Re: [Openstack] Is there any way to migrate the Instance between the projects/tenants?

[Lloyd Dewolf]

Anyone had success automating this process? Is there a blueprint for
this class of problem?

Thank you,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013)

[Lloyd Dewolf]

Thanks Jeremy,

I agree with you. I prefer a follow up after the fact.

Interestingly, the OSSA 2013-014 notice did include
"python-keystoneclient fix (will be included in upcoming 0.2.4
release)".

Thank you,
Lloyd


On Mon, Jun 3, 2013 at 10:37 AM, Jeremy Stanley  wrote:
> On 2013-06-03 10:01:03 -0700 (-0700), Lloyd Dewolf wrote:
>> I appreciate that it often isn't appropriate, but in this case it
>> might have been beneficial to include python-keystoneclient
>> version 0.2.4 where this is first resolved.
>
> What's the better way to do that, do you think? Delay the
> announcement until a new release is tagged, guess what the release
> will be numbered (possibly doable with the assistance of the
> developers as long as they don't change their minds), or follow up
> to the announcement after the fact? I opted for expediency and
> accuracy, indicating the date and commit hash stating "will appear
> in the next release," but am happy to entertain alternative
> approaches there.
>
> I agree it's less than ideal for end users reading the announcement
> and trying to decide whether they're running a new enough version of
> the client to have access to that feature, though I guess the
> manpage or --help output is the first place I would look as a user
> if it came into question. Also, with many users running
> stable-distribution-packaged clients with fixes backported, upstream
> version numbers can be fairly irrelevant to those users in the short
> term as they may have the fix in a client reporting to be running an
> older version.
> --
> Jeremy Stanley
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp



-- 
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013)

[Lloyd Dewolf]

I appreciate that it often isn't appropriate, but in this case it
might have been beneficial to include python-keystoneclient version
0.2.4 where this is first resolved.

Thank you,
Lloyd


On Thu, May 23, 2013 at 1:52 PM, Jeremy Stanley  wrote:
> OpenStack Security Advisory: 2013-013
> CVE: CVE-2013-2013
> Date: May 23, 2013
> Title: Keystone client local information disclosure
> Reporter: Jake Dahn (Nebula)
> Products: python-keystoneclient
> Affects: All versions
>
> Description:
> Jake Dahn from Nebula reported a vulnerability that the keystone
> client only allows passwords to be updated in a clear text
> command-line argument, which may enable other local users to obtain
> sensitive information by listing the process and potentially leaves
> a record of the password within the shell command history.
>
> Fix:
> https://review.openstack.org/28702
>
> Notes:
> A fix has already been merged to the python-keystoneclient master
> branch on 2013-05-21 (commit f2e0818) which adds an interactive
> password prompt, and will appear in the next release of
> python-keystoneclient.
>
> References:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2013
> https://bugs.launchpad.net/python-keystoneclient/+bug/938315
>
> --
> Jeremy Stanley (fungi)
> OpenStack Vulnerability Management Team
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQJ8BAEBCgBmBQJRnoF7XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5N0FFNDk2RkMwMkRFQzlGQzM1M0IyRTc0
> OEY5OTYxMTQzNDk1ODI5AAoJEEj5lhFDSVgp0egP/1ulEpWpQ+PGB3wnu3mFHJqU
> yx9hV1vgQok7+bo9IpYJg5fKbiG+xfK5F3DOAaeuLFH5qidLPTPeSLozRtJAyMfa
> lU7uuNA5e1oVDWDjEKaeeoC05cj9gaCx6GF1cdX6HIbMWVtZhBOiBZWEGU3l0lKV
> 9dpb0RbJ0xNa7m5NN7N7D7Qg42QGglTalolTAyzOyR7/EnM+iQNKlxIIdhKm3Lrb
> 512NnEsPpn2gB3zDU/IKxE6Pvy65dbBDzEos9anE4H7BuSm3QyP4RwWk21QPp+H8
> BQenDw3gahj3YBw14e5qaZgG5V4wdRkru7OOrIuzfPDcsydSD/9xGKmEs6MXXtBh
> rCpQ9iUApd1QBtrFWfnmsGrr6H3gGfHzFvBCOg2oWX4t1/cbP01EMTPswO0lpL4B
> HobIqng1eg0rKUIfLc4TQRpNBungfatjsBt5lb4ee2ywE3ABOQ47drN/fhVopKT7
> 6OojreEuOdaY0t3u68jwTYafdyqzlvUEirewJE4BYVuDl8ML9UyLhwQOrhUxhk+l
> q6aZ6oyMHlL6HLmQoukFzWt5J922QnxYJNq8izfDKHTte5BAyIdOHoV/nMgkyXTN
> nOt+tO+lByflI+Jy0K4ppWaaCuBCakWW8GTa7QLi6drxGIjA+vtIROLYsIk1rIDS
> byjR9eRNCwVNvv94gXZi
> =eJME
> -END PGP SIGNATURE-
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>



-- 
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Grizzly on Laptop running Ubuntu 12.04 Desktop 64-bit and having 2 NICs (one Ethernet and other Wireless)

[Lloyd Dewolf]

On Mon, May 13, 2013 at 7:34 AM, Devendra Gupta  wrote:
> Hi,
>
> I am setting up Grizzly in single node on my laptop running Ubuntu
> 12.04 Desktop 64-bit for POC, I am using a doc which say 2 NICs are
> required (please see
> https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_SingleNode/OpenStack_Grizzly_Install_Guide.rst
> doc).
>
> I have two NICs in my laptop one is Ethernet and other is Wireless so
> is it fine to setup the environment on it ? Another thing, what if I
> am disconnected from any of the network because then I don't have IP
> in that specific NIC ?

Skimming through those instructions it looks like the requirement for
2 nics is specific to making your OpenStack install available on the
Internet in a secure-ish manner.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] OpenStack in OpenStack Without a 'VT-x' CPU

[Lloyd Dewolf]

On Tue, Apr 30, 2013 at 2:14 PM, Dugger, Donald D
 wrote:
> I don’t claim to be an expert on OpenStack on OpenStack but I don’t believe
> you need VTx at all.  IPMI, yes you need that, but not VTx.

How would (physical) IPMI come in to this equation? If I understand
here we are talking about using virtualization on a single server to
gain experience with configuring and operating OpenStack clusters.


On Tue, Apr 30, 2013 at 1:12 PM, Chris Bartels
 wrote:
>
> tl;dr-
>
> 1.   Does the nested KVM running inside the OpenStack that runs inside
> another OpenStack get to take advantage of the VT-x of the host CPU?

AFAIR, there has been nested guest support in kvm_amd for a while, and
more recently kvm_intel also has support...
These blog posts from a year ago seem relevant:
http://kashyapc.wordpress.com/2012/01/14/nested-virtualization-with-kvm-intel/
http://kashyapc.wordpress.com/2012/01/18/nested-virtualization-with-kvm-and-amd/



> 2.   Does OpenStack on OpenStack running KVM in each need VT-x on the
> host CPU at all to run properly?

Sort of, hardware support is required to truly use KVM, but when we
say KVM we're lumping in QEMU. KVM fails back to QEMU.

AFAIK, other virtualization technologies like vmware and virtualbox
require VT-x/amd-v for 64-bit guest virtualization, and I think some
Windows guests require tech like Extended Page Table (EPT). I've
previously played with https://github.com/lorin/openstack-ansible


If it was me, I would be concerned that without hardware
virtualization the performance would be so poor that OpenStack on
OpenStack would be too frustrating to use -- though you might find
some interesting bugs related to race conditions and timeouts :p


Hope that helps,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] no root disk, ephemeral disk quota?

[Lloyd Dewolf]

Correct, there are quotas on number of volumes and total size.

I hadn't really thought on it before that flavors in combination with
quotas you can restrict other resources more strictly than storage,
though generally that seems to make sense.

Could you explain your use case?


On Sun, Apr 14, 2013 at 11:33 PM, Tian Gao  wrote:
> There is quota of volumes in cinder, but I need quota of root disk, and
> ephemeral disk. I think these two quota should be stay in nova rathen in
> cinder. is it right?
>
>
> On 2013年04月15日 14:25, Lloyd Dewolf wrote:
>>
>> On Sun, Apr 14, 2013 at 11:16 PM, Tian Gao  wrote:
>>>
>>> Hi all,
>>>
>>> I found these are quotas of swap, CPU, and so on. But I don't find quota
>>> of
>>> root disk, and ephemeral disk. Is that deliberate? or just maybe a
>>> forgetting?
>>
>> There are... what release and configuration of OpenStack are you
>> using? -- possibly check out the Cinder API as well.
>>
>> https://ask.openstack.org/ might be another good forum for your
>> question as it allows fleshing out the details iteratively.
>>
>> Cheers,
>> --
>> @lloyddewolf
>> http://www.pistoncloud.com/
>
>



--
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] no root disk, ephemeral disk quota?

