Reflections on Paris and My Cowardice

Posted on by Tarus

I was on a bus in Ireland when I heard the news about the Paris attacks. I had gotten up early to head to the opposite coast as I wanted to see an Ireland that wasn’t Dublin, and I don’t think I could have picked a better spot than Doolin, in County Clare.

Today was to be a particularly gray day and it was dark when I started out. It didn’t get much lighter as we rode to Galway, and when I changed buses the driver was playing the news from the radio. Of course the only story was about the more than one hundred people killed in senseless violence overnight.

Peace Symbol by @jean_jullien

I have some friends in Paris and so I immediately reached out to them. As I waited for a response, I pretty much sat, stunned, as the Irish countryside passed by outside my window.

Once I got to my B&B, I dropped my bag and took a long walk, looking for lunch. The day reflected my mood perfectly. It was like nature itself was in mourning. At high noon the sky wasn’t much lighter than at dusk. A roaring wind came off the sea, churning up angry whitecaps. The clouds drizzled rain like tears.

By the time I was getting cold, I found the recommended pub and went in. It was packed, as this is a popular tourist location and they drop people off by the bus load. Since I was alone, I offered to sit at the bar to make room for the next coach, which arrived about five minutes after I did.

A boisterous crowd of mainly young people came in and crowded around the bar where I sat. They were laughing and joking, blissfully unaware of how quickly that can change. I took a little comfort in the normalcy of that moment: people ordered food, the Indian guy asked about vegetarian options, and drinks were poured (including an inexplicable request for a bottle of Miller beer).

As I ate my meal, a nice smoked salmon salad and a wonderful seafood chowder stuffed with mussels, I was reminded of the last time I had mussels this good, which just happened to be in a Belgian restaurant in Paris called La Gueuze.

And I struggled with a dilemma. The Paris Open Source Summit is next week and I am supposed to be there. Heck, I lobbied hard for the opportunity to participate. But while the chance of anything happening is very slim, I can’t say I’m eager to be in Paris at the moment, especially as part of a large crowd.

So I decided not to go.

There were a number of factors. Part of it was concern for my wellbeing. Part of it was concern for my family. I travel a lot and I know they worry no matter where I’m going, and they have been very understanding when I’ve gone to places that don’t exactly have a reputation for safety. I refuse to put my decision on them, but it did play a role.

But I think the deciding factor was actually how much I enjoyed Paris on my last trip. It is an amazing city, and I didn’t want that memory ruined by seeing soldiers on every corner or having to go through intrusive screening at every point of entry.

It makes me feel like a coward. The terrorists have won.

And I can’t understand it. Of all the countries in Europe, the French bend over backwards to be accommodating to different views and ways of thinking. The French motto “Liberté, égalité, fraternité” leads with the word for freedom, and they go to great lengths to explore all the weird corner cases to insure their society is as free as possible.

And that’s what makes me the most angry. I’m certain these acts are going to change that. Not only will it move France to be more restrictive, it will give the more aggressive countries reason to step up military action in the Middle East. A lot more people will die, and most of them will have darker skin. This will create more terrorists, and the cycle will continue.

I hope France and the rest of the world shows some restraint. I’m not, in any way, shape or form, suggesting justice not be sought out, but I’m reminded of something I saw many years ago.

I was living at my parents’ house and my two-year-old nephew was staying with us. It was a beautiful day and so the windows were open, and there was a gentle breeze throughout the house. One strong breeze caught the door behind the boy and slammed it shut. It scared him, so he reached out and smacked the door, as if to punish it. It struck me as a perfect example of a childish reaction – I’m scared and angry so I need to strike out at the nearest thing, whether is makes sense or not.

I hope the world remembers that we are not children.

I don’t have any answers on how to make things better. The best I can do is to promote free and open source software. I know it sounds silly, using FOSS to cure the world’s problems, but in every place I’ve visited (and I’ve been to 37 different countries) I’ve found like-minded people in that community with a strong desire to create new things through cooperation. It creates an environment where anything is possible. In a small way, it creates hope.

I am writing this sitting on my bed at the B&B. It’s cold, and the wind is whipping around the house, but I feel cozy and safe. Here’s a wish that everyone can find a place to be cozy and safe, as well as the hope that tomorrow will be a better day.

Horizon 16.0.4 Security Release

Posted on by Tarus

In response to the Apache Commons library that OpenNMS uses, version 16.0.4 has been released to help secure against a remote exploit.

The exploit involves Java Remote Method Invocation (RMI) which listens on port 1099 by default. In my previous post I pointed out that if that port is inaccessible, then the exploit can’t happen.

