Christian Reis lives here
I know you know. But well, just in case you forgot..
Since 2004, I've been actively involved in
development of Launchpad, and in
2005 I became application manager for the project, together with Steve Alexander. These days
I lead a team of over 30 people at Canonical working on building a
platform for the future of open source development and
In 2003, I somehow managed an MSc degree from USP São Carlos, where I
wrangled out my dissertation on defining a Process Model for Free
Software Projects. My MSc project is described in two long documents (in portuguese). I
graduated in Computer Engineering from UFSCar in 1997, though most of that
time evaporated into swimming pools and bike trails.
A couple of years ago (just as I had decided I wanted nothing to do
with computers) I discovered Free Software and Unix, and I've been
working on both ever since then. I've contributed to dozens of
free software projects, and I am currently an active developer for
Bugzilla, PyGTK, ZODB, Kiwi and IndexedCatalog.
I've worked with Web development (who hasn't?) and Usability,
additionally, in the past years.
I am a partner at Async Open
Source, a company that provides development and consulting
services focused on on Free Software. I helped found Async in early
When I'm not pretending to be a software engineering manager I
engage in outdoor sports, travelling, language and vain philosophy. I've raced mountain bikes
for a couple of years now, and from 1999 to 2003 I raced a number of
national-level adventure races, including the multi-day EMA 2000 and
Getting in touch with me
<kiko at async.com.br>
||+55 16 3376 0125 work
+55 16 9112 6430 mobile
Rua Rui Barbosa 1977|
Sao Carlos, SP
What he's been up to
(Read older diary entries)
LXC, delays and ordering
- I spent some time today trying to figure out why my Gerrit LXC would
never start up correctly after a system reboot. The container would come
up, but Gerrit wasn't running. But if you started or restarted the
container manually, it would all work fine. What the hell?
- It turns out that the problem was a dependency on another
container running PostgreSQL, but what's funny is that getting the
containers to start in the right order was not at all trivial.
- First, I thought of using lxc.start.delay to delay starting the Gerrit
container itself. However, it turns out that lxc.start.delay delays
initializations of containers started AFTER this one; a more appropriate
name might be lxc.start.postdelay or lxc.start.delayafter. So that won't
help me here.
- Given we can't delay starting the Gerrit container itself, the trick
is to start the PostgreSQL container earlier, which involves using
lxc.start.order (and then lxc.start.delay to block containers starting
after that). But again, there's a gotcha; lxc.start.order in LXC 1.x is
actually in descending order, so 99 starts before 1. That was changed in
LXC 2.0 after somebody spotted the inconsistency:
- The final piece of gotcha is that I was kind of hoping to set the
default order for *every* container in /etc/lxc/default.conf, but that
file is actually only used to seed new container configs (so seed.conf
might have been more appropriate) -- the place where you can drop in
defaults that are used for all containers is actually in
/usr/share/lxc/config/common.conf.d. I ended up modifying the configs
manually, and it all works as expected. Phew!
SASL PAM auth with Sendmail is hard
- For a very long time we've wanted to use PAM authentication to enable
users to relay through our mailservers, but never managed to get it
working. The workaround was to define a sasldb2 file and manually
maintain passwords, but that was not very practical and for new users
required extra setup. Well, today I finally managed to get it working.
- The first hint was that, in order to avoid needing a separate sasldb2
file, you need to use the LOGIN and PLAIN authentication mechanisms. I
found this in a footnote at
[www.puresimplicity.net] that goes into
it in more detail; specifically:
Adding support for CRAM-MD5 and DIGEST-MD5 complicates
password-management greatly. CRAM-MD5 and DIGEST-MD5 can not
authenticate against the regular password system, be it saslauthd
talking to PAM (the default system the above setup uses for sendmail) or
straight from local system passwords. Keeping plain-text passwords in
files is just a Bad Thing, plus password synchronization becomes a
problem when you have to maintain three separate passwords.
- Getting AUTH and LOGIN enabled in sendmail.mc took a bit of digging as
sendmail.mc is a bit confusing, but in the end I managed to get it
working, including only allowing these over TLS. Reading
[www.sendmail.org] would have helped.
- The final piece was equally tricky; I edited Sendmail.conf but was a
bit too eager to specify configuration, and ended up including
saslauthd_path, but without the trailing "/mux" named pipe. The most
annoying thing is that Sendmail just silently fails if you get that
wrong -- nothing is logged. In fact, no SASL activity is logged at all
by Sendmail AFAICT. The hint that this was wrong comes from here:
and the actual documentation is here:
- Bonus learning for today, part 1: what dnl in the sendmail.mc file
actually means: "delete through newline", courtesy of
It ensures that whatever comes after it never shows up in the
sendmail.cf file. Contrast with a line that starts with #, which is
copied into sendmail.cf but will become a comment there.
- Part 2: when forwarding using .forward, a backslash prior to the name
avoids further expansion, and you can use that to deliver a copy of your
mail locally along with whatever else you are doing. Courtesy of
- Part 3: when testing sendmail in STARTTLS mode, gnutls-cli is really
easy to set up, and
describes it perfectly.
Windows Backup Sucks
rdiff-backup and UpdateError/UpdateErrorOne
- While the rdiff-backup wiki has been offline for months, the
copy is still valid. It doesn't really give great ideas, though perhaps
cloning (or snapshotting, yay ZFS) the log directory would not be a bad
solution to the problem.
DKMS, CH9200 and LTS backported kernels
- So to handle the server disaster I ended up replacing the board with
one with only 2 ethernet ports, and our router needs 3, so I also went
out and bought a USB Ethernet device. This is what I got:
[ 4.356423] usb 6-2: New USB device found, idVendor=1a86, idProduct=e092
[ 4.356434] usb 6-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 4.356443] usb 6-2: Product: CH9200 USB Ethernet Adapter
Of course, is it just my luck that the device doesn't work without an
- DKMS to the rescue! Googling led me to a site with some debs for this
device that have already been DKMS-ified:
- The only remaining piece was that I was missing the 3.13 kernel
headers as I use a backported kernel, as
hinded. I installed the
linux-headers-generic-lts-trusty package, dpkg-reconfigure'd dkms to
build the module, tweaked the interface name in
/etc/udev/rules.d/70-persistent-net.conf and all was well. Phew!
- (I say wll was well except our ADSL modem is still dead. Yuck!)
Public Holidays Kill Servers
- 2 of our servers died this Monday, at 1PM. We're not sure what
happened, but they seem to be toast. The motherboards were fried,
probably during a horrible thunderstorm that struck us, but the weird
thing is that the UPS, switch and cable modem seems to be fine. I'm not
sure what happened! The only other suspect pieces: a USB hub which died,
and the ethernet port on an ADSL switch which is partially
malfunctioning. Subtle, eh?
- The dead ADSL port does mean we have no SMTP or inbound services until
then though.. kind of annoying but it's somewhat liberating!