Argues that legislation is needed to create a plausible system to reduce plastic consumption. Recaps the interesting history of greenwashing by corporations successfully shifting the discussion and costs onto individuals.

So what can we do to make responsible use of plastic a reality? First: reject the lie. Litterbugs are not responsible for the global ecological disaster of plastic. Humans can only function to the best of their abilities, given time, mental bandwidth and systemic constraints. Our huge problem with plastic is the result of a permissive legal framework that has allowed the uncontrolled rise of plastic pollution, despite clear evidence of the harm it causes to local communities and the world’s oceans. Recycling is also too hard in most parts of the U.S. and lacks the proper incentives to make it work well.

This looks very promising.

If they do manage to add in stable console-IPMI it would be wonderful.

Running Ubuntu on Kubernetes with KubeVirt v0.3.0

You have this image, of a VM, which you want to run - alongside containers - why? - well, you need it. Some people would say it’s dope, but sometimes you really need it, because it has an app you want to integrate with pods.

Here is how you can do this with KubeVirt.

1 Deploy KubeVirt

Deploy KubeVirt on your cluster - or follow the demo guide to setup a fresh minikube cluster.

2 Download Ubuntu

While KubeVirt comes up (use kubectl get --all-namespaces pods), download Ubuntu Server

3 Install kubectl plugin

Make sure to have the latest or recent kubectl tool installed, and install the pvc plugin:

curl -L https://github.com/fabiand/kubectl-plugin-pvc/raw/master/install.sh | bash

4 Create disk

Upload the Ubuntu server image:

$ kubectl plugin pvc create ubuntu1704 1Gi $PWD/ubuntu-17.04-server-amd64.iso disk.img Creating PVC persistentvolumeclaim "ubuntu1704" created Populating PVC pod "ubuntu1704" created total 701444 701444 -rw-rw-r-- 1 1000 1000 685.0M Aug 25 2017 disk.img Cleanup pod "ubuntu1704" deleted

5 Create and launch VM

Create a VM:

$ kubectl apply -f - apiVersion: kubevirt.io/v1alpha1 kind: VirtualMachinePreset metadata: name: large spec: selector: matchLabels: kubevirt.io/size: large domain: resources: requests: memory: 1Gi --- apiVersion: kubevirt.io/v1alpha1 kind: OfflineVirtualMachine metadata: name: ubuntu spec: running: true selector: matchLabels: guest: ubuntu template: metadata: labels: guest: ubuntu kubevirt.io/size: large spec: domain: devices: disks: - name: ubuntu volumeName: ubuntu disk: bus: virtio volumes: - name: ubuntu claimName: ubuntu1710

6 Connect to VM

$ ./virtctl-v0.3.0-linux-amd64 vnc --kubeconfig ~/.kube/config ubuntu

Final notes - This is booting the Ubuntu ISO image. But this flow should work for existing images, which might be much more useful.

ResinOS: Containerized OS for ARM

https://resinos.io/ Seems similar to RancherOS

Binder for jupyter notebooks

Creates a docker image with all the dependencies found in a jupyter notebook https://elifesciences.org/labs/a7d53a88/toward-publishing-reproducible-computation-with-binder

DAT:  decentralized, encrypted data

Dat seems like a very promising encrypted, P2P open alternative to Google Drive, Dropbox, SpiderOak et al. (SpiderOak is nicer than the other two, but still relies on a hub-and-spoke model which is a bit unsettling). The only fly in the ointment is that it isto built on node.js. Also it is necessary that there are discovery servers run by someone, in this case there seems to be a reference implementation run by the UK-based developers of Dat. It is possible to run one's own.

DIY SSH key hardware store

https://github.com/nuclearcat/cedarkey They note that it is not a smartcard and tradesoff the theoretical advantages of such for a much smaller, auditable firmware.

Unusually clear breakdown CAN 2G and 3G bands

http://www.store4g.com/blog/canada-carriers-lte-bands-supported-unlocked-4g-modem-mifi-cpe/

Fedora user? Full root directory? Blame PackageKit

Looking at a system which I have been upgrading by a variety of mechanisms from F14 to F27 I noticed that its root directory (which I had on a separate partition for convenience) had started to become rather full. Muddling about with

du -sh -d 1 $name-of-directory

it became obvious that the prime bloat was all in /var/cache/PackageKit. Within it were directories for each of F23 to F27 taking up roughly 23GB in total. Some frenzied Googling turned up this bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1306992 Although the consenus seems to be that the problem manifests when using both dnf and PackageKit I am pretty sure that I only used dnf on this system. As hughsie notes PackageKit is only going to be in maintenance mode and everyone is scrambling to get Atomic and ostree in to shape. Meanwhile the solution seems to be to edit the PackageKit.conf to stop it cacheing downloads of RPMs. Then the older directories F23 updwards need to be nuked with good old rm -rf.