What 16.0.4 does is limit RMI to only listen on localhost. While that will prevent remote exploits even in the event port 1099 is blocked via the firewall, it doesn’t completely solve the problem. To fix the root cause of the issue will require changes to Apache Commons, and we are ready to upgrade to the fixed version as soon as it is available.

We tend to be very internally critical of security issues within OpenNMS, and some people complained that my last post wasn’t technical enough. So I’m hoping to correct that with this one, but if you don’t care about such things you should probably skip it (grin). I have started updating the Security Considerations page on the wiki with details about securing OpenNMS in general, and that will have better information for people interested in security and OpenNMS than this blog post.

While blocking external access to port 1099 will secure OpenNMS against this attack for most people, it doesn’t prevent people who have access to the machine from exploiting the vulnerability. This is called a “privilege escalation” attack vs. a “remote exploit”, as a “normal” user can now have rights (i.e. root access) if they are locally on the machine. Most of our users tend to limit shell access to the server, so this shouldn’t be a problem, but in environments that rely heavily on directory services such as LDAP, the default may be to allow non-privileged access to certain users (say, the “IT Group”) that aren’t involved in maintaining OpenNMS.

And there is also the slim chance that there is a vulnerability in our webUI that could allow a user access to the system. We, of course, don’t know of any and we take great care to prevent it, but simply hoping to limit access to the server as a way to prevent this exploit is insufficient.

So, to prevent it entirely, we are removing RMI. It was introduced in the first iteration of the OpenNMS Remote Poller, but real world installation found that getting the proper ports open was a real pain. So instead the remote poller now talks over HTTP/HTTPS (with the latter being the most secure). Most networks have ports 80 and 443 open, so that made things a lot easier.

Until that is introduced (most likely with Horizon 17), it is still a good idea to limit access to the OpenNMS server to only essential people.

Note that Java Management Extensions (JMX) also use serialized objects and thus could be vulnerable. OpenNMS has a JMX port (18980) but it is bound to localhost by default. In fact, all ports are bound to localhost by default in 16.0.4 except for the webUI, port 8980.

There are a number of other steps you can take to harden your OpenNMS server. I’m planning on detailing them on the wiki, but start with only doing a minimal operating system install. The less software on the system, the smaller the chance one will have a vulnerability.

Also, OpenNMS currently runs as the “root” user. This is due to the fact that it needs access to ICMP traffic as well as port 162 for SNMP traps. Both of these require root by default. With some “stupid kernel tricks” you can run OpenNMS as a non-root user, but it has not been heavily tested. We have a detailed list of issues for running as non-root on our Jira instance.

Sorry to drone on about this, but we take security extremely seriously at OpenNMS. We also have to labor under the misconception that Java is inherently unsafe. It is not true, although people still have nightmares from the early issues with client-side Java applets. The Java in OpenNMS is server-side and we don’t use applets, and the language is used securely in a tremendous amount of software.

For comparison, WordPress, an application I love, is currently estimated to run 25% of the world’s websites. It is written in PHP, a language that has a huge track record of security exploits, and many of the spam e-mails I get link to compromised WordPress sites.

It is possible to secure WordPress (we use it for all of our websites as well) but it takes some diligence. We will remain as diligent as we can concerning the security of OpenNMS, and we will continue to take steps to make it even more secure.

Dublin OpenNMS Meetup

Posted on by Tarus

I’m working in Ireland this week, and our UK/Irish Ambassador, Dr. Craig Gallen, used the opportunity to put together an OpenNMS meetup, featuring beer and pizza (grin).

We held it in an office space near Temple Bar thanks to Barry Alistair. Among his many talents, he is also one of the organizers behind IrishDev.com, an on-line community for the Irish Software Developers Network.

Ulf at Dublin Meetup

It was a lot of fun. We socialized for a bit, and Craig had arranged the pizza to arrive at the end of our talks in order to reward folks for listening to us hold forth on the wonders of OpenNMS (the beer was on offer first, ‘natch). Once again I ran long and the pizza was consumed between my introduction and Craig’s presentation. I did an overview of the history of OpenNMS and why using open source, especially for a network management platform, is a Good Thing™.

Craig at Dublin Meetup

Craig’s presentation was much better, and covered a lot of the new features that have recently been added to the application as well as the direction the product was moving (such as being positioned for SDN/NFV/Internet of Thingies). No one left or fell asleep and there were lots of good questions.

Events such as this are one of my favorite things to do, so I want to thank Barry and Craig for making it possible.

