Gentoo Logo
Gentoo Logo Side
Gentoo Spaceship

Contributors:
. Aaron W. Swenson
. Agostino Sarubbo
. Alec Warner
. Alex Alexander
. Alex Legler
. Alexey Shvetsov
. Alexis Ballier
. Alistair Bush
. Amadeusz Żołnowski
. Andreas K. Hüttel
. Andreas Proschofsky
. Andrew Gaffney
. Anthony Basile
. Arun Raghavan
. Bernard Cafarelli
. Bjarke Istrup Pedersen
. Brent Baude
. Brian Harring
. Christian Ruppert
. Chí-Thanh Christopher Nguyễn
. Dane Smith
. Daniel Gryniewicz
. David Abbott
. Denis Dupeyron
. Detlev Casanova
. Diego E. Pettenò
. Domen Kožar
. Donnie Berkholz
. Doug Goldstein
. Eray Aslan
. Fabio Erculiani
. Gentoo Haskell Herd
. Gentoo News
. Gilles Dartiguelongue
. Greg KH
. Hanno Böck
. Hans de Graaff
. Ian Whyman
. Ioannis Aslanidis
. Jan Kundrát
. Jeffrey Gardner
. Jeremy Olexa
. Joachim Bartosik
. Joe Peterson
. Johannes Huber
. Jonathan Callen
. Jorge Manuel B. S. Vicetto
. Joseph Jezak
. Josh Saddler
. José Alberto Suárez López
. Kenneth Prugh
. Krzysiek Pawlik
. Lance Albertson
. Liam McLoughlin
. LinuxCrazy Podcasts
. Luca Barbato
. Luis Francisco Araujo
. Marcus Hanwell
. Mark Kowarsky
. Mark Loeser
. Markos Chandras
. Markus Ullmann
. Mart Raudsepp
. Matt Turner
. Matthew Marlowe
. Matthew Thode
. Matthias Geerdsen
. Matti Bickel
. Michal Hrusecky
. Michal Januszewski
. Michał Górny
. Mike Doty
. Mike Gilbert
. Mike Pagano
. Mounir Lamouri
. Mu Qiao
. Nathan Zachary
. Ned Ludd
. Nirbheek Chauhan
. Ole Markus With
. Olivier Crête
. Pacho Ramos
. Patrick Kursawe
. Patrick Lauer
. Patrick McLean
. Paul de Vrieze
. Paweł Hajdan, Jr.
. Petteri Räty
. Piotr Jaroszyński
. Rafael Goncalves Martins
. Raúl Porcel
. Remi Cardona
. Richard Freeman
. Robert Buchholz
. Robin Johnson
. Romain Perier
. Ryan Hill
. Sean Amoss
. Sebastian Pipping
. Serkan Kaba
. Steev Klimaszewski
. Steve Dibb
. Stratos Psomadakis
. Stuart Longland
. Sune Kloppenborg Jeppesen
. Sven Vermeulen
. Sven Wegener
. Theo Chatzimichos
. Thilo Bangert
. Thomas Anderson
. Tim Sammut
. Tiziano Müller
. Tobias Heinlein
. Tobias Klausmann
. Tobias Scherbaum
. Tomáš Chvátal
. Torsten Veller
. Vikraman Choudhury
. Zack Medico
. Zhang Le

Last updated:
October 18, 2012, 23:07 UTC

Disclaimer:
Views expressed in the content published here do not necessarily represent the views of Gentoo Linux or the Gentoo Foundation.


Bugs? Comments? Suggestions? Contact us!

Powered by:
Planet Venus

Welcome to Gentoo Universe, an aggregation of weblog articles on all topics written by Gentoo developers. For a more refined aggregation of Gentoo-related topics only, you might be interested in Planet Gentoo.

October 18, 2012
Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Yo-N-Go frozen yoghurt – Saint Louis, MO (October 18, 2012, 17:52 UTC)

Back in early August, there was a Groupon for a new frozen yoghurt place called Yo-N-Go in Saint Louis, MO. Located in the “downtown” area near Laclede’s Landing, the location can be somewhat difficult in terms of parking. However, just a couple blocks to the north, there is plenty of free street parking available.

The establishment looks very similar inside to many of the other premium frozen yoghurt places in the area (and elsewhere, for that matter). One thing that caught my eye, though, is that the flavours are displayed on the machines via a digital screen instead of just a sign above them. Not that the display impacts the quality of the yoghurt, but I just thought that it was neat. Now, interestingly, the only legitimate review on Yelp (I say “legitimate” as the other review was a customer who was angry that her attempt to abuse the Groupon policy had failed, and she decided to lash out at the owner) indicates that the yoghurt was lacking flavour. I would have to strongly disagree. I had a combination of red velvet cake and carrot cake, both of which were very tasty! Deb had the sugar-free chocolate which was surprisingly not gritty (many of the sugar-free flavours tend to have a less-than-pleasing texture). That being said, there were not as many topping offerings as I would have liked. Some of my favourites (like graham cracker crumbs, and a wide assortment of fresh fruits) were not available.

Also, unlike the upset reviewer on Yelp, I found the owner (Matt) to be quite helpful and friendly. We used our Groupon according to the terms and conditions, and didn’t have any problem doing so.

In any case, though, I think that Yo-N-Go is a good addition to the host of premium frozen yoghurt venues in the Saint Louis area, and it is good to see one that isn’t in the county. I wouldn’t say that it is the absolute best frozen yoghurt that I’ve ever had, but it ranks significantly higher than many of the others around town.

Cheers,
Zach

October 17, 2012
2012 Gentoo Screenshot Contest Results (October 17, 2012, 21:03 UTC)

Gentoo - Still alive and kicking ...

As the quantity and quality of this year's entries will attest, Gentoo is alive, well, and taking no prisoners!

We had 70 entries for the 2012 Gentoo screenshot contest, representing 11 different window managers / desktop environments. Thanks to all that participated, the judges and likewhoa for the screenshot site.

The Winners!

New subproject: kde-stable (October 17, 2012, 18:53 UTC)

If you are a kde user, you may be interested to this new subproject:
http://www.gentoo.org/proj/en/desktop/kde/kde-stable/

Feel free to ask any doubt.

Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Prepac Quad media rack – BMA-1520 review (October 17, 2012, 16:41 UTC)

As a huge film and music buff, I was starting to have trouble finding space for my CDs, DVDs, and Blu-Rays. I had small or medium-sized media racks scattered throughout my house, but that wasn’t really working all that well for me. I had considered having a woodworker craft a custom cabinet for me, but that proved to be a long-term goal given the exorbitant price associated with having anything custom-made (especially fine wooden furniture). In the interim, I found a large rack that seemed to fit my needs made by a Canadian company called Prepac. They specialise in furniture and media cabinets that are sturdy, but don’t cost a small fortune.

In particular, I thought that the BMA-1520–more commonly referred to as the “Quad,” since it is a quad-width rack–looked promising. The Quad holds an impressive 1520 CDs (where it gets the “1520″ portion of the model number), 700+ DVDs, 1200 Blu-Rays, or any combination thereof. It comes in oak or black, and I decided to go with the black finish as it would match the other items in my living room:

Prepac BMA-1520 quad width media rack

In terms of build quality, I’m pretty impressed with the Prepac Quad. Even though it is constructed from laminated composite woods, it is substantial. Also, it is weighted really well so that it doesn’t feel like it is going to tip over. The rack comes with zip ties and hooks in order to secure it to the wall, but I didn’t find them necessary on the carpeted flooring in my family room.

I also found assembling the unit to be fairly straightforward. The steps were clearly outlined and illustrated. However, the only part that I found a bit unnerving was the backing of the rack. It is nothing more than cardboard, but that’s not my main concern. The primary issue is that the pieces of cardboard fit precisely against the dividers, and they are attached using small nails. This normally wouldn’t be a big deal, but the first part that I attached was slightly shifted toward the other side of the unit. That meant that every subsequent piece of backing was shifted as well. Considering the divider beams are quite narrow in the first place, attaching the other backing pieces proved to be very difficult, and required some overlapping. After splitting a couple of the dividers ever-so-slightly, I finally did get the backing completely attached. Granted, my assembly qualm may be my own fault since I was trying to do it without having someone else there to assist (by holding the backing in place, et cetera).

Overall, the unit is sturdy, holds a huge amount of media, has virtually no wasted space, and fits nicely in the space that I had for it. I’m very pleased with the media rack given its price.

Cheers,
Zach

Theo Chatzimichos a.k.a. tampakrap (homepage, stats, bugs)
Bootstrapping Awesome: The latest news (October 17, 2012, 10:27 UTC)

Overview of What Happened

In the last few weeks, the conference team has worked hard to prepare the conference. The main news items you should be awere of are the FAQ which has been published, the party locations and times, the call to organize BoF sessions and of course the sponsors who help make the event possible. And we’re happy to tell you that we will provide live video streams from the main rooms during the event (!!!) and we announced the Round Table sessions during the Future Media track. Last but not least, there have been some interviews with intresting speakers in the schedule!

Sneak Peek of the Conference Schedule

Let’s start with the interviews. During the last weeks, a number of interesting speakers has been interviewed, both by text and over video chat. You can find the interviews in our first sneak peek article and more in this extensive follow-up article about the Future Media track. You can find the video interviews also in our youtube channel and on our blip.tv channel.

Video!

Talking about video interviews, there will be more videos in those channels: the openSUSE Video team is gearing up to tape the talks at the event. They will even provide a live stream of the event, which you can watch via flash and on a smartphone at bambuser and via these three links via ogv feeds: Room Kirk Room McCoy and Room Scotty. Keep an eye on the wiki page as the team will add feeds to more rooms if we can get some more volunteers to help us out.

Round Table Sessions!

We’ve mentioned the special feature track ‘Future Media’ already and we’ve got an extra bite for you all: the track will feature two round table discussions, one about the value of Free and Open for our Society and one about the practicalities of doing ‘open’ projects. Find more in the schedule: Why open matters and How do you DO open?.

We need YOU!

Despite all our work, this event would be nothing without YOUR help. We’re still looking for volunteers to sign up but there’s another thing we need you for: be pro-active and get the most out of this event! That means not only sitting in the talks but also stepping up and participating in the BoF Sessions. And organize a BoF if you think there’s something to discuss!

Party time!

Of course, we’re also thinking about the social side of the event. Yes, there will surely be an extensive “hallway track” as we feature a nice area with booths and the university has lots of hallways… But sometimes it’s just nice to sit down with someone over a good beer, and this is where our parties come in. As this article explains, there will be two parties: one on Friday, as warming-up (and pre-registration) and one on Saturday, rockin’ in the city center of Prague. Note that you will need your badge to enter this party, which means you have to be registered!

Sponsors

As we wrote a few days ago, all this would not be possible without our sponsors, and we’d like to thank them A LOT for their support!

Big hugs to Platinum Sponsor SUSE, Gold Sponsor Aeroaccess, Silver Sponsor Google, Bronze Sponsor B1Systems, supporters ownCloud and Univention and of course our media partners LinuxMagazine and Root.cz. Last but not least, a big shout-out to the university which is providing this location to us!

FaQ

On a practical level, we also published our Conference FAQ answering a bunch of questions you might have about the event. If you weren’t sure about someting, check it out!