[Lloyd Dewolf]

On Sun, Apr 14, 2013 at 11:16 PM, Tian Gao  wrote:
> Hi all,
>
> I found these are quotas of swap, CPU, and so on. But I don't find quota of
> root disk, and ephemeral disk. Is that deliberate? or just maybe a
> forgetting?

There are... what release and configuration of OpenStack are you
using? -- possibly check out the Cinder API as well.

https://ask.openstack.org/ might be another good forum for your
question as it allows fleshing out the details iteratively.

Cheers,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [Savanna] 0.1 Release!

[Lloyd Dewolf]

On Wed, Apr 10, 2013 at 3:45 PM, Robert Collins
 wrote:
>
> On 11 April 2013 08:30, Sergey Lukjanov  wrote:
> > Hi everybody,
> >
> > we finished Phase 1 of our roadmap and released the first project release!
> >
> > Currently Savanna has the REST API for Hadoop cluster provisioning using 
> > pre-installed images and we started working on pluggable mechanism for 
> > custom cluster provisioning tools.
> >
> > Also I'd like to note that custom pages for OpenStack Dashbord have been 
> > published too.
> >
> > You can find more info on Savanna site:
>
> Savanna seems to fit into the same space as Heat (going off your
> diagram on http://savanna.mirantis.com/) - can you explain how it is
> different?


My understanding of Savanna is it's complete focus on Hadoop.

Monty also recently asked about the opportunity for Savanna to use
Heat in a thread titled "Re: [openstack-dev] [EHO] Project name change
[Savanna]"
http://markmail.org/message/2vre6r4kgwqhvhav

Hope that helps,
Lloyd

--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [openStack] instance status

[Lloyd Dewolf]

On Fri, Apr 5, 2013 at 4:18 AM, Deepak A.P wrote:

>
> Hi ,
>
>  i have a list of instances created using the below command
>
>  nova boot myInstance --image 0e2f43a8-e614-48ff-92bd-be0c68da19f4
>
>--flavor 2 --key_name openstack
>
>
>i ran the below command to check the status of instances
>
>
> nova list
>
>
> all the instances show status as  "*BUILD*" , how to se the status of the 
> image to
>
> "ACTIVE " , i tried rebooting the instance am getting the below error
>
>
Once the instance finishes building then it will be in the "active" state.
Depending on the image, flavor and configuration starting an instance can
take a long time. I would suggest first trying with a small image like
Cirrus and using a "tiny" flavor.
http://docs.openstack.org/trunk/openstack-compute/admin/content/starting-images.html

Hope that helps,
--
@lloyddewolf
http://www.pistoncloud.com/
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack] Images need to be stored in Glance or SWIFT?

[Lloyd Dewolf]

On Thu, Mar 14, 2013 at 1:40 AM, Razique Mahroua
wrote:

> Hi,
> it depends basically on what you are looking for - you can store the
> images in both,  but Swift is more of an project aimed to propose and
> high-available and high-tolerant object store. Not saying that Glance
> doesn't do that - but Glance is more of a repository actually
>

Right, the essential service of Glance is the cataloging of vm images,
public and project ownership of the images, and making them available to
nova. Remote images is an elegant feature that reinforces this magic.

Balu, remember that Glance manages all instance snapshots, so the object
store configuration is often a great choice.
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Help with VMs

[Lloyd Dewolf]

On Tue, Feb 5, 2013 at 10:19 AM, Harvey West wrote:

> Not used openstack or this email forum before.
>
> Have installed openstack on unbuntu 12.4.1 LTS. Seems to work with the
> default unbuntu VM image.
>
> How do I create a new image. I would to create a FreeBSS VM instance. Is
> this possible?
>

Hi Harvey,


I have not created any BSD images, but as is no surprise it is fully
supported by KVM, http://www.linux-kvm.org/page/Guest_Support_Status

My searching for "bsd guest kvm" returns a lot of encouraging results, and
the content should generally be applicable.

http://cssoss.wordpress.com/2011/11/28/bundling-freebsd-image-for-openstack/still
looks good, though you'll want to use the native image API (glance
client) for uploading the image.



Hope that helps,
--
@lloyddewolf
http://www.pistoncloud.com/
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Wikipedia page

[Lloyd Dewolf]

On Wed, Jan 9, 2013 at 3:24 PM, Stefano Maffulli wrote:

> On 01/07/2013 12:28 PM, Stefano Maffulli wrote:
>
>> I can lead this task. Please join me on IRC #openstack-community (I'm
>> reed) to coordinate efforts.
>>
>
> I gave a first pass at improving the page. It looks better, it now has
> links, references and is more up to date. Please have a look at it and keep
> improving it:
>
> https://en.wikipedia.org/wiki/**OpenStack
>
> Also, please keep updating also the pages in other languages.


In the opening paragraphs:

"companies" currently links directly to
http://www.openstack.org/foundation/companies/ , I think
the encyclopedic norm would be for that link to be in a ref on "more than
150 companies".

"portable software" could link to
http://en.wikipedia.org/wiki/Software_portability

"SUSE Linux" should likely just be SUSE and link to
http://en.wikipedia.org/wiki/SUSE


The strength of the article is also very dependent on the quality of
https://en.wikipedia.org/wiki/Cloud_computing and specifically
https://en.wikipedia.org/wiki/IaaS#Infrastructure_as_a_service_.28IaaS.29
which are not particularly strong, and likely contain "original research."
Possibly, we could rally to improve these as well.


Hope that helps,
--
@lloyddewolf
http://www.pistoncloud.com/
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Windows 2012 Server

[Lloyd Dewolf]

On Tue, Dec 18, 2012 at 10:41 AM, Joe Warren-Meeks <
joe.warren.me...@gmail.com> wrote:

> Hi guys,
>
> I've created a windows 2012 image and uploaded it ok. Pretty much
> following this example:
>
>
> http://docs.openstack.org/trunk/openstack-compute/admin/content/creating-a-windows-image.html
>
> When I go to launch an instance, it works ok and nova list and nova show
> look healthy.
>
> If I VNC to it as soon as it starts to boot, I get to see the BIOS and
> then the new Windows logo, but then the screen goes black and nothing seems
> to happen. Sending ctrl-alt-del elicits no response and it doesn't look
> like the network has DHCP'ed either.
>
> Has anyone else seen this and if so, any idea what I can do to fix it?
>

We haven't had a customer ask for help with Windows 2012, but have had good
success with Windows 2008 created using KVM.
https://airframeaid.pistoncloud.com/entries/21838261-creating-windows-images

--
@lloyddewolf
http://www.pistoncloud.com/
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Upcoming wiki migration to Mediawiki

[Lloyd Dewolf]

On Thu, Dec 13, 2012 at 11:31 AM, Ryan Lane  wrote:

>
> There aren't any code examples in the wiki that I know of. If you have
>> examples we can certainly find a way to indicate Apache 2.0 for code, I
>> don't find this problematic.
>>
>>
> Yeah, we can wrap a  block in a template
> that also adds in license text for any code. Should be easy enough.
>

Excellent, best to address this now as this will come up later.


--
@lloyddewolf
http://www.pistoncloud.com/
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Upcoming wiki migration to Mediawiki

[Lloyd Dewolf]

On Fri, Dec 7, 2012 at 12:15 PM, Anne Gentle  wrote:

>
> tl;dr: Migration of wiki.openstack.org from MoinMoin to Mediawiki
> commences 12/17.
>

Yeah for the standard of wikis and wiki markup ... I think :p



> ... gives us licensed CC-By wiki content.
>

What's this last part mean?



> To this end, we have talked with the OpenStack Foundation board about
> licensing all content CC-By, including the wiki, and they are amenable.]
>

We may want to go with people agreeing to make any code samples available
under Apache 2.0 license. The equivalent project code license was my
experience working on Mozilla projects, and still looks to be the case
today, http://www.mozilla.org/en-US/about/legal.html


Cheers,
--
@lloyddewolf
http://www.pistoncloud.com/
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] OpenStack Program For Women Accepting Candidates

[Lloyd Dewolf]

> ...  and applicants may not have ever worked on FLOSS before.

What does "worked on" mean here? Does that mean OpenStack's participation
is adding that additional qualification, as GNOME's program looks to only
disqualify those who've "previously participated in an Outreach Program for
Women or Google Summer of Code internship" ?
https://live.gnome.org/OutreachProgramForWomen
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Openstack Folsom - 3 Installation

[Lloyd Dewolf]

Installing the milestone release likely doesn't make as much sense as
getting the latest using devstack at this point. Have you had
difficulties installing http://devstack.org/ ?

