Best posts made by stacksofplates

@mlnews said in What is New in OpenStack Ocata Release:

OpenStack Ocata has been out for a month or so and has some great new features for you to look forward to.

• Auto-healing: Work was done in Heat to make it easier to recover from a service failure. When an outage is detected, you can have Heat automatically spin up a replacement service, and swap it out without any intervention on the part of the operator.

• Composability: Composable roles are a feature whereby you can specify details of how things are deployed, rather than allowing OpenStack to choose. You can, for example, specify that a particular hardware configuration be used for particular services. This is termed Composable Roles. Work was done in Ocata to expand this to composable upgrades, so that these roles are respected across upgrades as well.

• Multi-factor authentication in Keystone: Work was done in Keystone to improve support of MFA, including OTP (One Time Password) support, and per-user token expiration rules.

• NFV: Network Function Virtualization continues to be an area where we're seeing a lot of activity, and so a lot of the work in Nova, Neutron, and various other projects focus on these developments. NFV has become more stable in this release and is more fully integrated into TripleO for ease of deployment. This effort is happening under the Apex project.

• Upgrades: Upgrades were a common theme across all projects, with the emphasis being the ability to upgrade from one release to the next with as close to zero downtime as possible. Much of this work centers around TripleO, Heat, and Mistral, for orchestration and automation of the process.

• Containers: While centered around the Kolla project, containerization was a theme in many of the projects this cycle. The eventual goal, at least according to some, is that OpenStack services will be deployed in containers by default by the Pike release. This, of course, poses a real challenge for the Ocata -> Pike upgrade path (migrating from non-container to container in the course of the upgrade), and that's something that the TripleO people are working hard on.

• Security: TLS-everywhere made strides forward in Ocata, with connections between services moving to TLS. This involves changes to Barbican as well, for key management for the shared keys between services, to ensure that your traffic is secure between components of your cloud, which may be located in different data centers around the world.

• Collaboration: Something I heard more this year than in previous years was talk of collaboration between projects. This has, of course, always been happening. However, at the PTG in Atlanta, it was a major focus, with time set aside for cross-project meetings focusing on the interface between one service and another. I also heard from several people that the PTG allowed a focus, and a camaraderie, that was not possible when the design summit was part of OpenStack Summit. This resulted in fewer interpersonal tensions, and a lot more work getting done.

I really wish I had a reason to set this up.

@hobbit666 said:

@scottalanmiller said:

Easy way is to start with the recommended minimums and monitor over time. Watch the systems to see what the memory is doing and tune up or down as needed. We have a good idea about certain workloads that we deploy regularly so can set good starting points very easily. But for new workloads, you can put in a reasonable guess and then tune.

What's the best method to "monitor" the resources in Linux?

Exactly what @coliver said. Htop and glances are also other popular ones.

@mlnews said:

http://img-9gag-fun.9cache.com/photo/azj94Xx_460s.jpg

I forget which one of the hundred CSI shows if was, but I saw one where they were on a crime scene and couldn't find any evidence. Then they noticed some car tracks, and measured the distance between them and the girl said "that's a 5 foot 9 inch wheel base, that's a Subaru Impreza."

@IRJ said in Google Workers Fired for Leaking Working Condition Information:

This sounds like India to me. Unbelievable they are able to get away with treating people like this here in the United States.

http://www.betsysharp.com/working-for-leapforce-what-it-was-like/

Sounds a lot like the people that talk kids into selling magazines across the country.

@anonymous said:

Not very happy with XenServer

• You have to create your own ISO store (not hard, but seems like it should be built-in)

• XenServer forces you to use a lot of memory when defining VMs. For example, the CentOS won't let you define a VM with less than 1GB of memory. This can be a problem when testing XenServer stuff on small (linux) machines such as a jumpbox.

You can set local ISO stores (XO makes this a lot easier with pretty much just typing the folder and hitting save) and you can change the RAM for a template. You could also not use the templates and just choose other or whatever the option is.

xe vm-param-set uuid=<template uuid> memory-static-min=268435456 memory-dynamic-min=268435456 memory-dynamic-max=268435456 memory-static-max=268435456

That sets the template at 256 MiB

It's snowing here too. And I just got an email to schedule a phone interview as a Systems Engineer

@tim_g said in Quad9 DNS Malicious Domain Blocking Service:

@stuartjordan said in Quad9 DNS Malicious Domain Blocking Service:

@tim_g said in Quad9 DNS Malicious Domain Blocking Service:

@coliver said in Quad9 DNS Malicious Domain Blocking Service:

@tim_g said in Quad9 DNS Malicious Domain Blocking Service:

as none of us are doing anything illegal.

When has that ever mattered?

Do you care that you're being recorded when you walk into a bank? A grocery store? At street intersections? No. Why? Because you aren't doing anything illegal.

But you care about this, even though you have nothing to hide regarding your browsing habits?

Explain to me...

I feel very strongly for right to privacy, the argument of legality of whatever a person does is irrelevant.

Quad9 says they don't store IPs, personal data, etc...

