Planet freenode

April 20, 2017

mquin's blog

#500words day 7

Made it to the last day of the challenge. It's been an enjoyable week. I've not been finding it easy to find things to write about but I am proud at having managed it. I think I will try to continue for as long as I can.

I ran again this morning having taken a rest day yesterday. Pleasantly the weather had improved and it was much warmer than the near-zero temperatures I experienced the last time I was out. I feel that I'm getting back into a groove with it and my times have subtly, but steadily improved over the course of the week.

Related to running, I made a useful discovery that Garmin Connect, the web application that supports my GPS has, at some point in the last couple of years, gained the ability to synchronise with Runkeeper. I use both of these tools for a couple of reasons - partly because when I started running initially I was tracking my runs using a smartphone and used Runkeeper to do that, and partly to keep my data in more than one place to mitigate the risk that one of the applications might go away of lose data.

Up until now I'd been making use of a third-party application to pull the log files from my watch and upload them to Runkeeper in a manual process separate from Garmin's automatic synchronisation to Garmin Connect. I'd been struggling to get the site to work properly having made a recent switch from Firefox to Safari as my day to day browser and this led be to discover that this proccess was no longer necessary. Having authorised the connection between the two web applications the synchronisation process happens almost immediately after I connect the watch to my computer.

The outside world continues to be alarming, a situation that I don't imagine will improve in the next six weeks before the election or really any time soon. Despite all the rhetoric about 'control' over the last couple of years it feels to me that there is an utter absence of it, and we have politicians doing what the have the ability to do with little regard for whether what they are doing is going to be good for the country as a whole in the long, or even short, term.

I'm doing my best to stay positive, but I'm increasingly feeling the urge to keep my head down and my friends close in whatever ways I can.

Had a bit of a panic with these writings yesterday as I somehow managed to end up with an empty file in place of what I'd written on day 5. Fortunately after a lot of head scratching and fiddling around with git and Time Machine in the hope of recovering it I noticed that it was still present, unsaved, in a tab in my editor. Phew. I gather that there are a couple of extensions for Atom to autosave work-in-progress so I'll be exploring those soon.

(500 words) 2017-04-20 0815

April 20, 2017 07:15 AM

April 19, 2017

mquin's blog

#500words day 6

Well, yesterday got off to an unexpectedly interesting start. Over the long weekend one of our systems at work developed an unusual fault which, thanks to a combinations of factors, resulted in the generation of something upwards of 64 thousand email messages to a mailing list that I am on. It took about 90 minutes for my system to process, and then delete all of this.

In the meantime, our Prime Minister announced that she would be making announcements on the steps of 10 Downing Street later in the morning. There was a flurry of speculation on social media as to what sort of announcement might be forthcoming with some being ruled out as having precedent for being made in parliament or elsewhere.

While this was going on I was listening to a presentation by our sales and integration contacts from Hewlett Packard. We're reaching the point where the c7000 BladeSystems that make up the majority of our infrastructure will be coming up for replacement and HP are keen for us to adopt their replacement product - HP Synergy. It does look like an interesting setup, at least from the marketing pitch. The prime selling point is the management system (which exists for the more recent pieces of c7000 equipment, but as we have little of these we have not looked into using it yet) which looks to have a lot of features that will reduce the amount of piecemeal work involved in day-to-day management and operation of the systems, and has deep integration with HP's counterpart storage product - 3par - which we have been making increasing use of. I'm not sure if or when we will be likely to buy into it - technology being useful is one question, funding purchases of it particularly in the current political and economic climate (more on this in a moment) is an entirely different one.

So we returned from the presentation (complete with complimentary donuts) to find that Theresa May had announced that she would be pushing for a General Election to be held in a few weeks time on June 8th. The UK notionally has fixed term parliaments, introduced by new legislation introduced in 2010 to ostensibly prevent a Prime Minister from calling an early election on a whim. The act, however, has provision for an early vote in the event of a non-functional government or a vote in favour of a General Election with a significant parliamentary majority. It is expected the the Labour opposition will support such a vote in this instance, so we're off to the races.

The impression I'm getting from the papers is that this move has been taken by the Prime Minister in an attempt to strengthen her position against other factions within her party. Whether this is the case and whether it will work is anyone's guess. From my own perspective I'm not sure what would be a good outcome. I've got serious reservations about the Labour party but they might be the least worst result. The Liberal Democrats position seems to be rallying following the EU membership vote but how this will translate into parliamentary seats, and what they'll be able to do with those seats, remains to be seen.

In Scotland it will be interesting in itself, with the very real possibility that the SNP will take the entire country, but as we have seen since 2015, controlling every seat in Scotland actually gives them very little influence in Westminster.

As seems to be the permanent state of affairs - Interesting Times.

(591 words) 2017-04-19 0759

April 19, 2017 05:07 PM

April 18, 2017

mquin's blog

#500words day 5

Ran again this morning. Crikey it's cold today, just below zero according to the weather forecast and it certainly felt like it.

Yesterdays lunch was lovely. We were at a place called Mango, in Longcroft, which has an interesting combination of Indian and Italian dishes on its menu. Our party opted for the Indian options and I had the increasingly ubiquitous Haggis Pakora to start, followed by a slow cooked lamb dish that was most delicious - on the spicier side and incredibly tender.

During lunch Laura asked, to my surprise, whether I would like to continue on to Glasgow after the meal to see The Handmaiden. After a little time wandering around the shops as we arrived early, and having bumped into an old friend, we arrived at the GFT.

The Glasgow Film Theatre, to give it its full name, is one of my favourite venues. We're quite spoiled, really, having several wonderful independent cinemas within short driving distance of us in addition to a number of large multiplexes.

The Handmaiden turned out, as I had hoped, to be an interesting film. Drawing from a Sarah Waters novel originally set in Victorian England it transplants the action to Korea and Japan during the Japanese occupation of the Korean Peninsula, and follows what presents itself initially as a caper to steal the fortune of a lonely heiress but which quickly pivots into a much more complicated tale. It's difficult to describe much more of the film without ruining the surprises but suffice to say both myself and Laura enjoyed it, and I'd certainly like to see it again.

I'm going to suggest that we take in Ghost in the Shell this evening as it will be one of the last showings of it locally, as I would still like to see it on a big screen.

Before we went out yesterday I indulged in a another little bit of media consumption and re-watched the first episode of Mad Men which has recently become available on Netflix. I watched the show when it originally aired on Sky Atlantic some years ago and I was curious to see how it had held up against my memory of it. Being a period piece it doesn't particularly date beyond the appearance and performance of the actors differing from my memories of the later series of the show. I found it fascinating again, as I did first time round, how the showrunners set about establishing the setting from the outset, from the obvious things such as the widespread use of cigarettes (blending into Don's challenge to market Lucky Strikes in a regulatory environment which even then was getting hostile towards cigarette advertising), to references to the then recent wars and towards the end of the show Richard Nixon's upcoming election campaign against John F Kennedy.

I'm glad to say that the show feels as good as I remembered it - always a risk when rewatching stuff that without the benefit of novelty it will not hit the same notes. I'm not sure whether I will continue and rewatch more of the show or not - lots of other things to watch and read that I haven't seen before.

(538 words) 2017-04-18 08:21

April 18, 2017 07:21 AM

April 17, 2017

mquin's blog

#500words day 4

I thought about running again this morning but decided that it would be better to take a day and ease my self into it - I don't want to do myself an injury by pushing too hard when I've not been running much lately.

Yesterday didn't quite follow the plan I had expected and we didn't, in the end, take in a movie. Hopefully we'll get a chance to see the films later in the week.

I did watch the Silverstone 6 Hour race which was quite enjoyable, with a close finishes in all of the classes (assisted slightly by a safety car period midway through the race, needed for clean-up following a quite alarming crash by one of the Toyota prototypes). There was plenty of action throughout the race, part of the big draw of multi-class sports car racing for me is that even if the head of the race isn't particularly interesting there is likely to me something else going on elsewhere in the race.

I also watched the Formula 1 race which while not quite as interesting did have its moments, and it is encouraging to see the Ferrari team taking race wins and Red Bull looking close, rather than the procession of Mercedes wins that we saw last year.

Today we'll be having lunch with Laura's parents and some of her family and friends, not for any particular occasion just happenstance that a number wished to get together around the same time. They're all good people so it should make for an enjoyable day.

I'll be back to work tomorrow, and I'm going to have to resume my Open University work. Having submitted an assignment last week I decided to leave it aside for this weekend and get back into it in the evenings from here forward. I'm starting to feel a bit more settled in the work than I was when I started. The module I'm working on is centred on an I.T. project and is meant to be student led. One side effect of this is that in the early stages everything has felt a bit me vague than I've gotten used to OU modules being.

From the comments on the module Facebook group it sees I'm not alone in that perception which is at least reassuring. I'm confident now that I'm starting to get a feel for it that I'll be able to make better progress than I have so far, particularly now that I seem to finally be getting over the winter cold that's been dragging me down and cutting into my study time these last months.

I'm finding the "don't edit" rule of this challenge to be a little, well, challenging. Used to being able to skim over what I've written and make changes as I go along. Thinking about it this may be an element of procrastination in this - moving words around when I've run out of things to say rather than writing new ones.

(500 Words) 2017-04-17 0753

April 17, 2017 06:53 AM

April 16, 2017

mquin's blog

#500words day 3

It's been a busy morning already. I managed to drag myself out for a run just after sunrise, my first since participating in the Southampton Parkrun while we were in the city for Minamicon back in March. It was very pleasant to be out while it was still very quiet and there was little traffic on the roads. On venturing out again to collect my paper having eaten it also appears I managed to just miss a rain shower.

I seem to be talking about habits quite a lot in these posts to far, and running is one that is perhaps a good example of the problem I have with routines - I can be good when I've settled into them, doing something in the same way every day or almost every day becomes easy. When I break a routine, however, it can be difficult to get back into that. I found this when I stopped running after the clocks changed a few years ago and it became to dark in the evening to use my usual route. I avoided a break for a little bit longer last year by taking to treadmill running at the University sports center but again while I was away for a little while over Christmas I lapsed and found it very difficult to motivate myself to get back into it again.

I don't know if there is a solution to that, other than avoiding taking breaks in the first place.

It was nice to get out and about yesterday although Laura was not feeling well enough to come with me, even if it was just to run a couple of errands. It's always nice to spend time with my parents and I'm very thankful of the good relationship I have with them.

We are hoping to catch a couple of movies a the cinema over the next couple of days - 'The Handmaiden' which is a Korean film inspired by the Sarah Waters novel 'Fingersmith', which received very interesting reviews when it screened at film festivals a few months ago, and the live action remake of Ghost in the Shell which despite controversy regarding its casting has been received favourably by friends of mine whose opinions I trust.

It's a busy weekend on the motorsports calendar, with sports car and single seater racing at Silverstone as well as a Formula One race. I decided not to take in any race weekends this year as I wanted to concentrate on my studies but I will admit that I'm a little sad not to be enjoying the proceedings from trackside. Fortunately there is good coverage on TV and online, and while I was driving yesterday I was keeping up with the European Le Mans series race thanks to Radio Le Mans' commentary - the best pictures, in their own words, are on radio.

I should confess that I cheated a little bit on the rules this morning, reporting my run to Facebook before I started writing this, but I resisted the urge to read anything.

(514 words) Sunday 2017-04-16 0819

April 16, 2017 07:19 AM

April 15, 2017

mquin's blog

#500words day 2

On to day 2 of #500words.

I'm feeling quite tired this morning. I stayed up later than I expected to last night and for some reason did not sleep well, just couldn't seem to settle for some reason.

I have stuck to the rule, resisting the urge to dive into my phone after silencing its alarm this morning, and nor have I opened my email.

It looks like it is sunny outside. I think we are going to visit my parents later today so some pleasant weather would be good. We'll be dropping off presents for my niece who has her birthday this weekend and chocolate eggs for her and the rest of my sisters' kids.

Yesterday I'd mentioned how this might fit into another practice that I am working on and in fact it fits into two, although one of them I had lapsed from slightly.

I've never been a brilliant speaker. In particular when I was younger I suffered from stammering and while this has subsided as I have gotten older - I think in part due to being a bit more confident in myself - I do still have troubles with speaking too fast or not clearly enough, particularly when I am nervous or stressed.

What I have been doing to try and work on that is making short audio recordings, just a couple of minutes, of myself speaking out loud while I try to do so clearly and confidently. To that end I have a dynamic vocal microphone mounted on my desk where I've had an audio mixer as part of my sound set up for some time. Along with the computer this gives me a easy way to make recordings.

Up until now I have been mostly speaking about the recording process and any changes I had made to approaching it, along with reading from news articles that interested me on the particular day in question.

Yesterday I read out the first of my #500days posts, and I also experimented with video recording this as well, having figured out a way to use the mounting hardware I have to position my webcam alongside the microphone.

While not quite as strange as listening to my own voice used to be, probably because we're all long used to mirrors, there is something odd about watching yourself speak. I suppose I'll get over that in time if I continue with this.

Despite the aim of this being to create some space from the clamouring of social media it's not easy to not think about the news. I'd probably describe myself as a realist than a pacifist - I think armed conflict should be a last resort but I don't feel we'll ever live in a world where it is completely off the table. What I don't understand it folks, particularly those with power and responsibility, who would charge into war with gleeful abandon. Our history is more than littered with tragedies where all too frequently the success has paled into insignificance next to the cost in human lives.

That's me done for today, time to see what the morning brings.

(526 Words)

Saturday 2017-04-15 0733

April 15, 2017 08:48 AM

April 14, 2017

mquin's blog

The #500words project

The other day, I read a post on medium by Remittence Girl setting out the idea, and some rules for writing a little bit every day, 500 words, before doing anything else, and in particular before getting involved in social media.

This isn't a new or unique idea, many writers and journalists have promoted the idea of a daily writing habit, and there are modern incarnations of the idea including Jeff Goins' 500 words a day challenge and 750 words.

