Planet Apache

Syndicate content
Updated: 9 hours 47 min ago

Bryan Pendleton: Mazes, rooms, and pathways

Sat, 2014-12-27 23:21

You can tell it's the holiday season, because I've been playing games and thinking about games, a lot.

So I thoroughly enjoyed Robert Nystrom's recent essay: Rooms and Mazes: A Procedural Dungeon Generator.

Nystrom takes us through a variety of different approaches to generating dungeons for adventure games, because it turns out there are a lot of things to consider.

For example:

You could make a roguelike with perfect dungeons, and many simple roguelikes do that because generators for those are easier to design and implement.

But I find them less fun to play. When you hit a dead end (which is often), you have to do a lot of backtracking to get to a new area to explore. You can’t circle around to avoid certain enemies, or sneak out a back passage.

Nystrom proceeds to explore two basic approaches to dungeon generation:

  • Start with a maze. Trim back the maze to leave holes in the space, then turn those holes into rooms.
  • Start with a bunch of randomly-placed rooms. Flood-fill the spaces between the rooms with mazes, then connect things together

As he puts it:

Where Buck and Karcero start with the maze and then add the rooms, mine does things in the opposite order. First, it places a bunch of random rooms. Then, it iterates over every tile in the dungeon. When it finds a solid one where an open area could be, it starts running a maze generator at that point.

The best part of the article is the illustrations. Nystrom fills the article with live demonstrations of various techniques, which bring the code to life and make it easy to understand the alternatives and how they impact the resulting generated dungeon.

If you've ever tried your hand at generating a dungeon (and what game-playing computer programmer hasn't?!), I think you'll really enjoy reading Rooms and Mazes.

Who knows? It may even get you excited enough to start writing that game you've been putting off...

Categories: FLOSS Project Planets

Justin Mason: Links for 2014-12-27

Sat, 2014-12-27 18:58
  • Why Airlines Want to Make You Suffer

    ‘The fee [airline pricing] model comes with systematic costs that are not immediately obvious. Here’s the thing: in order for fees to work, there needs be something worth paying to avoid. That necessitates, at some level, a strategy that can be described as “calculated misery.” Basic service, without fees, must be sufficiently degraded in order to make people want to pay to escape it. And that’s where the suffering begins.’

    (tags: travel airlines pricing fees economy consumer jetblue)

  • A Virtual Machine in Excel

    ‘Ádám was trying his hand at a problem in Excel, but the official rules prohibit the use of Excel macros. In a daze, he came up with one of the most clever uses of Excel: building an assembly interpreter with the most popular spreadsheet program. This is a virtual Harvard architecture machine without writable RAM; the stack is only lots and lots of IFs.’

    (tags: vms excel hacks spreadsheets coding)

Categories: FLOSS Project Planets

Bryan Pendleton: Wasteland 2: a very short review

Sat, 2014-12-27 16:56

I've been whiling away many an hour recently playing Wasteland 2.

There's no doubt about it: this is a very fun game.

You and your party find yourselves in a post-apocalyptic wasteland, loosely modeled on the territory and scenery of southern Arizona, in a chaotic world full of mystery and adventure.

You travel about from place to place, take on quests, unearth clues, unravel mysteries, defeat bad guys, and generally have yourself a wild-and-wooly rip-roaring good time.

The making of the game is rather interesting, as revealed by this Wired article: How One Guy Got Kickstarters to Give Their Profits to Other Campaigns

Fargo went on to launch other games, including the now celebrated Fallout series, and even became a game publisher himself, as founder of Interplay Entertainment. But Wasteland was his baby, and by the early 2000s, he wanted to create a sequel to the game that put him on the map, called Wasteland 2.

The problem was, the studios wanted nothing to do with it. “I got nowhere for another decade,” Fargo says.

Then, in early 2012, Fargo stumbled upon a still up-and-coming company called Kickstarter that let creators raise funding from their friends and fans.

But you don't have to care about how the game is made; it's more fun just to play the game itself.

Now, where was I? Oh, yes, back to trying to negotiate with the Servants of the Mushroom Cloud...

