Gentoo Logo
Gentoo Logo Side
Gentoo Spaceship

. Aaron W. Swenson
. Agostino Sarubbo
. Alec Warner
. Alex Alexander
. Alex Legler
. Alexey Shvetsov
. Alexis Ballier
. Alistair Bush
. Amadeusz Żołnowski
. Andreas K. Hüttel
. Andreas Proschofsky
. Andrew Gaffney
. Anthony Basile
. Arun Raghavan
. Bernard Cafarelli
. Bjarke Istrup Pedersen
. Brent Baude
. Brian Harring
. Christian Ruppert
. Chí-Thanh Christopher Nguyễn
. Dane Smith
. Daniel Gryniewicz
. David Abbott
. Denis Dupeyron
. Detlev Casanova
. Diego E. Pettenò
. Domen Kožar
. Donnie Berkholz
. Doug Goldstein
. Eray Aslan
. Fabio Erculiani
. Gentoo Haskell Herd
. Gentoo News
. Gilles Dartiguelongue
. Greg KH
. Hanno Böck
. Hans de Graaff
. Ian Whyman
. Ioannis Aslanidis
. Jan Kundrát
. Jeffrey Gardner
. Jeremy Olexa
. Joachim Bartosik
. Joe Peterson
. Johannes Huber
. Jonathan Callen
. Jorge Manuel B. S. Vicetto
. Joseph Jezak
. Josh Saddler
. José Alberto Suárez López
. Kenneth Prugh
. Krzysiek Pawlik
. Lance Albertson
. Liam McLoughlin
. LinuxCrazy Podcasts
. Luca Barbato
. Luis Francisco Araujo
. Marcus Hanwell
. Mark Kowarsky
. Mark Loeser
. Markos Chandras
. Markus Ullmann
. Mart Raudsepp
. Matt Turner
. Matthew Marlowe
. Matthew Thode
. Matthias Geerdsen
. Matti Bickel
. Michal Hrusecky
. Michal Januszewski
. Michał Górny
. Mike Doty
. Mike Gilbert
. Mike Pagano
. Mounir Lamouri
. Mu Qiao
. Nathan Zachary
. Ned Ludd
. Nirbheek Chauhan
. Ole Markus With
. Olivier Crête
. Pacho Ramos
. Patrick Kursawe
. Patrick Lauer
. Patrick McLean
. Paul de Vrieze
. Paweł Hajdan, Jr.
. Petteri Räty
. Piotr Jaroszyński
. Rafael Goncalves Martins
. Raúl Porcel
. Remi Cardona
. Richard Freeman
. Robert Buchholz
. Robin Johnson
. Romain Perier
. Ryan Hill
. Sean Amoss
. Sebastian Pipping
. Serkan Kaba
. Steev Klimaszewski
. Steve Dibb
. Stratos Psomadakis
. Stuart Longland
. Sune Kloppenborg Jeppesen
. Sven Vermeulen
. Sven Wegener
. Theo Chatzimichos
. Thilo Bangert
. Thomas Anderson
. Tim Sammut
. Tiziano Müller
. Tobias Heinlein
. Tobias Klausmann
. Tobias Scherbaum
. Tomáš Chvátal
. Torsten Veller
. Vikraman Choudhury
. Zack Medico
. Zhang Le

Last updated:
November 01, 2012, 23:07 UTC

Views expressed in the content published here do not necessarily represent the views of Gentoo Linux or the Gentoo Foundation.

Bugs? Comments? Suggestions? Contact us!

Powered by:
Planet Venus

Welcome to Gentoo Universe, an aggregation of weblog articles on all topics written by Gentoo developers. For a more refined aggregation of Gentoo-related topics only, you might be interested in Planet Gentoo.

November 01, 2012
Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Slock 1.1 background colour (November 01, 2012, 13:43 UTC)

If you use the slock application, like I do, you may have noticed a subtle change with the latest release (which is version 1.1). That change is that the background colour is now teal-like when you start typing your password in order to disable slock, and get back to using your system. This change came from a dual-colour patch that was added to version 1.1.

I personally don’t like the change, and would rather have my screen simply stay black until the correct password is entered. Is it a huge deal? No, of course not. However, I think of it as just one additional piece of security via obscurity. In any case, I wanted it back to the way that it was pre-1.1. There are a couple ways to accomplish this goal. The first way is to build the package from source. If your distribution doesn’t come with a packaged version of slock, you can do this easily by downloading the slock-1.1 tarball, unpacking it, and modifying accordingly. The file looks like this:

# slock version
VERSION = 1.0-tip

# Customize below to fit your system

# paths
PREFIX = /usr/local

X11INC = /usr/X11R6/include
X11LIB = /usr/X11R6/lib

# includes and libs
INCS = -I. -I/usr/include -I${X11INC}
LIBS = -L/usr/lib -lc -lcrypt -L${X11LIB} -lX11 -lXext

# flags
CFLAGS = -std=c99 -pedantic -Wall -Os ${INCS} ${CPPFLAGS}

# On OpenBSD and Darwin remove -lcrypt from LIBS

# compiler and linker
CC = cc

# Install mode. On BSD systems MODE=2755 and GROUP=auth
# On others MODE=4755 and GROUP=root

With the line applicable to background colour being:


In order to change it back to the pre-1.1 background colour scheme, simply modify -DCOLOR2 to be the same as -DCOLOR1:


but note that you do not need the extra set of escaping backslashes when you are using the colour name instead of hex representation.

If you use Gentoo, though, and you’re already building each package from source, how can you make this change yet still install the package through the system package manager (Portage)? Well, you could try to edit the file, tar it up, and place the modified tarball in the /usr/portage/distfiles/ directory. However, you will quickly find that issuing another emerge slock will result in that file getting overwritten, and you’re back to where you started. Instead, the package maintainer (Jeroen Roovers), was kind enough to add the ‘savedconfig’ USE flag to slock on 29 October 2012. In order to take advantage of this great USE flag, you firstly need to have Portage build slock with the USE flag enabled by putting it in /etc/portage/package.use:

echo "x11-misc/slock savedconfig" >> /etc/portage/package.use

Then, you are free to edit the saved which is located at /etc/portage/savedconfig/x11-misc/slock-1.1. After recompiling with the ‘savedconfig’ USE flag, and the modifications of your choice, slock should now exhibit the behaviour that you anticipated.

Hope that helps!


October 31, 2012
Diego E. Pettenò a.k.a. flameeyes (homepage, stats, bugs)

I guess it’s time for a new post on what’s the status with Gentoo Linux right now. First of all, the tinderbox is munching as I write. Things are going mostly smooth but there are still hiccups due to some developers not accepting its bug reports because of the way logs are linked (as in, not attached).

Like last time that I wrote about it, four months ago, this is targeting GCC 4.7, GLIBC 2.16 (which is coming out of masking next week!) and GnuTLS 3. Unfortunately, there are a few (biggish) problems with this situation, mostly related to the Boost problem I noted back in July.

What happens is this:

  • you can’t use any version of boost older than 1.48 with GCC 4.7 or later;
  • you can’t use any version of boost older than 1.50 with GLIBC 2.16;
  • many packages don’t build properly with boost 1.50 and later;
  • a handful of packages require boost 1.46;
  • boost 1.50-r2 and later (in Gentoo) no longer support eselect boost making most of the packages using boost not build at all.

This kind of screwup is a major setback, especially since Mike (understandably) won’t wait any more to unmask GLIBC 2.16 (he waited a month, the Boost maintainers had all the time to fix their act, which they didn’t — it’s now time somebody with common sense takes over). So the plan right now is for me and Tomáš to pick up the can of worms, and un-slot Boost, quite soon. This is going to solve enough problems that we’ll all be very happy about it, as most of the automated checks for Boost will then work out of the box. It’s also going to reduce the disk space being used by your install, although it might require you to rebuild some C++ packages, I’m sorry about that.

For what concerns GnuTLS, version 3.1.3 is going to hit unstable users at the same time as glibc-2.16, and hopefully the same will be true for stable when that happens. Unfortunately there are still a number of packages not fixed to work with gnutls, so if you see a package you use (with GnuTLS) in the tracker it’s time to jump on fixing it!

Speaking of GnuTLS, we’ve also had a smallish screwup this morning when libtasn1 version 3 also hit the tree unmasked — it wasn’t supposed to happen, and it’s now masked, as only GnuTLS 3 builds fine with it. Since upstream really doesn’t care about GnuTLS 2 at this point, I’m not interested in trying to get that to work nicely, and since I don’t see any urgency in pushing libtasn1 v3 as is, I’ll keep it masked until GNOME 3.6 (as gnome-keyring also does not build with that version, yet).

Markos has correctly noted that the QA team – i.e., me – is not maintaining the DevManual anymore. We made it now a separate project, under QA (but I’d rather say it’s shared under QA and Recruiters at the same time), and the GIT Repository is now writable by any developer. Of course if you play around that without knowing what you’re doing, on master, you’ll be terminated.

There’s also the need to convert the DevManual to something that makes sense. Right now it’s a bunch of files all called text.xml which makes editing a nightmare. I did start working on that two years ago but it’s tedious work and I don’t want to do it on my free time. I’d rather not have to do it while being paid for it really. If somebody feels like they can handle the conversion, I’d actually consider paying somebody to do that job. How much? I’d say around $50. Desirable format is something that doesn’t make a person feel like taking their eyes out when trying to edit it with Emacs (and vim, if you feel generous): my branch used DocBook 5, which I rather fancy, as I’ve used it for Autotools Mythbuster but RST or Sphinx would probably be okay as well, as long as no formatting is lost along the way. Update: Ben points out he already volunteered to convert it to RST, I’ll wait for that before saying anything more.

Also, we’re looking for a new maintainer for ICU (and I’m pressing Davide to take the spot) as things like the bump to 50 should have been handled more carefully. Especially now that it appears that it’s basically breaking a quarter of its dependencies when using GCC 4.7 — both the API and ABI of the library change entirely depending on whether you’re using GCC 4.6 or 4.7, as it’ll leverage C++11 support in the latter. I’m afraid this is just going to be the first of a series of libraries making this kind of changes and we’re all going to suffer through it.

I guess this is all for now.

October 30, 2012
Liam McLoughlin a.k.a. hexxeh (homepage, stats, bugs)
512MB Pi + Adafruit Budget Pack = win (October 30, 2012, 22:00 UTC)

The kind folks over at Element 14 emailed me last week asking if I’d like to review the new Raspberry Pi 512MB edition and the Adafruit Budget Pack. Whilst I already have a rather large collection of Pi, I thought it’d be fun to write a review since it’s not something I’ve really done before.

So, yesterday the kit arrived and I got chance today to unpack it and have a play around. The kit doesn’t come with a Raspberry Pi, you have to buy that separately. Here’s a breakdown of what the kit includes:

  • Pi box (a clear acrylic case for the Pi)
  • Cobbler and GPIO ribbon cable (breakout board to split the GPIO cable out onto a breadboard)
  • Half-size breadboard with a bundle of breadboarding wires
  • 4GB microSD card with SD adaptor
  • 5V/1A USB power supply and cable

Firstly, the Pi box. The clear plastic looks pretty awesome once it’s assembled, and the laser engraved labels are an excellent touch. However I tend to swap my Pis in and out of cases a lot, and assembling the case is kinda fiddly, so I think I’ll be keeping whichever Pi goes in this case in there.

The USB power supply, cable and SD card: there isn’t really a whole lot to say about these, you need them to use your Pi. The power supply is supposedly specced to the hilt and overrated at 5.25V to account for the voltage drop caused by the cable. However, given that it’s got a US two pin plug and I live in the UK (and don’t have the appropriate adaptor handy) I’ve not been able to test this out. That said, if Adafruit have said it’s the case, I’m totally inclined to believe that it’s the bees knees like they say it is. The SD card is a class 4 Dane-Elec, which will work just fine, but probably isn’t the fastest (note: I haven’t benchmarked this, I’m going off my general experience using various cards in the Pi). That said, this is the budget pack, so if you want a fast, expensive card, you’re best buying that separately.

My favourite part of this whole kit is the Cobbler and the GPIO ribbon cable. Very often when I’m developing with the Pi I need to use a serial console for debugging, and plugging in the rather tiny cables that come with my USB serial adaptor into a Pi each time is somewhat of a pain. I must’ve done it a few hundred times now and I still don’t remember which cable goes to which pin. With the Cobbler I can just leave the serial adaptor connected to the breadboard and use the ribbon cable to connect the Pi of my choice: very nice!

Lastly, the 512MB Raspberry Pi itself. Personally, I think this is huge. 512MB of RAM on an ARM board with a fairly bitchin’ GPU for $35? Never before has “shut up and take my money” been so appropriate. As the foundation have said, hardware accelerated X is being worked on, which combined with a 512MB Pi should make for an impressively capable machine for the money in my opinion.

The hardware alone is useless without cool software though, that’s the most amazing part. In the past twelve months the Raspberry Pi has rocketed into mainstream and has amassed a huge community of fans, many of which are developing and showing off new and cool things for the Pi. If you’ve made something cool, I’d love to see it; tweet me a link and if I think it’s awesome I’ll retweet it and share it on.

Want to find more cool projects? Check out the Raspberry Pi and Element 14 forums, which are both very active and have much of this stuff being shared about.


Greg KH a.k.a. gregkh (homepage, stats, bugs)
Help Wanted (October 30, 2012, 19:03 UTC)

I'm looking for someone to help me out with the stable Linux kernel release process. Right now I'm drowning in trees and patches, and could use some one to help me sanity-check the releases I'm doing.

Specifically, I'm looking for someone to help with:

  • test boot the -rc stable kernels to make sure I didn't do anything foolish.
  • dig through the Linux kernel distro trees and send me the git commit ids, or the backported patches, of things they are shipping that are not in the stable and longterm kernel releases.
  • do code review of the patches going into the stable releases.

If you can help out with this, I'd really appreciate it.

Note, this is not a long-term position, only 6 months or so, I figure you'll be tired of it by then and want to move on to something else, which is fine.

In return, you get:

  • your name in the stable releases as someone who has signed-off-by on patches going into it.
  • better knowledge of more kernel subsystems than you ever have in the past, and probably really want.
  • free beverages of your choice at any Linux conference you attend that I am at (given my travel schedule, seems to be just about all of them.)