Writing is a bit of an odd thing for me: I do it a lot - my job make extensive use of email and I spend quite a bit of my leisure time on IRC. In my academic work I've usually gotten encouraging feedback about the basic quality of what I've written, but even after six years of Open University study I don't feel that I really understand how to 'write like an academic'. I've made attempts at journaling before, both online and more recently on paper but sticking to the habit, and finding things that I wish to write about, was hard.

As it happens, this might dovetail with another bit of, personal development I suppose you could call it, that I've been working on - rising early. In my adult life at least I've never considered myself to be much of a morning person, and both staying up late and sleeping late have tended to be a pattern that I've fallen in to. With a 9-5 job that has tended to result in mornings that are a rush to get washed and dressed before dashing out the door.

So, for a few weeks now I've been getting up at 0500, which has been harder some days that others. This gives me plenty of time before I need to leave to get ready, have a cooked breakfast if I feel like it, collect my newspaper and listen to the radio, all at a relaxed pace. I've considered taking the time to got for a run but I'm leaving that until the weather warms up a bit.

With that extra time in the morning journaling feels like something I should be able to do, and getting my own thoughts down before I dive into the news and social media ought to be interesting.

Remittence Girl's suggestion is to do this for a week, so I will endeavour to stick to that and should it work out I'll see if I can keep going. I'm writing this in my ikiwiki blog but I've not yet decided whether I will publish it. Blogging is a little bit performative and comes (to me, anyway) with a pressure to write in a way that has a purpose, which feels at odds with what the #500words concept is about. I might publish some posts but not others, or put them up in batches rather than as a day-by-day thing.

This feels to me like a good start and I now have an idea of how much I'll need to write. Now to commit it and see if my ikiwiki still works after two years of neglect.

(523 words)

April 14, 2017 07:50 AM

April 12, 2017

freenode staffblog

PIA and freenode joining forces

I am incredibly excited to be able to share some amazing news with you today. For the last few years, Private Internet Access has been a dedicated supporter of the freenode project and we are delighted to be able to announce that freenode is now officially part of the PIA family.

freenode has been providing services to Free and Open Source Software projects, peer-directed projects and other projects that have a broadly licensed output for the past 18 years, and there is a great deal of overlap between the visions and missions of the two organisations, as well as the projects and organisations the two organisations have supported, albeit in very different ways over the years.

Rob (lilo) founded freenode with the aim of providing a useful service to Free and Open Source Software communities, peer-directed projects and others and I think he would be proud of the growth we have experienced over the years if he were still here to see it.

When I took over freenode following his death, my personal circumstances were very different from what they are now. I had time—oodles of it—and volunteering for freenode was very much a pleasure (by all means, it still is! Otherwise I wouldn't be here). However, over the years, times changed, the project grew, demands grew, my own responsibilities changed, both professionally and personally and I, along with several other senior freenode volunteers, found that we no longer had quite the same amount of time and energy to dedicate to the project.

Following discussion and deliberation we have decided to formally (and legally) ally ourselves with PIA. Freenode will continue to operate as a not-for-profit entity under the same management, with the same principles, but PIA's involvement going forwards will provide us with opportunities and resources that we could previously only dream of. PIA will provide an operating budget, mentorship and support that will allow freenode to implement some of the projects and ideas that have previously been on the backburner due to constraints in terms of volunteer time and resources.

Why? What is the incentive for PIA?

Private Internet Access is committed to bringing the internet back to its original state, where being online meant being in your own private world, exploring, learning and creating. PIA is serious about supporting organisations and individuals that it considers to be in alignment with its mission and freenode is one such project.

The founders of PIA feel that freenode has helped a number of open source projects progress, that freenode helps the community produce the pieces that make the internet work smoothly, piece by piece, and that it empowers people.

For PIA, this is about giving back, giving back to freenode and to the communities that they consider vital to their success and to their mission.

The freenode project would be nothing without its communities. All of our volunteers come from projects that use freenode, projects we are passionate about and projects we want to see continue to succeed.

As part of the PIA family, we can guarantee that the freenode project will continue to operate and that we will have the support and resources to further improve the services that we offer to FOSS communities and others, doing our bit to ensure that you can all continue doing what you do best—making the internet and the world a better place.

What next?

There will be few noticeable changes in terms of day-to-day operations, the freenode project will continue to operate with much the same structure and volunteer base as it does now. We anticipate that group registration will become a quicker process and we look forward to implementing and announcing new features in the future.

On a personal level, I have joined PIA as a full-time employee and I will be holding a dual role. I will continue to head up the freenode project and you will no doubt see and hear more of me as my availability and involvement increases. Some of you might also find yourselves dealing with me in my new role as Director of Sponsorship and Events at Private Internet Access, where I will be heading up the work we undertake to support organisations, campaigns and events globally.

This means that you may bump into me at various conferences throughout the year, and if you do, please do come have a chat—whether about PIA, freenode or the weather!

On the subject of conferences, I am also extremely happy to announce that freenode #live will be taking place at At-Bristol in Bristol, UK on 28-29th October 2017. We will shortly be making a separate announcement as we open up registration and call for papers and I look forward to seeing you there.

Please do not hesitate to drop me a line (/msg christel) on IRC if you have any questions.

Do keep an eye out for more exciting news!

by christel at April 12, 2017 08:03 PM

April 03, 2017

erry's blog

Experimenting with App::Spec

I recently attended a tech meeting of London Perl Mongers (strongly recommended if you happen to be a Perl developer by the way). Amongst other things, I was introduced to App::Spec. App::Spec is a tool that allows you to specify your program’s commands, parameters, options, the values they can take, etc. with through a yaml file. Not only that, but it can also generate a bash file that provides tab-completion, which is clearly the most important thing in the world.

(If you’re interested in the tiny app I wrote for the blog post, the full code is at https://github.com/errietta/AppSpec-Example)

To get started, you need App::AppSpec (confusingly), which provides the commandline tool, appspec. Once you have it, ‘man appspec’ is a good companion on how to use it, but the most basic thing, creating a skeleton app, can be done with just:

appspec new --class App::Converter --name converter.pl

(Obviously replace your classname and script name).

This will generate everything you need to get started:

$ tree
.
├── bin
│   └── converter.pl
├── lib
│   └── App
│       └── Converter.pm
└── share
    └── converter.pl-spec.yaml


4 directories, 3 files

Let’s create a basic unit converter, that converts between centimetres, metres, and kilometres (Those who prefer imperial measures are free to modify as required :P)

What I want to do in the end is to be able to do

perl -Ilib ./bin/converter.pl convert --from km --to cm 100

To convert 100 km to cm, for example.

After experimenting, I have modified the YAML (share/converter.pl-spec.yaml) file thusly:

name: converter.pl 
appspec: { version: '0.001' }
class: App::Converter
title: 'app title'
description: 'app description'


subcommands:
  convert:
  summary: Convert
  op: convert
  options:
  -
    name: "from"
    type: "string"
    summary: "Unit to convert from (cm, m, km)"
    required: true
    values:
    enum:
      - cm
      - m
      - km 
    completion: true
 -
    name: "to"
    type: "string"
    summary: "Unit to convert to (cm m, km)"
    required: true
    values:
    enum:
      - cm
      - m
      - km
    completion: true
  parameters:
  -
    name: amount
    summary: The amount to convert
    required: true
    type: integer

The ‘subcommand’ is what gives my program the ability to do ./bin/convert.pl convert. Right now, my program does only one thing, but I could add more ‘subcommands’ in the future.

The options and parameters are pretty self-explanatory, other than the ‘values’ part. I couldn’t find out what goes in those values, so after looking at the examples and applying a healthy dose of RTFS it turns out they can be ‘op’ (which will call a function with the same name in your module to retrieve an arrayref of parameters/options), ‘ enum’ (which requires an array of possible values in the yaml file), and ‘mapping’ which takes key/value pairs of options.

In this case, I just used enums, which is the simplest option.

When I run ./bin/convert.pl now, it will automatically require the specific options and values. For example, if I run without an amount, it will exit with the following:

Usage: converter.pl  convert <amount> [options]


Parameters:
amount * The amount to convert


Options:
--from * Unit to convert from (cm, m, km)
--help -h Show command help (flag)
--to * Unit to convert to (cm, m, km)
Error: parameter 'amount': missing
An example of error messages output after running the script with incorrect parameters.

It also provides pretty colours!

 

Now that my spec is ready, it’s time to write my actual program.

Not much to mention here, really. The only things to keep in mind is that it needs to subclass ‘App::Spec::Run::Cmd’. Then, everything that has an ‘op’ in the yaml file (for example  my ‘convert’ operation has an op of ‘convert’) needs to have a subroutine with the same name in the module. Finally, it will be passed ($self, $run), where $run (An App::Spec::Run object) can be used to retrieve ->options and ->parameters amongst other things.

 

package App::Converter;
use strict;
use warnings;
use feature qw/ say /;
use base 'App::Spec::Run::Cmd';

sub convert {
  my ($self, $run) = @_;
  my $options = $run-&gt;options;
  my $parameters = $run-&gt;parameters;

  my $to = $options-&gt;{to};
  my $from = $options-&gt;{from};


  my $amount = $parameters-&gt;{amount};

  my $multiply = 1;

  # Convert to CM first

  if ($from eq 'm') {
   $multiply = 100;
  } elsif ($from eq 'km') {
   $multiply = 1000000;
  }

  my $cm = $amount * $multiply;

  $multiply = 1;

  if ($to eq 'm') {
   $multiply = 1/100;
  } elsif ($to eq 'km') {
   $multiply = 1/1000000;
  }

  my $answer = $cm * $multiply;

  say $answer;
}

1;

(Kind of a dumb programme, but it’s just a proof of concept).

As for bin/converter.pl, I pretty much left it at the default, just made sure the $specfile was pointing to the right file.

Using my script now yields resutls:

perl -Ilib ./bin/converter.pl  convert --from cm --to m 100
1
perl -Ilib   ./bin/converter.pl  convert --from m --to km 100
0.01
perl -Ilib  ./bin/converter.pl  convert --from km --to cm 100
100000000

And finally, we can get to bash completion! App::AppSpec can be used to generate a completion script:

$ appspec completion share/converter.pl-spec.yaml --bash  >completion.sh # Ignore the errors..

Then you can do :

source completion.sh

And now your ./bin/converter.pl will have auto completion!

$ export PERL5LIB=$PERL5LIB:/home/errietta/App-Converter/lib
$ chmod +x bin/converter.pl

./bin/converter.pl <TAB>
convert -- Convert 
help -- Show command help 

./bin/converter.pl convert --<TAB>
--from -- Unit to convert from (cm, m, km) 
--help -- Show command help 
--to -- Unit to convert to (cm, m, km)

In closing, App::Spec makes it easy to define your script’s parameters and options with a yaml file, plus provides some goodies like auto-completion. It’s certainly something I want to look into more; however be warned that it does have ‘Experimental’ written all over it :P

 

If you’re interested in the tiny app I wrote for the blog post, the full code is at https://github.com/errietta/AppSpec-Example

by Errietta Kostala at April 03, 2017 04:09 PM

February 17, 2017

freenode staffblog

Django AMA

Start thinking of tricky questions! Once again the freenode community team is pleased to announce another Ask Me Anything (AMA). This time Django will be our guest. Read more about them in the blog post published last week.

This is your chance to ask Django all your questions about them: How do they utilize freenode? How can you contribute? And just who are these Django Girls we've heard so much about? Anything that you would be interested in learning about them, here's your opportunity!

The AMA is scheduled to take place on Wed Feb 22 18:00:00 UTC, 2017, so grab your calendar and make sure you don't miss it. You can watch the AMA in #freenode-ama and participate by asking questions in #freenode-ama-questions during the session. In the meantime be sure to visit their channel, #django, and get a head start on everyone else!

We hope to hold more Ask Me Anything sessions in the future. If this is something your project would be interested in, please reach out to us in #freenode-community or at [email protected].

by Swant at February 17, 2017 05:55 PM

February 08, 2017

freenode staffblog

Django and freenode

For nearly twelve years, the Django Project has endeavoured to improve "the web framework for perfectionists with deadlines." Django is a high-level Python Web framework that encourage rapid development and clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of Web development, so you can focus on writing your app without needing to reinvent the wheel. Of course, it's free and open source.

I’m contracted full-time by the Django Software Foundation as a fellow, to manage some of the administrative and community management tasks of the Django project to support rapid development of Django itself. The fellowship program has a major positive impact on how Django is developed and maintained, and I’d encourage any large open source project to consider a similar program.

The Django community is vibrant across the globe, with many annual conferences and local meetups. Sprints are often held at these events, but Django’s development is mainly coordinated remotely, so good communication tools are important to us.

How Django uses freenode

Our community support channels include #django and the django-users mailing list. Discussions about the development of Django itself are held in #django-dev and the django-developers mailing list. #django-sprint provides a chat for sprint participants, including those who want to join remotely. Finally, private discussions of the Django team are held in the #django-core channel.

To keep our community safe and welcoming, Django's Code of Conduct applies to all spaces managed by the Django project or Django Software Foundation (DSF). This includes IRC, the mailing lists, the issue tracker, DSF events, and any other forums created by the project team which the community uses for communication.

What's next for Django?

We're currently working toward releasing Django 1.11, our next long-term support release, in April. This will be the last version of Django to support Python 2.7. Meanwhile, Django's master development branch is targeting Django 2.0 and will support Python 3 only. More details are available on our roadmap.

If you’re interested in learning more about Django, try our tutorial. If you’re already a Django user and want to start contributing, our documentation is extensive, including advice for new contributors.

by Tim Graham (timograham) at February 08, 2017 07:00 PM

January 21, 2017

freenode staffblog

Fedora AMA

The freenode Community Team is pleased to announce a new opportunity to learn about one of our many groups on freenode. Justin W. Flory (jflory7) from the Fedora project has agreed to follow-up on his recent blog post with an "Ask Me Anything" (AMA) session.