Categories: FLOSS Project Planets

Ask Bjørn Hansen: Best OS X (OpenVPN) VPN client

Sat, 2014-12-27 13:34

At both Solfo and over at perl.org we have the non-public network services (basically everything that’s not http, smtp or https) suitably locked down in a private network. At Solfo we have an OpenVPN server for logging into the private network. It’s great that it’s open source, works over both TCP and UDP (for respectively goofy firewall setups and faster, more reliable connections) and best of all, there’s great OS X GUI for OpenVPN: Viscosity VPN.

Traveling and needing to get on our network and being on various goofy corporate and hotel networks (and wanting to watch Netflix outside the US reminded me how excellent it is.

We’ve used Viscosity VPN since it was in beta and I can’t recommend it enough. It’s as reliable as can be, the support is excellent, it looks good and while it’s not free it’s super cheap, licenses start at $9 each. We bought more than twice as many licenses as we needed just because I felt bad not paying more!

Now if only the iPhone supported OpenVPN, too, so we could put more services on the private network without having to setup another VPN service…

Categories: FLOSS Project Planets

Ask Bjørn Hansen: It's a girl!

Sat, 2014-12-27 13:30

In late June, three weeks after my birthday, I got the most amazing birthday present you can imagine. My wonderful wife gave birth to our amazing now two month old daughter.

She sure keeps us busy. There are many awesome things to tell - about how cute, clever and strong she is already - but most of all then I am so grateful to Vani who by far is going through the most and doing the most. Whenever I play with Saffron, give her a bath or a bottle of breastmilk it is just such a joy.

Right now she is sweetly asleep upstairs and I have to fight the urge to go check on her or just see and listen every five minutes.

If you have a flickr account (and are listed as friend & family) then we have a few photos from July there.

Categories: FLOSS Project Planets

Adrian Sutton: Disabling Internal Speakers on a Panasonic TV

Fri, 2014-12-26 00:38

My wife and I gave each other a Sonos playbar for Christmas to improve the clarity of our TV. The initial setup was excellent – clearly stepping through each required step and very cleverly detecting the type of TV remote I have and automatically reacting to it’s volume controls so I can carry on using the TV remote as usual.

The only problem is that my Panasonic TV doesn’t provide a way to disable the internal speakers. So the playbar and the TV were both outputting sound which sounds pretty awful.  There’s two ways to solve this:

  1. Configure the Sonos to respond to a different remote (or different buttons on your TV remote such as those for a DVD or video play you don’t use). Then simply turn the volume on the TV all the way down and don’t use the normal volume buttons anymore.
  2. Access the secretive hotel mode.

The secretive hotel mode is mentioned in a bunch of places on the internet but apparently Panasonic denies it exists (unless you’re a hotel I guess). To access it on my particular version I had to hold down the -/V button on the side of the TV and press “AV” on the remote three times.

A menu then pops up providing access to a few settings including a maximum volume. Enable hotel mode and set the maximum volume to zero and you’ve effectively disabled the internal speakers.

Now when you use the volume controls both the TV and Sonos will respond but the TV volume is limited to zero so the volume bar appears on screen but the TV speakers never activate.

This gives the ideal setup – a sound system that provide significantly improved sound from the TV without any extra remotes or other complications.

Categories: FLOSS Project Planets

Nick Kew: Your favourite paedophile

Thu, 2014-12-25 14:57

A benign image, but a darker history.

The modern image is benign: a fat jolly supernatural fellow, and the implausible giver of gifts to children.  And his mortal doppelgangers in innumerable shops and seasonal events.

But is there a historical original?  And would he be welcomed in today’s society?

The answers are a qualified Yes, and a pretty unqualified No.  The Yes comes from tracing “Santa Claus” back to “St Nicholas”, the 4th century Bishop of Myra.  It’s a somewhat-tenuous derivation that works very differently in different modern languages, and is not the only origin story: hence only a qualified Yes to the man we call St Nicholas as the original Santa.

So who was this man?

Well, for one thing, he was quite the opposite of the modern image of jollity.  He appears to have been a killjoy who saw fun as a sin and prayed earnestly while others let their hair down.  There are possible hints that he might even have prayed for divine retribution on the sinners, though that remains speculation.  Not, in character, a role model for the modern Santa.

But in one thing – the story that lends credibility to his being the origin of Santa – he was very much the role model.  He gave gifts to children.  Gifts of gold, that might be thought to sit uneasily with Christian ideas of disdain for worldly wealth.