More

There will be more news in the coming days, be sure to keep an eye on news.opensuse.org for articles leading up and of course during the event. As one teaser, we’ve got the Speedy Geeko and Lightning talks schedule coming soon!

Be there!

Gentoo Miniconf, oSC12 and LinuxDays will take place at the Czech Technical University in Prague. The campus is located in the Dejvice district and is next to an underground station that gets you directly to the historic city center – an opportunity you can’t miss!

We expect to welcome about 700 Open Source developers, testers, usability experts, artists and professional attendees to the co-hosted conferences! We work together making one big, smashing event! Admission to the conference is completely free. However for oSC a professional attendee ticket is available that offers some additional benefits.

All the co-hosted conferences will start on October 20th. Gentoo Miniconf and Linuxdays end on October 21st, while the openSUSE Conference ends on October 23rd. See you there!

Dane Smith a.k.a. c1pher (homepage, stats, bugs)
New Tricks, Goals, and Ideas (October 17, 2012, 01:06 UTC)

It’s been a while since I’ve done anything visible to anyone but myself. So, what the heck have I been doing?

Well, for starts, in the past year I’ve done a serious amount of work in Python. This work was one of the reasons for my lack of motivation for Gentoo. I went from doing little programming / maintenance at work to doing it 40+ hours a week. It meant I didn’t really feel up to doing more of it in my limited spare time. So I took up a few new hobbies. I got into Photography (feel free to look under links for the photo website). I feel weird with the self promotion for that type of thing, but, c’est la vie.

As the programming at work died down some, I started to find odd projects. I spent some serious time learning Go [1] and did a few small projects of my own in that. One of those projects will be open sourced soon. I know a fair few different languages, and I know C, Python, and Java pretty decently. While I like all of the ones on that list, I can’t say that I truly buy into the philosophies. Python is great. It’s simple, it’s clean, and it “just works.” However, I find that like OpenSSL, it gives you enough room to hang yourself and everyone else in the room. The lack of strict typing coupled with the fact that it’s a scripting language are downsides (in my eyes). C, for all that it is awesome at low level work, requires so much verbosity to accomplish the simplest tasks that I tend to shy away from it for anything other than what must be done at that level. Java… is well Java. It’s a decent enough language I suppose, but being run in a VM is silly in my eyes. It, like C, suffers from being too verbose as well (again, merely my humble opinion).

Enter Go. Go has duck typed interfaces, unlike Java’s explicit ones. It’s compiled and strictly typed. It has other modern niceties (like proper strings), along with a strong tie to web development (another area C struggles with). It has numerous interesting concepts (check out defer), along with what I find to be a MUCH better approach to error handling than what exists in any of C, Java, or Python. Add in that it is concurrent by design and you have one serious language. I must say that I am thoroughly impressed. Serious Kudos to those Google guys for one awesome language.

I also picked up a Nexus 7 and started looking into how Android is built and works. I got my own custom ROM and Kernel working along with a nice Gentoo image on the SD Card. Can anyone say “Go compiler on my Nexus 7?” This work also led me to do some work as far as getting Gentoo booting on Amazon’s Elastic Compute Cloud. Building Android takes for-freaking-ever, so I figured.. why not do it in the cloud!? It works splendidly, and it is fast.

So that covers new tricks. You mentioned goals and ideas?!

First, time to get myself off the slacker wagon and back to doing something useful. I no longer repulse at the idea of developing when I get home. That helps =p. One of the first things I want to spend some time addressing is disk encryption in Gentoo. I wrote here pertaining to the state of loop-aes. Both Loop-AES and Truecrypt need to spend a little time under the microscope as to how they should be handled within Gentoo. I’ll write more on his later when I have all my ducks in a row. I have no doubt that this will be a fun topic.

I also want to look into how a language like Go fits into Gentoo. Go has it’s own build system (no Makefiles, configure scripts, or anything else) that DOES have a notion of things like CFLAGS. It also has the ability to “go get” a package and install it. To those curious check out their website. All of these lead to interesting questions from a package management point of view. I am inclined to think that Go is around to stay. I hope it is. So we may as well start looking into this now rather than later. As my father used to tell me all the time, “Proper Prior Planning Prevents Piss Poor Performance.” Time to plan =).

That is, right after I sort out the fiasco that is my bug queue. *facepalm*

[1] http://golang.com

October 16, 2012
Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)

For the past few years, I’ve been using the 100% Whey Gold Standard protein powder from Optimum Nutrition. I find that it is a great supplement, especially after a workout. It really helps my muscles feel better after long runs, or some strength training. Granted I’m not anywhere near a bodybuilder or even in the weight-lifter category, but for me, it works very well.

I started using ON 100% Whey Gold Standard because it offers a good amount of protein (24g per serving) without a huge amount of fat along with it (only 1g, 0.5 of which saturates). I had found that many of the protein bars and such were high in protein, but also very high in saturated fat and calories. This powder only has 120 calories per serving, and even when mixing it with skim milk, that’s only about 200 calories.

Ever since I started using this brand, I’ve always purchased the double rich chocolate flavour. Though I really like it, and it essentially just tastes like a big glass of chocolate milk, I was getting really tired of it. Last week, when I needed to buy another container of it, I went with a new flavour–French vanilla crème.

Optimum Nutrition - 100% Whey Gold Standard - French Vanilla Creme

This flavour is a great alternative to the standard chocolate, but yet it is generic enough that mixing other things (like fruits) with the shake would still work nicely. I found that with the same serving size, though, it makes for a substantially thicker shake than did the double rich chocolate flavour. It also tends to foam a bit more than the chocolate. Some people have found that there is a slight bitterness to this flavour (as well as the cookies and cream), but I haven’t experienced it. I would guess that the problem would be from not mixing the powder well enough. However, bitterness caused by lack of mixing could plague any flavour. All-and-all, this is a great deviation from the norm, and I am looking forward to trying some other flavours down the road as well.

Cheers,
Zach

Steve Dibb a.k.a. beandog (homepage, stats, bugs)
bully (October 16, 2012, 06:34 UTC)

So, I went and watched the movie “Bully” tonight.  It was good.  I’ve got kind of mixed feelings about it, probably because of the many ways I look at the stories.  Part of me was interested to see what students are going through.  Part of me was thinking about what social settings had to exist for a setting like that to exist.  And then I was thinking about how school administration seemed like politics a little bit, and I wondered if teachers had any idea that they’d be called upon learning how to do mediation when they were getting their degrees.

The story about the teenagers who committed suicide is really sad.  I’m really glad that the film didn’t focus just on that angle, though.  They followed a couple of students specifically, and then had footage of bullying in general, and students just dealing with it in a general sense.  It was tough to watch, and made me feel bad for the guys.  It also renewed the feeling that I really wanna do something about it.  During the film I pulled out my phone for a second to check the time, and seeing the background on my cell phone — a picture of me and my little brother, Steven — really hit me, and made me realize that I *am* doing something.  That was kinda cool. :)

I don’t know much about bullying to have an opinion.  I can’t really draw on my own experiences, since I was never bullied, and I don’t remember anyone around me getting bullied.  Either I wasn’t really observant, or it wasn’t going on much.  I dunno.  All through school I kind of just stayed in the background.  Nobody bothered me and I didn’t bother anyone.  Some of the scenes were about the students riding on the school bus, and I actually thought it was weird to have so many people on there.  I remember that the bus was hardly ever half full, and having two people in one seat was rare.  So, a lot of it, I couldn’t really relate.  I was just kind of watching it.

The thing that made me sad (more than the bullying, actually, go figure) was how the adults in the lives of the kids tried to help them out.  The kids were pretty much getting the message of “well, you should do something about it,” and “it’s not really that bad, kids do that.”  A big part of that reason was that the kids getting bullied wouldn’t tell their parents how bad it was.  And in the cases where they did and the school administration would address it, the kids and parents would call them out on it and say how nothing was really changing.  It brings up a lot of questions regarding maintaining order in schools, providing the students somewhere they can feel safe, and whose job it really is to be an influence on the bullies.

The stories about the suicides were sad, but for me it didn’t really dig into me as hard as the other stuff.  I have kind of a different perspective on suicide, in the sense of that I can *understand* why they would see it as an out.  I dunno if that’s common, or if you have to be really interested in counseling to know how that works.  The thing that is really crazy in my mind though is that these guys are committing suicide at such a young age, and that others usually don’t have any clue that they’re pushing their peers so far off the cliff until it’s too late.

The part that was really hard for me was seeing the kids themselves being bullied as they were in the middle of things — they were suffering all these things, they were trying to make sense of this — “why would they do this?” “can we just be friends?” “why isn’t anyone at school doing anything?” — and then getting mixed messages from their parents as well.  In every case, the parents had no idea how bad things were until either the kid snapped (one took a gun on a bus), they were completely ignored and isolated by the community after coming out (a lesbian), or they saw the actual footage of the film.

I’d recommend seeing the film.  It was really good, and put together well.  I was hesitant to go see it, since I knew this is an emotional issue, and I thought it’d be easy to draw on that emotion and make a movie that was just sensationalizing it a little bit.  It wasn’t that way at all, though.  It came across to me as a sincere documentary that looked at the problem, explored it very well, and showed the stories of how they *really* are.  I love movies that are raw in that sense, where they are just about *life*.  In that vein, I’d recommend seeing “Boy Interrupted” as well.  That movie is also really gritty (and about suicide).

As strange as it may seem, I love movies like this where they display actual raw emotion, what the people are going through.  I prefer things like this not to be watered down or come with an obvious agenda.  Just exposing human life for what it’s like is good enough (and sad enough, in some cases).  I wish there were more films like this (and if you know of any, let me know).

Out of the entire film, one scene stood out to me the most.  It was in the assistant principal’s office (who, she was only in the film for maybe five minutes herself) who called in a student to talk to about bullying.  The kid came in looking just like any other kid, not sure what was going on, but that was about it.  She (the principal) pointed down to her desk, a picture, I’m imagining, of a student that was being bullied, and asked what his relationship was to him.  The poor kid just instantly lost the color to his face, and noticeably tensed up as he realized he was in trouble.  That made me feel really bad, that getting a shock like that, that you’re doing something wrong is suddenly and abruptly brought to your attention.  He genuinely had a look of “wow, I didn’t know that was wrong,” partly because he looked like a really innocent kid in addition to how daunted he was by being accused of bullying.  I kind of read into it that he was going along with things, but didn’t really realize the effect he was having.  In contrast, there was another kid who was also called into her office to talk about it, and he had an attitude of denial and how it wasn’t happening, and it wasn’t a big deal.  For the first kid, I thought to myself, there’s got to be a better way to bring this to his attention and correct it.  I feel really bad for anyone who gets the banhammer dropped on them unexpectedly.  That’s something I work really hard not to do with people, so it makes me sad when I see it happen to someone else.

I felt really bad for all the kids — the bullies and the ones being bullied.  I wish there was some easy answers, but I think there are two things that would help — learning how to communicate better with students, and having everyone learn to be kind.  There were a lot of times when bullies were being punks, and the other kids just kind of rolled with it.  That’s a social phenomenon in itself, which is pretty normal … people don’t typically step in when something unfair is going down, and in a lot of cases, will just pile on the aggression, because it seems to make the most sense.  I dunno, there’s a lot of variables in it that make it a difficult challenge, but I still think there’s some simple concepts that would help (communication, kindness, courage).

