Category Archives: Open Source

Run Docker in an LXD container

I’m a fan of Canonical’s LXD containers—which essentially copy the same approach to lightweight virtualisation enjoyed by Solaris Zones users (and by extension, any illumos-based distros such as SmartOS) for over ten years. One area however where Canoncial is playing catch-up compared to commercial UNIX is in incomplete documentation spread out absolutely everywhere—blog posts, articles, wikis, and so on. Trying to find consistent information on the level of support for Docker running in an LXD container is a perfect example of this. It’s a real mess.

At the time of writing, running Docker as installed from the official Docker repository will fail in an LXD container. This is noted in the following two bug reports:

The advice provided in both reports is to use Ubuntu’s Docker packages:

“Only Docker coming from Ubuntu (docker.io package) works inside LXD containers.

“The Docker coming from upstream is missing a number of patches to make it work, leading to the problem you describe above. We’ve been pushing for those changes to be merged upstream and some were, but we’re not yet at a point where the upstream packages work.”

Otherwise, the prerequisite for running Docker in LXD is that the container is launched with the docker profile applied, and is configured as a privileged container (by default, LXC containers are unprivileged). In the following example, the nextcloud-dev-1 container is created with the default and docker profiles applied, and its configuration is set to be privileged:

$ sudo lxc launch ubuntu:16.04 nextcloud-dev-1 -p default -p docker -c security.privileged=true

Post installation, log into the container and install the Ubuntu Docker package:

$ sudo apt install docker.io

From there, Docker should work as expected.

More on privileged containers is here:

 

Advertisements

Watermarks template for LibreOffice Writer

For folks wanting a LibreOffice Writer template with a default set of high-quality, vector-based watermarks good to go, head on over to www.apertura.co.nz/libreofficewatermarks and download/share away. Any feedback or suggestions, let me know.

Let’s *not* let them (NZ government workers) use Chromebooks

Technology journalist Bill Bennett muses in a post from a year ago titled “Let them (NZ government workers) use Chromebooks” about the potential cost savings and productivity gains to theoretically be had from deploying the Google office productivity stack for NZ government workers. Some excerpts:

“Put aside for a moment the security risks and the NZ$2 million paid to Microsoft for extra [Windows XP] support… One solution would be to write off all the existing computers and replace them with Chromebooks… There would be immediate savings. Chromebooks can’t run Microsoft Office. Government departments can shift to Google Apps… Getting all government employees and applications into the cloud means there will never again be a situation like 40,000 computers using out of date software.”

The security risks and $2 million dollar figure can be viewed as part of the exit cost of adopting the Microsoft platform to begin with. 13 years ago there may have been a reasonable case for Windows XP being an adequate desktop solution, which is clearly no longer the case in 2015. However, suggesting that NZ government trades one proprietary ecosystem (Microsoft) for one even more closed is not an advance at all. From a technology perspective, Google Apps for instance is completely welded shut – with a non-standard and entirely Google-secret document format at its core.

Yes, there’s a strong case to be made for the combined benefits of moving computing services off the Microsoft desktop platform and onto a Linux-based OS (Chrome OS is but one example, Ubuntu is another), replacing full desktop computers with thin clients, and adopting cloud-hosted applications. However, I would seriously question the wisdom of government migrating to a platform so tightly controlled by a single vendor – not to mention one that derives ~90 percent of its total global revenue from advertising, or that has a long track record of startlingly short product lifespans. It would drastically curtail competitive supplier choice, and in the case of Google Apps (and to an extent Chrome OS), eliminate the freedom to self-host the technology in-house or via a third party as and when the situation or requirement arises.

The $2 million dollar figure for Microsoft’s extended Windows XP support might well pale in comparison to migrating off a proprietary, cloud-only solution 13 years from now. The point being, any serious discussion must take into account exit costs, and not simply the superficial low cost of entry, be it Office 365, Chrome OS, Chromebooks, and so forth. This is an aspect Bill Bennett’s article omits, much like most other opinion pieces on the matter.

Apropos of this, in the time since the source article was written, the reasons for the UK government mandating ODF for document interchange (to the detriment of both Microsoft and Google) makes for worthwhile reading.

On Microsoft killing the Internet Explorer brand

The problem is, Internet Explorer – while a simply awful piece of technology – will forever be associated with being tied to an equally mediocre OS (Microsoft Windows). Open source it already, and kill off its dependency on Windows. Not rocket science.

Microsoft is killing off the Internet Explorer brand (The Verge)

Thunderbird, Gmail, and the “less secure apps” thing

For those folks wanting to use Thunderbird as a Gmail client and who are encountering an incorrect password error when attempting to configure the account in Thunderbird (irrespective of two-factor authentication), this is most likely due to Google enforcing OAuth. Google are spinning this as a “secure vs. less secure application” problem, suffice it to say opinions appear to vary on this.

For now, the conditions under which you may or may not see the incorrect password error prompt when hooking Thunderbird up to a Gmail account can be found here.

And on the Thunderbird developer community side, discussion about this can be found here.

EDIT: we’ll also highlight this most excellent point, from Twitter:

Can’t disagree with this.