It’s in the recipients of his generosity that the true nature of the story becomes clear.  These are girls.  They’re at the age where they rebel a bit against parental discipline, but their father keeps them on a tight reign to protect them from the Big Bad World.  In other words, young teens.  Nicholas’s gift of gold helps liberate them to have some … erm … fun.  So not an early case of “bishop and choirboys”, but rather one like the girls in this more modern story (albeit without the racial element).

Was he in fact a pimp?  I know of no strong evidence, but circumstantially it seems entirely likely.  It would account for his repeating the gift for several girls, and might’ve helped with being able to afford them!  But at the very least, he was not a man modern parents would want near their children!


Categories: FLOSS Project Planets

Bertrand Delacretaz: Merry Christmas avec la Soupe a la Bière a Roger!

Thu, 2014-12-25 06:01

La soupe est bonne même avec de la bière à deux balles.

While waiting for the soup to be ready and for the guests to arrive, let me wish all of my readership (yes, both of you guys) a Merry Christmas!

And if you allow me un post en français pour une fois, voici la recette de la dite soupe! Si vous connaissez Roger vous savez qu’on peut lui faire confiance pour ce genre de trucs.

L’alcool s’évapore à la cuisson bien sûr, pas de problème avec les enfants, sauf peut-être que c’est assez corsé si vous faites tout juste.

Ingrédients
Compter 1 litre de soupe pour 4 personnes.

Pour 8 litres: 2 lt bouillon de boeuf, 3 lt potage bâlois (“Basler Mehlsuppe”, en sachets pour ne pas compliquer), 3 lt bière blonde.

4 gros oignons, 150 g beurre.

2 yoghourts nature, 4 oeufs, 1/2 lt crème à fouetter, 150 g fromage râpé.

Ciboulette et persil.

Préparation

Couper fin les oignons et faire revenir dans le beurre, sans roussir.

Ajouter la bière, cuire puissamment durant 15 minutes et 12 secondes.

Préparer séparément le bouillon de boeuf et le potage bâlois.

Verser le bouillon dans la bière, cuire au taquet pendant 15 minutes et 18 secondes.

Ajouter le potage bâlois, cuire à feu moyen. Faire fondre le fromage râpé en remuant.

Battre le yoghourt et les herbes, ajouter les jaunes d’oeufs battus et incorporer en battant à donf.

Cuire doucement pendant au moins une heure et 38 secondes.

Gonfler avec la crème fouettée, au dernier moment.

La soupe se garde bien, elle est même souvent meilleure le lendemain!


Categories: FLOSS Project Planets

Bryan Pendleton: Christmas Eve link clearance

Wed, 2014-12-24 23:31

Get 'em while they're hot!

  • On the Sony Pictures Security BreachReports say Sony Pictures had trouble attracting and recruiting security talent, which isn’t too surprising for a company known for its disdainful attitude toward technology. Being on the wrong side of issues like SOPA/PIPA couldn’t have helped—what technologist would want to work for a company that is trying to break the Internet?
  • Did North Korea Really Attack Sony?The agency's evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the US government would make the accusation this formally if officials didn't believe it.
  • The Case for N. Korea’s Role in Sony HackThe “silent” part of the moniker is a reference to the stubborn fact that little is known about the hackers themselves. Unlike hacker groups in other countries where it is common to find miscreants with multiple profiles on social networks and hacker forums that can be used to build a more complete profile of the attackers — the North Koreans heavily restrict the use of Internet communications, even for their cyber warriors.
  • What Does "Responsibility" Mean for Attribution?Using the Spectrum of State Responsibility, in my assessment, the US government's statements include a range of possibilities, from State-encouraged to State-integrated.
  • Stupid Costly Patent Nuclear War By Microsoft & Apple Against Android AvertedIn short, this is basically Google and Cisco (with some help from a few others) licensing these patents to stop the majority of the lawsuits -- while also making sure that others can pay in as well should they feel threatened. Of course, Microsoft, Apple and the others still have control over the really good patents they kept for themselves, rather than give to Rockstar. And the whole thing does nothing for innovation other than shift around some money.
  • Why String Theory Still Offers Hope We Can Unify PhysicsMost gratifying, the mathematics revealed that one of these notes had properties precisely matching those of the “graviton,” a hypothetical particle that, according to quantum physics, should carry the force of gravity from one location to another. With this, the worldwide community of theoretical physicists looked up from their calculations. For the first time, gravity and quantum mechanics were playing by the same rules. At least in theory.
  • Cerebros and the art of drug smuggling This is not the work of a pickaxe army of drug war foot soldiers. These are multi-million-dollar underground networks, created covertly with professional machinery under the guidance of top-end engineers or architects who have been pulled—willing or not—to the dark side.
  • The Future: A Cat Litter Box and DRMI did some Googling, and I found that the “Smart” in SmartCartridge is that it has an RFID chip inside of it to keep track of how much solution it has, and once it runs out, well, you can't refill it. I honestly did not believe this and tore one of the cartridges apart, and there it was, looking back at me, a tiny chip holding up it’s little metal finger.