If anyone is interested in this, here are the 5 steps you need to do to "apply" for the position:

  • email me with the subject line starting with "[Stable tree help]"
  • email me "proof" you are running the latest stable -rc kernel at the moment.
  • send a link to some kernel patches you have done that were accepted into Linus's tree.
  • send a link to any Linux distro kernel tree where they keep their patches.
  • say why you want to do this type of thing, and what amount of time you can spend on it per week.

I'll close the application process in a week, on November 7, 2012, after that I'll contact everyone who applied and do some follow-up questions through email with them. I'll also post something here to say what the response was like.

Diego E. Pettenò a.k.a. flameeyes (homepage, stats, bugs)
Munin, sensors and IPMI (October 30, 2012, 17:47 UTC)

In my previous post about Munin I said that I was still working on making sure that the async support would reach Gentoo in a way that actually worked. Now with version 2.0.7-r5 this is vastly possible, and it’s documented on the Wiki for you all to use.

Unfortunately, while testing it, I found out that one of the boxes I’m monitoring, the office’s firewall, was going crazy if I used the async spooled node, reporting fan speeds way too low (87 RPMs) or way too high (300K), and with similar effects on the temperatures as well. This also seems to have caused the fans to go out of control and run constantly at their 4KRPM instead of their usual 2KRPM. The kernel log showed that there was something going wrong with the i2c access, which is what the sensors program uses.

I started looking into the sensors_ plugin that comes with Munin, which I knew already a bit as I fixed it to match some of my systems before… and the problem is that for each box I was monitoring, it would have to execute sensors six times: twice for each graph (fan speed, temperature, voltages), one for config and one for fetching the data. And since there is no way to tell it to just fetch some of the data instead of all of it, it meant many transactions had to go over the i2c bus, all at the same time (when using munin async, the plugins are fetched in parallel). Understanding that the situation is next to unsolvable with that original code, and having one day “half off” at work, I decided to write a new plugin.

This time, instead of using the sensors program, I decided to just access /sys directly. This is quite faster and allows to pinpoint what data you need to fetch. In particular during the config step, there is no reason to fetch the actual value, which saves many i2c transactions even just there. While at it, I also made it a multigraph plugin, instead of the old wildcard one, so that you only need to call it once, and it’ll prepare, serially, all the available graphs: in addition to those that were supported before, which included power – as it’s exposed by the CPUs on Excelsior – I added a few that I haven’t been able to try but are documented by the hwmon sysfs interface, namely current and humidity.

The new plugin is available on the contrib repository – which I haven’t found a decent way to package yet – as sensors/hwmon and is still written in Perl. It’s definitely faster, has fewer dependencies and it’s definitely more reliable at leas ton my firewall. Unfortunately, there is one feature that is missing: sensors would sometimes report an explicit label for temperature data.. but that’s entirely handled in userland. Since we’re reading the data straight from the kernel, most of those labels are lost. For drivers that do expose those labels, such as coretemp, they are used, though.

Also we lose the ability to ignore the values from the get-go, like I describe before but you can’t always win. You’ll have to ignore the graph data from the master instead. Otherwise you might want to find a way to tell the kernel to not report that data. The same probably is true for the names, although unfortunately…

[temp*_label] Should only be created if the driver has hints about what this temperature channel is being used for, and user-space doesn’t. In all other cases, the label is provided by user-space.

But I wouldn’t be surprised if it was possible to change that a tinsy bit. Also, while it does forfeit some of the labeling that the sensors program do, I was able to make it nicer when anonymous data is present — it wasn’t so rare to have more than one temp1 value as it was the first temperature channel for each of the (multiple) controllers, such as the Super I/O, ACPI Thermal Zone, and video card. My plugin outputs the controller and the channel name, instead of just the channel name.

After I’ve completed and tested my hwmon plugin I moved on to re-rewrite the IPMI plugin. If you remember the saga I first rewrote the original ipmi_ wildcard plugin in freeipmi_, including support for the same wildcards as ipmisensor_, so that instead of using OpenIPMI (and gawk), it would use FreeIPMI (and awk). The reason was that FreeIPMI can cache SDR information automatically, whereas OpenIPMI does have support, but you have to tackle it manually. The new plugin was also designed to work for virtual nodes, akin to the various SNMP plugins, so that I could monitor some of the servers we have in production, where I can’t install Munin, or I can’t install FreeIPMI. I have replaced the original IPMI plugin, which I was never able to get working on any of my servers, with my version on Gentoo for Munin 2.0. I expect Munin 2.1 to come with the FreeIPMI-based plugin by default.

Unfortunately, like for the sensors_ plugin, my plugin was calling the command six times per host — although this allows you to filter for the type of sensors you want to receive data for. And that became even worse when you have to monitor foreign virtual nodes. How do I solve that? I decided to rewrite it to be multigraph as well… but shell script then was difficult to handle, which means that it’s now also written in Perl. The new freeipmi, non-wildcard, virtual node-capable plugin is available in the same repository and directory as hwmon. My network switch thanks me for that.

Of course unfortunately the async node still does not support multiple hosts, that’s something for later on. In the mean time though, it does spare me lots of grief and I’m happy I took the time working on these two plugins.

Arun Raghavan a.k.a. ford_prefect (homepage, stats, bugs)
grsec and PulseAudio (and Gentoo) (October 30, 2012, 08:49 UTC)

This problem seems to bite some of our hardened users a couple of times a year, so thought I’d blog about it. If you are using grsec and PulseAudio, you must not enable CONFIG_GRKERNSEC_SYSFS_RESTRICT in your kernel, else autodetection of your cards will fail.

PulseAudio’s module-udev-detect needs to access /sys to discover what cards are available on the system, and that kernel option disallows this for anyone but root.

October 29, 2012
Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Happy 15th, Noah! (October 29, 2012, 13:40 UTC)

Just wanted to wish you a very happy 15th birthday, Noah! I hope that you have an awesome day, filled with fun and excitement, and surrounded by your friends, family, and loved ones. Those are the best elements of a special day, but maybe, just maybe, you’ll get some cool stuff too! :cool: I also can’t believe that it’s just one more year until you’ll have your license; bet you can’t wait!

Anyway, thinking about you, and hope that everything in your life is going superbly well.

With love,

Arun Raghavan a.k.a. ford_prefect (homepage, stats, bugs)
PulseConf Schedule (October 29, 2012, 12:45 UTC)

David has now published a tentative schedule for the PulseAudio Mini-conference (I’m just going to call it PulseConf — so much easier on the tongue).

For the lazy, these are some of the topics we’ll be covering:

  • Vision and mission — where we are and where we want to be
  • Improving our patch review process
  • Routing infrastructure
  • Improving low latency behaviour
  • Revisiting system- and user-modes
  • Devices with dynamic capabilities
  • Improving surround sound behaviour
  • Separating configuration for hardware adaptation
  • Better drain/underrun reporting behaviour

Phew — and there are more topics that we probably will not have time to deal with!

For those of you who cannot attend, the Linaro Connect folks (who are graciously hosting us) are planning on running Google+ Hangouts for their sessions. Hopefully we should be able to do the same for our proceedings. Watch this space for details!

p.s.: A big thank you to my employer Collabora for sponsoring my travel to the conference.

Jeremy Olexa a.k.a. darkside (homepage, stats, bugs)
Unexpected turn of events in Prague (October 29, 2012, 11:57 UTC)

This adventure of mine is really turning into an adventure..

I’m staying in Prague for another month. I’m working at a hostel as a bartender and getting my own private room and one/two meals per day. I have two consecutive days off per week and I plan on going on overnight trips to other cities in Czech. I’ve basically invalidated the rest of my planning for the next month or two but I’ll figure that out later..

Welcome to my office…
Camera Roll-32

October 28, 2012
Liam McLoughlin a.k.a. hexxeh (homepage, stats, bugs)
Android? Meet Chromium OS (October 28, 2012, 03:42 UTC)

It’s been too long since I’ve cracked out the Jolt and spent the wee hours hacking away on something. So tonight, I picked up a device from my collection and did the inevitable:

Nexus 7 running Chromium OS

More details soon to a tech blog near you. Image release date? Whenever I get around to neatening this up for widespread consumption. Mad props to the Queen for that extra hour tonight, really handy as I’m sure you’ll all agree.

October 27, 2012
Jeremy Olexa a.k.a. darkside (homepage, stats, bugs)
Prague, Czech Republic (October 27, 2012, 10:26 UTC)

I’ve been in Prague since Oct 17, 10 days now. I really like the city and hope to explore more of the country soon besides the capital city. The city’s archetecture is nice because it was virtual untouched during WW2. The culture is somewhat interesting because it was communist until 1989. Now the city is preserving what was left to decay during that era.

Prague - Oct 2012-33

The food is good, the beer is good, and the city is cheap to live in. Being a continental country, the weather is marginal but that just reminds me of home anyway.

Prague pics

Diego E. Pettenò a.k.a. flameeyes (homepage, stats, bugs)
My Time in the USA: About Tipping (October 27, 2012, 06:22 UTC)

I’m afraid I don’t have a suitable photo for this post!

Coming from Italy to the US for the first time, it’s important to note a few very different customs. One of these is the already noted bigger portions, that can cause you to overeat if you don’t remember to ask for a box when you’re stuffed. Another big one is tipping. While it’s not unheard of in Italy as well, tipping is not as regular, or regulated, as here. For what I know, tips (mancie) are not declared at all, even if they are supposed to, since they are only possible on cash transaction, as there are no lines in the receipts where you can add tips. Even though Wikipedia says that this requires a citation (maybe I should just take a picture of my next receipt when I go back to Italy).

The reason for this is that the service, i.e., the wage for the waiting staff, is usually included on the bill (usually, explicitly — some rare times it’s included in the price of the food itself, but that’s been rare until a few hours ago). The same is true, as far as I know, in England for the most part, while in France it seems like they are happy to get some.

Anyway, I have to say that up to now, my experience with tipping staff is actually quite positive. It’s not like it changes much of how I go around — even in Italy I tend to always go to the same place, but I guess it helps the fact that I tip well enough that the waitresses remember me, and they almost never bring me the menu nowadays, unless I ask for it (they know already what I’m getting).

A quick check of my past receipts shows that my average tipping is around 22%, with the exception being the breakfasts I get in the morning, which is well over that (but simply because it would be less than eight dollars), at around 50%. This actually paid off, since I didn’t have to know about the local diner’s “Breakfast Club” — the waiter brought me the card after seeing me one morning after the other, already stamped twice; and the one time I forgot my card at the office, he stamped it twice the next visit. Also, once I actually used the fidelity card, which got me free pancakes, they poured in the coffee with it (which is not supposed to be included).

I guess that for most of the waiting staff, having to survive on tips is far from easy. On the other hand, it feels like the waiting staff here is more caring about the single customer’s experience (since their living depends on it) rather than the frenetic “serve as many customers as possible in the shortest time as possible” that most of the Italian restaurants (as in, in Italy) focus on. Even in places I like, and where I know the owner since forever, don’t have the same friendly service.

Googling around, it seems like there is a lot of angst and grief around the concept of tipping – I was looking around to see how much to tip a cap driver since today I went to Santa Monica to see The Oatmeal – and I can from one point understand why, on the other hand it’s also an easy to use them as a way to make sure that you’re offered a decent service. Like the cab driver who brought me back, and who insisted for me to get cash on the ATMs, which meant I had to walk three blocks over, and pay another $3 in fees, and got less than 10% tip (if he accepted the credit card, he would have gotten 20% — yes that means waiting and paying the extra fee, but it’s still more than he got).

I guess one of the reasons why I’m not having much problem, as a customer, with tipping, is that Free Software works the same way. We’re for the most part not paid, or paid (as related to opensource) a minimum wage, and all we do is compensated for the most part in tips … which are actually rarely enough to cover our side of the expenses — I can actually write quite a bit on the subject as recently I found out how much it costed me, in power alone, to run Yamato and the tinderbox at my house.

So in all of this, I can actually say that it’s one of the things that I have really no problem whatsoever with, during my stay here.

October 26, 2012
Sean Amoss a.k.a. ackle (homepage, stats, bugs)
Happy Halloween, Gentoo! (October 26, 2012, 16:32 UTC)

Theo Chatzimichos a.k.a. tampakrap (homepage, stats, bugs)
moving services around (October 26, 2012, 15:53 UTC)

A few days ago the box that was hosting our low-risk webapps died ( The services that were affected are and We quickly migrated the services to another box ( Brambling had issues in the past with its RAM, but we changed them with new ones a couple of months ago. Additionally, this machine was used for testing only. Unfortunately the machine started to malfunction as soon as those services were transferred there, which means that it has more hardware issues than the RAM. The resulting error messages stopped when we disabled temporarily. The truth is that this packages webapp is old, unmaintained, uses deprecated interfaces and real pain to debug. In this year’s GSoC we had a really nice replacement by Slava Bacherikov written in django. Additionally, recently we were given a Ganeti cluster hosted at OSUOSL. Thus we decided not to put up again the old instance, and instead create 4 virtual machines in our Ganeti cluster, and migrate the above webapps there, along with the new and shiny website. Furthermore, we will also deploy another GSoC webapp, gentoostats, and start providing our developers with virtual machines. We will not give public IPv4 IPs to the dev VMs though, but probably use IPv6 only so that developers can access them through woodpecker (the box where the developers have their shell accounts), but it is still under discussion. We already started working on the above, and we expect next week to be fully finished with the new webapps live and rocking. Special thanks to Christian and Alec who took care of the migrations before and during the Gentoo Miniconf.

October 25, 2012
Markos Chandras a.k.a. hwoarang (homepage, stats, bugs)
Gentoo Recruitment: How do we perform? (October 25, 2012, 18:53 UTC)

A couple of days ago, Tomas and I, gave a presentation at the Gentoo Miniconf. The subject of the presentation was to give an overview of the current recruitment process, how are we performing compared to the previous years and what other ways there are for users to help us improve our beloved distribution. In this blog post I am gonna get into some details that I did not have the time to address during the presentation regarding our recruitment process.


Recruitment Statistics

Recruitment Statistics from 2008 to 2012

Looking at the previous graph, two things are obvious. First of all, every year the number of people who wanted to become developers is constantly decreased. Second, we have a significant number of people who did not manage to become developers. Let me express my personal thoughts on these two things.

