Planet OpenNMS

November 16, 2022

November 2022 Releases – Horizon 31.0.1

Horizon 31.0.1

Release 31.0.1 is a small out-of-band release to address some issues found during 31.0.0 testing.

It contains a few small changes including a fix for unusually large docker images and some other small bug fixes,
as well as some updates to the new Quick Start Guide and a fix to the installation instructions for the Cortex plugin.

Please note there is a known issue that only one plugin entry shows up in the navigation bar's "Plugins" menu, even if multiple plugins are installed.
Only ALEC users who install the cloud connector are impacted.
ALEC users therefore should avoid the Cloud Services Connector plugin until a new release fixes the underlying bug.

For a high-level overview of what has changed in Horizon 31, see What’s New in OpenNMS Horizon 31.

For a complete list of changes, see the changelog.

The codename for Horizon 31.0.1 is Oreo.

The post November 2022 Releases – Horizon 31.0.1 appeared first on The OpenNMS Group, Inc..

by Morteza Ershad-Manesh at November 16, 2022 09:51 PM

November 09, 2022

November 2022 Releases – Horizon 31.0.0, Meridians 2022.1.9, 2021.1.21, 2020.1.29, 2019.1.40

In November, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 31.0.0.

Meridian Stable Updates

Meridians 2019.1.40, 2020.1.29 , 2021.1.21 , and 2022.1.9 contains a handful of bug and security fixes, and a couple of back-ported enhancements.

For a list of changes, see the release notes:

Horizon 31.0.0

Release 31.0.0 is a new major release.

It contains several new features, including the Cloud Services Connector with Time Series DB support and a new quick-start guide.

Notable enhancements include integration of the Horizon 30 "UI Preview" items into the main UI and performance improvements to network topology discovery.
It also includes an important bug fix correcting a regression that rendered Horizon 30 unable to run in OpenShift environments, besides many other important bug and security fixes.

For a high-level overview of what has changed in Horizon 31, see What’s New in OpenNMS Horizon 31.

For a complete list of changes, see the changelog.

The codename for Horizon 31.0.0 is Doppelkeks.

The post November 2022 Releases – Horizon 31.0.0, Meridians 2022.1.9, 2021.1.21, 2020.1.29, 2019.1.40 appeared first on The OpenNMS Group, Inc..

by Morteza Ershad-Manesh at November 09, 2022 04:51 PM

October 27, 2022

2022 Cybersecurity Awareness Month

October’s Cybersecurity Awareness Month seems like a great time to discuss the improvements we are making at The OpenNMS Group to improve our security practices.

For almost 20 years, OpenNMS staff developers and the open source contributor community have partnered to create robust and secure network monitoring platforms available in community-driven (Horizon) and enterprise-ready (Meridian) distributions..

Because OpenNMS deployments have access to sensitive network data within organizations, our developers have always diligently watched for security issues and responded quickly to address significant problems when needed. Security at OpenNMS was collectively “owned” by everyone.

In 2021, I joined OpenNMS as Chief Information Security Officer and began formalizing our security program. Although I still want security as part of everyone’s job, I also wanted our new security team to align our security program to industry standard practices, by making the following improvements:

  • Adopt the ISO/IEC 27001/2 Information security, cybersecurity, and privacy protection framework for the OpenNMS Security Program.
  • Create new Information Security Standards (“rules”) aligned to ISO. We completed phase one in June 2022.
  • Revise our internal software development, operations, and business processes to better align to our new security standards and ISO. We expect to complete this phase two work by year-end 2022.
  • In 2023, we will conduct an audit of our security program to ensure alignment to security best practices as described in ISO 27001/2.
  • Updated our privacy practices to ensure compliance with GDPR and CCPA privacy regulations.
  • OpenNMS recently became a CVE numbering authority (CNA) so that we can now feed vulnerability remediation information into the global CVE database maintained by the non-profit MITRE Corporation. This allows our customers to use industry-standard tools to quickly detect and remediate reported vulnerabilities within our software.
  • Engaged an outside firm to increase security penetration testing for our products and services. Previously all security testing was in-house or by the open-source community, which remain valuable sources of security testing.

We welcome any questions or feedback regarding these security improvements via email (security@opennms.com) or our customer support team. And thank you for using and contributing to OpenNMS projects and products.

Jeff Jancula, Chief Information Security Officer

The post 2022 Cybersecurity Awareness Month appeared first on The OpenNMS Group, Inc..

by Jeff Jancula at October 27, 2022 05:03 PM

October 17, 2022

Celebrate Open Source during Hacktoberfest 2022

Hacktoberfest is an annual, month-long celebration of open source software driven by Digital Ocean. During this event everyone can support open source by contributing changes, and earn some limited-edition swag.

We would like to invite you to participate and contribute to the OpenNMS project. There are many ways to contribute: you can work on code or documentation. Generally speaking, any pull request in our GitHub repositories qualifies.

How to contribute

First, visit the Hacktoberfest website to register for the event. Second, contribute to any open source project.

Our software is developed under AGPLv3 on GitHub. You are welcome to contribute to any repository in this organization. The procedure on how we manage and track issues and deal with pull requests is described in our how to contribute guide in our Discourse forum. You will also find information on how to connect with people in our community for further questions and help.

You can freely create an account in our JIRA. We have collected some issues (marked quickwin or quickwindoc) in our issue tracker that are reasonable candidates to claim for the event. Claim a ticket by assigning it to your user name and click the "Start Progress" button.

Feel free to join our Mattermost chat server and pop in to the OpenNMS Development channel if you have any questions or want some guidance on where to start.

Hack the planet!

The post Celebrate Open Source during Hacktoberfest 2022 appeared first on The OpenNMS Group, Inc..

by Ronny at October 17, 2022 08:00 PM

October 12, 2022

October 2022 Releases – Horizon 30.0.4, Meridians 2022.1.8, 2021.1.20, 2020.1.28, 2019.1.39

In October, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 30.0.4.

Meridian Stable Updates

Meridians 2019.1.39, 2020.1.28 , 2021.1.20 , and 2022.1.8 contains a handful of bug and security fixes, and a couple of back-ported enhancements.

For a list of changes, see the release notes:

Horizon 30.0.4

Release 30.0.4 contains quite a few bug and security fixes and a number of enhancements.

For a high-level overview of what has changed in Horizon 30, see What’s New in OpenNMS Horizon 30.

For a complete list of changes, see the changelog.

The codename for Horizon 30.0.4 is Capybara.

The post October 2022 Releases – Horizon 30.0.4, Meridians 2022.1.8, 2021.1.20, 2020.1.28, 2019.1.39 appeared first on The OpenNMS Group, Inc..

by Morteza Ershad-Manesh at October 12, 2022 03:18 PM

October 03, 2022

OpenNMS On the Horizon – October 3rd, 2022

It's time once again for OpenNMS On the Horizon.

Since last time, we worked on documentation (SNMP poller, Trapd, Enlinkd, requisitions, quick start guide), Enlinkd refactoring, Docker container scanning, Horizon Stream (Keycloak integration, operator config, port forwarding, metrics, PostgreSQL auth, CI, Minion gateway, Kafka, docs, PagerDuty, ignite tests, Helm charts, UI navigation), event improvements, Sonar and code coverage, ALEC (API, test coverage, UI), tests (CI improvements, device config backup, logging), time-series off-heap support, provisioning, cookies and CSRF, JavaScript dependencies, Helm (AngularJS to React transition), and UI preview integration.

Github Project Updates

Internals, APIs, and Documentation
  • Mark Mahacek worked on SNMP poller and Trapd documentation
  • Antonio refactored some Enlinkd scheduling classes out into core/daemon
  • Morteza worked on Docker container security scanning
  • I worked on backporting Docker changes to foundation-2022
  • Gerald did more work on the Keycloak integration in Horizon Stream
  • Dmitri continued his work on poller config support in OPA
  • Antonio added some test coverage for Enlinkd startup
  • Antonio made a bunch of updates to Enlinkd documentation
  • Emily worked on a bunch of cleanups to the requisition docs
  • Jeffrey-David Kapp did a bunch of simplifications to operator config and port forwarding for Stream
  • Thomas started implementing datachoices metrics in Stream
  • Gerald enabled configuring PostgreSQL authentication in Stream
  • Jason continued his work on a CI pipeline for Stream
  • Łukasz and Mark Frazier did more work on the Minion gateway in Stream
  • Mark Mahacek worked on a number of event formatting and reduction key improvements
  • I worked on fixing up Sonar runs in foundation-2022 including supporting code coverage from smoke tests
  • James fixed some Kafka-related test failures in Stream
  • Ronny worked on some doc changes in Stream
  • Benjamin Janssens worked on adding and removing alarms from situations in ALEC
  • Mike Rose worked on the PagerDuty integration in Stream
  • Arthur worked on ignite integration in Stream test infrastructure
  • Bonnie worked on service availability info in the quick start guide
  • Emily worked on baseline and notifications docs in the quick start guide
  • I fixed some CI fallout from recent integration test container changes
  • Alexander worked on creating a device config backup smoke test
  • I fixed maven signing in the ALEC release CI
  • Gerald worked on helm chart improvements in Stream
  • Morteza worked on speeding up smoke tests by combining them in a single CircleCI job
  • I changed a bunch of AbstractMockDao logging to trace-level, it's way too chatty when running tests
  • Freddy worked on some buffering improvements in time-series off-heap caching
  • Sean fixed an issue with an NPE in provisioning when the web UI is run independent of the backend
Web, REST, UI, and Helm
  • Christian made some changes to default cookie handling and CSRF tokens for forms
  • I worked on modernizing some of our javascript dependencies
  • Chinh Le reworked the Horizon Stream navigation
  • Benjamin Janssens worked on test coverage for the ALEC UI
  • Anya worked on pagination and search in the ALEC UI
  • Rob did more work on fixing an add issue with limits in the location REST API
  • Scott worked on converting Helm's AngularJS components to React
  • Scott did some initial work to integrate the new UI and menu bar
Contributors

Thanks to the following contributors for committing changes since last OOH:

  • Chinh Le
  • Scott Theleman
  • Łukasz Dywicki
  • Benjamin Reed
  • Mark Frazier
  • Dmitri Herdt
  • Christian Pape
  • Sean Torres
  • Gerald Humphries
  • Anya Rybalova
  • Bonnie Robinson
  • Morteza Ershad-Manesh
  • Freddy Chu
  • Emily Marsh
  • Benjamin Janssens
  • Alexander Chadfield
  • Thomas Bigger
  • Scott Thompson
  • Mark Mahacek
  • Jeffrey-David Kapp
  • Arthur Naseef
  • Mike Rose
  • Rob Ellis
  • Antonio Russo
  • Alberto Ramos
  • James Hutchinson
  • Ronny Trommer
  • Jason Berry

Coming Soon: JIRA Migration

We will be migrating our JIRA issue-tracker from a self-hosted version to Atlassian's cloud version.
I don't have a timeline for this yet, but expect it in the coming months.

If you currently have an account at the OpenNMS issue tracker your account should already be migrated to JIRA Cloud, but you will need to perform a password reset with the "Can't log in?" link before you can log in.

Hacktoberfest

It's that time of year again!

Hacktoberfest 2022 has started, and it is once again time to make open source projects better and maybe get a t-shirt in the process. ;)

OpenNMS is participating and we've got a bunch of issues marked quickwin or quickwindoc in our issue tracker if you'd like to play along.

Feel free to join our Mattermost chat server and pop in to the OpenNMS Development channel if you have any questions or want some guidance on where to start.

Happy hacking!

Releases and Roadmap

Upcoming Releases

OpenNMS is on a monthly release schedule, with releases happening on the second Wednesday of the month.

The next OpenNMS release day is October 12th, 2022.

We currently expect updates to all supported Meridians, plus Horizon 30.

Next Horizon: 31 (Q4 2022)

The next major Horizon release will be Horizon 31.

It will contain a number of improvements, including:

  • a refactoring of flow APIs including support for some flow hooks in the plugin API (plugin API 1.1.0+)
  • major improvements and refactoring in Enlinkd's bridge topology mapping and collection scheduling
  • a bunch of improved analytics in our datasources plugin
  • support for Hashicorp Vault in SCV
  • promoting a number of the "UI preview" enhancements to become part of the main UI
  • improvements to the requisitions REST API
  • a new Quick Start Guide in the documentation
Next Meridian: 2023 (Q1 2023)

Meridian 2023 is still reasonably early in its development cycle, but you can expect it to contain, at the very least, the work that's going into Horizon 30.

Meridian 2019 EOL in November

Meridian releases are supported for 3 years.
The initial Meridian 2019 happened pretty late in the year, so its 3-year birthday will be November 6th, 2022.
The November 9th release cycle will be the final release as it rolls out of active support.

Disclaimer

Note that this is just based on current plans; dates, features, and releases can change or slip depending on how development goes.

The statements contained herein may contain certain forward-looking statements relating to The OpenNMS Group that are based on the beliefs of the Group’s management as well as assumptions made by and information currently available to the Group’s management. These forward-looking statements are, by their nature, subject to significant risks and uncertainties.

...We apologize for the excessive disclaimers. Those responsible have been sacked.

Mynd you, møøse bites Kan be pretti nasti...

We apologise again for the fault in the disclaimers. Those responsible for sacking the people who have just been sacked have been sacked.

Calendar of Events

All Things Open - Raleigh, NC - October 30th through November 2nd, 2022

All Things Open is local to our headquarters, and is a truly fantastic event.
We love it so much, we will be the exclusive live stream sponsor. 😉

We'll also have a booth in the exhibition hall.
A bunch of OpenNMS folks will be attending and/or helping out in the booth, so please be sure to say hi!

Open Source Monitoring Conference - Nuremberg, Germany - November 14th through 16th

The OpenNMS Group is a gold sponsor of OSMC this year, and will have a booth as well.
Stop by and say hello!

Until Next Time…

If there’s anything you’d like me to talk about in a future OOH, or you just have a comment or criticism you’d like to share, don’t hesitate to say hi.

- Ben

Resolved Issues Since Last OOH

  • ALEC-142: Situation Storage: Implement situation storage to definite location.
  • ALEC-178: Sonar Cloud Security Grade A - Figure out What We Need to Fix and Report the List
  • ALEC-180: Investigate MIMIC to test ALEC
  • ALEC-183: Fix visual bugs - release 2.1.x
  • ALEC-191: Backend - Create endpoint to add/remove alarms from situation
  • HS-117: Release tags for Docker Images and Github
  • HS-127: Ingress update for latest k8s versions
  • HS-129: Allow for instance specific SSL certs
  • HS-140: Cleanup UI yaml and entrypoint.sh for hs ui image
  • HS-234: Add notifications GQL mutation when service is available
  • HS-282: Elasticsearch pod stuck pending
  • HS-310: Remove manual steps from dev environment setup
  • HS-339: Stats: Implement Phase 1 Metrics collection
  • HS-344: Grafana test and config for operator
  • HS-354: Expose notifications endpoints through GQL
  • HS-368: Strimzi Kafka memory usage
  • HS-370: Get ingress to use port 80, https as well.
  • HS-380: FE - Add store unit tests
  • HS-382: Keycloak realm import from Keycloak operator sometimes fails when deployed into Kind
  • HS-384: Error from first Keycloak realm import: "Key (name)=(master) already exists."
  • HS-395: Dynamic imports only work in local dev
  • HS-397: Research/prototype with different charting libraries
  • HS-402: Update and fix Vitest config to handle latest Featherds versions
  • HS-403: Repo cleanup: remove local-sample
  • HS-407: AlarmKafkaConsumerIntegrationTest.testProducingAlarmWithConfigSetup fails intermittently
  • HS-409: Convert any ConfigMaps that store sensitive info to Secrets
  • HS-410: Enable Postgres authentication
  • HS-411: Allow Operator to generate passwords with special characters
  • HS-412: Handle TLS properly across Helm chart
  • HS-416: Keycloak password is showing in Core logs
  • HS-420: Allow configuration of ingress port numbers in Operator/CRD
  • HS-423: UX competitive analysis on 5 competitors
  • NMS-9334: BSMAdminIT flapping
  • NMS-14125: Discourage and optimize use of cci build workspace
  • NMS-14397: EnhancedLinkd Collection priority Scheduling
  • NMS-14450: VMware requisition import fail with "Problem getting input stream: '{}'"
  • NMS-14520: Build MOS dashboard and supporting components
  • NMS-14539: Identify web UI styling quick wins
  • NMS-14593: Populate Velocloud Partner Requisition with Gateway Nodes
  • NMS-14617: Quick Start: Set up a threshold
  • NMS-14660: MOS CDR: Grafana/Helm Integration, display MOS data
  • NMS-14671: Add documentation for partial configuration modification via REST
  • NMS-14716: Form Can Be Manipulated with Cross-Site Request Forgery (CSRF)
  • NMS-14717: Session Cookie (Authentication Related) Does Not Contain The "HTTPOnly" Attribute
  • NMS-14724: backport CircleCI and Docker enhancements from develop to release-30.x
  • NMS-14729: Add new handling options for the snmp provisioning metadata adapter
  • NMS-14731: Can the OG nav-bar coexist with a Feather / Vue app?
  • NMS-14740: Kafka Producer NPE causes collection failure overall
  • NMS-14763: Add Priority Executor Classes
  • NMS-14771: Move Common Adapter Enlinkd classes to Core
  • NMS-14772: Implement connection manager
  • NMS-14773: Provide SubNetwork Classes for Enhanced Linkd
  • OIA-45: OIA Add interface for poller-configuration

The post OpenNMS On the Horizon – October 3rd, 2022 appeared first on The OpenNMS Group, Inc..

by RangerRick at October 03, 2022 07:47 PM

September 26, 2022

OpenNMS On the Horizon – September 26th, 2022

It's time once again for OpenNMS On the Horizon.

Since last time, we worked on pyroscope profiling, CircleCI improvements, documentation (Grafana dashboard, Quick Start guide, Trapd, graphQL notification query, requisition REST), Horizon Stream (Minion gateway and heartbeat, operator improvements, JMX, Helm charts, PagerDuty, discovery), Sonar bug fixes, OPA (Poller Config and time-series offheap persistence), SNMPv3 traps, Enlinkd, Graphite time-series, smoke tests, flow classification, Provisiond config validation, SNMP metadata provisioning, Helm improvements, ALEC UI, startup progress bar, and web form fixes.

Github Project Updates

Internals, APIs, and Documentation
  • DJ worked on adding support for Pyroscope profiling
  • Morteza tested out reducing build container sizes for RPM/Debian builds
  • Morteza worked on cleaning up some output in the dynamic config scripts
  • Mark Mahacek worked on the grafana dashboard docs
  • Bonnie and Emily did more work on the quick start guide including performance data, system baseline, and thresholding info
  • Morteza fixed some issues in experimental build triggering in dynamic config
  • Mark Frazier did some more work on the Minion gateway in Horizon Stream
  • Yang Li worked on bringing some JMX code over to Stream
  • Gerald did some more work on Helm charts in Stream
  • I worked on cleaning up some leftover Sonar stuff from DevJam
  • Łukasz continued his work on twin/RPC for the Minion gateway
  • Arthur worked on some SNMP utility and testing code in Stream
  • Emily cleaned up the JDK references and some other formatting in the deployment guide
  • Jeffrey-David Kapp worked on some namespace code for the Keycloak operator in Stream
  • I fixed the ActiveMQ initialization to happen lazily so it doesn't yell if not configured
  • James updated the Stream PagerDuty integration to attach alarm details to the payload
  • Chandra continued his work on discovery in Stream
  • Dmitri worked on poller config support in OPA
  • Freddy continued to work on OPA time-series persistence
  • Arthur and Mark Frazier added Minion heartbeat processing in Stream
  • Alex implemented no-op message processors for ignoring spurious chunks in SNMPv3 traps
  • Bonnie added Trapd to the daemon reference
  • I did a bunch of optimization work in our CircleCI pipeline to reduce network usage
  • Antonio refactored the NetworkBuilder used in Enlinkd tests
  • Antonio worked on Enlinkd per-protocol scheduling intervals
  • Alexander worked on fixing the flapping BSM admin integration test
  • Thomas worked on usage statistics in Stream
  • Dustin did more work on flow classification improvements
  • Dmitri added some validation to Provisiond config loading
  • Scott improved the Graphite time-series adapter to support setting the node in groovy scripts
  • Antonio updated our InetAddress tools to include some Netmask-related utility functions
  • Gerald refactored a bunch of configs related to startup in Stream
  • Sean added support for keeping some metadata when the SNMP provisioning adapter runs
  • Jason Berry worked on a bunch of Horizon Stream CI/CD improvements
  • Morteza worked on security scanning our Docker images when we build them
  • DJ implemented a startup progress bar
  • Antonio worked on an improved bridge topology algorithm in Enlinkd
Web, REST, UI, and Helm
  • I cleaned up some branch merge and other CircleCI stuff in Helm
  • Chinh Le worked on the Horizon Stream events table
  • I worked on updating some dependencies in our JavaScript build
  • Anya worked on filtering in the ALEC UI, as well as some bug cleanup
  • Mike Rose fixed up some UI dynamic import code in Stream
  • Christian added CSRF tokens to a bunch of web forms
  • James added graphQL support for notification queries in Stream
  • Emily updated the requisition REST documentation
Contributors

Thanks to the following contributors for committing changes since last OOH:

  • Antonio Russo
  • DJ Gregor
  • Emily Marsh
  • Arthur Naseef
  • Benjamin Reed
  • Bonnie Robinson
  • Jason Berry
  • Morteza Ershad-Manesh
  • Yang Li
  • Łukasz Dywicki
  • Mark Frazier
  • Freddy Chu
  • Benjamin Janssens
  • Dmitri Herdt
  • James Hutchinson
  • Christian Pape
  • Chinh Le
  • Sean Torres
  • Dustin Frisch
  • Gerald Humphries
  • Chandra Gorantla
  • Scott Theleman
  • Anya Rybalova
  • Mark Mahacek
  • Mike Rose
  • Alexander Chadfield
  • Jeffrey-David Kapp
  • Thomas Bigger
  • Alex May
  • Rob Ellis
  • Patrick Schweizer

Coming Soon: JIRA Migration

We will be migrating our JIRA issue-tracker from a self-hosted version to Atlassian's cloud version.
I don't have a timeline for this yet, but expect it in the coming months.

If you currently have an account at the OpenNMS issue tracker your account should already be migrated to JIRA Cloud, but you will need to perform a password reset with the "Can't log in?" link before you can log in.

Releases and Roadmap

Upcoming September Releases

OpenNMS is on a monthly release schedule, with releases happening on the second Wednesday of the month.

The next OpenNMS release day is October 12th, 2022.

We currently expect updates to Horizon 30.

Next Horizon: 31 (Q4 2022)

The next major Horizon release will be Horizon 31.

It will contain a number of improvements, including:

  • a refactoring of flow APIs including support for some flow hooks in the plugin API (plugin API 1.1.0+)
  • major improvements and refactoring in Enlinkd's bridge topology mapping and collection scheduling
  • a bunch of improved analytics in our datasources plugin
  • support for Hashicorp Vault in SCV
  • promoting a number of the "UI preview" enhancements to become part of the main UI
  • improvements to the requisitions REST API
  • a new Quick Start Guide in the documentation
Next Meridian: 2023 (Q1 2023)

Meridian 2023 is still reasonably early in its development cycle, but you can expect it to contain, at the very least, the work that's going into Horizon 30.

Disclaimer

Note that this is just based on current plans; dates, features, and releases can change or slip depending on how development goes.

The statements contained herein may contain certain forward-looking statements relating to The OpenNMS Group that are based on the beliefs of the Group’s management as well as assumptions made by and information currently available to the Group’s management. These forward-looking statements are, by their nature, subject to significant risks and uncertainties.

...We apologize for the excessive disclaimers. Those responsible have been sacked.

Mynd you, møøse bites Kan be pretti nasti...

We apologise again for the fault in the disclaimers. Those responsible for sacking the people who have just been sacked have been sacked.

Calendar of Events

All Things Open - Raleigh, NC - October 30th through November 2nd, 2022

All Things Open is local to our headquarters, and is a truly fantastic event.
We love it so much, we will be the exclusive live stream sponsor. 😉

We'll also have a booth in the exhibition hall.
A bunch of OpenNMS folks will be attending and/or helping out in the booth, so please be sure to say hi!

Open Source Monitoring Conference - Nuremberg, Germany - November 14th through 16th

The OpenNMS Group is a gold sponsor of OSMC this year, and will have a booth as well.
Stop by and say hello!