For those of you who might not be familiar with an AMA, as its name suggests, it is an opportunity for you to ask the Fedora project all of those questions that you have been wondering. You can ask about the project itself, how they utilize freenode, ways to start contributing, or any other topics you might be interested in learning more about.

The session is scheduled to take place on Wed Jan 25 18:00:00 UTC 2017. You can watch the AMA in #freenode-ama and participate by asking questions in #freenode-ama-questions during the session.

We hope to hold more Ask Me Anything sessions in the future. If this is something your project would be interested in, please reach out to us in #freenode-community or at [email protected].

by Nathan Handler (nhandler) at January 21, 2017 03:24 PM

January 07, 2017

erry's blog

Debugging with the JavaScript debugger

The Javascript debugger is a great tool for seeing how an application or page behaves or solving a problem when it’s not behaving the right way – without consoie.log all over the place. In this article we will have a look at how it is used.

Let’s have a look at how you would use the JS debugger to understand how a page works (maybe you’re not the one who wrote it, but needs to debug it!)

Here’s the following page:

A page with a header saying 'hello world', a text input field, and a button that changes the header text to the value of the text field when pressed.

JS debugging – main application frontend

This page is very simple: you just type a value in the text field and click on ‘change header’ and the text in the header changes to whatever you typed in your text box. Let’s use the JS debugger to examine how it actually works.

First of all, let’s bring up the JS debugger. This can be done simply by bringing up the chrome developer tools (ctrl+shift+I, or right click the page and click ‘inspect element’), and then clicking ‘sources’. You now need to find the javascript file that is being used, which for our case is test.js, and click on it.

The JS debugger

The JS debugger

Yes, it’s a very dumb script and we’re re-inventing the wheel with ‘$_’, but that’s not the point here. Let’s have a look instead at what the various things in the debugger do.

A trained eye will of course be able to understand what’s going on by just reading the script, but let’s pretend that it’s not so easy because we’re dealing with a much bigger, much more complicated page.

Spotting event listeners

 

Obviously, we know that the text changes when we press the button, so the first thing I would do is to look for event listeners. If you look at the Chrome console, there is a ‘global listener’s section on the right hand side. Ok, so we don’t see our click listener yet, but there’s the listener for ‘load’.

If you click the ‘Window’ under the ‘load’, you get the option to remove the listener, and also some information about the event:

JS debugger - event lsteners

JS debugger – event lsteners

The easiest way to understand what the event does is to right click on ‘handler’ , and click ‘show function definition’. The JS debugger will then scroll to the part of the script where the event listener is, and highlight, of course, our window.addEventListener(‘load’, function() { .. }) code, indicating that that’s the function we want to look at.

Another way to easily spot event listeners is adding a breakpoint on specific types of listeners, which means that the javascript execution will stop when one of those listeners is triggered. Let’s try that out!

In ‘event listener breakpoints’, you can scroll down to ‘mouse’ and click (heh) ‘click’

Event breakpoints

Event breakpoints

Then as soon as you click the button on the page, you will see that the javascript execution is paused, and your debugger will highlight the ‘changeme()’ function in blue, hinting that execution has stopped at that point. This means that that function is being called when the button is clicked – and you now know how the button works and what the function does! (the ‘paused on a “click” event listener’ on the right explains why it stopped to make things less confusing as well)

Breakpoint triggered

Breakpoint triggered

I’ll get to how to take advantage of breakpoints shortly, but first I want to get to a few more ways of adding breakpoints.

Adding break points

So you can trap certain kinds of events, and you’ve probably noticed the ‘pause’ icon on the top right which will just make your code stop when you catch an exception, but what other ways of adding break points have we got?

You can make your javascript code stop at any one line by simply clicking on that line in the debugger (you can remove it the same way if you don’t need it later):

I've clicked on line 7 so the debugger will stop on line 7

I’ve clicked on line 7 so the debugger will stop on line 7

You can do the same by just adding the line ‘debugger;’ anywhere in your code, which I find more convenient some times:

Adding 'debugger' adds a breakpoint.

Adding ‘debugger’ adds a breakpoint.

Taking advantage of breakpoints

Ok, so we can add breakpoints, but they’re not much use if we don’t know what to do with them. So what’s the big deal with them?

First of all, you can see the value of any part of an expression by highlighting it. For example you can highlight “$_(‘header’)” and see that it has resolved to an element. You can also right click the selected text and click ‘evaluate in console’ to immediatelly run the same expression in the JS console and see its result.

Highlighting values in the debugger

Highlighting values in the debugger

Once you’ve stopped at a break point, you can also break again at the next statement, tracing code statement-by-statement, which is really handy. Let’s look at these buttons:

Debugger buttons

Debugger buttons

The second and third buttons (‘step over next function call’ and ‘step into next function call’) are what we use to achieve this. Let’s look at their differences.

First of all, the two buttons do the exact same thing if the statement doesn’t call a function: they just evaluate the statement and pause. But in this case, we’re calling the $_ function. If we click the ‘step into next function call’ we’ll see that the debugger will stop ‘inside’ the $_ function and let us debug that function in the same way:

Stepping into a function

Stepping into a function

As you can see here we’re now inside the $_ function. We can see the arguments it was called with, and we can use the debugger inside that function the same way. If we keep clicking ‘step into next function’, we’ll eventually go back to changeme() when the function call has finished:

back to the original function

back to the original function

This is a really handy way of tracing what a script does step by step!

If you don’t care what the $_ function does, you could have instead clicked the ‘step over next function call’ button. This will go to the next step in ‘changeme’ immediately, without getting you inside of $_.

 

So now our ‘header’ and ‘text’ variables have been set values. You can see in ‘scope’ in the right hand side, all the local and global variables will be listed. This is a very handy way of seeing what the value of a variable is! What’s more you can right click them and click “store as global variable”. This will set them as a global variable and show you that variable in the console (usually temp1, temp2, etc.) and you can then do whatever you want to that variable in your console, which is very useful for debugging

Variable fun!

Finally, once you’re done debugging you can click the blue arrow button blue arrow button to continue execution (until another breakpoint is reached) or this button  button to disable any other breakpoints.

That should cover the basics of the JS debugger, but there are more things you can do such as break at specific AJAX requests (XHR breakpoints), or right click an element in the DOM inspector to add a breakpoint when one of its attributes change (which I can’t seem to get to work for some reason), when it gets deleted, or when its children tree changes.

As per usual, let me know if this was helpful, if you have any questions, or if you want me to post more often :P

by Errietta Kostala at January 07, 2017 04:25 PM

January 03, 2017

freenode staffblog

New Year, New freenode

Well, not entirely new but we are about to embark upon a spot of maintenance and some minor upgrades that could cause some disruption on the freenode network as servers are being brought down for maintenance, etc.

We would like to apologise in advance and further updates will be provided by way of global notices and wallops, depending on what we deem necessary for the interventions concerned.

Thank you for your patience and understanding while we carry out the maintenance and thank you for using freenode!

by christel at January 03, 2017 11:33 AM

December 31, 2016

freenode staffblog

Happy New Year!

Another year comes to an end: 2016, a year many will be glad to see the back of. For many the year has been dominated by uncertainty, by fear, and by sadness—a year dominated, in no small part, by the political shift on both sides of the Atlantic.

And a year dominated by death. We have looked on in surprise as icon after icon has passed away throughout the course of the year. We have looked on in sadness as masses of people have succumbed to terror and war. We have looked on as people try to flee, in search of a better life, often not succeeding. And as a project based in the UK we look on as the government tries to do its best to put an end to our digital rights, to our privacy.

Some years ago, freenode experienced a sudden influx of Arabic-speaking users. They came out of nowhere and there were lots of them. Their arrival caused some distress to the existing communities on the network at the time; freenode predominantly caters to free and open source software developers and users and we were all somewhat perplexed when our network was overrun by teenagers wanting to chat about girls and football. They all seemed to be connecting from Syria.

When Aleppo comes up in the news, many of us find ourselves thinking about those kids and what happened to them. One of our volunteers invested a fair amount of time trying to figure out where they ended up. When discussing it recently, he shared his experience:

“After a few weeks of surreal crazy chaos we worked out that they were using a Java IRC client - and internet café PCs - to connect to our system. They didn't know what it was for or why it existed but they'd found real-time online communication for the first time and were enjoying the shit out of it.

I first used IRC in the 90s when an IRC client was given to me by a friend not very long after it was the medium for some of the first ever real-time citizen journalism during the 1991 Gulf War. In much the same way that someone threw some software at me in a computing lab in Oxford and showed me how to use it to chat, these kids were sharing and collaborating in the streets and using new tools to talk to the guy a computer or a block or a neighbourhood over with equal ease.

While we tried to shepherd a group of unruly teenagers into a corner where they would cause less trouble for everyone else, I got to know a couple of the better English-speakers quite well; they seemed mostly to be basically decent kids growing up much too quickly and experiencing my corner of the internet for the first time. They were mostly in Aleppo.

As the Arab Spring progressed they grew in number and it was genuinely cool watching them discover and explore. But as spring turned to summer and then autumn, they gradually dropped in number and started to vanish. After a while I realised they'd mostly gone, and I tried to track some of the stragglers down to find out what had happened to the ringleader or any of the kids I'd gotten to know.

The ringleader had been killed in shellfire, was the answer. I found his blog. It had been silent for a couple of months. Eventually it fell off the internet when the account was suspended.

When a year later they all seemed to have gone I made more of an effort to do some digital anthropology and figure out just what had happened to them in more depth. I talked to a Lebanese peer who ran some adult Arabic language discussion spaces and he speculated that by that point hey had all died or fled and crossed the border into other countries.”

As we reflect on the sobering condition of the world around us, it would be easy to forget about the positives.

We have the privilege of seeing thousands of people work on thousands of projects they love, and it's humbling and exciting to be allowed to play a small part in each of them. We're extremely grateful for that: we love learning about your projects; we love learning about the different ways in which people communicate and collaborate; we love learning about what you produce and why.

We have exceptionally generous sponsors who not only provide us with hardware and bandwidth but also with their continued time and expertise when required.

Thanks to one such sponsor we have also secured the majority of the requisite funding to put on a two-day live conference which will take place in the UK in August 2017. Further details and a formal announcement will follow early in the New Year. We are incredibly excited and hope that you will join us; we'd love for your project to exhibit or perhaps you could give a talk? Keep an eye out for our announcement!

With that, we would like to thank you all for using freenode and wish you the very best for 2017!

by christel at December 31, 2016 09:46 AM

December 21, 2016

freenode staffblog

Celebrating Fedora 25 with freenode

Celebrating Fedora 25 with freenode

On November 22nd, 2016, the Fedora Project released Fedora 25, the latest and greatest version of our Linux-based operating system. For over thirteen years, the Fedora community has worked to bring the leading edge of open source development to the world. Fedora's focus is guided by its Four Foundations: Freedom, Friends, Features, First. Freedom is representative of Fedora's commitment to championing free and open source software and contributing back to upstream projects for the benefit of the open source community. Features stands for Fedora's commitment to driving some of the newest features First. Some of these examples include the Wayland display server, systemd, and GNOME 3. Perhaps most importantly, Friends are for the friendships made by contributors from around the world who help make every release of Fedora possible. Part of why Friends is an important part of the Four Foundations is communication. Fedora community members come from all over the planet, including six out of seven continents. The tools we use to communicate help us collaborate, solve problems, and build friendships. IRC and freenode are an important part of how we communicate. Fedora registered our first channel on freenode on December 29, 2002. As we celebrate thirteen years of open source collaboration and the newest release of Fedora 25, the Fedora community wanted to reflect on our longstanding relationship with freenode.

How Fedora uses freenode

As a large open source project, there are many different teams and sub-projects in Fedora that help move us toward a new release. Just like there are many parts to a car's engine, there are many parts to Fedora's engine. Some of these groups are officially recognized sub-projects like the Design team, Community Operations, or Docs team. Other times, they are informal Special Interest Groups (SIGs) that bring contributors together to focus on specific topics like programming languages or desktop environments, like the Python SIG or KDE SIG. Usually, each of these groups or teams will have their own IRC channel to coordinate in. The Design team uses #fedora-design, the Python SIG uses #fedora-python… and so on. In total, Fedora has over 175 registered channels to its name. Frequently, teams will hold public meetings in the freenode channels to work through tickets, plan ahead on upcoming tasks, or discuss important topics for their team. There are a series of special meeting channels used for this purpose. Using the MeetBot plugin, Fedora uses our own zodbot to help run meetings, mark up links or important ideas, and create a pretty HTML summary at the end of the meeting. All of these summaries and full logs are found at meetbot.fedoraproject.org.

Tips to using IRC effectively

There are countless different workflows, IRC clients, and handy plugins available to customize the IRC experience. In the spirit of the Friends Foundation and the Code of Conduct, Fedora contributors are encouraged to always be excellent to one another. It's important to follow good manners in any IRC channel, Fedora or any other. Having good manners in IRC are as important as it is in real life. Be courteous to others, and if in doubt, it's good to assume the best intentions by others. IRC is important for Fedora, and many contributors have put together guides of our own as well. You can read more tips from the Fedora team in our IRC Beginner's Guide on the Fedora Magazine.

What's next for Fedora?

As 2016 comes to an end, we're wrapping up on our own new release of Fedora 25. The Fedora community is looking forward to helping drive open source innovation and contributing to the Linux community for many years to come. Fedora currently has more than 2,000 contributors, and in the tenth percentile of active contributors, 65% of them are from the community (State of Fedora, Flock 2016). The Fedora steam engine is chugging ahead, and we're excited to see where it takes us next. We're happy to be able to have shared past, current, and future milestones together with the freenode community. Keep an eye out for Fedora Ambassadors in Europe during DevConf and FOSDEM. You can also find us in North America at BrickHack 2017. And there will be more events all through the year you can keep an eye out for us at!

by Justin W. Flory (jflory7) at December 21, 2016 05:00 PM

December 20, 2016

freenode staffblog

A brief security update from the infrastructure team

A freenode volunteer has identified and responded to a suspected compromise of their e-mail accounts, which could have provided an unauthorised user with limited access to some data sent via internal e-mail systems (this could include support tickets or internal communications).

