Planet OpenNMS

April 24, 2017

This Week in OpenNMS: April 24th, 2017

It's time for This Week in OpenNMS! In the last week we worked on various internal changes, documentation, Compass, Minion, and the web UI.

Github Project Updates

  • Internals and Documentation

    Jesse worked on optimizing some of the time series calculation code. I worked on making sure Open...

April 24, 2017 03:21 PM

April 20, 2017

New Board, New Claim: Make OpenNMS great again

The new Board

In our last general assembly 13th April 2017 a new board was elected. Dustin Frisch is our new President, Uwe Bergmann our new Vice President and Ronny Trommer our new treasurer.

The assembly itself was very interesting. The discussion was from: “lets dissolve the foundation” to “make it great again”. At the end we decided to keep the foundation and use it further as a plattform to support OpenNMS and its users.

What will happen in the future

The board will have a meeting in a couple of days to define the next steps and the agenda for the next period. Just speaking for me: I am very interested in organizing the next OpenNMS User Conference Europe (OUCE). I spoke to a couple of friends in the last weeks and nearly all of them said they are missing the OUCE.

I think the next OUCE will happen not earlier than next year.

So stay tuned. We will keep you up to date regarding the foundation an the OUCE.

by Uwe Bergmann at April 20, 2017 02:45 PM

April 18, 2017

Reboot & Update Monitor

Security updates are important and need to be installed regularly and as quick as possible.

In Linux distributions like Ubuntu and Debian this is easily done with the apt package manager. Most of the security updates can be installed without rebooting your system. If you upgrade your Kernel it is...

April 18, 2017 01:32 PM

April 17, 2017

This Week in OpenNMS: April 17th, 2017

It's time for This Week in OpenNMS! In the last week we worked on various internal changes, and the web UI.

Github Project Updates

  • Internals

    Alejandro updated our embedded Drools to 6.5.0 and added support for saving/restoring state. Jesse updated the XMP collector to the new collection...

April 17, 2017 03:14 PM

April 10, 2017

How Version 2.0 Killed Android Wear

I am the happy owner of an LG Urbane smartwatch. Unfortunately, I just upgraded to Android Wear 2.0 and now I can’t use it.

Andrea Wear 2.0 Upgrade

Luckily for me, my smartwatch is not “mission critical”. If I leave it at home by mistake, I don’t turn around to go back to get it. The main thing I use it for is notifications. I like the fact that if it is with me, it will automatically mute my phone and then vibrate when I have a notice. A quick glance at my wrist will tell me if I need to deal with it right this moment, or if it can wait.

The second thing I use it for is to do simple voice searches or to set reminders and timers. Outside of that there are a few apps I use and I like the fact that it tracks my steps, but overall I don’t use a ton of features.

When the notice popped up that I could upgrade, I blindly went ahead and did it. In retrospect, that was stupid, but I often get in trouble rushing out to install the “new shiny”. The upgrade seemed to go fine, and I didn’t think that much about it until lunch.

One of the things I do before heading out to lunch is check the temperature to see if I need a jacket. So I did the usual wrist flick to “wake” the watch and said “Ok Google” to get to the voice prompt.

Nothing happened.

Hrm, I did some research and apparently with 2.0 you have to press the button on the side of the watch to get to the Google prompt. I think this is a huge step backward, because now I have to involve both hands, and I find it ironic that with Android Wear 1.5 I I had to sit through a demo of one-handed gestures over and over again (I often have to re-pair my watch due to reloading software on my phone) and now they’ve thrown “do everything with one hand” out the window.

Anyway, I pressed the button which then brought up the Google Assistant setup screen on my phone. With 2.0 if you want to use voice searches, etc., you must use Google Assistant and you have to give Google access to all of your contacts, calendars etc.

(sigh)

I work hard to “sandbox” my Google activity from the rest of my digital life. It’s not that I think they are evil, it’s just that I don’t want anyone to have that much information on me, well, other than me. I kind of despair for free and open source software solutions in the consumer space. Everyone seems to be rushing to adopt these “always on” digital assistants with absolutely no regard to privacy, and this is causing vendors to lock down their ecosystems more and more. While open source is definitely winning on the server side, I don’t think the outlook has ever been so grim on the consumer side.

There were some upsides with 2.0, such as improvements to the look and feel, but I also found that I didn’t care for the new notification system (I seemed to miss a lot of them – perhaps I needed to change a configuration). But the requirement for Google Assistant was a deal breaker.

I thought about going back to 1.5, which I liked, but I can’t seem to find a factory image. In trying to locate one, I discovered that TWRP does have a version for bass (the codename for the LG Urbane) and I should have installed that and made a backup before upgrading. I contacted LG and they told me it was impossible to downgrade. That’s a load of crap because I could easily sideload the old version if they made it available, but then I’d have to deal with constant upgrade reminders and the few apps I do use would probably stop support for 1.5 to focus on 2.0.

It just isn’t worth it.

I know at least one of my three readers is thinking I should just cave and learn to embrace the Google, but I can’t bring myself to do it. I am eagerly awaiting open source alternatives like Asteriod OS (which just isn’t ready for daily use) and Mycroft (which is supposed to be shipping units this month) but I really don’t think I’ll miss my Urbane enough to spend the time on it.

I plan to sell my Urbane on eBay and I’ve gone back to my previous “dumb” watch (a nice little Frederique Constant I bought on a flight from Dubai to London). It’s kind of a shame since I enjoyed using it, but to be honest I’m not going to miss it all that much.

by Tarus at April 10, 2017 06:18 PM

This Week in OpenNMS: April 10th, 2017

It's time for This Week in OpenNMS! In the last week we worked on various internal changes, and the web UI.

Github Project Updates

  • Internals

    I finished my work on using Java 8's Optional in our JAXB classes and other cleanups. Markus did more work on moving requisitions into the databa...

April 10, 2017 02:35 PM

April 05, 2017

Automated Orderings

A self-sufficient printer environment

OpenNMS usually stands for network and server monitoring. But like every good tool you can use (or misuse?!) OpenNMS in other scenarios as well.

If that is a good solution, is completely your choice! :-)

Imagine, you have a big printer environment, distrib...

April 05, 2017 11:46 PM

April 03, 2017

This Week in OpenNMS: April 3rd, 2017

It's time for This Week in OpenNMS! In the last week we worked on various internal changes, and the web UI.

Github Project Updates

  • Internals

    I did more work on using Java 8's Optional in our JAXB classes and other cleanups. Seth continued his work on refactoring our syslog parser, and...

April 03, 2017 03:15 PM

March 27, 2017

The Importance of Contributor Agreements

One thing that puzzles me is the resistance within the open source community to contributor agreements. This was brought into focus today when I read that the OpenSSL Project wants to migrate to the Apache 2.0 license from the current project specific OpenSSL license.

In order to do that they need permission from all of the nearly 400 contributors of the project over the last 20+ years, and contacting them will be a huge undertaking. If one person refuses to agree, then they will either have to abandon the effort, or locate that person’s contribution and either remove or replace it.

Many years ago we found out that a company was using OpenNMS in violation of our license. When our lawyer approached them about it, they claimed that they were only using those parts of the code for which we didn’t hold copyright. At that time, early versions of OpenNMS were still copyright Oculan, the company that started the project, and not OpenNMS. Since Oculan wasn’t around anymore it took us awhile to track down the intellectual property, but in the end David and I were able to mortgage our houses to purchase that copyright so that now the project can control all of the code and defend it from license abuse in the future.

But the question arose about what to do moving forward, specifically how should we deal with community contributions? In the past companies like MySQL required all contributors to sign a document with phrases like “You hereby irrevocably assign, transfer, and convey to MySQL all right, title and interest in and to the Contribution” which seemed a little harsh.

I posed this question to the Order of the Green Polo, the de facto project administrators, and DJ Gregor suggested we adopt the Sun Contributor Agreement that we now call the OpenNMS Contributor Agreement, or OCA. This was a straightforward document that asked two things.

First, you attest that you have the right to contribute the code. This is more important than you know, because it helps remove liability from the project should the contribution turn out to be encumbered in some way, such at the author writing it as part of their job and thus it is actually the property of the employer. We allow both individuals and companies to sign the OCA.

Second, you assign copyright to OpenNMS while retaining copyright yourself. This introduces the concept of “dual copyright”. Now some critics will say that this concept hasn’t been tested in court, but there is a long history of authors sharing copyright. Considering that Oracle maintained the agreement in the form of the Oracle Contributor Agreement, it appears that their lawyers were satisfied.

I claim responsibility for the license under which these Contributor Agreements are published: the Creative Commons Attribution-Share Alike License. When DJ suggested the Sun Contributor Agreement I noticed that there wasn’t any license on the agreement itself. I didn’t want to just copy it and change “Sun” to “OpenNMS”, so I contacted Brian Aker who had just moved to Sun with the MySQL acquisition and asked him about it. Soon thereafter the Agreement was updated with the license and we adopted our version of it.

Once we adopted the OCA, I was tasked with tracking down anyone who had ever contributed to OpenNMS outside of the company or Oculan and asking them to sign it. They all did, but I can tell you that I had a hard time tracking down a number of them (people move, e-mails change). I don’t envy OpenSSL at all.

I hope this story illustrates the importance of some sort of Contributor Agreement for open source projects. They don’t have to be evil, and in the end getting your copyright and licensing issues completely sorted out will make managing them in the future so much easier.

by Tarus at March 27, 2017 05:28 PM

This Week in OpenNMS: March 27th, 2017

It's time for This Week in OpenNMS! In the last week we worked on various internals and cleanup, and topology.

Github Project Updates

  • Internals

    I did more work on using Java 8's Optional in our JAXB classes and other cleanups. Seth did more work on refactoring our syslog parser. Marku...

March 27, 2017 04:34 PM

March 20, 2017

This Week in OpenNMS: March 20th, 2017

It's time for This Week in OpenNMS! In the last week we worked on various internals, the Minion, and the web UI.

Github Project Updates

  • Internals

    Jesse and I finished converting XML parsing to JAXB. All that's left is to remove some final references to Castor and then it's gone. I also...

March 20, 2017 03:40 PM

March 13, 2017

This Week in OpenNMS: March 13th, 2017

Hey there, everybody! I am back from JoCo Cruise 2017 and ready to catch you up on the last 2 weeks of development. In the last 2 weeks we worked on various internals, polling and provisioning, the Minion, and the web UI.

