Skip to main content

- Defending Internet Freedom

- IndieHosters

- Give Docker Trainings

-, yet another Docker PaaS

- Meteor Freelancer

- ToS;DR

- IndieWeb

- I have something to Hide and you?

- Framasoft

Pierre Ozoux

Cambridge Analytica whistleblower

2 min read

Maybe you saw that revelation of facebook breach.

A lot of people are shocked, and it was also for me the drop to quit facebook.

But, it is really nothing new. we accepted it, even if we didn't read the terms.

Surveillance capitalism, is really bad for democracy, and since Snowden revelation, we know that they collaborate with state surveillance, which is nothing to reassure citizens from the world. And as you can see, even in our so called "democracy" the leader can change quickly to somebody you didn't really expect to have all this data in their hand.

I'll make here a little list of articles that prove that it is nothing new, and shocked me before:

Our digital twin maybe reveals more than what we actually know about ourself. And they can manipulate our real person.

Is it not enough power? No there is something even scarier. We are living in a panopticon, always knowing that somebody can watch us. And you might think, who care? I was really surprised to learn that traffic to wikipedia entries about terrorism dropped after Snowden revelations. So yes, we are now afraid to learn more about our world because we are under surveillance!

If you think like me that this is scary, and you have something to hide, then quit and/or donate to Terms of Service - Didn't Read crowdfunding campaign!

Pierre Ozoux

Having a bit of fun with Hetzner free cloud and kubernetes before GOT

1 min read

Following this tutoriel from my GF's ubuntu :)

apt-get install pip
pip install pssh
cat > servers < < | apt-key add -
cat </etc/apt/sources.list.d/docker.list
deb$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable

curl -s | apt-key add -
cat </etc/apt/sources.list.d/kubernetes.list
deb kubernetes-xenial main

apt-get update

apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}') kubelet kubeadm kubectl

pssh -O StrictHostKeyChecking=no -h servers -i -t 0 -I < ./

My master will be the 22

run this on this node:

kubeadm init --pod-network-cidr=

Run this on the workers:

kubeadm join ... # the join command you got from the init

And again on the master:

export KUBECONFIG=/etc/kubernetes/admin.conf
kubectl apply -f
kubectl apply -f

 voila :)

kubectl get no
kubectl get po --all-namespaces

ok, it took 1h30, and not 15min as expected at the beginning :/ So no GOT, but just H2G2, and dodo :)

Pierre Ozoux

Pierre Ozoux

I start to understand the fuss around swarm mode...

1 min read

Ok, I think I'm annoyed (not sure, but almost).

They always said,

"develop against docker api, it will not change."

"Docker run" is just an api call to a server, you can replace the server with a cluster master"

And now, how do you deploy? "docker service create"...

Is all my work around docker-compose compatible? "Yes, we have a crappy and unstable converter!"

Then there is this converter also compose2kube :) I'm sure it is as good, and if I have to switch, I'll switch for the big guys :)

They also have kpm which looks interesting!

And ceph and git support for volumes \o/

In this battle, my position was always to wait with my docker-compose (looking at the less energy consuming path). But @docker, if I have to work to migrate existing compose to whatever, I'll change for the winner!

Go Fork yourself Docker!

Pierre Ozoux

Recommendations to read before a #docker training :)

2 min read

And for after, to go further:

In term of podcats, listen to:

  • podctl start from the beginning, they'll tell you the basics :)
  • The cloudCast Follow the trends on what is happening around the cloud world.

And finally, in Youtube, I recommend following these channels:

And about kubernetes, I recommend the following:

Julia Evans

And you, what would you recommend?

PS: do you know why we say k8s for kubernetes? or i18n for internationalisation?

First letter - number of letter - Last letter, you're welcome!

localisation -> l10n :)

Pierre Ozoux

12 Fractured Apps

1 min read

I laughed :)

"I can hear the silent cheers from hipster “sysadmins” sipping on a cup of Docker Kool-Aid eagerly waiting to suggest using a custom Docker entrypoint to solve our bootstrapping problems."

Really good read about how you should build your applications!

Pierre Ozoux

GNU new round of investment!

1 min read

"They got embedded in all the huge enterprise companies on the backs of volunteers! Now they can flip on the revenue stream. I really respect Richard for his cutthroat business strategy."

-Larry Ellison, Oracle

Pierre Ozoux

Mouting iPhone on ubuntu

1 min read

If you ever need to mount an iPhone on ubuntu, it is a pain, hope it helps:

sudo apt-get install libfuse-dev build-essential automake libusbmuxd-dev libplist-dev libplist++-dev python-dev libssl-dev libtool

cd libimobiledevice-master/
sudo make install

cd ../ifuse-master/
sudo make install

sudo modprobe fuse
sudo adduser $USER fuse
mkdir /tmp/iphone/
ifuse /tmp/iphone/

Pierre Ozoux

Backups on Rancher/Convoy/GlusterFS

2 min read

The problem

I'm currently working on and we use Rancher with convoy and glusterFS. So far so nice.