Naturally, we instigated audit procedures immediately so as to ensure the security of the production network and accompanying infrastructure. The investigation is ongoing, but at this time we have no reason to believe that any other unauthorised access was gained. Nevertheless, in the interests of transparency and security for our users, we wish to notify anyone who may have been affected.

As always, we would still recommend that you ensure that you change any passwords to freenode systems, and be alert to any suspicious activity on your account. We would additionally always recommend that you not share passwords between accounts, especially those spanning multiple providers (please ensure you have a registered e-mail address before changing your password so that it can be reset!).

We will provide further updates if it becomes appropriate to do so; please rest assured that we take the security and privacy of our users very seriously, and work with industry experts and law enforcement where appropriate to investigate and respond to possible security breaches.

by christel at December 20, 2016 05:30 AM

November 30, 2016

Pricey's blog

October 23, 2016

Pricey's blog

October 18, 2016

freenode staffblog

freenode Community Team

Hi,

You might not be aware that freenode has a dedicated community team and that we would be delighted to help your projects get the most from freenode. The freenode community team consists of christel, edk, JonathanD, mquin, Myrtti, nhandler, Swant and tomaw, and we would love to help you spread the word about releases and launches, conferences or events and any other project milestones that may be of interest to our shared communities. We are happy to make announcements on IRC, reshare your social media posts and we would love for you to guest author or co-author a blog post for the freenode website.

If you think this is something that would be useful for your project, please do not hesitate to get in touch with us! You can find us in #freenode-community or drop us a line to [email protected].

Make sure not to miss any interesting news by setting /umode +w (or /mode yournick +w).

by Swant at October 18, 2016 08:34 PM

October 11, 2016

erry's blog

Angular 2: Property binding, event binding, headaches

angular

I have been looking at Angular 2 lately. After being disappointed with the tutorials online, I decided to write my own cookbook on property and event binding.

Property binding

Assuming we want to pass myProp from my-parent to my-child, we need the following.

1) In my-parent template:

<my-child [myProp]="prop" />

Note that in this case “prop” is interpreted meaning it will refer to “this.prop” in your parent template. If you want to have a string you can instead use [myProp]="'prop'"

2)  In the child:

2.1) The child controller

You need to declare the property, and that you are inputting it from the parent.

import { Component, EventEmitter, Input, OnInit } from [email protected]/core';

@Component({    
  selector: 'my-child',    
  templateUrl: './myChild.component.html',
  styleUrls: []
})
export class myChildComponent implements OnInit {
  // Declare the property as an input
  @Input() myProp: number;
  
  constructor() {     
    //note; myProp will not yet be defined here..    
  }
  
  ngOnInit() {
    console.log(this.myProp); // will be defined here!
  }
}

The Input module is needed to specify that myProp is an input, coming from the parent.

The ngOnInit() is not needed, but it’s important to make this point: the value will not be set until ngOnInit() is called, which of course is when the component is ready

 

2.2) The child template:
Of course, you can just use myProp in the template, just like any other variable.

Hello! {{ myProp }}

And that’s it! The property should now be bound to the child!

Event binding

Catch the child’s events from the parent

 

Let’s change our template code from before:

<my-child [myProp]="prop" (onPropChange)="onPropChange($event)"</strong> />

onPropChange is the name of the event we’re listening to, of course, and the value is the function that is called.

Then we can add the following in our parent component:

import { Component, Input, EventEmitter } from [email protected]/core';
...
export class myParentCompnent {
 ... 
  onPropChange(prop) {    
    console.log("changed value", prop);   
  }
}

We need EventEmitter here, and we’ve defined our onPropChange function.

Now in our child, we need to trigger the event somehow.

The JS:

import { Component, Input, EventEmitter, Output } from [email protected]/core';

export class myChildComponent implements OnInit {    
   ..  
   prop: number = 0;
  [email protected]() onPropChange = new EventEmitter();
   
   triggerChange(prop) {
      this.onPropChange.emit(this.prop);   
   }
}

A few things to mention here

  1. Both EventEmitter and Output are needed. EventEmitter, is of course needed to send the event, and Output declares that the component “outputs” the specified property
  2. We declare our change event as an EventEmitter and as an Output. See the <number> by EventEmitter? This specifies that the value we’re sending is a number!
  3. the emit() call near the end is how the event is emitted.

 

Finally, we make a button that’s clicked to trigger the event:

<button (click)="triggerChange(++prop)">Click!</button>

This should demonstrate both how our custom event works and how the built-in click event works at once.

Note that we can call the this.onPropChange.emit() code when we need to send the event; it doesn’t have to be on click. I just used that because it’s a convenient example!

Anyway, now when you click on the button, the parent’s code should be called that will ‘log’ the result.

Two-way binding

 

Angular 1 had ng-model, and Angular2 still has ngModal, which can be used for two-way binding.

The module

First of all, ngModal isn’t enabled by default, so you need to enable it like so:

In your app module, add the following:

import { FormsModule } from [email protected]/forms';

The template

When you want to bind two-ways with one of your properties in your template, you use [(ngModel)] =..

 

For example, if your controller had the following:

import { Component } from [email protected]/core';
export class myCoolComponent implements OnInit {
   ..      
   prop: number = 0;
}

You can easily bind to the “prop” property:

<input type="text" [(ngModel)]="prop" />

 

That’s actually all you need! Now, this.prop will change in your controller code if you change the input value and vise-versa.

by Errietta Kostala at October 11, 2016 05:59 PM

September 18, 2016

freenode staffblog

Resurrecting Tor, continued

Following an embarrassingly long period of no Tor support, we recently blogged about resurrecting Tor.

As of today, Tor users can once more connect to freenode over Tor; the hidden service address is

freenodeok2gncmy.onion

The hidden service requires SASL authentication, as before. In addition, due to the abuse that led Tor access to be disabled in the first place, we have unfortunately had to add another couple of restrictions:

  • You must log in using SASL's EXTERNAL or ECDSA-NIST256P-CHALLENGE (more below)
  • If you log out while connected via Tor, you will not be able to log in without reconnecting.

If you haven't set up the requisite SASL authentication, we recommend SASL EXTERNAL. You'll need to generate a client certificate:

openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes -out freenode.pem -keyout freenode.pem

and consult your IRC client's documentation to find out how to use it to connect. Connect to freenode over TLS on the plain Internet and /msg NickServ CERT ADD to authorise it to your account.

You'll then want to tell your client to try the EXTERNAL mechanism. We lack comprehensive documentation for this, but it's a feature in most modern clients—check their docs for instructions for now.

It's currently not possible to register an account for use with Tor without connecting at least once over the Internet. We're investigating our options, and would like to provide a solution to this in the future.

by christel at September 18, 2016 07:18 PM

September 05, 2016

freenode staffblog

Resurrecting tor-sasl

As many of you will no doubt be aware, freenode used to run a Tor hidden service, providing anonymous access to the network. Unfortunately, this had to be disabled due to concerns about abuse.

We regret that it has taken some time to resolve this issue but we are now almost ready to deploy some software updates that will allow us to re-enable the gateway. We've made one important change: password-based SASL authentication is disabled over the Tor gateway, so you'll need to generate a client certificate and add its fingerprint (/msg NickServ CERT ADD) over a regular connection before connecting.

We'd appreciate your help testing this setup on our testnet. Further instructions can be found in #freenode there. (if you already have a certificate set, the hidden service is at ircs://testnet67chdulhs.onion:6697)

Expect the occasional interruption—even if nothing exciting happens, we still have a few configuration things to take care of. The test network may be reset, rolled back, or shut down at any time.

Thanks for your patience, and thank you in advance for helping to bring Tor access back as fast as possible!

by edk at September 05, 2016 03:09 PM

August 30, 2016

mquin's blog

A small wireless sensor network

Back in the dim and distant I wrote about collecting electricity consumption data. In the intervening time and due to some hardware changes and failures I had stopped doing this.

Recently, Graeme Thomson gave a talk at ScotLUG about the system he is using to monitor temperatures around his house, using a 1-wire sensor network. Inspired by this, I decided to revisit my monitoring efforts.

Graeme's system took advantage of the fact that his house had recently been rewired and at that time he had laid in a number of twisted pair drops into each room, which could easily be patched onto his 1-wire bus.

Not wanting to run more cable around my own flat I decided to look at the possibility of doing the same thing wirelessly, and I remembered, from my Arduino tinkering, about the JeeNode project.

JeeNodes are compact, low-power Arduino-compatible AVR microcontroller boards with onboard wireless modules. They are very versatile and ideal as a basis for all sorts of wireless sensor nodes. They are also relatively inexpensive, particularly when purchased in kit form.

After a bit of tinkering around I settled on a sensor node design consisting of a JeeNode with an AA battery based power supply, and a DS18B20 digital temperature sensor.

Assembled sensor node

I now have four of these scattered around the flat, running a simple sketch that takes a sample from the temperature sensor every minute or so and transmits it back to my central server. The 878Mhz radio system seems to comfortably cover the entire building.

Using one JeeNode per sensor is not the cheapest way of doing this, but saves me pulling cable and leaves me with a lot of flexibility should I wish to expand this system or monitor additional parameters in future.

The end result: pretty graphs, and a better understanding of how the temperature in my flat changes over time.

24 hour temperature graph

Ideas that I have for the future include replacing the node near my server with a Arduino Nano, rather than using wireless to span half a metre, and reuse the JeeNode in another room.

August 30, 2016 11:30 PM

August 06, 2016

freenode staffblog

Happy Birthday to the World Wide Web

25 years ago—On the 6'th of August 1991—the world's first website went live, and it's still there.

In other words, the world wide web is celebrating silver jubilee today.

Imagine where we would've been without it. Would your project exist? Would freenode exist?

On behalf of freenode, I'd like to give all our sponsors a big shoutout, for making freenode possible—read more about who they are on our acknowledgements page.

And lastly we would like to thank you, the people that use freenode, the people who use freenode for your projects, the people that contribute to keeping the internet full of Free and Open Source Software. You are a part of what took the internet this far and a part of what keep it, and a lot of other tech related things, evolving.

Stay with us, it's freenode's porcelain jubilee this year, keep chatting, keep the internet open.

by Swant at August 06, 2016 10:06 PM

July 18, 2016

freenode staffblog

A Reminder

Hi all,

In the distant past, freenode fairly frequently sent /wallops about news of conferences, releases or anything else that might be of interest to the FOSS community. We'd quite like to do more of that, so… if you know of anything that might fit the bill, please drop the community team a line at [email protected] or message me (my nickname is e) on IRC (even if the project in question isn't (yet) registered with freenode).

We'd also like to feature a bit more FOSS news on our blog, so if you're itching to write a guest post for us, I'd love to hear about that as well.

Thanks for using freenode! :)

by edk at July 18, 2016 10:06 PM

July 04, 2016

freenode staffblog

Help protect net neutrality in the EU

As many of you no doubt know, the European Union passed legislation last year intended to protect net neutrality. However, it contained significant loopholes which many people believe will allow European ISPs to prioritise paying partners' traffic. Among other things, this is potentially quite scary for FOSS projects—most of which don't have the kind of funding necessary to enter into such arrangements.

If this is something that concerns you, campaigns aimed at convincing BEREC to close the loopholes are running at https://www.savenetneutrality.eu/ and https://savetheinternet.eu/en/.

by edk at July 04, 2016 02:58 PM

June 07, 2016

Pricey's blog

.uk domain transfers are scary

.uk transfers are a little different:
  • You instruct your old registrar to change the "IPS tag" to point the domain to your new registrar.
  • You tell your new registrar that the domain just assigned to them is yours.
The new registrar then dutifully updates all of Nominet's records. Even if the name... email... address... you provided them with bears no relation to the existing (private?) registration information. Who cares if you had 2 factor authentication enabled on the original Nominet account, your domain is gone.

Nominet says the onus is on the registrar to ensure they verify you're the owner when going through this process. But they don't?

What's to stop someone scraping whois records (that IPS tag is public) and racing to claim the domains you're transferring before you do?

Apparently nothing. A few weeks ago I ran a little test. I registered a new domain at one registrar and immediately asked they change the IPS tag to another. A coworker watched over my shoulder as I retrieved the whois details for my domain to see the tag change, but then I got distracted looking for cake/looking over their shoulder. They set up a new account at the second registrar and claimed the domain, using no secret information and without either registrar or Nominet gaining my consent.

What am I missing? Do some registrars I haven't tried put effort into verifying your ownership? Is it just a few bad actors?

UPDATE: One registrar I've contacted has now promised they've updated their systems to email the owner listed by Nominet for confirmation, before handing over the domain. Minor success...

by Joseph Price ([email protected]) at June 07, 2016 03:28 PM

June 04, 2016

freenode staffblog

User-enabled sendpass

As a network, we feel it is hugely important to maintain close relationships with our many communities and users. Our interactions with users in #freenode and elsewhere on the network, fielding support requests and assisting users, help build and maintain these relationships.

But we're constantly looking for things to change and make better, and one of the pieces of feedback we've had is that users would like a little automation - and the ability to be able to resolve some of their own support requests.

We recognise that allowing users to generate their own password reset e-mails brings us in line with other registration systems online and may provide a higher quality of service.

So for now, if you are having difficulties accessing your account, you can generate your own password reset e-mail using the following command:

/msg NickServ SENDPASS <account>

This command will only work with an offline account (i.e. it won't work if a client is logged into your account via NickServ), and should obviously only be used on an account that you believe is yours.

