Wednesday, October 30, 2013

My Linux Rigs

Steven Ovadia graciously invited me to participate in his collection of Linux desktops surveyed in his blog, My Linux Rig...  My answers to his interview are cross-posted on both his site and mine.  Enjoy!

1. Who are you, and what do you do?

My name is Dustin Kirkland.

I work for Mark Shuttleworth at Canonical, as a Product Manager on the Ubuntu Cloud, building enterprise solutions and server products on top of Ubuntu.  My work on open source software at Canonical often spills over into my nights and weekends, developing free software for fun as well. I have authored, and continue to maintain over two dozen open source projects, including Byobu, eCryptfs, among others.

2. Why do you use Linux?

I have been using Linux since 1997, when I was in college at Texas A&M University.  For one Computer Science class, I was "required" to buy a Zip Drive, which could hold 100MB on a special (i.e. expensive) proprietary disk cartridge.  This seemed like an absolutely awful solution to the problem of carrying data from one place to another (and Dropbox wouldn't be invented for another 11 years).

I negotiated with that professor to let me use a web server on the Internet for uploading and downloading my assignments.  So I bought a few hundred MBs from a web host in 1997.  When I received my credentials, I quickly realized that I would need an SSH client and that I would have to learn Red Hat Linux.  So I bought a book and immediately fell in love!

I used Red Hat Linux until Fedora was released, running that until 2006 when I first installed Ubuntu.  My wife was an elementary school teacher at the time, and I installed Edubuntu on a couple of perfectly-working-but-old computers that her school had basically thrown away :-(  I rescued them out of the trash, and installed Ubuntu 6.06 LTS (Dapper Drake).  Days later, I installed MythTV on Ubuntu on several machines I had throughout the house, and I was smitten.  I never really returned to Red Hat based system.  Almost everything in Ubuntu just worked, and where it didn't, there was an abundance of quality documentation.

Professionally, I worked at IBM in Tivoli and the Linux Technology Center in Austin, TX from 2000-2007, on various aspects of Linux security and certifications.  I also spent most of 2005 working for IBM on-site at Red Hat in Westford, MA, making some excellent friends and helping enable RHEL on PowerPC.  In 2008, I started working at Canonical, as one of the early developers building the Ubuntu server and virtualization platform.

We run Linux almost exclusively in the Kirkland house.  Looking at my dd-wrt router for static IP leases, I can count over 40 active Linux devices currently drawing IP addresses!  A couple of laptops (Ubuntu, ChromeOS), desktops (Ubuntu), routers (dd-wrt), TVs, PS3's, phones (Android, Ubuntu Touch), tablets (Android, Ubuntu Touch), Kindles, a Chumby, a Raspberry Pi, Synology NAS, etc.  I do have one Mac Mini running OS X, for a few apps that have no viable workaround on Linux (mostly crappy teleconference software used by Windows/Mac users).

Across the board, Linux has given me the power and flexibility I expect out of computing systems, for nearly two decades.  And what's most amazing is that it just keeps getting better!

3. What distribution do you run on your main desktop/laptop?

Ubuntu.  I am an Ubuntu Core Developer, and I tend to run the development (bleeding edge) Ubuntu Desktop and Server (in virtual machines and containers).

4. What desktop environment do you use and why do you use it?

Unity.  I use Unity mostly in the interest of dog-fooding the default Ubuntu setup.  Frankly, I have very little need of a desktop environment.  Unity works fine for me.  Though so does Gnome, KDE, XFCE, etc.

Basically, I need a browser (Chromium), an IRC client (xchat2), a terminal (gnome-terminal), and my desktop manager to stay out of my way :-)

5. What one piece of software do you depend upon with this distribution? Why is it so important?

Byobu.

I use Byobu all day, every day.  I usually run Byobu in a gnome-terminal, maximized on a 1920x1080 Samsung 40" LCD.  I then use splits (Shift-F2, Ctrl-F2) to carve up my terminal into smaller panes.  Some horizontal (builds or something with lots of scrolling output), some vertical (side-by-side code review), some combinations (dev + test + monitoring) -- whatever makes sense for my current task.  I use the keyboard to navigate around those splits (Shift-Up/Down/Left/Right).  Sometimes I'll create a new window (F2), if I want to background some work in a separate window, with its own splits.  If I need to SSH to a remote system, I open a new tab in gnome-terminal (Shift-Ctrl-t), and attach to a remote Byobu session, where perhaps I've left some other work running in the background.  I use Byobu's status line at the bottom to monitor what machine I'm on, it's distro and version, an updates that are available, uptime count, CPU speed and temperature, battery level, WiFi signal, system load, memory usage, hostname/IP address, and the time/date.  Byobu adds hours of productivity to my work week, every week :-)

6. What kind of hardware do you run this setup on?

I currently use a Thinkpad x230 with a dual-core hyper-threaded i7, 16GB of RAM, 240GB Intel SSD, 9-cell battery.