Github Project Updates

  • Internals

    Jesse and I worked more on gett...

March 13, 2017 03:40 PM

March 09, 2017

Electronic Devices and CPB

With the change in administration in the United States, Customs and Border Protection (CBP) have modified their behavior to include actions with which I don’t agree. These include forcing a US citizen to unlock his mobile device, even though it was a work device and contained sensitive information. I set out to come up with how I will deal with this situation should it arise in the future.

TL;DR My plan is as follows: before I enter the United States, I will generate a long, random password and set that as the encryption password for my laptop and my handy. I will then ssh into an old iMac I have on my desk, store the password in a file, and then shut the computer down. At that point I will not be able to access the information on my device until I return to the office and power on the system.

UPDATE: The EFF has published a detailed guide to help understand your rights at the border.

First off, let me say that until recently I’ve always respected CPB. They have a tough job and everyone I’ve ever met while returning from my travels has been efficient, competent and friendly.

But after the recent “Muslim Ban” fiasco I’ve come to realize that my experience is not universal. I think one of the main problems is this idea that the Constitution stops at the CBP desk, and until you are past it you really aren’t “in America” and thus the Constitution doesn’t apply.

I don’t agree with this interpretation, but it can probably be traced to the actions taken by the US government after 9/11 and the creation of the prison at Guantanamo Bay.

Prior to that, when “bad hombres” were captured by the US government, they fell into one of two categories: criminals or prisoners of war. How each class was treated was fairly well defined. Criminals were processed according to the rule of law, and the treatment of POW’s was covered under the various Geneva Conventions.

The US government decided that those two classifications were inconvenient, and so they ventured into the murky waters of “enemy combatant” and Guantanamo. Their logic goes that since Guantanamo isn’t in the US, US law doesn’t apply, and since these people aren’t members of a foreign country’s military force with which we are at war, then they aren’t POWs. So, the US gets to make up its own rules about how these people are treated.

This is dangerous for a number of reasons. Since nothing is really codified about the treatment and rights of the detainees at Guantanamo, the rules are arbitrary. Also, this opens the door for other countries such as Russia to do similar things without fear of international repercussions. The US has survived for so long because things like this are not supposed to happen, yet here we are.

This thought now extends to the border. Even though a US citizen is being questioned by another US citizen, in the role of a representative of the US government on US soil, somehow the rules of the Constitution are suspended. It’s arbitrary and I don’t buy it. The Constitution codifies a right to privacy in the Fourth Amendment, and it doesn’t go away when entering the country. And it definitely extends to mobile devices, which in today’s world are probably the most personal item people own.

So how can people like me, with almost no political power, resist this threat to our freedom?

I’ve always done little things, like opting out of millimeter wave scans at airports and getting a pat down instead (I’m not shy). If everyone did this the whole system would collapse, and they would find better ways of dealing with security than the security theater we have now. Seriously, if the Israelis don’t use it, it ain’t worth using.

When I turned to the problem of dealing with CBP, my main thoughts went to two devices that I use when traveling: my handy (mobile “phone”) and my laptop. I figured the easiest thing to do would be to just wipe them before coming into the country, but that presents some logistics problems.

For example, I could make a backup of my handy, copy it to a server at home, and then wipe it. The problem is that I have 64GB of storage on the device and I doubt I could transfer a backup in time over, say, a hotel Wi-Fi connection. One of my coworkers uses an iPhone and they thought about wiping their phone and just restoring it from iCloud when they were in the country, but then CBP could require that he turn over his iCloud password.

On my laptop I use whole disk encryption, but I thought about just rsync’ing my home directory and then deleting it before leaving, then again there is the WiFi issue and I really don’t want to have to deal with copying everything back when I’m home.

Then it dawned on me that if I didn’t know the encryption password, then I couldn’t reveal it. The problem became how to create a secure password that I couldn’t remember yet get it back when I needed it.

While my main desktop computer runs Linux Mint, I keep an old iMac on my desk mainly to run WebEx sessions and for those rare times I am forced to use a piece of software not available for Linux. It’s connected to the network, so I can access it remotely. But, if I can access it, I would be lying if CBP asked me for my password and I said I couldn’t retrieve it. Unlike the US Attorney General, I refuse to perjure myself.

Then it dawned on me that I could shut the iMac down remotely and have no way to turn it back on. Thus I could store a passphrase on it, retrieve it when I was back in the country, but until then I would be unable to unlock my devices.

That became the plan. So, the next time I’m returning from overseas, I’ll generate a new, random password. I’ll set that as the whole disk encryption password on my laptop and the encryption password on my handy (note that this is different from the screen-lock password). This will also tie up all of my social network passwords since I use complex ones and store them on those devices. Well, with the exception of my Google account, but since I use two-factor authentication I should be safe as my handy is the device that generates the codes (and I won’t carry any of the backup codes). As long as both of those devices stay powered on, I’ll be able to use them, but once I power them off they will be useless until I get to the office, power on the iMac, and retrieve the passphrase. Note that in order to do that, I’ll be firmly in the US and anyone who wants me to unlock my devices will need a court order.

Which I would respect, unlike CBP. I think the scariest part of the whole “Muslim Ban” incident was when CBP refused to honor court orders. America is built on three branches of government, and when the Executive branch ignores the orders of the Judicial branch we are all in trouble.

I had a two other problems to address, one of which is done. If I’m in the US but my handy is locked, how would I make calls? I might need to call my ride home, etc. To that end I bought a cheap “feature” phone and I’ll just move the SIM card to it when we land.

ZTE Feature Phone

The second issue is that while I should be on solid legal ground concerning my electronic devices, there is nothing preventing CBP from holding me for a long time. Thus the final step is to find an attorney and execute a G-28 form allowing them to represent me. I’m not sure if I need a civil rights lawyer or an immigration lawyer but I’m looking into it. My goal is to be able to notify my attorney when I am coming back into the country, and then send an SMS to them when I am through immigration. If that doesn’t arrive within two hours of my scheduled arrival, they need to come and get me.

I think the thing that bothers me the most about this whole process is the need for it. I’m not a tinfoil-hat conspiracy guy but the actions of the new government have me worried. As I use open source software almost exclusively I know I’m safer than most when it comes to surveillance, and I also don’t expect to run into any problems being an older, white male. But I’d rather be safe than sorry, and the only thing necessary for the triumph of evil is that good men do nothing.

by Tarus at March 09, 2017 02:04 PM

March 07, 2017

Dev Jam 2017: July 16-21 Concordia University

One of my favorite times of the whole year is the week of Dev-Jam, the annual OpenNMS Developers Conference. This year will mark our twelfth meeting, and it has grown quite a bit since our inaugural one in 2005.

For the first time we will be holding Dev-Jam outside of the United States. About a third of the attendees come from other countries and due to recent changes in US immigration policy we couldn’t have people forced to reveal sensitive things such as social media passwords just to come to Dev-Jam.

So, we are holding it at Concordia University in Montreal, Quebec, Canada. Not only is Montreal an awesome city, Concordia is also the alma mater of Jesse White, one of the key architects of OpenNMS. It should be a wonderful venue for the conference.

We have reserved a block of rooms in the historic Grey Nuns Building. Similar to the dorms we have used in the past, every one will get a single room with a shared bathroom. If you would rather stay in a more conventional hotel, there are a number of excellent choices nearby, although I would strongly recommend you consider the dorm as the majority of people will be staying there and it can be quite nice.

Grey Nuns Motherhouse

There are also a number of other events going on in Montreal that week, including a Metallica concert and a fireworks competition, and we will try to do something as a group (baseball is out since the Expos moved to Washington, DC, in 2004).

Space is limited, so if you are the slightest bit interested please let me know and I can reserve you a spot. More details can be found on the wiki and registration is now open.

Hope to see you there, and yes, there will be poutine.

by Tarus at March 07, 2017 08:27 PM

Dev Jam 2017: July 16-21 Concordia University

We are happy to announce our annual meeting Dev-Jam, the annual OpenNMS Developers' Conference. This year will mark our twelfth meeting.

For the first time we will be holding Dev-Jam outside of the United States. About a third of the attendees come from other countries and due to recent changes...

March 07, 2017 02:42 PM

February 27, 2017

This Week in OpenNMS: February 27th, 2017

In the last week we worked on various internal cleanups and the web UI.

Github Project Updates

  • Internals

    Jesse did more work on cleaning up data collection. Seth continued to work on updating our embedded Karaf to Karaf 4. Jesse and I worked a bunch on converting old Castor-based internal...

February 27, 2017 03:48 PM

February 22, 2017

OpenNMS Horizon 19.0.1 (Ferret-Legging) Released

OpenNMS 19.0.1 (code name: Ferret-Legging) is now available.

This release contains a number of small bug fixes focused mostly on upgrade issues from Horizon 18.

For details on what has changed, see the complete change log.

Breaking Changes/Upgrading

There is a configuration change over 1...

February 22, 2017 06:44 PM

February 21, 2017

This Week in OpenNMS: February 21st, 2017

In the last week we worked on internals, Minion, the web UI and ReST, and bug fixes.

Github Project Updates

  • Internals

    Ron worked on improving our SSL handling in a number of the SSL-based monitors and detectors. Jesse worked on converting our remaining Castor-based objects to JAXB. He al...

February 21, 2017 04:18 PM

February 19, 2017

Fourteen Years

I just wanted to take a second to thank my three readers for fourteen years of support.

My first post on this blog happened on this date in 2003, and when I wrote it I had little idea I’d still be doing it almost a decade and a half later.

It does seem weird that I still consider OpenNMS a start-up. We took a much different path than a lot of other companies, focusing on our customers instead of fundraising. With our mission statement of “Help Customers, Have Fun, Make Money” and our business plan of “Spend Less Than You Earn” we’ve not only managed to survive but thrive, and both the company and the project have never been stronger. While we are always looking for good investors, this allows us to pick just the right partner.

I’d like to end this with a quote from Michael Seibel of Ycombinator. Actually, it is almost his entire blog post but it really resonated with me.

I’d like to make the point that success isn’t the same as raising a round of financing. Quite the opposite: raising a round should be a byproduct of success. Using fundraising itself as a benchmark is dangerous for the entire community because it encourages a culture of optimizing for short term showmanship instead of making something people want and creating lasting value.

I believe founders, investors, and the tech press should fundamentally change how they think about fundraising. By deemphasizing investment rounds we would have more opportunity to celebrate companies who develop measurable milestones of value creation, focus on serving a customer with a real need, and generate sustainable businesses with good margins.

