Recommended FOSS tools for (software development) teams

In this post I want to collect and share my experiences made with different Free and Open Source Tools, mostly in context of software development teams. The list contains a recommendation for each type of software I’d currently recommend to use in a team. I’m not aiming at providing an extensive list with all pros and cons for each product, but a summary of my personal experiences. That means I’m working with the tools listed below in more than one team, and in general the feedback of the teams is positive. In all cases I worked with alternatives and I honestly feel that can make a recommendation. While old fashioned and hard to use GUIs were plaguing FOSS projects in the past, I do not think that this is a major concern nowadays. In my experience all types of employees can work with the tools listed below. Many of the tools listed below have not as many features as the huge commercial alternatives, but completely fulfill the role they need to.

On a general note I prefer easy to install and maintain software. It’s a huge plus if the software can be installed from a Linux distro repository and is a community driven project (in comparison to driven by a company which sees Open Source as a selling point for its enterprise products). I’m running all tools on Debian servers, which is also community driven and in my opinion a good compromise between stability, maintenance, and up-to-dateness. If the software is not directly available in the Debian repositories, it should be easy to install with all required dependencies and a good installation documentation.

I have a dislike for projects that have a paid enterprise plan, because the vendor often moves important features for teams into the paid versions. Features in paid versions are quite often not FOSS, which makes the concept of using FOSS pointless. (I do think that open source developers need to earn money, but I prefer the support and consulting business model.) Also, the tool should support LDAP for synchronizing teams to simplify permission handling.

  • Chat: Matrix & Element
    While Element feels more like a messenger and less like a team chat, Matrix allows creating rooms which all users on a server can join without invites. At the same time federation/communication with the outside world is fully supported. The GUI is modern and privacy/security features are awesome. While Mattermost is also an awesome community chat, it is missing LDAP in the community version. Rocket.Chat does include LDAP and also works quite well, but frequent glitches are diminishing the overall experience.
  • File sharing: Nextcloud
    Not much to say here. I guess it is the de facto standard and it works well. I usually do disable newer “eye-candy” apps like the Dashboard and Wheather. There is not much need for them in a file sharing tool. Nextcloud is experiencing a growing feature creep in recent years, but as most features are encapsulated in apps, these can be disabled. Many of these new features and not really powerful/helpful and distracting from the main purpose of the software.
  • Kanban: Nextcloud Deck
    When already using Nextcloud, the Deck app is easy to install and a powerful enough Kanban tool. Wekan feels outdated in comparison, but I have to admit that it has more features. However, in my experience the Deck community is extremely active and probably outpacing the Wekan development.
  • Code hosting: Gitea
    Gitea is an awesome and rapidly developing community driven project. Gitlab in comparison is really heavy in regards of maintenance & resource consumption. Also, I feel the GUI of Gitea is much leaner. Also, Gitlab sadly excludes some features from its Community Edition which I feel should definitely be part of it, for example support assignment of multiple users to an issue.
  • Project Management: Redmine
    Not all projects in software development teams are about developing software. Gitea can be used for other projects, but usually the GUI feels off in these cases. I like Redmine, which provides all important features for managing projects of all sizes. The advantage of Redmine over other tools: there is no paid version, and all features are fully FOSS.
  • Helpdesk: Zammad
    Zammad its really easy to use. It can be configured to support more complex scenarios, but the overall focus on lean processes helps to focus on the most important thing: answering the questions of customers.
  • Wiki: Wiki.js
    No team should exist without a wiki to document processes and knowledge. Gitea also provides a Wiki functionality, but this is again focused on supporting software development. Wiki.js has all important features: Markdown (developers like it!) and WYSIWYG support, Backups with git, useful permissions and a modern GUI. The best reason for Wiki.js is the option to fully work with Markdown files in a git repository. If at any point Wiki.js becomes stale, migrating will be very easy. I also like Dokuwiki for its lean interface, which could be used alternatively. However, I think that Wiki.js will be the future.

Debian router with IPv6 prefix delegation, DMZ and dynamic DNS

Recently, I started to set up a Debian Buster based router with IPv6 prefix delegation and two /64 subnets. One subnet is used for desktop clients, the other serves as a demilitarized zone (DMZ) for servers. The Debian router is located behind Fritz.Box home router, which serves as the DSL modem and forwards all external ports to the Debian router. Of course, traditional IPv4 with NAT is also configured. I’m using a dynamic DNS service to access the IPv6 addresses in the DMZ from the Internet. It took me quite some time to figure everything out, therefore I want to share my findings. Of course, this requires that your ISP provides you with more than just one /64 subnet. My ISP provides a /56.