I absolutely love the 12" form factor, as it's nice an compact for traveling while still offering beast mode CPU/Memory.  The 9-cell battery gives me 8+ hours of up time.  I tend to replace my primary laptop on a yearly basis and sell my gently used model on CraigsList, or give it to a family member.

When I'm not traveling or working from my front/back porch, I keep it in a docking station, attached to a 40" Samsung LCD (primary monitor) and a 23" Samsung LCD (secondary monitor), a Logitech c920 web cam, Klipsch THX 2.1 speakers, gigabit Ethernet, a Simtec entropy key, a Yubikey multi-factor auth, and a Thinkpad USB keyboard.

I have used Thinkpads since about 2000, and I'm generally a pretty big fan.  I simply cannot live without "the dot".  I might consider an HP or Dell laptop sometime, but it absolutely must have a Track point, as I like to keep my fingers on the keyboard, in the home position, and still have access to the cursor.  I disable touch pads with a vengeance, and then curse the engineers who continue to embed them in laptops :-)

7. Will you share a screenshot of your desktop?

Sure.  I usually run my browser/terminal/IRC maximized in the 40" monitor on the left, and use the 23" monitor on the right only when using Skype or G+ Hangouts.  The background is just the stock Ubuntu background.  No icons on my desktop.  Ever, ever, ever.


Cheers!
:-Dustin

Wednesday, October 23, 2013

Nespresso Colors Decoded! PDF Cheat Sheet Here...

Like any good programmer, I drink a lot of coffee.

And like any well-cultured techie, I particularly love espresso :-)

I've been brewing my own espresso using a Bialetti stove top coffee maker for most of two decades.  Particularly on Sunday mornings, I enjoy the deliberate process of grinding fresh beans, perfectly packing  the little filter, intently listening for the bubbly, gurgly final moments of an absolutely perfect brew.

But on work days, I just want a damn coffee :-)  Quickly.  Oh, and it's never fun cleaning a stove top espresso maker.  Not even on Sundays.

So earlier this year, I made the switch to a Nespresso Pixie.  Wow.  Perfect espressos, cappuccinos, lattes, americanos, and (my favorite) cortados, every single time.  Less than 2 minutes per cup.  And no mess :-)  At all.  Ever.

The only problem?  A classic paradox of choice!  I suppose the pods are cleverly color-coded, but with 16 different hued options, about all I can remember is that black=strong+bold, and red=decaf.  The 14 others are complete mysteries to me, and I've long since tossed the packaging material that accompanied the original variety pack.

I searched for a Nespresso flavor chart, and the closest thing I found was this flavor wheel chart.  But at 500x414 pixels, the resolution was too low to print legibly.  I couldn't find a higher resolution image anywhere.

So I brewed myself a tall latte, and recreated it from scratch in Google Docs, and I'm sharing it here with you, in as a high resolution PDF and PNG.  Print and post yours next to your vim/emacs/screen/git cheat sheet :-)


Ciao, ciao!
:-Dustin

Wednesday, October 16, 2013

Byobu T-shirts are here!


Byobu t-shirts are here!  I just received mine in the mail today and I'm really, really pleased with the comfort and quality!


Super comfortable American Apparel® brand, made from sustainable organic cotton.  I ordered the off white, with unique green stitching, featuring the vector rendered Byobu logo and the Ubuntu font.

Though it is also available in classic hack3r black ;-)  My closet is pretty loaded with black t-shirts, so I thought I'd change it up a bit.


You can show your support for the Byobu project, if you like, by ordering a shirt here.  Thanks!


Enjoy,
:-Dustin

Tuesday, October 8, 2013

Going paperless means, "Email me a PDF", not "Email me your URL"


I love going paperless.  When it's done properly, anyway.

My tiny little Austin, Texas lawn service does it correctly!  Ashley emails me once a month, thanking me for my business, and attaches a PDF invoice.  And I send them an electronic check.

While Wells Fargo, the largest bank in the world, does not...  Wells Fargo sends me an email, politely informing me that it is now my responsibility to log into their customer service portal, click through 3 links and then download my latest statement.  I'm sorry, but that's crap.

The positive, "green" environmental impact, saving some paper, is lovely of course.  What I really appreciate is having my own digital archive of information, from bills to legal documents, especially when coupled with something like Google Docs, that I can use to search, anywhere, any time.