For the first one, my opinion is that these numbers are directly related to the Gentoo’s reputation and its “infiltration” to power users. It is not a secret that Gentoo is not as popular as it used to be. Some people think this is because of the quality of our packages, or because of the frequency we cause headaches to our users. Other people think that the “I want to compile every bit of my linux box” trend belongs to the past and people want to spend less time maintaining/updating their boxes and more time doing some actual work nowadays. Either way, for the past few years we are loosing people, or to state it better, we are not “hiring” as many as we used to. Ignoring those who did not manage to become developers, we must admit that the absolute numbers are not in our favor. One may say that, 16 developers for 2011-2012 is not bad at all, but we aim for the best right? What bothers me the most is not the number of the people we recruit, but that this number is constantly falling for the last 5 years…

As for the second observation, we see that, every year, around 4-5 people give up and decide to not become developers after all. Why is that? The answer is obvious. Our long, painful, exhausting recruitment process drives people away. From my experience, it takes about 2 months from the time your mentor opens your bug, until a recruiter picks you up. This obviously kills someone’s motivation, makes him lose interest, get busy with other stuff and he eventually disappears. We tried to improve this process by creating a webapp two years ago, but it did not work out well. So we are now back to square one. We really can’t afford loosing developers because of our recruitment process. It is embarrassing to say at least.

Again, is there anything that can be done? Definitely yes. I’d say, we need an improved or a brand new web application that will focus on two things:

1) make the review process between mentor <-> recruit easier

2) make the final review process between recruit <-> recruiter an enjoyable learning process

Ideas are always welcomed. Volunteers and practical solutions even more ;) In the meantime, I am considering using Google+ hangouts for the face-to-face interview sessions with the upcoming recruits. This should bring some fresh air to this process ;)

The entire presentation can be found here

Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Lorell 86200 mesh-back office chair (October 25, 2012, 17:23 UTC)

When I moved back to Saint Louis with my current job, and started working from home, it became readily apparent that I would need a decent office chair (sitting on one of my chairs from the less-than-great dining room table would certainly not be ideal). After looking at a bunch of different options, and realising that I’m not going to spend $1000+ USD on a Herman Miller Aeron, I found some great choices on Amazon.

I finally settled on the 86200 model Executive Mesh-back chair from Lorell:

Lorell 86200 Executive Mesh-back chair

For the price, the chair is actually incredibly well-built. Is it an Aeron? No, of course not, but it also doesn’t carry nearly the same price tag with it. That being said, it also doesn’t feel like a cheaply-made knock-off. The only part of the build quality that is somewhat questionable is the armrest construction. They have plastic shields and are rubber-stamped on the top, but they do serve their purpose nicely. I would like a little further adjustment capabilities on them, but they are what they are. The only other qualm that I have is that the chair makes a bit of noise when moving around, or leaning back. I believe that these sounds are related to the two adjustable nuts near the chair’s base, but I haven’t thoroughly tested that idea.

Assembly of the chair was incredibly easy and straightforward. I did find it a lot easier to do with the help of one other person (for holding the back of the chair in place whilst attaching it to the base, et cetera). If you don’t have help, though, it would be easy enough to do by one’s self. There was one piece of plastic that served no useful purpose, but only an aesthetic element. I chose to not screw that piece into backing of the chair (maybe that’s the engineer in me).

More important than the build quality and the ease of assembly, the seat is very comfortable, even for the 8-10 hours per day that I am in it. I don’t find that I struggle to stay comfortable during that time. Also, the lumbar support and backing are both stronger than other chairs that I have used in the past. Given that I have had trouble with my middle back in the past, I’m pleasantly surprised that I don’t experience any discomfort in that area throughout the day.

So, if you are in the market for a good office chair, but don’t want to spend a huge amount of money, I recommend that you at least look into the Lorell 86200. It is nicely built, easy to assemble, and I find it to be one of the most comfortable chairs in the price range.


October 24, 2012
Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Addie’s Thai House – Saint Louis, MO (October 24, 2012, 18:45 UTC)

Several weeks ago, a good friend and I went to Addie’s Thai House in Saint Louis, MO. Though it is a bit far from where we live, and when travelling that distance, we would usually head north to Thai Kitchen, we decided to try a new place (and they had a special at the time). Upon entering the restaurant, I immediately noticed that it was a little more posh than most of the Thai restaurants in the area. The décor and seating arrangements both lent themselves to a higher-scale dining experience.

We started off with an appetiser, and seeing as we wanted to try one that was unique to their menu, we opted for the sweet potatoes. They were cut in a thick string style, deep-fried, and came out with coconut flakes and a sweet and sour dipping sauce. To me, the coconut taste was so subtle that one really had to try to notice it. I found that to be disappointing, because otherwise, they ended up just tasting a lot like regular sweet potato chips.

For dinner, I had the green curry with fresh tofu. It was pleasant, but lacked a lot of the heat that I’m used to with green curry. Also, I found that there were not many vegetables (or much tofu, for that matter) in the pot, but rather that it was primarily sauce. That being said, one of my favourite things to do with curry is to soak some rice in the remainder of the sauce. As such, I did enjoy that aspect of the dish.

She had Praram Long Song, which is a common Siamese dish that generally comes with carrots, spinach, and your choice of protein with a peanut sauce atop it. The peanut sauce wasn’t all that great (especially compared to Thai Kitchen, which has some of the best I’ve ever eaten), and overall, the dish was rather bland.

Though Addie’s Thai House appeared to be a more upscale restaurant in terms of atmosphere, the quality of the food was fairly disappointing. Given that, I would much rather go to one of the restaurants in the area that focuses more on the preparation of the food, especially seeing as Addie’s was a bit more expensive as well. For those reasons, I can’t recommend Addie’s over other nearby Thai places.


Diego E. Pettenò a.k.a. flameeyes (homepage, stats, bugs)
Munin, sensors and IPMI (October 24, 2012, 15:06 UTC)

In my previous post about Munin I said that I was still working on making sure that the async support would reach Gentoo in a way that actually worked. Now with version 2.0.7-r5 this is vastly possible, and it’s documented on the Wiki for you all to use.

Unfortunately, while testing it, I found out that one of the boxes I’m monitoring, the office’s firewall, was going crazy if I used the async spooled node, reporting fan speeds way too low (87 RPMs) or way too high (300K), and with similar effects on the temperatures as well. This also seems to have caused the fans to go out of control and run constantly at their 4KRPM instead of their usual 2KRPM. The kernel log showed that there was something going wrong with the i2c access, which is what the sensors program uses.

I started looking into the sensors_ plugin that comes with Munin, which I knew already a bit as I fixed it to match some of my systems before… and the problem is that for each box I was monitoring, it would have to execute sensors six times: twice for each graph (fan speed, temperature, voltages), one for config and one for fetching the data. And since there is no way to tell it to just fetch some of the data instead of all of it, it meant many transactions had to go over the i2c bus, all at the same time (when using munin async, the plugins are fetched in parallel). Understanding that the situation is next to unsolvable with that original code, and having one day “half off” at work, I decided to write a new plugin.

This time, instead of using the sensors program, I decided to just access /sys directly. This is quite faster and allows to pinpoint what data you need to fetch. In particular during the config step, there is no reason to fetch the actual value, which saves many i2c transactions even just there. While at it, I also made it a multigraph plugin, instead of the old wildcard one, so that you only need to call it once, and it’ll prepare, serially, all the available graphs: in addition to those that were supported before, which included power – as it’s exposed by the CPUs on Excelsior – I added a few that I haven’t been able to try but are documented by the hwmon sysfs interface, namely current and humidity.

The new plugin is available on the contrib repository – which I haven’t found a decent way to package yet – as sensors/hwmon and is still written in Perl. It’s definitely faster, has fewer dependencies and it’s definitely more reliable at leas ton my firewall. Unfortunately, there is one feature that is missing: sensors would sometimes report an explicit label for temperature data.. but that’s entirely handled in userland. Since we’re reading the data straight from the kernel, most of those labels are lost. For drivers that do expose those labels, such as coretemp, they are used, though.

Also we lose the ability to ignore the values from the get-go, like I describe before but you can’t always win. You’ll have to ignore the graph data from the master instead. Otherwise you might want to find a way to tell the kernel to not report that data. The same probably is true for the names, although unfortunately…

[temp*_label] Should only be created if the driver has hints about what this temperature channel is being used for, and user-space doesn’t. In all other cases, the label is provided by user-space.

But I wouldn’t be surprised if it was possible to change that a tinsy bit. Also, while it does forfeit some of the labeling that the sensors program do, I was able to make it nicer when anonymous data is present — it wasn’t so rare to have more than one temp1 value as it was the first temperature channel for each of the (multiple) controllers, such as the Super I/O, ACPI Thermal Zone, and video card. My plugin outputs the controller and the channel name, instead of just the channel name.

After I’ve completed and tested my hwmon plugin I moved on to re-rewrite the IPMI plugin. If you remember the saga I first rewrote the original ipmi_ wildcard plugin in freeipmi_, including support for the same wildcards as ipmisensor_, so that instead of using OpenIPMI (and gawk), it would use FreeIPMI (and awk). The reason was that FreeIPMI can cache SDR information automatically, whereas OpenIPMI does have support, but you have to tackle it manually. The new plugin was also designed to work for virtual nodes, akin to the various SNMP plugins, so that I could monitor some of the servers we have in production, where I can’t install Munin, or I can’t install FreeIPMI. I have replaced the original IPMI plugin, which I was never able to get working on any of my servers, with my version on Gentoo for Munin 2.0. I expect Munin 2.1 to come with the FreeIPMI-based plugin by default.

Unfortunately, like for the sensors_ plugin, my plugin was calling the command six times per host — although this allows you to filter for the type of sensors you want to receive data for. And that became even worse when you have to monitor foreign virtual nodes. How do I solve that? I decided to rewrite it to be multigraph as well… but shell script then was difficult to handle, which means that it’s now also written in Perl. The new freeipmi, non-wildcard, virtual node-capable plugin is available in the same repository and directory as hwmon. My network switch thanks me for that.

Of course unfortunately the async node still does not support multiple hosts, that’s something for later on. In the mean time though, it does spare me lots of grief and I’m happy I took the time working on these two plugins.

Jeremy Olexa a.k.a. darkside (homepage, stats, bugs)
Gentoo Miniconf 2012 (October 24, 2012, 11:07 UTC)

The Gentoo Miniconf is over now but it was a great success. There was 30+ developers that went and I met quite some users too. Thanks to Theo (tampakrap) and Michal (miska) for organizing the event (and others), thanks to openSUSE for sponsoring and letting the Gentoo Linux guys hangout there. Thanks to the other sponsors too, Google, Aeroaccess, et al.

More pics at the Google+ event page.

It was excellent to meet all of you.

October 23, 2012
Jeremy Olexa a.k.a. darkside (homepage, stats, bugs)
Dordrecht, Kinderdijk, Delft (October 23, 2012, 22:52 UTC)

I went to Dordrecht for just a short time, a very small town. We made a mistake on the waterbus that led us to walking around the town for a few hours until we could get to the intended goal of Kinderdijk. Kinderdijk is the home of the famous windmills that Holland is known for. The windmills are preserved and still working but not used since the invention of the electric pump. We had to go see the windmills and get the picture…

Rotterdam 10/2012-189

Then I went to Delft for one night and just relaxed at the hostel for the night and bummed around inside while it was raining. Delft is home of the famous hand painted blue and white china – “delftware”. I did manage to stroll around the town briefly (not much to see by foot though). Delft has all the canals and architecture that Amsterdam has but very small and different culture.

Dordrecht pics
Kinderdijk pics
Delft pics

Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Ronald Jenkees – Disorganized Fun review (October 23, 2012, 16:15 UTC)

Earlier this month, I reviewed the self-titled first album by Ronald Jenkees. Now that I’ve listened to his second full-length studio album, Disorganized Fun, several times, I can share my thoughts on it.

Ronald Jenkees - Disorganized Fun album cover

1. Disorganized Fun9 / 10
Coming in full-force with his mix of disjointed synth elements and smooth beats, this first track lives up nicely to its title. Jenkees played around a lot with pitch bending, and it worked really well with his choices of sounds. In the middle of the track, there’s a great bridge followed by a keyboard solo. Not only does the style live up to the title of the track, but it serves as a great start to his second full-length album.

2. Fifteen Fifty8 / 10
Unlike the previous song, this one is a bit more fluid. As such, however, it doesn’t have as much of a stylistic edge, and I found it to drag a bit in spots. There is a neat bass line that comes in around 1’15″ or so, but unfortunately, it doesn’t carry through the rest of the tune. Whilst not a bad song at all, it just doesn’t have the energy of its predecessor (even with the wild solo at the very end).

3. Guitar Sound10 / 10
It’s really impressive to me that Jenkees is able to emulate an 80s-style guitar sound as well as he does. The opening portion of this track sounds a lot like some of Eric Johnson’s work, especially in the vein of Cliffs of Dover. There are some great hard-hitting riffs in there that, when coupled with the up-tempo beats and breakdown/variety of the bridge, make for a fantastic track all around! Even at just over 7 minutes, the song doesn’t drag at all.

4. Synth One6 / 10
This song has a little stronger emphasis on the drums and beats than the previous tracks, and as such, they stand out more prominently than do some of the synth parts. There are a lot of sound effects in this track that have an old NES feel to them, which is a bit nostalgic. However, I don’t really find this to be one of the stronger songs on the album.

5. Throwing Fire8 / 10
I stand corrected about the throwback to old Nintendo games, as this song starts out in a way that almost makes me feel like I just put in the cartridge and fired up Blaster Master. Unlike the former track, however, Throwing Fire has a really upbeat and lively feel to it. There are a couple parts around the 2-minute mark, though, where it seems like Jenkees stumbles a bit on the notes, but they add a nice human element.

6. Minimal MC8 / 10
On this track, Jenkees plays a lot with throwing sounds back and forth between the left and right stereo channels, which makes for a very cool effect whilst listening on headphones. Significantly more subdued, and containing a lot fewer effects than some of the previous tracks, Minimal MC adheres to its name. After the halfway mark, there are some great dramatic elements and a little bit of an Asian influence.

7. Stay Crunchy10 / 10
Stay Crunchy was actually the song that prompted me to buy both of his albums after I originally heard it on Pandora. I think that it is an incredible mix of funky beats and rhythm, great synth work, and some techno/club elements. This is my clear favourite on the album (though that could be related to the Serial Position Preference Effect)!

8. Inverted Mean8 / 10
With the intro of this track, I expected someone like Jay-Z to come in with some dramatic near-spoken-word lyrics; it just presents a very theatrical sound right from the start. This song also has a stronger hip-hop feel than many of the others, but it is a nice way to increase the dynamic nature of the album. My favourite part of the piece come in around the 3’15″ mark with this great piano solo which fades out nicely.

