OpenNMS, RANCID and Juniper

February 27th, 2014

Just a quick note that I was about to get the RANCID integration working on my OpenNMS instance with our Juniper SRX router.

We used to use a Cisco router but switched to Juniper last year. I hadn’t had time to mess with the integration but a client asked to see it so I decided to see what was involved in making the change.

I changed the password but while it connected, the logs just complained about timing out. I found this helpful post that pointed out that the “root” user in JunOS is dropped into the BSD interface and not the CLI interface.

To fix that, I created a new “rancid” user:

set system login user rancid class super-user authentication plain-text-password

and entered in a new password. Once committed, I edited .cloginrc with the new credentials and then RANCID was able to successfully talk to the SRX.

Review: The Snowden Files

February 17th, 2014

As someone with very strong opinions of the illegal surveillance being performed by the NSA, I was eager to read the account of how they became exposed in The Snowden Files by Luke Harding. I highly recommend it to everyone, especially those people who believe the government exists at the will of the people and not the other way around.

Do note that the book is entitled The Snowden Files and not The Ed Snowden Story. While Edward Snowden does figure prominently, the book is much more about the Orwellian domestic spying machine his revelations describe than the man himself. It has a lot of detail on the NSA as well as organizations such as Britain’s GCHQ, massively funded by the NSA to spy on people both domestically and abroad.

Among my social circles, Snowden is a bit polarizing. There are those who think that he broke an oath when he used his position as a contractor at the NSA to obtain these documents and that the end didn’t justify the means. Other more public figures describe him as “a grandiose narcissist who deserves to be in prison“. However, most of my friends tend to believe, and this book demonstrates, that Snowden is a patriot in the truest sense of the word.

The Snowden portrayed by Harding is a rather humble and shy man. Nothing in this story indicates he is a narcissist. Perhaps his brief association with Wikileaks and Julian Assange (a narcissist of the first order) is where the idea comes from, but I think that NSA apologists feel more comfortable portraying him as a man acting in extreme self interest. If that were the case, he would have sold the information secretly and be living out his life in some warm paradise instead of remaining as a “guest” of the Russian government.

The only inflation of his position I found in this story was in the beginning when he describes himself as a “senior” member of the intelligence community. He was, in fact, a rather junior member, and the mere fact that he was able to acquire all of this extremely secret information just goes to demonstrate that the government can’t be trusted with it. I’m pretty much willing to forgive him for that, since had he prefaced his initial press contact with “yo, I’m a contracted sysadmin for the US government and happen to have a treasure trove of sensitive documents” he wouldn’t have been believed.

Critics will often cry that he should have used formal channels to express his unease. This book shows several examples of people who tried to do just that and found their lives ruined and their careers over. It is hard to trust in the system when people like James R. Clapper, the Director of National Intelligence, lies directly to Congress and not only still has his job but is not in prison.

While the book is written in a very “matter of fact” manner, parts of it read like a spy novel. One of the more surreal chapters deals with the forced destruction of computers at the London offices of The Guardian. Great Britain doesn’t have a written Constitution nor does it guarantee freedom of the press. So to avoid possible incarceration of Guardian staff, Two GCHQ agents named “Ian” and “Chris” arrive to oversee the physical demolition of the computers used to break the story (of course, The Guardian simply moved the operation to their US offices and while there were similar threats nothing at this level occurred).

Personally, I think Snowden’s greatest “crime” was embarrassing the powers that be. President Obama won his first term on a campaign to overturn the Constitutional abuses of his predecessor and Snowden demonstrated that he not only continued those policies but strengthened them. The British government in this affair comes across as not only petty but pretty much lap dogs to the US intelligence service, with US tax money going to fund the GCHQ. Congress is currently full of self-interested sheep who take being lied to in stride as long as they don’t look weak on “terrorism”. Basically, forget popular opinion, just don’t end up on Jon Stewart.

While I try very hard to avoid Godwin’s Law, perhaps I should mint Balog’s Law, a corollary where all discussions of national security abuses end up referencing Al-Qaida.

Often, power is referred to as a “structure”. In my experience it is much more fluid, and right now it is flowing into the hands of a small minority of people. I know from first hand experience that these people are way more concerned with their own wellbeing versus mine, regardless of the rhetoric they spout to the contrary, and the end result will be disastrous.

There are things you can do to make power flow in the other direction. In general these are things like shopping locally (the more self-sustaining a community is the less they can be influenced by central government) but concerning privacy in particular there are a number of steps you can take to make the NSA’s job more difficult.

Use encryption. It is easier than you think. There are a number of tools that can plug right into your e-mail client. I use Enigmail for Thunderbird. OS X users should check out GPGMail. There is even GPG4Win for you Outlook users. Once installed and configured it can be pretty seamless to use. The biggest thing you lose is the ability to search your encrypted mail.