Until Next Time…

If there’s anything you’d like me to talk about in a future OOH, or you just have a comment or criticism you’d like to share, don’t hesitate to say hi.

- Ben

Resolved Issues Since Last OOH

  • HELM-346: Docs for 8.0.1 did not publish
  • HS-249: Grafana support in the Operator
  • HS-252: Stabilize local-sample/ & Sync It with Skaffold Build
  • HS-318: GeoMap and Topology Contextual Actionable Intelligence LF Wireframes
  • HS-337: Stats: Create platform module for data choices
  • HS-338: Stats: Make REST call to post data choices to UsageStatsHandler
  • HS-362: FE - Add events and metric to device page
  • HS-363: FE - Use widget to display device event table
  • HS-364: Auto update config to subscribed modules
  • HS-366: Single Keycloak operator instance
  • HS-369: Once opennms/horizon-stream-notification repo has been added to Dockerhub, create a github actions pipeline to publish it
  • HS-379: Add Event Driven Discovery for Trapd
  • HS-394: Notifications: Add alarm to custom details
  • HS-396: Migrate and save JMX config in Json config store.
  • NMS-12629: Trapd is missing in the docs
  • NMS-14158: provide documentation for DCB feature
  • NMS-14220: Leaflet geo-map bug roundup
  • NMS-14221: H30 upgrades should not hurt
  • NMS-14222: Things that need updating to work well with Grafana 8.x
  • NMS-14223: Dependencies that need upgrading in H30
  • NMS-14241: Enable authorized web users to edit config files in OPENNMS_HOME/etc
  • NMS-14251: Make sure the DCB config files are in working order
  • NMS-14647: Cortex TSS release prep
  • NMS-14659: MOS CDR Processor: Tie to node
  • NMS-14670: DCB fails on newly provisioned nodes
  • NMS-14672: Velocloud API v1 / v2 support
  • NMS-14711: Release Work (September)
  • NMS-14718: Duplicate V3 trap security names causing spurious errors on non V3 traps
  • NMS-14752: On saving of the provisiond configuration must be ensured, that all requsition-def's have unique names
  • NMS-14756: Update QS based on ONMSU feedback
  • NMS-14762: Refactor Enlinkd Test NetworkBuilder Class
  • NMS-14764: Set Up Enlinkd schedule time interval based on protocols
  • NMS-14770: MOS CDR Processor: Send to multiple OpenNMS instances
  • NMS-14774: Add network/netmask tools to InetAddressUtils
  • NMS-14775: Ability to Assign Device Configuration Backup to Foreign Source

The post OpenNMS On the Horizon – September 26th, 2022 appeared first on The OpenNMS Group, Inc..

by RangerRick at September 26, 2022 10:18 PM

September 21, 2022

OpenNMS.js v2.5.1

2.5.1 is a small release with just dependency updates, most notably moment.js and moment-timezone, plus minor bumps to Grafana dependencies.

What's Changed

  • build(deps-dev): bump typescript from 4.8.2 to 4.8.3 by @dependabot in #402
  • build(deps-dev): bump eslint from 8.23.0 to 8.23.1 by @dependabot in #403
  • build(deps-dev): bump @babel/preset-env from 7.19.0 to 7.19.1 by @dependabot in #404
  • build(deps): bump core-js from 3.25.0 to 3.25.2 by @dependabot in #406
  • build(deps-dev): bump @babel/plugin-transform-runtime from 7.18.10 to 7.19.1 by @dependabot in #407
  • build(deps): bump @babel/runtime-corejs3 from 7.19.0 to 7.19.1 by @dependabot in #408
  • build(deps-dev): bump typedoc from 0.23.14 to 0.23.15 by @dependabot in #409
  • build(deps-dev): bump @babel/core from 7.19.0 to 7.19.1 by @dependabot in #410
  • build(deps-dev): bump @antora/cli from 3.1.0 to 3.1.1 by @dependabot in #411
  • build(deps-dev): bump @antora/site-generator-default from 3.1.0 to 3.1.1 by @dependabot in #412

Full Changelog: v2.5.0...v2.5.1

by RangerRick at September 21, 2022 02:51 PM

September 19, 2022

OpenNMS On the Horizon – September 19th, 2022

It's time once again for OpenNMS On the Horizon.

Last week was DevJam, so keep that in mind when you get excited about some of the projects you see. ;)
Plenty of these are proof-of-concept work that may or may not make it into a release.

Anayway, since last time, we worked on Horizon Stream (Minion RPC and gateway, operator improvements, hashicorp vault support, device UI and events), documentation (quick start guide, grafana, flows), OpenTelemetry, VNC integration, Sonar (CI workflow, bug fixes), Enlinkd scheduling and OSPF area support, and hashicorp vault SCV integration (including REST).

Github Project Updates

Internals, APIs, and Documentation
  • DJ continued his work on moving from OpenTracing to OpenTelemetry
  • Łukasz did more work on Minion RPC in Horizon Stream
  • Arthur, Łukasz, and Mark continued the work on the Minion gateway in Stream
  • Thomas worked on a proof-of-concept VNC integration
  • Dmitri started to add support to OPA for adding poller config
  • Dustin did more work on twin API filter improvements
  • I worked on cleaning up our Sonar CI workflows(s)
  • Maxim, Benjamin Janssens, Ivan, Kim, and I worked on fixing issues detected by Sonar
  • Antonio continued his work on improving Enlinkd collection scheduling
  • Dustin and Freddy worked on adding support for flow processing to the Minion
  • Gerald did more work on operator workflow with Skaffold/Tilt in Stream
  • Jerry switched a bunch of Stream's configs to use hashicorp vault storage
  • Chandra worked on hashicorp vault support in SCV
  • I fixed a bug in our CircleCI integration test "changed project" detection that could cause it to build more than it needed to
  • Bonnie continued to work on improving the Quick Start Guide
  • Mark Mahacek worked on updated Grafana documentation
  • Alberto worked on adding OSPF area support to Enlinkd
  • Dino updated flow documentation
Web, REST, UI, and Helm
  • Chinh Le continued his work on the device UI and event display in Horizon Stream
  • Alex worked on a REST endpoint for SCV and vault config
Contributors

Thanks to the following contributors for committing changes since last OOH:

  • Dustin Frisch
  • Antonio Russo
  • Łukasz Dywicki
  • Mark Frazier
  • Benjamin Reed
  • Chinh Le
  • Freddy Chu
  • Chandra Gorantla
  • Arthur Naseef
  • Alberto Ramos
  • Maxim Brener
  • DJ Gregor
  • Christian Pape
  • Benjamin Janssens
  • Alex May
  • Dmitri Herdt
  • Ivan Trechekas
  • Thomas Bigger
  • Jerry Beuree
  • Dino Yancey
  • Mark Mahacek
  • Bonnie Robinson
  • Gerald Humphries
  • Emily Marsh

Coming Soon: JIRA Migration

We will be migrating our JIRA issue-tracker from a self-hosted version to Atlassian's cloud version.
I don't have a timeline for this yet, but expect it in the coming months.

If you currently have an account at the OpenNMS issue tracker your account should already be migrated to JIRA Cloud, but you will need to perform a password reset with the "Can't log in?" link before you can log in.

Releases and Roadmap

September 2022 Releases - Horizon 30.0.3, Meridians 2022.1.7, 2021.1.19, 2020.1.27, 2019.1.38

In September, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 30.0.3.

Meridian Stable Updates

Meridians 2019.1.38, 2020.1.27 , 2021.1.19 , and 2022.1.7 contains a couple of bug fixes.

For a list of changes, see the release notes:

Horizon 30.0.3

Release 30.0.3 contains quite a few bug fixes as well as number of small features and security fixes.

For a high-level overview of what has changed in Horizon 30, see What’s New in OpenNMS Horizon 30.

For a complete list of changes, see the changelog.

The codename for Horizon 30.0.3 is Chipmunk.

OpenNMS Helm 8.0.1

Helm 8.0.1 is primarily a bugfix release.

It contains a number of small fixes and enhancements to improve querying of nodes and interfaces.

It also contains a large number of node dependency updates.

Please note that Helm is still targeted to Grafana 8.
Work is underway to update to support Grafana 9.

Upcoming September Releases

OpenNMS is on a monthly release schedule, with releases happening on the second Wednesday of the month.

The next OpenNMS release day is October 12th, 2022.

We currently expect updates to Horizon 30.

Next Horizon: 31 (Q4 2022)

The next major Horizon release will be Horizon 31.

It will contain a number of improvements, including:

  • a refactoring of flow APIs including support for some flow hooks in the plugin API (plugin API 1.1.0+)
  • major improvements and refactoring in Enlinkd's bridge topology mapping and collection scheduling
  • more stuff, which I haven't had a chance to go back and enumerate yet, watch this space :D
Next Meridian: 2023 (Q1 2023)

Meridian 2023 is still reasonably early in its development cycle, but you can expect it to contain, at the very least, the work that's going into Horizon 30.

Disclaimer

Note that this is just based on current plans; dates, features, and releases can change or slip depending on how development goes.

The statements contained herein may contain certain forward-looking statements relating to The OpenNMS Group that are based on the beliefs of the Group’s management as well as assumptions made by and information currently available to the Group’s management. These forward-looking statements are, by their nature, subject to significant risks and uncertainties.

...We apologize for the excessive disclaimers. Those responsible have been sacked.

Mynd you, møøse bites Kan be pretti nasti...

We apologise again for the fault in the disclaimers. Those responsible for sacking the people who have just been sacked have been sacked.

Calendar of Events

Grace Hopper Celebration - Orlando, FL - September 20th through 23rd

In addition to our involvement in Open Source Day, Veena Kannan will be presenting a virtual lightning talk at the Grace Hopper Conference titled "Open Source 101 – Myth Buster Edition" at the Grace Hopper Celebration.

Her talk will be Thursday the 22nd, at 11:00am.

All Things Open - Raleigh, NC - October 30th through November 2nd, 2022

All Things Open is local to our headquarters, and is a truly fantastic event.
We love it so much, we will be the exclusive live stream sponsor. 😉

We'll also have a booth in the exhibition hall.
A bunch of OpenNMS folks will be attending and/or helping out in the booth, so please be sure to say hi!

Open Source Monitoring Conference - Nuremberg, Germany - November 14th through 16th

The OpenNMS Group is a gold sponsor of OSMC this year, and will have a booth as well.
Stop by and say hello!

Until Next Time…

If there’s anything you’d like me to talk about in a future OOH, or you just have a comment or criticism you’d like to share, don’t hesitate to say hi.

- Ben

Resolved Issues Since Last OOH

  • NMS-12449: Remote Poller with Minion
  • NMS-13880: Deprecate Blackberry templates
  • NMS-14747: Error using javax.mail.* packages in plugins

The post OpenNMS On the Horizon – September 19th, 2022 appeared first on The OpenNMS Group, Inc..

by RangerRick at September 19, 2022 03:58 PM

September 14, 2022

September 2022 Releases – Horizon 30.0.3, Meridians 2022.1.7, 2021.1.19, 2020.1.27, 2019.1.38

In September, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 30.0.3.

Meridian Stable Updates

Meridians 2019.1.38, 2020.1.27 , 2021.1.19 , and 2022.1.7 contains a couple of bug fixes.

For a list of changes, see the release notes:

Horizon 30.0.3

Release 30.0.3 contains quite a few bug fixes as well as number of small features and security fixes.

For a high-level overview of what has changed in Horizon 30, see What’s New in OpenNMS Horizon 30.

For a complete list of changes, see the changelog.

The codename for Horizon 30.0.3 is Chipmunk.

The post September 2022 Releases – Horizon 30.0.3, Meridians 2022.1.7, 2021.1.19, 2020.1.27, 2019.1.38 appeared first on The OpenNMS Group, Inc..

by Morteza Ershad-Manesh at September 14, 2022 02:58 PM

September 12, 2022

OpenNMS On the Horizon – September 12th, 2022

It's time once again for OpenNMS On the Horizon.

Since last time, we worked on documentation (quick start guide, ALEC, partial config updates, cortex time-series), Horizon Stream (notifications, unit/integration test, ignite detector client, operator, Minion gRPC, Grafana, Keycloak, map UI, widgets, trap processing), SNMP metadata provisioning, ALEC (release work and UI), dynamic CI config, datachoices (notifications and outages, poller fixes), Enlinkd collection scheduling, Docker, offheap storage, dependabot updates, filter rules, Sonar, OpenTelemetry, and Helm.

Github Project Updates

Internals, APIs, and Documentation
  • Sean updated the SNMP metadata provisioning adapter to support incremental changes in addition to replacing all metadata
  • Bonnie and Emily did more work on the quick start guide
  • Benjamin Janssens worked on prepping a new ALEC release, including doc build cleanups and fixing Sonar issues
  • Morteza made some tweaks to the circleci dynamic config
  • James continued his work on notifications support in Horizon Stream
  • I fixed some docker container images relating to ping capabilities
  • Pushkar worked on notifications and outages for datachoices telemetry
  • Mark worked on the ignite detector client in Stream
  • Antonio continued his work refactoring Enlinkd's collection scheduling
  • Gerald got the ignite detector integrated into Skaffold and worked on some other operator fixes in Stream
  • Łukasz refactored some service code for spring injection in Stream
  • Jeffrey-David Kapp did more work on operator startup config for Stream
  • I did some other tuning of docker images
  • Thomas added some asset fields to the database in Stream
  • Freddy did more work on offheap storage improvements
  • Dmitri worked on updating the documentation related to partial config updates
  • Bonnie wrapped up doc changes for the cortex time-series plugin
  • Mark Frazier worked on Minion gRPC routing in Stream
  • Dustin worked on support for generics in the twin API
  • Alexander worked on a fix for accessing the poller config in the device config service
  • Jason worked on enabling github action test runs in Stream
  • I cleaned up the default changes in a jsoup dependabot update
  • Jason tuned memory consumption in the default Stream setup to be less hungry
  • Jeffrey-David Kapp added Grafana and Keycloak to the Kubernetes CRD in Stream
  • I did more work on backporting circle and docker changes to H30 and Meridian 2022
  • Dustin refactored some of the code for how filter rules are tracked
  • I fixed some issues triggered by Sonar as I prepped to make sure sonar submissions are working properly
  • DJ continued his work on OpenTelemetry integration
Web, REST, UI, and Helm
  • Chinh Le continued his work on the map in Horizon Stream
  • Chinh Le started on a device status UI for Stream
  • Mike Rose did more work on improving widgets in the Stream UI
  • Alberto wrapped up a bunch of Helm improvements
  • Chandra worked on REST APIs for event-driven discovery from traps in Stream
  • Anya worked on tests and coverage in the ALEC UI
Contributors

Thanks to the following contributors for committing changes since last OOH:

  • DJ Gregor
  • Jason Berry
  • Mark Frazier
  • Chinh Le
  • Dustin Frisch
  • Łukasz Dywicki
  • Alexander Chadfield
  • Benjamin Reed
  • Bonnie Robinson
  • Morteza Ershad-Manesh
  • Chandra Gorantla
  • Antonio Russo
  • Jesse White
  • Thomas Bigger
  • Jeffrey-David Kapp
  • Benjamin Janssens
  • Emily Marsh
  • James Hutchinson
  • Dmitri Herdt
  • Gerald Humphries
  • Anya Rybalova
  • Pushkar Suthar
  • Freddy Chu
  • Sean Torres
  • Yang Li
  • Alberto Ramos
  • Rob Ellis
  • Mike Rose

Coming Soon: JIRA Migration

We will be migrating our JIRA issue-tracker from a self-hosted version to Atlassian's cloud version.
I don't have a timeline for this yet, but expect it in the coming months.

If you currently have an account at the OpenNMS issue tracker your account should already be migrated to JIRA Cloud, but you will need to perform a password reset with the "Can't log in?" link before you can log in.

Releases and Roadmap

OpenNMS.js 2.5.0 Released

OpenNMS.js 2.5.0 contains a bunch of dependency updates including a move to core-js v3 for compatibility, as well as a few build system cleanups, fixes for querying SNMP interfaces by node ID and a query fix for 0-indexed enums.

Upcoming September Releases

OpenNMS is on a monthly release schedule, with releases happening on the second Wednesday of the month.

The next OpenNMS release day is September 14th, 2022.

We currently expect updates to Horizon 30 and all supported Meridian releases.

Next Horizon: 31 (Q4 2022)

The next major Horizon release will be Horizon 31.

It will contain a number of improvements, including:

  • a refactoring of flow APIs including support for some flow hooks in the plugin API (plugin API 1.1.0+)
  • major improvements and refactoring in Enlinkd's bridge topology mapping and collection scheduling
  • more stuff, which I haven't had a chance to go back and enumerate yet, watch this space :D
Next Meridian: 2023 (Q1 2023)

Meridian 2023 is still reasonably early in its development cycle, but you can expect it to contain, at the very least, the work that's going into Horizon 30.

Disclaimer

Note that this is just based on current plans; dates, features, and releases can change or slip depending on how development goes.

The statements contained herein may contain certain forward-looking statements relating to The OpenNMS Group that are based on the beliefs of the Group’s management as well as assumptions made by and information currently available to the Group’s management. These forward-looking statements are, by their nature, subject to significant risks and uncertainties.

...We apologize for the excessive disclaimers. Those responsible have been sacked.

Mynd you, møøse bites Kan be pretti nasti...

We apologise again for the fault in the disclaimers. Those responsible for sacking the people who have just been sacked have been sacked.

Calendar of Events

Open Source Summit Europe - Dublin, Ireland - September 13th through 16th

We are a silver sponsor this year for Open Source Summit, and will be hosting a booth in the exhibition area.

Craig Gallen and some of the crew from Belfast will be there, so pop on by and say hello.

Open Source Day 2022 - September 16th

The OpenNMS Group is proud to support Grace Hopper Conference's Open Source Day (OSD) 2022, and our very own Sandy Skipper is serving on the OSD Steering Committee.

OSD is an all-day hackathon in which participants of all skill levels learn about open source while contributing to projects designed to solve real world problems.
The goal is to celebrate and encourage women in open source.

OSD will take place as a pre-event on Friday, September 16 from 8am - 3pm PDT. Participation is open to anyone who has a GHC registration ticket (in-person or virtual).

For more information, contact Sandy Skipper or see the OSD site.

Grace Hopper Celebration - Orlando, FL - September 20th through 23rd

In addition to our involvement in Open Source Day, Veena Kannan will be presenting a virtual lightning talk at the Grace Hopper Conference titled "Open Source 101 – Myth Buster Edition" at the Grace Hopper Celebration.

Her talk will be Thursday the 22nd, at 11:00am.

All Things Open - Raleigh, NC - October 30th through November 2nd, 2022

All Things Open is local to our headquarters, and is a truly fantastic event.
We love it so much, we will be the exclusive live stream sponsor. 😉

We'll also have a booth in the exhibition hall.
A bunch of OpenNMS folks will be attending and/or helping out in the booth, so please be sure to say hi!

Open Source Monitoring Conference - Nuremberg, Germany - November 14th through 16th

The OpenNMS Group is a gold sponsor of OSMC this year, and will have a booth as well.
Stop by and say hello!

Until Next Time…

If there’s anything you’d like me to talk about in a future OOH, or you just have a comment or criticism you’d like to share, don’t hesitate to say hi.

- Ben

Resolved Issues Since Last OOH

  • ALEC-179: Tests on Situation Detail and situation metrics
  • HELM-334: Entity Datasource does not provide node information
  • HELM-345: Alarm Details missing TroubleTicketState if state is 0
  • HS-201: Backend: New Notification Service
  • HS-203: DevOps: New Notification service
  • HS-241: Add Cucumber IT for validating minion end point
  • HS-286: Add Trapd support in Stream
  • HS-295: Integrate KeyValueStore ( PostgresJsonStore) into Horizon Stream
  • HS-296: Add Config Service
  • HS-299: Setup instructions for local-sample dir
  • HS-304: FE - Display list of devices in the geomap table
  • HS-329: Tag / Surveillance Category Membership View / Edit Panel and Add to Placeholder Device Status Page
  • HS-334: Add Grafana DB config to Devops and test default dashboard.
  • HS-335: FE - Widget component & grid layout
  • HS-336: Stats: Local Environment setup in Docker for HS Stats testing
  • HS-345: BFF: Impove the BFF performace
  • HS-346: FE - Add new device status route / container component
  • HS-347: Configure in memeory cache in BFF for backend request.
  • HS-352: Nonblock requst from BFF to platform core
  • HS-356: Propagate Skaffold --skip-tests flag into custom maven builds
  • HS-358: Use Liquibase for notification database
  • HS-360: UX competitive analysis board in Figjam on Kentik
  • HS-378: BFF migration to Webflux broke context path config
  • HS-383: Add all images we build to HS CRD
  • NMS-13864: Package description for Minion and Sentinel reference Wiki
  • NMS-14360: BmpIT flapping
  • NMS-14522: Add CAP_NET_BIND_SERVICE capability to the java binary to bind privileged ports
  • NMS-14582: Add KPI for DCB cumulative web UI entries
  • NMS-14615: Quick Start: Import inventory
  • NMS-14623: Add KPIs for open notifications and outages to datachoices telemetry
  • NMS-14624: Add KPI for application count to datachoices telemetry
  • NMS-14648: Rename OIA to OPA in git repo
  • NMS-14667: Official docs readiness for Cortex TSS plugin release
  • NMS-14728: Add Elasticsearch 7.17.6 to Drift plugin versions

The post OpenNMS On the Horizon – September 12th, 2022 appeared first on The OpenNMS Group, Inc..

by RangerRick at September 12, 2022 04:58 PM

OpenNMS.js v2.5.0

This release contains a bunch of dependency updates including a move to core-js v3 for compatibility, as well as a few build system cleanups, fixes for querying SNMP interfaces by node ID and a query fix for 0-indexed enums.

by RangerRick at September 12, 2022 02:20 PM

September 06, 2022

OpenNMS.js v2.5.0

OpenNMS.js 2.5.0 contains a bunch of dependency updates including a move
to core-js v3 for compatibility, as well as a few build system cleanups,
fixes for querying SNMP interfaces by node ID and a query fix for
0-indexed enums.

by RangerRick at September 06, 2022 08:40 PM

OpenNMS On the Horizon – September 6th, 2022

It's time once again for OpenNMS On the Horizon.

Since last time, we worked on ALEC (situation datasource, UI timeline), CircleCI config improvements, device config backup telemetry, Horizon Stream (Minion gRPC, Minion gateway, ICMP/SNMP polling, traps, PagerDuty integration, operator and Skaffold, Sonar code coverage, Spring Boot, maps, and UI), Documentation (style guide, doc-writing guide, quick start, events, DCB, Cortex time-series), offheap queueing for time-series, Docker image publishing and ARM improvements, Sonar CI fixes, publishing to Maven Central, Helm queries and flows, web UI fixes, DCB analytics, partial updates for config REST.

Github Project Updates

Internals, APIs, and Documentation
  • Benjamin Janssens added some additional fields to the ALEC situation data source.
  • Morteza worked on some tweaks to the dynamic CircleCI config.
  • Alex and Alexander added an integration test for device config backup telemetry.
  • Łukasz continued his work on Minion gRPC integration in Horizon Stream, including bringing over ICMP and SNMP RPC implementations.
  • Yang Li worked on caching for the device BFF backend in Stream.
  • Bonnie did more work on the quick start documentation.
  • Chandra incorporated the config API into Stream.
  • Pushkar added application count to the datasources telemetry.
  • Alex fixed an issue with device config node telemetry.
  • Patrick worked on some fixes for unique system IDs.
  • Mark Mahacek worked on documentation for writing documentation. ;)
  • James did more work on PagerDuty support in Stream.
  • Jason made some fixes to Stream local resource usage.
  • Mark Frazier and Gerald did more work on Skaffold for Stream.
  • Emily did more work on the style guide.
  • Arthur continued his work on the Kafka Minion gateway in Stream.
  • Gerald worked on Sonar integration in the Stream build.
  • Dustin updated some event-related documentation.
  • Freddy continued to work on enhancements to offheap time-series queueing.
  • I merged my enhancements to docker container generation and publishing, including normalizing support for ARM images.
  • Gerald worked on some Spring Boot changes in the Stream Minion gateway.
  • Chandra added trap consumption to Stream.
  • I worked on fixing up issues in running Sonar code coverage.
  • Bonnie updated some device config backup documentation in the operation guide.
  • I did some preliminary work backporting dynamic config and docker changes to earlier branches.
  • I worked on what needs to be done to publish full build Maven artifacts to Central.
  • Bonnie did some more work on Cortex time-series plugin documentation.
Web, REST, UI, and Helm
  • Chinh Le continued to work on tuning device support in the Horizon Stream map.
  • Anya worked on using the ALEC situation REST datasource in the UI.
  • Alberto did some additional work on improvements to Helm queries, including node handling and flows.
  • Christian fixed some escaping in a few web element spots.
  • Rob worked on fixing an issue with device lists.
  • Scott did more work on device config backup analytics in the UI.
  • Mike Rose worked on refactoring how widgets get wrapped in the Stream UI.
  • Dmitri merged his work on partial update support in the config REST API.
Contributors

Thanks to the following contributors for committing changes since last OOH:

  • Emily Marsh
  • Alberto Ramos
  • Patrick Schweizer
  • Benjamin Janssens
  • Chandra Gorantla
  • Benjamin Reed
  • Bonnie Robinson
  • Jason Berry
  • Chinh Le
  • Anya Rybalova
  • Yang Li
  • Alex May
  • Morteza Ershad-Manesh
  • Rob Ellis
  • James Hutchinson
  • Christian Pape
  • Pushkar Suthar
  • Łukasz Dywicki

Coming Soon: JIRA Migration

We will be migrating our JIRA issue-tracker from a self-hosted version to Atlassian's cloud version.
I don't have a timeline for this yet, but expect it in the coming months.

