Unix tips and tricks

GNOME needs YOU (in California)!

jeff — Thu, 20 Dec 2012 04:45:01 +0000

For the previous 4-5 years (I actually forget), I’ve ran the GNOME booth at the most excellent Southern California Linux Expo. Sadly, work circumstances forced me to move from sunny California to the windy city of Chicago, IL. As a result, I’ll be unable to be at Scale11x and rock the dual 30″ monitors for GNOME like we did every year previously. I had a lot of help from Christian Hergert, Jordan Larrigan, Christer Edwards, and various other peeps along the way.

Christian has offered to help man the booth, but it takes more than 1 person to do it properly or drink all of the alcohol (not that Christian ever made a wet bar under the booth at SCALE or anything), but I digress. If you’ll be in the area and would be willing to help please contact me asap!

I didn’t go to GUADEC

jeff — Wed, 08 Aug 2012 02:48:17 +0000

It has been said in the past, but just to re-iterate, “I <3 GNOME”.

For roughly the past two years, I’ve been on a hiatus from most all GNOME things except for easy to fix stuff in #sysadmin on IRC. Thankyou Andrea Veri, Olav Vitters, and Owen Taylor for picking up the slack where I left off. It wasn’t by choice, but my job was very high stress and there were plenty of 14 and even 17 hour days (finance companies can be brutal at times). This left me often coming home as a zombie wanting nothing much more than ice cream and BRAINS. Never mind getting up around 4:25AM, a time that no living human being should EVER have to wake up at. The additional stress of a company merger and the management changes it brought left me feeling physically ill on a regular basis.

Out of the blue, a recruiter from another finance company hit me up. I generally ignore these, however, this one looked interesting. It was for a “Systems Automation Developer” role which is pretty much exactly what I’d been doing the previous 3+ years, but not by title, just by function. No on call rotation, no crazy hours, just build great stuff with a world class team and get paid for it. WIN! After the obligatory phone screening and initial fun, they flew me to Chicago for a 9.5 hour absolutely grueling yet insanely fun interview. Being a technologist to the core, I love hard problems and “making things go”. Everyone I spoke with shared a mutual love of solving hard problems. The CEO even was quoted as asking the CTO to build a world class platform and infrastructure. Most places see infrastructure as a loss center and treat it accordingly. Not here! They shared my vision of autonomy and in fact had built some very impressive stuff. They even really got a kick out of the extensive work I’ve done on the salt stack project. Sadly, I won’t be discussing details of said awesomeness. Anyways, everyone seemed to like what I had to say and I was offered a full time position in Chicago.

Once we made the decision to do it, Becca and I took 7 days and went to Villa La Estancia in Cabos San Lucas of beautiful Mexico. All inclusive + fruity adult beverages and the ocean is a great way to clear your mind. Ironically it was during the G20 Summit, but we still had a great time. The theme song of the trip was of course, Zac Brown – Toes.

Fast forward to now!

Happy Jeff is happy on an architectural boat tour of Chicago with the wifey

Now I (in no particular order):

Continue to write systems and network managment software. This is what I love to do and I get paid for it!
Interact a *lot* with internal web services and am learning more about REST than I imagined possible
Work with such an amazing team who has contacts all throughout the industry. I was introduced to the CTO of groupon today on the way to get coffee.
Am no longer a python snob^Wmonoglot and instead have been actively playing with 4 other programming languages.
No longer dread going into work and actually really love it along with all of the people I work with
Don’t think of on-call or even check work email outside of the office
My wife gets to enjoy me more as I come home pleasant and refreshed instead of burned out and tired
Live closer to family from Kentucky and can much easier go home during holidays and whatnot.
Have time to get back into GNOME, a community I love and want to see grow even more

