're ok with it because you're tough. You're a real tough guy who can take this sort of thing because you're not one of them. It is all necessary to protect you from them. And if you can't, well maybe you're one of them after all and you should leave, traitor.

As the airport screenings protect you from Muslims and the mass incarcerations protect you from drugs, so this sort of personal violation protects you from idiocy.

I'm prone to hyperbole, on this blog especially, but I have also witnessed a contributor in #fedora openly proclaim that someone seeking help in the channel was being deliberately incompetent for the purpose of causing him frustration. On multiple separate occasions. If one ever wanted to destroy the field of economics entirely, one need only come up with a single example of a person dedicating time and effort to such a perfectly and absolutely unproductive task. What can we call the belief that such people exist and are out to get you other than psychotic paranoia?

And so, I ask, what is it to be stupid, really? Are some slower to process information or discover novel solutions to problems? Certainly, and some run less quickly than others. If we leave behind our childish desperation to invert the high school hierarchy, I can scarcely find much reason to value one much over the other. A person who is "stupid" in this way does me no harm whatsoever. Is irrationality and succumbing to bias a better definition? Doubtful. These are real and dangerous problems, but irrationality is not so intrinsic as we claim of "stupidity." Rationality is a procedure, the "skill and art" I mentioned earlier. It can and has been described as a step-by-step process, and it requires only minimal mental power to execute. What it requires a great deal more of is self-discipline. I hardly think the behaviors we describe here demonstrate much of that.

So let's bring an end to it. Call of the war on stupid people. Respect others as a matter of policy. I promise you the kernel will be fine. All of us will be. Most of us better.

Cinnamon Test Day tomorrow (2015-10-08)

It’s time for the final Test Day of the Fedora 23 cycle: tomorrow, Thursday 2015-10-08, is Cinnamon Test Day. A nice simple one: we’ll be testing out the Cinnamon desktop on Fedora 23, particularly the new live spin, and making sure everything works well and looks right. If you’re a Cinnamon fan, interested in it, or just a keen tester with a bit of spare time, please come out and help!

The Cinnamon spin maintainer Dan Book (grinnz) will be around and I’ll try to drop in from time to time too.

As always for Test Days, the live action is in #fedora-test-day on Freenode IRC. If you don’t know how to use IRC, you can read these instructions, or just use WebIRC.

October 07, 2015

FUDCon APAC 2015 – a Memoir


This post has been long overdue. In fact a post here has been long overdue. Much has happened since the last time I wrote here. There are new DNS patches to be merged, the Docker & DNSSEC resolver interconnect, kernel & Qemu issues I’ve been analysing, Fedora Security Team(FST), huh..each would need a separate post. Anyway, it’s good to be back here.

It was this time last year that we began to have lunch table discussions about hosting FUDCon in India. The last time we did was in 2011. A lot had changed since 2011; Old-timers had moved on, new ones had joined hands, many of them with a distant view of the open source, Fedora and FUDCon. But what was still same was the excitement to participate and to host FUDCon. What started as a fond activity for me, had quite a thrilling climax wherein I ended up calling the India’s Ambassador to China in Beijing. :)

We began with scouting for a venue, as the bidding process required us to have confirmed venue & budget arrangements in place. Though FUDCon is a get-together for Fedora contributors, we wanted local community to benefit from this gathering. So a college or university campus was our preferred choice for the venue. All of the campuses we visited were more than welcoming; In fact they wanted us to setup ongoing programs for their students and teachers alike. My observation is, people are convinced of the power of Open Source principles and methodology, but they have no idea about how to participate and take advantage of it. After much deliberations we settled on the MIT College of Engineering for our venue and the bid was proposed.

Shortly after the bid was accepted, I left the city of Pune – the ground zero of FUDCon APAC 2015. And thus began the spell of weekly calls, meetings and updates. As soon as the bid was accepted, we sent out a call for volunteers. We broadly defined the tasks(travel, talks selection & scheduling, marketing, video recording, catering, FUDPub et. al.) and volunteers assumed their responsibilities. I picked to help the delegates with their travel requirements, amongst various other things. When I moved out, I half expected to have diminishing responsibilities towards FUDCon. But in retrospect, it’s intriguing how actively I was involved. I think the first step towards active participation in open source communities is to connect, to join the call, say hello and listen. In my case it was conference calls, but one could just as easily connect over email/IRC/twitter/hangout, either means of communication.

Through these weekly calls and meetings we assessed overall progress on each task, discussed and devised alternative solutions for issues, listened to individual inputs, argued and fought over it, pulled each-other’s legs and had fun all the way. Of course a huge team of volunteers were working relentlessly on ground zero to ensure that all the needed pieces(banners, recording gear, transport, accommodation, vendor billing,…) are put together at the right time. Before I knew, five months had passed and I was on my way to attend ‘FUDCon APAC 2015’. :) Excited to meet old friends, colleagues, and everybody that I’d been communicating with for the past few months. Meanwhile it had almost slipped my mind that I was to present a talk about – Local DNSSEC resolver: F23 Feature.

At FUDCon surroundings were brimming with a familiar energy. It started right at the hotel as delegates arrived from around the world. The peculiar excitement in the hotel lobby when delegates bump into each other is uniquely rewarding. On day one, I was to attend the registration desk and distribute swags. After the first half of doing that, I moved about different sessions catching glimpses at each. Day two was little easier, there was no mad rush of day one. I hitched a ride with a friend to the venue, found a corner in the speaker’s lounge and resorted to prepare for my talk. As the day concluded, it was time for the super electric FUDPub. :) Day three was of workshops, I jumped through couple of sessions and talks and was back again at the front desk to work with the volunteers as they were preparing to wrap-up. Three days went by so fast, before I knew, it was time for the concluding keynote and the vote of thanks. As the delegates bid their good byes, they made plans to catch-up again at the next conference. :)

FUDCon APAC 2015 album:
  -> https://www.flickr.com/photos/pjps/albums/72157659591987932

RMR: Rick's Rant - Two Weeks 'til the Election
Setting Up Storage to make docker-storage-setup work
Overview (Source)

Docker needs storage to store containers and container images. The default storage option for Docker on Red Hat Enterprise Linux Atomic Host is an LVM thin pool while the default option on other variants of Red Hat Enterprise Linux is thin pool on loopback devices which is not recommended for production systems. The docker-storage-setup service can assist you in setting up an LVM thin pool. When docker starts, it automatically starts docker-storage-setup.
By default, docker-storage-setup tries to find free space in the volume group backing the root volume and tries to setup a thin pool. If there is no free space in the volume group, docker-storage-setup will fail to set up an LVM thin pool and will fall back to using loopback devices.