If you currently have an account at the OpenNMS issue tracker your account should already be migrated to JIRA Cloud, but you will need to perform a password reset with the "Can't log in?" link before you can log in.

Releases and Roadmap

Upcoming September Releases

OpenNMS is on a monthly release schedule, with releases happening on the second Wednesday of the month.

The next OpenNMS release day is September 14th, 2022.

We currently expect updates to Horizon 30 and all supported Meridian releases.

Next Horizon: 31 (Q4 2022)

The next major Horizon release will be Horizon 31.

It will contain a number of improvements, including:

  • a refactoring of flow APIs including support for some flow hooks in the plugin API (plugin API 1.1.0+)
  • major improvements and refactoring in Enlinkd's bridge topology mapping and collection scheduling
Next Meridian: 2023 (Q1 2023)

Meridian 2023 is still reasonably early in its development cycle, but you can expect it to contain, at the very least, the work that's going into Horizon 30.

Disclaimer

Note that this is just based on current plans; dates, features, and releases can change or slip depending on how development goes.

The statements contained herein may contain certain forward-looking statements relating to The OpenNMS Group that are based on the beliefs of the Group’s management as well as assumptions made by and information currently available to the Group’s management. These forward-looking statements are, by their nature, subject to significant risks and uncertainties.

...We apologize for the excessive disclaimers. Those responsible have been sacked.

Mynd you, møøse bites Kan be pretti nasti...

We apologise again for the fault in the disclaimers. Those responsible for sacking the people who have just been sacked have been sacked.

Calendar of Events

Open Source Summit Europe - Dublin, Ireland - September 13th through 16th

We are a silver sponsor this year for Open Source Summit, and will be hosting a booth in the exhibition area.

Craig Gallen and some of the crew from Belfast will be there, so pop on by and say hello.

Open Source Day 2022 - September 16th

The OpenNMS Group is proud to support Grace Hopper Conference's Open Source Day (OSD) 2022, and our very own Sandy Skipper is serving on the OSD Steering Committee.

OSD is an all-day hackathon in which participants of all skill levels learn about open source while contributing to projects designed to solve real world problems.
The goal is to celebrate and encourage women in open source.

OSD will take place as a pre-event on Friday, September 16 from 8am - 3pm PDT. Participation is open to anyone who has a GHC registration ticket (in-person or virtual).

For more information, contact Sandy Skipper or see the OSD site.

Grace Hopper Celebration - Orlando, FL - September 20th through 23rd

In addition to our involvement in Open Source Day, Veena Kannan will be presenting a virtual lightning talk at the Grace Hopper Conference titled "Open Source 101 – Myth Buster Edition" at the Grace Hopper Celebration.

Her talk will be Thursday the 22nd, at 11:00am.

All Things Open - Raleigh, NC - October 30th through November 2nd, 2022

All Things Open is local to our headquarters, and is a truly fantastic event.
We love it so much, we will be the exclusive live stream sponsor. 😉

We'll also have a booth in the exhibition hall.
A bunch of OpenNMS folks will be attending and/or helping out in the booth, so please be sure to say hi!

Open Source Monitoring Conference - Nuremberg, Germany - November 14th through 16th

The OpenNMS Group is a gold sponsor of OSMC this year, and will have a booth as well.
Stop by and say hello!

Until Next Time…

If there’s anything you’d like me to talk about in a future OOH, or you just have a comment or criticism you’d like to share, don’t hesitate to say hi.

- Ben

Resolved Issues Since Last OOH

  • ALEC-165: Timeline alarms
  • ALEC-173: Situation endpoint with more data
  • ALEC-175: Use new situation endpoint
  • ALEC-176: Improve getSituationStatusList endpoint
  • ALEC-177: Fixes situation metrics
  • HELM-336: Flow DS query interfacesOnExporterWithFlows() does not accept FS:FID as argument
  • HELM-337: exporterNodesWithFlows() query handles criteria differently than other queries
  • HS-315: Remove unnecessary step from main README
  • HS-320: Production build of the Vue.js app
  • HS-327: Skaffold is always triggering builds of Jib-based images like notification and rest-server, even when nothing has changed
  • HS-341: java.lang.Double on adding multiple devices
  • HS-349: Skaffold file sync stopped working in UI project
  • HS-350: Trigger SonarCloud code scanning jobs in Horizon Stream
  • NMS-13553: docs.opennms.com directory listing beautification
  • NMS-14310: provisiond config partial update
  • NMS-14449: Rest API v2 for obtaining a list of SNMP interfaces doesn't return back node id
  • NMS-14542: Event / Alarms filtering no longer works
  • NMS-14555: Development and test environment for Velocloud SD-WAN integration
  • NMS-14579: Add KPI for DCB device count by sysObjectID
  • NMS-14580: Add KPI for DCB cumulative config count
  • NMS-14581: Add KPI for DCB cumulative backup failure count
  • NMS-14626: Publish images to Docker Hub
  • NMS-14655: Appliance: Minion fails to come up with 30.0.2 and bleeding image
  • NMS-14657: Graph page doesn't escape <> in resource labels
  • NMS-14669: Dynamic Yaml generation: Simplify and improve dynamic generation
  • NMS-14673: Implement VCO API v1 authentication
  • NMS-14674: Implement Velocloud API version abstracton layer
  • NMS-14687: UI update for DCB KPI
  • NMS-14688: REST API update for DCB KPI
  • NMS-14690: Need to get Sonar Cloud runs going again.
  • NMS-14691: Dynamic Yaml generation: handle merge-foundation branch and when build-trigger override file is detected better
  • NMS-14696: Upgrade dom4j to latest version
  • NMS-14697: Investigate the failure in integration-test job
  • NMS-14706: Dynamic Yaml Generation: Code Improvements to how we detect merge-foundation branch and changes to epoch file and documentation

The post OpenNMS On the Horizon – September 6th, 2022 appeared first on The OpenNMS Group, Inc..

by RangerRick at September 06, 2022 08:15 PM

August 30, 2022

OpenNMS is now a CNA!

The security team at The OpenNMS Group has partnered with MITRE to become a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA). Through the CVE program, MITRE ensures that application vulnerabilities are uniquely identified and accurately reported.

As a numbering authority, The OpenNMS Group security team will assign numbers to vulnerabilities and exposures identified within our projects and products. Any vulnerability scanning tool can use CVE numbers to help users identify and manage vulnerabilities within their infrastructure. Using unique CVE identifiers, users and stakeholders across the information security community can remain informed of vulnerabilities and how to address them.

“In our continuing effort to enhance our cybersecurity program, I am excited to take this next step of becoming a CNA,” says Jeff Jancula, Chief Information Security Officer at The OpenNMS Group. “As a CNA, OpenNMS has an avenue to transparently share security information with our customers and the open source community. CVEs also let us publicly recognize community members and customers that help improve the security of our projects. These improvements will strengthen our community relationships and help reduce risk associated with vulnerabilities.”

OpenNMS is a scalable and highly configurable open-source network management platform with comprehensive fault, performance, and traffic monitoring. OpenNMS routinely promotes responsible disclosure of potential cybersecurity vulnerabilities. Read more at opennms.com/security.

The post OpenNMS is now a CNA! appeared first on The OpenNMS Group, Inc..

by Gabriela Lopez at August 30, 2022 01:31 PM

August 23, 2022

Remaining 2022 Conferences

Today marks my three month anniversary with AWS, and I’m loving it. It has been a lot of fun returning to conferences, so I thought I’d post a list of the ones I will be attending for the rest of the year.

If you are going to any of these as well, please reach out as I miss seeing people in person and would love to catch up (or, get acquainted).

by Tarus at August 23, 2022 03:35 PM

August 01, 2022

2022 SCaLE 19x – Day Four

The last day of SCaLE was bittersweet, as I didn’t want it to be over but I was also ready to head home.

After stopping by the booth I was eager to visit a session on OpenNMS presented by my friend Jeff Gehlbach.

Jeff Gehlbach presenting on network flow data

Jeff has stepped up in the the presenter role I used to have, and he did a very good job of covering what network flows are, the different types and why they are important.

Back in the Exhibit Hall I was happy to learn that the AWS booth had won the “Most Memorable” award.

Most Memorable Booth Certificate

Hats off to Spot and Ashley for coming up with such a cool concept and creating a great space for people to hang out.

At 1:30pm we held a raffle for a pretty nice 3D printer. You had to be present to win and there was a lot of interest.

Spot surrounded by a crowd as the raffle winner is chosen

Then it was time to tear down the booth as the Exhibit Hall closed at 2pm.

This gave us time to get to the closing keynote by Internet pioneer Vint Cerf.

Vint Cerf in front of a podium

For someone who recently turned 79 he was a dynamic and entertaining speaker, and it was fun to listen to his stories on creating ARPANET, and how it grew into the public Internet we use today.

He also mentioned Jon Postel several times. I had an e-mail correspondence with Jon in the mid-1990s when I was trying to wrap my brain around the process for getting an “enterprise number” from IANA. I didn’t realize until after his untimely death who he was, and I’m still impressed at how much time he was willing to give a newbie like me.

While I enjoyed the presentation, I did regret that we ran out of time for details on his last slide, which concerned “unfinished business”.

Slide Listing Unfinished Business for the Internet

I mean, I get it. Each of the six topics on the slide could be a talk on its own, but I was very curious to hear his thoughts on fixing things such as disinformation. I love living in a world with almost instant access to information and the ability to connect with others, but there are problems, too, and I’m not sure we have the solutions.

All in all I am extremely happy to have been able to attend SCaLE. I’m still not comfortable in crowds and I was a little put out that not everyone in attendance decided to honor the mask policy. I talked with the SCaLE staff and they told me they were doing all they could, but even when people were reminded to mask up they tended to remove them as soon as the staff member walked away.

I was especially unhappy when I saw sponsors going maskless. On the one hand I am happy for their support of SCaLE, but on the other when you are standing in front of your company logo showing a disregard for the safety of your potential customers, it sends a bad message.

I’m not bringing this up to start a debate on the efficacy of masks, as I realize that they provide varying degrees of protection depending on type and use, but if your staff isn’t willing to abide by the conference rules, perhaps you just shouldn’t be there.

Note that I did refrain from posting the pictures I took of specific sponsors since it really wouldn’t change anything. I must be getting soft in my old age.

In any case I hope this is a non-issue for SCaLE 20x in Pasadena next March. I’m not optimistic that the pandemic will be over but for me the risk was worth the benefit, and I can’t wait to return.

by Tarus at August 01, 2022 01:34 PM

July 31, 2022

2022 SCaLE 19x – Day Three

Day Three of SCaLE kicked off the start of the main conference, which meant I spent most of the day in the AWS booth.

AWS Booth Picture Showing a Television Screen Playing Frontalot Videos

Traffic was pretty good and I got to talk with a lot of interesting people. I did take a break around 2pm and noticed from Twitter that I was missing a talk by Frank Karlitschek of Nextcloud fame, so I skedaddled over to his room to catch it.

It was pretty good. It focused on how copyleft-style licenses are often better for business since they level the playing field for all contributors, versus a number of newer licenses that are more “source available” instead of “open source”.

Frank Karlitschek Presenting at SCaLE

Please note that I’m an unabashed Nextcloud fanboy so I have some biases. (grin)

The big evening event was “Game Night” where they turned the basement ballrooms into a big gaming playground. From the classics such as checkers and chess, to Vegas-style games such as roulette and blackjack, up to the most modern of games using VR, there was something for everyone.

AWS sponsored the music for the event, and I was eager to see MC Frontalot perform. He didn’t disappoint.

MC Frontalot Performing at SCaLE

He did an hour-long set spanning the classics to the newer stuff, including “Secrets From the Future” featuring a video generated using AI.

Afterward he hung out at the merch table to chat with folks, and I got to spend some time with a new friend named Silona Bonewald.

MC Frontalot and Silona Bonewald

I was introduced to Silona through Spot as she was on the same hotel shuttle bus when we arrived on Wednesday evening. She is in charge of open source at IEEE as well as being a Burner, and I always look forward to chance to talk with her.

Today is the final day of the conference, and remember if you are reading this before 1:30pm PDT there is a raffle for an awesome 3D printer at the AWS booth, so come by to get your ticket.

by Tarus at July 31, 2022 05:30 PM

July 30, 2022

2022 SCaLE 19x – Day Two

This is the first conference since joining AWS that I have booth duty, so I won’t be able to spend as much time in the sessions as I would like, but I did want to catch one of the first sessions of the day which was “Speedrunning Kubernetes”.

A slide with the session title 'Speedrunning Kubernetes'

The main reason I wanted to see this talk was to see Kat Cosgrove in action. Prior to coming to AWS I didn’t know about her but I ended up following her on Twitter and found that she has strong opinions, and I tend to like people who have strong opinions. I figured the presentation would be entertaining and that I might learn something.

I wasn’t disappointed.

Kat Cosgrove being introduced by Josh Berkus

The title alludes to a “speedrun” which is an attempt to complete a video game as quickly as possible. The goal of this talk was to bring up a working Kubernetes cluster as if you were doing a speedrun. It also included one of the more … unusual … analogies I’ve seen in a technical presentation (including my own) by using a Chihuahua as a metaphor.

A chihuahua with two cheeseburgers under each of their four feet

If the goal is to provide the “cheeseburger” application, consisting of the bun service, the patty service, the cheese service, the mustard service, etc., each instance of the application (i.e. each burger) can be considered a “pod”. There are two pods under each foot of the dog representing two-pod “nodes” and the dog forms the control plane.

Remember, now that you’ve seen it, you can’t unsee it.

That was the only session I made on Day Two, but I did get some time to wander around the Exhibit Hall. The Software Freedom Conservancy had a booth, and since they are one of my favorite organizations I stopped by to chat with Pono Takamori. I know a number of folks that work there and they serve as almost a reference implementation for trying to live using 100% free software. Pono was telling me that it was getting almost impossible to find a totally free mobile wireless solution since 3G went away, as all of the modern modems tend to use binary blobs.

Pono Takamori in the Software Freedom Conservancy Booth

Now, when these exhibit halls are being set up, the “booths” are laid out with little generic signs showing the owner of the booth, and most of the time they eventually get covered up once the booth is complete.

The MySQL booth with an Oracle sign in the background

I know the Sun acquisition was a long time ago, but I still get cognitive dissonance when I see a MySQL sign next to an Oracle one.

The AWS booth for this conference is really awesome. I bow down to the genius that is Spot Callaway, and he pitched a booth design that was to invoke a teenage geek’s basement, where one might play video games and Dungeons and Dragons (think Stranger Things). The walls of the booth are made to look like brick, and there are chairs, a couch and an SNES console emulator.

The AWS Booth showing people playing a video game

The featured AWS project for this conference is Bottlerocket, and I got to learn a bit about it and meet members of the team. Bottlerocket is a minimal operating system designed just to run containers. I compared it to LibreELEC, which is a purpose-built O/S that I use to run Kodi, and while it was explained to me that I was oversimplifying things a bit, it was otherwise a good analogy.

While it is, of course, being used withing AWS, it is a 100% open source project and you can get the code on Github, and the hope is that others will find it valuable and will get involved with the community. If this is something you’re into, stop by the booth and say “hi”.

Speaking of stopping by the booth, we do have some tasty sodas and Bottlerocket branded bottle openers, but the big giveaway is an awesome 3D printer. Get a raffle ticket and stop by the booth at 1:30pm on Sunday for the drawing (you must be present to win).

AWS employees are not eligible to participate. (sniff)

by Tarus at July 30, 2022 06:00 PM

July 29, 2022

2022 Scale 19x – Day One

I am back at the Southern California Linux Expo (SCaLE) for the first time in many years, and I was surprised at how happy this makes me. It is always a well run conference and it tends to bring a lot of people I like together in one place, which means I get to meet a lot more people to like as well.

The main SCaLE sessions occur over the weekend, but there are a lot of cool things that happen in the days before. For Thursday, AWS sponsored Cloud Native Builder Day to showcase some of the amazing open source technologies one can use to solve a number of challenges, and I was eager to learn about them.

But before that I needed to get registered. The first step was to show proof of vaccination. While I am thankful that we can have these events, COVID is still a thing and the organizers are doing all they can to mitigate the risk to the conference attendees. Since I’m an old I’ve had two shots and two boosters but the darn thing keeps mutating.

SCaLE Registration Sign

Once past that I headed upstairs where I could use the self check-in kiosks. It was pretty simple to sign in and get my badge printed, and then it was just a short trip down the hall to pick up the conference “swag bag” which included the badge holder and lanyard.

SCaLE Registration Area with People Checking In

The only change I would make to the process is that once you printed your badge, you should really hit the “close window” button on the screen, as there is a “back” button that could allow the next person who registers to see your name and e-mail. No biggie, but the security nerd in me always thinks about these things.

The conference spans two floors. The Exhibit Hall with the sponsor booths is on the ground floor behind registration (it is technically in the Plaza Ballroom so I just followed the signs for “ballrooms”) while the sessions are on the second floor along with registration. AWS is going to have a pretty cool booth this year.

As an AWS employee I guess I should say that we always have a cool booth (grin) but I especially like the idea behind this one, despite the fact that we were unable to get a mounted deer head (seriously). It’s booth numbers 300, 302 and 304 if you want to swing by, and for those of you who couldn’t make it I’ll be sure to post about it later.

Cloud Native Builder Day showcased three different open source projects, the first one being Triggermesh. This was presented by Jeff Naef who I immediately liked as he was the first to notice that my mask is made by K&N, a company known for their high-end automotive airflow products. He loves performance automobiles as well as open source (he was wearing a Snap-On tools hat) so I knew we would get along.

Jeff Naef Presenting on Triggermesh

In dealing with cloud native technologies, a lot of the workflow is event driven. Triggermesh lets you seamlessly link together sources and targets for events, normalizing and enriching them along the way. While it does support the ability to create functions using code (in a variety of languages) a lot of the implementation can be done just through configuration.

In one example the data was encoded in base64, and a person asked if Triggermesh could render that in clear text. Jeff was like, sure, and he bravely set out to implement that as we watched. He got really close, but in any case deserves kudos for the attempt, especially considering he was holding a microphone with one hand the entire time.

The next speaker was Zoe Steinkamp from InfluxDB. I first met Zoe at the Open Source Summit in Austin and she is one of my favorite new acquaintances I’ve met through my job at AWS.

Now full disclosure: I missed the first half of her presentation.

SCaLE has done something delightful with the schedule, which is allowing 30 minutes between talks. I’ve talked about this before but this lets speakers switch out without the usual urgency, allows more time for attendees to interact with the speaker after the talk, and improves the hallway track.

I thought I had enough time to grab lunch, which was In-N-Out that Spot had brought for me. We don’t have In-N-Out in North Carolina so I rarely pass up a chance to get it, and I figured I could be back in time. I was wrong. But I did slip into the back of the room which is why this picture isn’t as close as the others.

Zoe Steinkamp Presenting on InfluxDB

I used to work on an open source project that relied heavily on time series data, so I’m a bit of a time series data geek. Every time I see a presentation on InfluxDB I learn more things to like about it. This time I found out that it is possible to get started with it without being a programmer. A lot of people in the data science field aren’t coders, but they can send their data to InfluxDB pretty easily. The folks at Influx have created InfluxDB University as a free resource to get the most out of their solution, and while I haven’t gone through it yet it looks really comprehensive.

The final presenter was Matt Overstreet from Datastax. Datastax focuses on providing solutions around the Apache Cassandra project, which is a distributed “NoSQL” database.

Matt Overstreet Presenting on Apache Cassandra

When most people hear the word “database” they think of relational databases. This is a data structure usually based on “rows” of data made up of “fields” and indexed by a primary key. One then uses something like the Structured Query Language (SQL) to retrieve values from those fields. This is all well and good but it tends to be extremely monolithic, which doesn’t work well in today’s distributed cloud environment.

Think about it. In a datacenter you might have sub-millisecond latency, so a query can be returned quickly. Move that datacenter across the country, and now it your latency is, say, 100ms. Move that to the other side of the world and, well, you get the picture. Now if you only have a few queries that might be okay, but when you consider thousands and then millions of queries, the response time of your application is going to take a hit.

Cassandra allows you to distribute that data both within a datacenter (for reliability) and also regionally. You can then put your data near your customers, improving their experience.

I was already sold on Cassandra (we used it at OpenNMS) but what I learned from this presentation was the wonderfulness that is “k8ssandra” (kate-sandra). This is Cassandra but running in Kubernetes. If you have ever had to extend and expand a Cassandra cluster, you know that while it isn’t super difficult there are a number of gotchas that can cause problems. What if you could automate it? Matt showed us an example that let him spin up (and tear down) an 800 node cluster in minutes.

Cool, huh?

The first day of SCaLE 19x was a blast, and I am eager to see what the rest of the week brings.

by Tarus at July 29, 2022 03:35 PM

July 13, 2022

Why You Should Attend SCaLE 19x

The 19th iteration of the Southern California Linux Expo (SCaLE) is around two weeks away, and I wanted to suggest some reasons why you should attend, assuming you are into free and open source software. AWS, where I work, is a platinum sponsor. The conference runs for four days starting on July 28th and is located at the Los Angeles Airport Hilton.

Note: Everything expressed here represents my own thoughts and opinions and I am not speaking for my employer Amazon Web Services.

I’ve been to a number of SCaLE conferences and I’m always impressed at how well they are run. This is a grass-roots, volunteer-led conference yet it is always at par with the more commercial trade shows I attend and sometimes exceeds them. This year looks exceptionally good.

The first reason you should go is the content. The conference has quite a number of tracks including one focused on containers and orchestration (‘natch) and also infrastructure, security and observability. There are tracks on using open source in the medical field as well as government. Big Data gets its own track as well as embedded systems, and there are several more tracks guaranteed to touch on almost every interest within free and open source software.

The conference spans four days, with the first two days focused more on workshops. Co-located with SCaLE is a two day, two track technical conference focused on PostgreSQL, and on Friday is the tenth DevOps Day LA. AWS is hosting a half-day workshop focused on Cloud Native builders with presentations on Kubernetes, InfluxDB and Apache Cassandra.

The second reason you should go is networking, or what is often called the “hallway track”.

For the last several years I’ve worked remote (i.e. not in an office outside of the home) and I will probably continue to do so for the rest of my career. Remote work has become almost a standard within technical jobs.

But I have to say I miss being able to see people face to face. When I was with OpenNMS we had this product where you could buy a year of support coupled with a week of on-site professional services and training. I used to love doing those, but even before COVID those trips became less frequent as companies adopted a distributed work force. There was really no “on-site” place to go when your team was across four time zones.

Technical conferences, such as SCaLE, provide a great opportunity to get together in person, and it can be wonderful to talk in an informal setting to people you may only know through e-mails, video calls and social media. A number of my coworkers will be at SCaLE and I am looking forward to spending some “in real life” time with them.