The Many Uses of Grafana

Posted on by Tarus

One of the things I love about open source and OpenNMS in particular is watching what people do with it. We knew that we had a great data collector in OpenNMS but sometimes it was hard to display that data in a useful fashion.

OpenNMS is a platform and it is very broad. For example, we do log management, but that is only a small portion of what the application can do, yet there are companies who do nothing but that. So yes, we can display graphs but we don’t necessarily have the resources to focus on making a great data visualization tool.

Enter open source. Torkel Ödegaard has written a great visualization tool in Grafana, so it would be silly for us not to leverage it.

I was at a customer site I and I saw this cool graph:

Grafana Graph

I asked Patrick about it, and he said that he wanted to play with the OpenNMS/Grafana integration so he installed it and within a half hour he had it up and running. He created the graph as a version of the “stacky graphs” you can make in OpenNMS, but it was much easier to do and to maintain.

The name “stacky graphs” came from another customer of ours. They asked me if there was a way to put the bandwidth from all of their peer points on one graph. Now, in OpenNMS, it is easy to make a graph of data from a single device, and it is easy to group multiple graphs together, but it was not easy to put disparate data points on a single graph.

However, OpenNMS is a platform so I was able to find a way. When you create a graph definition in OpenNMS, there are two important fields, called “columns” and “type”. The “columns” value defines the file to look for, say ifInOctets.rrd and ifOutOctets.rrd, and the “type” value tells OpenNMS where to look for those files. So what I did was create symbolic links under the OpenNMS node directory named things like LAX-in.rrd, LAX-out.rrd and NYC-in.rrd, NYC-out.rrd that were linked to the interface RRDs of interest. Then I created a report of type “nodeSnmp” with column names like “LAX-in, LAX-out, NYC-in, NYC-out” etc. Then I could use AREA graphs to print out the data.

This was a pain for a number of reasons. First, you had to do a lot of configuration on the command line. Second, sometimes it is useful to delete .rrd files that haven’t been updated in awhile, but if you aren’t careful you’ll delete the symlinks. Finally, it is a lot of work to add new data sources.

Grafana Graph vs. RRDtool

In this picture you can see the Grafana dashboard in the lower left corner and the OpenNMS “stacky graph” in the upper right. Not only does the Grafana version look better, it will be easier to maintain moving forward.

I am eager to see what others are doing with this, so feel free to check out the integration on the wiki and let me know if you come up with anything cool.

Open Source Software and Corporations

Posted on by Tarus

An interesting post caught my eye this week entitled “Corporations and OSS Do Not Mix” by Ian Cordasco. It was kind of depressing – here was a person who had spent a lot of free time contributing to open source code, but the actions of some users of that code had taken the fun out of it.

My only issue with it was the targeting of “corporations” in the title. At OpenNMS we have a large number of corporate customers and we get along with them just fine. I want to talk about that in a bit, but first I want to address some of the other experiences Ian had that were similar to mine.

When I became the maintainer of OpenNMS back in 2002, I would often get e-mails from people that would start out with “OpenNMS is good, but what you need to do is …”. I used to spend a lot of time responding to them, pointing out that it was open source and anyone can help contribute to it, so they didn’t have to wait on me to do anything, but it never really helped and it turned into a huge time suck. I started to send back a generic e-mail that went along the lines of “OpenNMS is an enterprise product and if you won’t take the time to understand it then you should try something easier like Nagios” which would usually result in a reply calling me an asshole, but it took little of my time and then conversation was over. Now I pretty much just ignore them.

When you create something and share it, you are putting a bit of yourself out there and there are bound to be critics. For the most part they can be ignored, and you have to develop a thick skin to be in this environment. I’ve found that overall the good far outweighs the bad, and if you can learn to brush off the bad you can be very happy working in open source.

People tend to forget that open source “business” is still “business”. People exchange money in return for services. If I had Ian’s talent I would simply set up various custom development options, so when someone complained about a bug he could just return an e-mail with a price list. If you don’t have time to do it, make the prices really, really large – large enough that you would make time to do it. It’s your life – you are in the driver’s seat. I used to give a talk on running an open source business and I always stressed that you should never compete on price, or at least you shouldn’t lead with “my solution is cheaper”. Sure, open source software can provide tremendous savings over the life of the solution, but that doesn’t mean the solution itself is inexpensive to get set up. Done right, it will be better than any proprietary solution, but that doesn’t mean it comes without cost.

Always remember: free software does not mean free solution.

