It's been rather quiet here for the past few months, for which there's a pretty good reason. In November the organisation I worked for and I parted company, by mutual agreement, and with a redundancy package.
Being so close to Christmas and with the certainty of wanting to take some time off (I'd given myself until Feb/March '16 before starting a job hunt) the decision of what to do loomed, there was no way I'd be able, or be allowed to sit and vegetate for that long. I toyed with a couple of London options, charity work, or perhaps give my Sports Therapy alter ego some space. Or Madagascar!
A few years ago I saw a wildlife program which had a 2-3 min piece on a marine conservation charity called Blue Ventures (BV) who were operating in a remote Southwest corner of Madagascar. I'd filed it under 'things to do but will probably never get the opportunity'. This was the opportunity. Sun, sea, diving, community work. Light bulb moment! 7.5 weeks away from home, light bulb went off. We talked it through and the next day I'm sending deposits, booking flights & making lists, big lists.
I already had my PADI Advanced diving, which is the minimum requirement for being part of the science program, and a ton of dive equipment, but the BV list was huge, and as I found out later very much about diver safety. The inventory also included a seriously scary first aid kit, malaria prevention, nets, drugs and advice that we would be isolated for 6 weeks and need to arrive with 'everything' we could possibly want/need while onsite. I was going to need bigger bags!
LONDON/PARIS/ANTANANARIVO(TANA)
In Tana I'd meet the other volunteers and begin the 4 day drive to Toliara.
Simon & Liwia - Bravely quit their jobs in July '15 and have been working their way through African wildlife projects ever since.
Lucy - A wee bonnie lass taking a gap year from studies who arrived with more medical supplies and sun cream than the rest of us together. Which was actually very useful.
Anninja - Student from Switzerland who could only stay for the first 3 weeks before staring her medical studies.
We'd later meet Pierre, starting his 3rd expedition and Adam, who was travelling from Zimbabwe and would join us on week 3.
The road from Tana took us over some of (what I thought were) the worst roads I'd ever travelled on, little did I know! On the first day we spent 9 hours at the side of the road waiting for a bridge to be re-built. Which they did manage, but it was a stark reminder that this is Africa, shit happens.
On the way we celebrated New Year, hiked in Ranomafana National Park, saw our first Lema (which neither sang nor danced, I think the film may have been factually incorrect) and hiked
Isalo National Park where we swam in the natural pools.
TOLIARA
Our last stop and last chance to buy anything we'd forgotten or anything we might want onsite, jams, sauces, snacks etc
After a few days of R&R we began the last leg of the journey to the village of Andavadoaka(Andava) and the BV site.
Google suggests this is a 3 hour journey. I strongly suggest Google send one of their mapping cars on that journey, with 4x4 rescue vehicles. Its a 9-10 hour off road track that follows the coast, rocky roads, sand dunes and a stomach that would have much rather stayed in the hotel made for a lively journey! It made the Tana/Toliara journey seem like a breeze and I was beginning to have reservations about what I'd got myself into.
ANDAVADOAKA
First day onsite and the remoteness hits. Andava is the largest village in the Velondriake Locally Managed Marine Area (LMMA) with a population of ~1700 people known as Vezo.
Velondriake - "To live with the sea"
The homes are built with wood and there is no running water. Wells provide semi clean water but the Vezo also use the boiled water from cooking rice as a clean source of drinking water. Slightly nutty/popcorn flavour which I developed a taste for, whilst others in the group shunned me. A power line has recently been run through the village, so if you can afford it there is limited electricity. But it's expensive and not the norm. Charcoal stoves and fires are the main method of cooking and the sea the main source of food.
Credit Simon Webber
In comparison our accommodation was palatial! Aligned to the Coco Beach 'hotel', we stayed in 5 huts which can sleep 4 in each, a bathroom, flushing toilets and most of the time salt water running water.
Credit Simon Webber
This was to be home for the next 6 weeks.
DAILY LIFE
The first couple of weeks were very much a settling in period. Getting used to a slower pace of life, 30-35 degrees heat, adapting to a very simple diet of rice, beans and fish; and fighting the inevitable illnesses volunteers tend to get.
We were also assigned duties on a weekly rotation. Handling the water filtration, cleaning up the Bat Cave/Dive hut and weather recording. Water and weather were little and often all day but cleaning tasks were 30 mins in the afternoon and then time to chill.