9. Outer Space8 / 10
A lot stronger emphasis on synth sounds and chaotic melody than the previous track, Outer Space combines techno and dance beats with sci-fi effects. Again, tracks like these really highlight the versatility of his musical vision. Though it isn’t the most appealing track to my ears, this track showcases technical aptitude within the genre.

10. Let’s Ride (rap)6 / 10
As with the raps on his previous album, this one is fairly entertaining, regardless of whether or not the technical expertise is as high as his non-rap tracks. The reference to passing the DQ is fairly funny as well.

11. It’s Gettin Rowdy (rap)6 / 10
For some reason, this rap makes me think of Regulate by Warren G, but with a little bit of a silly element to it. Ahhh, the delusions of grandeur…

That makes for a total of 87 / 110 or ~79%. That comes out to a very strong 8 stars:

Filled starFilled starFilled starFilled starFilled starFilled starFilled starFilled starUnfilled starUnfilled star


Launching Gentoo VMs on (October 23, 2012, 13:50 UTC)

Long time, no post.

For about a year now, I’ve been working at GRNET on its (OpenStack API compliant) open source IaaS cloud platform Synnefo, which powers the ~okeanos service.

Since ~okeanos is mainly aimed towards the Greek academic community (and thus has restrictions on who can use the service), we set up a ‘playground’ ‘bleeding-edge’ installation ( of Synnefo, where anyone can get a free trial account, experiment with the the Web UI, and have fun scripting with the kamaki API client. So, you get to try the latest features of Synnefo, while we get valuable feedback. Sounds like a fair deal. :)

Unfortunately, being the only one in our team that actually uses Gentoo Linux, up until recently Gentoo VMs were not available. So, a couple of days ago I decided it was about time to get a serious distro running on ~okeanos (the load of our servers had been ridiculously low after all :P ). For future reference, and in case anyone wants to upload their own image on or ~okeanos, I’ll briefly describe the steps I followed.

1) Launch a Debian-base (who needs a GUI?) VM on

Everything from here on is done inside our Debian-base VM.

2) Use fallocate or dd seek= to create an (empty) file large enough to hold our image (5GB)

fallocate -l $((5 * 1024 * 1024 *1024) gentoo.img

3) Losetup the image, partition and mount it

losetup -f gentoo.img
parted mklabel msdos /dev/loop0
parted mkpart primary ext4 2048s 5G /dev/loop0
kpartx -a /dev/loop0
mkfs.ext4 /dev/mapper/loop0p1
losetup /dev/loop1 /dev/mapper/loop0p1 (trick needed for grub2 installation later on)
mount /dev/loop1 /mnt/gentoo -t ext4 -o noatime,nodiratime

4) Chroot and install Gentoo in /mnt/gentoo. Just follow the handbook. At a minimum you’ll need to extract the base system and portage, and set up some basic configs, like networking. It’s up to you how much you want to customize the image. For the Linux Kernel, I just copied directly the Debian /boot/[vmlinuz|initrd|] and /lib/modules/ of the VM (and it worked! :) ).

5) Install sys-boot/grub-2.00 (I had some *minor* issues with grub-0.97 :P ).

6) Install grub2 in /dev/loop0 (this should help). Make sure your inside the Gentoo chroot looks like this:

(hd0) /dev/loop0
(hd1) /dev/loop1

and make sure you have a sane grub.cfg (I’d suggest replacing all references to UUIDs in grub.cfg and /etc/fstab to /dev/vda[1]).
Now, outside the chroot, run:

grub-install --root-directory=/mnt --grub-mkdevicemap=/mnt/boot/grub/ /dev/loop0

Cleanup everything (umount, losetup -d, kpartx -d etc), and we’re ready to upload the image, with snf-image-creator.

snf-image-creator takes a diskdump as input, launches a helper VM, cleans up the diskdump / image (cleanup of sensitive data etc), and optionally uploads and registers our image with ~okeanos.

For more information on how snf-image-creator and Synnefo image registry works, visit the relevant docs [1][2][3].

0) Since snf-image-creator will use qemu/kvm to spawn a helper VM, and we’re inside a VM, let’s make sure that nested virtualization (OSDI ’10 Best Paper award btw :) ) works.

First, we need to make sure that kvm_[amd|intel] is modprobe’d on the host machine / hypervisor with the nested = 1 parameter, and that the vcpu, that qemu/kvm creates, thinks that it has ‘virtual’ virtualization extensions (that’s actually our responsibility, and it’s enabled on the servers).

Inside our Debian VM, let’s verify that everything is ok.

grep [vmx | svm] /proc/cpuinfo
modprobe -v kvm kvm_intel

1) Clone snf-image-creator repo

git clone

2) Install snf-image-creator using setuptools (./ install) and optionally virtualenv. You’ll need to install (pip install / aptitude install etc) setuptools, (python-)libguestfs and python-dialog manually. setuptools will take care of the rest of the deps.

3) Use snf-image-creator to prepare and upload / register the image:

snf-image-creator -u gentoo.diskdump -r "Gentoo Linux" -a [ username] -t [ user token] gentoo.img -o gentoo.img --force

If everything goes as planned, after snf-image-creator terminates, you should be able to see your newly uploaded image in, inside the Images container. You should also be able to choose your image to create a new VM (either via the Web UI, or using the kamaki client).

And, let’s install kamaki to spawn some Gentoo VMs:

git clone

and install it using setuptools (just like snf-image-creator). Alternatively, you could use our Debian repo (you can find the GPG key here).

Modify .kamakirc to match your credentials:

enable = on
url =
cyclades_extensions = on
enable = on
url =
colors = on
token = [token]
enable = on
url =
account = [username]
container = pithos
enable = on
pithos_extensions = on
url =

Now, let’s create our first Gentoo VM:

kamaki server create LarryTheCow 37 `kamaki image list | grep Gentoo | cut -f -d ' '` --personality /root/.ssh/authorized_keys

That’s all for now. Hopefully, I’ll return soon with another more detailed post on scripting with kamaki (vkoukis has a nice script using kamaki python lib to create from scratch a small MPI cluster on ~okeanos :) ).


October 22, 2012
Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Ernesto’s Wine Bar, Saint Louis, MO (October 22, 2012, 16:21 UTC)

Several months back, there was a Groupon for a restaurant named Ernesto’s Wine Bar in Saint Louis, MO. This restaurant and bar is located in the Benton Park neighbourhood, which is just off of the 55 motorway near the Anheuser-Busch brewery.

Though their food menu isn’t very extensive–consisting of primarily some appetisers, flatbreads, salads, and a couple larger plates–the food was fairly tasty for the price. We started with the House Chips (which were actually crisps, not chips), and they were quite nice. They were cut from Russet potatoes, and were lightly coated in truffle oil and Parmigiano-Reggiano. As I’m highly allergic to cheese, I had to be careful, but it wasn’t all that big of a deal to avoid the cheese. For dinner, I had grilled chicken and vegetable linguine, which was nice. The sauce was a bit thick for my liking, but it was easy enough to simply use less of it. She had the fancied-up grilled cheese, which was apparently quite good (for obvious reasons, I couldn’t try it). For our wine offering, we went with a 2010 Pinot Grigio from Lagaria. Though overpriced for the vintage, it nicely complemented our entrées.

The best part, in my opinion, was neither the food nor the wine, though. Instead, the atmosphere is what made the evening fantastic. It was a lightly cool night, and we were sitting out on the back patio near the fireplace. The heat from the fire was just enough to take the chill out of the air, but not so hot as to be uncomfortable. The service was a bit slow, but that was to be expected on a Friday evening, and sitting out enjoying the light breeze made time pass quickly.

Overall, Ernesto’s is a nice change of pace from the typical dinner, but the cost seems to be out of alignment with the quality of the food and drink. That being said, it isn’t so outrageously off-balanced as to be off-putting. I would like to go back another time to try some of the flatbreads and another bottle (but this time, of a rustic red).


Jeremy Olexa a.k.a. darkside (homepage, stats, bugs)
Rotterdam Thoughts (October 22, 2012, 15:51 UTC)

After spending a few days in Amsterdam, it was very refreshing to goto Rotterdam. Rotterdam, a 1h20m train ride away from Amsterdam, was interesting to me because it is essentially a new town by Europe standards. There are many, many new buildings in Rotterdam since it was bombed and essentially destroyed during WW2, however, being the largest port in Europe (formally the largest in the world) it has been rebuilt pretty fast. I stayed in Rotterdam for 4 days and 3 nights, I could have stayed for more days and felt entertained too. It was still an expensive city but marginally less expensive than Amsterdam. There were many English speakers there but also some less than Amsterdam.

You can view my Rotterdam pictures online. Take note of the different buildings.

Diego E. Pettenò a.k.a. flameeyes (homepage, stats, bugs)
May I have a network connection, please? (October 22, 2012, 15:31 UTC)

If you’re running ~arch, you probably noticed by now that the latest OpenRC release no longer allows services to “need net” in their init scripts. This change has caused quite a bit of grief because some services no longer started after a reboot, or no longer start after a restart, including Apache. Edit: this only happens if you have corner case configurations such as an LXC guest. As William points out, the real change is simply that net.lo no longer provides the net virtual, but the other network interfaces do.

While it’s impossible to say that this is not annoying as hell, it could be much worse. Among other reasons, because it’s really trivial to work it around until the init scripts themselves are properly fixed. How? You just need to append to /etc/conf.d/$SERVICENAME the line rc_need="!net" — if the configuration file does not exist, simply create it.

Interestingly enough, knowing this workaround also allows you to do something even more useful, that is making sure that services requiring a given interface being up depend on that interface. Okay it’s a bit complex, let me backtrack a little.

Most of the server daemons that you have out there don’t really care of how many, which, and what name your interfaces are. They open either to the “catch-all” address ( or :: depending on the version of the IP protocol — the latter can also be used as a catch-both IPv4 and IPv6, but that’s a different story altogether), to a particular IP address, or they can bind to the particular interface but that’s quite rare, and usually only has to do with the actual physical address, such as RADVD or DHCP.

Now to bind to a particular IP address, you really need to have the address assigned to the local computer or the binding will fail. So in these cases you have to stagger the service start until the network interface with that address is started. Unfortunately, it’s extremely hard to do so automatically: you’d have to parse the configuration file of the service (which is sometimes easy and most of the times not), and then you’d have to figure out which interface will come up with that address … which is not really possible for networks that get their addresses automatically.

So how do you solve this conundrum? There are two ways and both involve manual configuration, but so do defined-address listening sockets for daemons.

The first option is to keep the daemon listening on the catch-all addresses, then use iptables to set up filtering per-interface or per-address. This is quite easy to deal with, and quite safe as well. It also has the nice side effect that you only have one place to handle all the IP address specifications. If you ever had to restructure a network because the sysadmin before you used the wrong subnet mask, you know how big a difference that makes. I’ve found before that some people think that iptables also needs the interfaces to be up to work. This is not the case, fortunately, it’ll accept any interface names as long as they could possibly be valid, and then will only match them when the interface is actually coming up (that’s why it’s usually a better idea to whitelist rather than blacklist there).

The other option requires changing the configuration on the OpenRC side. As I shown above you can easily manipulate the dependencies of the init scripts without having to change those scripts at all. So if you’re running a DHCP server on the lan served by the interface named lan0 (named this way because a certain udev no longer allows you to swap the interface names with the permanent rules that were first introduced by it), and you want to make sure that one network interface is up before dhcp, you can simply add rc_need="net.lan0" to your /etc/conf.d/dhcpd. This way you can actually make sure that the services’ dependencies match what you expect — I use this to make sure that if I restart things like mysql, php-fpm is also restarted.

So after I gave you two ways to work around the current not-really-working-well status, but why did I not complain about the current situation? Well, the reason for which so many init scripts have that “need net” line is simply cargo-culting. And the big problem is that there is no real good definition of what “net” is supposed to be. I’ve seen used (and used it myself!) for at least the following notions:

  • there are enough modules loaded that you can open sockets; this is not really a situation that I’d like to find myself to have to work around; while it’s possible to build both ipv4 and ipv6 as modules, I doubt that most things would work at all that way;
  • there is at least one network interface present on the system; this usually is better achieved by making sure that net.lo is started instead; especially since in most cases for situations like this what you’re looking for is really whether is usable;
  • there is an external interface connected; okay sure, so what are you doing with that interface? because I can assure you that you’ll find eth0 up … but no cable is connected, what about it now?
  • there is Internet connectivity available; this would make sense if it wasn’t for the not-insignificant detail that you can’t really know that from the init system; this would be like having a “need userpresence” that makes sure that the init script is started only after the webcam is turned on and the user face is identified.

While some of these particular notions have use cases, the fact that there is no clear identification of what that “need net” is supposed to be makes it extremely unreliable, and at this point, especially considering all the various options (oldnet, newnet, NetworkManager, connman, flimflam, LXC, vserver, …) it’s definitely a better idea to get rid of it and not consider it anymore. Unfortunately, this is leading us into a relative world of pain, but sometimes you have to get through it.

October 21, 2012
Diego E. Pettenò a.k.a. flameeyes (homepage, stats, bugs)
Asynchronous Munin (October 21, 2012, 17:52 UTC)

If you’re a Munin user in Gentoo and you look at ChangeLogs you probably noticed that yesterday I did commit quite a few changes to the latest ~arch ebuild of it. The main topic for these changes was async support, which unfortunately I think is still not ready yet, but let’s take a step back. Munin 2.0 brought one feature that was clamored for, and one that was simply extremely interesting: the former is the native SSH transport, the others is what is called “Asynchronous Nodes”.

On a classic node whenever you’re running the update, you actually have to connect to each monitored node (real or virtual), get the list of plugins, get the config of each plugin (which is not cached by the node), and then get the data for said plugin. For things that are easy to get because they only require you to get data out of a file, this is okay, but when you have to actually contact services that take time to respond, it’s a huge pain in the neck. This gets even worse when SNMP is involved, because then you have to actually make multiple requests (for multiple values) both to get the configuration, and to get the values.

To the mix you have to add that the default timeout on the node, for various reason, is 10 seconds which, as I wrote before makes it impossible to use the original IPMI plugin for most of the servers available out there (my plugin instead seem to work just fine, thanks to FreeIPMI). You can increase the timeout, even though this is not really documented to begin with (unfortunately like most of the things about Munin) but that does not help in many cases.