Note that a few people I used to work with were teh awesome, but this just made sense. Going forward, I’m going to try to dedicate more time towards actually contributing to GNOME again. I got a chance to stop by Stormy Peters‘s home on the drive up here where she made some great cookies and reminded me why I loved GNOME so much. It is the people. Like sitting in a yogurt shop with a crazy French Canadian or debating politics with a very friendly beer loving Frenchman in Berlin. Discussing tech and doing shots of Absinthe with my Persian friend or even just getting a chance to meet and hang out with my favorite Dutchman. Perhaps it is time to dust off my django mango fork and finish it. It is sad remembering saying it would take 4-6 months at the Desktop Summit in Berlin. We move into our new apartment (out of corporate housing) hopefully in the next week or so right after they hook up the internets. Yes this post is a bit scatterbrained and yes it is almost 10PM yet I’ve had too much coffee recently. Deal with it.

TL;DNR: I have a new job where I enjoy what I do even more, do software development full time, and moved 1/2 way across the country from Los Angeles to Chicago. I work less and enjoy life more. Expect to slowly see me ease back into the GNOME scene.

HOWTO: Make startssl.com ssl authentication work under google chromium on Linux

jeff — Fri, 09 Sep 2011 07:32:50 +0000

This is really just a tutorial on importing a client certificate into chromium via the shared nss database. The real magic is knowing chromium reads a sqlite database under ~/.pki/nssdb for it’s key and certificate storage. pk12util can be installed via the nss-tools package on Fedora or the libnss3-tools package on Debian/*buntu.

$ pk12util -d sql:$HOME/.pki/nssdb -i ~/STARTCOM.p12
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL

Could someone who has a windows installation clue me in via a comment on the best way to do this? Also, could anyone test this on google chrome?

After installing that certificate, startssl login works

Brought to you by the “I’d rather google and see how someone else did it rather than figure it out department”

Ich war ein Berliner

jeff — Fri, 12 Aug 2011 14:52:08 +0000

Without much fanfare, my wife and I came to the Desktop Summit here in Berlin. I met a whole lot of very cool people and even some kde hackers as well. There are plenty of people I had a great time meeting and forgot to mention, but I’ll blame Behdad. His insistence on more shots of Absinthe is why I forgot their names. It has been absolutely incredible to *finally* meet so many people whom I’ve followed via planet or chatted with on IRC for years.

The great PiTiVi Hackers and I are hacking away in Wonderpots, this frozen yogurt shop right next to Humboldt University with great food and free 1Mbps wifi. Since he last posted, the PiTiVi team has done some great stuff. Stay tuned for more to come. I’m actually hacking on mango, the rewrite of the accounts management system for gnome. I’m on the left side in the red shirt.

In an hour or so, Becca and I will start preparing for our trip around Germany. Of Germany, the only thing I can think so far is that this is a wonderful country. The people are nice (even to American monoglots who try to speak horribly broken German), the food is amazing, and everything is so full of life. If I’d have came here 10 years ago, I’d have never went back to the US. We’ll be doing a walking tour around Berlin, hopping a train or plane to Munich to tour Neuschwanstein and whatever else happens to happen along the way.

If anyone has any suggestions of what to do in the next week, please leave it in a comment. Now back to hacking…

Update: Added a picture of our yogurt shop setup. Pretty sweet huh?

The ants go marching one by one… or “How the new mango is coming along”

jeff — Fri, 10 Jun 2011 07:15:21 +0000

Long time no blog… Real life has kept me busy and I’ve not had as much time as I’d like to finish this rewrite of mango, but we’re still marching on. It seemed like now was as good a time as any to show off a bit of the functionality and new shiney.

Without further ado…

Higher quality ogv for freedom lubbers

Some of the features I worked hard on to make things better for users:

Input boxes in the datatables table are always focused.
After selecting the dropdown to filter the type of account requests, the search input box is focused.
When filtering data in one of the tables and there is only 1 row, press
.
- It will take you to the href in the very first element which is a hyperlink.
- If there isn’t a with a hyperlink, it won’t do anything.
All of this uses modern technologies that should be easy to find other hackers to work on it.
- This helps solve the bus factor problem with the current mango where no one really wants to work on php + xslt a whole lot.