Best regards,
Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack Foundation] Individual Member Elections

[Lloyd Dewolf]

On Sat, Jul 28, 2012 at 11:18 PM, Jonathan Bryce  wrote:
>
> We've learned that someone may have violated the basic principles that hold 
> this community together by trying to affect the nominations for the 
> Individual Member elections.

For clarity, my understanding as it played out publicly, of the
accusation is someone was inappropriately discouraging another person
from running for nomination to the board.

Best regards,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] User Friendly Development -was- Fwd: [nova] [cinder] Nova-volume vs. Cinder in Folsom

[Lloyd Dewolf]

On Fri, Jul 27, 2012 at 1:48 AM, Thierry Carrez  wrote:
> Lloyd Dewolf wrote:
>> In my fantasies for the Grizzly release it would start something like:
>>
>> A. Grizzly Summit
>>
>> B. From the summit the Tech Committee & PTL have community consensus
>> on the overarching goal for the release and the projects' goals.
>> Articulated online in user friendly manner.
>>
>> C. Webinar / OpenStack User Groups get a presentation on the release
>> goals, and channels for input and participation.
>>
>> D. About the half way point in release schedule, development adjusts
>> the online communication to reflect reality, presents an update, and
>> again channels for input and participation.
>>
>> How do things work today?  I haven't found much in the wiki.
>
> Currently we publicly track and adjust release goals through the series
> blueprints in Launchpad (for example:
> https://blueprints.launchpad.net/quantum/folsom for Quantum). You can
> see a combined view for all Folsom at:
> http://wiki.openstack.org/releasestatus/ . The plan is initially seeded
> by the PTLs after the design summit, then continuously adjusted to
> reflect reality (with a status update every week at the Project &
> Release status meeting).
>
> These public plans can then be used by anyone who wants to present them
> in webinars or user group meetups, and anyone is free to comment on them
> and provide input.
>
> --
> Thierry Carrez (ttx)
> Release Manager, OpenStack

Very cool. I'll sync up with the crew right after the Grizzly design
summit to see if we can make this accessibly through communication to
the user base.

Anyone else interested in collaborating on driving this experiment?

Thank you,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack Foundation] Individual Nominations for Foundation Board of Directors

[Lloyd Dewolf]

On Thu, Jul 26, 2012 at 12:08 PM, Jonathan Bryce  wrote:
> We have been trying to be open, posting nominations to the page as they come 
> in, sending out emails and tweets to encourage people to nominate, and 
> notifying nominees as they are nominated. If anyone wants to make their 
> nomination public in addition to notifying the secretary they're welcome to 
> do so, ...

Thank you everyone for the continued fantastic job!

Who receives email sent to secret...@openstack.org? Sorry, I missed
who is the acting secretary. It might be nice to include the person's
name on the page:
http://www.openstack.org/community/openstack-foundation-board-2012-election-candidates/
.

Is there currently a draft application being used? Until the actual
application is developed: "4.2 (d) (iii) the nominee must have
completed an application for a director with information determined by
the Board of Directors"

Although not currently required by the bylaws after the board is
established I'd love to revisit public nominations, as typically
political nominations are public record. Unnecessary, but consistency
is elegance. I'd be very interested to hear arguments against.


Thanks,
Lloyd
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] User Friendly Development -was- Fwd: [nova] [cinder] Nova-volume vs. Cinder in Folsom

[Lloyd Dewolf]

Oops, I meant to fork the thread.

-- Forwarded message --
From: Lloyd Dewolf 
Date: Thu, Jul 26, 2012 at 1:35 PM
Subject: Re: [Openstack] [nova] [cinder] Nova-volume vs. Cinder in Folsom
To: openstack@lists.launchpad.net


On Mon, Jul 16, 2012 at 9:08 AM, Thierry Carrez  wrote:
>
> Using the "user committee" setup, you don't really need to take
> authority away from the PTL. You increase the influence of the "users"
> on technical decisions. You just provide a clear and official mechanism
> to represent the interests of "the users" as a whole. Once you have
> that, if the PTL or technical committee decides to ignore it, it's a
> rather strong decision that better has to be well justified. Its better
> than having some arbitrary percentage of "users" in a single committee
> and then have most decisions won by the most largely represented party.
>
> If the user committee is an active and respected group, it provides nice
> checks and balances against developers living in developer bubbles. Most
> issues we have right now with deployer-friendliness are linked to the
> fact that "the users" don't have a clear or official voice.
>
> The trick is, of course, to manage to set up such a committee in a way
> that represents all the users and deployers. It will be all the more
> influential if it is seen as representing all the users, rather than
> just a loosely-tied pre-determined subset of large users.

I generally agree with your thoughts around a "user committee".


For my benefit, I'd love to get a feel for what we're doing to make
development user friendly?


In my fantasies for the Grizzly release it would start something like:

A. Grizzly Summit

B. From the summit the Tech Committee & PTL have community consensus
on the overarching goal for the release and the projects' goals.
Articulated online in user friendly manner.

C. Webinar / OpenStack User Groups get a presentation on the release
goals, and channels for input and participation.

D. About the half way point in release schedule, development adjusts
the online communication to reflect reality, presents an update, and
again channels for input and participation.


How do things work today?  I haven't found much in the wiki.


Thanks,
--
@lloyddewolf
http://www.pistoncloud.com/


-- 
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [nova] [cinder] Nova-volume vs. Cinder in Folsom

[Lloyd Dewolf]

On Mon, Jul 16, 2012 at 9:08 AM, Thierry Carrez  wrote:
>
> Using the "user committee" setup, you don't really need to take
> authority away from the PTL. You increase the influence of the "users"
> on technical decisions. You just provide a clear and official mechanism
> to represent the interests of "the users" as a whole. Once you have
> that, if the PTL or technical committee decides to ignore it, it's a
> rather strong decision that better has to be well justified. Its better
> than having some arbitrary percentage of "users" in a single committee
> and then have most decisions won by the most largely represented party.
>
> If the user committee is an active and respected group, it provides nice
> checks and balances against developers living in developer bubbles. Most
> issues we have right now with deployer-friendliness are linked to the
> fact that "the users" don't have a clear or official voice.
>
> The trick is, of course, to manage to set up such a committee in a way
> that represents all the users and deployers. It will be all the more
> influential if it is seen as representing all the users, rather than
> just a loosely-tied pre-determined subset of large users.

I generally agree with your thoughts around a "user committee".


For my benefit, I'd love to get a feel for what we're doing to make
development user friendly?


In my fantasies for the Grizzly release it would start something like:

A. Grizzly Summit

B. From the summit the Tech Committee & PTL have community consensus
on the overarching goal for the release and the projects' goals.
Articulated online in user friendly manner.

C. Webinar / OpenStack User Groups get a presentation on the release
goals, and channels for input and participation.

D. About the half way point in release schedule, development adjusts
the online communication to reflect reality, presents an update, and
again channels for input and participation.


How do things work today?  I haven't found much in the wiki.


Thanks,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Thoughts on client library releasing

[Lloyd Dewolf]

On Fri, Jun 22, 2012 at 6:00 AM, Thierry Carrez  wrote:
> Mark McLoughlin wrote:
>> That actually goes to something I'm not aware of us - the project -
>> having spent much time discussing. We do twice yearly releases of our
>> collection of software, but there are public cloud providers which want
>> to essentially do continuous deployment from our development branch.
>>
>> To what extent is that a reasonable thing for the project to support? If
>> we had a shorter release cycle, would the cloud providers switch their
>> deployments from continuous to the releases? If not, can the project and
>> cloud providers better co-ordinate somehow?
>
> That's a discussion we had before the Essex release, when we were
> looking into releasing more often (every 5-8 weeks) instead of every 6
> months. "What makes a release ?". After all, you will never prevent
> people from using milestones or random snapshots, and we should strive
> to make master always installable and working. So why do releases ? And
> what should be the cadence ?
>
> To me, releases are synchronization points. We have to have a cycle with
> a timeframe where development slows down at one point to let QA,
> documentation, integration testing and translation catch-up. A release
> is a point in time where the stars are all aligned. The release cycle is
> there to help us achieve that regularly.
>
> Those synchronization points also serve to maintain stable branches and
> coordinate with distros (it's no mystery that we are cadenced in a way
> that makes us friendly with time-based distros).
>
> Currently we can only achieve that star-aligning process every 6 months,
> but I hope that we'll be able to do releases more often in the future.
>
> That said, us releasing every 6 months doesn't mean we should prevent
> users from being able to pick a version and run with it. In particular,
> I think our client library release scheme shouldn't actively go against
> that by synchronizing too much with the core release schedule.

Well said, as have all the contributions to the discussion.