Use as much open source software as you can. The Snowden documents reveal that the NSA has been actively trying to both subvert encryption standards (making all of us less safe from foreign prying eyes) as well as to install backdoors into commercial software. This is much more difficult with open source. Even if, say, Canonical put in a backdoor to openssh-server into Ubuntu, someone would notice that the package they compiled had a different hash than the binary on the server, and an investigation would ensue. Even if you can’t make the jump to an open source desktop operating system, a lot of open source applications (think Firefox and Thunderbird) are available on proprietary platforms such as Windows and OS X.

Also, limit what you share. Remember that if you aren’t paying for the product, you are the product, so think twice about your Facebook habits. You can also learn about tools such as Tor that allow your Internet traffic to be somewhat anonymous. I also “sandbox” all of my Google activity within the Chrome browser but do most of my work in Firefox using Firefox Sync to coordinate with all of my devices.

To bring this somewhat “more rambling than usual” post to an end, I just want to point out that totalitarian societies do not happen overnight. Instead, there is a gradual erosion of personal freedoms until one day there is nothing left. Some people I’ve talked to about Snowden reply with “of course the government is spying on me”, in much they same way that getting groped at the airport is now “normal”.

It doesn’t have to be that way, and sometimes it takes brave people to point that out.

Review: Dell “Sputnik 3″ Ubuntu Edition

February 6th, 2014

I’m in the market for a new laptop, or at least I was. My first generation Dell XPS 13 is getting a little long in the tooth and I really could use a little more screen real estate. I decided to order the latest third generation XPS 13 after trying out the second generation Lenovo X1 Carbon. After all, it has a nicer screen, Haswell, and since it still ships with Ubuntu 12.04 the hardware ought to be supported, at least with Linux Mint, my current desktop distro of choice.

When talking about laptops, it is hard to not make comparisons to Apple. While I think Macbooks are overpriced and too proprietary, they are nice machines and for the most part “just work”. I just wish I could buy something as good that runs Linux well.

The Sputnik 3 could have been that laptop but I had to send it back due to pretty severe LCD backlight “bleeding”, especially along the bottom edge. It was very apparent when I was booting up to install Mint, but my pictures don’t really do it justice. Here you can see a sort of “half moon” bleed on the left side:

and here is a similar area on the right:

Since I knew I couldn’t live with it, I decided to send it back and just stick with my older laptop awhile longer. While we have a small Macbook available to me that would probably run Mint just fine, I just can’t bring myself to use Apple products when they are so determined to use their marketing clout to prevent competition. I can’t go a day without reading about another example, such as the one I just read about Apple pulling a bitcoin app from their store.

I’d rather deal with “old shiny” than to give up my freedom like that.

Review: Second Generation Lenovo Carbon X1 with Linux

January 27th, 2014

As a Christmas present to myself, I decided to get a new laptop. My second generation Dell “Sputnik” Ubuntu Edition is getting a little long in the tooth. The screen resolution of 1366×768 is a little confining, and I’ve never been in love with the trackpad.

Now, while most of the folks at The OpenNMS Group are Mac users, the freetards in the group tend toward the Lenovo X1 Carbon. As Eric says, when it comes to Linux laptops you can’t go wrong with Lenovo.

Well, apparently you can.

While I ordered my unit in late November, it didn’t ship until the new year. I got the shipping notice the same day they announced the second generation X1 carbon at CES. Since I wanted the new shiny, I called Lenovo (their customer support is located in nearby Raleigh and is awesome) and returned the unit before it arrived. I then ordered the new model with the the extremely high density “retina” display. It arrived last week and I started playing with it this weekend.

In short: do not buy this laptop if you like Linux.

While sleek and stylish, the first thing they broke is the trackpad (one of my main reasons for switching). Instead of discreet mouse buttons like most Thinkpads before it, it is a single unit. I found it very hard to get used to using the “pseudo” buttons. Plus, it is mechanical and it feels really clunking when you press down on it.

The next thing they broke was the keyboard. While I’m not sure if the top row is OLED or just OLED-like, the functions keys are now programmatically displayed and gone are things like volume and contrast (those do exist when booted to Windows 8). And while I don’t know if this is new, but the “backspace” and “delete” keys are right next to each other which I found annoying, as I would often hit the wrong one.

But I could live with that, as it is only a matter of time before someone starts doing something cool with that technology and I could get used to the keyboard. Here is why I’m sending it back:

  • Suspend Doesn’t Work: Well, technically, resume doesn’t work. The system will suspend, but the OLED top row never dims and the laptop just starts heating up as something is obviously still running. The pm-suspend.log shows an error free shutdown, but once “suspended” you have to hold down the power key until it turns off and then reboot.

    UPDATE: I got this to work, sort of. Once Hibernate worked I ended up using this post to determine the issue was with the xhci_hcd (USB3) driver. I disabled it and now suspend works. However, the network doesn’t come back nor do the function keys.

  • Hibernate Doesn’t Work: Since this is a solid state machine with something like an 8 second boot time into Linux Mint, I’d be okay if I could hibernate instead of suspend. However, hibernate is just a shutdown with no warning to save your work.

