The poll has been completed an the following nominees have been
elected to the Technical Board:
- Steve Langasek (slangasek)
- Martin Pitt (pitti)
- Kees Cook (kees)
- Adam Conrad (infinity)
- Stephane Graber (stgraber)
- Marc Deslauriers (mdeslaur)
Congratulations and welcome! And thanks again to everyone who stood for election.
Originally posted to the technical-board mailing list on Thu Jan 2 17:27:13 UTC 2014 by Elizabeth Krumbach Joseph
Right before the holidays Robie Basak filed a Main Inclusion Report for nginx in Ubuntu. What does this mean? This means that nginx will sit alongside Apache in 14.04 with full security updates over the life of the release.
This is excellent news for those of you using stacks that tend to use nginx; increasing our support of nginx has been something many Ubuntu Server users have been telling me they’d like to see and it’s good to see us make some progress in this area.
All this is possible due to Thomas Ward; who has been rocking nginx in Ubuntu for a while now. Without his tireless efforts this couldn’t have been possible! He’s also maintaining PPAs for stable and development releases of nginx for every Ubuntu release since 10.04. What an excellent contribution to the community!
On the Juju front we have some charms that allow you to dynamically swap between Apache and nginx. Over the course of the year we’d like to see more charms have an option to use nginx. If you are interested in working on that, let me know.
Each UNIX vendor, it seems, rewrote or heavily customized sendmail. This has lead to sometimes conflicting implementations.
Case in point: -tNormally, you invoke sendmail(8) with a series of arguments indicating the subject of a message, the recipients, etc. When invoked this way, the command expects a message on standard input, waits for EOF, and then sends your message along.
However, sometimes you don't want to have to fiddle with command-line parameters; you've already written a perfectly fine message with headers.
-t is generally passed to sendmail when you want to build a message envelope from an already-formatted message, with headers, etc. For example, if you had a file foo.txt with a body like this:
From: Luke Faraone
To: John Smith
Subject: Hello, world!
you could send the message with a simple invocation of cat foo.txt | sendmail -t. The system would take care of ensuring a Message-id was appended if appropriate, and queue the message to be sent. However, it is when you do slightly more complex invocations of sendmail that things get ambiguous.
It turns out that implementations differ on what exactly it means when you use -t in combination with naming destination addresses after the arguments to sendmail. exim4's documentation describes the situation in greater detail:
extract_addresses_remove_ argumentsUse: mainType: booleanDefault: trueAccording to some Sendmail documentation (Sun, IRIX, HP-UX), if any addresses are present on the command line when the -t option is used to build an envelope from a message’s To:, Cc: and Bcc: headers, the command line addresses are removed from the recipients list. This is also how Smail behaves. However, other Sendmail documentation (the O’Reilly book) states that command line addresses are added to those obtained from the header lines. When extract_addresses_remove_arguments is true (the default), Exim subtracts argument headers. If it is set false, Exim adds rather than removes argument addresses.
Thus, there's basically no mechanism for a program to know which behaviour to expect. God forbid two programs are installed on a system that expect different behaviours!
It appears that the default behaviour of Ruby is the opposite of what exim4 (Debian's default mail client) expects. This has resulted in numerous bug reports. Some replies suggest changing exim4's defaults, while others advocate overriding ActionMailer and friends to use sendmail -i instead, without -t.
That said, its not really clear who's wrong here; at no point does there appear to have been a definitive specification for sendmail, and as such we can hope for defined behaviour by common custom at best, and a sea of incompatibility bugs at worst. Amusingly, POSIX standards have nothing to say on this subject of sendmail at all; it defines that a mailx command must exist, but says that its sending mode may be implementation-specific.
As Matthew Garrett writes, there's not enough gin in the world.
Each AMI publisher on EC2 decides what user (or users) should have ssh access enabled by default and what ssh credentials should allow you to gain access as that user.
For the second part, most AMIs allow you to ssh in to the system with the ssh keypair you specified at launch time. This is so common, users often assume that it is built in to EC2 even though it must be enabled by each AMI provider.
Unfortunately, there is no standard ssh username that is used to access EC2 instances across operating systems, distros, and AMI providers.