    Seriously CatGenie, you added fairly sophisticated DRM to a litter box? I’m a tad hurt you spent my money on building in a restriction instead of figuring out how to avoid constantly cooking poop.

  • Drobo vs. QNAP vs. Synology vs. G-Drive and MORE! Which Storage Should You Choose?To me, the ideal size for a NAS device is at least 4 drives. You can get them with as few as two if you’re really never going to use much storage, and if you are going to do that I’ve got a recommendation for you in a minute, but with 4 or more you can have plenty of space without sacrificing redundancy. And I’ve got three different options for you here. The QNAP TS-470 Pro, The Synology 1513+, and the Drobo 5N.
  • The Top Metrics You Need to Track to Improve Operational PerformanceAt PagerDuty we’ve thought hard about what you should monitor and why from a systems perspective, but what about monitoring data on your operations performance? We’d like to share some specific metrics and guidelines that help teams measure and improve their operational performance.
  • Interesting papers from NIPS 2014NIPS is the premier conference on Deep Learning. Given the accelerating state of the art, it’s interesting to see what is new.
  • Testing TokuDB's Group Commit Algorithm ImprovementAs part of our effort to verify the new Binary Log Group Commit functionality introduced in TokuDB 7.5.4 for Percona Server, we wanted to demonstrate the substantial increase in throughput scaling but also show the bottleneck caused by the skewed interaction between the binary log group commit algorithm in MySQL 5.6 and the transaction commit mechanism used in TokuDB 7.5.3 for Percona Server.
  • Are We Consistent Yet?Traditional systems provide strong consistency, where clients can immediately view updates. Some distributed systems relax their consistency model to allow greater availability or better performance. Eventual consistency manifests itself to clients as stale views of data.
  • The Softsel Hot List for the week of December 22, 1986Back in the days before Internet-based software distribution, heck back even before the Internet existed in a form resembling what it is today, one of the most important ways of keeping track of the consumer computing industry was to subscribe to the Softsel Hot List, a weekly poster of the top sellers in various categories. Here is the Softsel Hot List for the week of December 22, 1986
  • Our local fillThe original wetland that became Lake Merritt was known as San Antonio Slough. From Oakland’s earliest days, the locals kept trying to “reclaim” it by turning it into dry land, just as they did all around the bay. The whole waterfront is reclaimed land. The basic technique was to haul dirt and rock and rubbish down to the water, shove it in and tamp it down. In Gold Rush San Francisco they’d use abandoned ships for fill, but Oakland’s founding fathers had advanced beyond such crude strategems.

For my Christmas Eve meal, my grand-daughter made me hand-made crab-and-shrimp sushi.

Life is good.

Categories: FLOSS Project Planets

Steve Loughran: What have we learned this week?

Wed, 2014-12-24 07:04
The Sony/N Korea spat is fascinating in its implications



  1. Never make an enemy of a nation state
  2. Any sufficiently large organisation is probably vulnerable to attack. I even worry about the attack surface of two adults and child, and I don't know who is the greater risk: the other adult or the child. The latter I am teaching foundational infosec to, primarily as he learns to break household security to boostrap access to infrastructure facilities to which he is denied access (e.g. the password to the 5GHz wifi network that doesn't go off at 21:00).
  3. Always encrypt HDDs with per-user keys. Any IT keys need to be locked down extra-hard.
  4. Never store passwords in plaintext files. At the very least, encrypt your word documents.
  5. Never email passwords to others. That goes for wifi passwords, incidentally, as children may come across unattended gmail inboxes and search for the words "wifi password"
  6. Never write anything in an email that you would be embarrassed to see public. Not confidential, simply unprofessional stuff that would make you look bad.
  7. The US considers a breach of security of a global organisation possibly by a nation state an act of terrorism.
The final one is something to call out. Nobody died here. It's cost money and has restricted the right of people round the world to watch something mediocre, but no lives were lost. Furthermore, and is salient, *it was not an attack on any government or national infrastructure*. This was not an attack on the US itself.