F27 rpmdb bug, auditd and augenrules

Saw a similar rpmdb lock bug to this: https://bugzilla.redhat.com/show_bug.cgi?id=918184 Have enabled the audit log to watch out for it in the future.

ush@gargantua ~]$ sudo dnf update [sudo] password for ush: warning: rpmdb: BDB2053 Freeing read locks for locker 0xc24: 12836/139735431249280

The auditd logging system is completely independent of syslog and derivatives http://security.blogoverflow.com/2013/01/a-brief-introduction-to-auditd/ Q: is it now more integrated with journald? PanuMatilainen suggested https://bugzilla.redhat.com/show_bug.cgi?id=918184#c1

# echo "-w /var/lib/rpm/Packages -p war -k rpmdb" >> /etc/audit/audit.rules # systemctl restart auditd.service After that, the next time that something has misbehaved and you get those "freeing read locks ...: /" messages, you can look rpmdb accessing processes by their pid with # ausearch -k rpmdb --pid To identify the troublemaker for sure, the pid of the "freeing read locks" message needs to be matched to those of audit logs. Taking the original message as an example: BDB2053 Freeing read locks for locker 0x1bf4: 4981/140246004406208 Here, the pid of the naughty process who left locks behind is 4981. So to search for the process that caused it, you need to do: # ausearch -k rpmdb --pid 4981

Instead have appended the new audit rule to /etc/audit/rules.d/audit.rules The systemctl restart of the auditd is no longer possible. Use augenrules instead. Do I really need to disable the -a never,task and what is its actual impact on performance?:

[ush@gargantua ~]$ sudo auditctl -l -a never,task [ush@gargantua ~]$ sudo augenrules --load No rules [ush@gargantua ~]$ sudo auditctl -l -a never,task -w /var/lib/rpm/Packages -p rwa -k rpmdb

This seems to be the best reference (is pointed to in the systemd unit) https://github.com/linux-audit/audit-documentation/wiki/SPEC-Writing-Good-Events https://security.stackexchange.com/questions/4629/simple-example-auditd-configuration Seems like the rules should be broken into 3 types in /etc/audit/rules.d/audit.rules (for clarity): CONTROL, FILE/DIRECTORY, SYSCALL (see man audit.rules). Syscall rules should follow the template:

-a action,list -S syscall -F field=value -k keyname

-a {always,never},{task,exit,user,exclude} -S {name or number} -S {othername or number} -F {auid,uid,euid,suid,fsuid,obj_uid,gid,egid,sgid,fsgid,obj_gid} -k $keyname-defined-by-you

Then

aureport --start this-week --key --summary

This related post is interesting in context of how augenrules works by merging all the contents of rules.d https://github.com/OpenSCAP/scap-security-guide/issues/551 This is a good first part of two-part tutorial https://www.tecmint.com/linux-system-auditing-with-auditd-tool-on-centos-rhel/

Tmux pane reminder

Goal: move a window into a new pane which is automatically split out horizontally beneath a working window. This way two related commands which were in separate windows can be viewed conveniently within the same window. http://man.openbsd.org/tmux.1 * List the windows with ctrl-b w * In this simple case all the windows have a single pane. Let us assume that the info we want is in 3 * In the window to which we want to move the pane ctrl-b :command-prompt join-pane -s 3

Zotero setup on Fedora 27

Re-using Zotero again after a while. First impressions are that there are no Fedora packages and no way to check that the downloaded tar file has not been tampered with. Second impression is that the ability to backup the attachments directory to localhost or another provider could be easier. The Sync feature syncs all the metadata associated with notes and bookmarks (which is good and is the primary purpose) and is named Data Sync. The PDF or other attachments are named File Sync by contrast. https://www.zotero.org/support/preferences/sync#file_syncing File syncing can be either via Zoteros own storage named ZoteroFileStorage or via an independent WebDAV supporting provider. https://www.zotero.org/support/sync#webdav Confusingly the docs about backing up your ZoteroLibrary(=Data + Files) refer to backing up your data https://www.zotero.org/support/zotero_data

Terminal session capture and playback in GNU/Linux

The old standby of script turns out to be very useful when you record timing information and replay it with scriptreplay. I have seen some answers on StackOverflow that appear to be unaware of this, and advocate stripping out characters via PERL. e.g. https://unix.stackexchange.com/questions/14684/removing-control-chars-including-console-codes-colours-from-script-output?rq=1

Capture

script -t session1.time -a session1.log

Replay

scriptreplay -t session1.time -s session1.log

The replay works for fairly complicated textmode applications such as vim (in which color syntax highlight was preseverd) or htop. Both script and scriptreplay are part of linux-utils since 2011.

