This is the thirteenth post in my autism awareness month series.
\nWhen someone asks me what I want to eat, or which color I prefer, or what I should work on next, something happens at times that's hard to describe to people who don't experience it.
\nFrom the outside, my response might look like indifference. I might say \"I don't know\" and smile quietly. To the person asking, this can read as not caring, not being engaged, not valuing their question or the interaction.
\nBut inside, something very different is happening.
\nMost people think \"I don't know\" just needs an answer, any answer. But to the autistic brain, the question creates a demand for the right answer, and there might not be enough data to determine what that is.
\nIt's not psychological anxiety. I'm not worried about choosing wrong or disappointing someone. It's more fundamental than that. The question creates a void, an abyss with no foothold. Imagine someone climbing a wall, and another person telling them to put their foot in a hole that should be right there — but the climber cannot see or feel that hole anywhere. It's not that they're afraid to step. The ground they're being told to step on simply doesn't exist for them.
\n\"What do you want to eat?\" sounds like a simple preference question. But my processing system receives it as: given all parameters — nutritional needs, energy levels, what I last ate, what's available, time constraints, current sensory state — what is the optimal answer? If those parameters aren't fully specified, or if I can't access my internal state clearly enough to know what my body needs, the equation can't be solved. There's no answer to give because the question, as received, is computationally incomplete.
\nAnd here's where the social trap closes: while experiencing this groundlessness, this inability to locate the answer, I also don't know how to adapt my social behavior to signal what's happening. I might smile (a learned safe default) or keep a blank face (because I have no spare processing capacity for managing expressions while searching for ground that isn't there).
\nThis gets interpreted as exactly the opposite of what's happening. The person asking sees indifference. But the \"I don't know\" isn't about not caring. It might signal the opposite — needing the right answer rather than just any answer, needing sufficient information rather than being able to approximate casually.
\nThe person asking has no idea their simple question created this effect. They think they asked for a preference and got apathy in return.
\nThis is part of why the \"you can't know what you don't know\" principle matters so much. Until I understood that for neurotypical people, \"I don't know what I want to eat\" often just means \"I have no strong preference,\" I didn't realize my processing was different. I thought everyone experienced that demand for the right answer. This will be the topic of the last post tomorrow.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-28.
","pages":[{"url":"/","relativePath":"index.md","relativeDir":"","base":"index.md","name":"index","frontmatter":{"title":"Home","template":"home"},"html":""},{"url":"/contact/","relativePath":"contact.md","relativeDir":"","base":"contact.md","name":"contact","frontmatter":{"title":"Get in Touch","img_path":"images/contact.jpg","form_id":"contactForm","form_fields":[{"type":"text","name":"name","label":"Name","default_value":"Your name","is_required":true},{"type":"email","name":"email","label":"Email","default_value":"Your email address","is_required":true},{"type":"select","name":"subject","label":"Subject","default_value":"Please select","options":["Error on the site","Sponsorship","Other"]},{"type":"textarea","name":"message","label":"Message","default_value":"Your message"},{"type":"checkbox","name":"consent","label":"I understand that this form is storing my submitted information so I can be contacted."}],"submit_label":"Send Message","template":"contact"},"html":"To get in touch fill the form below.
"},{"url":"/posts/20041122-blogspot-bookcrossing/","relativePath":"posts/20041122-blogspot-bookcrossing.md","relativeDir":"posts","base":"20041122-blogspot-bookcrossing.md","name":"20041122-blogspot-bookcrossing","frontmatter":{"title":"BookCrossing","template":"post","date":"2004-11-22T15:46:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2004/11/bookcrossing.html","blogspot_url":"https://raphink.blogspot.com/2004/11/bookcrossing.html","tags":["english","multiply","restored","review","website"]},"html":"Category:
\nOther
\n![](\"http://web.archive.org/web/20041207171041/http://bookcrossingfrance.apinc.org/images/RunningBook33.gif\")
BookCrossing is another great site among so many... The idea is to turn the world into a giant library, by releasing books in the wild. There are online forums aswell, and users are used to meeting each other from time to time and share books they liked. Here is my BookCrossing profile.
Hey guys!
\nMight not be soooo exciting, but it's my first day on multiply, and so far this is great! Somehow a bit more powerful than orkut (which is much better that friendster imho), a bit less crowded, but without the constant server failures. Thanks to Meg for her link on her orkut profile that led me here :)
"},{"url":"/posts/20041122-blogspot-mylanguageexchange/","relativePath":"posts/20041122-blogspot-mylanguageexchange.md","relativeDir":"posts","base":"20041122-blogspot-mylanguageexchange.md","name":"20041122-blogspot-mylanguageexchange","frontmatter":{"title":"MyLanguageExchange","template":"post","date":"2004-11-22T15:46:00.001+01:00","canonical_url":"https://raphink.blogspot.com/2004/11/mylanguageexchange.html","blogspot_url":"https://raphink.blogspot.com/2004/11/mylanguageexchange.html","tags":["book","english","multiply","restored","review","website"]},"html":"Category:
\nOther
\nMyLanguageExchange is a great web site for anyone wanting to learn languages on the net. The idea is to get people teach their own language to each other, using the internet. You can either send a private message to users, or use the text chat system of the site. I've been using it a lot and I really advise it to any people who desire to learn a language.
"},{"url":"/posts/20041122-blogspot-shakespeare-and-co/","relativePath":"posts/20041122-blogspot-shakespeare-and-co.md","relativeDir":"posts","base":"20041122-blogspot-shakespeare-and-co.md","name":"20041122-blogspot-shakespeare-and-co","frontmatter":{"title":"Shakespeare and Co","template":"post","date":"2004-11-22T15:45:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2004/11/shakespeare-and-co.html","blogspot_url":"https://raphink.blogspot.com/2004/11/shakespeare-and-co.html","tags":["english","multiply","place","restored","review"]},"html":"Category:
\nOther
\n![](\"http://web.archive.org/web/20041207171041/http://www.shakespeareco.org/logo_stamp.gif\"){kind=logo}
Shakespeare and Co is a wonderful and extraordinary place in Paris!
\nIf you love books and think of going to Paris, this the place you have to go for sure, rather than to the Eiffel Tower or Notre Dame (which is very close anyway).
\nYou can get a virtual visit of this magical place by clicking on the \"welcome\" link on this page.
Truly a special day!
\nWell, everyday is a special day when it is lived in communion with God. But this one meant a lot to me. As this morning I couldn't get up (errr yeah that's pretty bad I know) and I went to the uni late :s While leaving, I put on this mp3 CD of bible teachings from J. Courson that is very nice, and I knew that I couldn't listen to it all in the short lap of time I had between my house and the uni. But ... that was without trusting that the Lord wanted me to listen to it entirely lol. Yeah... there was the police everywhere on the way, and after spending 20 minutes in the jam, I decided to take another way, and then, following a sloooooooooooow car and then a slooooooooooower truck, I got to uni after 50 minutes, just the time needed to listen almost entirely to the study. Great job, Lord, great timing!
\nWell very tiring day too... and a lot of work to do... but finally I could afford to go to the reunion at the temple that I wanted to go to, about liturgy, and to talk with the pastor, who is really a great woman, about my thoughts of being a pastor myself, and that was great!
\nSo yes, that was a special and great day :) Hope there can more days like this :D
Category:
\nMusic
\nGenre:
\nChristian & Gospel
\nArtist:
\nCeCe Winans
\n![](\"http://web.archive.org/web/20041207171041/http://www.samma.nl/shop/cd/image/8517112.jpg\")
I have been listening to this song again and again this last week, and I really love it. This is so beautiful and I just love the lyrics too!
"},{"url":"/posts/20041125-blogspot-my-profile-has-new-look-and-new/","relativePath":"posts/20041125-blogspot-my-profile-has-new-look-and-new.md","relativeDir":"posts","base":"20041125-blogspot-my-profile-has-new-look-and-new.md","name":"20041125-blogspot-my-profile-has-new-look-and-new","frontmatter":{"title":"My profile has a new look and new features!","template":"post","date":"2004-11-25T22:24:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2004/11/my-profile-has-new-look-and-new.html","blogspot_url":"https://raphink.blogspot.com/2004/11/my-profile-has-new-look-and-new.html","tags":["english","journal","multiply","restored","style"]},"html":"[Hi guys!
\nSome new colours and features on my homepage it seems ;)
\nWell as I discovered the](http://web.archive.org/web/20041207084152/http://raphink.multiply.com/journal/item/3) \"Modify your Multiple profile\" group yesterday, I decided to go back to my programmation skills and try to use their advice. So I spent some hours working hard on my profile, and here is the result.
First of all, I guess you noticed that you are called by your name when you come to my page now, and that a photo of you is shown with the welcome message, thanks to mango's advice. I just had to work on an improvement of this system, so that people who are not registered on the site are not welcomed with something like : \"Welcome to my homepage, QaYZVgoKCjoAAGVMWEU!\", which is what happens on other pages built with this code. Now they are welcome as guests.
\nThe second thing concerns the color scheme of the page. Thanks to mango again, because I didn't only used his advice, but also the entire css he built for his very nice blue scheme, though I have begun adding some personal stuff in it. But the new thing (or at least I have seen it nowhere) is this select box you get on the upper right corner of the screen when you visit my homepage, and that allows you to change the scheme you prefer to see my page. More schemes to come, guys!
\nNote : the color scheme stuff seems to not work under Internet Explorer. I have spent several hours trying to understand this, changing the code and so on, but it definitely tells me there is something wrong in my Javascript programming, though the Javascript Console of Mozilla tells me nothing about it. So well... if you want to see it work, and get the best browser at the same time, whatever your OS be (Windows, Mac OS X or Linux), I just have one thing to tell you => ![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/getfirefox.gif\")
!!!!
I posted a reply to my old post about new features on my profile a bit earlier, but I would like to be more precise about smilies and their use here. I made it very easy to use smilies on my home page now.
\nIndeed, all you have to do to insert a smiley in a text is to put this code : smiley('SmileyName'); at the place you want to put the smiley, and replacing SmileyName with the name of the smiley, from the list below (note: this will only work on the pages of my home site, not on every multiply pages).
\n[2thumbsup]
\n2thumbsup [Mr-T]
\nMr-T [_blank]
\n_blank [afro]
\nafro [alien]
\nalien [angel]
\nangel
\n[angry]
\nangry [annoyed]
\nannoyed [antlers]
\nantlers [anxious]
\nanxious [argue]
\nargue [army]
\narmy
\n[artist]
\nartist [baby]
\nbaby [balloon]
\nballoon [balloon2]
\nballoon2 [balloon3]
\nballoon3 [bandana]
\nbandana
\n[batman]
\nbatman [beadyeyes]
\nbeadyeyes [beadyeyes2]
\nbeadyeyes2 [beam]
\nbeam [beatnik]
\nbeatnik [beatnik2]
\nbeatnik2
\n[behead]
\nbehead [behead2]
\nbehead2 [bigcry]
\nbigcry [biker]
\nbiker [blank]
\nblank [blush]
\nblush
\n[bobby]
\nbobby [bobby2]
\nbobby2 [bomb]
\nbomb [bomb2]
\nbomb2 [book]
\nbook [book2]
\nbook2
\n[bow]
\nbow [brood]
\nbrood [bucktooth]
\nbucktooth [builder]
\nbuilder [builder2]
\nbuilder2 [bulb]
\nbulb
\n[bulb2]
\nbulb2 [charming]
\ncharming [cheesy]
\ncheesy [chef]
\nchef [chinese]
\nchinese [clown]
\nclown
\n[computer]
\ncomputer [confused]
\nconfused [cool]
\ncool [cool2]
\ncool2 [cool3]
\ncool3 [cool4]
\ncool4
\n[cowboy]
\ncowboy [crown]
\ncrown [crowngrin]
\ncrowngrin [cry]
\ncry [cry2]
\ncry2 [curtain]
\ncurtain
\n[cyclist]
\ncyclist [daisy]
\ndaisy [dead]
\ndead [deal]
\ndeal [deal2]
\ndeal2 [devil]
\ndevil
\n[devilish]
\ndevilish [disappointed]
\ndisappointed [disguise]
\ndisguise [dizzy]
\ndizzy [dizzy2]
\ndizzy2 [dozey]
\ndozey
\n[drummer]
\ndrummer [drunk]
\ndrunk [dunce]
\ndunce [dunce2]
\ndunce2 [earmuffs]
\nearmuffs [ears]
\nears
\n[egypt]
\negypt [elf]
\nelf [elvis]
\nelvis [embarassed]
\nembarassed [end]
\nend [evil]
\nevil
\n[evil2]
\nevil2 [evil3]
\nevil3 [evilgrin]
\nevilgrin [fireman]
\nfireman [freak]
\nfreak [furious]
\nfurious
\n[furious2]
\nfurious2 [furious3]
\nfurious3 [glasses]
\nglasses [glasses2]
\nglasses2 [goofy]
\ngoofy [gorgeous]
\ngorgeous
\n[gossip]
\ngossip [greedy]
\ngreedy [grin]
\ngrin [grin2]
\ngrin2 [grin3]
\ngrin3 [guitarist]
\nguitarist
\n[hair]
\nhair [hair2]
\nhair2 [hanged]
\nhanged [happy]
\nhappy [happy2]
\nhappy2 [hat]
\nhat
\n[hat2]
\nhat2 [heart]
\nheart [helmet]
\nhelmet [help]
\nhelp [hippy]
\nhippy [huh]
\nhuh
\n[huh2]
\nhuh2 [idea]
\nidea [idea2]
\nidea2 [idea3]
\nidea3 [iloveyou]
\niloveyou [indian_brave]
\nindian_brave
\n[indian_chief]
\nindian_chief [inquisitive]
\ninquisitive [jester]
\njester [joker]
\njoker [juggle]
\njuggle [juggle2]
\njuggle2
\n[karate]
\nkarate [kid]
\nkid [kiss]
\nkiss [kiss2]
\nkiss2 [klingon]
\nklingon [knife]
\nknife
\n[laugh]
\nlaugh [laugh2]
\nlaugh2 [laugh3]
\nlaugh3 [laugh4]
\nlaugh4 [leer]
\nleer [lips]
\nlips
\n[lips2]
\nlips2 [lipsrsealed]
\nlipsrsealed [lipsrsealed2]
\nlipsrsealed2 [lost]
\nlost [love]
\nlove [mad]
\nmad
\n[mask]
\nmask [mean]
\nmean [mellow]
\nmellow [mickey]
\nmickey [moustache]
\nmoustache [nice]
\nnice
\n[no]
\nno [oops]
\noops [operator]
\noperator [party]
\nparty [party2]
\nparty2 [party3]
\nparty3
\n[pimp]
\npimp [pimp2]
\npimp2 [pirate]
\npirate [pleased]
\npleased [policeman]
\npoliceman [pumpkin]
\npumpkin
\n[punk]
\npunk [rifle]
\nrifle [rockstar]
\nrockstar [rolleyes]
\nrolleyes [rolleyes2]
\nrolleyes2 [rolleyes3]
\nrolleyes3
\n[rolleyes4]
\nrolleyes4 [rolleyes5]
\nrolleyes5 [sad]
\nsad [sad2]
\nsad2 [sad3]
\nsad3 [santa]
\nsanta
\n[santa2]
\nsanta2 [santa3]
\nsanta3 [scholar]
\nscholar [shame]
\nshame [shifty]
\nshifty [shocked]
\nshocked
\n[shocked2]
\nshocked2 [shocked3]
\nshocked3 [shout]
\nshout [shy]
\nshy [sick]
\nsick [sick2]
\nsick2
\n[singer]
\nsinger [skull]
\nskull [sleep]
\nsleep [sleeping]
\nsleeping [sleepy]
\nsleepy [smart]
\nsmart
\n[smartass]
\nsmartass [smartass2]
\nsmartass2 [smash]
\nsmash [smile]
\nsmile [smiley]
\nsmiley [smiley2]
\nsmiley2
\n[smitten]
\nsmitten [smoking]
\nsmoking [smug]
\nsmug [smug2]
\nsmug2 [sneaky]
\nsneaky [snobby]
\nsnobby
\n[snore]
\nsnore [sombrero]
\nsombrero [speechless]
\nspeechless [square]
\nsquare [stare]
\nstare [stars]
\nstars
\n[stooge_curly]
\nstooge_curly [stooge_larry]
\nstooge_larry [stooge_moe]
\nstooge_moe [stop]
\nstop [stunned]
\nstunned [stupid]
\nstupid
\n[sultan]
\nsultan [sunny]
\nsunny [surprised]
\nsurprised [sweatdrop]
\nsweatdrop [sweetheart]
\nsweetheart [thinking2]
\nthinking2
Remarks (for advances JavaScript users):
\n* The smiley() function will do a document.write() of the image url. If you wish to include the url into a JavaScript string, use the second argument 'get', as in smiley('SmileyName','get'). The function will then return the url as a string.
\n* I added a third option (which requires the second value to be set, either to 'write' or to 'get') that allows to choose the style of the smiley among some (default being 'standard'), that are listed here:
\n[_blank]
\nstandard [_blank]
\nsquare [_blank]
\nboardmod
\nThe calling to the function is then something like smiley('egypt','write','square') which will be [egypt] .
ENJOY!!!
\nThanks to Jason's smilies great site of smilies collections.
This my conclusion of having seen my 17-yo dog looking strangely at himself in a mirror today, and then attacking his reflect! I had to come to the conclusion that he has arrived to a wise enough state of mind to be aware of his reflect in the mirror... this is the only explanation to me...
"},{"url":"/posts/20041130-blogspot-languages/","relativePath":"posts/20041130-blogspot-languages.md","relativeDir":"posts","base":"20041130-blogspot-languages.md","name":"20041130-blogspot-languages","frontmatter":{"title":"Languages","template":"post","date":"2004-11-30T10:49:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2004/11/languages.html","blogspot_url":"https://raphink.blogspot.com/2004/11/languages.html","tags":["english","journal","language","multiply","restored"]},"html":"I posted some time ago a review about the MyLanguageExchange website, and I would like to write a few lines about languages here, mostly because people from MLE are redirected here, and it could be nice that they know what languages I know and want to study... So here it is...
\n![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/fr.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/be.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ch.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ca.gif\")
French : my mother tongue
\nI'm happy to say this one is not much of a problem to me, so feel free to ask for help with it!
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/de.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/at.gif\")
German : a waste of study time
\nI began studying German in school when I was 11, and studied it for 7 years... Wow, 7 years, for such a horrible level, that's a lot... yeah... ich kann nicht Deutsch gut :( aber ich möchte lernen :)
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/sa.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/af.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/bh.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/jo.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/kw.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/qa.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ae.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/eg.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/lb.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ly.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ma.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/sy.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/tn.gif\")
Arabic : a calligraphy confusion
\nAt this time of my youth, I was very interested in calligraphy (French one, indeed), and a teacher from my school proposed to teach arabic calligraphy. I thought it would be very nice, but had forgetten that to learn arabic calligraphy, you need to learn arabic first lol So I began learning, at least the alphabet... I stopped after a few time, as I didn't like the way it was taught : the teacher would have us recognize the letters in the Kuran, when I think there are so many texts written in Arabic... (Now try to to understand why Arabs are considered a non-developped nation when they used to be the most advanced scientist one once :S).
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/va.gif\")
Latin : a definitely dead language to me
\nThen I went on with Latin, 2 years later. I stopped Latin after two years, cause my grades in it were going lower and lower, and it was the critical point where I had to stop before it began to be too bad lol Still, it's a very useful basis to learn other languages, esp. romance languages, and to understand ethymology better.
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/gb.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/us.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/au.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ie.gif\")
English : hey that's better
\nI started learning English at the same time than Latin. I wouldn't say it is taught any better than German or Latin indeed, but I was lucky enough to get some help with it lately. I spent 6 years learning nothing in school about it (just what everybody does), till the day I got to chat on the internet and really improved it. Now some people tell me I'm fluent, though I know I miss a lot of vocabulary and slang. I would be glad to keep improving!
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ru.gif\")
Russian : trip to Moskva
\nAfter my fail with Latin, I still wanted to study a third language in High School, and I wanted to go to a specific High School, so choosing Russian as a third living language was a way to get there, and at the same time I was interested in this language, too. I learned it for 3 years, and had the opportunity to go to Moscow on an exchange trip. That was great :) Now I really need to practice again, though it's not very easy on the internet, because of the typing stuff :(...
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/pl.gif\")
Polish : who needs a reason to learn?
\nWell, back in time a bit... Just before learning Russian, I got to meet some girl I liked and that had the only fault of speaking Polish only... that might have helped with my choice of learning Russian, as I couldn't choose Polish lol Anyway, my Russian teacher also loved Polish and helped me learning it for a while... I have the basis, but I can't really put 5 words together to get a correct sentence. Still, I like this language very much :)
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/se.gif\")
Swedish
\nWell the year after I began, I got a reason to study Swedish... You always find reasons to study languages with the people you meet and want to communicate with, even though they do speak English very well :p So I began to study it alone, as I had no teacher for it. I might say that I was able to say a few things and understand basic texts quite well at a certain point. It might not be the case anymore, but I can still understand written Swedish pretty well.
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/il.gif\")
Hebrew : family and religion
\nThis might begin with the fact that I have Jewish roots, and got to search for my genealogy, and it has been useful to read signatures in hebraic alphabet and some yiddish stuff. I can't remember how I got to begin though... Anyway, this has also to do with the fact that I am a Christian and began to study the Bible more at this time, and thought that it would be very useful to be able to go back to the original text... That was without considering that Hebrew is not as easy as Swedish to me, and learning it alone with a book is quite difficult. I gave up, for now... but I really wish to go back to it as soon as possible, and to begin ancient Greek too.
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/eo.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/qy-io.gif\")
Esperanto and Ido : how about Utopia?
\nAt a certain point, I thought that it was nice to study a lot of languages, but that many people couldn't do it, and that having a common language to communicate would be great, and that would have to be different from English for some reason. I learned the basis of Esperanto in a few days, and then discovered Ido, and learned the basis in a few hours (that is, I was able to write a whole message to introduce me after 2 days). I programmed personal sites about Ido, such as my idolinguo page (in French), The international French-speaking Ido community site (in French) or a page of online translation dictionaries between Ido and a few other languages... That was really a passion at a time lol. I used to be a bit active in some mailing lists about choosing a common language (but not a unique one) for Europe, but that was some years ago...
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/it.gif\")
Italian : journey to Venice
\nWe got once to form the project to go to Venice together with some friends of mine. I thought it was nice, but one of my principles about travelling had become to learn the language of the country first... So I studied Italian a bit, just enough to be able to talk and understand. I might say it was pretty useful when we were lost in the country sometimes. I didn't study much, and I might improve it later on, though it's not one of my priorities.
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/an.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/aw.gif\")
Papiamento : wazza?
\nPapiamento is the creole language spoken in the Netherland Antilles, close to Venezuela, that is to say in Aruba, Curaçao, Bonaire and St. Martin. It has around 200.000 speakers. I had the opportunity to begin studying, for personal reasons, though finding speakers on the internet was a bit difficult I might confess. Papiamento is a very interesting language, based on Spanish, French, Dutch, English, african languages and Arawak Indian. It has thus a very simple grammar, and very \"international\" (in the European way) vocabulary. At a point, I found it was somehow very close to Ido and Esperanto... and came to think that it would definitely be a good common language for the European Union, for a lot of reasons...
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/es.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ar.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/bo.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/cl.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/co.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/mx.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/pe.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ve.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/bz.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/cr.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ec.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/sv.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/gt.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/hn.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/ni.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/pa.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/py.gif\")
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/uy.gif\")
Spanish : that had to be...
\nI have always thought that Spanish was easy enough when you know French, and that I would learn it when I would need it. So as lately I had this need, I just began learning it 2 years ago, and now take courses of it in uni. This is very useful, when you consider the huge number of speakers in the world.
![](\"http://web.archive.org/web/20041207084152/http://r.pinson.free.fr/multiply/flags/nl.gif\")
Dutch : a plan of studies
\nI have formed the project of going to study in the Netherlands pretty soon for some personal reason, and thus it is very logical to me to study Dutch, although most Dutch people are fluent in English, if not in French and German... So I'm just beginning, don't put a lot of time in it, but I can understand it basically...
Now I think you know quite all about this subject! Feel free to contact me!!
"},{"url":"/posts/20041215-blogspot-searchlight-with-pastor-jon-courson/","relativePath":"posts/20041215-blogspot-searchlight-with-pastor-jon-courson.md","relativeDir":"posts","base":"20041215-blogspot-searchlight-with-pastor-jon-courson.md","name":"20041215-blogspot-searchlight-with-pastor-jon-courson","frontmatter":{"title":"Searchlight with Pastor Jon Courson","template":"post","date":"2004-12-15T23:15:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2004/12/searchlight-with-pastor-jon-courson.html","blogspot_url":"https://raphink.blogspot.com/2004/12/searchlight-with-pastor-jon-courson.html","tags":["bible","christian","commentary","english","link","multiply","restored","website"]},"html":"Link: joncourson.com
\nJon Courson is a great pastor from the ecumenical church of Calvary Chapel in Costa Mesa, CA. This site contains lots of teachings on his that you can listen online, about all the books of the Bible
"},{"url":"/posts/20041228-blogspot-mozilla-firefox-10-internet-browser/","relativePath":"posts/20041228-blogspot-mozilla-firefox-10-internet-browser.md","relativeDir":"posts","base":"20041228-blogspot-mozilla-firefox-10-internet-browser.md","name":"20041228-blogspot-mozilla-firefox-10-internet-browser","frontmatter":{"title":"Mozilla Firefox 1.0 Internet Browser","template":"post","date":"2004-12-28T20:17:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2004/12/mozilla-firefox-10-internet-browser.html","blogspot_url":"https://raphink.blogspot.com/2004/12/mozilla-firefox-10-internet-browser.html","tags":["english","multiply","open-source","restored","review"]},"html":"Category:
\nOther
\nI know that a lot of people already know about Firefox, but this is such a great program that I have to write a review about it really, cause I know the only people who do not use it are people who do not know about it.
\nI've been using Firefox ever since its version 0.4 2 years ago, and though I have tried other browsers I never switched back to anything else. So if you are still using Internet Explorer or Opera, just give a try to Firefox, you just won't believe it...
\nJust go to the Mozilla Project Page to download it.
\nThat's all Folks
"},{"url":"/posts/20050114-blogspot-nice-story-i-just-read/","relativePath":"posts/20050114-blogspot-nice-story-i-just-read.md","relativeDir":"posts","base":"20050114-blogspot-nice-story-i-just-read.md","name":"20050114-blogspot-nice-story-i-just-read","frontmatter":{"title":"A nice story I just read...","template":"post","date":"2005-01-14T16:12:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2005/01/nice-story-i-just-read.html","blogspot_url":"https://raphink.blogspot.com/2005/01/nice-story-i-just-read.html","tags":["blog","christian","english","multiply","restored"]},"html":"A young man got into a store.
\nHe asked to the angel that was here, behind the cass : ``What do you sell here, my good angel?''
\nThe angel answered him with a large smile ``We have everything you want''.
\n``Then I would like the wars to stop, a better life for marginal people, work for unemployed guys, the end of...'' The angels stopped him ``I'm sorry, young man, but it seems you did not read the panel on the door. Here we don't sell fruits, only seeds. Did you think about buying seeds of peace, of generosity, of joy, of courage? Also don't be worried, as the store will still be opened after Christmas''.
Category:
\nOther
\nI am just testing Ubuntu Linux for PPC as I've seen it seems to be a good new distrib.
\nWell I'll begin with good points :
\nBad points now :
\nI think this is a good starting point for a new distrib (esp. as I tested it on a G4 PPC), but it still has quite a lot to go before I can say I prefer it to Mandrake ... Let us hope Kubuntu (Ubuntu with native KDE project) will develop soon smiley('grin2');
\nFor more infos about Ubuntu Linux, see the official Ubuntu Linux website.
\n![](\"http://web.archive.org/web/20050308232548/http://images.multiply.com/common/dot_clear.gif\"){kind=spacer}
Just as for smilies, I just added a JavaScript function that lets you quote anything on my site the way Multiply does it!
\nThis function is simply called quote(), and takes 3 arguments :
\n* text : the text to be quoted
\n* author : the author of the quote
\n* option : value 'get' or 'post', just as for the smiley() function, for advanced users who want to include a quote in a JavaScript code
To call it, simple use
\nquote(\"text\",\"author\");
\non any post on my Multiply site.
\nFor example, quote(\"Hello, this is a quote!\",\"the tester\"); will get you the following result :
\nHello, this is a quote!
\n- the tester
Enjoy!
"},{"url":"/posts/20050131-blogspot-christian-forums/","relativePath":"posts/20050131-blogspot-christian-forums.md","relativeDir":"posts","base":"20050131-blogspot-christian-forums.md","name":"20050131-blogspot-christian-forums","frontmatter":{"title":"Christian Forums","template":"post","date":"2005-01-31T17:09:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2005/01/christian-forums.html","blogspot_url":"https://raphink.blogspot.com/2005/01/christian-forums.html","tags":["christian","english","link","multiply","restored","website"]},"html":"Link: christianforums.com
\nThis is a great place for both Christians and non Christians! There are tons of forums on many many subjects :D
\nCome and join!
Well I posted on this subject on the Modify group already, as they are the ones probably the most interested in it...
\nI have released my JavaScript file, that contains almost all the functions I use on my Multiply site : smilies, quotes, Bible quotes, info boxes, scheme menu, etc...
\nYou can find out how to get the file and use it on the HOWTO file I have made for the purpose.
\nEnjoy, and send me your comments!!
"},{"url":"/posts/20050202-blogspot-good-joke-from-m/","relativePath":"posts/20050202-blogspot-good-joke-from-m.md","relativeDir":"posts","base":"20050202-blogspot-good-joke-from-m.md","name":"20050202-blogspot-good-joke-from-m","frontmatter":{"title":"A good joke from M$","template":"post","date":"2005-02-02T14:17:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2005/02/good-joke-from-m.html","blogspot_url":"https://raphink.blogspot.com/2005/02/good-joke-from-m.html","tags":["blog","english","fun","microsoft","multiply","restored","website"]},"html":"If you wanna have fun with how bad Microsoft programs their softs, try this little test ....
\nGo to MapPoint and ask for the way to get from Haugesund, Norway to Trondheim, Norway...
\nWell done M$!!
\nIt's even better when you choose the 'shortest route' option instead of 'quickest'!
"},{"url":"/posts/20050225-blogspot-what-is-god-like/","relativePath":"posts/20050225-blogspot-what-is-god-like.md","relativeDir":"posts","base":"20050225-blogspot-what-is-god-like.md","name":"20050225-blogspot-what-is-god-like","frontmatter":{"title":"What is God like?","template":"post","date":"2005-02-25T16:33:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2005/02/what-is-god-like.html","blogspot_url":"https://raphink.blogspot.com/2005/02/what-is-god-like.html","tags":["book","english","god","multiply","restored","review"]},"html":"Category:
\nBooks
\nGenre:
\nReligion & Spirituality
\nAuthor:
\nMarie-Agnes Gaudrat
\nToo bad I can't put more than 5 stars here ...
\nThis is one of the greatest books I've every found talking about God to children. I found it (in french) at a comics festival in Augoulème (France) and just fell in love with this book :)
\nI advised it to an online buddy of mine on Christian Forums, who bought it for her 6-yo girl, and since then her little wants to be read it every evening ;)
\nA really great book for children.
"},{"url":"/posts/20050210-blogspot-multiple-automatic-translation/","relativePath":"posts/20050210-blogspot-multiple-automatic-translation.md","relativeDir":"posts","base":"20050210-blogspot-multiple-automatic-translation.md","name":"20050210-blogspot-multiple-automatic-translation","frontmatter":{"title":"Multiple automatic translation","template":"post","date":"2005-02-10T04:06:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2005/02/multiple-automatic-translation.html","blogspot_url":"https://raphink.blogspot.com/2005/02/multiple-automatic-translation.html","tags":["blog","english","fun","multiply","restored"]},"html":"What happens when you take a text and have it translated a certain number of times? It gets nuts...
\nI tried it with the Google automatic translator, as I was trying to explain my Multplext project to an only portuguese-speaking guy. Just for fun, I had it translated to portuguese, then english again, then french, german, spanish and some others... After 10 pass or so, this is what I got in english...
box(\"After 10 pass of automatic translator\",\"The plan of Multiplext was developed in the base of the group of the changes which multiplies the profile. It is not sharp of substituiz, but, so that a kind provides with adapted extremely the profile relating to the customer requirements, without having, in order to learn the CSS just and the Javascript and at a zone of the leather belt of of will fotorreceptora, in order to repair the iron of friction. This plan is a plan \\\"source of opening\\\". That means that it of A can there begin the sources and the copy of code in such a manner around it of changing and around him distributes during much hour, whereas they maintain the trade of the author of the code. If it will have to be moltiplicatlaa inside if a customer of and will interest in order to employ this plan you can have more information of website inside of Multiplext. If he will be to you a colleague and that required in order to connect the Community in order to think freely in the order, because being connected and being required, in the manner marks of one this operation here:)\");
\n![](\"http://web.archive.org/web/20050306013005/http://images.multiply.com/multiply/sidebox/ltc.gif\")
After 10 pass of automatic translator
\n![](\"http://web.archive.org/web/20050306013005/http://images.multiply.com/multiply/sidebox/rtc.gif\")
![](\"http://web.archive.org/web/20050306013005/http://images.multiply.com/common/dot_clear.gif\"){kind=spacer}
\nThe plan of Multiplext was developed in the base of the group of the changes which multiplies the profile. It is not sharp of substituiz, but, so that a kind provides with adapted extremely the profile relating to the customer requirements, without having, in order to learn the CSS just and the Javascript and at a zone of the leather belt of of will fotorreceptora, in order to repair the iron of friction. This plan is a plan \"source of opening\". That means that it of A can there begin the sources and the copy of code in such a manner around it of changing and around him distributes during much hour, whereas they maintain the trade of the author of the code. If it will have to be moltiplicatlaa inside if a customer of and will interest in order to employ this plan you can have more information of website inside of Multiplext. If he will be to you a colleague and that required in order to connect the Community in order to think freely in the order, because being connected and being required, in the manner marks of one this operation here:)
![](\"http://web.archive.org/web/20050306013005/http://images.multiply.com/multiply/sidebox/lbc.gif\")
![](\"http://web.archive.org/web/20050306013005/http://images.multiply.com/multiply/sidebox/rbc.gif\")
when the original text to be translated was ...
\nbox(\"The original text\",\"The Multiplext project was built on the basis of the Modify your Multiply profile group. It is not aimed to replace it, but to provide a way to greatly customize your profile without having to learn css and javascript and to own a web space to host files.
This project is an open-source project. That means anybody can get the code sources and copy, modify and distribute them, as long as they keep the authorship of the code.
If you are a Multiply user and are interested in using this project, you can have more informations on the Multiplext website.
If you are a developer and wish to join the community, feel free to join and ask for a task to do here :)\");
The original text
\n
\nThe Multiplext project was built on the basis of the Modify your Multiply profile group. It is not aimed to replace it, but to provide a way to greatly customize your profile without having to learn css and javascript and to own a web space to host files.
This project is an open-source project. That means anybody can get the code sources and copy, modify and distribute them, as long as they keep the authorship of the code.
\nIf you are a Multiply user and are interested in using this project, you can have more informations on the Multiplext website.
\nIf you are a developer and wish to join the community, feel free to join and ask for a task to do here :)
\n
LOL
"},{"url":"/posts/20050303-blogspot-knoppix-37/","relativePath":"posts/20050303-blogspot-knoppix-37.md","relativeDir":"posts","base":"20050303-blogspot-knoppix-37.md","name":"20050303-blogspot-knoppix-37","frontmatter":{"title":"Knoppix 3.7","template":"post","date":"2005-03-03T18:46:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2005/03/knoppix-37.html","blogspot_url":"https://raphink.blogspot.com/2005/03/knoppix-37.html","tags":["debian","english","knoppix","linux","multiply","restored","review"]},"html":"Category:
\nOther
\nWell I've been using knoppix for a long time now, but I thought I would write a review on it though.
\nYou have heard of linux and wonder about what it is? You would like to try it but don't want to take any risk with your windows box?
\nThen you need to use a live CD, and knoppix is the best you can try imho :)
\nAll you have to do is download a CD image of Knoppix and burn it to a CD, and then reboot your computer on the CD.
\nYou can find sources to download the CD image of Knoppix on the knoppix site.
\nEnjoy!
"},{"url":"/posts/20050303-blogspot-logiciels-libres-pour-lenseignement/","relativePath":"posts/20050303-blogspot-logiciels-libres-pour-lenseignement.md","relativeDir":"posts","base":"20050303-blogspot-logiciels-libres-pour-lenseignement.md","name":"20050303-blogspot-logiciels-libres-pour-lenseignement","frontmatter":{"title":"Logiciels libres pour l'enseignement","template":"post","date":"2005-03-03T15:03:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2005/03/logiciels-libres-pour-lenseignement.html","blogspot_url":"https://raphink.blogspot.com/2005/03/logiciels-libres-pour-lenseignement.html","tags":["english","france","link","multiply","open-source","restored","website"]},"html":"Link: logiciels-libres-cndp.ac-versailles.fr
\nUn site de l'académie de Versailles listant des logiciels libres utiles pour l'enseignement.
\nA website with lists of open-source programs useful for education (website in French, programs in most languages).
"},{"url":"/posts/20050303-blogspot-learning-languages-bilingualism-vs/","relativePath":"posts/20050303-blogspot-learning-languages-bilingualism-vs.md","relativeDir":"posts","base":"20050303-blogspot-learning-languages-bilingualism-vs.md","name":"20050303-blogspot-learning-languages-bilingualism-vs","frontmatter":{"title":"Learning languages : bilingualism vs. translation","template":"post","date":"2005-03-03T22:46:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2005/03/learning-languages-bilingualism-vs.html","blogspot_url":"https://raphink.blogspot.com/2005/03/learning-languages-bilingualism-vs.html","tags":["blog","english","language","learning","multiply","restored"]},"html":"Why is it so difficult for most people to learn languages and get to speak fluently? Why do children have to learn long lists of vocabulary and huge grammar rules when we did not need them to speak our mother tongue?
\nI would like to write a short article on bilingualism vs. translation in learning languages, although I'm far from being a specialist in neuro-linguistics. I'll try to point out the basic bad and good points of each way.
\nLet us first remember the basic theory of speech : our brain links concepts to words, directly or not (that's very basic, but enough for what I want to say). We will consider that when you speak in your mother tongue, the concept is directly linked to the word you pronounce.
\nTranslation
\nI will begin with translation, because it is the usual way of learning languages in school. Most people learn vocabulary and grammar and translate the thoughts they have in their language to the language they want to speak.
With this method, you will first think in your mother tongue, get the word that is linked to the concept you want to express, and then use this word as a new concept to link it to another word in the language in which you want to express yourself.
\nThe only good point I see about this way of learning is that you can translate things quite well... and I'm not even sure this is very true...
\nNow there are a lot of bad points about it.
\nFirst of all, it's obvious that it takes you longer to express yourself, as there are more steps. If you have to do this when speaking and listening, your brain is going to hurt very soon...
\nSecondly, when you speak a second language this way, you cannot express all you want, because the basic concepts used by different languages are not the same. For example, there is no equivalent to the verb ``may'' in french, so that many french people might not use it where it should be used.
Bilingualism
\nBilingualism is often considered a chance that few people have, and an utopia for people who never had this chance. I think this point of view is not very exact though.
\nAlthough it is true that people who were raised up in two or more language till they were children are quite lucky, it is not a fate to not have this opportunity, and there are still ways to get to be fluent having not had it.
To me, the key to bilinguism is to get to think in the language. Practically it's not as difficult as it seems. The main issue is a psychological one : if you decide to think in a language you do not speak fluently, it obviously means that your thoughts are going to be much more basic than they are when you think in your mother tongue! Once you accept this fact and take the decision to think in the foreign language you are willing to learn, this fact will indeed ``pull you forward'', in the sense that you will not need to speak fluently only to communicate with people, but also to improve your own thoughts, and you will learn vocabulary very naturally and fast, as you would in your mother tongue!
\nWhy is bilingualism better?
\nOne obvious point is that you can express yourself much more easily in the language than if you were translating, because you think in the language.
\nAnother very important point to me, is that by getting to think in another language, you link more concepts to words in your mind, including concepts that cannot be easily expressed in your mother tongue. So you basically improve your ``thinking ability'' by enlarging the basis of the concepts you can use to think.
\nThis also leads to another important point : you understand better people who speak the other language, not only because you speak the same language as in speaking aloud, but also because you can share the same concepts with them, and grasp their mind much more easily.
Now practically?
\nHow do I decide to think in a second language? It doesn't seem that easy for sure... Well as I said before, the only important obstacle to it is psychological : you might be afraid to have very basic thought when you have few vocabulary... Once you have passed this step, what I do (hoping it can help) is that I take times in the day when I force myself to think in the language, but as it's very conceptual and difficult, I talk aloud to myself. I comment my life and actions in the language I want to learn. This way, knowing enough of the language, I can correct myself on both syntax, vocabulary and pronounciation most of the time. This way I force myself to link directly images and feelings to words, without translating, and talking aloud to myself allows me to hear my accent and try to correct it from how I know it should be.
\nI've been using this method for a few years now, and I cal tell it's very efficient on me at least. Researchers tend to prove that a second language should be taught before the age of 7, because bilinguism is very hard to aquire after this age. This is mostly true about pronounciation, but to think in a language can be achieved at almost any age in my opinion.
\nThat's all folks! Let me know your opinion :D
"},{"url":"/posts/20051216-blogspot-taiz-community/","relativePath":"posts/20051216-blogspot-taiz-community.md","relativeDir":"posts","base":"20051216-blogspot-taiz-community.md","name":"20051216-blogspot-taiz-community","frontmatter":{"title":"Taizé Community","template":"post","date":"2005-12-16T16:35:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2005/12/taiz-community.html","blogspot_url":"https://raphink.blogspot.com/2005/12/taiz-community.html","tags":["christian","english","multiply","restored","review"]},"html":"Category:
\nOther
\nTaizé is an ecumenical Christian community in Bourgogne, France. It has been founded by brother Roger, and gathers now more than a hundred brothers. Taizé welcomes every year thousands of young people from all over the world and the community organizes meetings of tens of thousands people in European great cities.
\nYou can find out much more about Taizé on their official site.
\nYou can also check the Taizé Community on Multiply.
\n
The story starts on the IRC channel. Most people there believed it was rather funny, but it got even more funny. For information: The dangerous hacker is called *****checker and the one being hacked is known as Elch. 127.0.0.1 is always the IP-adress of the computer you're currently using (duh), any request there will return to your computer.
\n* *****checker (~java@euirc-a97f9137.dip.t-dialin.net) Quit (Ping timeout#)
\n* *****checker (~java@euirc-61a2169c.dip.t-dialin.net) has joined #stopHipHop
\n<*****checker> why do you kick me
\n<*****checker> can't you discus normally
\n<*****checker> answer!
\nwe didn't kick you
\nyou had a ping timeout: * *****checker (~java@euirc-a97f9137.dip.t-dialin.net) Quit (Ping timeout#)
\n<*****checker> what ping man
\n<*****checker> the timing of my pc is right
\n<*****checker> i even have dst
\n<*****checker> you banned me
\n<*****checker> amit it you son of a *****
\nLOL
\n**** you're stupid, DST^^
\n<*****checker> shut your mouth WE HAVE DST!
\n<*****checker> for two weaks already
\n<*****checker> when you start your pc there is a message from windows that DST is applied.
\nYou're a real computer expert
\n<*****checker> shut up i hack you
\nok, i'm quiet, hope you don't show us how good a hacker you are ^^
\n<*****checker> tell me your network number man then you're dead
\nEh, it's 129.0.0.1
\nor maybe 127.0.0.1
\nyes exactly that's it: 127.0.0.1 I'm waiting for you great attack
\n<*****checker> in five minutes your hard drive is deleted
\nNow I'm frightened
\n<*****checker> shut up you'll be gone
\n<*****checker> i have a program where i enter your ip and you're dead
\n<*****checker> say goodbye
\nto whom?
\n<*****checker> to you man
\n<*****checker> buy buy
\nI'm shivering thinking about such great Hack0rs like you
\n* *****checker (~java@euirc-61a2169c.dip.t-dialin.net) Quit (Ping timeout#)
What happened is clear: That guy entered his own IP-Adress in his mighty Hack-Tool and crashed his own PC. This way, the attack on my PC was a failure. I was already starting to think that I did not have to worry, but a good hacker never calls it a day. Two minutes later he returned.
\n* *****checker (~java@euirc-b5cd558e.dip.t-dialin.net) has joined #stopHipHop
\n<*****checker> dude be happy my pc crashed otherwise you'd be gone
\nlol
\n*****checker: Then try hacking me again... I still have the same IP: 127.0.0.1
\n<*****checker> you're so stupid man
\n<*****checker> say buy buy
\nah, [Please control your cussing] off
\n<*****checker> buy buy elch
\n* *****checker (~java@euirc-b5cd558e.dip.t-dialin.net) Quit (Ping timeout#)
There was a tension in the room... Would he manage, after these two failures, to crash my PC? I waited. Nothing happened. I felt relieve... Six minutes p***ed by until he prepared the next wave of attack. Being a Hacker, who usually cracks whole data centers, he knew what his problem was now.
\n* *****checker (~java@euirc-9ff3c180.dip.t-dialin.net) has joined #stopHipHop
\n<*****checker> elch you son of a *****
\n*****checker how old are you?
\nWhat's up *****checker?
\n<*****checker> you have a frie wal
\n<*****checker> fire wall
\nmaybe, i don't know
\n<*****checker> i'm 26
\nsuch behaviour with 26?
\nhow did you find out that I have a firewall?
\ntststs this is not very nice missy
\n<*****checker> because your gay fire wall directed my turn off signal back to me
\n<*****checker> be a man turn that **** off
\ncool, didn't know this was possible.
\n<*****checker> thn my virus destroys your pc man
\nare you hacking yourselves?
\nyes *****checker is trying to hack me
\nhe *****checker if you're a hacker you have to get around a firewall even i can do that
\n<*****checker> yes man i hack the elch but the sucker has a fire wall the
\nwhat firewall do you have?
\n<*****checker> like a girl
\nfirewall is normal a normal hacker has to be able to get past it...you girl^^
\n***** give yourself a jackson and chill you're letting them provoce you and give those little girls new material all the time
\n<*****checker> turn the firewall off then i send you a virus [Please control your cussing]er
\nNoo
\nhe *****checker why turn it off, you should turn it off
\n<*****checker> you're afraid
\n<*****checker> i don't wanna hack like this if he hides like a girl behind a fire wall
\n<*****checker> elch turn off your **** wall!
\ni wanted to say something about this, do you know the definition of hacking??? if he turns of the firewall that's an invitation and that has nothing to do with hacking
\n<*****checker> shut up
\nlol
\n<*****checker> my grandma surfs with fire wall
\n<*****checker> and you suckers think you're cool and don't dare going into the internet without a fire wall
He calls me girly and says only his grandma would use a firewall. I know that elder people are much more intelligent then younger, but I couldn't let that rest. To see whether he really is a good hacker I lie and let everything as it is. I don't have a firewall at all, only my router.
\n*****checker, a collegue showed me how to turn the firewall off. Now you can try again
\n*****hacker can't hack
\n> nice play on words ^^
\n<*****checker> wort man
\n*****checker: I'm still waiting for your attack!
\nhow many times again he is no hacker
\n<*****checker> man do you want a virus
\n<*****checker> tell me your ip and it deletes your hard drive
\nlol ne give it up i'm a hacker myself and i know how hackers behave and i can tell you 100.00% you're no hacker..^^
\n127.0.0.1
\nit's easy
\n<*****checker> lolololol you so stupid man you'll be gone
\n<*****checker> and are the first files being deleted
\nmom...
\ni'll take a look
In panic I started the Windows Explorer, my heart beating faster. Had I under-estimated him?
\n<*****checker> don't need to rescue you can't son of a *****
\nthat's bad
\n<*****checker> elch you idiout your hard drive g: is deleted
\nyes, there's nothing i can do about it
\n<*****checker> and in 20 seconds f: is gone
Yes, true, G: and F: were gone. Did I ever have them? Doesn't matter, I did not have time to think, I was scared. *****checker was comforting me with a music tip.
\n<*****checker> tupac rules
\n<*****checker> elch you son of a ***** your f: is gone and e: too
Drive E:? Oh my god... All the games are there! And the vacation pictures! I instantly take a look. Everything still there. But the hacker said it was deleted....
\nOr isn't it happening on my computer?
\n<*****checker> and d: is at 45% you idiot lolololol
\nwhy doesn't meta say anything
\nhe's probably rolling on the floor laughing
\n> ^^
\n<*****checker> your d: is gone
\ngo on *****
The guy is good: My CD-drive is allegedly deleted! *****checker turned my ancient disk sucker into a burner! But how did he do this? I'll have to ask him. Some encourage him. He himself is giving advice how to avoid the disaster on my hard drives.
\n<*****checker> elch man you're so stupid never give your ip on the internet
\n<*****checker> i'm already at c: 30 percent
Should I tell him he's not attacking my computer?
\n* *****checker (~java@euirc-9ff3c180.dip.t-dialin.net) Quit (Ping timeout#)
\nToo late... It's 20:22 when we get the last message of our hacker with the alias \"*****checker\". We see that he has a \"Ping timeout\". We haven't seen him since then... must be the Daylight Saving Time.
"},{"url":"/posts/20060305-blogspot-finding-good-open-source-blogging/","relativePath":"posts/20060305-blogspot-finding-good-open-source-blogging.md","relativeDir":"posts","base":"20060305-blogspot-finding-good-open-source-blogging.md","name":"20060305-blogspot-finding-good-open-source-blogging","frontmatter":{"title":"Finding a good open-source blogging program","template":"post","date":"2006-03-05T15:22:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2006/03/finding-good-open-source-blogging.html","blogspot_url":"https://raphink.blogspot.com/2006/03/finding-good-open-source-blogging.html","tags":["blog","english","kde","open-source","restored","wordpress"]},"html":"I’ve been trying to find a program to post to blogger directly from the systray without having to use an internet browser.
\nSince I’m on KDE, my first try was K-Blogger, a new KDE app that was recently added to Dapper. I didn’t get it work so far, and since I get no trace of what it does, I doubt I can easily find out what’s wrong with it.
\nNow I’m writing this blog from within GNOME-Blog. Well I’m not a GNOME fan, but at least this app seems to work with blogger. I allows to set the font & add links, and detects your blogs automatically. GNOME-Blog seems to get the post title inside the
\npost though, strangely enough …
We’ll see how K-Blogger evolves in the near future ![\":)\"](\"http://web.archive.org/web/20060806182544/http://raphink.info/blog/wp-includes/images/smilies/icon_smile.gif\"){kind=icon}
Edit : now I’ve switched to Wordpress and Kblogger works fine. Just had to enter the path to my xmlrpc.php in the preferences and use the MetaWebLog option. I used my blog’s name as blog-id although I’m not sure it does something. It works ![\":D\"](\"http://web.archive.org/web/20060806182544/http://raphink.info/blog/wp-includes/images/smilies/icon_biggrin.gif\"){kind=icon}
God is amazing… He’s so patient when He wants to tell us things…
\nA bit more than a year ago, as I was in Texas, I woke up one night thinking that I had to open my Bible and read Jeremiah 6:10. I did and was blown up, because that sentence made sense. It says :
\n\n\nTo whom can I speak and give warning?
\n
\nWho will listen to me?
\nTheir ears are closed
\nso they cannot hear.
\nThe word of the LORD is offensive to them;
\nthey find no pleasure in it.
Take a random sentence in the Bible and see if it makes sense alone. This one did, and it made sense to me. It became important to me, but after a while I wasn’t focused on it and on understanding it really.
\nWhen yesterday evening, I opened my Bible randomly, and my eyes fell exactly on Jeremiah 6:10 again. Now you could say that this Bible of mine opens more easily on this page than on others, but it was actually another Bible than the one I was using a year ago…
\nThis time I feel this is really aimed to me directly, and I am the one who needs to open his ears more to the Word. So here I pray that He opens my ears and my eyes
I have been worried about KDE 3.5.1 in Kubuntu Dapper lately. It still has a lot of (major) bugs, like not being able to print or having Kontact lose all the contacts from kaddressbook when closing the app with a mail opened.
\nNow lately we have been fixing important bugs so I’m less worried. There is still some work to be done to make Kubuntu Dapper a nice and usable distro, but at least it feels this can be done in the month that is left
I actually hope we don’t get to integrate KDE 3.5.2 in Dapper 3 weeks before release, otherwise I’m afraid we’re going to face a hard bugfixing time.
"},{"url":"/posts/20060313-blogspot-commandments-to-free/","relativePath":"posts/20060313-blogspot-commandments-to-free.md","relativeDir":"posts","base":"20060313-blogspot-commandments-to-free.md","name":"20060313-blogspot-commandments-to-free","frontmatter":{"title":"Commandments to free!","template":"post","date":"2006-03-13T15:16:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2006/03/commandments-to-free.html","blogspot_url":"https://raphink.blogspot.com/2006/03/commandments-to-free.html","tags":["bible","english","god","restored"]},"html":"I had a very nice time at the church this morning
I went to this church I love (well I’ve kind of grown in it, spent my first real times in a living Christian community there…) and there was a service with children today, organized by the new pastor. This sermon was focused on commandments : the 10 ones, given my God to Moses on Mount Sinai.
\n![\"otp6.jpg\"](\"http://web.archive.org/web/20060806182544/http://raphink.info/blog/wp-content/uploads/2006/03/otp6.jpg\")
\nNow we usually think of God’s commandments as a law, as a set of rules to prevent us from sinning. But today the point was very different from this. This pastor showed us how the 10 commandments are to free us from salvation.
First of all, let’s have a look at the text, which is located at Exodus 20 (quoting from BibleGateway.com) :
\n1 And God spoke all these words:
\n2 “I am the LORD your God, who brought you out of Egypt, out of the land of slavery.
\n3 “You shall have no other gods before [a] me.
\n4 “You shall not make for yourself an idol in the form of anything in heaven above or on the earth beneath or in the waters below. 5 You shall not bow down to them or worship them; for I, the LORD your God, am a jealous God, punishing the children for the sin of the fathers to the third and fourth generation of those who hate me, 6 but showing love to a thousand {generations} of those who love me and keep my commandments.
\n7 “You shall not misuse the name of the LORD your God, for the LORD will not hold anyone guiltless who misuses his name.
\n8 “Remember the Sabbath day by keeping it holy. 9 Six days you shall labor and do all your work, 10 but the seventh day is a Sabbath to the LORD your God. On it you shall not do any work, neither you, nor your son or daughter, nor your manservant or maidservant, nor your animals, nor the alien within your gates. 11 For in six days the LORD made the heavens and the earth, the sea, and all that is in them, but he rested on the seventh day. Therefore the LORD blessed the Sabbath day and made it holy.
\n12 “Honor your father and your mother, so that you may live long in the land the LORD your God is giving you.
\n13 “You shall not murder.
\n14 “You shall not commit adultery.
\n15 “You shall not steal.
\n16 “You shall not give false testimony against your neighbor.
\n17 “You shall not covet your neighbor’s house. You shall not covet your neighbor’s wife, or his manservant or maidservant, his ox or donkey, or anything that belongs to your neighbor.”
\n18 When the people saw the thunder and lightning and heard the trumpet and saw the mountain in smoke, they trembled with fear. They stayed at a distance 19 and said to Moses, “Speak to us yourself and we will listen. But do not have God speak to us or we will die.”
\n20 Moses said to the people, “Do not be afraid. God has come to test you, so that the fear of God will be with you to keep you from sinning.”
\n21 The people remained at a distance, while Moses approached the thick darkness where God was.
\nNow let’s try and overgo the classic reading of these as rules, and see it as promisses, as the achievement of God freeing the Hebrews from their slavery in Egypt. These promisses will be fulfilled for the ones laying their lives on Him.
\nWhen God says “You shall have no other gods before me.”, He might mean “I promiss you will not be a slave of other gods anymore. I will free you from the gods you made before yourself: vanity, pride, etc.”
When He says “You shall not murder.”, He tells us “I promiss you will not be a slave of your will to kill or do harm anymore. I will free you from the temptation of killing.”
\n“You shall not commit adultery.” might mean for Him “I promiss I will free you from being a slave of your body.”
\nAnd we can go on with the other ones, to discover that these commandments that seem to us like rules are actually promisses to free us from slavery, a key given to us for our happiness if we choose to lay our lives on God.
\nAll these commandments, after all, have been summed up the greatest way by Jesus who, quoting the Scriptures, remembered us that the greatest commandment among all is to love our God with all our self, and to love our neighbour as ourselves.
"},{"url":"/posts/20060311-blogspot-sharing-partition-with-macos/","relativePath":"posts/20060311-blogspot-sharing-partition-with-macos.md","relativeDir":"posts","base":"20060311-blogspot-sharing-partition-with-macos.md","name":"20060311-blogspot-sharing-partition-with-macos","frontmatter":{"title":"Sharing partition with MacOS","template":"post","date":"2006-03-11T15:19:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2006/03/sharing-partition-with-macos.html","blogspot_url":"https://raphink.blogspot.com/2006/03/sharing-partition-with-macos.html","tags":["english","linux","mac","restored"]},"html":"Since I’ve just installed a double boot with MacOS X Panther and Kubuntu Dapper, I’ve been wondering how to share datas between both OSes.
\nI found answers on various forums. I tried a few things, and these are my conclusions (summing up forums on some points):
\nThis is what I have in my /etc/fstab to set this partition :
\n/dev/hda4 /home/medias hfsplus user,rw,umask=022 0 0
\nEnjoy!
"},{"url":"/posts/20060310-blogspot-to-go-for-main-or-not-to-go-for-main/","relativePath":"posts/20060310-blogspot-to-go-for-main-or-not-to-go-for-main.md","relativeDir":"posts","base":"20060310-blogspot-to-go-for-main-or-not-to-go-for-main.md","name":"20060310-blogspot-to-go-for-main-or-not-to-go-for-main","frontmatter":{"title":"To go for main or not to go for main… that is the question!","template":"post","date":"2006-03-10T15:20:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2006/03/to-go-for-main-or-not-to-go-for-main.html","blogspot_url":"https://raphink.blogspot.com/2006/03/to-go-for-main-or-not-to-go-for-main.html","tags":["english","kde","linux","restored","ubuntu"]},"html":"Almost a month from Dapper release, we upload quite a lot of packages to main, especially to fix bugs, and it’s important that the fixes are uploaded fast enough so we can move on to other bugs and release Dapper as stable as can be.
\nNow as of today the Kubuntu team has only one core-dev to upload packages to main… I don’t blame anybody for this, this is just a matter of fact, and I believe Jonathan Riddell has better to focus on than checking our fixes all day to upload them. So we need at least one more core-dev to commit these fixes so Jonathan can focus on his goals for Kubuntu. Just as, a few months ago, I was pushed to go for MOTU to help uploading to universe as there was a lack of KDE MOTUs, we find ourselves with a lack of core-devs today, so I’m thinking of applying for core-dev. This is a special situation: I don’t really have a great reason to apply for core-dev but to help Jonathan focus on his goals, removing some burden from his back, at least for the last month before release.
\nNext Technical Board meeting is next tuesday, so I’ve still got a few days to think about it. I think it doesn’t cost much to apply and see what happens, so I might very likely go for it… Even being ridiculous if I’m asked technical questions I can’t answer won’t kill me
I’ve just uploaded a version 0.6 of REVU-Tools to Dapper.
\nThanks to Fathi Boudra, it now supports cascading settings in /etc/revu-tools.conf, /usr/share/revu-tools/revu-tools.conf and ~/.revu-tools.conf. Note that the package only creates /etc/revu-tools.conf so far.
\nNote that it is usually a good idea to set at least PBUILDERNAME (most users want it set to “sudo pbuilder”) before running the tools, and REVUDIR if you plan on using revu-review.
\nFor more infos on REVU-Tools, you can check the wiki page.
"},{"url":"/posts/20060313-blogspot-do-as-you-want-commandments-part-2/","relativePath":"posts/20060313-blogspot-do-as-you-want-commandments-part-2.md","relativeDir":"posts","base":"20060313-blogspot-do-as-you-want-commandments-part-2.md","name":"20060313-blogspot-do-as-you-want-commandments-part-2","frontmatter":{"title":"Do as you want… (commandments part 2)","template":"post","date":"2006-03-13T17:15:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2006/03/do-as-you-want-commandments-part-2.html","blogspot_url":"https://raphink.blogspot.com/2006/03/do-as-you-want-commandments-part-2.html","tags":["bible","english","god","jew","restored"]},"html":"Here is a nice story that was told this morning as part of the sermon on the commandments. I want to tell it apart, so has not to mix it with the already long previous post. This is a story told among Jews ; don’t try to find it in the Bible, it’s not in it.
\n\n\nMoses was on mount Sinai, receiving the commandments from God. God told him : “You shall not cook an animal’s meat into its mother’s milk”.
\n
\nMoses answered : “Ok Lord, I get that. Let me rephrase : I shall not eat meat and milk together, right?”
\nThe Lord is patient and kind, so he said : “No, that is not it, I mean to say you shall not cook an animal’s meat into its mother’s milk”
\nMoses said : “Oooh ok! So correct me if I’m wrong : I shall keep different plates for milk and for meat, so I don’t have to mix them when I eat, right?”
\nThe Lord once again said : “Listen Moses, what I have to tell you is very simple : you shall not cook an animal’s meat into its mother’s milk, alright?”
\nMoses thought a bit, then answered : “Ok I think I got it this time! So you mean I shall use different plates for milk and for meat so I don’t mix them, and wait 6 hours after I eat any of them before eating the other, so they don’t get mixed in my stomach, is that better?”
\nAnd the Lord said : “You know what? Do as you want…”
Now, even though this story is not biblical, I find it very nice and very true. Very often, the message of God is clear and simple. It’s clearer message is : “Love your God with all your self, and love your neighbour as youserlf”. Couldn’t be more simple. Yet it’s so difficult to apply it, that we want to change it so it fits our will, not His.
\nThus many believers have wondered : “Who is my neighbour?”. Well maybe my neighbour is only the one who lives close to me, and I don’t have to love others… Or maybe my neighbour is the one who looks like me, so if I’m white, I don’t have to love black people… Or maybe my neighbour is the one who has the same religion as me, so I don’t have to love people who do not have the same religion… Or maybe it’s not even about religions, but churches, so if I’m a catholic I don’t have to love protestants… Or maybe … [1]
\nSome even go wondering “What is love anyway?”
\nYet the message is so clear…
\nI loved this story because I for one believe most commandments given in the Bible were given only because men where like Moses in this story : they didn’t want to hear what God wanted them to do, so they tried to change the rules as much as possible, to get practical, easy to do rules for everyday life. It’s much easier to respect tons of small commandments than to dedicate your whole self to God and to love your neighbour as yourself!
\nThe will of God for us is simple and straight, and is aimed to our happiness. May His will be done!
\nAmen.
\n[1] note : the term that is used for “neighbour” in Hebrew actually means someone we don’t know yet. It can be your brother, your dad, your king, or a total stranger. It’s someone that will come and you don’t know who it is untill he/she comes.
"},{"url":"/posts/20060316-blogspot-adding-icons-to-debian-packages/","relativePath":"posts/20060316-blogspot-adding-icons-to-debian-packages.md","relativeDir":"posts","base":"20060316-blogspot-adding-icons-to-debian-packages.md","name":"20060316-blogspot-adding-icons-to-debian-packages","frontmatter":{"title":"Adding icons to Debian packages","template":"post","date":"2006-03-16T15:14:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2006/03/adding-icons-to-debian-packages.html","blogspot_url":"https://raphink.blogspot.com/2006/03/adding-icons-to-debian-packages.html","tags":["debian","english","packaging","restored"]},"html":"So you packaged a nice app for Debian/Ubuntu… but there’s no icon, or the icon is horrible, or it’s missing some sizes…
\nIn short, you are in a situation in which you need to add icons to your package…
\nWell the easy way would be to add png files directly in debian/ and dh_install them in /usr/share/icons/hicolor/fooxfoo/bar . Unfortunately, your package is not a Debian-native and the build fails because it can’t create the diff since it contains binary stuff! Too bad…
\nNow let’s think about it… The idea in Debian package is that they are source packages. So just the way we now try to provide docbook/sgml manpages and build them in debian/rules, install the binary then clean it, why not do this with icons too?
\nWell looking around I found librsvg-bin (no idea why it’s named this way since it’s an exec, not a lib) which is a tool in main, allowing to convert svg files to png. There we are. Just as we provide docbook/sgml for manpages, let’s provide svg (which is xml, too) for icons!
\nSo we’re adding librsvg-bin to Build-Depends, putting our svg as debian/myapp.svg, and completing debian/rules. Now the problem I have is that I’d like to use a for loop to generate all icons but make won’t let me use bash script… So I’ll create a script file that I’ll name debian/buildicons.sh, with these contents (don’t forget to give it a chmod +x):
\nsvgname=\"$1\"
\n[[ -z \"$2\" ]] && section=\"apps\" || section=\"$2\"
\n[[ -z \"$3\" ]] && maxres=\"128\" || maxres=\"$3\"
pngname=\"`basename ${svgname} .svg`.png\"
\nfor resol in 16 22 32 48 64 128
\ndo
\nif [[ \"$resol\" -le \"$maxres\" ]]
\nthen
\nicondir=\"debian/icons/hicolor/${resol}x${resol}/${section}\"
\nmkdir -p \"$icondir\"
\nrsvg-convert -h \"$resol\" -w \"$resol\" \"debian/${svgname}\" -o \"${icondir}/${pngname}\"
\nfi
\ndone
\nicondir=”debian/icons/hicolor/scalable/${section}”
\nmkdir -p “$icondir”
\ngzip -9 \"debian/${svgname}\" -c > “${icondir}/${svgname}z”
We’re using an argument in this script for the program name so it can be ported and used in other packages.