If you look through the list of speakers at this year’s conference, it is a “who’s who” of open source leaders and contributors, and you’ll have to the chance to meet them as well as other like-minded people. I love the fact that the organizers have built in a 30 minute cushion between talks. Not only does this avoid the rush that usually happens as one speaker finishes and another sets up, it gives people time to socialize before heading off to the next talk. Of course, it goes without saying that you should be courteous to speakers and other attendees, and SCaLE has published a Code of Conduct to formalize what that means, but also don’t let that stop you from asking tough or difficult questions of the speakers (just be nice about it). I always loved it when I was a speaker and someone asked me something I had never thought about.

The third reason you should go is the Exhibition Hall. There are a ton of sponsors who will have booths at the show (including AWS) and this is a great chance to talk with those projects you love, find new ones to love, and often there is some great swag to be had. The hall will be open on Friday through Sunday.

Finally, on Saturday night there is the famous “Game Night” reception and party. I’m excited that the original nerdcore rapper, MC Frontalot, will be performing. Frontalot combines musicianship with nerdy topics like video games, cosplay, fairy tales and technology into an incredibly entertaining show. If you are new to his work check out his YouTube channel. One of my favorite songs is “Stoop Sale” (kids especially like that one, so I guess I’m a kid at heart), and he recently had a fan take his song “Secrets from the Future” (about how all of our encrypted secrets will one day be an open book) and run the lyrics through the Midjourney AI image generator. The result is pretty amazing.

A full SCaLE pass runs $85, and I can’t think of a better value. In-person technical instruction runs $500+ a day, and even if you went to one of those on-line class sites you’re still going to pay $15-$50 a class, and here you can attend 15 or so sessions for around $5 per, and that doesn’t include all the extra stuff outside of the presentations. Even with travel it is still a deal.

I am very eager to attend and I hope to see you there, too.

Just one more note, this one on COVID. I am pretty rigorous when it comes to avoiding this disease which is one reason I haven’t traveled much in the last 2+ years. The first conference I attended since the pandemic started was the Open Source Summit in Austin, and while some people did test positive it was a small fraction of total attendees. One reason was that they had a mask requirement (except when eating or drinking) and you had to show proof of vaccination or a negative test. SCaLE has adopted a similar policy, and while this won’t mean it is impossible to get sick the evidence suggests that this will greatly limit exposure among the attendees. If you have health issues you may still want to stay home and if you come and don’t feel well use your best judgement. I will be taking along some rapid tests that I got for free from covid.gov as well as frequently taking my temperature just to be sure.

by Tarus at July 13, 2022 02:01 PM

June 25, 2022

2022 Open Source Summit – Day 4

I always feel a little sad on the last day of any conference, and Open Source Summit was no different. It seems like the week went by too fast.

With the Sponsor Showcase closing on Thursday, attendance at the Friday keynotes was light, but those of us that showed up got to hear some pretty cool presentations.

Picture of Rachel Rose on stage

The first one was from Rachel Rose, who supervises R&D at Industrial Light and Magic. As a fanboy of ILM I was very eager to hear what she had to say, and she didn’t disappoint. (sorry about the unflattering picture but I took three and they were all bad)

In the past a lot of special effects that combine computer generated imagery (CGI) and live action are created separately. The live action actors perform in front of a green screen and the CGI backgrounds are added later. Technology has advanced to the point that the cutting edge now involves live action sets that are surrounded by an enormous, curved LED screens, and the backgrounds are projected as the actors perform.

This presents a number of challenges as the backgrounds may need to change as the camera moves, but it provides a much better experience for the actors and the audience.

The tie-in to open source is that a lot of the libraries used the creation of these effects are now open. In fact, the Academy of Motion Picture Arts and Sciences (the people responsible for the Oscars) along with the Linux Foundation have sponsored the Academy Software Foundation (ASWF) to act as a steward for the “content creation industry’s open source software base”. The projects under the ASWF fall into one of two tiers: Adopted and Incubation. Currently there are four projects that are mature enough to be adopted and several more in the incubation stage.

A lot of this was so specific to the industry that it went over my head, but I could understand the OpenEXR project, which provides a reference implementation of the EXR file format for storing high quality images.

A slide showing the ILM Stagecraft volume setup

She then went on to talk about Stagecraft, which is the name of the ILM platform for producing content. I would love to be able to visit one day. It would be so cool to see a feature being made with the CGI, sets and actors all integrated.

Picture of Vini Jaiswal on stage

The next speaker was Vini Jaiswal, Developer Advocate for Databricks. I had seen a cool Databricks presentation back on Day 2 and the first part was similar, but Jaiswal skipped the in-depth technical details and focused more on features and adoption. A rather large number of companies are using the Delta Lake technology as a way to apply business intelligence to data lakes, and as the need to analyze normally unstructured data becomes more important, I expect to see even more organizations adopt it.

The third presentation was a video by Dmitry Vinnik of Meta on measuring open source project health.

Begin rant.

To be honest I was a little unhappy to see a video as a keynote. It was the only one for the entire week and I have to admit I kind of tuned it out. It wasn’t even novel, as he has given it at least twice before. The video we were shown is available on Youtube from a conference earlier in the month and he posted another one dated June 24th from the Python Web Conference (while it has a different splash screen it looks to be the same presentation).

A still picture of a part of the video sent in by Demetri Vinnik

Look, I’ve given the same talk multiple times at different conferences, so I get it. But to me keynotes are special and should be unique. I was insulted that I bothered to show up in person, wear a mask, get my temperature checked each day, and I expected something better than a video I could have watched at home.

Note: Rachel Rose played a video as part of her presentation and that’s totally cool, as she didn’t “phone in” the rest of it.

Okay, end rant.

The next two presenters were very inspiring young people, and it was nice to have them included as part of the program.

Picture of Alena Analeigh on stage

The first speaker was Alena Analeigh, an amazing young woman who, among other achievements, has been accepted to medical school at age 13 (note that in trying to find a reference for that I came up blank, except for her twitter bio, so if you have one please let me know and I can update this post).

Med school is just one of her achievements. She also founded The Brown STEM Girls as an organization to get more women of color interested in science, technology, engineering and math. She stated that while men make up 52% of the workforce, they represent 76% of people employed in STEM fields.

My love of such things was fostered at an early age, and programs like hers are a great step to encourage young women of color to get interested in and eventually pursue careers in STEM.

While she seemed a little nervous and tentative while presenting, the final speaker of the morning was the exact opposite. At 11 years old, I could listen to Orion Jean speak for hours.

Picture of Orion Jean on stage

Orion also has a number of accolades, including Time Magazine’s “Kid of the Year“. He got his start as the winner of a speech contest sponsored by Think Kindness, and since then has started the Race to Kindness (“a race where everybody wins”) to spread kindness around the world.

To help inspire acts of kindness he uses the acronym K.I.N.D.:

  • Keep Your Eyes Open: Look for opportunities to be kind to others. One example he used is one I actually practice. If you are in line to check out at the store, and you see a person with a lot less items than you, while not offer to let them check out first?
  • Include Others: No one can effect change alone. Get others involved.
  • Nothing Is Too Small: One thing that keeps us from spreading kindness is that we can try to think too big. Even small acts of kindness can have a huge impact.
  • Do Something About It: Take action. Nothing can change if we do nothing.

After the keynotes I had to focus on some work stuff that I had let languish for the week, so I didn’t make it to any of the presentations, but overall I was happy with my first conference in three years.

There were a few people that attended who tested positive for COVID, so I plan to take some precautions when I get home and hope that the steps the Linux Foundation took to mitigate infection worked. So far I’ve tested negative twice, and I’ll probably take another test on Monday.

My next conference will be SCaLE in Los Angeles at the end of July, and I plan to be in Dublin, Ireland for Open Source Summit – Europe. If you are comfortable getting out and about I hope to see you there.

by Tarus at June 25, 2022 07:04 PM

June 24, 2022

2022 Open Source Summit – Day 3

Thursday at the Open Source Summit started as usual at the keynotes.

Picture of Robin Bender Ginn on stage

Robin Bender Ginn opened today’s session with a brief introduction and then we jumped into the first session by Matt Butcher of Fermyon.

Picture of Matt Butcher on stage

I’ve enjoyed these keynotes so far, but to be honest nothing has made me go “wow!” as much as this presentation by Fermyon. I felt like I was witnessing a paradigm shift in the way we provide services over the network.

To digress quite a bit, I’ve never been happy with the term “cloud”. An anecdotal story is that the cloud got its name from the fact that the Visio icon for the Internet was a cloud (it’s not true) but I’ve always preferred the term “utility computing”. To me cloud services should be similar to other utilities such as electricity and water where you are billed based on how much you use.

Up until this point, however, instead of buying just electricity it has been more like you are borrowing someone else’s generator. You still have to pay for infrastructure.

Enter “serverless“. While there are many definitions of serverless, the idea is that when you are not using a resource your cost should be zero. I like this definition because, of course, there have to be servers somewhere, but under the utility model you shouldn’t be paying for them if you aren’t using them. This is even better than normal utilities because, for example, my electricity bill includes fees for things such as the meter and even if I don’t use a single watt I still have to pay for something.

Getting back to the topic at hand, the main challenge with serverless is how do you spin up a resource fast enough to be responsive to a request without having to expend resources when it is quiescent? Containers can take seconds to initialize and VMs much longer.

Fermyon hopes to address this by applying Webassembly to microservices. Webassembly (Wasm) was created to allow high performance applications, written in languages other than Javascript, to be served via web pages, although as Fermyon went on to demonstrate this is not its only use.

The presentation used a game called Finicky Whiskers to demonstrate the potential. Slats the cat is a very finicky eater. Sometimes she wants beef, sometimes chicken, sometimes fish and sometimes vegetables. When the game starts Slats will show you an icon representing the food they want, and you have to tap or click on the right icon in order to feed it. After a short time, Slats will change her choice and you have to switch icons. You have 30 seconds to feed as many correct treats as possible.

Slide showing infrastructure for Frisky Kittens: 7 microservices, Redis in a container, Nomad cluster on AWS, Fermyon

Okay, so I doubt it will have the same impact on game culture as Doom, but they were able to implement it using only seven microservices, all in Wasm. There is a detailed description on their blog, but I liked that fact that it was language agnostic. For example, the microservice that controls the session was written in Ruby, but the one that keeps track of the tally was written in Rust. The cool part is that these services can be spun up on the order of a millisecond or less and the whole demo runs on three t2.small AWS instances.

This is the first implementation I’ve seen that really delivers on the promise of serverless, and I’m excited to see where it will go. But don’t let me put words into their mouth, as they have a blog post on Fermyon and serverless that explains it better than I could.

Picture of Carl Meadows on stage

The next presentation was on OpenSearch by Carl Meadows, a Director at AWS.

Note: Full disclosure, I am an AWS employee and this post is a personal account that has not been endorsed or reviewed by my employer.

OpenSearch is an open source (Apache 2.0 licensed) set of technologies for storing large amounts of text that can then be searched and visualized in near real time. Its main use case is for making sense of streaming data that you might get from, say, log files or other types of telemetry. It uses the Apache Lucene search engine and latest version is based on Lucene 9.1.

One of the best ways to encourage adoption of an open source solution is by having it integrate with other applications. With OpenSearch this has traditionally been done using plugins, but there is a initiative underway to create an “extension” framework.

Plugins have a number of shortcomings, especially in that they tend to be tightly coupled to a particular version of OpenSearch, so if a new version comes out your existing plugins may not be compatible until they, too, are upgraded. I run into this with a number of applications I use such as Grafana and it can be annoying.

The idea behind extensions is to provide an SDK and API that are much more resistant to changes in OpenSearch so that important integrations are decoupled from the main OpenSearch application. This also provides an extra layer of security as these extensions will be more isolated from the main code.

I found this encouraging. It takes time to build a community around an open source project but one of the best ways to do it is to provide easy methods to get involved and extensions are a step in the right direction. In addition, OpenSearch has decided not to require a Contributor License Agreement (CLA) for contributions. While I have strong opinions on CLAs this should make contributing more welcome for developers who don’t like them.

Picture of Taylor Dolezal on stage

The next speaker was Taylor Dolezal from the Cloud Native Computing Foundation (CNCF). I liked him from the start, mainly because he posted a picture of his dog:

Slide of a white background with the head and sad eyes of a cute black dog

and it looks a lot like one of my dogs:

Picture of the head of my black Doberman named Kali

Outside of having a cool dog, Dolezal has a cool job and talked about building community within the CNCF. Just saying “hey, here’s some open source code” doesn’t mean that qualified people will give up nights and weekends to work on your project, and his experiences can be applied to other projects as well.

The final keynote was from Chris Wright of Red Hat and talked about open source in automobiles.

Picture of Chris Wright on stage

Awhile ago I actually applied for a job with Red Hat to build a community around their automotive vertical (I didn’t get it). I really like cars and I thought that combining that with open source would just be a dream job (plus I wanted the access). We are on the cusp of a sea change with automobiles as the internal combustion engine gives way to electric motors. Almost all manufacturers have announced the end of production for ICEs and electric cars are much more focused on software. Wright showed a quote predicting that automobile companies will need four times the amount of software-focused talent that the need now.

A slide with a quote stating that automobile companies will need more than four times of the software talent they have now

I think this is going to be a challenge, as the automobile industry is locked into 100+ years of “this is the way we’ve always done it”. For example, in many states it is still illegal to sell cars outside of a dealership. When it comes to technology, these companies have recently been focused on locking their customers into high-margin proprietary features (think navigation) and only recently have they realized that they need to be more open, such as supporting Android Auto or CarPlay. As open source has disrupted most other areas of technology, I expect it to do the same for the automobile industry. It is just going to take some time.

I actually found some time to explore a bit of Austin outside the conference venue. Well, to be honest, I went looking for a place to grab lunch and all the restaurants near the hotel were packed, so I decided to walk further out.

Picture of the wide Brazos river from under the Congress Avenue bridge

The Brazos River flows through Austin, and so I decided to take a walk on the paths beside it. The river plays a role in the latest Neal Stephenson novel called Termination Shock. I really enjoyed reading it and, spoiler alert, it does actually have an ending (fans of Stephenson’s work will know what I’m talking about).

I walked under the Congress Avenue bridge, which I learned was home to the largest urban bat colony in the world. I heard mention at the conference of “going to watch the bats” and now I had context.

A sign stating that drones were not permitted to fly near the bat colony under the Congress Avenue bridge

Back at the Sponsor Showcase I made my way over to the Fermyon booth where I spent a lot of time talking with Mikkel Mørk Hegnhøj. When I asked if they had any referenceable customers he laughed, as they have only been around for a very short amount of time. He did tell me that in addition to the cat game they had a project called Bartholomew that is a CMS built on Fermyon and Wasm, and that was what they were using for their own website.

Picture the Fermyon booth with people clustered around

If you think about it, it makes sense, as a web server is, at its heart, a fileserver, and those already run well as a microservice.

They had a couple of devices up so that people could play Finicky Whiskers, and if you got a score of 100 or more you could get a T-shirt. I am trying to simplify my life which includes minimizing the amount of stuff I have, but their T-shirts were so cool I just had to take one when Mikkel offered.

Note that when I got back to my room and actually played the game, I came up short.

A screenshot of my Finicky Whiskers score of 99

The Showcase closed around 4pm and a lot of the sponsors were eager to head out, but air travel disruptions affected a lot of them. I’m staying around until Saturday and so far so good on my flights. I’m happy to be traveling again but I can’t say I’m enjoying this travel anxiety.

[Note: I overcame by habit of sitting toward the back and off to the side so the quality of the speaker pictures has improved greatly.]

by Tarus at June 24, 2022 08:01 PM

June 23, 2022

2022 Open Source Summit – Day 2

The word for Day 2 of the Open Source Summit is SBOM.

When I first heard the term my thought was that someone had spoken a particular profanity at an inappropriate time, but SBOM in this context means “Software Bill of Materials”. Open source is so prevalent these days that it is probably included in a lot of the software you use and you may not be aware of it, so when an issue is discovered such as Log4shell it can be hard to determine what software is affected. The idea of asking all vendors (both software-only and software running on devices) to provide an SBOM is a first step to being able to audit this software.

It isn’t as easy as you might think. The OpenNMS project I was involved with used over a hundred different open source libraries. I know because I once did a license audit to make sure everything being used had compatible licenses. I also have used Black Duck Software (now Synopsys) to generate a list of included software, and it looks like they now offer SBOM support as well, but I get ahead of myself.

Note that Synopsys is here in the Sponsor Showcase but when I stopped by the booth no one was there.

Getting back to the conference, the second morning keynotes were more sparsely attended than yesterday, but the room was far from empty. The opening remarks were given by Mike Dolan, SVP and GM of Projects at the Linux Foundation, and he was a last minute replacement for Jim Zemlin, who was not feeling well.

Picture of Mike Dolan on stage

Included in the usual housekeeping announcements was a short “in memoriam” for Shubhra Kar, the Linux Foundation CTO who passed away unexpectedly this year.

Dolan also mentioned that the Software Package Data eXchange (SPDX) open standard used for creating SBOMs had turned 10 years old (and it looks like it will hit 11 in August). This was relevant because with applications of any complexity including hundreds if not thousands of open source software projects, there had to be some formal way of listing them for analysis in an SBOM, and most default to SPDX.

The next speaker was Hilary Carter who is in charge of research for the Linux Foundation.

Picture of Mike Dolan and Hilary Carter on stage

She spoke on the work the Linux Foundation is doing to measure the worldwide impact of open source. As part of that she mentioned that there is a huge demand for open source talent in the market place, but there are also policy barriers for employees of many companies to contribute to open source. She also brought up SBOMs as a way to determine how widespread open source use is in modern applications.

Stylized Mercator Map Projection

Since diversity has been a theme at this conference I wanted to address a pet peeve of mine. This is a slide from Carter’s presentation and it uses a stylized Mercator projection to show the world. I just think it is about time we stop using this projection, as the continent highlighted, Africa, is actually much, much larger in proportion to the other continents than is shown on this map. As an alternative I would suggest the Gall-Peters projection.

Gall-Peters projection of the world yoinked from Wikipedia

To further digress, I asked my friend Ben to run “stylized Gall-Peters projection” through Midjourney but I didn’t feel comfortable posting any of the results (grin).

Anyway, enough of that. The next presenter was Kevin Jakel, who founded Unified Patents.

Picture of Kevin Jakel on stage

The goal of Unified Patents is to protect open source from patent trolls. Patent trolls are usually “non-practicing entities” who own a lot of patents but exist to extract revenue from companies they believe are infringing upon them versus building products. Quite frequently it is cheaper to settle than pursue legal action against these entities and this just encourages more actions on the part of the trolls.

The strategy to combat this is described as “Detect, Disrupt and Deter”. For a troll, the most desired patents are ones that are broad, as this means more companies can be pursued. However, overly broad patents are also subject to review, and if the Patent and Trademark Office is convinced a patent isn’t specific enough it can invalidate it, destroying the revenue stream for the patent troll.

I’m on the fence over software patents in general. I mean, let’s say a company could create a piece of software that exactly modeled the human body and how a particular drug would interact with it, I think that deserves some protection. But I don’t think that anyone owns the idea of, say, “swipe left to unlock”. Also it seems like software rights could be protected by copyright, but then again IANAL (one source for more information on this is Patent Absurdity)

Picture of Amir Montezary on stage

The next person on stage was Amir Montazery, of the Open Source Technology Improvement Fund. The mission of the OSTIF is to help secure open source software. They do this through both audits and fundraising to provide the resources to open source projects to make sure their software is secure as possible.

Jennings Aske, of New York-Presbyterian Hospital spoke next. I have worked a bit with technology in healthcare and as he pointed out there are a lot of network connected devices used in medicine today, from the devices that dispense drugs to the hospital beds themselves. Many of those do not have robust security (and note that these are proprietary devices). Since a hack or other breach could literally be a life and death situation, steps are being taken to mitigate this.

Picture of Jennings Aske on stage

I enjoyed this talk mainly because it was from the point of view of a consumer of software. As customers are what drive software revenues, they stand the best chance in getting vendors to provide SBOMs, along with government entities such as the National Telecommunications and Information Administration (NTIA). The NTIA has launched an effort called Software Component Transparency to help with this, and Jennings introduced a project his organization sponsors called DaggerBoard that is designed to scan SBOMs to look for vulnerabilities.

Picture of Arun Gupta on stage

The next keynote was from Arun Gupta of Intel. His talk focused on building stronger communities and how Intel was working to build healthy, open ecosystems. He pointed out that open source is based largely on trust, which is an idea I’ve promoted since I got involved in FOSS. Trust is something that can’t be bought and must be earned, and it is cool to see large companies like Intel working toward it.

Picture of Melissa Smolensky on stage

The final presenter was Melissa Smolensky from Gitlab who based her presentation around a “love letter to open source”. It was cute. I too have a strong emotional connection to my involvement in free and open source software that I don’t get anywhere else in my professional life, at least to the same degree.

I did get to spend some time near the AWS booth today, and after chatting at length with the FreeRTOS folks I happened to be nearby when Chris Short did a presentation on GitOps.

Chris Short presenting GitOps

In much the same way that Apple inspired a whole generation of Internet-focused products to put an “i” in front of their name, DevOps has spawned all kinds of “Ops” such as AIOps and MLOps and now GitOps. The idea of DevOps was built around creating processes to more closely tie software development to software operation and deployment, and key to this was configuration management software such as Puppet and Ansible. Instead of having to manage configuration files per instance, one could store them centrally and use agents to deploy them into the environment. This central repository allows for a high degree of control and versioning.

It is hard to think of a better tool for versioning than git, and thus GitOps was born. Software developed using GitOps is controlled by configuration files (usually in YAML) and using git to make changes.

While I am not an expert on GitOps by any means, suppose your application used a configuration file to determine the various clusters to create. To generate a new cluster you would just edit the file in your local copy of the repo, git commit and git push.

You application would then use something like Flux (not to be confused with the Flux query language from InfluxData) to note that a change has occurred and then do a git pull which would then cause the change to be applied.

Pretty cool, huh? A lot of people are familiar with git so it makes the DevOps learning curve a lot less steep. It also allows for the configuration of multiple repositories so you can control, say, access to secrets differently than the main application configuration.

Spot Callaway and Brian Proffitt

Also while I was in the booth I got this picture of two Titans of Open Source, Spot Callaway and Brian Proffitt. Oh yeah.

My final session of the day was given by Kelly O’Malley of Databricks on Delta Lake.

Kelly O'Malley presenting on Delta Lake

Now as someone who has given a lot of talks, I try to be respectful of the presenter and with the exception of the occasional picture and taking notes I try to stay off my phone. I apologized to her afterward as I was spending a lot of time looking up terms with which I was unfamiliar, such as “ACID” and “parquet“.

Delta Lake is an open source project to create a “Lakehouse”. The term is derived from a combination of “Data Warehouse” and “Data Lake“.

Data warehouses have been around for a very long time (in one of my first jobs I worked for a VAR that built hardware solutions for storing large data warehouses) and the idea was to bring together large amounts of operational data into one place so that “business intelligence” (BI) could be applied to help make decisions concerning the particular organization. Typically this data has been very structured, such as numeric or text data.

But people started figuring out that a lot of data, such as images, needed to be stored in more of a raw format. This form of raw data didn’t lend itself well to the usual BI analysis techniques.

Enter Delta Lake. Based on Apache Spark, it attempts to make data lakes more manageable and to make them as useful as data warehouses. I’m eager to find the time to learn more about this. When I was at OpenNMS we did a proof of concept about using Apache Spark to perform anomaly detection and it worked really well, so I think it is perfectly matched to make data lakes more useful.

My day ended at an internal event sponsored by Nithya Ruff, who in addition to being the chairperson of the Linux Foundation is also the head of the AWS OSPO. I made a number of new friends (and also got to meet Amir Montazery from the morning keynotes in person) but ended up calling it an early night because I was just beat. Eager to be fresh for the next day of the conference.

by Tarus at June 23, 2022 05:48 PM

June 22, 2022

2022 Open Source Summit – Day 1

The main activities for the Open Source Summit kicked off on Tuesday with several keynote sessions. The common theme was community and security, including the Open Source Security Foundation (OpenSSF).

The focus on security doesn’t surprise me. I was reminded of this xkcd comic when the Log4shell exploit hit.

An xkcd comic showing how complex digital architecture depends on little known, small projects

At the time I was consulting for a bank and I called the SVP and said “hey, we really need to get ahead of this” and he was like “oh, yeah, I was invited to a security video call a short while ago” and I was like “take the call”.

I managed to squeeze into the ballroom just before the talks started, and I was happy to see the room was packed, and would end up with a number of people standing in the back and around the edges.

