This space contains long writeups on things that excite me, short writeups on things that excite me even more; all on my favourite topics of like and dislike.
I recently bought the Turris
Omnia router. It’s a
security-focused router developed by the Czech NIC, a non-profit
organization that controls the .cz TLD. It started as a research
project for securing home networks.
The organization has since launched a variety of hardware devices for
secure home networking. At EUR 300, this router is not cheap, but it
is indeed quite capable hardware, easy to setup and manage, and comes
with the promise of automatic regular updates for the lifetime of the
routers.
Thanks to the generous hardware specs, in addition to being a router,
it can also work as a NAS server - running NextCloud, or making file
systems available over the network via SMB/CIFS and NFS. It can also
run LXC containers to host custom server workloads.
The OS in the router is based
on OpenWrt, with custom UI options in addition
to the LUCI interface for management. Both, the hardware
specs, and the
software are open and easily customizable.
Setting up the router was very easy. Setting up an external hard disk
via the two USB3 ports, or via the mSATA interface is
straightforward - and also recommended - to not wear out the internal
eMMC chip. Even getting openvpn client as well as server
configurations set up was a breeze via the ReForis WebUI.
Functionality like adblock, or file sharing, is configurable via the
LuCI OpenWrt interface. So one has to deal with these multiple UIs to
explore and manage the complete functionality of the router. There’s
also an older Foris UI, that’s slowly being deprecated, but not all
functionality from that UI is present in the newer ReForis one,
leaving folks to explore yet-another option.
Some of the customizations on top of OpenWrt make it easy to manage
and configure openvpn - both client and server configurations; setting
up NAS drives to run Nextcloud; and the dynamic adaptable firewall
configurations.
The dynamic firewall is an optional opt-in feature that relays certain
external input traffic to the router to the Turris servers, where it
is analyzed for new attack vectors. When a new vector is determined,
firewall updates are pushed to all Turris devices.
The system has an interesting way of backing up data and settings: it
uses a btrfs filesystem on the eMMC partition. Each backup operation
is a new btrfs snapshot, which makes it a very fast operation and
saves a snapshot of the entire system state. These snapshots can be
triggered by the user at any time via the ReForis UI. They’re also
automatically taken just before any system update operations - a cool
way to ensure the router doesn’t get hosed in case of a bad update.
This device is a great router. But there are some shortcomings in
this system, though. While the NAS functionality is well integrated,
Nextcloud feels very slow to access for file storage and retrieval
cases – especially as a media gallery. The set of packages doesn’t
also have imagemagick built in. Also, the NextCloud version that
ships with the the default package set is slightly old. For me,
downloading apps via the admin interface didn’t work; I had to install
apps via the cli, by first downloading the app via app.nextcloud.com,
copying it over to the router, untarring it, and then installing it.
The first few steps of that procedure are routine; enabling the app is
done via the command line like so:
The documentation and community
forums are a good source of information and
help for any Turris-related issues. Since the base is OpenWrt, the
excellent documentation and community support are readily available.
Overall, I’m quite pleased with the performance and functionality of
the router. I’m already using it as my primary router, and have
started using NextCloud on it. I’ve not set up custom LXC container
workloads yet; but I may try out a couple. tt-rss is one application
I’d like to try out soon.
Someone recently put the “what do we think about 2020” question differently, and very nicely: Many book readers like to skip to the end of books, and read the climax first, as they can’t stand the suspense. Had 2020 been a book, what would you have thought when skipping ahead, and reading about the last few days in December, back in early January 2020? Empty streets; not celebrating Christmas or New Years Eve with friends or family; shops closed, and travel all but coming to a halt. I’m sure many of us would’ve put that book down as some fantastical novel, one that talks about apocalypses or zombie outbreaks, and doesn’t talk about our world at all.
And yet it was real. And it not only felt normal and natural to not travel or meet friends and family for events, it even felt normal to stay home for long periods of time through the year. That’s mainly because we learned of the seriousness of the pandemic as the days rolled by.