Getting back to dealing with corporations, like any interaction between two parties is it extremely important to set up expectations. You need to clearly outline what the product the client is buying covers (response time, 24/7 support, etc.). If they aren’t buying anything, then you don’t need to worry about them. I chuckled when I read “Well if you’re not going to take this seriously, we’ll have to start using another project.” We often get the “use another project” line and my response is “knock yourself out”. If you want to take this seriously, then pay me for my work. It’s like going into a free kitchen and complaining the soup is too salty.

A more difficult issue comes when someone wants to submit substandard code. This does require a little effort, since you can’t be sure that this isn’t just an eager but inexperienced coder versus someone lazy. Again, expectations are important. If you publish what the base level of quality should be, such as “must include unit tests”, then you can point to that when you don’t accept a submission. Plus, git makes it very easy to track a master branch and just apply your changes, so some sort of reply about how to do that could deflect criticism about the speed in accepting pull requests.

Ian makes a lot of really good points in his post, but I think he misses a point that if you run your open source project like a business then corporations (i.e. other businesses) will respect you and treat you like a business. We have one amazing company that just hired four (!) OpenNMS developers to work on code that they need. While some of it, if not most of it, will address their particular needs, all of it will be put into OpenNMS and they are paying us (gasp) to help project manage that team. That relationship did not happen overnight, but was built on a series of successful projects where we delivered particular value in exchange for money.

Look, I love, by and large, the open source community and I like being a part of it, but that doesn’t mean that open source and business are mutually exclusive. Learning to deal with open source as a business not only insures more open source gets created, but it also keeps it fun.

OpenNMS RMI Exploit

Posted on by Tarus

Recently, my RSS feed on OpenNMS stories turned up an article listing a possible remote code execution exploit in a number of applications, including OpenNMS.

In it, the researcher shows that it is possible to execute code on the OpenNMS server remotely due to a bug in the Apache commons library, which OpenNMS uses.

We’re a little unhappy that they published this without letting us know first (note that the e-mail address “security at opennms dot org” exists for reporting such things), but it is pretty easy to make sure that your instance of OpenNMS is safe. Simply configure the server’s firewall to disable remote access to port 1099 (it will need to remain for localhost).

I was happy to notice that the example he uses seems to be related to OpenNMS running on Windows. It can be a bit tricky to get OpenNMS to work on Windows, and perhaps the Windows default firewall doesn’t block port 1099 so that it why they noticed it.

It is a good idea to run something like iptables on your OpenNMS server and limit remote access to a minimal set of ports. Technically, the only port you really need access to is 8980, which is the default port for the webUI. I would assume that you would want port 22 for ssh access (unless you want to use the console for all configuration). In addition, port 162 should be open for SNMP trap reception.

That should be it. Now the application needs access to other ports (such as 5817 for events) so those need to remain accessible from localhost (127.0.0.1 or ::1) but that limits all exposure to only people who have shell access to the server, which we assume you limit to those people you trust. Remember to include IPv6 firewall rules if you use it.

An easy test to see if that port is remotely accessible would be to run:

telnet [IP or hostname of OpenNMS server] 1099

from a remote system to see if you can access the port. No connection should be made.

Sorry about this, but as I mentioned this wasn’t revealed to us until after the exploit was public. We are looking in to how we can better protect against this issue from a code change standpoint, but until then simply blocking access to the port will prevent most problems. We do plan to have a code fix in place soon.

The Inverter: Episode 53 – They’ve Got a Flamethrower

Posted on by Tarus

Okay, so I’ve been slack at getting this review out, since by now they’ve already had the planning meeting for next week’s show. As they mention at the start of this one, both Jeremy and Jono were unavailable for the last planning meeting so Stuart and Bryan ran with it. It was a good show, but it kind of demonstrates that, like many of us, the guys are very busy and sometimes you just have to soldier on, which I think is a great set up for the quality of this blog post.

I’ve been traveling a lot and I’m about to head out again, in part, to attend two great open source conferences in Europe, but last week found me in Rochester, NY which was an easy drive to Buffalo, where I met up with a recovering Jeremy Garcia.

Jeremy Garcia at Buffalo Proper

Due to my fascination with classic cocktails, we ended up at Buffalo Proper, where it turns out they make great drinks. This was right after the taping of the show, so I heard a bit about it from Jeremy and then listened to it on the plane ride back home.

The first segment talks about all the new cool open source computing devices out there, and if they are just for über geeks or will they ever appeal to the masses. I love reading about all the new toys that are available, but unfortunately I’m so busy that I can’t ever find time to play with them. I bought a Raspberry Pi when it first came out, but after it sat on a shelf for six months I gave it away to someone who might actually have time to use it. It took me forever to get around to making an OpenElec/Kodi PVR and without a specific need it is hard for me to find time to just play. I think these things will become more popular, but it will take time as young people (who tend to have more free time) discover them and start coming up with ways to use them.