Here are some of the ssh usernames that I am aware of at this time:
OS/Distro Official AMI
ssh Username Legacy / Community / Other AMI
ssh Usernames Amazon Linux ec2-user Ubuntu ubuntu root Debian admin root RHEL 6.4 and later ec2-user RHEL 6.3 and earlier root Fedora ec2-user root Centos root SUSE root BitNami bitnami TurnKey root NanoStack ubuntu FreeBSD ec2-user OmniOS root
Even though the above list will get you in to most official AMIs, there may still be situations where you aren’t quite sure how the AMI was built or what user should be used for ssh.
If you know you have the correct ssh key but don’t know the username, this code can be used to try a number of possibilities, showing which one(s) worked:host=<IP_ADDRESS> keyfile=<SSH_KEY_FILE.pem> for user in root ec2-user ubuntu admin bitnami do if timeout 5 ssh -i $keyfile $user@$host true 2>/dev/null; then echo "ssh -i $keyfile $user@$host" fi done
Some AMIs are configured so that an ssh to root@ will output a message informing you the correct user to use and then close the connection. For example,$ ssh root@<UBUNTUHOST> Please login as the user "ubuntu" rather than the user "root".
When you ssh to a username other than root, the provided user generally has passwordless sudo access to run commands as the root user. You can use sudo, ssh, and rsync with EC2 hosts in this configuration.
If you know of other common ssh usernames from popular AMI publishers, please add notes in the comments with a link to the appropriate documentation.
Original article: http://alestic.com/2014/01/ec2-ssh-username
… totally not truebut what is true…
is that I am here for one month already and I am totally excited.
As mentioned in one of my last posts, I am working now for Sony Europe, especially for a company which was aquired by Sony. We are working closely with the Sony Playstation Team.
And Guys, it’s a blast.
I would really like to write something about what we are doing, and especially how we are doing it, but sadly I would kick my own ass out of this adventure, so I won’t reveal anything.
What I can say is this:
This month was full of new experiences. A very different approach to our discipline. And somehow I am feeling at home.
Our people here are very enthusiastic about their product, you can see that every day. The proudness, focus and knowledge is special here.
The work environment is more than awesome. Yes, StartUp feeling, for sure, but that is not it.
People are discussing new ideas, and how we can approach challenges in a very different way. Different from the traditional SysAdmin approach.
Being an SRE here means, not only knowing your system and being able to fix stuff in the SysAdmin way, but also to improve the overall quality of the system, which also means, that we are coding a lot of tools by ourselves to improve our work, reporting quality drops to other departments and debugging issues in third party software.
Furthermore, the bond between SRE and Development/Engineering is very tight. Means, whichever bug SRE finds, in OS, third party software stacks or in-house developed software, we will fix them ourselves, or we will report our findings directly to Development/Engineering (of course via bugtracker :))
The answers are coming fast, and the bugfixes, too. Faster than I was expecting.
That brings me to my next surprise. I never saw so many people working with Linux on a Workstation. This is really surprising. Don’t get me wrong, you’ll find here a lot of different computers and OSes, mostly Apple MacBooks and other types of Laptops, mostly dual booting, but at least every SRE and Developer has a Workstation with Linux running on it. Pretty awesome.
Yes, the vast amount of OpenSource Software here is incredible and surprising.
Anyways, I am so excited, and I am proud to work on this project. It will be a success, I have no doubts.
One last statement, what we are doing here, is revolutionary. It will change the way of todays Gaming experience, believe me. I am already dogfooding and even when I am more a casual gamer, I am impressed about the quality.
So, when you are into Gaming, look out for announcements from Sony in 2014.OpenSource
And there is still time to do some other things. Like fixing Python code for the Python Sphinx Contrib Project.
While working on a Python Project inhouse, I needed to use the sphinxcontrib-httpdomain module, sadly it wasn’t Python3 compatible.
Until 2 days ago :)
I worked on changing this, but without looking at some Python Helpers, which would have made the work more easy. After filing the pull-request, Upstream said thanks, but I should have a look at python-six, a Python Library which makes the transition a lot more easier than manual coding.
I did that, and ported the fixes to python-six and commited the changes and updated the pull-request. Upstream merged after 5 minutes, and my changes will be in the next release of sphinxcontrib-httpdomain.
Well, this is really special. We are using OpenSSH with Roumen Petrovs X.509 Patch. Sadly, this patch is not applied to the OpenSSH packages of most distributions. Neither Ubuntu, Debian or Fedora are carrying this patch in their repos.
So I am working on a sane solution for this and resolving this bug in Launchpad.
And to make things even more smooth for our Friends from Fedora, I am working on an RPM package for the same OpenSSH package as well.