So here’s how the Asynchronous node should solve this issue: on a standard node, the requests to the single node are serialized so you’re actually waiting for each to complete before the next one is fetched, as I said, and since this can make the connection to the node take, all in all, a few minutes, and if the connection is severed then, you lose your data. The Asynchronous node, instead, has a different service polling the actual node on the same host, and saves the data in its spool file. The master in this case connects via SSH (it could theoretically work using xinetd but neither me nor Steve care about that), launches the asynchronous client, and then requests all the data that was fetched since the last request.

This has two side-effects: the first is that your foreign network connection is much faster (there is no waiting for the plugins to config and fetch the data), which in turn means that the overall munin-update transaction is faster, but also, if for whatever reason the connection fails at one point (a VPN connection crashes, a network cable is unplugged, …), the spooled data will cover the time that the network was unreachable as well, removing the “holes” in the monitoring that I’ve been seeing way too often lately. The second side effect is that you can actually spool data every five minutes, but only request it every, let’s say, 15, for hosts which does not require constant monitoring, even though you want to keep granularity.

Unfortunately, the async support is not as tested as it should be and there are quite a few things that are not ironed out yet, which is why the support for it in the ebuild has been this much in flux up to this point. Some things have been changed upstream as well: before, you had only one user, and that was used for both the SSH connections and for the plugins to fetch data — unfortunately one of the side effect of this is that you might have given your munin user more access (usually read-only, but often times there’s no way to ensure that’s the case!) to devices, configurations or things like that… and you definitely don’t want to allow direct access to said user. Now we have two users, munin and munin-async, and the latter needs to have an actual shell.

I tried toying with the idea of using the munin-async client as a shell, but the problem is that there are no ways to pass options to it that way so you can’t use --spoolfetch which makes it vastly useless. On the other hand, I was able to get the SSH support a bit more reliable without having to handle configuration files on the Gentoo side (so that it works for other distributions as well, I need that because I have a few CentOS servers at this point), including the ability to use this without requiring netcat on the other side of the SSH connection (using one old trick with OpenSSH). But this is not yet ready, it’ll have to wait for a little longer.

Anyway as usual you can expect updates to the Munin page on the Gentoo Wiki when the new code is fully deployed. The big problem I’m having right now is making sure I don’t screw up with the work’s monitors while I’m playing with improving and fixing Munin itself.

Gentoo on the OLPC XO-1.75 (October 21, 2012, 10:00 UTC)

Currently at the Gentoo Miniconf 2012 in Prague, we have two OLPC XO-1.75 devices and are working to install Gentoo on them.

These XO-1.75 is based on the Marvell Armada 610 SoC (armv7l, non-NEON), which promises countless hours of fun enumerating and obtaining obscure pieces of software which are needed to make the laptop work.

One of these is the xf86-video-dove DDX for the Vivante(?) GPU: The most recent version 0.3.5 seems to be available only as SRPM in the OLPC rpmdropbox. Extracting it reveals a "source" tarball containing this:

total 1364
-rw-r--r-- 1 chithanh users 423968 12. Sep 14:39 aclocal.m4
drwxr-xr-x 1 chithanh users 80 12. Sep 14:39 autom4te.cache
-rwxr-xr-x 1 chithanh users 981 12. Sep 14:37
-rw-r--r-- 1 chithanh users 0 12. Sep 14:37 ChangeLog
lrwxrwxrwx 1 chithanh users 37 12. Sep 14:39 config.guess -> /usr/share/automake-1.12/config.guess
-rw-r--r-- 1 chithanh users 2120 12. Sep 14:40 config.h
-rw-r--r-- 1 chithanh users 1846 12. Sep 14:40
-rw-r--r-- 1 chithanh users 43769 12. Sep 14:40 config.log
-rwxr-xr-x 1 chithanh users 65749 12. Sep 14:40 config.status
lrwxrwxrwx 1 chithanh users 35 12. Sep 14:39 config.sub -> /usr/share/automake-1.12/config.sub
-rwxr-xr-x 1 chithanh users 440014 12. Sep 14:40 configure
-rw-r--r-- 1 chithanh users 2419 12. Sep 14:37
-rwxr-xr-x 1 chithanh users 1325 12. Sep 14:37 COPYING
drwxr-xr-x 1 chithanh users 262 12. Sep 14:37 debian
lrwxrwxrwx 1 chithanh users 32 12. Sep 14:39 depcomp -> /usr/share/automake-1.12/depcomp
drwxr-xr-x 1 chithanh users 252 12. Sep 14:37 etc
drwxr-xr-x 1 chithanh users 44 12. Sep 14:37 fedora
lrwxrwxrwx 1 chithanh users 35 12. Sep 14:39 install-sh -> /usr/share/automake-1.12/install-sh
-rwxr-xr-x 1 chithanh users 293541 12. Sep 14:40 libtool
lrwxrwxrwx 1 chithanh users 35 12. Sep 14:39 -> /usr/share/libtool/config/
-rw-r--r-- 1 chithanh users 27005 12. Sep 14:40 Makefile
-rw-r--r-- 1 chithanh users 1167 12. Sep 14:37
-rw-r--r-- 1 chithanh users 25708 12. Sep 14:40
drwxr-xr-x 1 chithanh users 76 12. Sep 14:40 man
lrwxrwxrwx 1 chithanh users 32 12. Sep 14:39 missing -> /usr/share/automake-1.12/missing
-rw-r--r-- 1 chithanh users 4169 12. Sep 14:37 README
drwxr-xr-x 1 chithanh users 1192 12. Sep 21:48 src
-rw-r--r-- 1 chithanh users 23 12. Sep 14:40 stamp-h1

total 688
-rw-r--r-- 1 chithanh users 3555 12. Sep 14:41 compat-api.h
-rw-r--r-- 1 chithanh users 805 12. Sep 14:37 datatypes.h
-rw-r--r-- 1 chithanh users 55994 12. Sep 21:22 dovefb.c
-rw-r--r-- 1 chithanh users 32160 12. Sep 15:11 dovefb_cursor.c
-rw-r--r-- 1 chithanh users 278 12. Sep 17:09 dovefb_cursor.lo
-rw-r--r-- 1 chithanh users 6052 12. Sep 14:41 dovefb_driver.h
-rw-r--r-- 1 chithanh users 974 12. Sep 17:09
-rw-r--r-- 1 chithanh users 13856 12. Sep 14:37 dovefb.h
-rw-r--r-- 1 chithanh users 264 12. Sep 17:09 dovefb.lo
-rw-r--r-- 1 chithanh users 128733 12. Sep 15:11 dovefb_xv.c
-rw-r--r-- 1 chithanh users 270 12. Sep 17:09 dovefb_xv.lo
-rw-r--r-- 1 chithanh users 2548 12. Sep 14:53 list.h
-rw-r--r-- 1 chithanh users 22242 12. Sep 17:08 Makefile
-rw-r--r-- 1 chithanh users 2121 12. Sep 14:37
-rw-r--r-- 1 chithanh users 2134 12. Sep 14:37
-rw-r--r-- 1 chithanh users 21742 12. Sep 14:40
-rw-r--r-- 1 chithanh users 18584 12. Sep 15:11 mrvl_crtc.c
-rw-r--r-- 1 chithanh users 856 12. Sep 14:37 mrvl_crtc.h
-rw-r--r-- 1 chithanh users 270 12. Sep 17:09 mrvl_crtc.lo
-rw-r--r-- 1 chithanh users 851 12. Sep 14:37 mrvl_cursor.h
-rw-r--r-- 1 chithanh users 2509 12. Sep 15:11 mrvl_debug.c
-rw-r--r-- 1 chithanh users 2284 12. Sep 14:37 mrvl_debug.h
-rw-r--r-- 1 chithanh users 272 12. Sep 17:09 mrvl_debug.lo
-rw-r--r-- 1 chithanh users 32528 12. Sep 15:11 mrvl_edid.c
-rw-r--r-- 1 chithanh users 5794 12. Sep 14:37 mrvl_edid.h
-rw-r--r-- 1 chithanh users 270 12. Sep 17:09 mrvl_edid.lo
-rw-r--r-- 1 chithanh users 84262 12. Sep 17:07 mrvl_exa_driver.c
-rw-r--r-- 1 chithanh users 282 12. Sep 17:09 mrvl_exa_driver.lo
-rw-r--r-- 1 chithanh users 10388 12. Sep 15:11 mrvl_exa_fence_pool.c
-rw-r--r-- 1 chithanh users 290 12. Sep 17:09 mrvl_exa_fence_pool.lo
-rw-r--r-- 1 chithanh users 9189 12. Sep 14:51 mrvl_exa.h
-rw-r--r-- 1 chithanh users 4258 12. Sep 14:37 mrvl_exa_profiling.h
-rw-r--r-- 1 chithanh users 46583 12. Sep 15:11 mrvl_exa_utils.c
-rw-r--r-- 1 chithanh users 3768 12. Sep 15:06 mrvl_exa_utils.h
-rw-r--r-- 1 chithanh users 280 12. Sep 17:09 mrvl_exa_utils.lo
-rw-r--r-- 1 chithanh users 20622 12. Sep 15:11 mrvl_heap.c
-rw-r--r-- 1 chithanh users 3256 12. Sep 14:53 mrvl_heap.h
-rw-r--r-- 1 chithanh users 270 12. Sep 17:09 mrvl_heap.lo
-rw-r--r-- 1 chithanh users 1774 12. Sep 15:11 mrvl_offscreen_memory.c
-rw-r--r-- 1 chithanh users 235 12. Sep 14:37 mrvl_offscreen_memory.h
-rw-r--r-- 1 chithanh users 294 12. Sep 17:09 mrvl_offscreen_memory.lo
-rw-r--r-- 1 chithanh users 47286 12. Sep 15:11 mrvl_output.c
-rw-r--r-- 1 chithanh users 274 12. Sep 17:09 mrvl_output.lo

More pictures of the Gentoo Miniconf can be found at the Google+ Event page.

October 20, 2012
Diego E. Pettenò a.k.a. flameeyes (homepage, stats, bugs)
I don't do it for the beer! (October 20, 2012, 21:47 UTC)

This is a rant that might sound silly, but this is one thing that has started to irk me significantly. I’m tired of people that paint all developers out there as beer drinkers, even more so when they actually seem to akin them to drunkards who code under influence.

I do not drink. I can’t, to be precise, but even if I could, I don’t like getting drunk, I never got drunk really but I know enough of what would happen to me because I had, at one point, to use Xanax, and I don’t want to do that anymore. It wasn’t fun! This does not mean that I have a problem with people, or developer, drinking or having fun. Those who know me, know that I’m very socially liberal at heart, I really don’t care what you do with your own free time, as long as it’s not causing trouble to me or others.

When I went to FOSDEM, the pre-conference event is a beer event. I can understand that: it’s Belgium, and the Délirium is on the Guinness Book of Records after all. Last VDD there was a beer event as well, but the place was definitely apt and if you got upstairs (which I didn’t, bad me!) you would have found a number of other things, including non-alcoholic cocktails — me and Luca came back the weekend after VDD, although I didn’t try any because I didn’t have my blood sugar test strips and I didn’t want to risk getting too high for comfort.

But in both cases, this is just a mingling event, and it doesn’t really bother me at all. First you can get other drinks as well (at FOSDEM you usually see me with a Diet Coke or water), and second this stops the moment the conference actually starts… to a point. The VideoLAN people didn’t give us barrels of beer during the conference, but a rather more general refreshment, for which I’m definitely grateful (the croissants were delicious, seriously!). Thanks guys!

But then there are posts like our own Donnie’s that tick me off a bit Then we got tweets such as the one today from Chad Windnagle of Joomla. Seriously? Donnie actually tooting the (mangled) responses of a survey by one company (Zend) which extrapolates that the majority of developers love beer (compared to what? teachers? teenagers?), and people at GSoC proclaiming that the unifying factor is beer?

I know it’s a tiny minuscule offence in comparison, but to me, this is still a shade of the “brogrammer” stereotype that is also giving us the grief of sexist pigs in our communities, in the bigger picture. Which does not mean that everybody (or anybody) who drink is part of the sexism problem – it is not, and I wouldn’t blame Donnie to be offended if I was to suggest this; he’s the first person who fights against it – but these remark do make me understand how women in tech feel. I do feel shunned every time a point is made across that if I’m a developer I have to enjoy beer; when a major point is made of a conference about the amount of beer available, I do feel less welcome than I should.

To me it still feels like there’s this stereotypical bad example of “the developer” (either opensource or not) that is the pimply overweight sexist who lives in the basement of his parents, and can’t wait for a conference to get drunk. And that’s hurting us, because some developers take this stereotype as a license to indulge in the negative aspects of it, ruining it for everybody.

So let’s start with a simple rule

Developers, open-source or not, are all different from one another. They have different genders, different goals in life, different lifestyles, even different values. Communities are formed when you share some (but not strictly all) of these characteristics. Open-source communities for the vast part are formed by developers (and not) who like to see, and to show, how things work.

And now let’s make sure we shatter that outdated stereotype, as I really really enjoy getting to know the diversity of people I work with.

Jeremy Olexa a.k.a. darkside (homepage, stats, bugs)
A brief visit to Amsterdam (October 20, 2012, 21:23 UTC)

I was in Amsterdam for 3 days and 2 nights. My first impressions were quite interesting. The culture in Amsterdam is quite liberal and relaxed, but it is also regulated. This was my first stop in my RTW trip. As my first stop, it was a great place to be dropped in to Europe. It allowed me to get into the Euro mindset and figure out what the heck I was doing. Now I know when I get into a city I need to do the following: 1) goto tourist info building to find a city map, 2) physically find my sleeping accommodations, 3) set my bag down and go explore the city with my map.

Amsterdam is a very old city with much history and architecture. You can look at my pics on flickr, I have left comments on most of them. I liked all the canals that the city is built around, quite unique. Overall, glad I went there but probably not the city for me. I did not fall in love with it.

Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
DisneyNature – Crimson Wing review (October 20, 2012, 01:48 UTC)

Not all that long ago, I reviewed African Cats from DisneyNature. Around the same time that I watched that film on Blu-Ray, I also watched Crimson Wing.

DisneyNature - Crimson Wing

Crimson Wing traces that fascinating story of the life cycle of the flamingo. In particular, the documentary follows the migration surrounding Lake Natron in Tanzania, Africa. It details the courtship of adult flamingos, the birth of their offspring, and many of the struggles which the birds must endure to sustain life in a rather hostile environment.