Think about Lego. When they just made generic sets of bricks, they were a well known company but not very large. Then they started making sets to build specific things, and the brand took off. We’re are the “generic brick” stage now, but I expect something to come along that will create a huge increase in what things you do with these devices.

I am often jealous of today’s youth. Back when I was in school we didn’t have the Internet, per se, but we did have access to a number of dial up services. I used to call into BBS systems a lot (mainly running WWIV) and even figured out how to dial in to the campus network and access the VAX (which was connected to the Internet). There I could use “talk” to communicate with friends. Now, kids today have access to orders of magnitude more information and more toys. Unfortunately, that comes with the risk of “cyber-bullying” and other problems, but still, for those so motivated the benefits outweigh those risks.

I was surprised they didn’t talk about the ruling by the Librarian of Congress that made it (more) legal to tinker with technology you buy, which I think is a great step toward opening up tinkering at all levels.

The next segment discussed “vigilante malware” which uses the same exploits as regular malware but does it in order to make things less vulnerable to attack. Is this a good thing? The guys all agreeded that having someone change things on your devices with out your permission was “bad”, but they differed on the level of bad. I take a different approach. I work hard to keep my equipment up to date, so my assumption is that I wouldn’t be affected. However, many geeks and most muggles aren’t so aggressive, and so they get owned. This results in things like my mailbox being hit by spam (I get around 150 spam messages a day – most caught and processed by our mail server). This wouldn’t happen if people were more careful, as most spam originates from infected PCs, so I’m all for vigilante malware. Think about it – malware isn’t going away so why not encourage more of the good kind? Think of it like “good” vs. “bad” cholesterol. The only real solution to both is better security practices and better code, and both types of malware are incentives.

I think there is a hole in my logic somewhere. It’s kind of like the joke that you should always take a bomb onto a plane. Because while the chance of there being a bomb on a plane is slim, the chance of there being *two* bombs …

Anyway, the third segment talked about the Owncloud application. I’ve been meaning to play with this for some time (see “no time to play” above) as it looks cool. Take all of the nice features of “cloudy” things like Dropbox, and put them on a server you control. I think this is a fine goal. Plus, Owncloud also includes calendaring and contact management (apparently). We currently use Sogo for that, but it would be neat to integrate that with other things.

The only thing that wasn’t clear to me was the business model. The founder Frank Karlitschek states that Owncloud is not “open core” (or as we like to call it “fauxpensource“) but I’m not clear on their “enterprise” vs. “community” features. My gut tells me that they are on the side of good. I can see having a different license for an “enterprise” feature such as Sharepoint integration, especially if Owncloud has to use a proprietary library in order to get it to work at all, and it doesn’t look like the “server” version is intentionally hamstrung in order to get more business. Only finding the time to play with it will let me know for sure.

The final segment concerned laws about open source. The thesis is that the open source community spends a lot of effort working against laws that limit open source, so why shouldn’t the proprietary software world have to fight against laws that would make open source the norm? From the example above, the Software Freedom Conservancy spent a lot of effort to get the Librarian of Congress to make an exception to allow you to examine the software in various devices you own – why shouldn’t other companies have to fight to keep their code closed?

I think the team got this one right – money. Proprietary software companies get an immediate financial gain when their lobbying efforts pay off, but it doesn’t work for free software. However, I am seeing in these days of cost cutting that there is a movement in some governments to promote open source, so I think it is more of a question of true education than lobbying. One of the issues is that it gets confusing when companies like Owncloud offer an “enterprise” version and it isn’t clear what that means. While it might be 99% open source, all a detractor has to do is say “look, Senator, you have to pay just like you do for our stuff, and you know our stuff”.

Overall, decent episode. I get a mention in the outro as Jono refers to Todd Lewis, one of the people behind the All Things Open conference, as the “Nicest Man in Open Source”. I once held that title, but I would happily cede it to Todd. He is a truly nice guy, and is always willing to give you a hug. I used hug too, until that time I hugged Jono in Munich and what happened next had to be explained to my therapist with dolls.

Upcoming Conferences

Posted on by Tarus

[UPDATE2: My whining paid off and I got moved to the first day at OSMC. At least one round is on me!]

[UPDATE: Yay! Daniel was able to contact the #OSSPARIS15 organizers and I am scheduled to speak.]