\nNote the last lines, that are aimed to gzipping and installing the svg file in /usr/share/icons/hicolor/scalable/.
We’ll call this script from within debian/rules with the following:
\nbuild/mypackage::
\ndebian/buildicons.sh myapp.svg apps
Then we’ll install the icons with:
\ninstall/mypackage::
\ndh_install debian/icons/* usr/share/icons
Then finally clean the build:
\nclean::
\nrm -rf debian/icons
Note: I reckon it’s kind of dirty to externalize debian/buildicons.sh as I propose to do. If anyone has a proposal to make it part of debian/rules cleanly, I’ll be happy to hear it
I have been wanting to provide new French Bibles to the Sword Project lately. The main versions used in France currently are the TOB (Traduction Oecuménique de la Bible), the NSB (Nouvelle Bible de Segond) and the BJ (Bible de Jérusalem). But all these versions are … copyrighted!
\n![\"Copyright_symbol_3.gif\"](\"http://web.archive.org/web/20060806044342/http://raphink.info/blog/wp-content/uploads/2006/03/Copyright_symbol_3.gif\")
\nYes, even the Word of God gets to be copyrighted now, and can’t be quoted or shared freely. Some copyrights are even a bit weird. For example, the BDS (Bible du Semeur) can be used just as long as the program doesn’t allow the user to see or extract more than 500 verses at a time. I believe this is the same for the NIV, too.
Don’t get me wrong though, I really think the work of translators and publishers should be rewarded, but I do not think that implies preventing people from sharing the Word of God freely.
\nSome programs manage to distribute these versions of the Bible, following the restrictions given by the publishers. Some even get to distribute versions with a key that has to be bought to decode the module… and I doubt Peter is the one selling the key ![\";)\"](\"http://web.archive.org/web/20060806044342/http://raphink.info/blog/wp-includes/images/smilies/icon_wink.gif\"){kind=icon}
If any translator and/or editor reads this blog, I urge them to remember that the Word of God is a gift from Him, and to free it from these copyrights.
\n“Freely you have received, freely give” (Matt 10:8)
"},{"url":"/posts/20060325-blogspot-need-e9n-on-some-a10n/","relativePath":"posts/20060325-blogspot-need-e9n-on-some-a10n.md","relativeDir":"posts","base":"20060325-blogspot-need-e9n-on-some-a10n.md","name":"20060325-blogspot-need-e9n-on-some-a10n","frontmatter":{"title":"Need an e9n on some a10n ?","template":"post","date":"2006-03-25T15:10:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2006/03/need-e9n-on-some-a10n.html","blogspot_url":"https://raphink.blogspot.com/2006/03/need-e9n-on-some-a10n.html","tags":["computers","english","restored"]},"html":"Ever wondered why we use i18n and l10n and what’s the difference ? Well I have been wondering this many times…
\nMaybe it would be some kind of geek code, like the first letter would be a version number and the number that follows would be something like :
\nnumber=(-8/3)*letter_number + 42
\nand then finishing with an n just for fun. So versions j and k would have disappeared in outer space - probably cause they were not exact… Who would like a j15.333333333333333…n and a k12.66666666666666…n ? - and everything would end up with a z(-54)n ….
\nVery unlikely, heh? So I was wondering … Till yesterday I got the answer, which is obviously much simpler…
\nLong words are abbreviated by keeping the first and the last letter, and inserting in the middle the number of letters between these two extreme ones. So very simply :
\ni18n = i[nternationalizatio]n, with 18 letters between the i and the n
\nl10n = l[ocalizatio]n, with 10 letters between the l and the n
\nv11n = v[ersificatio]n, with 11 letters between the v and the n
Easy and efficient… As Marry Poppins used to say, it’s just s30o!
"},{"url":"/posts/20060327-blogspot-testing-kde-352-in-dapper/","relativePath":"posts/20060327-blogspot-testing-kde-352-in-dapper.md","relativeDir":"posts","base":"20060327-blogspot-testing-kde-352-in-dapper.md","name":"20060327-blogspot-testing-kde-352-in-dapper","frontmatter":{"title":"Testing KDE 3.5.2 in Dapper","template":"post","date":"2006-03-27T16:09:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/03/testing-kde-352-in-dapper.html","blogspot_url":"https://raphink.blogspot.com/2006/03/testing-kde-352-in-dapper.html","tags":["beta","english","kde","kubuntu","restored","test"]},"html":"![\"KDE](\"http://web.archive.org/web/20060806044342/http://raphink.info/blog/wp-content/uploads/2006/03/49100_436138_big.gif\")
KDE 3.5.2 is (almost) out ![\":)\"](\"http://web.archive.org/web/20060806044342/http://raphink.info/blog/wp-includes/images/smilies/icon_smile.gif\"){kind=icon}
But Dapper is in UVF… so getting it in is not so easy, although it’s mostly a bugfix.
Therefore, Jonathan Riddell has packaged it and put on kubuntu.org for both Breezy and Dapper. In order to install it for Dapper, add :
\ndeb http://kubuntu.org/packages/kde352 dapper main
\ndeb-src http://kubuntu.org/packages/kde352 dapper main
to your sources.list, run `sudo apt-get update && sudo apt-get dist-upgrade` and restart KDE.
\nI strongly encourage Kubuntu Dapper users to test it and report bugs. If it really fixes lots of bugs and is stable enough, we might get it in Dapper and finish polishing Dapper with KDE 3.5.2, the 6 weeks delay given us enough time to include it properly.
"},{"url":"/posts/20060330-blogspot-konqui-kubuntu-artwork/","relativePath":"posts/20060330-blogspot-konqui-kubuntu-artwork.md","relativeDir":"posts","base":"20060330-blogspot-konqui-kubuntu-artwork.md","name":"20060330-blogspot-konqui-kubuntu-artwork","frontmatter":{"title":"Konqui & Kubuntu artwork","template":"post","date":"2006-03-30T16:09:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/03/konqui-kubuntu-artwork.html","blogspot_url":"https://raphink.blogspot.com/2006/03/konqui-kubuntu-artwork.html","tags":["artwork","english","kde","konqui","kubuntu","restored"]},"html":"![\"Konqui](\"http://web.archive.org/web/20060806044342/http://raphink.info/blog/wp-content/uploads/2006/03/konqi_kubudoc_hires.jpg\")
\nAs I’ve been searching for Konqui on Google Images and it wasn’t giving me many results, I finally landed on a nice website featuring Konqui art… and even short animation movies!
Great work! Enjoy : http://www.kulma.org/linux/kde/ !
\nEdit : As I’ve found this very cute Konqui reading a Kubuntu book, I’m wondering if it couldn’t be nice to include it for the help section, or for Ktip … Kwwii what’s your opinion if you read this blog entry?
"},{"url":"/posts/20060402-blogspot-windows-hasta-la-vista/","relativePath":"posts/20060402-blogspot-windows-hasta-la-vista.md","relativeDir":"posts","base":"20060402-blogspot-windows-hasta-la-vista.md","name":"20060402-blogspot-windows-hasta-la-vista","frontmatter":{"title":"Windows Hasta La Vista!","template":"post","date":"2006-04-02T14:58:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/04/windows-hasta-la-vista.html","blogspot_url":"https://raphink.blogspot.com/2006/04/windows-hasta-la-vista.html","tags":["restored","windows"]},"html":"One day late, but still enjoying this nice story from DistroWatch : Hasta La Vista, Baby!
"},{"url":"/posts/20060331-blogspot-changing-styles/","relativePath":"posts/20060331-blogspot-changing-styles.md","relativeDir":"posts","base":"20060331-blogspot-changing-styles.md","name":"20060331-blogspot-changing-styles","frontmatter":{"title":"Changing styles","template":"post","date":"2006-03-31T16:08:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/03/changing-styles.html","blogspot_url":"https://raphink.blogspot.com/2006/03/changing-styles.html","tags":["english","joke","kubuntu","restored","style"]},"html":"Kubuntu Dapper dist-upgraders have probably noticed that our Kubuntu style is progressively changing to fit Ubuntu’s wonderful orange theme. Yes, we’ve decided this was more beautiful after all, and Konqui couldn’t help but to begin painting the wallpaper already!
\nHappy April Fool’s Day!
"},{"url":"/posts/20060401-blogspot-kubuntu-dapper-flight-6-is-out/","relativePath":"posts/20060401-blogspot-kubuntu-dapper-flight-6-is-out.md","relativeDir":"posts","base":"20060401-blogspot-kubuntu-dapper-flight-6-is-out.md","name":"20060401-blogspot-kubuntu-dapper-flight-6-is-out","frontmatter":{"title":"Kubuntu Dapper Flight 6 is out!","template":"post","date":"2006-04-01T16:07:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/04/kubuntu-dapper-flight-6-is-out.html","blogspot_url":"https://raphink.blogspot.com/2006/04/kubuntu-dapper-flight-6-is-out.html","tags":["beta","english","kubuntu","linux","release","restored","ubuntu"]},"html":"Thanks to Mithrandir, Kubuntu Dapper Flight 6 has been released, at the same time as the Ubuntu version.
\nIt features KDE 3.5.2 & the new Crystal look. Currently in universe, getting their way to main are knetworkmanager (an app using network-manager to help dealing with multiple networks), kpowersave (a great replacement for klaptop), kerry (a beagle client for KDE) and more to come
If you are an advanced user and still on Breezy, this is yet another chance for you to take the step to Dapper and help testing and making Kubuntu 6.06 rock hard!
\nYou can dowload Kubuntu Dapper Flight 6 on this page.
"},{"url":"/posts/20060401-blogspot-pure-nerd/","relativePath":"posts/20060401-blogspot-pure-nerd.md","relativeDir":"posts","base":"20060401-blogspot-pure-nerd.md","name":"20060401-blogspot-pure-nerd","frontmatter":{"title":"Pure nerd!","template":"post","date":"2006-04-01T16:04:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/04/pure-nerd.html","blogspot_url":"https://raphink.blogspot.com/2006/04/pure-nerd.html","tags":["english","geek nerd","restored","test"]},"html":"Oh what a surprise
Just having fun taking the test jpatrick mentionned on his blog. My results are :
\n78 % Nerd, 34% Geek, 47% Dork
\nFor The Record:
\nA Nerd is someone who is passionate about learning/being smart/academia.
\nA Geek is someone who is passionate about some particular area or subject, often an obscure or difficult one.
\nA Dork is someone who has difficulty with common social expectations/interactions.
\nYou scored better than half in Nerd, earning you the title of: Pure Nerd.
The times, they are a-changing. It used to be that being exceptionally smart led to being unpopular, which would ultimately lead to picking up all of the traits and tendences associated with the “dork.” No-longer. Being smart isn’t as socially crippling as it once was, and even more so as you get older: eventually being a Pure Nerd will likely be replaced with the following label: Purely Successful.
\nCongratulations!
\nWhat are you? Take the test!
"},{"url":"/posts/20060402-blogspot-wonderful-work-lord/","relativePath":"posts/20060402-blogspot-wonderful-work-lord.md","relativeDir":"posts","base":"20060402-blogspot-wonderful-work-lord.md","name":"20060402-blogspot-wonderful-work-lord","frontmatter":{"title":"Wonderful Work, Lord","template":"post","date":"2006-04-02T14:59:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/04/wonderful-work-lord.html","blogspot_url":"https://raphink.blogspot.com/2006/04/wonderful-work-lord.html","tags":["beauty","english","god","restored"]},"html":"As I was driving back to Paris tonight, after seeing my grand-mother on the way back, I saw a very nice rainbow on the side. It was a wide and beautiful one, although not complete. Taking its root in a little wood in the middle of the country, somewhere to the right of the highway, it was growing in a slight veil of rain, then dying in a black long cloud that was over the forest. Going up, the cloud turned whiter and whiter, finishing with nice round shapes, and a bright blue sky!
\nI kept looking at it as I drove, amazed with its beauty. By the time I could not see it, I turned my head to the left and there was a beautiful sunset that was turning the whole sky to a bright orange, with powerful rays trying to go through the little clouds here and there, behind which the sun was hiding.
\nGreat work Lord, I’ll be back to your drive-in for more thrilling episodes!
"},{"url":"/posts/20060412-blogspot-reactos-gnus-not-windows-either/","relativePath":"posts/20060412-blogspot-reactos-gnus-not-windows-either.md","relativeDir":"posts","base":"20060412-blogspot-reactos-gnus-not-windows-either.md","name":"20060412-blogspot-reactos-gnus-not-windows-either","frontmatter":{"title":"ReactOS : GNU’s not Windows either…","template":"post","date":"2006-04-12T14:57:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/04/reactos-gnus-not-windows-either.html","blogspot_url":"https://raphink.blogspot.com/2006/04/reactos-gnus-not-windows-either.html","tags":["linux","open-source","restored","windows"]},"html":"Although I have known the ReactOS project for quite a time, I have never really considered it greatly so far. Actually, I agree very much with Aaron Seigo on the fact that porting more and more great FLOSS to Windows serves Microsoft more than the FLOSS movement.
\nBut then something hit me: when GNU was first created, the aim was to replace the UNIX system piece by piece, so as to end up with a fully open-source OS. I don’t think it would have really worked if RMS had begun by replacing things on the top of UNIX instead of beginning with the core: a C compiler and an editor.
\nThis is why I have come to wonder if ReactOS might be a way to go after all, allowing people to run both FLOSS and proprietary software for Windows natively, on an open-source OS, replacing the core of Windows with an open-source one. I don’t think I would use it, because I’m very happy using only FLOSS on top of GNU/Linux, but it could be part of a transition towards open-source for many users, something of that taste:
\nThis would make the Windows-to-GNU transition much smoother, just as long as there are not too many great FLOSS on Windows that would keep them using it, as Aaron rightly pointed out.
"},{"url":"/posts/20060512-blogspot-linuxtag-2006/","relativePath":"posts/20060512-blogspot-linuxtag-2006.md","relativeDir":"posts","base":"20060512-blogspot-linuxtag-2006.md","name":"20060512-blogspot-linuxtag-2006","frontmatter":{"title":"LinuxTag 2006","template":"post","date":"2006-05-12T14:53:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/05/linuxtag-2006.html","blogspot_url":"https://raphink.blogspot.com/2006/05/linuxtag-2006.html","tags":["conference","english","germany","kubuntu","linux","restored","talk","ubuntu"]},"html":"Last week was LinuxTag in Wiesbaden, Germany. This was a great opportunity to get to meet developers, talk about Ubuntu/Kubuntu, get feedback on our work, discover new technologies that we might want to get in Ubuntu, and just spend a nice time.
\nMost of the main Kubuntu contributors were present: Jonathan Riddell who came on Saturday with Mark (sabdfl), Andreas Mueller (amu), Stephan Hermann (\\sh), Anthony Mercatante (Tonio_) who came on Saturday aswell,Kenneth Wimer (kwwii), Mirjam Wäckerlin (Zerlinna).
\nIt was very nice to be able to meet after so much time working together online, and we also enjoyed spending evenings together in restaurants and at social events (LinuxTag and KDE social events).
\nI have to say I was very impressed by the Ubuntu presence there. There was an official Canonical booth, where I was able to meet Jeff Bailey (jbailey), Daniel Holbach (dholbach), Michael Vogt (mvo) and Oliver Grawert (ogra). There also was a community booth for Ubuntu, Edubuntu and Kubuntu, where we were staying. But in addition to this, most booths had either books on Ubuntu or computers running Ubuntu or Kubuntu. The KDE booth was running Kubuntu, VServer was running Ubuntu and Kubuntu, and most book stores had Ubuntu books as best sellers ![\":)\"](\"http://web.archive.org/web/20060805074200/http://raphink.info/blog/wp-includes/images/smilies/icon_smile.gif\"){kind=icon}
Mark Shuttleworth (sabdfl) arrived on Saturday, for the Ubuntu Love Day, and we began this day with a meeting gathering Kubuntu and KDE people. The goal was to try and find solutions to better work together, improve the communications between KDE and Kubuntu developers, link the Bug Tracking Systems, share our ideas of future developments. It was decided that the KDE community would appoint 4 or 5 people to come and participate in the Edgy meeting in Paris in the end of June, when the a Kubuntu Technical Board will be elected.
\nAfter this meeting, Mark gave a talk on Ubuntu, and confirmed his commitment to Kubuntu, by wearing a KDE t-shirt The room was full, and most people had to stand to fit in for the talk, although two rooms had been gathered by removing the wall between them.
Right after that, I gave a talk on Kubuntu, focusing on the new features in Dapper.
\nPictures of the LinuxTag 2006 taken by several Kubuntu contributors can be found on my gallery. There is also a video made by Ken here.
\nThis time in Wiesbaden ended in a cute restaurant in the center of Wiesbaden.
\nLooking forward to the meeting in Paris!
We had a wonderful Easter weekend with my family! We went to visit some friends of us in Normandy that we hadn’t seen for a long time, and it was really great! We don’t often spend time altogether with my parents and sister, and it’s very nice when we get to do it.
\n![\"Ahhhhhhhh!](\"http://web.archive.org/web/20060805074200/http://raphink.info/blog/wp-content/uploads/2006/04/web_HPIM3160.thumbnail.JPG\")
\nWe got there with my parents on Friday evening, and my sister Delphine joined us on Saturday evening. The first thing we did when Delphine got there was to go to the sea and enjoy the fury of the wind mixed with the a cold rain full of salt. We could hardly stand up with the wind, and the rain was getting everywhere. We had to scream to get heard, but it was really great, and we got enough fresh air for a few days. I’m closing my eyes on this pic, but it wouldn’t change much since all the drops on my glasses prevented me from seeing anyway ![\";)\"](\"http://web.archive.org/web/20060805074200/http://raphink.info/blog/wp-includes/images/smilies/icon_wink.gif\"){kind=icon}
\n![\"Under](\"http://web.archive.org/web/20060805074200/http://raphink.info/blog/wp-content/uploads/2006/04/web_HPIM3230.thumbnail.JPG\")
\nOn Sunday, other friends joined us. After tracking eggs in the house for quite a time - Delphine had prepared a game to search for them all around -, we went hiking to a nice place with waterfalls. We had a lot of fun there, climbing, chatting & singing. My parents knew these friends in a choir, years ago, and music is one of the most important things we have in common
\n![\"Shapes](\"http://web.archive.org/web/20060805074200/http://raphink.info/blog/wp-content/uploads/2006/04/web_HPIM3320.thumbnail.JPG\")
\nOn Monday, our last day there, we went for a long hike to the Mont St Michel. This is a very touristic place in the middle of a bay, and full of people in Easter. Now what is great is to go there on foot, crossing the bay with your bare feet, walking in the mud and sand for 7 km and back, crossing cold rivers up to the hips, jumping on moving sands as on a trampoline. We had a very nice and funny guide to cross the bay, and the weather was really great although still a bit cold, so we enjoyed our day to the fullest.
Overall, it was really a great time, and a nice breath of fresh air before diving into real life again
The last couple of weeks have been very busy for me, as lots of things have happened, and now it’s time to sit and give a few news on what’s going on I guess…
\nIn the end of April, I went to an IT employment meeting. There I met a few companies interested in my profile, including a small services company (SSII) in Paris, which was really eager to hiring me for my Linux skills. During my week in Germany, I got a lot of phone calls for various jobs. Eventually, I got hired as a Linux System Engineer in Sophia Antipolis, on the French Riviera.
\nI happen to have some family there : a cousin I had never met before. I got in touch with him and everything went smooth since. I found a little house to rent in Vallauris in no time, 10 minutes from Sophia Antipolis, 10 minutes from the sea…
\nI also began to attend the Calvary Chapel community in Nice, and found there a very nice community to share and hang out with.
\nThe weather here is beautiful, and I enjoyed the past weeks I had, when I didn’t have to work yet, and went hiking and took pictures all around. This place is really great because it’s close to both the sea and the moutains. I really love hiking in the moutains and I look forward to taking a few days off to go hike with my bag on my back
Eventualy, I’m beginning to work tomorrow, and trusting everything will be fine, as it’s all in God’s hands
After several month, the Christianforums (http://www.christianforums.com) IRC chat server is back online. You can connect to it with the following data :
\nserver : irc.christianforums.com
\nport : 7777
\nmain channel : #christianforums
Join us there
\n<><
Paris, capital city of the Libre
\nC’est le titre bien pompeux que la Mairie de Paris s’auto-attribuera le 26 juin 2006. Les réactions vont bon train sur les forums depuis plusieurs jours à ce sujet, alors que cet événement partage la communauté française du Logiciel Libre.
\nThis is the title that Paris will elect for itself on the 26 of June, 2006. Many reactions can be read on the forums since a few days, as this event splits the French community of Free Software.
\nAu-delà du mécontentement causé par le choix fort peu judicieux de cette appellation abusive, je suis particulièrement choqué par le caractère fermé de cette manifestation, qui a pourtant pour ambition de devenir un rendez-vous incontournable du Logiciel Libre et de ses ministres en France.
\nBeyond the unhappiness caused by the bad choice of this name, I am particularly shocked by the close aspect of this event, that claims to become a major one for Libre Software and its followers in France.
\nOn lit sur le site web aux accents de réunion d’anciens combatants (http://www.paris-libre.org) que cet événement franco-français verra se réunir les 100 personnalités du Logiciel Libre (sic!) autour d’une petite sauterie dînatoire entre gens de bonne compagnie. Je suis donc particulièrement étonné d’apprendre qu’il y a en tout et pour tout 100 personnalités du Logiciel Libre et qu’elles se trouvent être toutes francophones, sinon françaises.
\nIt can be read on the web page, sounding like an old fighter meeting (Free Paris), that this very French event will gather the 100 characters of Libre Software (sic!) for a nice diner among good-company people. I am thus very estonished to learn that there are 100 characters of Libre Software in total, and that they happen to all be french-speaking, if not French at all.
\nNe partant pas vaincu pour autant et souhaitant donner sa chance à une manifestation qui somme toute participe de la démocratisation - si une telle chose est concevable - du LL en France, j’ai pensé qu’il serait souhaitable qu’Ubuntu soit représenté à cette occasion. J’ai donc été jeter un coup d’œil aux possibilités de présence des associations à cette manifestation. Mal m’en a pris! On apprend sur la page dédiée au partenariats qu’un stand simple de 6m2 pour la journée revient en location à 2500 € HT. Bien entendu, la Mairie de Paris a parfaitement conscience que ces tarifs exhorbitants sont totalement prohibitifs pour les associations et propose donc une réduction exceptionnelle de 50% pour les membres ASS2L et les associations, soit 1250€ HT la journée pour un stand de 6m2 ! Vous l’aurez compris, les communautés du Libre sont de facto exclues de cette journée réunissant les acteurs principaux du LL en France.
\nI still wanted to gave it a chance and thought Ubuntu could well be present for this event. So I had a look at the possibilities for associations to have a booth there, and learned that a 6m2 booth would cost 2500€ for the day. Of course, the organizators are perfectly aware that this price is far too expensive for any association and proposes an exceptionnal reduction of 50% for them, so that the booth would only cost 1250€ for the day! This is obvious: communities of Libre Software are excluded from this event that is meant to gather the main actors of the Libre Software in France.
\nCette journée sera par ailleurs couronnée par la remise de trophées, habilement nommés “Linus d’Or” - car, c’est bien connu, Linus Torvalds est la figure de référence du Libre -. Ces Linus d’Or récompenseront des projets, des développeurs, des entreprises qui auront su se démarquer dans leur participation au Libre. Ils ne seront bien entendu décernés qu’aux projets qui auront au préalable rempli un dossier de candidature, intégralement rédigé en français comme il se doit. Autant dire que nombre de projets majeurs seront oubliés par le seul fait de ce critère linguistique arbitraire.
\nThis day will be finished by a competition, named “Linus d’Or” (Golden Linus) - for, this is a well-known fact, Linus Torvalds is a main figure in Libre Software -. These Linus d’Or will elect projects, developers, companies that will have brought interesting contributions to Libre Software. Of course these people will have to file a folder to apply, entirely writting in French, so that most major projects won’t be taken in consideration thanks to this linguistic criteria.
\nMon principal regret quand à cet événement est donc l’incompréhension évidente du monde du Libre par ses organisateurs, alors même que cette journée semble dédiée à la démystification des Logiciels Libres. Je m’attriste que ces gens puissent penser servir le Logiciel Libre en organisant des cocktails entre ministres et délégués de la FSF, sans même s’inquiéter d’inviter les principaux acteurs du LL : les développeurs et les associations d’utilisateurs.
\nMy main concern about this event is that the organizator seem to not understand at all the world of Libre Software, eventhough they dedicate this day to understanding it. I am sad that these people might think of serving the Libre Software by organizing cocktails among ministers and delegates from the FSF, without even thinking of inviting the main actors of the Libre Software: developers and user associations.
\nSi vous avez la chance de vous rendre à cet événement de haute volée, je vous souhaite donc une agréable journée dans la capitale virtuelle d’un Libre instrumentalisé !
\nIf you get to go to this event, I wish you a nice day in the virtual city of an instrumentalized Libre!
"},{"url":"/posts/20060707-blogspot-avertissement-cet-article-contient-des/","relativePath":"posts/20060707-blogspot-avertissement-cet-article-contient-des.md","relativeDir":"posts","base":"20060707-blogspot-avertissement-cet-article-contient-des.md","name":"20060707-blogspot-avertissement-cet-article-contient-des","frontmatter":{"title":"Dogville : un Dieu gangster ?","template":"post","date":"2006-07-07T14:24:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/07/avertissement-cet-article-contient-des.html","blogspot_url":"https://raphink.blogspot.com/2006/07/avertissement-cet-article-contient-des.html","tags":["chrétien","film","français","restored"]},"html":"Avertissement:
\nCet article contient des révélations sur l’intrigue du film Dogville.
\nCe film contient des scènes de violence et de nudité qui peuvent heurter. Lors des projections publiques, des personnes ont quitté les salles.
\n![\"Affiche\"](\"http://web.archive.org/web/20060805074200/http://raphink.info/blog/wp-content/uploads/2006/07/dogville.jpg\")
Renversant !
\nLars von Trier nous livre ici une interprétation très personnelle de l’Évangile, qui interroge et qui choque.
\nQuelle ne fut pas ma surprise pourtant quand, cherchant des critiques de ce film, je ne trouvai aucune mention faite au christianisme. Les critiques francophones de ce film se contentent d’y voir une mise en boite de l’Amérique rurale, dans la continuité de Dancer in the Dark, préfigurant selon ces auteurs le début d’une série d’oeuvres centrées sur les États-Unis. Ils y voient également l’influence de Berthold Brecht dans la nudité des décors et la simplicité de la mise en scène. S’il est vrai que le film a été entièrement tourné dans un hangar, avec des décors principalement tracés à la craie sur le sol, c’est visiblement pour mieux mettre le spectateur dans une position omnisciente, divine, que l’auteur fait ce choix. Et malgré tous les indices flagrant d’une inspiration chrétienne, aucun rapprochement à la foi n’est fait dans ces commentaires.
\nPourtant nul n’est besoin de chercher loin pour trouver les références à la Bible dans ce film, puisque même les noms des personnages s’y réfèrent : l’héroïne, figure christique par excellence, se nomme Grâce, et le chien du village, Moïse.
\nC’est finalement sur un site anglophone, Christianity Today, que je trouvai une critique de ce film avec des yeux ouverts sur son message, bien que je ne partage pas totalement l’avis du critique, notamment en ce qui concerne la séparation qu’il fait entre le Dieu juge de l’Ancien Testament et le Dieu amour du Nouveau Testament.
\nÀ l’apogée de cette passion, Lars von Trier enchaîne sur une apocalypse revisitée, où la figure christique de Grâce est taxée d’arrogance, et où ce personnage souffrant par et pour tous se transforme en juge sanguinaire, héritant tous pouvoirs sur la vie de son père gangster. La scène finale a lieu dans une voiture close, rideaux tirés, seul lieu du décor fermé aux regards, conciliabule divin après la trahison et la mise à mort de Grâce, avant la passation des pouvoirs omnipotents de son père sur le peuple qui l’a oppressée.
\nLe film se finit sur l’image du chien Moïse. Ce personnage, tracé à la craie dans le décor depuis le début du film, et qui a vécu passivement les événements de l’intrigue sans jamais broncher, est épargné par Grâce, prenant soudain vie au milieu du village en flammes, seul à mériter le pardon divin.
\nUne oeuvre magistrale, qui révèle beaucoup sur les croyances de son auteur.
"},{"url":"/posts/20060719-blogspot-christian-projects-on-sourceforge-1/","relativePath":"posts/20060719-blogspot-christian-projects-on-sourceforge-1.md","relativeDir":"posts","base":"20060719-blogspot-christian-projects-on-sourceforge-1.md","name":"20060719-blogspot-christian-projects-on-sourceforge-1","frontmatter":{"title":"Christian projects on Sourceforge #1","template":"post","date":"2006-07-19T14:22:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/07/christian-projects-on-sourceforge-1.html","blogspot_url":"https://raphink.blogspot.com/2006/07/christian-projects-on-sourceforge-1.html","tags":["christian","linux","open-source","restored","sourceforge"]},"html":"Today I am having a look at the Christian open-source projects listed on Sourceforge.
\nI’ll try to list them here, taking them in order of appearance when looking at the “Religion and Philosophy” section. I won’t be listing the programs that are obviously for Windows only, since I cannot test them.
BibleTime
\nThere’s no need to introduce BibleTime I believe. This great Bible study program for KDE is part of the Sword project, hosted by the Crosswire Bible Society. Version 1.6 is currently in development, and we’ll be happy to update it in Ubuntu when it’s ready.
openlp.org
\nI couldn’t find in what language this program is made… but surely not in any I know how to use on Linux, and the only binary that is given is for Windows, so I couldn’t try it… Any comments welcome.
Bibledit
\nThis piece of software was just added in Debian not long ago, and synced in Ubuntu very lately. It is aimed at editing Bible files, mainly to allow translating the Bible. I couldn’t really test it because it segfaults in Ubuntu Edgy. I’ll have to see if anything can be done for that.
Lyricue
\nMore and more churches use video-projectors to show the lyrics of songs on a screen. This is why lyricue exists, to allow them to use an open-source software to achieve this task. Currently, Lyricue requires a mysql DB to be set, which makes it a bit uneasy to use. Lyricue is not in Debian or Ubuntu yet, but packages exist on the website. I recently contacted the upstream developer about getting Lyricue in Ubuntu, and he said he will do that. Looking forward to uploading it
GnomeSword
\nGnomeSword is to GNOME what BibleTime is to KDE: a must. Although I prefer KDE over GNOME in general, I reckon GnomeSword is a very nice Bible study software.
GNU Bible (GBible)
\nGBible is a Java-based Bible study software developed using HSQLDB, Lucene and Swing. It was formelly designed to use db.linux, GTK+, Glade and C. The locale focus is Portuguese(Brazil), using “Almeida Revista e Atualizada” version. I am a bit disappointed by the fact that the Bible it uses seems somehow hardcoded… I can’t see readable source files where the Bible is read, nor a way to add another Bible version to this program. Which means : “Read the Almeida Revista e Atualizada” portuguese version of the Bible, or give up on using this program… Hope to see a broader focus and some translations on this project
ChurchInfo
\nFrom what I understand, ChurchInfo is the future of the PHP/MySQL version of InfoCentral, a web-based program to manage church communities. I have played a bit with it, and have found it interesting. The only thing I’m really concerned with are the menus on the top of the window: they don’t appear on my new version of Firefox, and they are not clickable on Konqueror… which makes navigating in the program simply … impossible. Otherwise I’ve heard very nice things about this app, and I plan to package it as soon as I can understand how to get the menus to work…
OpenSong
\nAccording to its author, this ruby program seems to be aimed at “managing chords and lyrics sheets (lead sheets), presenting lyrics (and custom slides) using a projector, and much more!”. However, the source tarball contains a .rb file and an xml file, and the .rb file fails to launch with ruby1.8. I didn’t try to go further. I’d be happy if the author chose to provide an installer for his program.
Dans le monde du libre, nous avons tous suivi avec inquiétude le débat autour de l’adoption du texte de loi DADVSI. Quelques jours après l’adoption du projet, Michaël Golberg fait le tour de ses conséquences désastreuses, invitant les auteurs pour qui la liberté a encore de la valeur a réagir en tentant de sauver la diversité au risque de la rentabilité.
\nUn texte a découvrir sur cette page.
"},{"url":"/posts/20060710-blogspot-openclipart/","relativePath":"posts/20060710-blogspot-openclipart.md","relativeDir":"posts","base":"20060710-blogspot-openclipart.md","name":"20060710-blogspot-openclipart","frontmatter":{"title":"OpenClipart","template":"post","date":"2006-07-10T14:23:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/07/openclipart.html","blogspot_url":"https://raphink.blogspot.com/2006/07/openclipart.html","tags":["clipart","licenses","open-source","restored"]},"html":"I was searching for Christian open-source clipart today. Unfortunately I didn’t find any. All the free Christian clipart I found have restrictive - or even very restrictive - licenses ![\":(\"](\"http://web.archive.org/web/20060805074200/http://raphink.info/blog/wp-includes/images/smilies/icon_sad.gif\"){kind=icon}
However, I have found one open-source clipart website - although not Christian - with very good things on it http://www.openclipart.org.
\nI strongly encourage all graphic developers to contribute to this project
Many of us are used to using sed for pattern replacements in strings, but it is also possible to perform these replacements from within bash, using ${parameter#word}, ${parameter##word}, ${parameter%word}, ${parameter%%word}, ${parameter/pattern/string/}, and ${parameter//pattern/string}.
\nAll these forms are explained in “man bash” but no example is given. Since an example is often the best way to show how things work, here are a few examples for these features. I will only give examples here, considering you can lookup for these entries in “man bash” if you want the full theorical explanation, that I find confusing.
\nLet us define a global variable we will be working on:
\n$ FQDN=\"foo.bar.com\" # let's define a variable called FQDN for our examples $ echo ${FQDN} # just a check foo.bar.com
Now let’s have a look at ${parameter#word} and ${parameter##word}, which act on the beginning of the string:
\n$ echo ${FQDN#*.} # this removes the shortest pattern matching \"*.\" in the beginning of $FQDN, so it removes \"foo.\" bar.com $ echo ${FQDN##*.} # this removes the longest pattern matching \"*.\" in the beginning of $FQDN, so it removes \"foo.bar.\" com
${parameter%word} and ${parameter%%word} achieve quite the same, but on the end of the string:
\n$ echo ${FQDN%.*} # this removes the shortest pattern matching \".*\" in the end of $FQDN, so it removes \".com\" foo.bar $ echo ${FQDN%%.*} # this removes the longest pattern matching \".*\" in the end of FQDN, so it removes \".bar.com\" foo
Now it’ll be fairly easy to understand what ${parameter/pattern/string} and ${parameter//pattern/string} do… They are direct replacements for sed, respectively with and without the g option:
\nLet’s define a new string for this one:
\n$ TEST_STRING=\"foo is long and bar is long\" $ echo ${TEST_STRING} # just a check foo is long and bar is long
and now to see what these variables do:
\n$ echo ${TEST_STRING/long/short} # replaces the first occurence of \"long\" by \"short\" in $TEST_STRING foo is short and bar is long $ echo ${TEST_STRING//long/short} # replaces all occurences of \"long\" by \"short\" in $TEST_STRING, same as using g in sed foo is short and bar is short
Enjoy and feel free to provide more examples you’d find useful as comments
Pushed by the medias, more and more people use the term “hacker” to talk about pirates and generally bad-willing computer freaks. As I consider myself a hacker, I am willing to give here a small disambiguation of this term.
\nThe Chambers Pocket Dictionary defines a hacker as someone who uses computers to gain unauthorized access to data, other computers, etc.. This use of the term is actually deprecated (see this link).
\nI’ll rather use the definition of the Wikipedia encyclopedia instead, as I believe it is much closer to reality.
\nWikipedia lists 3 meanings of the word “hacker”:
\n\nIn computer programming, a hacker is a programmer who hacks or reaches a goal by employing a series of modifications to exploit or extend existing code or resources. For some, hacker has a negative connotation and refers to a person who “hacks” or uses kludges to accomplish programming tasks that are ugly, inelegant, and inefficient. This negative form of the noun “hack” is even used among users of the positive sense of “hacker”.
\nIn computer security, a hacker is a person who specializes in work with the security mechanisms for computer and network systems. While including those who endeavor to strengthen such mechanisms, it more often is used (especially in the mass media) to refer to those who seek access despite them.
\nIn other technical fields, hacker is extended to mean a person who makes things work beyond perceived limits through their own technical skill, such as a hardware hacker, or reality hacker.
\n
Ok so I gave a definition of what a hacker is, but then why do so many people call pirates hackers?
\nAs you probably understand, a hacker is someone who enjoys modifying computer programs. How is this illegal? It is illegal when the code is not yours. If the license of a program doesn’t allow you to modify it, then it is illegal to do so.
\nTry to picture a man who is good with cars. If this man repairs and improves his own car, who will complain? On the contrary, if this man modifies the car of his neighbour without asking him the permission to do so, then it is surely not a good idea.
\nIt is the same with computer programs: modifying proprietary software is illegal because their rights are owned by physical or moral persons who do not allow anybody to alter them, whereas modifying open-source software is totally legal and even encouraged.
\nMost pirates are hackers because they modify computer programs, but they are illegal because they modify programs whose license doesn’t allow them to.
\nHackers in general - and GNU/Linux hackers in general - are not illegal, because they hack computers programs they have the right to modify.
"},{"url":"/posts/20060828-blogspot-ichthux-609-beta5-is-out/","relativePath":"posts/20060828-blogspot-ichthux-609-beta5-is-out.md","relativeDir":"posts","base":"20060828-blogspot-ichthux-609-beta5-is-out.md","name":"20060828-blogspot-ichthux-609-beta5-is-out","frontmatter":{"title":"Ichthux 6.09 beta5 is out","template":"post","date":"2006-08-28T15:31:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/08/ichthux-609-beta5-is-out.html","blogspot_url":"https://raphink.blogspot.com/2006/08/ichthux-609-beta5-is-out.html","tags":["christian","english","ichthux","kubuntu","linux","release","restored"]},"html":"![\"Ichthux_BubbleFish_Mod_small_transparent.png\"](\"http://web.archive.org/web/20061230082703/http://raphink.info/blog/wp-content/uploads/2006/08/Ichthux_BubbleFish_Mod_small_transparent.png\")
The Ichthux team is proud to announce the release of Ichthux 6.09 beta5.
\nRemember:
\nThis is beta software and even though it should be pretty stable (we are building from Kubuntu’s 6.06 release) be aware that it could have problems. What we would like, at this point, is to have as many people try Beta5 out so that we can fix any remaining bugs before we realease Ichthux 6.09 some time in September.
You can get Ichthux 6.09 beta5 from various servers:
\nWhether you have Ubuntu or one of its derivatives on your computer, you can easily install Ichthux on your computer, by doing the following:
\nAdd the Ichthux repository to your sources.list:
\ndeb http://archive.ichthux.com/ichthux grace main deb-src http://archive.ichthux.com/ichthux grace main
Type the following commands in a console to install Ichthux:
\nwget http://archive.ichthux.com/ichthux.asc # This downloads the key to identify the Ichthux repository sudo apt-key add ichthux.asc sudo apt-get update sudo apt-get install ichthux-desktop
The Ichthux CD also installs sword modules for your language when they are available. If you wish to have them, you can perform this installation by installing the sword-language-pack-* module corresponding to your language. For example, for French support:
\nsudo apt-get install sword-language-pack-fr
Beta5 is a LiveCD, which means it can be run from the CD without installing anything to your computer’s hard drive. When you boot up the CD it will take you to a “Kubuntu” boot screen, don’t worry, we are working on changing that to an Ichthux one. If you want to install Beta5 just click on the “Install” icon on the desktop when it is fully loaded.
\nThe willowng content filter needs to be turned on before it can be used. To do this go to the Kmenu and go to Settings -> Content Filter. You will need to add “bad” addresses which are the ones you want to block in the “Domain Filtering” tab. Then set up your browser to use URL “localhost” and port “8563″.
\nPlease use our Launchpad Bug tracker to file bugs on problems that are specific to Ichthux. If the problem seems to be with non-Ichthux specific programs like the kernel or Xorg please use the Kubuntu Launchpad Bug tracker.
\nYou can also contact us by the methods on the Contact page.
"},{"url":"/posts/20070821-blogspot-europecv-latex-cv-class/","relativePath":"posts/20070821-blogspot-europecv-latex-cv-class.md","relativeDir":"posts","base":"20070821-blogspot-europecv-latex-cv-class.md","name":"20070821-blogspot-europecv-latex-cv-class","frontmatter":{"title":"EuropeCV : a LaTeX CV class","template":"post","date":"2007-08-21T15:34:00.002+02:00","canonical_url":"https://raphink.blogspot.com/2007/08/europecv-latex-cv-class.html","blogspot_url":"https://raphink.blogspot.com/2007/08/europecv-latex-cv-class.html","tags":["cv","latex"]},"html":"I was recently searching for a CV LaTeX class. I finally found the EuropeCV class and I really like it.
\napt-get install texlive-latex-recommended texlive-latex-base texlive-fonts-recommended texlive-latex-extra
\nI also recommend to use a LaTeX editor. My favourite is Kile.
The package provides examples in /usr/share/doc/texlive-latex-extra/latex/europecv/examples/. Choose the example that fits your needs and modify it. A full documentation is also installed in /usr/share/doc/texlive-latex-extra/latex/europecv/europecv.pdf.gz.
\nNothing better than an example to make the point… Here is my PDF CV, and the LaTeX source.
\nI have recently dropped EuropeCV in favor of the moderncv template, which I find much nicer. I also use the moderntimeline package with it.
"},{"url":"/posts/20060829-blogspot-typing-biblical-hebrew/","relativePath":"posts/20060829-blogspot-typing-biblical-hebrew.md","relativeDir":"posts","base":"20060829-blogspot-typing-biblical-hebrew.md","name":"20060829-blogspot-typing-biblical-hebrew","frontmatter":{"title":"Typing Biblical Hebrew","template":"post","date":"2006-08-29T15:32:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2006/08/typing-biblical-hebrew.html","blogspot_url":"https://raphink.blogspot.com/2006/08/typing-biblical-hebrew.html","tags":["bible","english","hebrew","ichthux","kde","language","linux","openoffice","restored","typing"]},"html":"As we released Ichthux 6.09 beta5, we began to work on Biblical Hebrew functionalities, to make sure Ichthux could provide a full Biblical Hebrew support for Bible studies.
\nKubuntu has fonts for almost every language by default. However, I included the culmus Hebrew fonts in Ichthux by default to be able to read the Bible in Hebrew. The WLC, along with other codecs of the Tanakh, doesn’t use a simple alphabet, but also has lots of signs to indicate the way to pronounce/vocalize the words and signs to indicate the middle of the verses, the middle of chapters, the middle of the Torah, or where to breathe when singing the text. All these signs cannot be displayed properly with a simple modern Hebrew font, which is why I provided culmus and used Frank Ruehl’s font by default.
\nThe following clearly shows why it is necessary to have a custom font to read WLC in BibleTime:
\n![\"WLC](\"http://web.archive.org/web/20061230082703/http://ichthux.free.fr/snapshots/hebrew_font/hebrew_font_normal.jpg\")
\nWLC with default font
![\"WLC](\"http://web.archive.org/web/20061230082703/http://ichthux.free.fr/snapshots/hebrew_font/hebrew_font_frank_ruehl.jpg\")
\nWLC with Frank Ruehl’s font
Note: the rules to write a kosher Tanakh are very strict, and even with a Frank Ruehl’s font, the rendering is far from being perfect. For example, in Number 25:12, the vav in SHaLOM is not broken as it should be:
\n![\"Numbers](\"http://web.archive.org/web/20061230082703/http://ichthux.free.fr/snapshots/hebrew_font/numbers_25_12.jpg\")
\nNumbers 25:12 in WLC
![\"The](\"http://web.archive.org/web/20061230082703/http://ichthux.free.fr/snapshots/hebrew_font/broken-vav-num25-12.gif\")
\nThe broken vav of SHaLOM
The big vav in the middle of the Torah, along with many other pretty important font rendering in the Hebrew tradition don’t appear in the WLC.
\nThe next step was to make sure Biblical Hebrew could be typed in Ichthux. The first thing to do is to set the keyboard layout. You can do that easily in SystemSettings. Once you had added the Hebrew layout to the lsit of active layouts, you need to choose si1452 as the variant for it in order to activate the Biblical Hebrew keyboard.
\nOnce I had that set, I tried to write in Hebrew in various programs, using Frank Ruehl’s font. My two main attempts were in OpenOffice Writer and KWord.
\nI have to confess I was very disappointed by OpenOffice there. I had to set the “Enabled for complex text layout (CTL)” in the Language tools, and then it wouldn’t write from right to left still, and didn’t keep the right font when I typed. I had to force it to write from right to left by changing the alignement, but then I couldn’t add spaces before the first word. Additionally, the vowels are not showing properly, but are somehow slightly switched under the next letter.
\nOn the contrary, KWord proved very easy to use. No additional settings to be done, and it wrote from right to left very nicely. The vowels are aligned very nicely, and the rendering looks great ![\":)\"](\"http://web.archive.org/web/20061230082703/http://raphink.info/blog/wp-includes/images/smilies/icon_smile.gif\"){kind=icon}
Below is the word BReSHiYT written in OpenOffice and KWord for comparison.
\n![\"Breshit](\"http://web.archive.org/web/20061230082703/http://ichthux.free.fr/snapshots/hebrew_font/breshit_ooo.jpg\")
\nBreshit in OpenOffice Writer
![\"Breshit](\"http://web.archive.org/web/20061230082703/http://ichthux.free.fr/snapshots/hebrew_font/breshit_kword.jpg\")
\nBreshit in KWord
There is still some work to do to get full support for Biblical Hebrew by default in Ichthux, but at least we know where we stand now
I was reading about the Facebook vs. Google articles on Slashdot lately and thinking of a way to replace the Social Networking systems with OpenSource tools.
\nSocial Networking systems provide tools like blogs or pictures albums. We already have very good tools to do this (Wordpress/Drupal/Gallery/etc.). What Social Networking systems have is also a way to link profiles together.
\nSo I was thinking about a way to implement this using already existing OpenSouce technology. And I thought that Jabber could do that!
\nLet’s have a closer look at it:
\nSo what if… we used Jabber to interconnect our websites? It could be a simple plugin for blogs/CMS that would connect to your Jabber server, log in, and retrieve your friends’ infos. The plugin could display a list of your friends using the avatars they provided. On hovering over the pictures, more info could be displayed, allowing you to go to their homepage, or even to contact them by IM!
\nI have searched a bit for such a plugin, but haven’t found much.
\nHow would you like something like this?
"},{"url":"/posts/20071118-blogspot-ichthuxcom-has-new-look-too/","relativePath":"posts/20071118-blogspot-ichthuxcom-has-new-look-too.md","relativeDir":"posts","base":"20071118-blogspot-ichthuxcom-has-new-look-too.md","name":"20071118-blogspot-ichthuxcom-has-new-look-too","frontmatter":{"title":"Ichthux.com has a new look too!","template":"post","date":"2007-11-18T15:38:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2007/11/ichthuxcom-has-new-look-too.html","blogspot_url":"https://raphink.blogspot.com/2007/11/ichthuxcom-has-new-look-too.html","tags":["english","ichthux","linux","restored","style","ubuntu"]},"html":"The ichthux.com website was broken for a long time. After I got a dedicated server, Raoul made a whole new website for Ichthux!
\nVisit the new website at http://www.ichthux.com!
"},{"url":"/posts/20071118-blogspot-new-look/","relativePath":"posts/20071118-blogspot-new-look.md","relativeDir":"posts","base":"20071118-blogspot-new-look.md","name":"20071118-blogspot-new-look","frontmatter":{"title":"A new look","template":"post","date":"2007-11-18T15:37:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2007/11/new-look.html","blogspot_url":"https://raphink.blogspot.com/2007/11/new-look.html","tags":["blog","english","restored","style"]},"html":"I’ve been wanting to do this for a long time… So here is my blog’s new look!
\nThis theme is kind of a mix between the blixed theme (the one I used before) and a 3-columns cutline. I hope to enhance it a bit if I have time this week.
\nComments are welcome ![\":)\"](\"http://web.archive.org/web/20071124204542/http://raphink.info/wp-includes/images/smilies/icon_smile.gif\"){kind=icon}
Many Ubuntu users like to have the latest versions of softwares and use backports for that. But backports tend to break the stability of a system, and it can be quite boring to comment/uncomment the backports line in /etc/apt/sources.list everytime you want to install a backport. Fortunately, apt/preferences is there to help us!
\nFirst of all, add the backports line for your release of Ubuntu in your sources.list. For example, on my feisty server I added:
\ndeb http://archive.ubuntu.com/ubuntu feisty-backports main restricted universe multiverse
Now to set the preferences. In my /etc/apt/preferences file, I have:
\nExplanation: Backported packages have a lower priority Package: * Pin: release a=feisty-backports Pin-Priority: 100
Now, let’s see what happens on my system. Backports have higher version numbers than the packages in feisty, feisty-updates and feisty-security, but all packages in feisty-backports have a priority of 100 (the default priority being 500), so they are never chosen for installation.
\nFrom then on, backported packages will not be installed by default. If I want to install a backported package, I have two ways of doing so:
\napt-get install foo/feisty-backports
This will install package foo from feisty-backports, but the possible dependencies will not be taken in feisty-backports. This is safer but will not necessarily work.
For example:
\n$ sudo apt-get install -s postfix-mysql/feisty-backports Lecture des listes de paquets... Fait Construction de l'arbre des dépendances Reading state information... Fait Version choisie 2.4.5-3~feisty1 (Ubuntu:7.04/feisty-backports) pour postfix-mysql Certains paquets ne peuvent être installés. Ceci peut signifier que vous avez demandé l'impossible, ou bien, si vous utilisez la distribution unstable, que certains paquets n'ont pas encore été créés ou ne sont pas sortis d'Incoming.
Puisque vous n’avez demandé qu’une seule opération, le paquet n’est
\nprobablement pas installable et vous devriez envoyer un rapport de bogue.
\nL’information suivante devrait vous aider à résoudre la situation :
Les paquets suivants contiennent des dépendances non satisfaites :
\npostfix-mysql: Dépend: postfix (= 2.4.5-3~feisty1) mais 2.3.8-2 devra être installé
\nE: Paquets défectueux
\nThe installation fails because the necessary dependency is only present in feisty-backports.
apt-get install -t feisty-backports foo
This will install package foo using the feisty-backports repository with a temporary priority of 990. Dependencies will be taken in feisty-backports aswell.
For example:
\n$ sudo apt-get install -s -t feisty-backports postfix-mysql Lecture des listes de paquets... Fait Construction de l'arbre des dépendances Reading state information... Fait Les paquets supplémentaires suivants seront installés : postfix Paquets suggérés : procmail postfix-pgsql postfix-ldap postfix-pcre sasl2-bin resolvconf postfix-cdb Les NOUVEAUX paquets suivants seront installés : postfix-mysql Les paquets suivants seront mis à jour : postfix 1 mis à jour, 1 nouvellement installés, 0 à enlever et 4 non mis à jour. Inst postfix [2.3.8-2] (2.4.5-3~feisty1 Ubuntu:7.04/feisty-backports) Inst postfix-mysql (2.4.5-3~feisty1 Ubuntu:7.04/feisty-backports) Conf postfix (2.4.5-3~feisty1 Ubuntu:7.04/feisty-backports) Conf postfix-mysql (2.4.5-3~feisty1 Ubuntu:7.04/feisty-backports)
All the packages are taken from feisty-backport in this example.
\nLet’s say I want to upgrade my system using all the available backports for the packages I use (which is not recommended). The command would be :
\napt-get -t feisty-backports dist-upgrade
In the last few weeks, I've been using Tellico extensively. I first used it to manage a collection of boardgames for an association close to our house.
\nTellico makes it easy to create and manage collections of objects, files, or whatever you want to keep a track of. In the case of the boardgames collection, I added a 'contents' table to list all the pieces of each game and track if the game was complete or not.
\n![\"Tellico's](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivHNIrPmpQvTlptS7FgpKhjMCvcYcTMvLQBhQTvLarHezso9z-BhFcIn9oD1wRlCMl7MBzT3pBxwNqVvAUFLeApo9Z09AwcAvm54b7q5ergdMXsv3pO-9MjV2pmBBnwlb-CwxNr_FmwoaN/s1600-h/web_tellico_main.jpg\" "\\"Tellico's")
\nI also added a 'reference' field automatically generated from the ID of the game in the database, to easily assign a unique reference to each object. The 'reference' field uses a \"Dependant\" type and its definition is \"JEU %{id}\" which appends the ID of the object to the string \"JEU\".
\nUsing the fancy report from kde-files.org, I was able to easily print labels for each game.
After listing the boardgames, I began to make a list of our own DVDs and CDs. I found it very useful that Tellico allows to search for objects on a lot of web services, such as Amazon, and can even search by barcode (or ISBN for books). I was able to enter most of my CDs using the barcodes with the amazon.fr plugin. Tellico even completes ISBN as you type. Since the last number of ISBN codes is a check, Tellico adds it automatically so you can check if the ISBN you typed is correct.
\n![\"Tellico](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_Lywo3izmk0O_LcPeKTeirtsj3ydqs5wBZVdSGTR35OlN7v0xnPGqCjB7NHbLN3_F5BbRqD5lDK8YpSL1bFtWVHfwsYbQNt8_Nyu6Te2ya-JnSrsEsaT0n-38E2quYbANiuM-KHsVTyJE/s1600-h/web_tellico_isbn_search.jpg\" "\\"Tellico")
\nTellico also allows you to enter several ISBN/barcodes at a time, either within the interface or by importing them from a file. This opens the door to scanning the codes with a barcode scanner. Unfortunately, barcode scanners are quite expensive. While the most expensive ones come with a USB interface and emulate a keyboard, the few cheap ones you find usually send special codes that can be pretty hard to deal with.
Since version 1.3, Tellico includes a patch that allows to use a webcam to read barcodes. I tried to plug a webcam to my machine, fired up Tellico and opened the import window, but nothing special happened. I took a look at the scripts that gave birth to the patch. These scripts use a combination of the v4l driver with mplayer to capture images from the webcam and send them to the BaToo Java classes to decode the barcode. Since mplayer was only showing a black screen from my webcam, I hacked the script a bit to use vgrabbj instead, and managed to import shots from the webcam and send them to the BaToo Java script, but the quality of the shots taken by the webcam didn't quite please BaToo... so I finally gave up and typed the ISBN codes manually.
\nOne thing I like very much with KDE program is integration. Since they share most of their resources, you can always expect them to easily cooperate. In the case of Tellico, I was very pleased to discover that the lending interface can use the contacts from KAddressBook (kabc) and inform KOrganizer about the planned date of return (although I couldn't get this to work for some reason).
\n![\"Lending](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaknyCfRJ1tngxi-fDM7niWtBiFJ7f0F81ztVGCeKvjOKCtPWMxumZcmTaMCtCymrH0V9V8tjdXZX5LIXC_m1j4owoIJyQlJx_qOYTFNCqeY7Tw4hd-SHZ7s1W1gVE4zMpcdnVvnA7wfFV/s1600-h/web_tellico_isbn_lending.jpg\" "\\"Lending")
Robby was very reactive when I wrote to him concerning the possibility of importing boardgames infos from Amazon. Thank you Robby for reacting so promptly!
"},{"url":"/posts/20080825-blogspot-back-up/","relativePath":"posts/20080825-blogspot-back-up.md","relativeDir":"posts","base":"20080825-blogspot-back-up.md","name":"20080825-blogspot-back-up","frontmatter":{"title":"Back up","template":"post","date":"2008-08-25T15:32:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2008/08/back-up.html","blogspot_url":"https://raphink.blogspot.com/2008/08/back-up.html"},"html":"After a few months offline, I've finally set up a new blog, and I'm back to blogger for the occasion.
"},{"url":"/posts/20080902-blogspot-old-posts-restored/","relativePath":"posts/20080902-blogspot-old-posts-restored.md","relativeDir":"posts","base":"20080902-blogspot-old-posts-restored.md","name":"20080902-blogspot-old-posts-restored","frontmatter":{"title":"Old posts restored","template":"post","date":"2008-09-02T20:41:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2008/09/old-posts-restored.html","blogspot_url":"https://raphink.blogspot.com/2008/09/old-posts-restored.html","tags":["blog","english","restored"]},"html":"I took some time to go on archive.org and find old posts I had on my previous blog and on multiply, going back all the way to 2004. I added these posts to this new blog, so they can be seen again. Some posts may be broken, in case of missing images or javascript functions.
"},{"url":"/posts/20080903-blogspot-back-on-planet-ubuntu/","relativePath":"posts/20080903-blogspot-back-on-planet-ubuntu.md","relativeDir":"posts","base":"20080903-blogspot-back-on-planet-ubuntu.md","name":"20080903-blogspot-back-on-planet-ubuntu","frontmatter":{"title":"Back on Planet Ubuntu","template":"post","date":"2008-09-03T11:16:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2008/09/back-on-planet-ubuntu.html","blogspot_url":"https://raphink.blogspot.com/2008/09/back-on-planet-ubuntu.html","tags":["blog","english","ubuntu"]},"html":"I just updated the feed URL to my new blog on Planet Ubuntu, so my posts are now shown again on it.
\nI just noticed something though... The very old posts I restored on my blog are appearing as new posts, even though I set their date to their original posting date (back in 2004, 2005 and so on), so there's some posts about testing Warty that appear on Planet. It will pass soon as other people post. I don't really know how to fix this right now. Sorry guys.
"},{"url":"/posts/20080905-blogspot-comme-un-grain-de-riz/","relativePath":"posts/20080905-blogspot-comme-un-grain-de-riz.md","relativeDir":"posts","base":"20080905-blogspot-comme-un-grain-de-riz.md","name":"20080905-blogspot-comme-un-grain-de-riz","frontmatter":{"title":"Comme un grain de riz...","template":"post","date":"2008-09-05T17:53:00.003+02:00","canonical_url":"https://raphink.blogspot.com/2008/09/comme-un-grain-de-riz.html","blogspot_url":"https://raphink.blogspot.com/2008/09/comme-un-grain-de-riz.html","tags":["français","life"]},"html":"Jeudi matin, Jimena et moi sommes allés chez le radiologue... C'était déjà notre deuxième rendez-vous médical cette semaine, le premier était chez le gynécologue. Et c'est ce jeudi matin que nous l'avons aperçu pour la première fois.
\nGrand comme un grain de riz, à peine 15 mm, l'embryon qui grandit pour devenir notre enfant a déjà le coeur qui bat à 158 battements par minute!
\n![](\"http://r.pinson.free.fr/pregnancy/echographies/2008-09-04/echo1_1.jpg\")
\nNous remercions Dieu de sa fidélité et lui remettons cette grossesse, puisqu'il sait mieux que nous les bénédictions qu'il réserve pour l'avenir.
Augeas 0.3.1 is out! This is the announcement from the augeas-devel mailing-list:
\n\n\n\n
\nI am pleased to announce the release of Augeas 0.3.1; it has been much
\nlonger than I'd like since the last release, and this release contains
\nmany more changes than is betrayed by the small change in version
\nnumbers.There has been a tremendous amount of activity both in enhancing
\n
\nexisting lenses and in writing new ones. I have tried to keep track of
\nall the contributors in the NEWS - if you sent a patch and didn't get
\ncredit for it, please remind me (gently ;) With that much activity in
\nlens-writing, I feel that we need to figure out a way to indicate which
\nlenses we consider 'finished' and which ones we consider 'experimental',
\nso that users know where changes in the tree are likely.The release can be downloaded from:
\nTarball: http://augeas.net/download/augeas-0.3.1.tar.gz
\n
\nFedora RPM's are making their way through the build systemDetailed NEWS:
\n- Major performance improvement when processing huge files, reducing
\n
\nsome O(n^2) behavior to O(n) behavior. It's now entirely feasible
\nto manipulate for example /etc/hosts files with 65k lines
\n- Handle character escapes '\\x' in regular expressions in compliance
\nwith Posix ERE
\n- aug_mv: fix bug when moving at the root level
\n- Fix endless loop when using a mixed-case module name like
\nMyMod.lns
\n- Typecheck del lens: for 'del RE STR', STR must match RE
\n- Properly typecheck the '?' operator, especially the atype; also
\nallow '?' to be applied to lenses that contain only 'store', and
\ndo not produce tree nodes.
\n- Many new/improved lenses
\n* many lenses now map comments as '#comment' nodes instead of just
\ndeleting them
\n* Sudoers: added (Raphael Pinson)
\n* Hosts: map comments into tree, handle whitespace and comments
\nat the end of a line (Kjetil Homme)
\n* Xinetd: allow indented comments and spaces around \"}\" (Raphael Pinson)
\n* Pam: allow comments at the end of lines and leading spaces
\n(Raphael Pinson)
\n* Fstab: map comments and support empty lines (Raphael Pinson)
\n* Inifile: major revamp (Raphael Pinson)
\n* Puppet: new lens for /etc/puppet.conf (Raphael Pinson)
\n* Shellvars: handle quoted strings and arrays (Nahum Shalman)
\n* Php: map entries outside of sections to a '.anon' section
\n(Raphael Pinson)
\n* Ldap: new lens for /etc/ldap.conf (Free Ekanayaka)
\n* Dput: add allowed_distributions entry (Free Ekanayaka)
\n* OpenVPN: new lens for /etc/openvpn/{client,server}.conf (Raphael Pinson)
\n
\n* Dhclient: new lens for /etc/dhcp3/dhclient.conf (Free Ekanayaka)
\n* Samba: new lens for /etc/samba/smb.conf (Free Ekanayaka)
\n* Dnsmasq: new lens for /etc/dnsmasq.conf (Free Ekanayaka)
\n* Slapd: new lens for /etc/ldap/slapd.conf (Free Ekanayaka)
\n* Sysctl: new lens for /etc/sysctl.conf (Sean Millichamp)David
\n
An updated package is already in Debian, thanks to Free, and Nicolas (aka nxvl) will try to get an exception to include it in Intrepid before it's too late.
\nIn other news, I'm likely to give a talk on Augeas at the JM2l in Sophia Antipolis.
"},{"url":"/posts/20080906-blogspot-look-ma-no-mouse/","relativePath":"posts/20080906-blogspot-look-ma-no-mouse.md","relativeDir":"posts","base":"20080906-blogspot-look-ma-no-mouse.md","name":"20080906-blogspot-look-ma-no-mouse","frontmatter":{"title":"Look Ma, no mouse!","template":"post","date":"2008-09-06T19:31:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2008/09/look-ma-no-mouse.html","blogspot_url":"https://raphink.blogspot.com/2008/09/look-ma-no-mouse.html","tags":["edubuntu","english","ltsp","ubuntu"]},"html":"I have recently set up a small LTSP network for an association in my street. Some days ago, I was asked if it was possible to display photos on all of the LTSP machines at the same time to show the activities of the association. This is of course very easy to set up, but I didn't want to leave keyboards or mice on the computers, to make sure nobody would exit the photo program or try to reboot the machine.
\nThe quickest solution I found to do that easily was to use synergy and wireless keyboard and mouse. Synergy allows to share keyboards and mice between several computers, running Windows, MacOS or Linux. It actually goes further than this, since you can also copy and paste contents (text, images, etc) from one computer to another. The down side of it is that it's not secure, but that was not a problem in my case at all.
\nSo in my case, I just started synergys on the main machine (the LTSP server) having set virtual screens in synergy.conf for all the ltsp thin clients. Then I started synergyc on each client with synergyc --name ltsp1 localhost, adapting the name for each machine. Finally, I removed all keyboards and mice from the computers and only left the wireless keyboard and mouse on the LTSP server. This left me with a group of computers without any keyboards or mice plugged to them, which could each be controlled by a wireless devide, by simply dragging the wireless mouse from a screen to another. All that was left to do was to launch the slideshows on each machine and hide the keyboard and mouse in a corner, to be used only when necessary.
While the collection of available Augeas modules is increasing dramatically, there is more and more of a need for a good documentation. Some time ago, R. I. Pienaar (aka Volcane) made a proposition to write standard inline documentation in Puppet modules, using the NaturalDocs tool. I thought I would just try to see if it could easily be used to document Augeas modules.
\nAfter a few attempts, I found that I was rewriting all my code in the comments, and that was not very optimized, so I wrote to the NaturalDocs's developer, Greg Valure, to ask him about how hard it would be to support the Augeas language in ND. Not only did he answer quickly, but he provided better configuration files for ND, aswell as a Perl Module to enhance Augeas's support in ND! Thank you very much Greg, you are a great help!
\nSo I spent some more time trying to enhance the comments in the example modules I chose. After talking with David about it, we still feel like it would be better if we didn't have to prefix every declaration with a comment to get it included in the documentation, and if parameters and parameter types could be detected automatically by parsing the code. From what I understand, all this should be possible with ND by improving the Augeas.pm and ideally turning it into a full language support Perl Module. One down side of this is that ND is currently being rewritten in .Net/Mono, so the current work on Perl modules will not work with ND 2.0 anymore.
\nI also spent quite a few hours yesterday modifying the CSS stylesheet to match the Augeas website.
\nNow for the demo: you can see it here!