Optimizing for funding rounds is just as unproductive as optimizing for headcount, press mentions, conference invites, fancy offices, speaking gigs or top line revenue growth with massively negative unit economics.

by Tarus at February 19, 2017 03:44 PM

February 15, 2017

Ulf: My Favorite Open Source Animal

Over at opensource.com they asked “What’s your favorite open source animal?” Hands down, it’s Ulf.

OpenNMS Kiwi: Ulf

When I was at FOSDEM this year, we were often asked about the origin of having a kiwi as our mascot. Kiwi’s are mainly associated with New Zealand, and OpenNMS is not from New Zealand. But Ulf is.

Every year we have a developer’s conference called “Dev Jam“. Back in 2010, a man named Craig Miskell came from NZ and brought along a plush toy kiwi. He gave it to a group of people who had come from Germany, since he had come the furthest east for the conference and they had come the furthest west. They named him “Ulf”.

There was no conscious decision to make Ulf our mascot, it just happened organically. People in the project started treating him as a “traveling gnome“, setting up a wiki page to track some of the places he’s been, and he even has his own Twitter account.

I lost him once. We had a holiday party a few years ago and Ulf went missing. We thought he had been left in a limo, so I dutifully sought out a replacement. I found one for US$9, but of course shipping from NZ was an additional US$80 more, so I bought two. I later found Ulf hiding in the pocket of a formal overcoat I rarely wear (but had the night of the party) so now we have a random array of individual Ulf’s.

Anyway, Ulf manages to represent OpenNMS often, from stickers to holiday cards and keychains. I love the fact that he just kind of happened, we didn’t make a conscious decision to use him in marketing. If you happen to come across OpenNMS at conferences like FOSDEM, be sure to stop by and say “hi”.

by Tarus at February 15, 2017 05:32 PM

February 14, 2017

2017 Europe: Brussels and FOSDEM

This post is about a week overdue, but for the first time in my life I came down with a vicious case of “con crud”. This is a illness that you can get after attending a conference or convention (no reference since the top hits on Google all reference “furries“). This really knocked me out – mainly sinus congestion so severe that my head hurt so bad I couldn’t really sleep. It just laughed at my attempt to treat it with pseudophedrine, and nothing but time seemed to help. Luckily I feel better now and I’m eager to talk about my great time in Brussels at my first FOSDEM.

The Free Open Source Developers European Meeting is probably the largest free software event in the world. This year an expected 8000 people descended on the Université Libre de Bruxelles, and I believe every one of them walked by our stand. It was insane.

I arrived from Riga Friday night and made it to my hotel. My so-called friends had already abandoned me and headed toward the Grand Place and Cafe Delirium, the de facto pre-conference bar.

Cafe Delirium Crowd

Against all odds I managed to catch up with them in the alley outside the bar. Ronny and Markus had come over from Germany, as did Simon and Anya. Jonathan and Craig had come from the UK, and I finally got to meet the amazing Cyrille, a long time OpenNMS contributor who lives in Brussels. There was beer.

Our Gang at Cafe Delirium

We headed over to the university early on Saturday to set up our booth. While this was my first FOSDEM, I was told by a couple of long time attendees that the conference outgrew the venue years ago, with various suggestions for why: from “tradition” to “it’s free”. In any case, it does create an atmosphere that can only be described as special.

FOSDEM Stand

We had a stand in Building K on the second level. This was in a wide hallway surrounding a large auditorium where a number of sessions were held. From the start we got a lot of traffic to the stand, and unlike many conferences the people that stopped seemed genuinely interested in learning about OpenNMS and weren’t just there to check out the swag.

And we had really good swag. In addition to a number of stickers (including the awesome “Ulf Mate” sticker as a play on the “Club Mate” logo and slogan), we had, new for this show, OpenNMS keychain/bottle openers which were a big hit.

OpenNMS Keychains

I also got interviewed for Hacker Public Radio. I don’t remember much of what I said, but people seemed to be into it (grin).

It is seriously difficult for me to describe the crowds. When I needed the restroom, I had to make my way downstairs and then fight my way through a crowd so packed I think it rivaled that year I went to Mardi Gras in New Orleans.

FOSDEM Crowd

But it just lent to the energy and atmosphere of the place. I know from social media that a number of people I know were there that I just missed (looking at you Brian Proffitt) but I did get to see some old friends and I make a few new ones. One person I was happy to meet for the first time was Carol Chen. She is the community manager for ManageIQ, and I first learned about her when Jeff was invited to do an OpenNMS talk at the ManageIQ Design Summit.

Carol Chen and Ulf

She showed up at the stand on Sunday in search of one of our keychains, but we had run out. I had put one away for me but was happy to give it to her. After all, I can always get more.

One thing that sets FOSDEM apart from other open source conferences is the emphasis on “free” software, and some of the social justice causes that naturally follow. Heck, the University has “free” (as in freedom) in its name. Considering that the US President had signed a “Muslim Ban” the week before the conference, it was cool to see this sign on campus.

Refugees Sign

But not all of the fun happened at ULB. Brussels has some beautiful architecture, and just wandering around you might come across a stunning building like this church.

Brussels Church

Nothing is probably as striking as the Grand Place, or central square of Brussels. It is surrounded by tall buildings, some of which represent Guildhalls of various crafts. My friend Daniel pointed out to me that a lot of the money for those buildings probably came from Antwerp during the height of the Hanseatic League. Since the cities of Tallinn and Riga were key players in the Hansa, it kind of brought this European trip full circle.

That’s not to say there aren’t modern things in Brussels. I’ll post this picture without comment.

Mr. Ego Sign

We ended the conference on Sunday with a small group of us meeting for beers and then dinner. Dinner was held at Restaurant Vincent and it was quite good.

Dinner at Vincent's

At the table is Karen Sandler from the Software Freedom Conservancy, me, Lukas and Daniel Ranc from Paris (Daniel teaches at Télécom SudParis and his son is working on his Ph.D.), Cyrille Bollu, Ronny Trommer and Markus von Rüden from OpenNMS, and Spot Calloway from Red Hat.

My only wish is that we could have sat at a round table, since the long table caused conversation to be split into two. I really wanted Daniel and Spot to chat, as Daniel is working on some cool software for education for doing quizzes and surveys in class, and Spot is focused on higher education at Red Hat. But in any case I really enjoyed the conversation, especially one story that Spot told of his college days that I pretty much can’t top (and I pride myself on being able to hold my own when it comes to storytelling).

It was a nice end to an exciting week.

by Tarus at February 14, 2017 09:48 PM

February 13, 2017

OpenNMS Horizon 19.0.0

The long-awaited OpenNMS Horizon 19 (code name: Ice Hockey) is here!

It is chock full of bug fixes and new features, most notably full support for OpenNMS's polling and data collection APIs on the Minion.

New in Horizon 19

  • OpenNMS Minion: Minion systems now have full support for most manage...

February 13, 2017 10:30 PM

This Week in OpenNMS: February 13th, 2017

In the last week we worked on internals, Minion, the web UI, and bug fixes.

Github Project Updates

  • Internals

    Jesse added support for requisition providers through a new URL format, requisition://[plugin]. Seth worked on updating OpenNMS's embedded Karaf to 4.x. I fixed an issue with th...

February 13, 2017 04:18 PM

February 09, 2017

OpenNMS Horizon 18.0.4

OpenNMS 18.0.4 (code name: Kiwa Hirsuta) is now available.

This release contains a number of bug fixes and enhancements, including a fix for a deadlock that can be triggered by using the topology UI, and a rather large performance fix for startup if you are using BSM.

Notable Changes

  • many fi...

February 09, 2017 11:00 PM

February 06, 2017

This Week in OpenNMS: February 6th, 2017

In the last week we worked on internals, minion, web UI, and bug fixes.

Github Project Updates

  • Internals

    Markus did some more work on auto-compiling Jasper reports. Markus fixed attribute mapping in the JIRA ticketer. Alejandro fixed an issue with spikes in graphs on node reboot. Jesse...

February 06, 2017 04:18 PM

February 04, 2017

2017 Europe: Riga

Latvia is the 39th country I’ve been able to visit, and based on Riga it is easily in my top ten. I really enjoyed my short time here.

Getting off the bus from Tallinn, the first thing I noticed was that it was a little colder here. Both Helsinki and Tallinn are right on the water, but Riga is slightly inland. Still, it wasn’t a hard walk from the bus station to the hotel, and I got to see some of the Old Town.

Frozen Stream in Riga

I had the rest of the day to myself, so I decided to explore the City. One thing I noticed about Riga is that it is very clean. Granted, when you have piles of snow that don’t melt this doesn’t mean everything looks brand new, but I didn’t see the usual trash and paper on the ground like I might find in London or Paris. While the buildings may be old, they are well maintained, and some are quite beautiful, which is not how I imagined a former Soviet bloc country to look.

Riflemen Monument

Granted, there were a few reminders, such as the impressive “Riflemen Monument“. This was originally meant to honor those in the Latvian military who supported the Bolsheviks (the “red” riflemen) but I was told that now it also honors the opposition “white” riflemen.

The reason I came to Riga was to participate in a conference held by LATA (Latvijas atvērto tehnoloģiju asociācija or the Lativian Open Technology Association). LATA is a volunteer organization with only one employee, Ieva Vitolina, who was kind enough to invite me to speak.

Not only were the people in general in Riga very kind to me, the LATA people treated me like a diplomat.

Main Entry Hall for the LATA Conference

Before the conference I was introduced to Jānis Treijs, of the LATA Board. A very nice man, Jānis is very tall, and I had to joke that when I studied physics we used to say all people were two meters tall to make the math easier, but it is rare I actually get to meet someone that tall.

LATA conference room

The conference was held at the Latvijas Universitātes Dabaszinātņu akadēmiskais centrs (Latvian University of Natural Sciences Academic Center) which was a very modern facility, much nicer than many of the schools I attended in my youth. The morning program was held in this main room, and after lunch we would break out into another room as well (which was where my talk was to be made). About half of the program was in Latvian, with the other half in English.

IBM was a sponsor, and Andrzej Osmak from Poland gave a talk on IBM’s approach to open.

Andrzej Osmak

To be quite frank, OpenNMS would not exist without IBM. They are a main supporter of the Apache Foundation and most of the developers use Eclipse as their IDE. The only small criticism I would have about that talk was an emphasis on permissive licensing. I think permissive licenses are great in the proper context, but they aren’t the best choice for everyone.