We will be keeping an eye on how this feature is used, and may retain it permanently if it proves to be helpful and non-harmful!

by njan at June 04, 2016 12:48 AM

Turbulence

As many of you will be aware, freenode has been experiencing intermittent instability today, as the network has been under attack. Whilst we have network services back online, the network continues to be a little unreliable and users are continuing to report issues in connecting to the network.

We appreciate the patience of our many wonderful users whilst we continue to work to mitigate the effects this has on the network.

We also greatly appreciate our many sponsors who work with us to help minimise the impact and who are themselves affected by attacks against the network.

We've posted on this subject before, and what we said then remains as true as ever - and for those of you who didn't read the earlier blogpost first time round, it's definitely worth perusing it now if this subject interests or affects you.

Thank you all for your patience as we continue to work to restore normal service!

[UPDATE 04/02/2014]

At the moment SASL authentication works only on PLAINTEXT, not BLOWFISH. We've checked and TOR should be working too. Sadly wolfe.freenode.net will be taken off the rotation, so those users who've connected specifically to it, please make sure that your client points to our recommended roundrobin of chat.freenode.net!

by njan at June 04, 2016 12:48 AM

The New Policies

One of the several problems that's become obvious in recent times is that we  have too many policies, they're often not consistent with each other, and we've spent too much time and effort wondering whether something, which is obviously the right thing to do, fits with our published policy. With that in mind, the following stripped-back set of policies will apply in future, with the intention that we can set out a simple set of baselines and apply common sense on top of them.

Nickname ownership

Nicknames are allocated on a first-come, first-served basis, to the first person who registers the name with NickServ. However, we expect users to act in good faith and reserve the right to remove a nickname registration where we believe that this has not been the case. Nickname and account registrations expire ten weeks after they are last used. For nicknames, 'used' means that you were using the nickname while logged in to the account which owns it. For accounts, 'used' means that you logged in to the account, regardless of the nickname you used to do so. Nicknames which are the primary account name only expire when the entire account is expired. In some cases, such as for very old accounts, we may, at our discretion, extend the expiry time of a nickname or account. We will not normally do this beyond 15 weeks past the last use.

Some nicknames and accounts, including but not limited to some of those owned by current or former network staff, do not expire at all. These accounts can be identified by the 'Hold' flag in their NickServ info output.

Nicknames and accounts which are expired will not automatically be dropped. Please contact network staff if you would like to take over an expired nickname.

Channel ownership

Channels on freenode fall into one of two categories. Primary channels, which begin with a single # character, are reserved for on-topic projects. If you'd like to take over one of these channels, then you'll need to be associated in some way with the project in question. Topical, or 'about' channels, begin with two # characters, and these are allocated on a first-come, first-served basis to the first person who registers it with ChanServ. As with nicknames, however, we reserve the right to remove or alter registrations where we believe they have not been made in good faith.

Primary channels do not expire with inactivity, though they can be claimed at any time by a representative of an on-topic project with the appropriate name. Topical channels expire after 60 days in which no user on the access list for the channel has joined it.

On-topic Use

freenode's primary goal is to encourage and foster the development and use of free and open source software projects and other peer-directed communities producing broadly licensed creative output. Any project falling under this broad description is likely to be considered on-topic for the purposes of primary channel naming and other project services which we may provide, but individual decisions may be made at the discretion of staff.

Off-topic Use

We expect all users of the network, whether affiliated with a project or not, to act in good faith and in accordance with both their local laws and those applicable where freenode operates. Use of freenode and its facilities is a privilege, not a right, and may be withdrawn where we believe that this has not been the case.

by spb at June 04, 2016 12:48 AM

Services database purge

On or around Friday, October 2nd, we shall be cleaning up the services database. This involves the bulk removal of expired nicks, channels and accounts.

Therefore, please remember to identify to services when you connect ( /msg nickserv help identify ) and to use your grouped nicks whilst identified - remember, they all expire separately.

Nicks that are past the expiry threshold of 120 days unidentified on October 2nd will be freed from the database and available for others to register.

If you have a nick grouped to your account that you'd prefer to use as your main nick, you can change your account name - see /msg nickserv help set accountname for information.

Remember you can use sendpass to recover lost passwords - see /msg nickserv help sendpass.

by mrmist at June 04, 2016 12:48 AM

Server Issues: Update

Following up on our previous blog post, we have continued to investigate the compromise of freenode infrastructure, aided by our sponsors in addition to experts in the field.

NCC Group's Cyber Defence Operations team kindly provided pro bono digital forensic and reverse engineering services to assist our infrastructure team and have recently published a report with some of their findings:

https://www.nccgroup.com/en/blog/2014/10/analysis-of-the-linux-backdoor-used-in-freenode-irc-network-compromise/

NCC's support has been invaluable in aiding us in further securing our infrastructure, and we have already made significant changes to ensure that it is more resilient against further attacks. Our investigation into the compromise is ongoing and we will provide further updates as appropriate.

In the mean time, if you haven't updated your password, we would advise you do so as some traffic may have been sniffed. Simply "/msg nickserv set password newpasshere" and don't forget to update your client's saved password.

Whilst we endeavour to provide a robust service, it is worth bearing in mind that no computer system is ever perfectly secure and many are inevitably breached. For this reason we do not suggest relying entirely on freenode (or any infrastructure) to protect sensitive data, and encourage our users to take further steps (e.g. unique passwords per service, encryption) as part of a defence in depth strategy to safeguard it.

We are extremely grateful to NCC in addition to our many other sponsors for their assistance and continued support. Without the ongoing support of our generous sponsors and wonderful infrastructure team, freenode would quite literally not have a network!

We will be continuing to work with our sponsors in addition to other relevant authorities regarding this breach and any further incidents.

by Pricey at June 04, 2016 12:48 AM

Server issues

Earlier today the freenode infra team noticed an anomaly on a single IRC server. We have since identified that this was indicative of the server being compromised by an unknown third party. We immediately started an investigation to map the extent of the problem and located similar issues with several other machines and have taken those offline. For now, since network traffic may have been sniffed, we recommend that everyone change their NickServ password as a precaution.

Before changing your password, please check your email address in /msg nickserv info and, if needed, update it - see /msg nickserv help set email (remember to check your new email for the verification key). This will ensure that we can send you a password reset email should, for whatever reason, your password change not work properly. If you have no email set on your account or an email set that you cannot access, we cannot send password resets to you, so do please keep this up-to-date.

To change your password use /msg nickserv set password newpasshere

Since traffic may have been sniffed, you may also wish to consider any channel keys or similar secret information exchanged over the network.

We'll issue more updates as WALLOPS and via social media!

by mrmist at June 04, 2016 12:48 AM

Recent Events and Future Changes

Many of you have been asking questions about the recent rash of high-profile staff resignations, and we feel we owe you all both an explanation and an apology.

First, the explanation: in short, it's become clear over recent months that freenode has lost its way somewhat, when compared to the ideals and goals that we were created with. A growing sense of disillusionment amongst those of us who remember the olden days, when we were far more friendly, approachable and engaged in the communities we were set up to serve, has recently come to a head. Naturally, when some of these people decided they could no longer continue with the way things had become, it was time for us to think long and hard about what had gone wrong and what we should do about it.

And so, to the apology. We're uncomfortably aware that freenode was set up with the strong idea that the projects and communities which use it should be the first, and often the only, priority. We've lost sight of that, and we're sorry. We'll be doing our best, from now on, to get back in touch with the ideals that made freenode such a great place.

This won't be easy for us, as we've got years of bad habits to break, but hopefully you should start seeing some improvements in the coming months. If you see anything that we're not doing that would help your communities, please tell us and we'll try our best to find a way to make it happen. You might see a bit of chaos or inconsistency while we try to find our way around again, but please try to bear with us and we hope you'll see things get better in time.

And finally, because we're conscious that a lack of clarity around our leadership structure has not helped matters, we've decided to set out unambiguously how the staff management structure will work from now on. Our activities and operations will be split roughly into four areas, each with a designated lead.

  • mist is head of staff, and in charge of day to day network operations and general staff issues.

  • kloeri is head of infrastructure, in charge of making sure that the network continues to run in a usable fashion and that we have the right hardware and server platforms in place to provide the services we want to.

  • spb is head of development, in charge of the software platforms that we use to run the network.

  • christel is head of projects and communities, and also the overall project lead in charge of the other three heads. She'll be trying to make sure that we get back the levels of engagement that we once had with the projects we're here to serve.

These four, together, will take any decisions that affect the future direction of freenode. While they each have their own area of focus, feel free to contact any of us about any issues you may have -- we try to keep an open (virtual) door policy.

by spb at June 04, 2016 12:48 AM

New Website

If you are reading this you have most probably already realised that our brand spanking new website is up and running. On behalf of freenode I would like to express heartfelt thanks to dsample, edk, Swant, thefam, emerson and SteinSplitter and boxmein -- not only for the help in designing the new website based on a very fickle and constantly changing spec but also for providing tremendously amusing banter and generally being awesome guys! You did beautifully and it has been an absolute pleasure working with you, I can't wait to do it again sometime (soon!).

Oh, and the new website is hosted with Github Pages.

by christel at June 04, 2016 12:48 AM

New extban: $j

We have loaded a new module on the network which provides the $j extban type:

$j:<chan> - matches users who are or are not banned from a specified channel

As an example...

/mode #here +b $j:#timbuktu

...would ban users from #here that are banned (+b) in #timbuktu.

Please note that there are a couple of gotchas:

  • Only matching +b list entries are checked. Quiets (+q) Exemptions (+e) & invexes (+I) are NOT then considered. As such, the following mode change would not alter the behaviour of the first example:

    /mode #timbuktu +e *!*@*

  • Quiets and the quieting effect of bans may not immediately take effect on #here when #timbuktu's ban list changes due to caching by the ircd.

  • $j isn't recursive. Any $j extbans set in #timbuktu are ignored when matching in #here.

We imagine you'll have some more useful use cases than the above.

Thanks for flying freenode!

by Pricey at June 04, 2016 12:48 AM

Helping GNOME defend its trademark

The GNOME project will be familiar to the vast majority of our users, what you might not be aware of is that the project is currently facing an expensive trademark battle against Groupon with the latter having allegedly chosen to infringe upon GNOME's trademark by launching a product with the same name (a POS "operating system for merchants to run their entire operation").

I am not going to go into the details here, as they have been explained by the GNOME project over at http://www.gnome.org/groupon/ and the GNOME folk are in a much better position than me to provide more detailed information on the matter.

What I am going to do is appeal for your help. The GNOME project is looking to raise $80,000 to cover the legal costs involved in defending their trademark. At the time of writing this post the freenode network has 89,998 connected users. Users who are passionate about FOSS.

If each of us donated just ONE DOLLAR to the GNOME project they would cover the anticipated legal costs AND have some spare change leftover for a pint when the proceedings conclude.

Even if you do not use GNOME, please consider helping them out. This is bigger than just GNOME and I think would be fantastic if the FOSS communities could drum together to support our own.

If you head over to http://www.gnome.org/groupon/ you can make a donation directly via PayPal by clicking on the "Help us by donating today" button.

Update: Due to the controversial nature of PayPal, GNOME is now also offering other ways to donate .

Thank you!

Update #2: According to the Groupon blog and this article over at Engadget Groupon has issued the following statement: "Groupon is a strong and consistent supporter of the open source community, and our developers are active contributors to a number of open source projects. We've been communicating with the Foundation for months to try to come to a mutually satisfactory resolution, including alternative branding options, and we're happy to continue those conversations. Our relationship with the open source community is more important to us than a product name. And if we can't come up with a mutually acceptable solution, we'll be glad to look for another name."

I am assuming that this means that the trademarks filed will be retracted and that the GNOME project can go about business as usual. I am certain they will be releasing a statement with further details before long.

by christel at June 04, 2016 12:48 AM

Heartbleed

The recently exposed heartbleed bug in the OpenSSL library has surprised everyone with a catastrophic vulnerability in many of the world's secure systems.

In common with many other SSL-exposed services, some freenode servers were running vulnerable versions of OpenSSL, exposing us to this exploit. Consequently, all of our affected services have been patched to mitigate the vulnerability, and we have also regenerated our private SSL keys and certificates.

In an unrelated event, due to service disruption & the misconfiguration of a single server on our network, an unauthorised user was allowed to use the 'NickServ' nickname for a short period Sunday morning. Unfortunately there is a possibility that your client sent data (including your freenode services password) to this unauthorised client. Identification via SASL, certfp or server password were not affected, but any password sent directly to the "NickServ" user might have been.

Because of these two recent issues, we would like to make the following recommendations to all of our users. It would also be good practice to follow them at regular intervals.

  • Though we are not aware of any evidence that we have been targeted, or our private key compromised, this is inevitably a possibility. SSL sessions established prior to 2014/04/12 may be vulnerable. If your current connection was established prior to this date via ssl then you should consider reconnecting to the network.

  • We would advise that users reset their password (after reconnecting) using instructions returned by the following command:

/msg nickserv help set password

This should help ensure that if your password was compromised through an exploitation of the Heartbleed vulnerability, the damage is limited.

  • In line with general best practice, we would always recommend using separate passwords on separate systems - if you shared your freenode services password with other systems, you should change your password on all of these systems; preferably into individual ones.

  • If you use CertFP, you should regenerate your client certificate (instructions) ****and ensure that you update NickServ with the new certificate hash. You can find out how to do this using the following command:

/msg nickserv help cert

  • Having changed passwords and/or certificate hashes, it cannot hurt to verify your other authentication methods (such as email, ACCESS or CERT). It is possible you have additional access methods configured either from past use or (less likely) due to an account compromise.

  • At the recommendation of the Tor Project, we have regenerated private keys for our hidden services. The new list of addresses is now available on our website. Please update your tor configuration!

  • Finally, it is worth noting that although probably the least likely attack vector, Heartbleed can also be used as client-side attack, i.e. if you are still running a vulnerable client a server could attack you. This could be a viable attack if, for instance, you connect to a malicious IRC server and freenode at the same time; hypothetically the malicious IRC server could then attack your client and steal your IRC password or other data. If affected, you should ensure your OpenSSL install is updated and not vulnerable then restart your client.