"},{"url":"/posts/20080915-blogspot-modular-tar-pipe-tar-in-perl/","relativePath":"posts/20080915-blogspot-modular-tar-pipe-tar-in-perl.md","relativeDir":"posts","base":"20080915-blogspot-modular-tar-pipe-tar-in-perl.md","name":"20080915-blogspot-modular-tar-pipe-tar-in-perl","frontmatter":{"title":"Modular tar pipe tar in Perl","template":"post","date":"2008-09-15T16:23:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2008/09/modular-tar-pipe-tar-in-perl.html","blogspot_url":"https://raphink.blogspot.com/2008/09/modular-tar-pipe-tar-in-perl.html","tags":["english","perl","sysadmin","ubuntu"]},"html":"I was trying to write a nice tar pipe tar system in a perl script, and got to this, which I think can be useful:
\n#!/usr/bin/perl use Archive::Tar; use Net::SSH; my $tar = Archive::Tar->new; my $dir = \"/path/to/dir\"; # Copy files from dir without recursion my @files = glob(\"$dir/*\"); $tar->add_files(@files); $user = \"root\"; $host = \"myhost.example.org\"; $cmd = \"cd / && tar xf -\"; Net::SSH::sshopen2(\"$user\\@$host\", *READER, *WRITER, \"$cmd\") || die \"ssh: $!\"; print WRITER $tar->write; close(WRITER); close(READER);
If you know of a nicer way to do it, I'm open to ideas :)
"},{"url":"/posts/20080917-blogspot-thou-shalt-not-loop/","relativePath":"posts/20080917-blogspot-thou-shalt-not-loop.md","relativeDir":"posts","base":"20080917-blogspot-thou-shalt-not-loop.md","name":"20080917-blogspot-thou-shalt-not-loop","frontmatter":{"title":"Thou shalt not loop","template":"post","date":"2008-09-17T14:11:00.001+02:00","canonical_url":"https://raphink.blogspot.com/2008/09/thou-shalt-not-loop.html","blogspot_url":"https://raphink.blogspot.com/2008/09/thou-shalt-not-loop.html","tags":["english","sysadmin","ubuntu"]},"html":"I've been using incron extensively to write a CVS synchronizer for my company lately (the last post about Perl modules was part of that). This synchronizer uses incron to monitor all CVSROOT/history files. When history files are modified, the script is launched, analyzes the changed files and synchronizes them (using the tar|tar method described in my last post) to the fallback machine. This allows to have a pretty much synchrone fallback... but that's without counting on the developers using the machine... Some of them commit as much as 300 files a minute, which triggers the script just as many times!
\nOf course, one of the first things I wrote in the script is a lock. In that case, it uses Proc::Processtable to make the script exit if it is already running on the same history file. But that was not enough.
\nThen I discovered IN_NO_LOOP. This optional parameter in incrontab is described this way:
\nAdditionaly, there is a symbol which doesn't appear in the inotify symbol set. It is IN_NO_LOOP. This symbol disables monitoring events until the current one is completely handled (until its child process exits).
\nThis solved my problem. When an history file is changed, incron fires the command and disables the monitoring on this history file until the command returns.
"},{"url":"/posts/20080912-blogspot-its-name-is/","relativePath":"posts/20080912-blogspot-its-name-is.md","relativeDir":"posts","base":"20080912-blogspot-its-name-is.md","name":"20080912-blogspot-its-name-is","frontmatter":{"title":"Its name is...","template":"post","date":"2008-09-12T10:59:00.001+02:00","canonical_url":"https://raphink.blogspot.com/2008/09/its-name-is.html","blogspot_url":"https://raphink.blogspot.com/2008/09/its-name-is.html","tags":["english","meme","ubuntu"]},"html":"Playing the Ubuntu meme, too...
\nI usually name my machines after the characters in Narnia. For a long time, my main desktop machine was thus called aslan. My laptop was peter, and my online server was caspian. Then I reinstalled peter and renamed it lucy, and my online server died and I gave the caspian name to ... my USB key!
\nNow I tend to use names from Bible characters. The last machine I installed is called caleb, after Joshua's companion when the Hebrews reached Israel.
"},{"url":"/posts/20080923-blogspot-forcing-environment-in-ssh/","relativePath":"posts/20080923-blogspot-forcing-environment-in-ssh.md","relativeDir":"posts","base":"20080923-blogspot-forcing-environment-in-ssh.md","name":"20080923-blogspot-forcing-environment-in-ssh","frontmatter":{"title":"Forcing environment in SSH","template":"post","date":"2008-09-23T16:10:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2008/09/forcing-environment-in-ssh.html","blogspot_url":"https://raphink.blogspot.com/2008/09/forcing-environment-in-ssh.html","tags":["english","linux","notes","sysadmin","ubuntu"]},"html":"It's quite easy to force environments variables in an SSH session, since /etc/profile, /etc/bash.bashrc etc. are read. But when you launch commands with SSH without opening a session, these files are not parsed, so it gets harder to set the environment.
\nSo it can be useful to know that /etc/environment is read by SSH aswell as login. The format is \"VARIABLE=VALUE\" for each line. In my case, I needed to force TMPDIR to \"/var/lib/gforge-dop/chroot/tmp\" so I just put \"TMPDIR=/var/lib/gforge-dop/chroot/tmp\" in /etc/environment and it worked :)
\nYou can test if your variable is added by doing :
\nssh user@host env
and see if your variable is listed properly by env.
\nIf you need to set environment variables per user, you can use ~/.ssh/environment. In order to do that, you need to set PermitUserEnvironment to \"yes\" in sshd_config and restart sshd.
"},{"url":"/posts/20080923-blogspot-ssh-pamchroot/","relativePath":"posts/20080923-blogspot-ssh-pamchroot.md","relativeDir":"posts","base":"20080923-blogspot-ssh-pamchroot.md","name":"20080923-blogspot-ssh-pamchroot","frontmatter":{"title":"SSH + pam_chroot","template":"post","date":"2008-09-23T16:09:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2008/09/ssh-pamchroot.html","blogspot_url":"https://raphink.blogspot.com/2008/09/ssh-pamchroot.html","tags":["english","linux","notes","sysadmin","ubuntu"]},"html":"I've been trying to get pam_chroot to work with ssh. There's a few little things to do to get it to work.
\nMake sure you have the libs to execute your shell inside the chroot. A bit of a barbarian way to do that (adapt to your shell) is :
\ncp $(ldd /bin/bash | sed -e \"s/.* => \\([^\\)]*\\) .*/\\1/\") $CHROOTDIR/lib/
If you need to debug:
\nI just installed a new computer on hardy with KDE 4.1.2. Tonight, I plugged my good old HP PSC 1510 to it. It was already quite easy to set it on KDE 3, like 5 clicks away or so. Now here is a little tutorial on how to set it on KDE4:
\nCould it be easier? Thank you KDE devs!
"},{"url":"/posts/20090108-blogspot-few-news/","relativePath":"posts/20090108-blogspot-few-news.md","relativeDir":"posts","base":"20090108-blogspot-few-news.md","name":"20090108-blogspot-few-news","frontmatter":{"title":"A few news","template":"post","date":"2009-01-08T17:19:00.001+01:00","canonical_url":"https://raphink.blogspot.com/2009/01/few-news.html","blogspot_url":"https://raphink.blogspot.com/2009/01/few-news.html","tags":["english","france","français","life","pdf"]},"html":"This year, Jimena and I decided to write a newsletter to let our friends know about our life here.
\nYou can find this newsletter here:
\nHave a blessed new year!
"},{"url":"/posts/20081218-blogspot-follow-up-on-screen-profiles/","relativePath":"posts/20081218-blogspot-follow-up-on-screen-profiles.md","relativeDir":"posts","base":"20081218-blogspot-follow-up-on-screen-profiles.md","name":"20081218-blogspot-follow-up-on-screen-profiles","frontmatter":{"title":"Follow-up on screen profiles","template":"post","date":"2008-12-18T10:38:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2008/12/follow-up-on-screen-profiles.html","blogspot_url":"https://raphink.blogspot.com/2008/12/follow-up-on-screen-profiles.html","tags":["debian","linux","screen","sysadmin","ubuntu"]},"html":"After reading Justin's proposal on screen profiles and Nicolas' answer on automatic screen launch, I've worked a bit on a profile for my company. I added a few things to it:
\n![](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixVK_h6q1cbauRMpNmFHadFhfHlqRwKuTY4QeDTF83zkUnXRg7_KyFOuWLkbjiEbpETyT_ChE85H48JSl5arX7LcpELNdNo3on9Cc06RmHWhmw8poS8l33Jnl8opGnUSYhYZLfAyeTywiQ/s1600-h/hebex-screen.png\")
with some nice colors. For thoses interested, here are the scripts :
\n$ cat load-average #!/bin/sh uptime | sed -e \"s/.*load average: //\" | tr -d \" \" | tr \",\" \" \"
\n$ cat nb-users #!/bin/sh uptime | sed -e \"s/.*, *\\(.* users\\), .*/\\1/\"
\n$ cat release-short #!/bin/sh lsb_release -i -c -s | tr \"\\n\" \" \"
\n$ cat uptime #!/bin/sh uptime | sed -e \"s/.* up *\\(.*\\), *.* users, .*/\\1/\"
I added the following lines to the \"common\" profile :
\nbacktick 105 5 5 /usr/share/screen-profiles/bin/load-average backtick 106 10 10 /usr/share/screen-profiles/bin/nb-users backtick 107 10 10 /usr/share/screen-profiles/bin/uptime backtick 108 10 10 /bin/hostname -f backtick 109 3600 3600 /usr/share/screen-profiles/bin/release-short
and this is my hardstatus line :
\nhardstatus string '%{+b Wr} (*) Hebex %{+b wk} %100`%{= Wk}|%{+b Gk}%108`%{= Wk}|%= |%{+b rW}%101`%{= Wk}|%{+b Ck}%l%{= Wk}|%{+b Mk}%106`%{= Wk}|%{+b bW}%107`%{= Wk}|%{+b gW}%103`%{= Wk}|%{= wk}%Y-%m-%d %c:%s'
Then I tried to connect from my Acer Aspire One and I realized that the line didn't fit on my screen (the 9\" screen that is...). So I made a short profile for this purpose, by using %H instead of \"hostname -f\" and making a release-short function that only displays `lsb_release -i -c -s | tr \"\\n\" \" \"`. I made this a new profile. Here is the hardstatus line :
\nhardstatus string '%{+b Wr} (*) Hebex %{+b wk}%109`%{= Wk}|%{+b Gk}%H%{= Wk} %=|%{+b rW}%101`%{= Wk}|%{+b Ck}%l%{= Wk}|%{+b Mk}%106`%{= Wk}|%{+b bW}%107`%{= Wk}|%{+b gW}%103`%{= Wk}|%{= wk}%Y-%m-%d %c:%s'
![](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZuS07DN1XlUr_0tkGfc3X1ITbtxOym3XkxQf76VdRpEY1fM7NwpQeuKAPSq-O9Q9aEuHGVwXJObSWDZS5xaSS4gj7Qjjueonrui2osX-WAfjUniJrQkH0ZqdFW_k0Yfuhk54MM-r72Goi/s1600-h/hebex-screen-short.png\")
\nThen I wondered how I could load it automatically when I connect from my notebook. So I tweaked a bit Nicolas' lines and made a .screen_bashrc which I source in my .bashrc :
if [ \"$PS1\" ]; then # Set screen-profile to short if we're on a notebook # to normal otherwise if [ \"x${LC_NOTEBOOK}\" = \"xyes\" ]; then ln -sf /usr/share/screen-profiles/profiles/hebex-short.screenrc $HOME/.screenrc-profile else ln -sf /usr/share/screen-profiles/profiles/hebex.screenrc $HOME/.screenrc-profile fi if [ \"$TERM\" != \"screen\" ]; then #screen -D -R #Update 2008 Dec 16: -xRR is way better screen -xRR fi fi
On my notebook, I added a \"export LC_NOTEBOOK=yes\" to my .bashrc, so whenever I connect to a machine using the notebook, the short screen profile is automatically selected instead of the normal one, and I can see all infos on my small screen :)
\nNote: I chose LC_NOTEBOOK because LC_* variables are usually listed in AcceptEnv in /etc/ssh/sshd_config to export language settings, so I was pretty sure that the variable would be exported fine.
"},{"url":"/posts/20090219-blogspot-transcoding-avchd/","relativePath":"posts/20090219-blogspot-transcoding-avchd.md","relativeDir":"posts","base":"20090219-blogspot-transcoding-avchd.md","name":"20090219-blogspot-transcoding-avchd","frontmatter":{"title":"Transcoding AVCHD","template":"post","date":"2009-02-19T10:35:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2009/02/transcoding-avchd.html","blogspot_url":"https://raphink.blogspot.com/2009/02/transcoding-avchd.html","tags":["computers","english","ffmpeg","film","open-source","ubuntu","video"]},"html":"Since we're expecting a baby for the end of April, Jimena and I thought it would be really nice to have a video camera to record those precious memories. I thought it was worth it to get an HD camera, even though we don't have any HD devices yet, because we'll be happy to watch our memories in HD in a few years, when we can afford a new TV ;)
\nSo there we went, and got the Panasonic HDC-SD9. It's a great camera, which records directly in HD formats, from 1440x1080 to 1920x1080. The only issue came when I wanted to play these videos on my computer. Our poor dual-core Intel Pentium D with 1.5 GB RAM struggles to play the lowest quality the SD9 can produce. So there was a need to transcode this format into a more readable one, for example avi or mov.
\nMy first approach was to use a simple ffmeg line :
\nffmpeg -i somefile.mts -s svga -r 25 somefile.mov
It does convert the file to a .mov successfully, but the result is horrible: the images are almost just as grabbled as reading the mts directly with VLC.
\nThis morning, I found this post, which linked to this forum, which features a great talk on how to efficiently transcode AVCHD to mov or avi. It also linked to Ubuntu forums where a guy proposed to use mencoder for the job with something like
\nmencoder $f -o `basename $f .mts`.avi -oac copy -ovc lavc -lavcopts vcodec=mpeg4:vbitrate=10000 -fps 50 -vf scale=720:576
The result, once again, was horrible in my case.
\nEventually, I tried the script located at http://marks.org/avchd/hdffxvrt-mov1-8-09, and it worked great! The only problem I had with it was that most of my videos were in 1440, so I had to use \"-i 1440x1080\" on them. Otherwise, the results are very nice.
\nThis script has preset formats, so you can simply call it this way
\n./hdffxvrt-mov1-8-09 -p small -i 1440x1080 00000.mts
Nice and efficient, and uses ffmpeg under the hood, only going through a yuv demux before actually transcoding (from the little I understand about video transcoding at least). You only need to be patient.
\nUpdate:
\nI worked a bit on the script and improved it quite a bit. The first improved version can be found on this link and includes the following changes:
\nAfter that, I thought it would be nice to integrate it in Dolphin/Konqueror as a service menu. It gave birth to the script you will find on this link. This is still quite a hack, and I will probably work more on it later on, but you are already welcome to try it and give some feedback.
\n![](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOXRwwD7DtWKUImh0kRGOYX76CwiklDlkCQGQ47MJyYs6gWFQNV5P4xT20Dq1vEdDZUiKVXCuayLLlRb6oYMsnNXIdQGhqxFBa00bDfvTtGb53yj05PCI6Y7qLz_qaJYxxZP6gAh9vN16u/s1600-h/snapshot1.png\")
This KDE version includes the following improvements:
\nThis is a quick tutorial inspired by the French tutorial I used from Léa Linux, as I spent two hours configuring an access point on my machine, using WPA authentication with a madwifi card (atheros).
\nMadwifi needs a network bridge to work. Fortunately for me, the atheros card has its bridge automatically set up when the interface is mounted. The card gets the ath0 interface, while the bridge is labelled wifi0.
\nWith this card, I had to add an autocreate=ap option in modprobe. To do that :
\necho \"options ath_pci autocreate=ap\" | sudo tee /etc/modprobe.d/ath_pci
Then I set ath0 in /etc/network/interfaces :
\n$ cat /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp auto ath0 iface ath0 inet static wireless-mode master wireless-channel 9 wireless-essid jonah address 192.168.1.254 netmask 255.255.255.0 broadcast 192.168.1.255
I get my Internet connection through a router with a DHCP server on eth0.
\nReload your network after you're done setting it up :
\nsudo /etc/init.d/networking restart
Hostapd allows to set up a nice wifi access point with WPA authentication in a short time. Here is my configuration (ignoring empty and commented lines) :
\ncat /etc/default/hostapd | grep -v \"^\\(#\\|$\\)\" RUN_DAEMON=\"yes\" DAEMON_CONF=\"/etc/hostapd/hostapd.conf\" $ sudo cat /etc/hostapd/hostapd.conf | grep -v \"^\\(#\\|$\\)\" interface=ath0 bridge=wifi0 driver=madwifi logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 debug=0 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=0 ssid=jonah hw_mode=g channel=60 beacon_int=100 dtim_period=2 max_num_sta=255 rts_threshold=2347 fragm_threshold=2346 macaddr_acl=0 auth_algs=3 ignore_broadcast_ssid=0 wme_enabled=1 wme_ac_bk_cwmin=4 wme_ac_bk_cwmax=10 wme_ac_bk_aifs=7 wme_ac_bk_txop_limit=0 wme_ac_bk_acm=0 wme_ac_be_aifs=3 wme_ac_be_cwmin=4 wme_ac_be_cwmax=10 wme_ac_be_txop_limit=0 wme_ac_be_acm=0 wme_ac_vi_aifs=2 wme_ac_vi_cwmin=3 wme_ac_vi_cwmax=4 wme_ac_vi_txop_limit=94 wme_ac_vi_acm=0 wme_ac_vo_aifs=2 wme_ac_vo_cwmin=2 wme_ac_vo_cwmax=3 wme_ac_vo_txop_limit=47 wme_ac_vo_acm=0 eapol_key_index_workaround=0 eap_server=0 own_ip_addr=127.0.0.1 wpa=1 wpa_passphrase=My Great Passphrase for the Access Point wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP wpa_group_rekey=600 wpa_gmk_rekey=86400
Don't forget to change the passphrase (up to 63 characters).
\nCheck your conf with :
\nsudo hostapd -dd /etc/hostapd/hostapd.conf
I had problems there at first because my card wasn't able to be set to master mode (ap, see above for the modprobe.d hack). To set your card to master mode without rebooting, reload the driver :
\nsudo modprobe -r ath_pci sudo modprobe ath_pci autocreate=ap
If hostapd works fine, you can launch it in the background :
\nsudo /etc/init.d/hostapd start
Once hostapd is set up, you should be able to connect to your AP by providing a manual IP address (in the right network). But you might want to go further, and set your AP as a DHCP server and router. These next steps are compiled from a post on Ubuntu Forums.
\nThe first thing you want is a DHCP server. Since the post on Ubuntu Forums gets us to install dnsmasq to forward the DNS requests, and that dnsmasq can also be used as a DHCP server, I didn't see the use for dhcp3-server, so I deactivated it. Here is my configuration for dnsmasq :
\n$ sudo cat /etc/default/dnsmasq | grep -v \"^\\(#\\|$\\)\" ENABLED=1 $ sudo cat /etc/dnsmasq.conf | grep -v \"^\\(#\\|$\\)\" dhcp-range=192.168.1.50,192.168.1.150,12h
Pretty easy, no? This will simply forward the DNS requests to the DNS servers listed in /etc/resolv.conf, and provide a very basic DHCP server serving addresses from 192.168.1.50 to 192.168.1.150.
\nWe can now restart dnsmasq with :
\nsudo /etc/init.d/dnsmasq restart
This step should now let you connect to your AP without setting a static IP (using knetworkmanager for example). But you won't get really far from there, until you set up the NAT.
\nThis is the last step, setting up the NAT so that your AP can work as a router.
\nFirst, add IP forwarding settings to your sysctl.conf (to have it at next reboot) and activate it (for now) :
\nsudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo \"net.ipv4.ip_forward = 1\" | sudo tee -a /etc/sysctl.conf echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward\"
Then set ipmasq to start up after services are started. This way, ipmasq will manage your iptables firewall after the interfaces are up and both dnsmasq and hostapd are up :
\nsudo dpkg-reconfigure dnsmasq
Warning: if you have static firewall rules, you should add them to the ipmasq settings (see \"man ipmasq for more details).
\nRestart your AP host to make sure it still works after a reboot and enjoy.
"},{"url":"/posts/20090417-blogspot-welcome-dinah-salome/","relativePath":"posts/20090417-blogspot-welcome-dinah-salome.md","relativeDir":"posts","base":"20090417-blogspot-welcome-dinah-salome.md","name":"20090417-blogspot-welcome-dinah-salome","frontmatter":{"title":"Welcome, Dinah Salomé!","template":"post","date":"2009-04-17T08:41:00.001+02:00","canonical_url":"https://raphink.blogspot.com/2009/04/welcome-dinah-salome.html","blogspot_url":"https://raphink.blogspot.com/2009/04/welcome-dinah-salome.html","tags":["dinah","family"]},"html":"Our daughter is born! Her name is Dinah Salomé, and she weights 2.940 kg. She was born on the 14th of April at 15:15, in Grasse. We thank God for this wonderful gift, and we thank you all for your prayers and encouragements!
\nHere are a few videos of her.
"},{"url":"/posts/20090427-blogspot-on-spiritual-authority-of-men/","relativePath":"posts/20090427-blogspot-on-spiritual-authority-of-men.md","relativeDir":"posts","base":"20090427-blogspot-on-spiritual-authority-of-men.md","name":"20090427-blogspot-on-spiritual-authority-of-men","frontmatter":{"title":"On the spiritual authority of men","template":"post","date":"2009-04-27T10:23:00.001+02:00","canonical_url":"https://raphink.blogspot.com/2009/04/on-spiritual-authority-of-men.html","blogspot_url":"https://raphink.blogspot.com/2009/04/on-spiritual-authority-of-men.html","tags":["authority","bible","english","faith","family","prayer"]},"html":"Those of you who know me personaly probably know my opinion on the necessary complementarity of the roles of men and women in a couple. These roles are not only practical (working vs. staying at home for example), they are mostly spiritual: the apostle Paul is clear on the fact that men are to be spiritual leaders.
\nYesterday, we had the opportunity to experience not only the leadership of men in a couple, but also the authority associated with it.
\nSince our daughter Dinah was born, Jimena and I are more and more able to identify her various ways of crying. There's two main ways of crying I can identify so far: crying for food, and crying because she is cold.
\nWhen Dinah is hungry, it is quite easy to tell. She does cry, but she also opens her mouth, sticks her tongue between her lips, and tries to suck her hand, or anything that passes close to her mouth.
\nWhen we change her, she often gets cold and cries. This is a very loud cry of anger, associated with trembling, and it stops as soon as she has her pyjamas on.
\nYesterday evening, as I entered our bedroom, Dinah was crying. She was in her crib, had just been breastfed, and had no apparent reason to cry. It was obvious that she wasn't crying for food, and she wasn't cold either. It was more of an awkward kind of crying. I got to her crib and rocked it for a few minutes. She stopped crying. I went to the other side of the bed, and she began to cry again. I went back to her crib, but this time, I felt called to pray, so I suggested to Jimena that we all prayed together before sleeping. As soon as I began to pray, Dinah stopped crying and peace settled in the room. We had possibly the most quiet and peaceful night since Dinah was born.
\nJust before we slept, Jimena told me she had been praying with Dinah before I entered the room. Each time she prayed, Dinah stopped crying, but each time she stopped praying, Dinah would cry again. It was only when I prayed with Jimena and Dinah that she stopped crying for the rest of the night.
\nA lot of women in Christian couples have an active prayer life, and it is often harder for men to spend time in prayer for their family. I have been blessed a lot in the past by the time Jimena spends in prayer for our couple, but yesterday was a lesson on the spiritual authority of the head of the family. This authority doesn't have to do with the personality of the man, it has to do with his spiritual position, as the representant of Christ in his household. The man is set as the head of his house, just like Christ is the head of the Church, and as such, he receives spiritual authority from Christ.
\nJimena confirmed this from past experiences. For example, she witnessed of a great peace in the house after I decided to attend the men's group at Church in the morning.
\nI was touched yesterday when I read from 2 Kings 2 about Elishah asking Elijah to let him have a double part of his spirit. Elishah received part of Elijah's spirit when Elijah was taken up, and all the prophets could witness of it because Elishah could open the Jordan with Elijah's coat.
\nThere is a reality in the delegation of spiritual authority. We can also see it in the Gospel as Jesus sends His disciples to chase demons and heal in His name.
\nEven though it is tempting to rely on the prayer life of our wives, it is the responsibility of a man to practice this spiritual authority in his family. Doing so makes a great difference.
"},{"url":"/posts/20090428-blogspot-two-years-two-weeks/","relativePath":"posts/20090428-blogspot-two-years-two-weeks.md","relativeDir":"posts","base":"20090428-blogspot-two-years-two-weeks.md","name":"20090428-blogspot-two-years-two-weeks","frontmatter":{"title":"Two years, two weeks","template":"post","date":"2009-04-28T18:56:00.001+02:00","canonical_url":"https://raphink.blogspot.com/2009/04/two-years-two-weeks.html","blogspot_url":"https://raphink.blogspot.com/2009/04/two-years-two-weeks.html","tags":["dinah","english","family"]},"html":"Like the two little tickers on the right side of my blog show, today is a special day for us. Jimena and I are celebrating our two years of marriage, and we also celebrate the two weeks of our daughter Dinah Salomé!
\nSo today is the day of twos: two anniversaries, one for two years, one for two weeks :-)
"},{"url":"/posts/20090520-blogspot-diathica-bible-bot/","relativePath":"posts/20090520-blogspot-diathica-bible-bot.md","relativeDir":"posts","base":"20090520-blogspot-diathica-bible-bot.md","name":"20090520-blogspot-diathica-bible-bot","frontmatter":{"title":"Diathica Bible bot","template":"post","date":"2009-05-20T14:17:00.001+02:00","canonical_url":"https://raphink.blogspot.com/2009/05/diathica-bible-bot.html","blogspot_url":"https://raphink.blogspot.com/2009/05/diathica-bible-bot.html","tags":["bible","christian","identica","microblogging","perl","ubuntu"]},"html":"I have begun to do microblogging again, this time on identi.ca. As I wanted to play a bit with the API, I coded a Bible bot using diatheke and Net::Identica.
\nThe source is on Launchpad and the bot is currently running on one of my machines, with the @votd account on identi.ca. Have a try! You can look at the replies of the @votd account to have an idea of what you can ask it to do.
"},{"url":"/posts/20090428-blogspot-minimal-dependencies-and-backports/","relativePath":"posts/20090428-blogspot-minimal-dependencies-and-backports.md","relativeDir":"posts","base":"20090428-blogspot-minimal-dependencies-and-backports.md","name":"20090428-blogspot-minimal-dependencies-and-backports","frontmatter":{"title":"Minimal dependencies and backports","template":"post","date":"2009-04-28T09:55:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2009/04/minimal-dependencies-and-backports.html","blogspot_url":"https://raphink.blogspot.com/2009/04/minimal-dependencies-and-backports.html","tags":["backports","debian","linux","package","packaging","sysadmin","ubuntu"]},"html":"I've been packaging for a production environment for nearly three years now. We have a lot of machines using old systems, such as sarge and etch, and my work is often to backport new software to these OSes. While the work is fun, I often find myself fighting with dependencies, and especially with debhelper build dependencies.
\nFor example, I find more and more Perl packages in Debian that depend on debhelper 7. I tried to backport debhelper 7 for etch, but it pulled all sorts of things with it, all the way to dpkg-dev, which messed up the whole system, so I gave up. In this case, I have to end up upgrading debhelper 5 packages to newer upstream versions when I need, since using debhelper 7 is virtually impossible in sarge and etch.
\nIn other cases, I find packages that build depend on debhelper 6 and have \"6\" in debian/compat. Changing the values to \"5\" doesn't prevent the build, so all that is to do is change the value back to \"5\".
\nMaybe it's me not understanding the concept of minimal dependency and compatibility, but I really don't get why it is a rule to keep bumping debhelper compability (and often, other libs too) when there is absolutely no need for it. If a program works with Perl 5.4, why make people believe it requires Perl 5.8 to run? There are still people running Perl 5.4 on old machines somewhere, who would be happy to not have to change the minimal dependencies to use a program that would run fine on their machines.
\nI understand very well that package development in the community is centered on new versions and that it's just easier to \"force\" people to upgrade their systems altogether (remember the \"mysql-server\" meta-packages magically upgrading from MySQL 4.1 to MySQL 5.0 in etch ?), but if Debian and Ubuntu want to be enterprise-class OSes, I think we ought to adapt better to the reality of production environments, and that includes making it easier for sysadmins to manage old systems without depending on new tools.
\nI'd be very happy to hear from the experience of other sysadmins in production environments regarding this issue.
"},{"url":"/posts/20090610-blogspot-speedtest-from-home/","relativePath":"posts/20090610-blogspot-speedtest-from-home.md","relativeDir":"posts","base":"20090610-blogspot-speedtest-from-home.md","name":"20090610-blogspot-speedtest-from-home","frontmatter":{"title":"Speedtest","template":"post","date":"2009-06-10T23:30:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2009/06/speedtest-from-home.html","blogspot_url":"https://raphink.blogspot.com/2009/06/speedtest-from-home.html","tags":["meme","ubuntu"]},"html":"![](\"http://www.speedtest.net/result/493074355.png\")
![](\"http://www.speedtest.net/result/493495339.png\")
I'm not too much into the book of Revelations, the end times and trying to guess which prophecy applies to which recent events, but today, I stumbled upon something I found very interesting.
\nI was reading about the Chernobyl area on Elena Filatova's website and there she mentioned Revelations 8.10-11. I went to look this passage up, and this is what it says (KJV) :
\n\n\n\n
\nAnd the third angel sounded, and there fell a great star from heaven, burning as it were a lamp, and it fell upon the third part of the rivers, and upon the fountains of waters;And the name of the star is called Wormwood: and the third part of the waters became wormwood; and many men died of the waters, because they were made bitter.
\n
OK, this is a prophecy about the end times from the book of Revelations. Now, what does it have to do with Chernobyl? In the Ukrainian language, \"chernobyl\" means \"wormwood\" or \"absinth\". A coïncidence? Let's look a bit further.
\nThe little town of Chernobyl in Ukraine was probably named this way because it is located in an area that is full of absinth forests. Now that nature has taken back its right in this region after the incident of 1986, Elena Filatova reports that the wormwood forests are growing a lot around Chernobyl.
\nMaybe you don't remember what happened in Chernobyl in 1986, so let me refresh your mind. On the 25th of April 1986, one of the reactors of the nuclear plant in Chernobyl, Ukraine, exploded, freeing into the air tons of radioactive particles that were carried all throughout Europe in the weeks that followed. I recommend watching this movie if you want to learn more about this.
\nThe word \"wormwood\" is used quite a few times in the Bible, mostly in the Old Testament. It is often used to picture bitterness or poison, especially associated with water.
\nWhat happened in Chernobyl has to do with both. If you watched the movie linked above, you know that the nuclear plant in Chernobyl was built on the border of a small lake, and the river Pripyat', which then flows into the Dniepper, which in turn flows into the Black Sea. After the explosion of the reactor, the radioactive magma found itself dripping under the plant towards the water. As a result, the water was poisoned by the radioactive particles, which were then carried by the river.
\nAnother effect was due to the radioactive cloud that resulted from the explosion. Tons of radioactive particles were released into the air and were taken all throughout Europe by the winds. When these particles fell on the ground again, they infected sources and rivers, making them bitter, so to say.
\nIn the movie linked above, you could look at time index 1:50, which gives an idea of how the whole thing looked. This is obviously not an original document, but it is likely to have been made from people's testimonies. The technician talking right after this passage explains that it was very beautiful, like a glowing rainbow. The image that we see at time index 1:50 resembles a huge burning lamp.
\nLike I said, I'm not much into prophecies, but I find that all this is very accurate. This is all too likely to not call my attention to it.
"},{"url":"/posts/20091009-blogspot-authentication-on-both-postgresql-and/","relativePath":"posts/20091009-blogspot-authentication-on-both-postgresql-and.md","relativeDir":"posts","base":"20091009-blogspot-authentication-on-both-postgresql-and.md","name":"20091009-blogspot-authentication-on-both-postgresql-and","frontmatter":{"title":"Authentication on both PostgreSQL and LDAP in Gforge","template":"post","date":"2009-10-09T11:57:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2009/10/authentication-on-both-postgresql-and.html","blogspot_url":"https://raphink.blogspot.com/2009/10/authentication-on-both-postgresql-and.html","tags":["debian","gforge","ldap","nss","postgresql","sysadmin","ubuntu"]},"html":"I am currently working on migrating a Gforge platform from authenticating on the local PostgreSQL to a centralized LDAP server.
\nApart from setting up PAM-LDAP (Martin Owens can tell you all about the mess it is), the fun thing was to have some users authenticate on PostgreSQL and others on LDAP during the time of the migration.
\nUsing a modified version of the LDAP plugin for Gforge, users are prompted for their LDAP login and password when they log in, and we fill a plugin\\ldapextauth_users_ table with the Gforge IDs of the migrated users. Then comes the fun part. Users that are not yet migrated have to be able to log in using their Gforge login, but not their LDAP login. Users that are migrated have to be able to use their LDAP login, but their Gforge login should fail.
\nNote: This post is not a tutorial on how to set up libnss-pgsql2 or libnss-ldap. I won't be explaining these.
\nThis is the solution I've come to. The machines are running on Debian Etch.
\npasswd: compat pgsql ldap
\ngroup: compat pgsql ldap
\nshadow: compat pgsql ldap
PostgreSQL is tried before ldap, but must fail when the user has been migrated.
\ngetpwnam = SELECT nss.login AS username,nss.passwd,nss.gecos,('/var/lib/gforge/chroot/home/users/' || login) AS homedir,nss.shell,nss.uid,nss.gid FROM nss_passwd nss JOIN users ON users.user_name=nss.login LEFT JOIN plugin_ldapextauth_users ldap ON users.user_id=ldap.user_id WHERE ldap.user_id IS NULL AND login = $1;
\nshadowbyname = SELECT nss.login AS shadow_name,nss.passwd AS shadow_passwd,14087 AS shadow_lstchg, 0 AS shadow_min, 99999 AS shadow_max, 7AS shadow_warn, '' AS shadow_inact, '' AS shadow_expire, '' AS shadow_flag FROM nss_passwd nss JOIN users ON users.user_name=nss.login LEFT JOIN plugin_ldapextauth_users ldap ON users.user_id=ldap.user_id WHERE ldap.user_id IS NULL AND login = $1;
\nThis requires to GRANT SELECT access to tables users and plugin\\ldapextauth_users_ to user gforge\\nss. As a result, the request fails if the user id is found in the _plugin\\ldapextauth_users_ table, so it goes to try LDAP instead.
\n# pam_unix fails permanently when users are migrated
\nauth sufficient pam_unix.so nullok_secure
\n# Filter accounts that are not migrated
\n# Since pam_unix fails for migrated accounts,
\n# uid then comes from ldap
\nauth required pam_succeed_if.so uid > 60000
\n# Note: try_first_pass will prompt for LDAP password
\n# if provided password failed
\nauth required pam_ldap.so try_first_pass
This is the only thing I needed to modify in /etc/pam.d. Gforge accounts use the 20xxx uid range, while our LDAP uses 60xxx, hence the pam_succeed_if.so condition to filter LDAP accounts only. This works because the uid that is returned by \"getent passwd $user\" corresponds to the one in the LDAP when a user is migrated, since the PostgreSQL query fails in that case (see /etc/nss-pgsql*.conf).
\nWhen migrating users, uids change, and sometimes even login names. I've chosen to use inotify (incron) to fix that issue. When a user is migrated in the web interface, it drops a file in /var/lib/gforge/ldap_users named after the Gforge user name, which contains the LDAP user name.
\nIncron watches /var/lib/gforge/ldap_users with the following conf:
\n/var/lib/gforge/ldap_users IN_CREATE /usr/lib/gforge-dop-pamldap/chown_home.sh $# $@
The chown_home.sh script then achieves the following tasks:
\nThe main remaining issue is groups. The Gforge database uses the login to map users to groups, instead of the Gforge id, so when the Gforge login is different from the LDAP login, migrated users currently lose their groups. The easiest option is probably to change all occurrences of the login with the LDAP login in all group tables, but it's a bit violent...
"},{"url":"/posts/20091012-blogspot-dynamic-presentations-with-jessyink/","relativePath":"posts/20091012-blogspot-dynamic-presentations-with-jessyink.md","relativeDir":"posts","base":"20091012-blogspot-dynamic-presentations-with-jessyink.md","name":"20091012-blogspot-dynamic-presentations-with-jessyink","frontmatter":{"title":"Dynamic presentations with Jessyink","template":"post","date":"2009-10-12T21:38:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2009/10/dynamic-presentations-with-jessyink.html","blogspot_url":"https://raphink.blogspot.com/2009/10/dynamic-presentations-with-jessyink.html","tags":["inkscape","presentation","ubuntu"]},"html":"Some time ago, I attended a presentation made with Prezi and I was pretty impressed. As I looked into it, a few things bugged me though:
\nFrom looking at the features, I really couldn't see why it couldn't be implemented using SVG (except for the flash movies embedded in the presentation maybe...), so I began to search for a project that would do the same, using SVG, and I found Jessyink.
\nJessyink is exactly what I was searching for. It's a plugin for Inkscape which adds the possibility to design slides from an SVG, and ships a javascript library inside the resulting SVG for execution. The result is that:
\nJessyink is harder to use than prezi.com though, but if you know how to use Inkscape, you will soon be able to do what you want with it.
\nHere is a quick & dirty example I made with Jessyink. Some tips:
\nAfter 6 months of loyal services, it was time for the Flammard Bible bot version 1 to leave.
\nSeveral reasons pushed me to rewrite the bot:
\nIn short, version 2 of the Bible bot:
\nTwo pretty much unused functionalities were dropped in version 2:
\nYou can install the bot by visiting this wave.
"},{"url":"/posts/20091114-blogspot-wave-bible-bot/","relativePath":"posts/20091114-blogspot-wave-bible-bot.md","relativeDir":"posts","base":"20091114-blogspot-wave-bible-bot.md","name":"20091114-blogspot-wave-bible-bot","frontmatter":{"title":"Wave Bible Bot","template":"post","date":"2009-11-14T13:38:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2009/11/wave-bible-bot.html","blogspot_url":"https://raphink.blogspot.com/2009/11/wave-bible-bot.html","tags":["bible","christian","chrétien","flammard","open-source","python","ubuntu","wave"]},"html":"After a month of using Google Wave, I finally made my first Wave bot. My initial idea was to make a Bible bot using the sword API, but I couldn't find an easy way of doing that in python, and I am very reluctant to use Java. So instead, I did a python bot which parses BibleGateway.com to retrieve the results. Later, I added modules to deal with other translations, such as ESV, NET and specific French versions such as Colombe, TOB or NBS.
\nFlammard is a Bible bot for Google Wave. You can add it to a wave, and it will replace some specific patterns with other content.
\nCurrently, it recognizes two kinds of patterns:
\nThe Bible bot uses several resources in order to support as many Bible versions as possible.
\nThe versions currently supported are:
\nIn all cases, the version is optional. When possible, the bot will try to find the right version for your blip depending on the language you have typed in the context of the tag.
\n![](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIC_N9xhvnB2NncAIJEqAqIjOISn5utGbJ8KtUCkE4sthPCJaGrl6Ga3NepAHY4TLW2XjQ35HwHhyphenhyphenGppzIY51NBB1kZ7jG4zItnyKSlKrIM2Lgxx9ZNLy-9OyrEdoPCUOh8I9H-BcBLXrG/s1600-h/wave_bible_bot1.png\")
![](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhmGPNI_bktFKCOi1GfdYADqUSg39-l4Kye9ck4rIqpXDhRRPB8cWcGHK41eBkPerl84F6Y46MJriX6fI_5pC8W61gsjDohCPSlkRIMKZnCyQK11TJjU8iyNngm6-2CBSE2jipg_1ibnUx/s1600-h/wave_bible_bot2.png\")
Here is a video demo of the bot working (as of today's functionalities):
\nSimply add flammard@appspot.com as a participant to your wavelet.
\nThe project is hosted on Launchpad: https://launchpad.net/wavebiblebot. You are welcome to report bugs and wishes, or to send patches.
"},{"url":"/posts/20041122-blogspot-chronicles-of-narnia/","relativePath":"posts/20041122-blogspot-chronicles-of-narnia.md","relativeDir":"posts","base":"20041122-blogspot-chronicles-of-narnia.md","name":"20041122-blogspot-chronicles-of-narnia","frontmatter":{"title":"The Chronicles of Narnia","template":"post","date":"2004-11-22T15:44:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2004/11/chronicles-of-narnia.html","blogspot_url":"https://raphink.blogspot.com/2004/11/chronicles-of-narnia.html","tags":["book","christian","english","multiply","restored","review"]},"html":"Category:
\nBooks
\nGenre:
\nChildrens Books
\nAuthor:
\nC.S. Lewis
\n![](\"http://web.archive.org/web/20041207171041/http://www.smsjunior.net/Narnia/animalherd.jpg\")
Narnia is a wonderful series of books for children or adults.
\nC.S. Lewis writes great imaginative stories, very educational and constructive for the personality, gathering his experience, classical tales, the bible...
I'm definitely a C.S. Lewis fan !!
"},{"url":"/posts/20060310-blogspot-improving-my-blog/","relativePath":"posts/20060310-blogspot-improving-my-blog.md","relativeDir":"posts","base":"20060310-blogspot-improving-my-blog.md","name":"20060310-blogspot-improving-my-blog","frontmatter":{"title":"Improving my blog","template":"post","date":"2006-03-10T15:00:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2006/03/improving-my-blog.html","blogspot_url":"https://raphink.blogspot.com/2006/03/improving-my-blog.html","tags":["blog","cv","english"]},"html":"So tonight I’ve been trying to improve my blog… Making it my main homepage, now hosted directly on http://www.raphink.info and redirected from http://www.raphink.net when my computer is online
I added some pages, inluding professional and personal infos…
\nAll comments are welcome (especially on embedding the pdf CV …)
Flammard was approved in the Extensions gallery on Google Wave. This means you can now add it by going to \"Extensions -> All\" in the Navigation column.
\nQuite a few changes have been made to it in order to get it accepted, mostly on the gadget style. The gadget now has tabs and a nicer look.
\nEnjoy!
"},{"url":"/posts/20100917-blogspot-helping-young-children-learn-to-read/","relativePath":"posts/20100917-blogspot-helping-young-children-learn-to-read.md","relativeDir":"posts","base":"20100917-blogspot-helping-young-children-learn-to-read.md","name":"20100917-blogspot-helping-young-children-learn-to-read","frontmatter":{"title":"Helping young children learn to read","template":"post","date":"2010-09-17T18:00:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2010/09/helping-young-children-learn-to-read.html","blogspot_url":"https://raphink.blogspot.com/2010/09/helping-young-children-learn-to-read.html","tags":["books","children","edubuntu","education","english","open-source","reading","ubuntu","usborne"]},"html":"Learning to read is a complex task. European children surely have it easier than many Asians who need to learn long series of ideograms, yet the association of signs and sounds is often difficult. In particular, English and French are two examples of European languages where children struggle to learn to read.
\n![](\"http://farm4.static.flickr.com/3584/3291620563_cdfc280d25_z.jpg?zz=1\")
In these two languages, and even more so in English, there are more sounds than available letters, so the language ends up with complex associations of letters to produce sounds, and it is not rare to find letters or associations of letters that are pronounced differently in different words, even though they are written the exact same way.
\nThis has led both English and French teachers of young children to develop new techniques to learn to read, based on recognizing whole words instead of phonemes. English teachers called it 'Look Say' (also known as 'Sight Word' or 'Whole-Word') method, while in France it was called 'Méthode globale'. These methods were used extensively in the 80s, often with very mitigated results. While children were able to read common words, however complicated their phonemes were, they often lacked the skills to decipher words they had not yet learned, and those were many.
\nThe early 21st century has seen a return to reading basics, namely a revival of the 'Phonics' method, widely used before the era of the 'Look Say' last century. It is true that some words eventually have to be learned the global way, but most words can be learned phoneme by phoneme, if the method used is properly set. In the UK, the government has made a set of recommendations as to how this method should be implemented to teach young children to read.
\n![](\"http://www.usborne.com/veryfirstreading/images/homepage/book-1-spread.jpg\")
The British editor of children books Usborne produces a series of 15 books called 'Very First Reading' to help children who are just starting to read, introducing letters by sets, as recommended by the DfES Letters and Sounds phonics programe. In the first books of the series, children are simply encouraged to complete the story read by an adult by reading simple words. As the child moves on in the series, the part read by the adult diminishes, until the whole story is read by the child alone.
\n![](\"http://www.jeuxpourlaclasse.fr/img/exe/gcompris.jpg\")
In the open-source world, we have good programs to help children start reading, too. Gcompris is a great example of such programs for young children, and it takes phonics into consideration in its modules.
Do you teach your young children to read? What books or methods do you use for this?
"},{"url":"/posts/20100918-blogspot-getting-block-position-in-javascript/","relativePath":"posts/20100918-blogspot-getting-block-position-in-javascript.md","relativeDir":"posts","base":"20100918-blogspot-getting-block-position-in-javascript.md","name":"20100918-blogspot-getting-block-position-in-javascript","frontmatter":{"title":"Getting block position in Javascript with Chrome","template":"post","date":"2010-09-18T10:48:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2010/09/getting-block-position-in-javascript.html","blogspot_url":"https://raphink.blogspot.com/2010/09/getting-block-position-in-javascript.html","tags":["chrome","javascript","ubuntu","usborne","website"]},"html":"Dear Lazyweb,
\nYesterday, I had fun implementing a little ducky that hides on the pages of this website. To my distress, I ended up having to hardcode a few things, since I couldn't get Chrome to properly give me the real position of relative blocks. After reading quite a few things on the subject, I went the parentOffset recursive way, but it just doesn't seem to work.
\nI've also posted on StackOverflow here if you feel like answering me there.
\nDoes anyone know of a cross-browser way of getting real block positions that actually works?
"},{"url":"/posts/20101004-blogspot-matching-mac-address/","relativePath":"posts/20101004-blogspot-matching-mac-address.md","relativeDir":"posts","base":"20101004-blogspot-matching-mac-address.md","name":"20101004-blogspot-matching-mac-address","frontmatter":{"title":"Matching a mac address","template":"post","date":"2010-10-04T22:52:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2010/10/matching-mac-address.html","blogspot_url":"https://raphink.blogspot.com/2010/10/matching-mac-address.html","tags":["regexp","ubuntu"]},"html":"If it's of any use to someone, here is a regexp that matches mac addresses:
\n/[0-9A-Fa-f]{2}(?P
Example usage:
\n$ python
\n\n\n\n\n\n\nreg = re.compile('[0-9A-Fa-f]{2}(?P
\n[-:])[0-9A-Fa-f]{2}(?:(?P=sep)[0-9A-Fa-f]{2}){4}')\nmac1 = \"00:af:15:35:48:5e\"\nmac2 = \"00-aa-bb-cc-dd-ee\"\nmac3 = \"00-aa-bb-cc-dd:ee\"\nreg.match(mac1).group(0)\n'00:af:15:35:48:5e'\nreg.match(mac2).group(0)\n'00-aa-bb-cc-dd-ee'\nreg.match(mac3).group(0)\nTraceback (most recent call last):\nFile \" \", line 1, in \nAttributeError: 'NoneType' object has no attribute 'group'\nreg.match(mac1).group('sep')\n':'\nreg.match(mac2).group('sep')\n'-'
Do you use another regexp to match mac addresses?
"},{"url":"/posts/20101218-blogspot-spams-of-new-kind-this-one-might/","relativePath":"posts/20101218-blogspot-spams-of-new-kind-this-one-might.md","relativeDir":"posts","base":"20101218-blogspot-spams-of-new-kind-this-one-might.md","name":"20101218-blogspot-spams-of-new-kind-this-one-might","frontmatter":{"title":"Spams of a new kind: this one might deserve a visit to the police","template":"post","date":"2010-12-18T20:03:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2010/12/spams-of-new-kind-this-one-might.html","blogspot_url":"https://raphink.blogspot.com/2010/12/spams-of-new-kind-this-one-might.html","tags":["spam","ubuntu"]},"html":"Today, I received this nice spam (which was not flagged by the spam detecting system actually):
\n\n\nfrom
\nPat Wages
\nto
\ndate
\nSat, Dec 18, 2010 at 3:07 PM
\nsubject
\nASSASIN I HAVE BEEN PAYED TO TERMINATE YOU.
\nsigned-by
\nsbcglobal.net
\nThis is the only way I could contact you for now, I want you to be very careful about this and keep this secret with you until I make out space for us to see. You have no need of knowing who I am or where I am from. I know this may sound very surprising to you but it's the situation. I have been paid some ransom in advance to terminate you with some reasons listed to me by my employer. It's someone I believe you call a friend; I have followed you closely for a while now and have seen that you are innocent of the accusations he leveled against you. Do not contact the police or try to send a copy of this to them, because if you do, I will know, and I might be pushed to do what I have been paid to do. Besides, this is the first time I turn out to be a betrayer in my job. I took pity on you, that is why I have made up my mind to help you if you are willing to help yourself.
\nNow listen, I will arrange for us to see face to face, but before that, I need $9,000. I will come to your home or you determine where you wish we meet; I repeat, do not arrange for the cops and if you play hard to get, it will be extended to your family. Do not set any camera to cover us or set up any tape to record our conversation; my employer is in my control now. Payment details will be provided for you to make a part payment of $3,000 first, which will serve as guarantee that you are ready to co-operate, then I will post a copy of the video tape that contains his request for me to terminate you which will be enough evidence for you to take any legal action against him before he employs another person for the job. You will pay the balance of $3,000 once you receive the tape.
\nWarning; do not contact the police, make sure you stay indoors once it is 7.30pm every day until this whole thing is sorted out, if you neglect any of these warnings, you will have yourself to blame. You do not have much time, so get back to me immediately
\nNote: I will advise you keep this to yourself alone, not even a friend or a family member should know about it because it could be one of them.
\nReply Me To My Personal Email: CUTSYCAT@LIVE.COM
\n
Now sometimes I find spam quite funny, but this one is really serious. I mean, I know enough people who can't tell what is spam and what is not to take this email seriously, and this is a grave subject. From checking on Google, it seems quite a few other people received this email lately. The police might not be willing to investigate on viagra spam, but this one deserves some research I think.
"},{"url":"/posts/20101122-blogspot-building-docs-with-naturaldocs/","relativePath":"posts/20101122-blogspot-building-docs-with-naturaldocs.md","relativeDir":"posts","base":"20101122-blogspot-building-docs-with-naturaldocs.md","name":"20101122-blogspot-building-docs-with-naturaldocs","frontmatter":{"title":"Building docs with NaturalDocs","template":"post","date":"2010-11-22T13:57:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2010/11/building-docs-with-naturaldocs.html","blogspot_url":"https://raphink.blogspot.com/2010/11/building-docs-with-naturaldocs.html","tags":["augeas","debian","documentation","packaging","ubuntu"]},"html":"I mentionned NaturalDocs in an earlier post on this blog since we're using it to document the Augeas C API and Augeas lenses.
\nWith the latest version of Augeas now out, I wanted to get these docs generated with the package so they could be shipped in an augeas-doc package in Debian and Ubuntu. I first had to fix a missing link in the naturaldocs package (which was also the occasion to upgrade it to 1.5). Then I had to get naturaldocs in main, since augeas is in main already. While going through the MIR, I was asked if other packages in main could benefit from this change. I haven't found any, but there's quite a few packages in universe that could use naturaldocs to generate documentation at build time. The bug report lists some of them.
\nIf you're interested in building NaturalDocs documentation in your package, here is the way it was done for Augeas.
\nAugeas is a C project using autotools. It was thus easier to activate NaturalDocs as an option in configure. This can easily be adapted for other cases, including running the commands in debian/rules directly.
\nIn configure.ac:
\ndnl Check for NaturalDocs\nAC_PATH_PROGS([ND_PROG], [naturaldocs NaturalDocs], missing)\nAM_CONDITIONAL([ND_ENABLED], [test \"x$ND_PROG\" != \"xmissing\"])
\ndnl NaturalDocs output format, defaults to HTML\nND_FORMAT=HTML\nAC_ARG_WITH([naturaldocs-output],\n[AS_HELP_STRING([--with-naturaldocs-output=FORMAT],\n[format of NaturalDocs output (possible values: HTML/FramedHTML, default: HTML)])],\n[\nif test \"x$ND_PROG\" = \"xmissing\"; then\nAC_MSG_ERROR([NaturalDocs was not found on your path; there's no point in setting the output format])\nfi\ncase $withval in\nHTML|FramedHTML)\nND_FORMAT=$withval\n;;\n*)\nAC_MSG_ERROR($withval is not a supported output format for NaturalDocs)\n;;\nesac\n])\nAC_SUBST(ND_FORMAT)
\nIn doc/naturaldocs/Makefile.am:
\nEXTRA_DIST = $(wildcard conf/Augeas.css conf/c_api/*.txt) \\\n$(wildcard conf/lenses/*.txt) \\\nModules/NaturalDocs/Languages/Augeas.pm
\nND_CONF=$(srcdir)/conf\nND_OUTPUT=output\nND_STYLE=../Augeas
\nND_PERL5LIB=$(abs_srcdir)/Modules\nND_PERL5OPT='-MNaturalDocs::Languages::Augeas'
\nif ND_ENABLED\nall-local: NaturalDocs\nendif
\nNaturalDocs: NDLenses NDCAPI
\nenv:\necho LIB $(ND_PERL5LIB)\necho OPT $(ND_PERL5OPT)\ntest -n \"$$PERL5OPT\" && ND_PERL5OPT=\"$(ND_PERL5OPT) $$PERL5OPT\" || ND_PERL5OPT=$(ND_PERL5OPT); \\\ntest -n \"$$PERL5LIB\" && ND_PERL5LIB=\"$(ND_PERL5LIB):$$PERL5LIB\" || ND_PERL5LIB=$(ND_PERL5LIB); \\\nPERL5LIB=$$ND_PERL5LIB PERL5OPT=$$ND_PERL5OPT env | grep PERL
\nNDLenses: NDConf\n@mkdir -p $(ND_OUTPUT)/lenses\n@(echo \"Format lens documentation\"; \\\ntest -n \"$$PERL5OPT\" && ND_PERL5OPT=\"$(ND_PERL5OPT) $$PERL5OPT\" || ND_PERL5OPT=$(ND_PERL5OPT); \\\ntest -n \"$$PERL5LIB\" && ND_PERL5LIB=\"$(ND_PERL5LIB):$$PERL5LIB\" || ND_PERL5LIB=$(ND_PERL5LIB); \\\nPERL5LIB=$$ND_PERL5LIB PERL5OPT=$$ND_PERL5OPT \\\n$(ND_PROG) -p conf/lenses \\\n-i $(top_srcdir)/lenses \\\n-o $(ND_FORMAT) $(ND_OUTPUT)/lenses \\\n-s $(ND_STYLE))
\nNDCAPI: NDConf\n@mkdir -p $(ND_OUTPUT)/c_api\n@(echo \"Format C API documentation\"; \\\ntest -n \"$$PERL5OPT\" && ND_PERL5OPT=\"$(ND_PERL5OPT) $$PERL5OPT\" || ND_PERL5OPT=$(ND_PERL5OPT); \\\ntest -n \"$$PERL5LIB\" && ND_PERL5LIB=\"$(ND_PERL5LIB):$$PERL5LIB\" || ND_PERL5LIB=$(ND_PERL5LIB); \\\n$(ND_PROG) -p conf/c_api \\\n-i $(top_srcdir)/src \\\n-o $(ND_FORMAT) $(ND_OUTPUT)/c_api \\\n-s $(ND_STYLE))
\nNDConf:\n@(if test ! -d $(ND_CONF); then \\\ncp -pr $(ND_CONF) conf; \\\nfi)
\nclean-local:\nrm -rf output conf/Data\nrm -rf $(ND_CONF)/c_api/Data $(ND_CONF)/lenses/Data
\nAfter that, the NaturalDocs docs can be built by calling --with-naturaldocs-output=HTML or --with-naturaldocs-output=FramedHTML.
\nI hope this can be useful to improve the shipped documentation for projects already using NaturalDocs.
"},{"url":"/posts/20101011-blogspot-screen-resolution-with-nvidia-driver-in/","relativePath":"posts/20101011-blogspot-screen-resolution-with-nvidia-driver-in.md","relativeDir":"posts","base":"20101011-blogspot-screen-resolution-with-nvidia-driver-in.md","name":"20101011-blogspot-screen-resolution-with-nvidia-driver-in","frontmatter":{"title":"Screen resolution with nVidia driver in Lucid","template":"post","date":"2010-10-11T10:21:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2010/10/screen-resolution-with-nvidia-driver-in.html","blogspot_url":"https://raphink.blogspot.com/2010/10/screen-resolution-with-nvidia-driver-in.html","tags":["nvidia","ubuntu","xorg"]},"html":"I struggled recently with a bug on a desktop running Lucid. Whenever I would log in, I got a session set to 1024x768. I would go to the nvidia-settings, reset it to 1280x1024 and it would be fine. As I didn't have much time for it and logged in only once a week or so, I kept doing this for some time, but it ended up bugging me quite a bit. Then this morning, I found this bug report.
\nSo if you're experiencing this bug, it's very easy to fix:
\nAugeas comes with a good collection of lenses that allow to parse the most common configuration files. Lenses are bidirectional pieces of code which allow Augeas to parse a configuration file and turn its content into a tree. Most lenses have an autoload statement which associates them with a specific set of files. For example, mysql.aug is associated with /etc/my.cnf and fstab.aug is associated with /etc/fstab. When Augeas is loaded, it searches the system for files that it knows about and tries to parse them with the associated lenses.
\nIn some cases though, lenses are not associated with specific files through an autoload statement. This is the case for generic modules, such as util.aug, sep.aug, rx.aug, build.aug or inifile.aug, but also for lenses for which we do not know specific configuration files in a standard system. Such is the case of json.aug, since JSON is used a lot to serialize data between two programs, but hardly as static configuration files. Augeas has a JSON lens, but it is not associated with any known file.
\nHow then, would you go about using the JSON lens on a file of your choice? There are several possibilities. Let's say you have a JSON file called foo.json located at /home/bar/foo.json and you want to parse it using augtool.
\nAugeas provides two root nodes in its tree: \"/files\" and \"/augeas\". The former lists the files Augeas was able to parse with its set of lenses, while the latter provides access to Augeas' metadata. In this last part of the tree, lenses can be manipulated on-the-fly.
\nLet's launch augtool and add /home/bar/foo.json to the JSON lens:
\n# --noload deactivates all known lenses to make augtool faster\n$ augtool --noload
\n\n\njson.aug is not loaded by default, set it up
\nset /augeas/load/Json/lens Json.lns
\nAdd to /home/bar/foo.json to the known files
\nset /augeas/load/Json/incl /home/bar/foo.json
\nLoad known files
\nload\nprint /files/home/bar/foo.json
\n
From the (soon to be released) 8.0.0 version of Augeas, a -i flag will be available in augtool allowing to interpret a file before launching an interactive augtool shell. With this option, it will be possible to set a file with the previous contents and use it as an argument to augtool:
\n$ cat json_foo.augtool
\nset /augeas/load/Json/lens Json.lns
\nset /augeas/load/Json/incl /home/bar/foo.json
\nload\n$ augtool --noload -if json_foo.augtool
\n\n\nprint /files/home/bar/foo.json
\n
Augeas allows lenses to use definitions declared in other lenses. This is how generic modules are made to make lens development easier. It also allows you to make your own lenses, derived from existing lenses.
\nIn our case, we could write a lens and use it:
\n$ cat jsonfoo.aug\nmodule JsonFoo =\nautoload xfm\nlet filter = incl \"/home/bar/foo.json\"\nlet xfm = transform Json.lns filter\n$ augtool -I .
\n\n\nprint /files/home/bar/foo.json
\n
In Debian and Ubuntu systems, lenses provided with Augeas are placed in /usr/share/augeas/lenses/dist, so you can place your own lenses in /usr/share/augeas/lenses without a risk of overriding them.
\nThese techniques apply to all lenses provided by Augeas. If you have a PHP configuration that is not in a standard path, you can use them to manipulate this file.
"},{"url":"/posts/20110223-blogspot-exporting-augeas-tree-to-xml/","relativePath":"posts/20110223-blogspot-exporting-augeas-tree-to-xml.md","relativeDir":"posts","base":"20110223-blogspot-exporting-augeas-tree-to-xml.md","name":"20110223-blogspot-exporting-augeas-tree-to-xml","frontmatter":{"title":"Exporting the Augeas tree to XML","template":"post","date":"2011-02-23T09:00:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2011/02/exporting-augeas-tree-to-xml.html","blogspot_url":"https://raphink.blogspot.com/2011/02/exporting-augeas-tree-to-xml.html","tags":["augeas","config-augeas-exporter","perl","ubuntu"]},"html":"While Augeas is usually used to modify configuration files (for example as a Puppet type), it can also be useful to request configuration files.
\nSometimes, you might want to retrieve that information from several servers and gather it on a central machine or DB to request it later. Programs that permit this usually use several parsing modules or copy the configuration files verbatim.
\nSince Augeas can now parse a lot of configuration files, it could be useful to export its tree to a XML file that could be stored and used elsewhere.
\nThe problem, however, is that the Augeas tree is not valid XML. Mainly, the nodes in Augeas can be numbers (in the case of \"seq\" nodes) or begin with such characters as \"#\". These names are illegal as node names in XML.
\nFor this reason, I have chosen to map the nodes as \"node\" elements, and use a \"label\" attribute to store their label. The value of the nodes (where there is node) is stored in the text sub-node.
\nThe following script is a prototype to export the Augeas tree to an XML file. On Debian and Ubuntu systems, you will need to install the libconfig-augeas-perl, libxml-libxml-perl and libencode-perl packages:
\n$ sudo apt-get install libconfig-augeas-perl \\\nlibxml-libxml-perl libencode-perl
\nHere is the script:
\nuse strict;\nuse Config::Augeas;\nuse XML::LibXML;\nuse Getopt::Long;\nuse Encode;
\nmy $path = '/files';\nmy $root = '/';\nmy $verbose;\nmy $debug;\nmy $help;
\nmy $result = GetOptions (\n\"path=s\" => \\$path,\n\"root=s\" => \\$root,\n\"verbose\" => \\$verbose,\n\"debug\" => \\$debug,\n\"help\" => \\$help,\n);
\nif ($help) {\nusage();\nexit 0;\n}
\n$verbose ||= $debug;
\nmy $aug = Config::Augeas->new(root => $root);\nmy $doc = XML::LibXML::Document->new('1.0', 'utf-8');
\nmy $elem = aug2xml($path);\n$doc->setDocumentElement($elem);\nprint $doc->toString;
\n#######
\n#######
\nsub usage {\nprint \"$0 [-p ] [-r fakeroot] [-v] [-d] [-h]
\nFlags:\n-h, --help Show this help\n-v, --verbose Verbose mode\n-d, --debug Debug mode
\nOptions:\n-p, --path Set path to export\n-r, --root Set fakeroot for Augeas\n\";\n}
\nsub aug2xml {\nmy ($path) = @_;
\nmy $label = '';\nif ($path =~ m|.*/([^/\\[]+)(\\[\\d+\\])?|) {\n$label = $1;\n} else {\nwarn \"W: Could not parse $path\\n\";\n}\nmy $elem = XML::LibXML::Element->new('node');\n$elem->setAttribute(\"label\", $label);
\nmy $value = $aug->get($path);\nif(defined($value)) {\n$elem->appendTextNode(encode('utf-8', $value));\n}
\n$path =~ s| |\\\\ |g;\nmy @children = $aug->match(\"$path/*\");
\nfor my $child (@children) {\nmy $child_elem = aug2xml($child);\n$elem->appendChild($child_elem);\n}
\nreturn $elem;\n}
\nHaving saved this code as aug2xml and made it executable, you can run:
\n$ ./aug2xml > export.xml
\nThis should create an export.xml file which contains all the configuration files in your system that Augeas was able to parse.
\nNow we've created the export.xml file, let's see how it looks. I've created mine from a fakeroot containing only fstab and aliases files, so it's not too big.
\nWe can use tools such as xmlindent to view it nicely:
\n\nSo now we have an XML export of our configuration. What now? Let's try to make requests on it!
\nBecause of the choices explained above which turn out every node to be named 'node', the Xpath request will be uglier than it would be had we used Augeas directly.
\nFor example, let's say we want to get the file system type of the \"/\" entry in /etc/fstab. In Augeas, we could do:
\n$ augtool 'get //fstab/*[file=\"/\"]/vfstype'\n//fstab/*[file=\"/\"]/vfstype = ext3
\nThat's straight-forward enough. Now let's try to do it from our XML file:
\nuse strict;\nuse XML::LibXML;
\nmy ($file) = @ARGV;
\nopen (my $fh, \"<$file\")\nor die \"E: Could not open $file: $!\\n\" ;\nmy $doc = XML::LibXML->load_xml(IO => $fh);\nclose $fh;
\nprint $doc->findvalue('//node[@label=\"fstab\"]/node/\nnode[@label=\"file\"][child::text()=\"/\"]/\n../node[@label=\"vfstype\"]').\"\\n\";
\nSave this script as testaugxml, make it executable and run:
\n$ ./testaugxml.pl export.xml\next3
\nIt works, although the Xpath expression is certainly uglier than in Augeas.
\nNow what if I wanted to import that XML file back to Augeas? That could be fun, and sometimes useful, too.
\nThere's a problem here. Exporting the Augeas tree to a clean XML file is very simple ; importing it back is more complex, because of the existing tree.
\nWithout getting into much details, we have roughly 3 possibilities:
\nThe 3rd solution is very hard to implement, and the 2nd solution might be possible once Augeas allows to get more information on nodes (knowing if the node is a directory, a file or a configuration entry would help). I'm left with the 1st solution to implement my script for now.
\nThis having been said, you have been warned: there is a --root option in this script, make use of it if you don't want to lose some configuration files!