This was followed by another talk in English by Dr. John O’Flaherty from Ireland.

John O’Flaherty

His focus was on “open data” and the different levels with which data can be made available. I am always amazed at what wonderful things people can create when companies and governments make data available in a usable fashion, and John gave several examples of those.

The remaining morning talks were in Latvian, so I just tried to understand them through the slides. The Clusterpoint presentation was interesting in that the slides were in English but the presentation itself was given in Latvian.

The morning ended with an awards presentation which had three categories: the most open institution, the most substantial contribution to technology promotion, and the best start-up.

Then it was the lunch break, which I spent talking about business and free software with Valdis, Ieva’s husband. It was then time to get ready for my own presentation.

There were two presentations in English about open source business. Including mine, Aleksejs Vladiševs the founder of Zabbix shared his experiences. It was kind of ironic that both of us work at pure open source companies and both of us work in the network monitoring space. Despite that, we tend not to compete, and it was interesting to see how similar our paths were.

My talk seemed well received, although I had a little less than 30 minutes so I didn’t have any time for questions. I was humbled that the winner of the LATA start-up award, Mihails Scepanskis, wanted to ask me some questions about open source business afterward, and along with his wife Anna and Vladis, we spent pretty much the rest of the conference talking. As usual, my favorite conference track turned into the “Hallway Track” once again.

National Library

That evening, the organizers of the conference took a group of us on a tour of the National Library of Latvia. This is a major landmark in Riga and it is easy to spot from many places in the city. It was planned for many years, but finally opened in 2014.

National Library Sign

The interior hosts a 400+ seat state of the art theatre, but the first thing I noticed was the central atrium.

National Library Atrium

Inside it there is a wall of books. These were books donated by the Latvian people to the library, and it stretches for several stories. We were also told an interesting story, when the library opened several thousand books were moved from the old location to the new building via a “human chain“. People formed a line over a mile long and passed the books hand to hand.

National Library Book Wall

The tour took us up through the building, and we got to see a number of the large (and not so large) reading rooms. One that caught my eye was dedicated to American culture.

National Library American Culture Room

I found it interesting that the books on display included ones by Noam Chomsky, James Carville and articles from the New Yorker.

Each floor was color-coded, and we were told that the colors corresponded to the “pre-Euro” Latvian currency, the Lat. The higher floors had colors that corresponded to higher denominations.

National Library

At the top was an interesting display. It was a Cabinet of Folksongs. This wooden cabinet holds over a quarter of a million Latvian folksongs written on small slips of paper.

Cabinet of Folksongs

The tour was followed by a wonderful meal in a restaurant in the Library itself. I got to spend more time talking with Aleksejs, Jānis, his wife and John, as well as drinking some nice beer over wonderful food.

The next morning Jānis’s wife had arranged for me to meet with the ITC department of the City Council of Riga. Riga firmly believes in Internet access for its population. The City has more free WiFi coverage than any other European City, and the Council is responsible for providing as many services as possible to its citizens to make sure the government is responsive to their needs. It was a refreshing conversation. They use a number of tools, including Zabbix, so I wasn’t expecting them to switch to OpenNMS, but I had a nice meeting learning about their environment and sharing a little bit about OpenNMS.

Corner House

We had a little time before lunch, so we made a quick visit to the “Corner House“. This was a beautiful apartment building that was taken over by the Cheka, a division of the KGB, and was the source of terror for many citizens of Latvia as late as 1991. It reminded me of the House of Terror in Budapest. Jānis’s wife told a story of her mother having to go to this building for an interview as the Cheka was interested in one of her relatives.

Corner House

It is a shame that a thing of such beauty could be used for such evil.

After that we met up with Jānis for a wonderful meal, and then I made my way to the airport for my trip to Brussels for FOSDEM.

As the airBaltic Q400 took off and got above the clouds, the cabin was suddenly filled with light. I realized that I had not seen the sun properly in a week. If Riga and its people can be this beautiful in the dark of winter, it must be a truly magical place in the summer. I hope one day soon to return.

by Tarus at February 04, 2017 04:27 PM

February 02, 2017

2017 Europe: Tallinn

After a wonderful visit to Helsinki, it was time for the next leg of the journey: Tallinn. Estonia will mark the 38th country I’ve been able to visit.

To get to Estonia I took the Tallink ferry service. There are several trips from Helsinki to Tallinn each day, so I planned to leave around 10:30 to arrive around 13:00.

I’m not a boat guy. While I’m fine in planes I don’t do well in boats, but the ferry is quite large. Here is a picture of one heading the other way through a window on mine:

Tallink Ferry

It had ten decks, so I made my way up to deck nine and found a seat near the window.

Tallink Ferry Interior

It was a quite civilized way to travel. Even though the sea was a little choppy, the ride was very smooth. You almost didn’t realize the ship was moving.

When we arrived I took a taxi to the hotel, dropped off my bags and set out to discover the city. I was in the “Old Town” section of Tallinn which was quite beautiful. There were a lot of cobblestone streets and well maintained old buildings with plenty of shops and restaurants.

Street in Tallinn

One of the things I like to do when visiting a new city is to play Ingress. I know that sounds weird, but one part of the game involves completing “missions” which require you to walk around. These missions are often created by locals and it can give you a great overview of a new place. Tallinn was no exception.

Tallinn was only a degree or more warmer than Helsinki, but it made quite a difference. I had issues walking around Helsinki because in places the slush had refrozen into ice and it made walking a little slippery. The streets in Tallinn were mainly dry and I could move around a lot faster.

There is a great mixture of old and new,

Tallinn Grafitti

and I saw a lot of construction. I’m not sure but I think this was the demolition of a Soviet-era housing block to make way for a more modern building.

Tallinn Building Demolition

It also had a lot in common with other European cities, such as this huge flower market I came across:

Tallinn Flowers

I think if I lived here I’d stop by every day and buy some fresh flowers for home.

While I practiced a number of Estonian words (When I came into the hotel and said “Tervist” one person mistook me for the mailman and came out of the back office, so I must have nailed the accent), everyone seemed more than happy to talk to me in English, and I didn’t meet a single rude person the entire stay.

Which, alas, wasn’t long. I was only in Tallinn on my way to Riga, so the next morning I got up and made my way to the Central Coach Station to grab my LUX Express bus to Riga.

LUX Express Bus

The five hour journey was made in comfort. I was in the back section which consisted of just one seat complete with “seat back entertainment”. I thought about watching some movies (they were pretty much the same selection as the ones on the plane over here) but I decided I’d rather watch the countryside go by and to doze a little.

Inside LUX Express Bus

It was snowing lightly and as soon as we got away from the coast there were several inches of snow on the ground. It looked very peaceful. When we crossed the Pärnu River it was completely frozen, and off in the distance I could see people skating on the ice. I’d heard of frozen rivers before but this was the first time I’d seen one.

When I arrived in Riga the first thing I noticed was the cold. Riga is a few degrees colder than either Helsinki or Tallinn, and I was happy I brought my winter coat that I bought in Sweden a couple of years ago. I am eagerly awaiting the conference which is the reason I am here, and to see some friends again and make a few new ones.

by Tarus at February 02, 2017 05:24 AM

January 31, 2017

Online Training OpenNMS 101

While our documentation is constantly improving, it is easier for newcomers to follow someone who explains ideas and concepts of OpenNMS. Tarus Balog started a great video tutorial session which gives everything you need to get started with OpenNMS. The online training is divided into several modu...

January 31, 2017 03:55 PM

2017 Europe: Three SIM card

Just a short post to praise the Three SIM card I bought in the UK several years ago.

I tend to buy unlocked phones and so when I travel I like to get a local SIM card, mainly for data. For this trip this was going to prove difficult, as I’m visiting five countries in nine days.

One thing I like about my Three SIM is that it never gets disabled. As long as I have a balance I have never had a problem, although I do travel enough that I end up using it at least once every six months or so. I am not able to top up the card on the Three website since I don’t have a UK credit card, so I simply use Mobiletopup.co.uk to get a £20 voucher from Paypal. Using that I just buy an “All in One 20” add-on which gives me 12GB of network access, 300 minutes and 3000 SMS messages – way more than I need. I turn that on before I leave the US and my phone works when I land.

What’s wonderful about it is that the plan is valid in any EU country. So far this trip I’ve used it in London, Helsinki and Tallinn, and I expect it to work in Riga and Brussels. I have yet to experience any network issues, although I have not moved far outside of major metropolitan areas.

I have no idea if Brexit will change this plan, but I sincerely hope not. So much of the technology I use in my life comes with headaches that I am grateful when things just work. Thanks Three.

by Tarus at January 31, 2017 02:25 PM

2017 Europe: Helsinki

I am spending a week touring the eastern side of Europe, with the first stop being two nights in Helsinki. I should end up in Brussels next weekend for FOSDEM, and I am looking forward to my first time at that conference.

I’m here because I was invited to speak at an open tech conference in Riga, Latvia, and I couldn’t resist the invitation. Riga is home to Zabbix, a company very much like OpenNMS in that we both do network monitoring and we are both 100% open source. One might think this would make us enemies – quite the contrary. For some reason we really get along and also, for some reason, we rarely compete.

In trying to find a route from North Carolina to Latvia, I noticed a number of choices went through Helsinki. I had been to Helsinki once and really enjoyed it (despite it being winter). I also remembered from that trip that Finland is very close to both Russia and Estonia. You can be in St. Petersburg in three hours by train or Tallinn in two hours by ferry.

It was my goal to visit 50 countries by the time I turned 50 years old. I didn’t make that goal (I got to 37), but I figured I could use this trip to both visit Estonia and Latvia, adding two to the list.

My first flight out of RDU was canceled, so they routed me through JFK. I arrived in Helsinki three hours later than planned, but my bag made it with me so it worked out. It was dark and sleeting, but it wasn’t too difficult to take the new train into the city center and find my hotel.

HSL Train Helsinki Airport

I always like coming to Finland because it was the home of Linus Torvalds. Now I know he has lived in the US for many years and I also know he didn’t invent the idea of free software, but I still feel some sort of homecoming when I arrive since I doubt OpenNMS would be here if it weren’t for Linus.

There is an awesome company in Helsinki that is also an OpenNMS customer, so I was able to spend Monday visiting with them. Due to an NDA I can’t name them, but they are doing some amazing work in this part of the world. I got to learn more about their business as well as to share where we are going with OpenNMS.