Unlike African Cats, this film didn’t have a stunning colour palette that really came to life on Blu-Ray. Instead, the most prominent colour spread was comprised of whites, greys, and some blues (not as much crimson as I would have thought). I don’t believe that this was the fault of a bad transfer to Blu-Ray, but rather, the somewhat washed look of the environment in which the film was shot. Coupled with the slightly disappointing visuals, the narrator had very little vocal and tonal fluctuation, which made the presentation a little dull and monotonous. Also, the balance between information delivery and entertainment was skewed toward the former. Not that facts are bad in a documentary, but it seemed to lack a lot of the charisma of other DisneyNature films. To make matters worse, I didn’t come away from this one knowing much more about flamingos than I did before I started watching.

Overall, though it wasn’t awful, it was certainly not my favourite of the DisneyNature series. However, it is still worth a watch, especially if you are a nature lover.

Filled starFilled starFilled starFilled starFilled starFilled starUnfilled starUnfilled starUnfilled starUnfilled star


October 19, 2012
Miniconf: Gentoo on the OLPC XO-1.75 (October 19, 2012, 21:05 UTC)

At the Gentoo Miniconf 2012 in Prague we will install Gentoo on the OLPC XO-1.75, an ARM based laptop designed as an educational tool for children. If you are interested in joining us, come to the Gentoo booth and start hacking with us!

—Chí-Thanh Christopher Nguyễn

October 18, 2012
Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Yo-N-Go frozen yoghurt – Saint Louis, MO (October 18, 2012, 17:52 UTC)

Back in early August, there was a Groupon for a new frozen yoghurt place called Yo-N-Go in Saint Louis, MO. Located in the “downtown” area near Laclede’s Landing, the location can be somewhat difficult in terms of parking. However, just a couple blocks to the north, there is plenty of free street parking available.

The establishment looks very similar inside to many of the other premium frozen yoghurt places in the area (and elsewhere, for that matter). One thing that caught my eye, though, is that the flavours are displayed on the machines via a digital screen instead of just a sign above them. Not that the display impacts the quality of the yoghurt, but I just thought that it was neat. Now, interestingly, the only legitimate review on Yelp (I say “legitimate” as the other review was a customer who was angry that her attempt to abuse the Groupon policy had failed, and she decided to lash out at the owner) indicates that the yoghurt was lacking flavour. I would have to strongly disagree. I had a combination of red velvet cake and carrot cake, both of which were very tasty! Deb had the sugar-free chocolate which was surprisingly not gritty (many of the sugar-free flavours tend to have a less-than-pleasing texture). That being said, there were not as many topping offerings as I would have liked. Some of my favourites (like graham cracker crumbs, and a wide assortment of fresh fruits) were not available.

Also, unlike the upset reviewer on Yelp, I found the owner (Matt) to be quite helpful and friendly. We used our Groupon according to the terms and conditions, and didn’t have any problem doing so.

In any case, though, I think that Yo-N-Go is a good addition to the host of premium frozen yoghurt venues in the Saint Louis area, and it is good to see one that isn’t in the county. I wouldn’t say that it is the absolute best frozen yoghurt that I’ve ever had, but it ranks significantly higher than many of the others around town.


Diego E. Pettenò a.k.a. flameeyes (homepage, stats, bugs)
ModSecurity news, rules, and future (October 18, 2012, 05:32 UTC)

So the day started looking into getting a new version of ModSecurity into shape for a new stable ebuild in Gentoo for bug #438724 (a security issue in ModSecurity 2.6.8 and earlier). Unfortunately this also meant that I had to get a new CRS in, and that requires more testing than I was expecting.

The problem is that the ModSecurity 2.7 release is now stricter on what it accepts for rules. In particular now rules are mandated to have an unique ID. And that ID has to be only numeric. And that also means that if you publish your ruleset like I do you have to register for a reserved ID range with the ModSecurity developers. I did, and I have my proper range. I already developed a tool some time ago to validate my rules’ compliance with the new policy, but it turned out to requiring some tweaking anyway, as a few conditions weren’t reported properly.

Unfortunately the Core Rule Set (which is actually developed as a separate project by Ryan Barnett, whereas ModSecurity is maintained by Breno Silva), was not ready for this yet. Oh yes, the base rules, which are the only ones usually enabled by Gentoo, are fine, but the optional, experimental and the, newly introduced SpiderLabs Research rules are not ready. Some rules lack an ID, some IDs are duplicate, and some rules go well out of the designed ranges for them.

I pointed the guys at SpiderLabs/TrustWave at my script already — hopefully we’ll soon get a 2.2.7 release that covers those issues. Until then we’ll have to do with what we have. My rules are all fixed to work properly with the new ModSecurity though, this blog is using them already.

On a different note, I’ve considered making my validation of browsers’ user agents stronger than before, as spammers and exploit tools are becoming more advanced and more capable. In particular, I’ve found Mozilla’s docs as well as Microsoft’s which include a description for IE 8 and one for IE9 (I haven’t looked up one for IE 10 yet, I’m sure they have it). This should be enough to actually validate that there aren’t extraneous addons installed that could be signal for a spambot.

In particular, it seems like many of the posters in the recent wave of spam I’ve been hit with lately, which is looking exactly like a standard browser, reports coming from Firefox with WebMoney Advisor installed. Turns out that WebMoney is one of the many anonymous, electronic currencies that are so often used by spammers, carders, and the rest of the low-life scum that causes us so much grief as email users and bloggers. I wouldn’t be surprised if these were actually mechanical turks used to post spam bypassing various filters, who are then paid through that service.

Anyway, as usual please let me know if you can’t post the blog just send me an email, it shouldn’t happen but sometimes I have been overly excited with the rules themselves. On the other hand, I’ve tested most of the browsers as we have them lined up here at the office and they are fine — we don’t use or support Opera, but that should be fine as well. The infamous Opera Turbo issues should be fixed now, it would have been nice if Opera actually sent the proper HTTP parameters as required by the RFC when using that feature, but it’s okay.

October 17, 2012
2012 Gentoo Screenshot Contest Results (October 17, 2012, 21:03 UTC)

Gentoo - Still alive and kicking ...

As the quantity and quality of this year's entries will attest, Gentoo is alive, well, and taking no prisoners!

We had 70 entries for the 2012 Gentoo screenshot contest, representing 11 different window managers / desktop environments. Thanks to all that participated, the judges and likewhoa for the screenshot site.

The Winners!

New subproject: kde-stable (October 17, 2012, 18:53 UTC)

If you are a kde user, you may be interested to this new subproject:

Feel free to ask any doubt.

Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)
Prepac Quad media rack – BMA-1520 review (October 17, 2012, 16:41 UTC)

As a huge film and music buff, I was starting to have trouble finding space for my CDs, DVDs, and Blu-Rays. I had small or medium-sized media racks scattered throughout my house, but that wasn’t really working all that well for me. I had considered having a woodworker craft a custom cabinet for me, but that proved to be a long-term goal given the exorbitant price associated with having anything custom-made (especially fine wooden furniture). In the interim, I found a large rack that seemed to fit my needs made by a Canadian company called Prepac. They specialise in furniture and media cabinets that are sturdy, but don’t cost a small fortune.

In particular, I thought that the BMA-1520–more commonly referred to as the “Quad,” since it is a quad-width rack–looked promising. The Quad holds an impressive 1520 CDs (where it gets the “1520″ portion of the model number), 700+ DVDs, 1200 Blu-Rays, or any combination thereof. It comes in oak or black, and I decided to go with the black finish as it would match the other items in my living room:

Prepac BMA-1520 quad width media rack

In terms of build quality, I’m pretty impressed with the Prepac Quad. Even though it is constructed from laminated composite woods, it is substantial. Also, it is weighted really well so that it doesn’t feel like it is going to tip over. The rack comes with zip ties and hooks in order to secure it to the wall, but I didn’t find them necessary on the carpeted flooring in my family room.

I also found assembling the unit to be fairly straightforward. The steps were clearly outlined and illustrated. However, the only part that I found a bit unnerving was the backing of the rack. It is nothing more than cardboard, but that’s not my main concern. The primary issue is that the pieces of cardboard fit precisely against the dividers, and they are attached using small nails. This normally wouldn’t be a big deal, but the first part that I attached was slightly shifted toward the other side of the unit. That meant that every subsequent piece of backing was shifted as well. Considering the divider beams are quite narrow in the first place, attaching the other backing pieces proved to be very difficult, and required some overlapping. After splitting a couple of the dividers ever-so-slightly, I finally did get the backing completely attached. Granted, my assembly qualm may be my own fault since I was trying to do it without having someone else there to assist (by holding the backing in place, et cetera).

Overall, the unit is sturdy, holds a huge amount of media, has virtually no wasted space, and fits nicely in the space that I had for it. I’m very pleased with the media rack given its price.


Theo Chatzimichos a.k.a. tampakrap (homepage, stats, bugs)
Bootstrapping Awesome: The latest news (October 17, 2012, 10:27 UTC)

Overview of What Happened

In the last few weeks, the conference team has worked hard to prepare the conference. The main news items you should be awere of are the FAQ which has been published, the party locations and times, the call to organize BoF sessions and of course the sponsors who help make the event possible. And we’re happy to tell you that we will provide live video streams from the main rooms during the event (!!!) and we announced the Round Table sessions during the Future Media track. Last but not least, there have been some interviews with intresting speakers in the schedule!

Sneak Peek of the Conference Schedule

Let’s start with the interviews. During the last weeks, a number of interesting speakers has been interviewed, both by text and over video chat. You can find the interviews in our first sneak peek article and more in this extensive follow-up article about the Future Media track. You can find the video interviews also in our youtube channel and on our channel.


Talking about video interviews, there will be more videos in those channels: the openSUSE Video team is gearing up to tape the talks at the event. They will even provide a live stream of the event, which you can watch via flash and on a smartphone at bambuser and via these three links via ogv feeds: Room Kirk Room McCoy and Room Scotty. Keep an eye on the wiki page as the team will add feeds to more rooms if we can get some more volunteers to help us out.

Round Table Sessions!

We’ve mentioned the special feature track ‘Future Media’ already and we’ve got an extra bite for you all: the track will feature two round table discussions, one about the value of Free and Open for our Society and one about the practicalities of doing ‘open’ projects. Find more in the schedule: Why open matters and How do you DO open?.

We need YOU!

Despite all our work, this event would be nothing without YOUR help. We’re still looking for volunteers to sign up but there’s another thing we need you for: be pro-active and get the most out of this event! That means not only sitting in the talks but also stepping up and participating in the BoF Sessions. And organize a BoF if you think there’s something to discuss!

Party time!

Of course, we’re also thinking about the social side of the event. Yes, there will surely be an extensive “hallway track” as we feature a nice area with booths and the university has lots of hallways… But sometimes it’s just nice to sit down with someone over a good beer, and this is where our parties come in. As this article explains, there will be two parties: one on Friday, as warming-up (and pre-registration) and one on Saturday, rockin’ in the city center of Prague. Note that you will need your badge to enter this party, which means you have to be registered!


As we wrote a few days ago, all this would not be possible without our sponsors, and we’d like to thank them A LOT for their support!

Big hugs to Platinum Sponsor SUSE, Gold Sponsor Aeroaccess, Silver Sponsor Google, Bronze Sponsor B1Systems, supporters ownCloud and Univention and of course our media partners LinuxMagazine and Last but not least, a big shout-out to the university which is providing this location to us!


On a practical level, we also published our Conference FAQ answering a bunch of questions you might have about the event. If you weren’t sure about someting, check it out!


There will be more news in the coming days, be sure to keep an eye on for articles leading up and of course during the event. As one teaser, we’ve got the Speedy Geeko and Lightning talks schedule coming soon!

Be there!

Gentoo Miniconf, oSC12 and LinuxDays will take place at the Czech Technical University in Prague. The campus is located in the Dejvice district and is next to an underground station that gets you directly to the historic city center – an opportunity you can’t miss!

We expect to welcome about 700 Open Source developers, testers, usability experts, artists and professional attendees to the co-hosted conferences! We work together making one big, smashing event! Admission to the conference is completely free. However for oSC a professional attendee ticket is available that offers some additional benefits.

All the co-hosted conferences will start on October 20th. Gentoo Miniconf and Linuxdays end on October 21st, while the openSUSE Conference ends on October 23rd. See you there!

Dane Smith a.k.a. c1pher (homepage, stats, bugs)
New Tricks, Goals, and Ideas (October 17, 2012, 01:06 UTC)

It’s been a while since I’ve done anything visible to anyone but myself. So, what the heck have I been doing?

Well, for starts, in the past year I’ve done a serious amount of work in Python. This work was one of the reasons for my lack of motivation for Gentoo. I went from doing little programming / maintenance at work to doing it 40+ hours a week. It meant I didn’t really feel up to doing more of it in my limited spare time. So I took up a few new hobbies. I got into Photography (feel free to look under links for the photo website). I feel weird with the self promotion for that type of thing, but, c’est la vie.

As the programming at work died down some, I started to find odd projects. I spent some serious time learning Go [1] and did a few small projects of my own in that. One of those projects will be open sourced soon. I know a fair few different languages, and I know C, Python, and Java pretty decently. While I like all of the ones on that list, I can’t say that I truly buy into the philosophies. Python is great. It’s simple, it’s clean, and it “just works.” However, I find that like OpenSSL, it gives you enough room to hang yourself and everyone else in the room. The lack of strict typing coupled with the fact that it’s a scripting language are downsides (in my eyes). C, for all that it is awesome at low level work, requires so much verbosity to accomplish the simplest tasks that I tend to shy away from it for anything other than what must be done at that level. Java… is well Java. It’s a decent enough language I suppose, but being run in a VM is silly in my eyes. It, like C, suffers from being too verbose as well (again, merely my humble opinion).

Enter Go. Go has duck typed interfaces, unlike Java’s explicit ones. It’s compiled and strictly typed. It has other modern niceties (like proper strings), along with a strong tie to web development (another area C struggles with). It has numerous interesting concepts (check out defer), along with what I find to be a MUCH better approach to error handling than what exists in any of C, Java, or Python. Add in that it is concurrent by design and you have one serious language. I must say that I am thoroughly impressed. Serious Kudos to those Google guys for one awesome language.

