Gentoo Universe

packages website going offline for a while

2009-11-07T16:35:07Z

I've been on a roll to clean house lately, and part of that is simplifying my hardware setup. One thing that needs to be ripped out completely is my old server, which is getting to be a real pain to maintain. Mostly it's just my personal stuff on there, but the ebuild packages website is also running on there right now. Between now and Tuesday, I'm going to take it down since I'm going to be rearranging my hardware setup anyway. I'm not going to bring the old website back online, either. The code for the new one is almost complete, and it will use a lot less resources. There's gonna bet lots of cool stuff on the new one: better feeds, simpler interface, new domain name and hopefully a new design as well. Oh, and the scripts aren't dependent upon portage anymore, which is the real crutch right now. I have to run an old version of portage (2.1.4.5) that isn't even in the tree anymore, and it's making updates painful or impossible.

The new site will also run on my dedicated Linode, where I think I've finally correctly managed the apache issues, so that means there will be less arbitrary downtime as I screw around with my box here at home. I really hate running servers at home that other people are dependent on, because I like the freedom to change things around without affecting anyone. Right now, the old site is so CPU intensive, that I can't move it over to the VPS.

The code for the new site is much cleaner. The entire thing is rewritten in OOP classes to access the portage tree, which makes my job incredibly easier. Not to mention it's a lot faster. It'll still be a bit before I get it online, but killing it will inspire me to push it along. I'm tired of having this thing limp around when it's just a dead albatross around my neck right now. So, farewell. The new one will be better.

Debating future tinderbox work

2009-11-07T14:46:36Z

I’ve been not working on the tinderbox lately because my “daily job” (which is not really daily) swamped me out badly. Since this week I’m going to London to take some days off, I’ll probably get back to the tinderbox after that.

For the next ride of the tinderbox, there is at least one thing that’s definitely going to be interesting: the new X11R7.5 release means that quite a bit of packages might not build at all since they don’t have the new includes fixed. I found one or two packages with such problems while doing Yamato’s root filesystem rebuild (after glibc 2.11 update).

There is another interesting idea that I should probably toy with: the way the tinderbox works, it tests all non-masked packages; by QA standards, those should not use the network at build time. During my world rebuild this night, network went offline, and one package failed since it tried to wget a piece of source from the network. And it’s not even the first one lately.

Thanks to the fact that my tinderbox uses containers I can easily isolate it out of the network so that it cannot access the network, and then make sure that the ebuilds trying to use the network get their access refused.

The other problem to cope with is the size of the logs and the fact that I still lack an analysis script and thus opening new batches of bugs requires a huge amount of work, especially when it comes to attaching the log and getting some information out of it.

Any suggestion on how to proceed with the tinderbox will definitely be welcome.

links for 2009-11-06

2009-11-07T01:56:11Z

The trough of disillusionment for Ubuntu?

“The Hype Cycle describes the way that new technologies and projects are perceived over time, if they do a good job of handling themselves, going from a technology trigger, inflated expectations, disillusionment, enlightenment, before arriving at “the plateau of productivity” – a state where there is no more hype and the new technology is simply a normal part of our lives.”

The perception over the past few years that Gentoo is dying is in reality Gentoo’s arrival at the plateau of productivity. Hype has gone away and remaining is a distribution with a true niche that fits into the broader Linux ecosystem.

(tags: gentoo communication)

Tagged: communication, gentoo, greatness, pr

hardware setup

2009-11-06T16:01:41Z

I got woken up this morning at about 5:30 because my server's fan was so loud. Seriously. Actually, I think I had trouble sleeping anyway, but it was unusually noisy, and when I woke up, the first thing I thought was, "what the heck is that noise?" The rear fan in the ATX case of my server is precariously placed, and if the elements don't align quite right, it rattles quite a bit, and that's what happened here.

This is the server that houses all my media files, so I can't really just rip it out and replace it with something else. It has two 750 GB drives right now which make up my entire library space.

I shut the sucker down for a bit so I could pop it open and see if I could adjust the fan and blow out some of the dust in there. While it was powered down, it was so quiet in the room, I couldn't believe it. I forgot how much noise these things make.

Since I was already up, I decided to look into some ways to either reduce the noise pollution or find an alternative storage setup. I've got a spare Mini-ITX system and a spare external SATA drive enclosure, so I decided to fire that up and see how good my transfer rate would be if I just used external drives with a fanless low-powered Mini-ITX. By the time I left for work, I was in the middle of transferring a bunch of media files over to the new harddrive, so I guess I'll find out later. But the transfer rate was at about 8 MB/s, so I think it's safe to say that it'll work out pretty nice.