Well thats all good and great, but whats left?

Quite a bit actually. Here are a few things off the top of my head.

Fix the custom ssh key widget to allow inline-ajax uploads of new ssh keys.
Port the ssh key widget to use the paramiko library for getting the ssh key fingerprint.
Account deletion with the ability to undo almost anything using django-reversion
The super secret foundation member management that only membership committee members can do.
Extensive auditing so we can see who did what and when.
A *LOT* of css cleanup and formatting
Updating the mirrors.txt file when mirrors are modified, added, or deleted.
Validate all forms live using one of the various jquery live validation plugins
Lots more

Well thats all I’ve got for now. Time for bed.

Installing the Subsonic media server via apache on a Netgear ReadyNas Pro

jeff — Sat, 14 May 2011 17:34:53 +0000

I’ll admit it, I’m a geek. When geeks save $$$ for awhile, we get toys with 12Tb of raw disk space. Now this purchase wasn’t taken lightly. I did some research and chose the ReadyNas Pro 6 disk for a few reasons.

It runs Debian 4.0 (Etch) x86_64. In the past, I’ve used Ubuntu as a ‘nix workstation and am quite familar with Debianisms.
It has an Intel Atom dual core processor instead of some of the lower end Mips or ARM processor. It is easier to get software to work on it as a standard x86 Linux install.
Netgear not only allows, but actively encourages modding and tinkering with it. The ReadyNAS Forums are pretty top notch and “Yohdah“, their support guru, is very helpful.
It has some pretty decent plugins and community plugins that make a lot of things you’d want to hack on dead simple. It is only a few clicks to install the root ssh plugin, yay!

After finding the Subsonic plugin, and the fantastic Subsonic web media server, I installed the plugin. It defaults to listening on port 4040 so you have to go to http / https://readynas:4040 to listen to your tunes. Knowing it could be better, I started poking around the readynas apache configuration and realized that it had mod_proxy installed.

Aha! I’ll just use my standard Debian apache configuration know how and all will be well. Nope… They put the apache configuration under /etc/frontview/apache and their “conf.d” directory is: /etc/frontview/apache/addons. Under the addons directory there was already a SUBSONIC.conf, but further plugin upgrades would overwrite that. I created /etc/frontview/apache/addons/subsonic_proxy.conf that looks ultimately like this:

readynas:/etc/frontview/apache/addons# cat subsonic_proxy.conf

# Serve Subsonic via apache under /subsonic/

LoadModule proxy_module      /usr/lib/apache2/modules/mod_proxy.so

LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so 
ProxyRequests     Off

ProxyPreserveHost On


Order deny,allow

Allow from all


ProxyPass        /subsonic/ http://localhost:4040/subsonic/

ProxyPassReverse /subsonic/ http://localhost:4040/subsonic/


Allow from all

Next up was figuring out the proper way to restart apache. Since they use the non-standard configuration file, the normal apachectl configtest fails:



readynas:/etc/frontview/apache/addons# apache2ctl configtest
apache2: Could not open configuration file /etc/apache2/apache2.conf: No such file or directory

This was easy enough by changing into /etc/apache2 and running: ln -s ../frontview/apache/httpd.conf apache2.conf. Now commands like this work perfectly:


readynas:# apache2ctl configtest && apache2ctl stop && apache2ctl start


To finish up the configuration, edit /c/webroot/subsonic/subsonic.sh and change SUBSONIC_CONTEXT_PATH= to SUBSONIC_CONTEXT_PATH=/subsonic. Now just kill the existing java process and run ./subsonic.sh for it to start everything up.
Then you just browse to http://readynas/subsonic/ (notice the trailing slash) and you're doneski.

Brief Outage for www.pitivi.org

jeff — Fri, 06 May 2011 13:25:18 +0000

The linode datacenter where www.pitivi.org is hosted had a power outage and took the website with it. Sorry about that guys!

Now that its back up, visit www.pitivi.org to see how a few good men are making video editing on Linux rock.