I dunno how I would handle it if someone came to me and told me they were getting bullied.  I’d honestly never really thought about it before, again, mostly because it’s something I didn’t really ever know much about it.

There’s a lot of great videos on youtube about bullying.  I’ll end on a positive one. :)


October 15, 2012
Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Radar trap ahead (October 15, 2012, 15:40 UTC)

A friend of mine sent me an email recently, and the story that went along with it was really funny.

Radar trap ahead - tips accepted - boy entrepreneur

Now THAT is a fantastic idea, not only for the boys who are getting some good, quick cash, but also for the folks that avoided the speed trap. :)

Cheers,
Zach

Josh Saddler a.k.a. nightmorph (homepage, stats, bugs)
box down (October 15, 2012, 07:08 UTC)

my main gentoo workstation is down. no more documentation updates from me for awhile.

it seems the desktop computer’s video card has finally bitten the dust. the monitor comes up as “no input detected” despite repeated reboots. so now i’m faced with a decision: throw in a cheap, low-end GFX card as a stopgap measure, or wash my hands of 3 to 6 years of progressive hardware failure, and do a complete rebuild. last time i put anything new in the box was probably back in 2009…said (dead) GFX card, and a side/downgraded AMD CPU. might be worth building an entirely new machine from scratch at this point.

i haven’t bothered to pay attention to the AMD-vs-Intel race for the last few years, so i’m a bit at a loss. i’ll check TechReport, SPCR, NewEgg, and all those sites, but…not being at all caught up on the bang-for-buck parts…is a bit disconcerting. i used to follow the latest trends and reviews like a true technoweenie.

and now, of course, i’m thinking in terms of what hardware lends itself to music production — USB/Firewire ports, bus latency, linux driver status for crucial bits; things like that. all very challenging to juggle after being out of it for so long.

so, who’s built their own PC lately? what’d ya use?

October 14, 2012
Sven Vermeulen a.k.a. swift (homepage, stats, bugs)
Gentoo Hardened progress meeting (October 14, 2012, 13:00 UTC)

Not that long ago we had our monthly Gentoo Hardened project meeting (on October 3rd to be exact). On these meetings, we discuss the progress of the project since the last meeting.

For our toolchain domain, Zorry reported that the PIE patchset is updated for GCC, fixing bug #436924. Blueness also mentioned that he will most likely create a separate subproject for the alternative hardened systems (such as mips and arm). This is mostly for management reasons (as the information is currently scattered throughout the Gentoo project at large).

For the kernel domain, since version 3.5.4-r2 (and higher), the kernexec and uderef settings (for grSecurity) should no longer impact performance on virtualized platforms (when hardware acceleration is used of course), something that has been bothering Intel-based systems for quite some time already. Also, the problem with guest systems immediately reserving (committing) all memory on the host should be fixed with recent kernels as well. Of course, this is only true as long as you don’t sanitize your memory, otherwise all memory gets allocated regardless.

In the SELinux subproject, we now have live ebuilds allowing users to pull in the latest policy changes directly from the git repository where we keep our policy at. Also, we will see a high commit frequency in the next few weeks (or perhaps even months) as Fedora’s changes are being merged with upstream. Another change is that our patchbundles no longer contain all individual patches, but a merged patch. This increases the deployment time of a SELinux policy package considerably (up to 30% faster since patching is now only a second or less). And finally, the latest userspace utilities are in the hardened-dev overlay ready for broader testing.

grSecurity is still focusing on the XATTR-based PaX flags. The eclass (pax-utils) has been updated, and we will now be looking at supporting the PaX extended attributes for file systems such as tmpfs.

For profiles, people will notice that in the next few weeks, we will be dropping the (extremely) old SELinux profiles as the current ones have been marked stable long time ago.

In the system integrity domain, IMA is being worked on (packages and documentation) after which we’ll move to the EVM support to protect extended attributes.

And finally, klondike held a good talk about Gentoo Hardened at the Flossk conference in Kosovo.

All in all a good month of work, again with many thanks to the volunteers that are keeping Gentoo Hardened alive and kicking!

Andreas K. Hüttel a.k.a. dilfridge (homepage, stats, bugs)
Lecture announcement: Low Temperature Physics (October 14, 2012, 12:22 UTC)

It's a real pleasure to do the Low Temperature Physics lecture again this winter term. This is a so-called "Modulvorlesung" and "Wahlpflichtfach" (compulsory optional subject?), meaning you'll be able to pick it as examination subject for the MSc physics (possibly also for other courses as e.g. chemistry). Slides are in English, the lecture itself will be in German unless the audience requests otherwise.  In short, we'll be covering the following topics: 
  • properties of cold gases and liquids
  • cryotechnology
  • properties of cold solids (all except superconductivity)
  • superconductivity
  • low-temperature nanophysics
A lot more information can be found on the homepage of the lecture itself. For legal reasons, the slides are only available to participants; I'll tell you the password during the first lecture. So, see you on tuesday morning 8:00ct, PHY 5.0.21!

Matthew Thode a.k.a. prometheanfire (homepage, stats, bugs)
VLAN trunking to KVM VMs (October 14, 2012, 05:00 UTC)

Why this is needed

In testing linux bridging I noticed a problem that took me much longer then I feel comfortable admitting. You cannot break out the VLANs to from a physical device and also use that physical device (attached to a bridge) to forward forward the entire trunk to a set of VMs. The reason this occurs is that once linux starts inspecting for vlans on an interface to split them out it discards all those you do not have defined, so you have to trick it.

Setup

I had my Trunk on eth1. What you need to do is directly attach eth1 to a bridge (vmbr1). This bridge now has the entire trunk associated with it. Here's the fun part, you can break out vlans on the bridge, so you would have an interface for vlan 13 named vmbr1.13 and then attach that to a brige, allowing you to have a group of machines only exposed to vlan 13.

The networking goes like this.

               /-> vmbr1.13 -> vmbr13 -> VM2
eth1 -> vmbr1 ---> VM1
               \-> vmbr1.42 -> vmbr42 -> VM3

Example

Here is the script I used with proxmox (you can set up the bridge in proxmox, but not the source for the bridges data (the 'input'). This is for VLANs 1-13 and assumes you have vyatta set up the target bridges. I had this start at boot (via rc.local).

vconfig add vmbr1 2
vconfig add vmbr1 3
vconfig add vmbr1 4
vconfig add vmbr1 5
vconfig add vmbr1 6
vconfig add vmbr1 7
vconfig add vmbr1 9
vconfig add vmbr1 10
vconfig add vmbr1 11
vconfig add vmbr1 12
vconfig add vmbr1 13
ifconfig eth1 up
ifconfig vmbr1 up
ifconfig vmbr1.2 up
ifconfig vmbr1.3 up
ifconfig vmbr1.4 up
ifconfig vmbr1.5 up
ifconfig vmbr1.6 up
ifconfig vmbr1.7 up
ifconfig vmbr1.8 up
ifconfig vmbr1.9 up
ifconfig vmbr1.10 up
ifconfig vmbr1.11 up
ifconfig vmbr1.12 up
ifconfig vmbr1.13 up
brctl addif vmbr1 eth1
brctl addif vmbr2 vmbr1.2
brctl addif vmbr3 vmbr1.3
brctl addif vmbr4 vmbr1.4
brctl addif vmbr5 vmbr1.5
brctl addif vmbr6 vmbr1.6
brctl addif vmbr7 vmbr1.7
brctl addif vmbr8 vmbr1.8
brctl addif vmbr9 vmbr1.9
brctl addif vmbr10 vmbr1.10
brctl addif vmbr11 vmbr1.11
brctl addif vmbr12 vmbr1.12
brctl addif vmbr13 vmbr1.13

October 13, 2012
Patrick Lauer a.k.a. bonsaikitten (homepage, stats, bugs)
Reanimating #gentoo-commits (October 13, 2012, 13:58 UTC)

Today I got annoyed with the silence in #gentoo-commits and spent a few hours fixing that. We have a bot reporting ... well, I hope all commits, but I haven't tested it enough.

So let me explain how it works so you can be very amused ...

First stage: Get notifications
Difficulty: I can't install postcommit hooks on cvs.gentoo.org
Workaround: gentoo-commits@lists.gentoo.org emails
Code (procmailrc):

:0:
* ^TO_gentoo-commits@lists.gentoo.org
{
  :0 c
  .maildir/.INBOX.gentoo-commits/

  :0
  | bash ~/irker-wrapper.sh
}
So this runs all mails that come from the ML through a script, and puts a copy into a subfolder.

Second stage: Extracting the data
Difficulty: Email is not a structured format
Workaround: bashing things with bash until happy
Code (irker-wrapper.sh):
#!/bin/bash
# irker wrapper helper thingy

while read line; do
        # echo $line # debug
        echo $line | grep -q "X-VCS-Repository:" && REPO=${line/X-VCS-Repository: /}
        echo $line | grep -q "X-VCS-Committer:"  && AUTHOR=${line/X-VCS-Committer:/}
        echo $line | grep -q "X-VCS-Directories:"  &&  DIRECTORIES=${line/X-VCS-Directories:/}
        echo $line | grep -q "Subject:"  && SUBJECT=${line/Subject:/}
        EVERYTHING+=$line
        EVERYTHING+="\n"
done

COMMIT_MSG=`echo -e $EVERYTHING | grep "Log:" -A1 | grep -v "Log:"`

ssh commitbot@lolcode.gentooexperimental.org "{\"to\": [\"irc://chat.freenode.net/#gentoo-commits\"], \"privmsg\": \"$REPO: ${AUTHOR} ${DIRECTORIES}: $COMMIT_MSG \"}"
Why the ssh stuff? Well, the server where the mails arrive is a bit restricted, hard to run a daemon there 'n stuff, so let's just pipe it somewhere more liberal

Third stage: Sending the notifications
Difficulty: How to communicate with irkerd?
Workaround: nc, a hammer, a few thumbs
Code:
#!/bin/bash

echo $@ | nc --send-only  127.0.0.1 6659
And that's how the magic works.

Bonus trick: using command="" in ~/.ssh/authorized_keys

... and now I really need a beer :)

October 12, 2012
Raúl Porcel a.k.a. armin76 (homepage, stats, bugs)
Beaglebone documentation updated (October 12, 2012, 17:06 UTC)

Hi all,

I’ve got some reports that my Beaglebone guide is outdated and giving some troubles regarding the bootloader and kernel.

While as of vanilla kernel 3.6.1 doesn’t support the beaglebone, U-Boot 2012.10-rc3 does support it, so i’ve tested all thechanges and updated the guide accordingly.

You can find it in http://dev.gentoo.org/~armin76/arm/beaglebone/install.xml
Some changes i’ve noticed in almost a year since i did the documentation:

  • The bug (by design the said) which made the USB port stop working after unplugging a device (check my post about the Beaglebone) is now fixed
  • CPU scaling is working, although the default governor is ‘userspace’. The default speed with this governor is:

a) 600MHz if powering it using a PSU through the 5V power connector, remember that the maximum speed of the  Beaglebone is 720MHz

b) 500MHz if powering it using the mini-USB port

Have fun


October 10, 2012
Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Kinky liqueur review (October 10, 2012, 23:09 UTC)

A couple weekends ago, I was at Sam’s Club getting some of my usual grocery items, and I saw this ridiculously bright, hot pink endcap in the beer, wine, and liquor section. It was advertising a type of flavoured vodka called Kinky, produced by Crosby Lake Spirit Company. The vibrant pink colour is definitely attention-getting, and at the price for which it was on sale, I decided it was worth a try.

