|
February 2008, Canonical's office in Lexington, MA |
10 years ago today, I joined Canonical, on the very earliest version of the Ubuntu Server Team!
And in the decade since, I've had the tremendous privilege to work with so many amazing people, and the opportunity to contribute so much open source software to the Ubuntu ecosystem.
Marking the occasion, I've reflected about much of my work over that time period and thought I'd put down in writing a few of the things I'm most proud of (in chronological order)... Maybe one day, my daughters will read this and think their daddy was a real geek :-)
1. update-motd / motd.ubuntu.com (September 2008)
Throughout the history of UNIX, the "message of the day" was always manually edited and updated by the local system administrator. Until Ubuntu's message-of-the-day. In fact, I
received an email from Dennis Ritchie and Jon "maddog" Hall, confirming this, in April 2010. This started as a feature request for the Landscape team, but has turned out to be tremendously useful and informative to all Ubuntu users. Just last year, we launched
motd.ubuntu.com, which provides even more dynamic information about important security vulnerabilities and general news from the Ubuntu ecosystem. Mathias Gug help me with the design and publication.
This was the first public open source project I worked on, in my spare time at Canonical. I had a local copy of the Ubuntu archive and I was thinking about what sorts of automated jobs I could run on it. So I wrote some scripts that extracted the manpages out of each one, formatted them as HTML, and published into a structured set of web directories. 10 years later, it's still up and running, serving thousands of hits per day. In fact, this was one of the ways we were able to shrink the Ubuntu minimal image, but removing the manpages, since they're readable online. Colin Watson and Kees Cook helped me with the initial implementation, and Matthew Nuzum helped with the CSS and Ubuntu theme in the HTML.
3. Byobu (December 2008)
If you know me at all, you know my passion for the command line UI/UX that is "
Byobu". Byobu was born as the "
screen-profiles" project, over lunch at Google in Mountain View, in December of 2008, at the Ubuntu Developer Summit. Around the lunch table, several of us (including Nick Barcet, Dave Walker, Michael Halcrow, and others), shared our tips and tricks from our own ~/.screenrc configuration files. In Cape Town, February 2010, at the suggestion of Gustavo Niemeyer, I ported Byobu from Screen to Tmux. Since Ubuntu Servers don't generally have GUIs, Byobu is designed to be a really nice interface to the Ubuntu command line environment.
4. eCryptfs / Ubuntu Encrypted Home Directories (October 2009)
I was familiar with eCryptfs from its inception in 2005, in the IBM Linux Technology Center's Security Team, sitting next to Michael Halcrow who was the original author. When I moved to Canonical, I helped Michael maintain the userspace portion of eCryptfs (ecryptfs-utils) and I shepherded into Ubuntu. eCryptfs was super powerful, with hundreds of options and supported configurations, but all of that proved far to difficult for users at large. So I set out to simplify it drastically, with an opinionated set of basic defaults. I started with a simple command to mount a "Private" directory inside of your home directory, where you could stash your secrets. A few months later, on a long flight to Paris, I managed to hack a new PAM module, pam_ecryptfs.c, that actually encrypted your entire home directory! This was pretty revolutionary at the time -- predating Apple's FileVault or Microsoft's Bitlocker, even. Today, tens of millions of Ubuntu users have used eCryptfs to secure their personal data. I worked closely with Tyler Hicks, Kees Cook, Jamie Strandboge, Michael Halcrow, Colin Watson, and Martin Pitt on this project over the years.
5. ssh-import-id (March 2010)
With the explosion of virtual machines and cloud instances in 2009 / 2010, I found myself constantly copying public SSH keys around. Moreover, given Canonical's globally distributed nature, I also regularly found myself asking someone for
their public SSH keys, so that I could give them access to an instance, perhaps for some pair programming or assistance debugging. As it turns out, everyone I worked with, had a Launchpad.net account, and had their public SSH keys available there. So I created (at first) a simple shell script to securely fetch and install those keys. Scott Moser helped clean up that earliest implementation. Eventually, I met Casey Marshall, who helped rewrite it entirely in Python. Moreover, we contacted the maintainers of Github, and asked them to expose user public SSH keys by the API -- which they did! Now, ssh-import-id is integrated directly into Ubuntu's new subiquity installer and used by many other tools, such as
cloud-init and
MAAS.
