I’m an old fart but relatively new to so-called “meetups” – organized meetings for people with a common interest. I think it was Ton who first dragged me to one, and I seem to recall going mainly because it was to be followed by a rijsttafel; I could not resist.

I didn’t regret going to the meetup – quite the contrary – and I’ve since been to several, but it’s dreadful how low the turnout typically is. I’ve verified my numbers with some of the organizers of prior meetups:

  • Nijmegen: 30% no-shows.
  • Hilversum: 50% attendance; masses of food had been ordered, and I helped chuck large amounts of it out.
  • (location): less than half of people who said they’d attend.
  • another meetup in city X recently had 175 RSVPs but only 75 in attendance.

Andreas, a student I once had, came up with the idea of an Ansible meetup in Hannover and asked me whether I’d do the honour of attending. I promised I would and that I’d prepare a presentation. He took upon himself the trouble of organizing a location, etc.

tweet announcing start of meetup

I spent a couple of hours thinking up some possibly controversial content to present, created and worked over slides, and dragged swag along which had been sent me for this purpose by Carol. Of fifteen (15) people who had signed up and said they would come, only six (6) turned up (spoiler: I didn’t show either!). One of the no-shows wrote me a message 50 minutes before the scheduled begin that he couldn’t due to “family obligations”.

There have been suggestions on how to get people to actually show when they’ve signed up, such as “charge EUR 10 and reimburse when participants show”, but that’s a bit of an administrative nightmare, even though there would certainly be charities who’d welcome the no-show tenners…

Many of the meetup organizers go to a lot of effort to reserve spots and maybe even organize and possibly finance drinks and food. No-shows mean the effort and expense are wasted, and the food is also wasted. Adding insult to injury, by reserving and not showing, you are denying somebody else a chance to attend.

Ton brought in a new suggestion which goes a bit like this:

To prevent this from happening we are working with the following “no-show” principle:

  • If you register and cancel on the day of the meetup or the day before, you get a “yellow card”.
  • If you end up with two “yellow cards” you will be denied access to the next two (2) meetups.
  • If you have a “yellow card” and register and show up, the yellow card is removed from your name, and you restart with a clean slate.

Carol’s already handed me my first yellow card for not showing in Hannover:

JP, sorry to hear you were not able to make the Hannover meetup after all. As a consolation, you get a yellow card! (j/k…)

She’s right: the reason for no-show doesn’t matter; I get the card. Carol was also saying that anecdotal data suggests that in general less than 50% of people who RSVP ‘yes’ actually show up.

Bas wrote:

note, that the value of meetups is beholden by the people that do show up, if only a handful it adds depth to the conversation. … yet the wasted money and spilled food and the extra time spent removing the goodies from the empty seats feels a bit lonely.

It’s impolite. It’s demotivating. It’s disgraceful.

Most of us don’t just not show up to a party we’ve been invited to; let’s think of Meetups as parties, which they often almost are. People invest personal time to present an idea, open a discussion, and maybe even teach something. Show some respect for that, please, by showing up when you’ve said you will.

my first yellow card

P.S.: I’ve been given my first yellow card for not appearing at the Hannover meeting. I alloted two hours to drive the 110 kms (which is more than ample for that stretch; I detest arriving late), but actually required over four hours for the first 60 kms. There was a massive Stau when the A2 was closed down for the night, and I was in it; luckily I escaped and could return home after seven hours. I am dreadfully sorry to have basically killed this meetup; I’ve apologized to Andreas, and I’ve volunteered to attempt this anew.


  • Paul writes: Those numbers tally with my experience, usually 30-50% dropout for free events.
  • Tobias says: I see the same at our Cloud Native Meetups. This observation sadly applies to Switzerland as well.
  • John writes: I’ve just checked the London numbers. That hovers around 50% (which is 80 people).

meetings :: 14 Sep 2019 :: e-mail

I discovered the OnlyKey via this post on Mastodon, and the description of the device tickled a fancy, so I ordered one. While the ordering process went as smoothly as ordering processes sometimes go, I was a bit confused about having ordered something at “OnlyKey”, receiving a confirmation mail from a company called “CrytpTrust” and finding an envelope marked and posted by “Amazon”. I wrote to the people requesting an invoice (because I didn’t get one!) and their email address is “crp.to”. All those different names don’t specifically convey “trust” to me.


The red protective case I ordered was a €8 mistake: I thought I’d been led to believe the OnlyKey base product didn’t have one, but returning to the product page now, I clearly see indicated that it does come with the black one.

the key assembled

The documentation is adequate, but I cringe at the PDF document which is a link to an HTML to PDF conversion site…

The software works well: I used the OnlyKey desktop app to avoid the strange-sounding setup via the Chrome browser. The desktop app exists for macOS, Windows, and Linux (.deb). Due to the fishy-looking domains I mentioned above I actually checked the SHA checksums of the downloads; names are important. :-)

In order to setup the OnlyKey, I run the desktop app and follow instructions to set up a PIN for each of the two profiles the device offers. When I later insert the key into a computer, I unlock the device by entering the PIN, and the device indicates happiness via a bright colourful LED. You’ll note the PIN pad has six pads only, numbered 1 through 6, so that limits the combinations I can use, and I found it a bit confusing the first ten times because muscle memory dictates where zero and nine should be, but they’re not.

Each OnlyKey slot can be configured to send (it acts as a keyboard when I later tap on one of the six pads) a URL, delays, TAB characters, usernames, and passwords, and each slot can have a label. The idea is I take a card along in my wallet with the labels. Nice detail: if I touch pad 2 for 5+ seconds and let go, the device “types” the labels at me (use cat, notepad.exe, or whatever to grab them). My use-case is not to have the device paste URLs and whatnot, but just a single password or two.


So far I’ve experimented with simple passwords only, but it appears to support TOTP via Google Authenticator or Yubikey OTP as well, in addition to being OpenPGP compatible and a “plug and play encryption device”. These features are explained in the documentation. There’s also an OnlyKey SSH/GPG agent which looks as though it could work; unfortunately the documentation suggests using keybase.io to generate keys which is a shame. Basically what one has to do is to copy/paste a private RSA key onto the OnlyKey.

When traveling to specific countries the International Travel Edition might come in very handy:

OnlyKey allows the use of a hidden profile (Primary standard profile) and a fake profile (Second profile set to plausible deniability) that essentially provides a cover story. If compelled to unlock an OnlyKey the fake profile can be activated by entering the second profile PIN code. The goal of this feature is that there is no proof that the first profile even exists.

The plan for this device, is for it to be programmed with a few passwords on it and to use it in case of emergency or death to unlock other password stores, and as far as I can tell after a couple of hours, it fits the bill perfectly for that, and I appreciate that the data on the OnlyKey can be backed up and later restored.

passwords, security, and hardware :: 26 Aug 2019 :: e-mail

I frequently present during conferences or when giving trainings, and during the course of several years I’ve been very satisfied with a laser pointer which fits in my hand comfortably and can page-forward and page-backwards. The only issue I had with the device was a press on the laser in Terminal produced ugly escape sequences, but I killed those with Karabiner-Elements years ago.

What more could I want?

Well, I’m being confronted more and more frequently with TV panels instead of projectors, and the laser pointer doesn’t reflect off the panels.

I think it was Gerrit who, last year, showed me an equivalent solution, but it was then Bernd who, during a small demonstration, convinced me to opt for a Logitech Spotlight, which I did. I was afraid the software would suck, but it’s ok other than consuming quite a bit of CPU (5%) even when the Spotlight isn’t plugged in.


The device is pleasant to hold and the buttons are fine. I’ve configured it for a “laser highlight” only because using multiple different software pointers was confusing. Viewers also like the new pointer, and in particular, somebody who has a red/green deficiency convinced me to change the pointer’s color to a blueish, and he was then very happy!

blue laser

There’s one thing which is naturally unnatural: as a speaker, when I’m about to point at something with a real laser, the hand goes to the right direction before pressing the switch; this means the light comes on pretty much exactly where I want it. Using the Spotlight, this doesn’t work because only the software knows where the marker was last positioned, so I have to first press the light on and then drag the marker to its intended destination, wobbling and all. It takes a bit of getting used to, but I’ll manage.

I decided to solve the dilemma easily: I pack both, and if I’m given a projector with a laser-compatible screen I’ll use the laser and for a TV panel I’ll use the Spotlight.

presentation :: 04 Aug 2019 :: e-mail

I tell people that my first contribution to the Ansible project was killing off the cows, but while researching for this post, I see memory fails me: the first written record of me contributing to Ansible is dated a bit earlier, on September 4th, 2012, but that doesn’t matter. By the way, it was quite a bit later that the cow thing became configurable. Be that as it may, it’s been almost seven years – a long time and a good time.

I’ve contributed a number of modules to Ansible, quite a few lookup plugins, documentation patches, and the piece de resistance was the documentation (a.k.a. ansible-doc) system which is still used today. I recall sitting on the floor in a conference center in Boston getting ready to push what I lovingly called a “jumbo patch” which would target each and every module: I had Michael’s ok that he wouldn’t commit anything for 24h so that my patch would apply cleanly. It was very exciting for me, having to wield a new utility (git) and hoping I wouldn’t mess anything up. A lot of adrenalin flowed. Good times.

Ansible’s grown enormously since then, and I’ve not always been able to pay attention to it as much as I’d have liked to, but I’ve used it and have also had the pleasure of training a large number of people in using Ansible. In the course of the last two or three years, I’ve met two hundred people interested in how Ansible works. That is a lot.

During that time I’ve occasionally commented on a pull request, responded to an issue, and I’ve even submitted at least one new lookup plugin for consideration: it’s the lmdb lookup plugin.

I’m telling you this story to set a bit of background for what follows and to demonstrate that Ansible is a project I’ve been very fond of.

If you look at that last link, you’ll see I submitted it two years ago, in May 2017. Since then, I’ve had to rebase the plugin once because of changes which made it unmergeable. Judging by labels added (by a human?) the plugin affects Ansible version 2.4 (current is 2.8.1), and it needs all sorts of things like a maintainer (huh?), a revision, tests, and whatnot. Does that mean I should leave it as is? Does that mean I should just close the PR and forget about it? I don’t know. I do know one thing: I will not rebase it again, and the powers that be must just as well close the PR as I’ve completely lost interest in it.


Ansible is a hugely popular project; it’s approaching 38K stars at the time of this writing, and it has 16K forks. I don’t know how many people Red Hat has working for Ansible, but I guess there to be several committers, and I know some of them by name and a couple personally.

In my opinion they’re being inundated.

At this time Ansible has 3900 open issues, and 1900 open pull requests. The oldest open PR is dated March 2015, and the oldest open issue is two months older. Never ever will it be possible to process all that, if only because the code has changed so much meanwhile that most of the PRs can likely no longer be applied cleanly, and I would think a lot of the issues are no longer even valid. What I also expect is that many (possibly first-time) contributors have meanwhile lost interest in their contribution just as I’ve done for the lmdb lookup plugin.

I was at a customer site recently a fortnight ago, and we had a devil of a time because it appeared that the archive module was omitting files from an archive. Hard to believe, I know, but an empty file gintonic in a directory-to-be archived, never appeared on the target hosts. What?!

After a lot of testing, and upon beginning the tedious process of submitting a bug report, I discovered this bug was already reported in January 2018. 1.5 years ago. This module error is not just some cosmetic thing of a feature request. It is a bug which causes data loss, and somebody added a waiting_on_contributor label to it, and I am starting to wonder how long the wait is going to be, particularly since a kind newcomer provided a fix in February of this year. (It also saddens me that this contributor may have been frightened off by being requested to provide integration tests for the fix.) To be fair, the archive module is a module maintained by the community which its documentation clearly states; not being a core module, the Ansible project proper is not responsible for it. So Ansible includes batteries but some batteries are not be as powerful as others?

This is but one example which I use as it’s the one which happened most recently to me.

In the course of the past year I’ve spoken to a small handful of Red Hat people about this. Unofficially I see a lot of nodding, and I see some organization which has taken place in the project (repositories, communities, etc.), but I don’t see PRs and issues diminishing in great numbers which could, of course, be due to an ever increasing number of submissions.

I proposed a dramatic and drastic solution: close the 4000 issues, close the 1900 PRs, and start over. Explain why this is being done. (It’ll be less painful to have a week of bad press than permanent bad press.) Have people begin to raise issues and PRs again. Brutally close whatever makes no sense. Merge the PRs quickly after a group of peers have OK’d them. (e.g. 3 peers apply an OK, the PR gets merged, somewhat how the OpenBSD project does it, I think). If an issue remains unchanged for, say, 3 months, or a PR remains without activity for that time, it’s marked as stale and will be closed after a short grace period. Ansible is an Open Source project backed by a strong company. I for one would much prefer to be told “no, we don’t want that” than to be left hanging and guessing.

Ansible users are telling me their trust in Ansible is diminishing: every release brings breakage (e.g. for Solaris, OpenBSD, a lot of non-Linux). PRs are not being merged in a timely fashion, and issues are not being solved. (Here’s an example of an issue addressed to me, and I have clearly ignored it.)

This makes me very sad.

Ansible Communities was an attempt by Dag Wieers to give people a trusted process and some privileges to work independently on sets of.modules, but it’s not got a lot of traction, unfortunately.

The new Ansible Collections, proposed in Ansible 2.8, could alleviate the situation with modules by moving the modules to Galaxy and to people’s repositories. This would mean that Ansible in future might just be a core with a minimal set of modules. My worry is that the number of disparate versions of a particular module will explode: contributors will go away, there’ll be no central module repository and that can mean dozens of versions of a particular module, each will different features and/or patches. For example, searching Galaxy for apache server filtered by Role produces 869 results, not all of which really are an Apache server, and there are 10 roles to install an Mosquitto broker; that’s a lot of choice… And many users I speak to in Europe are quite uninterested in Galaxy; are you really willing to pull configuration code you didn’t write to blindly deploy onto your servers? I smell lots of cake ;-)

On the plus side, moving most of the modules out of Ansible will make core developers happier, as they don’t feel responsible for the dozens of contributed modules anyway. All the more reason to clear out the large number of issues and PRs.

Let’s see what happens.

Update: Ansible responds to my blog post: Thoughts on restructuring the Ansible project.

ansible :: 21 Jun 2019 :: e-mail

Wherever possible I use vi or a newer incantation of it called vim, but I try to stick to low common denominators so that my editing is “portable” across platforms.

I learned vi the hard way, on a terminal for which (thankfully) no cursors or function keys were defined in termcap/terminfo. This forced me to spend a quarter of an hour practicing and learning that l or <space> moves the cursor to the right and j moves it down. (And that J is something completely different.)

The worst part of my learning experience was the bell: I couldn’t turn it off on that terminal, and it drove me crazy the first day. I quickly understood command mode and text enter mode in order to avoid the beep, and I’ve not looked back.

Why “thankfully” no cursor block? The . command works properly, movement (65l or 7W) becomes easy. Finding a $ in the line becomes f$ or reverse F$, and performing a bunch of changes (but not global search/replace) becomes /search, then a change, say, cwblablaESC, then n next and n next, and finally . to repeat whichever change I did last (yes, also deletes, or appends, or inserts: any change).

I think for close on twenty years I had a .exrc which consisted of two lines:

:set ai
:ab KK /*x */ESCFxs

A few years ago I went all out when I started doing Python, and my .exrc became a .vimrc which still contains those two lines plus

filetype plugin on
" au BufRead,BufNewFile *.py set expandtab
" au BufRead,BufNewFile *.py set tabstop=4
" au BufRead,BufNewFile *.py set backspace=indent,eol,start
" autocmd BufRead,BufNewFile *.py set smartindent cinwords=if,elif,else,for,while,try,except,finally,def,class

There have been times when I’ve been a bit jealous of people who master Emacs: the fact that they can, from their editor, read mail, post news (Usenet news; you probably don’t know what that is), and do all sorts of crazy things tempted me to learn it, and I have done a bit of that: I tend to write up notes in Org mode, but I’ll confess that muscle-memory for vi commands is an order of magnitude more developed than it is for emacs.

I’m writing this to drive home that whatever editor a person uses is fine, as long as that person utilises the editor properly, and if you’re good with Microsoft’s VS-Code, I might be in awe at what you can do with it. (Although you need a graphical terminal; I don’t.)

I give lots of trainings, and I almost literally cry when I see people stumbling in vi, hitting ESCape three times after adding a bit of text, adding a character by inserting, then ESCaping, then moving back a key deleting the superfluous character – it’s horrid. It’s almost as bad as watching people go up 17 times in their shell history to find .. ls. (There have been cases of me honestly yelling at people for doing that, but I fear they’ve forgiven me meanwhile.)

Use a text-editing utility that you can handle and like to use. Unix has lots of editors. I’m not going to say ed(1), but there’s Nano and Pico and mg, and loads of them. Use one which is convenient and simple to wield. Become proficient in editing. Please.

If you don’t have the time or the patience to learn vi or emacs, don’t; you’ll find I’ll respect you more if you stick to notepad.exe, nano, or whichever. :-)

Way back then, I also learned how to exit vi, and that was not using :wq! because that broke how make works and incremental backups again picked up files which didn’t have their content modified. If you use vi, learn about ZZ or :x and save on a key press… It’s all about being efficient when editing text, and :wq still does things you need to be aware of.

I wrote a 700-page book using vi. True story.

utility :: 15 Jun 2019 :: e-mail

Other recent entries