I also picked up a Nexus 7 and started looking into how Android is built and works. I got my own custom ROM and Kernel working along with a nice Gentoo image on the SD Card. Can anyone say “Go compiler on my Nexus 7?” This work also led me to do some work as far as getting Gentoo booting on Amazon’s Elastic Compute Cloud. Building Android takes for-freaking-ever, so I figured.. why not do it in the cloud!? It works splendidly, and it is fast.

So that covers new tricks. You mentioned goals and ideas?!

First, time to get myself off the slacker wagon and back to doing something useful. I no longer repulse at the idea of developing when I get home. That helps =p. One of the first things I want to spend some time addressing is disk encryption in Gentoo. I wrote here pertaining to the state of loop-aes. Both Loop-AES and Truecrypt need to spend a little time under the microscope as to how they should be handled within Gentoo. I’ll write more on his later when I have all my ducks in a row. I have no doubt that this will be a fun topic.

I also want to look into how a language like Go fits into Gentoo. Go has it’s own build system (no Makefiles, configure scripts, or anything else) that DOES have a notion of things like CFLAGS. It also has the ability to “go get” a package and install it. To those curious check out their website. All of these lead to interesting questions from a package management point of view. I am inclined to think that Go is around to stay. I hope it is. So we may as well start looking into this now rather than later. As my father used to tell me all the time, “Proper Prior Planning Prevents Piss Poor Performance.” Time to plan =).

That is, right after I sort out the fiasco that is my bug queue. *facepalm*


Diego E. Pettenò a.k.a. flameeyes (homepage, stats, bugs)
Sophistication can be bad (October 17, 2012, 00:06 UTC)

Everybody heard about the KISS principle I guess — the idea is the less complex a moving part is, the better. This is true in software as much as mechanics. Unix in particular, and all the Unix-like projects including GNU, also tended to follow that principle as it can be shown by the huge amount of small utilities that only do one particular text or file editing functions — that is until you introduce sed, awk and find.

Now we all know that the main sophistication that is afoot in the Linux world nowadays is Lennart’s systemd. I have no intention to discuss it now, or at any later time I’d say. I really don’t care as long as I have a choice not to use it, and judging from a given thread I think we’ll always have an alternative, no matter what some people said before and keep saying.

No, my problem today is not with udev deciding it’s time to stop using the same persistent rules that people had to fight with for years and that now are no longer usable, and instead it’s a problem with util-linux, and in particular with the losetup utility that manages the loop devices. See, the loop devices have been quite a big deal in the past, mostly because they started as a fixed amount, then the kernel let you decide how many, and then finally code was enabled that would let you change dynamically the amount of loop devices you want to have available. Great, but it required a newer version of util-linux, and at the time when it was introduced, there wasn’t one that actually worked as intended.

Anyway, in the past week I’ve been working on building a new firmware image for the device I’m working on, and when it comes down to run the script that generates the image to burn on the SSD, it locked up with 100% CPU usage (luckily the system is multicore so I could get in to kill it). The problem was to be found in losetup, so today with enough time on my hands, I went to check it out. Turns out that the reason why it failed was a joint issue between my setup, OpenRC updates, and util-linux updates, but let’s proceed with order.

The build happen on a container for which I was not mounting /sys — or at least so I intended, although it is possible that OpenRC mounted it on its own; this has changed recently, but I don’t think those changes hit stable yet, so I’m not sure that’s the case. I had created static nodes for the loop devices and for /dev/loop-control — but this latter was not to be found at first today. Maybe I deleted it by mistake or something along those lines. But the point is it worked before, and nothing changed beside an emerge -avuDN.

So, what happens is that the script is running something along the lines of losetup --find --show file which is intended to find the first available loop device, set up the file, and then print the loop device that was found. It’s a bit more complex than this as I’m explicitly setting up only the partition on the loop device (getting partitioned loop devices to play cool with LXC is a pain), but the point stands. Unfortunately, when both /dev/loop-control and /sys are unreachable, the looping around that should give us the first available device is looping over the same device over and over and over again, never trying the next. This causes the problem noted above, of losetup locking at 100% CPU usage.

And it’s definitely not the only problem! If you just execute losetup --find, which should give you the first available device, it provides you /dev/loop0 even if that device is already in use. Not content enough with these problems? losetup -a lists no device, even when they are present, and still returns with a valid, zero exit status. Which is definitely not the case!

Okay you can say that losetup is already trying its best by using not one but three different sources (the third one is /proc/partitions) to find the data to use, but when the primary two are not usable, you shouldn’t expect it to give you proper information, should you? Well, that’s not the point. The big problem is that it should tell me “man, I can’t get you the data you requested because I need more sources, give me the sources!” instead of trying its best, failing, and locking up.

The next question is obviously “why are you ranting, instead of fixing it?” — the answer is that I tried, but the code I was reading made me cry. The problem is that nowadays, losetup is just a shallow interface to some shared code in util-linux .. and the design of said code makes it very difficult to make it clear whether a non-zero return value from a function is a “we reached the end of the list” or “I couldn’t see anything because I lack my sources”. And it really didn’t feel like a good idea for me to start throwing away that code to replace it with something more KISS-compliant.

So at the end of the day, I fixed my container to mount /sys and everything works, but util-linux is still broken upstream.

October 16, 2012
Nathan Zachary a.k.a. nathanzachary (homepage, stats, bugs)

For the past few years, I’ve been using the 100% Whey Gold Standard protein powder from Optimum Nutrition. I find that it is a great supplement, especially after a workout. It really helps my muscles feel better after long runs, or some strength training. Granted I’m not anywhere near a bodybuilder or even in the weight-lifter category, but for me, it works very well.

I started using ON 100% Whey Gold Standard because it offers a good amount of protein (24g per serving) without a huge amount of fat along with it (only 1g, 0.5 of which saturates). I had found that many of the protein bars and such were high in protein, but also very high in saturated fat and calories. This powder only has 120 calories per serving, and even when mixing it with skim milk, that’s only about 200 calories.

Ever since I started using this brand, I’ve always purchased the double rich chocolate flavour. Though I really like it, and it essentially just tastes like a big glass of chocolate milk, I was getting really tired of it. Last week, when I needed to buy another container of it, I went with a new flavour–French vanilla crème.

Optimum Nutrition - 100% Whey Gold Standard - French Vanilla Creme

This flavour is a great alternative to the standard chocolate, but yet it is generic enough that mixing other things (like fruits) with the shake would still work nicely. I found that with the same serving size, though, it makes for a substantially thicker shake than did the double rich chocolate flavour. It also tends to foam a bit more than the chocolate. Some people have found that there is a slight bitterness to this flavour (as well as the cookies and cream), but I haven’t experienced it. I would guess that the problem would be from not mixing the powder well enough. However, bitterness caused by lack of mixing could plague any flavour. All-and-all, this is a great deviation from the norm, and I am looking forward to trying some other flavours down the road as well.


Steve Dibb a.k.a. beandog (homepage, stats, bugs)
bully (October 16, 2012, 06:34 UTC)

So, I went and watched the movie “Bully” tonight.  It was good.  I’ve got kind of mixed feelings about it, probably because of the many ways I look at the stories.  Part of me was interested to see what students are going through.  Part of me was thinking about what social settings had to exist for a setting like that to exist.  And then I was thinking about how school administration seemed like politics a little bit, and I wondered if teachers had any idea that they’d be called upon learning how to do mediation when they were getting their degrees.

The story about the teenagers who committed suicide is really sad.  I’m really glad that the film didn’t focus just on that angle, though.  They followed a couple of students specifically, and then had footage of bullying in general, and students just dealing with it in a general sense.  It was tough to watch, and made me feel bad for the guys.  It also renewed the feeling that I really wanna do something about it.  During the film I pulled out my phone for a second to check the time, and seeing the background on my cell phone — a picture of me and my little brother, Steven — really hit me, and made me realize that I *am* doing something.  That was kinda cool. :)

I don’t know much about bullying to have an opinion.  I can’t really draw on my own experiences, since I was never bullied, and I don’t remember anyone around me getting bullied.  Either I wasn’t really observant, or it wasn’t going on much.  I dunno.  All through school I kind of just stayed in the background.  Nobody bothered me and I didn’t bother anyone.  Some of the scenes were about the students riding on the school bus, and I actually thought it was weird to have so many people on there.  I remember that the bus was hardly ever half full, and having two people in one seat was rare.  So, a lot of it, I couldn’t really relate.  I was just kind of watching it.

The thing that made me sad (more than the bullying, actually, go figure) was how the adults in the lives of the kids tried to help them out.  The kids were pretty much getting the message of “well, you should do something about it,” and “it’s not really that bad, kids do that.”  A big part of that reason was that the kids getting bullied wouldn’t tell their parents how bad it was.  And in the cases where they did and the school administration would address it, the kids and parents would call them out on it and say how nothing was really changing.  It brings up a lot of questions regarding maintaining order in schools, providing the students somewhere they can feel safe, and whose job it really is to be an influence on the bullies.

The stories about the suicides were sad, but for me it didn’t really dig into me as hard as the other stuff.  I have kind of a different perspective on suicide, in the sense of that I can *understand* why they would see it as an out.  I dunno if that’s common, or if you have to be really interested in counseling to know how that works.  The thing that is really crazy in my mind though is that these guys are committing suicide at such a young age, and that others usually don’t have any clue that they’re pushing their peers so far off the cliff until it’s too late.

The part that was really hard for me was seeing the kids themselves being bullied as they were in the middle of things — they were suffering all these things, they were trying to make sense of this — “why would they do this?” “can we just be friends?” “why isn’t anyone at school doing anything?” — and then getting mixed messages from their parents as well.  In every case, the parents had no idea how bad things were until either the kid snapped (one took a gun on a bus), they were completely ignored and isolated by the community after coming out (a lesbian), or they saw the actual footage of the film.

I’d recommend seeing the film.  It was really good, and put together well.  I was hesitant to go see it, since I knew this is an emotional issue, and I thought it’d be easy to draw on that emotion and make a movie that was just sensationalizing it a little bit.  It wasn’t that way at all, though.  It came across to me as a sincere documentary that looked at the problem, explored it very well, and showed the stories of how they *really* are.  I love movies that are raw in that sense, where they are just about *life*.  In that vein, I’d recommend seeing “Boy Interrupted” as well.  That movie is also really gritty (and about suicide).

As strange as it may seem, I love movies like this where they display actual raw emotion, what the people are going through.  I prefer things like this not to be watered down or come with an obvious agenda.  Just exposing human life for what it’s like is good enough (and sad enough, in some cases).  I wish there were more films like this (and if you know of any, let me know).

Out of the entire film, one scene stood out to me the most.  It was in the assistant principal’s office (who, she was only in the film for maybe five minutes herself) who called in a student to talk to about bullying.  The kid came in looking just like any other kid, not sure what was going on, but that was about it.  She (the principal) pointed down to her desk, a picture, I’m imagining, of a student that was being bullied, and asked what his relationship was to him.  The poor kid just instantly lost the color to his face, and noticeably tensed up as he realized he was in trouble.  That made me feel really bad, that getting a shock like that, that you’re doing something wrong is suddenly and abruptly brought to your attention.  He genuinely had a look of “wow, I didn’t know that was wrong,” partly because he looked like a really innocent kid in addition to how daunted he was by being accused of bullying.  I kind of read into it that he was going along with things, but didn’t really realize the effect he was having.  In contrast, there was another kid who was also called into her office to talk about it, and he had an attitude of denial and how it wasn’t happening, and it wasn’t a big deal.  For the first kid, I thought to myself, there’s got to be a better way to bring this to his attention and correct it.  I feel really bad for anyone who gets the banhammer dropped on them unexpectedly.  That’s something I work really hard not to do with people, so it makes me sad when I see it happen to someone else.

I felt really bad for all the kids — the bullies and the ones being bullied.  I wish there was some easy answers, but I think there are two things that would help — learning how to communicate better with students, and having everyone learn to be kind.  There were a lot of times when bullies were being punks, and the other kids just kind of rolled with it.  That’s a social phenomenon in itself, which is pretty normal … people don’t typically step in when something unfair is going down, and in a lot of cases, will just pile on the aggression, because it seems to make the most sense.  I dunno, there’s a lot of variables in it that make it a difficult challenge, but I still think there’s some simple concepts that would help (communication, kindness, courage).

I dunno how I would handle it if someone came to me and told me they were getting bullied.  I’d honestly never really thought about it before, again, mostly because it’s something I didn’t really ever know much about it.

There’s a lot of great videos on youtube about bullying.  I’ll end on a positive one. :)

October 15, 2012
Josh Saddler a.k.a. nightmorph (homepage, stats, bugs)
box down (October 15, 2012, 07:08 UTC)

my main gentoo workstation is down. no more documentation updates from me for awhile.

it seems the desktop computer’s video card has finally bitten the dust. the monitor comes up as “no input detected” despite repeated reboots. so now i’m faced with a decision: throw in a cheap, low-end GFX card as a stopgap measure, or wash my hands of 3 to 6 years of progressive hardware failure, and do a complete rebuild. last time i put anything new in the box was probably back in 2009…said (dead) GFX card, and a side/downgraded AMD CPU. might be worth building an entirely new machine from scratch at this point.

i haven’t bothered to pay attention to the AMD-vs-Intel race for the last few years, so i’m a bit at a loss. i’ll check TechReport, SPCR, NewEgg, and all those sites, but…not being at all caught up on the bang-for-buck parts…is a bit disconcerting. i used to follow the latest trends and reviews like a true technoweenie.

and now, of course, i’m thinking in terms of what hardware lends itself to music production — USB/Firewire ports, bus latency, linux driver status for crucial bits; things like that. all very challenging to juggle after being out of it for so long.

so, who’s built their own PC lately? what’d ya use?

October 14, 2012
Sven Vermeulen a.k.a. swift (homepage, stats, bugs)
Gentoo Hardened progress meeting (October 14, 2012, 13:00 UTC)

Not that long ago we had our monthly Gentoo Hardened project meeting (on October 3rd to be exact). On these meetings, we discuss the progress of the project since the last meeting.

For our toolchain domain, Zorry reported that the PIE patchset is updated for GCC, fixing bug #436924. Blueness also mentioned that he will most likely create a separate subproject for the alternative hardened systems (such as mips and arm). This is mostly for management reasons (as the information is currently scattered throughout the Gentoo project at large).