People in the hotel ballroom watching the keynote presentations

The conference was opened by Robin Bender Ginn, Executive Director of the OpenJS Foundation.

Picture of Robin Bender Ginn on stage

After going over the schedule and other housekeeping topics, she mentioned that in recognition of Pride Month the conference was matching donations to the Transgender Education Network of Texas (TENT) as well as Equality Texas, up to $10,000.

In that vein the first person to speak was Aeva Black, and they talked about how diversity can increase productivity in communities, specifically open source communities, by bringing in different viewpoints and experiences. It was very well received, with many people giving a standing ovation at its conclusion.

Picture of Aeva Black on stage

The next speaker was Eric Brewer from Google (a platinum sponsor) and his talk focused on how to improve the robustness and security of open source (and he joked about having to follow Black with such a change of topic). Free software is exactly that, free and “as is”. So when something like Log4shell happens that impacts a huge amount of infrastructure, there is really no one who has an implicit obligation to rectify the issue. That doesn’t prevent people from trying to force someone to fix things, as this infamous letter to Daniel Stenberg demonstrates.

Picture of Eric Brewer on stage

Brewer suggests that we work on creating open source “curators” who can provide commercial support for open source projects. In some cases they could be the maintainer, but it is not necessary. When I was at OpenNMS our support offerings provided some of this indemnification along with service levels for fixing issues, but of course that came at a cost. I think it is going to take some time for people to realize that free software does not mean a free solution, but this idea of curators is a good start.

I got the feeling that the next presentation was one reason the hall was so packed as Linus Torvalds and Dirk Hohndel took the stage. Linus will be the first to admit that he doesn’t like public speaking, but I found that this format, where Dirk asked him questions and he responded, worked well. Linus, who is, well, not known for suffering fools gladly, admitted and apologized for his penchant for being rather sharp in his criticism, and when Dirk asked if he was going to be nicer in the future Linus said, no, he probably wouldn’t so he wanted to proactively apologize. That made me chuckle.

Picture of Linus Torvalds and Dirk Hohndel on stage

This was followed by a security-focused presentation by Todd Moore from IBM, another platinum sponsor. He also addressed trying to improve open source security but took an angle more aimed at government involvement. Digital infrastructure is infrastructure, much like bridges, roads, clean water, etc., and there should be some way for governments to fund and sponsor open source development.

Picture of Todd Moore on stage

The final keynote for today was a discussion with Amy Gilliland who is the President of General Dynamics Information Technology (GDIT). In a past life I worked quite a bit with GDIT (and you have to admit, that can be a pretty appropriate acronym at times) and it is nice to see a company that is so associated with more secretive aspects of government contracting focusing on open source solutions.

Picture of Amy Gilliland on stage

After the keynotes I visited the Sponsor Hall to see the AWS booth. It was pretty cool. As a diamond sponsor it is right in front as you enter.

AWS Booth in the Sponsor Hall

There were people from a number of the open source teams at AWS available to do presentations, including FreeRTOS and OpenSearch.

People in the Sponsor Hall

I don’t have booth duty this conference so I decided to wander around. I thought it was laid out well and it was interesting to see the variety of companies with booths. I did take some time to chat with the folks at Mattermost.

Mattermost Booth in the Sponsor Hall

While I’m a user of both Discord and Slack, I really, really like Mattermost. It is open source and provides a lot of the same functionality as Slack, and you can also host it yourself which is what the OpenNMS Project does. If you don’t want to go to the trouble of installing and maintaining your own instance, you can get the cloud version from Mattermost, and I learned that as of version 7 there is a free tier available so there is nothing preventing you from checking it out.

A selfie featuring me and whurley

I did take a short break from the conference to grab lunch with my friend William Hurley (whurley). It had been at least three years since we’d seen each other face to face and, thinking back, I was surprised at the number of topics we managed to cover in our short time together. He is an amazing technologist currently working to disrupt, and in many ways found, commercial quantum computing through his company StrangeWorks. He also made me aware of Amazon Braket, which lets those of us who aren’t whurley to access quantum computing services. I’m eager to check it out as it is an area that really interests me.

After lunch I was eager to see a presentation on InfluxDB by Zoe Steinkamp.

A picture of Zoe Steinkamp presenting on InfluxDB

Time series data collection and storage was a focus of mine when I was involved in monitoring, and Influx is working to make flexible solutions using open source. Steinkamp’s presentation was on combining data collection at the edge with backend storage and processing in the cloud. Influx had a working example of a device that would monitor the conditions of a plant (she’s an avid gardener) such as temperature and moisture, and this data was collected locally and then forwarded to the cloud. They have a new technology called Edge Data Replication designed to make the whole process much more robust.

I was excited to learn about their query language. Many time series solutions focus so much on obtaining and storing the data and not enough on making that data useful, which to me seems to be the whole point. I’m eager to play with it as soon as I can.

One thing that bothered me was that the hotel decided to have the windows washed in the middle of the presentation.

A picture a window washer

Steinkamp did a great job of soldiering through the noise and not letting it phase her.

The evening event was held at Stubbs restaurant, which is also a music venue.

The Stubbs Restaurant sign feature a billboard welcoming the Open Source Summit

I’ve been a fan of Stubbs barbecue sauce for years so it was cool to go to the restaurant that bears his name, even though the Austin location was opened in 1996, a year after Christopher B. Stubblefield died.

It was a nice end to a busy day, and I look forward to Day 2.

by Tarus at June 22, 2022 06:08 PM

June 21, 2022

2022 Open Source Summit – Day 0

Monday was a travel day, but it was notable as it was the first time I have been in an airport since August. I fly out of RDU, and the biggest change was that they now have the “Star Trek” x-ray machines to scan carry-on luggage. While I was panicked for a second when I downloaded my boarding pass and didn’t see the TSA Precheck logo, I was able to get that sorted out so going through security was pretty easy.

The restrictions on masks for air travel have been lifted, but I wore mine along with about 10% of the other travelers. Even though I’ve had four shots and a breakthrough case of COVID I do interact with a lot of older people and since I’ll be around the most people in years at the Open Source Summit I figured I’d wear mine throughout the trip.

And while it isn’t N95, being a car nut I tried out these masks from K&N Engineering, who are known for high end air filtration for performance vehicles, and you almost don’t realize you are wearing a mask.

Anyway, I made my way to the Admiral’s Club and was pleasantly surprised to see it wasn’t very crowded. It was nice to have the membership (it comes with my credit card) as my flight to Charlotte was delayed over 90 minutes. I wasn’t too worried since I had a long layover before heading to Austin, so I was a lot less stressed than many of my fellow travelers.

The flight to Austin left on time and landed early, but we got hit with the curse in that our gate wasn’t available, so we ended up on the tarmac for 45 minutes, getting in 30 minutes late.

Not that I’m complaining. Seriously, according to my handy the trip from my home to Austin by car is 19 hours. From the moment I left my home until we landed was more like 8 hours, and most of that was enjoyable. I always have to remind myself of this wonderful clip by Louis CK which kind of sums up the amazing world in which we live where every time we fly we should be saying to ourselves “I’m in a chair in the sky!”

I checked in at the hotel and then we headed back out in our rented minivan to get the last member of our team, and then we drove about 45 minutes outside of Austin to this barbecue joint called Salt Lick in Driftwood Texas. It was wonderful and I was told we owed this experience to a recommendation years ago from Mark Hinkle, so thanks Mark!

A white van in the parking lot of the Salt Lick barbecue restaurant

You can’t really tell a good barbecue restaurant by its looks, although shabbier tends to be better, but more by the smell. When you get out of your vehicle your nose is so assaulted with the most wonderful smell you might be drawn to the entrance so quickly that you miss the TARDIS.

A British Police box that looks like the TARDIS from Doctor Who in the parking lot of the Salt Lick barbecue restaurant

We sat at a big picnic table and ordered family style, which was all you could eat meat, slaw, baked beans, bread, pickles and potato salad. I was in such a food coma by the end that I forgot to take a picture of the cobbler.

A table full of food at the Salt Lick barbecue restaurant

I tried not to fall asleep on the ride back to Austin (I wasn’t driving) but it was a great start to what I hope is a wonderful week.

by Tarus at June 21, 2022 01:15 PM

June 16, 2022

2022 Open Source Summit North America

Next week I’ll be attending my first conference in nearly three years. My last one turned out to be the very last OSCON back in 2019. Soon after that I was in a bad car accident that laid me up for many months and then COVID happened.

Open Source Summit Logo Showing Member Conferences

I am both eager and anxious. Even having four vaccine shots and one breakthrough case I still feel a little exposed around large groups of people, but the precautions outlined in the “Health and Safety” section of the conference website are pretty robust and I am eager to see folks face-to-face (or mask-to-mask) once again.

The Linux Foundation’s Open Source Summit used to be known as Linuxcon and now it is an umbrella title for a number of conferences around open source, all of which look cool. My new employer, AWS, is a platinum sponsor and will also have a booth (I am not on booth duty this trip but I’ll be around). I am looking forward to getting to meet in person many of my teammates who I’ve only seen via video, old friends I haven’t seen in years, and to making a bunch of new ones.

Of course, we would have to have a conference in Austin during a heat wave. I was thinking about never leaving the conference venue but then I remembered … barbecue.

If you are going and would like to say “hi” drop me a note on Twitter or LinkedIn or send an e-mail to tarus at tarus dot io.

by Tarus at June 16, 2022 04:41 PM

June 15, 2022

In Pursuit of Quality Interactions

Recently my friend Jonathan had a birthday, and I sent him a short note with best wishes for the day and to let him know I was thinking about him.

In his reply he included the following paragraph:

[I] was reminded of your comment about a sparsely attended OUCE conference at Southampton one year. You said something along the lines of that it didn’t matter, that you would try to make it the best experience you could for everyone there. That stuck with me. It’s been one of my mantras ever since then.

I can remember talking about that, although I also remember I was very ill during most of that conference and spent a lot of time curled up in my room.

Putting on conferences can be a challenge. You don’t know how many people will show up, but you have to plan months in advance in order to secure a venue. Frequently we could use information about the previous conference to approximate the next one, but quite often there were a number of new variables that were hard to measure. In this case moving the conference from Germany, near Frankfurt, to Southampton in the UK resulted in a lot less people coming than we expected.

It is easy to get discouraged when this happens. I have given presentations in full rooms where people were standing in the back and around the edges, and I have given presentations to three people in a large, otherwise empty room. In both cases I do my best to be engaging and to meet the expectations of those people who were kind enough to give me their attention.

I think this is important to remember, especially in our open source communities. I don’t think it is easy to predict which particular people will become future leaders on first impressions, so investing a little of your attention in as many people as possible can reap large results. I can remember when I started in open source I’d sometimes get long e-mails from people touting how great they were, which was inevitably followed up with a long list of things I needed to do to make my project successful. Other times I’d get a rather timid e-mail from someone wanting to contribute, along with some well written documentation or a nice little patch or feature, and I valued those much more.

I can remember at another OUCE we ended up staying at a hotel outside of Fulda because another convention (I think involving public service vehicles like fire trucks and ambulances) was in town at the same time. There was a van that would pick us up and take us into town each morning, and on one day a man named Ian joined me for the ride. He was complaining about how his boss made him come to the conference and he was very unhappy about being there. I took that as a challenge and spent some extra time with him, and by the end of the event he had become one of the project’s biggest cheerleaders.

Or maybe it was just the Jägermeister.

In the book Zen and the Art of Motorcycle Maintenance the author Robert Persig demonstrates a correlation between “attention” and “quality”. In today’s world I often find it hard to focus my attention on any one thing at a time, and it is something I should improve. But I do manage to put a lot of attention into person-to-person interactions, and that has been very valuable over the years.

In any case I was touched that Jonathan remembered that from our conversation, and it helps to be reminded. It also motivated me to write this blog post (grin).

by Tarus at June 15, 2022 01:25 PM

June 08, 2022

AWS: Impressions So Far

When I announced that I had joined AWS, at least two of my three readers reached out with questions so I thought I’d post an update on my onboarding process and impressions so far.

One change you can expect is that when I talk about my job on this blog, I’m going to add the following disclaimer:

Note: Everything expressed here represents my own thoughts and opinions and I am not speaking for my employer Amazon Web Services.

Back when I owned the company I worked for I had more control about what I could share publicly. While I am very excited to be working for AWS and may, at some time in the future, speak on their behalf, this is not one of those times.

A number of people joked about me joining the “dark side”. My friend Talal even commented on my LinkedIn post with the complete “pitch speech” Darth Vader made to Luke Skywalker in Empire. While I got the joke I’d always had a pretty positive opinion of Amazon, gained mainly through being a retail customer.

I recently went and traced what I think to be my first interaction with Amazon back to a book purchase made in December of 1997. In the nearly 25 years I’ve been shopping there I can think of only two times that I was disappointed with their customer service (both involving returns) and numerous times when my expectations were exceeded by Amazon. For example, I once spent around $70 on two kits used to clean high performance automotive air filters. In shipment one of them leaked, and I asked if I could return it. They told me to keep both and refunded the whole $70, even after I protested that I’d be happy with half that.

It was this focus on customer service that attracted me to the possibility of working with Amazon. When I was at OpenNMS I crafted a mission statement that read “Help Customers. Have Fun. Make Money”. I thought I came up with it on my own but I may have gotten inspiration from a Dilbert cartoon, although I changed the order to put the focus on customers. I always put a high value on customer satisfaction.

I have also been a staunch, and I’ll admit, opinionated, proponent of free and open source software and nearly 20 years of those opinions are available on this blog. Despite that, AWS still wanted to talk to me, and as I went through the interview process I really warmed to the idea of working on open source at AWS.

Just before I started I received a note from the onboarding specialist with links to content related to Amazon’s “peculiar” culture. When I read the e-mail I was pretty certain they meant “particular”, as “particular” implies “specific” and “peculiar” implies “strange”. Nope, peculiar is the word they meant to use and I’m starting to understand why. They are so laser-focused on customer satisfaction that their methods can seem strange to people used to working in other companies.

As you can imagine with a company that has around 1.6 million employees, they have the onboarding process down to a science. My laptop and supporting equipment showed up before my start date, and with few problems I was able to get on the network and access Amazon resources. These last two weeks have been packed with meeting people, attending virtual classes with other new hires, and going through a lot of online training. One concept they introduce early on is the idea of “working backwards”. At Amazon, everything starts from the customer and you work backwards from there. After having this drilled into my head in one of the online courses it was funny to watch a video of Jeff Bezos during an All Hands meeting where someone asks if the “working backwards” process is optional.

Based on my previous experience with large companies I was certain of the answer: no, working backwards is not optional. Period.

But that wasn’t what he said. He said it wasn’t optional unless you can come up with something better. I know it is kind of a subtle distinction but it really resonated with me, as it drove home the fact that at Amazon no process is really written in stone. Everything is open to change if it can be improved. As I learn more about Amazon I’ve found that there are many “tenets”, or core principles, and every one of them is presented in the context that these exist until something better is discovered, and there seem to be a lot of processes in place to suggest those improvements at all levels of the company.

If there is anything that isn’t open to change, it is the goal of becoming the world’s most customer-centric company. While a lot of companies can claim to be focused on their customers without many specifics, at Amazon this is defined has having low prices, large selection and a great customer experience. Everything else is secondary.

I bring this up because it is key to understanding Amazon as a company. To get back to my area of expertise, open source, quite frequently open source involvement is measured by things such as number of commits, lines of code committed, number of projects sponsored and number of contributors. That is all well and good but seen through the lens of customer satisfaction they mean nothing, so they don’t work at Amazon. Amazon approaches open source as “how can our involvement improve the experience of our customers?”

(Again, please remember that is my personal opinion based on my short tenure at AWS and doesn’t constitute any formal policy or position)

Note that with respect to open source at AWS, “customer” can refer to both end users of software who want an easy and affordable way to leverage open source solutions as well as open source projects and companies themselves. My focus will be on the latter and I’m very eager to begin working with all of these cool organizations creating wonderful open source solutions.

This focus may not greatly increase those metrics mentioned above, but it is hoped that it will greatly increase customer satisfaction.

So, overall, I’m very happy with my decision to come to AWS. I grew up in North Carolina where the State motto is Esse Quam Videri, which is Latin for “to be rather than to seem”. My personal goal is to see AWS considered both a leader and an invaluable partner for open source companies and projects. I realize that won’t happen overnight and I welcome suggestions on how to reach that goal. In any case it looks like it is going to be a lot of fun.

by Tarus at June 08, 2022 04:20 PM

May 25, 2022

Creating Strong Passwords

For obvious reasons I’ve been creating some new passwords lately, and I wanted to share my method for creating strong passwords that are easy to remember yet hard to guess.

Of course, Randall Munroe set the bar with this comic:

xkcd Password Strength comic

It does make a lot of sense, but the method has its critics. Attackers can and do use random word generators which can break such passwords more quickly, even with, say, substituting “3” for “e”, etc.

There is also a good argument to be made that we should all be using password managers that generate long random passwords and not really creating passwords at all.

Then there is the very good idea of using two factor authentication, but that tends to augment passwords more than replace them.

In normal life you have to have at least a few passwords memorized, such as the one to get into your device and one to get into your password manager, so I thought I’d share my technique.

I like music, and I tend to listen to pretty obscure artists. What I do is to think of a random lyric from a song I like and then convert that into a password.

For example, right now I’m listening to the album Wet Tennis by Sofi Tukker. The track that gives me the biggest earworm is “Original Sin” which opens with the lyric:

So I think you’ve got
Something wrong with you
Something’s not right with me, too
It’s not right with me

If I were going to turn that into a password, I would come up with something like:

sItUgswwysnrwm,2inrwm

Looks pretty random, and contains lower case and upper case letters, a number and a special character. At 21 characters it isn’t quite as long as “correcthorsebatterystaple” but you can always add more words from the lyrics if needed.

Just thought I’d throw this out there as it works for me. The only thing I have to remember is not to hum the song while logging in.

by Tarus at May 25, 2022 01:54 PM

May 23, 2022

The Adventure Continues

Last year I wrote about parting ways with the OpenNMS Project and how I was ready for “Act III” of my professional career.

With my future being somewhat of a tabula rasa, I was a bit overwhelmed with choices, so I decided to return to my roots and dust off my consulting LLC. Soon I found myself in the financial sector helping to deploy network monitoring and observability solutions.

I was working with some pretty impressive applications and it was interesting to see the state of the art for monitoring. We’ve come a long way since SNMP. It was engaging and fun work, but all the software was proprietary and I missed the open source aspect.

Recently, Spot Callaway made me aware of an opportunity at Amazon Web Services for an open source evangelist position. Of all the things I’ve done in my career, acting as an evangelist for open source solutions was my favorite thing to do and here was a chance to do it full time. I will admit that Amazon was not the first name that popped into my head when I think “open source” but as I got to learn more about the team and AWS’s open source initiatives, the more interested I became in the position. After I made it through their rather intense interview process and met even more people with whom I’ll be working, it became a job I couldn’t refuse.

So I’m happy to announce that I’m now a Principal Evangelist at AWS, reporting to David Nalley, who, in addition to being a pretty awesome boss is also the current President of the Apache Software Foundation. OpenNMS would not have existed without software from the ASF, and it will be cool to learn, in addition, more about that organization first hand.

My main role will be to work with open source companies as an advocate for them within AWS. The solutions AWS provides can help jumpstart these companies toward profitability by providing the resources they need to be successful and to affordably grow as their needs change. While I am just getting started within the organization and it will take me some time to learn the ropes, I am hoping my own experience in running an open source business will provide a unique insight into issues faced by those companies.

Exciting times, so watch this space as my open source adventures continue.

by Tarus at May 23, 2022 03:22 PM

May 09, 2022

“Run-of-the-Mill Person”

I just noticed that my Wikipedia page has been deleted (the old version is still on the Internet Archive).

I’m not sure how I feel about this. When I was first made aware of its existence oh so many years ago I was both flattered and a little embarrassed, mainly because I didn’t think I rated a page on Wikipedia. But then I got to thinking that, hey, pretty much anyone should be able to have a page on Wikipedia as long as it adheres to their format guidelines. It’s not like it takes up much space, and as long as the person is verifiable as being a real person, why not?

I am certain I would have been okay with my page being deleted soon after it was created, but once you get used to having something, earned or not, there is a strong psychological reaction to having it taken away. From what I can tell the page was created in 2010, so it had been around for nearly 12 years with no one complaining.

The most hurtful thing was a comment about the deletion from EdwardX from London:

Nothing cited in the article counts towards WP:GNG, and I can find nothing better online. Run-of-the-mill person.

Really? Was the “Run-of-the-mill person” comment really necessary? (grin)

I’m still happy about what I was able to accomplish with OpenNMS and building the community around it, even if it was run-of-the-mill, and I plan to promote open source and open source companies for the remainder of my career, even if that isn’t Wikipedia-worthy.

by Tarus at May 09, 2022 12:19 PM

February 19, 2022

Nineteen Years

Nineteen years ago my friend Ben talked me into starting this blog. I don’t update it as frequently any more for a variety of reasons, specifically because more people interact on social media these days and I’m not as involved in open source as I used to be, but it is still somewhat of an achievement to keep something going this long.

My “adventures” in open source started out on September 10th, 2001, when I started a new job with a company called Oculan to work on their open source monitoring platform OpenNMS. In May of 2002 I became the lead maintainer on the project, and by the time I started this blog I’d been at it for several months. Back then blogs were one of the main ways an open source project could communicate with its community.

The nearly two decades I spent with OpenNMS were definitely an adventure, and this site can serve as a record of both those successes and those struggles.

Nineteen years ago open source was very different than it is today. Today it is ubiquitous: I think it would be rare for a person to go a single day without interacting with open source software in some fashion. But back then there was still a lot of fear, uncertainty and doubt about using it, with a lot of confusion about what it meant. Most people didn’t take it seriously, often comparing it to “shareware” and never believing that it would ever be used for doing “real” things. On a side note, even in 2022 I recently had one person make the shareware comparison when I brought up Grafana, a project that has secured nearly US$300 million in funding.

Back then we were trying to figure out a business model for open source, and I think in many ways we still are. The main model was support and services.

You would have thought this would have been more successful than it turned out to be. Proprietary software costing hundred of thousands if not millions of dollars would often require that you purchase a maintenance or support contract running anywhere from 15% to 25% of the original software cost per year just to get updates and bug fixes. You would think that people would be willing to pay that amount or less for similar software, avoiding the huge upfront purchase, but that wasn’t the case. If they didn’t have to buy support they usually wouldn’t. Plus, support doesn’t easily scale. It is hard finding qualified people to support complex software. I’d often laugh when someone would contact me offering to double our sales because we wouldn’t have been able to handle the extra business.

One company, Red Hat, was able to pull it off and create a set of open source products people were willing to purchase at a scale that made them a multi-billion dollar organization, but I can’t think of another that was able to duplicate that success.

Luckily, the idea of “hosted” software gained popularity. One of my favorite open source projects is WordPress. You are reading this on a WordPress site, and the install was pretty easy. They talk about a “five minute” install and have done a lot to make the process simple.

However, if you aren’t up to running your own server, it might as well be a five year install process. Instead, you can go to “wordpress.com” and get a free website hosted by them and paid for by ads being shown on your site, or you can remove those ads for as little as US$4/month. One of the reasons that Grafana has been able to raise such large sums is that they, too, offer a hosted version. People are willing to pay for ease of use.

But by far the overwhelming use of open source today is as a development methodology, and the biggest open source projects tend to be those that enable other, often proprietary, applications. Two Sigma Ventures has an Open Source Index that tries to quantify the most popular open source projects, and at the moment these include Tensorflow (a machine learning framework), Kubernetes (a container orchestration platform) and of course the Linux kernel. What you don’t see are end user applications.

And that to me is a little sad. Two decades ago the terms “open source” and “free software” were often used interchangeably. After watching personal computers go from hobbyists to mainstream we also saw control of those systems move to large companies like Microsoft. The idea of free software, as in being able to take control of your technology, was extremely appealing. After watching companies spend hundreds of thousands of dollars on proprietary software and then being tied to those products, I was excited to bring an alternative that would put the power of that software back into the hands of the users. As my friend Jonathan put it, we were going to change the world.

