My traffic shaping has really worked out using pfsense to lower my buffer bloat and get better network performance.



I built my own pfsense from a Dell OptiPlex 990 SFF PC with an Intel Core i5-2400 3.1GHz. I have installed an Intel PRO/1000 VT Quad Port Server Adapter LP PCI-E for more networks and vlans on my network. Traffic shaping was a breeze with pfsense. I of course run pfsense virtualized as the OS itself doesn't work on the hardware physically. BSD seems to have a limited hardware support than Linux these days. It was really the fact that BSD kernel didn't have the right support for this chip and kept hard locking with a kernel error that made no sense. So I have installed SUSE Linux Enterprise Server 12 SP1 as the HOST OS which is humming along with no kernel errors and pfsense is running as a KVM virtual machine. I have bridged all the network interfaces for the virtual machine and it works great. Its been running for 3 months now with no troubles.

Now to try out Sophos UTM. Looks like a fun alternative to pfsense and its Linux based. :-)

This post has been migrated to my new blog that you can find here:

https://pureooze.com/blog/posts/2016-08-07-what-is-pam/

The last post I did was the start of the Comprehensive Guide To AppArmor which took a look at the basics an administrator or developer needs to know to start creating and deploying AppArmor profiles for a program. In the post I also left a question for the reader regarding AppArmor being used to replace the traditional DAC permissions (but never should!) and how you could use it to remove access to a file from a specific user (rather than a program). However this requires usage of the pam_apparmor module for PAM and due to this, before going into depth with using pam_apparmor, you should make sure you have a grasp of the basics of PAM and its configuration files.

Seriously What Is PAM?

PAM stands for Pluggable Authentication Modules and is used to perform various types of tasks involving authenticaction, authorization and some modification (for example password change). It allows the system administrator to separate the details of authentication tasks from the applications themselves. This allows the policy to not only be generic, it means that the programs do not need to be modified in order to update the policy! An example of PAM usage is controlling login attempts to a shell/GUI interface so that only successful authentication and authorized events are allowed. You could also use PAM to control who can use the su binary to switch identities or control who can use the passwd utility to change passwords.

Overview

When a developer wishes to interact with PAM to let it handle events, they must include libpam which allows communication via the API provided by the library. When PAM sees a new event that it must process, it will look at the relevant configuration files found in /etc/pam.d and determine which modules must be used at certain stages.

PAM is capable of using context to determine what it needs to do, for example the pam_unix.so module has capabilities for the auth and account stack. In the auth stack it checks a username and password combo while in the account stack it will check a users aging and expiration info. This versatility is one of the reasons PAM has been so popular in the UNIX world, it allows for solutions that can be combined to create a generic library to deal with certain type of request.

How Do I Tell A Program Supports PAM?

This is usually pretty easy, you can use ldd to check if libpam is in use:

comp:/home # ldd /usr/sbin/sshd | grep pam
   libpam.so.0 => /lib64/libpam.so.0 (0x02209ddace0105400)

comp:/home # ldd /bin/su | grep pam
   libpam.so.0 => /lib64/libpam.so.0 (0x02999ddace0105400)
   libpam_misc.so.0 => /lib64/libpam_misc.so.0 (0x12211ddace1105400)

To read the rest of this post it can be found on my new blog here:

https://pureooze.com/blog/posts/2016-08-07-what-is-pam/

---

What is PAM? was originally published in Information & Technology on Medium, where people are continuing the conversation by highlighting and responding to this story.

[caption id=“attachment_10199” align=“alignright” width=“300”] Come join us![/caption]After the recent news, we are now back on stage and with this blog we want to point you to our open positions. Yes, we are hiring people to work on ownCloud. ownCloud is an open source project, yes, but ownCloud GmbH, the company behind the project, provides significant people’s power to expand the project to serve the needs for both the community and ownCloud GmbH’s customers. So if you ever dreamed of getting paid for work on open source, read on.

What we do - what you will work on

The call is for people who understand the vision of bringing the idea ownCloud to an enterprise ready level: ownCloud is not only running on individual open source enthusiasts hardware, but also on sites with huge amounts of data like CERN or the Sciebo project, and at large companies who want to work with their data in a secure way.

To provide the best solution for all of them we are looking for:

A System Administrator

In this role, you make sure that the infrastructure that we use in ownCloud is up and running. That involves troubleshooting and streamlining existing infrastructure, but also designing new services. If you love virtualization of all kinds and have an eye for security, this position is for you. Of course all this does not only happen behind closed doors, but you will be in contact with the open source community around ownCloud.

The Application Security Engineer

For security professionals who would like to take on a high profile open source project. As security is one of the core values of ownCloud, we are looking for somebody who constantly monitors the code flowing in for security problems, is able to find glitches in existing code and handle the bug bounty program. That and more is the task of this high profile position.

A Software Engineer PHP

For engineers with a passion for good software design and a love for writing code without being code monkeys: In this role you iron the server part of our platform, build new features, work on fixing bugs with the support colleagues and bother the architect with new ideas how to make the thing even better. For this you need to urge to get down and dirty with code, feel yourself comfortable in a team of high profile developers who can teach you things and learn from you.

PHP or what?

Yes, ownCloud is written in PHP, and PHP is the most important, but by far not the only language that we use for the ownCloud platform.

Before you turn your back because of PHP, please think twice. There are a lot of good reasons why we are going with PHP, some of them are named in this blog, but there is more: For example PHP7: With PHP 7 (which can be used with ownCloud) the language has caught up with many criticism it faced before and has done a big leap.