Right now Piston Cloud maintains our own "clients" based on the full
packages of Diablo with fixes from newer releases -- like being able
to installing all of glance using pip to get to the client libraries.

I can't wait for the releases of the glance and swift client libraries.
https://github.com/openstack/python-swiftclient
https://github.com/openstack/python-glanceclient

If not their own "projects" within launchpad for client library  will
severe issues and lengthening resolved bug lists have the visibility
for a natural release management? What tools will support the client
libraries having good cadence?

On the other hand separation is artificial when it's the same
technical owners and the client libraries evolve hand-in-hand with the
servers.

My recommendation -- although being their own Launchpad projects makes
many of the answers for release management more obvious and far easier
-- would be to get a baseline of quality client libraries, and leave
them fully embedded in the servers' projects, versioned the same as
the servers, until demonstrated that isn't working, and re-evaluation
on a bug backlog by bug backlog basis.


Thank you,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Stable Branch, alt title: What happens to Diablo

[Lloyd Dewolf]

On Tue, Apr 10, 2012 at 8:57 AM, Mark McLoughlin  wrote:
> Hi,
>
> On Fri, 2012-04-06 at 09:13 -0700, Lloyd Dewolf wrote:
>> I've updated http://wiki.openstack.org/StableBranch to put Diablo in
>> the past, and Essex as the current stable release.
>>
>> I'm delighted to see that Mark McLoughlin already has "Stable Branch"
>> on the agenda for the Summit,
>> http://summit.openstack.org/sessions/view/29
>>
>> Before the summit I hope to get clarification on "The stable branch
>> will only be maintained until the next release is out. This period may
>> be extended if there are volunteers to maintain it beyond this point."
>>
>> I suspect we can generally agree that Diablo and future each stable -
>> 1 should still be "supported" for some overlap with the current stable
>> release, and beyond that would be dependent on... well the
>> organizations dependent on that release.
>>
>> How long will https://launchpad.net/~openstack-stable-maint continue
>> to maintain Diablo? Based on that we can determine if there is a group
>> interested in continuing to own maintenance for an additional period.
>
> It's a good question, and one that we still need to figure out an answer
> to.
>
> Judging by the level of interest so far in helping to maintain the
> branch, I think this would work:
>
>  - Core projects in a given release have a stable branch for that
>    release maintained by openstack-stable-maint
>
>  - A stable branch is actively maintained (read - the branch
>    maintainers actively monitor master for patches to backport and
>    release new versions from the branch) until the next release comes
>    out
>
>  - A stable branch is then passively maintained (read - the branch
>    maintainers will backport security fixes and accept patches for
>    high impact issues, but will not do new releases) until the next
>    release after that comes out
>
> Giving a current state of stable-maint actively maintaining stable/essex
> and passively maintaining stable/diablo. We will EOL stable/diablo when
> Folsom comes out.
>
> Of course, we can always re-evaluate the policy if interest increases.
>
> Looking forward to discussing further at the summit ...

Thanks Mark. This seems sane, and gives me confidence.

See you next week,
Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Stable Branch, alt title: What happens to Diablo

[Lloyd Dewolf]

I've updated http://wiki.openstack.org/StableBranch to put Diablo in
the past, and Essex as the current stable release.

I'm delighted to see that Mark McLoughlin already has "Stable Branch"
on the agenda for the Summit,
http://summit.openstack.org/sessions/view/29

Before the summit I hope to get clarification on "The stable branch
will only be maintained until the next release is out. This period may
be extended if there are volunteers to maintain it beyond this point."

I suspect we can generally agree that Diablo and future each stable -
1 should still be "supported" for some overlap with the current stable
release, and beyond that would be dependent on... well the
organizations dependent on that release.

How long will https://launchpad.net/~openstack-stable-maint continue
to maintain Diablo? Based on that we can determine if there is a group
interested in continuing to own maintenance for an additional period.

I also think we should have messaging at www.
https://wiki.ubuntu.com/Releases is inspirational, though a bit of a
shame that is not on the main ubuntu www.


Thanks,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] OpenStack 2012.1 ("Essex") is RELEASED !

[Lloyd Dewolf]

w00t!


On Thu, Apr 5, 2012 at 8:02 AM, Duncan McGreggor  wrote:
> Nicely done!
>
> Congratulations, everyone!!!
>
> d
>
> On Thu, Apr 5, 2012 at 10:52 AM, Thierry Carrez  wrote:
>> Hello everyone,
>>
>> I'm very happy to announce the immediate release of OpenStack 2012.1
>> (code-named "Essex"). This coordinated release contains 5 components:
>>
>> OpenStack Compute ("Nova") 2012.1:
>> https://launchpad.net/nova/essex/2012.1
>>
>> OpenStack Object Storage ("Swift") 1.4.8:
>> https://launchpad.net/swift/essex/1.4.8
>>
>> OpenStack Image Service ("Glance") 2012.1:
>> https://launchpad.net/glance/essex/2012.1
>>
>> OpenStack Identity ("Keystone") 2012.1:
>> https://launchpad.net/keystone/essex/2012.1
>>
>> OpenStack Dashboard ("Horizon") 2012.1:
>> https://launchpad.net/horizon/essex/2012.1
>>
>> You can find tarballs for download, as well as comprehensive lists of
>> features and bugfixes, at the URLs above.
>>
>> You are strongly encouraged to read the Release Notes at:
>> http://wiki.openstack.org/ReleaseNotes/Essex
>>
>> Enjoy!
>>
>> --
>> Thierry Carrez (ttx)
>> Release Manager, OpenStack
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp



-- 
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack Foundation] Foundation Structure: An Alternative

[Lloyd Dewolf]

Having more than 5 companies pony up big dollars *is* a great problem
to have. I didn't mean to suggest the solution stays the same. We need
to plan for this scenario as there is a real chance of more
participants than what has been negotiated in the back rooms.


Of course, everyone wants the greatest up-front value for their
investment. Capital is actually the least strategic type of investment
a big company can make. The biggest companies are the biggest
companies because they put their best people on strategic investments.

Having been at IBM in a group, DB2, dependent on the success of Linux
during many of the pivotal years of Linux's commercial rise
(2000-2004), IBM truly made that strategic investment. There were no
guarantees.

Although the Linux Foundation is an exceptional organization there is
no model for what OpenStack has achieved with the leadership of
Rackspace and others in the areas of strategic, business development,
marketing, and events in hand with the technical leadership and
achievements of the the community. If we agree that this investment is
essential to our success, and the budget that it requires, then let's
retire the possibly insulting argument that a meritocratic board is
anything but a requirement, that there is something extortive about
this, or that everyone else should be content jockeying for part of
the board, or that technical contribution is the only full domain of
participation for everyone.

Rackspace reserving long term influence for themselves and selling it
to a BIG four will forever shadow the OpenStack project.



Thank you,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack Foundation] Foundation Structure: An Alternative

[Lloyd Dewolf]

On Fri, Mar 9, 2012 at 2:27 PM, Mark Collier  wrote:
>
> Strategic Member fees:  One small clarification: the proposal calls for
> Strategic Members to make a commitment of $500k/year for 5 years, paid
> annually (not up front). This figure was driven primarily by the need to
> arrive at a reasonable board size, while also raising substantial funds for
> foundation operations.

What do you do if more than than 5 companies pony up? What a good
problem to have! ;-)

Although 5 years align to ensure the longevity of the project, the
project is too young to sell away 5 years at this critical time in
strengthening the direction.

It should be desirable for the young companies who's success is
accelerating and are making an all-in strategic investment to be able
to make the same strategic contributions with the same benefits each
year --- natural incentives. This young blood shouldn't have to jockey
for two thirds of the remaining seats. With the success of OpenStack,
our foundations coffers will fill each year.

Joshua's proposal, our proposal (Piston Cloud), provides OpenStack
much more guaranteed resources as each of the say 15 members would be
providing 2 FTE = ~30, and the same financial characteristics. This
in-house investment formalizes the good behavior of committed
participants and brings home the OpenStack hats.

In this model seats are more easily lotteried each year among those
that are making the strategic investment, and we eliminate the unique
timing of the opportunity.

Better yet decouple the board all together from the benefits of
strategic membership -- why restrict full meritocracy to the
technical.


Thank you,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Google Summer of Code-2012

[Lloyd Dewolf]

On Thu, Feb 9, 2012 at 5:05 PM, Ewan Mellor  wrote:
>
> The most important thing is that you recognize that this is a real time 
> investment.  It's not just a case of exchanging a few emails with the student 
> -- you're going to need to dedicate time to helping them through their ideas, 
> plans, and coding.


Well said!

It's a very significant commitment. It's the real meaning of Google's
20% time ;-)

I organized and coordinated WordPress's participation for the 1st two
years (2007,2008). The projects that are success *always* have
dedicated, persistent mentors -- I'd also recommend each project
having a backup mentor.