I was experimenting to make docker-storage-setup on a bare-metal because if you have single hard-drive on bare-metal and didn't have any free/unallocated space then docker-storage-setup service will always fail because it will not get required PE (Physical Extend)

[root@dhcp201-188 ~]$ systemctl status docker-storage-setup.service -l
● docker-storage-setup.service - Docker Storage Setup
   Loaded: loaded (/usr/lib/systemd/system/docker-storage-setup.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2015-10-07 02:45:23 EDT; 38s ago
  Process: 1418 ExecStart=/usr/bin/docker-storage-setup (code=exited, status=5)
 Main PID: 1418 (code=exited, status=5)

Oct 07 02:45:23 dhcp201-188.englab.pnq.redhat.com systemd[1]: Starting Docker Storage Setup...
Oct 07 02:45:23 dhcp201-188.englab.pnq.redhat.com docker-storage-setup[1418]: Rounding up size to full physical extent 264.00 MiB
Oct 07 02:45:23 dhcp201-188.englab.pnq.redhat.com docker-storage-setup[1418]: Volume group "fedora_dhcp201-188" has insufficient free space (1 extents): 66 required.
Oct 07 02:45:23 dhcp201-188.englab.pnq.redhat.com systemd[1]: docker-storage-setup.service: main process exited, code=exited, status=5/
Oct 07 02:45:23 dhcp201-188.englab.pnq.redhat.com systemd[1]: Failed to start Docker Storage Setup.

You can check available PE for any physical volume using 'pvdisplay'.

[root@dhcp201-188 ~]$ pvdisplay  -m
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               fedora_dhcp201-188
  PV Size               257.76 GiB / not usable 3.00 MiB
  Allocatable           yes
  PE Size               4.00 MiB
  Total PE              65985
  Free PE               1
  Allocated PE          65984

  PV UUID               kQX8gz-ePZe-njYM-b3mQ-owBh-ZZCT-7MBka6
  --- Physical Segments ---
  Physical extent 0 to 51199:
    Logical volume      /dev/fedora_dhcp201-188/root
    Logical extents     0 to 51199
  Physical extent 51200 to 63999:
    Logical volume      /dev/fedora_dhcp201-188/home
    Logical extents     0 to 12799
  Physical extent 64000 to 65983:
    Logical volume      /dev/fedora_dhcp201-188/swap
    Logical extents     0 to 1983
  Physical extent 65984 to 65984:

So I didn't have any free/unallocated space before and we can't create any if we have single hard drive which have boot mounted. I tried using Gparted live to resize my root mounted space but that didn't work out and I ended up reinstalling OS. This time I was much careful and around 200 GB saved for docker-storage-setup which is unallocated till now.

After first boot to your system 'fdisk' will not list your unallocated/free space so I have to use 'parted' to find out details about partitions and  free space.

(parted) print free
Model: ATA WDC WD5000AAKX-6 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start   End     Size    Type     File system  Flags
        32.3kB  1049kB  1016kB           Free Space
 1      1049kB  525MB   524MB   primary  ext4         boot
 2      525MB   277GB   277GB   primary               lvm
        277GB   500GB   223GB            Free Space

Now I have to create a partition using free space so I can create a new volume group to use it with docker-storage-setup.

(parted) mkpart primary ext4 283649 386049
(parted) toggle 3 lvm                                                           
(parted) print                                              
Model: ATA WDC WD5000AAKX-6 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start   End    Size   Type     File system  Flags
 1      1049kB  525MB  524MB  primary  ext4         boot
 2      525MB   277GB  277GB  primary               lvm
 3      284GB   386GB  102GB  primary  ext4         lvm, lba

We can now check with 'fdisk' utility about newly created partition detail also.

 [root@dhcp201-188 ~]$ fdisk  -l
Disk /dev/sda: 465.8 GiB, 500107862016 bytes, 976773168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x9f119e31

Device     Boot     Start       End   Sectors   Size Id Type
/dev/sda1  *         2048   1026047   1024000   500M 83 Linux
/dev/sda2         1026048 541581311 540555264 257.8G 8e Linux LVM
/dev/sda3       554002432 754001919 199999488  95.4G 8e Linux LVM

Now if you again check about physical volume and volume group you will find that we still don't have any volume group for '/dev/sda3'.

[root@dhcp201-188 ~]$ pvdisplay -m
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               fedora_dhcp201-188
  PV Size               257.76 GiB / not usable 3.00 MiB
  Allocatable           yes
  PE Size               4.00 MiB
  Total PE              65985
  Free PE               1
  Allocated PE          65984
  PV UUID               kQX8gz-ePZe-njYM-b3mQ-owBh-ZZCT-7MBka6
  --- Physical Segments ---
  Physical extent 0 to 51199:
    Logical volume      /dev/fedora_dhcp201-188/root
    Logical extents     0 to 51199
  Physical extent 51200 to 63999:
    Logical volume      /dev/fedora_dhcp201-188/home
    Logical extents     0 to 12799
  Physical extent 64000 to 65983:
    Logical volume      /dev/fedora_dhcp201-188/swap
    Logical extents     0 to 1983
  Physical extent 65984 to 65984:
  "/dev/sda3" is a new physical volume of "95.37 GiB"
  --- NEW Physical volume ---
  PV Name               /dev/sda3
  VG Name              
  PV Size               95.37 GiB
  Allocatable           NO
  PE Size               0  
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               Ryhj4d-x1al-ZDPn-WTcw-DWlg-8q8f-yrsAHA

We have to create volume group so that it can be used with docker-storage-setup.

root@dhcp201-188 ~]$ vgcreate docker_vol /dev/sda3
 [root@dhcp201-188 ~]$ pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               fedora_dhcp201-188
  PV Size               257.76 GiB / not usable 3.00 MiB
  Allocatable           yes
  PE Size               4.00 MiB
  Total PE              65985
  Free PE               1
  Allocated PE          65984
  PV UUID               kQX8gz-ePZe-njYM-b3mQ-owBh-ZZCT-7MBka6
  --- Physical volume ---
  PV Name               /dev/sda3
  VG Name               docker_vol
  PV Size               95.37 GiB / not usable 4.00 MiB
  Allocatable           yes
  PE Size               4.00 MiB
  Total PE              24413
  Free PE               14608
  Allocated PE          9805
  PV UUID               Ryhj4d-x1al-ZDPn-WTcw-DWlg-8q8f-yrsAHA

Now we have volume group which contain enough free PE for docker service uses, as per final step we have to put 'docker_vol' specification to '/etc/sysconfig/docker-storage-setup'

[root@dhcp201-188 ~]$ cat /etc/sysconfig/docker-storage-setup      
# Edit this file to override any configuration options specified in
# /usr/lib/docker-storage-setup/docker-storage-setup.
# For more details refer to "man docker-storage-setup"

Changing Docker Storage Configuration (source)

If you change the storage configuration of Docker, you must also remember to remove the /var/lib/docker directory. This directory contains the metadata for old images, containers and volumes which are not valid for the new configuration. Examples of instances in which you might change the storage configuration include when you switch from using loop devices to LVM thin pool or if you switch from one thin pool to another. In the later case, you should also remove the old thin pool. 