Kinky liqueur bottle 750ml

As a cordial, I thought that it was interesting that they recommended drinking it chilled and straight. It is essentially a vodka drink (that they claim is “super premium” vodka, but I don’t believe that at all) with infusions of mango, blood orange, and passion fruit. Sounded a bit fruity for my liking, and it turned out that it was. It was very sweet, and the taste of the blood orange overpowered the other flavours of the drink. However, I only tried a small bit of it, and tried it straight. It may prove to be better mixed with other liquors, or as a splash in a creative martini. Overall, though, I can’t say that I was very impressed with the cocktail, but if you like fruitier drinks, you may like it. Always worth a shot (pun intended).

Cheers,
Zach

Andreas K. Hüttel a.k.a. dilfridge (homepage, stats, bugs)
Kudos to Lenovo / IBM service (October 10, 2012, 20:53 UTC)

Since over a year I'm the happy owner of a Lenovo Thinkpad T520, and on the whole I can only recommend it as a power-user Linux machine. Excellent for day-to-day work as well as measurement data processing, Gentoo runs on it nicely, and with a Core i5 and 8G RAM even app-office/libreoffice has lost its horrors. Since I'm travelling often and also tend to working on the weekend in one of these beautiful cafes in the historic city centre of Regensburg, I'm relying on it a lot. So when I bought it, I added a ThinkPlus warranty upgrade to the basket, according to the paperwork 3 years next-workday on-site service for 87€.
The surprise of last friday evening was the laptop's complete refusal to boot. Just some blinking of the power indicator, nothing else. No idea what caused it... Anyway. I started worrying, even took out the harddrive and replaced it with a blank one I had lying around, and prepared myself for being laptop-less for a while.
Called service tuesday morning. A technician called me back wednesday morning, and came along wednesday afternoon. After about 90min, the laptop was completely disassembled, reassembled with a new mainboard and the original hard drive, and worked flawlessly. Yay! One happy customer.

Tomáš Chvátal a.k.a. scarabeus (homepage, stats, bugs)
Why I don’t like Android so much (October 10, 2012, 10:47 UTC)

Or better why I don’t like basically all phone/tablet OSes. But as I am having most stuff on droid I have most issues with it.

So lets take look why I don’t like the thing and what annoys me a lot.

Vendor support

Nowadays when you buy your computer or anything else it gets more often morally old rather than out of scope. This means your HW is capable of doing all taks you would expect from it, but you are upgrading anyway for some small advantage (usually less watt consumption and so on). If you would decide to keep your old hardware and not to upgrade you should be pretty fine with getting all the fancy and shiny updates both for features and security fixes.

Just for simple test you can grab some old P4 1GHz cpu and give it latest Windows and it will install and boot (and probably behave way better than the Windows ME you bought with it in first place :D) the same applies here with running latest linux distros. So what am I proving here is that when you take computer hw from year 2000 you still get it running with most of the stuff secured and supported if you want to.

With the Android the situation is completely different. Each vendor (HTC, Samsung, Motorola) has its own branded version of Android where they are providing their updates only. By providing I mean you get lucky if you get one year of some semi-updates and maybe even one version bump if you are super lucky (eg 1.6 -> 2.2). This leaves you with hardware which have more computing power than the above mentioned P4 first generation without any chance to use software that can ensure your safety (malware, viruses, etc.) and usefulness (bugfixes, meh for restarting tablet every 2 hours when watching youtube). So you as consumer are in situation when you HAVE to buy a new phone if you want to be safe.

One can always buy the Google branded phones/tablets where the support is bit better, those machines get the updates for 2 years before you have to throw them away for new model (which is most ideal for american customer that gets new phone every two years for contract renewal) but still compared to laptops and PCs its huge waste of working resources.

The vendor not providing support is not such big deal by default if all their patches were included into the android core and drivers so anyone (eg. Cyanogenmod) would be able to just pick up where they stop and provide you support with their release. But on quite some HW it is not possible. Samsung does not provide drivers, Motorola locks bootloader (Yay and they are even bought by Google!)…

Multiuser support

Or actually no multiuser support at all.

On a phone it is not such biggie as you mostly don’t allow other people to mess with your phone but on tablet the situation is completely different. You want your kids or other relatives to mess with the thing and play some angry birds or whatever else they have full access to your contacts, history, credit card (if you used the play to buy something).

So basically the user management situation is similar to time around Windows 98 where there was just one login on the computer and everyone in family used that.

Instead of having nice and contained space for your own browsing history, naughty photos of your girlfriend, credit card data, contacts, … everything is meshed up together and you can’t ensure your own privacy there.

The only way out of this is probably looking forward to Vivaldi tablet (the KDE one, not sure if this is still the name) or buy one tablet per person.

Mutitasking

Android basically does not work in normal mutlitasking environment one is used to know from desktop computers. The core reason for this used to be not having enough RAM (really pointless at the point the devices have 1-2GB+).

So normaly everything you start is opened and runs in your background where you can switch between those up to the point you get out of memory. Then the unused processes start to be closed. This can be worked around by using some task manager to kill the apps you want to kill and not those least used, but it is external app and not system solution.

Also in some cases as android is separating the term app and process and multiple launched apps can share one process if you hang one you shoot down everything :-)

Summary

So that are the 3 itches I personaly have on Android. Let me know how do you feel about the platform in comments as I am interested how it is perceived by others. Maybe I am just paranoid or something…

October 09, 2012
Jeremy Olexa a.k.a. darkside (homepage, stats, bugs)
Departure is a Go (October 09, 2012, 23:40 UTC)

25 hours until I board the plane…

I am excited. So very excited to begin the adventure, to see the world, to assimilate other cultures. Oh, the possibilities.
I am nervous. Slightly nervous because I am leaving the comfortable safety of “being home.”
I am sad. Mostly sad to leave my family and friends. Of course, I won’t be off the grid, at all. And, I will be back! Eventually. Love you all, thanks for the well wishes!
I am apprehensive. I think once I land in Amsterdam, it will all fall into place. Until then..uhh, what? Where? I spent many hours down the rathole of tripadvisor last night on the Netherlands.. I can’t wait to take locals suggestions on where to go and what to see instead of googling for stuff.
I am … Everything. What a mix of thoughts going on..

Carpe diem. Here we go.

Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Kashi soft cereal bars – blackberry graham (October 09, 2012, 21:14 UTC)

Some time ago, I reviewed the cherry vanilla flavour of the Kashi soft cereal bars. Those same “Tasty Little Chewy” bars, as Kashi refers to them, come in a couple other flavours as well (strawberry and blackberry graham). I decided to try a box of the blackberry graham variety, since they sounded a bit more unusual than just your standard strawberry:

Kashi - Tasty Little Chewy soft cereal bar - blackberry graham

Like the cherry vanilla flavour, these bars are 35g, and have 3g of fat (none of which saturate). They do, however, have 10 more calories than the cherry vanilla flavour, so if you are VERY strictly counting calories, that might make a difference (but if 10 calories breaks you, you might need to re-examine your eating regimen :razz: ). Anyway, these bars are also very good and fairly filling despite their small size. Unlike the cherry vanilla ones, though, they have a texture that I don’t find as appealing. At first, I didn’t notice it, but after having a couple bites, I picked up on a slightly gritty consistency–likely from the graham in the crust. In terms of flavour, I like the blackberry, but didn’t find it to be as strong as it could have been. Also, it lacked the nuance of faint vanilla in the background, which is one of the elements that I really enjoyed about the others.

Overall, if you really enjoy blackberries, you might want to try this variety. Otherwise, I would recommend the cherry vanilla flavour over this one.

Cheers,
Zach

October 08, 2012
Theo Chatzimichos a.k.a. tampakrap (homepage, stats, bugs)
Bootstrapping Awesome: The Keynote speaker (October 08, 2012, 12:22 UTC)

The Keynote speaker for the Bootstrapping Awesome co-hosted conferences is going to be Agustin Benito Bethencourt. Agustin is currently working in Nuremberg, Germany as the openSUSE Team Lead at SUSE, and in the Free Software community he’s mostly known for his contributions to KDE and especially in the KDE eV. He is a very interesting guy, with a lot of experience about FOSS both from the community and the enterprise POV, which is also the reason I asked him to do the Keynote. I enjoy a lot working with him on organizing this conference, his experience is valuable. In this interview he talks a bit about himself, and a lot about the subject of his Keynote, the conference, openSUSE and SUSE, and about Free Software. The interview was done inside the SUSE office in Prague, with me being the “journalist” and Michal being the “camera-man”. Post-processing was done by Jos. More interviews from other speakers are about to come, so stay tuned! Enjoy!

I’m writing this post in italian language because it is intended only for italian people.

E’ da tempo che abbiamo messo su l’idea di lavorare su git per quanto riguarda la traduzione della documentazione gentoo da inglese a italiano.
Siamo già in tanti, ma se avessimo altri traduttori potremmo produrre molto di più.
Non sono richeste specifiche tecniche, se non un minimo di conoscenza della lingua inglese.

Riferimenti:
http://dev.gentoo.org/~ago/trads-it.xml
http://dev.gentoo.org/~ago/howtohelp.xml
http://www.gentoo.org/doc/it/xml-guide.xml

Se in questi documenti c’è qualcosa di poco chiaro, non esitate a contattarmi.

Chi è interessato a collaborare può scrivermi via mail all’indirizzo ago@gentoo.org aggiungendo possibilmente il tag [docs-it] ad inizio oggetto o semplicemente cliccando qui.

October 06, 2012
Liam McLoughlin a.k.a. hexxeh (homepage, stats, bugs)
Extra Life: Raspberry Pi Edition (October 06, 2012, 13:29 UTC)

So a good friend of mine James (@Nxxus) is taking part in Extra Life this year to raise money for charity. More specifically, they’re trying to raise money for Children’s Miracle Hospitals.

On the 20th October, he and two friends will be embarking on an epic 24-hour sponsored gaming marathon, where they’re aiming to complete every Sonic game they can get their hands on (currently at a total of 19!).

Now James has set a few targets for his campaign:

  • $200: Continuing past the 24 hours until they’ve finished every game on the list (livestreamed), unless there’s a medical reason they must stop
  • $500: Complete removal of his eyebrows (livestreamed)
  • $750: Dye his hair white (which he’s been growing for something like 5 years)

Now, because raising money for kids hospitals is awesome and seeing one of my best friends dye his hair white is icing on the cake, I’d like to help James out, by adding a fourth goal:

  • $1000: If we reach this amount, I’ll release the in-progress Raspberry Pi Chromium OS image. Be aware, it is VERY slow and unusable, but lots of folks have been asking me for it anyway, so here’s your chance to grab it. I’ll also join James live on his livestream on the 20th October for all to watch.

If anyone can suggest extra goals, things I could do to persuade people to donate, then I’m open to suggestions!

So, where do you donate? Click on the following link: http://goo.gl/eY8Ak

October 04, 2012
Arun Raghavan a.k.a. ford_prefect (homepage, stats, bugs)
PulseConf! (October 04, 2012, 08:41 UTC)

For those of you who missed it, your friendly neighbourhood PulseAudio hackers are converging on Copenhagen in a month to discuss, plan and hack on the future of PulseAudio.