In comparison, the Olympic Games/Stuxnet attack on the Iranian nuclear enrichment facility was a deliberate, superbly executed attack on the Iranian government, to their "peaceful enrichment project"/stage 1 nuclear weapons program. That was a significantly more strategic asset than emails criticising Adam Sandler (*).

By inference, if an information-leak attack on a corporate entity is terrorism, mechanical sabotage of a nation's nuclear program must be viewed as an act of war.

That doesn't mean it wasn't justified, any less than the Israeli bombing of a Syrian facility a few years back. And at least here the government(s) in question did actually target a state building WMDs rather than invade one that didn't, leave it in a state of near-civil-war and so help create the mess we get today (**).

Yet what -someone- did, was commit an act of war of war against an other country, during "peacetime". And got away with it.

Which is profound. Whether it is an attack or Iranian nuclear infrastructure, or a data grab and dump at Sony, over-internet-warfare is something that is taking place today, in peacetime. It's the internet's equivalent of UAV attacks: small scale operations with no risk to the lives of your own-side, hence politically acceptable. Add in deniability and it is even better. Just as the suspects of the Olympic Games actions, apparently the US & Israel, deny that project while being happy with the outcome, so here can N. Korea say "we laud their actions even though we didn't do it"

Well, the US govt. probably set the precendet in Operation Olympic Games. It can't now look at what happened to Sony and say "this isn't fair" or "this is an act of war". As if it is, we are already at war with Iran -and before long, likely to be at war with other countries.

(*) Please can Team Netflix add a taste-preferences option that asks about specific actors, so i can say "never recommend anything by Adam Sandler" without having to 1-* everyone they throw up and so let it learn indirectly that I despise his work?

(**) On that topic, why is Tony Blair still a middle east peace envoy?
Categories: FLOSS Project Planets

Sergey Beryozkin: [OT] U2: "We were pilgrims on our way"

Wed, 2014-12-24 05:57


"The Miracle (of Joey Ramone)" from the last U2 "Songs of Innocence" album is a refreshing song. The actual album's content is strong. Not necessarily easy to listen though but it is been played in my car's CD player more or less every time I go driving for the last few weeks. The trick is, after listening to it for the first time, do a few days pause, and then listen again with a volume much higher than last time. It's a blast.

I still do like U2 even though I've learned not all in Ireland are the fans of them for various reasons. I was surprised, the same as I was when I was working in Manchester many years back, loving Manchester United and hearing people mentioning some other team, Manchester City :-).
 
The reason I still like U2 is because they are a team. These are the people in their 50s who still talk to each other :-),  continue to support each other, still have the drive and ability to create something as strong and relevant as "Songs of Innocence". I disagree it is entirely down to the financial aspect.

It is an off-topic post but as usual a link to CXF is about to be explored :-). It is in the "The Miracle (of Joey Ramone)" text.

Some of CXF users might recognize they were "pilgrims on their way" before they settled on working with CXF :-). If you read it and say, yeah, this is relevant to me, then you know where CXF is. And as U2 conclude, "your voices will be heard".

Finally, here is a link to a New Year song you won't hear in a local shopping centre starting from early September: New Year's Day from U2.  

Happy Christmas and New Year !

 

Categories: FLOSS Project Planets

Sergey Beryozkin: No Data No Fun !

Tue, 2014-12-23 17:17
Continuing with the theme of T-shirts, I'd like to let you know "No Data No Fun" is a cool line printed on my T-shirt I got at a Talend R&D summit organized at a second-to-none level back in early October. I guess having a collection of good T-Shirts is one of the real perks of the developers involved into the open source development :-)

"No Data No Fun" is also one of the themes behind Talend's continued investment into the tooling which facilitates the interaction with Big Data ecosystems. Getting such a tooling done right is hard. I'm impressed seeing companies like Lenovo liking it.