6. Orchestra / MAAS (August 2011)
In 2009, Canonical purchased 5 Dell laptops, which was the Ubuntu Server team's first "cloud". These laptops were our very first lab for deploying and testing Eucalyptus clouds. I was responsible for those machines at my house for a while, and I automated their installation with PXE, TFTP, DHCP, DNS, and a ton of nasty debian-installer preseed data. That said -- it worked! As it turned out, Scott Moser and Mathias Gug had both created similar setups at their houses for the same reason. I was mentoring a new hire at Canonical, named Andres Rodriquez at the time, and he took over our part-time hacks and we worked together to create the Orchestra project. Orchestra, itself was short lived. It was severely limited by Cobbler as a foundation technology. So the Orchestra project was killed by Canonical. But, six months later, a new project was created, based on the same general concept -- physical machine provisioning at scale -- with an entire squad of engineers led by...Andres Rodriguez :-) MAAS today is easily one of the most important projects the Ubuntu ecosystem and one of the most successful products in Canonical's portfolio.
7. pollinate / pollen / entropy.ubuntu.com (February 2014)
In 2013, I set out to secure Ubuntu at large from a set of attacks ranging from insufficient entropy at first boot. This was especially problematic in virtual machine instances, in public clouds, where every instance is, by design, exactly identical to many others. Moreover, the first thing that instance does, is usually ... generate SSH keys. This isn't hypothetical -- it's quite real. Raspberry Pi's running Debian
were deemed susceptible to this exact problem in November 2015. So designed and implemented a client (shell script that runs at boot, and fetches some entropy from one to many sources), as well as a high-performance server (golang). The client is the 'pollinate' script, which runs on the first boot of every Ubuntu server, and the server is the cluster of physical machines processing hundreds of requests per minute at
entropy.ubuntu.com. Many people helped review the design and implementation, including Kees Cook, Jamie Strandboge, Seth Arnold, Tyler Hicks, James Troup, Scott Moser, Steve Langasek, Gustavo Niemeyer, and others.
8. The Orange Box (May 2014)
In December of 2011, in my regular 1:1 with my manager, Mark Shuttleworth, I told him about these new "Intel NUCs", which I had bought and placed them around my house. I had 3, each of which was running Ubuntu, and attached to a TV around the house, as a media player (music, videos, pictures, etc). In their spare time, though, they were OpenStack Nova nodes, capable of running a couple of virtual machines. Mark immediately asked, "How many of those could you fit into a suitcase?" Within 24 hours, Mark had reached out to the good folks at TranquilPC and introduced me to my new mission -- designing the Orange Box. I worked with the Tranquil folks through Christmas, and we took our first delivery of 5 of these boxes in January of 2014. Each chassis held 10 little Intel NUC servers, and a switch, as well as a few peripherals. Effectively, it's a small data center that travels. We spend the next 4 months working on the hardware under wraps and then unveiled them at the OpenStack Summit in Atlanta in May 2014. We've gone through a couple of iterations on the hardware and software over the last 4 years, and these machines continue to deliver tremendous value, from live demos on the booth, to customer workshops on premises, or simply accelerating our own developer productivity by "shipping them a lab in a suitcase". I worked extensively with Dan Poler on this project, over the course of a couple of years.
9. Hollywood (December 2014)
10. petname / golang-petname / python-petname (January 2015)
From "warty warthog" to "bionic beaver", we've always had a focus on fun, and user experience here in Ubuntu. How hard is it to talk to your colleague about your Amazon EC2 instance, "i-83ab39f93e"? Or your container "adfxkenw"? We set out to make something a little more user-friendly with our "petnames". Petnames are randomly generated "adjective-animal" names, which are easy to pronounce, spell, and remember. I curated and created libraries that are easily usable in Shell, Golang, and Python. With the help of colleagues like Stephane Graber and Andres Rodriguez, we now use these in many places in the Ubuntu ecosystem, such as LXD and MAAS.
If you've read this post, thank you for indulging me in a nostalgic little trip down memory lane! I've had an amazing time designing, implementing, creating, and innovating with some of the most amazing people in the entire technology industry. And here's to a productive, fun future!
Cheers,
:-Dustin