More museum collections

https://www.metmuseum.org/art/metpublications/titles-with-full-text-online?searchtype=F https://www.getty.edu/publications/virtuallibrary/ Discussion on HN

Odd python path issue

https://github.com/ipython/ipython/issues/9815 I ran into this when using pipenv today:

Creating a virtualenv for this project… ⠋Traceback (most recent call last): File "/home/ush/.local/bin/pew", line 7, in from pew.pew import pew File "/home/ush/.local/lib/python2.7/site-packages/pew/__init__.py", line 3, in from . import pew File "/home/ush/.local/lib/python2.7/site-packages/pew/pew.py", line 16, in from backports.shutil_get_terminal_size import get_terminal_size ImportError: No module named shutil_get_terminal_size Virtualenv location:

Doc dump for PYTHONPATH https://docs.python.org/2/library/sys.html#sys.path Do a quick import sys print sys.path

Google Cloud SDK GnuPG signing keys

Installing the Google Cloud SDK via the repositories provided for RPM-based distributions requires a leap of faith: the two signing keys have no obvious fingerprints anywhere on the website (I filed a doc request for this). The keys is on some the keyservers (for whatever that is worth), but has not been signed by anyone else, so it is impossible to determine its validity.

Live code reloading, hotswap, hotloading

Question: in learning Lua, is it possible to keep the program running and inject changes into it in some live manner? Having to cycle through edit-stop-reload seems a bit inefficient.

Short answer: Maybe. It seems as though this really needs to be factored into at least two distinct units: live reloading assets; hotswapping code. The former is what we see in the HandmadeHero example videos below. The latter is a much more difficult proposition and may only be available in a subset of languages as it depends on the capabilities of the virtual machine running the bytecode. DZone explain that Java Hotswap is an oldish, limited technology that only allows changing details of objects, but that JRebel allows adding methods and fields via class reloading (There is a 5 part series on it starting here.

Handmade Hero videos. User-defined access to shared memory regions

At around 7m30s the Handmade Hero podcast looks at a way to implement hot or dynamic reloading. He dismisses Visual Studio approach named Edit and Continue as fragile except for trivial cases.

https://www.youtube.com/watch?v=WMSBRk5WG58

Here at 4m40s he shows the basics of being able to load the static memory map into a recompiled version of the game. This session is dedicated to trying to run the debugger:

https://www.youtube.com/watch?v=oijEnriqqcs

This blog extends on the HH findings http://chrismdp.com/2015/08/how-to-add-live-code-reload-to-your-game/

Lua: Löve2D, user-defined main class reloads versus IDE ZeroBrane

This shows how to achieve the same effect in the Lua-based game engine Love2D: https://love2d.org/forums/viewtopic.php?f=4&t=79784

This seems to be an abortive attempt with the love2d lua framework, it certainly fails for me even after I remove the triple dot at the chunk as noted in comments: https://love2d.org/forums/viewtopic.php?f=4&t=79784 Other people seem to be calling it HotReload https://love2d.org/forums/viewtopic.php?f=3&t=84815 There seems to be an editor/IDE from zerobrane that supports livecoding.

Eclipse with JRebel hotswap demoed by Notch (Minecraft)

This is a video of Notch of Minecraft fame using the ‘HotSwap’ functionality of the Java JVM 1.4.2, which continuously updates the running code when it detects that a class has changed.

Java: Hotswap Agent

The blurb here suggests that this is exactly what would be useful: The main purpose of this project is to avoid infamous change->restart + wait->check development lifecycle. Save&Reload during development should be standard and many other languages (including C#) contain this feature.

This dzone article about HotSwap and the JRebel variant explains how bytecode of a class can be updated without having to reload all of a class.

Lua bytecode

This Dirk Laurie writeup on Lue bytecode and VM seems like a useful starting point.