New happenings in GNOME SysAdmin-land

jeff — Tue, 26 Apr 2011 05:20:15 +0000

The folks over at OpenGear were kind enough to give us a small 8 port serial console server pretty much at cost. We’ll be using it to make sure GNOME services are up faster in the unlikely event of a hardware failure. Thanks Todd Rychecky, VP of Sales for making this happen.

Should Murphy laugh at us again, manual intervention from a redhatter should be less likely (unless a hardware replacement is needed of course). This also gives owen and crew more time to make shell rock.

Knowing these things run Linux inside and being a techie at heart, the only sensible thing to do was enable ssh and poke around.

# uname -a
Linux gnomeconsole 2.4.34.5-uc0 #2 Fri Mar 18 01:51:44 EST 2011 armv4l unknown
# ps -efH
  PID USER       VSZ STAT COMMAND
    1 root       548 S    /bin/init
    2 root         0 SW   [keventd]
    3 root         0 SWN  [ksoftirqd_CPU0]
    4 root         0 SW   [kswapd]
    5 root         0 SW   [bdflush]
    6 root         0 SW   [kupdated]
    7 root         0 SW   [cifsoplockd]
    8 root         0 SW   [mtdblockd]
   53 root         0 SWN  [jffs2_gcd_mtd1]
  212 root      1048 S    /sbin/syslogd
  214 root      1008 S    /sbin/klogd
  215 1          444 S    /bin/portmap
  220 root      1020 S    /usr/sbin/crond -S
  232 root       460 S    /bin/inetd
  233 root       444 S    /bin/flatfsd
  234 root       428 S    /sbin/lighttpd-angel -D -f /etc/config/lighttpd.conf
  235 root       984 S    /bin/alertd
  237 root      1476 S    /bin/portmanager -f
  238 root      1980 S    /bin/stunnel /etc/config/https.conf
  240 root      2464 S    /bin/sshd -r -D -o AllowUsers=* -o AllowTcpForwarding
  241 root      1012 S    /bin/shellinaboxd --localhost-only -u root -g root --
  248 root       440 S    /bin/agetty sercon 115200
  249 root      1020 S    /bin/shellinaboxd --localhost-only -u root -g root --
  260 root      2696 S    sshd: root@ttyp0
  262 root       992 S    -sh
  818 root      2760 R    sshd: root@ttyp1
  820 root       996 S    -sh
  896 root      1244 S    /sbin/lighttpd -D -f /etc/config/lighttpd.conf
  942 root      1012 R    ps -efH
# free
              total         used         free       shared      buffers
  Mem:        14148        12216         1932            0          956
 Swap:            0            0            0
Total:        14148        12216         1932
# cat /proc/cpuinfo
Processor	: Arm922Tid(wb) rev 0 (v4l)
BogoMIPS	: 83.14
Features	: swp half thumb 

Hardware	: OpenGear/CM4008
Revision	: 0000
Serial		: 0000000000000000

Behold, the screaming fast ARM server with a whopping 14Mb of RAM in all of it’s glory!

This sucker also has a pretty webui for the type of people inclined to that sort of thing.

It will still take a bit to get this along with the sweet new servers racked and ready for prime time. Until then, you can see more adoreable cat pictures here. Oh, don’t forget to subscribe to the news.gnome.org feed or at least follow the GNOME SysAdmin Team Blog. All the cool kids are doing it.

Loving GNOME is like loving crack, it is real easy to get hooked

jeff — Wed, 20 Apr 2011 06:01:31 +0000

Once upon a time, a freedom loving gnome hacker asked for help running a booth for GNOME at the Southern California Linux Expo for their 6th conference.

I thought, “Sure, why not, sounds like fun and perhaps I’ll meet some cool people.”.
That event seems like forever ago and I’ve not looked back since. Eric Butler, who joined us for the booth that year wrote a great write up of SCALE6x. He then went on to change the way web 2.0 websites think about security by writing Fire Sheep.