For the kernel domain, since version 3.5.4-r2 (and higher), the kernexec and uderef settings (for grSecurity) should no longer impact performance on virtualized platforms (when hardware acceleration is used of course), something that has been bothering Intel-based systems for quite some time already. Also, the problem with guest systems immediately reserving (committing) all memory on the host should be fixed with recent kernels as well. Of course, this is only true as long as you don’t sanitize your memory, otherwise all memory gets allocated regardless.

In the SELinux subproject, we now have live ebuilds allowing users to pull in the latest policy changes directly from the git repository where we keep our policy at. Also, we will see a high commit frequency in the next few weeks (or perhaps even months) as Fedora’s changes are being merged with upstream. Another change is that our patchbundles no longer contain all individual patches, but a merged patch. This increases the deployment time of a SELinux policy package considerably (up to 30% faster since patching is now only a second or less). And finally, the latest userspace utilities are in the hardened-dev overlay ready for broader testing.

grSecurity is still focusing on the XATTR-based PaX flags. The eclass (pax-utils) has been updated, and we will now be looking at supporting the PaX extended attributes for file systems such as tmpfs.

For profiles, people will notice that in the next few weeks, we will be dropping the (extremely) old SELinux profiles as the current ones have been marked stable long time ago.

In the system integrity domain, IMA is being worked on (packages and documentation) after which we’ll move to the EVM support to protect extended attributes.

And finally, klondike held a good talk about Gentoo Hardened at the Flossk conference in Kosovo.

All in all a good month of work, again with many thanks to the volunteers that are keeping Gentoo Hardened alive and kicking!

Andreas K. Hüttel a.k.a. dilfridge (homepage, stats, bugs)
Lecture announcement: Low Temperature Physics (October 14, 2012, 12:22 UTC)

It's a real pleasure to do the Low Temperature Physics lecture again this winter term. This is a so-called "Modulvorlesung" and "Wahlpflichtfach" (compulsory optional subject?), meaning you'll be able to pick it as examination subject for the MSc physics (possibly also for other courses as e.g. chemistry). Slides are in English, the lecture itself will be in German unless the audience requests otherwise.  In short, we'll be covering the following topics: 
  • properties of cold gases and liquids
  • cryotechnology
  • properties of cold solids (all except superconductivity)
  • superconductivity
  • low-temperature nanophysics
A lot more information can be found on the homepage of the lecture itself. For legal reasons, the slides are only available to participants; I'll tell you the password during the first lecture. So, see you on tuesday morning 8:00ct, PHY 5.0.21!

Matthew Thode a.k.a. prometheanfire (homepage, stats, bugs)
VLAN trunking to KVM VMs (October 14, 2012, 05:00 UTC)

Why this is needed

In testing linux bridging I noticed a problem that took me much longer then I feel comfortable admitting. You cannot break out the VLANs to from a physical device and also use that physical device (attached to a bridge) to forward forward the entire trunk to a set of VMs. The reason this occurs is that once linux starts inspecting for vlans on an interface to split them out it discards all those you do not have defined, so you have to trick it.


I had my Trunk on eth1. What you need to do is directly attach eth1 to a bridge (vmbr1). This bridge now has the entire trunk associated with it. Here's the fun part, you can break out vlans on the bridge, so you would have an interface for vlan 13 named vmbr1.13 and then attach that to a brige, allowing you to have a group of machines only exposed to vlan 13.

The networking goes like this.

               /-> vmbr1.13 -> vmbr13 -> VM2
eth1 -> vmbr1 ---> VM1
               \-> vmbr1.42 -> vmbr42 -> VM3


Here is the script I used with proxmox (you can set up the bridge in proxmox, but not the source for the bridges data (the 'input'). This is for VLANs 1-13 and assumes you have vyatta set up the target bridges. I had this start at boot (via rc.local).

vconfig add vmbr1 2
vconfig add vmbr1 3
vconfig add vmbr1 4
vconfig add vmbr1 5
vconfig add vmbr1 6
vconfig add vmbr1 7
vconfig add vmbr1 9
vconfig add vmbr1 10
vconfig add vmbr1 11
vconfig add vmbr1 12
vconfig add vmbr1 13
ifconfig eth1 up
ifconfig vmbr1 up
ifconfig vmbr1.2 up
ifconfig vmbr1.3 up
ifconfig vmbr1.4 up
ifconfig vmbr1.5 up
ifconfig vmbr1.6 up
ifconfig vmbr1.7 up
ifconfig vmbr1.8 up
ifconfig vmbr1.9 up
ifconfig vmbr1.10 up
ifconfig vmbr1.11 up
ifconfig vmbr1.12 up
ifconfig vmbr1.13 up
brctl addif vmbr1 eth1
brctl addif vmbr2 vmbr1.2
brctl addif vmbr3 vmbr1.3
brctl addif vmbr4 vmbr1.4
brctl addif vmbr5 vmbr1.5
brctl addif vmbr6 vmbr1.6
brctl addif vmbr7 vmbr1.7
brctl addif vmbr8 vmbr1.8
brctl addif vmbr9 vmbr1.9
brctl addif vmbr10 vmbr1.10
brctl addif vmbr11 vmbr1.11
brctl addif vmbr12 vmbr1.12
brctl addif vmbr13 vmbr1.13

October 13, 2012
Patrick Lauer a.k.a. bonsaikitten (homepage, stats, bugs)
Reanimating #gentoo-commits (October 13, 2012, 13:58 UTC)

Today I got annoyed with the silence in #gentoo-commits and spent a few hours fixing that. We have a bot reporting ... well, I hope all commits, but I haven't tested it enough.

So let me explain how it works so you can be very amused ...

First stage: Get notifications
Difficulty: I can't install postcommit hooks on
Workaround: emails
Code (procmailrc):

* ^
  :0 c

  | bash ~/
So this runs all mails that come from the ML through a script, and puts a copy into a subfolder.

Second stage: Extracting the data
Difficulty: Email is not a structured format
Workaround: bashing things with bash until happy
Code (
# irker wrapper helper thingy

while read line; do
        # echo $line # debug
        echo $line | grep -q "X-VCS-Repository:" && REPO=${line/X-VCS-Repository: /}
        echo $line | grep -q "X-VCS-Committer:"  && AUTHOR=${line/X-VCS-Committer:/}
        echo $line | grep -q "X-VCS-Directories:"  &&  DIRECTORIES=${line/X-VCS-Directories:/}
        echo $line | grep -q "Subject:"  && SUBJECT=${line/Subject:/}

COMMIT_MSG=`echo -e $EVERYTHING | grep "Log:" -A1 | grep -v "Log:"`

ssh "{\"to\": [\"irc://\"], \"privmsg\": \"$REPO: ${AUTHOR} ${DIRECTORIES}: $COMMIT_MSG \"}"
Why the ssh stuff? Well, the server where the mails arrive is a bit restricted, hard to run a daemon there 'n stuff, so let's just pipe it somewhere more liberal

Third stage: Sending the notifications
Difficulty: How to communicate with irkerd?
Workaround: nc, a hammer, a few thumbs

echo $@ | nc --send-only 6659
And that's how the magic works.

Bonus trick: using command="" in ~/.ssh/authorized_keys

... and now I really need a beer :)

October 12, 2012
Raúl Porcel a.k.a. armin76 (homepage, stats, bugs)
Beaglebone documentation updated (October 12, 2012, 17:06 UTC)

Hi all,

I’ve got some reports that my Beaglebone guide is outdated and giving some troubles regarding the bootloader and kernel.

While as of vanilla kernel 3.6.1 doesn’t support the beaglebone, U-Boot 2012.10-rc3 does support it, so i’ve tested all thechanges and updated the guide accordingly.

You can find it in
Some changes i’ve noticed in almost a year since i did the documentation:

  • The bug (by design they said) which made the USB port stop working after unplugging a device (check my post about the Beaglebone) is now fixed
  • CPU scaling is working, although the default governor is ‘userspace’. The default speed with this governor is:

a) 600MHz if powering it using a PSU through the 5V power connector, remember that the maximum speed of the  Beaglebone is 720MHz

b) 500MHz if powering it using the mini-USB port

Have fun

October 11, 2012
Diego E. Pettenò a.k.a. flameeyes (homepage, stats, bugs)
How Flattr grew back for me (October 11, 2012, 15:21 UTC)

I wrote about flattr more than a couple of times in the past. In particular, I’ve complained about the fact that its system made it difficult for people not take their money out, as they take a continuous 10% stream out of each people’s revenue monthly. Also, the revenue out of Flattr at least for me has been, for a while, just a notch above that of Google’s AdSense, which does not require direct interaction from users to begin with.

But one of the things they stared this year made it possible to increase significantly (well depending on your habits) the amount of money that runs in the system. Socialvest is a very neat service that uses the various affiliate systems to gather you funds that you can then employ to donate straight to a non-profit (including Flattr itself!) and if you link it with your Flattr account, you’ll also see that money transferred to your Flattr funds, which you can then use to flattr others.

For the user it’s extremely simple actually: you install a browser extension, and then go around doing your online shopping as usual. Some websites will show up a ribbon telling you that you can use Socialvest with them, in which case the extension injects the needed affiliate code into the order forms so that you get your “rebate”. Considering that Amazon has a 4% affiliate fee, it’s extremely interesting, as I do most of my shopping on Amazon (ThinkGeek also should be supported but when I tried, it seemed like it didn’t work as intended, unfortunately). The nicest part is that it seems to work fine with gift cards as well.

Using SocialVest hasn’t really changed my spending habits — although it did change my preference in where to buy TV series and music, from Apple’s iTunes Store to Amazon’s stores. This was helped by me getting a Kindle Fire and Amazon releasing an Instant Video app for iPad. And now from the fact that Amazon launched the MP3 Store in Italy as well. Furthermore it seems like the J-Pop catalogue in Amazon is quite bigger than Apple’s, and that’s good news for me.

So go on, if you’re using Flattr, and go to Socialvest to have more funds to flattr the content you care about. There’s nothing to lose in my opinion.

October 10, 2012
Andreas K. Hüttel a.k.a. dilfridge (homepage, stats, bugs)
Kudos to Lenovo / IBM service (October 10, 2012, 20:53 UTC)

Since over a year I'm the happy owner of a Lenovo Thinkpad T520, and on the whole I can only recommend it as a power-user Linux machine. Excellent for day-to-day work as well as measurement data processing, Gentoo runs on it nicely, and with a Core i5 and 8G RAM even app-office/libreoffice has lost its horrors. Since I'm travelling often and also tend to working on the weekend in one of these beautiful cafes in the historic city centre of Regensburg, I'm relying on it a lot. So when I bought it, I added a ThinkPlus warranty upgrade to the basket, according to the paperwork 3 years next-workday on-site service for 87€.
The surprise of last friday evening was the laptop's complete refusal to boot. Just some blinking of the power indicator, nothing else. No idea what caused it... Anyway. I started worrying, even took out the harddrive and replaced it with a blank one I had lying around, and prepared myself for being laptop-less for a while.
Called service tuesday morning. A technician called me back wednesday morning, and came along wednesday afternoon. After about 90min, the laptop was completely disassembled, reassembled with a new mainboard and the original hard drive, and worked flawlessly. Yay! One happy customer.

Tomáš Chvátal a.k.a. scarabeus (homepage, stats, bugs)
Why I don’t like Android so much (October 10, 2012, 10:47 UTC)

Or better why I don’t like basically all phone/tablet OSes. But as I am having most stuff on droid I have most issues with it.

So lets take look why I don’t like the thing and what annoys me a lot.

Vendor support

Nowadays when you buy your computer or anything else it gets more often morally old rather than out of scope. This means your HW is capable of doing all taks you would expect from it, but you are upgrading anyway for some small advantage (usually less watt consumption and so on). If you would decide to keep your old hardware and not to upgrade you should be pretty fine with getting all the fancy and shiny updates both for features and security fixes.

Just for simple test you can grab some old P4 1GHz cpu and give it latest Windows and it will install and boot (and probably behave way better than the Windows ME you bought with it in first place :D) the same applies here with running latest linux distros. So what am I proving here is that when you take computer hw from year 2000 you still get it running with most of the stuff secured and supported if you want to.

With the Android the situation is completely different. Each vendor (HTC, Samsung, Motorola) has its own branded version of Android where they are providing their updates only. By providing I mean you get lucky if you get one year of some semi-updates and maybe even one version bump if you are super lucky (eg 1.6 -> 2.2). This leaves you with hardware which have more computing power than the above mentioned P4 first generation without any chance to use software that can ensure your safety (malware, viruses, etc.) and usefulness (bugfixes, meh for restarting tablet every 2 hours when watching youtube). So you as consumer are in situation when you HAVE to buy a new phone if you want to be safe.

One can always buy the Google branded phones/tablets where the support is bit better, those machines get the updates for 2 years before you have to throw them away for new model (which is most ideal for american customer that gets new phone every two years for contract renewal) but still compared to laptops and PCs its huge waste of working resources.

The vendor not providing support is not such big deal by default if all their patches were included into the android core and drivers so anyone (eg. Cyanogenmod) would be able to just pick up where they stop and provide you support with their release. But on quite some HW it is not possible. Samsung does not provide drivers, Motorola locks bootloader (Yay and they are even bought by Google!)…

Multiuser support

Or actually no multiuser support at all.

On a phone it is not such biggie as you mostly don’t allow other people to mess with your phone but on tablet the situation is completely different. You want your kids or other relatives to mess with the thing and play some angry birds or whatever else they have full access to your contacts, history, credit card (if you used the play to buy something).

So basically the user management situation is similar to time around Windows 98 where there was just one login on the computer and everyone in family used that.

Instead of having nice and contained space for your own browsing history, naughty photos of your girlfriend, credit card data, contacts, … everything is meshed up together and you can’t ensure your own privacy there.

The only way out of this is probably looking forward to Vivaldi tablet (the KDE one, not sure if this is still the name) or buy one tablet per person.


Android basically does not work in normal mutlitasking environment one is used to know from desktop computers. The core reason for this used to be not having enough RAM (really pointless at the point the devices have 1-2GB+).

So normaly everything you start is opened and runs in your background where you can switch between those up to the point you get out of memory. Then the unused processes start to be closed. This can be worked around by using some task manager to kill the apps you want to kill and not those least used, but it is external app and not system solution.

Also in some cases as android is separating the term app and process and multiple launched apps can share one process if you hang one you shoot down everything :-)


So that are the 3 itches I personaly have on Android. Let me know how do you feel about the platform in comments as I am interested how it is perceived by others. Maybe I am just paranoid or something…