We’re doing this for the first time, so I’m super-excited! David has posted details so if this is of interest to you, you should definitely join us!

October 01, 2012
Andreas K. Hüttel a.k.a. dilfridge (homepage, stats, bugs)
New dilution refrigerator arriving! (October 01, 2012, 18:31 UTC)

We've been waiting patiently for this for quite some time, but now, it seems, our brand new Oxford Instruments Kelvinox HA400 dilution refrigerator is about to arrive in our lab. Yay! The first two boxes are already there... and another seven, I've been told, are on the way from the UK.
The first picture on the right shows the main insert assembly, which is later dipped into a liquid helium-4 bath for precooling. (Remember, we're going to the millikelvin range, so liquid helium-4 at 4.2K is pretty hot.) The lower, copper-coated part of the insert is a vacuum can, the so-called IVC, and inside there, thermally shielded by the vacuum, all the ultra-low temperature cooling goes on. The lower end of this can finally with a slender tail fits into the 3" central bore of a small superconducting magnet. Some experiments which do not need a magnetic field can be conducted directly at the last cooling stage, others are mounted at the center of this tail, i.e. in the center of the magnet.
The second picture shows the actual main cooling circuit, the so-called dilution unit, which will be mounted into the vacuum can when the system is undergoing final assembly. The cooling process is based on the quantum mechanical properties of liquid helium-3 and helium-4 at temperatures below 0.9K; this particular model can reach temperatures down to 7mK (yes that's 0.007 degrees above the absolute zero of temperature). A simplified description of the process can be found on the dilution refrigerator wikipedia page. We'll post some more and nicer pictures once the final assembly is on the way...

September 30, 2012
Stuart Longland a.k.a. redhatter (homepage, stats, bugs)
Inverted DASA serial cable for AVR programming (September 30, 2012, 03:33 UTC)

Just thought I’d post this up here for “backup” purposes… lately I’ve been doing a lot of AVR programming, the first step of course was to procure a programmer for the devices.

The following is a schematic for the programmer I have built myself. It can be built out of scrap bits, none of the components are critical in value.

It gets its name as it is essentially identical to the “DASA” serial cables, only all the signals are inverted.  The inverting buffers serve to provide voltage level conversion along with crude tri-state functionality when the AVR device is not being programmed.

Inverted-"DASA" serial programming cable for AVR

Inverted-”DASA” serial programming cable for AVR

The design is released under the TAPR Open Hardware License.

September 29, 2012
Mike Gilbert a.k.a. floppym (homepage, stats, bugs)
Slot-operator deps for V8 (September 29, 2012, 03:11 UTC)

The recently approved EAPI 5 adds a feature called "slot-operator dependencies" to the package manager specification. Once these dependencies are implemented in the portage tree, the package manager will be able to automatically trigger package rebuilds when library ABI changes occur. Long-term, this will greatly reduce the need for revdep-rebuild.

If you are a Chromium user on Gentoo and you don't use portage-2.2, you have probably noticed that we are using the "preserve_old_lib" kludge so that your web browser doesn't break every time you upgrade the V8 Javascript library. This leaves old versions of V8 installed on your system until you manually clean them up. With slot-operator deps, we can eliminate this kludge since portage will have enough information to know it needs to rebuild chromium automatically. It's pretty neat.

I have forked the dev-lang/v8 and www-client/chromium ebuilds into my overlay to test this new feature; we can't really apply it in the main portage tree until a new enough version of portage has been stabilized. I will be maintaining the latest chromium dev channel release, plus a couple of versions of v8 in my overlay.

If you would like to try it out, you can install my overlay with layman -a floppym. Once you've upgraded to the versions in my overlay, upgrading/downgrading dev-lang/v8 should automatically trigger a chromium rebuild.

If you run into any issues, please file a bug.

September 28, 2012
Jeremy Olexa a.k.a. darkside (homepage, stats, bugs)
Bittersweet: Last day of work (September 28, 2012, 12:21 UTC)

I’m getting out of here in 12 days. 12…

Just taking a moment to reflect on my last day of work, today. Very mixed emotions because I’ve become friends with some of my colleagues. On one hand I am excited for the unknown future. However, also very uneasy about losing the stable income that I’ve enjoyed for the past…6 years. Salary does not correlate to happiness, though. I feel like my happiness potential is greater in my long run now. The funny thing about income, I’ve been saving very aggressively for this trip in the past 4 months, typically saving 60-70% of my income and still enjoying hobbies, friends, etc, so where the heck did it all go in the past??!? This is really enlightening, it makes me feel like I can do anything if I apply myself and have goals.

It is a very strange feeling quitting your first job. Most people are either fired or moving on to the next job. I’m doing neither. While I don’t see many of my colleagues moving on to future jobs, I do know that most of my peers are typically only at their jobs for 2-3 years before moving on. It is a very odd realization to notice that I was coasting in this job and it would be very easy to stay (dare I say, forever?).

I know there will always be something to do. It is more about the attitude than the situation, in my opinion. Off the top of my head, I can think of 2-3 gigs that I can do right now. Not to mention all the odd jobs out there.

Oh well, it will be interesting to see where the future lands me….

Paweł Hajdan, Jr. a.k.a. phajdan.jr (homepage, stats, bugs)
Debugging SELinux file context mismatches (September 28, 2012, 08:52 UTC)

I originally posted the question on gentoo-hardened ML, but Sven Vermeulen advised me to file a bug, so there it is: bug #436474.

The problem I hit is that my ~/.config/chromium/ directory should have unconfined_u:object_r:chromium_xdg_config_t context, but it has unconfined_u:object_r:xdg_config_home_t instead.

I could manually force the "right" context, but it turned out even removing the directory in question and allowing the browser to re-create it still results in wrong context. Looks like something deeper is broken (maybe just on my system), and fixing the root cause is always better. After all, other people may hit this problem too.

Here is what error messages appear on chromium launch:


$ chromium
[2557:2557:1727940797:ERROR:process_singleton_linux.cc(263)] Failed to
create /home/ph/.config/chromium/SingletonLock: Permission denied
[2557:2557:1727941544:ERROR:chrome_browser_main.cc(1552)] Failed to
create a ProcessSingleton for your profile directory. This means that
running multiple instances would start multiple browser processes rather
than opening a new window in the existing process. Aborting now to avoid
profile corruption.

And SELinux messages:

# audit2allow -d
#============= chromium_t ==============
allow chromium_t xdg_config_home_t:file create;
allow chromium_t xdg_config_home_t:lnk_file { read create };

[ 107.872466] type=1400 audit(1348505952.982:67): avc: denied { read
} for pid=2166 comm="chrome" name="SingletonLock" dev="sda1" ino=522327
scontext=unconfined_u:unconfined_r:chromium_t
tcontext=unconfined_u:object_r:xdg_config_home_t tclass=lnk_file
[ 107.873916] type=1400 audit(1348505952.983:68): avc: denied {
create } for pid=2178 comm="Chrome_FileThre"
name=".org.chromium.Chromium.ZO3dGF"
scontext=unconfined_u:unconfined_r:chromium_t
tcontext=unconfined_u:object_r:xdg_config_home_t tclass=file

If you have any ideas how to further debug it, or how to solve it, please share (e.g. comment on the bug or send me an e-mail). Thanks!

September 27, 2012
Sven Vermeulen a.k.a. swift (homepage, stats, bugs)
git patch apply (September 27, 2012, 18:45 UTC)

I recently had to merge the changes made to an upstream project with a local repository. I took out the changes as patches through git format-patch (as the local repository isn’t a clone of the remote one so I couldn’t just create a branch and merge) and hoped to apply them with git am. Sadly, trying this resulted in an error equivalent with:


error: test.txt: does not match index

Git suggested to fix the index, and then continue with git am --resolved. But what the … does it mean with fixing the index? Basically, it means that the change needs to be recorded by git in order to be applied, but why does the patch fail to recognize this? The test.txt file exists and is known by git.

After some searching, I found a way to handle this – it might not be pretty, but it did the trick, and I succesfully merged about 200 commits in an hour or so. You can see this post as a “backup” for my memory ;-)

First of all, I tried to apply the patch using git am 0001-some-stuff.patch. If it succeeds, continue. If it doesn’t, apply the patch manually using patch < 0001-some-stuff.patch. Then make sure that the changed files (see git status) are taking part of the commit (use git add). When the changes are made and recorded, run git am --resolved. Or if you want to discard it, make sure no changes are made/recorded and run git am --skip.

That’s it. Some scripting made this a whole lot easier. Check the return code of git am. If it is zero, continue with the next patch. If it isn’t, run patch and again check for the return code. If it is zero, remove all *.orig files (or change the patch command so it doesn’t write orig files), add all (changed) files to the git index and run git am --resolved. And if the patch fails, have the user fix things manually and continue.

Theo Chatzimichos a.k.a. tampakrap (homepage, stats, bugs)
Bootstrapping Awesome: FAQ (September 27, 2012, 12:04 UTC)

All common questions regarding travelling, transportation, event details, sightseeing and much more, in this Frequently Asked Questions page. Feel free to ask more questions, so we can include them in the FAQ and make it more complete

David Abbott a.k.a. dabbott (homepage, stats, bugs)
epatch_user to the rescue ! (September 27, 2012, 09:38 UTC)

I was updating one of my boxens and ran into Bug 434686. In the bug Martin describes the simple way we as users can apply patches to packages that fail from bug fixes. This post is more than anything a reminder for me on how to do it. epatch_user has been blogged about before, dilfridge talks about it and says "A neat trick for testing patches in Gentoo (source-based distros are great!)".

As Martin explained in the bug and with the patch supplied by Liongene, here is how it works!

# mkdir -p /etc/portage/patches/net-print/cups-filters-1.0.24
# wget -O /etc/portage/patches/net-print/cups-filters-1.0.24/cups-filters-1.0.24-c++11.patch 'https://434686.bugs.gentoo.org/attachment.cgi?id=323788'
# emerge -1 net-print/cups-filters

Now that is cool :)

September 26, 2012
Zack Medico a.k.a. zmedico (homepage, stats, bugs)
Experimental EAPI 5-hdepend (September 26, 2012, 05:04 UTC)

In portage-2.1.11.22 and 2.2.0_alpha133 there’s support for expermental EAPI 5-hdepend which adds the HDEPEND variable which is used to represent build-time host dependencies. For build-time target dependencies, use DEPEND (if the host is the target then both HDEPEND and DEPEND will be installed on it). There’s a special “targetroot” USE flag that will be automatically enabled for packages that are built for installation into a target ROOT, and will otherwise be automatically disabled. This flag may be used to control conditional dependencies, and ebuilds that use this flag need to add it to IUSE unless it happens to be included in the profile’s IUSE_IMPLICIT variable.

For those who may not be familiar with the history of HDEPEND, it was originally suggested in bug #317337. That was in 2010, and later that year there was some discussion about it on the chromium-os-dev mailing list. Recently, I suggested on the gentoo-dev mail list that it be included in EAPI 5, but it didn’t make it in. Since then, there’s been some renewed effort , and now the patch is included in mainline Portage.

September 25, 2012

Goverments and companies keep approaching Google to “forget” certain URLs with the result of millions of URLs being removed from the search index per month, according to Google itself (see links earlier).

Now if you happen to blog about a risky topic, your blog posts (or any other kind of web page) may be removed from the Google search index without early notice. So you may want to know if (some of) your content still can be found easily.