We now need to do backups, because, well, you know, it is always nice to have backups!

Backups have 2 purposes:

  • disaster recovery: one disk burn, and I want to recover my data, or my gluster cluster collapsed
  • go back in time: I just deleted really important data, and I want to recover them.

Convoy offers snapshot features, but no rollback so it is a bit useless to go back in time.

We could use the backup feature, but it would be quicker to restore from snapshot. Anyway, they don't offer it, so we are out of luck.

And actually, convoy-glusterFS doesn't even implement backups nor snapshot option. So we are really out of luck here.

A possible solution

Make a generic process that will run periodically. It would list all the mount points used by local containers. Then for each mount point, it would:

  • create a container
  • mount this in read-only
  • use duplicity to backup it locally (incremental, and encrypted)

And then, to keep these backups in a safe place:

  • expose this folder in read-only to ssh
  • pull backup from another server

What do you think?

A nice enhancement would be to detect if this is a mysql folder (/var/lib/mysql), if yes, perform a mysql dump before doing the incremental backup.

We still have to write a restore procedure, but once I know I have my backups in a duplicity format, I'm a lot more comfortable!

Pierre Ozoux

Monsanto - Monsatan?

1 min read

Depuis plusieurs semaines, je suis le groupe facebook sur la zététique (Oui je sais, ils n'ont pas de site Internet). Et J'ai appris beaucoup de choses, comme par exemple les égarements des electrophobes!

Mais, je sentais un certain dédain pour les gens qui critiquais les OGMs et/ou Monsanto. Et du coup, vous me connaissez, ça m'a chauffé. Je suis sortis avec mes grands sabots.

Et selon Paul, je serais tombé dans un schéma classique (c'est pour cela que je les accusé de lobbying) (X est Monsanto est gentils/pas pire que les autres):

1- Telle personne dit X.

2- Or X est invalide. (<- C'est là que l'on présuppose d'avoir raison.)

2'- D'où (depuis 2) : Personne ne peut défendre X sans autre raison.

3- Donc (depuis 1 et 2') : La personne a d'autres motivations.

Et donc, dans les commentaires, on a commencé à avoir ce débat sur Monsatan-Monsanto. On m'a renvoyé vers ce document, qui prouverait que Monsanto en fait, ben il est pas méchant! (sisi :) )

Et donc, voila l'objet de ce post! Je pense toujours que Monsanto est Horrible, qu'il faudrait juger ses décideurs pour crime contre l'humanité, la nature et les animaux. (Et oui, je sais bien que Monsanto n'est pas le seul, que syngenta est là aussi dans la place, et que John Deer n'est pas très loin non plus, mais j'ai pas encore bien compris comment il était méchant :) )

Donc, venons-en à la réponse. Il est en effet difficile de décortiquer une telle légende urbaine, Monsanto! Rien que dire son nom en soirée, il est en effet aisée d'obtenir le consensus rapidement. Je pense donc, qu'il faudrait se consacrer sur un fait, et décider si sur cette action, est-ce que Monsanto est gentils/méchant, ou pas pire que le reste de l'industrie. (oui, je suis un peu Manichéen, j'ai besoin de simplification pour m'aider à vivre et dire que Monsanto est mauvais, toujours, ça m'aide à moins réfléchir au sujet, mais ce n'est pas une raison pour ne pas avoir de bons arguments pour le mettre dans cette catégorie!).

Je me suis dit, ça va être simple. Et voila, j'en ai trouvé un!

EFSA and Member States vs. IARC on Glyphosate: Has Science Won?

Je vous la fait courte:

OMS dit "glyphosate probablement cancerigène" (ça suffit pour interdire le glyphosate en Europe).

EFSA dit "pas cancerigène".

Monsanto's Chief Technology Officer dit "Science wins!!"

96 scientifiques se lèvent pour dire leur mécontentement.

Voila, on est sur un cas, ou "probablement", on a des cancers du à un produit développé par une entreprise et celle ci le dénie.

Vous classez Monsanto où vous voulez sur l'échelle du mal, je pense qu'ils méritent (mettre la punition légale adéquate).

Sinon, pour le groupe de la zététique, je ne suis pas rancunier, et je pense qu'il vous faut un autre outils pour vous organiser qu'un groupe facebook. Je vous offre gratuitement l'hébergement d'un des produit sur ma boutique :) (Je recommande le discourse, c'est top :) )