That said, I find it completely unacceptable when accounts offer/suggest/insist that you "go paperless" with them, but rather than emailing you an HTML or PDF snapshot, they instead send you a link to log into their website and view your paperless account information.


This is, frankly, a very insidious form of vendor lock-in that cloud computing has invited into our daily lives, and most of us haven't even noticed it yet.

The burden has shifted from your account managers pushing (mailing) information to you, and instead it now resides on you to pull that information from their archive regularly and archive it on your end.

Before...


After...


Do you see the difference?

What happens when you close that account?  What happens when that entity goes out of business?  Or gets acquired?  Merges with a different entity?   Automatically expires some information as too-old-to-be-archived-any-longer?  Rolls out some completely unnecessary changes to their website interface which requires Internet Explorer? Or deprecates the archive functionality entirely?

Or worse, what happens when unethical business practices affect your personal account information and your data gets modified under you?  It's pretty trivial for a sysadmin or rogue process to update some records in a database and comprehensively regenerate millions of reports...

Many people trusted Bernie Madoff with their money...
That's right -- you may no longer have accurate access to your own account information, if you didn't download, snapshot, and back it up yourself when it was originally published.

I learned this lesson the hard way.  I recently rolled over my 401(k) from a previous employer's plan manager.  And when I did so, they terminated my online account access.  I certainly understand why, as I no longer had any funds under management.  The consequence, though, is that I immediately lost access to several years of digital statements associated with my account.  Poof.



I'm sorry, but, "Yes, I want to go paperless" means, "Email me a PDF" not, "Email me a link to your damn website once a month".

p.s. And while you're implementing that, how about sending me something machine readable, in addition to a PDF?  Oh, and please sign and encrypt that email.  I know, I know...  Techmology is hard.  I'm asking way too much...  Arg.

Dustin

Tuesday, October 1, 2013

Fingerprints are Usernames, not Passwords


As one of the maintainers of eCryptfs, and a long time Thinkpad owner, I have been asked many times to add support to eCryptfs for Thinkpad's fingerprint readers.

I actually captured this as a wishlist bug in Launchpad in August 2008, but upon thinking about it a bit more, I later closed the bug "won't fix" in February 2009, and discussed in a blog post, saying:
Hi, thanks so much for the bug report.I've been thinking about this quite a bit lately. I'm going to have to mark this "won't fix" for now. The prevailing opinion from security professionals is that fingerprints are perhaps a good replacement for usernames. However, they're really not a good replacement for passwords. Consider your laptop... How many fingerprints of yours are there on your laptop right now? As such, it's about as secret as your username. You don't leave your password on your spacebar, or on your beer bottle :-) This wikipedia entry (although it's about Microsoft Fingerprint Readers) is pretty accurate: * http://en.wikipedia.org/wiki/Microsoft_Fingerprint_ReaderSo, I'm sorry, but I don't think we'll be fixing this for now.
I'm bringing this up again to highlight the work released last week by The Chaos Computer Club, which has demonstrated how truly insecure Apple's TouchID is.


There may be civil liberties at issue as well.  While this piece is satire, and Apple says that it is not sharing your fingerprints with the government, we've been kept in the dark about such things before.  I'll leave you to draw your own conclusions on that one.

But let's just say you're okay with Apple sharing your fingerprints with the NSA, as I've already told you, they're not private at all.  You leave them on everything you touch.  And let's say you're insistent on using fingerprint (biometric) technology because you can.  In that case, your fingerprints might identify you, much as a your email address or username identifies you, perhaps from a list.

I could see some value, perhaps, in a tablet that I share with my wife, where each of us have our own accounts, with independent configurations, apps, and settings.  We could each conveniently identify ourselves by our fingerprint.  But biometrics cannot, and absolutely must not, be used to authenticate an identity.  For authentication, you need a password or passphrase.  Something that can be independently chosen, changed, and rotated.  I will continue to advocate this within the Ubuntu development community, as I have since 2009.

Once your fingerprint is compromised (and, yes, it almost certainly already is, if you've crossed an international border or registered for a driver's license in some US states and countries), how do you change it?  Are you starting to see why this is a really bad idea?

There are plenty of inventions that exist, but turned out to be bad ideas.  And I think fingerprint readers are another one of those.

This isn't a knock on Apple, as Thinkpad have embedded fingerprint readers for nearly a decade.  My intention is to help stop and think about the place of biometrics in security.  Biometrics can be use used as a lightweight, convenient mechanism to establish identity, but they cannot authenticate a person or a thing alone.

So please, if you have any  respect for the privacy your data, or your contacts' information, please don't use fingerprints (or biometrics, in general) for authentication.

kthxbye,
:-Dustin