As ever, staff are available in #freenode to respond to any questions or concerns.

by Pricey at June 04, 2016 12:48 AM

+freenode

UPDATE: This was of course an April Fool... you can "/msg nickserv set property GOOGLE+" to remove the property from your account. There might still be other secrets within the message though...

freenode4

Edit: Previous versions of the post contained an incorrect NickServ command. We have corrected this and apologise for the inconvenience.

by Pricey at June 04, 2016 12:48 AM

Atheme 7.2 and freenode

Hello!

We've begun some testing on Atheme's latest release, 7.2, and we'd like to invite interested users to help with that.

Not all changes the Atheme project has included in their new release will be included in our Atheme upgrade, so here's the bulk of the changes that will actually affect our network:

  • /msg NickServ DROP will require confirmations from the user similar to the ChanServ variant. This is to prevent people DROPping when they should be GHOSTing or similar.

  • We've loaded two exttargets:

    • $registered to grant flags to all people who are identified to NickServ

    • $chanacs to grant flags to people who have flags in another channel. Please read /msg ChanServ HELP FLAGS for details on how they work.

  • The SASL mechanism DH-BLOWFISH has been removed. People using it can connect via SSL and use PLAIN or upgrade to ECDSA-NIST256P-CHALLENGE. Details of how to do so are here and our SASL page will be updated with the relevant documentation soonish.

You should be able to connect to testnet at testnet.freenode.net Port 9002 for cleartext, and 9003 for SSL. Bear in mind, the database is a couple weeks old, so changes you've recently made on the production network may not be mirrored on the testnet network. Various amounts of staff should be idling in #freenode on testnet at all times, please feel free to poke us with any questions.

Thanks!

by tomaw at June 04, 2016 12:48 AM

April 1st 2014, Followup

It's been almost too long for this blog post to arrive here after the April Fools quiz this year. Thanks to everyone who participated!

The first ten people who completed the challenges are, in descending order of aprilness:

(times are listed in UTC)

  1. 2014-04-02T18:25:17 booto

    2014-04-02T23:36:53 Fuchs *

  2. 2014-04-03T00:29:29 furry

  3. 2014-04-03T01:34:18 mniip

  4. 2014-04-03T09:41:38 jojo

  5. 2014-04-03T16:29:51 redi

  6. 2014-04-03T18:57:21 BlueShark

  7. 2014-04-04T15:33:24 larinadavid

  8. 2014-04-04T22:27:20 Omniflux

  9. 2014-04-04T23:02:19 apoc

  10. 2014-04-04T23:13:02 thommey

(*) user opted out of any prizes

There were 25 additional nicks who completed the quiz and made it to the winner's circle but weren't fast enough to place in the top 10.

The prizes were cloaks for those in the top-10. In addition to the top-10 cloaks everyone else who finished the challenge that 'opted-in' were eligible for the cloak lottery. This was a lottery for 3 runnerup cloaks.

Out of the 25 additional people that completed the challenge, the following 3 won a cloak through the cloak lottery:

  • skasturi

  • danielg4

  • jojoa1997

Here are the riddles and their solutions, in the original order:

  • Level 0

    • The clue was given in the April 1st blog post: IyMjI3hrY2Q=

    • That is the string "####xkcd" encoded using base64.

    • The answer: ####xkcd, which was the first channel in the quiz.

  • Level 1

    • Clue: Tnl2cHItbmFxLU9iby1qbnl4LXZhZ2Itbi1vbmU=

    • This is a rot13'ed and base64'ed string.

    • In Python: "Tnl2cHItbmFxLU9iby1qbnl4LXZhZ2Itbi1vbmU=".decode('base64').decode('rot13')

    • The answer: ####Alice-and-Bob-walk-into-a-bar

  • Level 2

    • Clue: MKWkpKMa

    • This is another string that is encoded with a series of base64 and rot13 transformations.

    • In Python: "MKWkpKMa".decode('rot13').decode('base64').decode('rot13')

    • The answer: ####reddit

  • Level 3

    • Clue: SHg5RkR4SUpIeHFGSnlXVUlJSVFJeHFKCg== | Save this for a later level: https://i.imgur.com/87cX9y4.jpg | 4 decodes needed

    • Yet another string encoded with a series of base64 and rot13 transformations.

    • In Python: "SHg5RkR4SUpIeHFGSnlXVUlJSVFJeHFKCg==".decode('base64').decode('rot13').decode('base64').decode('rot13')

    • This yields: EBEORIETEMETHHPITI

    • Contestants were expected to do a web search for this and find out it is the end of the Zodiac Killer's infamous message.

    • The answer: ####zodiac

  • Level 4

    • Clue: https://i.imgur.com/x4nejBh.png | LaTeX right direction | Google! | No maths needed

    • The topic changed several times as contestants seemed pretty stumped on this level, the topic line above was its final form.

    • The answer: ####exner - this was expected from figuring out what the equation is. Simply put, the equation in the image is Exner's Equation.

  • Level 5

  • Level 6

    • Clue: https://www.dropbox.com/s/emz7xy3p9r2ivxe/wat.unknown (verify the file, sha256sum: 0efade1bb29d1b7fdd65e5612159e262cbd41a2e27ed89a0144701a5556da68f)

    • This file is more stenography:

    • Use 'file' to determine what the file type is.

    • Un-7zip the .unknown file

    • Base64 decode the output

    • Use 'file' to determine that the output is a .jpg

    • Unzip the .jpg

    • Untar two.tar.gz

    • Open the surprised.txt file.

    • The content of surprised.txt is: ####ImSoMetaEvenThisAcronym

    • The answer: ####ImSoMetaEvenThisAcronym

  • Level 7

    • Clue: AQwPfPN1ZBXNfvNj4bPmVR4fVQYPfPNlZBXNfvNkAP4jZhXNflOS and "Da Vinci" | Jules Verne | s/.02/.03/ in the decrypted text

    • The clue is base64'ed and rot13'ed. To decode it in Python: print "AQwPfPN1ZBXNfvNj4bPmVR4fVQYPfPNlZBXNfvNkAP4jZhXNflOS".decode('rot13').decode('base64')

    • This yields: 48° 50′ 0″ N, 2° 20′ 14.02″ E

    • These are GPS coordinates for the Paris meridian.

    • From this and the "Da Vinci" clue contestants were expected to find the Wikipedia page about the Rose Line.

    • The specific quote that contestants were suppose to find:

    "Dan Brown simply invented the 'Rose Line' linking Rosslyn and Glastonbury. The name 'Roslin' definitely does not derive from any 'hallowed Rose Line'. It has nothing to do with a 'Rose Bloodline' or a 'Rose Line meridian'. There are many medieval spellings of 'Rosslyn'. 'Roslin' is certainly not the 'original spelling': it is now the most common spelling for the village."[18]

  • Source

    • The "Jules Verne" clue is suppose to reaffirm to contestants that they were on the right track:

    The competition between the Paris and Greenwich meridians is a plot element in Jules Verne's "Twenty Thousand Leagues Under the Sea", published just before the international decision in favor of the British one.

  • Source

    • The answer: ####roslin
  • Level 8

  • Level 9

    • Clue: ZCLVLLCOIUTKKJSCEKHHHSMKTOOPBA | OGUCSSGAPVGVLUMBTVOGICUNJDHSTB | RUTJJGNXUNTY | Letters that would repeat in a typical word do not repeat in the key(s), example 'freenode' would be 'frenod' | https://i.imgur.com/pGIBjEE.png | http://is.gd/TgNsvm

    • Alright this one is really really really tricky. The topic changed several times.

    • The three strings are encoded with Four-square from the previous level with the same keys.

    • Contestants were expected to use 'UVB' and 'RUSSIA' as keys for the Four-square cipher.

    • It was expected that contestants arrive at 'UVB' from the channel name, ####POVAROVOSOLNECHNOGORSKRUSSIA

    • The former transmitter[27] was located near Povarovo, Russia[28] at 56°5′0″N 37°6′37″E which is about halfway between Zelenograd and Solnechnogorsk and 40 kilometres (25 mi) northwest of Moscow, near the village of Lozhki.

  • Source

    • The is.gd link points to a file that has the "No Q" image from a previous level hidden in it.

    • The "RUTJJGNXUNTY" decrypts to AaronHSwartz

    • The answer: ####AaronHSwartz

  • Level 10

    • Clue: HKGJSUOJVRLGSBELAUHOUIGLVRURWMGTUGJGWTKN

    • Originally this channel (####AaronHSwartz) was suppose to be the winner's circle, however due to too many people leaking answers and channel names, one more challenge was added.

    • Same cipher as before, this time the keys were 'DEMAND' and 'PROGRESS'

    • Demand Progress is an Internet activist-related organization specializing in petitions to help gain traction for legal movements against Internet censorship and related subjects, started by Aaron Swartz, source.

    • The clue decrypts to JOINUSNOWANDSHARETHESOFTWAREWRITTENBYRMS

    • RMS is Richard Matthew Stallman, and 'Join Us Now and Share the Software' is an openly licensed song by Richard Stallman.

    • The answer: ####JOINUSNOWANDSHARETHESOFTWAREWRITTENBYRMS

The topic in ####JOINUSNOWANDSHARETHESOFTWAREWRITTENBYRMS was: Congratulations on solving the freenode's April Fools 2014 Crypto Challenge | Want MOAR? #ircpuzzles

Congratulations to those who participated this year!

The 25 additional people that completed the challenge:

  • 2014-04-05T04:06:53 knivey

  • 2014-04-05T10:00:12 Tordek

  • 2014-04-05T15:40:50 jacob1 *

  • 2014-04-05T15:48:48 stac

  • 2014-04-05T16:24:01 Changaco *

  • 2014-04-05T17:30:01 Arch-TK *

  • 2014-04-05T17:35:05 ar *

  • 2014-04-05T18:16:20 Weetos *

  • 2014-04-05T18:38:39 nyuszika7h

  • 2014-04-05T18:56:26 vi[NLR]

  • 2014-04-05T19:06:38 tkd *

  • 2014-04-05T21:54:56 Chiyo

  • 2014-04-05T22:46:01 slidercrank

  • 2014-04-05T22:54:10 jojoa1997

  • 2014-04-06T00:55:51 Pixelz *

  • 2014-04-06T02:53:25 Transfusion

  • 2014-04-06T02:58:15 DonkeyHotei

  • 2014-04-06T03:04:01 sdamashek *

  • 2014-04-06T03:07:49 Cypi *

  • 2014-04-06T03:36:03 FXOR

  • 2014-04-06T13:44:35 pad

  • 2014-04-06T19:22:06 skasturi

  • 2014-04-06T19:37:13 Bloodhound

  • 2014-04-07T08:16:22 molly *

  • 2014-04-07T14:42:32 Bijan-E

(*) user opted out of the cloak lottery

by yano at June 04, 2016 12:48 AM

AFD quiz

As a tradition, we would like to invite our users to participate in the annual April Fool's Day quiz.

Good luck and have fun! You can join us in #ircpuzzles for casual conversation.

IyMjIyMjQUZEMjAxNlN0YXJ0

by mniip at June 04, 2016 12:48 AM

April 20, 2016

erry's blog

[vlog] this year’s uni projects

It’s … been a while, hasn’t it?

Okay, okay, it’s been three months. I’m currently buried underneath 6ft of Uni work, given this is my final year and my dissertation is due soon.

I’ll try to blog more often once I get into full-time paid employment. However, until then, here’s some demo videos I made for some uni projects:

 

  1. Survey wolf: A survey monkey clone in Laravel (sorry!)
  2. An alternative youtube app for android (because we needed another one)
  3. Sparkitect: The inbred mutant child of of Field Trip and Ingress, an AR application that shows interesting information about historical sites in Huddersfield. Only useful if you’re in Huddersfield.

That’s all for now – I hope to get back to more regular blogging once I’ve submitted my Uni work and survived. IF I survive….

by Errietta Kostala at April 20, 2016 10:02 PM

April 01, 2016

freenode staffblog

AFD quiz

As a tradition, we would like to invite our users to participate in the annual April Fool's Day quiz.

Good luck and have fun! You can join us in #ircpuzzles for casual conversation.

IyMjIyMjQUZEMjAxNlN0YXJ0

by mniip at April 01, 2016 12:00 PM

March 22, 2016

freenode staffblog

New Website

If you are reading this you have most probably already realised that our brand spanking new website is up and running. On behalf of freenode I would like to express heartfelt thanks to dsample, edk, Swant, thefam, emerson and SteinSplitter and boxmein -- not only for the help in designing the new website based on a very fickle and constantly changing spec but also for providing tremendously amusing banter and generally being awesome guys! You did beautifully and it has been an absolute pleasure working with you, I can't wait to do it again sometime (soon!).

Oh, and the new website is hosted with Github Pages.

by christel at March 22, 2016 11:25 PM

February 19, 2016

freenode staffblog

Recent Events and Future Changes

Many of you have been asking questions about the recent rash of high-profile staff resignations, and we feel we owe you all both an explanation and an apology.

First, the explanation: in short, it's become clear over recent months that freenode has lost its way somewhat, when compared to the ideals and goals that we were created with. A growing sense of disillusionment amongst those of us who remember the olden days, when we were far more friendly, approachable and engaged in the communities we were set up to serve, has recently come to a head. Naturally, when some of these people decided they could no longer continue with the way things had become, it was time for us to think long and hard about what had gone wrong and what we should do about it.

And so, to the apology. We're uncomfortably aware that freenode was set up with the strong idea that the projects and communities which use it should be the first, and often the only, priority. We've lost sight of that, and we're sorry. We'll be doing our best, from now on, to get back in touch with the ideals that made freenode such a great place.

