Helpful, low-FUD information security sites, mailing lists, and blogs

bookshelf - flickr - stevehuang7Keeping current with the latest trends and technologies in the realm of information security is critical and there are many options to choose from. However, as with any content on the internet, it takes some effort to find sites with a good signal-to-noise ratio. Information security is a heavily FUD-laden industry and I’ve taken some time to compile a list of helpful sites.

General sites

Blogs

Mailing Lists

Humor (come on, we need it)


Many thanks to my coworkers for helping to compile the list. If you have any others that you really enjoy, let me know! I’ll be glad to add them to the post.

Photo Credit: stevehuang7 via Compfight cc

Two months with Google Play Music All Access

After using Spotify for a couple of months, I decided to try Google Play Music All Access. My experience was quite good from the start:

Music selection

My music tastes include some very popular artists as well as some less popular ones. I found that Spotify and Google Play almost always had what I was looking for. Some artists only have portions of their catalog available for streaming and I found the selection of music in both products to be identical.

One feature of Google Play that I really enjoy is the ability to upload music. It’s somewhat similar to iTunes Match. You can upload up to 20,000 tracks and then you can stream them to any of your devices after that. This really helps if you have some obscure music stored locally or if there’s an album from one of your favorite artists that isn’t available for streaming. Any music that you actually purchase from Google isn’t included in that total. All of that is streamable anywhere, anytime. If there is music that you want to buy and keep forever, you can buy it and keep it without continuing your All Access subscription.

Interface

There are several options in the interface depending on how you want to listen to your music. If you know of an artist or album you want to listen to, you can go straight there and begin listening. However, Google offers many options to discover new music.

One option is to find your favorite artist, album, or track and click Play Radio. Google tries to find very similar music to what you selected and it has an uncanny ability to get it right most of the time. It’s almost creepy how well it finds the right music to go along with what you selected. I’ve found a slew of new music this way simply by finding an artist I like and then playing the radio station from there.

There are also curated lists from other users and from Google. In addition, you can choose your mood or situation and let Google suggest some things. For example, Google lines up different selections depending on the time of day. Here’s what I get during the day on a workday:

Google Play Music All Access mood selection

Selecting one of those options leads to a submenu where you can hone in on a genre of music. From there, you’re offered three radio stations that meet your criteria with explanations of the music as well as a sample of the album art.

The interface is snappy in Chrome and rarely throws any errors. Various rich clients for Windows, Mac, and Linux exist if you’re not a fan of playing music in your browser. As an added bonus, you get to watch music videos of tracks from Google Play Music on Youtube without ads.

Mobile

As you might expect, the Android integration is superb. Playing music on Wi-Fi or 4G is quick and you can broadcast music to Bluetooth receivers or Chromecast devices from the interface without much fuss. The basic music controls, like play/pause and prev/next track, are all available even from the lock screen.

I listen to music quite a bit in the car and you get three options for audio quality when you’re off Wi-Fi. The lowest quality is pretty horrible but the middle and high settings are quite good. The middle setting seems to shave off 20-30% of the bandwidth requirements of the high setting but it still sounds reasonable.

You have a few options for offline caching. Any album, artist or track can be saved to your mobile device on demand. You can also create playlists and set those playlists to always be kept offline. Your mobile device will automatically download the music you add to those playlists within a few minutes. That’s handy if you add music to playlists at work and then want to listen offline in the car while you drive home.

Improvements

You can only stream on one device at any one time. Offline playlists are excluded from that restriction but it would be nice to be able to stream to more than one device for an additional fee.

The “Feeling Lucky” radio station tries to guess what I like but it often seems to choose one genre of music. I’m probably an oddball since I bounce between quite a few different genres of music but this has caused me to avoid using that feature.

Conclusion

I’m definitely a promoter of Google Play Music All Access. At only $10/month (plus some tax), it’s much cheaper than what I was spending to purchase albums regularly and it allows me to access a huge supply of music from wherever I’m located without loading files onto my mobile devices’ small storage volumes.

Eight years at Rackspace

Rackspace Datapoint office sign

Saying farewell to the Datapoint office location in 2011. That’s where it all started for me in 2006.

Today marks my eight year anniversary at Rackspace and I’m truly honored to work for such a rapidly evolving company that takes the art of customer service to the next level. I continue to learn so much from the community of Rackers around me and I’m glad to have the opportunity to teach them something new as well.

Try out LXC with an Ansible playbook

Ansible logoThe world of containers is constantly evolving lately. The latest turn of events involves the CoreOS developers when they announced Rocket as an alternative to Docker. However, LXC still lingers as a very simple path to begin using containers.