I'm hoping that this setup will work in the future for my dream scenario: a quiet file server. I figure if I can buy a few 1.5 TB harddrives, and plug them all into external SATA enclosures, then I should be good to go.

I went ahead and bought a Western Digital Green 1.5 TB harddrive this morning, too, to replace my other drives in the server. I know the Green line of harddrives isn't the fastest of the line, but I think that, for my circumstances, it'll run just fine. They run between 5200 and 7200 RPM. Less speed should mean less heat, which would make me worry not as much about having it as an external drive being passively cooled. I'm not gonna be using it as the OS, for the Mini, I'm already running that off of a 4GB USB drive, and that runs plenty fast. The only thing it'll do is just be serving up media over the wired network. As long as the read speed is decent, I probably won't have any complaints.

vncunused problem with Windows on Xen 3.4.1

2009-11-06T15:09:45Z

Recently I upgraded a Xen server to 3.4.1 and encountered a strange problem. I've upgraded similar servers before without any problems, but on this one the Windows XP guest complained:
# xm create /etc/xen/winxp.cfg Using config file "/etc/xen/winxp.cfg". Error: Domain 'winxp' does not exist.

The log files were quite sparse with information but the relevant sections of xend.log seems to be:
[2009-11-06 15:44:14 5365] WARNING (image:493) domain winxp: device model failure: pid 22777: exited with nonzero status 1; see /var/log/xen/qemu-dm-winxp.log [2009-11-06 15:44:14 5365] WARNING (XendDomainInfo:1878) Domain has crashed: name=winxp id=20. [2009-11-06 15:44:14 5365] ERROR (XendDomainInfo:2012) VM winxp restarting too fast (Elapsed time: 0.285470 seconds). Refusing to restart to avoid loops.

And qemu-dm-winxp.log was equally silent about details:
domid: 22 qemu: the number of cpus is 1 config qemu network with xen bridge for tap22.0 xenbr0 Watching /local/domain/0/device-model/22/logdirty/next-active Watching /local/domain/0/device-model/22/command qemu_map_cache_init nr_buckets = 10000 size 4194304 shared page at pfn feffd buffered io page at pfn feffb Guest uuid = 3ef34fd1-842d-0cbd-9782-29d8d597c36b Time offset set 0 populating video RAM at ff000000 mapping video RAM from ff000000 Register xen platform. Done register platform. xs_read(/vm/3ef34fd1-842d-0cbd-9782-29d8d597c36b/log-throttling): read error platform_fixed_ioport: changed ro/rw state of ROM memory area. now is rw state. xs_read(/local/domain/0/device-model/22/xen_extended_power_mgmt): read error xs_read(): vncpasswd get error. /vm/3ef34fd1-842d-0cbd-9782-29d8d597c36b/vncpasswd. bind() failed

And only the last line seems to be the problem. Googling a bit turned up this link, which suggest to comment out vncunused = 0 and VOILA the Windows domain now boots again.

Gentoo KDE3 Deprecation Notice

2009-11-06T10:03:27Z

Please turn your KDE radio on, and make sure to increase the volume to its maximum level for this important message.

After multiple setbacks we have finally managed to stabilise KDE4 on both major desktop architectures (amd64 and x86), with other teams to follow.

For this and other reasons as discussed , those of you who still use KDE3 should be seriously considering an upgrade in the near future.

The KDE3 support is being deprecated with immediate effect. This means that ebuilds are dropping KDE3 support where they were broken, or clashing with KDE4.

If you wish to still use KDE3, and you want to help others with having KDE3 around, drop a mail to kde@gentoo.org, where we can give you commit access to the special overlay which will specifically contain only KDE3 packages.
This overlay (named kde3) can be easily used via layman.

Sadly upstream is not supporting KDE3 anymore and we simply lack the manpower to keep support for both (as you might have noticed in the past few months KDE3 has become more and more rusty for which we humbly apologize).

Sorry to bring you the bad news and with hope that KDE4 will suit your needs,

Tomas Chvatal
KDE Teams substituting Lead

KUDOS to Nirbheek Chauhan and David Abbott for helping to put this announcement together and Alec Warner for proofreading it.

KDE in Gentoo, an update

2009-11-05T15:22:59Z

KDE 4.3.3 was released on Tuesday, with ebuilds instantly available to users in the main tree.

We also have KDE 4.3.1 in stable \o/

KDE 3.5 is on its way out of portage, with kde-sunset being the overlay that will (hopefully) be maintained by users still interested in it.