To get started we, as a community, would identify detailed ideas for
projects. Then raise our hands if we were interesting in mentoring any
of the possible projects -- sometimes a mentor will materialize for
the right project.

Students will also propose their own projects, but in my experience
those projects are not often of the right scope and duration, and so
seldom get mentors.


May the source be with you... and you... and you,
--
@lloyddewolf
http://www.pistoncloud.com/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Essex-3 milestone available for Keystone, Glance, Nova and Horizon

[Lloyd Dewolf]

On Thu, Jan 26, 2012 at 2:58 AM, Thierry Carrez  wrote:
>
> Keystone, Glance and Nova are now feature-frozen

Fantastic work everyone! See you at the bug squashing day a week today,
http://www.openstack.org/blog/2012/01/the-first-openstack-bug-squashing-day-is-coming-on-feb-2nd/

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Proposal for new devstack (v2?)

[Lloyd Dewolf]

I +3.14159265 that!

On Wed, Jan 18, 2012 at 11:55 AM, Jesse Andrews  wrote:
> devstack-pi (play on version numbers and python)
>
> On Wed, Jan 18, 2012 at 11:22 AM, Joshua Harlow  
> wrote:
>> Sure, this was just a name I picked. It can be renamed to anything, works
>> for me. I just needed a name for a github project (and it seemed to make
>> sense at the time, haha).
>>
>> -Josh
>>
>>
>> On 1/18/12 9:10 AM, "Lloyd Dewolf"  wrote:
>>
>> On Tue, Jan 17, 2012 at 10:20 AM, Joshua Harlow 
>> wrote:
>>>
>>> Please check it out @ https://github.com/yahoo/Openstack-Devstack2
>>
>> To stave off confusion it might be a good idea to rename this from "2"
>> to "alt" or similar, or even as forks tend to in the WordPress world
>> "ultimate" or "all in one" ;-)
>>
>> It should be labeled version 2 by consensus.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Proposal for new devstack (v2?)

[Lloyd Dewolf]

On Tue, Jan 17, 2012 at 10:20 AM, Joshua Harlow  wrote:
>
> Please check it out @ https://github.com/yahoo/Openstack-Devstack2

To stave off confusion it might be a good idea to rename this from "2"
to "alt" or similar, or even as forks tend to in the WordPress world
"ultimate" or "all in one" ;-)

It should be labeled version 2 by consensus.


Very cool work,
Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] [OpenStack Foundation] OpenStack Mission & Goals

[Lloyd Dewolf]

Having played a very minor role in this process for WordPress, and
been an onlooking numerous times, it is always a long and involved
process.

Ever try telling the IRS that you don't want to pay taxes?


I appreciate the passion of this discussion, but some of it feels ad
hominem and non-constructive.


As the process continues to proceeds, who is currently blocked by
what, so we can rally around the pragmatic causes?


I can't grow without light,
Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Do we really need a CLA? [was Re: Using Gerrit to verify the CLA]

[Lloyd Dewolf]

On Tue, Jan 3, 2012 at 7:02 AM, Rick Clark  wrote:
>
> As far as changing anything about the way the CLA works, until we have a
> foundation, the discussion of which seems to have stalled, we, as a
> group, have no real authority to change anything.

Good to know.

> We have a bigger hole in the Corporate CLA, IMHO.  I have been told that
> since it is necessary for a corporate signer to explicitly name their
> individual contributers, and we have no way of updating the document,
> openstack is potentially left open to a lawsuit, if an employee
> unspecified in the CLA, contributes something they consider IP.  I
> seriously hate all this legal stuff.

Fun, fun, fun.


I seem to recall jQuery having some growing pains where they had to
after-the-fact start doing CLA. Might be worth talking to them, if
there gets to be some momentum behind reconsidering CLAs.


Oregon State University Open Source Lab has a lot of knowledge around
CLA options, and they have the  http://www.harmonyagreements.org
project.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Inspired Meetings!

[Lloyd Dewolf]

Hi Stackers!

Last week I "sat in" on a few of the OpenStack IRC meetings: CI,
General meeting, and QA . The meetings left me pumped for this week!

If like me, meetings generally turn you off, these are meetings of a
different stripe.

I'm inspired by the momentum, and wishing I had time to dive into
other areas as well, and -- gasp! -- attend more meetings!

Each meeting also includes open questions at the end.

If you are only going to attend one meeting this week it will have to
be tomorrow's General Meeting, Tuesdays at 2100 UTC. It might be
better named the OpenStack Project & Release Status meeting.

ttx (Thierry) does a first class job chairing the meeting. ttx is a
maestro coaxing and interpreting information from long lists of blue
prints, bug reports, and most importantly thanks to the excellent
communications of those in attendance.

It's incredible that in an hour, thanks to ttx and the component leads
sharing, I got a sense of where each of the major components are --
essex-2 "e2" has been very productive, it's not done yet! and we're
lining ourselves up for a monster of an e3 (as it should be) ;-)

Add 
https://www.google.com/calendar/ical/bj05mroquq28jhud58esggq...@group.calendar.google.com/public/basic.ics
to your calendar program and be sure to make it the meetings tomorrow
that interest you.

See you on #openstack-meeting on chat.freenode.net ,
http://wiki.openstack.org/Meetings

Cheers,
Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Lloyd Learning Docs & website content processes

[Lloyd Dewolf]

On Wed, Nov 30, 2011 at 6:18 AM, Lloyd Dewolf  wrote:
> On Wed, Nov 30, 2011 at 2:45 AM, Thierry Carrez
>  wrote:> Lloyd Dewolf wrote:>> 2. Lloyd will
> log Thierry "ttx" Carrez's solid openstack.org/security>> content from
> http://etherpad.openstack.org/8hWNQwkWf9 to>>
> http://launchpad.net/openstack-manuals , if it is not already there.>>
> He will do a copyedit to the etherpad, and also upload his revision
> to>> openstack-manuals. We'll take it from there based on the process
> Anne>> is updating to the wiki.>> Note that the content was pushed to
> www.openstack.org webmaster for> publication, without much result yet
> (the idea was to quickly replace> "nothing" with "something", and then
> improve incrementally).>> It would be great if we could have a more
> dynamic way to review/update> the main website content (in the same
> way we control the docs site> contents): it could prove useful in
> further revisions.
> Fantastic! We're of the same mind. And I'm so thankful for how hard
> you've pushed this forward over these past months.
> 1. I'm trying to motivate a revision in the same spirit as what you
> wrote to get online as soon as possible. From there we can look to
> come together to evolve the processes and communications 2. With a
> documented process with public visibility, we will now have a
> foundation where people can step forward as stakeholders, and we can
> quantify the time to publish. From here we can align with people's
> workloads, and negotiate the priority of our items.
> Thanks,Lloyd

Ugg, sorry for the formatting again. I thought this was resolved in
the latest Google Chrome Canary.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Providing packages for stable releases of OpenStack

[Lloyd Dewolf]

On Wed, Nov 30, 2011 at 4:07 AM, Soren Hansen 
wrote:>> To me, the PPA's have always been a QA tool. I wanted people
willing to> help test OpenStack to be able to do so with as little
effort as> possible.  Building packages per-commit gave us that.
+1
I don't have any insights on the implementation details, and agreethat
it is hard to do well, but it is essential for quality.
It's more than the level of effort for testing, we need to
eliminatevariability, and everyone be able to point to the same thing
and say,"is good".
But working on this today, would it introduce great variability
verseswhat will be deployed to production? I hesitate to suggest this
mightbe a problem for six months from now when everyone has had some
timeto work out the details of their own flavors, and worked with
thoseflavors with customers.

Still without something how do we measure quality.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] future-me -was- Re: Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

On Thu, Nov 24, 2011 at 2:58 PM, Soren Hansen  wrote:
> 2011/11/24 Lloyd Dewolf :
>
>> Future-me will be proud that we have a robust solution (which I feel
>> like you guys are challenging me to brainstorm on) and that we've
>> never had a premature disclosure.
>
> We're not quite a point yet where I'd consider that last point any sort
> of success. To me, it's kind of like celebrating that the shuttle hasn't
> exploded yet when the spaceship is still on the launch pad.

I'm not inviting you to my happy place Soren! ;-)

It's a popular communicate technique used to build consensus. I find
it often worthwhile to present things in a number of ways as we all
use different lens, and we don't want to limit our audience
(particularly prematurely).

Examples of variations of this technique are:

* Amazon's "working backwards"
http://www.shmula.com/start-with-the-customer-and-work-backwards/324/
http://www.allthingsdistributed.com/2006/11/working_backwards.html

* Automattic often drafts the blog post and help pages before starting on
design and implimentation.