From my point of view, I'm interested to see how an apparent gap between the world of a typical HTTP service application and that of a Big Data one can be bridged. Ultimately web applications are about exploring the data and feeding them back to the users. We've done the first baby step, provided a FIQL to HBase query client that can be used to query massive amounts of data from HBase databases. JAX-RS StreamingOutput would very neatly fit in there.

However, it is also interesting to see how CXF services can be run natively in Hadoop, to save on a data delivery from HBase or other Hadoop-bound database to a query client running in scope of the CXF server, much cheaper to get it straight from Hadoop and send it back immediately. This is something I'm hoping to find some time for investigating next year. Propagating Kerberos or OAuth2 tokens into Hadoop/etc is also of interest.

I hope CXF will help you get a lot of data from Hadoop and have a lot of fun along the way :-) 

Categories: FLOSS Project Planets

Sergey Beryozkin: Get into OAuth2 with Client Credentials Grant

Tue, 2014-12-23 16:47
One of the possible barriers toward OAuth2 going completely mainstream is the likely association of OAuth2 with what big social media providers do and the assumption OAuth2 is only suitable for their business, for the way their users interact with these providers.

In fact, OAuth2 is more embracing. Client Credentials grant, one of several standard OAuth2 grants,  provides the easy path for the traditional clients toward starting working with security tokens.

The client, instead of doing the authentication with a name and a password (or some other client credentials) against the target service endpoint on every request (and thus having to keep these secrets for a long time) does it only once, against OAuth2 AccessTokenService which accepts various grants and returns manageable tokens with a restricted lifetime. Such tokens can be obtained out-of-band, with the client applications initialized with the tokens. The client will use the token only when authenticating against the endpoint. It is still a secret in its own way but it is a transient one that can be revoked by the administrator or by the client itself.

The client credentials grant provides for an easy and fast way into the OAuth2 ecosystem. Consider experimenting with it sooner rather than waiting for another 5 years :-), discover the OAuth2 world along the way, find how OAuth2 can positively affect your applications, and never look back again !
Categories: FLOSS Project Planets

Luciano Resende: This Blog is still alive !!!

Mon, 2014-12-22 23:31
It has been a while since my last post, 2014 was a very good and busy year, with lot's of hard work and good moments around the world , but I'm finally finding some time to come back to write some open related technical articles. So, expect to see more frequent activity on this blog, with subjects ranging from Node.js to Big Data, Cloud, Containerization, etc.
Categories: FLOSS Project Planets

Justin Mason: Links for 2014-12-22

Mon, 2014-12-22 18:58
  • coz

    A causal profiler for C++.

    Causal profiling is a novel technique to measure optimization potential. This measurement matches developers’ assumptions about profilers: that optimizing highly-ranked code will have the greatest impact on performance. Causal profiling measures optimization potential for serial, parallel, and asynchronous programs without instrumentation of special handling for library calls and concurrency primitives. Instead, a causal profiler uses performance experiments to predict the effect of optimizations. This allows the profiler to establish causality: “optimizing function X will have effect Y,” exactly the measurement developers had assumed they were getting all along. I can see this being a good technique to stochastically discover race conditions and concurrency bugs, too.

    (tags: optimization c++ performance coding profiling speed causal-profilers)

  • Spark 1.2 released

    This is the version with the superfast petabyte-sort record:

    Spark 1.2 includes several cross-cutting optimizations focused on performance for large scale workloads. Two new features Databricks developed for our world record petabyte sort with Spark are turned on by default in Spark 1.2. The first is a re-architected network transfer subsystem that exploits Netty 4’s zero-copy IO and off heap buffer management. The second is Spark’s sort based shuffle implementation, which we’ve now made the default after significant testing in Spark 1.1. Together, we’ve seen these features give as much as 5X performance improvement for workloads with very large shuffles.

    (tags: spark sorting hadoop map-reduce batch databricks apache netty)

  • The VATMOSS debacle: does the “manual email” loophole work?

    As the 1 January deadline gallops towards the EU, microbusinesses desperate to stay open without breaking the law try to find out, “Can I email stuff out instead?” Well… Yes. – No – It depends – and simultaneously yes AND no, according to Schrödinger’s VAT. So that’s clear, then.