The world did change, but not in the way we expected. The main reason is that free software really missed out on mobile computing. While desktop computers were open enough that independent software could be put on them, mobile handsets to this day are pretty locked down. While everyone points to Android as being open source, to be honest it isn’t very useful until you let Google run most of it. There was a time where almost every single piece of technology I used was open, including my phone, but I just ran out of time to keep up with it and I wanted something that just worked. Now I’m pretty firmly back into the Apple ecosystem and I’m amazed at what you can do with it, and I’m so used to just being able to get things going on the first try that I’m probably stuck forever (sigh).

I find it ironic that today’s biggest contributors to open source are also some of the biggest proprietary software companies in the world. Heck, even Red Hat is now completely owned by IBM. I’m not saying that this is necessarily a bad thing, look at all the open source software being created by nearly everyone, but it is a long way from the free software dream of twenty years ago. Even proprietary, enterprise software has started to leverage open APIs that at least give a nod to the idea of open source.

We won. Yay.

Recently some friends of mine attended a fancy, black-tie optional gala hosted by the Linux Foundation to celebrate the 30th anniversary of Linux. Most of them work for those large companies that heavily leverage open source. And while apparently a good time was had by all, I can’t help but think of, say, those developers who maintain projects like Log4j who, when there is a problem, get dumped on to fix it and probably never get invited to cool parties.

Open source is still looking for a business model. Heck, even making money providing hosted versions of your software is a risk if one of the big players decides to offer their version, as to this day it is still hard to compete with a Microsoft or an Amazon.

But this doesn’t mean I’ve given up on open source. Thanks to the Homebrew project I still use a lot of open source on my Macintosh. I’m writing this using WordPress on a server running Ubuntu through the Firefox browser. I still think there are adventures to be had, and when they happen I’ll write about them here.

by Tarus at February 19, 2022 02:42 PM

February 08, 2022

Nextcloud News

I think the title of this post is a little misleading, as I don’t have any news about Nextcloud. Instead I want to talk about the News App on the Nextcloud platform, and I couldn’t think of a better one.

I rely heavily on the Nextcloud News App to keep up with what is going on with the world. News provides similar functionality to the now defunct Google Reader, but with the usual privacy bonuses you expect from Nextcloud.

Back before social networks like Facebook and Twitter were the norm, people used to communicate through blogs. Blogs provide similar functionality: people can write short or long form posts that will get published on a website and can include media such as pictures, and other people can comment and share them. Even now when I see an incredibly long thread on Twitter I just wish the author would have put it on a blog somewhere.

Blogs are great, since each one can be individually hosted without requiring a central authority to manage it all. My friend Ben got me started on my first blog (this one) that in the beginning was hosted using a program called Moveable Type. When their licensing became problematic, most of us switched to WordPress, and a tremendous amount of the Web runs on WordPress even now.

Now the problem was that the frequency that people would post to their blogs varied. Some might post once a week, and others several times an hour. Unless you wanted to go and manually refresh their pages, it was difficult to keep up.

Enter Really Simple Syndication (RSS).

RSS is, as the name implies, an easy way to summarize content on a website. Sites that support RSS craft a generic XML document that reflects titles, descriptions, links, etc. to content on the site. The page is referred to as a “feed” and RSS “readers” can aggregate the various feeds together so that a person can follow the changes on websites that interest them.

Google Reader was a very useful feed reader that was extremely popular, and it in turn increased the popularity of blogs. I put some of the blame on Google for the rise of the privacy nightmare of modern social networks on their decision to kill Reader, as it made individual blogs less relevant.

Now in Google’s defense they would say just use some other service. In my case I switched to Feedly, an adequate Reader replacement. The process was made easier by the fact that most feed readers support a way to export your configuration in the Outline Processor Markup Language (OPML) format. I was able to export my Reader feeds and import them into Feedly.

Feedly was free, and as they say if you aren’t paying for the product you are the product. I noticed that next to my various feed articles Feedly would display a count, which I assume reflected the number of Feedly users that were interested in or who had read that article. Then it dawned on me that Feedly could gather useful information on what people were interested in, just like Facebook, and I also assume, if they chose, they could monetize that information. Since I had a Feedly account to manage my feeds, they could track my individual interests as well.

While Feedly never gave me any reason to assign nefarious intentions to them, as a privacy advocate I wanted more control over sharing my interests, so I looked for a solution. As a Nextcloud fan I looked for an appropriate app, and found one in News.

News has been around pretty much since Nextcloud started, but I rarely hear anyone talking about its greatness (hence this post). Like most things Nextcloud it is simple to install. If you are an admin, just click on your icon in the upper right corner and select “+ Apps”. Then click on “Featured apps” in the sidebar and you should be able to enable the “News” app.

That’s it. Now in order to update your feeds you need to be using the System Cron in Nextcloud, and instructions can be found in the documentation.

Once you have News installed, the next challenge is to find interesting feeds to which you can subscribe. The news app will suggest several, but you can also find more on your own.

Nextcloud RSS Suggestions

It used to be pretty easy to find the feed URL. You would just look for the RSS icon and click on it for the link:

RSS Icon

But, again, when Reader died so did a lot of the interest in RSS and finding feed URLs more became difficult. I have links to feeds at the very bottom of the right sidebar of this blog, but you’d have to scroll down quite a way to find them.

But for WordPress sites, like this one, you just add “/feed” to the site URL, such as:

https://www.adventuresinoss.com/feed

There are also some browser plugins that are supposed to help identify RRS feed links, but I haven’t used any. You can also “view source” on a website of interest and search for “rss” and that may help out as well.

My main use of the News App is to keep up with news, and I follow four main news sites. I like the BBC for an international take on news, CNN for a domestic take, Slashdot for tech news and WRAL for local news.

Desktop Version of News App

Just for reference, the feed links are:

BBC: http://newsrss.bbc.co.uk/rss/newsonline_uk_edition/front_page/rss.xml

CNN: http://rss.cnn.com/rss/cnn_topstories.rss

Slashdot: http://rss.slashdot.org/slashdot/slashdotMain

WRAL: http://www.wral.com/news/rss/48/

This wouldn’t be as useful if you couldn’t access it on a mobile device. Of course, you can access it via a web browser, but there exist a number of phone apps for accessing your feeds in a native app.

Now to my knowledge Nextcloud the company doesn’t produce a News mobile app, so the available apps are provided by third parties. I put all of my personal information into Nextcloud, and since I’m paranoid I didn’t want to put my access credentials into those apps but I wanted the convenience of being able to read news anywhere I had a network connection. So I created a special “news” user just for News. You probably don’t need to do that but I wanted to plant the suggestion for those who think about such things.

On my iPhone I’ve been happy with CloudNews.

iPhone Version of CloudNews App

It sometimes gets out of sync and I end up having to read everything in the browser and re-sync in CloudNews, but for the most part it’s fine.

For Android the best app I’ve used is by David Luhmer. It’s available for a small fee in the Play Store and for free on F-Droid.

Like all useful software, you don’t realize how much you depend on it until it is gone, and in the few instances I’ve had problems with News I get very anxious as I don’t know what’s going on in the world. Luckily this has been rare, and I check my news feed many times during the day to the point that I probably have a personal problem. The mobile apps mean I can read news when I’m in line at the grocery store or waiting for an appointment. And the best part is that I know my interests are kept private as I control the data.

If you are interested, I sporadically update a number of blogs, and I aggregate them here. In a somewhat ironic twist, I can’t find a feed link for the “planet” page, so you’d need to add the individual blog feeds to your reader.

by Tarus at February 08, 2022 04:19 PM

January 31, 2022

Review: AT&T Cell Booster

Back in the mid-2000s I was a huge Apple fanboy, and I really, really, really wanted an iPhone. At that time it was only available from AT&T, and unfortunately the wireless coverage on that network is not very good where I live.

In 2008 a couple of things happened. Apple introduced the iPhone 3G, and AT&T introduced the 3G Microcell.

The 3G Microcell, technically a “femtocell“, is a small device that you can plug into your home network and it will leverage your Internet connection to augment wireless coverage in a small area (i.e. your house). With that I could get an iPhone and it would work at my house.

In February 3G service in the US will cease, and I thought I was going to have to do without a femtocell. Most modern phones support calling over WiFi now, but it just isn’t the same. For example, if I am trying to send an SMS and there is any signal at all from AT&T, my phone will try to use that network instead of the much stronger wireless network in my house. If I disable mobile access altogether, the SMS will send fine but then I can’t get phone calls reliably. (sigh)

I thought I was going to have to just deal with it when AT&T sent me a notice that they were going to replace my 3G Microcell with a new product called a Cell Booster.

Now a lot of people criticize AT&T for a number of good reasons, but lately they’ve really been hitting the whole “customer service” thing out of the park. The Cell Booster currently shows out of stock on their website with a cost of $229, but they sent me one for free.

AT&T Cell Booster Box

In a related story my mother-in-law, who is on our family plan, was using an older Pixel that was going to stop working with the end of 3G service (it was an LTE phone but doesn’t support “HD Voice” which is required to make calls). So AT&T send us a replacement Samsung S9. Pretty cool.

In any case the Cell Booster installation went pretty smoothly. I simply unplugged the existing 3G Microcell and plugged in the new device. The box included the Cell Booster, a GPS sensor, a power supply and an Ethernet cable. No other instructions outside of a QR code which will take you to the appropriate app store to download the necessary application to set it up.

The Booster requires a GPS lock, and they include a little “puck” connected to a fairly long wire that is supposed to allow one to get a signal even when the device is some distance away from a clear line of sight, such as away from windows. I just plugged it in to the back and left it next to the unit and it eventually got a signal, but it is also pretty much beneath a skylight.

In order to provision the Cell Booster you have to launch the mobile app and fill out a few pages of forms, which includes the serial number of the device. It has five lights on the front and while the power light came on immediately, it did take some time for the other lights, including “Internet” to come up. I assumed the Internet light would have turned on as soon as an IP address was assigned, but that wasn’t the case. It took nearly a half and hour for the first four lights to come on, and then another 15 minutes or so for the final “4G LTE” light to illuminate and the unit to start working. Almost immediately I got an SMS from AT&T saying the unit was active.

AT&T Cell Booster Lights

Speaking of IP addresses, I don’t like putting random devices on my LAN so I stuck this on my public network which only has Internet access (no LAN access). I ran nmap against it and there don’t appear to be any ports open. A traffic capture shows traffic between the Cell Booster and a 12.0.0.0 network address owned by AT&T.

I do like the fact that, unlike the 3G Microcell, you do not need to specify the phone number of the handsets that can use the Cell Booster. It claims to support up to 8 at a time, and while I haven’t had anyone over who is both on the AT&T network and also not on my plan, I’m assuming it will work for them as well (I used to have to manually add phone numbers of my guests to allow them to use the 3G device).

The Cell Booster is a rebranded Nokia SS2FII. One could probably buy one outside of AT&T but without being able to provision it I doubt it would work.

So far we’ve been real happy with the Cell Booster. Calls and SMS messages work just fine, if not better than before (I have no objective way to measure it, though, so it might just be bias). If you get one, just remember that it takes a really long time to start up that first time, but after you have all five lights you should be able to forget it’s there.

by Tarus at January 31, 2022 07:40 PM

January 26, 2022

Review: ProtonMail

I love e-mail. I know for many it is a bane, which has resulted in the rise of “inbox zero” and even the “#noemail” movement, but for me it is a great way to communicate.

I just went and looked, and the oldest e-mail currently in my system is from July of 1996. I used e-mail for over a decade before then, on school Unix systems and on BBS’s, but it wasn’t until the rise of IMAP in the 1990s that I was able to easily keep and move my messages from provider to provider.

That message from 1996 was off of my employer’s system. I didn’t have my own domain until two years later, in 1998, and I believe my friend Ben was the one to host my e-mail at the time.

When I started maintaining OpenNMS in 2002 I had a server at Rackspace that I was able to configure for mail. I believe the SMTP server was postfix but I can’t remember what the IMAP server was. I want to say it was dovecot but that really wasn’t available until later in 2002, so maybe UW IMAP? Cyrus was pretty big at the time but renown for being difficult to set up.

In any case I was always a little concerned about the security of my mail messages. Back then disks were not encrypted and even the mail transport was done in the clear (this was before SSL became ubiquitous), so when OpenNMS grew to the point where we had our own server room, I set up a server for “vanity domains” that anyone in the company could use to host their e-mail and websites, etc. At least I knew the disks were behind a locked door, and now that Ben worked with us he could continue to maintain the mail server, too. (grin)

Back then I tried to get my friends to use encrypted e-mail. Pretty Good Privacy (PGP) was available since the early 1990s, and MIT used to host plugins for Outlook, which at the time was the default e-mail client for most people. But many of them, including the technically minded, didn’t want to be bothered with setting up keys, etc. It wasn’t until later when open source really took off and mail clients like Thunderbird arrived (with the Enigmail plug-in) that encrypted e-mail became more common among my friends.

In 2019 the decision was made to sell the OpenNMS Group, and since I would no longer have control over the company (and its assets) I decided I needed to move my personal domains somewhere else. I really didn’t relish the idea of running my own mail server. Spam management was always a problem, and there were a number of new protocols to help secure e-mail that were kind of a pain to set up.

The default mail hosting option for most people is GMail. Now part of Google Workspace, for a nominal fee you can have Google host your mail, and get some added services as well.

I wasn’t happy with the thought of Google having access to my e-mail, so I looked for options. To me the best one was ProtonMail.

The servers for ProtonMail are hosted in Switzerland, a neutral country not beholden to either US or EU laws. They are privacy focused, with everything stored encrypted at rest and, when possible, encrypted in transport.

They have a free tier option that I used to try out the system. Now, as an “old”, I prefer desktop mail clients. I find them easiest to use and I can also bring all of my mail into one location, and I can move messages from one provider to another. The default way to access ProtonMail is through a web client, like GMail. Unlike GMail, ProtonMail doesn’t offer a way to directly access their services through SMTP or IMAP. Instead you have to install a piece of software called the ProtonMail Bridge that will create an encrypted tunnel between your desktop computer and their servers. You can then configure your desktop mail client to connect to “localhost” on a particular port and it will act as if it were directly connected to the remote mail server.

In my trial there were two shortcomings that immediately impacted me. As a mail power user, I use a lot of nested folders. ProtonMail does not allow you to nest folders. Second, I share some accounts with my spouse (i.e. we have a single Paypal account) and previously I was able to alias e-mail addresses to send to both of our user accounts. ProtonMail does not allow this.

For the latter I think it has to do with the fact that each mail address requires a separate key and their system must not make it easy to use two keys or to share a key. I’m not sure what the issue is with nested folders.

In any case, this wasn’t a huge deal. To overcome the nested folder issue I just added a prefix, i.e. “CORR” for “Correspondence” and “VND” for “Vendor”, to each mailbox, and then you can sort on name. And while we share a few accounts we don’t use them enough that we couldn’t just assign it to a particular user.


UPDATE: It turns out it is now possible to have nested folders, although it doesn’t quite work the way I would expect.

Say I want a folder called “Correspondence” and I want sub-folders for each of the people with whom I exchange e-mail. I tried the following:

So I have a folder named something like “CORR-Bill Gates”, but I’d rather have that nested under a folder entitled “Correspondence”. In my desktop mail client, if I create a folder called “Correspondence” and then drag the “CORR-Bill Gates” folder into it, I get a new folder titled “Correspondence/CORR-Bill Gates” which is not what I want.

However, I can log into the ProtonMail webUI and next to folders there is a little “+” sign.

Add Folder Menu Item
If I click on that I get a dialog that lets me add new folders, as well as to add them to a parent folder.

Add Folder Dialog Box

If I create a “Correspondence” folder with no parent via the webUI and then a “Bill Gates” folder, I can parent the “Bill Gates” folder to “Correspondence” and then the folders will show up and behave as I expect in my desktop e-mail client. Note that you can only nest two levels deep. In other words if I wanted a folder structure like:

Bills -> Taxes -> Federal -> 2021

It would fail to create, but

Bills -> Taxes -> 2021-Federal

will work.


After I was satisfied with ProtonMail, I ended up buying the “Visionary” package. I pay for it in two-year chunks and it runs US$20/month. This gives me ten domains and six users, with up to 50 e-mail aliases.

Domain set up was a breeze. Assuming you have access to your domain registrar (I’m a big fan of Namecheap) all you need to do is follow the little “wizard” that will step you through the DNS entries you need to make to point your domain to ProtonMail’s servers as well as to configure SPF, DKIM and DMARC. Allowing for the DNS to update, it can be done in a few minutes or it may take up to an hour.

I thought there would be a big issue with the 50 alias limit, as I set up separate e-mails for every vendor I use. But it turns out that you only need to have a alias if you want to send e-mail from that address. You can set up a “catch all” address that will take any incoming e-mail that doesn’t expressly match an alias and send it to a particular user. In my case I set up a specific “catchall@” address but it is not required.

You can also set up filters pretty easily. Here is an example of sending all e-mail sent to my “catchall” address to the “Catch All” folder.

require ["include", "environment", "variables", "relational", "comparator-i;ascii-numeric", "spamtest"];
require ["fileinto", "imap4flags"];

# Generated: Do not run this script on spam messages
if allof (environment :matches "vnd.proton.spam-threshold" "*", spamtest :value "ge" :comparator "i;ascii-numeric" "${1}") {
return;
}


/**
* @type and
* @comparator matches
*/
if allof (address :all :comparator "i;unicode-casemap" :matches ["Delivered-To"] "catchall@example.com") {
fileinto "Catch All";
}

I haven’t had the need to do anything more complicated but there are a number of examples you can build on. I had a vendor that kept sending me e-mail even though I had unsubscribed so I set up this filter:

require "reject";


if anyof (address :all :comparator "i;unicode-casemap" :is "From" ["noreply@petproconnect.com"]) {
reject "Please Delete My Account";
}

and, voilà, no more e-mail. I’ve also been happy with the ProtonMail spam detection. While it isn’t perfect it works well enough that I don’t have to deal with spam on a daily basis.

I’m up to five users and eight domains, so the Visionary plan is getting a little resource constrained, but I don’t see myself needing much more in the near future. Since I send a lot of e-mail to those other four users, I love the fact that our correspondence is automatically encrypted since all of the traffic stays on the ProtonMail servers.

As an added bonus, much of the ProtonMail software, including the iOS and Android clients, are available as open source.

While I’m very satisfied with ProtonMail, there have been a couple of negatives. As a high profile pro-privacy service it has been the target of a number of DDOS attacks. I have never experienced this problem but as these kinds of attacks get more sophisticated and more powerful, it is always a possibility. Proton has done a great job at mitigating possible impact and the last big attack was back in 2018.

Another issue is that since ProtonMail is in Switzerland, they are not above Swiss law. In a high profile case a French dissident who used ProtonMail was able to be tracked down via their IP address. Under Swiss law a service provider can be compelled to turn over such information if certain conditions are met. In order to make this more difficult, my ProtonMail subscription includes access to ProtonVPN, an easy to use VPN client that can be used to obfuscate a source IP, even from Proton.

They are also launching a number of services to better compete with GSuite, such as a calendar and ProtonDrive storage. I haven’t started using those yet but I may in the future.

In summary, if you are either tired of hosting your own mail or desire a more secure e-mail solution, I can recommend ProtonMail. I’ve been using it for a little over two years and expect to be using it for years to come.

by Tarus at January 26, 2022 12:55 PM

January 13, 2022

OpenNMS.js v2.4.1

This is just a rerelease to fix an issue with artifact generation in 2.4.0.

by RangerRick at January 13, 2022 02:43 PM

OpenNMS.js v2.4.0

This release includes a ton of dependency updates, as well as an enhancement to specify whether a remote OpenNMS system supports the newer, more efficient, query API for selecting resources.

by RangerRick at January 13, 2022 02:05 PM

OpenNMS.js v2.3.0

This release adds support for querying SNMP interfaces, monitored services, and outages.

by RangerRick at January 13, 2022 01:57 PM

August 23, 2021

OpenNMS.js v2.2.0

This release bumps a bunch of dependencies, plus it adds support for the api/v2/ipinterfaces API.

by RangerRick at August 23, 2021 09:03 PM

OpenNMS.js v2.1.1

This is a rerelease of 2.1.0 with a fix for documentation generation.

by RangerRick at August 23, 2021 09:03 PM

August 09, 2021

On Leaving OpenNMS

It is with mixed emotions that I am letting everyone know that I’m no longer associated with The OpenNMS Group.

Two years ago I was in a bad car accident. I suffered some major injuries which required 33 nights in the hospital, five surgeries and several months in physical therapy. What was surprising is that while I had always viewed myself as somewhat indispensable to the OpenNMS Project, it got along fine without me.

Also during this time, The OpenNMS Group was acquired. For fifteen years we had survived on the business plan of “spend less money than you earn”. While it ensured the longevity of the company and the project, it didn’t allow much room for us to pursue ideas because we had no way to fund them. We simply did not have the resources.

Since the acquisition, both the company and the project have grown substantially, and this was during a global pandemic. With OpenNMS in such a good place I began to think, for the first time in twenty years, about other options.

I started working with OpenNMS in September of 2001. I refer to my professional career before then as “Act I”, with my time at OpenNMS as “Act II”. I’m now ready to see what “Act III” has in store.

While I’m excited about the possibilities, I will miss working with the OpenNMS team. They are an amazing group of people, and it will be hard to replace the role they played in my life. I’m also eternally grateful to the OpenNMS Community, especially the guys in the Order of the Green Polo who kept the project alive when we were starting out. You are and always will be my friends.

When I was responsible for hiring at OpenNMS, I ended every offer letter with “Let’s go do great things”. I consider OpenNMS to be a “great thing” and I am eager to watch it thrive with its new investment, and I will always be proud of the small role I played in its success.

If you are doing great things and think I could contribute to your team, check out my profile on LinkedIn or Xing.

by Tarus at August 09, 2021 12:30 PM

June 16, 2021

Order of the Green Polo: Requiescat In Pace

One of the first “group chat” technologies I was ever exposed to was Internet Relay Chat (IRC). This allowed a group of people to get together in areas called “channels” to discuss pretty much anything they felt like discussing. The service had to be hosted somewhere, and for most open source projects that was Freenode.

You might have seen that recently Freenode was taken over by new management, and the policies this new management implemented didn’t sit well with most Freenode users. In the grand open source tradition, most everyone left and went to other IRC servers, most notably Libera Chat.

In May of 2002 when I became the sole maintainer of OpenNMS, there was exactly one person who was dedicated full time to the project – me. What kept me going was the community I found on IRC, in both the #opennms channel and the local Linux users group channel, #trilug.

It was the people on IRC who supported me until I could grow the business to the point of bringing on more people. I still have strong friendships with many of them.

I was reminded of those early days as we migrated #opennms to Libera Chat. At the moment there are only 12 members logged in, and most of those are olde skoool OpenNMS people. I haven’t used IRC much since we switched to Mattermost (we host a server at chat.opennms.com) and with it a “bridge” to bring IRC conversations into the main Mattermost channel. Most people moved to use Mattermost as their primary client, but of course there were a few holdouts (Hi Alex!).

While I was reminiscing, I was also reminded of the Order of the Green Polo (OGP). When David, Matt and I started The OpenNMS Group in 2004, interest in OpenNMS was growing, and there was a core of those folks on IRC who were very active in contributing to the project. I was trying to think of someway to recognize them.

At that time, business casual, at least for men, consisted of a polo shirt and khaki slacks. Vendors often gifted polo shirts with their logos/logotypes on them to clients, and a number of open source projects sold them to raise money. We sold a white one and a black one, and I thought, hey, perhaps I can pick another color and use that to identify the special contributors to OpenNMS.

Green has always been associated with OpenNMS. In network monitoring, green symbolizes that everything is awesome. We even named one of our professional services products the “Greenlight Project“. Plus I really like green as a color.

Then the question became “what shade of green?” For some reason I thought of Tiger Woods who, by this time, late 2004, had won the prestigious Masters golf tournament three times (and would again the next spring). The winner of that tournament gets a “hunter green” jacket, and so I decided that hunter green would be the color.

Also, for some unknown reason, I saw an article about a British knighthood called “The Order of the Garter“. I combined the two and thus “The Order of the Green Polo” was born.

It was awesome.

People who had been active in contributing to OpenNMS became even more active when I recognized them with the OGP honor. They contributed code and helped us with supporting our community, as well as adding a lot to the direction of the project. We started having annual developer conferences called “Dev-Jam” and OGP members got to attend for free so we could spend some face to face time with each other. I considered these men in the OGP to be my brothers.