Each evening before dinner we'd find out what the following day's activities were going to be but generally :
Breakfast 08:00
Dive 09:00 / 11:00 (luxury of a small group meant no 06:00 scheduled dives)
Lunch 13:00
Duties 14:00
Lectures 15:00 - 17:00
Vao Vao & Dinner 19:30. The call to dinner was a chant of Iraika, Roa, Telo, Aleha! 1, 2, 3 Go! ..
Saturday was an enforced no dive day and Sunday was a day to do what we wanted. Which mostly meant nursing hangovers from the previous nights exploits with the local rum.
DIVING & SCIENCE
The diving was my main reason for choosing this adventure, the lure of the sea and the weightlessness underwater is just such a cool experience.
After a pretty comprehensive safety lecture, and after some early bacterial infections had been doused in antibiotics we had our refresher dives. Went through every single PADI skill, not something I've done since training, so a pain, but also a nice refresher.
Once cleared to dive we started benthic or fish id tests. Diving as a small group with one of the field scientists who would point and you take a crack at identifying what they were pointing at. Which needless to say started badly for most of us.
We were split into two groups, fish and benthic. Benthic for the less experienced divers as by the nature of the animal they don't tend to bugger off, but you do need decent buoyancy and Bic the BV instructor taught that exceedingly well. I've seen seasoned 100+ divers with less skills that Lucy and Anninja demonstrated. I and the other already qualified divers got fish. 150 of them to learn for a 50 question computer test and a 30 consecutive correct answers under water test. Until this expedition the first time pass rate was 2. Unfortunately for me I was teamed with Simon and Liwia, AKA the dream team, who doubled the first time pass rate, no pressure on me then.
Over the next few weeks we dived 1 - 2 times a day, some doing science & others training. I eventually passed the tests so joined the science team carrying out fish belts on reefs, a small audit counting fish, identifying species and collecting data which is collated and over time gives an impression of reef health.
COMMUNITY
Part of the BV ethos is that for conservation to succeed it must involve the community. During my stay we spent time on a number of community projects and also spent time with two local families as homestays. We visited the village of Vatoavo, which put Andava to shame with it's remoteness, and poverty, where I got to teach an English class while the other volunteers had arranged an English language treasure hunt for the kids. The village later put on a talent show during which we discovered twerking is apparently a BIG part of Malagasy dance culture, it's all about the arse.
Credit Simon Webber
The homestays were something I wasn't looking forward to, but part of this trip for me was doing things outside my comfort zone. That and dealing with wet sand on feet and fish bones, but they would be handled over time, and under my control.
Lucy and I had dinner with a family in Andava and the following day we would spend 'A day in the life' with the same family. We spent the following day helping them, or in my case hindering them with whatever they would normally be doing. A few of the volunteers wanted to fish, so they did but Lucy and I opted to stay on land which meant I spent the morning playing cards with the children and Lucy got to help with the chores. Although I did attempt to crush some corn, which didn't go down well.
OTHER PROJECTS
BV run a number of other projects in Madagascar, three of which we had an opportunity to get involved with.
AQUA CULTURE
In an effort to provide communities with an alternative income to fishing there are two farming projects, Sea cucumbers and Seaweed. Both of which are backed by companies who provide seed services and a route to market. They provide juvenile sea cucumbers and seaweed plants, the Vezo then nurture them until such time they can harvest and the product sold back to the companies, who then distribute. Cucumbers are used as a filler/bulking agent in Asian markets and seaweed in pretty much anything thats viscous, beauty products, apparently even some ice cream.
We got to take part in one of the periodic sea cucumber harvests. During low tide we helped the farmers collect and weigh cucumbers, anything >300g was catalogued and stored ready for the next morning. Their fate was sealed, evisceration. Cutting a hole in the anus and squeezing the guts out!
I think Lucy might be enjoying that, just a little too much! My single attempt resulted in the poor lady next to me getting covered in, well, sea cucumber bits.
SPIDER TORTOISES
Endemic to Madagascar the Spider Tortoise is critically endangered and in serious decline due to smuggling in the pet and food trade. We spent a day helping the rangers to monitor the population and catalogue the size, weight and age.
Credit Simon Webber
My time in Madagascar has come to an end and I've begun to try and reflect on the experience. It might be too early to really come to any conclusions, but it wasn't a total breeze, and there were times I'd gladly have taken a teleporter out. But I did some very cool things, met some great new friends and have new life experiences which I don't think many people get the opportunity to do.
