My digital drawing & painting program of choice these days is the open source software, Krita. It’s got great brush engines, works fantastically with my Wacom tablet under Linux (my primary criteria), and they also recently launched a well supported Windows version.
They recently started a Kickstarter campaign to fund some full-time developers who’ve already made significant contributions to the project.
If you haven’t seen it before, check out: http://www.krita.org/
If you’re interested in supporting its development: https://www.kickstarter.com/projects/krita/krita-open-source-digital-painting-accelerate-deve/
— by Robert Thomson, created 15th Jun, 2014, last modified 16th Jun, 2014 | Tags: Tech, World
Assuming you have your bridge configured as br0, and are are running a webserver on port 9880 (either unbound or bound the primary IP of the bridge ‘br0’), the following should allow a KVM VM, LXC container, etc. to connect to http://169.254.169.254/ just like they can in Amazon EC2. This has to be run on the server hosting the VMs, of course.
# sysctl net.bridge.bridge-nf-call-iptables=1
# sysctl net.bridge.bridge-nf-call-arptables=1
# ip addr add 169.254.169.254/32 dev br0
# iptables -t nat -A PREROUTING -d 169.254.169.254 -p tcp --dport 80 -j REDIRECT --to-port 9880
or using DNAT:
# ip addr add 169.254.169.254/32 dev lo
# iptables -t nat -A PREROUTING -j DNAT -d 169.254.169.254 -p tcp --dport 80 --to 169.254.169.254:9880
Your webserver should probably ensure that the request is coming from the IP of one of the VMs currently running on the server itself.
— by Robert Thomson, created 14th Feb, 2014, last modified 14th Feb, 2014 | Tags: Tech
I love software that "just works", and packer.io is one of them. It builds disk images in various image formats and for various cloud providers.
With a small JSON configuration file, a kickstart file, and a set of provisioning scripts, I can have a QEMU image automatically built from the install CD and customised as I wish.
With a different config file, I can have the same thing for EC2 images.
And because it's JSON, I can dynamically generate custom configuration files quickly and easily.
There seems to be a positive trend of self-contained, single-purpose and well designed software coming from the Golang camp. Keep at it! :-)
— by Robert Thomson, created 9th Jan, 2014, last modified 9th Jan, 2014 | Tags: Tech
Following up from my post about Ansible, I decided to look into SaltStack.
SaltStack looks like one of the more promising tools to appear recently on the system management landscape.
It's primary features are:
- Remote method invocation with result caching (supporting asynchronous jobs)
- "Broadcast" command execution (pub/sub with ZeroMQ) with filters
- Secure data/config-snippet distribution
- State Management ala Puppet/Chef
This is an impressive set of features for a single solution, but there are some areas of concern:
- It's still under heavy development and some breakages in the latest (0.17) release suggest that their testing isn't yet up to par.
- Some non-core components lack documentation and tests (eg. halite, a web frontend)
- Architectural documentation is severely lacking. Before I deploy this in a production environment, I want to know exactly what it's doing and what the implications of my decisions are. A few pretty diagrams aren't a substitute for real docs.
- As a new open source product, support is lacking. Simple questions get answered on IRC, but hard ones get blank stares.
- The primary developer seems to be a bottleneck and a risk - many questions and decisions get deferred to him because he seems to be the only one who understands it. If he got hit by a bus, the project would be in jeopardy.
Some specific technical issues appear to be:
- There's only client-side filtering of broadcast commands, so information leakage is possible, since broadcast commands are readable by every minion and they decide themselves whether they match a filter or not. (https://github.com/saltstack/salt/issues/7669)
- There's too much trust that the minions (clients) will do the right thing. When it comes to security, some things should be enforced server-side. (https://github.com/saltstack/salt/issues/7556)
I hold out hope that these issues will be addressed. In the meantime, I won't be recommending it as a general purpose solution for a large organisation.
— by Robert Thomson, created 15th Oct, 2013, last modified 15th Oct, 2013 | Tags: Tech
I bought a skull... then I painted it...
I expect he'll be drawn/painted many more times over the years.. but this painting is the first. :-)
— by Rob, created 15th Sep, 2013, last modified 15th Sep, 2013 | Tags: Private