Like many of our larger clients, they have an inventory system that they have integrated with OpenNMS in order to manage their monitoring needs. Since that system also contains customer relationships (which equipment is used to provide network services for particular clients of theirs) we played around with the Business Service Monitor (BSM). They should be able to export their network information into OpenNMS to create a customer impact topology, so that when there is an issue they can quickly determine the root cause. It is exactly why we created the feature and I’m eager to see how they use it.

They are also interested in using the Minion feature due in Horizon 19. This should allow them to easily deal with overlapping address space and any scalability concerns, plus they should be able to get rid of their current “manager of managers” solution. Exciting times.

They are looking to hire, so if you are in the area and have OpenNMS experience, send me your CV and I’ll be happy to forward it on to them.

Ulf and Hacienda Napoles at Liberty or Death

That evening, Ulf and I managed to indulge our taste for vintage and craft cocktails with a visit to Liberty or Death. This is a bar near my hotel that serves amazing cocktails in a very relaxed atmosphere. It was a nice ending to a very good day.

Ferry Terminal Statue

The next day will find me on a ferry boat to Tallinn. I don’t know of any OpenNMS users in Estonia, but I am still eager to see the city.

by Tarus at January 31, 2017 08:30 AM

January 30, 2017

This Week in OpenNMS: January 30th, 2017

In the last week we worked on documentation, internals, testing, minion, web UI, and bug fixes.

Github Project Updates

  • Documentation

    Ronny worked on using AsciiBinder for nicer documentation rendering.

  • Internals and Testing

    Jesse refactored a bunch of data collection code. Seth cl...

January 30, 2017 04:18 PM

January 23, 2017

“OpenNMS WHO” at OSMC 2016

There is a really cool monitoring conference held each year in Germany. Called the “Open Source Monitoring Conference” (OSMC) it is put on by Netways, one of the maintainers of the Icinga project, but they welcome other projects such as OpenNMS and Zabbix.

It is a lot of fun, and usually Jeff and I fight over who gets to go. This year David won (he was in Germany for other reasons) and they now have his talk available for viewing:

It’s an overview of what we have been up to and where we are going with the Project. Check it out.

Speaking of conferences and travel, next week I plan to be in Helsinki, Tallinn, Riga and Brussels. I’ll be in Riga for the Open Tech conference and hope to spent some time with my Zabbix friends, and I’ll be in Brussels for FOSDEM where OpenNMS will have a booth. It’s my first time at either conference, and if you happen to be in the area drop me a note and perhaps we can meet up.

by Tarus at January 23, 2017 08:52 PM

This Week in OpenNMS: January 23rd, 2017

In the last week we worked on internals, testing, the web UI, and bug fixes.

Github Project Updates

  • Internals and Testing

    Dustin cleaned up a couple of strategy tests. I worked on improving the very flappy BSM smoke tests. Markus fixed a performance problem in looking up a large number o...

January 23, 2017 04:18 PM

January 20, 2017

OpenNMS 101

One of my favorite things to do is to teach people about OpenNMS. I am one of the main trainers, and I usually run the courses we hold here at OpenNMS HQ. I often teach these classes on-site as well (if you have three or more people who want to attend, it can be cheaper to bring someone like me in for a week than to send them here), and the feedback I got from a recent course at a defense contractor was “that was the best class I’ve ever attended, except for the ones I got to blow stuff up.”.

Unfortunately, a lot of people can’t spare a week away from the office nor do they have the training or travel budget to come to our classes. And teaching them can be draining. While I can easily talk about OpenNMS for hours on end, it is much harder to do for days on end.

To help with that I’ve decided to record the lessons in a series of videos. I am not a video editing wizard, but I’ve found a setup using OBS that works well for me and I do post production with OpenShot.

The first class is called “OpenNMS 101” and we set it up as a video playlist on Youtube. The lessons are built on one another so beginners will want to start with Module 0, the Introduction, although you can choose a particular single episode if you need a refresher on that part of OpenNMS.

My goal is to put up two or three videos a week until the course material is exhausted. That will not begin to cover all aspects of OpenNMS, so the roadmap includes a follow up course called “OpenNMS 102” which will consist of standalone episodes focused on a particular aspect of the platform. Finally, I have an idea for an “OpenNMS 201” to cover advanced features, such as the Drools integration.

I’ve kept the videos as informal as the training – when I make a mistake I tend to own it and explain how to fix it. It also appears that I use “ummmmmmm” a lot as a place holder, although I’m working to overcome that. I just posted the first part of “Module 4: Notifications” and I apologize for the long running time and the next lessons will be shorter. I had to redo this one (the longest, of course) as during the first take I forgot to turn on the microphone (sigh).

We have also posted the slides, videos and supporting configuration files on the OpenNMS project website.

I’d appreciate any feedback since the goal is to improve the adoption of OpenNMS by making it easier to learn. Any typos in the slides will be fixed on the website but I am not sure I’ll be able to redo any of the videos any time soon. I think it is more important to get these out than to get them perfect.

Perfection is the enemy of done.

by Tarus at January 20, 2017 08:35 PM

January 19, 2017

OpenNMS Is Once Again on FLOSS Weekly

Way back in 2006 I was invited to be on one of the first FLOSS Weekly shows. That was when it was hosted by Chris Dibona and Leo Laporte. Now it is run by the very capable Randal Swartz, and I was excited to be invited back, ten years later. It was also fun to meet Jonathan Bennett, his co-host, for the first time.

Jeff Gehlbach joined me to chat about OpenNMS and all things FLOSS, and I even thought he got a word or two in edgewise. Like FLOSS Weekly, I think our major achievement is that we are still here and still going strong (grin). The only complaint I could have is that this was episode 418 and I was originally on episode 15 so it would have been cooler to be on three shows ago to make it an even 400, but I’m OCD like that.

FLOSS Weekly

One thing I love about free (libre) and open source software is that it is self-selecting. People choose to use it, and thus there tend to be certain things we all hold in common that makes meeting others involved in FLOSS like immediately making a new friend. Chatting with Randal and Jonathan was more like catching up with old friends, although I’d never talked with them before. I look forward to this as the beginning of a beautiful friendship.

Anyone who has had the misfortune of listening to me drone on about OpenNMS in the past will here a number of “bingo” stories in this show, but we do touch on some new ideas and I think it went really well. Please check it out and let me know what you think.

by Tarus at January 19, 2017 04:52 PM

Strong Encryption and Death

I try to use strong encryption wherever I can. While I doubt it will keep my thoughts from prying eyes forever, at least it should make peeking a little harder.

But it dawned on me: what happens when I die? I want to let my business partners see what is on my encrypted desktop and I know my wife will need access to the files on my systems at home. I could share them with her now, but my passphrases are complex and she isn’t very familiar with the operating systems I use.

Now I’m not planning on dying any time soon, in fact I want to live until I am at least 95 and a half. Why that age? Because that is when Halley’s Comet will return. I saw the comet when I was living in California in 1986 and I could care less about seeing it again, but I do want to be the old guy they interview:

“Back in ’86, now that’s 1986 for you young folks, I was livin’ in Los Angeles. The comet was too dim to see in the city, so we drove out to Joshua Tree …”

Halley's Comet 1986

So, how do I safely pass on my important passphrases? This is the solution I chose.

I created a file called “deathnote.txt” which I then encrypted using GPG:

gpg --encrypt --recipient tarus@opennms.com \
    --recipient alice@example.com \
    --recipient bob@example.com deathnote.txt

This will encrypt the file so that both Bob and Alice can read it (and I can too). I then sent it to several friends unrelated to them with instructions that, upon my death (but not before), please send this file to Bob and Alice. I also remembered to include a copy of my GPG private key:

gpg --export-secret-keys -a tarus@opennms.com

Just in case they can’t find it on my systems.

This does require a certain level of trust in my friends, but I am blessed with having several I can count on. As long as I remember to keep it updated this should provide a secure way to pass on this important information, although I hope no one has to use it any time soon.

by Tarus at January 19, 2017 04:01 PM

January 18, 2017

Review: Copperhead OS

A few weeks ago I found an article in my news feed about a Tor phone, and it introduced me to Copperhead OS. This is an extremely hardened version of the Android Open Source Project (AOSP) designed for both security and privacy. It has become my default mobile OS so I thought I’d write about my experiences with it.

TL;DR: Copperhead OS is not for everyone. Due to its focus on security is it not easy to install any software that relies on Google Services, which is quite a bit. But if you are concerned with security and privacy, it offers a very stable and up to date operating system. The downside is that I am not able to totally divorce myself from Google, so I’ve taken to carrying two phones: one with Copperhead and one with stock Android for my “Googly” things. What we really need is a way to run a hypervisor on mobile device hardware. That way I could put all of my personal stuff on a Copperhead and the stuff I want to share with Google in a VM.

I pride myself to the point of being somewhat smug about the fact that I use free software for most of my technology needs, or so I thought. My desktops, laptop, servers, router, DVR and even my weather station all use free and open source software, and I run OmniROM (an AOSP implementation) on my phone. I also “sandbox” my Google stuff – I only use Chrome for accessing Google web apps and I keep everything else separate (no sharing of my contacts and calendar, for example). So, I was unpleasantly surprised at how much I relied on proprietary software for my handy (short for “hand terminal” or what most people call a “mobile phone”, but I rarely use the “phone” features of it so it seems like a misnomer).

But first a little back story. I was sitting on the toilet playing on my mobile device (“playing on my handy” seemed a little rude here) when I came across a page that showed me all of the stuff Google was tracking about my mobile usage. It was a lot, and let’s just say any bathroom issues I was having were promptly solved. They were tracking every call and text I made, which apps I opened, as well as my location. I knew about the last one since I do play games like Ingress and Pokémon Go that track you, but the others surprised me. I was able to turn those off (supposedly) but it was still a bit shocking.

Of course, I had “opted in” to all of that when I signed in to my handy for the first time. When you allow Google to backup your device data, you allow them to record your passwords and call history.

Google Backup Terms

If you opt in to help “improve your Android experience”, you allow them to track your app usage.

Google App Terms

And most importantly, by using your Google account you allow them to install software automatically (i.e. without your explicit permission).

Google Upgrade Terms

Note that this was on a phone running OmniROM, and not stock Google, but it still looks like you have to give Google a lot of control over your handy if you want to use a Google account.