Finally, KDE 4.4 Beta 1 is due December 1st and you’ll find it in the kde-testing overlay as usual

Distributions are the strength of Linux

2009-11-04T20:56:18Z

People disagree, some people think that no operating system has any need for distributions, with all their difference and their central repositories that aren’t as central. But one of the thing that impress most the users who switch is, in many cases (at least that I could look at myself) the presence of distributions and the ability to install almost any software by simply looking it up in the package manager.

This said, when people think that overcomplex solutions are a perfect way to solve the issues that “vendors” have with distributing their software, you’re probably missing the point quite a bit. Instead of proposing changes in all the possible layers of the operating system stack, you should try to speak with with the distributors and see what you can do to make your software behave in such a way that they can lift the “send the software to the user” problem from you.

It’s a tremendously important point I’m making here: when you develop your software coming from a Windows background to work on Linux, youŕe probably making a huge amount of mistakes; the most common one is to assume that the directory to work on is the directory the program is in, or that the current working directory is the home of the user. Both differ between Windows and Linux. Fixing these minor issues is usually trivial, if you have access to the code, and if you’re willing to bend a bit around to accommodate the requests. In the case that icculus brought up, the proper solution is, generally, splitting the data from the engine, so that you can reuse the data between different architectures, and have a different engine for each architecture; or have a single huge download with all the architectures available, if they are, say, 10% over the size of the data.

The main point here is still that you have first to remember that distributions exist and that users like to rely on them (most of the time) and second to understand that neither the Windows way nor the OS X way applies to Linux. This doesn’t make Linux right and the other wrong, or vice-versa; they are three different worlds, and each one has its own good and bad side.

The biggest mistake in misunderstanding Linux for just another Windows version is providing a setup program, even worse a graphical setup program. If your software has no drivers to install, nothing to register itself into (there is no registry on Linux, after all), you most likely should not give that as the only option. First of all such a program would rarely tell you what’s going to do, and you’d also be going to run that with root privileges to install the stuff, so why should you trust proprietary software with root on your system? Of course if you’re just a “Joe User” you won’t care, you have no clue about that, but any decently skilled user would know that it’s never a good idea to trust any software you cannot control with root privileges on your box.

The second misconception is that some people seem to think that it’s a task for upstream of a project – be it a proprietary software vendor or a free software project – to provide binaries, installer and packages. This is the main reason why that silly FatELF idea is still tickling on some people. Well, let me say it once and for all it’s the distributions’ task to provide packages to the users!

Of course the problem is that distributions rarely can provide all the possible software in the world as package, may it be because their policy is to only allow Free Software (like Debian and Fedora) or for other reasons. In any case the solution is not to say “The distributions are the problem” but rather to wonder “Why are they not packaging my software?”. Of course when the problem is policy related to the license there is little to do, so you’re forced to rely on third party repositories (like RPM Fusion ) that don’t have such problems with policies. In general, a very little leeway for the distributions can go a great deal into making your software available to users.

All kind of projects who want to reach for users should listen to the distributors: that means that if a distributor complain about the way you (don’t) release software, for instance because you only use a “live” repository for the users to use, or about the way you make use of bundled libraries, you should most likely discuss with them a way to handle the situation; failing to do that is going to drive the distributor away (and then you’d probably be complaining that you’ll have to provide binaries for that distribution yourself). Unfortunately I’m quite sure that especially icculus have problems with stuff like that, given I’ve reported more than one Gentoo policy violation for ebuilds that come from icculus.

For proprietary software, this often goes not as much into the way of changing the development of the software but rather to change some distribution details: allow the developer to redistribute your software (so don’t use strange click-through download systems, don’t require the user to go a long way to find what it has to download); give a “raw tarball” option that the distribution can use as source for their packaging, be it binary packages, or source-based packages like Gentoo’s.

Move the packaging task to the packagers, they know it better.

And if you’re developing proprietary commercial software, you might want to approach some developers, and eventually give out some free licenses for them to play with so that they can package the software, and eventually give you feedback in what they would like for you to change. Most of the time, packagers are pretty pragmatic and will not be scared off by “helping proprietary software”; for instance in my overlay you can find some packaging for the Visual Paradigm Suite for which I bought a license a few weeks ago (I needed a working UML software for a job); it’s nowhere near Gentoo-ready, but I’ve not given up on it; since the Visual Paradigm customer support is also quite ready to answer to problems and suggestions, I’ve been sending them my feedback, both as user and as packager. Hopefully I might get to the point where the package is fine with Gentoo policies and I can add it to the main tree normally.