Now I guess I need to find a job .. or maybe I'll find somewhere for my hammock.
OSX used to contain the binaries to configure ‘dummynet’ from FreeBSD which has the capability to do WAN simulation.
Mavericks no longer has support for dummynet but still has the code in the backend. Find and copy the IPFW binary from an older machine into /sbin and you're good to go.
Example:
Inject 250ms latency and 10% packet loss on connections between workstation and web server (10.0.0.1) and restrict bandwidth to 1 Mbit/s.
# Create 2 pipes and assigned traffic to/from:
$ sudo ipfw add pipe 1 ip from any to 10.0.0.1
$ sudo ipfw add pipe 2 ip from 10.0.0.1 to any
# Configure the pipes we just created with latency & packet loss:
$ sudo ipfw pipe 1 config delay 250ms bw 1Mbit/s plr 0.1
$ sudo ipfw pipe 2 config delay 250ms bw 1Mbit/s plr 0.1
Test:
$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=63 time=515.939 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=63 time=519.864 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=63 time=521.785 ms
Request timeout for icmp_seq 3
64 bytes from 10.0.0.1: icmp_seq=4 ttl=63 time=524.461 ms
Disable:
$sudo ipfw list |grep pipe
01900 pipe 1 ip from any to 10.0.0.1 out
02000 pipe 2 ip from 10.0.0.1 to any in
$ sudo ipfw delete 01900
$ sudo ipfw delete 02000
# or, flush all ipfw rules, not just our pipes
$ sudo ipfw -q flush
Round-trip is ~500ms because it applied a 250ms latency to both pipes, incoming and outgoing traffic.
Packet loss is configured with the “plr” command. Valid values are 0 – 1. In our example above we used 0.1 which equals 10% packetloss.
In my spare time I've been building a small Docker lab. I wanted to see what all the fuss is about and also to bring some reality to the kool-aid drinkers in the office.
I've been around long enough to know that theres no magic pill, variations of really good ones have appeared over time but they all need to be mixed with something else.
Docker expands on the Linux LXC built into most kernels from 2.6 which allows a process to exist within its own space within the system. Similar to virtualisation but without the hypervisor and the overhead a hypervisor brings needing to be all things for all people.
Docker allows you to create & package a container. Lets say we have a simple JAVA SMTP service. All the components needed to run that service, Tomcat, code files run within the container, which can be moved, copied to somewhere else and function in exactly the same manner.
Also comes with a registry, either public or private which acts as a repository for Docker images. Now you can easily distribute containers or pass them along the dev pipeline to QA, Ops.
DevOps nirvana! The excitement is palatable!
And yes, if your service is 100% self contained then thats a valid statement.
It's when you start to try and build a bigger solution, and this is probably where my inexperience comes in, that you start to think, and find some of the down sides.
Docker deals with networking within the Docker binary. It serves local DHCP addresses to containers which are then port mapped to the hosts IP. If a container is moved to a new host, its end point changes.
Intra container communication is via tunnels built between them, not via the network.
How do you find a service?
The answer to that question has already been dealt with by others doing true SOA or web scale. Write a service registry, use queuing, load balancers/API, zoo keeper. It's a problem thats been solved by anyone doing dynamic scale but this tweet/blog post:
At its core is a really clever service registry. But also layered with health checks, clustering, multiple locale support that can be queried using an API or via name lookups (DNS) to the Consul service port. Also able to integrate with something like DNSMASQ to redirect queries, this would allow seamless integration into an existing environment where DNS is being used to locate services.
Consul is a small binary, which in my case is within the container or could just as simply exist on the OS that uses a config file to determine what to register with the consul servers. In my lab its using a static config but in reality you would use a CM, puppet, chef, salt, ansible or automatically generate the config using a handy add-on consul-template.
The local consul binary deals with health-checks, nice, immediately a distributed system. The consul servers (min of 3) run in a clustered mode which the local consul agent is aware of so theres registry HA built in.
In summary pretty impressed with consul, it's early days but something to keep an eye on.
But back to Docker.
Docker in itself is not yet a one stop shop, maybe its not supposed to be, but other players are entering the game to add to the package and I think will continue to. Is Docker a death bell to virtualisation? If your a web scale company and all you do is web services then yes, it probably is. For the enterprise or shops that are not developing apps then probably not. But you can of course run Docker on hypervisors.
It also requires the dev teams to shift their model. I know lots of places are SOA and micro services, but lots aren't. Docker to them is not that magic pill.