One question that bothered me a lot during this time was “why is this happening now? Almost every country, almost every person living is affected by this pandemic. It’s something most of the living population has never experienced. Why now? And what makes this virus so special that it’s become this widespread?”
The last known pandemic was the one that started just as World War I was drawing to a close - in 1918. That’s more than a hundred years back. Since 1918, the world has actually shrunk. Mobility of people has increased, people travel across the globe in a matter of days, and yet this is the first virus to become a pandemic. SARS-Cov-2 was in fact already present in Italy and the USA in Dec 2019-Jan 2020, much before the virus was even known in the scientific or medical communities. Much before the resulting disease, COVID-19, became known. Well, in a way, we still don’t know what the disease does. We do not know of the long-term effects of this virus, and we continue seeing new studies being published on the long-term effects of having contracted the virus.
It’s not to say we’ve not had serious viruses during our lifetimes. HIV is the most well-known that has spread quite a bit. SARS and MERS from early 2000s were common as well. HIV doesn’t transmit via the air or casual contact; so that’s a category of its own. But SARS, or SARS-COV-1 was a coronavirus as well. Why didn’t that become a pandemic?
The answer seems to be that SARS-Cov-2 is far less lethal than the others, and in fact doesn’t even result in symptoms in a large population that gets infected with it. SARS-COV-1 or MERS were different: whenever someone contracted it, they quickly developed symptoms and had to be bed-ridden and receive care. That resulted in immediate isolation for the infected, and the spread was contained to small bubbles.
SARS-COV-2, on the other hand, doesn’t even manifest itself in all its hosts. Some people may not know for a long time that they had been infected by it. This meant that people continued to roam around, spreading the virus wherever they went. And that ended up infecting others. That led to the virus spreading far and wide, infecting many more people than is reported. Folks with other conditions, and vulnerable people bore most of the immediate ill-effects of the virus.
What made matters worse is that influential people reported this to be “just a mild virus, like the flu”. And many people believed that. That led to more carelessness, and more spreading of the virus.
The virus’s lethality, the way it manifests in individuals, and transmissibility - all came together in the worst kind of “sweet spot” only now, leading to the pandemic, and the widespread social, economical, and humanitarian effects of the lockdowns.
This is certainly not going to be the last such pandemic.
The more we rearrange the way we work and live to be compatible with this reality, the faster we can get to a new normal. This doesn’t have to mean we stop hugging friends, or stop chatting with strangers on streets. But it may mean we have to design masks that we can live with for all our outdoor presence, and we get much more mindful of our hands and fingers touching random objects, as well as taking proper precautions when gathering in closed spaces - which could also perhaps include mask-wearing.
I was initially going to just do a writeup on this blog, but I asked the folks at LWN if they were interested.. and they were! This is my first article for LWN. I've followed the site and the excellent content for a really long time, and now I'm very thrilled to also be an author.
We recently celebrated 25 years of Linux on the 25th anniversary of the famous email Linus sent to announce the start of the Linux project. Going by the same yardstick, today marks the 10th anniversary of the KVM project -- Avi Kivity first announced the project on the 19th Oct, 2006 by this posting on LKML:
KVM was subsequently merged in the upstream kernel on the 10th December 2006 (commit 6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7). Linux 2.6.20, released on 4 Feb 2007 was the first kernel release to include KVM.
KVM has come a long way in these 10 years. I'm writing a detailed post about some of the history of the KVM project -- stay tuned for that. [Update 3 Nov 2016: I've written that article now at LWN.net: https://lwn.net/Articles/705160/]
I did a talk earlier today at the wonderful venue of the Science Centre Singapore at FOSSASIA 2016, titled 'Virtualization and Containers.' Over the last few years, several "cool new" and "next big thing" technologies have been introduced to the world, and these buzzwords leave people all dazed and confused.
One of my aims for this talk was to introduce people to the concepts behind virtualization and containers, explain that these aren't really new technologies, and why there's so much interest in them of late.
I also think there's a lot of misinformation spread around these topics, so this was also an attempt to set some facts straight.
The slides are here, and I will post an update with the link to the video.