Copperhead OS is extremely focused on security, which implies the ability to audit as much software on the device as possible, as well as to control when and what gets updated. This lead them to remove Google Play Services from the ROM entirely. Instead, they set up F-Droid as the trusted repository. All the software in F-Droid is open source, and in fact all of the binaries are built by the F-Droid team and not the developer. Now, of course, someone on that team could be compromised and put malicious software into the repo, but you’ve got to trust somebody or you will spend your entire life doing code reviews and compiling.

Copperhead only runs on a small subset of devices: the Nexus 6P, the Nexus 5X and the Nexus 9 WiFi edition. This is because they support secure boot which prevents malicious code from modifying the operating system. Now, I happened to have a 6P, so I figured I would try it out.

The first hurdle was understanding their terminology. On the download page they refer to a “factory” image, which I initially took to mean the original stock image from Google. What they mean is an image that you can use for a base install. If you flash your handy as often as I do, you have probably come across the process for restoring it to stock. You install the Android SDK and then download a “factory” image from Google. You then expand it (after checking the hash, of course) and run a “flash-all” script. This will replace all the data on your device, including a custom recovery like TWRP, and you’ll be ready to run Copperhead. Note that I left off some steps such as unlocking and then re-locking the bootloader, but their instructions are easy to follow.

The first thing you notice is that there isn’t the usual “set up your Google account” steps, because, of course, you can’t use your Google account on Copperhead. Outside of missing Google Apps, the device has a very stock Android feel, including the immovable search bar and the default desktop background.

This is when reality began to set in as I started to realize exactly how much proprietary software I used to make my handy useful.

The first app I needed to install was the Nova Launcher. This is a great Launcher replacement that gives you a tremendous amount of control over the desktop. I looked around F-Droid for replacement launchers, and they either didn’t do what I wanted them to do, or they haven’t been updated in a couple of years.

Then it dawned on me – why don’t I just copy over the apk?

When you install a package from Google Play, it usually gets copied into the /data/apps directory. Using the adb shell and the adb pull commands from the SDK, I was able to grab the Nova Launcher software off of my Nexus 6 (which was running OmniROM) and copy it over to the 6P. Using the very awesome Amaze file explorer, you just navigate to the apk and open it. Now, of course, since this file didn’t come from a trusted repository you have to go under Security and turn off the “trusted sources” option (and be sure to turn it back on when you are done). I was very happy to see that it runs just fine without Google Services, and I was able to get rid of the search bar and make other tweaks.

Then I focused on installing the open source apps I do use, such as K-9 Mail and Wikipedia, both of which exist in F-Droid. I had been using the MX Player app for watching videos, pretty much out of habit, but it was easy to replace with the VLC app from F-Droid.

I really like the Poweramp music player, with the exception that it periodically checks in with the Play store to make sure your license is valid. Unfortunately, this has happened to me twice when I was in an airplane over the ocean, and the lack of network access meant I couldn’t listen to music. I was eager to replace it, but the default Music app that ships with Copperhead is kind of lame. It does a good job playing music, but the interface is hard to navigate. The “black on gray” color scheme is very hard to read.

Default Music Player Screenshot

So I replaced it with the entirely capable Timber app from F-Droid.

Timber Music Player Screenshot

Another thing I needed to replace was Feedly. I’m old, so I still get most of my news directly from websites via RSS feeds and not social media. I used to use Google Reader, and when that went away I switched to Feedly. It worked fine, but I bristled at the fact that it tracked my reading habits. Next to each article would be a number representing the number of people who clicked on it to read it, so at a minimum they were tracking that. I investigated a couple of open source replacements when I was pleasantly surprised to discover that Nextcloud has a built in News service. We have had a really good experience with Nextcloud over the last couple of months, and it was pretty easy to add the news service to our instance. Using OPML I was able to export my numerous feeds from Feedly into Nextcloud, and that was probably the easiest part of this transition. On the handy I used an F-Droid app called OCReader which works well.

There were still some things I was missing. For example, when I travel overseas I keep in touch with my bride using Skype (which is way cheaper than using the phone) so I wanted to have Skype on this device. It turns out that it is in the Amazon App Store, so I installed that and was able to get things like Skype and the eBay and IMDB apps (as well as Bridge Baron, which I like a lot). Note that you still have to allow unknown sources since the Amazon repository is not trusted, and remember to set it back when you are done.

This still left a handful of apps I wanted, and based on my success with the Nova Launcher I just tried to install them from apks. Surprisingly, most of them worked, although a couple would complain about Google Services being missing. I think background notifications is the main reason they use Google Services, so if you can live without that you can get by just fine.

One app that wouldn’t work was Signal, which was very surprising since they seem to be focused on privacy and security. Instead, the default messenger is an app called Silence, which is a Signal fork. It works well, but it isn’t in the Play store (at least in the US due to a silly trademark issue that hasn’t been fixed) and no one I know uses it so it kind of defeats the purpose of secure messaging. Luckily, I discovered that the Copperhead gang has published their own fork called Noise, which removes the Googly bits but still works with the rest of the Signal infrastructure, so I have been using it as my default client with no issues. Note that it is in the F-Droid app but doesn’t show up on the F-Droid website for some reason.

For other apps such as Google+ and Yelp, I rediscovered the world wide web. Yes, browsers still work, and the web pages for these sites are pretty close to matching the functionality of the native app.

There are still some things for which there is no open source replacement: Google Maps, for example. Yes, I know, by using Google Maps I am sharing my location with Google, but the traffic data is just so good that it has saved literally hours of my life by directing me around accidents and other traffic jams. OpenStreetMap is okay and works great offline, but it doesn’t know where the OpenNMS office is located (I need to fix that) and without traffic it is a lot less useful. There is also the fact that I do like to play games like Ingress and Pokémon Go, and I have some movies and other content on Google servers.

I also lost Android Wear. I really enjoy my LG Urbane but it won’t work without Google Services. I have been playing with AsteroidOS which shows a lot of promise, but it isn’t quite there yet.

Note that Compass by OpenNMS is not yet available in F-Droid. We use Apache Cordova to build it and that is not (yet) supported by the F-Droid team. We do post the apks on Github.

To deal with my desire for privacy and my desire to use some Google software, I decided to carry two phones.

On the Nexus 6P I run Copperhead and it has all of my personal stuff on it: calendar, contacts, e-mail, etc. On the Nexus 6 I am running stock Google with all my Googly bits, including maps. I still lock down what I share with Google, but I feel a lot more confident that I won’t accidentally sync the rest of my life with them.

It sucks carrying two phones. With the processors and memory in modern devices I’m surprised that no one has come up with a hypervisor technology that would let me run Copperhead as my base OS and stock Google in a VM. Well, not really surprised since there isn’t a commercial motivation for it. Apple doesn’t have a reason to let other software on its products, and Google would be shooting itself in the foot since its business model involves collecting data on everything. I do think it will happen, however. The use case involves corporations, especially those involved in privacy sensitive fields such as health care. Wouldn’t it be cool to have a locked down “business” VM that is separate from a “personal” VM with your Facebook, games and private stuff on it.

As for the Copperhead experience itself, it is pretty solid. I had a couple of issues where DNS would stop working, but those seem to have been resolved, and lately it has been rock solid except for one instance when I lost cellular data. I tried reseting the APN but that didn’t help, but after a reboot it started working again. Odd. Overall is it probably the most stable ROM I’ve run, but part of that could be due to how vanilla it is.

Copperhead is mainly concerned with security and not extending the Android experience. For example, one feature I love about the OmniROM version of the Alarm app is the ability to set an action on “shake”. For example, I set it to “shake to dismiss” so when my alarm goes off I can just reach over, shake the phone, and go back to bed. That is missing from the stock ROM (but included in AOSP) and thus it is missing from Copperhead. The upside is that Copperhead is extremely fast with updates, especially security updates.

The biggest shortcoming is the keyboard. I’ve grown used to “gesture” typing using the Google keyboard, but that is missing from the AOSP keyboard and no free third party keyboards have it either. I asked the Copperhead guys about it and got this reply:

If the open-source community makes a better keyboard than AOSP Keyboard, we’ll switch to it. Right now it’s still the best option. There’s no choice available with gesture typing, let alone parity with the usability of the built-in keyboard. Copperhead isn’t going to be developing a keyboard. It’s totally out of scope for the project.

So, not a show stopper, but if anyone is looking to make a name for themselves in the AOSP world, a new keyboard would be welcome.

To further increase security, there is a suggestion to create a strong two-factor authentication mechanism. The 6P has a fingerprint sensor, but I don’t use it because I don’t believe that your fingerprint is a good way to secure your device (it is pretty easy to coerce you to unlock your handy if all someone has to do is hold you down and force your finger on to a sensor). However, having a fingerprint and a PIN would be really secure, as the best security is combining something you have (a fingerprint) with something you know (a PIN).

So here was my desktop on OmniROM:

Old Phone Desktop

and here is my current desktop:

New Phone Desktop

Not much different, and while I’ve given up a few things I’ve also discovered OCReader and Nextcloud News, plus the Amaze file manager.

But the biggest thing I’ve gained is peace of mind. I want to point out that it is possible to run other ROMs, such as OmniROM, without Google Services, but they aren’t quite as focused on security as Copperhead. Many thanks to the Copperhead team for doing this, and if you don’t want to go through all the work I did, you can buy a supported device directly from them.

by Tarus at January 18, 2017 09:40 PM

January 17, 2017

This Week in OpenNMS: January 17th, 2017

In the last week we worked on internals, testing, the Minion, the web UI, and bug fixes.

Github Project Updates

  • Internals and Testing

    Jesse's work on making datacollection attribute names more flexible was merged. Markus's change to make Karaf log to ${OPENNMS_HOME}/logs was merged. Je...

January 17, 2017 04:18 PM

January 10, 2017

OpenNMS Docker Image

Deploying and running OpenNMS and Minions in infrastructures using containers might be interesting to some users. For this reason, I've started to use Docker infrastructure to provide a ready-to-run entrypoint to build your OpenNMS container based infrastructure. You can find more information in t...

January 10, 2017 02:55 PM

January 09, 2017

This Week in OpenNMS: January 9th, 2017

In the last couple of weeks we worked on internals, testing, the Minion, and bug fixes. We also released OpenNMS Horizon 18.0.3, OpenNMS Meridian 2016.1.4, and OpenNMS Meridian 2015.1.4.

Github Project Updates

  • Internals and Testing

    Seth continued his work on handling full event queues mor...