A similar situation happens with the EntropyKey software packaging since I was interested I got two of those and packaged it up; if upstream was interested in packaging this beyond their own support (I think they already have a Debian packager as part of the staff anyway), they could have created a developer program for distributors, and I’m pretty sure almost all distributors would have supported the ekeyd software in no time.

Yes, I am seeing all this situation from a packager point of view, but that’s because I definitely like this approach and instead of resent us for “not providing the stuff you want” or attacking distributions because “you have to make dozens of different packages”, try working with them. Like I said before, Ryan should stop keep inside his own little world where he can do whatever he wants and then expect people to bend at his needs, he should listen to the needs of distributors (which aren’t really so impossible!) and so should anybody who want to enter the Linux ecosystem as it is now.

And it’s definitely not only proprietary software that still doesn’t get this, Mozilla has had a hard time to get to work with distributors, OpenOffice still has such a hard time, Avidemux is a perfect example of how a package gets to ignore all the possible distribution requests (by still shipping a modified FFmpeg for instance).

Most of the time, the reasons why developers don’t want to make accommodations for distributions, are stuff along the lines of “I don’t see what difference does it make”… which is also the very reason why they have such a hard time to get their packaging together.

my blu-ray ripping trial run

2009-11-04T15:04:54Z

Yesterday, I wanted to see if I could rip a Blu-Ray disc using my PS3. I really want to get a BD-ROM drive, but they are so expensive still, and since I can install Linux on my PS3, I figured maybe I'd try and save myself some money and see if I could manage to get one ripped and decrypted. It actually worked, which surprised me. Ripping the disc was the simplest thing in the world, but the key on the movie I tried (Willy Wonka and the Chocolate Factory) was too new, and currently only AnyDVD has support for it. I'd love to buy a copy of that, but it only runs in Windows, and it's really expensive. Instead, I'll just have to wait for the keys to pop up eventually on the doom9 forums.

The first step, though, was getting the PS3 to run Linux. I took the shamelessly easy way out (and I don't regret it either) and installed Xubuntu. I won't go into details about how I got Linux on my PS3 since that's well documented. I will say that I remember quite vividly now why I can't stand binary distros. Bleh.

The BD filesystem is UDF. Providing you have a recent kernel (2.6.20, I think) with UDF v2.5 support, you are good to go. I mounted a remote share and just dumped the disc to an ISO file onto my desktop.

$ cat /media/cdrom0 > wonka.iso

That was the easy part.

The hard part was trying to get it decrypted. I had to use Java tools (bleh) to get to the source. There are three applications you need. And if you hate digging through forums and using download services, then I've got direct links for yah:

For Gentoo, you'll need to install the JDK to build the aacskeys library and binary. I just emerged dev-java/sun-jdk and it worked for me (I know absolutely nothing about Java, but my stabbing in the dark miraculously worked). You'll also need a runtime environment to actually execute the stuff, and I emerged dev-java/sun-jre-bin and that worked fine, too on my amd64 box.

For aacskeys and Gentoo, you'll need to apply this patch that I cobbled together from what I found on the doom9 forums to get it to compile. It just fixes the Java include directorys for the Makefile.

Now, I'm still a bit fuzzy about what each program does, and whether you need all of them or not, so I won't go into a lot of detail. What you want to use, though, is the dumphd program. But to use it, you'll need to copy the aacskeys library and a file from the bdvmdbg package as well into the path or same directory as the dumphd program.

Once you have that, you can just run dumphd.sh and it'll fire up a simple little GUI telling you if it has all the libraries it needs. Then you just specify the source and destination, and aacskeys will see if it has a working key to access the disc.

I can't really give much more detail than that, since I'm so new to this. Suffice it to say, if you read the accompanying README doc that comes with each one, you'll get along just fine.

It took me a long time last night to get just one disc ripped and transferred over my subnet to try it out, and by the time I managed to get it mounted (mount -o loop -t udf wonka.iso /mnt/udf) and access it, it was pretty late. The keys I had didn't work for my disc, and I didn't want to try the whole procedure over to try another disc.

Anyway, good luck if you try it. One thing that impressed me is how much simpler it was than I thought it'd be, but what a pain it was trying to figure out where things went wrong. The doom9 forums are a good resource, but not exactly the best place to find clear, concise information for a beginner. That part was frustrating.

Personally, I don't think it's worth the hassle right now, the way I did it. I'll get a BD-ROM sooner or later so I don't have to transfer the content over the network and can instead just test it directly. But, I started out to see if I could at least get a copy of the ISO and get the tools running all without Windows, and I can. So, that's progress right there.