The very best to you,
Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Lloyd Learning Docs & website content processes

[Lloyd Dewolf]

On Wed, Nov 30, 2011 at 2:45 AM, Thierry Carrez
 wrote:> Lloyd Dewolf wrote:>> 2. Lloyd will
log Thierry "ttx" Carrez's solid openstack.org/security>> content from
http://etherpad.openstack.org/8hWNQwkWf9 to>>
http://launchpad.net/openstack-manuals , if it is not already there.>>
He will do a copyedit to the etherpad, and also upload his revision
to>> openstack-manuals. We'll take it from there based on the process
Anne>> is updating to the wiki.>> Note that the content was pushed to
www.openstack.org webmaster for> publication, without much result yet
(the idea was to quickly replace> "nothing" with "something", and then
improve incrementally).>> It would be great if we could have a more
dynamic way to review/update> the main website content (in the same
way we control the docs site> contents): it could prove useful in
further revisions.
Fantastic! We're of the same mind. And I'm so thankful for how hard
you've pushed this forward over these past months.
1. I'm trying to motivate a revision in the same spirit as what you
wrote to get online as soon as possible. From there we can look to
come together to evolve the processes and communications 2. With a
documented process with public visibility, we will now have a
foundation where people can step forward as stakeholders, and we can
quantify the time to publish. From here we can align with people's
workloads, and negotiate the priority of our items.
Thanks,Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Cloud Computing StackExchange site proposal

[Lloyd Dewolf]

On Tue, Nov 29, 2011 at 11:16 AM, Stefano Maffulli
 wrote:
> On Tue, 2011-11-29 at 10:10 -0800, Lloyd Dewolf wrote:
>> Where do I find this previous discussion?
>
> around here:
> https://lists.launchpad.net/openstack/msg02169.html
>
> What do you think of the requirements we're gathering for the Q&A
> system? I'd like your opinion on that as we move on.

Thanks Stefano. I really like everyone reframing the discussion to
figure out what our needs are as opposed to ... shiny!

I do think stackexchange (SE) is miles [1] ahead and the only system
that will meet the majority of our requirements.

If we can get our own Area51 then it's by far the best immediate solution.

I spoke to a friend at Area51, and he suggested we might have
different results if we tried again. So I feel like this is on the
table if we want to pursue.


Of course, having very active SE participants (high reputation) put
the proposal forward and committing to it carries a lot of weight.

My reputation [2] is weak today, but I'm sure myself and others could
ramp up the levels quickly over the next few months.

Cheers,
Lloyd

--
1. See I'm getting used to United States customary units,
http://en.wikipedia.org/wiki/Customary_units
2. http://stackexchange.com/users/25765?tab=accounts

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Cloud Computing StackExchange site proposal

[Lloyd Dewolf]

Thanks Vish. Now my failed search makes more sense. Awesome how they
delete it -- invitation to resubmit every month, jokes.

On Tue, Nov 29, 2011 at 11:35 AM, Vishvananda Ishaya
 wrote:
> It was here:
> http://area51.stackexchange.com/proposals/31788
> It was rejected on the grounds of being able to be covered on StackOverflow
> and ServerFault.
> Vish
> On Nov 29, 2011, at 10:10 AM, Lloyd Dewolf wrote:
>
> On Fri, Nov 18, 2011 at 10:38 AM, Anne Gentle 
> wrote:> We had put forward an OpenStack StackExchange proposal earlier
> this year> which was rejected
> Hi Anne,
>
> Where do I find this previous discussion?
>
>
> Thank you,
> Lloyd
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Lloyd Learning Docs & website content processes

[Lloyd Dewolf]

I had a good call with Anne Gentle a few hours ago, 08:00 PT, and got
a first introduction to the fantastic documentation work, and
infrastructure to support it.

There is a lot for me to get up to speed on, and Anne has generously
agreed to continue to mentor me. We'll have another one-on-one call
tomorrow, 08:00 PT [1]. If there are up to a few people who would like
to join this call, let Anne and I know off list -- note the call is
primarily to get me, Lloyd, up to speed on documentation.

Out of our first call, there were two items:

1. Anne went and confirmed that the process for updates and additions
to the content of the website [ http://openstack.org/  ] is to file
tasks, bugs, etc in http://launchpad.net/openstack-manuals. This
assists with public visibility, and tracking of items. Anne will be
updating the wiki with this information, and fleshing out the process.

2. Lloyd will log Thierry "ttx" Carrez's solid openstack.org/security
content from http://etherpad.openstack.org/8hWNQwkWf9 to
http://launchpad.net/openstack-manuals , if it is not already there.
He will do a copyedit to the etherpad, and also upload his revision to
openstack-manuals. We'll take it from there based on the process Anne
is updating to the wiki.

Thanks Anne!

Best regards,
Lloyd

--
1. 
http://www.timeanddate.com/worldclock/fixedtime.html?msg=Lloyd+Dewolf+%26+Anne+Gentle+Chat&iso=2030T08&p1=283&ah=1

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Cloud Computing StackExchange site proposal

[Lloyd Dewolf]

On Fri, Nov 18, 2011 at 10:38 AM, Anne Gentle 
wrote:> We had put forward an OpenStack StackExchange proposal earlier
this year> which was rejected
Hi Anne,

Where do I find this previous discussion?


Thank you,
Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

On Fri, Nov 25, 2011 at 12:03 AM, Thierry Carrez  wrote:
>
> Sending emails saying
> things are not done the way they should will not get you very far.

I'm probably misreading that, but it read like you are discouraging a
type of participation.


I learn the most from people who think differently than I do, and
approach things differently.

"Diversity is the canary in the coal mine for meritocracy.", Eric Ries. [1]


If you feel there is an opportunity for you to mentor me please do it
off list. I'd welcome the chance!


Thank you,
Lloyd


1. 
http://www.startuplessonslearned.com/2010/02/why-diversity-matter-meritocracy.html

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Mailing list archive delay -was- Re: Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

On Thu, Nov 24, 2011 at 2:12 PM, Chmouel Boudjnah  wrote:
> Hi Llyod,
>
>> Oh man mail-archive.com also has some delay, but not as bad. The
>> message that I'm responding to from you, ttx, isn't there yet either,
>> and I double checked that you didn't directly cc me. We can't win at
>
> I am wondering, why do you need near instant mail archiving if they
> are coming to your mailbox?

Good question.

I think hours behind is pretty far from near instant, but I get your point.

Cool URIs don't change [1] -- hopes reverted to a web developer geek,
but I'm only have kicking.

I want to be able to reference, log, and/or *share* the permalink. My
need is being able to finish. Finish whatever, now, so I free my mind
[2], and move on.

I want to be able to check the status of a thread, or quickly look
what is going on without having to log in to email, publicly.


Aside, if it is working as expected, yuck, then it should display a
message informing about the possible delay. And if I was choosy add
some CSS styling of the header while they are at it.


Thanks for asking,
Lloyd



1. http://www.w3.org/Provider/Style/URI
2. http://www.youtube.com/watch?v=9tIYpvlQP_s Yes, I'm already sorry
for doing that to you!

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Mailing list archive delay -was- Re: Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

On Thu, Nov 24, 2011 at 12:03 PM, Thierry Carrez  wrote:
> Lloyd Dewolf wrote:
>> On Thu, Nov 24, 2011 at 8:57 AM, Lloyd Dewolf  wrote:
>>>
>>> 1. I need a list archive that is up to date!
>>
>> Has someone submitted a bug with lists.launchpad about
>> https://lists.launchpad.net/openstack/ being delayed? This will drive
>> me batty before long.
>> [...]
>> Someone must already have a read-only archive -- make it public please? ;-)
>
> Just use http://www.mail-archive.com/openstack@lists.launchpad.net/

Oh man mail-archive.com also has some delay, but not as bad. The
message that I'm responding to from you, ttx, isn't there yet either,
and I double checked that you didn't directly cc me. We can't win at
this, the servers ate too much American Thanksgiving!

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

Hi ttx,

Very good points.

The gating factor is triage, and this is what we first have to build
our, OpenStack's, Vulnerability Management solution around.

If the needed resources are not yet available let's fully understand that.

If distros and other OpenStack builders are not able to provide
direct, accessible, 24/7 contact for coordinated disclosure in, say,
the emergence of a zero day attack, then we can't do much more for
them than hope they are not compromised before they can respond to the
public disclosure.

Prepare for the worst, hope for the best.


I think we will soon be surprised by how much resources we, OpenStack,
have available, and who you will be able to access at any time of day
[1] if the issue warrants it -- code forbid!

Just think it has takes these last many months (and for many, some
more months) for the most recent cohorts to explore the code, play
with the experience, and start to investigate solutions. 2012 is going
to be a huge year for OpenStack!