January 09, 2017 09:22 PM

January 06, 2017

Monitoring Certificates with OpenNMS

Awhile ago I posted about how easy it was to implement SSL certificates using Let’s Encrypt.

The main issue that people encounter is that the certificates do expire, and while you can set up a cron job to automatically update them, sometimes it doesn’t work. This is why I like to use OpenNMS to check the expiration date of all the certificates I use on the network.

The documentation for the SSLCertMonitor is pretty detailed, and it can be used for almost any cert, not just the one for HTTPS. The example shows configuration for SMTPS and IMAPS as well.

SSLCertMonitor Example

What it doesn’t show is how to discover these services. You could, of course, just provision them directly via a requisition, but I’m lazy so I set up the TCP detector to look for those services on their well known ports.

SSLCertMonitor Detectors

This may result in a false positive if, for some reason, the port was in use by another application, but in practice I haven’t seen it yet.

So now I can rest assured that all my important SSL-based services have valid certificates and there shouldn’t be any interruption in service due to one expiring.

SSLCertMonitor Services Displayed

by Tarus at January 06, 2017 05:47 PM

January 05, 2017

OpenNMS Horizon 18.0.3

OpenNMS 18.0.3 (code name: Dugong) is now available.

This release has been a long time coming, with tons of bug fixes including a fix for a discovery/provisioning regression over Horizon 17.

Notable Changes

  • many improvements and fixes to SNMP graph definitions
  • a number of GUI tweaks and fi...

January 05, 2017 11:00 PM

January 03, 2017

This Week in OpenNMS: January 3rd, 2017

Hello again! We're back from our holiday break, so it's time for "These Weeks in OpenNMS." ;)

In the last couple of weeks we worked on internals, testing, performance, Minion, Enlinkd, and bug fixes.

Github Project Updates

  • Internals, Testing, and Performance

    Seth did more work on syslog...

January 03, 2017 09:22 PM

December 19, 2016

This Week in OpenNMS: December 19th, 2016

In the last week we worked on documentation, internals, testing, performance, minion, enlinkd, and bug fixes.

Github Project Updates

  • Documentation

    Ronny created advanced Minion configuration documentation.

  • Internals, Testing, and Performance

    Seth made a number of performance improv...

December 19, 2016 04:47 PM

December 12, 2016

This Week in OpenNMS: December 12th, 2016

In the last week we worked on documentation, various internals, Minion, topology maps, graphing, reporting, web UI, and bug fixes.

Github Project Updates

  • Documentation

    Cyrille added documentation for Collectd and the SNMP collector. Ronny added improved Minion install and troubleshooting...

December 12, 2016 04:47 PM

December 05, 2016

This Week in OpenNMS: December 5th, 2016

In the last week we worked on data collection, polling, traps, various internals, the Minion, ticketing, graphing, and bug fixes.

Github Project Updates

  • Data Collection, Polling, and Traps

    Jesse added code for handling related metric types and identifiers in collections. He also changed t...

December 05, 2016 04:47 PM

December 02, 2016

OpenNMS Training Dates Announced for February 2017

The next OpenNMS training course will be held the week of 27 February through March 3rd, 2017, at the OpenNMS headquarters in Pittsboro, NC, USA.

If you can’t make it to Mardi Gras, come join us in Pittsboro. It’s the next best thing!

by Tarus at December 02, 2016 07:18 PM

November 28, 2016

This Week in OpenNMS: November 28th, 2016

In the last week we worked on documentation and configuration, various internals, Minion, graphs and the web UI, and bug fixes.

Github Project Updates

  • Documentation and Configuration

    Jesse converted a number of datacollection configuration files from Castor to JAXB. Ronny and Seth updated...

November 28, 2016 04:47 PM

November 22, 2016

This Week in OpenNMS: November 22nd, 2016

In the last week we worked on documentation, various internals, Minion, maps, and bug fixes.

Github Project Updates

  • Documentation

    Cyrill worked on documenting eventd-configuration.xml, Ronny did more work on user/group documentation.

  • Internals, Events and Alarms

    Will (with some h...

November 22, 2016 03:31 PM

November 21, 2016

Network World Reviews OpenNMS

Today Network World published the results of a comparison among open source network monitoring applications. OpenNMS did not win but I was pretty happy with the article.

The main criticism I have is that the winner, Pandora FMS, seems to be the only one of the four reviewed that is more “open core” than “open source”. They have a large number of versions, each with different features, and you have to pay for those features based on the number of monitored devices. It seems to be difficult to have open source software that is limited in this fashion, as anyone should be able to easily remove that limit. Thus I have to assume that their revenue model is firmly based on selling software licenses, which is antithetical to open source. That said, it looks like the review was based on the “community” version of Pandora which does appear to be free software, just don’t expect any of the “enterprise” features to be available in that version any time soon.

I don’t know why I have such a visceral dislike of the “per managed node” pricing model, outside of having to deal with it back in the 1990s and 2000s. It seems like an unnecessary tax on your growth, “hey, customer, for every new device you add you have to pay for another monitoring license.” Plus, in these days of virtualization and microservices it seems silly. Our customers might spin up between 10 and 100 virtual servers as needed and tear them down just as quickly, and I can’t imagine the complexity that would get added to have to manage a license of each one of them.

Network World Comparison

Of the other applications reviewed, I’m not familiar with NetXMS but I do know Zabbix. They, like OpenNMS, are 100% open source and they are great people. It was awesome to finally meet Alexei Vladishev in person at this year’s All Things Open conference.

Alexei Vladishev and Tarus Balog

The only other thing that immediately pushed a button was the sentence “All four products were surprisingly good.” At first I took it to express surprise that free software could also be good, but then I calmed down a bit and figured they meant it was surprising that all four applications were strong.

For the article they installed OpenNMS on Windows. When I read that my heart just sank, because while it does run on Windows our support of that operating system grew out of a bet. We were talking many years ago about Java’s “write once, run anywhere” slogan and I mentioned that if that were true, why don’t we run on Windows? The team took up the challenge and it took two weeks to port. The first week was spent getting the few bits of code written in C to compile on Windows, and the second week on soft-coding the file separator character so that it would use a back-slash instead of a forward-slash. Even on Windows, the comments in the article were really positive, which make me think this whole Java thing isn’t such a bad idea after all (grin).

They used Windows because apparently was an issue with getting OpenNMS installed on CentOS 7, which was a surprise to me, but then Ronny pointed out that there can be some weird conflicts with Java and packages like LibreOffice that I don’t experience since I always do a minimal install. There is a cool installer for CentOS 7 which may help with that. We also maintain Docker images that make installation easy if you are used to that environment.

Fortunately, or unfortunately, not much has been done for OpenNMS on Windows since we got it working. It is fortunate because not much is required to keep OpenNMS running on Windows due to Java, but it is unfortunate because we really don’t have the Windows expertise that would be required to get it to run as a service, create an MSI installer, etc. Susan Perschke, the author of the article, seems to be a Windows-guru so I plan to reach out to her about improving the OpenNMS experience for Windows users.

One thing that is both common and valid is criticism of the web user interface. At the moment we spend most of our time focused on making OpenNMS even more scalable, and thus we don’t have the resources to make the user interface easier to use. That is changing, and most of the current effort goes into Compass™, the OpenNMS mobile app. The article didn’t mention it which means they probably didn’t try it out, which is more a failure on our part to market it versus an oversight on theirs.

They also didn’t talk directly about scalability, although it was listed in the comparison chart (see above). OpenNMS is designed to monitor tens of thousands to hundreds of thousands of devices with our goal to be virtually unlimited in order to address scale on the order of the Internet of Things. That is why we wrote Newts for storing performance data and are working on both the Minion and Underling to easily distribute OpenNMS functionality.

Another reason we haven’t spent much time on the user interface is that our larger customers tend not to use it much. They rely on the ReST interface to integrate their own systems with OpenNMS and on things like the Trouble Ticketing API for alerts. As the paradigm shifts from monitoring devices to monitoring services, we have made improvements to the user interface for such things as “Business Service Monitoring.

But still, it was nice to be included. We don’t do much direct marketing and even though typing “open source network monitoring” into Google returns OpenNMS as the first hit we are often overlooked. Let’s hope they revisit this in a year and we can impress them even more.

by Tarus at November 21, 2016 04:22 PM

November 18, 2016

Android Open Source Frustrations

I used to be a huge fan of Apple products, but as they started to lock down their ecosystem the limitations they created started to bother me, so I switched to running as much open source as possible.

It wasn’t, and isn’t always now, easy. One of the gripes I still have against Apple is that their commercial success has spawned a ton of imitators who have decided to lock down their products, quite often without the Apple savvy to back it up. Unfortunately, Google seems to be joining these ranks.

I’m a fan of Google, they do a lot to support open source, and I use a Nexus 6 as my primary “hand terminal” (handy). However, I run alternative software on it, namely OmniROM, which gives me more control over my experience and security.

I pretty much run open source software on all my technology with few exceptions, one being my Android Wear watch. I noticed that there was a new update to Android Wear (version 2.0) so I went to play with it. When I launched the app I got this screen:

Android Wear App Error

(sigh)

So I went off to search for a solution to the error message “This phone has been flashed with an unsupported configuration for companion. you must re-flash it as either signed/user or unsigned/userdebug”. I found a couple of answers that suggested I edit the build.prop file and change

ro.build.type=userdebug

to

ro.build.type=user

In order to do this, you have to have root access to your phone.

(sigh)

I do root my phone, but I haven’t done it in awhile because Google has introduced this thing called “SafetyNet“. The stated purpose is to prevent malware but in practice what it does is torpedo people like me who actually want to control the software on the devices they own. If you install a custom ROM or have root access, certain applications will not run.

Now I have to choose between running the Android Wear app or, say, Pokémon Go. I chose Android Wear (I pretty much finished Pokémon Go).

The process: Boot into recovery, install SuperSU, boot into system, use a file editor to edit /system/build.prop and change ro.build.type from “userdebug” to “user”, reboot.

Android Wear Mute

So Android Wear will start now, but to add to the frustration the one feature I hoped they would fix is still broken for me. It used to be that if my watch was actively paired with the phone, it would mute ringing and other audio notifications. It doesn’t (and none of the fixes I’ve found work for me) so now I just remember to decrease the volume on the phone down to “vibrate”.

Pokemon Go Blocks root

And, I verified that Pokémon Go will not start now – it hangs on the login screen and then reports an error. This is whether or not SuperSU is enabled, and I think I would have to remove it entirely to get it to work.