As OpenNMS grew, we looked to the OGP for recruitment. It was through the OGP that Alejandro came to the US from Venezuela and now leads our support and services team (if OpenNMS went away tomorrow, getting him and his spouse here would have made it all worth it). When you hired an OGP member, you were basically paying them to do something they wanted to do for free. Think of is as like eating an ice cream sundae and finding money at the bottom.

But that growth was actually something that lead to the decline of the OGP. When we hired everyone that wanted a job with us, the role of the OGP declined. Dev-Jam was open to anyone, but it was mandatory for OpenNMS employees. Not all employees were OGP even though they were full-time contributors, so there was often pressure to induct new employees into the Order. And, most importantly, as we aged many OGP members moved on to other things. Hey, it happens, and it doesn’t reflect poorly on their past contributions.

We had a special mailing list for the OGP, but instead of discussing OpenNMS governance it basically became a “happy birthday” list (speaking of which, Happy Birthday Antonio!). When OpenNMS was acquired by NantHealth, we had to merge our mail systems and in the process the OGP list was deactivated. I don’t think many people noticed.

Recently it was brought to my attention that associating OpenNMS with the Masters golf tournament through the OGP could have negative connotations. The Masters is hosted by the Augusta National Golf Club and there have been controversies around their membership policies and views on race. It was suggested that we rename the OGP to something else.

One quick solution would be to just change the shade of green to, perhaps, a “stoplight” green. But this got me to thinking that the same logic used to associate the color with racism could apply to the whole “Order of” as well, since that was based on a British knighthood which, much like Augusta, is mainly all male. Plus the British don’t have the best track record when it comes to colonialism, etc.

I think it is time for something totally new, so I’ve decided to retire the Order of the Green Polo. The members of the OGP are all male, and I’m extremely excited that as we’ve grown our company and project we have been able to greatly improve our diversity, and I would love to come up with something that can embrace everyone who has a love of OpenNMS and wants to contribute to it, be that through code, documentation, the community, &tc.

OpenNMS has changed greatly over the past two decades, and it has become harder to contribute to a project that has grown exponentially in complexity. As part of my role as the Chief Evangelist of OpenNMS, I want to change that and come up with easier ways for people to improve the OpenNMS platform, and I need to come up with a new program to recognize those who contribute (and if you want to skip that part and get right to the job thingie, we’re hiring, but don’t skip that part).

To those of you who were in the Order of the Green Polo, thank you so much for helping us make OpenNMS what it is today. I’m not sure if it would exist without you. And even without the OGP mailing list, I plan to remember your birthdays.

by Tarus at June 16, 2021 04:02 PM

May 12, 2021

What’s Old Is New Again

Today we launched a new look for OpenNMS, a rebranding effort that has been going on for the better part of a year. It represents a lot more than just a new logo and new colors. While OpenNMS has been around for over two decades now, it is also quite different from when it started. A tremendous amount of work has gone into the project over the past couple of years, and if you looked at using it even just a short while ago you will be surprised at what has changed.

New OpenNMS Logo

One of the best analogies I can come up with to talk about the “new” OpenNMS concerns cars. I like cars, especially Mercedes, and when I was in college I usually drove an older Mercedes sedan. I enjoyed bringing them back to their former glory (and old, somewhat beaten down cars were all I could afford), and so I might start by redoing the brake system, overhauling the engine, etc.

When I would run out of money, which was often, sometimes I’d have to sell a car. Prospective buyers would often complain that the paint wasn’t perfect or there was an issue with the interior. I’d point out that you could hop in this car right now and drive it across the country and never worry about breaking down, but they seemed focused on how it looked. Cosmetics are usually the last thing you focus on during a restoration, but it tends to be the first thing people see.

This is very much like OpenNMS. For over a decade we’ve been focused on the internals of the platform, and luckily we are now in a position to focus on how it looks.

Please don’t misunderstand: application usability is important, much more important than, say, the paint job on a car, but in order to provide the best user experience we had to start by working under the hood.

For example, from the beginning OpenNMS has contained multiple “daemons” that control various aspects of the platform. Originally this was very monolithic, and thus any small change to one of them would often require restarting the whole application.

OpenNMS is now based on a Karaf runtime which provides a modular way of managing the various features within the application. It comes with a shell that can allow even non-Java programmers access to both high and low level parts of the platform, and to make changes without restarting the whole thing. Features can be enabled and disabled on the fly, and it is easy to test the behavior of OpenNMS against a particular device without having to set up a special test environment to pore through pages of logs.

Another great aspect of OpenNMS is that much of the internal messaging can now take place through a broker such as Kafka. While this increases the stability and flexibility of the platform, users can also create custom consumers for the huge amounts of information OpenNMS is able to collect. For very large networks this creates the option to use that data outside of the platform itself, giving end users a high level of custom observablity.

The monolithic nature of OpenNMS has also been improved. The addition of “Minions” to provide monitoring at the edge of the network creates numerous monitoring solutions where there was none before. You can now reach into isolated or private networks, or monitor the performance of applications from various locations seamlessly. The “Sentinel” project allows the various processes within OpenNMS to be spread out over multiple devices with the aim to have virtually unlimited scale.

APM Example World Map

And I haven’t even started on the ability of OpenNMS to monitor tremendous amounts of telemetry data and to analyze it with tools such as “Nephron” or our foray into artificial intelligence with ALEC.

So much has changed with OpenNMS, much of it recently, that it was time for that new coat of paint. It was time for people to both notice the new look of OpenNMS at the surface, and the new OpenNMS under the covers.

One thing that hasn’t changed is that OpenNMS is still 100% open source. All of these amazing features are available to anyone under an OSI approved open source license. Plus we leverage and integrate with best-in-class open source tools such as Grafana for visualization and Cassandra (using Newts) for storing time series data.

Our new logo is a stylized gyroscope. For centuries the gyroscope has represented a way to maintain orientation in the most chaotic of situations. In much the same way, OpenNMS helps you maintain the orientation of your IT infrastructure which, let’s admit it, plays a huge role in the success of your enterprise.

Where the car analogy falls apart is that while the paint job is usually the end of a restoration, this new look for OpenNMS is just the beginning of a new chapter in the history of the project. Our goal is to create a platform where monitoring just happens. We’re not there yet, but check out the latest OpenNMS and we hope you’ll agree we are getting closer.

by Tarus at May 12, 2021 03:46 PM

May 03, 2021

OpenNMS.js v2.1.0

This release adds support for some flow APIs coming in OpenNMS Horizon 28, as well as a documentation rework and tons of dependency updates.

by RangerRick at May 03, 2021 07:28 PM

February 25, 2021

OpenNMS Resources

Getting started with OpenNMS can be a little daunting, so I thought I’d group together some of the best places to start.

When OpenNMS began 20+ years ago, the main communication channel was a group of mailing lists. For real time interaction we added an “#opennms” IRC channel on Freenode as well. As new technology came along we eagerly adopted it: hosting forums, creating a FAQ with FAQ-o-matic, building a wiki, writing blogs, etc.

The problem became that we had too many resources. Many weren’t updated and thus might host obsolete information, and it was hard for new users to find what they wanted. So a couple of years ago we decided to focus on just two main places for community information.

We adopted Discourse to serve as our “asynchronous” communication platform. Hosted at opennms.discourse.group the goal is to migrate all of our information that used to reside on sites like FAQs and wikis to be in one place. In as much as our community has a group memory, this is it, and we try to keep the information on this site as up to date as possible. While there is still some information left in places like our wiki, the goal is to move it all to Discourse and thus it is a great place to start.

I also want to call your attention to “OpenNMS on the Horizon (OOH)”. This is a weekly update of everything OpenNMS, and it is a good way to keep up with all the work going on with the platform since a lot of the changes being made aren’t immediately obvious.

While we’ve been happy with Discourse, sometimes you just want to interact with someone in real time. For that we created chat.opennms.com. This is an instance of Mattermost that we host to provide a Slack-like experience for our community. It basically replaces the IRC channel, but there is also a bridge between IRC and MM so that posts are shared between the two. I am “sortova” on Mattermost.

When you create an account on our Mattermost instance you will be added to a channel called “Town Square”. Every Mattermost instance has to have a default channel, and this is ours. Note that we use Town Square as a social channel. People will post things that may be of interest to anyone with an interest in OpenNMS, usually something humorous. As I write this there are over 1300 people who have signed up on Town Square.

For OpenNMS questions you will want to join the channel “OpenNMS Discussion”. This is the main place to interact with our community, and as long as you ask smart questions you are likely to get help with any OpenNMS issues you are facing. The second most popular channel is “OpenNMS Development” for those interested in working with the code directly. The Minion and Compass applications also have their own channels.

Another channel is “Write the Docs”. Many years ago we decided to make documentation a key part of OpenNMS development. While I have never read any software documentation that couldn’t be improved, I am pretty proud of the work the documentation team has put into ours. Which brings me to yet another source of OpenNMS information: the official documentation.

Hosted at docs.opennms.org, our documentation is managed just like our application code. It is written in AsciiDoc and published using Antora. The documentation is versioned just like our Horizon releases, but usually whenever I need to look something up I go directly to the development branch. The admin guide tends to have the most useful information, but there are guides for other aspects of OpenNMS as well.

The one downside of our docs is that they tend to be more reference guides than “how-to” articles. I am hoping to correct that in the future but in the meantime I did create a series of “OpenNMS 101” videos on YouTube.

They mirror some of our in-person training classes, and while they are getting out of date I plan to update them real soon (we are in the process of getting ready for a new release with lots of changes so I don’t want to do them and have to re-do them soon after). Unfortunately YouTube doesn’t allow you to version videos so I’m going to have to figure out how to name them.

Speaking of changes, we document almost everything that changes in OpenNMS in our Jira instance at issues.opennms.org. Every code change that gets submitted should have a corresponding Jira issue, and it is also a place where our users can open bug reports and feature requests. As you might expect, if you need to open a bug report please be as detailed as possible. The first thing we will try to do is recreate it, so having information such as the version of OpenNMS you are running, what operating system you are using and other steps to cause the problem are welcome.

If you would like us to add a feature, you can add a Feature Request, and if you want us to improve an existing feature you can add an Enhancement Request. Note that I think you have to have an account to access some of the public issues on the system. We are working to remove that requirement as we wish to be as transparent as possible, but I don’t think we’ve been able to get it to work just yet. I just attempted to visit a random issue and it did load but it was missing a lot of information that shows up when I go to that link while authenticated, such as the left menu and the Git Integration. You will need an account to open or comment on issues. There is no charge to open an account, of course.

Speaking of git, there is one last resource I need to bring up: the code. We host our code on Github, and we’ve separated out many of our projects to make it easier to manage. The main OpenNMS application is under “opennms” (naturally) but other projects such as our machine learning feature, ALEC, have their own branch.

While it was not my intent to delve into all things git on this post, I did want to point out than in the top level directory of the “opennms” project we have two scripts, makerpm.sh and makedeb.sh that you can use to easily build your own OpenNMS packages. I have a video queued up to go over this in detail, but to build RPMs all you’ll need is a base CentOS/RHEL install, and the packages “git” (of course), “expect”, “rpm-build” and “rsync”. You’ll also need a Java 8 JDK. While we run on Java 11, at the moment we don’t build using it (if you check out the latest OOH you’ll see we are working on it). Then you can run makerpm.sh and watch the magic happen. Note the first build takes a long time because you have to download all of the maven dependencies, but subsequent builds should be faster.

To summarize:

For normal community interaction, start with Discourse and use Mattermost for real time interaction.

For reference, check out our documentation and our YouTube channel.

For code issues, look toward our Jira instance and our Github repository.

OpenNMS is a powerful monitoring platform with a steep learning curve, but we are here to help. Our community is pretty welcoming and hope to see you there soon.

by Tarus at February 25, 2021 07:22 PM

February 24, 2021

Open Source Contributor Agreements

I noticed a recent uptick in activity on Twitter about open source Contributor License Agreements (CLAs), mostly negative.

Twitter Post About CLAs

The above comment is from a friend of mine who has been involved in open source longer than I have, and whose opinions I respect. On this issue, however, I have to disagree.

This is definitely not the first time CLAs have been in the news. The first time I remember even hearing about them concerned MySQL. The MySQL CLA required a contributor to sign over ownership of any contribution to the project, which many thought was fine when they were independent, but started to raise some concerns when they were acquired by Sun and then Oracle. I think this latest resurgence is the result of Elastic deciding to change their license from an open source one to something more “open source adjacent”. This has caused a number of people take exception to this (note: link contains strong language).

As someone who doesn’t write much code, I think deciding to sign a CLA is up to the individual and may change from project to project. What I wanted to share is a story of why we at OpenNMS have a CLA and how we decided on one to adopt, in the hopes of explaining why a CLA can be a positive thing. I don’t think it will help with the frustrations some feel when a project changes the license out from under them, but I’m hoping it will shed some light on our reasons and thought processes.

OpenNMS was started in 1999 and I didn’t get involved until 2001 when I started work at Oculan, the commercial company behind the project. Oculan built a monitoring appliance based on OpenNMS, so while OpenNMS was offered under the GPLv2, the rest of their product had a proprietary license. They were able to do this because they owned 100% of the copyright to OpenNMS. In 2002 Oculan decided to no longer work on the project, and I was able to become the maintainer. Note that this didn’t mean that I “owned” the OpenNMS copyright. Oculan still owned the copyright but due to the terms of the license I (as well as anyone else) was free to make derivative works as long as those works adhered to the license. While the project owned the copyright to all the changes made since I took it over, there was no one copyright holder for the project as a whole.

This is fine, right? It’s open source and so everything is awesome.

Fast forward several years and we became aware of a company, funded by VCs out of Silicon Valley, that was using OpenNMS in violation of the license as a base on which to build a proprietary software application.

I can’t really express how powerless we felt about this. At the time there were, I think, five people working full time on OpenNMS. The other company had millions in VC money while we were adhering to our business model of “spend less than you earn”. We had almost no money for lawyers, and without the involvement of lawyers this wasn’t going to get resolved. One thing you learn is that while those of us in the open source world care a lot about licenses, the world at large does not. And since OpenNMS was backed by a for-profit company, there was no one to help us but ourselves (there are some limited options for license enforcement available to non-profit organizations).

We did decide to retain the services of a law firm, who immediately warned us how much “discovery” could cost. Discovery is the process of obtaining evidence in a possible lawsuit. This is one way a larger firm can fend off the legal challenges of a smaller firm – simply outspend them. It made use pretty anxious.

Once our law firm contacted the other company, the reply was that if they were using OpenNMS code, they were only using the Oculan code and thus we had no standing to bring a copyright lawsuit against them.

Now we knew this wasn’t true, because the main reason we knew this company was using OpenNMS was that a disgruntled previous employee told us about it. They alleged that this company had told their engineers to follow OpenNMS commits and integrate our changes into their product. But since much of the code was still part of the original Oculan code base, it made our job much more difficult.

One option we had was to get with Oculan and jointly pursue a remedy against this company. The problem was that Oculan went out of business in 2004, and it took us awhile to find out that the intellectual property had ended up Raritan. We were able to work with Raritan once we found this out, but by this time the other company also went out of business, pretty much ending the matter.

As part of our deal with Raritan, OpenNMS was able to purchase the copyright to the OpenNMS code once owned by Oculan, granting Raritan an unlimited license to continue to use the parts of the code they had in their products. It wasn’t cheap and involved both myself and my business partner using the equity in our homes to guarantee a loan to cover the purchase, but for the first time in years most of the OpenNMS copyright was held by one organization.

This process made us think long and hard about managing copyright moving forward. While we didn’t have thousands of contributors like some projects, the number of contributors we did have was non-trivial, and we had no CLA in place. The main question was: if we were going to adopt a CLA, what should it look like? I didn’t like the idea of asking for complete ownership of contributions, as OpenNMS is a platform and while someone might want to contribute, say, a monitor to OpenNMS, they shouldn’t be prevented from contributing a similar monitor to Icinga or Zabbix.

So we asked our our community, and a person named DJ Gregor suggested we adopt the Sun (now Oracle) Contributor Agreement. This agreement introduced the idea of “dual copyright”. Basically, the contributor keeps ownership of their work but grants copyright to the project as well. This was a pretty new idea at the time but seems to be common now. If you look at CLAs for, say, Microsoft and even Elastic, you’ll see similar language, although it is more likely worded as a “copyright grant” or something other than “dual copyright”.

This idea was favorable to our community, so we adopted it as the “OpenNMS Contributor Agreement” (OCA). Now the hard work began. While most of our active contributors were able to sign the OCA, what about the inactive ones? With a project as old as OpenNMS there are a number of people who had been involved in the project but due to either other interests or changing priorities they were no longer active. I remember going through all the contributions in our code base and systematically hunting down every contributor, no matter how small, and asking them to sign the OCA. They all did, which was nice, but it wasn’t an easy task. I can remember the e-mail of one contributor bounced and I finally hunted them down in Ireland via LinkedIn.

Now a lot of the focus of CLAs is around code ownership, but there is a second, often more important part. Most CLAs ask the contributor to affirm that they actually own the changes they are contributing. This may seem trivial, but I think it is important. Sure, a contributor can lie and if it turns out they contributed something they really didn’t own the project is still responsible for dealing with that code, but there are a number of studies that have shown that simply reminding someone about a moral obligation goes a long way to reinforce ethical behavior. When someone decides to sign a CLA with such a clause it will at least make them think about it and reaffirm that their work is their own. If a project doesn’t want to ask for a copyright assignment or grant, they should at least ask for something like this.

While the initial process was pretty manual, currently managing the OCAs is pretty automated. When someone makes a pull request on our Github project, it will check to see if they have signed the OCA and if not, send them to the agreement.

The fact that the copyright was under one organization came in handy when we changed the license. One of my favorite business models for open source software is paid hosting, and I often refer to WordPress as an example. WordPress is dead simple to install, but it does require that you have your own server, understand setting up a database, etc. If you don’t want to do that, you can pay WordPress a fee and they’ll host the product for you. It’s a way to stay pure open source yet generate revenue.

But what happens if you work on an open source project and a much bigger, much better funded company just takes your project and hosts it? I believe one of the issues facing Elastic was that Amazon was monetizing their work and they didn’t like it. Open source software is governed mainly by copyright law and if you don’t distribute a “copy” then copyright doesn’t apply. Many lawyers would claim that if I give you access to open source software via a website or an API then I’m not giving you a copy.

We dealt with this at OpenNMS, and as usual we asked our community for advice. Once again I think it was DJ who suggested we change our license to the Affero GPL (AGPLv3) which specifically extends the requirement to offer access to the code even if you only offer it as a hosted service. We were able to make this change easily because the copyright was held by one entity. Can you imagine if we had to track down every contributor over 15+ years? What if a contributor dies? Does a project have to deal with their estate or do they have to remove the contribution? It’s not easy. If there is no copyright assignment, a CLA should at least include detailed contact information in case the contributor needs to be reached in the future.

Finally, remember that open source is open source. Don’t like the AGPLv3? Well you are free to fork the last OpenNMS GPLv2 release and improve it from there. Don’t like what Elastic did with their license? Feel free to fork it.

You might have detected a theme here. We relied heavily on our community in making these decisions. The OpenNMS Group, as stewards of the OpenNMS Project, takes seriously the responsibilities to preserve the open source nature of OpenNMS, and I like to think that has earned us some trust. Having a CLA in place addresses some real business needs, and while I can understand people feeling betrayed at the actions of some companies, ultimately the choice is yours as to whether or not the benefits of being involved in a particular project outweigh the requirement to sign a contributor agreement.

by Tarus at February 24, 2021 04:41 PM

February 23, 2021

The Server Room Show Podcast

A couple of weeks ago I had the pleasure to chat with Viktor Madarasz on “The Server Room Show” podcast.

The Server Room Podcast Graphic

Viktor is an IT professional with a strong interest in open source, and we had a fun and meandering conversation covering a number of topics. As usual, I talked to much so he ended up splitting our conversation across two episodes.

You can visit his website for links to the podcast from a large variety of podcast sources, or you can listen on Youtube to part one and part two.

It was fun, and I hope to be able to chat again sometime in the future.

Note: Viktor is originally from Hungary, as was my grandfather. I tried to make getting some Túró Rudi part of my appearing on the show, but unfortunately we haven’t figured out how to get it outside of Hungary, and we all know that I’d talk about open source for free pretty much any time and any place.

by Tarus at February 23, 2021 04:05 PM

February 22, 2021

Thoughts on Security and Open Source Software

Due to the recent supply-chain attack on Solarwinds products, I wanted to put down a few thoughts on the role of open source software and security. It is kind of a rambling post and I’ll probably lose all three of my readers by the end, but I found it interesting to think about how we got here in the first place.

I got my first computer, a TRS-80, as a Christmas present in 1978 from my parents.

Tarus and his TRS-80

As far as I know, these are the only known pictures of it, lifted from my high school yearbook.

Now, I know what you are thinking: Dude, looking that good how did you find the time off your social calendar to play with computers? Listen, if you love something, you make the time.

(grin)

Unlike today, I pretty much knew about all of the software that ran on that system. This was before “open source” (and before a lot of things) but since the most common programming language was BASIC, the main way to get software was to type in the program listing from a magazine or book. Thus it was “source available” at least, and that’s how I learned to type as well as being introduced to the “syntax error”. That cassette deck in the picture was the original way to store and retrieve programs, but if you were willing to spend about the same amount as the computer cost you could buy an external floppy drive. The very first program I bought on a floppy was from this little company called Microsoft, and it was their version of the Colossal Cave Adventure. Being Microsoft it came on a specially formatted floppy that tried to prevent access to the code or the ability to copy it.

And that was pretty much the way of the future, with huge fortunes being built on proprietary software. But still, for the most part you were aware of what was running on your particular system. You could trust the software that ran on your system as much as your could trust the company providing it.

Then along comes the Internet, the World Wide Web and browsers. At first, browsers didn’t do much dynamically. They would reach out and return static content, but then people started to want more from their browsing experience and along came Java applets, Flash and JavaScript. Now when you visit a website it can be hard to tell if you are getting tonight’s television listings or unknowingly mining Bitcoin. You are no longer in charge of the software that you run on your computer, and that can make it hard to make judgements about security.

I run a number of browsers on my computer but my default is Firefox. Firefox has a cool plugin called NoScript (and there are probably similar solutions for other browsers). NoScript is an extension that lets the user choose what JavaScript code is executed by the browser when visiting a page. A word of warning: the moment you install NoScript, you will break the Internet until you allow at least some JavaScript to run. It is rare to visit a site without JavaScript, and with NoScript I can audit what gets executed. I especially like this for visiting sensitive sites like banks or my health insurance provider.

Speaking of which, I just filed a grievance with Anthem. We recently switched health insurance companies and I noticed that when I go to the login page they are sending information to companies like Google, Microsoft (bing.com) and Facebook. Why?

Blocked JavaScript on the Anthem Website

I pretty much know the reason. Anthem didn’t build their own website, they probably hired a marketing company to do it, or at least part of it, and that’s just the way things are done, now. You send information to those sites in order to get analytics on who is visiting your site, and while I’m fine with it when I’m thinking about buying a car, I am not okay with it coming from my insurance company or my bank. There are certain laws governing such privacy, with more coming every day, and there are consequences for violating it. They are supposed to get back to me in 30 days to let me know what they are sending, and if it is personal information, even if it is just an IP Address, it could be a violation.

I bring this up in part to complain but mainly to illustrate how hard it is to be “secure” with modern software. You would think you could trust a well known insurance company to know better, but it looks like you can’t.

Which brings us back to Solarwinds.

Full disclosure: I am heavily involved in the open source network monitoring platform OpenNMS. While we don’t compete head to head with Solarwinds products (our platform is designed for people with at least a moderate amount of skill with using enterprise software while Solarwinds is more “pointy-clicky”) we have had a number of former Solarwinds users switch to our solution so we can be considered competitors in that fashion. I don’t believe we have ever lost a deal to Solarwinds, at least one in which our sales team was involved.

Now, I wouldn’t wish what happened to Solarwinds on my worst enemy, especially since the exploit impacted a large number of US Government sites and that does affect me personally. But I have to point out the irony of a company known for criticizing open source software, specifically on security, to let this happen to their product. Take this post from on of their forums. While I wasn’t able to find out if the author worked at Solarwinds or not, they compare open source to “eating from a dirty fork”.

Seriously.

But is open source really more secure? Yes, but in order to explain that I have to talk about types of security issues.

Security issues can be divided into “unintentional”, i.e. bugs, and “intentional”, someone actively trying to manipulate the software. While all software but the most simple suffers from bugs, what happened to the Solarwinds supply chain was definitely intentional.