    (tags: vat vatmoss eu tax fiasco email microbusiness sme)

  • One artist closing up their Bandcamp site due to new VATMOSS laws

    Nice work, EU

    (tags: eu law tax vat vatmoss matt-stevens bandcamp music downloads)

Categories: FLOSS Project Planets

Tim Bish: Packt’s $5 eBonanza returns

Mon, 2014-12-22 13:37

The $5 eBook Bonanza has returned, view the details here! Treat yourself to the eBook or Video of your choice for just $5 and get as many as you like until January 6th 2015.  This is a great time to add to your personal library and start learning some new tech skills.  Its also a great time to grab a copy of my ActiveMQ book at Packt.
Categories: FLOSS Project Planets

Carlos Sanchez: Downloading artifacts from a Maven repository with Ansible

Mon, 2014-12-22 11:00

An example of downloading artifacts from a Maven repository using Ansible, including a prebuilt Docker image.

Prerequisites

Install JDK and Maven using existing Ansible modules

ansible-galaxy install geerlingguy.java ansible-galaxy install https://github.com/silpion/ansible-maven.git - hosts: localhost roles: - { role: ansible-maven } - { role: geerlingguy.java } vars: java_packages: - java-1.7.0-openjdk Example

From mvn.yml, download any number of Maven artifacts optionally from different repositories

- hosts: localhost vars: mvn_artifacts: - id: org.apache.maven:maven-core:2.2.1:jar:sources dest: /tmp/test.jar # params: -U # update snapshots # repos: # - http://repo1.maven.apache.org/maven2 tasks: - name: copy maven artifacts command: mvn {{ item.params | default('') }} org.apache.maven.plugins:maven-dependency-plugin:get -Dartifact={{ item.id }} -Ddest={{ item.dest }} -Dtransitive=false -Pansible-maven -DremoteRepositories={{ item.repos | default(['http://repo1.maven.apache.org/maven2']) | join(",") }} with_items: mvn_artifacts Docker

An image with Ansible, JDK and Maven preinstalled is available at csanchez/ansible-maven.


Categories: FLOSS Project Planets

Matt Raible: THE BUS IS PAINTED!! HOLY CHRISTMAS PRESENT BATMAN!

Mon, 2014-12-22 09:03

I asked Jim Verhey at ReinCARnation to stop working on my bus in mid October. I didn't have a client lined up for November and couldn't afford to keep paying for it.

Today, I journeyed to Colorado Springs to talk with Jim. I hoped to convince him to give me a fixed bid to finish the project. When I got there, he surprised me with a finished paint job! You can imagine the look on my face when he opened the door and I saw this beauty!! HOLY SHIT - I LOVE IT SO MUCH!! The colors are perfect and paint job is exquisite!!

Jim said he felt bad for all I’ve been through with this project and finishing it was my Christmas Present. BEST CHRISTMAS PRESENT EVER!!

Album on Flickr →

There's still more work to be done before it's street legal. However, Jim did give me a fixed-bid price to finish it. If I can afford it, the bus will be done on April 1, 2015. Then it's off to the stereo shop (1 week) and the interior shop (2 weeks). That means I could be driving it in May! YIPPEEE!! Thanks Jim - you are an awesome human being.

Categories: FLOSS Project Planets

Colm O hEigeartaigh: New SSL/TLS vulnerabilities in Apache CXF

Mon, 2014-12-22 07:01
Apache CXF 3.0.3 and 2.7.14 have been released. Both of these releases contain fixes for two new SSL/TLS security advisories:
  • Note on CVE-2014-3566: This is not an advisory per se, but rather a note on an advisory. CVE-2014-3566 (aka "POODLE") is a well publicised attack which forces a TLS connection to downgrade to use SSL 3.0, which in turn is vulnerable to a padding oracle attack. Apache CXF 3.0.3 and 2.7.14 disable SSL 3.0 support by default for both clients, as well as servers configured using CXF's special support for Jetty. In addition, it is now possible to explicitly exclude protocols, see here for more information.
  • CVE-2014-3577: Apache CXF is vulnerable to a possible SSL hostname verification bypass, due to a flaw in comparing the server hostname to the domain name in the Subject's DN field. A Man In The Middle attack can exploit this vulnerability by using a specially crafted Subject DN to spoof a valid certificate.
If you are using TLS with Apache CXF then please upgrade to the latest releases.
Categories: FLOSS Project Planets

Justin Mason: Links for 2014-12-21

Sun, 2014-12-21 18:58
Categories: FLOSS Project Planets