# systemctl stop docker
# Remove old thin pool logical volume (lvremove docker/docker-pool)
# rm -rf /var/lib/docker/
# systemctl start docker

Now you can check docker-storage-setup service and it no longer in failed state.

 [root@dhcp201-188 ~]$ systemctl start docker-storage-setup.service
[root@dhcp201-188 ~]$ systemctl status docker-storage-setup.service -l
● docker-storage-setup.service - Docker Storage Setup
   Loaded: loaded (/usr/lib/systemd/system/docker-storage-setup.service; disabled; vendor preset: disabled)
   Active: inactive (dead) since Wed 2015-10-07 05:53:47 EDT; 1s ago
  Process: 27084 ExecStart=/usr/bin/docker-storage-setup (code=exited, status=0/SUCCESS)
 Main PID: 27084 (code=exited, status=0/SUCCESS)

Oct 07 05:53:46 dhcp201-188.englab.pnq.redhat.com systemd[1]: Starting Docker Storage Setup...
Oct 07 05:53:47 dhcp201-188.englab.pnq.redhat.com docker-storage-setup[27084]: Logical volume "docker-pool" changed.
Oct 07 05:53:47 dhcp201-188.englab.pnq.redhat.com systemd[1]: Started Docker Storage Setup.

Hope it will be helpful, happy hacking !!
How Fedora is translated into over 90 different languages

If you’ve ever wondered how Fedora is translated into your preferred language? The answer is the Fedora L10N team. Translation is done across over 100 individual projects in over 90 languages. Developers of each project upload new strings to the L10n translation platform and teams of translators work together translate and review as many strings as possible before each new Fedora release.

Ever wanted to get involved in the Fedora project but wasn’t sure how?

Joining the L10n team may be for you. If you would like to get involved, the team have put together a guide to get you started.

A New Translation Platform

Until recently, Fedora L10n had been benefiting from a localization platform, Transifex. But after Transifex announced it would be moving to a propriety code base, major concern arose. A core value of Fedora is Freedom, moving to an alternative FLOSS translation platform was supported by the L10n team. A few alternative were available, but the Zanata team quickly provided instances for the team to test. After a month of testing, the team voted in favour of switching to Zanata. This decision was brought to FESCO and also gained the Fedora developers agreement.


Moving to a new platform did mean some L10n members were lost, but this was expected and many were considered to be inactive before the move anyway. Over 390 members are now working on Zanata, many of which have quickly adapted.


It’s been over 6 months since the migration to Zanata and if you have been involved in any part of the process, we’d love your feedback. To assist with this, we have put together a quick survey.

We plan to post the anonymized results to the Zanata blog, Fedora L10n mailing list, and in the comments of this post.

We hope to use the results to better understand the Fedora community’s translation needs and goals, and ensure Zanata is the best tool to fulfil them.

We’d love your feedback.

October 06, 2015

All systems go
New status good: Everything seems to be working. for services: Fedora Wiki, Fedora People, Zodbot IRC bot, The Koji Buildsystem, Darkserver, Tagger, Package Database, Fedora pastebin service, Blockerbugs, Badges, FedoraHosted.org Services, Mirror Manager, Koschei Continuous Integration, Ipsilon, Mirror List, Package maintainers git repositories, Account System, Fedora websites, Documentation website, COPR Build System, Package Updates Manager, Ask Fedora, Fedora Packages App, FreeMedia, Fedora Messaging Bus, Fedora elections, Mailing Lists, Fedora Calendar

shakes fist

Okay, they did think of it 2 years before me -- though I can't imagine how it's not prior-art'ed.

I'll be repeating my "Giant Bags of Mostly Water" Linux Security Summit talk at the Korea Linux...
I'll be repeating my "Giant Bags of Mostly Water" Linux Security Summit talk at the Korea Linux Forum coming up in 3 weeks. Come hang out if you're attending (it's right before this year's Kernel Summit).
There are scheduled downtimes in progress
New status scheduled: scheduled outage for services: Fedora Wiki, Fedora People, Zodbot IRC bot, The Koji Buildsystem, Darkserver, Tagger, Package Database, Fedora pastebin service, Blockerbugs, Badges, FedoraHosted.org Services, Mirror Manager, Koschei Continuous Integration, Ipsilon, Mirror List, Package maintainers git repositories, Account System, Fedora websites, Documentation website, COPR Build System, Package Updates Manager, Ask Fedora, Fedora Packages App, FreeMedia, Fedora Messaging Bus, Fedora elections, Mailing Lists, Fedora Calendar
There are scheduled downtimes in progress
New status scheduled: Everything seems to be working. for services: Fedora Wiki, Fedora People, Zodbot IRC bot, The Koji Buildsystem, Darkserver, Tagger, Package Database, Fedora pastebin service, Blockerbugs, Badges, FedoraHosted.org Services, Mirror Manager, Koschei Continuous Integration, Ipsilon, Mirror List, Package maintainers git repositories, Account System, Fedora websites, Documentation website, COPR Build System, Package Updates Manager, Ask Fedora, Fedora Packages App, FreeMedia, Fedora Messaging Bus, Fedora elections, Mailing Lists, Fedora Calendar
Run a Minecraft server using Spigot

Minecraft is one of the most popular video games in the world today, with over 70 million purchased accounts. After playing single-player for a while, the next step most players look into is multiplayer. There are thousands of servers for Minecraft players to join, and starting your own server isn’t too difficult either. The most popular Minecraft server software is called Spigot.

Spigot is an open-source Java project that lets users run their own Minecraft server and add plugins to extend the possibilities of their server. There are over 100,000 Spigot servers in existence today. This makes Spigot one of the most stable and diverse Minecraft servers available.

