Monolith149 Daily

Another place to see what KG is doing...

Docker Without Docker

  • The systemd-nspawn command runs a command or OS in a lightweight namespace container

  • “In many ways it is similar to chroot(1), but more powerful since it fully virtualizes the file system hierarchy, as well as the process tree, the various IPC subsystems and the host and domain name.”

Trying it out (from the article):

systemd-nspawn -D debian-tree/ /bin/echo "hello, outside world!"
$ systemd-nspawn -D debian-tree/ /bin/bash 
$ systemd-nspawn -D debian-tree/ /sbin/init

Some cool things you can do with systemd-nspawn:

“Execute this command on my root filesystem, but roll back any changes at the end”

“Run nginx inside its own container on boot, but limit it to 512 MB of RAM and 200% CPU”

“Give me a container that has its own private network and its own IP and MAC addresses, but map certain ports on the host to the container”

“Run this container with its own daemons in it, and monitor them to make sure they don’t fail”

“Download this container from the Docker Hub and run it every time I boot, but without installing Docker”

Docker Without Docker

So Long Walter H. Haas

Haas devoted his entire life to the study of the Moon and planets.

At a time when professional astronomers held little regard for amateur observers beyond their meteor and variable-star reports, Haas changed the paradigm. First, he published (in 1938, at age 21) his in-depth observations of brightness changes around major lunar craters. Then, four years later, he followed with a four-part, 76-page opus titled “Does Anything Ever Happen on the Moon?” that appeared in the Journal of the Royal Astronomical Society of Canada. These became the opening salvo in a lifelong quest “to arouse interest in a neglected branch of astronomy.”

On March 1, 1947, while still at UNM, he dispatched a self-produced 6-page newsletter titled The Strolling Astronomer. Haas already envisioned this simple missive becoming something bigger: it was subtitled “Association of Lunar and Planetary Observers” and branded with “Volume 1, Number 1.” By the second issue, a month later, the budding ALPO had grown to 41 members. Within six years, the association boasted 350 members from all around the world.

Walter H. Haas (1917–2015) by Kelly Beatty

ALPO

The Terrible Technical Interview

An article from Tech Crunch by Jon Evans on how bad current interview practices are. It’s quite interesting and echoes a lot of my coworkers’ and my recent sentiments.

Traditional technical interviews are terrible for everyone. They’re a bad way for companies to evaluate candidates. They’re a bad way for candidates to evaluate companies. They waste time and generate stress on both sides. Almost everyone, if pressed, will admit this. And yet they persist.

His solution: Every candidate should bring with them a personal side project the have done (this assumes a programming project) that they can present in detail including code walk throughs and answering questions. The interviewer should be prepared to look at this in lieu of asking white board questions and such. This is a fascinating idea, an excellent use of everyone’s time, and could really change the whole process for the better. I don’t hold a lot of hope this idea would ever be widely adopted, if even adopted at all, but maybe.

The Terrible Technical Interview

Gmail Inbox Mistake

Well, that was a mistake. To a large degree I really like Gmail’s new Inbox IOS app, and the desktop version doesn’t look bad either. I’ve used it on a rarely-used account and recently added in anther, more-often-used account so I could try out more interaction. I heard someone on a podcast say, It doesn’t really affect your regular Gmail interface interactions so you can use both at the same time. That seemed to be the case to me, so I thought, okay, I’ll just fire it up on my main Gmail account.

That was a mistake.

So it does have an effect in a particular way. I should have seen it. The Gmail model is to treat messages like to do items and mark them as “Done” when you are finished with them, instead of marking them as “Read.” Marking as “Read” is still there but it’s independent. Of course, “Done” is yet another label though it doesn’t show up in the list of labels so maybe it’s more a kind of state. However, you can search in the regular Gmail for “label:done” and it will find your done messages. (That’s giving away the ending).

With the Inbox app, you can go through and use the little “sweep” icons to sweep away large collections of messages as “Done,” all in one, uh, swoop. Fortunately, it didn’t seem to let me do more than one month at a time. I finally got tired of that, but then went back to check the Gmail view.

