From the Canyon Edge -- :-Dustin

Tuesday, March 27, 2012

Some Statistics on (as a honeypot)

Just following up on my recent post about Piet Mondrian and Byobu...

I had planned on running the HP/OpenStack instance for just one day, but I've actually kept it running for 3 weeks now!

I compiled a few statistics for you over those 3 weeks.  There have been:
  • 2,405 successful password authentications as the guest user!
  • 308 successful public key authentications as the ubuntu user
    • from 2 different IP addresses which I can confirm are both mine (home and office), whew!
  • 16,002 failed password attempts for the root user
    • seriously, people?
  • 6,813 more failed password attempts for some 4,929 other random invalid users on the system, originating from the following malicious IP addresses, damn you!
Well that was a fun honeypot :-)  Does anyone know of some fun utilities that I could point at my /var/log/auth.log* for more in depth analysis?

So take this as a lesson....  Make sure you disable password authentication on your servers.  There are automated unsavory types out there, all of the time, constantly poking and prodding at your cloud instances, looking for an easy way in!



As opposed to the traditional baby monitor, I've decided to put together something of my own system, in that Linux hacker do-it-yourself sort of way :-)

Here was my check-list:
  1. Cobble together a little desktop machine from some scrap hardware laying around
  2. Install Xubuntu 11.10 with automatic login
  3. Add a Logitech C910 HD web camera
  4. Install Skype
  5. Create a new Skype account
    • Set it to automatically accept calls from Kim and I (only!)
    • Set it to automatically enable video
    • Disable all of the annoying notifications and sounds
  6. Add this new user "babyroom" to my Skype contacts, as well as Kim's; obscure it as much as possible
And there we have it ... a high definition baby monitor that Kim or I can check from my Laptop, PC, Android phone or tablet!  I would prefer using Google+ Hangouts for this, but I haven't quite figured out a way to have it auto-answer incoming hangout requests...ideas?

In any case, the high-def video monitor in the room sparked another idea -- to create the time-lapse video of us putting the finishing touches on the baby room you see above :-)

I recorded this in 1280x720 webm format using Cheese, over the course of about 35 minutes, while we assembled a simple crib and rearranged some furniture.

I then spent 4+ hours trying to figure out how to resample the frame rate and fit it down to a 1-2 minute video.  I struggled and fought (violently) with:
  • OpenShot - slowing it down rendered it very choppy
  • Pitivi - doesn't support modifying the frame rate
  • Avidemux - should have worked, but the result wasn't very smooth and the colors were painfully distorted
  • SlowmoVideo - never got it to work
Alas, all I needed was a trusty old command line utility that I hadn't used in years (not since my Mythbuntu days)...mencoder!

This command rendered the video you see below in about 5 seconds:

mencoder -fps 195/1.001 \
  -ovc copy \
  -audiofile soundtrack.mp3 \
  -oac copy input.webm \
  -o output.webm

My input file was 32:59, and I wanted my output file to be exactly 2:14, to match up with my chosen soundtrack, so I used a frame rate multiplier of 195/1.001.  It look a little toying to get it right, but it worked out very well, I think!

Special thanks to one of my oldest friends, and college roommate, Derek Bergeron who composed and performed the soundtrack.  This was a recording of his from several years ago that I borrowed as it just sounds perfectly frantic for the video :-)  In case you can't tell, Derek is one ripping shred guitarist!


Sunday, March 18, 2012

Patchwork of Open Source Memories

One of the biggest differences in my new job is that I have to commute into the office every day.  And with that, comes the second biggest difference -- that I can't wear a t-shirt and pajama pants as I sit and hack the day away in my Eames lounger.

And so I drive 12 (scenic) miles from my house in the hills west of Austin right to the heart of downtown, fighting traffic if I sleep even a few minutes past 7:15am.  I wear a button-up shirt almost every day.  Not that that's formal -- I also wear jeans and cowboy boots.  But I'm dressing for the job I want, not the job I have.  A dude rancher, I reckon  :-)

The net result is that I had a closet full of awesome Linux and open source t-shirts -- shirts I had worn for years -- that just weren't getting their due anymore.  And my Etsy-awesome lovely wife Kim convinced me to part with a number of my favorites to create a t-shirt quilt that captures my last ~7 years in the Open Source world!