Compiling Spigot

To use Spigot, you must use their BuildTools utility to build and compile Spigot from source code. In order to use BuildTools, you’ll need to install Java and git. To do this, open a terminal and run this command:

sudo dnf install java-1.8.0-openjdk git

After the command finishes, you can prepare to compile Spigot. First download the latest version of BuildTools from the Spigot Jenkins and place it into a new directory. Next, open up a terminal and change directories into the directory you placed BuildTools in. To compile Spigot, run the following commands:

git config --global --unset core.autocrlf
java -jar BuildTools.jar

The first command is important, because it ensures line endings are consistent so BuildTools works correctly.

After BuildTools finishes running, a few different JAR files now appear in the directory. These include something like craftbukkit-1.x.x.jar and spigot-1.x.x.jar, where x.x represents the current version of Minecraft. CraftBukkit is the original Minecraft server implementation, but is no longer officially maintained. (The Spigot team releases updates for CraftBukkit.) Spigot is a fork of CraftBukkit with a few performance enhancements under the hood. Therefore, you’ll want to use the Spigot JAR file.

Starting Your Server

Once you have the spigot-1.x.x.jar file ready, it’s time to move onto finally running your server! There are a variety of methods to do this. We’re going to use window manager software called tmux to allow you to run your server without needing to keep a terminal window open.

First, install tmux from the Fedora repositories. Run the following command in a terminal window:

sudo dnf install tmux

There are countless ways to use tmux and do all kinds of awesome things. For relevancy, this guide only covers basic usage. You can learn more about using tmux using this cheatsheet. For our purposes, we’ll create a tmux session, write a basic start-up script, and then run our Spigot server inside of the tmux session. Before we get rolling, you will want to write your start-up script. This can be a one-line file, and should be named something like start-spigot.sh. Its contents should look something like this:

java -Xms1024M -Xmx1024M -jar spigot.jar

After writing this script, place it in the same directory with your Spigot JAR file. Now let’s move onto setting up tmux and running your server. Run the following commands to set up your session:

tmux new -s minecraft
cd /path/to/spigot.jar
chmod +x start.sh

Your Spigot server now starts running and provides more instructions on your screen for setting up your server.

Basic Configuration

There are a few basic configuration tips and guides available for how to best configure your Spigot server to meet your needs. A full configuration guide can be found on the Spigot Wiki. In this article, we will cover some of the basic and most important configuration tips. There are two configuration files we will need to work with: server.properties and spigot.yml.


There a wide number of settings in this file, but we will only cover some of the essential parts:

  • server-ip
    • Default: <empty>
    • When blank, this assumes the localhost. If your machine does not have multiple IP addresses, leaving this blank is acceptable.
  • server-port
    • Default: 25565
    • Specify the TCP port that you want your Spigot server to listen on.
  • enable-query
    • Default: false
    • Set this to true to allow external services to ping your server for information, such as a listing website showing online players and active plugins.
  • query.port
    • Must be manually entered
    • You should set this UDP port to a different number than your server TCP port to prevent anyone on the Internet from easily finding out information about your server, if you do not wish to share it.
  • max-players
    • Default: 10
    • Specify the maximum number of players that can play on your server at the same time.
  • motd
    • Default: A Minecraft Server
    • Change this line to a server name for your Minecraft server that appears on the Multiplayer menu. You can have up to two lines on the menu; to split your MOTD, use the \n escape character.


The spigot.yml file contains default configuration specific to the Spigot server. There are several options that can be changed here. If performance is a concern, you can tweak settings to maximize performance on even the oldest system. A full Spigot configuration guide can be found on their wiki. However, like before, we’ll cover some basic configuration options here.

  • settings > restart-on-crash
    • If your server should ever crash, you can have it automatically restart by calling the start script you created earlier. This is especially useful if you want to run your server long-term. Just ensure your start script is specified in the following line for this setting.
  • world-settings > anti-xray
    • There are plenty of hacks and cheats in Minecraft. One of the most popular is the x-ray hack. This cheat allows players to see through “useless” blocks and immediately find more valuable blocks behind them, such as diamonds and gold. Spigot has its own anti-xray protection built-in to try to counter this.
    • There are two different engine modes: 1 and 2. Mode 1 is a lighter protection that isn’t as effective, but conserves resources. Engine Mode 2 requires more computing power but attempts to obfuscate all non-visible blocks on the fly to block x-ray hacks. Try playing around with the settings to find what works best for you!
  • world-settings > dragon-death-sound-radius
    • This is just one example of the tweaks available in Spigot. You can adjust the range of the dragon death sound for all players on your server. By default, anyone online can hear the sound if a player slays the dragon. This setting allows you to set a radius to limit the range of the death noise.
  • world-settings > arrow-despawn-rate
    • This setting is more of a performance-oriented tweak. If you lower the default rate for arrows to despawn, you can reduce the load on your server to render these items. If players on your server are always shooting bow-and-arrows at each other, this can be a very useful tweak to gain performance.


In addition to the default configuration options, Spigot comes with a rich API that Java developers can use to write their own plugins and modifications for Spigot. If you want to find more plugins, Spigot hosts a wide number of user-submitted plugins on their Resource Manager. Searching for plugins that interest you is a great way to expand the potential of your server, and to make it more interesting for your players. Try playing around with a few different plugins to find what works best for you and your players.

In no time, you’ll be up and running your Spigot server for the world to play on!

Fedora kernel exploded tree part deux: Snakes and assumptions
A while back I wrote about some efforts to move to using an exploded source tree for the Fedora kernel. As that post details, it wasn't the greatest experience. However, I still think an exploded tree has good utility and I didn't want to give up on the idea of it existing. So after scraping our "switch" I decided to (slowly) work on a tool that would create such a tree automatically. In the spirit of release-early and pray nobody dies from reading your terrible code, we now have fedkernel. The readme file in the repo contains a high level overview of how the tool works, so I won't duplicate that here. Instead I thought I would talk about some of the process changes and decisions we made to make this possible.

Git all the things

One of the positive fallouts of the previous efforts was that all of the patches we carried in Fedora were nicely formatted with changelogs and authorship information. Being literally the output of git-format-patch instantly improved the patch quality. When it came time to figure out how to generate the patches from pkg-git to apply to the exploded tree, I really wanted to keep that quality. So I thought about how to accomplish this and then I realized there was no need to reinvent the wheel. The git-am and git-format-patch tools existed and were exactly what I wanted.

After discussing things with the rest of the team, we switched to using git-am to apply patches in the Fedora kernel spec. The mechanics of this are pretty simple: the spec unpacks the tarball (plus any -rcX patches) and uses this as the "base" commit. Stable update patches are applied as a separate commit on top of the base if it is a stable kernel. Then it walks through every patch and applies it with git-am. This essentially enforces our patch format guidelines for us. It does have the somewhat negative side effect of slowing down the %prep section quite a bit, but in practice it hasn't been slow enough to be a pain. (Doing a git add and git commit on the full kernel sources isn't exactly speedy, even on an SSD.)