 

 

Endpoint-encrypted email with Thunderbird and Enigmail

Thanks to Thunderbird and Enigmail, anyone wanting to securely contact me over email can now do so.

Regarding Enigmail, setup is reasonably quick and easy (thanks to Enigmail’s wizard), but it’s definitely something most folks would need help with from someone with technical know-how. Anyone local who would like to claw back a little of their privacy in the post-Snowden era is welcome to drop me a line for assistance.

Setting up Gmail Calendar and Tasks sync in Thunderbird

Updated 29th June 2016: For folks landing here via search engines and the like, I recommend ditching Gmail as a mail service altogether – as I now have. The hoops one has to jump through to simply get Gmail to behave normally with an external mail client are no longer worth the effort in light of the better business email hosting services now available. FastMail in particular is a cinch to set up, is stable and affordable, has full calendaring, and just simply works with minimal setup on the Thunderbird side. Google clearly has zero interest or business reason to permit Gmail to work seamlessly with external clients, especially as it removes the vector for targeted advertising.


With the latest versions of Thunderbird, and the Lightning and Provider for Google Calendar add-ons, Thunderbird now supports full Gmail Calendar and Tasks synchronisation. As the setup has changed somewhat from previous versions of these add-ons we’re going to cover the current procedure in this blog post.

We are using Thunderbird 31.2.0 on Ubuntu 14.04.

If you’ve already installed these two add-ons and you’re synchronising your Gmail calendar, please delete the calendar from Thunderbird (this unsubscribes from the calendar only, and leaves all server-side data intact), and uninstall the add-ons. Restart Thunderbird to get back to a clean-slate state.

Now, using the Thunderbird Add-ons Manager, search for and install both the Lightning and Provider for Google Calendar add-ons:

Install the Lightining add-on

Install the Provider for Google Calendar add-on

Restart Thunderbird to complete the installation process.

Next, switch to the Calendar tab in Thunderbird. Right-click in the area where the default Thunderbird calendar is visible and create a new calendar:

Create a new calendar

We now work through the “Create New Calendar” wizard. In the first two screens that appear, we want to add a calendar on the network, and this should be a Google Calendar:

Add a calendar on the network

Add a Google Calendar

You’ll now be prompted to enter your email address: this should be the Gmail address of the associated calendar you wish to synchronise:

Enter your Gmail address

Thunderbird will then list the calendars and task lists available to be synced. Tick these as you need:

Adding Calendars and Tasks lists

If all goes well you’ll see a dialogue indicating the wizard has finished, and, after a brief delay (during which the interface might not be responsive) your Gmail Calendar and Tasks will be synchronised:

Dialogue indicating the wizard is finished

Google Calendar and Tasks synced

At the far right-hand-side of the above screengrab you can see our tasks lists (only containing a single task in this example). These are synced with your Gmail account.

Forking GlassFish Redux: Payara Server

In the time since I last wrote about the need for a fork of Oracle’s GlassFish Server, Oracle have effectively removed the viability of GlassFish as a production system by killing off professional support in favour of their megabucks closed-source WebLogic product. This was a completely unsurprising move, and simply added to the mountain of orphaned and abandoned techhnology inherited from Oracle’s Sun acquisition (to which we can add some more recent additions).

Fortunately, and largely due to the wisdom of Sun to originally open source the product, a new player in the Java app server scene has appeared with what is to all intents and purposes the GlassFish fork we’ve been waiting for: Payara Server.

You can check out their website at: http://www.payara.co.uk/home. As mentioned on their site: “We take GlassFish upstream. We support it, fix it, enhance it. We release it as open source Payara Server.”

Do I have funds or a current use case to pay for professional support for an app server yet? No. Do I want to use the same product I’ll eventually be using in production while I’m in the startup/setup phase, easily and without restriction? Yes. Will I pay for support if the use case requires it, and if it guarantees a healthy product/project down the line in the best spirit of open source? Happily, and especially if it’s from the same vendor offering the product to begin with. Not rocket science, and when a vendor throws too many obstacles in my path I’ll simply switch to an alternative which does afford me these freedoms.

Looking forward to trying this out.

Android’s better browser?

Folks using Android aren’t in much doubt about which is the better browser:

Firefox for Android vs Google Chrome Play Store ratings

Custom Firefox Sync servers now supported again for Firefox for Android

Around the Firefox v29 timeline, Mozilla changed the authentication mechanism for Firefox Sync to use Firefox Accounts. Consequently, the setup method for custom self-hosted Firefox Sync servers changed (note that my guide has yet to be updated), and for a few releases Firefox for Android did not support the new model.

Fortunately, custom Sync server connectivity has been restored as of Firefox for Android version 33. The full guide (including an add-on which enables custom sync server addresses) can be found on Nick Alexander’s blog.

Note that if you’re using a “non-standard” port for either your custom Sync or Firefox Account servers, you’ll run into the bug described at https://bugzilla.mozilla.org/show_bug.cgi?id=1046020, which as Nick says manifests itself as an authentication error. The workaround suggested is to use Firefox Beta, which works for me.

It’s terrific that Mozilla continues to offer its users the choice of self-hosting their solutions.

Firefox Sync on Android