The following year for SCALE7x, I had the awful experience of my apartment being broken into a few days before the conference. The contents of the GNOME Event Box was dumped in my living room floor. The intruders took many of my valuables and electronics, stuffed it into the event box, and rolled it right out my front door while I was at work. Luckily for us, that didn’t make things any less awesome. Work let me borrow some hardware and all was well. Due to messing up my insurance paperwork and feeling bad about it, I just bought the foundation a new booth and contents out of pocket.

SCALE8x was very interesting when Christian and Jordan stocked a wet bar under the booth. There are a few stories floating around about me napping on the floor in the middle of the expo room. I swear they are all lies! Shapor and Jble also helped us keep things runnings smoothly.

Just like the past three years, Jordan, Christian, and myself ran the GNOME booth for SCALE9x. The difference is that this time I’m finally going to blog about it. We also had the pleasure of Christer Edwards coming all the way from Utah to help with booth logistics and a Sysadmin Hackfest. There were a few small issues that we’ll fix for next year, but all around things kicked ass.

Some time in all of this mess I joined the GNOME Sysadmin Team, became a contributor and then maintainer for snowy, and even was sponsored to fly to the boston summit! Reflecting back on all of this all I’ve got to say is thank you. GNOME *is* people and it is those people who make it awesome. The 3.0 release has went really well and I can’t wait to help push things forward even further.

Oh right, introductions… Thanks to the powers that be, I’m now on Planet GNOME. My name is Jeff Schroeder and I’m a GNOME-a-holic. I love python, ponies, and winning. While not as much of a fan of ice cream as Vincent, I could totally take him in an octagon ice cream deathmatch. In all seriousness, it blows my mind that one person truly can make an impact. No matter how small your contribution, it will make a difference. If you don’t have the time or energy to work on translations, the wiki, or coding, please consider becoming a friend of GNOME. If you can’t do that, report bugs you find in your favorite GNOME software . There is something for everyone to work on and I’m just doing my little part. That my friends is how I’m changing the world in my own little way, and changing things for the better.

Tune in next time! Same bat time, same bat channel. This is Jeff Schroeder signing off!

Current status of the mango django/python port

jeff — Sun, 17 Apr 2011 00:02:06 +0000

To start out with, a brief bit of history… Many moons ago, back when GNOME was still a fairly new project, Jonathan Blanford (jrb) hacked together some python scripts for helping managing users in ldap. To ease the burden from the sysadmin team, a few good men wrote a user management tool for GNOME named mango. As you can see here, it has lots of the pretty. For the SysAdmin and Accounts team, mango is a workhorse, but as all good tools, it needs to be maintained.

Fast forward to today. Mango is still a champ and runs very well for what it was designed for. The issue is that it’s written in php, a language most of the GNOME sysadmin team don’t want to develop in. To fix this, Olav Vitters started rewriting it in python using django, the web framework full of pwnies and unicorns that I’ve got so much <3 for. When Olav started writing it, django and LDAP didn’t play so well together. This was a problem as the majority of mango’s data is stored in ldap so it needs first class ldap support. One of the largest french isps agrees that ldap + django are a good idea, so they wrote django-ldapdb. This is a subclass of django’s native orm, but for ldap directories.

As an excuse to work on more fun technology, I’ve picked up Olav’s great work and have started hacking on it. You can find the most up to date work here: https://github.com/SEJeff/mango/commits/django. This will also be my first really big non-work django project (other than snowy) that is being written from scratch. For managing users, one of my favorite features is that the search is “find as you type”. I’m sure the accounts team will appreciate this. It is still a huge WIP and I’ll need to clean up the commit history before pushing it to git.gnome.org. Either way, this is a good start.

Update: 4/17/2011 – Added a screenshot of the just prettified update user page.

TL; DNR – Pretty screenshots:

So some of the tech used so far is django, django-ldapdb, datatables, jquery-ui. This might not look like a whole lot, but it is a good start. Note that the users are being pulled from an actual ldap replica.