So after %prep is done, the user is left with a git tree in the working directory that has all the Fedora patches as separate commits. "But wait, isn't the job done then?", you might ask. Well, no. We could call it good enough, but that isn't really what I or other users of an exploded tree were after. I wanted a tree with the full upstream commit history plus our patches. What this produces is just a blob, plus our patches. Not quite there yet but getting closer.


This is where fedkernel comes in. I needed tooling that could take the patches from this franken-tree and apply them to a real exploded git tree. My previous scripts were written in bash, and I could have done this in bash again but I wanted to make it automated and I wanted it to talk to the Fedora infrastructure. This means it was time to learn python again. Fortunately, the upstream python community has great documentation and there are modules for pretty much anything I needed. This makes my "bash keyboard in interactive python session" approach to the language pretty manageable and I was able to make decent progress.

To get the patches out of the prepped sources, I needed to know mainly one thing. What was the actual upstream base for this build? That is easy enough to figure out if you can parse certain macros in kernel.spec. The one part that proved to be somewhat difficult was for git snapshot kernels. We name these -gitY kernels, where X increases until the next -rcX release. E.g. kernel-4.3.0-0.rc3.git1.1, kernel-4.3.0-0.rc3.git2.1, etc. That's great for RPMs, but the only place we actually documented what upstream commit we generated the snapshot from was in an RPM %changelog comment.

Parsing it out of there is possible, but it's a bit cumbersome and it is somewhat error prone. The sha1sum is always recorded, but it isn't guaranteed to be the newest changelog. Other patches and changelogs can be added before the kernel is actually built. Fortunately, we use a script to generate these snapshots. To make it trivial to figure out the sha1sum, I modified the script to record the full commit has to a file called gitrev in pkg-git. Now fedkernel can easily read that file and use it as the base upstream revision to apply patches on top of. Yay for cheating and/or being lazy.

The rest of the code deals with prepping the tree, using the git python module to do manipulations and generate patches, and applying them to the other tree. Python actually made much of this very easy to do and again I'm really glad I used that instead of bash.


So now that we modified a few things in pkg-git to make this easier, the assumptions basically fall out to be:

- Patches in the prepped source can be retrieved via 'git format-patch'
- The upstream base revision is determinable from kernel.spec and the gitrev file.

Pretty simple, right? Yes. Except the code isn't complete by any means and it requires a bit more manual setup. Like having existing pkg-git and linux.git trees that it can modify which contain all the branches and proper remotes set up already. That isn't really a huge issue, but it does mean when f24 is branched and rawhide becomes f25, we'll need to do some updates. Perhaps before then we'll have fixed the code (or some nice person will submit a pull request that does so.)

I've been using the tool to generate exploded trees for the past week or so. It seems to be working well, and I've published them at https://git.kernel.org/cgit/linux/kernel/git/jwboyer/fedora.git/ once again. There is a history gap there as the tree fell into disrepair for a while, but it should be kept current going forward.

Even if the code is terrible and hacky, writing it was a good learning experience. I hope to keep refining it and improving things in the TODO over time. If you want to pitch in, patches are always welcome. You can email them to me, submit a pagure.io pull request, or mail the Fedora kernel list as usual.
logger v2.28
logger is small util to send log messages from command line. It supports (relatively) a new systemd journal as well as classic syslog. The syslog is still de-facto standard for enterprise admins and the latest logger version add support for RFC5424. This RFC introduces "structured-data" and since v2.28 logger is going to support this feature too.

The structured data is parse-able part of the message in format:

[SD-ID[@digits] SD-PARAM="value" SD-PARAM="value" ...]
for exmaple:

<13>1 2015-10-01T14:07:59.168662+02:00 ws kzak - - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="218616"] message
is complete message. The message structured data contains one element with ID "timeQuality". This is standardized element, the custom user defined elements have to use "@digits" suffix in the ID name. It's possible to have arbitrary number of the structured data elements.

And now this functionality is completely exported to logger command line to provide control over the elements, v2.28 is going to introduce two new options, --sd-id to specify structured data element ID and --sd-param to specify one SD-PARAM=value pair, for example:

logger --rfc5424 --sd-id zoo@123 \
--sd-param tiger=\"hungry\" \
--sd-param zebra=\"running\" \
--sd-id manager@123 \
--sd-param onMeeting=\"yes\" \
"this is message"

<13>1 2015-10-01T14:07:59.168662+02:00 ws kzak - - [timeQuality tzKnown="1" isSynced="1" syncAccuracy="218616"][zoo@123 tiger="hungry" zebra="running"][manager@123 onMeeting="yes"] this is message
message with three SD elements: timeQuality build-in element, zoo@123 and manager@123 user defined elements.

Now all you need is smart server side or log indexing tool that understand RFC5424 (e.g. rsyslog).

Sharing in open source and swag

This week I feel like I should share not only what I’ve done, but a lot of things my fellow contributors made, and then go on to a summary of interviews I’ve had with Fedora ambassadors and event organizers.

Fedora way

And to start here is a very nice article about what it means to do things the open source way and what is open source. Some of the best quotes for me:

Users who aren’t programmers also benefit from open source software, because they can use this software for any purpose they wish—not merely the way someone else thinks they should.

Doesn’t “open source” just mean something is free of charge?
No. This is a common misconception about what “open source” implies. Programmers can charge money for the open source software they create or to which they contribute.

This is something that most people don’t realize when they hear words “open source”. And I feel it is important to understand that open source doesn’t include just programming, though it originated in the context of computer software development. But is also about the way of life and what is called the open source way. Which means that to contribute to open source projects you do not have to code! (You might if you want to ;) ). Just remember that it is important to share and sharing is caring.

Specifically for designers: you might consider using the open source programs. It presents an opportunity to be free from proprietary Adobe software, as there exist Inkscape and Gimp, which are frankly pretty amazing. Also Krita for more artistic types ;). I mostly use Inkscape for my work, as it allows you to create vector graphics – logos, icons, posters, etc – and design for web, too! If you want to get started with Inkscape I highly recommend this set of tutorials. When I just started contributing to Fedora, I was a little concerned that these tools might not be enough, but I was totally wrong. Mo is a big open source enthusiast, you might want to read her posts on the tools available.


In the past months I’ve also found some great sources to help me in my work:

  • amazing collections of free images here;
  • cool vector clipart here and contributed a couple images there;
  • great font collection here.