Something that hadn't occurred to me until I watched this talk AppSec is eating security is the security benefits containerization brings. The host can be a massively cut down OS and each container only contains the bare minimum to run the services. The service also has no state, its IP is dynamic, it has no fixed abode. The attack surface is not only reduced it becomes all slippery. Patching also (in theory, and if you code correctly) a breeze.
But on the flip side :
Docker is potentially a game changer, but not without work and consideration.
CentOS 7.1 behind SQUID Proxy. Docker install using YUM.
docker info
FATA[0000] Get http:///var/run/docker.sock/v1.18/images/search?term=apache: dial unix /var/run/docker.sock: no such file or directory. Are you trying to connect to a TLS-enabled daemon without TLS?
I don't particularly need a 2GB trunk from the NAS but a recent switch upgrade to a NetGear managed switch, GS716T (which for £120 is bloody good value) gave me the option.
Set the NAS for bonded 802.3ad & created the LAG group on the switch. Easy.
Two days later I noticed my Windows machines had lost their SMB mounts, Linux boxes all fine. Disabling one of the NAS bonded ports brought it all back.
I suspected some kind of ARP timeout. Switched the LAG port from STATIC to LACP and all was well. And has remained so. No idea why Windows was FUBAR and not Linux and without cracking open Wireshark I can only guess.
Documentation is decent and I had no issues until I started the deploy on the destination. The decompression failed with a PHP error when I ran installer.php. I followed the FAQ and the manual extraction process which worked fine, upload the decompressed files and archive, run the installer.php and follow the prompts.
Site 'duplicated' and working! ... almost. The primary network site worked fine second site down. Changed the url via the WP Network Site Admin and created the equiv subdomain entry which allowed me to browse to the second site. Progress!
Main site : site.domain.uk
Second site : site2dev.domain.uk
Followed a ton of links and tried all the suggestions with no success. Went through the db with a forensic microscope in case a URL rename had been missed, all with no joy. Eventually I decided to create a new site and see what the results were. If it failed I knew it would be more WPMU than the second site setup.
Setting up site3 it was created as site3.domain.domain.uk .. oh a sub sub domain. The light bulb went off but I carried on. Site3 worked fine.
Changed my second site & DNS entry to site3.domain.domain.uk .. Golden.
Playing around with Motion on Raspian. Motion was simple to setup with a single camera but when I added a second and switched to the thread config files I started to get :
Unable to query input 1 VIDIOC_ENUMINPUT: Invalid argument
Tracked it to a setting in the default thread2.conf
# The video input to be used (default: 8) # Should normally be set to 1 for video/TV cards, and 8 for USB cameras input 1
Can't be done via the GUI so you need to use some CLI foo. You can set a route temporarily via the shell but in order for it to remain persistent you need to edit the startup script.
1 - Connect via ssh to your device
2 - Mount the QNAP Configuration
The name of the actual device to mount depends on your model number. In general for x86-based systems this should be /dev/sdx6. For Marvell ARM based models it should be /dev/mtdblock5 or /dev/mtdblock4.
[~] # mount -t ext2 /dev/sdx6 /tmp/config
2 - Create or adapt autorun.sh
A shell script called “autorun.sh” will be executed by your QNAP storage system on every startup. It might be possible that file currently does not exist so just go ahead and create it with your favorite text editor, or the whatever is installed.
Tried to watch something on 4OD catchup via my HTPC (Zotac ION ATOM 1.6) last week. Dreadful., choppy and stuttering, in the end I gave up.
Today I decided to debug and see if I could fix it.
Firstly browsing in general also seemed slow. Hit a well known bandwidth testing site and it was reporting 70-80ms latency. Odd as no other device in the house showed the same problem, all in the 27-35ms range.
Spent a ton of time looking into this starting with networking\drivers being the source of the problem as it, even started packet tracing! CLI pings all seemed fine, file download comparisons, all fine. Finally, and I mean after a day of screwing around and almost a total rebuild, I cleared the cache on Chrome. Bingo, latency fixed. WTF! ..
Chrome and pepperflash were throwing the bandwidth test out, and guess what 4OD, flash site .. I think I have found the issue.
Seems like any flash site on Chrome pushes the CPU, on the ATOM its just too much, 90-100% .. Same on my desktop but its a way faster CPU so copes. Never really appreciated what a great job flashblock does for me.
Switched to Firefox & Adobe Flash and all is well again .. for now