Does Quad9 collect and store personal data?

Quad9 infrastructure does not store any personal data about its users. Please read our complete Data Policy here as there are exceptions for harmful attacks against our infrastructure.
Return to Top
How does Quad9 ensure my privacy?

When an entity or an individual is using the Quad9 infrastructure, their IP address is not logged in our system. We, however, log the geo-location of the system (city, state, country) and use this information for malicious campaign and actor analysis, as well as a component of the data we provide our threat intelligence partners.
Return to Top
What does Quad9 log/store about the DNS queries?

We store details of the DNS records queried, timestamp, and the city, state, and country from where the query came. We do not store source IP information of end user queries.
Return to Top
Does Quad9 share the DNS data that is generated with marketers?

Quad9 does not and never will share any of its data with marketers, nor will it use this data for demographic analysis. Our purpose is fighting cyber crime on the Internet and to enable individuals and entities to be more secure. We do this by increasing visibility into the threat landscape by providing generic telemetry to our security industry partners who contribute data for threat blocking.

https://www.usnews.com/news/articles/2013/07/02/national-intelligence-director-apologizes-for-lying-to-congress

The NSA said they weren't spying on Americans.

No one here believes anything the government says. Just as @JaredBusch said, I trust a for profit company because if they are caught doing something wrong, they will pay for it.

@MattSpeller said:

@johnhooks said:

@MattSpeller said:

I use dd a lot

boobs

80085?

8008135

I just realized that Amazon Cloud Drive will store raw files as images, that's awesome!

We've had that (we being Linux) for how long now?

@MattSpeller said:

I've got a request from HR to setup a way to verify people have read the new policy and agree with it. This is to do away with tedious signing of paper forms as we have staff on lots of remote places on this planet.

The only thing it really needs to do is acknowledge that you've read the darned stuff and agree with it.

I was thinking of a link in the email that you'd click on to "agree", with it going to a website where you enter your name or better yet have it autofilled or something clever like that. Custom links for each person would be tedious.

Requirements:

• Platform or device agnostic; has to work on anything you can get email on (mac, windows, phone, webmail, etc)
• Tracks who read or agreed to the thing (by user name, email, voodoo, sunspots, whatever)
• Even a cave(wo)man could do it

Suggestions?

It might be overkill but I built a messaging system with Drupal for the shop floor. They log in and click a check box that they read the message and save the check.

But a more reasonable thing might be a form using Google forms that's emailed to each person and requires that they check a box or sign their name.

@MattSpeller said:

Replication is broken between all of our sites, AD is puking errors like no tomorrow. Looks like we'll have to recreate most of it from scratch to dump a bunch of legacy garbage.

Best part - boss is going on vacation Thursday for over a month.

Best best part - she's our AD expert.

Bestest part - there's no time to fix any of it before she leaves.

I'd like to order a case of bandaids, hope and bailing wire please.

Add a case of Knob Creek to that also.

I'm assuming this was supposed to be root bug, not foot bug.

@scottalanmiller said:

@Breffni-Potter said:

It might be worth identifying if the boss wants to spend money tackling this issue or if he wants to tackle non productivity.
.

This ^^^^

Blocking Facebook is about proving impotence, it does not fix business problems. Facebook isn't a problem, it's just a website. if the problem is people not working, this isn't a solution. It's avoiding the solution. All it is likely to do is demonstrate to staff that management is out of touch and lacks control. Lots of them will likely not even notice that it has been blocked, people will work around it, use their phones or go to another site.

My guess is this actually hurts productivity because it makes management and IT spend their time and money implementing technical solutions designed to avoid an HR issue.

I always found it amusing that managers wanted to block social media and other "time wasting" sites, but then can walk around and bother/waste other people's time all day.

Just got back from my 2nd UPitt interview. It went really well.

Ubuntu 18.04 has been released:

https://www.ubuntu.com/download

@scottalanmiller said:

Okay, really? I think this is what is called being an "askhole". Guys comes in with zero knowledge of what to do and asks the community what RAID level to select. Everyone, literally every single person, gives the same advice: RAID 6 or RAID 10. Every person.

When he finally responds he has clearly not read one thing on the thread and just says thanks... installing RAID 5 now.

I looked through the thread, what he decided to do was never mentioned once. Not as a joke, not by someone who didn't know better, not as a warning... in no way was it possible that he was confused. He simply asked a question, ignored that people responded and did the dumbest possible thing. He is exactly Hyacinth Bucket asking Richard how his day was.

http://community.spiceworks.com/topic/1423518-raid-questions

You should have recommended RAID 0 and told him to hot swap after his data was copied over.

@RojoLoco said:

@MattSpeller just think if you could get the skin tone to match more closely.... I'd wear them to the bar!

I bet you would have two responses. Women would either really love you, or be immediately creeped out.

And GitLab has had over 10k repos imported from Github in the last 18 hours.

SELinux writes logs to the /var/log/audit/audit.log file, if auditd isn't running then its the /var/log/messages. If you check the logs, it pretty much tells you what you need to do to allow your service.