My approach would be to

  1. Generate some random checksum (e.g. a SHA1, see below)
  2. Make sure that this checksum does not get any hits on Google, yet
  3. Embed the checksum in the post somewhere, maybe at the front or the very end
  4. Search for that checksum every few days
  5. If the result shows the post of yours it must be contained in the search index, i.e. it has not been censored
  6. (Automate the previous step)

On Linux I run

# cat /proc/sys/kernel/random/uuid | sha1sum
8f6a8cfc66bc3523eac19b1402568bc2ae7950ae -

to make a checksum for this very blog post. As it’s part of the post already, I can omit adding it to the end once more, neat :-)

I hope this technique works for someone. Good luck.

Jeremy Olexa a.k.a. darkside (homepage, stats, bugs)
Dropping Celluar, Using Google Voice only (September 25, 2012, 14:43 UTC)

For years, I’ve used Google Voice to handle my voicemail instead of the carrier solution. About 4 weeks ago I ported my cell phone number to Google Voice. Google Voice is just another VOIP carrier that has free SMS/calls to and from numbers in the US. The international rates seem good too.

Some of my personal pro’s/con’s:

  • Simple web interface to use, integrated Google Contacts with my google account. Easy.
  • Voicemail service. Free.
  • Single phone number. Don’t need to try to get people to use a new number (Have you ever done that? It is a really difficult task)
  • Save $1000/yr by not having a cell phone contract. As alluded to here.
  • I must be around two things to use my phone number: a) computing device, b) wifi
  • Wifi voice calling is somewhat sketchy, I’m not sure if it is the app on my iPad or the wifi service? Regardless, I don’t prefer voice calls anyway. I’d rather use skype or facetime.
  • If I do get a call, I will probably miss it since I am not “wearing” my cell phone anymore. However, I can easily return the call without too much latency, if I want.
  • Slightly less convenient when trying to meet people and/or finding directions to someplace (need to plan ahead better)

I did setup a US-based VPN so I’m guessing that I will be able to use this service outside the US in the near future too. Of course, I can’t test that scenerio, yet.

Overall, I would recommend porting to Google Voice if the above list seems logical to you. If I really needed a better mobile solution (which I don’t) I would consider getting a pay-as-you-go/prepaid phone which would cost less than half per year and still port my number. I don’t want to be bound to a contract, and really, I haven’t yet found why a cell phone is needed in these past 4 weeks. I use to think it was crazy to go without a cell phone but now I’ve changed my tone..

September 24, 2012
Richard Freeman a.k.a. rich0 (homepage, stats, bugs)
Gentoo EC2 Tutorial / Bootstrapping (September 24, 2012, 14:20 UTC)

I want to accomplish a few things with this post.

First, I’d like to give more attention to the work recently done by edowd on Bootstrapping Gentoo in EC2.

Second, I’d like to introduce a few enhancements I’ve made on these (some being merged upstream already).

Third, I’d like to turn this into a bit of a tutorial into getting started with EC2 as well since these scripts make it brain-dead simple.

I’ve previously written on building a Gentoo EC2 image from scratch, but those instructions do not work on EBS instances without adjustment, and they’re fairly manual. Edowd extended this work by porting to EBS and writing scripts to build a gentoo install from a stage3 on EC2. I’ve further extended this by adding a rudimentary plugin framework so that this can be used to bootstrap servers for various purposes – I’ve been inspired by some of the things I’ve seen done with Chef and while that tool doesn’t fit perfectly with the Gentoo design this is a step in that direction.

What follows is a step-by-step howto that assumes you’re reading this on Gentoo and little else, and ends up with you at a shell on your own server on EC2. Those familiar with EC2 can safely skim over the early parts until you get to the git clone step.

  1. To get started, go to aws.amazon.com, and go through the steps of creating an account if you don’t already have one. You’ll need to specify payment details/etc. If you buy stuff from amazon just use your existing account (if you want), and there isn’t much more than enabling AWS.
  2. Log into aws.amazon.com, and from the top right corner drop-down under either your name or My Account/Console choose “Security Credentials”.
  3. Browse down to access credentials, click on the X.509 certificate tab, generate a certificate, and then download both the certificate and private key files. The web services require these to do just about anything on AWS.
  4. On your gentoo system run as root emerge ec2-ami-tools ec2-api-tools. This installs the tools needed to script actions on EC2.
  5. Export into your environment (likely via .bashrc) EC2_CERT and EC2_PRIVATE_KEY. These should contain the paths to the files you created in the previous step. Congratulations – any of the ac2-api-tools should now work.
  6. We’re now going to checkout the scripts to build your server. Go to an empty directory and run git clone git://github.com/rich0/rich0-gentoo-bootstrap.git -b rich0-changes.
  7. chdir to the repository directory if necessary, and within it run ./setup_build_gentoo.sh. This creates security zones and ssh keys automatically for you, and at the end outputs command lines that will build a 32 or 64 bit server. The default security zone will accept inbound connections to anywhere, but unless you’re worried about an ssh zero-day that really isn’t a big deal.
  8. Run either command line that was generated by the setup script. The parameters tell the script what region to build the server in, what security zone to use, what ssh public key to use, and where to find the private key file for that public key (it created it for you in the current directory).
  9. Go grab a cup of coffee – here is what is happening:
    1. A spot request is created for a half decent server to be used to build your gentoo image. This is done to save money – amazon can kill your bootstrap server if they need it, and you’ll get the prevailing spot rate. You can tweak the price you’re willing to pay in the script – lower prices mean more waiting. Right now I set it pretty high for testing purposes.
    2. The script waits for an instance to be created and boot. The build server right now uses an amazon image – not Gentoo-based. That could be easily tweaked – you don’t need anything in particular to bootstrap gentoo as long as it can extract a stage3 tarball.
    3. A few build scripts are scp’ed to the server and run. The server formats an EBS partition for gentoo and mounts it.
    4. A stage3 and portage snapshot are downloaded and extracted. Portage config files (world, make.conf, etc) are populated. A script is created inside the EBS volume, and executed via chroot.
    5. That script basically does the typical handbook install (emerge sync, update world (which has all the essentials in it like dhcpcd and so on), build a kernel, configure rc files, etc.
    6. The bootstrap server terminates, leaving behind the EBS volume containing the new gentoo image. A snapshot is created of this image and registered as an AMI.
    7. A micro instance of the AMI is launched to test it. After successful testing it is terminated.
  10. After the script is finished check the output to see that the server worked. If you want it outputs a command line to make the server public – otherwise only you can see/run it.
  11. To run your server go to aws.amazon.com, sign in if necessary, browse to the EC2 dashboard. Click on AMIs on the left side, select your new gentoo AMI, and launch it (micro instances are cheap for testing purposes). Go to instances on the left side and hit refresh until your instance is running. Click on it and look down in the details for the public DNS entry.
  12. To connect to your instance run ssh -i <path to pem file in your bootstrap directory> ec2-user@<public DNS name of your server>. You can sudo to root (no password).

That’s it – you have a server in the cloud. When you’re done be sure to clean up to avoid excessive charges (a few cents an hour can add up). Check the instances section and TERMINATE (not stop) any instances that are there. You will be billed by the month for storage so de-register AMIs you don’t need and go to the snapshot section and delete their corresponding snapshots.

Now, all that is useful, but you probably want to tailor your instance. You can of course do that interactively, but if you want to script it check out the plugins in the plugin directory. Just add a path to a plugin file at the end of the command line to build the instance and it will tailor your image accordingly. I plan to clean up the scripts a bit more to move anything discretionary into the plugins (you don’t NEED fcron or atop on a server).

The plugins/desktop plugin is a work in progress, but I think it should work now (takes the better part of a day to build). It only works 32-bit right now due to the profile line. However, if you run it you should be able to connect with x2goclient and have a KDE virtual desktop. A word of warning – a micro instance is a bit underpowered for this.

And on a side note, if somebody could close bugs 427722 and 423855 that would eliminate two hacks in my plugin. The stable NX doesn’t work with x2go (I don’t know if it works for anything else), and the stable gst-plugins-xvideo is missing a dependency. The latter bug will bite anybody who tries to install a clean stage3 and emerge kde-meta.

All of this is very much a work in progress. Patches or pull requests are welcome, and edowd is maintaining a nice set of up-to-date gentoo images for public use based on his scripts.


Filed under: foss, gentoo, linux

September 22, 2012
Zack Medico a.k.a. zmedico (homepage, stats, bugs)
preserve-libs now available in Portage 2.1 branch (September 22, 2012, 05:22 UTC)

EAPI 5 includes support for automatic rebuilds via the slot-operator and sub-slots, which has potential to make @preserved-rebuild unnecessary (see Diego’s blog post regarding symbol collisions and bug #364425 for some examples of @preserved-rebuild shortcomings). Since this support for automatic rebuilds has potential to greatly improve the user-friendliness of preserve-libs, I have decided to make preserve-libs available in the 2.1 branch of portage (beginning with portage-2.1.11.20). It’s not enabled by default, so you’ll have to set FEATURES=”preserve-libs” in make.conf if you want to enable it. After EAPI 5 and automatic rebuilds have gained widespread adoption, I might consider enabling preserve-libs by default.

September 20, 2012
Zack Medico a.k.a. zmedico (homepage, stats, bugs)

In portage-2.1.11.19 and 2.2.0_alpha130 there’s support for EAPI 5, which implements all of the features that were approved by the Gentoo Council for EAPI 5. There are no differences since EAPI 5_pre2.

Paweł Hajdan, Jr. a.k.a. phajdan.jr (homepage, stats, bugs)
Stabilization hiccup with dev-perl/net-server-2.6.0 (September 20, 2012, 15:35 UTC)

What happened?

Sep 13th I stabilized net-analyzer/munin-2.0.5-r1 (security bug #412881). I use automated repoman checks and USE="-ipv6", and everything was fine at the time I committed the stabilization (also, see no mention of net-server in that security bug).

Sep 14th Seraphim Mellos filed bug #434978 about munin pulling in ~arch net-server.

Sep 16th x86@ team has been re-added to security bug #412881. Meanwhile Mr_Bones_ pinged me on irc. Also, Diego Elio Pettenò (flameeyes) filed bug #435242 against repoman not catching the dependency problem.

Sep 17th I stabilized dev-perl/net-server-2.6.0 on x86, fixing the immediate problem.

Sep 18th the repoman fix has been released in portage-2.1.11.18 and 2.2.0_alpha129.

Now the only remaining thing to do is pushing the portage/repoman fix to stable. I especially like how quickly the fix for root cause (repoman check) has been produced and released.

September 18, 2012
Jeremy Olexa a.k.a. darkside (homepage, stats, bugs)
Gentoo: IPSec, L2TP VPN for iOS (September 18, 2012, 13:07 UTC)

There are thousands of guides out there on this subject, however I still struggled to set up an IPSEC VPN at first. This is a HOWTO for my own benefit – maybe someone else will use it too. I struggled because most of the guides involved setting up the VPN on a NAT’d host and connecting to the VPN inside the network. I didn’t do that on my linode, which has a static public IP.

