Blog

HowTo

MG5350 Setup under Ubuntu

How to set up Canon MG5350 with Ubuntu

Now that I was repeatedly faced with the same problem to set up my printer (Canon MG5350) under Ubuntu. So i decided to write a small documentation which steps are necessary for the successful operation. The instructions refer specifically to my printer, but in my experience all models of Canon can be set up in a similar way.

Read more “MG5350 Setup under Ubuntu”

Project

High Availability Java Enterprise Operations

High Availability Java Enterprise Operations

Java is still one of the most widely used programming languages. Especially in the enterprise environment, the use of Java for the development of web applications is often without alternatives. Accordingly, we had to set up an infrastructure for JavaEE operations for one of our customers in which a Java application can run fail-safe. The application uses a MySQL database as data storage.

The functionality of the application depends on the availability of the database, so it was necessary to run the database with appropriate replication and redundancy. For this purpose we use MariaDB with the replication layer Galera with a multi-master replication.

The application servers use a current Tomcat version with the corresponding application and an upstream HTTP load balancer (from Amazon AWS). However, the database access of the Java apps does not run directly to the DB servers, but via an intermediate instance of HAProxy. This makes it possible for us to detect database errors more quickly and to switch to intact nodes without the application itself having to know the status of the database.

Benchmarking Results

With this architecture, we achieve a performance of more than 1500 possible HTTP requests per second, with an average load of approx. 60 requests/s in normal operation.

GitHub

GitLab Munin Plugins

 

Improved Monitoring Support for GitLab: GitLab Munin Plugins

GitLab has recently made a great name for itself in the world of project management software (read this article for a comparision between several source code management systems). Unfortunately, the possibilities for monitoring statistics are still relatively simple at present. For this reason I started a collection of small Python-scripts, which can be integrated in a munin monitoring environment. The code is open source and can be viewed and downloaded on GitHub at https://github.com/MatthiasLohr/munin-plugins-gitlab. Contributions are highly welcome!

Project

Android App Minis@Rom

For a great service pilgrimage to Rome of the Catholic Church in Germany I was asked to develop the app Minis@Rom.

The special feature here was that the app could only use offline functionalities because of the very high roaming charges in Europe. The aim was to avoid high mobile phone charges for the mainly young pilgrimage participants.

Therefore, large parts of the app consisted of edited, static content such as the program, general information, various tourist information, a small dictionary and a great collection of sightseeing tours. There were also small games and an audio guide for selected routes.

The app was implemented with the framework of Apache Cordova. For the editors, a web-based possibility was created for the implementation phase to formulate parts of the content via Markdown, which was then automatically integrated into the app during the build process. For budget reasons, this app was released exclusively on the Google Play Store. As the app was developed exclusively for the duration of the pilgrimage, it was removed from the Play Store at the end of the event.

General

And the winner is…

GitLab!

Vielen dürfte das Problem nicht mehr ganz so am Herzen bzw. eher in der Magengrube liegen wie früher: Der Betrieb, oder noch herausfordernder, die Wahl einer Projekt-Verwaltungs-Software ist inzwischen Dank GitHub und einer Vielzahl kostenloser wie frei zugänglicher Open-Source-Lösungen heutzutage kein Problem mehr. Früher (aus meiner Perspektive am Anfang meiner universitäten und beruflichen Laufbahn) war das nicht ganz so leicht.

Trac

Vielleicht erinnern sich einige noch an Trac: Ticket-System, Wiki, Verwaltung des Code-Repositories – und das alles webbasiert. Für mich als Entwickler damals beim ersten Kontakt ein Meilenstein der Software-Entwicklung, da man eine zentrale Anlaufstelle für Code, Aufgaben und weiterführenden Informationen hatte. Wenn man als Team jedoch mehrere Projekte zu stemmen hatte, kam man dabei auch schon recht schnell an die Grenzen von Trac: Pro Projekt musste eine neue Instanz eingerichtet werden, ein automatisches Setup oder gar eine komplette Verwaltung über das Webinterface war nicht ohne Weiteres möglich. Ein bis dato noch nebensächliches, kleines Manko: Trac war limitiert auf SVN, Git, damals gerade dabei bekannt zu werden, war auch nur durch mehr oder weniger stabil laufende Plugins nutzbar.