Aside, I don't like your amateur vs professional angle for a couple of
reasons. For starters, my skimming through the archives, wiki, and
code trees, it was clear before I started that you are anything but an
amateur.

Further, passion is one of the tools that the amateur, the maker, has
to bring more fully to bear than the profession -- I <3 passion!


It sounds like from your experiences you are all too familiar that
until someone (you!) puts something in place, there is much dragging
of feet, and once it is place everyone is a critic ;-)

Thanks for your patience with me, and thoughtful explanations. Thanks
for taking so much of your day today to engage me on this issue -- I
can't wait to some day not-to-far-away meet you.


After this long weekend I'll see if I can't bend some of your PPB
ears, and see us iterate to the next solution. I trust you will
continue to be a passionate participant!


Cheers,
Lloyd


1. The sun is always shining on an international project!

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] openstack.org/security copyedit review -was- Re: Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

On Thu, Nov 24, 2011 at 7:30 AM, Thierry Carrez  wrote:
> Lloyd Dewolf wrote:
>> [...]
>> I do have a couple of serious concerns:
>> [...]
>> Every sentence in the first paragraph is dripping with negativity
>> - "will not give prior notice to their employer"
>> - "not about getting advance notice"
>> - "reduce the disclosure of vulnerability in the early stages"
>
> This page is work in progress policy for the vulnerability management
> team. The more public-oriented contents of the proposed
> openstack.org/security page, as brainstormed by all people that have
> shown interest in security at the last design summit, is here:
>
> http://etherpad.openstack.org/8hWNQwkWf9

I really like what you have there!

There is a little copy editing to be done. Did the doc team have a
chance to review this yet? I'd assume it is a priority for them, and
something they will get to soon?

Either way I'm happy to provide my limited editorial skills, once we
explore possibly changes to the Vulnerability Management team.

Hit me up then if you like,
Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Mailing list archive delay -was- Re: Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

On Thu, Nov 24, 2011 at 8:57 AM, Lloyd Dewolf  wrote:
>
> 1. I need a list archive that is up to date!

Has someone submitted a bug with lists.launchpad about
https://lists.launchpad.net/openstack/ being delayed? This will drive
me batty before long.

I haven't submitted a bug related to launchpad since... 2006,
https://bugs.launchpad.net/launchpad/+bug/42644 , and it's been about
as long since I last really got to enjoy Canonical's Infrastructure.

I confirmed it's not my connection, computer or browser:
https://skitch.com/lloydbudd/gmgtt/confirmation-lists.launchpad.net-openstack-stale
.

Is this a feature of lists.launchpad then? ;-)

Someone must already have a read-only archive -- make it public please? ;-)

Any advice on reporting this issue? Anyone know from experience how
long the delay is?

Thanks,
Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] After each meeting -was- Re: [QA] Team IRC meeting moved back one hour

[Lloyd Dewolf]

On Thu, Nov 24, 2011 at 7:34 AM, Thierry Carrez  wrote:
> Lloyd Dewolf wrote:
>> It would be dope if after each meeting there was a post to the list
>> with only the highlights (bait!), and a link to the fully summary, and
>> the log.
>
> Sounds great... Are you volunteering ?

I'm ramping up my participation as quickly as possible though I'm also
pragmatic. OpenStack will enjoy my participation for years, if I
ensure that Piston Cloud is successful.


> Kidding aside, the main reason we are not doing that is that redacting
> highlights takes time and we all have other more pressing things to
> do... People who care enough usually read the summaries and logs, and
> the additional value of redacted summaries is not enough.

I disagree with what you wrote, but suspect we actually agree on the concepts.

I involuntary shudder [1] when I read "we all have other more pressing
thing". On the other hand saying, "this didn't happen today, because
this specific priority *unexpected* needed to be done" is completely
understandable. Do you agree?

The last part of any meeting I participate in will always be an
attempt to articulate at least what the themes where. Sharing that is
all I'm asking, and providing the links, so we are regularly
encouraged to participate ;-)

Unless someone loves being the chair, I enjoy when the chair rotates
for each meeting.


Thank you,
Lloyd

--
1. Hmm, are all shudders involuntary?

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

Sorry, I don't know why Chrome Canary is losing the vertical spacing
between paragraphs. He's been a bad birdy lately, seen
http://code.google.com/p/chromium/issues/detail?id=104771 ? That's my
favorite bug report since
https://github.com/MrMEEE/bumblebee/issues/123 .

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

On Thu, Nov 24, 2011 at 7:30 AM, Thierry Carrez  wrote:
> I want to turn the question around: why do *you* want more ?
I don't think you are implying it, but just to snuff out any though.
I'm completely comfortable speaking for Piston Cloud that if by some
craziness adjusting this policy to better serve the project required
that Piston Cloud *never* was a member of the vulnerabiliity group I'm
certain I can get sign off on that.
I feel like you might have accidently skipped in your quoting at least
one of my question. What is the successful three person, email-based,
implimentation this is based on?
Actually really though that question was only for my own interest, and
doesn't matter. The argument ends at three humans do not *physically*
have the coverage to *insure* timely *initial* response, particularly
from a sophisticated bad actor.
There might not be as many reports as I think, but the issues will
have the potential of being magnitudes more complex than Firefox
issues. And it will only takes one, the first disaster to set back
OpenStack, and potentially kill off a member organizations ability to
participate in OpenStack  -- I hadn't considered that previously, it
is dramatic, but thinking in it, we are not taking little leagues
here, and I imagine a lot of people have put themselves on the line to
get behind OpenStack.
So assuming we want to focus on it being hard coded at a number, what
would the number be, and what would the list look like if the
requirement is: three -- the magic number -- members "usually"
covering each hour including weekends.

The process to come up with this list might look like:
1. Revisit who are the top candidate volunteers2. Put their "usual"
work day on a calendar including *weekends*. No healthy person works
the same 8hrs seven days a week, so no one better claim they do ;-)
2.a Only allow each candidate volunteer to identify 8hrs per day.

Come up with the minimum list with density of at least three at each hour.
Thank you,Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

On Thu, Nov 24, 2011 at 8:03 AM, Soren Hansen 
wrote:> 2011/11/24 Lloyd Dewolf :>> A. As my
former boss, as of this week, Matt Mullenweg [1] would so>> often
remind us, "don't be so negative" -- he literally reminded my>> VIP
Services sub-team of that last week -- it's natural when you are>>
deep in the trenches. Instead use "Words that Work". [2]>> This is not
marketing material. It's not meant to sell anything or> convince
anyone of anything. It's supposed to accurately convey what> this team
is and what it isn't. If you want to rephrase it, knock> yourself out,
but being unambiguous trumps "sounding good". You don't> see
legislation being rephrased to make it sound better either :)
Hi Soren,
I may be misreading, but both your response and part of ttx's reads to
me as a straw man argument -- you give back a single unrelated phrase
as opposed to demonstrating the value of all three phrases.
I'm frustrating by your mention of "marketing material" and ttx's
posslbe fallback of "technical page". What is the context of that? If
I were to guess where you are coming from, which I hate doing, my
response would good communication is accessible to many audiences,
encourages participation (is positive!), translates well (hard!), and
still meets the needs of us pendantic fools. As I said I'm very
sensitive to all communications around security, and always have been.
Second, unambiguous? That doesn't ring true to me. One sentence, the
first sentence, is about what the list is, followed by a whole
paragraph on what it isn't? Maybe, let's start with fleshing out that
first paragraph.

Three times a lady? [1] I think there is an opportunity to be concise,
eliminate the seeding of fear of immaturity and unprofessionalism,
(translate better), and get on with focusing that OpenStack has
dedicated, profession participants.

Future-me will be proud that we have a robust solution (which I feel
like you guys are challenging me to brainstorm on) and that we've
never had a premature disclosure.

How can we get your fantastic expertises humoring me by exploring
solutions rather than throwing down spike strips. Nothing is worse
than the new guy also offering "solutions" [3] when the relevant
issues have already been well considered, often multiple times, and
where the participants likely already have some other solutions that
might be voted up by the context of additional considerations.

Sure though I've thought on this and will make a proposal... another
email to follow shortly.

Thank you,Lloyd
1. I need a list archive that is up to date!2. The opportunity to be
absurd was too tempting. I need to get some sleep.
3. I will always try to articulate a problem first and not provide
solutions much to your possible frustration. Once we have a solution
in our head, we often find the problem to match the solution. By
separating out the possible solutions we will write a stronger report,
create space for alternate solution proposals by other people, and
hopefully reduce the subconscious repulsion experienced by the people
who worked so hard on the current solutions. For my favorite
presentation of this read Chapter 9 “Problems and Solutions” in The
Myths of Innovation by Scott Berkun.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] After each meeting -was- Re: [QA] Team IRC meeting moved back one hour

[Lloyd Dewolf]

It would be dope if after each meeting there was a post to the list
with only the highlights (bait!), and a link to the fully summary, and
the log.