It really makes me sad that not so many designers consider contributing to open source projects, and often said projects end up looking not so great; so I want to share my view on the matter and possibly attract new members the community. I’ve been a design intern at Red Hat for 3 months now, and it’s quite surprising to see how many people have approached me with various design problems. Wish I had time to help all of them!

Going on to the 2nd part of my post, I’m going to give a summary of how my work goals are going.

First of all, I did interviews with some Fedora ambassadors and event organizers to help me determine, which Fedora swag items are the most popular and / or useful. Mostly they didn’t tell me anything special. Tom, Ruth and Josh all said the same thing: the most popular items are

  • t-shirts
  • stickers (specifically, the metallic “powered by fedora” sticker)
  • USB flash-drives.

Siddhesh Poyarekar gave me more info, providing a really detailed list of everything they have produced, also saying that DVDs, buttons and stickers tend to be the most popular. And he gave me some really nice ideas, saying that umbrellas, socks and key-chains were a hit in the context of specific conferences.

Last, but not at all least, Jiří Eischmann gave me a whole presentation. He is a Fedora ambassador for the Czech Republic and is conveniently working right next to me =) With him we focused not only on what is produced, but also on what should be produced and how to advertise Fedora to potential new users. For that specific reason we consider using flyers, stickers, cheat cubes and a special book called “Starting with Fedora”, which is currently in production, I believe.

To sum up here’s a link to a table with links to different Fedora swag files. I wish to organize those into a wiki page or some other place easily accessible by everybody, and give more detailed descriptions. Sparkleshare is a way to go, but it doesn’t allow for labeling files. So maybe Pagure or GutHub would be the best tools…

Nightly development builds using xdg-app

When reporting a bug in some software it is often common that the developer asks you to check if the bug is fixed in the latest development version. This makes a lot of sense from the perspective of a developer that gets a lot of bug reports. However, unless you are very experienced with building software this is prohibitively hard.

This is an area where xdg-app shines, because it allows you to create binary builds of desktop applications that work on any distribution. In order to demonstrate this I set up an automated build system that builds Gimp and Inkscape from the development branch every day and produces a new binary that you can easily install and run:

<figure class="wp-caption aligncenter" id="attachment_488" style="width: 1024px;">screenshot of app icons<figcaption class="wp-caption-text">Launching the apps</figcaption></figure>

To make it easy to use I also created packages of xdg-app for some common distributions.

For more information about how to use these builds, see the nightly builds page.

Going my own way
Reaction to Sarah's post about leaving the kernel community was a mixture of terrible and touching, but it's still one of those things that almost certainly won't end up making any kind of significant difference. Linus has made it pretty clear that he's fine with the way he behaves, and nobody's going to depose him. That's unfortunate, because earlier today I was sitting in a presentation at Linuxcon and remembering how much I love the technical side of kernel development. "Remembering" is a deliberate choice of word - it's been increasingly difficult to remember that, because instead I remember having to deal with interminable arguments over the naming of an interface because Linus has an undying hatred of BSD securelevel, or having my name forever associated with the deepthroating of Microsoft because Linus couldn't be bothered asking questions about the reasoning behind a design before trashing it.

In the end it's a mixture of just being tired of dealing with the crap associated with Linux development and realising that by continuing to put up with it I'm tacitly encouraging its continuation, but I can't be bothered any more. And, thanks to the magic of free software, it turns out that I can avoid putting up with the bullshit in the kernel community and get to work on the things I'm interested in doing. So here's a kernel tree with patches that implement a BSD-style securelevel interface. Over time it'll pick up some of the power management code I'm still working on, and we'll see where it goes from there. But, until there's a significant shift in community norms on LKML, I'll only be there when I'm being paid to be there. And that's improved my mood immeasurably.

(Edited to add a context link for the "deepthroating of Microsoft" reference)

comment count unavailable comments
DNF 1.1.2 and DNF-PLUGINS-CORE 0.1.12 Released

The new release of DNF and DNF-PLUGINS-CORE is coming to Fedora stable repositories. The `–downloadonly` option supported in yum is now available in DNF and repoquery from DNF-PLUGINS-CORE has extended it’s functionality of reverse RPM tag queries (`–what*`) for glob patterns. Aside from that nearly 20 bug fixes have been made in this DNF stack release. For further details look at DNF and DNF plugins release notes.

OpenSUSE images are now supplied in the default virt-builder install

Since virt-builder 1.31.10, Cédric Bosdonnat has added a repository of OpenSUSE images.

Here’s how to install OpenSUSE Leap in about 4 minutes:

$ virt-builder -l
opensuse-13.1            x86_64     openSUSE 13.1
opensuse-13.2            x86_64     openSUSE 13.2
opensuse-42.1            x86_64     openSUSE Leap 42.1
opensuse-tumbleweed      x86_64     openSUSE Tumbleweed

$ virt-builder opensuse-42.1
[   1.2] Downloading: http://download.opensuse.org/repositories/Virtualization:/virt-builder-images/images/openSUSE-Leap-42.1.x86_64-0.0.1-Build1.6.qcow2.xz
######################################################################## 100.0%
[ 133.1] Planning how to build this image
[ 133.1] Uncompressing
[ 142.5] Converting qcow2 to raw
[ 146.4] Opening the new disk
[ 177.3] Setting a random seed
[ 177.3] Setting passwords
virt-builder: Setting random password of root to ***
[ 178.1] Finishing off
                   Output file: opensuse-42.1.img
                   Output size: 6.0G
                 Output format: raw
            Total usable space: 5.8G
                    Free space: 5.0G (85%)

$ virt-install --import --name opensuse \
    --ram 4096 \
    --disk opensuse-42.1.img,format=raw \
    --os-variant opensuse13.1

All systems go
Service 'Ask Fedora' now has status: good: Everything seems to be working.
Minor service disruption
Service 'Ask Fedora' now has status: minor: Askbot getting back
As someone who owns an electric car with a built-in gasoline generator ("range extender"), I've...
As someone who owns an electric car with a built-in gasoline generator ("range extender"), I've been wondering if other non-hydrocarbon hybrid combinations make sense. I admittedly don't drive nearly as much as some people who commute for 45 minutes in both directions daily, but in the past 9 months I've used the range extender barely enough to fill up twice (and it's a 10L tank). What if the "range extender" was not a generator, but a high-density non-rechargeable battery?

For example, Aluminium-air batteries offer the highest practical energy density known to date, but have a major downside in that they cannot be easily recharged. Would it make sense to have two battery sources for an EV? One would be a small li-ion battery capable of, say, 150 Km range -- that covers most daily trips and the battery can take thousands of cycles without degrading. Plus, the EV would have a large Al-Air battery that would be good for, say, 2000 Km, and must be swapped at a mechanic's shop when it is depleted?