My objectives were clear:

  1. Create a connection point that was semi-secure while connecting to open wifi networks
  2. Bypass some “You are not in the US” restrictions while on the road

Step 1: Install applications, net-misc/openswan, net-dialup/xl2tpd
Step 2: Configure openswan:

# cat /etc/ipsec.conf 
config setup
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.152.2.0/24
    oe=off
    protostack=auto

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
    left=1.1.1.1
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    dpddelay=15
    dpdtimeout=30
    dpdaction=clear
# cat /etc/ipsec.secrets
1.1.1.1 %any: PSK "TestSecret"

Where 1.1.1.1 is your public eth0 address and 10.152.2.0 is the subnet that xl2tpd will assign IPs from (can be anything, I picked this at the advice of a guide because it is unlikely to be assigned from a router on a public network)

Step 3: Configure xl2tpd:

# cat /etc/xl2tpd/xl2tpd.conf
[global]
ipsec saref = no

[lns default]
ip range = 10.152.2.2-10.152.2.254
local ip = 10.152.2.1
require chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

The local IP must be inside the subnet but outside the IP range above.

# cat /etc/ppp/options.xl2tpd
refuse-mschap-v2
refuse-mschap
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
lock
hide-password
local
#debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

The ms-dns lines are configurable to any DNS server you have access to.

# cat /etc/ppp/chap-secrets
# Format:
# client server secret IP-addresses
#
# Two lines are needed since it is two-sided auth
test l2tpd testpass *
l2tpd test testpass *

Step 4: Configure kernel parameters (sysctl)

# cat /etc/sysctl.conf
# only values specific for ipsec/l2tp functioning are shown here. merge with
# existing file
# iPad VPN
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1

Remember that sysctl.conf is evaluated at boot so run sysctl -p to get the settings enabled now as well.

Step 5: Configure firewall (iptables):
This is the critical step that I wasn’t grokking from the existing guides in the wild. Even when bringing the firewall down to test, you need the NAT/forwarding rules:

# iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -s 10.152.2.0/24 -j ACCEPT
# iptables -A FORWARD -j REJECT
# iptables -t nat -A POSTROUTING -s 10.152.2.0/24 -o eth0 -j MASQUERADE

Step 6: Configure the device/client:
Settings -> General -> Network -> VPN -> Add VPN Configuration

L2TP
Description: Description
Server: 1.1.1.1 (or the hostname)
Account: test
RSA SecurID=OFF
Password: testpass
Secret: TestSecret
Send All Traffic=On

Step 7: Verify it works by going to some IP display webpage and it should show 1.1.1.1

Conclusion: The above examples should be enough to get the VPN working. There are some tweaking oppurtunities that I didn’t document or elaborate on. There is plenty of examples out there to look at or research, however. This was all setup without the firewall configuration and the client would connect but there would be no onward internet activity. It acted just like there was a invalid DNS server configured, at that point I looked into setting up a NAT, dnsmasq on the local interface, and other wierd things. In the end, just needed to forward the traffic properly.

With that knowledge of the firewall issue, the ultimate instructions would probably be this page: https://www.openswan.org/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd

September 17, 2012
Steve Dibb a.k.a. beandog (homepage, stats, bugs)
the gospel of simplicity (September 17, 2012, 06:40 UTC)

I had an interesting thought tonight.  ”Lord, I want to join the battle.”  I love working with youth, talking to them, helping them out the best I can.  The thing that worries the most is not the decisions that they’ll make, but rather that I haven’t prepared myself enough.  I want to be spiritually ready all the time, to be up to any challenge that comes my way.  That’s a pretty tall order.  When I feel like I need to reach that lofty goal, I start to think of big ways to change my life, and how to get there amazingly fast.

What I’m having to learn over and over is that the the gospel is not about moments of energy and excitement.  It’s not big projects that need to be undertaken, or major changes to my schedule.  It’s not zealotry or extreme attitudes.  Instead, it’s about making a decision, day by day, to follow Christ.

Like many Christians, I wear a cross.  It’s a necklace that I put on every morning before I head out for the day.  I don’t have to put it on, but as I do, it’s a really personal reminder that I’m making a choice — that, yes, this is something I want to do, and take it upon myself willingly.  And what’s cool is that I have to make that decision every day — not as a group, but individually.  Every morning I make the choice.

I still have the habit of wanting to jump into things with full heart and spirit, and at times get almost a patriotic pledge to do more.  I think of big changes I can make so that I’m somehow getting more spirituality into my life.  It starts to become a project, some huge overreaching goal that I can build with lots of effort and work.  This leads problem that I will start to think there is something “special” out there that I should be doing, to find that extra measure of spiritual input.  Big goals require big commitments, which leads to big changes.  Rip out all the old stuff, and put in the new.  Everything old must go. There’s some method out there to tap this great well of spiritual power that I haven’t found yet, some secret sauce that the Lord will reveal to me as I push with so much effort and drive.

However, that is going about it the wrong way.  I love how the Lord puts things into perspective.  From Matthew 24:

26. Wherefore if they shall say unto you, Behold, he is in the desert; go not forth: behold, he is in the secret chambers; believe it not.

There are no secret angles, no shortcuts, no hidden mysteries for only a select few to find.  I do not need to go out into the desert, something that would take a lot of resources and dedication — somewhere only a few could go if they had the right equipment, stamina, and drive.

Instead, He has made it clear that it is the basic principles of the gospel, that all men, women and children can exercise, where they are.  Consider, for example, taking the basics to a higher level over time as you make it a part of your life.

Prayer is the simple act of talking to God.  Reading the scriptures is having God talk to me.  Fasting teaches self-control.  Like any skill, I can improve, and do better over time.  Instead of saying token prayers, I can learn how to calmly and quietly express my soul to God, and know that he hears.  Instead of reading the scriptures out of a sense of duty and daily obligation, I can study them and look more closely, trying to understand God’s will.

The basics, if expanded on, can bring about great results.  I know that that’s true, because as I decrease or increase in those simple things, I can notice a difference.

My crazy mind still likes to flirt with the idea that there is some great knowledge that I need to acquire before I can commit.  A nebulous mass of content that I must completely understand before I can move forward.

Again, the Lord puts things into perspective, making it so much simpler:

13. Enter ye in at the strait gate: for wide is the gate, and broad is the way, that leadeth to destruction, and many there be which go in thereat:
14. Because strait is the gate, and narrow is the way, which leadeth unto life, and few there be that find it.

The way that I read this is that my task  is to enter into the gate that leads unto eternal life.  He doesn’t say anything about winning the race, or how fast I should be going, or how soon I need to get there.  At the very beginning, He just wants me to go in the right direction.

It’s not hard to make that choice, but it’s hard for me to understand and accept that it’s so simple.  It really is, though, and when I think about how easy it is, I realize that it’s something I can do.  And the Holy Ghost confirms to me that it is true.  I like the Lord’s way much better than mine.


September 14, 2012
Theo Chatzimichos a.k.a. tampakrap (homepage, stats, bugs)
Bootstrapping Awesome: room names (September 14, 2012, 16:36 UTC)

As you probably have seen in the schedule, we have multiple room that have ugly names from university like 107, 155 or 349. We would like to rename them during the conference so people can remember them more easily. So try your creativity and send us some ideas!

September 13, 2012
Theo Chatzimichos a.k.a. tampakrap (homepage, stats, bugs)
Bootstrapping Awesome: The schedule (September 13, 2012, 14:47 UTC)

The Call for Papers has ended and the schedule is now up for the four in one event that is gonna take place soon in Prague. The full schedule of all the co-hosted conferences can be found here! Don’t forget to register!

Gentoo Miniconf: It will take place on Saturday and Sunday with a plethora of amazing talks by experienced Developers and Contributors, all around Gentoo, targeting both desktop and server environments!

On Saturday morning Fabian Groffen, Gentoo Council member, along with Robin H. Johnson, member of the Board of Trustees, will give us a quick view of how those two highest authorities manage the whole project. Afterwards there are going to be a few talks regarding various topics, like managing your home directory, the KDE team workflow, the important topic of Security and a benchmarking suite, all performed by important people for the project. A cool Catalyst workshop will be next, followed by a workshop regarding Gentoo Prefix, and at the end we’re going to participate on BoFs regarding the Infrastructure and the Gentoo PR, which will cover hot topics, like the Git migration and our website. 

On Sunday we’ll see how a large company (IsoHunt) uses Gentoo, the tools it has developed and the problems it has encountered. Then, a cool talk about 3D games and graphic performance is going to take place, followed by a presentation on SHA1 and OpenPGP, which is the precursor of the Key Signing Party!! The second part of the Catalyst workshop is next, along with a Puppet workshop. At the end there are again two BoFs, the first about automated testing and the second about how we can grab more contributors and enlarge our cool project.

And a sneak peek on the other co-hosted conferences:

Future Media, which will be held on Saturday is a special feature track talking about the influence of developments in technology, social media and design on society. It will have talks like the future of Wikipedia and Open Data in general by Lydia Pintscher or using FOSS and open hardware for disaster relief by Shane Couglan.

The first day in the openSUSE Conference, Michael Meeks will tell you all aboutwhat’s new in LibreOffice, Klaas Freitag will give everyone a peek under the hood of ownCloud and for the more technical users, Stefan Seyfried will show you how to crash the Linux Kernel for fun and backtraces. Saturday night there’ll be a good party and the next day musician Sam Aaron will talk about Zen and how to Live Program music like he did during the party. Later, Libor Pecháček will explain the process of getting software from the community into commercial enterprises and at the end of the day Miguel Angel Barajas Watson will show us how a computer could win Jeopardy using SUSE, Power and Hadoop. The openSUSE event continues on Monday and Tuesday with many workshops and BoF sessions planned as well as a few large-room discussions about the future of the openSUSE development- and release process.

On Saturday the LinuxDays track features a number of Czech talks like an introduction to Gentoo by Tomáš Chvátal with his talk titled “if it moves, compile it!” (‘Pokud se to hýbe, zkompiluj to!’). Fedora is represented by Jiří Eischmann & Jaroslav Řezník later in the day. There also few real ninja-style talks about low-level programming like Petr Baudiš about low level programming and Thomas Renninger on modern CPU power usage monitoring (these both are in English). During the Saturday there will also be track of graphics workshops in Czech (Gimp, Inkscape, Scribus) followed by a 3D printing workshop (reprap!). Sunday is kicked of by Vojtěch Trefný explaining how to use Canonical’s Launchpad as a place to host your project (CZ). Those interested in networking will be taken care off by Pavel Šimerda (news from Linux Networking) and Radek Neužil who explains how to use networks securely (both CZ). You can also learn all about how to set up a Linux desktop/server solution for educational purposes (EN) and follow Vladimír Čunát talking about NixOS and the unique package manager this OS is build on. The LinuxDays track will be closed by Petr Krčmář (chief editor of root.cz) and Tomáš Matějíček (author of Slax) talking about future of Slax (CZ).

Find your way to your favorite talks. Come on, it’s easy!

September 12, 2012
Steve Dibb a.k.a. beandog (homepage, stats, bugs)
simpsons treehouse of horror buying guide (September 12, 2012, 23:52 UTC)

Note: I found this in my drafts of old posts, and this one never got published.  I wrote it in October of 2011, so the list may have changed a bit since then.

For those of you who know me, I really don’t like TV or movies with violence or gore in them. Yet, somehow, I am totally fascinated by them. Oddly enough, I’ll read all about horror movies and slasher flicks sometimes, and never watch them. I think part of the reason is I get *really* scared by them. Anyway. I especially love the Simpsons Treehouse of Horror episodes, because they are just awesome, and not as hardcore.