\nHere is the script:
\nuse strict;\nuse Config::Augeas;\nuse XML::LibXML;\nuse Getopt::Long;
\nmy $file;\nmy $root = '/';\nmy $verbose;\nmy $debug;\nmy $help;
\nmy $result = GetOptions (\n\"file=s\" => \\$file,\n\"root=s\" => \\$root,\n\"verbose\" => \\$verbose,\n\"debug\" => \\$debug,\n\"help\" => \\$help,\n);
\nif ($help) {\nusage();\nexit 0;\n}
\n$verbose ||= $debug;
\nunless (defined($file)) {\ndie \"E: You must specify a filename\\n\";\n}
\nopen (my $fh, \"<$file\")\nor die \"E: Could not open $file: $!\\n\" ;\nmy $doc = XML::LibXML->load_xml(IO => $fh);\nclose $fh;
\nmy $aug = Config::Augeas->new(root => $root);
\n$aug->rm('/files/*');\nmy @top_nodes = $doc->find('/*/node[@label != \"files\"]')->get_nodelist();
\nfor my $node (@top_nodes) {\nxml2aug($node, '/files');\n}
\n$aug->print('/files') if $debug;\n$aug->save();\n$aug->print('/augeas//error');
\n########
\n########
\nsub usage {\nprint \"$0 [-f ] [-r fakeroot] [-v] [-d] [-h]
\nFlags:\n-h, --help Show this help\n-v, --verbose Verbose mode\n-d, --debug Debug mode
\nOptions:\n-f, --file Set XML file to import from\n-r, --root Set fakeroot for Augeas\n\";\n}
\nsub xml2aug {\nmy ($elem, $path) = @_;
\nmy $type = $elem->nodeType;
\nmy $label = $elem->getAttribute('label');
\nmy $matchpath = \"$path/*[last()]\";\n$matchpath =~ s| |\\\\ |g;\nmy $lastpath = $aug->match(\"$path/*[last()]\");
\nif(defined($lastpath)) {\nprint \"V: Inserting $label after $lastpath\\n\" if $verbose;
\n![our Kubuntu style](\"http://web.archive.org/web/20060806044342/http://raphink.info/blog/wp-content/uploads/2006/03/capture2.jpg\"){kind=link}
![quick & dirty example](\"http://r.pinson.free.fr/jessyink/mapnice.svg\"){kind=link}
# Insert last node\n $aug->insert($label, "after", $lastpath);\n } else {\n$aug->set(\"$path/$label\", '');\n}
\n$matchpath = \"$path/${label}[last()]\";\n$matchpath =~ s| |\\\\ |g;\nmy $newpath = $aug->match($matchpath);
\nmy $value;
\nfor my $child ($elem->childNodes()) {\nif ($child->nodeType == XML_TEXT_NODE) {\n# Text node\n$value = $child->nodeValue;\n} else {\nxml2aug($child, $newpath);\n}\n}
\nif (defined($value)) {\nprint \"V: Setting value of $newpath to $value\\n\" if $verbose;\n$aug->set($newpath, $value);\n}\n}
\nThe current state of this prototype is a set of Perl scripts. Eventually, I would like to merge at least the export functionality in augtool, so as not to depend on Perl.
"},{"url":"/posts/20110224-blogspot-augeas-080/","relativePath":"posts/20110224-blogspot-augeas-080.md","relativeDir":"posts","base":"20110224-blogspot-augeas-080.md","name":"20110224-blogspot-augeas-080","frontmatter":{"title":"Augeas 0.8.0","template":"post","date":"2011-02-24T11:21:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2011/02/augeas-080.html","blogspot_url":"https://raphink.blogspot.com/2011/02/augeas-080.html","tags":["augeas","ubuntu"]},"html":"Right on time for Natty feature freeze, Augeas 0.8.0 has been released and is uploaded to Natty!
\nPackages are also available for Lucid and Maverick in the Augeas PPA.
\nWell, quite a bit. To begin with, thanks to the great work of Francis Giraldeau, the main change is the addition of a new \"square\" lens combinator, which makes it possible to write such lenses as XML or Apache. Francis has committed both xml.aug and httpd.aug.
\nAntoher improvement which I am sure will bear fruits in the future is the addition of the aug_span API call. This will allow developments such as augedit, which could greatly improve configuration management GUIs.
\nAugtool has also benefitted quite a bit from this release, gaining a few options:
\nWith these improvements in augtool, you can now write a script like the following:
\nset /augeas/load/Json/lens Json.lns\nset /augeas/load/Json/incl /home/raphink/myjson.json\nload
\nMake this script executable and run it, and you will get an interactive shell with only /home/raphink/myjson.json parsed (hence a very low loading payload due to the -A flag). The -s flag will ensure that \"save\" is called when you quit the shell.
\nImprovements have also been made in the last versions of the augeas package in Ubuntu. In 0.7.4, an augeas-doc package has been added. This package has been complemented in 0.8.0, so now it includes:
\nWe love to know what you do with Augeas, and the ideas that you have to improve it. We also like to know when things don't work so we can fix them.
\nThere are many ways to contribute to Augeas, so don't hesitate to join us!
"},{"url":"/posts/20110225-blogspot-introducing-configaugeasexporter/","relativePath":"posts/20110225-blogspot-introducing-configaugeasexporter.md","relativeDir":"posts","base":"20110225-blogspot-introducing-configaugeasexporter.md","name":"20110225-blogspot-introducing-configaugeasexporter","frontmatter":{"title":"Introducing Config::Augeas::Exporter","template":"post","date":"2011-02-25T23:13:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2011/02/introducing-configaugeasexporter.html","blogspot_url":"https://raphink.blogspot.com/2011/02/introducing-configaugeasexporter.html","tags":["augeas","config-augeas-exporter","perl","ubuntu"]},"html":"Following my little experiments from two days ago, I decided to turn my prototype into a Perl module so others could benefit from it.
\nI am therefore happy to introduce Config::Augeas::Exporter, uploaded today to the CPAN. Packages are also available for Ubuntu Lucid and Natty in the Augeas PPA.
\nThis module wraps up around Config::Augeas and currently provides 4 public export methods:
\nIn addition to this, it also provides a from_xml() method to import back an XML exported tree.
\nThe module is shipped with two scripts, aug2xml and xml2aug, which are essentially the scripts presented in my previous blog entry, rewritten to use the module.
\nThanks to the great advice of David Lutterkort, Augeas' main developer, the XML layout has been improved, which makes it much nicer, smaller, easier to parse, and much easier to import back.
\nAs a result of this, xml2aug is now able to replace only the files listed in the XML document, instead of replacing the whole tree.
\nHere are some examples of what can be done with aug2xml and xml2aug:
\n# Let's export the pam.d files only, excluding the comment nodes\n$ aug2xml -p '/files/etc/pam.d' -e \"#comment\" > export.xml
\n$ grep -o \"<file\" export.xml | wc -l\n34\n$ ls -lh export.xml\n-rw-r--r-- 1 raphink raphink 20K 2011-02-25 23:06 export.xml
\n$ xpath -e '//file[@path=\"/etc/pam.d/cron\"]/node[node[@label=\"module\"]=\"pam_env.so\"]/node[@label=\"control\"]' export.xml\nFound 2 nodes in export.xml:\n-- NODE --\nrequired\n-- NODE --\nrequired
\n$ mkdir -p fakeroot/etc/pam.d\n$ xml2aug -r fakeroot/ -f export.xml\n$ tree fakeroot/\nfakeroot/\n└── etc\n└── pam.d\n├── atd\n├── chfn\n├── chpasswd\n├── chsh\n├── common-account\n├── common-auth\n├── common-password\n├── common-session\n├── common-session-noninteractive\n├── cron\n├── cups\n├── cvs\n├── gdm\n├── gdm-autologin\n├── gnome-screensaver\n├── kcheckpass\n├── kdm\n├── kdm-kde4\n├── kdm-kde4-np\n├── kdm-np\n├── kscreensaver\n├── login\n├── newusers\n├── other\n├── passwd\n├── polkit\n├── polkit-1\n├── ppp\n├── samba\n├── sshd\n├── su\n├── sudo\n└── xscreensaver
\n2 directories, 33 files
"},{"url":"/posts/20110224-blogspot-version-number-suggests-ubuntu-changes/","relativePath":"posts/20110224-blogspot-version-number-suggests-ubuntu-changes.md","relativeDir":"posts","base":"20110224-blogspot-version-number-suggests-ubuntu-changes.md","name":"20110224-blogspot-version-number-suggests-ubuntu-changes","frontmatter":{"title":"Version number suggests Ubuntu changes","template":"post","date":"2011-02-24T09:45:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2011/02/version-number-suggests-ubuntu-changes.html","blogspot_url":"https://raphink.blogspot.com/2011/02/version-number-suggests-ubuntu-changes.html","tags":["packaging","ubuntu"]},"html":"Today, I was updating an Ubuntu package whose maintainer in Debian has a @canonical.com address.
\nWhen I was building the source package, I kept getting an error:
\nVersion number suggests Ubuntu changes, but Maintainer: does not have Ubuntu address
\nThis error crashed dpkg-source and prevented me from building the source package.
\nUpon looking into the code (/usr/share/perl5/Dpkg/Vendor/Ubuntu.pm), I found that this errors only when DEBEMAIL is defined in the environment with a @ubuntu.com address ; a warning is issued otherwise.
\nSo if you ever have this problem, it's easily fixed by unsetting DEBEMAIL:
\n$ unset DEBEMAIL
"},{"url":"/posts/20110318-blogspot-changing-remote-url-in-git/","relativePath":"posts/20110318-blogspot-changing-remote-url-in-git.md","relativeDir":"posts","base":"20110318-blogspot-changing-remote-url-in-git.md","name":"20110318-blogspot-changing-remote-url-in-git","frontmatter":{"title":"Changing a remote URL in git","template":"post","date":"2011-03-18T11:52:00.000+01:00","canonical_url":"https://raphink.blogspot.com/2011/03/changing-remote-url-in-git.html","blogspot_url":"https://raphink.blogspot.com/2011/03/changing-remote-url-in-git.html","tags":["augeas","git","ubuntu"]},"html":"You cloned a git repository using a public URL, and now everytime you want to push to it, you have to specify the push R/W URL because the public URL you used to pull is read-only.
\nThis happened to me:
\n$ git remote show origin\n* remote origin\nFetch URL: git://git.fedorahosted.org/git/augeas.git\nPush URL: git://git.fedorahosted.org/git/augeas.git\nHEAD branch: master\nRemote branch:\nmaster tracked\nLocal branch configured for 'git pull':\nmaster merges with remote master\nLocal ref configured for 'git push':\nmaster pushes to master (up to date)
\nand here is how I fixed it:
\n$ git remote set-url --push origin ssh://raphink@git.fedorahosted.org/git/augeas.git\n$ git remote show origin\n* remote origin\nFetch URL: git://git.fedorahosted.org/git/augeas.git\nPush URL: ssh://raphink@git.fedorahosted.org/git/augeas.git\nHEAD branch: master\nRemote branch:\nmaster tracked\nLocal branch configured for 'git pull':\nmaster merges with remote master\nLocal ref configured for 'git push':\nmaster pushes to master (up to date)
\nNote that the --push option modified only the push URL, so I keep using the public URL for fetching, which is fine.
"},{"url":"/posts/20110329-blogspot-syntax-highlighting-in-latex/","relativePath":"posts/20110329-blogspot-syntax-highlighting-in-latex.md","relativeDir":"posts","base":"20110329-blogspot-syntax-highlighting-in-latex.md","name":"20110329-blogspot-syntax-highlighting-in-latex","frontmatter":{"title":"Syntax highlighting in LaTeX","template":"post","date":"2011-03-29T22:43:00.002+02:00","canonical_url":"https://raphink.blogspot.com/2011/03/syntax-highlighting-in-latex.html","blogspot_url":"https://raphink.blogspot.com/2011/03/syntax-highlighting-in-latex.html","tags":["augeas","latex","python","ubuntu"]},"html":"Lately, I have been busy making a book on Augeas. I wanted something that would look nice, and that would use only LaTeX.
\nA colleague of mine told me to have a look at the Pygments syntax highlighter and its LaTeX module minted. I'm very happy with them so far.
\nInstalling Pygments on Ubuntu is as easy as can be:
\n$ sudo apt-get install python-pygments
\nThis provides a /usr/bin/pygmentize command, which is then used by minted.
\nI didn't find a package for minted, so I downloaded the files from the CTAN and made a minted directory in my source.
\nWhen building with pdflatex, I make sure to export the TEXINPUTS=minted: variable so that pdflatex uses the minted directory for inclusions.
\nNow that all the tools are installed, we need to actually use them in the LaTeX source. Here is a simple example:
\n\\mint{console}|$ sudo apt-get install augeas-tools|
\nA multi-line example:
\n\\begin{minted}{console}\n$ sudo yum install readline-devel\n$ sudo apt-get install libreadline-dev\n\\end{minted}
\nAnd even a listing example:
\n\\begin{listing}\n\\begin{minted}{augtool-shell}\n/files/etc/foo.conf\n/files/etc/foo.conf/#include = /etc/foo.d/*\n\\end{minted}\n\\caption{Augeas does not interpret include statements}\n\\label{lst:intro_include_tree}\n\\end{listing}
\nThere is much that can be done, and the documentation is well made.
\nI would love my book to be full of colours. Not only for languages that are well known, but also, and especially, for the languages and commands that are specific to Augeas.
\nOf course, Pygments doesn't provide lexers for Augeas syntax (yet), so I need to write them.
\nThe first lexer I would like to have is the augtool-shell lexer, which will put syntax highlighting on commands from an augtool session.
\nMy lexer looks like this:
\nimport re
\ntry:\nset\nexcept NameError:\nfrom sets import Set as set\nfrom bisect import bisect
\nfrom pygments.lexer import Lexer, LexerContext, RegexLexer, ExtendedRegexLexer, \\\nbygroups, include, using, this, do_insertions\nfrom pygments.token import Punctuation, Text, Comment, Keyword, Name, String, \\\nGeneric, Operator, Number, Whitespace, Literal\nfrom pygments.util import get_bool_opt\nfrom pygments.lexers.other import BashLexer
\n__all__ = ['AugtoolShellLexer']
\nclass AugtoolShellLexer(RegexLexer):\n\"\"\"\nLexer for Augtool shell sessions.\n\"\"\"
\nname = 'AugtoolShell'\naliases = \\['augtool-shell'\\]\nfilenames = \\['\\*.augtoolshell'\\]\nmimetypes = \\['text/x-augtool-shell'\\]\n\ntokens = {\n 'root': \\[\n (r'^\\\\s+$', Text), # empty line\n (r'^\\[;#\\].\\*?$', Comment), # comment\n (r'^(rm\\\\s+:.\\*)', Text), # removed nodes\n (r'^(Saved.\\*)', Text), # saved\n (r'^(augtool\\\\>)(\\\\s+)(\\\\S+)(?:(\\\\s+)(.\\*))?$', # augtool prompt\n bygroups(Generic.Prompt, Whitespace, Keyword, Whitespace, String)),\n (r'^(\\[^=\\]+)(?:(\\\\s+)(=)(\\\\s+)(.\\*))?$', # ls/get/print\n bygroups(String, Whitespace, Operator, Whitespace, String)),\n (r'^(\\\\S+)(\\\\s+)(label)(=)(\\\\S+)(\\\\s+)(value)(=)(\\\\S+)(\\\\s+)(span)(=)(\\\\S+)$', # span output\n bygroups(String, Whitespace, Keyword, Operator, String, Whitespace,\n Keyword, Operator, String, Whitespace,\n Keyword, Operator, String)),\n \\]\n}\n It is located in the augeas-lexer/augeaslexer/augeaslexer.py file, and the augeas-lexer directory contains the following files:
\naugeas-lexer/\n├── augeaslexer\n│ ├── augeaslexer.py\n│ └── __init__.py\n└── setup.py
\n__init__.py is an empty file, and setup.py contains the following:
\n\"\"\"\nAugeas syntax highlighting for Pygments.\n\"\"\"
\nfrom setuptools import setup
\nentry_points = \"\"\"\n[pygments.lexers]\naugtool-shell = augeaslexer.augeaslexer:AugtoolShellLexer\n\"\"\"
\nsetup(\nname = 'augeaslexer',\nversion = '0.1',\ndescription = __doc__,\nauthor = \"Raphael Pinson\",\npackages = ['augeaslexer'],\nentry_points = entry_points\n)
\nIn order to build with this new lexer, I need to install it in my system (if someone knows how to do without this step, I'll be very happy to hear it!). The following command does that:
\n$ sudo python setup.py install
\nNow when I run pygmentize, I should see my lexer:
\n$ pygmentize -L | grep augtool\n* augtool-shell:\nAugtoolShell (filenames *.augtoolshell)
\nI've actually added (or begun to add) 3 more lexers to my module: AugtoolLexer, AugeasLexer and PuppetAugeasLexer.
\nThe result can be see in the PDF version of the book (which is still a work in progress).
\nOne thing LaTeX users love is its flexibility. On big projects such as books, it is often useful to define macros and new environments.
\nHere is an example of a listing containing several languages with line numbering. The macros take care of applying the line numbering options (linenos and firstnumber) and defining the standard options for my document (fontsize=\\footnotesize and bgcolor=bg).
\nThe macros look like this:
\n% minted commands
\n\\newcommand{\\mymint}[3][]{\\mint[fontsize=\\footnotesize,bgcolor=bg,#1]{#2}#3}\n\\newcommand{\\consolecode}[2][]{\\mymint[#1]{console}#2}\n\\newcommand{\\augtoolshcode}[2][]{\\mymint[#1]{augtool-shell}#2}
\n% inputminted
\n\\newcommand{\\myinputminted}[3][]{\\inputminted[fontsize=\\footnotesize,bgcolor=bg,#1]{#2}{../listings/#3}}
\nAnd the listing:
\n\\begin{listing}\n\\consolecode[linenos]|$ augtool --backup --root myroot|\n\\myinputminted[linenos,firstnumber=2]{augtool-shell}{rm_fstab_opt.augtoolshell}\n\\consolecode[linenos,firstnumber=15]|$ diff -u myroot/etc/fstab myroot/etc/fstab.augsave|\n\\myinputminted[linenos,firstnumber=16]{diff}{fstab_opt.diff}\n\\caption{Removing an option in fstab}\n\\label{lst:rm_fstab_opt}\n\\end{listing}
\nThis produces the following output:
\n![](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEW7b3Tbh62i5m6AmdfAoyETfZLpX5P4kyQ24d1SYBED2mBr9QFj4sIjsshETZJlIukypfTPQ0K-AjMtuTDad6CrWlgrK8cHckFyAjlgXyS_ZMODv0BHYOuxk4WNAyFOSTg_D13GFiVL3I/s1600/listing_minted_macros.png\")
Ye hypocrites, well did Esaias prophesy of you, saying,
\nThis people draweth nigh unto me with their mouth, and honoureth me with their lips; but their heart is far from me.
\nMatthew 15:7—8
\nMany times, Jesus called people — especially the Pharisees — hypocrites. This puzzled His disciples quite a bit, because the Pharisees where people who kept the Law strictly. How could people who kept the Law be wrong? Well, the problem is that they kept the Law outwardly but not inwardly.
\nI heard many comments on the subject over the years, but something about this struck me today. Who were the Pharisees keeping the Law for? For whose sake do we act the way we do? Jesus said that when you desire a woman, you've already committed adultery with her in your heart, and that when you insult someone — even in your heart — you've already committed murder.
\nWhat is it that keeps me from acting the thoughts I have? Why do I sometimes let myself desire a woman, but I won't commit adultery in real life? Let's face it: even a lot of non believers have never committed adultery, let alone murder. I think the problem is here: for whose sake do you act the way you do? For God's sake, or for your own?
\nMany people act properly for their own sake ; they are afraid of what people will think about them, or do to them, if they don't act nicely. They keep the Law for their own sake — because of fear, or because of pride — and they have no reason to keep their thoughts as clean as their acts.
\nJesus called us to go much further than that. He said we should actually keep even our thoughts clean. Why? For God's sake! It's not so much that I should look like a perfect person, that I should care about what people think about me — if they will judge me, hate me, stone me — if I don't act properly. No, there's someone — God — who knows more about myself than I even do, and for His sake, I should be perfect, because He said : \"Be ye therefore perfect, even as your Father which is in heaven is perfect\" (Matthew 5:48).
\nAs Christians, we so often tend to think that we can do it the easy way: starting by cleaning ourselves outwardly, and finishing with the inside. It doesn't work that way, because the goal is not the same. If you care to clean the outside first, you're doing it for your own sake, but cleaning the inside requires doing it for God's sake, for the inward cleaning is the work of the Holy Spirit in our lives.
\nYour motivation defines where you're heading. If you act the way you do for your own sake, you will stay stuck with the outward issues of your life. If you want to give it all to God and change for His sake, asking the Holy Spirit to cleanse you from the inside — even if it might take longer and be more painful — He will do this work in you, and it will end up showing up outwardly in your life.
\nFather Almighty,
\nI realize my own efforts to purify myself are vain because they are only motivated by fear and pride, and they do not cleanse me internally — for Your sake.
\nI pray Lord that you send your Holy Spirit in my life to achieve the work within me, that I may be perfected to your image inwardly, and shine of your glory outwardly.
\nIn Jesus' name. Amen.
"},{"url":"/posts/20110414-blogspot-fancytabs-latex-package/","relativePath":"posts/20110414-blogspot-fancytabs-latex-package.md","relativeDir":"posts","base":"20110414-blogspot-fancytabs-latex-package.md","name":"20110414-blogspot-fancytabs-latex-package","frontmatter":{"title":"The fancytabs LaTeX package","template":"post","date":"2011-04-14T12:30:00.004+02:00","canonical_url":"https://raphink.blogspot.com/2011/04/fancytabs-latex-package.html","blogspot_url":"https://raphink.blogspot.com/2011/04/fancytabs-latex-package.html","tags":["latex","ubuntu"]},"html":"Lately, I've been using LaTeX quite a bit, and defining my own macros. Today is the occasion for me to release my first package: fancytabs.
\nThis is a package that allows to add fancy tabs on the border of pages in a document.
\nThe package can be downloaded from the CTAN.
\nAfter downloading and unzipping the file, run latex on the fancytabs.ins file. This will produce a fancytabs.sty file which provides the package. You can also build the PDF documentation by running pdflatex on the fancytabs.dtx file.
\nHere is an example of a page featuring a fancy tab:
\n![](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKmUxecABMr-0z-cVXHFNwI6fM-VkOd5Nea1THT3XAXwGKlNQi1HxRsloIVcakbKAxeuS4o20bKvIOYOsEM4tBJvMY6O4e5uGvAphtrRU4Ag_IREkCo99U3_cItQdYbKdMJzHGn__GUhrX/s1600/fancytabs.png\")
For my most recent computer, I've installed Linux Mint 11. In Mint, bash is set to display a fortune cookie every time you start a shell session.
\n![](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsuJr9pnVPK0RyTfU-2c5vQVXWuGFQq1aaKzjk28zNfn_QJVqyoOJ7AWGDnQ7PrKY2i-wfHLHPdjahTVs_AHsmUUXdrA9NZ61yIjki17Mzr5meaNCvBmNVcZkBCEysAS7ZH914EY_85zCr/s1600/mint_fortunes.png\")
This is a nice idea, however I would rather see daily Bible verses than random fortunes. Here is how to do that. First, install the verse package:
\n$ sudo apt-get install verse
Then, edit /usr/bin/mint-fortune with sudo, and replace the line:
\n/usr/games/fortune | $command -f $cow
with
\n/usr/bin/verse | sed -e 's@^ *@@' | $command -f $cow
To be sure that the file won't be overridden when you upgrade your distribution, set it as a local diversion:
\n$ sudo dpkg-divert --local /usr/bin/mint-fortune
and you're done!
\n![](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyr0sEeuXsQZPfwNXO7WWFLUOG814lJ33wX3q4nbRoULxjG7xU__DsN9-FclDC9E-VsjTUEFWYJN3igNnq3z8AJu6i-b0es0SbfyoALzL_1Ok0siZQPFWkSyhSIIL1kH93KVXbKVR3LFbU/s1600/mint-fortunes-bible-nospaces.png\")
Augeas 0.10.0 has just been released, and it brings a good lot of changes with it.
\nAmong them, the aug_to_xml method has been added. This is essentially an integration of the XML export function initially introduced in the Config::Augeas::Exporter Perl module. The port in C has seen some improvements in the XML schema, as well as in speed. There is not yet an aug_from_xml method, and it might take some time to come, as it brings up a lot of merging issues. This change introduces a dependency on libxml2.
\nDominic Cleal has been working on the new aug_srun method, which he wishes for his Augeas module for Puppet. In order to achieve this, he introduced a way to set the context of XPath expressions in /augeas/context in order to use relative paths. This is a well-known feature for the users of the Augeas module for Puppet, and it is now available for all Augeas users.
\nA lot of lenses have been fixed and improved. As a matter of fact, when I wrote the Config::Augeas::Validator Perl module, the goal was initially to test our configuration files against the Augeas lenses. But after testing some 120.000 files, I've obviously found a few flaws in the lenses and had to fix them.
\nThe package for Augeas 0.10.0 has entered Ubuntu Precise this afternoon. Versions for older releases are available on my Augeas PPA. Feedback is most welcome!
"},{"url":"/posts/20110826-blogspot-colored-initials-in-latex/","relativePath":"posts/20110826-blogspot-colored-initials-in-latex.md","relativeDir":"posts","base":"20110826-blogspot-colored-initials-in-latex.md","name":"20110826-blogspot-colored-initials-in-latex","frontmatter":{"title":"Colored initials in LaTeX","template":"post","date":"2011-08-26T19:01:00.001+02:00","canonical_url":"https://raphink.blogspot.com/2011/08/colored-initials-in-latex.html","blogspot_url":"https://raphink.blogspot.com/2011/08/colored-initials-in-latex.html","tags":["latex","ubuntu"]},"html":"Georg Duffner, the creator of the EB Garamond open-source font, has been working on an initials font for EB Garamond based on a 16th century French Bible lately. A few days ago, he was thinking about producing colored initials with it, and had the idea of splitting the font in two: one font for the background ornament, and one font for the foreground letter to superimpose on it.
\nBase on this idea, I have hacked a little LaTeX module to typeset the initials in a simple way. The module can be found on github and is based on the lettrine LaTeX module.
\nIt makes use of fontspec to load the fonts so it only works with XeTeX and LuaTeX.
\nThe alphabet only contains 3 letters for now, so not really much can be achieved with it so far, but the code is there.
\nHere is an example reproducing parts of the 16th century Bible used to get the samples of the initials:
\n![](\"https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjY5NXP489C8FD8qR9sfWMqQayRDzriRd9hxcct_gGxUACb4qi9vUL7i9UHE7y-vpI8o4oTRDqFidmvaN7hXU10BLtTmQqVr_S_8KPA_ANdeKUpC4JuV4XwVFZqaUtjpOwIM3uUleQhxeM_/s1600/eblettrine.png\")
I was recently asked to convert an openvz container to a VMWare instance. I found a tutorial on a forum which helped but had to be adapted slightly.
\nHere is how I eventually managed to do the conversion:
\ndd if=/dev/zero of=test.img bs=516096c count=40000fdisk test.imgo n p 1 2048 wlosetup -o1048576 /dev/loop0 test.img mke2fs -b1024 /dev/loop0 tune2fs -j /dev/loop0 mount /dev/loop0 /mntblkid /dev/loop0--numeric-ids to prevent bad mapping of UIDs:rsync -av --exclude 'somedir' --numeric-ids /vz/root/1234/ /mntgrub-install --root-directory /mnt /dev/loop0chroot /mntapt-get install linux-image-foobar #adapt to your kernel version apt-get install grub-pcpasswd1:2345:respawn:/sbin/getty 38400 tty1 2:23:respawn:/sbin/getty 38400 tty2 3:23:respawn:/sbin/getty 38400 tty3 4:23:respawn:/sbin/getty 38400 tty4 5:23:respawn:/sbin/getty 38400 tty5 6:23:respawn:/sbin/getty 38400 tty6proc /proc proc nodev,noexec,nosuid 0 0 UUID=7925e5b1-f2ad-4cdc-95f9-984d25378194 / ext4 errors=remount-ro 0 1umount /mnt kvm-img convert -f raw test.img -O vmdk test.vmdkgrub> insmod ext2 grub> set root='(hd0,msdos1)' grub> linux /boot/vmlinuz-foobar root=UUID=7925e5b1-f2ad-4cdc-95f9-984d25378194 ro grub> initrd /boot/initrd-foobar grub> bootupdate-grubAt work, we have a lot of different services running and we end up with hundreds of thousands of configuration files in our configuration repository (especially since we don't use templates - more on that in another upcoming post...).
\nIn order to ensure the quality of these files (avoiding syntax errors and insecure configurations alike), we had the idea of writing a system to unit test the configuration files. Being involved in Augeas, I thought it would make a great parsing backend to write the tests.
\nThis gave birth to what is currently a Perl module called Config::Augeas::Validator, which comes with a Perl script and an SVN wrapper (this is what we used, but wrappers for other VCS are welcome) to plug it to pre- and post-commit hooks.
\nThe module relies on Augeas (and its lenses) to parse the configuration files. On top of that, you need to specify rules (which are essentially unit test scenarii), at least one for each type of file you wish to test. A minimal rule might look like this:
\n[DEFAULT] lens=Fstab pattern=.*/fstab
This rule will tell augeas-validator to test all files whose full path matches .*/fstab against the Fstab.lns Augeas lens. If the file contains syntax errors (that is, the lens fails to parse it), the program will report it and exit with a status of 1.
\nHere is another simple example adding two unit tests with warnings:
\n[DEFAULT] lens=PHP pattern=.*/(php\\.ini|php[45]/conf\\.d/.*\\.ini) [file_uploads] name=file_uploads explanation=file_uploads should be set to 'Off' type=count expr=$file//file_uploads[. != 'Off'] value=0 level=warning tags=security [expose_php] name=expose_php explanation=expose_php should be set to 'Off' type=count expr=$file//expose_php[. != 'Off'] value=0 level=warning tags=security
This test checks for php.ini files. Not only does it fail with status 1 if there is a syntax error, it also applies two unit tests called file_uploads and expose_php, which will make the program output a warning and exit with status 2 if they are not met. The essential part of the rules is the expr parameter, which is an Augeas XPath expression. In this case, the expressions must not match any nodes in order to pass the tests (hence value=0).
\nThese are just simple examples of what this module can do. You can find more examples shipped with the module itself. As a last example, here is one for Apache configuration files (in Debian/Ubuntu):
\n[DEFAULT] lens=Httpd pattern=.*/(sites-available/.*)|(apache2/.*\\.conf) [one_servername] name=One ServerName per VirtualHost * explanation=There should be only one ServerName per VirtualHost * entry type=count expr=$file[label() != \"default\"]/VirtualHost[arg =~ regexp(\"\\*(:80)?\")][count(directive[. = \"ServerName\"]) != 1] value=0 level=warning [bufferedlogs] name=BufferedLogs explanation=BufferedLogs must be set to Off type=count expr=$file//directive[. = \"BufferedLogs\"][arg = \"On\"] value=0 level=warning tags=security [timeout] name=Timeout explanation=Timeout must be at least 45 type=count expr=$file//directive[. = \"Timeout\"][int(arg) < 45] value=0 level=warning tags=security
I just got an HP Deskjet 3520 e-All-in-One multifunction printer today, which works very well with Ubuntu Quantal.
\nHere are the steps to print on it through Wifi. I used WPS to associate it to my network:
\nI also had to setup another machine on Ubuntu Precise. Unfortunately, the driver for the 3520 printer was added in HPLIP 3.12.6. However, downloading the hplip packages for Quantal and installing them worked fine on Precise. The packages you need are:
\nOnce the printer's network is setup, you can access it via an HTTP interface at its IP address.
"},{"url":"/posts/20200430-automating-freeipa-with-terraform-43b7/","relativePath":"posts/20200430-automating-freeipa-with-terraform-43b7.md","relativeDir":"posts","base":"20200430-automating-freeipa-with-terraform-43b7.md","name":"20200430-automating-freeipa-with-terraform-43b7","frontmatter":{"title":"Automating FreeIPA with Terraform","template":"post","date":"2020-04-30T10:48:36Z","excerpt":"The FreeIPA Terraform provider allows to automate creation and management of FreeIPA resources.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxterraform_bandeau.png.pagespeed.ic.neAGqH-_lX.webp","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxterraform_bandeau.png.pagespeed.ic.neAGqH-_lX.webp","canonical_url":"https://www.camptocamp.com/actualite/automating-freeipa-with-terraform/","devto_url":"https://dev.to/camptocamp-ops/automating-freeipa-with-terraform-43b7"},"html":"Terraform is great for cloud provisioning and has now become a standard tool to deploy infrastructures as code, in a DevOps fashion.
\nMany plugins exist to cover specific needs, from major cloud providers (AWS, GCP, Azure, etc.) to specific app APIs (Grafana, GitHub, or even PostgreSQL). The community provides and maintains additional providers which can be installed and used in any Terraform project as plugins.
\nCamptocamp developed several providers over the last few years. Besides\nthe [official Rancher provider] (https://www.terraform.io/docs/providers/rancher/index.html) which was co-developed by our team and contributed to the community, we maintain providers to integrate Terraform with the PuppetCA, the PuppetDB, as well as the gopass password vault.
\nMore recently, we started having a need to automate FreeIPA resources using Terraform, so we started a new provider.
\nInstalling additional Terraform providers is rather straightforward.\nYou can simply download the binary from the releases page and\ndrop it in your ~/.terraform.d/plugins directory.
Like all other Terraform providers, you first need to configure the provider. You can do that using either hardcoded parameters or environment variables. In this second case, we strongly encourage you to make use of summon as a wrapper to dynamically expose the environment variables at call time.
\nprovider freeipa {\n host = "ipa.example.test" # or set $FREEIPA_HOST\n username = "admin" # or set $FREEIPA_USERNAME\n password = "P@S5sw0rd" # or set $FREEIPA_PASSWORD\n insecure = true\n}\n Next, you can start writing resources to manage FreeIPA hosts and DNS records:
\nresource freeipa_host "foo" {\n fqdn = "foo.example.test"\n description = "This is my foo host"\n force = true\n random = true\n userpassword = "abcde"\n}\n\nresource freeipa_dns_record "bar" {\n idnsname = "bar"\n dnszoneidnsname = "myzone"\n dnsttl = 20\n records = ["1.2.3.4"]\n}\n At the moment, this FreeIPA provider only features 2 resource types, to manage FreeIPA hosts and DNS records. Don't hesitate to contribute to it by providing more resource types!
\nThis post was originally published on https://www.camptocamp.com/actualite/automating-freeipa-with-terraform/
"},{"url":"/posts/20200429-cleaning-up-puppet-code-4da2/","relativePath":"posts/20200429-cleaning-up-puppet-code-4da2.md","relativeDir":"posts","base":"20200429-cleaning-up-puppet-code-4da2.md","name":"20200429-cleaning-up-puppet-code-4da2","frontmatter":{"title":"Cleaning up Puppet Code","template":"post","date":"2020-04-29T10:54:01Z","excerpt":"Code quality is important to ensure style consistency and easy maintenance. Puppet-lint, Onceover and puppet-ghostbuster help ensure Puppet code quality.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","canonical_url":"https://www.camptocamp.com/actualite/cleaning-up-puppet-code/","devto_url":"https://dev.to/camptocamp-ops/cleaning-up-puppet-code-4da2"},"html":"After months and years of using Puppet, the code base becomes increasingly complex and cluttered. How can you ensure its quality, as well as clean up unused code?
\nIn the Puppet world, puppet-lint is the reference for code quality. It is used as a standard to check that modules follow the style guide, ensuring consistency in coding style and practices. puppet-lint can also be used in your control repository, to check your private modules (such as roles & profiles).
\nThere's at least three ways of achieving this: using PDK, a Rakefile, or onceover along with its code quality plugin.
PDK, the standard tool to manage Puppet modules in a standard way, also works with control repositories. Once installed, you can convert your control repository and run validation tests with:
\n$ pdk convert\n$ pdk validate\n The Rakefile method is a easy way to automate puppet-lint:
Rake::Task[:lint].clear\nPuppetLint::RakeTask.new :lint do |config|\n config.ignore_paths = [\n 'modules/**/*.pp',\n 'vendor/**/*',\n ]\n config.disable_checks = [\n '80chars',\n 'documentation',\n ]\n config.fail_on_warnings = true\n config.fix = true if ENV['PUPPETLINT_FIX'] == 'yes'\nend\n Add a Gemfile in your repository to install puppet-lint:
source ENV['GEM_SOURCE'] || "https://rubygems.org"\n\ngroup :development, :test do\n gem 'rake', :require => false\n gem 'puppet-lint', :require => false\n \n # Other lint plugins (optional)\n gem 'puppet-lint-spaceship_operator_without_tag-check', :require => false\n gem 'puppet-lint-unquoted_string-check', :require => false\n gem 'puppet-lint-undef_in_function-check', :require => false\n gem 'puppet-lint-leading_zero-check', :require => false\n gem 'puppet-lint-trailing_comma-check', :require => false\n gem 'puppet-lint-file_ensure-check', :require => false\n gem 'puppet-lint-version_comparison-check', :require => false\n \n # You can also use the voxpupuli-test gem,\n # which pulls rake, puppet-lint & plugins as dependencies\n gem 'voxpupuli-test', :require => false\nend\n You can then run the lint with:
\n$ bundle install --path vendor/bundle $ bundle exec rake lint\n# And if you want to autofix the detected mistakes\n$ PUPPETLINT_FIX=yes bundle exec rake lint\n Onceover is a toolbox to automate tasks for Puppet control repositories. Among other things, its code quality plugin allows to run syntax checks and invoke puppet-lint.
In order to use it, update your Gemfile, e.g.:
source ENV['GEM_SOURCE'] || "https://rubygems.org"\n\ngroup :development, :test do\n gem 'voxpupuli-test', :require => false\n \n gem 'onceover', :require => false\n gem 'onceover-codequality', :require => false\nend\n Refresh your bundle and run onceover:
\n$ bundle update $ bundle exec onceover run codequality --no-docs\n Ideally, run this on every commit in a Continuous Integration/Continuous Deployment setup. At Camptocamp, we use a GitLab CI pipeline to check our control repo using Onceover before deploying it with r10k (also running a GitLab CI runner).
\n![\"PuppetMaster](\"https://www.camptocamp.com/wp-content/uploads/puppetmaster_pipeline.png\")
You've checked the quality of your existing code. Good! But what if you're actually maintaining and cleaning code that you don't use anymore? This would be quite the waste of time... At Camptocamp, we've built on puppet-lint to provide a system to detect unused code and help us clean it up.
This is what the puppet-ghostbuster project is for. Under the hood, puppet-ghostbuster is a collection of puppet-lint plugins, distributed in a single puppet-ghostbuster gem.
These plugins analyze your Puppet code and then connect to your PuppetDB to check if that code is actually used for any known node. It can also check Hiera data for unused keys. Just as previously, you can set it up as a Rake task, but our current setup requires a patch to puppet-lint in order to whitelist the puppet-lint checks activated (the current release of puppet-lint only supports blacklisting checks in Rake tasks).
source ENV['GEM_SOURCE'] || "https://rubygems.org"\n\ngroup :development, :test do\n gem 'rake', :require => false\n gem 'puppet-lint', :require => false,\n :git => 'https://github.com/raphink/puppet-lint',\n :ref => '2cac4fb' # Includes patch for whitelisting checks\n gem 'puppet-ghostbuster', :require => false\nend\n You can then set up a Rake task such as this one:
\nPuppetLint::RakeTask.new :ghostbuster do |config|\n config.pattern = ['./site/**/*']\n config.only_checks = [\n 'ghostbuster_classes',\n 'ghostbuster_defines',\n 'ghostbuster_facts',\n 'ghostbuster_files',\n 'ghostbuster_functions',\n 'ghostbuster_hiera_files',\n 'ghostbuster_templates',\n 'ghostbuster_types',\n ]\n config.fail_on_warnings = true\nend\n puppet-ghostbuster requires info to connect to your PuppetDB, so you need to provide the following environment variables:
PUPPETDB_URL: URLs to PuppetDBPUPPETDB_CERT_FILE: path to the certificate to use to connect to\nPuppetDBPUPPETDB_KEY_FILE: path to the key to use to connect to PuppetDBPUPPETDB_CACERT_FILE: path to the Puppet CA certificateHIERA_YAML_PATH: path to hiera.yaml to useIf you don't want to provide certificates and keys, you can connect to the PuppetDB through the unencrypted port 8080, for example by forwarding it through SSH. At Camptocamp, we're automating this setup by using summon as a wrapper to launch the command.
\nWe store the certificates and keys to connect to PuppetDB in gopass, then provide a secrets.yml file like so:
PUPPETDB_URL: https://puppetdb.example.com:8081\nPUPPETDB_CERT_FILE: !var:file path/to/secret:cert\nPUPPETDB_KEY_FILE: !var:file path/to/secret:key\nPUPPETDB_CACERT_FILE: !var:file path/to/secret:cacert\nHIERA_YAML_PATH: ./hiera.yaml\n Which allows to run:
\n$ summon bundle exec rake ghostbuster\n This returns a list of classes, defines, files, templates, etc. that are unused in our code. We can then check these results and clean up our code!
\nDo you have ideas to contribute to puppet-ghostbuster? Pull requests are welcome! You can also contact us for quotes on Puppet consulting or training!
This post was originally published on https://www.camptocamp.com/actualite/cleaning-up-puppet-code/
"},{"url":"/posts/20200430-backup-your-container-data-2f3f/","relativePath":"posts/20200430-backup-your-container-data-2f3f.md","relativeDir":"posts","base":"20200430-backup-your-container-data-2f3f.md","name":"20200430-backup-your-container-data-2f3f","frontmatter":{"title":"Backup your Container Data","template":"post","date":"2020-04-30T10:48:01Z","excerpt":"Containers have become a great facility to easily deploy applications, whether locally or on orchestrated clusters. However, containers are ephemeral, meaning their data should be stored externally and should be backed up.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fbanner.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fbanner.png","canonical_url":"https://www.camptocamp.com/actualite/backup-your-container-data/","devto_url":"https://dev.to/camptocamp-ops/backup-your-container-data-2f3f"},"html":"Containers have become a great facility to easily deploy applications, whether locally or on orchestrated clusters.
\nHowever, containers are ephemeral, meaning their data should be stored externally. When possible, they can be stored using databases or object storage. Most often though, you will need to resort to using data volumes, mounted inside your containers. How then can be perform a backup of this data?
\nContrarily to the traditional situation in application deployment, the location of critical data in containers is known, since it uses named volumes. We can thus connect to the Docker socket or the API managing the volumes to list them and perform the backups.
\nBivac is a tool created to do just that. It can be plugged to either a Docker socket, a Rancher API, or a Kubernetes server. It will then list the volumes on the platform and automatically back them up on a regular basis, using Restic to transfer the data to an object storage provider (e.g. AWS S3).
\n![\"Bivac](\"https://www.camptocamp.com/wp-content/uploads/bivac-435x400.png\")
In addition, Bivac can provide metrics on the backup statuses as it exposes a Prometheus endpoint.
\nUsing the REST client, backups can be listed, executed on demand, and it is also possible to restore volumes.
\nBivac can easily be installed a binary or a container. Here are some examples, deploying it locally on Docker, or using Kubernetes.
\nThe following docker-compose.yml file can be used to deploy the Bivac manager:
---\nversion: '3'\nservices:\n bivac:\n image: camptocamp/bivac:2.2\n command: "manager -v"\n ports:\n - "8182:8182"\n volumes:\n - "/var/run/docker.sock:/var/run/docker.sock:ro"\n environment:\n BIVAC_AGENT_IMAGE: camptocamp/bivac:2.1\n BIVAC_SERVER_PSK: super-secret-psk\n RESTIC_PASSWORD: not-so-good-password\n BIVAC_TARGET_URL: s3:my-bucket\n AWS_ACCESS_KEY_ID: XXXXX\n AWS_SECRET_ACCESS_KEY: XXXXX\n Additionally, you can also deploy a local Prometheus server to retrieve the metrics. See the full example.
\nThe easiest way to deploy a Bivac manager on Kubernetes is to use Camptocamp's Helm chart:
\n$ helm repo add camptocamp http://charts.camptocamp.com\n$ helm install camptocamp/bivac --version 1.0.0\n The CLI can be downloaded from the releases page. Once the binary is installed, you can use it to list backups, perform backups, or restore data.
\nThe CLI needs to be connected to the Bivac manager, using its HTTP URL and PSK (defined in the deployment). This can be performed using either the --remote.address and --server.psk options, or by setting the BIVAC_REMOTE_ADDRESS and BIVAC_SERVER_PSK.
The bivac volumes command lets you list the volumes managed by Bivac:
While Bivac automatically performs backups at a regular interval, the CLI can also be used to trigger backups manually:
\n\nBivac stores restic backups on object storage and lets you restore them using the backup restore command:
More features are available, such as the ability to manage a remote Restic repository. See the documentation for more information.
\nBivac allows to easily backup data, monitor their status and restore them, whether you are using raw Docker, Rancher volumes or Kubernetes.
\nThis post was originally published on https://www.camptocamp.com/actualite/backup-your-container-data/
"},{"url":"/posts/20200430-integrating-prometheus-with-puppetdb-aom/","relativePath":"posts/20200430-integrating-prometheus-with-puppetdb-aom.md","relativeDir":"posts","base":"20200430-integrating-prometheus-with-puppetdb-aom.md","name":"20200430-integrating-prometheus-with-puppetdb-aom","frontmatter":{"title":"Integrating Prometheus with PuppetDB","template":"post","date":"2020-04-30T10:48:51Z","excerpt":"Many applications are not containerized, and we still need to monitor their nodes. Prometheus PuppetDB SD allows to discover nodes in the PuppetDB and generate Prometheus configurations automatically.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxbanner-1.png.pagespeed.ic.-LxmyH1pjm.webp","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxbanner-1.png.pagespeed.ic.-LxmyH1pjm.webp","canonical_url":"https://www.camptocamp.com/actualite/integrating-prometheus-with-puppetdb/","devto_url":"https://dev.to/camptocamp-ops/integrating-prometheus-with-puppetdb-aom"},"html":"Most companies that have switched their deployments to containers have faced this issue: traditional monitoring systems just don't cut it when it comes to observability of containerized applications. Instead of focusing on nodes and applications running on them, the cluster approach to container orchestration systems requires to target application instances, which can run on multiple nodes —even several times on a single node— and typically have short life spans.
\nFortunately for us, Prometheus came early on in the ecosystem, providing an elegant solution to gather metrics from microservices and derive all sort of observability tools from them, including monitoring. Prometheus also allows to monitor the cluster nodes, by returning their metrics and aggregating them into views of their own. Problem solved, we can now get rid of our historical monitoring infrastructure. Or can we?
\n![](\"https://www.camptocamp.com/wp-content/uploads/prometheus-550x120.png\")
As much as we'd like to think all our applications are now containerized and all our machines are neutral cluster nodes in a large cattle, the reality is often very different. Most companies still have a large quantity of specialized machines---even snowflakes at times--- that are not taken into account by your latest Kubernetes cluster. Should we keep Nagios running for those, or is it possible to make them fit into the new paradigm?
\nFor those of us running Puppet, the PuppetDB has for years been a great source of information on nodes managed by Puppet. It contains facts, catalogs, reports and more for all the nodes in the fleet. Let's use this information to monitor the nodes and their services dynamically, using Prometheus!
\n![](\"https://www.camptocamp.com/wp-content/uploads/puppet-2-400x400.png\")
Prometheus PuppetDB SD allows to link PuppetDB with your Prometheus infrastructure. At a regular interval, it queries the PuppetDB and retrieves a list of targets. It then outputs a scrape configuration which Prometheus can use. Sounds simple? It really is!
\nThe Vox Pupuli Puppet community has a great module to manage Prometheus. The puppet-prometheus module works out of the box and allows to install and configure a Prometheus server. It also provides the prometheus::scrape_job defined type to declare scrape jobs to be added to the server.
Declaring these scrape jobs as exported resources tags them as such in the PuppetDB, and they can then be realized on the Prometheus server. This is extremely useful, but only works when the Prometheus server is managed by Puppet, not when it is containerized! Prometheus PuppetDB SD fills this gap by scraping the exported resources from the PuppetDB and generating the Prometheus configurations, so you can get the best of both worlds: scrape jobs declared in Puppet alongside your applications, and a containerized Prometheus server!
\nThere's several ways to install Prometheus PuppetDB SD, but let's face it: if you're using Prometheus, you probably have a Kubernetes cluster already, so let's install it using Helm:
\n$ helm repo add camptocamp http://charts.camptocamp.com\n$ helm install camptocamp/prometheus-puppetdb-sd --version 2.0.3\n The following values should be provided:
\nprometheusPuppetdbSd.args.puppetdb.url: the PuppetDB URIprometheusPuppetdbSd.args.prometheus.proxy-url: the Prometheus\nPush-proxy URLprometheusPuppetdbSd.args.output.k8s-secret.secret-name: the name\nof the k8s secret used to output the Prometheus configurationprometheusPuppetdbSd.args.output.k8s-secret.secret-key: the key in\nthe k8s secret used for the output file nameCACert: the CA certificate used to authenticate the PuppetDBCert: the certificate used to connect to the PuppetDBKey: the private key used to connect to the PuppetDBWith the official Prometheus Operator, setting prometheusSpec.additionalScrapeConfigsExternal to true will automatically configure Prometheus to mount the secret called {{ template \"prometheus-operator.fullname\" . }}-prometheus-scrape-confg and use the additional-scrape-configs.yaml key in it as additional configuration. This is thus the easiest way to configure Prometheus PuppetDB SD.
That's it, you're set!
\nDon't hesitate to provide feedback and pull requests on the GitHub repository!
\nGitHub — camptocamp/prometheus-puppetdb-sd
\nThis post was originally published on https://www.camptocamp.com/actualite/integrating-prometheus-with-puppetdb/
"},{"url":"/posts/20200501-diffing-puppet-environments-1fno/","relativePath":"posts/20200501-diffing-puppet-environments-1fno.md","relativeDir":"posts","base":"20200501-diffing-puppet-environments-1fno.md","name":"20200501-diffing-puppet-environments-1fno","frontmatter":{"title":"Diffing Puppet Environments","template":"post","date":"2020-05-01T14:49:22Z","excerpt":"Puppet Catalog Diff helps to visualize the differences between two Puppet environments","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","canonical_url":"https://dev.to/camptocamp-ops/diffing-puppet-environments-1fno","devto_url":"https://dev.to/camptocamp-ops/diffing-puppet-environments-1fno"},"html":"Puppet is a great tool for configuration managements, allowing to automate hundreds to thousands of nodes at a time in an Infrastructure-as-Code approach.
\nGood practice usually encourages to use multiple environments in a Puppet setup. Usually, critical nodes are pinned to the production environment, while less critical nodes can be associated with staging environments.
Using Git along with a Control Repository, code changes are typically produced in feature branches which get turned to Puppet environments. Once features have been tested on said environment, the feature branch can be merged into a staging branch, where the changes will start affecting nodes pinned to that Puppet environment.
\nFinally, once in a while, changes are merged from the staging branch into the production branch, thus affecting all nodes pinned to production.
\nWhile the workflow described is helpful, validating a branch is often a lacking process. Pointing all staging nodes to a feature branch is missing the point entirely, so validation is often done manually, by identifying nodes that may be impacted by the change and running Puppet manually on these nodes, preferably in dry-run mode (--noop).
When deploying to hundreds of nodes, testing a few is hardly a guaranty that things will go well on all nodes once the branch is merged.
\nFortunately for us, there are tools which can help!
\nIt might be hard to believe as this module is so poorly known, but the Puppet Catalog Diff project was started some 10 years ago by R.I. Pienaar! Adopted by Zack Smith, it was maintained for a few years, but left mainly unmaintained since 2016.
\nAs we've used it for years (and GitHub's octocatalog_diff never fit my need), we've adopted it and you will now find the latest version on our GitHub account:
\nGitHub — camptocamp/puppet-catalog-diff
\nPuppet Catalog Diff is a standard Puppet module. You can thus install it using puppet module install, r10k, or even just git.
$ git clone https://github.com/camptocamp/puppet-catalog-diff.git /etc/puppetlabs/code/modules/catalog_diff\n As its name implies, Puppet Catalog Diff allows to perform diffs between Puppet catalogs.
\nThe module provides three Puppet faces:
\npuppet catalog seed generates catalogs from a Puppet Master (or PuppetDB)puppet catalog pull wraps around the seed face to retrieve catalogs from two environments for each nodepuppet catalog diff analyzes multiple catalogs and returns the differences per nodeTo get started, you can diff local catalogs (in .yaml, .pson, or .yaml formats):
$ puppet catalog diff catalog1.pson catalog2.pson\n will return the differences between the two catalogs.
\nMost often, you will want to use Puppet Catalog Diff to retrieve catalogs from Puppet Masters.
\nEverything the Puppet world uses OpenSSL for authentication. Setting up Puppet Catalog Diff will thus require an OpenSSL certificate. This can be any certificate signed by the Puppet CA. For example, you can use the puppetserver ca command to generate a certificate:
$ puppetserver ca generate --certname catalog-diff\n Retrieve the key and certificate.
\nBy default, Puppet Masters only deliver catalogs for the nodes requesting them. This is set up in the auth.conf configuration file, with a rule like:
{\n # Allow nodes to retrieve their own catalog\n match-request: {\n path: "^/puppet/v3/catalog/([^/]+)$"\n type: regex\n method: [get, post]\n }\n allow: "$1"\n sort-order: 500\n name: "puppetlabs catalog"\n},\n You can deploy this rule using the puppet_authorization::rule defined type from the puppet_authorization Puppet module.
To allow the catalog-diff certificate to access get any catalog from the Puppet Master, we can modify that rule:
{\n # Allow nodes to retrieve their own catalog\n match-request: {\n path: "^/puppet/v3/catalog/([^/]+)$"\n type: regex\n method: [get, post]\n }\n allow: ["$1","catalog-diff"]\n sort-order: 500\n name: "puppetlabs catalog"\n},\n Even better yet, we can add a certificate extension to the catalog diff certificate, e.g. pp_authorization: catalog and allow this extension in auth.conf:
{\n # Allow nodes to retrieve their own catalog\n match-request: {\n path: "^/puppet/v3/catalog/([^/]+)$"\n type: regex\n method: [get, post]\n }\n allow: [\n "$1",\n {\n extensions: {\n pp_authorization: "catalog"\n }\n }\n ]\n sort-order: 500\n name: "puppetlabs catalog"\n},\n When comparing environments, Puppet Catalog Diff will connect to one or multiple Puppet Masters and get catalogs for each node.
\nAs you may have many nodes to test, it is easier to get the list of nodes to analyze from the PuppetDB. This can be achieved with the --use_puppetdb, along with --filter_old_env. This will select all the active nodes in the Puppet associated with the first environment.
For example, if we run:
\n$ puppet catalog diff \\\n puppet.example.com/production \\\n puppet.example.com/staging \\\n --use_puppetdb --filter_old_env\n Note (2020-05-07): Since the release of Puppet Catalog Diff 2.0.0, `--usepuppetdbis now deprecated and--filteroldenv` is the default._
Puppet Catalog Diff will connect to the PuppetDB, get all the active nodes from the production environment, and then for each of them, retrieve a catalog for the node from:
production environment on the puppet.example.com Puppet Masterstaging environment on the puppet.example.com Puppet MasterIt will then compute differences between each pair of catalogs and output them.
\nOne type of check that is very necessary is testing changes between two versions of Puppet Master installations. Puppet Catalog Diff allows you to specify different masters for the two environments to compare, so you can use the following command to compare catalogs from two Puppet Masters on the same Puppet environment (provided the environment is deployed to both masters):
\n$ puppet catalog diff \\\n puppet5.example.com/production \\\n puppet6.example.com/production \\\n --use_puppetdb --filter_old_env\n Retrieving and comparing catalogs can be resource-consuming. Very often, you will want to diff a new environment (staging or feature) against a more stable one. Since we can get the nodes associated to the stable environment from PuppetDB, we might as well get the cached catalogs from PuppetDB for this branch, too. This is possible using the --old_catalog_from_puppetdb flag:
$ puppet catalog diff \\\n puppet.example.com/production \\\n puppet.example.com/staging \\\n --use_puppetdb --filter_old_env --old_catalog_from_puppetdb\n Catalogs from will retrieved from PuppetDB for the production environment, and from the Puppet Master for the staging environment.
Several options are available to tune the diff output:
\n--show_resource_diff will show the details of how each resource was modified--content_diff will generate a separate content diff for file contents, in addition to the parameters diff--changed_depth 1000 sets the number of nodes to display at the end of the diff, sorted by amount of diffsPuppet provides a special variable named $trusted and called Trusted Facts. This variable contains information from the Puppet certificate. This allows the Puppet Master to get informations, such as the certname or the certificate extensions, and be sure that they could not be falsified.
However, using these trusted facts in your Puppet code (or Hiera hierarchy) breaks compilation with Puppet Catalog Diff, since the catalog diff's certificate does not contain these trusted variables.
\nIf you are using Puppet 6.3 or up on your Puppet Master, you can make use of the new certless catalog API to bypass this restriction.
\nSince this uses a different API endpoint, we need to set up auth.conf for it, for example:
{\n # Allow nodes to retrieve their own catalog\n match-request: {\n path: "^/puppet/v4/catalog"\n type: regex\n method: [post]\n }\n allow: [\n {\n extensions: {\n pp_authorization: "catalog"\n }\n }\n ]\n sort-order: 500\n name: "puppetlabs certless catalog"\n},\n The --certless flag will tell Puppet Catalog Diff to use the new certless catalog API in place of the standard one.
For example, you can retrieve the old catalogs from PuppetDB and the new catalogs from the certless catalog API:
\n$ puppet catalog diff \\\n puppet.example.com/production \\\n puppet.example.com/staging \\\n --use_puppetdb --filter_old_env \\\n --old_catalog_from_puppetdb --certless\n If you are using a Continuous Integration platform, you can get advantage of it by integrating your Puppet control repository into it with Puppet Catalog Diff.
\nWhile general Code Quality tasks can be launched in a pipeline before deploying the code, Puppet Catalog Diff is typically a task that can be lauched in a merge request.
\nFor example, you can launch the following command in a GitLab CI job:
\n$ puppet catalog diff \\\n puppet.example.com/${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} \\\n puppet.example.com/${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} \\\n --show_resource_diff --content_diff --changed_depth 1000 \\\n --use_puppetdb --filter_old_env --old_catalog_from_puppetdb \\\n --certless --threads 4 \\\n --output_report /srv/catalog-diff/mr_${CI_MERGE_REQUEST_IID}_${CI_JOB_ID}.json\n The --output_report option saves the output as a JSON document, which can be used later on.
Puppet Catalog Diff compares Puppet catalogs. However, catalog changes do not account for all changes in a Puppet agent run. Plugins can play a role, too.
\nIf your change involves a change in agent-side plugins (facts, types & providers, augeas lenses), Puppet Catalog Diff won't allow you to predict the result of these changes.
\nChanges in Puppet code sometimes generate a lot of diff, which can be hard to parse in text form.
\nThe Puppet Catalog Diff Viewer project allows to visualize Puppet Catalog Diff reports (as generated by --output_report option) in a Web UI.
GitHub — camptocamp/puppet-catalog-diff-viewer
\nThis interface is currently read-only, with no persistence.
\n![\"Puppet](\"https://dev-to-uploads.s3.amazonaws.com/i/b73sm2n5ie2yip4hh427.png\")
Let me know how you use Puppet Catalog Diff, and, as usual, we welcome Pull Request!
"},{"url":"/posts/20200502-generic-blog-17ni/","relativePath":"posts/20200502-generic-blog-17ni.md","relativeDir":"posts","base":"20200502-generic-blog-17ni.md","name":"20200502-generic-blog-17ni","frontmatter":{"title":"dev.to as a generic blog?","template":"post","date":"2020-05-02T18:41:25Z","excerpt":"Is it a good idea to use dev.to for other subjects than development?","canonical_url":"https://dev.to/raphink/generic-blog-17ni","devto_url":"https://dev.to/raphink/generic-blog-17ni"},"html":"Do any of you use dev.to as a generic blog, besides development-related subjects (I'm thinking genealogy for example)?
\nWhat would be the pros and cons?
"},{"url":"/posts/20200503-recognizing-faces-in-historical-photographs-3ikc/","relativePath":"posts/20200503-recognizing-faces-in-historical-photographs-3ikc.md","relativeDir":"posts","base":"20200503-recognizing-faces-in-historical-photographs-3ikc.md","name":"20200503-recognizing-faces-in-historical-photographs-3ikc","frontmatter":{"title":"Recognizing faces in historical photographs","template":"post","date":"2020-05-03T20:10:58Z","excerpt":"Using machine learning to identify people in historical photographs","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzkzysi903rs0m6w8rvy1.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzkzysi903rs0m6w8rvy1.png","canonical_url":"https://dev.to/raphink/recognizing-faces-in-historical-photographs-3ikc","devto_url":"https://dev.to/raphink/recognizing-faces-in-historical-photographs-3ikc"},"html":"Genealogy has been one of my main personal activities for years. As part of my research, I've collected old pictures of family members that cousins I met were kind enough to send me (usually in scanned form, although at times I was actually given the custody of original photographs).
\nIn the last few years, I've added these photographs to Google Photos to take advantage of the face recognition features. It's allowed me to quickly find pictures of people, and it has helped me to identify people in pictures with the help of AI.
\n![\"Google](\"https://dev-to-uploads.s3.amazonaws.com/i/wtowmhpvyc51m79yef5j.png\")
\nGoogle Photos helps me keep track of known people in photographs
However useful this has been though, I've felt for some time that the scope was too narrow. I've found pictures of my great-grandfather and his associate in books and newspapers, and there's probably more I haven't seen yet.
\nFurthermore, there's people in my collection that I haven't identified yet. Somewhere, somehow, I'm sure there's descendants of these people who have portraits of them, and would love to get more pictures of their ancestors. I have occasionally been able to identify them with notes in the back of pictures, but there's still a lot left to put a name on.
\nSo I've been thinking… What if I could have a system similar to Google Photos face grouping and identification, but at a much more global scale?
\nThe time seems ripe for this:
\nA few months ago, I've started playing with AWS Rekognition to see what I could get out of my own personal collection. Encouraged by the results, I launched a little PoC project, which can be found at:
\nhttps://raphink.github.io/find-my-ancestor/
\n![\"President](\"https://dev-to-uploads.s3.amazonaws.com/i/79uz5005ebjyex7knfwz.png\")
\nPresident Paul Kruger found by the AI among his family
In this project, I picked public Flickr collections featuring historical photographs from all over the world. I scanned a few million pictures and stored face metadata about them in AWS Rekognition. I then built a simple web UI to query this database from a given picture.
\nThe code (both Ruby scripts and web interface) can be found on GitHub:
\nGitHub — raphink/find-my-ancestor
\nI've communicated about this project on various Genealogy websites and groups. Unfortunately, the results were not so great. Apart from celebrities and royalties, it's hard to identify random people in a database of \"only\" a million faces, though I am quite sure the algorithm did identify my great-great-uncle in two pictures from the Boer War.
\nMyHeritage recently worked with AI developer Jason Antic to provide an amazing colorization algorithm.
\nMost of these genealogical websites provide some kind of hinting system, which send you regular notifications of:
\nMy goal would thus be to provide a new kind of hint, in the form of photographs matching known portraits of people in your tree.
\nAfter giving it some thinking, I'm afraid though that the database I have built in AWK Rekognition won't be of much help. It seems I should be using another kind of algorithm to group faces by known person in order to improve matching.
\nI'd love to this see project get somewhere. There's so many people who could be identified… soldiers in WWI/WWII pictures, lost family members in concentration camps, and many other unsolved mysteries…
\nDo you AI experts have any tips to help me continue this project?
"},{"url":"/posts/20200504-automatic-renewal-of-puppet-certificates-28pm/","relativePath":"posts/20200504-automatic-renewal-of-puppet-certificates-28pm.md","relativeDir":"posts","base":"20200504-automatic-renewal-of-puppet-certificates-28pm.md","name":"20200504-automatic-renewal-of-puppet-certificates-28pm","frontmatter":{"title":"Automatic Renewal of Puppet Certificates","template":"post","date":"2020-05-04T06:36:04Z","excerpt":"Everyone who has been using Puppet with a self-signed CA for more than 5 years knows that dreaded time: the time when the CA must be renewed.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","canonical_url":"https://www.camptocamp.com/actualite/automatic-renewal-of-puppet-certificates/","devto_url":"https://dev.to/camptocamp-ops/automatic-renewal-of-puppet-certificates-28pm"},"html":"Everyone who has been using Puppet with a self-signed CA for over 5 years knows the dreaded time: the time when the CA must be renewed.
\nThe traditional approach is to create a new CA, and then use another mean to renew the certificates for all the nodes (SSH, MCollective, Ansible, etc.).
\nAnother possibility is to keep the same CA keys and generate a new CA certificate. There is actually an official module to do that. This module allows you to easily revive a CA that is about to expire in such a way that the new CA certificate is valid for current node certificates. As a result, you don't need to renew the node certificates right away; you only need to distribute the new CA certificate to ensure the cached version does not expire!
\nThere is however a consequence: node certificates will start to expire. Nodes over 5 years old will expire as soon as the CA expires. And so they need to be renewed, too.
\nWhat if the Puppet agent itself could ensure its certificate is always\nvalid? This can be achieved using two things:
\npuppet_certificate resource type.The former is a standard Puppet feature, with a simple principle: embark a secret in the Puppet CSR, which will be checked by a script on the CA.
\nThis approach allows to easily automate node provisioning by making nodes automatically register into Puppet.
\nThe simplest form uses a shared password in the csr_attributes.yaml file on the Puppet node.