When I talk to people about LXC, I often hear people talk about how difficult it is to get started with LXC. After all, Docker provides an easy-to-use image downloading function that allows you to spin up multiple different operating systems in Docker containers within a few minutes. It also comes with a daemon to help you manage your images and your containers.

Managing LXC containers using the basic LXC tools isn’t terribly easy — I’ll give you that. However, managing LXC through libvirt makes the process much easier. I wrote a little about this earlier in the year.

I decided to turn the LXC container deployment process into an Ansible playbook that you can use to automatically spawn an LXC container on any server or virtual machine. At the moment, only Fedora 20 and 21 are supported. I plan to add CentOS 7 and Debian support soon.

Clone the repository to get started:

git clone https://github.com/major/ansible-lxc.git
cd ansible-lxc
ansible-playbook -i hosts playbook.yml

If you’re running the playbook on the actual server or virtual machine where you want to run LXC, there’s no need to alter the hosts file. You will need to adjust it if you’re running your playbook from a remote machine.

As the playbook runs, it will install all of the necessary packages and begin assembling a Fedora 21 chroot. It will register the container with libvirt and do some basic configuration of the chroot so that it will work as a container. You’ll end up with a running Fedora 21 LXC container that is using the built-in default NAT network created by libvirt. The playbook will print out the IP address of the container at the end. The default password for root is fedora. I wouldn’t recommend leaving that for a production use container. ;)

All of the normal virsh commands should work on the container. For example:

# Stop the container gracefully
virsh shutdown fedora21
# Start the container
virsh start fedora21

Feel free to install the virt-manager tool and manage everything via a GUI locally or via X forwarding:

yum -y install virt-manager dejavu* xorg-x11-xauth
# OPTIONAL: For a better looking virt-manager interface, install these, too
yum -y install gnome-icon-theme gnome-themes-standard

Install sysstat on Fedora 21

One of the first tools I learned about after working with Red Hat was sysstat. It can write down historical records about your server at regular intervals. This can help you diagnose CPU usage, RAM usage, or network usage problems. In addition, sysstat also provides some handy command line utilities like vmstat, iostat, and pidstat that give you a live view of what your system is doing.

On Debian-based systems (including Ubuntu), you install the sysstat package and enable it with a quick edit to /etc/default/sysstat and the cron job takes it from there. CentOS and Fedora systems call the collector process using a cron job in /etc/cron.d and it’s enabled by default.

Fedora 21 comes with sysstat 11 and there are now systemd unit files to control the collection and management of stats. You can find the unit files by listing the files in the sysstat RPM:

$ rpm -ql sysstat | grep systemd
/usr/lib/systemd/system/sysstat-collect.service
/usr/lib/systemd/system/sysstat-collect.timer
/usr/lib/systemd/system/sysstat-summary.service
/usr/lib/systemd/system/sysstat-summary.timer
/usr/lib/systemd/system/sysstat.service

These services and timers aren’t enabled by default in Fedora 21. If you run sar after installing sysstat, you’ll see something like this:

# sar
Cannot open /var/log/sa/sa12: No such file or directory
Please check if data collecting is enabled

All you need to do is enable and start the main sysstat service:

systemctl enable sysstat
systemctl start sysstat

From there, systemd will automatically call for collection and management of the statistics using its internal timers. Opening up /usr/lib/systemd/system/sysstat-collect.timer reveals the following:

# /usr/lib/systemd/system/sysstat-collect.timer
# (C) 2014 Tomasz Torcz <tomek@pipebreaker.pl>
#
# sysstat-11.0.0 systemd unit file:
#        Activates activity collector every 10 minutes
 
[Unit]
Description=Run system activity accounting tool every 10 minutes
 
[Timer]
OnCalendar=*:00/10
 
[Install]
WantedBy=sysstat.service

The timer unit file ensures that the sysstat-collect.service is called every 10 minutes based on the real time provided by the system clock. (There are other options to set timers based on relative time of when the server booted or when a user logged into the system). The familiar sa1 command appears in /usr/lib/systemd/system/sysstat-collect.service:

# /usr/lib/systemd/system/sysstat-collect.service
# (C) 2014 Tomasz Torcz <tomek@pipebreaker.pl>
#
# sysstat-11.0.0 systemd unit file:
#        Collects system activity data
#        Activated by sysstat-collect.timer unit
 
[Unit]
Description=system activity accounting tool
Documentation=man:sa1(8)
 
[Service]
Type=oneshot
User=root
ExecStart=/usr/lib64/sa/sa1 1 1