Now, mind you, I shed a tear or two as Kim's shears tore through a couple of these shirts that I've carried with me across six continents and most of the two dozen timezones...  :-/  On the other hand, a few of these weren't particularly my favorites, but did fit the color scheme she was going for.  In the end, her work was really quite beautiful!  And warm.

For those interested, I'll document the 6 rows by 4 columns:

Ah memories...  So Kim enjoyed making this for me, but it was a heck of a lot of work, and I don't think she'll be doing it again.  But if you're looking for a quilt made of your own favorite shirt, check out our friend Liz who has her own Etsy site for this sort of thing ;-)


Tuesday, March 13, 2012

Gazzang the Thang: Big Data

I'm thrilled to see Gazzang's next big thang is now out of the gate...

We announced today our comprehensive, turnkey encryption platform for Big Data, Hadoop, NoSQL, and several other cloud workloads.  Our encryption technology is built on top of eCryptfs and transparently encrypts data, protecting sensitive data at rest without requiring modifications to your applications, partitioning, or filesystems.

We've tested our Gazzang Encryption Platform for Big Data against Apache Hadoop, Apache Cassandra, and MongoDB, on Ubuntu 10.04 LTS and Ubuntu 11.10, with both OpenJDK and Sun Java.

The news hit a good handful of tech news outlets today.  Enjoy!

Friday, March 9, 2012

Video Podcast with Amber Graner

I spent a good half hour on Monday morning with Amber Graner of Linaro.  This was my first experience with G+ On Air, a mechanism for conducting video interviews over G+ Hangouts and record them for rebroadcast over YouTube later.

I've known Amber for nearly 4 years now, and she's such a warm, fun, and energetic person.  I'm always humbled by her interest and willingness to branch out and learn about new technologies.  She's truly an inspiration for us all :-)

In this interview, we talked about Linaro, ARM, Android, Ubuntu, Cloud, Gazzang, Encryption, eCryptfs, and (of course) Byobu :-)  Enjoy!


Wednesday, March 7, 2012

Byobu is Celebrating Piet Mondrian's 140th Birthday

A little while ago, I added a fun Easter Egg to Byobu, in honor of one of my favorite artists, Piet Mondrian [Wikipedia, Artsy].

All day today, you'll be able to ssh into a shared Byobu session in HP's OpenStack cloud and see the Easter Egg in action!
  • ssh
The password is piet.

March 7, 2012 happens to be Piet Mondrian's 140th birthday!

For an engineer and a scientist, I'm probably more of an art lover than most.  I studied art history a bit in college, and even worked for the art department at Texas A&M University, which earned me a few free art classes over my usual engineering workload.  I generally seek out both boutique art galleries and the big ones when traveling.  All that said, Piet Mondrian is one of my favorite artists.  His lines, colors, proportions, precision, balance, symmetry and asymmetry speak to a part of my soul that's hard to explain.

You might recognize some of these, as his most recognizable works:

In the spirit of Google Doodles, I thought I'd call attention to Byobu's Piet Mondrian function quietly nestled in Byobu.  If you're running byobu in tmux mode (which you can launch with byobu-tmux), then you can simply press ctrl-alt-F12 in most environments (my sympathies if you're off the beaten path).  You should see something like this:

This is the output of the 116 line shell script found at /usr/lib/byobu/include/mondrian.  I don't think I've ever narrated my source code in my blog before, but I reckon I will do so here.  It's not that I'm particularly proud of the implementation or the code, but rather that I'd like to explain the algorithm I have applied to Mondrian's art :-)
  1. First, it hardcodes the color values of red, yellow, blue, and white from a 256 color palette.  To do so, I used the color picker utility in gimp against Mondrian's Composition 10, 1939–1942.
  2. Next, it chooses some random number of rectangles between 10 and 40, which seemed to me to be fairly representative of most of Mondrian's geometric compositions.
  3. Then, from the randomly numbered rectangles, 3 are chosen -- 1 for red, 1 for yellow, and 1 for blue.  I fully well appreciate that Mondrian put far more thought into what regions where colored, and which color, how much, with great precision and balance.  I hope one day to decode his algorithm, but for now, my code simple chooses these at random.
  4. Now, tmux does a bit of the hard work for us, creating a new window in byobu, sets the background to our particular white, and splitting that window into a number of panes matching our randomly chosen amount.
  5. Finally, one pane each is colored red, yellow, and blue.  Note that tmux does not support the classic UNIX terminal feature bce (background color erase), so instead, we use a one-line perl script to color each pane.
And there you have it!  A random approximation of a Mondrian composition right there in your terminal!

Here's a few images produced by implementation of the algorithm above...

Now surely I'm not the first programmer/art-lover who has tried to reproduce Mondrian masterpieces in source code?

Hardly!!! :-)

In 1966, Michael Noll of Bell Labs produced this incredibly interesting paper and research project, where his computer program produced a reproduction of a Mondrian work (Composition with Lines, 1917), and presented it to 100 human subjects.

Only 28% of the human subjects were able to determine the computer generated replica.  Somehow, 59% preferred the computer generated piece!  (I am not in that majority.)

So it seems I'm hardly the first, and Mondrian has been piquing the interest of computer programmers for at least 50 years.  To the contrary, it seems more likely to me that Mondrian was so far ahead of his time that he may have presupposed the precision and mathematics of computer generated images.

Hats off to you, Mondrian.  Rest assured that many, many people continue to enjoy your work, and it continues to inspire artists and engineers alike!


Friday, March 2, 2012

pbput and pbget moved to the pastebinit package!

I'm quite proud to say that the pbput and pbget utilities have graduated from their incubating home in the bikeshed package and have made it into the more ubiquitous pastebinit package.  A huge thanks to St├ęphane Graber for merging these useful utilities!

As of Ubuntu 12.04 LTS (precise), anywhere you have the pastebinit command, you'll also have the ability to pbput and pbget data.

"And so what does that mean?" you ask :-)
  1. Have you ever wanted to just download some raw data, maybe some code or text, from a pastebin?
  2. Or have you ever needed to pass someone some raw data, perhaps binary, perhaps text, perhaps an entire directory tree, and just wanted to give them a URL?
  3. And have you ever wanted to do that totally securely?
Well, that's exactly what (1) pbget, (2) pbput, and (3) pbputs does!

Try this on an up-to-date Ubuntu 12.04 system:

  1. $ pbget
    INFO: Output is in [/tmp/pbget.60RezTX8QF]
  2. $ bzr branch lp:pastebinit
    Branched 150 revisions.
    $ pbput pastebinit

    Note that you (the poster) might have to visit that url once manually and enter a captcha, to convince that you're not a bot.

    But you can now:

    Try it!
  3. $ pbputs supersecret.txt

    You can try downloading that one, but it's encrypted with Stephan's public key, so he's the only one who can make any sense out of it!
So how does it work?

It's really quite simple, actually...  pbput, pbget, and pbputs are all symlinks to a single shell script that at /usr/bin/pbput, which is only 74 lines of code!

When you pbput data, it's bundled into an archive using tar, optionally encrypted with gpg, compressed using lzma, encoded using base64, and then posted to a pastebin using pastebinit.

And a pbget is just unwrapping each of those, retrieving it from the pastebin using wget, decoding, decompressing it, optionally decrypting it, and exploding the archive.

If the data was posted using standard in, the output comes back in standard out.  And if the data was posted as a file or directory, it gets dumped to a new temporary directory created by mktemp.

Slick, huh?  :-)  Give it a try and let me know what you think!!!