My mistake was thinking “Done” in the Inbox app meant “mark as Read” in the Gmail app, which was wrong. So I’d moved hundreds of messages out of my Inbox to who knows where. Well now we all know they no longer had the Inbox label and now had the Done label or state. (And, yes, I’m now going to stop using the quotes around all of these states and labels). Also, as we all should know, in Gmail, you don’t move anything but only ever add and remove labels.

Well, that was a big change. Part of my Gmail organization, written about recently, is how I keep some things in the Inbox and some bypass it and are only in labels.

Now I’d moved the Inbox-only items completely out of site, read or unread.

Thinking quickly, too quickly, and acting too quickly, I realized I could try the search “label:done” and find them all. So I just took that list, clicked the upper left box to check all on the screen, then checked the little link that always pops up that says, “Select all messages that match this search…” to select all of the Done items. Then I just added the Inbox label back to them.

Except now I move a lot of messages (again, hundreds) into the Inbox that formerly my filter had kept from ever being in the Inbox. My levels of email importance, and the underlying sorting, are something like this:

  • Only in the Inbox
  • In the Inbox but with a label
  • Only in a label (not in the Inbox)
  • Only in a label and marked as read on delivery

I should have included that list in my previous post.

I was finally able to mostly clean up this mess by selecting the various labels, select all of the messages, which now had the Inbox label, and click the Archive operation. Archive is Gmail-speak for special operation that just removes the Inbox label.

I should never have believed that the Inbox app would be harmless and wouldn’t have some effect on my regular Gmail account. Gmail desperately wants to manage my email for me (to the point of just taking it over) and, as much as I really like Gmail and think it’s by far the best email solution, I have to beat it down hard with a big stick every time it raises it’s head and tries to attack my email with unwanted help. It’s exhausting.

That’s a metaphor for Google in general and will probably eventually lead, in some large part, to their downfall.

I still like a lot about the Inbox app and it’s interface and I’ll keep experimenting with a much less important account.

Is OS X Yosemite 10.10 Is Safe Without Anti Virus?

In the Apple Support Communities, Linc Davis gives an excellent answer to this question with a summary of the built-in security features of OS X 10.10 and the additional precautions you should take.

All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it “XProtect.”

Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated “Gatekeeper” by Apple. By default, applications and Installer packages downloaded from the network will only run if they’re digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn’t necessarily been tested by Apple, but you can be reasonably sure that it hasn’t been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)

Starting with OS X 10.8.3, a third layer of protection has been added: a “Malware Removal Tool” (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there’s no user interface to MRT.

His answer is the third one down.

Is OS X Yosemite 10.10 is safe without anti virus?

Dealing With Email

I’ve used email since the beginning of the early days of the Internet’s explosion in the mid-80s. It’s gone through quite an evolution as have my methods of managing what is probably a massive flood of incoming information. Since my methods work pretty well for me, I really wouldn’t know.

Lately I hear people either discussing how they fight their huge battle with email, sometimes winning and sometimes losing, and I’m struck by how often they seem to miss some techniques I’ve taken for granted for years now.

In my current job I spend about 20 minutes reading email in the morning. After that, all of the email labels (basically folders if that’s the paradigm you use) are read, I’m at what is sometimes called “inbox zero.” Throughout the rest of the day, I watch for occasional emails from my team and the chain of people I report to. That’s basically it. I never see an email message that I wouldn’t want to.

Here are the main techniques that I’ve found success in using.

NixOS Linux

I don’t recall hearing of NixOS Linux until a tweet crossed my Twitter feed about a new release during the week between Christmas and New Year’s. I looked it up and was fascinating by the new ideas and approaches there. Here’s my awkward summar.