Redmine

Auf der Suche nach einer Lösung für die Multiprojektfähigkeit, ohne jedesmal einen Administrator bemühen zu müssen, landeten wir dann bei Redmine. Webbasiertes Einrichten von Projekte, nach späteren Updates sogar mit der Möglichkeit mehrere Repositories pro Projekt anzulegen – und nebenbei natürlich Unterstützung für Git – sorgten recht schnell für eine Migration aller Trac-Projekte hin zu Redmine. Kleiner Schönheitsfehler hierbei: Die Repositories mussten immernoch per Hand initialisiert werden.

GitLab

Ein Kollege unseres Teams kam dann auf die Idee, mal mit Git herumzuspielen, und – wenn man schon dabei ist – einfach mal GitLab auszuprobieren (“Ich hab’ da mal was gehört…”). Kurzum: Trotz der gerade erst erfolgten Migration auf Redmine waren gerade die kollaborativen Funktionen von GitLab in Kombination mit Git Killer-Features, welche sehr schnell gute Argumente für eine erneute Migration der Projekte auf den Tisch brachten. Recht schnell wurde die Plattform auch außerhalb des Teams und auch über die Abteilung hinweg genutzt. Entsprechend dem aktuellen Funktionsumfang von GitLab richteten wir noch Backup-Prozesse etc. ein, Änderungen am Kern der Software waren aus unserer Sicht nicht notwendig. Alles, was wir brauchten, war eben dabei. So beschränkte sich die Tätigkeit des Teams auf Benutzung (für die Entwicklungs-Projekte, die wir betreuten) sowie das Management (Server-Betrieb, Wartung, Updates, Migrationen und Schulungen) der Plattform.

 

Project

802.1X

802.1X – Enterprise WiFi for the University of Trier

In addition to running water and electricity, one could assume that Internet access has also become a basic requirement of our society. (Like: “Do you want something to drink? Do you need the Internet?”).

Here too, the possibilities range from maximum simplicity (public WiFi, everyone can connect and access everything) to maximum complexity (WiFi for connections per se open, but often access is only possible via a – in the worst case – proprietary VPN software). The latter is – for reasons not known to me – apparently the preferred option for a large number of universities. Although to be fair, the Cisco VPN, which is almost always used, can be seen as a standard rather than a proprietary solution. This solution is established, works and is relatively secure compared to open WiFis or WebAuth solutions. Only question: What if the end device does not support Cisco VPN? This is the case, for example, with small IoT devices or some smartphone solutions, and not every user is experienced or interested enough to deal with the special features of a VPN solution.

802.1X – a well defined standard

For years now (I don’t know exactly when, but the RFC document is dated September 2003) there has been a standard that offers quite comprehensive and almost everywhere supported authentication options: 802.1X is the official name, often called Enterprise WiFi.

Restructuring the University Network

As part of the restructuring work in the network of the University of Trier, we  now have decided that we should migrate from the VPN solution to 802.1X authentication. After some planning work and test setups, we have now decided on the following structure: Cisco AccessPoints, which are connected to a so-called Concentrator that controls both access and data traffic, serve as access points. The university’s central user directory is an Active Directory, so we had to connect Concentrator and Active Directory. Since the Concentrator did not offer a satisfactory direct integration for the Active Directory, we decided to add a FreeRadius installation (consisting of 2 servers in HA mode) in between. (Free)Radius is fully supported by the Concentrator appliance as a standard triple-A system (Authentication, Authorization and Accouting). The ntlm_auth tool provided with FreeRadius then offers a simple interface for authentication against the Active Directory.

We also implemented the connection to the Eduroam network during the conversion.

Talk

DNSSEC Talk

During a seminar at the University of Trier I gave a DNSSEC talk (in German). If you would like to have the slides, you can download them here or from SlideShare.


Relevant RFCs

Here is a list of relevant RFCs for DNSSEC:

Spreading DNSSEC

To not only talk about it, but also to promote the distribution of DNSSEC, I have activated DNSSEC for my domains, including this one. Try the following command to check mlohr.com for valid DNSSEC records:

% dig +dnssec -t ANY mlohr.com

 

HowTo

Window buttons at Ubuntu Lucid – Round 2

Terrifying. With every Ubuntu installation I have been able to convince my window buttons to take the position on the right side of the screen via my instructions from here. Now, after an upgrade from Ubuntu 12.04 to Ubuntu 12.10, they were left again. Stupid thing: The old manual doesn’t work anymore!

For all frustrated users, here’s the command to straighten them out:

gsettings set org.gnome.desktop.wm.preferences button-layout ‘:minimize,maximize,close’