When it comes to unintentional security issues, the main argument against open source is that since the code is available to anyone, a bad actor could exploit a security weakness and no one would know. They don’t have to tell anyone about it. There is some validity to the argument but in my experience security issues in open source code tend to be found by conscientious people who duly report them. Even with OpenNMS we have had our share of issues, and I’d like to talk about two of them.

The first comes from back in 2015, and it involved a Java serialization bug in the Apache commons library. The affected library was in use by a large number of applications, but it turns out OpenNMS was used as a reference to demonstrate the exploit. While there was nothing funny about a remote code execution vulnerability, I did find it amusing that they discovered it with OpenNMS running on Windows. Yes, you can get OpenNMS to run on Windows, but it is definitely not easy so I have to admire them for getting it to work.

I really didn’t admire them for releasing the issue without contacting us first. Sending an email to “security” at “opennms.org” gets seen by a lot of people and we take security extremely seriously. We immediately issued a work around (which was to make sure the firewall blocked the port that allowed the exploit) and implemented the upgraded library when it became available. One reason we didn’t see it previously is that most OpenNMS users tend to run it on Linux and it is just a good security practice to block all but needed ports via the firewall.

The second one is more recent. A researcher found a JEXL vulnerability in Newts, which is a time series database project we maintain. They reached out to us first, and not only did we realize that the issue was present in Newts, it was also present in OpenNMS. The development team rapidly released a fix and we did a full disclosure, giving due credit to the reporter.

In my experience that is the more common case within open source. Someone finds the issue, either through experimentation or by examining the code, they communicate it to the maintainers and it gets fixed. The issue is then communicated to the community at large. I believe that is the main reason open source is more secure than closed source.

With respect to proprietary software, it doesn’t appear that having the code hidden really helps. I was unable to find a comprehensive list of zero-day Windows exploits but there seem to be a lot of them. I don’t mean to imply that Windows is exceptionally buggy but it is a common and huge application and that complexity lends itself to bugs. Also, I’m not sure if the code is truly hidden. I’m certain that someone, somewhere, outside of Microsoft has a copy of at least some of the code. Since that code isn’t freely available, they probably have it for less than noble reasons, and one can not expect any security issues they find to be reported in order to be fixed.

There seems to be this misunderstanding that proprietary code must somehow be “better” than open source code. Trust me, in my day I’ve seen some seriously crappy code sold at high prices under the banner of proprietary enterprise software. I knew of one company that wrote up a bunch of fancy bash scripts (not that there is anything wrong with fancy bash scripts) and then distributed them encrypted. The product shipped with a compiled program that would spawn a shell, decrypt the script, execute it and then kill the shell.

Also, at OpenNMS we rely heavily on unit tests. When a feature is developed the person writing the code also creates code to “test” the feature to make sure it works. When we compile OpenNMS the tests are run to make sure the changes being made didn’t break anything that used to work. Currently we have over 8000 of these tests. I was talking to a person about this who worked for a proprietary software company and he said, “oh, we tried that, but it was too hard.”

Finally, I want to get back to that other type of security issue, the “intentional” one. To my understanding, someone was able to get access to the servers that built and distributed Solarwinds products, and they added in malware that let them compromise target networks when they upgraded their applications. Any way you look at it, it was just sloppy security, but I think the reason it went on for so long undetected is that the whole proprietary process for distributing the software was limited to so few people it was easy to miss. These kind of attacks happen in open source projects, too, they just get caught much faster.

That is the beauty of being able to see the code. You have the choice to build your own packages if you want, and you can examine code changes to your hearts content.

We host OpenNMS at Github. If you check out the code you could run something like:

git tag --list

to see a list of release tags. As I write this the latest released version of Horizon is 26.0.1. To see what changed from 26.0.0 I can run

git log --no-merges opennms-26.0.0-1 opennms-26.0.1-1

If you want, there is even a script to run a “release report” which will give you all of the Jira issues referenced between the two versions:

git-release-report opennms-26.0.0-1 opennms-26.0.1-1

While that doesn’t guarantee the lack of malicious code, it does put the control back into your hands and the hands of many others. If something did manage to slip in, I’m sure we’d catch it long before it got released to our users.

Security is not easy, and as with many hard things the burden is eased the more people who help out. In general open source software is just naturally better at this than proprietary software.

There are only a few people on this planet who have the knowledge to review every line of code on a modern computer and understand it, and that is with the most basic software installed. You have to trust someone and for my peace of mind nothing beats the open source community and the software they create.

by Tarus at February 22, 2021 02:15 PM

April 13, 2020

OpenNMS.js v2.0.2

Just a small bugfix release to facilitate OpenNMS Helm fixes.

Bug Fixes

  • rest: fix response type handling in grafana 6.7 (HELM-232) (874cd80)

by RangerRick at April 13, 2020 09:17 PM

March 30, 2020

It Was Twenty Years Ago Today …

On March 30th, 2000, the OpenNMS Project was registered on Sourceforge. While the project actually started sometime in the summer of 1999, this was the first time OpenNMS code had been made public so we’ve always treated this day as the birth date of the OpenNMS project.

Wow.

OpenNMS Entry on Sourceforge

Now I wasn’t around back then. I didn’t join the project until September of 2001. When I took over the project in May of 2002 I didn’t really think I could keep it alive for twenty years.

Seriously. I wasn’t then nor am I now a Java programmer. I just had a feeling that there was something of value in OpenNMS, something worth saving, and I was willing to give it a shot. Now OpenNMS is considered indispensable at some of the world’s largest companies, and we are undergoing a period of explosive growth and change that should cement the future of OpenNMS for another twenty years.

What really kept OpenNMS alive was its community. In the beginning, when I was working from home using a slow satellite connection, OpenNMS was kept alive by people on the IRC channel, people like DJ and Mike who are still involved in the project today. A year or so later I was able to convince my business partner and good friend David to join me, and together we recruited a real Java programmer in Matt. Matt is no longer involved in the project (people leaving your project is one of the hardest things to get used to in open source) but his contributions in those early days were important. Several years after that we were joined by Ben and Jeff, who are still with us today, and through slow and steady steps the company grew alongside the project. They were followed by even more amazing people that make up the team today (I really want to name every single one of them but I’m afraid I’ll miss one and they’ll be rightfully upset).

I can’t really downplay enough my lack of responsibility for the success of OpenNMS. My only talent is getting amazing people to work with me, and then I just try to remove any obstacles that get in their way. I get some recognition as “The Mouth of OpenNMS” but most of the time I just stand on the shoulders of giants and enjoy the view.

by Tarus at March 30, 2020 09:03 PM

January 23, 2020

Once Again Into the Breach – Back with Apple

After almost a decade since my divorce from Apple, I find myself back with the brand, and it is all due to the stupid watch.

TL;DR: As a proponent of free software, I grouse at the “walled garden” approach Apple takes with its products, but after a long time of not using their products I find myself back in, mainly because free software missed the boat on mobile.

Back in 2011, I stopped using Apple products. This was for a variety of reasons, and for the most part I found that I could do quite well with open source alternatives.

My operating system of choice became Linux Mint. The desktop environment, Cinnamon, allowed me to get things done without getting in the way, and the Ubuntu base allowed me to easily interact with all my hardware. I got rid of my iMac and bought a workstation from System 76, and for a time things were good.

I sold my iPhone and bought an Android phone which was easier to interact with using Linux. While I didn’t have quite all of the functionality I had before, I had more than enough to do the things I needed to do.

But then I started to have issues with the privacy of my Android phone. I came across a page which displayed all of the data Google was collecting on me, which included every call, every text and every application I opened and how long I used it. Plus the stock Google phones started to ship with all of the Google Apps, many of which I didn’t use and they just took up space. While the base operating system of Android, the Android Open Source Project (AOSP), is open source, much of the software on a stock Android phone is very proprietary, with questionable motives behind gathering all of that data.

Then I started playing with different Android operating systems known as “Custom ROMs”. Since I was frequently installing the operating system on my phone I finally figured out that when Google asks “Would you like to improve your Android experience?”, and you say “yes”, that is when they start the heavy data collection. Opt-out and the phone still works, but even basic functionality such as storing your recent location searches in Google Maps goes away. Want to be able to go to a previous destination with one click? Give them all yer infos.

The Custom ROM world is a little odd. While there is nothing wrong with using software projects run by hobbyists, the level of support can be spotty at best. ROMs that at one time were heavily supported can quickly go quiet as maintainers get other interests or other handsets. For a long time I used OmniROM with a minimal install of Google Apps (with the “do not improve my Android experience” option) and it even worked with my Android Wear smartwatch from LG.

I really liked my smartwatch. It reminded me of when we started using two monitors with our desktops. Having things like notifications show up on my wrist was a lot easier to deal with than having to pull out and unlock my phone.

But all good things must come to an end. When Android Wear 2.0 came out they nerfed a lot of the functionality, requiring Android Assistant for even the most basic tasks (which of course requires the “improved” Android experience). I contacted LG and it wasn’t possible to downgrade, so I stopped wearing the watch.

Things got a little better when I discovered the CopperheadOS project. This was an effort out of Canada to create a highly secure handset based on AOSP. It was not possible (or at least very difficult) to install Google Apps on the device, so I ended up using free software from the F-Droid repository. For those times when I really needed a proprietary app I carried a second phone running stock Android. Clunky, I know, but I made it work.

Then CopperheadOS somewhat imploded. The technical lead on the project grew unhappy with the direction it was going and left in a dramatic fashion. I tried to explore other ROMs after that, but grew frustrated in that they didn’t “just work” like Copperhead did.

So I bought an iPhone X.

Apple had started to position themselves as a privacy focused company. While they still don’t encrypt information in iCloud, I use iCloud minimally so it isn’t that important to me. It didn’t take me too long to get used to iOS again, and I got an Apple Watch 3 to replace my no longer used Android Wear watch.

This was about the time the GDPR was passed in the EU, and in order to meet the disclosure requirements Apple set up a website where you could request all of the personal data they collected on you. Now I have been a modern Apple user since February of 2003 when I ordered a 12-inch Powerbook, so I expected it to be quite large.

It was 5MB, compressed.

The majority of that was a big JSON file with my health data collected from the watch. While I’m not happy that this data could be made available to third parties as it isn’t encrypted, it is a compromise I’m willing to make in order to have some health data. Now that Fitbit is owned by Google I feel way more secure with Apple holding on to it (plus I have no current plans to commit a murder).

The Apple Watch also supports contactless payments through Apple Pay. I was surprised at how addicted I became to the ease of paying for things with the watch. I was buying some medication for my dog when I noticed their unit took Apple Pay, and the vet came by and asked “Did you just Star Trek my cash register?”.

Heh.

For many months I pretty much got by with using my iPhone and Apple Watch while still using open source for everything else. Then in July of last year I was involved in a bad car accident.

In kind of an ironic twist, at the time of the accident I was back to carrying two phones. The GrapheneOS project was created by one of the founders of Copperhead and I was once again thinking of ditching my iPhone.

I spent 33 nights in the hospital, and during that time I grew very attached to my iPhone and Watch. Since I was in a C-collar it made using a laptop difficult, so I ended up interacting with the outside world via my phone. Since I slept off and on most of the day, it was nice to get alerts on my watch that I could examine with a glance and either deal with or ignore and go back to sleep.

This level of integration made me wonder how things worked now on OSX, so I started playing with a Macbook we had in the office. I liked it so much I bought an iMac, and now I’m pretty much neck deep back in the Apple ecosystem.

The first thing I discovered is that there is a ton of open source software available on OSX, and I mainly access it through the Homebrew project. For example, I recently needed the Linux “watch” command and it wasn’t available on OSX. I simply typed “brew install watch” and had it within seconds.

The next major thing that changed for me was how integrated all my devices became. I was used to my Linux desktop not interacting with my phone, or my Kodi media server being separate from my smartwatch. I didn’t realize how convenient a higher level of integration could be.

For example, for Christmas I got an Apple TV. Last night we were watching Netflix through that device and when I picked up my iPhone I noticed that I could control the playback and see information such as time elapsed and time remaining for the program. This happened automatically without the need for me to configure anything. Also, if I have to enter in text, etc. on the Apple TV, I can use the iPhone as a keyboard.

I’ve even started to get into a little bit of home automation. I bought a “smart” outlet controller that works with Homekit. Now I don’t have the “Internet of Things”, instead I have the “LAN of Things” as I block Internet access for most of my IoT-type things such as cameras. Since the Apple TV acts as a hub I can still remotely control my devices even though I can’t reach them via the Internet. All of the interaction occurs through my iCloud account, so I don’t even have to poke a hole in my firewall. I can control this device from any of my computers, my iPhone or even my watch.

It’s pretty cool.

It really sucks that the free and open source community missed the boat on mobile. The flagship mobile open source project is AOSP, and that it heavily controlled by Google. While some brave projects are producing Linux-based phones, they have a long way to go to catch up with the two main consumer options: Apple and Google. For my piece of mind I’m going with Apple.

There are a couple of things Tim Cook could do to ease my conscience about my use of Apple products. The first would be to allow us the option of having greater control of the software we install on iOS. I would like to be able to install software outside of the App Store without having to jailbreak my device. The second would be to enable encryption on all the data stored in iCloud so that it can’t be accessed by any other party than the account holder. If they are truly serious about privacy it is the logical next step. I would assume the pressure from the government will be great to prevent that, but no other company is in a better position to defy them and do it anyway.

by Tarus at January 23, 2020 05:43 PM

October 25, 2019

OpenNMS.js v2.0.1

This is a small release with some dependency updates and a fix for handling of ReST data that is missing a response.

  • dao: handle .fromData when data is undefined (JS-45) (efe6858)
  • dao: warn if lastEvent is missing on an alarm (JS-45) (e4af27d)

by RangerRick at October 25, 2019 07:51 PM

September 30, 2019

OpenNMS.js v2.0.0

OpenNMS.js 2.0 adds a few new APIs, contains a ton of refactoring and build system updates, and has a number of breaking changes.

Notable Changes:

  • updated CLI libraries to fix/improve table output
  • better, faster build system to improve generated code
  • improved handling of authentication in HTTP implementations
  • support for HEAD requests has been added to the HTTP implementations
  • a number of metadata objects (notably OnmsServer) support .equals() for comparison now
  • property caching on v2 API calls is fixed when interacting with multiple servers/DAOs
  • filter API now supports orderBy and order (and the alarms CLI list command supports it)
  • HTTP parameters in OnmsHTTPOptions can now have multiple values -- for example a parameter with value [ 1, 2 ] will serialize to &foo=1&foo=2

Breaking Changes:

  • The api/Log module now only exports a single, simplified log object; typescript-logging was overly complicated and not really adding much in the way of value. Use .setDebug(), .setQuiet(), and .setSilent() to change the logging level instead.
  • A number of the TypeScript APIs have been clarified to be explicitly nullable (and/or undefined-able) to make strict null- and type-checking validation pass.
  • PropertiesCache and its associated interface, ISearchPropertyAccessor are gone. This only affects you if you have implemented custom DAOs, which is very unlikely. :)
  • The previously deprecated timeout property in AbstractHTTP (and sub-classes) has been removed. Access the AbstractHTTP.options.timeout property directly.
  • The Client no longer keeps a separate copy of the server object. Instead you should access the http.server sub-property directly.
  • A number of API objects are now immutable/read-only to reduce side-effects: OnmsAuthConfig, OnmsEnum, OnmsError, OnmsHTTPOptions, OnmsResult, OnmsServer, Operator, SearchPropertyType, ServerMetadata, TicketerConfig.
    The OnmsHTTPOptions and OnmsServer objects now have builders (use .newBuilder() to create) rather than constructors with a bunch of arguments.
  • The id property on OnmsServer is no longer generated, it is computed based on the contents of the server object and should be repeatably equal if the contents are equal.

by RangerRick at September 30, 2019 08:33 PM

A Low Bandwidth Camera Solution

My neighbor recently asked me for advice on security cameras. Lately when anyone asks me for tech recommendations, I just send them to The Wirecutter. However, in this case their suggestions won’t work because every option they recommend requires decent Internet access.

I live on a 21 acre farm 10 miles from the nearest gas station. I love where I live but it does suffer from a lack of Internet access options. Basically, there is satellite, which is slow, expensive and with high latency, or Centurylink DSL. I have the latter and get to bask in 10 Mbps down and about 750 Kbps up.

Envy me.

Unfortunately, with limited upstream all of The Wirecutter’s options are out. I found a bandwidth calculator that estimates a 1 megapixel camera encoding video using H.264 at 24 fps in low quality would still require nearly 2 Mbps and over 5 Mbps for high quality. Just not gonna happen with a 750 Kbps circuit. In addition, I have issues sending video to some third party server. Sure, it is easy but I’m not comfortable with it.

I get around this by using an application called Surveillance Station that is included on my Synology DS415+. Surveillance Station supports a huge number of camera manufacturers and all of the information is stored locally, so no need to send information to “the cloud”. There is also an available mobile application called DS-cam that can allow you to access your live cameras and recordings remotely. Due the the aforementioned bandwidth limitations, it isn’t a great experience on DSL but it can be useful. I use it, for example, to see if a package I’m expecting has been delivered.

DS-Cam Camera App

[DS-Cam showing the current view of my driveway. Note the recording underneath the main window where you can see the red truck of the HVAC repair people leaving]

Surveillance Station is not free software, and you only get two cameras included with the application. If you want more there is a pretty hefty license fee. Still, it was useful enough to me that I paid it in order to have two more cameras on my system (for a total of four).

I have the cameras set to record on motion, and it will store up to 10GB of video, per camera, on the Synology. For cameras that stay inside I’m partial to D-Link devices, but for outdoor cameras I use Wansview mainly due to price. Since these types of devices have been known to be easily hackable, they are only accessible on my LAN (the “LAN of things”) and as an added measure I set up firewall rules to block them from accessing the Internet unless I expressly allow it (mainly for software updates).

To access Surveillance Station remotely, you can map the port on the Synology to an external port on your router and the communication can be encrypted using SSL. No matter how many cameras you have you only need to open the one port.

The main thing that prevented me from recommending my solution to my neighbor is that the DS415+ loaded with four drives was not inexpensive. But then it dawned on me that Synology has a number of smaller products that still support Surveillance View. He could get one of those plus a camera like the Wansview for a little more than one of the cameras recommended by The Wirecutter.

The bargain basement choice would be the Synology DS118. It cost less than $200 and would still require a hard drive. I use WD RED drives which run around $50 for 1TB and $100 for 4TB. Throw in a $50 camera and you are looking at about $300 for a one camera solution.

However, if you are going to get a Synology I would strongly recommend at least a 2-bay device, like the DS218. It’s about $70 more than the DS118 and you also would need to get another hard drive, but now you will have a Network Attached Storage (NAS) solution in addition to security cameras. I’ve been extremely happy with my DS415+ and I use it to centralize all of my music, video and other data across all my devices. With two drives you can suffer the loss of one of them and still protect your data.

I won’t go in to all of the features the Synology offers, but I’m happy with my purchase and only use just a few of them.

It’s a shame that there isn’t an easy camera option that doesn’t involve sending your data off to a third party. Not only does that solution not work for a large number of people, you can never be certain what the camera vendor is going to do with your video. This solution, while not cheap, does add the usefulness of a NAS with the value of security cameras, and is worth considering if you need such things.

by Tarus at September 30, 2019 06:00 PM

September 01, 2019

The OpenNMS Group Turns 15

Fifteen years ago today, on September 1, 2004, David Hustace, Matt Brozowski and I formed The OpenNMS Group, Inc.

This was the fourth business entity to steward the OpenNMS Project, and would turn out to be the one with staying power.

The original OpenNMS Group office was in a single 10 foot by 15 foot room with just enough space for three desks. The landlord provided Internet access. By adopting the business plan of “spend less money than you earn” we managed to survive and grow. Now the company has its main office in Apex, NC, USA as well as one in Ottawa, Ontario, CA, with a satellite office in Germany.

The OpenNMS platform is being used to monitor some of the largest networks in existence, many with millions of devices. With the introduction of ALEC the team is bringing artificial intelligence and machine learning technologies to network monitoring to provide the highest level of visibility to the most complex environments.

OpenNMS has always been lucky to have a wonderful community of users, contributors and customers. With their support the next fifteen years should be as great if not better than the first. I am humbled to have played a small part in its history.

by Tarus at September 01, 2019 05:10 PM

August 29, 2019

Crash

It’s been even longer than usual since I’ve updated this site. I’m missing a ton of stuff, including the last day of Dev-Jam as well as my trip to this year’s OSCON conference in Portland. I wouldn’t be surprised if I lose one if not all of my three readers.

But I do have an excuse. This happened.

Crashed F150 Pickup Truck

On Friday, July 26th, I left my farm in Chatham County, North Carolina, to head to town. I needed to get the oil changed in the F150 and I was planning on meeting some friends for lunch.

About three miles from my house, another driver crossed the centerline on Hwy 87 and hit my truck nearly head-on. I suffered a broken rib, a fractured C2 vertebrae, and a fractured right big toe, but the major damage was that my left ankle was shattered.

I’ve spent the last 33 days at the UNC Medical Center in Chapel Hill, where I underwent two surgeries and was taken care of by some amazing staff.

I’m home now and plan to return to work (remotely) next week. I still have many months to go before I can approach normality, but a journey of ten thousand miles begins with a single step.

Thanks for your kind thoughts. One good thing that has come out of this is that I’ve spent the last 17 years trying to build OpenNMS into something that can thrive even without me, and the team has been amazing in my absence. I can’t wait to be at full strength again.

by Tarus at August 29, 2019 05:47 PM

August 05, 2019

OpenNMS.js v1.2.0

This is a small release which adds support for a default timeout in GrafanaHTTP, as well as adding X-Requested-With headers to requests (NMS-9783).

Bug Fixes

  • http: add timeout to GrafanaHTTP (22bdd70)

Features

  • rest: NMS-9783: add X-Requested-With header to requests (e803726)

by RangerRick at August 05, 2019 07:57 PM

June 29, 2019

2019 Dev-Jam – Day 4

The next to the last day of Dev-Jam was pretty much like the one before it, except now it was quite clear that Dev-Jam was coming to a close (sniff).

I actually managed to get some of the work done that I wanted to do this week, namely to start working on the next version of my OpenNMS 101 video series. A lot changed in Horizon 24 and now the videos are a little off (especially when it comes to alarms) and I want to fix that soon.

2019 Dev-Jam: Group of People Hacking Away

I did make one bad decision when I purchased take-away sushi from the Union, but I was lucky that I got over it quickly (grin)

2019 Dev-Jam: Jesse Talking About ALEC

It’s so nice to be able to break out into little groups and share what is going on in OpenNMS. Jesse gave an in-depth talk on ALEC (and I’ll be presenting it at this year’s All Things Open conference).

It wasn’t all work, though.

2019 Dev-Jam: Table with Snacks and Ulf

A group of people had gone to the Mall of America on Sunday, and Markus bought a Rick and Morty card game that seemed pretty popular. Parasites!

For dinner I ordered some delicious pizza from Punch as many people wanted to stay in and finish up their projects in time for tomorrow’s “Show and Tell”.

It’s hard to believe Dev-Jam is almost over.

by Tarus at June 29, 2019 02:24 PM

June 27, 2019

2019 Dev-Jam – Day 3

Not much to add on Day 3 of Dev-Jam. By now the group has settled into a routine and there’s lots of hacking on OpenNMS.

As part of my role as “cruise director” Mike and I ran out for more snacks.

2019 Dev-Jam: Table with Snacks and Ulf

On the way we stopped by the Science Museum of Minnesota to pick up a hoodie for Dustin. As fans of Stranger Things we thought we should get our Dustin the same hoodie worn by Dustin in the show. The one in the show was apparently an actual hoodie sold by the museum in the 1980s, but it was so popular they brought it back.

2019 Dev-Jam: Dustin and Dustin in Brontosaurus Hoodie

While not exactly the “Upside Down” in the evening the gang descended on Up-Down, a barcade located a few miles away. Jessica organized the trip and folks seemed to have a great time.

2019 Dev-Jam: Selfie of Folks at Up-Down.

The combination bar and arcade features vintage video games

2019 Dev-Jam: People Playing Video Games at Up-Down.

as well as pinball machines

2019 Dev-Jam: Selfie of Folks at Up-Down.

Of course, there was also a bar

2019 Dev-Jam: People at the Bar at Up-Down.

Good times.

by Tarus at June 27, 2019 04:52 PM