Once you have put together a way to autosign certificates, let's see how to automatically renew these certificates. We'll use the puppet_certificate Puppet module for that. Here is the kind of code you could use:
\nclass profile::puppet::certificate (\n String $psk,\n) {\n file { '/etc/puppetlabs/puppet/csr_attributes.yaml':\n ensure => file,\n owner => 'root',\n group => 'root',\n mode => '0440',\n content => "---\\ncustom_attributes:\\n 1.2.840.113549.1.9.7: '${psk}'\\n",\n }\n ~> puppet_certificate { $::trusted['certname']:\n ensure => valid,\n onrefresh => 'regenerate',\n waitforcert => 60,\n renewal_grace_period => 20,\n clean => true,\n }\n}\n This code will:
\ncsr_attributes.yaml file to inject the psk into it;In addition:
\nensure => valid);Note that this only works if the certificate is cleaned from the Puppet CA before it gets regenerated. This is the point of the clean => true attribute. By default, however, the Puppet CA does not accept remote cleaning of certificates. You can allow nodes to clean their own certificates (and no other) by adding this to your Puppetserver's auth.conf file:
{\n name: "Allow nodes to delete their own certificates",\n match-request: {\n path: "^/puppet-ca/v1/certificate(_status|_request)?/([^/]+)$",\n type: regex,\n method: [delete]\n },\n allow: "$2",\n sort-order: 500\n}\n While it is possible to use a simple shared password in the csr_attributes.yaml for autosigning, it means all your nodes will contain that psk, which is valid to create new certificates on the Puppet CA. This is not very secure, and this can be improved by using unique tokens for each node, so that a token can only be used to generate a certificate for a specific node.
You could achieve this with tools such as Vault. Another idea is to generate a composite secret on the Puppet master by mixing the psk with the certname and possibly any certificate extension you want to enforce. You then need to adapt your autosign policy script to generate the same composite secret, which ensures that each node can only generate its own certificate, without changing its extensions.
\nThis post was originally published on camptocamp.com
"},{"url":"/posts/20200507-automated-puppet-impact-analysis-1c1/","relativePath":"posts/20200507-automated-puppet-impact-analysis-1c1.md","relativeDir":"posts","base":"20200507-automated-puppet-impact-analysis-1c1.md","name":"20200507-automated-puppet-impact-analysis-1c1","frontmatter":{"title":"Automated Puppet Impact Analysis","template":"post","date":"2020-05-07T20:49:52Z","excerpt":"Using GitLab Pipelines and Catalog Diff to preview changes between two branches in a merge request","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","canonical_url":"https://dev.to/camptocamp-ops/automated-puppet-impact-analysis-1c1","devto_url":"https://dev.to/camptocamp-ops/automated-puppet-impact-analysis-1c1"},"html":"In last week's post, I presented how to set up Puppet Catalog Diff to diff between two Puppet environments.
\nWouldn't it be great if this tool could be used to perform automatic impact analysis before merging a Git branch (aka Merge Request or Pull Request)? Well, it can.
\nOur current set up is based on RedHat OpenShift and GitLab.\nThis is however easily portable to other installation choices.
\nThe Puppet infrastructure is currently running in OpenShift, using our series of Puppet Helm Charts for Puppetserver, PuppetDB, Puppetboard and Puppet Catalog Diff Viewer.
\n![\"Puppet-related](\"https://dev-to-uploads.s3.amazonaws.com/i/dn3718sndgu4zyrtgklv.png\")
We are in the process of migrating from Puppet 5 to Puppet 6, so we currently have two Puppetserver charts deployed, one for each version. The puppetserver service points to two Puppet 5 pods, while the puppetserver6 service points to two Puppet 6 pods.
We have passthrough OpenShift routes sitting in front of the services to expose them to the rest of the infra (on port 443 instead of 8140).
\nPuppet code deployment is done using a GitLab Runner chart whose deployment mounts the Puppetcode volume (PVC from the Puppetserver deployment). We then run r10k in a GitLab pipeline every time a branch is pushed.
\nWe also lint the code before deploying it, using the Onceover Code Quality plugin.
\n![\"Deployment](\"https://dev-to-uploads.s3.amazonaws.com/i/t6o39hw6zpxdq27uhhmc.png\")
Here's what it looks like in .gitlab-ci.yml:
---\nstages:\n - lint\n - deploy\n\n.create_r10k_yaml: &create_r10k_yaml |\n cat << EOF > /tmp/r10k.yaml\n ---\n :cachedir: /etc/puppetlabs/code/cache\n\n :sources:\n :main:\n remote: $CI_PROJECT_DIR\n basedir: /etc/puppetlabs/code/environments\n EOF\n\nlinting-puppet-hiera:\n image: camptocamp/onceover-codequality:latest\n stage: lint\n script:\n - 'onceover run codequality --no_docs'\n tags:\n - puppetmaster\n rules:\n # Skip linting if the commit message contains "[skip lint]"\n - if: '$CI_COMMIT_MESSAGE !~ /\\[skip lint\\]/'\n\nr10k-deploy:\n image: puppet/r10k:3.1.0\n stage: deploy\n tags:\n # Select GitLab runner from the Puppet OpenShift env (which mounts Puppetcode)\n - puppetmaster\n before_script:\n - while [ -f /etc/puppetlabs/code/r10k.lock ]; do echo -n "Waiting for lock from "; cat /etc/puppetlabs/code/r10k.lock || echo; sleep 2; done\n - hostname -f > /etc/puppetlabs/code/r10k.lock\n script:\n - umask 0002\n # Git https secrets are mounted in the GitLab runner\n - ln -s /secrets/.netrc ~/\n - *create_r10k_yaml\n - git fetch --unshallow\n - 'git branch -r | grep -v "\\->" | while read remote; do git branch --track "${remote#origin/}" "$remote"; done'\n - r10k deploy --color -c /tmp/r10k.yaml environment ${CI_COMMIT_REF_NAME} -p --verbose=debug\n - puppet generate types --environment ${CI_COMMIT_REF_NAME}\n after_script:\n - rm -f /etc/puppetlabs/code/r10k.lock\n When a Merge Request is open, we want to analyse the impact it will have before we can merge it. This is where Catalog Diff plays a big role.
\nUnless you have a huge Puppet infrastructure, Catalog Diff is quite heavy to launch, as it will request lots of catalogs in a small amount of time.
\nThe new --old_catalog_from_puppetdb option introduced in version 1.7.0 reduces the load by half by getting the \"from\" catalogs from PuppetDB, but it's still kind of a large batch of requests to the Puppet servers.
For this reason, we run Catalog Diff only on demand, as a manual task. Lint and Deploy are run a second time, to make them mandatory passing steps before a merge can be validated.
\n![\"MR](\"https://dev-to-uploads.s3.amazonaws.com/i/xlzb38uvg70hndubvrze.png\")
Here's the setup:
\n.create_puppetdb_conf: &create_puppetdb_conf |\n cat << EOF > /etc/puppetlabs/puppet/puppetdb.conf\n [main]\n server_urls = https://puppetdb:8081\n EOF\n\n.create_csr_attributes_yaml: &create_csr_attributes_yaml |\n cat << EOF > /etc/puppetlabs/puppet/csr_attributes.yaml\n ---\n custom_attributes:\n # Our autosign script uses hashed secrets based on a psk,\n # the certname and the environment coded in the certificate\n 1.2.840.113549.1.9.7: '$(echo -n "$psk/$(puppet config print certname)/production" | openssl dgst -binary -sha256 | openssl base64)'\n extension_requests:\n # We use the pp_authorization=catalog extension to set up auth.conf for v4/catalog\n 1.3.6.1.4.1.34380.1.3.1: 'catalog'\n 1.3.6.1.4.1.34380.1.1.12: 'production'\n EOF\n\n.cleanup_cert: &cleanup_cert |\n curl -s -X DELETE \\\n "Accept:application/json" -H "Content-Type: text/pson" \\\n --cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \\\n --cert "/etc/puppetlabs/puppet/ssl/certs/$(puppet config print certname).pem" \\\n --key "/etc/puppetlabs/puppet/ssl/private_keys/$(puppet config print certname).pem" \\\n "https://puppetserver:8140/puppet-ca/v1/certificate_status/$(puppet config print certname)?environment=production"\n\n\ncatalog-diff:\n image: puppet/puppet-agent:6.15.0\n stage: diff\n tags:\n # Select GitLab runner in Puppet OpenShift env to get direct access to services\n - puppetmaster\n script:\n - apt update\n - apt install -y locales puppetdb-termini\n - locale-gen en_US.UTF-8\n - *create_puppetdb_conf\n - *create_csr_attributes_yaml\n # Generate a certificate and get it signed\n - puppet ssl submit_request --ca_server puppetserver --certificate_revocation=false\n # We currently diff with puppetserver6 for the migration\n - puppet catalog --environment ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} --certificate_revocation=false diff puppetserver:8140/${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} puppetserver6:8140/${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} --show_resource_diff --changed_depth 1000 --content_diff --old_catalog_from_puppetdb --certless --threads 4 --output_report /catalog-diff/mr_${CI_MERGE_REQUEST_IID}_${CI_JOB_ID}.json\n after_script:\n # We have configured our auth.conf to allow nodes to clean their own cert, see https://dev.to/camptocamp-ops/automatic-renewal-of-puppet-certificates-28pm\n - *cleanup_cert\n - echo "You can view the report details at https://puppetdiff.example.com/?report=mr_${CI_MERGE_REQUEST_IID}_${CI_JOB_ID}"\n # Post a comment on the Merge Request\n - 'curl -k -X POST -H "Private-Token: $CI_BOT_TOKEN" -d "body=You can view the Catalog Diff report details at https://puppetdiff.example.com/?report=mr_${CI_MERGE_REQUEST_IID}_${CI_JOB_ID}" $CI_API_V4_URL/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes'\n # Allow failure so the Merge Request can be validated even without catalog diff\n allow_failure: true\n rules:\n - if: '$CI_MERGE_REQUEST_ID'\n when: manual\n variables:\n LANG: en_US.UTF-8\n LC_ALL: en_US.UTF-8\n A few notes on that setup:
\n/catalog-diff directory, which is mounted in the runner from the Puppet Catalog Diff Viewer PVC. This way, reports are accessible directly in the viewer by passing their name in the query string.CI_BOT_TOKEN variable to the build. We currently set one in the build variables, using a robot GitLab account. If you have a GitLab Silver or greater plan, you can use the CI_JOB_TOKEN variable instead.Here are some screenshots of a typical workflow.
\n![\"Validated](\"https://dev-to-uploads.s3.amazonaws.com/i/b7djk6oti87cf1iatsap.png\")
The Merge Request validated, with the comment left by the bot after the Catalog Diff build was run (see the 3 steps on line 3)
\n![\"Puppet](\"https://dev-to-uploads.s3.amazonaws.com/i/a87ep2w72mdbvkrdfsv8.png\")
Viewing the report generated by the Puppet Catalog Diff run
\nHere's a video demo of the setup described above:
\n\nThis set up allows us to:
\nAs stated in the previous blog post, this doesn't account for every change, since changes in plugins (facts, types & providers, Augeas lenses, etc.) can also impact servers but won't be seen in catalog diffs.
"},{"url":"/posts/20200508-deploying-public-keys-in-docker-containers-41cd/","relativePath":"posts/20200508-deploying-public-keys-in-docker-containers-41cd.md","relativeDir":"posts","base":"20200508-deploying-public-keys-in-docker-containers-41cd.md","name":"20200508-deploying-public-keys-in-docker-containers-41cd","frontmatter":{"title":"Deploying public keys in Docker containers","template":"post","date":"2020-05-08T07:57:33Z","excerpt":"One of the hard problems to solve when using Docker in production is deploying secrets. githut_pki makes SSH key deployment easy.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1doni1qp0l9lqk240myf.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1doni1qp0l9lqk240myf.png","canonical_url":"https://www.camptocamp.com/en/actualite/deploying-public-keys-in-docker-containers/","devto_url":"https://dev.to/camptocamp-ops/deploying-public-keys-in-docker-containers-41cd"},"html":"One of the hard problems to solve when using Docker in production is deploying secrets. In particular, public keys are hard to deploy because they are multiline and there is usually one key per authorized user.
\nSince all our users have accounts on GitHub with their SSH key, it made sense to us to use GitHub as a centralized PKI for SSH keys. Starting with a simple Ruby script connecting to the GitHub API, we soon realized we would need a generic way of deploying public keys from GitHub if we persisted in this approach.
\nThis gave birth to the github_pki, a generic command line tool using the GitHub API to deploy SSH and X509 keys from GitHub organizations, teams, and individual users.
\nInstalling can be done from source:
\nFROM debian:jessie\n\nENV GOPATH=/go\nRUN apt-get update && apt-get install -y golang-go git \\\n && go get github.com/camptocamp/github_pki \\\n && apt-get autoremove -y golang-go git \\\n && rm -rf /var/lib/apt/lists/*\n Or by inheriting one of the official Docker images.
\nThe github_pki command can then simply be called from within an entrypoint script to deploy keys:
\n#!/bin/sh\n\n# Deploy users keys as X509 public keys to SSL_DIR\nSSL_DIR=/etc/puppetlabs/mcollective/clients /go/bin/github_pki\n\n# Deploy user keys as an authorized_keys file\nAUTHORIZED_KEYS=/root/.ssh/authorized_keys /go/bin/github_pki\n Various environment variables can be used to tune which keys should be deployed:
\n$ docker run -e AUTHORIZED_KEYS=/root/.ssh/authorized_keys \\\n -e SSL_DIR=/etc/test/ssl \\\n -e GITHUB_ORG="myorg" \\\n -e GITHUB_TEAM="mypals" \\\n -e GITHUB_USERS="otheruser" \\\n -e GITHUB_TOKEN=398d6d326a546d40f3f1ef93345d1fc5ee0f0j38 \\\n mydockerimage\nrun-parts: executing /docker-entrypoint.d/25-populate-ssl-clients.sh\ntime="2016-03-22T09:45:52Z" level=info msg="Adding users for team mypals" \ntime="2016-03-22T09:45:52Z" level=info msg="Adding user bob" \ntime="2016-03-22T09:45:52Z" level=info msg="Adding user alice" \ntime="2016-03-22T09:45:52Z" level=info msg="Adding individual user otheruser" \ntime="2016-03-22T09:45:53Z" level=info msg="Getting keys for user bob" \ntime="2016-03-22T09:45:53Z" level=info msg="Getting keys for user alice" \ntime="2016-03-22T09:45:53Z" level=info msg="Getting keys for user otheruser"\ntime="2016-03-22T09:45:59Z" level=info msg="Generating /root/.ssh/authorized_keys" \ntime="2016-03-22T09:45:59Z" level=info msg="Dumping X509 keys to /etc/puppetlabs/mcollective/clients" \ntime="2016-03-22T09:45:59Z" level=info msg="Converting key bob/1325852 to X509" \ntime="2016-03-22T09:45:59Z" level=info msg="Converting key alice/123756 to X509" \ntime="2016-03-22T09:45:59Z" level=info msg="Converting key alice/7845928 to X509" \ntime="2016-03-22T09:45:59Z" level=info msg="Converting key otheruser/8540586 to X509"\n This blog post was originally published on camptocamp.com
"},{"url":"/posts/20200508-keep-an-eye-on-your-terraform-states-4lf5/","relativePath":"posts/20200508-keep-an-eye-on-your-terraform-states-4lf5.md","relativeDir":"posts","base":"20200508-keep-an-eye-on-your-terraform-states-4lf5.md","name":"20200508-keep-an-eye-on-your-terraform-states-4lf5","frontmatter":{"title":"Keep an eye on your Terraform states","template":"post","date":"2020-05-08T08:11:27Z","excerpt":"About 4 years ago, we started using Terraform. Many things we were doing manually in the cloud at the time are now coded.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxterraform_bandeau.png.pagespeed.ic.neAGqH-_lX.webp","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxterraform_bandeau.png.pagespeed.ic.neAGqH-_lX.webp","canonical_url":"https://www.camptocamp.com/actualite/keep-an-eye-on-your-terraform-states/","devto_url":"https://dev.to/camptocamp-ops/keep-an-eye-on-your-terraform-states-4lf5"},"html":"This blog post was originally published on camptocamp.com
\nAbout 4 years ago, we started using Terraform. Many things we were doing manually in the cloud at the time are now coded. As a result, our Terraform base code now contains over a hundred states.
\nA lot of those resources already existed before, some managed by CloudFormation, others manually. Being able to import resources has helped a lot to integrate new Terraform code with existing infrastructure. We now have a unified system to control them, and most importantly to know who created them, how and why. Collaboration was made easier by using profiles instead of hardcoded credentials, the introduction of remote states stored on AWS S3, as well as state locks on DynamoDB.
\nWith all this, one thing remained: how do we keep an eye on all these states, resources and locks that are stored on AWS? Could there be a way to visualize and query them?
\n![\"Terraboard\"](\"https://raw.githubusercontent.com/camptocamp/terraboard/master/logo/terraboard_logo.png\"){kind=logo}
Terraboard was born in an attempt to bring an easy-to-use Web Interface for Terraform states.
\nIt currently supports states stored in AWS S3, as well as locks on DynamoDB. It features 4 views: overview, state view, compare view and search.
\nTerraboard requires an S3 bucket with versioning activated (for history and comparison between versions), as well as a PostgreSQL database, where all S3 states will be stored as a data cache.
\nTerraboard is comprised of two compontents:
\nThe overview is the landing page in Terraboard. It provides information about the most recent version of each state, along with the Terraform version used to apply it, its serial, the number of resources it features, and an activity sparkline. Clicking the sparkline lets you easily access any version of a state.
\nGraphs present statistics on the main resource types and Terraform versions used, as well as the number of number of states locked (if DynamoDB is configured).
\n![\"Main](\"https://www.camptocamp.com/wp-content/uploads/main-550x326.png\")
The State view presents details about a state file's resources. Resources are listed by module and can be filtered. A version selector lets you view historical data for the state.
\n![\"State](\"https://www.camptocamp.com/wp-content/uploads/state-550x328.png\")
While on the State view, you can pick a second version to compare with the current one. This computes differences between the two versions, which displays:
\n![\"Compare](\"https://www.camptocamp.com/wp-content/uploads/compare-550x330.png\")
If you've ever wondered in which Terraform state a node was managed, you can easily find this out in the Search view. The Search view lets you filter resources and their attributes by type, name, key or value, as well as Terraform version used.
\n![\"Search](\"https://www.camptocamp.com/wp-content/uploads/search-1-550x330.png\")
Are you ready to try Terraboard? If you're using Docker, this is very easy. All you need is a PostgreSQL database and your AWS credentials:
\ndocker run -d -p 8080:8080 \\\n -e AWS_REGION=<AWS_DEFAULT_REGION> \\\n -e AWS_ACCESS_KEY_ID=<AWS_ACCESS_KEY_ID> \\\n -e AWS_SECRET_ACCESS_KEY=<AWS_SECRET_ACCESS_KEY> \\\n -e AWS_BUCKET=<terraform-bucket> \\\n -e AWS_DYNAMODB_TABLE=<terraform-locks-table> \\\n -e DB_PASSWORD="mygreatpasswd" \\\n --link postgres:db \\\n camptocamp/terraboard:latest\n A Rancher template is also available in Camptocamp's Rancher Catalog, as well as a Helm Chart.
\nTerraboard is an open-source project and we heartily welcome all contributions to it. Don't hesitate to submit Pull Requests on GitHub.
\nYou are also welcome to join us on Gitter to discuss new ideas.
\nHappy Terraforming!
"},{"url":"/posts/20200508-unshallowing-a-git-repository-24nd/","relativePath":"posts/20200508-unshallowing-a-git-repository-24nd.md","relativeDir":"posts","base":"20200508-unshallowing-a-git-repository-24nd.md","name":"20200508-unshallowing-a-git-repository-24nd","frontmatter":{"title":"Unshallowing a Git repository","template":"post","date":"2020-05-08T07:36:38Z","excerpt":"GitLab allows to perform shallow repository clones (and it seems to be the default in recent versions...","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fnsbbm80zgqqypxyqtx1d.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fnsbbm80zgqqypxyqtx1d.png","canonical_url":"https://dev.to/camptocamp-ops/unshallowing-a-git-repository-24nd","devto_url":"https://dev.to/camptocamp-ops/unshallowing-a-git-repository-24nd"},"html":"GitLab allows to perform shallow repository clones (and it seems to be the default in recent versions from what I can tell).
\nIn order to run r10k, I need a full repository though, because r10k will copy it to cache and use this copy as a reference. This is what happens when you use a shallow repository:
\n [2020-05-08 06:53:15 - DEBUG] Replacing /etc/puppetlabs/code/environments/modulesync_update and checking out modulesync_update\n [2020-05-08 06:53:56 - ERROR] Command exited with non-zero exit code:\n Command: git clone /builds/camptocamp/is/puppet/puppetmaster-c2c /etc/puppetlabs/code/environments/modulesync_update --reference /etc/puppetlabs/code/cache/-builds-camptocamp-is-puppet-puppetmaster-c2c\n Stderr:\n Cloning into '/etc/puppetlabs/code/environments/modulesync_update'...\n fatal: reference repository '/etc/puppetlabs/code/cache/-builds-camptocamp-is-puppet-puppetmaster-c2c' is shallow\n Exit code: 128\n [2020-05-08 06:53:56 - DEBUG] Purging unmanaged environments for deployment...\n Git provides a fetch --unshallow command which solves the problem, so we just need to run git fetch --unshallow in the repository before running r10k.
However, some of our (older) GitLab installs don't make shallow clones. Instead, they make full clones with a single detached branch, so we need fetch --all instead.
In order to have it work in all configurations, I'm ending up running:
\ngit fetch --unshallow || git fetch --all\n And then run r10k on the repository.
"},{"url":"/posts/20200509-git-markdown-to-write-a-novel-ag6/","relativePath":"posts/20200509-git-markdown-to-write-a-novel-ag6.md","relativeDir":"posts","base":"20200509-git-markdown-to-write-a-novel-ag6.md","name":"20200509-git-markdown-to-write-a-novel-ag6","frontmatter":{"title":"Git & Markdown to write a novel","template":"post","date":"2020-05-09T06:20:31Z","excerpt":"Using Git and Markdown to write a novel","canonical_url":"https://dev.to/raphink/git-markdown-to-write-a-novel-ag6","devto_url":"https://dev.to/raphink/git-markdown-to-write-a-novel-ag6"},"html":"This year, I started writing a historical novel about a branch of my family. I quickly realized I needed some tooling to organize my data: what I know about the characters, the places, a general timeline, etc.
\nI looked for software to do that and found that the reference is Scrivener. However interesting it looked, I'd rather use Open Source software whenever possible, so I started using Manuskript, an Open Source software for writers similar to Scrivener.
\n![\"Manuskript](\"https://dev-to-uploads.s3.amazonaws.com/i/fj7xlois1xl9d7qtzyjl.png\")
I laid out some chapters, characters, plots… then I realized the saving format was binary. It's actually a Zip archive which contains all the information in flat files:
\n 1 2020-05-09 08:05 MANUSKRIPT\n 137 2020-05-09 08:05 infos.txt\n 0 2020-05-09 08:05 summary.txt\n 46 2020-05-09 08:05 status.txt\n 147 2020-05-09 08:05 labels.txt\n 284 2020-05-09 08:05 characters/0-Samuel_L-on.txt\n 281 2020-05-09 08:05 characters/1-L-on_Grunberg.txt\n 261 2020-05-09 08:05 characters/2-Adolphe_Grunberg.txt\n 309 2020-05-09 08:05 characters/3-Elisabeth_Rau.txt\n 112 2020-05-09 08:05 characters/4-Victor_Grunberg.txt\n 109 2020-05-09 08:05 characters/5-Maria_Schorr.txt\n 224 2020-05-09 08:05 characters/6-Fred_Grunberg.txt\n 125 2020-05-09 08:05 characters/7-Colonel_de_Villebois-Mareuil.txt\n 107 2020-05-09 08:05 characters/8-Said_Pacha.txt\n 109 2020-05-09 08:05 characters/9-Isaac_Aghion.txt\n 92 2020-05-09 08:05 outline/00-Setup.md\n 322 2020-05-09 08:05 outline/01-Les_joyaux_-gyptiens/folder.txt\n 3753 2020-05-09 08:05 outline/01-Les_joyaux_-gyptiens/0-Une_rencontre_inattendue.md\n 1706 2020-05-09 08:05 outline/01-Les_joyaux_-gyptiens/1-Office_de_chabbat.md\n 715 2020-05-09 08:05 outline/01-Les_joyaux_-gyptiens/2-Un_d-ner_chez_Isaac.md\n 482 2020-05-09 08:05 outline/01-Les_joyaux_-gyptiens/3-Proc-s_1.md\n 166 2020-05-09 08:05 outline/01-Les_joyaux_-gyptiens/4-Sc-ne_5.md\n 83 2020-05-09 08:05 outline/02-Paris/folder.txt\n 102 2020-05-09 08:05 outline/02-Paris/0-Sc-ne_1.md\n 97 2020-05-09 08:05 outline/03-Etudes_des_enfants/folder.txt\n 103 2020-05-09 08:05 outline/03-Etudes_des_enfants/0-Sc-ne_1.md\n 103 2020-05-09 08:05 outline/03-Etudes_des_enfants/1-Sc-ne_2.md\n 95 2020-05-09 08:05 outline/04-Premiers_emplois/folder.txt\n 103 2020-05-09 08:05 outline/04-Premiers_emplois/0-Sc-ne_1.md\n 96 2020-05-09 08:05 outline/05-Vers_le_Transvaal/folder.txt\n 103 2020-05-09 08:05 outline/05-Vers_le_Transvaal/0-Sc-ne_1.md\n 334 2020-05-09 08:05 outline/21-Epilogue.md\n 40074 2020-05-09 08:05 revisions.xml\n 275 2020-05-09 08:05 world.opml\n 1669 2020-05-09 08:05 plots.xml\n 2499 2020-05-09 08:05 settings.txt\n This is rather good news, and there's ways to automate PDF creation from this within the software, good news again!
\nHowever, some things were problematic to me:
\nSo I decided I would do everything in Git + Markdown, without the help of a third-party application.
\nI'm currently storing the chapters in their own directories, with numbered Markdown files:
\nchapitres/\n├── 01_les_joyaux_egyptiens\n│ ├── 00_titre.md\n│ ├── 01_une_rencontre_innatendue.md\n│ ├── 02_office_de_chabbat.md\n│ ├── 03_brody.md\n│ ├── 04_chabbat_2.md\n│ ├── 05_diner_chez_isaac.md\n│ └── 06_audience.md\n├── 02_les_enfants_grunberg\n│ ├── 00_titre.md\n│ ├── 01_leon.md\n│ ├── 02_retour.md\n│ ├── 03_coffre.md\n│ ├── 04_burtaux.md\n│ ├── 05_article.md\n│ └── 06_article2.md\n├── 03_annees_noires\n│ └── 00_titre.md\n├── 04_etudes\n│ └── 00_titre.md\n├── 05_premier_travail\n│ └── 00_titre.md\n├── 06_le_creusot\n│ └── 00_titre.md\n└── 21_epilogue.md\n The characters documentation is stored in Markdown files as well, and links can be made between them when necessary:
\npersonnages/\n├── Adolphe_Grunberg.md\n├── Charlotte_Grunberg.md\n├── Elisabeth_Rau.md\n├── Emilie_Grunberg.md\n├── Felix_Zottier.md\n├── Frederic_Grunberg.md\n├── Isaac_Aghion.md\n├── Jacques_Grunberg.md\n├── Leon_Grunberg.md\n├── Lucie_Leon.md\n├── Marc_Leon.md\n├── Mirel_Schorr.md\n├── Paul_Grunberg.md\n└── Samuel_Leon.md\n Same goes for places:
\nlieux/\n├── Alexandrie.md\n├── Brody.md\n├── Dubno.md\n├── Grunberg_Boulogne.md\n├── Paris.md\n├── Petite_Jonchere.md\n└── Vienne.md\n Links can easily be made between these documentation files:
\n# Mirel Schorr\n\n\n## État civil\n\n* Prénoms : Mirel, dite Maria\n* Nom : Grünberg\n* Nom de naissance : Schorr\n\n\n## Portrait\n\nInconnu\n\n\n## Description physique\n\nInconnu\n\n\n\n## Evénements\n\n\n* ca 1800 : ° à [Dubno](../lieux/Dubno.md) (Russie)\n* Enfance à [Brody](../lieux/Brody.md) (Autriche)\n avec ses parents [Schachne](Schachne_Schorr.md)\n et [Sarah](Sarah_Bick.md)\n et ses frères [Naphtali](Naphtali_Mendel_Schorr.md)\n et [Osias](Osias_Heschel_Schorr.md)\n\n* 1821: Mariage à [Brody](../lieux/Brody.md)\n\n* 1870 : habite à [Vienne](../lieux/Vienne.md) (testament [Adolphe](Adolphe_Grunberg.md))\n\n* 1877 : habite à [Paris](../lieux/Paris.md) (+)\n* 1877 : + à [Vienne](../lieux/Vienne.md)\n\n\n## Habillement\n\nVoir sa garde-robe en 1853 dans l'inventaire de [Victor](Victor_Grunberg.md)\n Manuskript provides stats about the number of words in a section. I've added a Make target for that:
\nstats:\n\tfind chapitres/ -name "*.md" -not -name '00_titre.md' -print0 | sort -z | xargs -0 wc -w\n Caveat: it also lists the words in the comments…
\nI'm using Pandoc to build the project with my own LaTeX template.
\n%.md:\n\tcat meta.md > $@\n\tfind chapitres/ -name "*.md" -print0 | sort -z | xargs -0 cat >> $@\n\n%.tex: %.md\n\tpandoc --pdf-engine lualatex --template extended.tex \\\n\t\t --variable numbersections --toc --variable toc-depth=2 \\\n\t\t --variable documentclass=memoir --variable fontsize=12pt \\\n\t\t --filter pandoc-citeproc \\\n\t\t --verbose \\\n\t\t $< -o $@\n\n%.pdf: %.tex\n\tOSFONTDIR=$(FONTSDIR) lualatex $<\n\tmakeindex $*.idx\n\tOSFONTDIR=$(FONTSDIR) lualatex $<\n The novel project can be found in this GitHub repository:
\n"},{"url":"/posts/20200511-representing-technical-skills-on-a-timeline-1mk1/","relativePath":"posts/20200511-representing-technical-skills-on-a-timeline-1mk1.md","relativeDir":"posts","base":"20200511-representing-technical-skills-on-a-timeline-1mk1.md","name":"20200511-representing-technical-skills-on-a-timeline-1mk1","frontmatter":{"title":"Representing technical skills on a timeline","template":"post","date":"2020-05-11T15:19:14Z","excerpt":"Several ways to display technical skills on a timeline","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0kwh14busu2ckvvmofwp.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0kwh14busu2ckvvmofwp.png","canonical_url":"https://dev.to/raphink/representing-technical-skills-on-a-timeline-1mk1","devto_url":"https://dev.to/raphink/representing-technical-skills-on-a-timeline-1mk1"},"html":"CVs and other websites presenting technical skills often lack a time dimension, allowing to know when and for how long a technology has been used.
\nAbout 8 years ago, I wanted to add a visual representation of my experience on my PDF CV.
\nSince I already used LaTeX with the excellent moderncv class, I wanted the solution to extend on that class. TeX StackExchange did not disappoint (they never do) and this gave birth to the moderntimeline LaTeX package which I have been maintaining since.
![\"Moderntimeline](\"https://dev-to-uploads.s3.amazonaws.com/i/4ae3bwwiymnffrljjypc.png\")
To this day I still use this solution on my CV.
\nSince then, a template has even been added to Overleaf to make it easier!
\n![\"Template](\"https://dev-to-uploads.s3.amazonaws.com/i/hvcmi91fhd8eaqex8u8c.png\")
The CV timeline is still not enough to present the data I wish to display, which is the temporal evolution of technical skills.
\nAmong the many websites which analyze public code repositories to get metrics out of them, OpenHub (previously Ohloh) is very interesting because it presents a timeline of languages used in projects.
\nHere's an example with my profile, where you can identify clear periods: a lot of LaTeX (dark blue) in the first years (when I edited books), then Augeas (light grey), mostly Ruby (red) between 2012 and 2015, then mainly Go (purple).
\n![\"OpenHub](\"https://dev-to-uploads.s3.amazonaws.com/i/0kwh14busu2ckvvmofwp.png\")
Not every tech skill can be measured with a number of code lines though.\nSo in 2013, I switched my main CV page to a temporal skills view.
\n![\"Skills](\"https://dev-to-uploads.s3.amazonaws.com/i/8ld9549ukxidnb7i7jjv.png\")
This uses vis.js to build a table of skills from a JSON file, e.g.:
\n[\n {"id": "Orange", "content": "<img src='img/orange.png' class='logo' /><b>Orange Portails</b><br />Systems Engineer", "start": "2006-06-01", "end": "2012-03-01", "type": "background", "className": "orange"},\n {"id": "Camptocamp", "content": "<img src='img/camptocamp.png' class='logo' /><b>Camptocamp</b><br />Infrastructure Developer", "start": "2012-03-01", "type": "background", "className": "camptocamp"},\n\n {"group": "provisioning", "content": "Debian FAI", "start": "2006-06-01", "end": "2012-03-01", "className": "contributed"},\n {"group": "provisioning", "content": "Kickstart", "start": "2006-06-01", "className": "implemented"},\n {"group": "provisioning", "content": "Terraform", "name": "terraform", "start": "2016-05-01", "className": "contributed"}\n]\n This JSON file is parsed and displayed on the page. Each skill can be assigned an icon as well as additional information. The skill bar can be clicked to display this information, taken from the skills/ directory and documented in Markdown.
![\"Details](\"https://dev-to-uploads.s3.amazonaws.com/i/xe2j9wktc28leawnu9ee.png\")
The code is open-source and can be forked on GitHub. Just check the gh-pages branch:
As usual, pull requests are welcome if you find nice ways to improve this!
"},{"url":"/posts/20200513-error-console-highlighting-1c60/","relativePath":"posts/20200513-error-console-highlighting-1c60.md","relativeDir":"posts","base":"20200513-error-console-highlighting-1c60.md","name":"20200513-error-console-highlighting-1c60","frontmatter":{"title":"Error console highlighting","template":"post","date":"2020-05-13T20:47:24Z","excerpt":"When composing posts on dev.to, is there a way to dispensary display error messages so they appear as...","canonical_url":"https://dev.to/raphink/error-console-highlighting-1c60","devto_url":"https://dev.to/raphink/error-console-highlighting-1c60"},"html":"When composing posts on dev.to, is there a way to dispensary display error messages so they appear as console output, but in red?
\nI've tried things like:
\n\n\n```error\nMy error message\n```\n\n\nor
\n<pre>\n<code style="color:red;font-weight:bold">\nMy error message\n</code>\n</pre>\n to no avail…
\nIs there a way to achieve this?
"},{"url":"/posts/20200515-taming-puppetserver-6-pt-ii-garbage-collection-2oh2/","relativePath":"posts/20200515-taming-puppetserver-6-pt-ii-garbage-collection-2oh2.md","relativeDir":"posts","base":"20200515-taming-puppetserver-6-pt-ii-garbage-collection-2oh2.md","name":"20200515-taming-puppetserver-6-pt-ii-garbage-collection-2oh2","frontmatter":{"title":"Taming Puppetserver 6 Pt II: Garbage Collection","template":"post","date":"2020-05-15T10:49:37Z","excerpt":"PuppetServer can be spending a lot of time doing gargage collection, which impacts its performance","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1wtluh7qosm01n29xmgq.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1wtluh7qosm01n29xmgq.png","canonical_url":"https://dev.to/camptocamp-ops/taming-puppetserver-6-pt-ii-garbage-collection-2oh2","devto_url":"https://dev.to/camptocamp-ops/taming-puppetserver-6-pt-ii-garbage-collection-2oh2"},"html":"Now that our internal Puppet Infrastructure is migrated to Puppet 6 and tuned, it was time to switch a second infra to it.
\nYesterday, I migrated our second infrastructure, and started seeing more issues. The rules-of-thumb from last post were useful, but I still needed to upgrade available memory to make up for a lack of computing power (probably to be imputed to the underlying IaaS throttling virtual CPUs).
\nAnd then, a Puppetserver crashed with a GC overhead limit exceeded error. This error happens when the CPU spends more than 98% performing garbage collection.
Looking at our Grafana dashboard, I realized we had no metrics about garbage collection, so I added a graph with two metrics:
\njvm_gc_collection_seconds_sum is a cumulative counter)jvm_gc_collection_seconds_count is also a cumulative counter)The formulas are as follow:
\ntime per request {{gc}}: rate(jvm_gc_collection_seconds_sum{job=\"puppetserver\"}[1m])/rate(jvm_gc_collection_seconds_count{job=\"puppetserver\"}[1m])rate {{gc}}: rate(jvm_gc_collection_seconds_sum{job=\"puppetserver\"}[1m])![\"Graph](\"https://dev-to-uploads.s3.amazonaws.com/i/euwyfd4972ggylucm4n3.png\")
I then looked at the graphs around the time when the GC overhead limit exceeded error happened:
![\"GC](\"https://dev-to-uploads.s3.amazonaws.com/i/w6k51xxcgoucexyieap3.png\")
Yes, I had a problem indeed. I restarted the Puppetservers and this hasn't happened since. However, the rates for PS MarkSweep have kept pretty high still. Here's the last 15 minutes as I'm writing:
\n![\"Standard](\"https://dev-to-uploads.s3.amazonaws.com/i/y93wzup9e7wglf4ectng.png\")
In comparison, the infrastructure I upgraded last week is faring much better, with GC rates well under 10%:
\n![\"Standard](\"https://dev-to-uploads.s3.amazonaws.com/i/466p0q75k2irwheuze22.png\")
In addition to a high rate spent performing garbage collection on the PS MarkSweep GC threads, I also noticed that the mean GC time for PS MarkSweep is pretty high, too, at around 2 to 3s. The values are slightly lower (a bit under 2s) on my first infrastructure.
\nAll in all, it seems PS MarkSweep garbage collection is to blame. It tends to take lots of CPU, for long periods of time.
\nThe good news is: PS MarkSweep is a legacy garbage collector, and it's not too hard to get rid of it, since OpenJDK 11 replaces it with the G1 Young Generation garbage collector by default.
\nThe official puppetserver Docker image installs the puppetserver package, which pulls openjdk-8-jre-headless as a dependency. OpenJDK 11 is also officially supported starting with Puppet 6.6, but the package doesn't allow to install it instead of OpenJDK 8. So for now, I'll just derive an image and install openjdk-11-jre-headless in addition to OpenJDK8 and let Ubuntu update the alternative for Java automatically.
The following graph shows the difference in GC time between PS MarkSweep and G1, following the upgrade to OpenJDK 11:
\n![\"PS](\"https://dev-to-uploads.s3.amazonaws.com/i/1wtluh7qosm01n29xmgq.png\")
And here's what GC looks like after a good warm up:
\n![\"New](\"https://dev-to-uploads.s3.amazonaws.com/i/hvr49m18eeidpxt31u7k.png\")
From 2s to 80ms, that's a great improvement if you ask me!
"},{"url":"/posts/20200513-taming-puppetserver-6-a-grafana-story-3c4f/","relativePath":"posts/20200513-taming-puppetserver-6-a-grafana-story-3c4f.md","relativeDir":"posts","base":"20200513-taming-puppetserver-6-a-grafana-story-3c4f.md","name":"20200513-taming-puppetserver-6-a-grafana-story-3c4f","frontmatter":{"title":"Taming Puppetserver 6: a Grafana story","template":"post","date":"2020-05-13T08:32:41Z","excerpt":"Using Grafana & Catalog Diff to tune the Puppet Server","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ft2lnmj23y7z3cvgo0b1t.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ft2lnmj23y7z3cvgo0b1t.png","canonical_url":"https://dev.to/camptocamp-ops/taming-puppetserver-6-a-grafana-story-3c4f","devto_url":"https://dev.to/camptocamp-ops/taming-puppetserver-6-a-grafana-story-3c4f"},"html":"After some time preparing for the migration, yesterday was finally the time to switch our first production Puppetserver to Puppet 6.
\nEverything was ready: we had been running both versions of the server alongside each other for some time, performing catalog diffs, and nothing seemed to be getting in the way as I went into ArgoCD and deployed the new version of the stack.
\n![\"Deploying](\"https://dev-to-uploads.s3.amazonaws.com/i/4yegip5ggdh0k7npdz8b.png\")
The first 30 minutes went fine. But then catalogs started failing compilation, and other services colocated on the OpenShift cluster became slow.
\nIn retrospect, I should have known something was wrong. Two weeks ago when I started my tests with Puppet 6 on another platform, I noticed that the server would die of OOM quite rapidly. Our Puppetserver 5 pods had been running happily for years with the following settings:
\nmax_active_instances: '4'\njava_xmx: '2g'\n\nrequests:\n cpu: 10m\n memory: 2Gi\nlimits:\n cpu: 3\n memory: 4Gi\n When I started new Puppet 6 instances with these settings, they would die. Initially, I thought the Xmx wasn't high enough so I set it to 3g and everything seemed fine again, for the duration of the catalog-diff tests.
But when the servers started crashing in production yesterday, it was clear there was another problem. And upgrading the Xmx to a higher value didn't help.
\nSo we looked at the graphs.
\nFor years, we have been gathering internal metrics from our Puppetservers. Our Puppetserver Helm chart comes equipped with a JMX Exporter pod to gather the data and send them to Prometheus. We then have a Grafana dashboard presenting all the Puppetserver metrics in a useful manner.
\n![\"Puppetserver](\"https://dev-to-uploads.s3.amazonaws.com/i/wxq2pi5b4jn5knp4pn71.png\")
Looking at the graphs from even before the switch showed that something was indeed aloof.
\n![\"JVM](\"https://dev-to-uploads.s3.amazonaws.com/i/63f6ewg4uheojxp1abv3.png\")
Clearly, the Puppetserver 6 instances had a very different memory ramp up (blue and yellow \"teeth\" lines), even during the tests phase. I just hadn't noticed then.
\nWe started a series of tests, using Puppet Catalog Diff runs to test load the servers, and playing on all various parameters of our stack:
\nIt quickly became clear that the main factor in our problem was that the memory request was too low.
\nThe official Puppet documentation gives a rule of thumb for tuning the Puppetserver memory. It indicates that each active instance requires 512MB, but another 512MB should be provided for non-heap needs:
\n\n\nYou’ll also want to allocate a little extra heap to be used by the rest of the things going on in Puppet Server: the web server, etc. So, a good rule of thumb might be 512MB + (max-active-instances * 512MB).
\n
Our graphs clearly showed that the non-heap memory of the instances stabilized a little bit over 512MB (around 550MB as I'm writing this).
\nSince we requested 4 JRuby instances, we should ensure at least (4+1)*512MB of RAM, so 2.5GB. And while our limit was set to 4GB, the requests were only set to 2GB. Changing the requested memory to a higher value showed that this was what was making our servers misbehave.
\nWe originally set the containers to a CPU limit of 3 because or compute nodes have 4 CPUs and we wanted to leave one free.
\nWe actually noticed that Puppetserver was using closer to 2.5 CPUs as a mean. So we set the limit to 4 and saw that the Puppetserver seemed to use even less CPU, down to a mean of 2.
\nNote that limiting CPUs is necessary when running Java in containers, otherwise Java believes it runs on a single CPU.
\nThe number of JRubies recommended changed between Puppet 5 and 6, as stated in the documentation. Up to Puppet 4, it was recommended to set it to num-cpus + 2, but the docs now state:
\n\nAs of Puppet Server 1.0.8 and 2.1.0, if you don’t provide an explicit value for this setting, we’ll default to num-cpus - 1, with a minimum value of 1 and a maximum value of 4.
\n
We ran load tests with different values of max JRuby instances and found that num-cpus - 1 was indeed the best good value.
Most importantly, we found that setting up the max JRuby instances higher than the number of CPUs made compilation time quite slower (supposedly as it would increase context-switch between the instances).
\nFollowing the guidelines and our tests, we ended up with:
\nmax_active_instances: '3' # since we have 4 CPUs\njava_xmx: '2g' # (3+1)*512MB\n\nrequests:\n cpu: 10m\n memory: 3Gi # 1.5*XmX\nlimits:\n cpu: 4 # Use all available CPUs as limit\n memory: 3.3Gi # 1.1*request just in case\n On this graph from the last 2 days, we can clearly see the situations before production time, during crisis, and after proper tuning:
\n![\"JVM](\"https://dev-to-uploads.s3.amazonaws.com/i/t2lnmj23y7z3cvgo0b1t.png\")
So our Puppetserver was back under control, with pretty similar memory settings to what Puppet 5 used.
\nKeeping the two pods we had been running, with their new tuned settings, we ran stress tests by setting the number of parallel threads in the Catalog Diff run.
\nWhen running 12 threads in parallel (far more than what 2 pods with 3 JRubies each can take), we noticed something I had seen before but not understood:
\nFailed to retrieve catalog for foo.example.com from puppetserver in environment catalog_diff: Failed to open TCP connection to puppetserver:8140 (No route to host - connect(2) for "puppetserver" port 8140)\n I had initially thought this was what happened by the Puppetserver was too busy and started rejecting connections. But no, this was clearly another problem, linked to Kubernetes networking and readiness probes.
\nAs we kept an eye on the Pods readiness during the run, we noticed the pods were going on and off, and thus being taken out of the Kubernetes service on a regular basis. The TCP connection issues happened when both pods were taken out of the service at the same time, since the service ended up with no endpoints left.
\nSo we turned to the pod's readiness probe to tune it.
\nThis is the default readiness probe we use in our Helm chart:
\nreadinessProbe:\n httpGet:\n path: /production/status/test\n port: http\n scheme: HTTPS\n httpHeaders:\n - name: Accept\n value: pson\n initialDelaySeconds: 30\n The initial delay lets the Puppetserver start its first JRuby instance before sending a probe. The default in Kubernetes would be 0 otherwise, which would clearly fail for a Puppetserver.
For all other settings, we relied on the defaults. As per Kubernetes docs:
\n\n\n\n
\n- initialDelaySeconds: Number of seconds after the container has started before liveness or readiness probes are initiated. Defaults to 0 seconds. Minimum value is 0.
\n- periodSeconds: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
\n- timeoutSeconds: Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1.
\n- successThreshold: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
\n- failureThreshold: When a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. In case of readiness probe the Pod will be marked Unready. Defaults to 3. Minimum value is 1.
\n
The timeoutSeconds parameter looks very low at 1 second by default. Indeed, we know that a busy Puppetserver could take more than 1 second to respond and that would be perfectly acceptable. So we've set it to 5 instead and the service has been much more stable since.
We've also set failureThreshold to 5.
A small fine-tuning goes a long way!
\nBe sure to gather enough data about your Puppetserver so you have the tools to debug its behavior when you need.
\nDo you have Puppet, Kubernetes, or observability needs? You can contact us and we'll be happy to put our expertise at your service!
"},{"url":"/posts/20200602-getting-puppet-report-metrics-from-puppetdb-6bp/","relativePath":"posts/20200602-getting-puppet-report-metrics-from-puppetdb-6bp.md","relativeDir":"posts","base":"20200602-getting-puppet-report-metrics-from-puppetdb-6bp.md","name":"20200602-getting-puppet-report-metrics-from-puppetdb-6bp","frontmatter":{"title":"Getting Puppet Report Metrics from PuppetDB","template":"post","date":"2020-06-02T09:22:19Z","excerpt":"Instead of sending metrics from the Puppetserver to Prometheus, they can be retrieved using the PuppetDB Metrics API.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fjczukvqf1fs7dau9jnfp.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fjczukvqf1fs7dau9jnfp.png","canonical_url":"https://dev.to/camptocamp-ops/getting-puppet-report-metrics-from-puppetdb-6bp","devto_url":"https://dev.to/camptocamp-ops/getting-puppet-report-metrics-from-puppetdb-6bp"},"html":"Puppet agent run reports contain useful metrics, such as the number of resources that were modified or failed to apply, or how much time each step of the run took.
\nThe traditional way of retrieving these metrics is using a report processor on the Puppet master.
\nSince Prometheus is now a de facto standard in metrics collection, there exists a Prometheus reporter, maintained by the VoxPupuli community. However, it uses a dropzone directory of yaml files with a local node exporter, so it's not a very clean approach.
\nOn top of this, reports and their metrics are already exported to the PuppetDB, which provides its own API to access this data.
\nGitHub — camptocamp/prometheus-puppetdb-exporter
\nPrometheus PuppetDB Exporter is a simple go binary that can scrape the PuppetDB for report metrics for Prometheus. It runs independently of the Puppet stack, and can be tuned to collect various types of metrics:
\nThe exporter provides metrics in the form puppet_report_<type> for each of these types.
# HELP puppetdb_exporter_build_info puppetdb exporter build informations\n# TYPE puppetdb_exporter_build_info gauge\npuppetdb_exporter_build_info{build_date="2019-02-18",commit_sha="XXXXXXXXXX",golang_version="go1.11.4",version="1.0.0"} 1\n# HELP puppetdb_node_report_status_count Total count of reports status by type\n# TYPE puppetdb_node_report_status_count gauge\npuppetdb_node_report_status_count{status="changed"} 1\npuppetdb_node_report_status_count{status="failed"} 1\npuppetdb_node_report_status_count{status="unchanged"} 1\n This makes it fully compatible with Vox Pupuli's reporter implementation.
\nThe exporter is provided as a Docker image, and is included by default in Camptocamp's PuppetDB Helm chart.
\nCoupled with (a slightly modified version of) Julien Pivotto's Puppet Report dashboard, you can make some pretty graphs from these metrics:
\n![\"Node](\"https://dev-to-uploads.s3.amazonaws.com/i/jczukvqf1fs7dau9jnfp.png\")
DNA tests are fun. They can give you a hint on your origins (though the results depend a lot on the data sets from the company providing them), get you in touch with cousins (or even closer relatives) you didn't know about, confirm genealogy hypothesis, and much more...
\nOne thing that is interesting to do with DNA results is to trace known DNA segments to a known ancestor. This is not always possible, and usually requires several triangulated matches on that segment to ensure where it comes from.
\nIn my DNA results, I have a rather large match on my X chromosome. This match is about 40cM long (for a total length of about 196cM at FamilyTreeDNA).
\n![\"A](\"https://dev-to-uploads.s3.amazonaws.com/i/690rgl67j0nnunn5shm0.png\")
Where could this segment have come from? Is there a way to tell?
\nIn autosomal tests, the X chromosome is often included, but it plays by\nits own rules. This is because X is transmitted in a funny way, due to\nthe fact that males only have one X chromosome (and one Y chromosome),\nwhile females have two (and no Y chromosome).
\nHere's an illustration from Wikipedia explaining how this affects the inheritance rules of that special chromosome:
\n![\"X](\"https://upload.wikimedia.org/wikipedia/commons/thumb/e/ed/X_chromosome_ancestral_line_Fibonacci_sequence.svg/1920px-X_chromosome_ancestral_line_Fibonacci_sequence.svg.png\")
As you can see, the consequence is pretty simple:
\nAs a result, a segment of an X chromosome can travel through both men and women (unlike segments on the Y chromosome, which travel only through men), but can never be carried by two men in a row.
\nIn other words, since I am a man, I cannot have gotten this segment from:
\nNow I'm quite lucky, as I happen to know the person I match on 40cM on that X chromosome, even though the match is quite distant:
\nSo, unless a closer path can be found in the future (which is unlikely), the inheritance hypothesis checks with both sides of the tree, confirming the chain of ancestors:
\n![\"Tracing](\"https://dev-to-uploads.s3.amazonaws.com/i/yd2eyu0ihscnz7emcd51.png\")
You can see how that X segment was transmitted from my 4th great-grandmother Luna Mondolfo (born around 1790) all the way to myself (on the left) and my DNA match (on the right).
\nOnce this is confirmed, it also allows to consider that any other match triangulating on this X segment is more likely linked to this side of the family, known and verified until the 18th century.
\nA great way of tracing known DNA segments is to use DNA Painter, a free website where you can gather segment information from various companies (FTDNA, Ancestry, GedMatch, MyHeritage, etc.) to \"paint\" your chromosomes.
\nHere's an example showing my maternal labels, with chromosome X at the bottom:
\n![\"DNA](\"https://dev-to-uploads.s3.amazonaws.com/i/vejbspsiy6tmsg8wcpu1.png\")
Did you make interesting finds in DNA tests as well?
"},{"url":"/posts/20200522-bitten-by-ha-puppetdb-postgresql-1eld/","relativePath":"posts/20200522-bitten-by-ha-puppetdb-postgresql-1eld.md","relativeDir":"posts","base":"20200522-bitten-by-ha-puppetdb-postgresql-1eld.md","name":"20200522-bitten-by-ha-puppetdb-postgresql-1eld","frontmatter":{"title":"Bitten by HA: PuppetDB & PostgreSQL","template":"post","date":"2020-05-22T14:32:17Z","excerpt":"When PuppetDB started misbehaving, it took us quite a while to realize the problem was somewhere else…","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fux2ltllgi7mjem72mf2z.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fux2ltllgi7mjem72mf2z.png","canonical_url":"https://dev.to/camptocamp-ops/bitten-by-ha-puppetdb-postgresql-1eld","devto_url":"https://dev.to/camptocamp-ops/bitten-by-ha-puppetdb-postgresql-1eld"},"html":"Last Wednesday morning, a colleague informed me that our internal Puppet infrastructure was performing slowly. Looking at the Puppetboard, I quickly realized there was another issue: all the nodes were marked as unreported, with the last report dating from more than 24 hours in the past.
\nI checked the PuppetDB logs and saw that the reports were coming fine and being saved, so something else was wrong.
\nAfter a few hours of debugging, I still had no clue so I resorted to the option of upgrading the PuppetDB. I ideally wanted to stay with PuppetDB 5.x to avoid a major upgrade, but there was no available official Docker image for PuppetDB 5.x above 5.2.7 (which we are using).
\nSo I upgraded to PuppetDB 6.9.1 and then PuppetDB 6.10.1.
\nAt first, the connection with PostgreSQL failed as PuppetDB now defaults to fully verifying the PostgreSQL SSL certificate against the Puppet CA. So I had to modify the PostgreSQL connection string to include ?sslmode=require and restart the PuppetDB.
The logs seemed fine at first, but the Puppetboard kept returning an error 500. That's when I realized that PuppetDB now required an access file to allow hosts by IP range. I modified our Helm chart to include a new configuration file, but Puppetboard still wasn't happy.
\nI restarted the PuppetDB and started seeing weird log lines looping infinitely, right after the migration step in startup:
\n2020-05-20 18:55:40,169 WARN [clojure-agent-send-off-pool-1] [p.p.jdbc] Caught exception. Last attempt, throwing exception.\n At this point, Charlie Sharpsteen started helping me to debug the issue.
\nI tried manual curl requests to the PuppetDB and the logs started sprouting stack traces mentioning both JDBC connection issues as well as the database schema version being wrong:
...\nCaused by: java.sql.SQLTransientConnectionException: PDBReadPool - Connection is not available, request timed out after 3000ms.\n...\nCaused by: com.zaxxer.hikari.pool.PoolBase$ConnectionSetupException: org.postgresql.util.PSQLException: ERROR: Please run PuppetDB with the migrate option set to true\n to upgrade your database. The detected migration level 66 is\n out of date.\n...\n I connected to the PostgreSQL database and checked it. Everything looked fine, and select max(version) from schema_migrations; returned 74 as expected, not 66. So where did this number come from? Charlie started suspecting that there was another database involved…
Totally out of other options, I decided to remove the lines with versions above 66 in the schema_migrations table and see if restarting the PuppetDB would finalize the migration. That was a huge failure, as the migration scripts are not idempotent, as could be expected.
I was left with only one option: dropping the database and restoring it.\nBut then PostgreSQL refused to drop the database, saying it was read-only. I tried forcing read-write, but the database was marked in recovery.
\nThat's when I gave up for the day (as it was already past 23:00). I turned off the PuppetDB service entirely (scaled the deployment to 0 replicas actually) and went to bed, letting the nodes apply catalogs from cache for the next 30 hours (since Thursday was off).
\nThis morning, we got back to debugging this problem, and things started making more sense.
\nFirst off, it turned out I was trying to drop the database on a slave cluster. I had ended up on the slave by using a production CNAME DNS entry which pointed to both the master and slave in round-robin…
\nOnce my colleague Julien had helped me realize that, he was able to drop the database on the master. We restarted the PuppetDB in version 6.10.1. But the errors were still there…
\nWe rolled back to PuppetDB 5.2.7 and a clean database… Everything started fine, but the Puppetboard still showed all nodes as unreported! Where could it get these nodes if the database had been wiped‽
\nThis led us to the conclusion that the data was still somewhere else… on the slave…
\nSo here's what happened.
\nEarlier this week, there was an outage with the object storage facility we're using for wal-g, our PostgreSQL backup tool.
\n![\"PostgreSQL](\"https://dev-to-uploads.s3.amazonaws.com/i/ux2ltllgi7mjem72mf2z.png\")
This led to a disk full on our master PostgreSQL machine. The disk full was very short as PostgreSQL restarted and removed all its WALs so it went unnoticed. However, this also broke replication, so the slave PostgreSQL database ended up stuck on that date. For some reason, we missed the replication alert.
\n![\"Wal](\"https://dev-to-uploads.s3.amazonaws.com/i/ayytz0tufaf6mrh83q29.png\")
PuppetDB is configured to write to master and read from slave. This is why all our nodes were unreported in Puppetboard (since they came from slave), even though PuppetDB kept writing the reports properly (in master)! This also explains the weird errors after upgrading to PuppetDB 6, since migration was properly done on the master (to schema v74) but read requests went to the slave (stuck in schema v66).
\nSince we had wiped the master's database this morning, we ended up restoring from the slave's version, and going back to PuppetDB 5.2.7 until we can properly solve the Jolokia potential issues with external access to the PuppetDB API.
\nAll nodes in Puppetboard have now returned to normal.
"},{"url":"/posts/20200608-how-to-manage-files-with-puppet-55e4/","relativePath":"posts/20200608-how-to-manage-files-with-puppet-55e4.md","relativeDir":"posts","base":"20200608-how-to-manage-files-with-puppet-55e4.md","name":"20200608-how-to-manage-files-with-puppet-55e4","frontmatter":{"title":"All the ways to manage files with Puppet","template":"post","date":"2020-06-08T21:12:50Z","excerpt":"Puppet has many tools to manage configuration files. Knowing them can help you choose the one that best fits your needs.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fllt1le7b54wy0459shs1.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fllt1le7b54wy0459shs1.png","canonical_url":"https://dev.to/camptocamp-ops/how-to-manage-files-with-puppet-55e4","devto_url":"https://dev.to/camptocamp-ops/how-to-manage-files-with-puppet-55e4"},"html":"\"Everything is a file\" is a very famous Unix principle. And because of this, most of configuration management on Unix/Linux revolves around managing files.
\nPuppet, as a configuration management tool, is no exception to this. As a consequence, there are many ways to manage configuration files with Puppet. They all have a reason to exist, and a purpose to fulfill.
\n![\"Know](\"https://dev-to-uploads.s3.amazonaws.com/i/rd2gpnxaq87rvgl5vz0j.jpg\")
Knowing your tools is the object of this blog post, with the following topics:
\nLet's start with a first choice when managing files:
\nMany practitioners I've met consider that managing whole configurations is the only acceptable way of proceeding, since managing partial configuration does not lead to a predictable final state.
\nHowever, managing whole configurations often leads to managing defaults which were carefully chosen for your GNU/Linux distribution and were perfectly fine to keep. It also leads to maintaining lots of different defaults in modules to try and stay as close as possible to the distribution standards when using default values.
\nSo both approaches have pros and cons.
\nThis is the approach you take when you want to control the full content of the software configuration. This does not mean however that everything has to fit into a single file; the configuration might be split, and splitting often makes configuration management more flexible.
\nThe easiest case is without doubt managing static content, when your file is always the same.
\nHowever simple this might seem, there can still be tricks.
\nFor example, scripts and binary blobs can easily be managed this way in Puppet, and we often see code such as:
\nfile { '/usr/local/bin/myscript.sh':\n ensure => file,\n source => "puppet:///modules/${module_name}/myscript.sh",\n}\n That works fine, but if you're trying to deploy a software (maybe even with a tarball, using the puppet-archive module), it's probably better to package it for your distribution and use your package manager (apt/yum/etc.) as the deployment layer. You'll get a much simpler Puppet code, usually better performance, and you'll rely on the package manager's metadata for idempotence:
package { 'myscript':\n ensure => present,\n}\n Another possibility is using the puppetlabs-vcsrepo resource type. The VCS (e.g. Git) will then provide the metadata to ensure idempotence, e.g.:
vcsrepo {'/usr/src/ceph-rbd-backup':\n ensure => latest,\n provider => 'git',\n source => 'https://github.com/camptocamp/ceph-rbd-backup',\n revision => 'master',\n}\n When using the file type to deploy static content, it is quite common to use the source attribute to specify the file to copy:
file { '/srv/foo':\n ensure => file,\n source => "puppet:///modules/${module_name}/foo",\n}\n This makes use of the Puppetserver's fileserver feature. When using this syntax, every Puppet run will result in a file_metadata HTTP request to the Puppetserver for each file managed, just to get the metadata necessary to decide whether the file needs to be replaced or not.
When many files are managed this way on many agents, this results in lots of HTTP requests being made during catalog application, which will saturate the Puppetserver's JRuby threads and prevent them from processing catalog compilations and reports instead.
\nInstead, when deploying non-binary content, you can use the file() function with a relative path:
file { '/srv/foo':\n ensure => file,\n content => file("${module_name}/foo"),\n}\n This is totally equivalent to the previous syntax, except the whole file will be included in the catalog, instead of just a pointer to the fileserver.
\nVery often, static content is not enough to configure your software. You need variables, and a more flexible approach.
\nNative Puppet Ruby types are probably the most flexible way of managing a configuration, as they provide a very fine-grained interface to edit configuration files.
\nHowever, they do not manage the whole configuration by default. That is, unless you can use purging with them.
\nPurging resources in Puppet requires two conditions:
\nself.instances method defined)When both these conditions are met, Puppet can purge the resources it doesn't explicitly manage by:
\nself.instances method)There are two main ways of achieving this:
\nresources typecrayfishx-purge moduleThe resources type fits basic needs, by allowing to purge all resources not managed by Puppet. For example:
host { 'localhost':\n ensure => present,\n ip => '127.0.0.1',\n}\n\nresources { 'host':\n purge => true,\n}\n will purge all entries in /etc/hosts except for localhost.
The resources resource type also allows to set exceptions, though only for the user type:
resources { 'user':\n purge => true,\n unless_system_user => true,\n}\n This is a hard limitation, which the purge type fixes by providing a more flexible interface, allowing to set:
For example:
\npurge { 'mount':\n state => unmounted,\n unless => ['name', '==', ['/', '/var', '/home']],\n}\n will unmount all file systems that are not managed by Puppet, unless they are mounted on /, /var or /home.
In order to manage configurations in full, the purge type can be used with native types that manage configuration file stanzas and know how to list instances.
This is the case of:
\nhost typemailalias typeFor example, you can manage sshd_config in full using the herculesteam-augeasproviders_ssh module with code such as:
sshd_config {\n 'X11Forwarding':\n value => 'yes',\n ;\n\n 'UsePAM':\n value => 'no',\n ;\n}\n\npurge { 'sshd_config': }\n When there are no purgeable types for your configuration file type, and you need to manage the content from a single scope (a single Puppet class), the most obvious option is to use a simple file resource with a template. Prefer EPP templates these days, as they are easier and safer than ERB templates:
file { '/path/to/foo':\n ensure => file,\n content => epp(\n "${module_name}/foo.epp",\n {\n var1 => 'value1',\n var2 => 'value2',\n }\n ),\n}\n When your content needs to come from multiple scopes, a single file resource won't suffice.
If you're lucky and your configuration format supports include statements, this is the easiest way to go. For example:
\n# Deploy a static file to perform the inclusion\nfile { '/etc/sudoers':\n ensure => file,\n content => '#includedir /etc/sudoers.d',\n}\n\n# Deploy each rule as a separate file in the directory\nfile { '/etc/sudoers.d/defaults_env':\n ensure => file,\n content => 'Defaults env_reset',\n}\n\nfile { '/etc/sudoers.d/foo':\n ensure => file,\n content => 'foo ALL=(ALL:ALL) ALL',\n}\n\n# Let Puppet purge the directory of all unknown files\nfile { '/etc/sudoers.d':\n ensure => directory,\n purge => true,\n}\n Many configuration formats don't support includes: everything has to be in a single file. Managing such a file from multiple scopes requires the use of a concat module.
\nThe most used concat module is the official puppetlabs-concat. It lets you declare a target file where all fragments will be concatenated, and then deploy multiple fragments tagged for this target. For example, the sudoers example above is roughly equivalent to:
concat { '/etc/sudoers':\n ensure => present,\n}\n\nconcat::fragment { 'defaults_env':\n target => '/etc/sudoers',\n content => 'Defaults env_reset',\n order => '01',\n}\n\nconcat::fragment { 'foo':\n target => '/etc/sudoers',\n content => 'foo ALL=(ALL:ALL) ALL',\n order => '10',\n}\n Each fragment is deployed separately to the agent, then concatenated to generate the final file.
\nA few years ago, I experimented with yet another option to manage full dynamic content, without losing the benefit of sane distribution defaults.
\nThe camptocamp-augeas_file resource type allows to use a local file on the Puppet agent as a template on which Augeas changes are applied to generate the final file:
augeas_file { '/etc/apt/sources.list.d/jessie.list':\n lens => 'Aptsources.lns',\n base => '/usr/share/doc/apt/examples/sources.list',\n changes => ['setm ./*[distribution] distribution jessie'],\n}\n Every time the Puppet agent runs, it will use /usr/share/doc/apt/examples/sources.list as a template and apply the changes using Augeas to generate /etc/apt/sources.list.d/jessie.list. The target file is only written if any changes occur, making it idempotent. If the template changes (e.g. after a package upgrade), the target will be regenerated.
