Technology « David Currie

Archive for the ‘Technology’ Category

Updating the symbol set and magentic north with OpenOrienteering Mapper

Sunday, June 15th, 2025

I spend a couple of hours a week hanging around the leisure centre at Fleming Park while Emma swims. For the past month or so, I’ve been using that time to update the orienteering map of the area, ready for the SOC Summer Series event there in August. The fairways of the old golf course are becoming increasingly overgrown, aided by the planting of lots of new trees. I therefore wanted to update the map to the latest sprint specification, ISSprOM 2019-2, so that I could make use of the ‘rough open with scattered bushes’ symbol. Although it hasn’t shifted much since 2016, I thought it was also time to update magnetic north.

The following directions for OpenOrienteering Mapper (OOM) are based on those I received from the club’s mapping officer, Mark Light.

Updating the symbol set

Download and unzip the latest symbol set from the British Orienteering website.
To make your life easier in step 4, delete any unused symbols from the map.
1. Right-click on the symbol palette and click Select Symbols > Select Unused.
2. Right-click on any unused symbol in the palette and select Delete.
Select Symbols > Replace symbol set… and select the
appropriate scale set of icons from the download in step 1. If, as in the case of this map, the scale doesn’t match, you’ll get a warning.
Provide a mapping for each symbol in the old set to the new.
1. You can use the Symbol mapping dropdown at the bottom of the dialogue to determine whether it matches by textual name or ID number by default.
2. Work your way down the list, checking where there is no mapping specified. If the old symbol is something custom that you want to carry across, for example, text for a legend, leave the selection as -None-. Similarly, if you’re not sure what it should translate to, just take a note of the number and leave it as -None-.
3. Click OK.
Map any symbols you were unsure about
1. Right-click on each symbol in the symbol window and click Select all objects with this symbol.
2. If you can now work out what they should be mapped to:
  1. Select the new symbol in the symbol window.
  2. Click the Switch symbol icon in the toolbar.
  3. Right-click on the old symbol and select Delete.
Particularly for any custom symbols you’ve carried across, check that they are still visible on the map. It may be that, as with this map, they have been given a colour that is now lower down the colour table than some symbol that appears above them. Either double-click on the symbol and edit it to use the correct colour from the specification, or select View > Color window and re-order the colours so that the symbols reappear.
If, in step 3, you received a warning about the symbol and map scales not matching, now is the time to fix that.
1. Select Symbols > Scale all symbols….
2. Enter the scale percentage. For example, when using 1:4,000 symbols on a 1:5,000 map, enter 80%.
3. Click OK.

Updating magnetic north

Determine the magnetic declination applicable to your map.
1. Open this website in a browser.
2. Drag the marker to the location of your map and note the current magnetic declination. OOM will only accept two decimal places, so don’t worry too much about the exact position of the marker.
Ensure that the map is correctly georeferenced with the correct projection, in our case, the Ordnance Survey British Grid (EPSG 27700). These settings can be found under Map > Georeferencing….
If it doesn’t already exist, create a new ‘part’ in OOM for the map furniture (borders, legend, north lines, and anything that shouldn’t change with magnetic north).
1. Select Map > Add new part….
2. Name the part Furniture.
3. Click OK.
4. A new dropdown appears in the toolbar showing the currently selected part. Select the default part.
5. Select the items that make up the furniture, either on the map or via their symbols. Select Map > Move selected objects to > Furniture. Repeat until all of the furniture is in the new part.
6. Under Map > Georeferencing… enter the declination you retrieved in step 1 and click OK. This will rotate all parts of the map to account for the current position of magnetic north.
7. Now you need to rotate the furniture back.
  1. Select the Furniture part.
  2. If you don’t already have a grid displayed, select View > Show grid.
  3. Select Tools > Rotate objects and rotate the furniture part to align with the grid.

Posted in Orienteering, Technology | No Comments »

Helm: for better or worse?

Monday, June 9th, 2025

A few weeks ago, one of my colleagues at JUXT gave a presentation on Helm, and this started me thinking back over my own experiences with the tool. It appears I already had a lot to say on the subject back in 2018! Since then, I’ve made extensive use of Helm at CloudBees where we had an umbrella chart to deploy the entire SaaS platform, and at R3. It’s that latter experience that I’m going to talk about in this post.

Helm and Corda

The main Helm chart in question is the one for the R3’s Corda DLT, which you can find on GitHub. The corda.net website has, unfortunately, been sunset, but my blog post describing the rationale for using Helm is still available on the Internet Archive. Another article explains how the chart can be used, along with those for Kafka and Postgres, to spin up a complete Corda deployment quickly.

As an aside, it was a conscious decision not to provide a chart that packaged Corda along with those Kafka and PostgreSQL prereqs. The concern was that customers would take this and deploy it to production without thinking about what a production deployment of Kafka or Postgres entails. Not to mention wanting to make it clear that these were not components that we, as a company, were providing support for.

As a cautionary tale: despite its name, the corda-dev-prereqs chart referenced in that last article (which creates a decidedly non-HA deployment of Kafka and PostgreSQL) found itself being deployed in places it shouldn’t have been…

More Go than YAML

Whilst the consumer experience with the Helm chart was pretty good, things weren’t so rosy on the authoring side. The combined novelty of Kubernetes configuration and Go templating was just too much for many developers. While some did engage, ownership of the chart definitely remained with the DevOps team that authored the initial version, rather than the application developers.

The complexity of the chart also ramped up rapidly. With multiple services requiring almost identical configuration, we soon moved from YAML with embedded Go to Go with embedded YAML! That problem is not unique to Helm; I remember having the same issue with JSPs many moons ago.

The lack of typing, combined with the fact that all functions return strings, started to make the chart fragile, particularly without any good testing of the output with different override values.

Two charts are not better than one

If you look at the GitHub repository, you might wonder why most of the logic for the chart sits in a separate library chart (corda-lib) on which the main corda chart depends. What you can’t see is that we had a separate Helm chart for use by paying customers. This was largely identical to the open-source chart, but included some additional configuration overrides. The library chart was an attempt to share as much logic as possible between the two.

What we couldn’t share was the values.yaml itself and the corresponding JSON schema, and as a consequence, there was always a certain amount of double fixing that went on. What we really needed was a first-class mechanism for extending a chart.

Helm hooks

Although there were other niggles, the last issue I’m going to talk about is the use of Helm hooks. Corda has two mechanisms for bootstrapping PostgreSQL and Kafka: an administrator can use the CLI to generate the required SQL and topic definitions, or the chart can automatically perform the setup when the chart is installed. We expected customers to use the former mechanism, at least in production, but the latter was used in most of our development and testing, and by the services team in pilot projects. The automated approach used a pre-install hook to drive a containerised version of the CLI to perform the setup.

So far, so good. We then started to look at using ArgoCD to deploy the chart. ArgoCD doesn’t install Helm charts directly, instead, it renders the template and then applies the Kubernetes configuration. It does have some understanding of Helm hooks, converting them into ArgoCD waves, but it doesn’t distinguish between install and upgrade hooks. This would lead ArgoCD to try to rerun the setup during an upgrade.

Now, here some responsibility must lie with the Corda team, as those setup commands should have been idempotent, but they weren’t. The answer, for us, was to use an alternative to ArgoCD (worth a separate post), but our customers might not have the luxury of that choice.

Summary

Does all of the above mean that I think Helm is a bad choice? As always, it depends. For ‘packaged’ Kubernetes configuration, I still believe it’s a better choice than requiring consumers to understand your YAML sufficiently to be able to apply suitable modifications with Kustomize. In particular, pushing Kustomize is opening up your support organisation to having to deal with customers basically using any arbitrary YAML to deploy your solution.

In the case of Corda, we underinvested in building the skills to make the best of Helm. Fundamentally, though, I’d suggest that we simply outgrew it. If I were still working on its evolution, the next step would undoubtedly have been to implement an operator and write all of that complicated logic in a language that properly supports testing and reuse.

Posted in Kubernetes, Work | No Comments »

WordPress is broken by PHP in Jammy update

Saturday, August 3rd, 2024

This blog has been a bit neglected for the last few years. I miss the opportunity to reflect on something I’ve done and write up those thoughts. We’ll see whether this is a one-off or the start of something new!

The first task was to make sure everything on the site was up-to-date. WordPress does a pretty good job of automatically applying security fixes but the Ubuntu VPS needed an upgrade. The update to Jammy went smoothly enough but attempting to access the site showed the WordPress PHP source. The enabled modules for Apache showed a couple of broken symlinks to PHP 7. After enabling those for PHP 8.1, I saw a WordPress error page: There has been a critical error on this website.

The WordPress PHP compatibility matrix indicates that there are still exceptions with PHP 8 versions. Time to get PHP 7 back…

sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php7.4
sudo apt install php7.4-common php7.4-mysql php7.4-xml \
  php7.4-json php7.4-mbstring php7.4-gd php7.4-curl
sudo update-alternatives --config php

sudo add-apt-repository ppa:ondrej/php

sudo apt update

sudo apt install php7.4

sudo apt install php7.4-common php7.4-mysql php7.4-xml \

php7.4-json php7.4-mbstring php7.4-gd php7.4-curl

sudo update-alternatives --config php

Then re-enable the PHP 7 Apache modules:

sudo a2dismod php8.3
sudo a2enmod php7.4
sudo apachectl restart

sudo a2dismod php8.3

sudo a2enmod php7.4

sudo apachectl restart

With the site rendering again, I thought I was done but on posting this entry the dreaded critical error reappeared. Looking again at the Apache error logs, /var/log/apache2/error.log revealed errors in lightbox-plus and crayon-syntax-highlighter of the form Compilation failed: invalid range in character class. From PHP 7.3, hyphens need to be escaped in regular expressions. I could have rolled the PHP version back further but decided to patch the offending files. (I probably need to review the plugins in use on the site and remove those that are no longer supported.)

And, finally, we’re back in business!

Posted in Hosting | Comments Off on WordPress is broken by PHP in Jammy update

Update time

Thursday, September 5th, 2019

WordPress has been nagging me for some time that I needed to update the version of PHP this blog is running on and, in particular, Jetpack had finally given up on me. The sticking point has been that the Digital Ocean droplet it’s running on has been stuck back on Trusty Tahr and a previous attempt to upgrade it had gone awry.

I finally took the plunge and set up a new droplet running Bionic Beaver and eventually found the right combination of PHP modules to get everything running again. Whilst I was at it, I ticked another item off my todo list and enabled TLS (trivial with the aid of Certbot and Let’s Encrypt). A late evening but nothing too painful.

On the downside, when I first set the blog up (back in 2005) I used Gallery to manage images. The WordPress plugin died a while back but the Gallery install itself failed to play nicely with the new PHP version. As a consequence, the item to write a script to locate all those <wpg2id> tags and replace them with the appropriate images still remains very much on my todo list. Oh, and then there’s all those GPX files that were being displayed with Google Maps…

Posted in WordPress | Comments Off on Update time

Knative Intro @ Devoxx UK

Thursday, May 30th, 2019

I presented an introduction to Knative at Devoxx UK, the recording for which can be found below. I’m afraid I deviated somewhat from the abstract given the changes to the project in the five months since I submitted it. With only half an hour, I probably shouldn’t have tried to cover Tekton as well but I wanted to have an excuse to at least touch on Jenkins X, however briefly! The demo gods largely favoured me except when hey failed to return (not the part of the demo I was expecting to fail!). The script and source for the demo are on GitHub although I’m afraid I haven’t attempted to abstract them away from the Docker Hub/GCP accounts.

Posted in Kubernetes, Work | Comments Off on Knative Intro @ Devoxx UK

Debugging with Telepresence

Monday, February 11th, 2019

I’ve spent the last few days trying to debug an issue on Kubernetes with an external plugin that I’ve been writing in Go for Prow. Prow’s hook component is forwarding on a GitHub webhook and the plugin mounts in various pieces of configuration from the cluster (the Prow config, GitHub OAuth token and the webhook HMAC secret). As a consequence, running the plugin standalone in my dev environment is tricky, but just the sort of scenario that Telepresence is designed for.

The following command is all that is needed to perform a whole host of magic:

telepresence \
  --swap-deployment my-plugin-deployment \
  --expose 8888 \
  --mount=/tmp/tp \
  --run ./my-plugin \
    --config-path /tmp/tp/etc/config/config.yaml \
    --hmac-secret-file /tmp/tp/etc/webhook/hmac \
    --github-token-path /tmp/tp/etc/github/oauth

telepresence \

--swap-deployment my-plugin-deployment \

--expose 8888 \

--mount=/tmp/tp \

--run ./my-plugin \

--config-path /tmp/tp/etc/config/config.yaml \

--hmac-secret-file /tmp/tp/etc/webhook/hmac \

--github-token-path /tmp/tp/etc/github/oauth

It locates the my-plugin-deployment deployment already running in the cluster and scales down the number of replicas to zero.
It executes the my-plugin binary locally and creates a replacement deployment in the cluster that routes traffic to the local process on the exposed port.
It finds the volumes defined in the deployment and syncs their contents to /tmp/tp using the mount paths also specified in the deployment.
Although not needed in this scenario, it also sets up the normal Kubernetes environment variables around the process and routes network traffic back to the cluster.

Now, it was convenient in this case that the binary already exposed command line arguments for the configuration files so that I could direct them to the alternative path. Failing that, you could always use Telepresence in its--docker-run mode and then mount the files onto the container at the expected location.

And the issue I was trying to debug? I had used the refresh plugin as my starting point and this comment turned out to be very misleading. The call to configAgent.Start() does actually set the logrus log level based on the prow configuration (to info by default). As a consequence, everything was actually working as it should and my debug statements just weren’t outputting anything!

Posted in Kubernetes, Work | Comments Off on Debugging with Telepresence

Website backup to pCloud

Wednesday, January 30th, 2019

Another SOC website related posting – this time on the subject of backup. The website is backed up by the club’s current hosting provider (Krystal – who, a year in, I can highly recommend) but I was informed that the club had bought a large quantity of cloud storage for the purpose of storing its map archive and, for belt and braces, it made sense to also include backups of the website there.

As it turned out, the cloud storage was courtesy of pCloud who are best described as a Dropbox clone i.e. the expected interaction patterns are via the web UI, mobile, or sync from the desktop app. A quick search turned up rclone which describes itself as “rsync for cloud storage” and, amongst the list of supported backends, includes pCloud.

Install on hosting provider was straightforward. The configuration process is interactive (opening a browser to log in to pCloud) but the docs also cover how to create the configuration on one machine and copy them across to another. A copy is then as simple as:

rclone copy public_html remote:website_archive

1	rclone copy public_html remote:website_archive

I started out looking to use drush arb to create a backup but, as the same hosting is used for a WordPress site, it was easiest in the end just to write a script using tar and mysqldump to create the archive of the file system and database tables. This is then triggered nightly on a cron job. Each backup is around 0.5GB so I wasn’t too concerned about incremental backup and, with 2 TB of storage to play with, it will be a while before the question of cleaning up old backups comes back to haunt me!

Posted in Hosting, Web | Comments Off on Website backup to pCloud

Drupal 8 Migration

Monday, January 28th, 2019

For my sins, I have now been involved in the management of our orienteering club’s current website for over 10 years now. Back then, we wanted to make it as easy as possible for club officials and members to contribute content and, after evaluating WordPress, Joomla! and Drupal, we went with Drupal as our Content Management System. The extensibility of Drupal makes it immensely powerful but, as with many open source projects, the rich ecosystem of contributed modules can be both a blessing and a curse.

Although the details have been long forgotten, I do remember that the move from Drupal 6 to 7 was a painful one and so, despite it being over three years since Drupal 8 was released, I was in no rush to migrate. In the end, it was a security vulnerability in one of the modules that wasn’t going to be addressed in v7 that precipitated the move.

The major changes in core Drupal have seemingly been too much for many module contributors to make the move. An initial assessment wasn’t particularly promising: of fifty-five non-core modules the current site had installed, five were no-longer needed in Drupal 8, six had GA v8 versions and a further fourteen had beta versions available. A migration estimate site put the effort involved at several weeks worth and, in the end, it probably wasn’t far off!

My first task was to slim down the number of modules installed. Many weren’t actively in use any more (e.g. content_access and views_data_export) and others had simple replacements which had easier migration paths (e.g. swapping out timefield for a simple text field). Ironically, the module with the security flaw was one of those that I disabled but, having started down this path, I was determined to complete a migration.

It was then time to start the actual migration. Thankfully the process now involves setting up a parallel site as it would still be weeks before I had anything that was approaching usable. One of the issues was that no private file path was set up during the migration. Another, that the migrated text formats were using a handler that no longer existed. Opening and resaving them fixed that problem. Another of the random error messages required manually modifying the database to remove the upload field from entity.definitions.bundle_field_map in the drup_key_value table (go figure).

The site makes extensive use of custom content types and views which are finally a part of core Drupal. Views are not part of the default migration though, and, in the end, I just recreated them manually. The same was true of all the patterns for pathauto.

At this point, with the styling also re-introduced, the site was ready to go live again but there were still problems waiting to be found. One was that, what used to appear as a date field, now appeared as a datetime field in forms. In the end, I decided to test out the new REST capabilities to export the contents of the field and reimport into a new field with the correct type. The only catch here was that there is no querying capability in the REST API so it was necessary to create a JSON-rendered view that listed the required nodes in order to retrieve their ids so that they could then be processed one-by-one. The rest was just a short bash script using curl and jq.

Hopefully, the migration can now be considered complete. The site now uses relatively few custom modules which is, undoubtedly, a good thing for future stability. If the move to Drupal 9 looks anywhere near as painful though, I now know how to extract the entire site content so maybe it will be time to revisit the CMS landscape. It would hate to think that I’ll still be debugging PHP errors in another ten years time!

Posted in Web | Comments Off on Drupal 8 Migration

David Currie