I just wanted to drop a quick note about some upcoming conferences. First off, the Call for Papers for next year’s SCaLE conference ends *today*. It’s a great show and they already have some amazing speakers on board, so be sure to get your paper topics in ASAP.

In November I’ll be attending at least one and maybe two conferences. The first is the Open Source Monitoring Conference being held in Nürnberg, Germany.

I love this conference as it really demonstrates the power of true open source communities. While it is mainly focused on Icinga (and you can hear how it is supposed to be pronounced, kind of like “eee-clinga” with a click, but a lot of people just say “eee-sing-ah”), it brings together many of the truly open source projects in the space, such as Zabbix and, of course, OpenNMS, and we all just get along. This year Torkel from Grafana will be there as well, and while I met him at All Things Open I didn’t get to chat with him much, so maybe now I’ll have the opportunity.

And by “get along” I mean drink heavily, and I’m unhappy that I’m speaking (again!) on Day Two as the evening of Day One has a tendency to become the morning of the second day. Luckily it isn’t the first talk of the day like last year so I guess I’ll deal with it (grin). The company that sponsors it, Netways, is actually in the business of hosting such events so it is always top notch.

The second “maybe” conference is the Paris Open Source Summit which is held the same week as the OSMC. This conference is put on by the people who do the Open World Forum, and unfortunately it seems to be plagued with the same lack of organization.

Since I speak at conferences a lot, I tend to run into all the other (more amazing) people who promote open source. Every one of them has complained to me about the lack of communication between the OWF conference organizers and the speakers. While most shows let you know months in advance, the team behind the Open World Forum tends toward the exact opposite. It is extremely hard to get any form of direct communication from them, and years ago I just gave up trying.

When Daniel, my friend in Paris, sent me the information about #OSSPARIS15, I figured I’d give it a shot. As expected, I didn’t hear from them. Not to sound all self-important, but I travel a lot, usually to work with OpenNMS customers, and I need to know as far in advance as possible if I’m speaking at a show. Usually this means I’m giving up some other opportunity, often one that would actually pay the bills. This time I figured that I would be in Europe anyway for the OSMC, so if I got accepted I would just change my return flight.

Last week I started seeing The OpenNMS Group pop up in press releases for #OSSPARIS15, and I found myself on the schedule for Thursday the 19th at 16:00. I wrote to the organizers to confirm and never heard back, but since I love Paris I made plans to be there.

Well, when I sat down to write this post I noticed that I had been removed from the program. (sigh)

This is very frustrating, as every spare cent we make at OpenNMS goes into the project and changes to flights can be expensive. We are investigating to see if this is just an oversight or if, even after the press release, they decided to remove me from the program. Perhaps it is because the website got hacked (grin).

OSSPARIS Website Hecked

I hope to see you at one of these conferences, or at another in the near future.

First Look at Ubuntu Gnome 15.10

Posted on by Tarus

Back when I was an Apple fanboy, I would eagerly await the announcement of new products by Steve Jobs, with one window open to the live blog feed and the other refreshing the Apple Store page so I could be the first to order the new shiny. Steve Jobs made me fall in love with my technology.

I’ve rarely felt that since, but when the new Dell XPS 13 came out I became once again attached to a laptop and I was determined to make it work under Linux.

While it ships with the latest stable Ubuntu release, 14.04, there are issues. Now I often say that we in the open source community suffer an embarrassment of riches when it comes to choice. Since I’ve found that Linux Mint with Cinnamon works best for me I tried it, but I just could not get it to work with the XPS. To address the shortcomings in Ubuntu 14.04, I read Barton’s Blog and decided to upgrade to 15.04. That addressed a lot of the problems, and I used Ubuntu with Unity for awhile, and although Unity was my first real Linux desktop it doesn’t work as well for me anymore. I also found that its HiDPI support was not quite there. I also tried Kubuntu but its HiDPI support (in my experience) was even worse, and since I’d based my laptop I figured I’d give Ubuntu Gnome a shot.

Now I wasn’t one of those haters who just ranted on Gnome 3.0, but when it came out I couldn’t get used to it. However, when I went to install Ubuntu Gnome on the XPS, I was encouraged that the installer recognized out of the box that I was on a HiDPI screen. There have been a lot of changes since that initial release and I found myself warming to it.

I do want to note that while I found all the desktop options I tried to be pleasantly polished, and, well, “pretty”, I decided to stick with Ubuntu Gnome.

A pesky issue with the touchpad and the touch screen required the 4.1 kernel or later. For months I’ve been running mainline kernels, so when 15.10 was announced with the 4.2 kernel standard, I was eager for the upgrade, and I ran it as soon as it became available.