The following diagram illustrates the setup, including interface names on the router:

Regarding IPv4, enp1s0 has the address 192.168.0.2/24, enp2s0 has 192.168.1.1/24 and enp3s0 has 192.168.2.1/24.

First, I had to enable prefix delegation in my Fritz.Box. Coming from the IPv4 NAT world this was something new.

Now with prefix delegation enabled in the Fritz.Box, the Debian router needs to set these prefixes to its DMZ and client network interfaces (enp2s0, enp3s0). This can be achieved with the WIDE DHCPv6 client. (https://superuser.com/questions/742792/how-do-i-deploy-ipv6-within-a-lan-using-a-debian-based-router-and-prefix-delegat was very helpful for me.)

On the router, install it (and all other required packages) with

sudo apt install wide-dhcpv6-client dnsmasq iptables-persistent

Then edit

/etc/wide-dhcpv6/dhcp6c.conf

and set its content to

profile default
{
  information-only;
  request domain-name-servers;
  request domain-name;
  script "/etc/wide-dhcpv6/dhcp6c-script";
};

interface enp1s0 {
    send rapid-commit;
    send ia-na 0;
    send ia-pd 0;
};

id-assoc na 0 {
};

id-assoc pd 0 {
    prefix ::/60 infinity;
    prefix-interface enp2s0 {
        sla-len 4;
        sla-id 0;
        ifid 1;
    };
    prefix-interface enp3s0 {
        sla-len 4;
        sla-id 1;
        ifid 1;
    };
};

Also configure the /etc/network/interfaces like this:

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

allow-hotplug enp1s0
iface enp1s0 inet dhcp
iface enp1s0 inet6 auto
    # Important to accept delegated prefixes
    post-up sysctl -w net.ipv6.conf.enp1s0.accept_ra=2

allow-hotplug enp2s0
iface enp2s0 inet static
    address 192.168.1.1
    network 192.168.1.0
    netmask 255.255.255.0

allow-hotplug enp3s0
iface enp3s0 inet static
     address 192.168.2.1
     network 192.168.2.0
     netmask 255.255.255.0

Now when connecting enp1s0, the delegated prefixes will automatically be set to the internal facing interfaces. The internal interfaces will receive the addresses $PREFIX::1.

Next, I’m using Dnsmasq on the internal interfaces to provide DNS and IPv6 router advertisements. Add the following lines to the /etc/dnsmasq.conf

# IPv4
dhcp-range=192.168.1.50,192.168.1.150,12h
dhcp-range=192.168.2.50,192.168.2.150,12h
# IPv6
enable-ra
dhcp-range = ::1,constructor:enp2s0, ra-stateless, ra-names, 4h
dhcp-range = ::1,constructor:enp3s0, ra-stateless, ra-names, 4h

To manage inbound and outbound traffic between the different network segments. As is common, the green zone only allows outbound traffic, while the DMZ allows inbound traffic to specified hosts. The following configuration demonstrates how to allow inbound IPv6 traffic to specific hosts. The rule can be extended to specific ports as well. To restore Iptables during boot, I’m using the iptables-persistent package. My /etc/iptables/rules.v4 and /etc/iptables/rules.v6 contain the following lines:

# /etc/iptables/rules.v4
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [81:8253]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i enp2s0 -j ACCEPT
-A INPUT -i enp3s0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -i enp2s0 -j ACCEPT
-A FORWARD -i enp3s0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [44:2803]
:INPUT ACCEPT [23:1484]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [24:1535]
-A POSTROUTING -o enp1s0 -j MASQUERADE
COMMIT
# /etc/iptables/rules.v6
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [175:15496]
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -s fe80::/10 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i enp2s0 -j ACCEPT
-A INPUT -i enp3s0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -i enp2s0 -j ACCEPT
-A FORWARD -i enp3s0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d ::2/::ffff:ffff:ffff:ffff -o enp2s0 -p tcp -j ACCEPT
COMMIT

Notice the rule -A FORWARD -d ::2/::ffff:ffff:ffff:ffff -o enp2s0 -p tcp -j ACCEPT. This allows accessing the host in the DMZ from the internet. Now we need to take care that the server in the DMZ always gets the $PREFIX::3 address. This can be done by setting a token with ip. To do this every time the interface is being activated, for example on boot, add the following lines to the /etc/network/interfaces configuration of the server in the DMZ:

iface enp0s31f6 inet6 auto
    pre-up /sbin/ip token set ::2 dev enp0s31f6

To publish the IPv6 address of the server on freedns.afraid.org, I’m using the following crontab line (replace $TOKEN with your private token):

* *    * * *   (IP=$(ip -6 a list dev enp0s31f6 | grep global | awk '{print $2}' | sed 's/\/64//') && wget --no-check-certificate -O - "https://freedns.afraid.org/dynamic/update.php?$TOKEN&address=$IP" >> /tmp/freedns_$HOSTNAME.log 2>&1)

I hope I did not forget any important part. Feel free to ping me if your setup according to this post does not work.

Update 2024: some information about nft suffix matches can be found on https://github.com/opnsense/core/issues/2544#issuecomment-769811809

Arduino Spectrometer with TSL1402R

This is an attempt to build a small, lightweight, cheap, diy spectrometer. This was a part of the MINT Girls Regensburg project in 2015 [1]. The spectrometer was designed to work on a Watterott StarterKit Roboter V2 [2]. The robot can connected to a PC via bluetooth. A Python program can be used to remotely control the robot and spectrometer.

All required .stl-files and source code is published under the MIT license on Github [3]. The page about the TSL1402R on Arduino Playground [4] was used as an inspiration.

The spectrometer itself (without Arduino) can be build for less than 40 €.

Spectrometer mounted to robot

Spectrometer mounted to robot

List of required parts

  • 1x Black drinking straw
  • black tape
  • 3D Printer (e.g. black PLA)
  • printable parts (.stl files)
  • 4x M2,5 x 5mm screws + nuts
  • 4x M2,5 x 10mm screws + nuts
  • 2x M4 x 40mm screws + nuts
  • 1x TSL1402R
  • 4x white LEDs
  • 1x perfboard
  • wires, pin cables, hit shrink tube, etc
  • 1x Arduino
  • 1x diffraction grating 1000 lines / mm (cheap source [5])
  • 1x 2N7000 MOSFET

Circuits

TSL1402R on perfboard

TSL1402R on perfboard

Cut out a 30 x 11 mm piece from the perfboard. Solder the TSL1402R onto it and drill to holes into the corners. The holes should be 25 mm apart. The corners will be used to screw the perfboard onto the angled chip holder.

Solder cables to the TSL1402R like shown in Figure 9 of the datasheet [6] (serial connection). Basically connect pin 13 to 10 and 4 to 8.

Then connect the cables to the arduino.

Description Arduino TSL1402R
 Supply voltage +5V  +5V Pin  Pin 1 (VDD)
 Ground  Ground  Pins 5 (GND) and 12 (GND)
 Signal in  Pin 6  Pin 2 (SI1)
 Clock  Pin 2  Pin 3 (CLK)
 Analog out  Pin A3  Pins 4 (AO1) and 8 (AO2)

The white LEDs can be turned on and off with a 2N7000. Connect Pin 7 of the Arduino with the Gate of the 2N7000. The four (parallel) LEDs can be connected to the same voltage source as the Arduino. Make sure to place a fitting resistor between the source and LEDs.

Case

All required parts for the case can be 3D printed, preferably in black. Additionally you need a (black) drinking straw and (black) tape.

After printing all parts, screw the perfboard onto the chip mount, and fixate the chip mount into the bottom of the case. The position of the chip mount can be adjusted to the left and right.

Cut a small rectangular piece from the optical grating and glue (?) it into the grating mount. One screw holds the grating mount to the front panel, the second screw allows for a few degrees of rotation in order to align the grating to the TSL1402R.

Use the 2 screw holes at the bottom of the front panel to fasten it to the bottom of the case.

Use tape to fix the black drinking straw to the front panel. Make sure that the straw is well aligned with the forward facing opening.

Spectrometer assembly

Spectrometer assembly

Additionally you can glue 4 white LEDs into the holes at both sides of the front panel. Make sure that they focus on a point beyond the drinking straw.

Use a bright light source at the end of the straw to align the TSL1402R and the diffraction grating. After you’re finished with the alignment use the two M4 screw to fixate the case cover. Black tape can be used to seal all slits.

Software

Write the RoboterRemoteControl software into your Arduino. If necessary change the pin layout in the configuration section at the beginning of the file.

The Python3 program qtMissionControl can be used to obtain and print simple readouts from the spectrometer. It requires the libraries PyQt4, numpy and matplotlib. The serial port and baudrate have to be set in line 10 and 11 of the source code.

References

[1] http://www.mint-girls-regensburg.de/

[2] http://www.watterott.com/de/StarterKit-Roboter

[3] https://github.com/sven15/arduino-spectrometer

[4] http://playground.arduino.cc/Main/TSL1402R

[5] https://www.3bscientific.de/strichgitter-1000mm-u21874,p_872_1485.html

[6] https://ams.com/jpn/content/download/250165/975693/file/TSL1402R_Datasheet_EN_v1.pdf

Results

Here are some results for comparison. The images are not calibrated to wavelength (yet).

Light sources

result white LED

result white LED

result red LED

result red LED

result blue LED

result blue LED

result neon lamp

result neon lamp

Reflected spectra

yellow object

yellow object

green object

green object

blue object

blue object

Authors

Emma, Franziska, Sven

Website Mapper

Here is a small python program a friend and I wrote to map and visualize the structure of websites. It is licensed with the BSD license. The programs opens all links in the start address and recursivly searches through all following links. The crawling process may take a long time for more than 1 or 2 recursions. This may cause a lot of traffic for a website, therefore please contact the site’s admin before you run the program.

Download: https://sven-seeberg.de/download/iac.py

It creates a text file which can be visualized by graphviz. The result may look like this or with 2 recursions like this.

The program requires Python 2.7, urllib2 and BeautifulSoup.

Usage:

$ python(.exe) iac.py [parameters]

The required parameters are:
-f [path to result file]
-r [number of recursions]
-n [“title”|”url”] (map site titles or URls)
-u [url to map]

Create a visualization with graphviz:

$ dot -Tsvg result.txt -o sitemap.svg

Using GPS of Ericsson F5521gw in Ubuntu with gpsd

I already tried to use the GPS of my Ericsson F5521gw in my Lenovo L520 a couple of month ago with Ubuntu 12.04 (precise), however it didn’t work out of the box. As the release of 14.04 (trusty) was close, I decided to wait.

However it didn’t work with trusty either. Therefore I decided to dig into the problem. I came up with the following dirty workaround:

First run

$ sudo apt-get install gpsd gpsd-clients wvdial

Edit the /etc/wvdial.conf to look like this:

[Dialer Defaults]
New PPPD = yes
Stupid Mode = 1
Modem Type = USB Modem

[Dialer gps]
Modem = /dev/ttyACM2
Init1 = AT*E2GPSCTL=1,5,1
Init2 = AT*E2GPSNPD

Now we can begin to start gpsd. First establish a connection to your mobile provider with the network manager (upper right corner in Unity).

Then create a pipe somewhere and use wvdial to setup the GPS:

$ mkfifo /root/gps_pipe

$ wvdial gps

The GPS should now transmit data on /dev/ttyACM2. You can have a look at it with “$ cat /dev/ttyACM2”. Stuff the output into the pipe and start gpsd in read only mode:

$ cat /dev/ttyACM2 > /root/gps_pipe

$ gpsd -n -N -D4 -b /root/gps_pipe

If cat stops, just restart cat. If gpsd throws an error, restart it as well. It should work after a couple of attempts. If there is any better solution, you’re welcome to contact me.

[Update] Fix for the cat error: run gpsd with a user that has no write rights on the pipe. I created a pipe in tmp as root

$ mkfifo /tmp/gps_pipe

The pipe should have only read rights for others. Then I can execute gpsd as a normal user and cat does not stop:

$ gpsd -n -N -D4 -b /root/gps_pipe

I used the following ressources:

[1] http://www.thinkwiki.org/wiki/Ericsson_F3507g_Mobile_Broadband_Module

[2] http://forum.ubuntuusers.de/topic/gps-mit-ericsson-mbm-f3705g-einrichten/

[3] http://sourceforge.net/apps/mediawiki/mbm/index.php?title=MBM#GPS_Control_.28mbm-gpsd.29

[4] http://www.tjansson.dk/2009/01/using-the-builtin-gps-in-a-thinkpad-x200-under-linux/

Installing Ubuntu 12.04 server/alternate on computer with NetXtreme ethernet controller

I tried to install the ubuntu server edition of 12.04 on a HP ProLiant DL 385 G1 with a Broadcom NetXtreme BCM5704 ethernet controller. The setup just stops while detecting the hardware. It took me quite some time to figure it out, but here’s what you need to do:

1. disable Floppy controller. Don’t ask me why, it’s definitely weird.

2. copy the tg3_tso.bin corresponding to your kernel version on an USB pen drive in a folder called “tigon” and on the USB pen drive root folder (I’m not sure which location, so just copy it into both). You can get the file from the linux-firmware package. If you already have a running Ubuntu machine, you can find the file in /lib/firmware/tigon

3. Start the Ubuntu alternate/server setup and plug in your usb pen drive as soon as the first dialogue appears.

4. Now everything should work as expected. If the installer doesn’t find the tg3_tso.bin, you can manually mount the USB pen drive and create a symlink of the tg3_tso.bin to /lib/firmware/tigon/tg3_tso.bin

This solution should work for all Debian based setups.

Server/Dienst monitoring (mit notify-osd)

Mit diesem PHP-Script kann man die Dienste von (mehreren) Servern im Auge behalten. Das Script ist nichts besonderes und prüft nur, ob der Port geöffnet ist.
Es gibt sowohl eine Web- als auch eine CLI-Version. Die CLI-Version schickt eine Benachrichtigung in die Notification area (in Ubuntu / Linux mit notify-osd).
Download, Lizenz: GPL

Welche Server-IP und welche Ports geprüft werden, kann man im Script selbst editieren. Dort sind ein paar kommentierte Arrays enthalten, die personalisiert werden sollten.

Für die Commandline werden in Ubuntu die Pakete php5-cli und libnotify-bin benötigt. Ein beliebiger Parameter an das CLI-Script führt dazu, dass am Ende “es funktioniert alles”-Meldung kommt, falls keine Probleme gefunden werden.

$ port_status_cli.php foobar

Wer dann ständig auf dem laufenden gehalten möchte, fügt sich am besten einen cronjob hinzu.
Beispiel für alle 15-minütigen Check: (zB. neue Zeile in die /etc/crontab)

0,15,30,45 * * * * myusername DISPLAY=:0.0 port_status_cli.php

Die Variable DISPLAY muss übergeben werden, sonst weiß notify nicht wohin mit der Meldung.

Screenshot CLI-Version (Hostnames verschmiert)

Screenshot Web-Version: (Hostnames verschmiert)

Tagesschau Nachrichtenticker für notify-osd

Wer immer die aktuellen Nachrichten aus dem tagesschau.de Nachrichtenticker in seiner Notifications-Ecke angezeigt haben möchte, kann folgendes Skript runterladen:
tagesschau.py Lizenz: GPL

Anleitung für Ubuntu
Starten per Alt+F2: “/pfad/zum/speicherort/tagesschau.py” eingeben.

oder für das Terminal:

$ wget sven-seeberg.de/tagesschau.py
$ chmod +x tagesschau.py
$ ./tagesschau.py

Und wer es gleich richtig “installieren” möchte:

$ sudo mv tagesschau.py /usr/local/bin/

Dann braucht man nur noch Alt+F2 drücken und kann dort (mit Autovervollständigung) “tagesschau.py” eingeben. Einen Anwendungsstarter kann man sich natürlich auch anlegen.

Nachrichten über Growl auf Mac/Windows
Die nötigen Dateien und die Anleitung kommen von Felix Heilmeyer.

1) Installiere Python (http://python.org/download/)

2) Installiere Growl
(Mac: http://growl.info/
Windows: http://www.growlforwindows.com/gfw/default.aspx)

3) Skript-Paket herunterladen
Der Ordner gntp kommt von https://github.com/kfdm/gntp/, growlnotify von http://growl.info/extras.php#growlnotify

4)
Auf dem Mac:
In beliebiges Verzeichnis entpacken. “start.command” ausführen. Bei
Bedarf unter Systemsteuerung -> Benutzer -> Startobjekte eintragen. Zum
beenden “stop.command” ausführen (Vorsicht: beendet alle
Python-Prozesse, nicht benutzen, wenn andere Python-Programm ausgeführt
werden).

Windows:
In den Python Installationsordner entpacken (meistens C:\Python27) und
“start.bat” ausführen. Bei Bedarf Verknüpfung mit der “start.bat” im
Autostart anlegen (zu finden im Startmenü). Zum beenden “stop.bat”
ausführen (Vorsicht: beendet alle Python-Prozesse, nicht benutzen, wenn
andere Python-Programm ausgeführt werden)

5) Wer möchte kann sich noch das Tagesschau Favicon in den Ordner legen, dann wird dieses in den Notifications angezeigt (http://www.tagesschau.de/favicon.ico)

Teaser (in Ubuntu):