Now I know that I can install other apps that will hide the fact that my phone is rooted, but if I do that the terrorists win. I would just rather use apps that don’t force me to give up my rights.

Which brings me to the last frustration. I purchased a bunch of content from Google, but now I can’t access it on this phone. I get “couldn’t fetch license”. This started recently so I believe it has something to do with SafetyNet, but repeated calls to Google Play support yielded no answers.

Google License Error - Deadpool

I have a Google 6P that is stock and doesn’t suffer from the download issue, so it stands to reason that there is some “protection” in place that is preventing me from accessing the content I purchased. I solved the problem by not buying content from Google Play anymore.

I’m pretty certain that it is only going to get worse. Google used to be much better about such things but I think they want to emulate Apple in more ways than one (see the new Pixel phone if you don’t believe me) and that is a shame for all of us.

UPDATE: I found a better way to do this that doesn’t require root. Assuming you have a custom recovery like TWRP, you can simply boot into recovery and then connect the handy to a computer. Using “adb shell” you can then access the system directory and edit the build.prop file directly.

by Tarus at November 18, 2016 06:02 PM

November 14, 2016

This Week in OpenNMS: November 14th, 2016

In the last week we worked on documentation and configuration files, maps, Newts, various polling and provisioning internals, the web UI, ReST, and bug fixes.

Github Project Updates

  • Documentation and Configuration

    Ronny did documentation updates for Pollerd and poll-outages configuration f...

November 14, 2016 03:31 PM

November 10, 2016

2016 All Things Open

I made the decision to stop going to conferences for 2016, but I made an exception for All Things Open (ATO). Not only is it an amazing show, it’s also in my back yard, and the combination is not something I can pass up.

I love conferences. My favorite track is always the “hallway” track and I really enjoy spending time with people that I tend only to see these events. The problem is that I started to do the math.

In 2015, due to work travel, I was gone part or all of 26 weekends (I travel about 50% of the time, and often that means I head out on Sunday and back on Saturday). That leaves 26 weekends free. Of those, at least 10 are taken up with vacations, holidays, birthdays and other social engagements, leaving me just 16 or so weekends to myself. If I do 5 to 10 conferences, most of which are held over a weekend, I’m left with less than a weekend a month.

Plus, OpenNMS is going like gang-busters, so I really need to focus on that business. While I love open source conferences, we don’t get many customers out of them (one exception is the Ohio Linuxfest which seems to attract a large number of OpenNMS users) so it can be hard to justify the time (although they are a whole lot of fun).

Anyway, since ATO was the main show I was going to be involved with this year, we decided to host a party that first night. I also submitted some papers, and to my surprise two of them were accepted.

I headed out on Tuesday afternoon, as the wonderful team at opensource.com was hosting a gathering for contributors that night. That was a lot of fun and a number of us ended up at Foundation afterward. As a cocktail enthusiast I had always wanted to visit, but it is about an hour from my house I don’t want to drink and drive. Since I was staying downtown for the event, that issue went away and I had a great time.

The conference was held in the Raleigh Convention Center, and you could see the registration desk from my hotel room.

ATO - View from Marriott

Wednesday was start of the conference. ATO is organized by Todd Lewis, the nicest guy in open source, and he kicked off the keynotes.

ATO - Todd Lewis

Todd’s superpower is organization, and not only did the conference run smoothly, he got some great speakers. Jim Whitehurst, the CEO of Red Hat, did a talk on the social benefits of open source.

ATO - Jim Whitehurst

We also got a talk from Mark Hinkle, the VP of Marketing of the Linux Foundation. He was recruited at the last minute due to a cancellation, and I thought he did a good job especially considering his time to prepare (unlike normal, I actually had my presentations done at least a week before the conference).

ATO - Mark Hinkle

He started off with some “separated at birth” pictures between punk rockers and open source personalities, which reminded me of something that hit me when it was announced that the DB Cooper investigation was being closed.

ATO - DB Cooper and Jim Whitehurst

I think Jim was about four years old when DB Cooper hijacked that plane, but the similarity is striking.

Another keynote speaker was Jono Bacon.

ATO - Jono Bacon

Always (well, usually) interesting, I love how he has been working the relatively new field of behavioral economics into his talks of late. It is the study of how human psychology can impact economic decision-making and I think it has a lot of relevance in a field where businesses often tout the word “free”. By understanding how we behave we can better align our communities to meet the needs and desires of their participants.

After the keynotes were the individual sessions. I had two back-to back.

ATO - Tarus Balog

Thanks to Ben for the picture, which captures me in my full “Fred Flintstone” glory. Click on the pic below if you want to see the slides, and I did a interview for DZone on my talks. I did embed some video which won’t show up on the PDF, though.

My first talk was on the challenges facing us with the Internet of Things, especially when it comes to monitoring.

ATO - Silos Presentation

It was lightly attended but everyone who came seemed to get a lot out of it.

Right after that I did a new, updated version of my open source business talk.

ATO - Business Presentation

That one was standing room only, and I was really pleased with the feedback. One guy was telling me that he has seen a number of presentations about running an open source business but mine was the only one with concrete examples. I’m glad folks liked it.

Once my talks were done it was time for lunch and I was pretty much done with my obligations. The main one left was to help prepare for the OpenNMS Group sponsored concert at King’s Raleigh. We had hired MC Frontalot and his band to play a show in Portland, Oregon for OSCON, and the Doubleclicks opened. It was so much fun we decided it would be cool to bring it closer to home.

ATO - Doubleclicks

If you haven’t heard of the Doubleclicks you should check out their music. Even if you have, you might want to familiarize yourself with their catalog, especially if, like I did, you think it would be funny to shout out “Freebird!” in the middle of their show (ouch).

ATO - Mc Frontalot

The MC Frontalot set was really tight as well. I love working for professionals. We when got there and there was no keyboard and half the drum kit was missing, I was a mess. They calmly got it all sorted and then really kicked it during the show. They premiered “Freedom Feud” – a song we commissioned about free software. Front is still working on the final master and we have a video in production, so look for it to be posted soon, and thanks to Ben for the concert pics.

Even though I didn’t get to bed until about 04:30 (we eventually ended up in the hotel listening to some tracks Front is writing for the next album that’s all about the Internets) I was back up at 08:00 for Day Two of ATO. With my responsibilities out of the way it was nice to listen to the talks and visit with all the cool people in attendance.

Many thanks to everyone who came to my talks, to Todd and Company for a great show, and to OpenNMS for hosting a party for all my friends. See you next year.

by Tarus at November 10, 2016 07:17 PM

November 07, 2016

This Week in OpenNMS: November 7th, 2016

In the last week we worked on maps, various internal fixes and polling, the web UI, ReST, and bug fixes.

Github Project Updates

  • Maps

    Markus did more work cleaning up history and session handling in the topology UI.

  • Internals and Polling

    I did some cleanup of jar-signing for JNLP du...

November 07, 2016 03:31 PM

October 31, 2016

Move to Let’s Encrypt – it’s soooo easy!

This weekend I wanted to play around with setting up Nextcloud on my home network (we already use it at work and it is awesome). Since I am planning on putting personal information into that app, I wanted to make sure that access to it was encrypted end-to-end.

This meant setting up SSL on my home web server. Now, it used to be that you either had to use a self-signed certificate (which could cause problems) or you had to spend a bunch of money on a certificate from a recognized Certificate Authority (CA).

Enter Let’s Encrypt. Launched in April of this year, Let’s Encrypt provides free certificates that are recognized by most of the things you need to recognize them.

I had been putting it off since dealing with certs is, quite frankly, a pain. You have to fill out a request, send it to the CA, get back a key file, install it in the write place, etc. Even with a free one I didn’t have time for the hassle.

I shouldn’t have worried – with Certbot it is dead simple. Seriously.

Certbot Screen

I went to their site (as directed from the Let’s Encrypt site) and just followed the instructions. I downloaded a script which downloaded all the required dependencies via apt, answered a few questions, and, bam, I had a functioning web server running SSL. They even prompted me if I wanted all requests to port 80 (http) to be redirected to port 443 (https) and when I said “yes” it did it for me.

The whole process took a couple of minutes.

Amazing stuff. The certificates are only good for 90 days, but they even include an automated way to update them.

Certbot Certificate Renewal

As more and more of our personal information becomes digitized, it is extremely important to use strong encryption. In the past this could be inconvenient if not outright difficult, but you really don’t have an excuse with Let’s Encrypt. Use it.

by Tarus at October 31, 2016 04:07 PM

This Week in OpenNMS: October 31st, 2016

In the last week we worked on maps, various internal fixes, ReST, the Minion, and bug fixes.

Github Project Updates

  • Maps

    Markus made it possible to persist topology map layouts to the database so they can be modified.

  • Internals

    Jesse did some more work on upgrading to Jetty 9.4. D...

October 31, 2016 03:26 PM

October 24, 2016

This Week in OpenNMS: October 24th, 2016

In the last week we worked on maps, various internals, Minion, and bug fixes.

Github Project Updates

  • Maps

    Markus fixed a singleton/scope bug, as well as doing more work on breadcrumbs/history in the topology maps.

  • Internals

    Jesse converted more configuration file parsing from the o...

October 24, 2016 03:26 PM

October 17, 2016

This Week in OpenNMS: October 17th, 2016

In the last week we worked on data collection, Minion, maps, users and groups, and bug fixes.

Github Project Updates

  • Data Collection

    Chandra added logging for JMX task completion.

  • Minion

    I worked more on Minion packaging and making the Minion packages run as a normal user on non-pr...

October 17, 2016 03:26 PM

October 10, 2016

This Week in OpenNMS: October 10th, 2016

In the last week we worked on data collection, Minion, maps, users and groups, and bug fixes.

Github Project Updates

  • Data Collection

    Alejandro fixed an issue in SNMP counter wrap causing spikes in graphs. Ronny added collection configuration for Elasticsearch stats (using the XmlCollector...

October 10, 2016 03:26 PM

October 03, 2016

This Week in OpenNMS: October 3rd, 2016

In the last week we worked on ActiveMQ, Minion, and bug fixes.

Github Project Updates

  • ActiveMQ

    Jesse worked on making our ActiveMQ instance able to authenticate using our JAAS realm.

  • Minion

    Deepak and Seth's work on cleaning up trap serialization was merged to develop. I worked on...

October 03, 2016 03:26 PM