    UPDATE: I got this to work, sort of. Removed the encryption on the swap partition and then updated /etc/initramfs-tools/conf.d/resume to match the new UUID and then “update-initramfs -u” to re-read that file. The resume isn’t always flawless (when run from the command line the mouse never came back and once I had to bounce the network).

  • Backlight Doesn’t Work: I like having a backlit keyboard. You can see the backlight come on when booting, but it never comes on when running under Mint.
  • Fingerprint Sensor Doesn’t Work: While I don’t know how much I’d use this, the model in this laptop by Validity Sensors (USB device ID 138a:0017) isn’t supported under Linux yet.
  • Weird Power Issues: Sometimes the unit fan turns on for no real reason, like something with Linux and the power management are out of sync.

I took this laptop on a road trip and was very unhappy with all of the effort I had to put into a system that was just supposed to work out of the box. At one point in time I changed a BIOS setting that wiped out grub (I had left Windows 8 on the system in a partition) and Windows Bootloader took over and wouldn’t let me back in to Mint. I finally based the whole thing just to see if that might help (I had to turn of secure boot to get Mint on it in the first place and thought maybe some weird UEFI issue was at play) but it didn’t improve things.

So it is a very sad day for those of us who looked to Lenovo to provide us Apple-quality laptops for Linux. Snatch up those Generation 1 models while they last or check out the new Dell “Sputnik 3“, but don’t buy this laptop.

Austin and the CAC

January 25th, 2014

It’s been a busy week for me as I had meetings in Sunnyvale followed by a trip to Austin to participate in a Rackspace Customer Advisory Council (CAC) event.

I’m not sure why I was chosen to be on the CAC. While I have been involved with Rackspace since April of 2002 (nearly 12 years – sheesh) we only have one server there. We are looking to deploy a number of new products and we’ve chosen OpenStack as our technology and Rackspace as our provider, but we are in the development stage and haven’t deployed any of it, yet. But it is always fun to come to Austin so I was happy to be able to visit.

I arrived on Wednesday just in time for a networking event. We had a choice of a visit to the hotel spa for a massage, or beer.

Guess which option I chose?

About ten of us got into a van and were driven to the Austin Beerworks. This was my kind of beer tour: it started with us sitting at the bar and then it pretty much stopped. I started off with a red amber called “Battle Axe” and then moved on to “Black Thunder”. I was sold on its description as a “German-style Schwarz” beer, and it was pretty tasty (I really liked the Battle Axe as well). Unfortunately, some good conversation got in the way and I talked too much (imagine), so time ran out before I could try the Sputnik. It was worth it, since a lot of that conversation was with Carl and Nick from Simply Measured, and it was cool to learn about how they were using Rackspace to implement their solution.

At the evening event at Perry’s Steakhouse I was happy to see that John Engates had made it up from San Antonio. I last saw John on CBS News when he was talking about issues with the website. As a thought leader on hosting he was called to DC to provide input on fixing that site’s performance woes.

As we were catching up, a very energetic man came up and joined our conversation. He turned out to be Robert Scoble. Of course I’ve heard about him for years, and it was a pleasure to finally meet him in person, and yes, he is as crazy animated as his reputation suggests. When it came time for dinner I ended up seated between the two of them, and I likened it to being the creamy filling in a geek Oreo.

John had just taken delivery on a new, bright red Tesla Model S, so I begged a ride back to the hotel. While I think electric hybrids like the Prius are cool from a technology standpoint, the Tesla is cool from a car standpoint first and technology second. The controls and instruments are accessed almost completely through a touchscreen, and you can control everything from what music you want to listen to through ride height using it (only the buttons for the hazard lights and the glove box are analog). Plus the thing is insanely fast with zero lag – press the pedal and it snaps your head back. With a measured zero to sixty mph time of 4.2 seconds, it is slightly faster than David’s stock Mustang GT.


On Thursday we got to work with a series of presenters who discussed existing and upcoming Rackspace products. I’m not allowed to talk about them due to NDA, but I’m very interested in Rackspace’s hybrid cloud model using OpenStack. I like the control and security of a private cloud but I look to the public cloud to handle peak traffic. While getting the two to work was a little kludgy six months ago, they have done a lot of work to streamline the process.

Scoble did a talk during lunch about his new book the Age of Context. It seems worth checking out, although I think I’ll pass on getting the $3650 Meta Pro goggles in lieu of Glass.

I also got reminded that I really need to check out the Chef project. Both Rackspace and most of the attendees are heavy Chef users, and it seems to be edging out Puppet in the enterprises I’ve come across.

Thursday night saw sleet, freezing rain and some snow descend on Texas, so the Friday session was a little lighter on Rackers than was planned (since many of them were going to drive up from San Antonio that morning). It was cool to see that Nathan Anderson , who was a programmer at Rackspace when I started with them in 2002, is now is a position of responsibility, even if that responsibility involves the billing interface. (grin)

It was a fun time, and it made me excited about the possibilities available using the Rackspace platform. Hats off to Sandra, Aisha, Cara and the whole Customer Experience team for a nice conference.