  • Packages are immutable, like values in a functional language. Making configuration changes involves generating a new package.
  • Each package instance, each version, is stored on the system in it’s own directory. Files aren’t installed all over the place in /usr/local/lib, /usr/lib, /usr/local/bin, etc.
  • Due to the above, aliases are much more important than search paths.
  • Also, the dependency tree for a package is very straightforward.
  • System configuration is via a functional language and is a single expression in one file.
  • So you can easily boot and run any configuration, back out changes, etc.

I installed it on a Virtual box VM and played with it briefly. One of the first negative things I noticed was a ps listing. Since each package instance is under a single nixos directory with a directory named by a long random hash, and since every running process is in a bin directory (or some such) in one of those, the path to any running program is a bear.

I pulled down nginx. That was easy. But then I went to configure it and that’s where I came face to face with NixOS’ trade off. You don’t change files in a package. As I understand it so far, you add code into the single configuration file that essentially edits, in this case, the nginx config file in a sort of sed-like way, and produces a new package instance that is used. So a nice and simple config file from nginx was turned into a functional language expression that now requires me to go learn that language.

I stopped at that point but I’m still fascinated by the distribution and the ideas there. There are some nice hard lines and properties of cleanliness here. Once the investment is made in learning the Nix config language, it may be straightforward to move on and maintain systems. For a simple server instance this may be something to try.

So, I’ll move on with it soon and see how it goes.

Nixos.org

Bazaar

From looking at my development directories, it appears that it was in early 2008 that I moved my personal source code control system from CVS to Bazaar. (Before that I’d used RCS and even SCCS) I learned about Bazaar from a coworker, John. It was Python-based, the system used by Canonical for Ubuntu and I found it to work extremely well. Since then, for seven years now, I’ve used it for my personal version management and also as a shadow version control system at work.

It has been extremely stable for me, fast, and I can’t think of any trouble I’ve ever had with Bazaar. However, lately I’ve seen indications that Bazaar is no longer maintained and may be declining as a version control choice. Maybe it was never that popular.

Lately, Git seems to be the version control system of choice and it is the system I use every day for work. I’m wondering if I should start using it for my personal work. The command set and, as they say, “the workflow” is different. It’s not friendly to large binary blobs. That’s probably okay.

I already like it less because, if I want to make a branch of a particular version or another branch to work on, there needs to be a root branch of sorts, a hub to clone the other branch from. With Bazaar you can just branch any branch, merge changes from it, etc. So now I’ll have to make some local hub to clone, push and pull from. Yech. That seems so archaic now.

However, I found this blog post by Jelmer Vernooij who was a primary developer of Bazaar. He basically tells the complete history and also how it’s finally been abandoned for the most part. So, I guess I should start moving on to git.

I won’t even try to convert over my current bzr projects. There is Mercurial which may be worth a look. Ah well.

Contributions from people outside of the Canonical Bazaar team had become rare by mid-2011. In early 2012 the members of the Canonical Bazaar team were assigned to other projects, though we would still fix the occasional bug in Bazaar. Martin left Canonical in April 2012.

During my spare time in the first 6 months of 2012 I tried to finish my remaining in-progress branches. After that, I thought I would see how it would go.

I think it’s time to move on. There are still some things I don’t like about it, but Git is a decent source code management system. Bazaar isn’t going anywhere; no doubt there will be users for a few years to come, and people contributing fixes, but it hasn’t been adopted to the level I was hoping.

Bazaar-NG: 7 years of hacking on a distributed version control system

How Intel Gave Stephen Hawking a Voice

From Wired by Joao Medeiros.

Hawking is very attached to his voice: in 1988, when Speech Plus gave him the new synthesizer, the voice was different so he asked them to replace it with the original. His voice had been created in the early ‘80s by MIT engineer Dennis Klatt, a pioneer of text-to-speech algorithms. He invented the DECtalk, one of the first devices to translate text into speech. He initially made three voices, from recordings of his wife, daughter and himself. The female’s voice was called “Beautiful Betty”, the child’s “Kit the Kid”, and the male voice, based on his own, “Perfect Paul.” “Perfect Paul” is Hawking’s voice.

How Intel Gave Stephen Hawking a Voice