This won't be easy for us, as we've got years of bad habits to break, but hopefully you should start seeing some improvements in the coming months. If you see anything that we're not doing that would help your communities, please tell us and we'll try our best to find a way to make it happen. You might see a bit of chaos or inconsistency while we try to find our way around again, but please try to bear with us and we hope you'll see things get better in time.

And finally, because we're conscious that a lack of clarity around our leadership structure has not helped matters, we've decided to set out unambiguously how the staff management structure will work from now on. Our activities and operations will be split roughly into four areas, each with a designated lead.

  • mist is head of staff, and in charge of day to day network operations and general staff issues.

  • kloeri is head of infrastructure, in charge of making sure that the network continues to run in a usable fashion and that we have the right hardware and server platforms in place to provide the services we want to.

  • spb is head of development, in charge of the software platforms that we use to run the network.

  • christel is head of projects and communities, and also the overall project lead in charge of the other three heads. She'll be trying to make sure that we get back the levels of engagement that we once had with the projects we're here to serve.

These four, together, will take any decisions that affect the future direction of freenode. While they each have their own area of focus, feel free to contact any of us about any issues you may have -- we try to keep an open (virtual) door policy.

by spb at February 19, 2016 01:11 PM

The New Policies

One of the several problems that's become obvious in recent times is that we  have too many policies, they're often not consistent with each other, and we've spent too much time and effort wondering whether something, which is obviously the right thing to do, fits with our published policy. With that in mind, the following stripped-back set of policies will apply in future, with the intention that we can set out a simple set of baselines and apply common sense on top of them.

Nickname ownership

Nicknames are allocated on a first-come, first-served basis, to the first person who registers the name with NickServ. However, we expect users to act in good faith and reserve the right to remove a nickname registration where we believe that this has not been the case. Nickname and account registrations expire ten weeks after they are last used. For nicknames, 'used' means that you were using the nickname while logged in to the account which owns it. For accounts, 'used' means that you logged in to the account, regardless of the nickname you used to do so. Nicknames which are the primary account name only expire when the entire account is expired. In some cases, such as for very old accounts, we may, at our discretion, extend the expiry time of a nickname or account. We will not normally do this beyond 15 weeks past the last use.

Some nicknames and accounts, including but not limited to some of those owned by current or former network staff, do not expire at all. These accounts can be identified by the 'Hold' flag in their NickServ info output.

Nicknames and accounts which are expired will not automatically be dropped. Please contact network staff if you would like to take over an expired nickname.

Channel ownership

Channels on freenode fall into one of two categories. Primary channels, which begin with a single # character, are reserved for on-topic projects. If you'd like to take over one of these channels, then you'll need to be associated in some way with the project in question. Topical, or 'about' channels, begin with two # characters, and these are allocated on a first-come, first-served basis to the first person who registers it with ChanServ. As with nicknames, however, we reserve the right to remove or alter registrations where we believe they have not been made in good faith.

Primary channels do not expire with inactivity, though they can be claimed at any time by a representative of an on-topic project with the appropriate name. Topical channels expire after 60 days in which no user on the access list for the channel has joined it.

On-topic Use

freenode's primary goal is to encourage and foster the development and use of free and open source software projects and other peer-directed communities producing broadly licensed creative output. Any project falling under this broad description is likely to be considered on-topic for the purposes of primary channel naming and other project services which we may provide, but individual decisions may be made at the discretion of staff.

Off-topic Use

We expect all users of the network, whether affiliated with a project or not, to act in good faith and in accordance with both their local laws and those applicable where freenode operates. Use of freenode and its facilities is a privilege, not a right, and may be withdrawn where we believe that this has not been the case.

by spb at February 19, 2016 01:11 PM

January 14, 2016

erry's blog

A first look at Cordova: pros and cons

I absolutely love the fact that tools like ionic and Cordova exist. It  means that Web Developers like myself can build hybrid applications (apps that work in both web and mobile) without needing to write native code. However, this doesn’t come without disadvantages. Due to this, I wanted to write a blog post comparing its pros and cons.

Pros

  • Designing android apps no longer a headache
    My experience with native Android was that changing even basic elements, such as the colour of the header bar in your application, meant having to create themes and styles in XML file, and sacrifice a few animals before it worked. Now, I never did any real android development, so it may have just been my own lack of exp in the subject. I know many people are able to make beautiful looking android apps, but personally I find being able to define styling with CSS just like any other web application very helpful.
  • Plugins are great… Mostly.
    Cordova uses plugins to “link” Javascript code to native code in the back end. There are plugins for every feature and platform you can imagine, and even if not, Cordova’s API for writing your own is rather straight forward.
  • Build management
    Cordova creates its own config file for tracking your enabled platforms and plugins. Additionally, it provides commands such as ‘cordova run android/ios’. You don’t need to build your apps using different IDEs and/or command line tools for each platform, Cordova handles it for you.
  • Frameworks like ionic!
    Ionic framework provides an angular code base with native-like widgets you can use. This allows you to have things like tabs, toggle buttons, reorderable lists, etc. in your web application.

Cons

  • Plugins only mostly work.
    I’ve had to fork and modify every single plugin I’ve used so far on my current project. Some was just adding some extra functionality or extra configuration options, but other modifications were more serious, such as having to fix a crash. Just be aware that when using plugins you may have to hunt a bit to find one that works properly… And sometimes have to fix somebody else’s code yourself.
  • UX isn’t native
    Being able to build and design using web tech is great, but the thing is that if you’re not careful with your UI and UX your app will not look or feel like a native app. This isn’t always a bad thing (for example, Facebook, YouTube, twitter, etc… all their apps look the same between platforms rather than adapting the platform’s native UX logic), but it’s definitely something to keep in mind. If your app’s UX needs to feel as much as a native app as possible, then you should at the very least have a different layout and different front-end interactions for each platform you are supporting. Having said that, Cordova means that instead of writing the same application two or three times and maintaining three different code base (one for each platform), you can just have three different layouts.
  • Performance and app size
    Well, this goes without saying. You’re running your  app in a webview, it’s not going to reach native performance. Still, I tried my cordova app in an average android phone, and it performed as well as most native apps from a user perspective, so..

 

by Errietta Kostala at January 14, 2016 11:49 PM

December 04, 2015

erry's blog

November 30, 2015

erry's blog

The long-awaited Mozfest 2015 post!

As I hope you know, Mozfest 2015 took place from November 6 to November 8 2015 at Ravensbourne UK. Mozfest is organised by Mozilla, but it is not entirely about Mozilla products. Instead, it aims to get people together talking about policies Mozilla cares about as an organisation – such as being open, promoting free speech, and working against surveillance.

A quote printed on a piece of paper found in a fortune cookie. It says 'The opposite of "open" isn't closed. The opposite of "open" is "broken" - John Wilbanks @wilbanks'

The opposite of open isn’t “closed”, it’s “broken”

I was invited to Mozilla Festival as part of my new role as a Participation Leader At Global Events™. As Official™ and Important™ as that sounds, it’s really not. Being a participation leader isn’t being above others – on the contrary, it’s encouraging other people to be leaders as well. We can all lead participation, together!

 

A poster at Mozfest explaining participation leaders' role. It says "Participation leaders design for impact, mobilize action and networks, and serve to unleash Mozillian potential"

A poster at Mozfest explaining participation leaders’ role

In the participation space, there was lots of discussion of problems people face contributing. Lack of time and organisation, lack of support for non-technical projects, and the perceived very high barrier to entry were just some of these. However, there was also lots of discussions on solutions, and mainly how we – as participation leaders – can change these things.

A "candy poll" stall at Mozilla festival. The sentence "I know how to participate at Mozilla" is printed on a poster. There are two candy containers, one labelled "yes" and the other "no".

Surely, such a poll could never be skewed…

Apart from sharing ideas on how to participate, there were also practical sessions that helped defeat the notion that the barrier to entry was high, and showed people first-hand how they can be involved – as well as answered any of their questions. I ran my own session in this format, entitled “FirefoxOS app-building workshop”. It was a bigger success than imagined – we must have had about 15 participants! I kept the session very practical, making giving a very small starting tutorial on Firefox OS based on my workshop blog post. I can say that it went better than last year’s session – both in attendance and in participant satisfaction. By the end of the session, everybody had built something, which was exactly what I wanted. If you can build an app in one hour, it can’t be that hard, can it?

A poster for the session I ran at Mozfest. On the left, there is a drawing of a smart phone with "ffOS" written on the screen. On the right, the phrase "Firefox OS app-building workshop - Sunday 14:45 at 401. It's easy!" is written.

The session was far superior to my drawing skills.

 

My inspiration from the festival was to continue spreading the ‘participation bug’ to others. I want them to know how good participating is and how easy it is to get involved. As such, I really want to run a similar workshop to my previous one, or an open source hackathon/workshop in my local community, which is my goal for 2016 as a participation leader!

What do you think? Is that a good idea? What would you do?

by Errietta Kostala at November 30, 2015 01:38 PM

November 12, 2015

erry's blog

Dear circuit laundry: your UX SUCKS!

Ah, the joys of student life. Not only is accommodation absurdly expensive (Over 100 pounds a week to live near campus outside London. I’m not going to mention London prices, because anybody who doesn’t already know them is going to have a heart attack.), but laundry costs on top of that.

And not only that, paying for it is DIFFICULT!

I went to the laundry room and saw I had no credit. So my thought was, “okay, I’ll just top up from my smartphone.” To my dismay, I soon realised it’d have been much faster to just run to my room and do it from my laptop!

First of all, the site is of course not responsive. Way to go to fit a huge site in a tiny screen like that.

Secondly, the only login method is username and password. Despite the fact that you have my laundry card number and my phone number. Seriously. It’s just laundry, not a bank account. Make an easier login system that just texts you a code and for extra paranoia, allow that to only top up.

Thanks to your current system, I could hardly fill out the form because mobile, I needed to reset my password which is also hard to type on mobile, and then log in to PayPal (with two factor auth and all!) and finally pay.

And then I had to swipe my card once to top up, again to confirm, then two more times to start the laundry!

The whole top up took over ten minutes. Absolutely absurd. Had I a choice, I’d not be using your service.

I don’t have a choice, though, so feel free to not change anything.

 

 

 

by Errietta Kostala at November 12, 2015 12:29 AM

November 11, 2015

erry's blog

To me, no localisation is better than bad localisation.

I am Greek, and when I lived in Greece and had my system language to Greek, the first thing I would usually do would when installing a piece of software or visiting a website that realised the fact that I’m Greek would be to ensure it’s set to English. The reason is partly because that’s how most people would use the software in question so I would be able to Google how to do something more easily, but also because sometimes the Greek localisation is… more difficult to understand than if it were just in English. Some things I’ve seen throughout my life:

  • Terrible, incomprehensible grammar thanks to using automated translation software to translate your UI (Don’t do this!)
  • Direct translation of date formats, ending in something that would directly trnaslate as “Of November 11”, which is about as right in Greek as it is in English.
  • Doing half a job, and making it obvious. Non-localised text in the middle of localised text, localised text that hasn’t been updated this century (ISTR the University of Piraeus’ English page mentioning really ancient hardware, while their Greek page didn’t. While I don’t doubt they do have really ancient hardware, I think their failure to remove the evidence from their English page is due to them never updating that page), or straight out leading a user to a non-localised screen without letting them know.
  • Stuff like this:translation-fails

 

What are your favourite localisation fails? Let me know!

 

by Errietta Kostala at November 11, 2015 03:02 PM

October 31, 2015

erry's blog

Firefox OS App building workshop

Hello world

 

Making a basic hello world app is as easy as making a simple web page. You can even do it straight from your browser!

I recommend taking advantage of Firefox’s WebIDE to make firefox OS application building a breeze, at least at first.

Simply press shift+F8, or from the hamburger menu click ‘Developer’ then find ‘WebIDE’. You should see something like this:

Firefox OS IDE

Firefox OS IDE

 

You can use this environment to test already-made apps and even take a look at FirefoxOS’s native apps if you have a debug environment! However, we’re currently going to use it to make a brand-new app.

Simply go to Project->New, and select ‘Hello World’ App, then follow the instructions.

making a new Firefox OS app

making a new Firefox OS app

 

Once done, You should be able to see a list of files in the left-hand side, being “icons/”, “app.js”, “index.html”, and “manifest.webapp”. (If not, make sure View->Toggle Editor is enabled.)

index.html and app.js work exactly like they would for any other website. If you open them, you’ll see regular HTML and JavaScript code. The only “special” file currently here is “manifest.webapp”. This is required for Firefox OS Web apps, and it tells the OS some information about the app:

{
"name": "HelloApp",
"description": "A Hello World app",
"launch_path": "/index.html",
"icons": {
"16": "/icons/icon16x16.png",
"48": "/icons/icon48x48.png",
"60": "/icons/icon60x60.png",
"128": "/icons/icon128x128.png"
},
"developer": {
"name": "Your name",
"url": "http://example.com"
}
}

You can change the name, description, and developer name and URL to match you and your app. launch_path may also be interesting for more advanced apps, as it’s your app’s default/first page.

If you want to take this hello world app for a go, you need to either plug in a phone or install a simulator, which you can do from the ‘select runtime’ menu, and install the newest stable (2.2)

Selecting a runtime for the IDE

Selecting a runtime for the IDE

Once you’ve installed the simulator, you can launch it in the same way.

You can then launch your app by clicking the ‘play’ button. You can also click the ‘wrench’ button, to get your regular web developer tools!

App debugging

App debugging

As you can see, we easily got a ‘hello world’ app, and it can be inspected easily just like any normal website.