So what does 15.10 offer? All I can really say at the moment is that it offers a pretty painless upgrade process. I ran “do-release-upgrade -d” and after answering a few prompts it went on its merry way.

Wireless worked out of the box (I used to have to futz with the Broadcom driver when on mainline) and overall the system seemed to be pretty smooth. During the boot process I get this error concerning lvmetad which I think is due to the fact that my entire laptop disk is encrypted, but the boot completes without any other issue and I have confidence it will soon be addressed.

Speaking of boot, Ubuntu Gnome has changed the logo on the boot screen. Instead of the familiar foot:

Old Ubuntu Gnome Logo

You get this new one:

New Ubuntu Gnome Logo

Forgive the quality as I had to produce the second image by taking a picture of the screen. While I like that the colors have been softened from black to a gray, I don’t like the new logo, which looks like two U’s mating. I think it is supposed to represent “UG” but I still don’t like it (and I tend to embrace change). I’m hoping someone puts together a splash screen replacement.

The only real issue that is driving me bonkers at the moment concerns the touchpad. One thing Apple just nailed is the touchpad and the Synaptics one on the XPS is oh so close.

The problem I’m experiencing concerns the cursor jumping when I left click. There are no “real” buttons, so you left click by depressing the lower left corner of the touchpad (or clickpad, whatever it is officially called). Sometimes when this happens, instead of registering a click the cursor will jump to the lower left corner of the screen, and *then* click. It is real annoying in Thunderbird since the icon in the lower left corner puts it in offline mode.

I’ve tried most of the suggestions I’ve found in the t00bz but nothing has helped. I just found a reference to HorizHysteresis and VertHysteresis so I’ll play with those values and see if it helps (update – doesn’t seem to). Not quite sure what they do, however. I think the issue has something to do with a finger from my right hand still grazing the touchpad surface when I make the click.

On the upside, the palm detection issues I was dealing with seem to be improved. Not sure if they have been solved but I’m not noticing it as much. Could be that I’ve just modified my typing form to avoid the touchpad better.

Overall, I’m pretty pleased with the upgrade. It should set up a nice base for the next LTS release, 16.04. I’m not quite willing to give up Linux Mint on the desktop just yet, and I’ll probably try out Mint 18 when it is released next year, but Ubuntu Gnome 15.10 has at least made switching a possibility.

One final note, I like the new shiny and I’m willing to put up with a lot in order to play with it. I give money to Dell to encourage them to supply more Linux offerings, but the downside is that Dell leads with devices designed for Windows first. If you want a true Linux experience with zero issues, check out the offerings from System 76. Our Sable all-in-one desktops Just Worked™.

Okay, so that wasn’t the final note. While I doubt any of my three readers work for major laptop vendors, I really want to see a push for physical kill switches on things like the camera and the microphone, such as on the Librem 15. I considered getting one of those but they are a little sketchy on what “PureOS” actually is, and so I’ll wait to see what others think of it first.

2015 All Things Open

Posted on by Tarus

I love going to open source conferences. Despite that I’ve decided to take a hiatus in 2016 so I can focus on some OpenNMS projects that have been languishing. However, I may need to make an exception for All Things Open.

One reason is that it is nearby. It was odd to wake up Monday morning and drive to a show. The other reason is that it just rocks.

Organized by IT-ology (the same people who do POSSCON), the show attracts nearly 1800 people to the city of Raleigh. Since Raleigh is also the world headquarters of Red Hat as well as being next to the Research Triangle Park, you get a great mix of attendees and speakers. It’s popular, so remember to get there early to avoid the registration line:

ATO Line

This year OpenNMS was a sponsor and we decided to have a booth.

ATO Booth

Come over to OpenNMS, we have cookies.

Well, not exactly. The cookies were a snack from the show, but we did have cool #monitoringlove T-shirts featuring Ulf:

ATO OpenNMS Shirts

Our booth was in a great location, right next to the opensource.com folks and just down from the Red Hat booth. On the first day Jim Whitehurst (the amazing CEO of Red Hat) was there signing his book The Open Organization. Afterward, he spent a few minutes talking with Todd Lewis, the main organizer of ATO, and Jason Hibbets let me photobomb the picture:

ATO Photobomb

I also got to meet this guy:

ATO Taras Mitran

Check out his badge:

ATO Taras Mitran's Badge

Yes, this is the fourth “Tarus” I’ve met, but the first who spelled it “Taras”. The first was a “Tauras”, the second a “Taurus” and the third spelled it like me, “Tarus”. I was named after the movie Taras Bulba so his is the traditional spelling (grin).