Partial configurations have less options to be managed. They're essentially light versions of the options cited above:
\nJust as for full configurations, you can use native puppet types (host, mailalias, Augeasproviders types, etc.), without purging them.
In addition, since you don't mind managing files partially, you can also use types which don't support purging, such as ini_setting for INI file types:
ini_setting { "sample setting":\n ensure => present,\n path => '/tmp/foo.ini',\n section => 'bar',\n setting => 'baz',\n value => 'quux',\n}\n or the shellvar type for shell configuration files:
shellvar { "ntpd options":\n ensure => present,\n target => "/etc/sysconfig/ntpd",\n variable => "OPTIONS",\n value => "-g -x -c /etc/myntp.conf",\n}\n Includes work just as for whole configurations, but without purging the directory.
\nIf no Augeasproviders exists for your resource type, but Augeas has an available lens for your configuration format, then you can most likely use the augeas resource type to manipulate it.
This is often used to manipulate XML configurations for example:
\naugeas {'foo.xml':\n incl => '/tmp/foo.xml',\n context => '/files/tmp/foo.xml/foo',\n lens => 'Xml.lns',\n changes => [\n 'set bar/#text herp',\n ],\n}\n I've kept file_line for the end of this list, because this is really the last option you might want to consider (just like exec) since has many downfalls.
However, if you got this far, you're probably either:
\n.bashrc (which the shellvar type usually parses rather fine) or some kind of PHP or Perl configuration… I don't envy you if you have no option of using templates/concat for that!There are many tools to manage files in Puppet.
\nDo you have other modules/resource types you like to use for this? Let me know in the comments!
"},{"url":"/posts/20200610-configuration-surgery-with-go-structure-tags-12a4/","relativePath":"posts/20200610-configuration-surgery-with-go-structure-tags-12a4.md","relativeDir":"posts","base":"20200610-configuration-surgery-with-go-structure-tags-12a4.md","name":"20200610-configuration-surgery-with-go-structure-tags-12a4","frontmatter":{"title":"Configuration surgery with Go structure tags","template":"post","date":"2020-06-10T20:55:35Z","excerpt":"Narcissus is a reflection library letting you edit configuration files in Go","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fp9blragy3jsbexp72cs0.jpg","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fp9blragy3jsbexp72cs0.jpg","canonical_url":"https://dev.to/raphink/configuration-surgery-with-go-structure-tags-12a4","devto_url":"https://dev.to/raphink/configuration-surgery-with-go-structure-tags-12a4"},"html":"From Docker to Kubernetes, from Consul to Terraform, Go has been used increasingly in system tools these last years.
\nSince most of these system tools manage systems running on Unix systems, one of their core tasks is to deal with files, and configuration files in particular.
\nAugeas is a C library to modify configuration files. It allows to parse files with many different syntax (over 300 by default), modify the configuration using a tree accessed with an XPath-like language, and write back the configuration.
\nIt tries hard to modify only what you mean to, keeping all details (spaces, indentations, new lines, comments) unchanged.
\n![\"Augeas\"](\"https://dev-to-uploads.s3.amazonaws.com/i/xij7ocuklz6agg2rm95h.png\")
Because of its history, Augeas is mainly known in the Puppet world. However, there are also plugins for Ansible, Chef, SaltStack, (R)?ex and more tools… Augeas is also used directly in C libraries such as libvirt and Nut.
\nIn the Puppet world, the Augeasproviders project was created to develop native Puppet types and providers (in Ruby) based on Augeas.
\nThese providers use the Augeas Ruby bindings to draw on Augeas' power, all the while providing a simple interface for users, without the need to know how Augeas works.
\nAt the core of the Augeasproviders project, there is a base provider shipped in the hearculesteam-augeasproviders_core Puppet module, which provides an interface to build more providers, in a declarative way.
\nFor example, you can set the location of the node corresponding to the Puppet resource to manage in the Augeas tree:
\nresource_path do |resource|\n service = resource[:service]\n type = resource[:type]\n mod = resource[:module]\n control_cond = (resource[:control_is_param] == :true) ? "and \n control='#{resource[:control]}'" : ''\n if target == '/etc/pam.conf'\n "$target/*[service='#{service}' and type='#{type}' and module='#{mod}' #{control_cond}]"\n else\n "$target/*[type='#{type}' and module='#{mod}' #{control_cond}]"\n end\nend\n The create and destroy methods, as well as the getters and setters for the Puppet resource properties, can also be described in a similar fashion, making it simpler to develop new providers based on Augeas.
As for many other languages, there are Go bindings for Augeas:
\n\nMuch like the Ruby bindings, the go library lets you manipulate an Augeas handler to query the Augeas tree, modify it, and save it.
\nIn the Go world, structures have optional tags which can be used for parsing and writing to external formats.
\nThis is used to reflect structures as JSON, YAML, XML, or specify library options to manage the structure fields:
\n// Version is an S3 bucket version\ntype Version struct {\n ID uint `sql:"AUTO_INCREMENT" gorm:"primary_key" json:"-"`\n VersionID string `gorm:"index" json:"version_id"`\n LastModified time.Time `json:"last_modified"`\n}\n They are also used to build program interfaces by specifying configuration options:
\ntype config struct {\n Version bool `short:"V" long:"version" description:"Display version."`\n Token string `short:"t" long:"token" description:"GitHub token" env:"GITHUB_TOKEN"`\n Users []string `short:"u" long:"users" description:"GitHub users to include (comma separated)." env:"GITHUB_USERS" env-delim:","`\n Manpage bool `short:"m" long:"manpage" description:"Output manpage."`\n}\n The tags above (sql, gorm, json, short, long, description, env, env-delim) are used by Go libraries through the Go reflection library to provide dynamic features for structures.
While Hercules is known in Greek mythology for his works —including cleaning the stables of King Augeas—, Narcissus is famous for gazing at his reflection in the water.
\n\nThe Narcissus project is a Go library providing structure tags to manage configuration files with Augeas. It then maps structure tags to the Augeas tree dynamically, allowing you to expose any configuration file (or file stanza) known to Augeas as a Go structure.
\n/etc/groupThe Unix group file is very simple and well-known. It features one group per line, with fields separated by colons:
root:x:0:\ndaemon:x:1:\nbin:x:2:\nsys:x:3:\nadm:x:4:syslog,raphink\n Augeas parses it by storing each group name as a node key in the tree, and exposing each field by its name:
\n$ augtool print /files/etc/group\n/files/etc/group\n/files/etc/group/root\n/files/etc/group/root/password = "x"\n/files/etc/group/root/gid = "0"\n/files/etc/group/daemon\n/files/etc/group/daemon/password = "x"\n/files/etc/group/daemon/gid = "1"\n/files/etc/group/bin\n/files/etc/group/bin/password = "x"\n/files/etc/group/bin/gid = "2"\n/files/etc/group/sys\n/files/etc/group/sys/password = "x"\n/files/etc/group/sys/gid = "3"\n/files/etc/group/adm\n/files/etc/group/adm/password = "x"\n/files/etc/group/adm/gid = "4"\n/files/etc/group/adm/user[1] = "syslog"\n/files/etc/group/adm/user[2] = "raphink"\n Modifying any of these fields and saving the tree will result in an updated /etc/group file. Adding new entries in the tree will result in additional entries in /etc/group, provided the tree is valid for the Group.lns Augeas lens.
In our Go code, we can map a group structure to entries in the /etc/group file easily by using the Narcissus package:
import (\n\t"log"\n\n\t"honnef.co/go/augeas"\n\t"github.com/raphink/narcissus"\n)\n\ntype group struct {\n\taugeasPath string\n\tName string `narcissus:".,value-from-label"`\n\tPassword string `narcissus:"password"`\n\tGID int `narcissus:"gid"`\n\tUsers []string `narcissus:"user"`\n}\n\nfunc main() {\n\taug, err := augeas.New("/", "", augeas.None)\n\tif err != nil {\n\t\tlog.Fatal("Failed to create Augeas handler")\n\t}\n\tn := narcissus.New(&aug)\n\n\tgroup := &group{\n\t\taugeasPath: "/files/etc/group/docker",\n\t}\n\terr = n.Parse(group)\n\tif err != nil {\n\t\tlog.Fatalf("Failed to retrieve group: %v", err)\n\t}\n\n\tlog.Printf("GID=%v", group.GID)\n\tlog.Printf("Users=%v", strings.Join(group.Users, ","))\n}\n The augeasPath field is necessary to store the location of the file in the Augeas tree, in our case /files/etc/group/docker to manage the docker group in the file.
Then each structure field is linked to the corresponding node name in the Augeas tree:
\n.,value-from-label, where . refers to the current node, and value-from-label tells Narcissus how to get the valuepassword for the Passwordgid for the GIDuser for the Users, parsed as a slice of strings (i.e. the user label might appear more than once in the Augeas tree)Note that all fields must be capitalized in order for Go reflection to work.
\nOnce we call the Parse() method on the Narcissus handler, the structure is dynamically filled with the values in the Augeas tree, so we can access the gid with group.GID and the users with group.Users.
The main point of the Augeas library is not just to parse, but also to modify configuration files in a versatile way.
\nIn Narcissus, this is done by calling the Write() method on the Narcissus handler. Narcissus then transforms the structure back to the Augeas tree and saves it.
For example, using the PasswdUser type provided by default in the narcissus package:
user := n.NewPasswdUser("raphink")\n\n// Modify UID\nuser.UID = 42\n\nif err := n.Write(user); err != nil {\n log.Fatalf("Failed to save user: %v", err)\n}\n Narcissus comes with a few structures already mapped:
\n/etc/fstab, with the NewFstab() method/etc/hosts with the NewHosts() method/etc/passwd with NewPasswd() and NewPasswdUser() methods/etc/services with NewServices() and NewService() methodsWhich structures will you map with it? Which tool could benefit from this library?
\nLet me know in the comments!
"},{"url":"/posts/20200610-visibility-comments-b65/","relativePath":"posts/20200610-visibility-comments-b65.md","relativeDir":"posts","base":"20200610-visibility-comments-b65.md","name":"20200610-visibility-comments-b65","frontmatter":{"title":"How to encourage interaction on dev.to posts?","template":"post","date":"2020-06-10T19:19:35Z","excerpt":"After a few years of being inactive on dev.to, I've started actively posting about a month ago. I...","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fw14l9yddz1nqrnvo3xfe.jpg","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fw14l9yddz1nqrnvo3xfe.jpg","canonical_url":"https://dev.to/raphink/visibility-comments-b65","devto_url":"https://dev.to/raphink/visibility-comments-b65"},"html":"After a few years of being inactive on dev.to, I've started actively posting about a month ago.
\nI see quite a few visits to some of my posts (up to nearly 400 views for some), but I get absolutely no comments (unless it's a small post with the #discuss tag).
Is that normal? Is there a way on dev.to to drive more reactions/interactions? Is it the subject (mainly DevOps/SRE-related) that is not core to this platform?
\nAm I missing something?
"},{"url":"/posts/20200612-add-puppet-tag-142l/","relativePath":"posts/20200612-add-puppet-tag-142l.md","relativeDir":"posts","base":"20200612-add-puppet-tag-142l.md","name":"20200612-add-puppet-tag-142l","frontmatter":{"title":"Add #puppet tag","template":"post","date":"2020-06-12T06:08:13Z","excerpt":"It would be great to attract more DevOps-related content to dev.to. With a few other people, I've...","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","canonical_url":"https://dev.to/raphink/add-puppet-tag-142l","devto_url":"https://dev.to/raphink/add-puppet-tag-142l"},"html":"It would be great to attract more DevOps-related content to dev.to. With a few other people, I've started blogging about Puppet and would really appreciate if it could become an official tag!
"},{"url":"/posts/20200702-github-sponsors-and-dev-to-posts-51b1/","relativePath":"posts/20200702-github-sponsors-and-dev-to-posts-51b1.md","relativeDir":"posts","base":"20200702-github-sponsors-and-dev-to-posts-51b1.md","name":"20200702-github-sponsors-and-dev-to-posts-51b1","frontmatter":{"title":"💡 GitHub Sponsors and dev.to posts","template":"post","date":"2020-07-02T05:52:51Z","excerpt":"GitHub Sponsors could be leveraged on dev.to to generate revenue","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fqdp4swhb2kngx4cmsowd.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fqdp4swhb2kngx4cmsowd.png","canonical_url":"https://dev.to/raphink/github-sponsors-and-dev-to-posts-51b1","devto_url":"https://dev.to/raphink/github-sponsors-and-dev-to-posts-51b1"},"html":"Yesterday, I read a blog post by Caleb Porzio about making money from Open Source projects, in particular by leveraging the GitHub sponsors program.
\nHis conclusion is that the best way to use GitHub Sponsors is to make both free and paid educational content, such that free content attracts an audience, and then they want to support you to access the advanced, paid, content.
\nIt seems to me that the DEV community, being already connected to GitHub, would be a perfect place to implement this idea.
\nThere could be a tag in the meta parameters of a post, which would restrict its access (fully or partly, e.g. by hiding the end of the article like lots of newspapers do) to the author's GitHub sponsors:
\n# Restrict to sponsors of the raphink GitHub account\nrestrict_sponsors: raphink\n# Restrict to sponsors of tier $10 or above\nrestrict_sponsors: raphink/10\n What do you think? Is that a feature that would be interesting for the DEV community?
"},{"url":"/posts/20200629-enhance-and-colorize-old-pictures-5c9g/","relativePath":"posts/20200629-enhance-and-colorize-old-pictures-5c9g.md","relativeDir":"posts","base":"20200629-enhance-and-colorize-old-pictures-5c9g.md","name":"20200629-enhance-and-colorize-old-pictures-5c9g","frontmatter":{"title":"Enhance, Colorize, and Animate Old Pictures","template":"post","date":"2020-06-29T16:45:38Z","excerpt":"MyHeritage in Color allows to fine-tune automatically colorized and enhanced photographs","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fb78xjnsl62d9by6bkyoh.jpg","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fb78xjnsl62d9by6bkyoh.jpg","canonical_url":"https://dev.to/raphink/enhance-and-colorize-old-pictures-5c9g","devto_url":"https://dev.to/raphink/enhance-and-colorize-old-pictures-5c9g"},"html":"Over the last 2 years, Machine Learning has brought impressive breakthrough to image processing techniques. In particular, photography colorization has seen amazing progress, thanks mainly to the work of two developers: Jason Antic and Dana Kelley.
\nTheir model is so precise that MyHeritage hired them to include a colorization tool directly on their website. As a result, you can colorize pictures for free at https://www.myheritage.fr/incolor. Paid MyHeritage members are not limited in the number colorizations, and don't get the MyHeritage watermark on the result pictures.
\nAdditionally, MyHeritage recently added a new AI-based feature to this tool, by allowing users to enhance faces in their pictures:
\n\nUsing the tool from your MyHeritage picture collection is extremely simple. You just need to upload a picture and use the \"enhance\" and \"colorize\" buttons one after the other.
\n![\"Colorization](\"https://dev-to-uploads.s3.amazonaws.com/i/wt2uwlf0t0dhu2w53w91.png\")
In the last few weeks, I've seen lots of people using MyHeritage In Color on their pictures, and they're usually quite content with the result. However, most of them have no idea they could get even better results by tuning the rendering.
\nOnce a picture is colorized, a gear icon appears to let you fine-tune the result:
\n![\"Tuning](\"https://dev-to-uploads.s3.amazonaws.com/i/4prlyuwyikgo0qhi9v69.png\")
There are 4 parameters which can be tuned using this icon:
\nGenerally speaking, this is what I have found from colorizing hundreds of pictures, essentially portraits of people:
\nHere is an example:
\n![\"Default](\"https://dev-to-uploads.s3.amazonaws.com/i/of5je7h1ou8nd48dtugh.png\")
This colorized (and enhanced) picture doesn't look bad, but the clothes have lots of purple spots all over them. Switching to the alternative model reduces this, without affecting the faces too much:
\n![\"Alternative](\"https://dev-to-uploads.s3.amazonaws.com/i/epmwc8x4r4zp90nu6jju.png\")
There's still some weird zones though, so I want to try and reduce these by increasing the rendering factor. After playing around, I ended up with a factor of 64 for that picture:
\n![\"Render](\"https://dev-to-uploads.s3.amazonaws.com/i/sqv6a9c7s7rrb2gtb9l1.png\")
However, the colors are getting slightly dim now, so I've increased the saturation to 1.2 to counteract that:
\n![\"Saturation\"](\"https://dev-to-uploads.s3.amazonaws.com/i/l6ttuj25eh7jxtzolp28.png\")
Granted, the results on this picture are far from perfect, as it is hard to colorize (which is why I chose it!).
\nWhen tuning a colorization, every time you modify a parameter, you can preview the changes, and then choose to save them.
\nIn a very practical fashion, MyHeritage lets you click on the colorized picture to compare with the previously saved version.
\nHowever, it doesn't save the results for each combination, so when you play around with parameters, you can end up waiting a long time to go back to previous combinations.
\nFor this reason, I use A/B testing when colorizing. My process is:
\nThe drawback of this method is that you need to re-open the tuning interface every time, but in the end, you'll save lots of rendering time and you know you're saving the best version you could get.
\nWhile the settings in MyHeritage in Color clearly help, they can't —yet— get you to a perfect result most of the time.
\nIn many cases, some parameters will have better results on people, while others will improve objects or the background.
\nOne thing I've started doing is downloading multiple versions of the colorization, importing them all as layers in Gimp, and cutting them so as to get the best result in every zone.
\nIn other cases, the tint on some objects may not be perfect despite trying to tune the engine. In these cases, you can duplicate these zones in Gimp and tune their tint/saturation/hue individually until you get the result you want.
\nFace enhancing can lead to very impressive results by recreating realistic faces that match the shadow of faces in the blur pictures.
\nFor example, in the picture I used before, some of the children's faces look amazing:
\n![\"Face](\"https://dev-to-uploads.s3.amazonaws.com/i/2svy7z72gnqo6cl90oql.jpg\")
Yes, the original is on the left!
\nAt times however, little dots or other issues with the original picture can lead the face enhancer astray and generate some very disturbing results. Here for example, there's a line on the face in the original picture, which gets \"interpreted\" as a scar:
\n![\"Scar](\"https://dev-to-uploads.s3.amazonaws.com/i/i8d5qjc1ysxlegxooylj.jpg\")
And in this one, the left eye looks too dark in the original picture, leading to a strange color dissymetry:
\n![\"Eye](\"https://dev-to-uploads.s3.amazonaws.com/i/dbzchaqre1c8eyy3zc6e.jpg\")
Fortunately, these aren't too hard to fix. In the case of the \"scar\", erasing it (using Gimp with simple editing methods such as the stamp tool) fixed the issue:
\n![\"Fixed](\"https://dev-to-uploads.s3.amazonaws.com/i/b78xjnsl62d9by6bkyoh.jpg\")
The eyes weren't much harder to fix. Since the face is straight, I just copied the right pupil (just the pupil, not the entire eye) and pasted it on the left eye. The difference is hardly noticeable in the B&W picture, but it's enough for the AI algorithm to pick it up properly:
\n![\"Fixed](\"https://dev-to-uploads.s3.amazonaws.com/i/2xxhxugvmo4wqnxdj2qa.jpg\")
As of February 2021, MyHeritage now allows to animate portraits that were enhanced.
\nFrom the picture view, simply click the animation button and choose the face to animate. You can choose from 10 different animations. If the face was colorized, the animation will honor it.
\n\nHave you colorized pictures with DeOldify or MyHeritage in Color? Have you found useful ways to get good results? Share them in the comments!
"},{"url":"/posts/20200721-templating-puppet-control-repositories-3pk7/","relativePath":"posts/20200721-templating-puppet-control-repositories-3pk7.md","relativeDir":"posts","base":"20200721-templating-puppet-control-repositories-3pk7.md","name":"20200721-templating-puppet-control-repositories-3pk7","frontmatter":{"title":"Templating Puppet Control Repositories","template":"post","date":"2020-07-21T08:45:28Z","excerpt":"When managing multiple Puppet Control Repositories, modulesync is a very useful tool to keep files in sync.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","canonical_url":"https://dev.to/camptocamp-ops/templating-puppet-control-repositories-3pk7","devto_url":"https://dev.to/camptocamp-ops/templating-puppet-control-repositories-3pk7"},"html":"Puppet code is usually deployed using a Control Repository, a single Git repository used by R10k (or Code Manager on Puppet Enterprise) to manage Puppet environments on Puppet Masters.
\nOn complex infrastructures with multiple independent Puppet Masters, you might have the need to use multiple control repositories. For example at Camptocamp, we have specific clients with enough nodes to have their own Puppet infrastructure each.
\nFor these clients, we do not want to use a shared Puppet Control Repository. However, we do want to keep the code as similar as possible between the infrastructures, and make sure some parameters and settings (admin accounts, ssh keys, etc.) are synchronized.
\nModulesync is a piece of software initially created by Puppet Inc. to synchronize files between Git repositories for Puppet modules. Nowadays, this feature is being served by PDK for Puppet modules, so modulesync is now managed by the Vox Pupuli community.
\nFor years, we have been using it at Camptocamp to keep our Control Repositories synchronized.
\nIn order to achieve this, we use a template repository, which we call puppetmaster-common.
Each of our clients has their own GitLab instance with their Puppet Control Repository, and this template repository brings it all together.
\nThis repository is set as follows.
\nThis file contains the general settings for modulesync:
\n---\n# default namespace in GitLab instances\nnamespace: 'camptocamp'\n# Branch to synchronize\nbranch: 'msync'\n# Default Merge Request title\npr_title: 'Modulesync [autodiff]'\n# Default Merge Request target branch\npr_target_branch: 'staging'\n On all our Control Repositories, we have locked the stable and staging branches to prevent pushes to them. This forces us to create Merge Requests for new features, ensuring quality through our CI pipeline.
For this reason, we use a separate branch, called msync, to perform the synchronizations.
Since we use several GitLab instances and we want to be able to automate Merge Request creation, this file contains GitLab API URLs and tokens per managed Control Repository. It looks similar to this:
\npuppetmaster-c2c:\n :remote: 'ssh://git@gitlab1/camptocamp/is/puppet/puppetmaster-c2c.git'\n :namespace: 'camptocamp/is/puppet'\n :gitlab:\n :token: 'abc123def456'\n :base_url: 'https://gitlab1/api/v4'\n\npuppetmaster-client1:\n :remote: 'ssh://git@gitlab-client1/puppet/puppetmaster-client1.git'\n :namespace: 'puppet'\n :gitlab:\n :token: 'someOtherToken'\n :base_url: 'https://gitlab-client1/api/v4'\n The moduleroot directory contains the files we want to synchronize, as ERB templates. In our case:
moduleroot/\n├── doc\n│ ├── architecture.md.erb\n│ └── before_after.md.erb\n├── environment.conf.erb\n├── Gemfile.erb\n├── .gitignore.erb\n├── .gitlab-ci.yml.erb\n├── hieradata\n│ └── cross-site\n│ ├── common-cross-site.yaml.erb\n│ ├── README.md.erb\n│ ├── .travis.yml.erb\n│ └── verify-key-length.erb\n├── hiera-eyaml-gpg.recipients.erb\n├── Puppetfile.erb\n├── .puppet-lint.rc.erb\n├── Rakefile.erb\n├── README.md.erb\n└── scripts\n ├── bolt.erb\n ├── docker.erb\n ├── node_deactivate.erb\n ├── puppetca.erb\n └── puppet-query.erb\n A few notes here on the files here.
\nMost of these files (e.g. the scripts, Gemfile, or environment.conf) are actually static, but they need to be named .erb nonetheless, otherwise modulesync will ignore them.
hiera-eyaml-gpg.recipients.erb works essentially as a filter on the hiera-eyaml-gpg.recipients file at the top of the repository, taking every admin key, as well as one puppet@ key specified in the .sync.yml of the control repository with the master_gpg_key setting:
<%=\nbasedir = File.expand_path('..', File.dirname(__FILE__))\nrecipients_file = File.expand_path(File.join(basedir, 'hiera-eyaml-gpg.recipients'))\n\nFile.readlines(recipients_file).map { |l|\n r = l.strip\n if r =~ /^puppet@/\n r if @configs['master_gpg_key'] == r\n else\n r\n end\n}.compact.join("\\n")\n%>\n Similar to hiera-eyaml-gpg.recipients, Puppetfile is managed as a filter. We keep a full Puppetfile at the top of the repository, with all the modules we use on all Puppet Infrastructures, and the default versions we want. Then each Control Repository can pick which module to include and optionally override versions.
The Puppetfile.erb template uses Augeas to cleanly filter and rewrite the target Puppetfile:
###############################################\n# This file is managed in puppetmaster-common #\n# Do not edit locally #\n###############################################\n\n<%= require 'augeas'\nbasedir = File.expand_path('..', File.dirname(__FILE__))\nbase_pf = File.expand_path(File.join(basedir, 'Puppetfile'))\nbase_pf_content = File.read(base_pf)\nlens_dir = File.expand_path(File.join(basedir, 'lenses'))\n\ndef mod_regexp(name)\n "*[label()!='#comment' and .=~regexp('([^/-]+[/-])?#{name}')]"\nend\n\nAugeas.open(nil, lens_dir, Augeas::NO_MODL_AUTOLOAD) do |aug|\n aug.set('/input', base_pf_content)\n unless aug.text_store('Puppetfile.lns', '/input', '/parsed')\n msg = aug.get('/augeas//error')\n fail "Failed to parse common Puppetfile: #{msg}"\n end\n aug.set('/augeas/context', '/parsed')\n all_modules = aug.match('*[label()!="#comment"]').map { |m| aug.get(m).split(%r{[/-]}).last }\n\n whitelist = @configs['modules'].keys if @configs['modules']\n not_in_all = whitelist - all_modules if whitelist\n fail "Module(s) #{not_in_all.join(', ')} not found in common Puppetfile" if not_in_all and !not_in_all.empty?\n\n # Remove unnecessary modules\n (all_modules - whitelist).each do |m|\n aug.rm(mod_regexp(m))\n end if whitelist\n\n # Amend\n modified = @configs['modules'].reject { |m, v| v.nil? } if @configs['modules']\n modified.each do |m, c|\n aug.set(mod_regexp(m), "#{c['user']}/#{m}") if c['user']\n if c['version']\n aug.rm("#{mod_regexp(m)}/git")\n aug.rm("#{mod_regexp(m)}/ref")\n aug.set("#{mod_regexp(m)}/@version", c['version'])\n else\n aug.rm("#{mod_regexp(m)}/@version")\n aug.set("#{mod_regexp(m)}/git", c['git']) if c['git']\n aug.set("#{mod_regexp(m)}/ref", c['ref']) if c['ref']\n end\n end if modified\n\n aug.text_retrieve('Puppetfile.lns', '/input', '/parsed', '/output')\n unless aug.match('/augeas/text/parsed/error').empty?\n fail "Failed to generate Puppetfile: #{aug.get('/augeas/text/parsed/error')}\n #{aug.get('/augeas/text/parsed/error/message')}"\n end\n aug.get('/output')\nend -%>\n This file defines the CI/CD pipelines for our Control Repositories, extending our generic Puppet pipelines rules. It takes variables to control catalog-diff.
\nThe cross-site hieradata level contains common system accounts with their UID, shell & SSH key. We then use our accounts module to deploy these accounts.
\nEach Control Repository features a .sync.yml file to provide overrides for variables. Here's an example:
---\nRakefile:\n master_gpg_key: 'puppet@client1'\n.gitlab-ci.yml:\n puppetdb_urls: 'https://puppetdb.client1.ch'\n puppet_server: 'puppet.client1.ch'\n puppetdiff_url: 'https://puppetdiff.client1.ch'\nPuppetfile:\n modules:\n # include accounts module, with default version\n accounts:\n # include letsencrypt module, override version\n letsencrypt:\n git: 'https://github.com/saimonn/puppet-letsencrypt'\n ref: 'default_cert_name'\n Since managed_modules.yml contains secret tokens for the various GitLabs, we don't want to commit it to the Git repository. Instead, the content of this file is stored in gopass and retrieved dynamically with summon.
In order to use summon, we have a local secrets.yml pointing to the location of the managed_modules.yml file in gopass:
---\nMSYNC_MANAGED_MODULES: !var:file puppet/msync/managed_modules\n and use a msync_update wrapper to launch modulesync:
#!/bin/bash\n\nbundle exec msync update --managed_modules_conf=$MSYNC_MANAGED_MODULES "$@"\n This then allows to test the changes with:
\n$ summon ./msync_update -m "Update module foo" --noop\n and then deploy on a single site (or all without the filter):
\n$ summon ./msync_update -m "Update module foo" -f c2c --pr\n Do you have specific Puppet needs? Contact us, we can help you!
"},{"url":"/posts/20200723-decomissioning-with-puppet-report-purge-unmanaged-resources-1jgk/","relativePath":"posts/20200723-decomissioning-with-puppet-report-purge-unmanaged-resources-1jgk.md","relativeDir":"posts","base":"20200723-decomissioning-with-puppet-report-purge-unmanaged-resources-1jgk.md","name":"20200723-decomissioning-with-puppet-report-purge-unmanaged-resources-1jgk","frontmatter":{"title":"Decomissioning with Puppet: report & purge unmanaged resources","template":"post","date":"2020-07-23T14:42:09Z","excerpt":"Puppet can let you purge resources you do not manage explicitely","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fwww.camptocamp.com%2Fwp-content%2Fuploads%2Fxformations_puppet1-720x400.png.pagespeed.ic.UU2oY1Zlj8.webp","canonical_url":"https://dev.to/camptocamp-ops/decomissioning-with-puppet-report-purge-unmanaged-resources-1jgk","devto_url":"https://dev.to/camptocamp-ops/decomissioning-with-puppet-report-purge-unmanaged-resources-1jgk"},"html":"Puppet lets you manage resources explicitely. But did you know you can also dynamically purge unmanaged resources using Puppet?
\nA user in your organization just left, and you need to remove their account from all nodes. If you were managing their account with Puppet —whether with a user resource type or using an accounts module—, you need to make sure this user is absent:
user { 'jdoe':\n ensure => absent,\n}\n Great. Job done. Now, how long should this resource be kept in your code? One hour? One week? One year? What if an old node that was turned off wakes up months from now with this account activated?
\nTo be honest, if a node turned off for months suddenly wakes up, you'll probably have more issues than just old users if your Puppet code base is quite active…\nHowever, purging all unknown users would be a much easier approach than managing them explicitely!
\nAs explained in a previous post about managing files in Puppet, Puppet has the ability of purging unmanaged resources. I'll let you see the post for more explanations on how this works:
\nhttps://dev.to/camptocamp-ops/how-to-manage-files-with-puppet-55e4#whole-dynamic-purge
\nWhat if instead of purging, I'd just like Puppet to report the unmanaged resources but not do anything about them?
\nLuckily for us, noop works fine with the purge type, so you can use something like:
purge { 'user':\n noop => true,\n unless => [\n ['uid', '<', '1000'],\n ['name', '==', 'nobody'],\n ],\n}\n This code will mark all users with a UID above 999 (except the nobody user) to be purged, but it won't do it. As a result, you'll get noop resources in your reports, for example in Puppetboard:
![\"Noop](\"https://dev-to-uploads.s3.amazonaws.com/i/3xu0q5i3e98bv27ih117.png\")
And then in the report, you'll see the unmanaged users:
\n![\"Report](\"https://dev-to-uploads.s3.amazonaws.com/i/ckpsim9bx6igwp09it4l.png\")
If you see users that should be purged, you can add again a user resource in your Puppet code to ensure their absence:
user { 'iperf':\n ensure => absent,\n}\n Another option is to make it a bit more dynamic. I've added an option in my accounts base class to use a dynamic fact to purge users on demand:
class osbase::accounts (\n Boolean $purge_users = str2bool($facts['purge_users']),\n) {\n purge { 'user':\n noop => !$purge_users,\n unless => [\n ['uid', '<', '1000'],\n ['name', '==', 'nobody'],\n ],\n }\n}\n The purge_users fact doesn't exist by default, so I can define it on the go when I need to purge users.\nNow I can run puppet apply on a node and force purging the users with:
$ FACTER_purge_users=y puppet agent -t\n And all unmanaged users will be removed from the node!
\nDo you have specific Puppet needs? Contact us, we can help you!
"},{"url":"/posts/20200728-simple-secret-sharing-with-gopass-and-summon-40jk/","relativePath":"posts/20200728-simple-secret-sharing-with-gopass-and-summon-40jk.md","relativeDir":"posts","base":"20200728-simple-secret-sharing-with-gopass-and-summon-40jk.md","name":"20200728-simple-secret-sharing-with-gopass-and-summon-40jk","frontmatter":{"title":"Simple secret sharing with gopass and summon","template":"post","date":"2020-07-28T16:34:57Z","excerpt":"Storing and sharing secrets doesn't have to be complex","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fgl8147l5s2ky6po9tdfi.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fgl8147l5s2ky6po9tdfi.png","canonical_url":"https://dev.to/camptocamp-ops/simple-secret-sharing-with-gopass-and-summon-40jk","devto_url":"https://dev.to/camptocamp-ops/simple-secret-sharing-with-gopass-and-summon-40jk"},"html":"Secrets are a fundamental, yet complex issue in software deployment.
\nSolutions such as KeepassX are simple to use, but quite impractical when it comes to automation.
\nMore complex options like Hashicorp Vault are extremely powerful, but harder to set up and maintain.
\nWhen it comes to storing securely and sharing passwords in a team, it is hard to come up with a more simple and efficient solution than Git and GnuPG combined.
\nPass is a shell script that does just that. Inside a Git repository, Pass stores passwords in individual files encrypted for all private GnuPG keys in the team. It features a CLI to manipulate passwords, add new entries, or search through existing passwords.
\nHowever, Pass is quite limited in its features, so another project was born a few years later, to provide a new Go implementation of the Pass standard. Its name: simply Gopass.
\n![\"Gopass](\"https://dev-to-uploads.s3.amazonaws.com/i/1cs4zelpc542tzc2ligm.png\")
Gopass is provided as binaries you can download from the releases page on GitHub.
\nHere are some of the features that make Gopass a great tool.
\nWhile pass allows you to have a single Git repository with your passwords, Gopass lets you create multiple repositories called \"mounts\", which is very useful when you want to share different secrets with different people:
$ gopass mounts\ngopass (/home/raphink/.password-store)\n├── c2c (/home/raphink/.password-store-c2c)\n├── perso (/home/raphink/.password-store-perso)\n└── terraform (/home/raphink/.password-store-terraform)\n Gopass uses a prefix to access secrets in mounts, so terraform/puppet/c2c actually refers to the secret stored in /home/raphink/.password-store-terraform/puppet/c2c.gpg.
Each Git repository can be set to encrypt passwords for multiple GnuPG keys.
\nThe .gpg-id file at the root of each repository contains the list of public keys to use for encryption, and the .public-keys/ directory keeps a copy of each key, making it easy for collaborators to import them into their keyring before they can start encrypting passwords for the team.
Gopass helps you find entries when the key you gave it doesn't match an exact known path:
\n$ gopass jenkins\n[ 0] c2c/c2c_aws/jenkins-c2c\n[ 1] c2c/c2c_mgmtsrv/freeipa/c2c-jenkins-swarm\n[ 2] c2c/c2c_mgmtsrv/freeipa/jenkins-test-users\n[ 3] perso/Devel/jenkins-ci.org\n[ 4] terraform/aws/jenkins-c2c\n\nFound secrets - Please select an entry [0]: \n When decrypting a password, Gopass parses the content into two different parts: a password and a YAML document. For example, the content of a secret could look like this:
\nfoo\n---\nkey1: value1\nanother_key:\n bar: baz\n The first line of the content is the password. If this is all you're interested in, you can use gopass show --password to retrieve it:
$ gopass show --password perso/test\nfoo\n When the second part of the content (lines 2 and following) is a valid YAML document, you can query these values by providing a key, for example:
\n$ gopass show perso/test key1\nvalue1\n Starting with Gopass 1.9.3, you can also query subkeys using either a dot or slash notation:
\n$ gopass show perso/test another_key.bar\nbaz\n$ gopass show perso/test /another_key/bar\nbaz\n This makes it extremely powerful to store several fields in the same secret.
\nGopass allows to store TOTP keys alongside passwords. For example, you can have the following secret, stored at terraform/service.io/api:
WPTmU`>b<Y31\n---\npassword: 'WPTmU`>b<Y31'\ntotp: 'PIJ6AIHETAHSHOO7SHEI1AEK6IH1SOOCHATUOSH8XUAN0OOTH9XAHRUXO4AHJAEVI'\nurl: https://myservice.io\nusername: jdoe\n In addition to retrieving each field with the corresponding key, you can also generate TOTP tokens with gopass totp:
$ gopass totp terraform/service.io/api\n568000 lasts 18s \t|------------==================|\n Gopass can be easily integrated into projects for deployments or CI/CD tasks.
\nThe easiest way to integrate Gopass is probably to use Summon.
\n![\"Summon](\"https://dev-to-uploads.s3.amazonaws.com/i/gy0cw2iqwdb85lobl5jl.png\")
Summon is a tool which dynamically exposes environment variables with values retrieved from various secret stores. gopass is one of its possible providers.
Setting it up to use gopass is rather straightforward. We use a simple wrapper called summon-gopass, which needs to be in your PATH:
#!/bin/sh\ngopass show $(echo "${@}"|tr : \\ )\n You can also simply make summon-gopass a symbolic link to your gopass binary, but subkeys won't work in this case.
Summon lets you provide a local secrets.yml file which defines which environment variables you wish to define, and how to find the values.
Here's a simple example of a secrets.yml file using the secret we defined earlier:
SERVICE_URL: !var terraform/service.io/api url\nUSER: !var terraform/service.io/api username\nSERVICE_PASSWORD: !var terraform/service.io/api password\n You can test this setup by running the following command in the directory containing secrets.yml:
$ summon env\n The output should contain the 3 variables with the values stored in Gopass.
\nWhile the format above allows you to expose simple secrets as variables, it is not very practical when you need secrets exposed as files.
\nSummon covers this need however, using the file flag. For example:
SSH_KEY: !var:file terraform/service.io/ssh private_key\n If terraform/service.io/ssh is a secret in Gopass whose private_key YAML field contains an SSH private key, then Summon will extract this secret, place it into a temporary file (in /dev/shm by default) and set the SSH_KEY variable with the path to the file. After the command returns, the temporary file will be delete.
You could then use such a secrets.yml file with:
summon sh -c 'ssh -i $SSH_KEY user@service'\n Another useful example is to store a Kubernetes cluster configuration in Gopass, e.g.:
\n---\napiVersion: v1\nclusters:\n - cluster:\n server: https://k8s.example.com\n name: k8s\ncontexts:\n - context:\n cluster: k8s\n namespace: default\n user: default-cluster-admin\n name: default-admin\ncurrent-context: default-admin\nkind: Config\npreferences: {}\nusers:\n - name: default-cluster-admin\n user:\n token: averylongtoken\n With the following secrets.yml file:
KUBECONFIG: !var:file path/to/secret\n You can then work on the Kubernetes cluster with kubectl using:
$ summon kubectl <some command>\n A simple way to pass variables to Terraform is to declare them and use summon to pass the values:
TF_VAR_var1: !var terraform/project1/secret1 field1\n You can then run summon terraform to dynamically pass these secrets to Terraform.
Another possibility is to use Camptocamp's Terraform Pass Provider which lets you retrieve and set passwords in Gopass natively in Terraform:
\nprovider "pass" {\n store_dir = "/srv/password-store" # defaults to $PASSWORD_STORE_DIR\n refresh_store = false # do not call `git pull`\n}\n\n# Store a value into the Gopass store\nresource "pass_password" "test" {\n path = "secret/foo"\n password = "0123456789"\n data = {\n zip = "zap"\n }\n}\n\n# Retrieve password at another_secret/bar to be used in Terraform code\ndata "pass_password" "test" {\n path = "another_secret/bar"\n}\n The provider exposes the secret with the following properties:
\npath: path to the secretpassword: secret password (first line of the content)data: a structure (map) of the YAML data in the contentbody: the content found on lines 2 and following, if it could not be parsed as YAML full: the full content (all lines) of the secretThe most standard way to store secrets in Hiera is to use hiera-eyaml, which stores secret values encrypted inside YAML files, using either a PKCS7 key (default) or multiple GnuPG keys (when using hiera-eyaml-gpg).
If your passwords are already stored in Gopass, you might want to integrate that into Hiera instead.
\nThe camptocamp/hiera-pass module provides two Hiera backends to retrieve keys either as full Gopass secrets, or as keys inside the secrets.
AWS EKS is a great option for a hosted Kubernetes cluster.
\nIt is in particular easy to use for demos and training sessions.
\nHowever, EKS authentication is based off AWS IAM, which means users need an AWS account. Authenticating to EKS typically involves calling the aws eks get-token command in your .kube/config so as to retrieve an authentication token.
As we were setting up EKS for Kubernetes training, we needed a simple way for users without an AWS account to access the cluster, so we created a basic proxy service for the EKS get-token action.
GitHub — camptocamp/aws-iam-authenticator-proxy
\nThe proxy can be deployed using Docker, with AWS credentials, e.g.:
\ndocker run --rm -p 8080:8080 \\\n -e AWS_ACCESS_KEY_ID=<AWS_ACCESS_KEY_ID> \\\n -e AWS_SECRET_ACCESS_KEY=<AWS_SECRET_ACCESS_KEY> \\\n -e EKS_CLUSTER_ID=<EKS_CLUSTER_ID> \\\n -e PSK="mysecretstring" \\\n camptocamp/aws-iam-authenticator-proxy:latest\n The rights on the cluster will depend on the user you chose to create the access key.
\nThe PSK is optional, and allows to secure the proxy a little bit.
\nOnce the proxy is started, you can access it at http://localhost:8080?psk=mysecretstring, so you can simply set your ~/.kube/config to use curl instead of aws:
users:\n- name: <cluster_name>\n user:\n exec:\n apiVersion: client.authentication.k8s.io/v1alpha1\n command: curl\n args:\n - -s\n - "http://<your_ip>:8080/?psk=mysecretstring"\n Since you've got an EKS cluster in the first place, you might as well deploy the proxy in it.
\nThe repository provides a Helm chart for that, in the k8s directory of the GitHub project.
You can simply instantiate the chart with the following values:
\neks_cluster_id: "<EKS_CLUSTER_ID>"\npsk: "mysecretstring"\naws:\n access_key_id: "<AWS_ACCESS_KEY_ID>"\n secret_access_key: "<AWS_SECRET_ACCESS_KEY>"\n The AWS credentials will be stored in a Kubernetes secret and passed to the container.
\nHowever, since we're in AWS, we can also use IAM roles for service accounts and bypass the access keys altogether. This is a much cleaner approach.
\nHere's how to do it, using Terraform to create the role and deploy the proxy.
\nFirst, create a role linked to OIDC:
\nmodule "iam_assumable_role_aws_iam_authenticator_proxy" {\n source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"\n version = "3.3.0"\n create_role = true\n number_of_role_policy_arns = 0\n role_name = "aws-iam-authenticator-proxy"\n provider_url = replace(module.cluster.cluster_oidc_issuer_url, "https://", "")\n oidc_fully_qualified_subjects = ["system:serviceaccount:yournamespace:aws-iam-authenticator-proxy"]\n}\n replacing yournamespace with the Kubernetes namespace where you will be deploying the proxy.
Now we can configure the cluster to use map that role to the Kubernetes role we want (e.g. system::masters to make it cluster admin).
We'll create a random PSK and generate the Kubeconfig file to use curl with the proxy:
data "aws_vpc" "this" {\n id = var.vpc_id\n}\n\ndata "aws_subnet_ids" "private" {\n vpc_id = data.aws_vpc.this.id\n\n tags = {\n "kubernetes.io/role/internal-elb" = "1"\n }\n}\n\nmodule "cluster" {\n source = "terraform-aws-modules/eks/aws"\n version = "13.1.0"\n\n cluster_name = var.cluster_name\n cluster_version = "1.18"\n\n subnets = data.aws_subnet_ids.private.ids\n vpc_id = var.vpc_id\n enable_irsa = true\n map_roles = [\n {\n rolearn = module.iam_assumable_role_aws_iam_authenticator_proxy.this_iam_role_arn,\n username = module.iam_assumable_role_aws_iam_authenticator_proxy.this_iam_role_name,\n groups = ["system:masters"]\n },\n ]\n\n worker_groups = [\n {\n instance_type = "m5a.large"\n asg_desired_capacity = 2\n asg_max_size = 3\n }\n ]\n\n kubeconfig_aws_authenticator_command = "curl"\n kubeconfig_aws_authenticator_command_args\t= [\n "-s",\n "https://${var.auth_url}/?psk=${random_password.auth_proxy_psk.result}",\n ]\n}\n\nresource "random_password" "auth_proxy_psk" {\n length = 16\n special = false\n}\n Finally, we can deploy the proxy in Kubernetes using Helm:
\nresource "helm_release" "aws-iam-authenticator-proxy" {\n name = "aws-iam-authenticator-proxy"\n chart = "https://github.com/camptocamp/aws-iam-authenticator-proxy/tree/master/k8s"\n namespace = "aws-iam-authenticator-proxy"\n dependency_update = true\n create_namespace = tr\n\n values = [\n << EOT\neks_cluster_id: "${var.cluster_name}"\npsk: "${random_password.auth_proxy_psk.result}"\nserviceAccount:\n name: "aws-iam-authenticator-proxy"\n annotations:\n eks.amazonaws.com/role-arn: ${module.iam_assumable_role_aws_iam_authenticator_proxy.this_iam_role_arn}\nEOT\n ]\n\n depends_on = [\n module.cluster,\n ]\n}\n You can add an Ingress or configure the Service to use an L4 LoadBalancer by tuning the Helm values.
When it comes to infrastructure and deployment automation, two opposite approaches share the podium: mutable vs immutable management.
\nMutable systems usually have a long life cycle, typically in the order\nof weeks to years. As their requirements change (new files,\nconfigurations, users, packages, etc.), the systems are modified to\nmatch a new target state. When left unmanaged, mutable systems tend to\ndrift away from their target state, in a divergent dynamic.
\n![\"Convergence](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/11trbxkb1ev9goye0q2k.png\")
Automating mutable systems is often referred to as Configuration Management, and leverages tools such as Cfengine, Puppet, Chef, or Ansible. This tooling uses principles based on the concepts of target state, idempotence, and somewhat related to Mark Burgess’ Promise Theory. Configuration Management aims to make the system convergent, by running a tool on a regular basis, in order to resynchronize the system with its target state. Some of these tools (e.g. mgmt) also attempt to reach congruence by adopting a reactive approach, triggering corrective actions on events.
\nIn an immutable system, any change requires a new deployment. Whether it be a change in configuration, new files, or new users, immutability demands that the system be destroyed and rebuilt from scratch.
\n![\"Trash](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hl5ewtyqpo5offh4p9jh.png\")
An immutable approach can greatly simplify deployments. Avoiding convergence, immutable systems rely on artifacts that are built once, and can be deployed multiple times. These artifacts can increase trust in the ability to rebuild the system from scratch if necessary. It can also ease scalability, since the artifact can be precisely duplicated.
\nHowever, immutability comes with a high cost: in order to be done properly, it must be strict. Any change to the state involves a complete replacement of the artifact. A lack of abiding to that rule results in a convergent system (at best), which cannot be managed in an immutable manner.
\nIf immutable systems are easier to maintain, what are the reasons for not using them? The system’s complexity is probably the main justification. A traditional mutable system features multiple layers (Operating System, Middleware, Applications) that are usually strongly coupled. For example, the flavor and version of the Operating System define which version of a Middleware (e.g. Tomcat, Apache) is available for installation. In turn, the Middleware version defines which libraries are available for the Application. On most Unix-based systems, shared libraries are at the root of strong links between software versions, based on the underlying ABIs required to run them.
\nIf such strongly coupled systems are to be managed in an immutable manner, then the whole system is the immutable artifact. In the majority of organizations, this implies managing tens to thousands of artifacts, and rebuilding them from scratch on a regular basis. Such complexity is too much of a cost.
\nEnters decoupling technologies: Over the years, new technologies have surfaced, which allow to decouple system components and ease their management in an immutable manner.
\nWith the rise of virtualization in the early years of the 21st century, it became easier to decouple the hardware from the Operating System. You could now size virtual machines as precisely as desired, in terms of CPU, memory, or disk, without adding or replacing any physical device.
\nThis unlocked access to a first level of automated immutability, using Virtual Machine images as the immutable artifact. Image generators (such as Hashicorp Packer) appeared, easing the generation of VM images.
\nProvided the whole target state —including the OS, middleware and application itself— is built into the VM image, an immutable workflow can be used to manage it. In this case, whenever a change is required, the whole image needs to be rebuilt and redeployed to new VMs.
\n![\"Golden](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/0gu5n8xhs57jvxnkn3ay.jpg\")
\n For a time, this deployment could not be easily automated, as physical nodes still needed to be manually picked before deploying the VM images. Infrastructure as a Service (IaaS), often referred to as “Cloud”, changed that.
\nIaaS provided APIs on top of virtualization, and the IaaS system (e.g. AWS EC2, OpenStack) would often pick the physical hypervisor node itself, making it possible to fully automate the deployment of new artifacts (such as VM images).
\nOne important problem remained to achieve immutable infrastructure in most situations: the complexity of the artifact itself.
\nWhen setting up applications on existing systems, several issues often arise, among which are: packaging, configuration, and dependencies.
\nFor years, developers and systems engineers tried to solve the problem of application packaging and deployment using all kinds of package managers, from deb/rpm to homemade systems. This often failed, because these packages didn’t allow for multiple instantiation of the application, were not easy to configure, and were too tightly coupled to the rest of the system.
\nDocker containers provided a unified way of packaging applications, in the form of OCI images, a rather unified way of configuring them (using environment variables or mounted files, in the 12 factor app fashion).
\nBut mainly, containers provided an abstraction level, a decoupling from the system. With containers, it doesn’t matter anymore which OS is running the container engine. Developers can now choose to run any version of Tomcat or Apache, on any node with a container engine. As a corollary, they can also run any combination of Middleware and Applications, regardless of the libraries provided on the underlying system.
\nFurthermore, containers were made to be managed in an immutable manner, using OCI images as immutable artifacts. Every time a container needs to be modified, it requires the creation of a new container from a new image.
\nThe benefits are huge. With this decoupling of the Operating System from the Middleware and Applications, the monolithic immutable artifact that was previously managed as a VM image can now be broken down into many pieces: the application is now an immutable artifact, and so are the middleware components as well.
\nEven better: since all the components running on the machines are now immutable, the machines themselves have now become totally neutral; all they require is a container engine in order to run containers.
\nOne thing can still make a node a snowflake: manually deployed containers, using tools such as Docker or Docker-compose.
\nWhat IaaS did for VMs, Container orchestrators now do for containers: they provide an API to orchestrate the dynamic deployment of containers on a cluster of nodes.
\n![\"Container](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/c4m11g0j9tcebfi9zlic.png\")
\n The nodes are thus totally neutral now. As a result, their templates are greatly simplified, and they can now easily be managed in an immutable way. This new paradigm opened the way to new Operating Systems specialized for container orchestration, such as CoreOS or RancherOS, whose life cycles are meant to be managed with an immutable workflow.
\nNow that we have a full Immutable System, does it solve the problem of convergence?
\nImmutable artifacts in themselves are not supposed to evolve, but their target state does evolve. In this regard, the situation with containers is similar to that of Golden Images for Virtual Machines: though the artifact is immutable, it can easily be used as a template leading to an unmaintained, divergent system.
\nThere is thus still a need for convergence tools in the container world. However, this is not because the objects themselves drift from their target state. Rather, the target state evolves while the objects —supposedly— are stuck in their original state.
\n![\"Convergence](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/kyd2lcx01jxcgq1qiq6w.png\")
Where Configuration Management tools ensure a convergence of states for mutable systems such as VMs, packaging tools such as Helm and Helmfile can be used to periodically re-synchronize containers and other immutable objects with their target state.
\nFinally, congruence is also achievable, with tools such as Argo CD. Argo CD not only deploys immutable objects to a Kubernetes cluster, but also keeps them synchronized with their last known target state, ensuring a continuous management.
\nContainers and Container Orchestrators enable fully immutable workflows for infrastructure, middleware and applications alike:
\nAre immutable systems always the best answer? As we’ve seen, the cost in artifact management and orchestration is far from negligible. Due to the transient nature that comes with their immutability, containers are better suited for stateless applications that easily scale on clusters of neutral nodes. For this reason, highly stateful applications with long life cycles, such as databases, are still better maintained as mutable systems most of the time.
\nChoosing an immutable vs mutable architecture depends a lot on an organization’s software architecture and culture, and is not a light choice to make. Is immutable infrastructure the solution to your automation problems? Contact us, we can help you find out!
"},{"url":"/posts/20210401-march-cloud-native-romandie-meetup-o2f/","relativePath":"posts/20210401-march-cloud-native-romandie-meetup-o2f.md","relativeDir":"posts","base":"20210401-march-cloud-native-romandie-meetup-o2f.md","name":"20210401-march-cloud-native-romandie-meetup-o2f","frontmatter":{"title":"March Cloud Native Romandie Meetup","template":"post","date":"2021-04-01T13:44:49Z","excerpt":"The last Cloud Native Romandie Meetup took place on March 25th","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcf6t3h6z8shvv26x7tqr.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcf6t3h6z8shvv26x7tqr.png","canonical_url":"https://dev.to/camptocamp-ops/march-cloud-native-romandie-meetup-o2f","devto_url":"https://dev.to/camptocamp-ops/march-cloud-native-romandie-meetup-o2f"},"html":"Last week, we organized our last Cloud Native Romandie Meetup. Due to the current situation, this was an online event like the previous occurrences.
\nThe meetup was recorded and can be viewed again on YouTube.
\n\nFor this edition, we had presentations by CloudBees, Exoscale, and Camptocamp.
\nFrédéric Gibelin from CloudBees presented CloudBees CI, a solution that helps users scale their Jenkins Enterprise platform in the Cloud.
\n\nNext Pierre-Yves Ritschard and Mathieu Corbin from Exoscale presented SKS, a Kubernetes as-a-Service, operating the user’s cluster on their behalf and taking care of the underlying infrastructure.
\n\nTo finish, Raphaël Pinson presented Camptocamp's DevOps Stack project, a framework to deploy a standardized Kubernetes platform and its ecosystem, using a GitOps approach.
\n\nDon’t miss any more and join the Cloud Native Romandie meetup group. This way, you can be part of a local community and stay up-to-date on different Cloud Native technologies.
\nWe look forward to meeting and exchanging with you during our next virtual meetup scheduled for Thursday, June 17th.
\nAlso, if you are keen to present a technology or you would like to see more of a technology, please let us know, we would be happy to support your interest. If it interests you, it also interests the community.
"},{"url":"/posts/20201006-colored-wrappers-for-kubectl-2pj1/","relativePath":"posts/20201006-colored-wrappers-for-kubectl-2pj1.md","relativeDir":"posts","base":"20201006-colored-wrappers-for-kubectl-2pj1.md","name":"20201006-colored-wrappers-for-kubectl-2pj1","frontmatter":{"title":"Colored wrappers for kubectl","template":"post","date":"2020-10-06T19:50:58Z","excerpt":"Kubectl commands, but in color","canonical_url":"https://dev.to/raphink/colored-wrappers-for-kubectl-2pj1","devto_url":"https://dev.to/raphink/colored-wrappers-for-kubectl-2pj1"},"html":"When using Kubernetes, kubectl is the command we use the most to visualize and debug objects.
However, it currently does not support colored output, though there is a feature request opened for this.
\nLet's see how we can add color support. I'll be using zsh with oh my zsh.
\nEdit: this feature was merged in oh my zsh, so it is now standard.
\nLet's make this extension into a zsh plugin called kubectl_color:
❯ mkdir -p ~/.oh-my-zsh/custom/plugins/kubectl_color\n❯ touch ~/.oh-my-zsh/custom/plugins/kubectl_color/kubectl_color.plugin.zsh\n Now we need to fill in this plugin.
\nLet's start with JSON, by adding an alias that colorizes JSON output using the infamous jq:
kj() {\n kubectl "$@" -o json | jq\n}\n\ncompdef kj=kubectl\n The compdef line ensures the kj function gets autocompleted just like kubectl.
Edit: I've added another wrapper for fx, which provides a dynamic way to parse JSON:
kjx() {\n kubectl "$@" -o json | fx\n}\n\ncompdef kjx=kubectl\n Just like for JSON, we can use yh to colorize YAML output:
ky() {\n kubectl "$@" -o yaml | yh\n}\n\ncompdef ky=kubectl\n Our plugin is now ready, we only need to activate it in ~/.zshrc by adding it to the list of plugins, e.g.:
plugins=(git ruby kubectl kubectl_color)\n and with fx:
Twenty years ago, Camptocamp was a pioneer company in Open Source adoption. Nowadays, Open Source has become mainstream and the vast majority of the industry agrees on the many benefits of its practices. In fact, the Open Source model has become a de facto standard in some fields such as Web Frontend development.
\nMany companies make an increasing use of Open Source software in their infrastructure and development stacks, and there are countless proven reasons for doing so, such as standard formats or security by openness, to name just a couple.
\nIn spite of these benefits, companies openly contributing —let alone Open Sourcing their own projects— are still somehow not very common, and most firms think of Open Source purely as a consumer’s benefit.
\n![\"Open](\"https://dev-to-uploads.s3.amazonaws.com/i/dqdagbzcqm5kgkbcx4qz.png\")
For years, I used to think the best argument in favor of contributing to existing projects was maintenance and compatibility. If I fork a project and add functionality to it, there is a risk that my changes will become increasingly hard to maintain as time goes by. If the core developers of the program are aware of my changes and actively intend to go along with them, this risk will be greatly reduced.
\nSo contributing my changes ensures they will stay compatible with the base code as time goes by. There might even be improvements to my code if more people encounter a similar need in the future, and decide to build on top of my changes.
\nToday, however, I believe the example I have just given is a specific case of a more general rule, which encompasses more pragmatic reasons to contribute code as Open Source. This more general context is linked to the concept of Technical Debt: the idea that technical decisions imply a hidden cost (a “debt”) that will have to be paid in the future in order to catch up with state-of-the-art technology.
\nMinimizing technical debt is a vast —and at times conflicting— subject. However, I think it is safe to assume that one way to reduce its risk is to stick to standards. The closer a project sticks to industry standards, the less likely it will have to be ported to another technological stack in the foreseeable future.
\nWhen faced with a missing feature, most people’s reflex might be to start building a specific component to meet their use case. In the words of Strategy Theorist Simon Wardley, they’ll be shifting this component to the Genesis stage, making it more unpredictable —or even erratic—, less standard, and thus more prone to building up technical debt in time.
\nThere is another way though. If my need is not met, and it is in fact a valid need (which is a very important question to ask in the first place), then other people might have this need in the future. When they do, someone, somewhere, will create a new standard for this need. When this new standard becomes enforced, then will my specific component’s debt become obvious.
\nSo what if, instead of building a specific component to make up for the lack of standard, I set the new standard myself? Open Source lets you do just that! It gives you the opportunity to be the first one providing an open implementation to a generic need, and the chance to make it into the new standard. If that new standard catches on, you have not only solved your problem, but you also haven’t accumulated technical debt. In fact, you’re ahead of the other users, because you set the new standard.
\nObviously, the majority of organizations can't afford to have engineers focusing on IETF RFCs or moving ISO standards to fit our needs.
\nHowever, a standard doesn't have to be that complicated. Let’s say I use this popular CLI tool, but I need to specify an option which doesn’t exist yet. I could hack something around the generation of its configuration file to produce the options I need. Or I could patch that tool and add a new flag for my needs, and contribute that change back to the project. Chances are, if I need this option, some else does too.
\nNow, every time someone has the need for that option, they’ll be using my new flag. I’ve contributed a new standard, and I haven’t made any technical debt on my side.
\nIt’s not the size of the steps that matters, it’s really the direction in which you take them.
\n![\"Start](\"https://dev-to-uploads.s3.amazonaws.com/i/8z3stx204q4gut3w4coq.png\")
Open Source is not just a philosophy. It encompasses licensing issues, technology standards, culture, and much more.
\nAt Camptocamp, we’ve been committed to the Open Source approach for years.
\nThis means we have a habit of solving problems in generic terms and building new standards.
\nIt also means we have contacts in many Open Source communities, which allow us to brainstorm ideas and quickly contribute to projects, ensuring a fast feedback loop on our work.
\nWhen we implement Open Source software for our clients, we actively seek to limit technological debt. Because we believe in a world of standards, we don’t want our clients to feel entirely stuck with a technological stack in the future. Or even with us!
"},{"url":"/posts/20210511-how-to-allow-dynamic-terraform-provider-configuration-20ik/","relativePath":"posts/20210511-how-to-allow-dynamic-terraform-provider-configuration-20ik.md","relativeDir":"posts","base":"20210511-how-to-allow-dynamic-terraform-provider-configuration-20ik.md","name":"20210511-how-to-allow-dynamic-terraform-provider-configuration-20ik","frontmatter":{"title":"How to allow dynamic Terraform Provider Configuration","template":"post","date":"2021-05-11T11:47:57Z","excerpt":"Terraform providers can be dynamically configured using other resource attributes if their code allows for it","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbjkdnrg8gmbjiazvn8l8.jpg","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbjkdnrg8gmbjiazvn8l8.jpg","canonical_url":"https://dev.to/camptocamp-ops/how-to-allow-dynamic-terraform-provider-configuration-20ik","devto_url":"https://dev.to/camptocamp-ops/how-to-allow-dynamic-terraform-provider-configuration-20ik"},"html":"Terraform relies heavily on the concept of providers, a base brick which consists of Go plugins enabling the communication with an API.
\nEach provider gives access to one or more resource types, and these resources then manage objects on the target API.
\nMost of the time, a provider's configuration is static, e.g.
\nprovider "aws" {\n region = "us-east-1"\n}\n However, in some cases, it is useful to configure a provider dynamically, using the attribute values from other resources as input for the provider's configuration.
\nI'll use the example of the Argo CD provider. In a single Terraform run, we would like to:
\nOur code will look like this:
\n# Install Kubernetes & Argo CD using a local module\n# (from https://devops-stack.io)\nmodule "cluster" {\n source = "git::https://github.com/camptocamp/devops-stack.git//modules/k3s/docker?ref=master"\n\n cluster_name = "default"\n node_count = 1\n}\n\n# /!\\ Setup the Argo CD provider dynamically\n# based on the cluster module's output\nprovider "argocd" {\n server_addr = module.cluster.argocd_server\n auth_token = module.cluster.argocd_auth_token\n insecure = true\n grpc_web = true\n}\n\n# Deploy an Argo CD resource using the provider\nresource "argocd_project" "demo_app" {\n metadata {\n name = "demo-app"\n namespace = "argocd"\n }\n\n spec {\n description = "Demo application project"\n source_repos = ["*"]\n\n destination {\n server = "https://kubernetes.default.svc"\n namespace = "default"\n }\n\n orphaned_resources {\n warn = true\n }\n }\n\n depends_on = [ module.cluster ]\n}\n This requires to configure Argo CD dynamically, using the output of the Kubernetes cluster's resources.
\nProviders are initialized early in a Terraform run, as their initialization is required to compute the graph which defines in which order the resources are applied.
\nThis means it is actually not possible to make a provider initialize after a secondary resource is created.
\nOfficially, the story stops here, and Terraform has a bug report to track the feature allowing to dynamically configure providers.
\nSo… it's game over then? 🎮 👾\nNot really!
\nWhen a provider is configured in Terraform, it triggers a configuration function:
\nfunc Provider() *schema.Provider {\n return &schema.Provider{\n ConfigureFunc: func(d *schema.ResourceData) (interface{}, error) {\n // Create someObject\n return someObject, nil\n }\n }\n}\n This ConfigureFunc method is usually used to create a static client for the target API. In the Argo CD provider for example, it returns a ServerInterface structure, with pointers to several clients, instantiated from the provider parameters:
type ServerInterface struct { \n ApiClient *apiclient.Client \n ApplicationClient *application.ApplicationServiceClient \n ClusterClient *cluster.ClusterServiceClient \n ProjectClient *project.ProjectServiceClient \n RepositoryClient *repository.RepositoryServiceClient \n RepoCredsClient *repocreds.RepoCredsServiceClient \n ServerVersion *semver.Version \n ServerVersionMessage *version.VersionMessage \n}\n The return statement from the ConfigureFunc eventually looks like this:
return ServerInterface{ \n &apiClient, \n &applicationClient, \n &clusterClient, \n &projectClient, \n &repositoryClient, \n &repoCredsClient, \n serverVersion, \n serverVersionMessage}, err\n Let's add a new field to the ServerInterface to store the pointer to the provider's ResourceData object, which gives access to the provider's parameters:
type ServerInterface struct { \n ApiClient *apiclient.Client \n ApplicationClient *application.ApplicationServiceClient \n ClusterClient *cluster.ClusterServiceClient \n ProjectClient *project.ProjectServiceClient \n RepositoryClient *repository.RepositoryServiceClient \n RepoCredsClient *repocreds.RepoCredsServiceClient \n ServerVersion *semver.Version \n ServerVersionMessage *version.VersionMessage \n ProviderData *schema.ResourceData \n}\n Now in the ConfigureFunc, we'll instantiate the ServerInterface, providing only the ProviderData pointer. The first resource that needs to use the provider will then instantiate the clients, when the provider parameters are available. We'll need the ConfigureFunc method to return a pointer to a ServerInterface, so we can later cache the clients and avoid recreating them for every resource:
ConfigureFunc: func(d *schema.ResourceData) (interface{}, error) { \n server := ServerInterface{ProviderData: d} \n return &server, nil \n},\n Now we need to actually initialize the clients in each resource.