Adding firefox and online APIs

Now we can make this into a basic weather app. Let’s start by adding a few things to our HTML file:

<html>
  <head>
    <title>
      My app
    </title>
    <script src="jquery.js"></script>
  </head>
  <body>
  <div id="offline" style="display:none">
    <img src="offline_cloud.png">
  </div>
  <div id="data">
  </div>

    <script src="app.js"></script>
  </body>
</html>

I added JQuery for AJAX requests. The #offline Div will be displayed when we detect we’re offline (more on that in a bit), #data will hold the data we’ll get from the weather API, and I included a script file, app.js which we’ll be writing.

var appid = 'your-app-id';

function handleChange() {
    //firefox API
    updateHTML(!navigator.onLine);
}

//we get passed on a boolean that's true if we're offline.
function updateHTML(isOffline) {
  console.log(isOffline);
    //remember #offline div?
    var offline = document.getElementById('offline');

    if (isOffline) {
        offline.style.display = '';
        updateData(getOfflineData());
    } else {
        offline.style.display = 'none';

        //getAPIData accepts a function as an argument, which it calls once it's done.
        setInterval(function() {
            getAPIData(
                function(data) {

                    //firefox OS api!
                    window.navigator.vibrate(200);
                    updateData(data);
                });
        }, 60000);

        getAPIData(
            function(data) {
                window.navigator.vibrate(200);
                updateData(data);
            });
    }
}


handleChange();


//check if we're still online
setInterval(
    handleChange,
    60000
);


function getAPIData(callback) {
    var dataDiv = document.getElementById('data');

    if (!dataDiv.innerHTML) {
        dataDiv.innerHTML = "loading...";
    }

    $.ajax({
            url: "http://api.openweathermap.org/data/2.5/weather?q=London,uk&units=metric&appid=" + appid,
        })
        .done(function(data) {
            
            if (callback && typeof callback === 'function') {
                callback(data);
            }

            console.log("Sample of data:", data);
        });
}

function updateData(data) {
  if (!data || !data.main) {
        return;
    }
  
    window.localStorage.setItem('data', data);
    var dataDiv = document.getElementById('data');
    console.log(data);
   
    dataDiv.innerHTML = data.main.temp;
}

function getOfflineData() {
    return localStorage.getItem('data');
}

You should now have a basic weather app!

Resources

Now what? How do I expand on this?

https://developer.mozilla.org/en-US/Apps/Build/Building_apps_for_Firefox_OS

https://developer.mozilla.org/en-US/Apps/Build/Building_apps_for_Firefox_OS/Firefox_OS_app_beginners_tutorial

 

– Mozilla’s guides on app building

https://developer.mozilla.org/en-US/Marketplace/Publishing/Introduction

how to publish an app

 

by Errietta Kostala at October 31, 2015 11:45 PM

October 27, 2015

Md's blog

Per-process netfilter rules

This article documents how the traffic of specific Linux processes can be subjected to a custom firewall or routing configuration, thanks to the magic of cgroups. We will use the Network classifier cgroup, which allows tagging the packets sent by specific processes.

To create the cgroup which will be used to identify the processes I added something like this to /etc/rc.local:

mkdir /sys/fs/cgroup/net_cls/unlocator
/bin/echo 42 > /sys/fs/cgroup/net_cls/unlocator/net_cls.classid
chown md: /sys/fs/cgroup/net_cls/unlocator/tasks

The tasks file, which controls the membership of processes in a cgroup, is made writeable by my user: this way I can add new processes without becoming root. 42 is the arbitrary class identifier that the kernel will associate with the packets generated by the member processes.

A command like systemd-cgls /sys/fs/cgroup/net_cls/ can be used to explore which processes are in which cgroup.

I use a simple shell wrapper to start a shell or a new program as members of this cgroup:

#!/bin/sh -e
CGROUP_NAME=unlocator

if [ ! -d /sys/fs/cgroup/net_cls/$CGROUP_NAME/ ]; then
  echo "The $CGROUP_NAME net_cls cgroup does not exist!" >&2
  exit 1
fi

/bin/echo $$ > /sys/fs/cgroup/net_cls/$CGROUP_NAME/tasks

if [ $# = 0 ]; then
  exec ${SHELL:-/bin/sh}
fi

exec "$@"

My first goal is to use a special name server for the DNS queries of some processes, thanks to a second dnsmasq process which acts as a caching forwarder.

/etc/dnsmasq2.conf:

port=5354
listen-address=127.0.0.1
bind-interfaces
no-dhcp-interface=*

no-hosts
no-resolv
server=185.37.37.37
server=185.37.37.185

/etc/systemd/system/dnsmasq2.service:

[Unit]
Description=dnsmasq - Second instance
Requires=network.target

[Service]
ExecStartPre=/usr/sbin/dnsmasq --test
ExecStart=/usr/sbin/dnsmasq --keep-in-foreground --conf-file=/etc/dnsmasq2.conf
ExecReload=/bin/kill -HUP $MAINPID
PIDFile=/run/dnsmasq/dnsmasq.pid

[Install]
WantedBy=multi-user.target

Do not forget to enable the new service:

systemctl enable dnsmasq2
systemctl start dnsmasq2

Since the cgroup match extension is not yet available in a released version of iptables, you will first need to build and install it manually:

git clone git://git.netfilter.org/iptables.git
cd iptables
./autogen.sh
./configure
make -k
sudo cp extensions/libxt_cgroup.so /lib/xtables/
sudo chmod -x /lib/xtables/libxt_cgroup.so

The netfilter configuration required is very simple: all DNS traffic from the marked processes is redirected to the port of the local dnsmasq2:

iptables -t nat -A OUTPUT -m cgroup --cgroup 42 -p udp --dport 53 -j REDIRECT --to-ports 5354
iptables -t nat -A OUTPUT -m cgroup --cgroup 42 -p tcp --dport 53 -j REDIRECT --to-ports 5354

For related reasons, I also need to disable IPv6 for these processes:

ip6tables -A OUTPUT -m cgroup --cgroup 42 -j REJECT

I use a different cgroup to force some programs to use my office VPN by first setting a netfilter packet mark on their traffic:

iptables -t mangle -A OUTPUT -m cgroup --cgroup 43 -j MARK --set-mark 43

The packet mark is then used to policy-route this traffic using a dedicate VRF, i.e. routing table 43:

ip rule add fwmark 43 table 43

This VPN VRF just contains a default route for the VPN interface:

ip route add default dev tun0 table 43

Depending on your local configuration it may be a good idea to also add to the VPN VRF the routes of your local interfaces:

ip route show scope link proto kernel \
  | xargs -I ROUTE ip route add ROUTE table 43

Since the source address selection happens before the traffic is diverted to the VPN, we also need to source-NAT to the VPN address the marked packets:

iptables -t nat -A POSTROUTING -m mark --mark 43 --out-interface tun0 -j MASQUERADE

October 27, 2015 03:02 AM

September 18, 2015

freenode staffblog

Services database purge

On or around Friday, October 2nd, we shall be cleaning up the services database. This involves the bulk removal of expired nicks, channels and accounts.

Therefore, please remember to identify to services when you connect ( /msg nickserv help identify ) and to use your grouped nicks whilst identified - remember, they all expire separately.

Nicks that are past the expiry threshold of 120 days unidentified on October 2nd will be freed from the database and available for others to register.

If you have a nick grouped to your account that you'd prefer to use as your main nick, you can change your account name - see /msg nickserv help set accountname for information.

Remember you can use sendpass to recover lost passwords - see /msg nickserv help sendpass.

by mrmist at September 18, 2015 08:58 AM

August 25, 2015

RichiH's blog

Tor-enabled Debian mirror, part 2

Well, that was quite some feedback to my last post; via blog, email, irc, and in person. I actually think this may be the most feedback I ever got to any single blog post. If you are still waiting for a reply after this new post, I will get back to you.

To handle common question/information at once:

  • It was the first download from an official Tor-enabled mirror; I know people downloaded updates via Tor before
  • Yes, having this in the Debian installer as an option would be very nice
  • Yes, there are ways to load balance Tor hidden services these days and the pre-requisites are being worked on already
    • Yes, that load balanced setup will support hardware key tokens
  • A natively hidden service is more secure than accessing a non-hidden service via Tor because there is no way for a third-party exit node to mess with your traffic
  • apt-get etc will leak information about your architecture, release, suites, desired packages, and package versions. That can't be avoided, but else it will not leak anything to the server. And even if it did.. see above
  • Using Tor is also more secure than normal ftp/http/https as you don't build up an IP connection so the server can not get back to the client other than through the single one connection the client built up
  • noodles Tor-enabled his partial debmirror as well: http://earthqfvaeuv5bla.onion/
    • It took him 14322255 tries to get a private key which produced that address
    • He gave up to find one starting with earthli after 9474114341 attempts
  • I have been swamped with queries if I had tried apt-transport-tor instead of torify
    • I had forgotten about it, re-reading the blog post reminded me about apt transports
    • Tim even said in his post that Tor hidden mirror services would be nice
    • Try it yourself before you ask ;)
    • Yes, it works!

So this whole thing is a lot easier now:

# apt-get install torsocks apt-transport-tor
# mv /etc/apt/sources.list /etc/apt/sources.list--backup2
# > /etc/apt/sources.list << EOF
deb tor+http://vwakviie2ienjx6t.onion/debian/ unstable main contrib non-free
deb tor+http://earthqfvaeuv5bla.onion/debian/ unstable main contrib non-free
EOF
# apt-get update
# apt-get install vcsh

by Richard &#x27;RichiH&#x27; Hartmann at August 25, 2015 11:11 PM

Tor-enabled Debian mirror

During Jacob Applebaum's talk at DebConf15, he noted that Debian should TLS-enable all services, especially the mirrors.

His reasoning was that when a high-value target downloads a security update for package foo, an adversary knows that they are still using a vulnerable version of foo and try to attack before the security update has been installed.

In this specific case, TLS is not of much use though. If the target downloads 4.7 MiB right after a security update with 4.7 MiB has been released, or downloads from security.debian.org, it's still obvious what's happening. Even padding won't help much as the 5 MiB download will also be suspicious. The mere act of downloading anything from the mirrors after an update has been released is reason enough to try an attack.

The solution, is, of course, Tor.

weasel was nice enough to set up a hidden service on Debian's infrastructure; initally we agreed that he would just give me a VM and I would do the actual work, but he went the full way on his own. Thanks :) This service is not redundant, it uses a key which is stored on the local drive, the .onion will change, and things are expected to break.

But at least this service exists now and can be used, tested, and put under some load:

http://vwakviie2ienjx6t.onion/

I couldn't get apt-get to be content with a .onion in /etc/apt/sources.list and Acquire::socks::proxy "socks://127.0.0.1:9050"; in /etc/apt/apt.conf, but the torify wrapper worked like a charm. What follows is, to the best of my knowledge, the first ever download from Debian's "official" Tor-enabled mirror:

~ # apt-get install torsocks
~ # mv /etc/apt/sources.list /etc/apt/sources.list.backup
~ # echo 'deb http://vwakviie2ienjx6t.onion/debian/ unstable main non-free contrib' > /etc/apt/sources.list
~ # torify apt-get update
Get:1 http://vwakviie2ienjx6t.onion unstable InRelease [215 kB]
Get:2 http://vwakviie2ienjx6t.onion unstable/main amd64 Packages [7548 kB]
Get:3 http://vwakviie2ienjx6t.onion unstable/non-free amd64 Packages [91.9 kB]
Get:4 http://vwakviie2ienjx6t.onion unstable/contrib amd64 Packages [58.5 kB]
Get:5 http://vwakviie2ienjx6t.onion unstable/main i386 Packages [7541 kB]
Get:6 http://vwakviie2ienjx6t.onion unstable/non-free i386 Packages [85.4 kB]
Get:7 http://vwakviie2ienjx6t.onion unstable/contrib i386 Packages [58.1 kB]
Get:8 http://vwakviie2ienjx6t.onion unstable/contrib Translation-en [45.7 kB]
Get:9 http://vwakviie2ienjx6t.onion unstable/main Translation-en [5060 kB]
Get:10 http://vwakviie2ienjx6t.onion unstable/non-free Translation-en [80.8 kB]
Fetched 20.8 MB in 2min 0s (172 kB/s)
Reading package lists... Done
~ # torify apt-get install vim
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  vim-common vim-nox vim-runtime vim-tiny
Suggested packages:
  ctags vim-doc vim-scripts cscope indent
The following packages will be upgraded:
  vim vim-common vim-nox vim-runtime vim-tiny
5 upgraded, 0 newly installed, 0 to remove and 661 not upgraded.
Need to get 0 B/7719 kB of archives.
After this operation, 2048 B disk space will be freed.
Do you want to continue? [Y/n] 
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Reading changelogs... Done
(Reading database ... 316427 files and directories currently installed.)
Preparing to unpack .../vim-nox_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-nox (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim_2%3a7.4.826-1_amd64.deb ...
Unpacking vim (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-tiny_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-tiny (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-runtime_2%3a7.4.826-1_all.deb ...
Unpacking vim-runtime (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-common_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-common (2:7.4.826-1) over (2:7.4.712-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for mime-support (3.58) ...
Processing triggers for desktop-file-utils (0.22-1) ...
Processing triggers for hicolor-icon-theme (0.13-1) ...
Setting up vim-common (2:7.4.826-1) ...
Setting up vim-runtime (2:7.4.826-1) ...
Processing /usr/share/vim/addons/doc
Setting up vim-nox (2:7.4.826-1) ...
Setting up vim (2:7.4.826-1) ...
Setting up vim-tiny (2:7.4.826-1) ...
~ # 

More services will follow. noodles, weasel, and me agreed that the project as a whole should aim to Tor-enable the complete package lifecycle, package information, and the website.

Maybe a more secure install option on the official images which, amongst others, sets up apt, apt-listbugs, dput, reportbug, et al up to use Tor without further configuration could even be a realistic stretch goal.

by Richard &#x27;RichiH&#x27; Hartmann at August 25, 2015 07:50 AM

August 24, 2015

RichiH's blog

DebConf15

Even though the week of DebCamp took its toll and the stress level will not go down any time soon...

...DebConf15 has finally started! :)

by Richard &#x27;RichiH&#x27; Hartmann at August 24, 2015 10:48 PM