And anyway, the language of a system is not the only thing that is important in a developers life. It is rather how many people use, love and recommend the project and the development processes the team lives. And in all that points, ownCloud is already awesome, and will become even more with your help.

Send your resume in to work@owncloud.com so we can get talking!

This is one of many ways to create a virtual machine. This way starts with a hard disk image.

NAME=sles12sp2b4
IMG=https://example.com/images/SLE_12_SP2_Beta4-x86_64-default.qcow2
wget -O /var/lib/libvirt/images/$NAME $IMG
virt-install --name $NAME \
       --ram 2048 --graphics type=vnc \
       --network bridge=br0 \
       --import \
       --disk bus=virtio,path=/var/lib/libvirt/images/$NAME

For IMG I used a SUSE-internal server with SLEnkins images.
The tricky part is knowing the right value for the --disk bus setting. At first I used the default but the machine wouldn't boot because it would see /dev/sda instead of /dev/vda it was expecting.

I’m often approached by people who wish to translate opensuse-guide.org to their respective languages, which is awesome, but managing translations would be too much work for me. So instead I encourage people to create a derivative work of the guide in their own language – it’s licensed under the GNU Free Documentation License with no invariant sections.

Recently derivatives have been created for Arabic and Spanish by Sadig Osman and victorhck respectively.

Moved to GitHub

I have now made it a whole lot easier for people to fork opensuse-guide.org by putting the guide on github. This also makes it much easier for maintainers of derivative works to keep track of the on-going changes and updates I make to the guide.

The HTML isn’t particularly pretty, and I probably still have some Danish language comments here and there. But please go ahead and fork me.

...always remember, that you also need to change /usr/lib/obs/server/BSConfig.pm:

# Allow to build as root, exceptions per package
# the keys are actually anchored regexes
our $norootexceptions = {
        "my-project/root-package" => 1,
        "dev-projects.*/other-package" => 1,
};

• OpenStack and Ceph @ Converged Microservers - On the Austin Summit the Ceph Community and WDLabs presented about running a 4 Petabyte Ceph cluster on ethernet attached Converged Microserver He8 drives. WDLabs provided access to early production devices for key customers for early adoption and feedback. This talk will provide insight into our experience with running a Ceph cluster on these devices as a storage provider for our OpenStack environment.
• Vanilla or distributions: How do they differentiate? - If it comes to OpenStack there is always the question: vanilla or a distribution. You have the agony of choice, it will highly depend on your usecase and organization. We will take a look behind the curtain of the OpenStack products. What should you know about the offerings? Is there anything you may should evaluate before you choose a solution? There is more to take a look at than only the OpenStack product itself if you include also e.g. KVM and Ceph. What about the base distributions and support?

Recently we implemented Tally ERP 9 solution for Antico Pumps. That itself is not interesting, the interesting part is they are using LTSP Fat client system on openSUSE. They have only one server from which all their client computers boot over the network, the clients do not have hard disk, client OS with all softwares they need including wine(Tally is Windows only software), as well as users’ data resides on the server. Once the client boots all the local resources are used so single low power server can be used to serve many clients.

Tally multiuser is served from a Samba share  on a NAS device, Tally folder is copied to samba share and path to Tally Data is changed so that it points there. Everything they need including printing and export(CSV) works from all clients. Same way Tally can be run on standalone computers. Neither Tally, Wine or openSUSE are modified for getting it working as it would under Windows environment.

Intex Aqua Fish

A few days ago the Intex Aqua Fish became publicly available. This is the first 3rd party phone officially running SailfishOS from Jolla.

Unfortunately the phone is only for sale in India currently, for the price of 5.499 rupees (roughly 80 (eighty) USD!). If you are in India you can get it from one of these outlets:

• http://www.ebay.in/itm/Intex-Aqua-FISH-with-Qual-Comm-Snapdragon-4G-2GB-RAM-16GB-ROM-8-0-2-0-/142056036614
• http://www.ebay.in/itm/Intex-Aqua-Fish-4G-LTE-with-Qualcomm-Snapdragon-5-2GB-RAM-16-GB-8MP-/282098603976
• http://www.amazon.in/Intex-Aqua-Fish-Orange/dp/B01IHFLXB4/ref=sr_1_1?s=electronics&ie=UTF8&qid=1469012735

I’m told that build quality and camera are pretty decent, especially considering the price. The performance is very good, as you would expect, SailfishOS 2.0 is running very smooth even on the Jolla Phone which has much lower specs than the Intex Aqua Fish.

SailfishOS

SailfishOS stands out because of:

• Very elegant and efficient swipe based UI great for one-handed use
• Long battery life
• The Android runtime letting you run most Anodroid apps
• Real multitasking
• Proper GNU/Linux system underneath including use of SUSE technologies like libzypp, zypper and Open Build Service.
• It’s based in Finland and started by ex-Nokia people.

Other options

Recently Jolla sold a few hundred identical phones aimed at the developer community, but they sold out in a matter of hours. So for the time being the rest of us not in India, are left jealously waiting for the Turing Phone to become widely available or for Fairphone to officially offer Sailfish as an option. Or hoping for Intex to start offering the phone globally, or for some other entrepreneurial people to start exporting it.

Hi! Do you know what is Rails? Do you also know what is an RPM? And more important, are you looking for a job?

If your answer is "yes", "yes" and "yes", check this job offer

https://jobs.suse.com/job/germany/rails-maintainer-global-location/3486/2468208

We are looking for you!