\nEach resource method gets the interface returned by the ConfigureFunc function as an empty interface parameter, usually called meta:
func resourceArgoCDProjectCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {\n These methods currently simply cast the meta parameter as a ServerInterface structure and use the pre-initialized clients:
server := meta.(ServerInterface)\n We now need to cast meta as a pointer to a ServerInterface structure instead (since we'll need to modify the clients from within the resources), and initialize the clients:
server := meta.(*ServerInterface) \nif err := server.initClients(); err != nil { \n return []diag.Diagnostic{ \n diag.Diagnostic{ \n Severity: diag.Error, \n Summary: fmt.Sprintf("Failed to init clients"), \n Detail: err.Error(), \n }, \n } \n}\n The initClients() method of the ServerInterface structure will be called, allowing to set up the clients using the current provider parameters.
In the ServerInterface#initClients() method, we want to make sure we reuse existing clients. This is rather simple, since each client is stored as a pointer in the structure, so it defaults to nil:
func (p *ServerInterface) initClients() error { \n d := p.ProviderData \n \n if p.ApiClient == nil { \n apiClient, err := initApiClient(d) \n if err != nil { \n return err \n } \n p.ApiClient = &apiClient \n }\n\n // etc for all clients\n\n return nil\n}\n That's it, we're done. With these modifications, terraform plan now works. The resources get applied in the proper order, and the outputs from the cluster module get properly passed as configuration to the Argo CD clients.
Note: this is a personal blog post. It does not concern Camptocamp's partnership with Puppet Inc., which remains unchanged.
\nIn 2006, I landed my first gig as a Systems Administrator. One of my main roles was taking care of a Cfengine server and repository for about 4000 machines, and finishing its migration from Cfengine 1 to Cfengine 2.
\nLike many people in this position at that time, discovering Puppet was akin to a revelation. Leaving aside its slowness (in comparison to Cfengine), its DSL, file templates, and the extensibility of the Resource Abstraction Layer were nothing short of a little revolution.
\nThen Augeas was presented to me, and I enjoyed the concept so much I got involved in the project and started writing many lenses.
\nI joined Camptocamp in 2012 in large part because of the role the company played in the Puppet community. Together with my colleague Mickaël, we took to standardising and modernising our Puppet stack and modules, and got deeply involved in the community, writing plugins (puppet-lint plugins, facterdb/rspec-puppet-facter) and tools (prometheus-puppetdb-sd, puppetfile-updater, puppet-ghostbuster, etc.).
\n![\"Puppet](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3bgtu2pv4ftg5suj31rv.jpg\")
Over the years, I've had the pleasure of teaching Puppet training courses at all levels and consulting on all sorts of layers (modules, Ruby plugins, TDD, etc.) and stacks (Puppet Enterprise, Foreman, Docker-based, and more…).
\nIn the last couple of years though, my work has mostly revolved around containers and Kubernetes. I have kept maintaining Puppet- and Augeas-related code, but often without using these projects myself for production needs.
\nFor that reason, I started donating such projects to Voxpupuli, as I believe they will receive better care than I can currently give them.
\nTruth be told, I've delayed all this for months —maybe years— because the Puppet community is awesome and it's always been a pleasure to contribute to it. I've even gotten back quite a bit last year, reviving puppet-catalog-diff and participating in various Puppet Camps.
\nIt's been fun, but I need to focus on other projects now, and it's probably better if things are set in a clear manner.
\nSo farewell Puppet community, keep being an awesome and welcoming place, & thanks for all the 🐟!
"},{"url":"/posts/20241017-how-to-automatically-issue-badges-for-instruqt-labs-18k5/","relativePath":"posts/20241017-how-to-automatically-issue-badges-for-instruqt-labs-18k5.md","relativeDir":"posts","base":"20241017-how-to-automatically-issue-badges-for-instruqt-labs-18k5.md","name":"20241017-how-to-automatically-issue-badges-for-instruqt-labs-18k5","frontmatter":{"title":"How to Automatically Issue Badges for Instruqt Labs","template":"post","date":"2024-10-17T09:00:00Z","excerpt":"Learn how to automate badge issuance with Credly when users complete an Instruqt lab.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fad7mvjs2fjrl1ud4kz62.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fad7mvjs2fjrl1ud4kz62.png","canonical_url":"https://instruqt.com/blog/guest-post-how-to-automatically-issue-badges-for-instruqt-labs","devto_url":"https://dev.to/raphink/how-to-automatically-issue-badges-for-instruqt-labs-18k5"},"html":"In the first blog post, we talked about making labs fun and enjoyable by adding elements of gamification. Issuing badges is a fantastic way to motivate learners, giving them a sense of accomplishment for the skills they've gained, and Isovalent issues hundreds of them every month for the Cilium labs!
\nObviously, issuing badges can be done manually, but this is not scalable or ideal for creating a seamless experience. So, let's automate it!
\nCredly is a widely recognized provider of digital badges, so we will be using this solution to issue badges whenever a user finishes an Instruqt lab.
\n![\"Who](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/fhqgqjpejwb8q0wf12fr.png\")
We'll be using Instruqt webhooks, coupled with the Credly API, to automatically issue badges when labs are completed.
\nAnd thanks to Isovalent's open-sourced Go libraries for both Instruqt and Credly APIs, you will find this automation process smooth and straightforward.
\nGitHub — isovalent/instruqt-go
\n\nIn this post, we'll take you step by step through the process:
\nLet's dive in!
\nAs for the first blog post, you will need an Instruqt account (with an API key) and a Google Cloud project.
\nIn addition, you will also need a Credly account with an API key this time.
\nFirst, create a directory for your function and initialize the Go environment.
\nmkdir instruqt-webhook\ncd instruqt-webhook\n\ngo mod init example.com/labs\n Just as in the first post, we create a cmd directory so we can build and test the function locally:
mkdir cmd\n Create a main.go file in that directory, with the following content:
package main\n\nimport (\n "log"\n "os"\n\n // Blank-import the function package so the init() runs\n // Adapt if you replaced example.com earlier\n _ "example.com/labs"\n\n "github.com/GoogleCloudPlatform/functions-framework-go/funcframework"\n)\n\nfunc main() {\n // Use PORT environment variable, or default to 8080.\n port := "8080"\n if envPort := os.Getenv("PORT"); envPort != "" {\n port = envPort\n }\n if err := funcframework.Start(port); err != nil {\n log.Fatalf("funcframework.Start: %v\\n", err)\n }\n}\n Back to the instruqt-webhook directory, create a file named webhook.go to contain the function logic. This file will serve as the webhook handler for incoming events from Instruqt.
In webhook.go, begin by adding the necessary imports, constants, and initializing the function:
package labs\n\nimport (\n\t"fmt"\n\t"net/http"\n\t"os"\n\t"strings"\n\n\t"github.com/GoogleCloudPlatform/functions-framework-go/functions"\n\n\t"github.com/isovalent/instruqt-go/instruqt"\n\t"github.com/isovalent/credly-go/credly"\n\n)\n\nfunc init() {\n\tfunctions.HTTP("InstruqtWebhookCatch", instruqtWebhookCatch)\n}\n\nconst (\n instruqtTeam = "yourInstruqtTeam" // Replace with your own team name\n credlyOrg = "yourCredlyOrg" // Replace with your own credly organization ID\n)\n Now, let's write the instruqtWebhookCatch function to receive the event.
We will take advantage of the methods provided by the Isovalent instruqt-go library to manage the Instruqt webhook:
func instruqtWebhookCatch(w http.ResponseWriter, r *http.Request) {\n\twebhookSecret := os.Getenv("INSTRUQT_WEBHOOK_SECRET")\n \twbHandler := instruqt.HandleWebhook(processWebhook, webhookSecret)\n\twbHandler(w, r)\n}\n This function works as a proxy between the HTTP connection handler provided by the Google Cloud Functions framework and the instruqt.HandleWebhook method provided by Isovalent's library to manage the Svix webhook.
It allows us to set up a webhook manager by passing the webhook's secret. We will see later where to find the value for the webhook secret.
\nThe instruqt.HandleWebhook method will automatically:
processWebhook() FunctionNext, we need to implement the processWebhook function, where our logic will be placed.
This function will receive 3 parameters:
\nhttp.ResponseWriter and *http.Request) inherited from the GCP Function handler;instruqt.Webhook structure parsed by instruqt.HandleWebhook and passed down to us.Here's the complete implementation:
\nfunc processWebhook(w http.ResponseWriter, r *http.Request, webhook instruqt.WebhookEvent) (err error) {\n\t// Return early if the event type is not track.completed\n\tif webhook.Type != "track.completed" {\n\t\tw.WriteHeader(http.StatusNoContent)\n\t\treturn\n\t}\n\n\t// Setup the Instruqt client\n\tinstruqtToken := os.Getenv("INSTRUQT_TOKEN")\n\tif instruqtToken == "" {\n\t\tw.WriteHeader(http.StatusInternalServerError)\n\t\treturn\n\t}\n\tinstruqtClient := instruqt.NewClient(instruqtToken, instruqtTeam)\n\n\t// Setup the Credly client\n\tcredlyToken := os.Getenv("CREDLY_TOKEN")\n\tif credlyToken == "" {\n\t\tw.WriteHeader(http.StatusInternalServerError)\n\t\treturn\n\t}\n\tcredlyClient := credly.NewClient(credlyToken, credlyOrg)\n\n\t// Get user info from Instruqt\n\tuser, err := instruqtClient.GetUserInfo(webhook.UserId)\n\tif err != nil {\n\t\tfmt.Printf("Failed to get user info: %v", err)\n\t\tw.WriteHeader(http.StatusInternalServerError)\n\t\treturn\n\t}\n\n\t// Get track details to extract badge template ID from tags\n\ttrack, err := instruqtClient.GetTrackById(webhook.TrackId)\n\tif err != nil {\n\t\tfmt.Printf("Failed to get track info: %v", err)\n\t\tw.WriteHeader(http.StatusInternalServerError)\n\t\treturn\n\t}\n\n\t// Extract badge template ID from track tags\n\tvar templateId string\n\tfor _, tag := range track.TrackTags {\n\t\t// Use strings.Split to parse the tag and extract the badge template ID\n\t\tparts := strings.Split(tag.Value, ":")\n\t\tif len(parts) == 2 && parts[0] == "badge" {\n\t\t\ttemplateId = parts[1]\n\t\t\tbreak\n\t\t}\n\t}\n\n\tif templateId == "" {\n\t\tfmt.Printf("No badge template ID found for track %s", webhook.TrackId)\n\t\tw.WriteHeader(http.StatusBadRequest)\n\t\treturn\n\t}\n\n\t// Issue badge through Credly\n\t_, badgeErr := credlyClient.IssueBadge(templateId, user.Email, user.FirstName, user.LastName)\n\t// Check if the badge has already been issued\n\tif badgeErr != nil {\n\t\tif strings.Contains(badgeErr.Error(), credly.ErrBadgeAlreadyIssued) {\n\t\t\tfmt.Printf("Badge already issued for %s", user.Email)\n\t\t\tw.WriteHeader(http.StatusConflict)\n\t\t\treturn\n\t\t}\n\t\tfmt.Printf("Failed to issue badge: %v", badgeErr)\n\t\tw.WriteHeader(http.StatusInternalServerError)\n\t\treturn\n\t}\n\n\tw.WriteHeader(http.StatusOK)\n\treturn\n}\n This function does the following:
\nTo enable Instruqt to call your webhook, navigate to the Instruqt UI, go to Settings -> Webhooks, and click \"Add Endpoint\" to set up a new webhook that points to your Google Cloud Function URL.
\n![\"Create](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/962yseu7n7pgiwbauwyk.png\")
Select track.completed in the list of events to fire up this endpoint.
Since we'll be hosting the function on Google Cloud Functions, the URL will be in the form https://<zone>-<project>.cloudfunctions.net/<name>. For example, if your function is called instruqt-webhook and is deployed in the labs GCP project in the europe-west1 zone, then the URL will be https://europe-west1-labs.cloudfunctions.net/instruqt-webhook. If in doubt, put a fake URL and you can modify it later.
Create \"Create\", then locate the \"Signing secret\" field to the right side of the panel and copy its value.
\nExport it in your terminal as the INSTRUQT_WEBHOOK_SECRET value:
export INSTRUQT_WEBHHOOK_SECRET=whsec_v/somevalueCopiedFromUi\n Then use it to create a new GCP secret called instruqt-webhook-secret:
echo -n "$INSTRUQT_WEBHHOOK_SECRET" | gcloud secrets create instruqt-webhook-secret --data-file=-\n Give it the proper permissions to be usable in your function (see first blog post for details):
\nPROJECT_NUMBER=$(gcloud projects describe $(gcloud config get-value project) --format="value(projectNumber)")\ngcloud secrets add-iam-policy-binding instruqt-webhook-secret \\\n --member="serviceAccount:${PROJECT_NUMBER}-compute@developer.gserviceaccount.com" \\\n --role="roles/secretmanager.secretAccessor"\n Also create a secret for your Credly token:
\nexport CREDLY_TOKEN=yourCredlyToken\necho -n "$CREDLY_TOKEN" | gcloud secrets create credly-token --data-file=-\ngcloud secrets add-iam-policy-binding credly-token \\\n --member="serviceAccount:${PROJECT_NUMBER}-compute@developer.gserviceaccount.com" \\\n --role="roles/secretmanager.secretAccessor"\n Let's check that this function builds and runs fine.
\nFirst, update your go.mod and go.sum files with:
go get ./...\ngo mod tidy\n Now, run the function:
\nFUNCTION_TARGET=InstruqtWebhookCatch go run ./cmd/main.go\n The function should compile and run fine. You can try sending queries to it on localhost:8080:
curl -i localhost:8080\n Expect to get an error since the Svix webhook authentication is not set up properly in the payload:
\nHTTP/1.1 405 Method Not Allowed\nContent-Type: text/plain; charset=utf-8\nX-Content-Type-Options: nosniff\nDate: Tue, 08 Oct 2024 13:20:47 GMT\nContent-Length: 23\n\nInvalid request method\n It would be possible to emulate this, but it's a bit complex, so let's just deploy to GCP now!
\nIf you'd like to use Docker to test your function locally, you can create a Dockerfile in your current directory:
FROM golang:1.23\n\nWORKDIR /app\n\nCOPY . .\n\nRUN go build -o myapp ./cmd/main.go\n\nENV DEV=true\nENV PORT=8080\n\nEXPOSE $PORT\n\nCMD ["./myapp"]\n Add a docker-compose.yaml file:
version: '3'\nservices:\n proxy:\n build: ./\n ports:\n - "8080:8080"\n environment:\n INSTRUQT_WEBHOOK_SECRET: ${INSTRUQT_WEBHOOK_SECRET}\n INSTRUQT_TOKEN: ${INSTRUQT_TOKEN}\n CREDLY_TOKEN: ${CREDLY_TOKEN}\n FUNCTION_TARGET: InstruqtWebhookCatch\n Finally, build and launch your container:
\ndocker-compose up --build\n And you can send requests to localhost:8080 just the same as before!
You can then deploy the function (adapt the region if needed), giving it access to all three secret values:
\ngcloud functions deploy "instruqt-webhook" \\\n --gen2 --runtime=go122 --region=europe-west1 --source=. \\\n --entry-point="InstruqtWebhookCatch" --trigger-http --allow-unauthenticated \\\n --set-secrets="INSTRUQT_WEBHOOK_SECRET=instruqt-webhook-secret:latest" \\\n --set-secrets="INSTRUQT_TOKEN=instruqt-token:latest" \\\n --set-secrets="CREDLY_TOKEN=credly-token:latest"\n This will upload and build your project, and return the URL to access the function.
\nIf necessary, update the URL in your Instruqt webhook configuration.
\nNow for the moment of truth: testing!
\nbadge:<template_ID>, replacing template_ID with the ID you just copied.You should get the badge in your email!
\ntrack.completed events. You can extend it to do a lot more things with all the events provided by Instruqt! I typically like to capture lots of events to send them to Slack for better visibility.How do you teach a very technical topic to prospects and customers? How do you make it a smooth ride?
\nAt Isovalent, we're passionate about making the learning experience as seamless as possible for our users. Isovalent are the creators of Cilium, the de facto cloud networking platform for Kubernetes. While we love networking and security, we appreciate folks might find it a difficult topic. We thought we would make learning Kubernetes networking fun, so we make it a point to gamify the learning experience.\nInstruqt provides a great platform to build hands-on labs that can be both technically advanced and engaging for users.
\nWe also believe the user experience should be smooth and the processes fully automated.\nFortunately, a lot can be done by leveraging the Instruqt graphQL API.\nTo that purpose, we wrote our own instruqt-go library, which we've decided to open source. The library is designed to help developers automate and integrate with the Instruqt platform with ease.
GitHub — isovalent/instruqt-go
\nOne of the issues in publishing Instruqt labs is to link user information from Instruqt with that of your own database or CRM.\nIn this first post, we’ll guide you through building a proxy using instruqt-go that:
We will then publish the function on Google Cloud Functions.
\nThere are various reasons to collect user information in labs:
\n![\"Cilium](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5upiqyiiwbr6i5jv9lg8.png\")
There are several methods to pass user data to Instruqt tracks.
\nInstruqt custom parameters are very useful to pass any kind of information when starting a track. These fields are simply added to the URL as query parameters, prefixed with icp_. These parameters can also be retrieved in Instruqt webhooks as well as through the Instruqt GraphQL API, making them practical to use.
Until recently, Instruqt encouraged track developers to pass user information (such as name, email, or token) using custom parameters.
\nHowever, there are a few downsides to using custom parameters:
\nInstruqt invites allow to create a list of tracks and generate an invitation link that can be shared with users for easy access. Invites can be set to collect user data via a form.
\nThis user data is then added to the user's details on Instruqt (user details are attached to user accounts, but are unique per Instruqt team).
\nThis is extremely practical for workshops, but there's again a few limitations:
\nNote: Instruqt recently introduced landing pages, which is a form of invites with a way to tune the landing page, with the same advantages and limitations.
\nRecently, Instruqt added another way to pass user information, which combines the benefits of both previous methods.
\nThe encrypted PII method allows to pass a pii_tpg query parameter to an embed URL. This means:
pii_tpg data and has the private key to decrypt it. The information is used to fill in the user's details, just as if they had acceted an invite.We're going to use this new method in this example, as it is the most versatile today to pass information to Instruqt in a safe and reliable manner.
\nWhen you visit a track page on Instruqt, there is an option to embed the track.\nThis gives you a URL which contains a token unique to the track.
\nWhile it is perfectly valid to use that URL, it also means that whoever has access to this token can start the track whenever they want.
\nInstruqt has recently added an API call to generate one-time tokens for tracks, such that URLs using such tokens can only be used once.
\nThe proxy we're coding will use one-time tokens, since we have access to the API and can easily generate them.
\nFirst, create a directory for your function:
\nmkdir instruqt-proxy\n Move to this directory and initialize the Go environment:
\n# Replace example.com with the prefix of your choice\ngo mod init example.com/labs\n For local testing, create a cmd directory:
mkdir cmd\n Create a main.go file in that directory, with the following content:
package main\n\nimport (\n\t"log"\n\t"os"\n\n\t// Blank-import the function package so the init() runs\n // Adapt if you replaced example.com earlier\n\t_ "example.com/labs"\n\n\t"github.com/GoogleCloudPlatform/functions-framework-go/funcframework"\n)\n\nfunc main() {\n\t// Use PORT environment variable, or default to 8080.\n\tport := "8080"\n\tif envPort := os.Getenv("PORT"); envPort != "" {\n\t\tport = envPort\n\t}\n\tif err := funcframework.Start(port); err != nil {\n\t\tlog.Fatalf("funcframework.Start: %v\\n", err)\n\t}\n}\n Back to the instruqt-proxy directory, create a proxy.go file and start by adding the init() function to it, along with the Go packages we will be using:
package labs\n\nimport (\n\t"fmt"\n\t"net/http"\n\t"net/url"\n\t"os"\n\n\t"github.com/GoogleCloudPlatform/functions-framework-go/functions"\n\n\t"github.com/isovalent/instruqt-go/instruqt"\n)\n\nfunc init() {\n\tfunctions.HTTP("InstruqtProxy", instruqtProxy)\n}\n This will allow Google Cloud Functions to call the instruqtProxy function when it is initialized.
Let's write that function:
\nconst (\n\t// Replace team name with yours\n\tinstruqtTeam = "isovalent"\n)\n\nfunc instruqtProxy(w http.ResponseWriter, r *http.Request) {\n\tinstruqtToken := os.Getenv("INSTRUQT_TOKEN")\n\n\tif instruqtToken == "" {\n\t\tw.WriteHeader(http.StatusInternalServerError)\n\t\treturn\n\t}\n\n\tinstruqtClient := instruqt.NewClient(instruqtToken, instruqtTeam)\n\n\t// Get user from passed token\n\tutk := r.URL.Query().Get("utk")\n\tif utk == "" {\n\t\tw.WriteHeader(http.StatusUnauthorized)\n\t\treturn\n\t}\n\n\tuser, err := getUser(utk)\n\tif err != nil {\n\t\tw.WriteHeader(http.StatusUnauthorized)\n\t\treturn\n\t}\n\n\tlabSlug := r.URL.Query().Get("slug")\n\n\turl, err := getLabURL(instruqtClient, user, labSlug)\n\tif err != nil {\n\t\tw.WriteHeader(http.StatusNotFound)\n\t\treturn\n\t}\n\n\thttp.Redirect(w, r, url, http.StatusFound)\n}\n In this function, we:
\nINSTRUQT_TOKEN environment variableutk parameter from the URL parameters in order to authenticate the userhttp.Redirect functionThe getLabURL function will generate the redirect URL for the lab based on user information, the requested lab slug, and dynamic information from the Instruqt API.
Let's write it:
\nconst (\n\t// Replace with your sign-up page format\n\tlabSignupPage = "https://isovalent.com/labs/%s"\n\n\t// Adapt to your values\n\tfinishBtnText = "Try your next Lab!"\n\tfinishBtnURL = "https://labs-map.isovalent.com/map?lab=%s&showInfo=true"\n)\n\nfunc getLabURL(instruqtClient *instruqt.Client, u user, slug string) (string, error) {\n\ttrack, err := instruqtClient.GetTrackBySlug(slug)\n\tif err != nil {\n\t\treturn "", err\n\t}\n\n\t// Unknown user\n\tif u.Email == "" {\n\t\turl := fmt.Sprintf(labSignupPage, slug)\n\t\treturn url, nil\n\t}\n\n\t// Get one-time token\n\ttoken, err := instruqtClient.GenerateOneTimePlayToken(track.Id)\n\tif err != nil {\n\t\treturn "", err\n\t}\n\n\tlabURL, err := url.Parse(fmt.Sprintf("https://play.instruqt.com/embed/%s/tracks/%s", instruqtTeam, track.Slug))\n\tif err != nil {\n\t\treturn "", err\n\t}\n\n\t// Prepare the fields to encrypt\n\tencryptedPII, err := instruqtClient.EncryptUserPII(u.FirstName, u.LastName, u.Email)\n\tif err != nil {\n\t\treturn "", err\n\t}\n\n\t// Add params\n\tparams := map[string]string{\n\t\t"token": token,\n\t\t"pii_tpg": encryptedPII,\n\t\t"show_challenges": "true",\n\t\t"finish_btn_target": "_blank",\n\t\t"finish_btn_text": finishBtnText,\n\t\t"finish_btn_url": fmt.Sprintf(finishBtnURL, track.Slug),\n\t}\n\n\tq := labURL.Query()\n\tfor key, value := range params {\n\t\tq.Set(key, value)\n\t}\n\n\t// Encode the parameters\n\tlabURL.RawQuery = q.Encode()\n\n\treturn labURL.String(), nil\n}\n First, note that we have defined some new constants that you can tune:
\nlabSignupPage is the URL on your website where unauthenticated users will be redirected. It contains a variable for the lab slug.finishBtnText is the text shown on the finish button of the lab.finishBtnURL is the action of the button at the end of the lab. It also contains a variable for the lab slug.Now let's explain the getLabURL() function steps:
getUser() FunctionThe last piece missing in this proxy is the getUser() function. I can't help you much here, since this part is where you plug your own logic. You might be using a CRM like Hubspot to retrieve contact information from the UTK, or another database, it's up to you!
The code I'll show you here simply returns a sample user:
\n/*\n * This is where you add the logic to get user information from your CRM/database.\n */\ntype user struct {\n\tFirstName string\n\tLastName string\n\tEmail string\n}\n\nfunc getUser(utk string) (u user, err error) {\n\t// Implement the logic to get your user information from UTK\n\n\tu = user{\n\t\tFirstName: "John",\n\t\tLastName: "Doe",\n\t\tEmail: "john@doe.com",\n\t}\n\n\treturn u, err\n}\n Now that we have our whole proxy.go function, let's test it!
First, update your go.mod and go.sum files with:
go get ./...\ngo mod tidy\n In your Instruqt dashboard, go to \"API keys\" and get the value of your API key. Export it as a variable in your shell:
\nexport INSTRUQT_TOKEN=<your_instruqt_token>\n Next, launch the function on your local machine:
\nFUNCTION_TARGET=InstruqtProxy go run ./cmd/main.go\n Finally, in another terminal, make test requests to localhost:8080 where your function will be running (you can pass a PORT environment variable above to change the port if necessary):
curl -i "localhost:8080/?slug=cilium-getting-started&utk=someUtkValue"\n Adapt to use a track slug that exists in your Instruqt organization. If the track exists, you should get a 302 response with the redirect URL containing a one-time token for access, as well as John Doe's information encrypted with the PII key, and a one-time token (starting with ott_)!
If you'd like to use Docker to test your function locally, you can create a Dockerfile in your current directory:
FROM golang:1.23\n\nWORKDIR /app\n\nCOPY . .\n\nRUN go build -o myapp ./cmd/main.go\n\nENV DEV=true\nENV PORT=8080\n\nEXPOSE $PORT\n\nCMD ["./myapp"]\n Add a docker-compose.yaml file:
version: '3'\nservices:\n proxy:\n build: ./\n ports:\n - "8080:8080"\n environment:\n INSTRUQT_TOKEN: ${INSTRUQT_TOKEN}\n FUNCTION_TARGET: InstruqtProxy\n Finally, build and launch your container:
\ndocker-compose up --build\n And you can send requests to localhost:8080 just the same as before!
In order to deploy to Google Cloud, first make sure you are logged in to your Google Cloud project:
\ngcloud auth application-default login\n Next, let's create a new secret for the Instruqt token:
\necho -n "$INSTRUQT_TOKEN" | gcloud secrets create instruqt-token --data-file=-\n In order to adjust the permissions on this secret, you will need to get your project ID:
\nPROJECT_NUMBER=$(gcloud projects describe $(gcloud config get-value project) --format="value(projectNumber)")\n Then, add the \"Secret Manager Secret Accessor\" role for the default Compute Engine service account for the project:
\ngcloud secrets add-iam-policy-binding instruqt-token \\\n --member="serviceAccount:${PROJECT_NUMBER}-compute@developer.gserviceaccount.com" \\\n --role="roles/secretmanager.secretAccessor"\n Your secret is now ready to be used by the function!
\nYou can then deploy the function (adapt the region if needed):
\ngcloud functions deploy "instruqt-proxy" \\\n --gen2 --runtime=go122 --region=europe-west1 --source=. \\\n --entry-point="InstruqtProxy" --trigger-http --allow-unauthenticated \\\n --set-secrets="INSTRUQT_TOKEN=instruqt-token:latest"\n This will upload and build your project, and return the URL to access the function.
\nThis URL will look something like https://europe-west1-<project>.cloudfunctions.net/instruqt-proxy.\nYou can then test the function using that URL instead of localhost:8080!
This is a simplified approach to the lab proxy we use at Isovalent. There are things you might want to consider with this implementation:
\ninvite parameter and add it to the URL.This proxy can typically be used to give access to authenticated users in a safe way, while preserving user information in Instruqt reports and making sure embed URLs are not reusable.
\nHere is an example of usage of this proxy:
\nThis can allow you to build a series of public sign-up pages for your labs, similar to what we have built on the Isovalent website. It can also be used to build a Kiosk interface, or even a more creative landing page such as the Cilium Labs map, where clicks on the map redirect to the lab proxy.
\nBy making a complex networking technology like Cilium fun with our labs, we have made it the experience for users less intimidating and more approachable. Using our proxy can help you provide a similar user experience to your prospects. Please get in touch if you have any questions.
"},{"url":"/posts/20260409-improvisation-on-the-spectrum-1k8i/","relativePath":"posts/20260409-improvisation-on-the-spectrum-1k8i.md","relativeDir":"posts","base":"20260409-improvisation-on-the-spectrum-1k8i.md","name":"20260409-improvisation-on-the-spectrum-1k8i","frontmatter":{"title":"Improvisation on the Spectrum","template":"post","date":"2026-04-09T16:36:00Z","excerpt":"A comic strip on autism","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdfjs9nojxznk8qumnbuq.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdfjs9nojxznk8qumnbuq.png","canonical_url":"https://dev.to/raphink/improvisation-on-the-spectrum-1k8i","devto_url":"https://dev.to/raphink/improvisation-on-the-spectrum-1k8i"},"html":"As you may know, this month is autism awareness month.
\nMany things will be posted about autism, and I'd like to share one: a little comic strip I made in July last year, in an attempt to capture of one many invisible quirks in the daily life of an autistic person.
\n ![\"Intro](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/dfjs9nojxznk8qumnbuq.png\")
\n![\"Panel](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/y1yvgfrz96f761i4do8g.png\")
\n![\"Panel](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/cvz3hyk6xuqvyo6tw9m2.png\")
\n![\"Panel](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/b4gmr7dmthjwyyw93khm.png\")
\n![\"Panel](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/sbn52o4wqahc4woyfh9l.png\")
\n![\"Panel](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/e3ju50fm4epuygnoec0n.png\")
\n![\"Panel](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/2yeiyvw35h3c5ccwnioj.png\")
\n![\"Panel](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jqqn2vaiq2zywmnkyg0s.png\")
\n![\"Panel](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/12chseq188pv27jnz3ov.png\")
\n![\"Panel](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/bu90ner1oc2b12okefgl.png\")
This is the first of a series of posts on autism that I will be posting this month.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-02.
"},{"url":"/posts/20260409-quirk-or-wiring-5a4b/","relativePath":"posts/20260409-quirk-or-wiring-5a4b.md","relativeDir":"posts","base":"20260409-quirk-or-wiring-5a4b.md","name":"20260409-quirk-or-wiring-5a4b","frontmatter":{"title":"Quirk or wiring?","template":"post","date":"2026-04-09T16:45:00Z","excerpt":"Why autism is neurological, not psychological — and why that distinction changes everything about how we think about support.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv4dl9q36j2w1uupn74dx.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv4dl9q36j2w1uupn74dx.png","canonical_url":"https://dev.to/raphink/quirk-or-wiring-5a4b","devto_url":"https://dev.to/raphink/quirk-or-wiring-5a4b"},"html":"April is autism awareness month. Yesterday, I posted a comic strip about navigating social situations as an autistic person. I want to spend this month going deeper, with regular posts on experiencing autism.
\nA good place to start is the difference between a psychological trait and a neurological one.
\nA lot of autistic experiences look like personality traits from the outside. Introversion. Shyness. Social awkwardness. These are things many people relate to, and that relatability is both a bridge and a trap. It creates the impression we're talking about the same thing, just more so. They are also not helped by the common misconception that 'spectrum' means a \"vertical\" scale from normal to autistic, rather than a \"horizontal\" one within the neurological condition of autism.
\nMy wife has transverse myelitis, a condition where the myelin sheath around the spinal cord degrades, disrupting nerve signals. The result: both motor and sensory pathways are affected, and the automatic reflex arc that normally catches you when you stumble overreacts and causes her to fall. Everybody trips. Most people catch themselves without thinking. She doesn't have that fallback. She can scan the ground, plan every step, and still fall, because the pebble she didn't see hits a system that can no longer compensate automatically. The effort is real, the safety net is not present, and the fall unavoidable.
\nAutism works on a different system — social cognition rather than motor control — but the structure is the same. Everybody has awkward social moments. Most people recover instinctively, the automatic social circuitry recalibrates. That fallback is what I don't have reliably. I can prepare, study the signals, pay close attention, and still miss something obvious to everyone else, because it happened in a channel I'm not wired to process automatically.
\nThe exhaustion isn't from interacting. It's from running manual what most people run on autopilot.
\nAnd here's the point that matters: my wife's myelin isn't going to grow back. Physiotherapy helps. A cane helps with balance. But they're compensations for something that isn't there, not a cure for something that went wrong. Autism is the same. You can learn strategies, build workarounds, develop compensations, and many of us do, invisibly, for decades. But you're not fixing the wiring. You're working around it.
\nWhen relating to autistic people, don't assume similar external signs mean the same internal experience and causes. Ask, and be surprised by what you'll find.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-03.
"},{"url":"/posts/20220223-towards-a-modular-devops-stack-257c/","relativePath":"posts/20220223-towards-a-modular-devops-stack-257c.md","relativeDir":"posts","base":"20220223-towards-a-modular-devops-stack-257c.md","name":"20220223-towards-a-modular-devops-stack-257c","frontmatter":{"title":"Towards a Modular DevOps Stack","template":"post","date":"2022-02-23T17:37:45Z","excerpt":"DevOps Stack v1 will be modular","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Facg62zfhbt0aqt7g2dk4.jpg","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Facg62zfhbt0aqt7g2dk4.jpg","canonical_url":"https://dev.to/camptocamp-ops/towards-a-modular-devops-stack-257c","devto_url":"https://dev.to/camptocamp-ops/towards-a-modular-devops-stack-257c"},"html":"A year and a half ago, our infrastructure team at Camptocamp was faced with an increasingly problematic situation. We were provisioning more and more Kubernetes clusters, on different cloud providers. We used Terraform to deploy the infrastructure itself, and we had started to adopt Argo CD to deploy applications on top of the cluster.
\nWe quickly ended up with many projects using similar logic, often borrowed from older projects, and most of these cluster were starting to use divergent code.
\n![\"Diverging](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/vl7hboahfscgsbvfyit4.png\")
We thought it was time to put together a standard core in order to:
\n![\"DevOps](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/hl1ncdyg1o7bolr9vy5z.png\")
The DevOps Stack was born!
\nThe original DevOps Stack design was monolithic, both for practical and technical reasons.
\nAfter all, we were trying to centralize best practices from many projects into a common core, so it made sense to put everything together behind a unified interface!
\nIn addition to that, all the Kubernetes applications were created using an App of Apps pattern, because we had no ApplicationSets and no way to control Argo CD directly from Terraform.
\nAs a result, the basic interface was very simple, for example:
\nmodule "cluster" {\n source = "git::https://github.com/camptocamp/devops-stack.git//modules/eks/aws?ref=v0.54.0"\n\n cluster_name = local.cluster_name\n vpc_id = module.vpc.vpc_id\n\n worker_groups = [\n {\n instance_type = "m5a.large"\n asg_desired_capacity = 2\n asg_max_size = 3\n }\n ]\n\n base_domain = "example.com"\n\n cognito_user_pool_id = aws_cognito_user_pool.pool.id\n cognito_user_pool_domain = aws_cognito_user_pool_domain.pool_domain.domain\n}\n However, it could get very complex when application settings needed to be tuned!
\n![\"DevOps](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/12b9atbhi9iwf0fgoslm.png\")
With time, this architecture started being problematic for various reasons:
\nextra_apps and extra_applicationsets parameters, which were monolithic and complex.It was time to rethink the design.
\nIn order to escape the App of Apps pattern, we started looking into using a Terraform provider to control Argo CD resources. After various contributions, the provider was ready for us to start using in the DevOps Stack.
\nUsing the Argo CD provider allowed us to split each component into a separate module. In a similar way to DevOps Stack v0, each of these modules would provide Terraform code to set up the component, optionally with:
\nAs a result, the user interface is much more verbose. The previous example would thus become:
\nmodule "cluster" {\n source = "git::https://github.com/camptocamp/devops-stack.git//modules/eks/aws?ref=v1.0.0"\n\n cluster_name = var.cluster_name\n base_domain = "demo.camptocamp.com"\n vpc_id = module.vpc.vpc_id\n\n cluster_endpoint_public_access_cidrs = flatten([\n formatlist("%s/32", module.vpc.nat_public_ips),\n "0.0.0.0/0",\n ])\n\n worker_groups = [\n {\n instance_type = "m5a.large"\n asg_desired_capacity = 2\n asg_max_size = 3\n root_volume_type = "gp2"\n },\n ]\n}\n\nprovider "argocd" {\n server_addr = "127.0.0.1:8080"\n auth_token = module.cluster.argocd_auth_token\n insecure = true\n plain_text = true\n port_forward = true\n port_forward_with_namespace = module.cluster.argocd_namespace\n\n kubernetes {\n host = module.cluster.kubernetes_host\n cluster_ca_certificate = module.cluster.kubernetes_cluster_ca_certificate\n token = module.cluster.kubernetes_token\n }\n}\n\nmodule "ingress" {\n source = "git::https://github.com/camptocamp/devops-stack-module-traefik.git//modules/eks"\n\n cluster_name = var.cluster_name\n argocd_namespace = module.cluster.argocd_namespace\n base_domain = module.cluster.base_domain\n}\n\nmodule "oidc" {\n source = "git::https://github.com/camptocamp/devops-stack-module-oidc-aws-cognito.git//modules"\n\n cluster_name = var.cluster_name\n argocd_namespace = module.cluster.argocd_namespace\n base_domain = module.cluster.base_domain\n\n cognito_user_pool_id = aws_cognito_user_pool.pool.id\n cognito_user_pool_domain = aws_cognito_user_pool_domain.pool_domain.domain\n}\n\nmodule "monitoring" {\n source = "git::https://github.com/camptocamp/devops-stack-module-kube-prometheus-stack.git//modules"\n\n cluster_name = var.cluster_name\n oidc = module.oidc.oidc\n argocd_namespace = module.cluster.argocd_namespace\n base_domain = module.cluster.base_domain\n cluster_issuer = "letsencrypt-prod"\n metrics_archives = {}\n\n depends_on = [ module.oidc ]\n}\n\nmodule "loki-stack" {\n source = "git::https://github.com/camptocamp/devops-stack-module-loki-stack.git//modules/eks"\n\n cluster_name = var.cluster_name\n argocd_namespace = module.cluster.argocd_namespace\n base_domain = module.cluster.base_domain\n\n cluster_oidc_issuer_url = module.cluster.cluster_oidc_issuer_url\n\n depends_on = [ module.monitoring ]\n}\n\nmodule "cert-manager" {\n source = "git::https://github.com/camptocamp/devops-stack-module-cert-manager.git//modules/eks"\n\n cluster_name = var.cluster_name\n argocd_namespace = module.cluster.argocd_namespace\n base_domain = module.cluster.base_domain\n\n cluster_oidc_issuer_url = module.cluster.cluster_oidc_issuer_url\n\n depends_on = [ module.monitoring ]\n}\n\nmodule "argocd" {\n source = "git::https://github.com/camptocamp/devops-stack-module-argocd.git//modules"\n\n cluster_name = var.cluster_name\n oidc = module.oidc.oidc\n argocd = {\n namespace = module.cluster.argocd_namespace\n server_secrhttps://kubernetes.slack.com/archives/C01SQ1TMBSTetkey = module.cluster.argocd_server_secretkey\n accounts_pipeline_tokens = module.cluster.argocd_accounts_pipeline_tokens\n server_admin_password = module.cluster.argocd_server_admin_password\n domain = module.cluster.argocd_domain\n }\n base_domain = module.cluster.base_domain\n cluster_issuer = "letsencrypt-prod"\n\n depends_on = [ module.cert-manager, module.monitoring ]\n}\n As you can see, the main cluster module —which used to do all the work— is now only responsible for deploying the Kubernetes cluster and a basic Argo CD set up (in bootstrap mode).
We then set up the Argo CD provider using outputs from the cluster module:
provider "argocd" {\n server_addr = "127.0.0.1:8080"\n auth_token = module.cluster.argocd_auth_token\n insecure = true\n plain_text = true\n port_forward = true\n port_forward_with_namespace = module.cluster.argocd_namespace\n\n kubernetes {\n host = module.cluster.kubernetes_host\n cluster_ca_certificate = module.cluster.kubernetes_cluster_ca_certificate\n token = module.cluster.kubernetes_token\n }\n}\n This provider is used in all (or most at least) other modules in order to deploy Argo CD applications, without going through a monolithic/centralized App of Apps.
\nEach module provides a single component, using Terraform and the Argo CD provider (optionally).
\nThere are common interfaces passed as variables between modules. For example, the oidc variable can be provided as an output from various modules: Keycloak, AWS Cognito, etc. This oidc variable can then be passed to other component modules to configure the component's authentication layer.
In a similar fashion, the ingress module, which was so far only using Traefik, can now be replaced by another Ingress Controller implementation.
The Argo CD module is a special one. A special entrypoint (called boostrap) is used in the cluster module to set up a basic Argo CD using Helm.
The user is then responsible for instantiating the Argo CD module a second time at the end of the stack, in order for Argo CD to manage itself and configure itself properly —including monitoring and authentication, which cannot be configured before the corresponding components are deployed.
\nEventually, other modules might adopt the bootstrap pattern in order to solve chicken-and-egg dependencies.
\nFor example, cert-manager requires Prometheus Operator CRDs in order to be monitored. However, the Kube Prometheus Stack might require valid certificates, thus depending on cert-manager being deployed. This could be solved by deploying a basic cert-manager instance (in a bootstrap endpoint), and finalizing the deploying at the end of the stack.
The modular DevOps Stack design is the current target for release 1.0.0.
\nWhile this refactoring is still in beta state, it can be tested by using the v1 branch of the project. You can also find examples in the tests directory (though not all distributions are ported yet).
Feedback is welcome, and you can contact us on the #camptocamp-devops-stack channel of the Kubernetes Slack.
This is the fourth post in a series for autism awareness month. Previous posts covered the neurological vs. psychological distinction and what \"spectrum\" actually means. This week: what runs in the background, all the time.
\nMy mother often reminds me that when I was a child visiting friends, I would tour every room and every corner of their apartment before I could sit down and play. I had no idea I was doing it. I just couldn't settle until I had a complete map.\nThat pattern never went away.
\nThere's a well-documented phenomenon in autism research called intolerance of uncertainty (IU): the nervous system's difficulty tolerating absent information. The research links it directly to how the autistic brain builds predictions: less automatically, less reliably than in neurotypical brains. The result is a system that needs more explicit data to feel oriented. So it collects data, constantly.
\nEveryone experiences some anxiety about the unknown. The difference in autism is in the mechanism and the scale. For me, the information-gathering isn't occasional, it's continuous, and it isn't very selective. Any piece of information feels potentially vital. If someone mentions an actor I don't recognize, I need to know who that is. Not out of curiosity, but because there might be a joke about that actor later. Everyone will laugh. I won't follow. And unlike most social awkwardness, I can't fake it convincingly without the underlying data. The gap isn't uncomfortable, it's a predicted failure.
\nThis is what produces the constant background hum: not anxiety about anything specific, but the nervous system permanently scanning for gaps in the map, because any gap is a potential trapdoor.
\nSpecial interests are the inverse of this. A domain I know deeply is a domain with no trapdoors. The intensity and relief that come with a special interest aren't enthusiasm, they're the feeling of ground that holds. Talking about it at length isn't ignoring the other person, it's the only moment the scanning stops.
\nThere is an upside to all this collecting though. A brain that has spent decades gathering fragments from unrelated domains ends up with an unusually dense web of cross-references. When something new appears, it rarely arrives in isolation: the system has already indexed something adjacent, something that rhymes, something from three fields over. Pattern recognition and unexpected correlations come almost automatically, not as a skill but as a byproduct of the constant scan. We'll talk more about that in a following post on STEM and IT.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-09.
"},{"url":"/posts/20260409-what-autistic-spectrum-actually-means-4djb/","relativePath":"posts/20260409-what-autistic-spectrum-actually-means-4djb.md","relativeDir":"posts","base":"20260409-what-autistic-spectrum-actually-means-4djb.md","name":"20260409-what-autistic-spectrum-actually-means-4djb","frontmatter":{"title":"What \"autistic spectrum\" actually means","template":"post","date":"2026-04-09T16:48:00Z","excerpt":"What does \"autism spectrum\" actually mean? Most people picture a straight line from \"a little autistic\" to \"very autistic.\" Using the analogy of myopia vs. color blindness, this post explains why autism is a horizontal spectrum of different neurological configurations, not a vertical scale from normal to severe, and why that distinction changes what support actually looks like.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F45l6ba29yzghv6mrkysx.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F45l6ba29yzghv6mrkysx.png","canonical_url":"https://dev.to/raphink/what-autistic-spectrum-actually-means-4djb","devto_url":"https://dev.to/raphink/what-autistic-spectrum-actually-means-4djb"},"html":"Last week, I wrote about the difference between a psychological trait and a neurological one, and why autism sits firmly in the second category. This week I want to address something that makes that distinction harder to see: a widespread misconception about what \"spectrum\" means in the context of autism.
\nMost people hear \"autism spectrum\" and picture a line. At one end, severe autism. At the other, neurotypical. Somewhere in the middle, people like me: a little autistic, but mostly fine. The spectrum as a gradient, a dial you can turn up or down.
\nThat's not what it means. Here's an analogy that I find clarifying, using vision 👓.
\nMost people have some degree of myopia. It's very common, it exists on a continuous scale, and crucially, it's fixable. Glasses, contact lenses, laser surgery. You correct the optics, the problem goes away. Myopia is a vertical spectrum: more or less of the same thing, with a clear correction available.
\nColor blindness works differently. It's not that color blind people see less color than everyone else, instead they process color through a different configuration of receptors. There's no dial connecting their vision to standard vision. It's a horizontal spectrum: many different ways of being color blind, each with its own profile, none of them simply \"less\" than normal. And critically, you can't correct it. You can't give someone new cone receptors. What you can do is design the world differently: accessible interfaces, patterns alongside colors, signage that doesn't rely on red-green distinction alone.
\nAutism is more like color blindness than myopia.
\nThe spectrum in autism isn't a scale from \"a bit autistic\" to \"very autistic\" with neurotypical at zero. It's a range of different neurological profiles, all sharing the same underlying difference in how the brain processes certain things — social signals, sensory input, pattern and context — but expressing that difference in very different ways. Some people are overwhelmed by noise; others seek it. Some struggle with eye contact; others make too much. Some have significant language delays; others are relentlessly verbal. Same underlying configuration, very different presentations.
\nAnd like color blindness, it's not correctable — only compensable. You can learn strategies, build workarounds, train yourself to recognize patterns you don't process automatically. Many of us do, invisibly, for years. But you're not fixing the wiring. You're working around it.
\nAutism asks for the same shift as color blindness. Not \"how do we correct this person\" but \"how do we design interactions, workplaces, and social environments that don't rely exclusively on automatic social processing that not everyone has.\"
\nThat's not a lowering of standards. It's a more accurate picture of human variation.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-07.
"},{"url":"/posts/20260410-more-autism-in-it-22l9/","relativePath":"posts/20260410-more-autism-in-it-22l9.md","relativeDir":"posts","base":"20260410-more-autism-in-it-22l9.md","name":"20260410-more-autism-in-it-22l9","frontmatter":{"title":"More autism in IT?","template":"post","date":"2026-04-10T07:34:00Z","excerpt":"Why are there so many autistic people in IT? Or does it just look that way? This post explores the genetics of autism, why certain cognitive profiles cluster in technical fields, and the personal story behind one late diagnosis. Spoiler: the people were always there. The name just arrived later.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0o6jcb3psm8irpexv9n2.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0o6jcb3psm8irpexv9n2.png","canonical_url":"https://dev.to/raphink/more-autism-in-it-22l9","devto_url":"https://dev.to/raphink/more-autism-in-it-22l9"},"html":"This is the fifth post in a series for autism awareness month.
\nThree years ago, I created a channel called #autism on my company's Slack. I wasn't sure what to expect. On the first day, about 20 people joined, roughly one in six of the company at the time. Four personal testimonies came in within hours. Dozens more wanted to understand better. I later renamed it #neurodiversity to be more encompassing.
That wasn't a trend. That was a room full of people who had been waiting for the door to open.\nSo: is there more autism in IT? Or does IT just make it easier to be autistic?\nProbably both, and they're not contradictory.
\nMy wife worked for years as a psychologist with autistic children. Shortly after our second child was born, she started noticing patterns in him that she recognized professionally. It took ten years to get a formal diagnosis. When the psychiatrist finally explained why our son was on the spectrum, I remember thinking: he's describing me.
\nThat's not an unusual story. Autism has a well-documented genetic component. Autistic people are more likely to have autistic children, and certain fields, IT among them, have been quietly concentrating people with this neurological profile for decades. Long before most of them had a name for it.
\nThe cognitive traits that make social navigation harder — needing explicit structure, struggling with unspoken rules, finding small talk costly — are often the same traits that make technical work easier. Pattern recognition, deep focus on narrow problems, a preference for systems that behave predictably, a low tolerance for ambiguity that, in code, is actually a feature.
\nIT didn't create more autistic people. It created conditions where autistic people could function, contribute, and sometimes thrive — without anyone necessarily noticing why. The diagnosis rates are rising because awareness is rising, not because something new is happening.
\nNext Monday, I'll post about sensory overload and autistic burnout.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-10.
"},{"url":"/posts/20260413-when-the-sensory-threshold-moves-111p/","relativePath":"posts/20260413-when-the-sensory-threshold-moves-111p.md","relativeDir":"posts","base":"20260413-when-the-sensory-threshold-moves-111p.md","name":"20260413-when-the-sensory-threshold-moves-111p","frontmatter":{"title":"When the sensory threshold moves","template":"post","date":"2026-04-13T07:53:00Z","excerpt":"The sensory threshold in autism isn't fixed. It can move from one minute to the next — the same sound, the same touch, fine one moment and unbearable the next. This post explains why through a dinner table scene that will be familiar to many autistic people and their families, and connects it to autistic burnout: what it is, and why it often hits hardest in people who seemed fine for decades.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9luskj7j9jjb3tkunsjx.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9luskj7j9jjb3tkunsjx.png","canonical_url":"https://dev.to/raphink/when-the-sensory-threshold-moves-111p","devto_url":"https://dev.to/raphink/when-the-sensory-threshold-moves-111p"},"html":"This is the sixth post in my autism awareness month series. The previous ones tried to explain mechanisms. This one is harder to write, because it's about a typical evening at the dinner table.
\nA reader commented on post 3 that the color blindness analogy has a limit: color blindness doesn't fluctuate with how you're feeling or what's happening around you. She's right, and autism does.
\nThe sensory threshold isn't fixed. It doesn't move day to day. It can move minute to minute. The same sound that was fine an hour ago becomes unbearable. The same touch from the same person that felt fine yesterday is suddenly intolerable. Not because something changed externally, but because the internal load crossed a line that isn't visible from the outside.
\nHere's what that looks like in practice. I'm at dinner with my family. A normal dinner, with normal quiet conversations between two adults and four children. At some point the noise becomes too much: multiple conversations, overlapping voices, a specific pitch. I ask everyone to speak a bit lower, or one at a time. They try to help: they start whispering. This actually makes it worse, because whispering is a different frequency problem, not a volume problem. So I ask again, more precisely this time. Now I'm the one enforcing rules on everyone for what looks like no good reason. I don't want to leave, as I'm genuinely interested in what's happening, and leaving would be rude. So I stay. And eventually I reach a point where I simply can't continue, and I leave the table, not dramatically, but not quietly either, because by that point I've already absorbed more than the system can handle.
\nFrom the outside it looks like an overreaction to nothing. There's no visibly valid reason for me to be upset about the situation. The buildup was invisible.
\nThe coping strategies most of us have learned — don't leave abruptly, stay engaged, don't make others uncomfortable — are exactly the ones that prevent the only real regulation option available in the moment. The polite thing and the functional thing are in direct conflict. And we've been trained, often the hard way, to choose polite.
\nOver time, extended periods of this produce what's called autistic burnout. Not laziness, not mood. A system that has been running above capacity for too long and needs to shut down. For many highly functional autistic people, it often kicks in their 40s, after decades of invisibly costly adjustment.
\nWhich raises a question: why does the same sound feel fine one moment and unbearable the next? That's what the next post is about.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-10.
"},{"url":"/posts/20260417-tasks-that-dont-make-sense-26k3/","relativePath":"posts/20260417-tasks-that-dont-make-sense-26k3.md","relativeDir":"posts","base":"20260417-tasks-that-dont-make-sense-26k3.md","name":"20260417-tasks-that-dont-make-sense-26k3","frontmatter":{"title":"Tasks that don't make sense","template":"post","date":"2026-04-17T08:15:00Z","excerpt":"Some tasks are hard. Some are boring. Some are just tasks you don't feel like doing. And then there are tasks that the brain simply refuses — not out of reluctance, but because the purpose doesn't compute. This post explores the neurological mechanism behind that block, why pushing harder makes it worse, and why the person looking back at you with a calm smile while you wait for them to comply isn't being difficult — their brain has already decided.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6dnprgksyeudjwc97jhl.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6dnprgksyeudjwc97jhl.png","canonical_url":"https://dev.to/raphink/tasks-that-dont-make-sense-26k3","devto_url":"https://dev.to/raphink/tasks-that-dont-make-sense-26k3"},"html":"This is the eighth post in my autism awareness month series.
\nThere's a pattern many autistic people recognize but rarely name: the inability to perform tasks that don't make sense. Not tasks that are hard, or unpleasant, or boring, but tasks whose purpose doesn't compute.
\nThis is different from procrastination. Procrastination is knowing you should do something and not doing it. What happens here is closer to a blank: the brain doesn't engage because it hasn't received a valid reason to.
\nI studied medicine for two years. My friends would put in ten-hour study days without question, and I couldn't get myself to do the same, not because I was exhausted or distracted, but because the task simply wouldn't engage. When I asked one of them why she worked so hard, she said: because my parents want me to be a doctor. There was no way my brain would let my body work that hard for that reason. It wasn't laziness, I can work intensely when things make sense. The engine just wouldn't start for this.
\nThe same pattern shows up anywhere social pressure substitutes for genuine reason: everyone else is doing it, you have no choice. Those don't satisfy the brain's actual question: what is the purpose of this, in terms I can evaluate?
\nWhen that answer isn't there, the block isn't reluctance or stubbornness, it's closer to turning the key in a car with no engine. The action is available, the result isn't. What pushing harder produces is something between frustration and despair: the feeling of wanting to move, making the effort, and finding that nothing responds. The will is there. The compliance isn't available. From the outside it looks exactly like not trying.
\nAnd what the observer sees often makes things worse. The autistic person may just look at you and smile, while you wait for them to do something they know they have to do and simply won't. The smile isn't defiance, it's the combined result of two absent automatic systems: the spontaneous facial mimicry that would normally adjust your expression to match the gravity of the situation, and the conscious control over that expression, which isn't available because the brain is already occupied with the block itself.
\nThere's a strength in this though. The same trait that makes arbitrary tasks impossible makes unnecessary complexity visible. The person who keeps asking \"why are we doing this?\" in a process review is often the one who finds the actual bottleneck.
\nThat smile I mentioned above, and what it looks like when authority meets a brain that doesn't have a submission reflex, will be the topic of the next post.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-17.
"},{"url":"/posts/20260415-the-filter-that-isnt-running-5d6d/","relativePath":"posts/20260415-the-filter-that-isnt-running-5d6d.md","relativeDir":"posts","base":"20260415-the-filter-that-isnt-running-5d6d.md","name":"20260415-the-filter-that-isnt-running-5d6d","frontmatter":{"title":"The filter that isn't running","template":"post","date":"2026-04-15T06:30:00Z","excerpt":"The autistic brain doesn't filter out irrelevant sensory input. Everything arrives at full processing weight, not louder, just unfiltered. This post explains the mechanism, why common fixes don't work, and why the problem isn't at the ear at all.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjawpgmw2jgcknfmdjyeo.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjawpgmw2jgcknfmdjyeo.png","canonical_url":"https://dev.to/raphink/the-filter-that-isnt-running-5d6d","devto_url":"https://dev.to/raphink/the-filter-that-isnt-running-5d6d"},"html":"This is the seventh post in my autism awareness month series.
\nLast week, in a shop, the music felt loud. It wasn't painful to my ears at all. But it felt like a violation of my mind, occupying space I needed for thinking. I couldn't form a coherent thought. Part of me wanted to scream for it to stop. Instead I chose to step outside.
\nThat's not a metaphor. That's what happened.
\nHere's why. Neurotypical auditory processing includes an automatic attention filter, the brain selects what to process and suppresses the rest. It's why you can follow one conversation in a noisy room, why background music stays in the background. The cocktail party effect. The filter runs without effort or awareness.
\nThe autistic brain doesn't apply this filter the same way. Everything comes in at full processing weight. Not louder, just unfiltered. My wife could sit in the same shop and simply not notice the music after a few minutes. Not because she was trying to ignore it. Because her brain filed it as background and moved on. Mine didn't.
\nThis is why \"just ignore it\" doesn't work as advice. You can't consciously override a central processing response. The sensation isn't at the ear, it's downstream, in what the brain does with the signal. Earplugs help with some sounds but not others, because the problem isn't always volume. Loop earplugs, which I've tried, turned the music into a muffled ASMR mess, a different problem, not a solution.
\nThe whispering from the previous post fits here too. When I asked my family to speak more quietly, they whispered. That made it worse, because whispering is harder to pay attention to, not easier. The problem wasn't loudness, it was simultaneous signals at full weight, and whispering added effort on top of the load.
\nAnd it's not just sound. The same mechanism applies to any sensory input: touch, light, heat, and less obviously, physical discomfort from hunger, illness, or food sensitivities. My son finds heat the most unbearable. Not because his body overheats differently, but because the thermal signal competes for processing at the same weight as everything else. Once, as a child, he was outside upset because he was hot. My wife told him to get out of the sun. He kept saying he was hot. Moving wouldn't have helped immediately, the signal was already inside, already being processed. The brain doesn't flush on command.
\nThe same logic applies to diet. Removing dairy helped my son noticeably, not because dairy causes autism, but because a food sensitivity generates internal signals that an unfiltered system has to process. Managing unnecessary inputs is load management, removing them helps with sensory overload. The wiring stays the same. You're just giving it less to handle.
\nNext: when the brain won't comply.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-15.
"},{"url":"/posts/20260420-when-authority-doesnt-compute-4bi7/","relativePath":"posts/20260420-when-authority-doesnt-compute-4bi7.md","relativeDir":"posts","base":"20260420-when-authority-doesnt-compute-4bi7.md","name":"20260420-when-authority-doesnt-compute-4bi7","frontmatter":{"title":"When authority doesn't compute","template":"post","date":"2026-04-20T06:50:00Z","excerpt":"Most people learn early that you don't look an adult in the eyes when you're being told off. For many autistic people, that reflex simply never installed. This post explores why — and what happens to the emotional cost of all that defiance that wasn't actually defiance at all.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyofsva8h0y5t7p9t2cm0.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyofsva8h0y5t7p9t2cm0.png","canonical_url":"https://dev.to/raphink/when-authority-doesnt-compute-4bi7","devto_url":"https://dev.to/raphink/when-authority-doesnt-compute-4bi7"},"html":"This is the ninth post in my autism awareness month series.
\nIn the previous post, I described the autistic person who looks at you and smiles while you wait for them to comply with something they know they have to do and simply won't. Part of what produces that smile is the absence of spontaneous facial mimicry. But there's something else behind it: the submission reflex that isn't there.
\nFor most people, deference to authority is not primarily a conscious decision. It's a conditioned reflex: the body responds before the mind deliberates. Lowered gaze, softened posture, adjusted tone. These happen automatically, as a result of social conditioning that accumulates from early childhood.
\nThe autistic brain doesn't register this reflex. Not because the social training wasn't there — it often was, extensively. But no amount of training installs a reflex the nervous system doesn't have a slot for. What training produces instead is anxiety: the awareness of doing it wrong, knowing consequences are coming, but no access to the expected behavior. The performance isn't available, only the awareness of its absence is.
\nThis is why \"just learn to respect authority\" doesn't work as an instruction. The target behavior isn't a choice being withheld — it's a reflex that isn't firing. Authority without reason doesn't register as authority. It registers as an unsupported assertion, and connects directly to the previous post: the brain that won't perform a task without a valid reason also won't defer to a person without one. Same mechanism, different domain.
\nThere is an emotional cost associated to this, though it surfaces later rather than in the moment. During a high-load confrontation, the autistic brain is fully occupied processing the external situation. Emotional processing gets deferred. When it finally surfaces — sometimes hours later — it attaches to whatever small thing is happening then. A minor frustration, something completely trivial. The reaction looks disproportionate — such as tears or rage. The connection to the original cause is invisible to everyone watching because of the delay.
\nThis pattern is particularly visible in children. Most high functioning autistic adults learn over time to defer emotional processing to private moments, but the cost is still there. In undiagnosed adults, these accumulated costs are frequently misread as depression or anxiety, and sometimes treated as such, with interventions that can inadvertently make things worse.
\nUnderstanding the underlying mechanism changes what help actually looks like. I'll cover that more fully in the last post of this series. In the meantime, if any of this resonates, feel free to DM me.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-20.
"},{"url":"/posts/20260421-building-mcp-servers-for-genealogy-ai-powered-historical-research-261p/","relativePath":"posts/20260421-building-mcp-servers-for-genealogy-ai-powered-historical-research-261p.md","relativeDir":"posts","base":"20260421-building-mcp-servers-for-genealogy-ai-powered-historical-research-261p.md","name":"20260421-building-mcp-servers-for-genealogy-ai-powered-historical-research-261p","frontmatter":{"title":"Building MCP Servers for Genealogy: AI-Powered Historical Research","template":"post","date":"2026-04-21T16:58:46Z","excerpt":"Using Claude & MCP servers to enhance genealogy research.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ch2earn53443pwxiifw.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ch2earn53443pwxiifw.png","canonical_url":"https://dev.to/raphink/building-mcp-servers-for-genealogy-ai-powered-historical-research-261p","devto_url":"https://dev.to/raphink/building-mcp-servers-for-genealogy-ai-powered-historical-research-261p"},"html":"For years now, I’ve been writing a book tracing four family branches across Europe, the Middle East, and South Africa. One thread follows Louis Rau, my 3rd great-uncle, who was president of Compagnie Continentale Edison (CCE) in the early 1900s. He was an Edison Pioneer, part of the inner circle that brought Edison's electrical systems to Europe.
\nLast year, I found that Thomas Edison's papers were digitized at Rutgers University. So I navigated to edisondigital.rutgers.edu, typed \"Louis Rau\" into the search box, and hit enter, and 847 results were returned.
\nSomewhere in those 847 documents was the correspondence that would explain Louis Rau's business relationship with Élie Moïse Léon, co-founder of CCE. Somewhere were the letters that traced his movements between Paris and Geneva. Somewhere were the details of CCE's electrical installations across Europe.
\nBut I'd have to click through them one by one, read the snippets, open promising documents, cross-reference dates, take notes, come back later and forget which ones I'd already checked…
\nA few weeks ago, I started feeding genealogy documents to Claude AI, but that was still pretty tedious, and I kept hitting image upload limits in conversations. And then it clicked: why not build an MCP server, so Claude could perform the search directly?
\nThat question became three MCP servers, a transformed research workflow, and a fundamentally different relationship with historical archives.
\nThe Edison Papers has an API. I didn't know that initially — I just knew they had a website with a search box. But a quick look at the network tab showed clean REST endpoints returning JSON.
\nI opened Claude Code and asked it to build an MCP server that wrapped the Edison Papers API. A few hours of iteration later, I had:
\nedison_search: Query with field-level precision (creator:\"Rau, Louis\", recipient:\"Léon, Élie\")edison_get_document: Retrieve full metadata and transcriptionsedison_browse_series: Navigate document collections systematicallyedison_get_images: Access high-resolution scanshttps://github.com/raphink/edison-archive-mcp
\nNow instead of clicking through 847 results, I could ask Claude:
\n\n\n\"Find correspondence where Louis Rau is the creator, dated 1892-1895, mentioning electrical installations or Paris operations.\"
\n
And Claude would orchestrate the full research pipeline:
\nWhat would have taken hours of manual clicking, note-taking, and cross-referencing now happens in one conversation.
\nThis was immediately useful. But it surfaced a new problem: where do all these findings go?
\nI was already using Notion to organize my research: person profiles, document summaries, research questions. And Claude already had an MCP for Notion.
\nSo now when I asked:
\n\n\n\"Search Edison Papers for Louis Rau correspondence from 1892-1895, create a Notion page summarizing the findings, and link it to Louis Rau's profile.\"
\n
Claude would:
\nThis was amazing. Structured knowledge, automatically organized, all in one conversation.
\nBut then Claude started hallucinating.
\nClaude would find documents mentioning for example Samuel Léon and Élie Léon, and confidently conclude that they that Samuel was Élie's nephew, completely making it up.
\nOr it would claim someone was born in 1847 when they were actually born in 1867. Dates off by decades. Family relationships invented wholesale.
\nThe problem: Claude had access to documents (via Edison Papers MCP) and research notes (via Notion MCP), but not the actual genealogy data. It was inferring family structure from fragmentary mentions in letters and my incomplete notes.
\nI needed to give Claude access to the tree itself, the actual source of truth about who's related to whom and when they lived.
\nMy family tree lives in Geni — a collaborative genealogy platform to build a unique World family tree. Geni has an API, but OAuth kept failing when I tried it and I wanted something working now.
\nSo I took a shortcut. From time to time, I export data from Geni to GEDCOM (the genealogy standard format), with about 25000 individuals in my export. I used airy10's GEDCOM MCP to make it queryable locally.
\nhttps://github.com/airy10/GedcomMCP
\nThis worked! Now Claude could:
\nNo more hallucinated family connections. The GEDCOM became a hypothesis database, and claims in documents could be verified against known family structure.
\n\n\nWhy Geni as my main database?
\nI use Geni instead of maintaining a private tree because genealogy is collaborative research. Multiple people contribute information, sources get peer-reviewed, duplicates get merged. A tree on Geni is a shared knowledge base, not siloed private data that might be duplicated (and wrong) across dozens of individual researchers' files.
\n
But the GEDCOM approach had limitations:
\nI needed the real API.
\nSo I went back to the Geni API. A few more hours of iteration with Claude Code, and I had:
\nhttps://github.com/raphink/geni-mcp
\nNow I could ask mid-conversation: \"Is Samuel Léon related to Élie Moïse Léon?\" and get the relationship path instantly, whether I was in Claude Desktop or claude.ai.
\nThe tree became queryable context accessible anywhere, not just on my local machine with an up-to-date GEDCOM file.
\nWith Edison Papers and Geni working, I could trace business connections and verify family relationships. But I was still missing contemporary context: how did the public see these people? What did newspapers say about CCE's operations? Were there announcements, obituaries, social mentions?
\nHistorical newspapers are digitized across dozens of national archives. Each has its own interface. Searching them all manually meant opening multiple websites, running the same query in different systems, downloading results individually.
\nSo I built a newspapers MCP that:
\nhttps://github.com/raphink/newspapers-mcp
\nHere’s a real example:
\nI asked Claude to search for \"Joseph Dreyfus grain Paris 1895\" (a grain merchant in the family who had a financial collapse). The MCP found the concordataire liquidation announcement in French commercial journals. That single search led to discovering a 90-page Archives de Paris dossier (D14U³/89) I'm still analyzing.
\nOne search. Ten minutes. What would have been days of archive website navigation.
\nHere's a recent example showing how the MCPs orchestrate together:
\nI asked Claude to search for Solomon Rau's activity in Munich newspapers. The newspapers MCP returned various results, including this advertisement:
\n![\"DDSG](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3ch2earn53443pwxiifw.png\")
This ad showed Solomon Rau advertising the reimbursement of DDSG (Danube Steam Shipping Company) stock — a discovery that:
\nClaude then cross-referenced this against the Geni tree to verify Solomon's identity and relationships, and documented the finding in Notion with the newspaper snippet as a source.
\nIt then correlated it to the DDSG stock that Adolphe Grünberg, Solomon’s son-in-law, had in his post-mortem inventory the next year in 1878, and added another note there.
\nHave you built AI integration for research yourself? What were your best findings?
"},{"url":"/posts/20260422-autism-and-the-genius-effect-k86/","relativePath":"posts/20260422-autism-and-the-genius-effect-k86.md","relativeDir":"posts","base":"20260422-autism-and-the-genius-effect-k86.md","name":"20260422-autism-and-the-genius-effect-k86","frontmatter":{"title":"Autism and the \"genius\" effect","template":"post","date":"2026-04-22T06:25:00Z","excerpt":"Rain Man or Sheldon Cooper — those are the two faces of autism most people know. But the vast middle is invisible, largely because it masks. This post explores the three dimensions you need to understand autism properly, why the \"genius\" stereotype is largely a visibility problem, and what actually happens when high IQ meets an insatiable information-gathering drive. Spoiler: it's a double-edged sword.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjlnse5zq7micyvbiakdc.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjlnse5zq7micyvbiakdc.png","canonical_url":"https://dev.to/raphink/autism-and-the-genius-effect-k86","devto_url":"https://dev.to/raphink/autism-and-the-genius-effect-k86"},"html":"This is the tenth post in my autism awareness month series.
\nWhen people think of autism, they often think of Rain Man or Sheldon Cooper. On one end, the severely affected person who needs full-time care. On the other, the socially awkward genius whose extraordinary abilities more than compensate. When I tell friends I am on the spectrum, I often hear: \"But you don't look autistic.\"
\nNeither stereotype is wrong exactly. Both exist, but neither is representative. The vast middle is invisible, largely because it masks.
\nBefore we go further, let's clarify on terminology. \"Asperger's syndrome\" is no longer a clinical diagnosis: it was folded into the single autism spectrum disorder classification in 2013. It was often used as shorthand for \"high-functioning autistic,\" which is itself problematic, because functioning labels measure visibility of difficulty, not actual experience. The DSM-5 support levels measure required support, not intelligence, not severity of internal experience. A level 1 autistic person isn't mildly autistic. They're autistic in a way that currently requires less visible support, often because they've learned to compensate. That compensation has a cost that isn't measured.
\nNow, to address the genius question.
\nHigh IQ and autism are independent variables. Autism doesn't cause exceptional intelligence, and most autistic people don't have exceptional IQ. What is true though is that high-IQ autistic people are disproportionately visible: they function in professional environments, get diagnosed later, and are the face of autism in public discourse. The genius stereotype is largely a visibility problem.
\nWhat autism contributes, independently of IQ, is the constant information-gathering drive that I described two weeks ago in my fourth post. That drive never reaches a point of satisfaction. High IQ adds processing power to that endless process, producing denser cross-domain connections and stronger pattern recognition as a byproduct. The IQ doesn't change the drive. It simply amplifies the output.
\nBut don't be fooled, this is a double-edged sword! The same wiring that produces unusual thinking also produces the exhaustion, the sensory overload, and the social friction described throughout this series. There is no version that keeps the upside and removes the cost. The consequences are real. But they're located in the mismatch between the wiring and the environment, not in a malfunction. And so the autistic people who seem the better socially adapted (through intellectual masking adjustments) are usually the ones experiencing the most anxiety as a result, and most likely to experience a burnout in their 30s or 40s.
\nIn short: autism is not a cause of genius, but it can work as an amplifier for high throughput brains.
\nNext: on maintaining friendships, and what gets misread as manipulation.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-22.
"},{"url":"/posts/20260424-maintaining-friendships-on-the-spectrum-42lc/","relativePath":"posts/20260424-maintaining-friendships-on-the-spectrum-42lc.md","relativeDir":"posts","base":"20260424-maintaining-friendships-on-the-spectrum-42lc.md","name":"20260424-maintaining-friendships-on-the-spectrum-42lc","frontmatter":{"title":"Maintaining friendships on the spectrum","template":"post","date":"2026-04-24T07:10:00Z","excerpt":"My wife tells me I have friends. She's probably right. But I don't feel like I do — not in the way the cultural template describes. This post explores why maintaining friendships is harder than making them, what gets misread as manipulation, and the unexpected flip side of a system that doesn't store emotional weight.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4ac2ylsgvz666e3r99it.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4ac2ylsgvz666e3r99it.png","canonical_url":"https://dev.to/raphink/maintaining-friendships-on-the-spectrum-42lc","devto_url":"https://dev.to/raphink/maintaining-friendships-on-the-spectrum-42lc"},"html":"This is the eleventh post in my autism awareness month series.
\nMy wife tells me I have friends. She's probably right. But I don't feel like I do — not in the way the cultural template describes. The deep reciprocal bond, the person you call when something happens, the relationship that persists without a reason to persist. That version of friendship feels mostly out of reach, and I've spent a long time wondering why.
\nThe answer isn't that I can't connect with people. I can, and often do, sometimes intensely. The issue is maintenance.
\nMost people have something like a social maintenance reflex: an impulse that fires unprompted, that makes you think of someone and reach out, that keeps a connection warm between meetings. I don't have that reliably. Not because I don't care, but because the impulse simply doesn't fire. The friendship is real when the context is there: a shared project, a recurring situation, a work relationship with natural touchpoints. When the context goes, the connection quietly fades. Not from indifference. From the absence of the trigger.
\nThis produces a pattern that can look, from the outside, like something it isn't. The person who engages intensely when you're in the same context, then goes quiet when you're not. The person who seems fine, then suddenly withdraws. The person who doesn't follow up after a conflict — not because they're stonewalling, but because internally the matter felt resolved, and the follow-up impulse never came. These can get read as manipulation, as using people, as not really caring. None of them are.
\nThere's a flip side worth naming. The same system that doesn't store the emotional weight of a friendship also doesn't store the emotional weight of a conflict. Grudges don't accumulate. Wounds don't fester. When the context returns, the connection picks up with a freshness that can feel surprising to the other person — and genuine, because it is.
\nAnd when the structure is there — a shared purpose, a recurring reason to engage — the intensity and loyalty that show up are real. It's not that the caring isn't there. It's that it needs something to hang on.
\nNext post: on autism as a catalyst
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-24.
"},{"url":"/posts/20260427-autism-as-a-catalyst-322e/","relativePath":"posts/20260427-autism-as-a-catalyst-322e.md","relativeDir":"posts","base":"20260427-autism-as-a-catalyst-322e.md","name":"20260427-autism-as-a-catalyst-322e","frontmatter":{"title":"Autism as a catalyst","template":"post","date":"2026-04-27T07:00:00Z","excerpt":"Autism hardly create effects directly: it amplifies whatever is already present, in both directions. The same wiring that produces unusual pattern recognition also produces sensory overload. The genius effect and the burnout are not opposites; they're the same amplifier applied to different inputs. This post synthesizes the series and names the mechanism running through all of it.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcudzh77ojwa9sxqgy40k.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcudzh77ojwa9sxqgy40k.png","canonical_url":"https://dev.to/raphink/autism-as-a-catalyst-322e","devto_url":"https://dev.to/raphink/autism-as-a-catalyst-322e"},"html":"This is the twelfth post in my autism awareness month series.
\nOver the past few weeks, I've described a lot of different things: a brain that gathers information constantly, a sensory system that doesn't filter, tasks that won't start without a valid reason, authority that doesn't register, friendships that fade without a maintenance impulse. These aren't separate quirks, they're expressions of the same underlying configuration.
\nOne way to understand that configuration is through what I'd call the catalyst effect.
\nAutism hardly create effects directly. It amplifies whatever is already present, in both directions. High IQ combined with the constant information-gathering drive produces unusual pattern recognition and cross-domain connections. A food sensitivity combined with a sensory system that doesn't suppress signals produces amplified disruption. A structured environment with clear purpose combined with deep focus and low tolerance for ambiguity produces unusual loyalty and output. The same wiring in different conditions produces different amplified results.
\nThis is why autism resists simple characterization. The genius stereotype and the burnout are not opposites, they're actually the same amplifier applied to different inputs. The person who seems to thrive and the person who is struggling may be running nearly identical hardware. What differs is the load, the environment, and how well the conditions match what the system actually needs.
\nIt also means the costs and the strengths are inseparable. There is no version of the wiring that keeps the pattern recognition and removes the sensory overload. No version that keeps the deep focus and removes the demand avoidance. The gain is turned up on everything, both the useful and the costly alike.
\nIs autism a defect? A defect is a variation with negative consequences. The consequences here are real. But they're located in the mismatch between the wiring and the environment, not in a malfunction. The same configuration that generates friction in one context generates exceptional output in another. The question worth asking isn't how to fix the wiring, but rather how to design conditions where it can actually function.
\nIn the next post, I'll explore one of the most invisible struggles in autism: what happens when 'I don't know' doesn't mean what people think it means.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-27.
"},{"url":"/posts/20260428-i-dont-know-the-invisible-crisis-3383/","relativePath":"posts/20260428-i-dont-know-the-invisible-crisis-3383.md","relativeDir":"posts","base":"20260428-i-dont-know-the-invisible-crisis-3383.md","name":"20260428-i-dont-know-the-invisible-crisis-3383","frontmatter":{"title":"'I don't know' — The invisible crisis","template":"post","date":"2026-04-28T09:25:00Z","excerpt":"When 'I don't know' means the ground you're being told to step on doesn't exist","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F23he0dl88a6t5s1x5ds5.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F23he0dl88a6t5s1x5ds5.png","canonical_url":"https://dev.to/raphink/i-dont-know-the-invisible-crisis-3383","devto_url":"https://dev.to/raphink/i-dont-know-the-invisible-crisis-3383"},"html":"This is the thirteenth post in my autism awareness month series.
\nWhen someone asks me what I want to eat, or which color I prefer, or what I should work on next, something happens at times that's hard to describe to people who don't experience it.
\nFrom the outside, my response might look like indifference. I might say \"I don't know\" and smile quietly. To the person asking, this can read as not caring, not being engaged, not valuing their question or the interaction.
\nBut inside, something very different is happening.
\nMost people think \"I don't know\" just needs an answer, any answer. But to the autistic brain, the question creates a demand for the right answer, and there might not be enough data to determine what that is.
\nIt's not psychological anxiety. I'm not worried about choosing wrong or disappointing someone. It's more fundamental than that. The question creates a void, an abyss with no foothold. Imagine someone climbing a wall, and another person telling them to put their foot in a hole that should be right there — but the climber cannot see or feel that hole anywhere. It's not that they're afraid to step. The ground they're being told to step on simply doesn't exist for them.
\n\"What do you want to eat?\" sounds like a simple preference question. But my processing system receives it as: given all parameters — nutritional needs, energy levels, what I last ate, what's available, time constraints, current sensory state — what is the optimal answer? If those parameters aren't fully specified, or if I can't access my internal state clearly enough to know what my body needs, the equation can't be solved. There's no answer to give because the question, as received, is computationally incomplete.
\nAnd here's where the social trap closes: while experiencing this groundlessness, this inability to locate the answer, I also don't know how to adapt my social behavior to signal what's happening. I might smile (a learned safe default) or keep a blank face (because I have no spare processing capacity for managing expressions while searching for ground that isn't there).
\nThis gets interpreted as exactly the opposite of what's happening. The person asking sees indifference. But the \"I don't know\" isn't about not caring. It might signal the opposite — needing the right answer rather than just any answer, needing sufficient information rather than being able to approximate casually.
\nThe person asking has no idea their simple question created this effect. They think they asked for a preference and got apathy in return.
\nThis is part of why the \"you can't know what you don't know\" principle matters so much. Until I understood that for neurotypical people, \"I don't know what I want to eat\" often just means \"I have no strong preference,\" I didn't realize my processing was different. I thought everyone experienced that demand for the right answer. This will be the topic of the last post tomorrow.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-28.
"},{"url":"/posts/20260424-testing-gcp-cloud-functions-locally-with-docker-compose-and-summon-4p2i/","relativePath":"posts/20260424-testing-gcp-cloud-functions-locally-with-docker-compose-and-summon-4p2i.md","relativeDir":"posts","base":"20260424-testing-gcp-cloud-functions-locally-with-docker-compose-and-summon-4p2i.md","name":"20260424-testing-gcp-cloud-functions-locally-with-docker-compose-and-summon-4p2i","frontmatter":{"title":"Testing GCP Cloud Functions Locally with Docker Compose and Summon","template":"post","date":"2026-04-24T09:38:50Z","excerpt":"Testing GCP Cloud Functions locally can be tricky. This setup uses Docker and Summon to easily run them with cloud secrets.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftcl6nq9y51kkg0mac08i.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftcl6nq9y51kkg0mac08i.png","canonical_url":"https://dev.to/raphink/testing-gcp-cloud-functions-locally-with-docker-compose-and-summon-4p2i","devto_url":"https://dev.to/raphink/testing-gcp-cloud-functions-locally-with-docker-compose-and-summon-4p2i"},"html":"I use GCP Cloud Functions quite a bit, but testing them locally can be challenging.
\nHere's how I do it.
\nThe first step is to build one container per function. I use Docker for this, with two steps.
\nMy functions are written in Go, so I add a cmd/main.go to my codebase to run an HTTP server that calls the function logic:
package main\n\nimport (\n\t"log"\n\t"os"\n\n\t// Blank-import the function package so the init() runs\n\t_ "yourfunctionpackage"\n\n\t"github.com/GoogleCloudPlatform/functions-framework-go/funcframework"\n)\n\nfunc main() {\n\t// Use PORT environment variable, or default to 8080.\n\tport := "8080"\n\tif envPort := os.Getenv("PORT"); envPort != "" {\n\t\tport = envPort\n\t}\n\tif err := funcframework.Start(port); err != nil {\n\t\tlog.Fatalf("funcframework.Start: %v\\n", err)\n\t}\n}\n I then create a docker-compose.yaml file in my project to easily start and stop the stack, and expose the ports on my machine:
version: "3"\nservices:\n myfunction:\n build: .\n ports:\n - "8080:8080"\n environment:\n MY_API_KEY: ${MY_API_KEY}\n DB_PASSWORD: ${DB_PASSWORD}\n GOOGLE_APPLICATION_CREDENTIALS: "/root/.config/gcloud/application_default_credentials.json"\n FUNCTION_TARGET: MyFunction\n volumes:\n - "~/.config/gcloud:/root/.config/gcloud:ro"\n The next issue is secrets. My functions are configured to take secrets as environment variables so I can pass them from GCP Secret Manager.
\nBut locally? I could be tempted to do one of these:
\n.env file around (and hoping you didn't commit it)But all of these create drift between local and prod, as well as --and mainly-- a risk of leaking secrets.
\nFortunately, there's a cleaner way.
\nThree tools, working together:
\nThe result: summon docker compose up — and your containers get the same secrets they'd get in production, pulled live from Secret Manager.
Summon is a pluggable tool. You can provide your own script to map between your secret vault, the keys you want to pass, and the values you want to retrieve.
\nIn our case, the vault is GCP Secret Manager, and I want to retrieve secrets by passing the project name and secret name, so I have a plugin that looks like this:
\n#!/bin/bash\n# Install this file in /usr/local/lib/summon/gcloud\n\nread -r PROJECT SECRET VERSION <<<$@\n\ngcloud secrets versions access "$VERSION" --project="$PROJECT" --secret="$SECRET"\n Make this script executable and place it in the Summon library (typically /usr/local/lib/summon/), and you're ready for the next step!
secrets.ymlThis is the only file you maintain. It maps environment variable names to GCP secret paths:
\nMY_API_KEY: !var my-project my-api-key latest\nDB_PASSWORD: !var my-project db-password latest\n When called, Summon will read this file and resolve each !var entry by calling the configured secret provider we've just configured above.
Couple this with the Docker Compose file we wrote earlier, and all you need to do is:
\nsummon docker compose up\n That's it! Summon resolves the secrets, exports them into the environment, and Docker Compose inherits them. No .env file, no plaintext values on disk.
In production, your deploy script simply needs to map the same secret names as env vars using the --set-secrets flag:
gcloud functions deploy my-function \\\n --set-secrets MY_API_KEY=my-api-key:latest \\\n --set-secrets DB_PASSWORD=db-password:latest \\\n ...\n Just make sure the secrets are shared with the compute service account so it's allowed to access them when starting the functions.
"},{"url":"/posts/20260429-you-cant-know-what-you-dont-know-37ap/","relativePath":"posts/20260429-you-cant-know-what-you-dont-know-37ap.md","relativeDir":"posts","base":"20260429-you-cant-know-what-you-dont-know-37ap.md","name":"20260429-you-cant-know-what-you-dont-know-37ap","frontmatter":{"title":"You can't know what you don't know","template":"post","date":"2026-04-29T07:30:00Z","excerpt":"This series almost didn't happen. A comic strip, a colleague's question, and thirteen posts later: here's what masking actually is, why the right framework matters more than most people realise, and what to do if any of this sounded familiar. Includes a link to a free RAADS-R screening tool.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flchkputvkzu3wxg4lybf.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flchkputvkzu3wxg4lybf.png","canonical_url":"https://dev.to/raphink/you-cant-know-what-you-dont-know-37ap","devto_url":"https://dev.to/raphink/you-cant-know-what-you-dont-know-37ap"},"html":"This is the fourteenth and final post in my autism awareness month series.
\nThis series almost didn't happen. I shared a comic strip on April 2nd because it was autism awareness day. A colleague asked a question, I answered, and somehow that turned into thirteen posts.
\nThat's fitting, actually. The whole premise of the series is that you can't know what you don't know, and the series itself is proof of it. I didn't plan to spend a month writing about autism. I didn't know there was this much to say, or that this many people were waiting to hear it.
\nWhat you've been reading across these posts is what's called masking. Every post described a different aspect of it: the information-gathering that runs constantly, the sensory system that doesn't filter, the tasks that won't start without a valid reason, the submission reflex that isn't there, the friendships that fade without a maintenance impulse. None of it is a character flaw. All of it is compensation: conscious or unconscious strategies developed over a lifetime to navigate a world not designed for this wiring.
\nMasking has a cost. Extended periods of running above capacity produce what's called autistic burnout: not laziness, not a mood, a system that needs to shut down. In undiagnosed adults, that burnout is frequently misread as depression or anxiety, and treated as such. The problem: treatments designed for depression can make autistic burnout worse. The framework matters. And most people never get the right one, partly because the system doesn't make it easy — GPs often discourage diagnosis in adults, particularly those who are managing well from the outside.
\nBut managing well from the outside is exactly the profile most at risk. The higher the masking, the later the crisis, and the more accumulated cost when it arrives.
\nDiagnosis changes the framework. Not \"what is wrong with me psychologically\" but \"what does my nervous system actually need.\" That reframe changes what help looks like, which changes whether help actually helps. You don't need the diagnosis today. But at some point, the cost of running above capacity will come due. Having the right framework before that moment is the difference between understanding what's happening and spending years in the wrong treatment.
\nIf anything in this series resonated, the RAADS-R is a good starting point. It's a clinically validated screening tool — not a diagnosis, but a signal worth taking seriously.
\nI built a free tool at https://raphink.github.io/raads-r/ that walks you through it and generates an AI-enhanced report. It's free to use, though report generation has a cost on my end. Generate ahead if you can, and if it doesn't work, feel free to DM me.
\nhttps://github.com/raphink/raads-r
\nYou can't know what you don't know. But now you have a door.
\nThis is part of my April 2026 autism awareness month series. First published on LinkedIn on 2026-04-29.
"},{"url":"/posts/20260522-neurodiversity-and-the-two-layers-of-cognition-42dp/","relativePath":"posts/20260522-neurodiversity-and-the-two-layers-of-cognition-42dp.md","relativeDir":"posts","base":"20260522-neurodiversity-and-the-two-layers-of-cognition-42dp.md","name":"20260522-neurodiversity-and-the-two-layers-of-cognition-42dp","frontmatter":{"title":"Neurodiversity and the two layers of cognition","template":"post","date":"2026-05-22T10:46:47Z","excerpt":"What if the way you think and the output you produce are two completely separate things — and the gap between them has a cost? A post about internal process, expected output, and what autism adds to the picture.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1sbnva9jyujcu145d3s5.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1sbnva9jyujcu145d3s5.png","canonical_url":"https://dev.to/raphink/neurodiversity-and-the-two-layers-of-cognition-42dp","devto_url":"https://dev.to/raphink/neurodiversity-and-the-two-layers-of-cognition-42dp"},"html":"About twenty years ago, while studying Gestion Mentale, a pedagogy framework developed by French educator Antoine de la Garanderie, our group was asked to do a simple mental calculation. Something like 47+35. Then explain what happened in our heads.
\nThe results were staggering.
\nOne person talked to themselves through it. Another wrote the numbers on an imaginary blackboard, in their own handwriting. Someone else saw their primary school teacher's handwriting instead. One person had visual bars and immediate access to the result, with no intermediate steps they could describe. Ten people, ten different internal processes, one correct answer.
\nNobody had assumed everyone else did it the same way. But nobody had ever questioned it either, because there had never been a reason to ask.
\nThat exercise made something visible that is almost always invisible: the internal process and the expected output are two separate things, and they don't have to map onto each other in any particular way.\nI saw this confirmed during an internship with a Gestion Mentale practitioner working with a child struggling with long divisions. Over several sessions they had found a method that worked for the child, that he understood and could use reliably. Then the teacher called him to the board, he used his method, and she dismissed it. She hadn't taught it, she didn't recognize it, so as far as she was concerned it wasn't valid.
\nThe practitioner spent the next session reframing things. There are two layers, he told the child: how you perform a task, and what the world expects as output. Those are separate problems. Let's find a way to convert your method into the expected format.
\nI've recently been writing about autism, following my own diagnosis at 43. Autism adds a cost to this picture. When your internal process doesn't map naturally onto what the social world expects as output, there is a translation layer running constantly — reading faces, calibrating tone, tracking when to speak and when to stop. For most people this is automatic, effectively free. For an autistic person it runs consciously, alongside every interaction.
\nThe result looks the same. The cost doesn't show. Which is why late diagnosis is so common: the output passes inspection, so nobody looks at the process.
\nHappy to hear how this lands — particularly from those of you who recognize the translation cost from your own experience, whether or not you have a diagnosis.
"},{"url":"/posts/20260525-sharing-is-caring-1bif/","relativePath":"posts/20260525-sharing-is-caring-1bif.md","relativeDir":"posts","base":"20260525-sharing-is-caring-1bif.md","name":"20260525-sharing-is-caring-1bif","frontmatter":{"title":"Sharing is caring","template":"post","date":"2026-05-25T06:45:00Z","excerpt":"Autistic people who talk at length about their interests are often read as self-centered. I think the mechanism is almost the opposite. A follow-up to my series on autism from the inside, on why information has survival-level value, why small talk feels like noise pollution, and why sharing is, quite literally, how a lot of us care.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhk18ub0fjm2t6qn78qpl.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhk18ub0fjm2t6qn78qpl.png","canonical_url":"https://dev.to/raphink/sharing-is-caring-1bif","devto_url":"https://dev.to/raphink/sharing-is-caring-1bif"},"html":"Last month, I wrote a series on autism from the inside. The response surprised me — several people said it helped them understand someone in their life, or themselves. This is a follow-up on something I've been thinking about since.
\nAutistic people who talk at length about their interests are easy to misread. They seem oblivious to whether you're engaged. They circle back to the same subject even after the conversation has moved on. From the outside, it looks like self-centeredness: I want to talk about this, so I will.
\nI suggest the mechanism is almost the opposite.
\nFor an autistic brain, information isn't incidental. It's closer to what navigation instruments are to a pilot: not nice to have, but required to function. I've written before about the constant background scan — the nervous system collecting data continuously, because any gap in the map is a potential trapdoor. That's the context this runs in.
\nIf information has that level of value — survival-level value, not intellectual curiosity — then sharing information is the most generous thing you can do. When I've spent weeks or months going deep on a subject, and I find something that genuinely matters, the instinct to share it isn't \"let me talk about myself.\" It's closer to \"I found something you need to know.\"
\nIt's \"I found water.\"
\nThe social form looks like monologue. The underlying intent is contribution, especially when this knowledge contributes to lowering anxiety, consciously or not.
\nThis also explains the other side of the equation: small talk. The common framing is that autistic people find it boring, or that we prefer \"meaningful\" conversation. That's not quite it either. The information channel runs in survival mode. Low-signal input — the weather, a filler comment, a pleasantry that carries no new information — doesn't just fail to help. It occupies bandwidth that the system is trying to keep clear. It's not boredom. It's closer to noise pollution in a critical instrument.
\nThe frustration when no one seems interested in what you're sharing, and the discomfort with small talk, come from the same place: a brain that has assigned extreme functional value to information, operating in a world where most social exchange treats information as incidental.
\nNone of this makes the social friction disappear. Knowing the mechanism doesn't mean the other person stops feeling talked over. But it changes the question. The question isn't \"why are they so self-absorbed?\" The question is: what does it mean to be generous when your native currency isn't attention, but knowledge?
\nFor a lot of autistic people, sharing is genuinely how we care. We're just not always aware that the gift doesn't always land the way it was meant.
"},{"url":"/posts/20260527-rest-is-not-what-you-think-1mbc/","relativePath":"posts/20260527-rest-is-not-what-you-think-1mbc.md","relativeDir":"posts","base":"20260527-rest-is-not-what-you-think-1mbc.md","name":"20260527-rest-is-not-what-you-think-1mbc","frontmatter":{"title":"Rest is not what you think","template":"post","date":"2026-05-27T08:25:00Z","excerpt":"Rest as low novelty load, not low stimulation — known vs unknown inputs, threat/navigation system, beach vs metal music","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6afefi210ooru3siqw0q.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6afefi210ooru3siqw0q.png","canonical_url":"https://dev.to/raphink/rest-is-not-what-you-think-1mbc","devto_url":"https://dev.to/raphink/rest-is-not-what-you-think-1mbc"},"html":"My wife says she's never seen me rest.
\nShe's not wrong, exactly. But I think we've been working with different definitions.
\nWhen someone tells me to rest, they usually mean: do something calm. Low stimulation. A walk in nature, a beach, quiet time.
\nFor a long time I couldn't explain why that didn't work for me. It wasn't that I didn't want to rest. It was that what counted as rest seemed to be defined by other people's nervous systems, not mine.
\nHere's what I eventually figured out.
\nRest, for me, is not about low stimulation. It's about low novelty load on the threat and navigation system.
\nI can blast metal music at full volume through headphones and come out of it genuinely restored. Not despite the intensity, because of something specific about it: my brain knows every note, every transition, every moment of that record. It keeps registering \"I know this. I know this. I know this.\" No decisions required. No scanning. The system can stop.
\nA beach is the opposite. It looks calm. But for my nervous system it's a continuous stream of unclassified inputs: people passing at unpredictable intervals, sounds I don't recognize, movements in peripheral vision, social situations I might need to navigate. My brain doesn't get to stop. It has to keep evaluating, filing, preparing. That's not rest. That's work with good lighting.
\nThe axis isn't intensity versus calm. It's known versus unknown. More precisely: does this input require a response decision, or not?
\nThis connects to something I've written about before — the background scan, the nervous system running in a kind of permanent low-level threat detection mode. What that system needs to rest isn't silence. It needs to be released from decision load. Familiar music does that. An unfamiliar environment doesn't, regardless of how peaceful it looks from the outside.
\nI think this is why a lot of autistic people have very specific, sometimes surprising rest rituals that look nothing like relaxation to others. It's not quirk or preference. It's load management.
\nThe well-meaning advice to \"just relax\" or \"get some fresh air\" isn't wrong about rest being necessary. It's using a definition of rest built for a different nervous system.
\nWhat actually restores you might look nothing like what's supposed to.
"},{"url":"/posts/20260529-two-survival-systems-two-empathy-modes-5nl/","relativePath":"posts/20260529-two-survival-systems-two-empathy-modes-5nl.md","relativeDir":"posts","base":"20260529-two-survival-systems-two-empathy-modes-5nl.md","name":"20260529-two-survival-systems-two-empathy-modes-5nl","frontmatter":{"title":"Two survival systems, two empathy modes","template":"post","date":"2026-05-29T06:56:49Z","excerpt":"The double empathy problem, made concrete: not a deficit on one side, but two coherent systems that are mutually opaque to each other.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft97sq9zsksudme0uxtep.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft97sq9zsksudme0uxtep.png","canonical_url":"https://dev.to/raphink/two-survival-systems-two-empathy-modes-5nl","devto_url":"https://dev.to/raphink/two-survival-systems-two-empathy-modes-5nl"},"html":"Here are two scenes. They look unrelated. They're not.
\nTwo people at a café, talking about a restaurant they want to try. A stranger walking past stops: \"That place closed six months ago. The one on the corner is better.\" A brief nod, and they walk on.
\nThe two people exchange a glance, taken aback. Why did that person stop? What did they want?
\nA few steps away, the stranger is also confused. They had useful information. They shared it. Why did these people react so strangely?
\nA colleague is visibly stressed, describing a difficult situation at work. One friend pulls their chair closer, puts a hand on their arm: \"That sounds really hard.\" Another opens their laptop: \"I found something that might help — HR has a process for exactly this, I'll send you the link.\"
\nThe colleague leans into the first. Glances uncertainly at the second.
\nThe second person doesn't understand why sitting close and saying \"that sounds hard\" counts as helping. You haven't solved anything. The first doesn't understand why anyone would respond to distress with links.
\nBoth scenes end the same way: people on both sides convinced they did the right thing, confused by the other's reaction. The mismatch is mutual and invisible from the inside.
\nFor many autistic people, information is a survival mechanism. Uncertainty is threat, missing information is a vulnerability, and the drive to correct and share runs below conscious awareness. Empathy, expressed through that system, looks like giving someone what keeps you safe: accurate information, solutions, resources. The social preamble before sharing — announcing yourself, softening the approach — doesn't arise as a concept. Why would useful information require an introduction?
\nFor many neurotypical people, social safety is a survival mechanism. Group cohesion and reading others accurately are what keep people safe. Empathy, expressed through that system, looks like presence: mirroring distress, making someone feel held, maintaining the social fabric. An uninvited approach from a stranger bypasses the protocol that signals safe intent — and that protocol isn't a nicety, it's the unlock code. Without it, the content can't land regardless of how useful it is.
\n![\"Image](\"https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ll3p3bkxfe9auwyvxzoq.png\")
The social preamble is as foreign a concept to the autistic person as the direct approach is unsettling to the neurotypical person. The information response is as opaque to the neurotypical person as emotional attunement is to the autistic person. Neither protocol is natural to the other system. The incomprehension runs in both directions, with equal depth.
\nIn 2012, autistic researcher Damian Milton described what he called the double empathy problem: cross-neurotype communication difficulties aren't a deficit on one side, they're a mismatch between two coherent systems that are mutually opaque to each other. Historically, the autistic side has been asked to compensate, the neurotypical system treated as the default rather than as one particular survival logic among two.
\nWhat these two scenes show is that both sides are trying to care for the other, each in the only language their system knows, and neither is being received as care.
\nThat's not a deficit. That's two survival systems, built for different threats, each expressing empathy in the only currency it has.
"},{"url":"/posts/20260530-why-autism-hasnt-disappeared-a-hypothesis-1b6g/","relativePath":"posts/20260530-why-autism-hasnt-disappeared-a-hypothesis-1b6g.md","relativeDir":"posts","base":"20260530-why-autism-hasnt-disappeared-a-hypothesis-1b6g.md","name":"20260530-why-autism-hasnt-disappeared-a-hypothesis-1b6g","frontmatter":{"title":"Why autism hasn't disappeared — a hypothesis","template":"post","date":"2026-05-30T14:38:16Z","excerpt":"Why has autism persisted across all human populations, across cultures, across centuries? A hypothesis: not because of individual advantage, but because groups that contained the profile were more robust against a failure mode the majority profile generates in itself.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc07999xlm6s98n639esf.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc07999xlm6s98n639esf.png","canonical_url":"https://dev.to/raphink/why-autism-hasnt-disappeared-a-hypothesis-1b6g","devto_url":"https://dev.to/raphink/why-autism-hasnt-disappeared-a-hypothesis-1b6g"},"html":"In the previous post, I described two survival systems: one oriented toward information, one toward social cohesion. The autistic information drive produces friction: the café stranger, the colleague with links when you needed a hug. But it also produces something else.
\nPicture a tribal council. The leader has spoken. The plan is agreed. Everyone around the fire has nodded. One person says: \"But the herd tracks go the other way.\"
\nSilence. Eyes. The weight of having contradicted the chief in front of everyone.
\nThe tracks went the other way.
\nAutism has strong genetic components — spread on many genes, with expression influenced by environmental factors. It runs in families, it clusters, it transmits. It tends to isolate affected individuals, and yet it persists at consistent rates across all human populations, across cultures, and most likely across centuries. This is the kind of pattern that usually means something.
\nThe conventional explanations for its persistence focus on the individual level: genetic linkage to advantageous traits, cognitive advantages in pattern recognition and systemizing, the so-called \"geek gene\" hypothesis. These are real and worth taking seriously. But they explain individual fitness. What if the answer isn't at the individual level at all, what if the whole group benefited enough from the presence of autistic members that it played in favor of the group's survival?
\nA group where everyone runs the social-harmony calculation before speaking has a specific, predictable blind spot. Information gets suppressed to preserve group comfort. Errors go uncorrected because correcting them would embarrass someone senior. The plan with the structural flaw gets executed because no one wanted to be the one who said so in front of the chief.
\nThis is not a theoretical failure mode. It has a name —groupthink— with documented consequences. And it operates precisely through the mechanism that makes neurotypical social cohesion work so well in stable conditions: the instinct to read the room, preserve relationships, avoid disruption.
\nThe autistic information drive doesn't have that brake. Not because of courage or contrarianism, but because the system that would weigh social cost against information value simply doesn't run first. The information is there, it needs to be shared, and the authority of the person in front of you is not a relevant variable.
\nThe person around the fire says the tracks go the other way. Not to challenge the chief. Not to make a point. Because the tracks go the other way and that is the only thing that matters: to speak the facts.
\nYou don't need to resolve the group selection debate in evolutionary biology to find this argument useful. There's a simpler version.
\nAutism is heritable. Which means some groups, by genetic chance, would have had more of this profile and some would have had less — either by the higher presence of some autism-related genes, or by the presence of more such biological markers in the population. A group that happened to lack it entirely would have been exposed to the groupthink failure mode with no one to interrupt it. Information suppressed. Errors uncorrected. The tracks followed in the wrong direction.
\nOver generations, over crises, over the moments when accuracy mattered more than social harmony, that asymmetry would have had consequences.
\nThis isn't a claim that autistic individuals were selected for. It's an observation that groups containing the profile were more robust against a specific and recurring failure mode that the majority profile generates in itself.
\nThe usual framing of autism and society runs in one direction: here is a profile that generates difficulties, how do we accommodate it. That framing isn't wrong, but it's incomplete.
\nThe profile that makes someone say the tracks go the other way, correct the stranger's restaurant recommendation, flag the error in the meeting when everyone has moved on — that profile is costly in stable, low-stakes social conditions. It produces exactly the friction described in the previous post. But a group running only the social cohesion system is vulnerable in a specific direction, and has been throughout human history.
\nThe autistic people who drove everyone slightly mad in ordinary times may have been the ones who said the thing that needed saying when it mattered most.
\nThis is a hypothesis. The genetic heritability of autism is established. The groupthink failure mode is documented. The observation that cross-neurotype groups might be more robust is plausible and consistent with broader neurodiversity research. But the specific claim — that autism persists in part because groups containing it outperformed groups that didn't — is an original assembly of solid components, not a finding from the literature.
\nI'm offering it as a frame worth considering, not a conclusion worth defending. If you work in evolutionary biology or behavioral genetics and think I'm wrong, I'd genuinely like to know why.
"},{"url":"/posts/20260611-gen-ai-is-an-amplification-machine-d54/","relativePath":"posts/20260611-gen-ai-is-an-amplification-machine-d54.md","relativeDir":"posts","base":"20260611-gen-ai-is-an-amplification-machine-d54.md","name":"20260611-gen-ai-is-an-amplification-machine-d54","frontmatter":{"title":"Gen AI is an Amplification Machine","template":"post","date":"2026-06-11T08:41:34Z","excerpt":"Most people misunderstand what generative AI actually does. It doesn't add quality — it multiplies what's already there. Which means the people it serves best are the ones who least needed it to begin with.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcq4rq8s4q8vzet5us2uc.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcq4rq8s4q8vzet5us2uc.png","canonical_url":"https://dev.to/raphink/gen-ai-is-an-amplification-machine-d54","devto_url":"https://dev.to/raphink/gen-ai-is-an-amplification-machine-d54"},"html":"I've been using generative AI pretty much daily for months now. And I've come to think most people fundamentally misunderstand what it does.
\nGen AI is an amplification machine.
\nGive it good ideas, and it will help you express them better than you could alone. Give it bad ideas, and it will make them worse, more confidently, with better grammar. Give it nothing — no ideas, no voice, no judgment — and you'll get slop. Averaged mediocrity, the statistical center of human expression, smoothed of anything surprising or true.
\nThe tool doesn't add quality. It multiplies what's already there, as a catalyst.
\nWhich is why the people I see getting the most genuine value from it are almost always people who were already creating and thinking seriously before it existed. Not because the tool is gatekept, but because the gate was never the tool. It was always the ideas. The voice. The judgment that knows when something is good and when it only looks good.
\nI use it as a mind extension. I drop half-formed thoughts into a conversation, and something comes back that helps me see what I was actually trying to say. It holds more threads simultaneously than I can. It pushes back from angles I hadn't considered. It drafts the sentence I was circling around for twenty minutes.
\nBut it has never once given me a novel idea I didn't already have in some latent form. It has never surprised me with an insight I couldn't recognize as mine once it appeared. The correlation happens in my head. The tool just removes the friction between having the thought and getting it out of my head in a form others can use.
\nI don't judge the tool by how much content it helps me produce. I judge it by whether I think better because of it. Whether a conversation sharpened an argument I'd been carrying half-formed for months. Whether pushing back on a draft helped me find what I actually believed. Whether I understand something today that I didn't yesterday.
\nThere's a word for what it produces when there's nothing to amplify: mediocre. Not bad — bad can be interesting, even funny; it takes a soul to genuinely produce failure. Mediocre is the absence of soul. Competent enough to look like it tried, empty enough to leave nothing behind.
\nIf you wouldn't publish that post in your own voice, AI is no excuse to do it. You — and the world — deserve better than statistical word soup.
\nDisclaimer: This post was sublimated through a two-hour conversation with Claude.
"},{"url":"/posts/20260608-return-to-the-planet-of-the-autistics-447g/","relativePath":"posts/20260608-return-to-the-planet-of-the-autistics-447g.md","relativeDir":"posts","base":"20260608-return-to-the-planet-of-the-autistics-447g.md","name":"20260608-return-to-the-planet-of-the-autistics-447g","frontmatter":{"title":"Return to the Planet of the Autistics","template":"post","date":"2026-06-08T15:33:39Z","excerpt":"A field journal from an imaginary researcher studying a puzzling minority neurological condition called allism, which affects approximately 1% of the population.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fis2flk0php5gnfwudtpg.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fis2flk0php5gnfwudtpg.png","canonical_url":"https://dev.to/raphink/return-to-the-planet-of-the-autistics-447g","devto_url":"https://dev.to/raphink/return-to-the-planet-of-the-autistics-447g"},"html":"Field journal of Dr. E. Rempel, Department of Minority Neurological Studies, University of New Carthage (A work of fiction. \"Allism\" is a real term used by some autistic people to describe the neurological profile of the non-autistic majority.)
\nMarch 3, 2089
\nI have now spent three months embedded with an allistic community in the outer provinces. Allism, for those unfamiliar, is a rare neurological variant affecting approximately 1% of our population. My colleagues at the University have long debated its origins and persistence. After direct observation, I am no more certain of the answers, but I have accumulated a remarkable set of field notes.
\nThe allistic subjects I have observed appear, on the surface, entirely functional. They hold jobs, maintain relationships, raise children. And yet their neurological profile diverges from the norm in ways that are at once fascinating and bewildering.
\nMarch 11, 2089
\nThe most immediately striking feature of the allistic profile is their relationship with information. Where a typical individual experiences the sharing of useful knowledge as a basic social reflex, the allistic subject appears to require an elaborate ritual before any information exchange can occur.
\nApproach an allistic subject directly with a piece of useful data and observe what happens. Rather than receiving it, they freeze. A threat-assessment process appears to engage, entirely pre-consciously, before the content of the communication can be evaluated at all. One subject described it to me as feeling \"strange\" when a stranger approached with unsolicited information, though she could not articulate why.
\nI have learned to preface all information exchanges with what my translator calls \"the preamble ritual\" — a sequence of social signals that appears to deactivate the threat response and allow communication to proceed. The exact form varies, but typically involves eye contact, a softening of posture, and verbal acknowledgment that one is about to speak. Only then can the information be received.
\nThe evolutionary origins of this ritual remain unclear to me. My working hypothesis is that it functions as a trust-establishment protocol, though why the allistic nervous system requires trust to precede factual information rather than follow its evaluation is a question I have not yet been able to answer satisfactorily.
\nMarch 16, 2089
\nA minor observation, but one I keep returning to. The clothing worn by my allistic subjects would be, for most members of my own population, a source of considerable distress. Rough seams left unfinished. Labels intact at the collar. Fabrics that I would describe as abrasive worn directly against the skin, apparently without a second thought.
\nI raised this carefully with one subject, asking whether she found certain textures uncomfortable. She looked at me with what I have come to recognize as polite confusion. \"Not really,\" she said. \"Should I?\"
\nI did not pursue the matter further. But I noted that the specialized garment industry my own population has developed over generations — seamless constructions, carefully selected weaves, the near-universal preference for soft natural fibers — would likely strike her as an inexplicable luxury.
\nI am not certain she is wrong.
\nMarch 19, 2089
\nThe allistic empathy system is, I will admit, remarkable in its own way. Where the typical mind responds to another's distress by immediately searching for relevant information or resources, the allistic subject responds with something altogether different: they synchronize.
\nI observed this phenomenon repeatedly. One subject was visibly distressed about a professional difficulty. A colleague sat close, placed a hand on her arm, and said: \"That sounds really hard.\" No information was exchanged. No solution was offered. And yet the distressed subject visibly relaxed.
\nI spent some time puzzling over this before my translator explained that the allistic subject was not attempting to solve the problem. They were signaling membership in a shared emotional space. The distress itself was the point of contact.
\nI have since come to understand that allistic empathy is cohesion-based rather than information-based. They experience something of another's distress, synchronize with it, and express care by making that synchronization visible. It operates on entirely different principles than the system I grew up with, but I have stopped assuming it is therefore less sophisticated.
\nMarch 24, 2089
\nI attended a social gathering this evening in a venue I would describe as aggressively stimulating. Overhead lighting of the flickering variety my population abandoned some decades ago. Music at a volume that made conversation technically possible but practically taxing. Several simultaneous sound sources competing without apparent hierarchy.
\nMy allistic companions were energized. One of them leaned toward me at one point — shouting, by any reasonable measure — and asked if I was enjoying myself.
\nI said that I was finding it interesting.
\nI have since learned that this is an acceptable answer.
\nWhat I could not explain to her is that I spent most of the evening mapping the exits and trying to identify which sound source to filter out first. She, I am fairly certain, was simply having a good time. The difference in our baseline calibration is something I am still trying to understand. I note, however, that not all of my allistic subjects respond to such environments identically — one excused himself early, citing a headache — which suggests the variation within the allistic profile is wider than our diagnostic literature implies.
\nMarch 31, 2089
\nA note on small talk, which I have been attempting to master with limited success.
\nThe allistic subjects I have observed engage in it fluently and apparently with pleasure. Exchanges about the weather, weekend plans, minor shared observations about the immediate environment — these seem to function as a kind of social maintenance, a low-stakes signal that the relationship is still intact and the parties are still on good terms. My translator describes it as \"keeping the connection warm.\"
\nI understand the function intellectually. The practice itself I find effortful in a way I struggle to convey. The content of most small talk exchanges carries very little information, which means I am spending social energy on a transaction that does not obviously repay it. My allistic subjects, conversely, seem genuinely refreshed by it. One described a brief exchange with a neighbor about her garden as \"nice.\" I believe her.
\nApril 2, 2089
\nThe allistic tendency toward group cohesion produces some extraordinary social structures. They maintain large, complex networks of relationships with apparent ease, reading emotional states across a room, navigating implicit hierarchies without explicit rules. At a dinner party I attended as an observer, subjects managed at least four simultaneous conversations, tracking each other's engagement levels and adjusting fluidly. I found it overwhelming. They found it enjoyable.
\nI have also observed, however, a recurring pattern in group decision-making contexts. Once a course of action has been agreed upon by the group, information that might complicate or reverse that decision becomes remarkably difficult to introduce. The social fabric of the agreement seems to take on a weight of its own. Subjects who possess relevant corrective information will often hesitate, gauge the room, and on more than one occasion I observed them remain silent altogether.
\nI noted this carefully in my records but said nothing. It was not my place.
\nApril 8, 2089
\nSomething I should have noted earlier: the allistic subjects I have observed do not appear to experience the ambient anxiety that most members of my population would describe as a background feature of daily life. The low-level monitoring of potential information gaps, the discomfort of unresolved uncertainty, the particular unease of an incomplete picture — these do not seem to register for them in the same way.
\nOne subject, when I described this to her, said: \"I think I just assume things will probably work out.\"
\nI wrote this down verbatim. I am not sure I have ever assumed things will probably work out.
\nI want to be careful not to overstate this. Several of my subjects do describe anxiety — about social situations, about relationships, about the future in general. The allistic nervous system is not without its own forms of worry. But the specific texture of uncertainty-as-threat, the experience of an information gap as something requiring urgent resolution, does not appear to be a central feature of their profile. They seem, on the whole, more comfortable not knowing.
\nApril 14, 2089
\nI raised the decision-making observation with my translator over dinner. He was quiet for a moment, then said: \"We don't like to make people feel wrong in front of others.\"
\nI asked whether they would prefer to proceed with an incorrect plan rather than endure that discomfort.
\nHe thought about it. \"Sometimes,\" he said. \"If the stakes are low enough.\"
\nI found myself wondering how the group determines in advance whether the stakes are low enough.
\nApril 29, 2089
\nBefore I left for the field, a colleague asked me why I had chosen to study allism rather than one of the more prevalent conditions. I told him it was precisely the rarity that interested me. A profile affecting 1% of a population tells you something about the other 99% — about what we consider default, expected, unremarkable.
\nI have been sitting with a more unsettling question during these months, though. Our diagnostic manual defines allism as a neurological condition on the basis of its statistical rarity and its divergence from typical functioning. Typical functioning, the manual notes, reflects the profile of the majority.
\nI keep returning to that definition. Not to dispute it, exactly. But I find I cannot read it now without wondering what it would say if the numbers were different — with inverted proportions, for example.
\nOur society would probably be quite different then, and I wonder what they would think of us, autistics.
\nWhen I attend tech conferences, people usually know me — if they do — for my work on Cilium and my labs.
\nThat started changing recently. At the last two tech conferences I attended, visitors came up to me and thanked me for my series on autism. That has been extremely encouraging, especially hearing them say they relate to most of what I shared.
\nBut their next question is often: \"so how would you define autism, actually?\"
\nIt's a fair question. And the honest answer is that the official definition — the one in the DSM-5, the handbook clinicians use worldwide — doesn't really answer it.
\nThe DSM defines autism by its observable symptoms: persistent deficits in social communication, restricted and repetitive behaviors. It's a checklist of what a clinician can see in a room, or what a patient can report about themselves. It describes the shadow, not the object.
\nThis made sense historically. Autism was identified and named from behavioral observation before its neurological mechanisms were understood. The definition was built on what was available — the same way plague was once defined by buboes and fever, before Yersin identified Yersinia pestis in 1894 and medicine stopped defining the disease by its symptoms and started defining it by its cause.
\nWe are still, for autism, in the pre-Yersin era. Not because the underlying neurological differences are unknown — neuroimaging studies have consistently identified atypical subcortical connectivity, different sensory processing thresholds, distinct patterns in amygdala and thalamic function. The neurobiological reality is known well enough to begin building definitions grounded in cause rather than presentation. Clinical practice just hasn't caught up to the science yet.
\nThe goal here is not to settle which neurological mechanism is primary — researchers are still actively debating that. The point is simpler: the definition belongs in that category at all, rather than in the category of observable social behavior.
\nSo the DSM keeps the symptom-based definition. Not out of dishonesty — out of a category error that was reasonable when it was made and hasn't been corrected since. Mistaking the presentation for the condition. The shadow for the object.
\nWe may not yet have a complete mechanistic definition. But an incomplete map of the cause is still closer to the object than a detailed map of the shadow.
\nThe distinction matters because a definition and a diagnostic test are not the same thing. A definition requires knowing what something is. A test requires detecting it consistently. We already know autism is neurological. We know it has a substantial genetic basis. We know many of the brain structures and processes involved. What we do not yet have is enough precision to build a repeatable diagnostic test from that knowledge.
\nThe first bar has largely been cleared. The second has not. Defining autism by its behavioral presentation conflates the two — building the definition from the available test rather than from the available knowledge. That is the category error.
\nThe behavioral criteria remain useful as diagnostic proxies — when used as such. The problem is when they become the definition. One of my children was seen by clinicians for years who dismissed the possibility of autism because he presented well in their office. He was a good boy. Not rolling on the floor. What they didn't see was what happened at home. The proxy was working as designed. The clinicians mistook it for reality.
\nThere's a compounding error here: early support and intervention can improve behavioral presentation. Which means the better the support, the less visible the condition — and the more likely a clinician using a behavioral checklist will miss it. Adjusted behavior gets mistaken for low need. A social outcome gets mistaken for a sufficient one.
\nSome would argue that if a child presents well, diagnosis is unnecessary. But diagnosis changed everything — not for the clinicians, but for the people around him. Siblings understood. Teachers adjusted. The bullying stopped, not because he changed, but because the people around him finally had a frame for why he was the way he was. That is what diagnosis is actually for. Not a label. A lens.
\nThe consequences extend further. A definition built on observable behavior misses anyone whose behavior has been masked, compensated, or trained away. Which is precisely the late-diagnosed adult population — the people most likely to have spent decades performing neurotypicality convincingly enough to fool everyone, including themselves. My own GP discouraged me from seeking a diagnosis twice. I was diagnosed at 43.
\nAs a suggested definition, for what it's worth: autism is a neurological condition — not a psychological disorder — in which the preconscious processing of sensory input and social information operates with a different filtering baseline, through different mechanisms and different thresholds than the neurotypical baseline. The behavioral symptoms follow from that. They are consequences, not causes.
\nThat definition is stable. It doesn't shift with age, context, or the quality of someone's masking on a given Tuesday.
\nThe checklist shifts. The underlying neurology doesn't.
\nI'd be curious to hear from researchers, clinicians, or fellow autistics: is there a better definition? One that names the cause rather than the shadow?
"},{"url":"/posts/20260615-ai-doesnt-hallucinate-your-architecture-does-32pe/","relativePath":"posts/20260615-ai-doesnt-hallucinate-your-architecture-does-32pe.md","relativeDir":"posts","base":"20260615-ai-doesnt-hallucinate-your-architecture-does-32pe.md","name":"20260615-ai-doesnt-hallucinate-your-architecture-does-32pe","frontmatter":{"title":"AI Doesn't Hallucinate. Your Architecture Does.","template":"post","date":"2026-06-15T08:30:00Z","excerpt":"Hallucination isn't a bug in LLMs — it's the mechanism. The real problem is misallocating non-determinism, and why \"SKILLS.md is enough\" is exactly backwards.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0jn7tqw1rv0zxb25aq2g.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0jn7tqw1rv0zxb25aq2g.png","canonical_url":"https://dev.to/raphink/ai-doesnt-hallucinate-your-architecture-does-32pe","devto_url":"https://dev.to/raphink/ai-doesnt-hallucinate-your-architecture-does-32pe"},"html":"Everyone is talking about hallucination. That's the wrong diagnosis.
\nHallucination isn't a bug. It's the mechanism. Turn the temperature down far enough and the model stops confabulating, but it also stops being useful. What people call hallucination is what LLMs do when their creativity fails in a context that needed correctness. But all LLM output is hallucination in some form: generated token by token, probabilistically, without ground truth — just with enough structure and guardrails that most of it lands close enough to be acceptable.
\nThe creativity and the confabulation are the same thing. Different temperature, different context, different guardrails.
\nWhich means \"reducing hallucination\" is the wrong goal. You can't reduce it without reducing the model. The right goal is routing: giving LLMs only the problems where that generative, probabilistic process is actually what you need.
\nUsing a non-deterministic tool where a deterministic one would do the job perfectly is what breaks agentic systems.
\nA deterministic API call costs microseconds and fractions of a cent. It is correct 100% of the time, by definition. An LLM doing the same task is slower, more expensive, and introduces a failure rate you now have to reason about — not because the model is broken, but because you've asked a creativity engine to act like a lookup table. Chain three of those steps together and you don't have a 10% failure rate, you have 27%. Five steps and you're past 40%. The errors are hard to reproduce and harder to attribute.
\nI've been building an agentic genealogy research system. Two tasks, completely different natures.
\nFetching newspaper archive records for a given name and date range: deterministic. The API either returns results or it doesn't. There's no judgment to exercise, no ambiguity to resolve. An LLM here is just an expensive way to call curl — and one that will occasionally invent records that don't exist, because that's what it does.
\nDeciding whether the person in that archive record is the same as the one in the birth register — given a different spelling of the surname, a two-year age discrepancy, and a naming convention that shifted at the border: LLM. This is exactly the kind of ill-defined correlation across uncertain evidence where you want the probabilistic reasoning. The hallucination, properly constrained, is the feature.
\nThis is also why the current wave of \"we don't need MCP anymore — SKILLS.md is enough\" is exactly backwards.
\nSKILLS.md is a routing layer. It tells the LLM which tool to use for which class of problem, directing judgment toward genuinely hard problems rather than eliminating it. That's valuable. But SKILLS.md is still natural language processed by a probabilistic model. MCP gives the model actual deterministic tools: APIs with guaranteed behavior, typed inputs, reliable outputs. Replacing MCP with SKILLS.md doesn't simplify your architecture, it replaces a deterministic function call with a probabilistic description of one. You've kept the complexity and removed the reliability.
\nThe routing layer is where most agentic architectures fail silently. Engineers reach for the LLM because it's faster to prototype, because it removes the need to maintain separate services, because describing a tool in natural language feels easier than building it. What they get instead is unnecessary entropy at every step, and failure modes that look like model problems but are actually architecture problems.
\nThe question to ask at every step of your pipeline isn't \"can the LLM do this.\" It can, after enough tries. The question is: is this problem actually non-deterministic? Is there genuine ambiguity here that requires judgment? If not — if there's a correct answer a function could return reliably — you've given a creativity engine a job that doesn't need creativity. And you'll pay for it in every run.
\nThe good news: MCP servers are rather easy to build. Using LLMs.
"},{"url":"/posts/20260612-vanity-of-vanities-on-ai-slop-and-the-problem-of-content-for-contents-sake-4e6l/","relativePath":"posts/20260612-vanity-of-vanities-on-ai-slop-and-the-problem-of-content-for-contents-sake-4e6l.md","relativeDir":"posts","base":"20260612-vanity-of-vanities-on-ai-slop-and-the-problem-of-content-for-contents-sake-4e6l.md","name":"20260612-vanity-of-vanities-on-ai-slop-and-the-problem-of-content-for-contents-sake-4e6l","frontmatter":{"title":"Vanity of vanities — on AI slop and the problem of content for content's sake","template":"post","date":"2026-06-12T08:30:00Z","excerpt":"AI didn't create the problem of empty content. It made it cheaper. 3,000 years ago Qoheleth had a word for it.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk56jejevdx91actlycb7.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk56jejevdx91actlycb7.png","canonical_url":"https://dev.to/raphink/vanity-of-vanities-on-ai-slop-and-the-problem-of-content-for-contents-sake-4e6l","devto_url":"https://dev.to/raphink/vanity-of-vanities-on-ai-slop-and-the-problem-of-content-for-contents-sake-4e6l"},"html":"3,000 years ago, Qoheleth surveyed everything done under the sun and called it vanity. Not pride — emptiness. The striving after wind. Labor that produces nothing that lasts, accumulates nothing that matters, leaves nothing behind worth finding.
\nHe would have recognized LinkedIn immediately.
\nThe flood of AI-generated content that fills every feed right now is not primarily a quality problem. It is a vanity problem. Content produced not because there was something to say, but because the algorithm rewards posting. Because silence looks like absence. Because everyone else is publishing, so you must too.
\nThe tool didn't create this. The tool made it cheaper.
\nThe barrier to publishing was never the writing. It was having something worth saying. Remove the writing barrier without removing the emptiness barrier, and you get an avalanche of nothing — dressed in confident prose, structured in three points, ending with a call to action that leads nowhere.
\nQoheleth's diagnosis was precise: vanity is not about what you produce, it's about why. Work done for its own sake, for appearance, for the striving — that is the problem. The medium is irrelevant. A hand-written empty thought is still empty. An AI-generated profound insight is still profound, if it came from somewhere real.
\nThe question AI forces us to ask — and that most people are avoiding — is not \"did a human write this.\" It is \"was there anything here worth saying.\" That question predates the tool by at least three thousand years.
\nA chasing after wind.
"},{"url":"/posts/20260617-were-at-risk-of-losing-human-dignity-to-machine-productivity-lip/","relativePath":"posts/20260617-were-at-risk-of-losing-human-dignity-to-machine-productivity-lip.md","relativeDir":"posts","base":"20260617-were-at-risk-of-losing-human-dignity-to-machine-productivity-lip.md","name":"20260617-were-at-risk-of-losing-human-dignity-to-machine-productivity-lip","frontmatter":{"title":"We're at Risk of Losing Human Dignity to Machine Productivity","template":"post","date":"2026-06-17T17:13:51Z","excerpt":"The AI debate is forcing us to define intelligence. Every definition proposed, when applied consistently, ends up drawing a line through humanity itself.","thumb_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fop4cv1i0id31cvswys4q.png","content_img_path":"https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fop4cv1i0id31cvswys4q.png","canonical_url":"https://dev.to/raphink/were-at-risk-of-losing-human-dignity-to-machine-productivity-lip","devto_url":"https://dev.to/raphink/were-at-risk-of-losing-human-dignity-to-machine-productivity-lip"},"html":"This is not an argument against AI. I use it daily, I build with it, and by most measures I'm on the winning side of the system it's creating, which is exactly why this argument needs to be made now, and why I'm in a position to make it.
\nThe debate about artificial intelligence keeps returning to the same question: is it intelligent? I'm not going to spend much time there. LLMs are not intelligent, not because of what they can or can't do, but because of what they are: statistical pattern matching at scale over human-generated data. They're mimicry, not cognition, and that's not a controversial claim if you understand the architecture.
\nBut a lot of people are making a different argument. They're pointing at capability failures: LLMs can't reliably count the letter \"r\" in \"strawberry\", therefore they're not intelligent. The problem with that argument is that many humans can't either, because they're illiterate, or because they process language differently. If that's your criterion, you've excluded a significant portion of humanity from intelligence before you've even reached AI, and if you then adjust the criterion to accommodate those humans, you need to explain why the adjusted criterion still excludes LLMs.
\nThat adjustment — finding a definition of intelligence that cleanly separates humans from machines — is where the danger lives, not because it might accidentally vindicate LLMs, but because every definition proposed, when applied consistently, ends up drawing a line through humanity itself.
\nThis is not a new problem. It has a history, and the history is not abstract. Defining humanity by capability has been used before to sort people into those who matter and those who don't, and the vocabulary changes, but the structure doesn't.
\nWhat's new is the comparison class. As long as humans were the most productive agents in the economy, tying dignity to output was cruel to those at the bottom but didn't threaten the category as a whole. AI changes that arithmetic, and on an expanding set of measurable tasks, AI outproduces humans, cheaper, faster, without complaint. If your framework measures human worth by productive contribution, that framework now has a benchmark humans will increasingly fail to meet.
\nThe people most invested in that framework are aware of this. Some of them are building the AI, some of them are funding the political movements that will decide what to do with the humans who don't compete well, and they are not hiding their contempt for what they call low-productivity people, they are writing it in public and funding it into policy.
\nThe requirement — not the solution, the requirement — is to decorrelate human dignity from productive output, not because work has no value, not because contribution doesn't matter, but because human dignity has to be prior to and independent of what a person produces, or it isn't dignity at all, it's a performance review.
\nThis principle isn't new. It predates capitalism, predates the nation-state, predates the industrial revolution. The biblical tradition knew it well: the Jubilee year cancelled debts and returned land regardless of what people had produced, gleaning rights fed those who couldn't work without requiring them to justify their hunger, and Sabbath rest was mandatory, even for the productive. In each case, the logic is the same: human dignity primes over efficiency, subsistence is not means-tested, and neither is worth.
\nIn a world where a small number of people and systems can automate the productive output that once required millions, that principle stops being ancient wisdom and starts being urgent policy, and survival cannot remain a reward for contribution, it has to be a starting point.
\nMost serious human rights frameworks rest on the same premise. What's new is that we can no longer afford to pay lip service to it while quietly grounding it in utility, because AI is removing the ambiguity, and the logical conclusion of measuring human worth by output, in a world where AI outproduces humans, is not prosperity, it's a sorting mechanism.
\nThe AI debate is not asking us whether machines are intelligent, it's asking us whether we meant what we said about humans.
"},{"url":"/posts/20100913-blogspot-usborne-books-on-riviera/","relativePath":"posts/20100913-blogspot-usborne-books-on-riviera.md","relativeDir":"posts","base":"20100913-blogspot-usborne-books-on-riviera.md","name":"20100913-blogspot-usborne-books-on-riviera","frontmatter":{"title":"Usborne Books on the Riviera","template":"post","date":"2010-09-13T21:07:00.000+02:00","canonical_url":"https://raphink.blogspot.com/2010/09/usborne-books-on-riviera.html","blogspot_url":"https://raphink.blogspot.com/2010/09/usborne-books-on-riviera.html","tags":["books","riviera","usborne"]},"html":"Today, I am very happy to announce that my wife is starting a business here on the French Riviera. She loves the children books by the British editor Usborne, so she will be selling them at homes in the region.
\nFeel free to drop by her website and check the next days for Book Parties!
"}],"site":{"siteMetadata":{"description":"Raphaël Pinson's personal blog","header":{"title":"Raphaël Pinson","tagline":"Infrastructure Developer working @Isovalent. ","background_img":"images/header-bg.jpg","has_nav":true,"nav_links":[{"label":"Home","url":"https://raphink.info","type":"link"},{"label":"Contact","url":"/contact/","type":"link"}],"has_social":true,"social_links":[{"label":"GitHub","url":"https://github.com/raphink","type":"icon","icon_class":"fa-github","new_window":true},{"label":"DEV","url":"https://dev.to/raphink","type":"icon","icon_class":"fa-dev","new_window":true},{"label":"Bluesky","url":"https://bsky.app/profile/raphink.info","type":"icon","icon_class":"fa-bluesky","new_window":true},{"label":"LinkedIn","url":"https://www.linkedin.com/in/raphink","type":"icon","icon_class":"fa-linkedin","new_window":true},{"label":"Stack Exchange","url":"https://stackexchange.com/users/82664/%e2%84%9daphink","type":"icon","icon_class":"fa-stack-exchange","new_window":true}]},"footer":{"content":"© All rights reserved.","links":[]},"palette":"yellow","title":"Open Source Automation"},"pathPrefix":"","data":null}}},"staticQueryHashes":[]}