The upsides that I see vs. just using larger li-ion batteries:

- Higher energy density (~1300 Wh/Kg vs. ~200Wh/Kg for Li-ion) of non-rechargeable batteries should help carry a lot of capacity in a relatively small battery pack. To travel 2000 Km, at 20 KWh per 100 Km, you'd need a 400KWh battery. That would weigh about 300 Kg at Al-Air energy density, vs 5-6 times as much with Li-ion.

- Recharging a battery capable of 1000+ Km would take a few hours even at supercharger speeds (never mind the 50KW DCFC stations where it would take upwards of 4-5 hours), while swapping Al-Air anodes should be much faster, and the depleted anodes can then be recycled to make new ones.

- This approach is less likely to overwhelm the grid. 20 cars recharging at 120 KW draw enough juice to power a large neighbourhood during a frost spell. It's significantly easier to ship a stack of Al-Air anodes to a swap station in the middle of nowhere than to provide 3 MW worth of reliable power to it.

The most obvious downsides:

- Battery technology is developing so rapidly that trying to find a swappable battery standard that won't be obsolete in 10 years is hard, especially since upfront capital is required for getting the anodes to mechanic shops.

- Used al-air batteries can be recycled to make new ones, but they would probably still cost a lot of money and drivers will be reluctant to pay more for a battery swap if that's significantly more than the slow recharge.

If you read the Aluminum-air battery wiki page (https://en.wikipedia.org/wiki/Aluminium%E2%80%93air_battery) you'll see that it's been used in hybrid combinations with Led-acid batteries -- just not sure why not in the last 30 years.
Major service disruption
Service 'Ask Fedora' now has status: major: Database issues going on, being looked into
Los sueldos en el mundo de la informática

Sólo como referencia, he encontrado esta publicación del ministerio de trabajo de los EEUU: May 2014 National Occupational Employment and Wage Estimates con las estadísticas de sueldos de las profesiones informáticas en ese país:

Occupation code Occupation title (click on the occupation title to view its profile) Level Employment Employment RSE Employment per 1,000 jobs Median hourly wage Mean hourly wage Annual mean wage Mean wage RSE
11-3021 Computer and Information Systems Managers detail 330360 0.8% 2,445 $61.37 $65.52 $136,280 0.4%
15-0000 Computer and Mathematical Occupations major 3834180 0.5% 28,374 $38.18 $40.37 $83,970 0.5%
15-1100 Computer Occupations minor 3692980 0.5% 27,329 $38.17 $40.31 $83,840 0.5%
15-1111 Computer and Information Research Scientists detail 24210 4.2% 0,179 $52.09 $54.42 $113,190 1.4%
15-1120 Computer and Information Analysts broad 608500 0.9% 4,503 $40.13 $42.25 $87,890 0.3%
15-1121 Computer Systems Analysts detail 528320 0.9% 3,910 $39.76 $41.98 $87,320 0.4%
15-1122 Information Security Analysts detail 80180 2.0% 0,593 $42.74 $44.04 $91,600 0.6%
15-1130 Software Developers and Programmers broad 1492040 0.8% 11,042 $43.90 $45.81 $95,280 0.8%
15-1131 Computer Programmers detail 302150 1.4% 2,236 $37.28 $39.75 $82,690 1.3%
15-1132 Software Developers, Applications detail 686470 1.2% 5,080 $45.92 $47.85 $99,530 1.1%
15-1133 Software Developers, Systems Software detail 382400 1.6% 2,830 $49.46 $50.98 $106,050 0.6%
15-1134 Web Developers detail 121020 1.5% 0,896 $30.52 $33.02 $68,670 0.7%
15-1140 Database and Systems Administrators and Network Architects broad 617680 0.6% 4,571 $38.87 $40.85 $84,970 0.2%
15-1141 Database Administrators detail 112170 1.0% 0,830 $38.60 $39.56 $82,280 0.3%
15-1142 Network and Computer Systems Administrators detail 365430 0.8% 2,704 $36.44 $38.35 $79,770 0.3%
15-1143 Computer Network Architects detail 140080 1.4% 1,037 $47.32 $48.42 $100,710 0.4%
15-1150 Computer Support Specialists broad 738030 0.7% 5,462 $24.22 $26.42 $54,960 0.3%
15-1151 Computer User Support Specialists detail 563540 0.8% 4,170 $22.89 $24.76 $51,500 0.3%
15-1152 Computer Network Support Specialists detail 174490 1.3% 1,291 $29.72 $31.80 $66,140 0.5%
15-1199 Computer Occupations, All Other detail 212510 1.0% 1,573 $40.10 $41.12 $85,520 1.0%

Ojalá os sirvan.

Gimp100Podcasts: Hackergotchis

A hackergotchi is a picture of a writer used as an avatar to identify the author of a given web feed in blog aggregators. A hackergotchi is usually a head shot of the posting author, and the most commonly used form of a hackergotchi is a head shot of the author with a drop shadow behind it.

If you’re part of a planet and you don’t have a hackergotchi, check this easy tutorial to create one with Gimp using the bezier curves icon-big.


This post has a nicer formatting that can be seen at it's original source at tatica.org , so feel free to hit the link and read better version!

October 05, 2015

Energy storage: It’s Canada’s moment
Energy storage: It’s Canada’s moment

Secure Boot — Fedora, RHEL, and Shim Upstream Maintenance: Government Involvement or Lack Thereof

You probably remember when I said some things about Secure Boot in June of 2014. I said there’d be more along those lines, and there is.

So there’s another statement about that here.

I’m going to try to remember to post a message like this once per month or so. If I miss one, keep an eye out, but maybe don’t get terribly suspicious unless I miss several in a row.

Note that there are parts of this chain I’m not a part of, and obviously linux distributions I’m not involved in that support Secure Boot. I encourage other maintainers to offer similar statements for their respective involvement.

Eclipse p2 Droplets in Rawhide

So p2 Droplets have been in Rawhide for a little while now, and since then we’ve converted most Eclipse plugins to build using the new format. With the exception of some cases that will be done manually, pretty much everything building with the XMvn macros (%mvn_build, %mvn_install) is guaranteed to be a p2 Droplet after a rebuild. We still support the old format (Dropins), and an installation on rawhide can detect both types, but the goal is to switch completely to Droplets.

If you’re unfamiliar with the term, you can think of p2 Droplets as a new way of packaging one or more Eclipse features. It contains the same jars and feature folders as before but with an additional file (fragment.info) containing some extra data.