On Wed, Nov 23, 2011 at 8:44 AM, Jay Pipes  wrote:
> Thank you, Thierry :)
>
> On Wed, Nov 23, 2011 at 10:10 AM, Thierry Carrez  
> wrote:
>> Jay Pipes wrote:
>>> Hi QAers!
>>>
>>> So, to make West Coast US folks a little happier, we are moving the
>>> regular Wednesday IRC meeting for the QA team back one hour:
>>>
>>> 9am PST
>>> 12pm EST
>>> 5pm UTC
>>
>> Updated the gCal and http://wiki.openstack.org/Meetings
>>
>> --
>> Thierry Carrez (ttx)
>> Release Manager, OpenStack
>>
>> ___
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
> ___
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Vulnerability Management concerns: negativity & count

[Lloyd Dewolf]

ttx's update on the SEO, information architecture, and technical
documentation issue(s) described in my email "OpenStack Security
Group", 23 Nov 2011,
https://lists.launchpad.net/openstack/msg05646.html has made my day.
With the holiday today in the US, and knowing that our US peers would
likely need to provide coverage for them, I didn't expect momentum on
this until some time next week. Thank you Thierry!

So with that ball excellerating thanks to Thierry's, and I'm sure
other's hard work, I've turned my attention to explore this emotive
topic further -- again, once the external optics and high level best
practices look good to me, or more likely I understand the thinking
behind the equally excellent OpenStack practices, I'll be trying to
stay away from security -- I've already shortened my life too much
from past experiences :-D

So looking at the actual Vulnerability Management team document,
http://wiki.openstack.org/VulnerabilityManagement , I see the result
of thoughtful, fantastic collaboration!


I do have a couple of serious concerns:

A. As my former boss, as of this week, Matt Mullenweg [1] would so
often remind us, "don't be so negative" -- he literally reminded my
VIP Services sub-team of that last week -- it's natural when you are
deep in the trenches. Instead use "Words that Work". [2]

Every sentence in the first paragraph is dripping with negativity
- "will not give prior notice to their employer"
- "not about getting advance notice"
- "reduce the disclosure of vulnerability in the early stages"

What I hear when I read that is that we have the most serious issues
of professionalism among us -- crazy, embarrassing issues! That I've
just jumped into a nest of vipers -- Josh and Chris didn't say
anything about my impending death when they got me to join!
Thankfully, I very much doubt this is the reality! -- it wasn't at the
meetup I was at last night.

So is there a non-negative way of articulating this? *once*


A.2 If somehow this language reflects demonstrated reality, we need to
get the relevant parties *physical* in a room this week, and deal with
this! Let's also remember that the most likely "original reporter" is
one of us relevant parties.



B. Maximum of 3 people. This may have caused my heart to skip a beat.
Is there a reference implementation of this? Who's successes are we
emulating?

Having spent 2 years on Mozilla's private security list in a former
life, and five years being party to every WordPress security issue [3]
only 3 people is madness.

Mozilla private security list was (assume still is) open to membership
to anyone that demonstrated value and professionalism. I consider
Daniel Veditz's [1] Mozilla security team a model security citizen,
and consistent and very successful for at least the eight years I've
been been paying attention. [5]


B.2 But let's assume that there is some real reason to hard code the
membership count. Five years working with Automattic's Technical
Operations Lead Barry Abrahamson [5] -- the best in the business --
has impressed upon me through his leadership and actions It some cases
it can only take a few hours of lack of communication to turn a grey
hat [6] into a bad actor. So let's assume all three members are
available at the time the report comes in, one person owns
communication and collaboration with the reporter, and we hope that
both of the other two [7] have the expertise in the vector area to
rapidly assess the impact and pervasiveness, and now you've lost
another person, who works on IMing, email and phoning the area
exports; one is the loneliest number.

I don't want to give anyone my nightmares, but it is seasonal, let's
not forget that a sophisticated black hat is most likely to launch an
attack during a holiday, or when he knows another crisis is being
dealt with. You think only having three people gives favorable odds
that they are going to be available to respond to the first vender who
is investigating this with their panicked business-on--the-line
customer?

Even ignoring that, do three people alone have the stamina to
investigate and deal with *all* the false reports. ;-)



Sorry, if I'm a little worked up here. Too many exclamation marks,
right? I'm just so excited to be working with you guys and gals, and
want us all to really shine. Once again, I'm very impressed with the
Vulnerability Management document, and once these issues are
addressed, we'll be crushing it!


If I should be discussing this elsewhere please let me know, or want
additional context or thoughts please let me know.

Hope that helps,
Lloyd

--

1. http://en.wikipedia.org/wiki/Matt_Mullenweg
2. The best training material ;-) on this as recommend by Matt, and
which I thoroughly aggree with is is Frank I. Luntz, "Words That Work:
It's Not What You Say, It's What People Hear"
3. WordPress security issues are popular with the press ;-)
4. You may know Daniel Veditz as dveditz
5. http://barry.wordpress.com/about/
6. People just want to be taken seriously ;

[Openstack] OpenStack Security Group

[Lloyd Dewolf]

Hello again,

I'll be starting slowly with looking at documentation and the wiki.

I always look at security first, and then try to stay away thereafter ;-)


Problem:

Currently a Google search for "openstack security issue" returns the
wrong page: 
http://wiki.openstack.org/Governance/Proposed/OpenStack%20Security%20Group
which is a draft and does not provide contact and reporting process
information.


Possibly Solutions:

1. This and other likely search terms should land on a page with the
security issue reporting steps and current known vulnerabilities.

ex. "firefox security issue"
First two results are:
http://www.mozilla.org/security/known-vulnerabilities/
http://www.mozilla.org/security/

2. Identify the webpages that link to the security page(s), and
develop the language for those links.


If I should be discussing this elsewhere please let me know, or want
additional context or thoughts please let me know.

Hope that helps,
Lloyd

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] Contributor Introduction: Lloyd Dewolf

[Lloyd Dewolf]

Hello stackers!

This is an email to introduce myself.

Summary: I'm looking forward to participating in the OpenStack movement! Hooah!

You may know me as my stage name Lloyd Budd [1] from the still hit TV
show WordPress, where I've participated these last 6 years, the last 5
working for Automattic as WordPress.com VIP Services Technical Lead
(pointy haired non-programmer) mostly in support, quality assurance,
and outreach (commenting on blogs, ha!).

One of my favorite experiences in the WordPress community has been the
success of my brainchild "Happiness Bars" support desk [2] at
WordPress WordCamp conferences. Every year (4), I ran the Happiness
Bar at WordCamp SF ( sf.wordcamp.org ) the biggest, and granddaddy of
the WordCamps.

I don't know if we are currently doing these at OpenStack related
community events, but I'd be eager to participate. Later all get some
info in the wiki, and start a separate thread.

You may also know me from the cancelled show Flock, "the Social
Browser". "Web 2.0" poster child that never did well in the ratings. I
was an early team member there, but only stayed a year of it's 6 year
existence. I did a short stint before that working on the un-Netscape,
unopen Netscape 8 browser and 9 -- the team behind it was incredible,
but AOL insisted on a monstrosity and so that is what we created [3].
I did some small Firefox participating along the way.

My career started with 4 years with IBM on a special DB2
Multi-platform (Windows, Linux, Unix) High Availability and Down
Systems team as a Advanced Support Analyst. My OSS participations at
the time were confined to my local LUG -- I am reminded of one gem
where I asked Debian Legal "GPL , what does it mean? -- the name that
is.",  http://comments.gmane.org/gmane.linux.debian.devel.legal/11173
.

I'm hoping this is the gig where I break into film! This week I've
started with Joshua McKenty and Christopher MacGown's Piston Cloud
Computing. My primary role is Advanced Technical Support Lead.

I'm relocating to San Francisco, BC, Canada from Victoria, BC, Canada.
And will be traveling back and forth two weeks at a time until wife
Julia and two incredible young children join me here in March. I still
have lots to do before... I can get paid ;-)

You can find out more about me with a web search on my names, or foolswisdom.

Cheers,
Lloyd

--
1. Legal name until I more recently reverted to my birth name.

2. Originally "Genius Bar", that SM encumbered name not being my idea ;-)

3. Dual rendering engine with live switching -- cookies, history and
all: Mozilla Gecko (Firefox) & Microsoft Trident (IE). It almost made
sense at the time in 2004, where many sites still only worked well on
IE. It was before I came on board, but I'm told the team had to fight
to get the Gecko engine included at all -- imagine what that would
have been, a Netscape with zarro mozilla code.

___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp