Snowden on Federation

@snowden at … full video at

There’s a big controversy happening right now – about this election particularly – regarding Facebook. There’s this claim – it really hasn’t been proven and hasn’t really been substantiated, but it’s getting pretty popular, where they say, “Facebook ruined the election because the showed fake news. Now, if that were true and if that were possible and Facebook just did put fake news up and down their pages all day long and we were actually persuaded by that .. I think that’s actually a very sad indictment of our democracy. That our voters could be so easily misled. But, where it true, and there’s some evidence that it may be – this gets into a bigger challenge which is the lack of competition. The fact that there seems to be no alternative to the largest services, because of the ‘first mover advantage’ when you get a Google in place, when you get a Facebook in place, when you get a Twitter in place – they never seem to leave. This brings us to – ‘how do we resolve this?’ – federation is the traditional technical response to the danger of centralization of power and the danger of single points of failure where if one company makes a bad decision or one service provider makes a bad decision – we all suffer for it. Instead, we have what we have what are called ‘federated services’ where instead of one Facebook we have ten-thousand Facebooks all of which are connected together and all of which can impose their own rules. So if one Facebook clone has problems they can start to be filtered, they can be scrutinized a little more carefully, people use that less, it becomes less popular, there is a stigma associated with it. The Silicon Valley desire for massive, world-eating services – this scale that takes over not just all our country, but others, are asking us to accept a status quo in which we set that aside, we set aside that competition in favour of scale. It think we should be particularly cautious about embracing this and taking it as something that should always be the case because when we look at monopolies throughout the past they have grown in a very quiet mode, eventually achieved a platform of prominence, operated reasonably carefully and rationally at that period to maximize their profits, and once they’ve gotten so big that no one can stop them, they get less careful and get more muscular over time and eventually they end up trampling not just their customers but paradigms in ways that I think we need to be very cautious about integrating not just into our networks but into our understanding of what structures are operating within our society that don’t really bother us and that seem normal.


Docker Cloud BYON & Docker Compose


Late last year, Docker snapped up cross-cloud container management service Tutum, but it wasn’t clear how the acquired company’s handiwork would manifest under the Docker brand. Tutum was built from the ground up as a Docker tool. It gives visibility into containers, and enables a team to create, start, terminate or redeploy as needed. It also provides a dashboard view of all of the containers under team management.  Tutum is now Docker Cloud. Docker Cloud is a new service by Docker that implements all features previously offered by Tutum plus integration with Docker Hub Registry.

A group of us in BC are looking for ways we can provide a more sustainable opened tech infrastructure  to BC higher education.  We have begun looking for approaches to shared WordPress hosting.  I have been playing with Stackfiles and Docker Compose for the last few weeks and starting to get a clearer picture of how we might sustainably provide hosting for both dev and production WordPress hosting for BC open education initiatives.

As well as deploying and managing hosts on the supported cloud providers (EC2, Azure, etc), Docker Cloud can use any Linux host as a node to deploy containers to. For this, you install an agent which will allow you to connect the Docker Cloud dashboard to your infrastructure. I went ahead and connected our new EduCloud node to Docker Cloud last week and started experimenting with how services are managed.  Services/sites can be setup directly quickly using the Docker Cloud web interface.  Services/sites are managed via ‘stacks’ which are defined using Docker Compose.  Compose is a tool for defining and running multi-container Docker applications.  This ‘stackfile’ contains the instructions required to pull from required repositories (eg: Docker Hub, Github, etc) and configure your application’s services. Then, using a single command, you can create and start all the services.

Once a stackfile is defined, it can be used to deploy and/or redeploy as many copies of an application as you need.  I found a ‘ready to deploy’ WordPress stackfile at this registry:

image: tutum/wordpress-stackable:latest
– db
– “80:80”
DB_NAME: wordpress
DB_USER: admin
DB_PASS: “**ChangeMe**”
image: tutum/mysql:5.5
MYSQL_PASS: “**ChangeMe**”

To test out Docker Cloud/Compose on EduCloud I decided to reserve the domain, create 2 subdomains, and map a separate WordPress installation to each subdomain.  I made 2 DNS entries and pointed them all to our EduCloud host.

Without going too far down the Docker technical docs in this post, it is important to know that traffic between containers & external networks runs on Ports.  No 2 containers be exposed on the same public port for HTTP traffic (Port 80/443) without a proxy out in front to handle traffic.  To accomplish this I decided to use nginx-proxy, a container running nginx and docker-gen. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped thereby automating all that port mapping between containers and the public IP/Ports.  All that is needed to unsure the reverse proxy works properly is to start your WordPress Docker container passing the VIRTUAL_HOST variable.

That means adding 1 line to my Stackfile cribbed from above and tweaking another:

image: tutum/wordpress-stackable:latest
- db
- "5000:80"
DB_NAME: wordpress
DB_USER: admin
DB_PASS: ----------
image: tutum/mysql:5.5
MYSQL_PASS: -----------

As I will have 2 stacks, I will need 2 internal ports.  For the purposes of this test I am using 5000 and 5001.  All of these map to Port 80/443 facing the web.   nginx-proxy also needs to know what domains to listen for along with their associated internal port so I added the VIRTUAL_HOST variable and indicated the internal port for the test Wordpress container (5000) to ensure sure the incoming request is routed correctly.

I updated the 2 stackfiles and clicked ‘Create & Deploy’.  From start to finish, provisioning these WordPress sites took minutes.


If you geolocate any of these subdomains, you will see that they all indicate they are hosted in Kamloops, BC (when, in fact, they are hosted on EduCloud using clever networking arrangement from TRU-IT folks.)

Docker Cloud could be a dream for multi-tenant WordPress updates/customizations. Simply make an exact copy of an existing WordPress stack, map your new development domain, and deploy your development spaces.  When your development is ready for production, change the VIRTUAL_HOST variable on the container to update your domain. Done.

This is a simple example of a multiple MySQL+Wordpress Docker container stack running on EduCloud. There are hundreds of applications available at the Docker Hub. Looking forward to playing more and learning more with Docker Cloud and Docker Compose this week as well as exploring how Docker Cloud might be used for our inter-institutional devops.










Analytics with Piwik on

Brian brings up a great point here.  Seems a significant number of BC post-secondary websites are fine using Google Analytics despite it being contrary to guidelines and standards for “All provincial ministries and organizations that have a direct reporting structure to a Minister”.

There are a number of good reasons why you may not want to track visitors to your website/service.  If you do plan on tracking visitors to your website, you should carefully consider your reasons, and the impacts:

“The data is interesting.” “The data is valuable.” “The data is actionable.” “The data is monetizable” – bought and sold. So we’re told…

Are these sufficient reasons to track your website visitors?

Interesting to whom? Valuable to whom? Actionable by whom? How? Who’s buying it?

Do you use the data that’s being collected? Or are you just a proxy, collecting and handing it off to others?

 ~ Audrey Watters

If you are going to collect such data, and don’t want it handed off to third-party providers, you have 2 self-hosted options in



I have Piwik up and running on here at  It took me 5 minutes to install, configure, and start collecting some data.

1. Install Piwik at


2. Navigate to the [All Websites] link in the top right-hand corner of your Dashboard.  Select [Add a New Website] as pictured below.

3. You will be directed to the [Settings] page.  Select [Add a new website] and fill out some basic information about your site, including the domain name for you site.

Once you have filled things out, click [View Tracking Code].



4. On this page, you will be offered some Javascript.  Copy it.

5. If you are a WordPress user, install the Tracking Code plugin.  There are other plugins that also do the same thing.

6. Take the Javascript you copied from Piwik and paste it in your WordPress plugin settings.


7. Visit your site a few times and check your Piwik grain at



What are the advantages of using open source software like Piwki for your site analytics needs?



Hummingbird is also available at and lets you see how visitors are interacting with your website in real time.  A very different app from Piwik as it only provides a real-time view, but potentially useful for conferences, events, displays, & other such special use cases.

Setup is very easy:

  1. Fire up a Hummingbird grain
  2. Copy the [Tracker] code.  Paste it in the footer of your website or your Wordpress footer plugin.
  3. Watch your live visitor traffic.hummingbird-gif