The main reason for the switch was that Dropins (using the p2 Reconciler) has been deprecated for a while and has made it much more difficult to diagnose issues when it fails. Eclipse’s first launch actually caches a lot of data to make subsequent ones much faster, and the Reconciler can be a large chunk of that time. I have actually run into cases where installing just an extra package can take the first startup from around 10 seconds, to 3 minutes!

Testing was done with the following setup :

  • Fedora Rawhide Virtual Machine
  • ~700 OSGi bundles on the system
  • ~430 of these bundles to be tested through the Dropins and Droplets approaches
for i in {1..5}; do rm -rf $HOME/.eclipse/ ; (echo exit; echo y;) | /usr/bin/time -f "%E" eclipse -noexit -console ; done;

To test under Dropins, we simply took all the bundles packaged as Droplets and removed their ‘fragment.info’ file, along with the ‘p2.fragments’ line in ‘/etc/eclipse.ini’, just to be sure we completely disabled the new logic.

So what were the results ? Under Dropins, the average startup time was 17.63 seconds, and under Droplets, it was 9.44 seconds. The variance was very small, and nearly the same for both cases so there’s strong evidence that Droplets will be saving a lot of time on Eclipse’s first startup. Of course all subsequent launches (where $HOME/.eclipse is kept) would be much faster (~2s).

So one might ask what’s happened with all the work the Reconciler used to do.

  1. Fedora maintainers do a good job of making sure packages are using the latest version of a library even when upstream isn’t. As a result, things like the Reconciler aren’t as necessary in attempting to satisfy dependencies across different versions
  2. A lot of the logic to calculate dependencies and produce a self-sustaining package is done properly at build-time, and rightfully so because that’s where the provides/requires are generated.

We’ve been working on this change, along with the other aspects of simplifying Eclipse plugin packaging for a while now so it’s nice to see some easy wins immediately from adoption.

We should now have better download speeds for non-North-America people grabbing release tarballs.
We should now have better download speeds for non-North-America people grabbing release tarballs.
CloudOpen (Dublin) 2015 talk slides: “Debugging the Virtualization layer (libvirt and QEMU) in OpenStack”

I just presented a talk on “Debugging the Virtualization layer (libvirt and QEMU) in OpenStack” at LinuxCon/CloudOpen Europe that is currently happening in Dublin, Ireland.

Slides are located here.

Instalación de Nagios Core en Fedora

Este artículo describe las instrucciones para instalar Nagios Core 3.5.1 y Nagios plugins a través de los paquete proporcionado por los repositorios de Fedora.

Aunque la última versión estable de Nagios Core es la 4.1.1 todavía no hay paquetes RPM de esta versión en fedora 22. Si desea instalar Nagios Core 4 tendrá que compilarlo.

En nuestro caso, instalaremos la versión 3.5.1 desde los repositorio, este método nos permite obtener actualizaciones automáticas e instala todas las dependencias necesarias.

Se recomienda la instalación compilando Nagios para administradores de sistemas que quieren más control sobre lo que se está instalando, las actualizaciones de software y otras configuraciones. Sin embargo, cabe mencionar que la compilación de Nagios Core podría implicar una búsqueda laboriosa de paquetes de desarrollo necesarias en función de lo que ya está instalado en el servidor.

Instalación de Nagios Core 3.5.1 y Nagios plugins

Si sigue la instrucciones correctamente, el resultado final será:

  • Nagios y sus complementos se instalaran en el directorio: /etc/nagios.
  • Nagios configura algunos servicios para la máquina local, tales como: carga de CPU, usuarios conectados, total de procesos e información del estado del disco duro.
  • La interfaz web de Nagios Core estará disponible en

Ejecutamos lo siguiente para instalar Nagios Core:

dnf install nagios

Instalamos Nagios Plugins

dnf install nagios-plugins-all

Asumiendo que ya tenemos instalado Apache, ejecutamos los siguientes comandos para iniciar el servicio de apache:

systemctl start httpd.service

También iniciamos Nagios de la misma manera:

systemctl start nagios.service

Es conveniente habilitar los servicios de Apache y Nagios para que se inicien automáticamente al arrancar el sistema, utilice el comando systemctl de la siguiente:

systemctl enable nagios.service
systemctl enable httpd.service

Creamos un usuario para acceder a la interfaz web de Nagios

htpasswd -c /etc/nagios/passwd nagiosadmin

Agregamos un usuario y un grupo:

groupadd nagios
adduser nagios
passwd nagios
usermod -a -G nagios nagios

Puesta en marcha!

Verificamos la configuración de la siguiente manera:

nagios -v /etc/nagios/nagios.cfg

Después de seguir correctamente los procedimientos, usted podrá acceder a la interfaz de Nagios Core desde un navegador web.

Sólo tiene que ingresar a:


E iniciar sesión con las credenciales que usted eligió al agregar el usuario nagiosadmin al archivo passwd.


Si accedemos a nuestro Nagios Core veremos que tiene algunos chequeos clásicos en el localhost que ya están usando los plugins instalados.

Si tienes algún problema durante la instalación, por favor póngase en contacto a través de los comentarios.

Archivado en: fedora, nagios
PHP 5.4 is dead

As announced, PHP version 5.4.45 is the last official release of PHP 5.4

Which means that since version 5.5.30 and version 5.6.14 have been released, some security vulnerabilities are not, and won't be, fixed by the PHP project.

To keep a secure installation, the upgrade to a maintained version is strongly recommended:

  • PHP 5.5 is in security support mode only (no other bug will be fixed) until July 2016.
  • PHP 5.6 is in active support mode, and will be maintained until August 2017.
  • PHP 7.0 is in under development, in stabilization phase (Release Candidate) and should be released as stable quite soon.

Read :

However, given the very important number of downloads by the users of my repository (~47%)  the version is still available in  remi repository for Enterprise Linux (RHEL, CentOS...) and Fedora (Software Collections) and includes the latest security fix.

Warning : this is a best effort action, depending of my spare time, without any warranty, only to give users more time to migrate. This can only be temporary, and upgrade must be the priority.

All systems go
Service 'COPR Build System' now has status: good: Everything seems to be working.
There are scheduled downtimes in progress
Service 'COPR Build System' now has status: scheduled: COPR back, processing backlog: https://fedorahosted.org/fedora-infrastructure/ticket/4908
Mounting a docker volume on SELinux enabled host

My workflow with docker usually involves volume mounting a host directory so that I can read and write to the host directory from my container as a non-root user. On a Fedora 23 host with SELinux enabled, this is what I have to do differently:

Use: -v /var/dir1:var/dir1:Z

Note the extra Z above? You can learn more about it this Project Atomic blog post