I promised my little brother that I’d get some for Halloween for us to watch. I don’t think he’s seen any of them. Edit: I showed him some last year. :)

Being the collector type that I am, I did some research, and lo and behold, FOX has released these in the most backwards incomplete way possible. In short, of the 21 seasons available to buy of the Simpsons, 17 of them are available to purchase, either through Amazon Video or DVD.

What’s crazy is that while Amazon Video sells them in “seasons”, they are really just totally random episodes thrown together. On top of that, the one DVD that is available is also episodes from random seasons, and two of them crossover with what is packaged in season 2 on Amazon Video. The rest, you can buy individually from the Simpsons seasons on Amazon Video.

It’s confusing, I know, but here’s how they released them:

Treehouse of Horror – Season One:
1990 I
1993 IV
1996 VII
1999 X
2002 XIII
2005 XVI

Treehouse of Horror – Season Two:
1991 II
1994 V
1997 VIII
2000 XI
2003 XIV
2006 XVII

Treehouse of Horror – DVD:
1994 V
1995 VI
1996 VII
2001 XII

So, for the crazy completist in your life, I’ve organized them in correct chronological order, with the link of how to buy them. Ultimately, you’re going to have to get them all this way, both seasons plus the DVD, regardless of crossover, if you want the most complete amount of episodes.

01: ssn1
02: ssn2
03: N/A
04: ssn1
05: ssn2, DVD
06: ssn2, DVD
07: DVD
08: ssn2
09: N/A
10: ssn1
11: ssn2
12: DVD
13: ssn1
14: ssn2
15: N/A
16: ssn1
17: ssn2
18: N/A
19: indy
20: indy
21: indy


blogs (September 12, 2012, 23:34 UTC)

So, I’ve realized that I made a mistake in splitting out this blog into two more (my working with teenagers one and my scriptures one).  The reason being that, the other two felt like I had to have these nicely crafted blog posts put together.  That kinda sucks.  It puts pressure on me to come up with something nice, and more importantly, it doesn’t allow me to explore at all.  In other words, make mistakes, and talk about stuff I’m researching versus delivering a final draft.

I think I’m gonna retain my other two blogs, but just put revised posts there, and go back to the old way here.


Zack Medico a.k.a. zmedico (homepage, stats, bugs)
Experimental EAPI 5_pre2 (September 12, 2012, 08:47 UTC)

In portage-2.1.11.16 and 2.2.0_alpha127 there’s support for EAPI 5_pre2, which implements all of the features that were approved for EAPI 5 in the Gentoo Council meeting on September 11. The only difference from EAPI 5_pre1 is that the “user patches” feature has been removed.

September 11, 2012
Josh Saddler a.k.a. nightmorph (homepage, stats, bugs)
initramfs documentation updates (September 11, 2012, 23:31 UTC)

i just finished hacking on our XML for the month. several months ago, sven mentioned the changes needed to get the handbooks updated with initramfs/initrd instructions for separate /usr partitions. it took me a few hours, but i finally closed bug numbers 415175, 434550, 434554, and 434732. thanks to raúl for the patches.

i initially started putting in the patches as-is, but then i noticed that the initramfs descriptions were just copied from the x86+amd64 handbook. so, i stripped them out, and rewrote them as an included section common to all affected architecture handbooks. that <include> is then dynamically inserted by our XML processor, dropping the instructions into the appropriate place, so that there’s no extraneous text duplication.

the raw handbook XML looks something like this:

<pre caption="Installing the kernel">
# <i>cp arch/<keyval id="arch-sub"/>/boot/bzImage /boot/<keyval id="kernel-name"
/></i>
</pre>

</body>
</subsection>
<subsection>
<include href="hb-install-initramfs.xml"/>
</subsection>

</section>

that bit about include href="hb-install-initramfs.xml" fills in the next subsection with whatever we put in the hb-install-initramfs.xml include, which is never viewed by itself. little tricks like this make it much easier to maintain the documentation…we make one change to an include, and it’s propagated to all documents that use it. same goes for things like <keyval> — that variable is set elsewhere in our documentation, so that as kernel versions or ISO sizes change, we can update that value in one place (handbook-$ARCH.xml). every instance of the variable is automatically filled in when you view the handbook in your web browser.

not to say everything was smooth sailing while updating the handbooks…i ran into a few snags. i figured out why my initial commit attempts were blocked by our pre-commit hooks: it’s not that the xml interpreter was giving me spurious errors on each check. (“why you blocking me? i’m head of the project! DON’T YOU KNOW WHO I AM?!”) instead, i forgot a slash in a </body> element. THAT ruined the next 300 lines of code. solution: fix, re-run xmllint --valid --noout, add commit message, push to CVS.

the handbooks are now all set for the new initramfs/initrd mojo for those poor, poor souls mounting /usr on a separate partition/disk. my own partition layout is much simpler; i’ve never needed an initramfs.

September 10, 2012
Steve Dibb a.k.a. beandog (homepage, stats, bugs)

I regularly use monit to monitor services and restart them if needed (and possible).  An issue I’ve run into though with Gentoo is that openrc doesn’t act as I expect it to.  openrc keeps it’s own record of the state of a service, and doesn’t look at the actual PID to see if it’s running or not.  In this post, I’m talking about apache.

For context, it’s necessary to share what my monit configuration looks like for apache.  It’s just a simple ‘start’ for startup and ‘stop’ command for shutdown:

check process apache with pidfile /var/run/apache2.pid start program = “/etc/init.d/apache2 start” with timeout 60 seconds stop program = “/etc/init.d/apache2 stop”

When apache gets started, there are two things that happen on the system: openrc flags it as started, and apache creates a PID file.

The problem I run into is when apache dies for whatever reason, unexpectedly.  Monit will notice that the PID doesn’t exist anymore, and try to restart it, using openrc.  This is where things start to go wrong.

To illustrate what happens, I’ll duplicate the scenario by running the command myself.  Here’s openrc starting it, me killing it manually, then openrc trying to start it back up using ‘start’.

# /etc/init.d/apache2 start
# pkill apache2
# /etc/init.d/apache2 status
* status: crashed
# /etc/init.d/apache2 start
* WARNING: apache2 has already been started

You can see that ‘status’ properly returns that it has crashed, but when running ‘start’, it thinks otherwise.  So, even though an openrc status check reports that it’s dead, when running ‘start’ it only checks it’s own internal status to determine it’s status.

This gets a little weirder in that if I run ‘stop’, the init script will recognize that the process is not running, and reset’s openrc’s status to stopped.  That is actually a good thing, and so it makes running ‘stop’ a reliable command.

Resuming the same state as above, here’s what happens when I run ‘stop’:

# /etc/init.d/apache2 stop
* apache2 not running (no pid file)

Now if I run it again, it checks both the process and the openrc status, and gives a different message, the same one it would as if it was already stopped.

# /etc/init.d/apache2 stop
* WARNING: apache2 is already stopped

So, the problem this creates for me is that if a process has died, monit will not run the stop command, because it’s already dead, and there’s no reason to run it.  It will run ‘start’, which will insist that it’s already running.  Monit (depending on your configuration) will try a few more times, and then just give up completely, leaving your process completely dead.

The solution I’m using is that I will tell monit to run ‘restart’ as the start command, instead of ‘start’.  The reason for this is because restart doesn’t care if it’s stopped or started, it will successfully get it started again.

I’ll repeat my original test case, to demonstrate how this works:

# /etc/init.d/apache2 start
# pkill apache2
# /etc/init.d/apache2 status
* status: crashed
# /etc/init.d/apache2 restart
* apache2 not running (no pid file)
* Starting apache2 …

I don’t know if my expecations of openrc are wrong or not, but it seems to me like it relies on it’s internal status in some cases instead of seeing if the actual process is running.  Monit takes on that responsibility, of course, so it’s good to have multiple things working together, but I wish openrc was doing a bit more strict checking.

I don’t know how to fix it, either.  openrc has arguments for displaying debug and verbose output.  It will display messages on the first run, but not the second, so I don’t know where it’s calling stuff.

# /etc/init.d/apache2 -d -v start
<lots of output>
# /etc/init.d/apache2 -d -v start
* WARNING: apache2 has already been started

No extra output on the second one.  Is this even a ‘problem’ that should be fixed, or not?  That’s kinda where I’m at right now, and just tweaking my monit configuration so it works for me.


Paweł Hajdan, Jr. a.k.a. phajdan.jr (homepage, stats, bugs)
ffmpeg saves the day (.mts files) (September 10, 2012, 07:17 UTC)

If you need to convert .mts files to .mov (so that e.g. iMovie can import them), I found ffmpeg to be the best tool for the task (I don't want to install and run "free format converters" that are usually Windows-only and come from untrusted sources). This post is inspired by iMovie and MTS blog post.

First I tried just changing the container:

for x in *.MTS; do ffmpeg -i ${x} -c copy ${x/.MTS/.mov}; done


But QuickTime could not play sound from those files because of AC-3 codec. Also, the quality of the video playback was very poor. The other command I tried was:

for x in *.MTS; do ffmpeg -i ${x} -vcodec copy -acodec mp2 -ac 2 ${x/.MTS/.mov}; done

Now QuickTime was able to play the sound, but problems with video remained. iMovie was unable to import the resulting files anyway (silently: I got no error message, just nothing happened when trying to import).

The final command that is proven to work well is this:


for x in *.MTS; do ffmpeg -i ${x} -vcodec mpeg1video -acodec mp2 -ac 2 -sameq ${x/.MTS/.mov}; done

The video has been converted perfectly, and iMovie successfully imported the movies. Note the useful bash substitution of extension, ${x/.MTS/.mov}. Enjoy!




Stuart Longland a.k.a. redhatter (homepage, stats, bugs)
Setting up dead-keys without a desktop environment (September 10, 2012, 04:45 UTC)

Over the years I’ve used many a desktop environment or window manager for my graphical desktop. In the beginning it was FVWM (1.x), a later update brought me AnotherLevel (basically Red Hat’s branded FVWM), I also toyed with OLVWM, WindowMaker, AfterStep, CTWM and a few others.

KDE was one of the few that I’ve used long-term. I loved KDE 1.0 when it was first released. Gnome 1.0 came out, and I soon switched over, but it was only a matter or a month or two and I was back to KDE. Likewise with XFCE, did try it for a little while, but then I returned. Lately, KDE has been getting a bit bloaty for my liking. Thus, I’ve been on the window manager trail, and for now, I’m back with FVWM.

This has worked well, except for one bug bear; I could not get the compose key to work. So I did some digging, and came up with the following:

setxkbmap -option compose:rwin

Add that to your .xinitrc, or you can do what I did, and add it to the FVWM start up scripts:
AddToFunc InitFunction
# Load the X Setup Scripts setting if we use it
+ I Exec [ -f $HOME/.xinitrc-fvwm ] && sh $HOME/.xinitrc-fvwm
+ I Exec exec awsetbg -a -r /home/stuartl/backdrops
+ I Exec exec kmix
+ I Exec exec klipper
+ I Exec exec blueman-manager
+ I Exec exec xscreensaver
+ I Exec exec setxkbmap -option compose:rwin

When you re-start your session, you should find the right logo key (“Windows” key, or in my case “Command” key, yes my machine is that fruity) will deliver the dead-key magic.