We had most of the local OpenNMS team there, and we would take turns at the booth and enjoying the conference. I was speaking on Tuesday, so I had Monday free (well, after I finished my presentation).

Monday night there was an event sponsored by GitHub followed by a Speaker/Sponsor dinner at the Sheraton hotel. At our table sat Gianugo from Microsoft (who helps out OpenNMS with an MSDN subscription) and Jono from Bad Voltage (who, well, we’re not sure what Jono does but we think it’s positive). When I met them earlier in the day I wanted to do that whole David Letterman “Uma/Oprah” bit from the Oscars: Gian … Jono. Jono … Gian.

ATO Gian and Jono

The next morning I gave my talk on “Living an ‘Open’ Life”. It was in a small room but it was full, and my only major mistake was that I thought I had 55 minutes and only had 45, so I missed finishing a chunk of the talk. (sigh)

While I spent most of the conference doing booth duty, I did manage to see the Lightning Talks. I’ve always wanted to do a Lightning Talk. These are short, five minute presentations on interesting subjects, and while they didn’t do this at ATO, I really like it when you get 20 slides that automatically advance every 15 seconds.

Whenever I mention my desire to the team to do this, they laugh and point out that I can’t even introduce myself in less than five minutes. I would disagree but as I demonstrated with my ATO talk, it is hard for me to keep things brief. (grin)

The hour started off with a video featuring an interesting story on the Enabling the Future project. I’m bummed that I can’t find the exact video they showed, as it was moving, but it demonstrated how a community of “makers” was helping to provide improved prosthetic arms to people using collaboration and 3D printers. It was exempted from the five minute time limit.

Then Rikki Endsley and Jason Hibbets from opensource.com took the stage:

ATO Rikki and Jason

They were the organizers behind the lightning talks.

I finally got to see Steven Vaughan-Nichols in person.

ATO Steven Vaughan-Nichols

He is a writer who I have been following for years, and I am disappointed that I didn’t get to meet up with him in person. In his presentation he talked about how he got into writing about open source software, as well as the early computers he used that ran Unix, such as the PDP11. My first experience with a PDP11 was one that ran, I think, RSX-11, but all I can remember is writing in FORTRAN on it.

ATO Jamie Duncan

I also enjoyed the talk by Jamie Duncan, who I had spoken with at the Speakers/Sponsors dinner. He is a delightful individual with wonderful stories, such as those involving his time working to fix healthcare.gov. The title of his talk, “Gleaming the Kube”, was a play on a skateboard movie from the late 1980s. He is very outspoken on the fact that containers, such as Docker, are basically made up of kernel tricks and to make them useful you need something like Kubernetes (hence the name of the talk).

ATO Sarah Kahn

There was also a talk by Sarah Kahn about Girl Develop It, an organization aimed at helping women interested in learning code development skills. It was nice to see a large turn out by women at the conference, probably more so than the others I have been to this year, and with kernel contributors like Sarah Sharp feeling the need to leave the kernel development team, women in tech is something that needs to be addressed.

ATO Charlie Reisinger

While all the talks were good, my favorite was from Charlie Reisinger of the Penn Manor School District. They gave students Linux laptops with full root access (gasp!) and were amazed and what they did with it. While technology can be a scary place for the younger generation, too often school overreact in trying to protect students, when in fact technology can be empowering.

ATO Jono Bacon

The final talk was from my friend Jono Bacon, who gets all the cool speaking gigs and makes me jealous. His talk was on the field of behavioral economics, which points out that most traditional economic theory is based on the fact that people should behave rationally when making buying decisions. Behavioral economics demonstrates that with the proper stimulus, people will behave irrationally. I was introduced to this concept through the book Predictably Irrational back in 2008 and even got to meet the author, Dan Ariely, in 2009, when we met for lunch and discussed the power and problems with the word “free”.

While Ariely is definitely an economist, Jono introduced me to Rory Sutherland, who is a prominent figure in the field of marketing. There is a great TED Talk by Sutherland who talks about marketing, influence and behavioral economics, and Jono covered some of the main points by him and others.

(Seriously, the TED Talk is brilliant, especially Sutherland’s take on wine that starts about 10:30, and his thoughts on understanding English around 20:00)

After the Lightening Talks I headed back to the booth. Apparently the Convention Center was hosting another conference that evening and we were asked to take down the booth around 3pm, so we did. Then we headed home, which was nice since I haven’t spent much time there recently and is one of the reasons for my hiatus, but missing ATO in 2016 will be hard for me to do.