ELF should rather be on a diet

2009-11-04T14:08:06Z

I’ve been first linked the FatELF project in late October by our very own solar; I wanted to write some commentary about it but I couldn’t find the time; today the news is that the author gave up on it after both Linux kernel and GLIBC developer dissed his idea. The post where he noted his intention to discontinue the project looks one drama-queen of a post regarding the idea of contributing to other projects… I say that because, well, it’s always going to be this way if you think about an idea, don’t discuss it before implementing, and then feel angry for the rejection when it comes. I’m pretty sure that no rejection was personal in this rejection, and I can tell you that what I would have written after reading about it the first time would have been “Nice Proof of Concept, but it’s not going to fly”.

Let’s first introduce the idea behind the project: to copy Apple’s “Universal Binaries”, that technique that allowed programs to run both on PPC-based Mac as well as the new Intel-based Mac when they decided to make the transaction, this time applying the same principle to the ELF files that are used on basically all modern UNIX and Unix-like systems (Linux, *BSD, Solaris). There is a strange list of benefits in the project’s homepage; I say strange because they really seem straw arguments for creating FatELF, since I rarely have seen this applied in real world.

Let’s be clear, when Ulrich Drepper (who’s definitely not the most charming developer in our community) says this:

Yes. It is a “solution” which adds costs in many, many places for a problem that doesn’t exist. I don’t see why people even spend a second thinking about this.

I’m not agreeing to the fact that nobody should have spent a second thinking about the idea; toying with ideas, even silly ideas like this one (because as you’ll soon see, this is a silly idea), is always worth it: it gives you an idea of how stuff works, they might actually lead somewhere, or they might simply give yo the sense of proportion of why they don’t work. But there are things to consider when doing stuff like this, and the first is that if there is a status quo, it might be worth discussing the reason of that status quo before going in full sprint and spend a huge amount of time to implement something, as the chance that’s just not going to work is quite high.

To make an example of another status quo-fiddling idea, you might remember Michael Meeks’s direct bindings for ELF files; the idea was definitely interesting, it proven quite fast as well, but it didn’t lead anywhere; Michael, and others including me, “wasted” time in testing it out, even though it was later blocked by Drepper with enough reasons and it’s no longer worked on. Let me qualify that “wasted” though: it was wasted only from the point of view of that particular feature, which led nowhere, but that particular work was what actually made me learn how the two linkers worked together, and got me interested in problems of visibility and cow as well as finding out one xine bug that would have been absolutely voodoo to me if I didn’t spend time learning about symbol resolution before.

Back to FatELF now: why do I think the idea is silly? Why am I agreeing with Drepper about the fact that it’s a solution with too high costs for the unrequested results? Well the first point to make is when Apple made the first step toward universal binaries; if you think the idea sprouted during the PPC to Intel transition, you’re wrong. As Wikipedia notes Apple’s first fat binary implementation dates back to 1994. During the M68K to PPC transition. Replicating the same procedure for an architecture change wasn’t extremely difficult to them to begin with, even though it wasn’t OSX that was used during that particular transition. The other fact is that the first Intel transition was – for their good or bad – a temporary one. As you can probably have noted, they are now transitioning from i386 software to x86-64 software (after my post on PIE you can probably guess why that’s definitely important to them).

But it goes much further than that: Apple has a long history of allowing users to port the content their computer from one to the next with each update, and at the same time they have a lot of third party providing software; since third parties started upgrading to universal binaries before Intel Macs were released for the users, if users kept up to date with the release, one they got their new Intel Mac they would just had to copy the content from the old to the new system and be done with it. This is definitely due to the target audience of Apple.

There is another thing to know about Apple and OS X, that you might not know about if you’ve never used a Mac: applications are distributed in bundles, which are nothing more than a directory structure, inside which the actual binary is hidden; inside the bundle you find all the resources that are needed for the program to run (translations, pictures, help files, generic data files, and so on). To copy an application you only have to copy the bundle, to remove almost all applications you just shove the bundle in the trash can. This forces distributions to happen in bundles as well, which is why Universal Binaries were so important to Apple: the same bundle had to work for all people so that it could still be copied identical between one computer to the other and work, no matter the architecture. This is also why, comparing the size of bundles built Universal, PPC-only and Intel-only, the first is not as big as the size of the other two: all the external resources are shared.

So back to Linux, and see how this applies: with a single notable exception all the Linux distributions out there use a more or less standard Filesystem Hierarchy Standard compatible layout (some use LSB-compatible layout, the two are not one and the same, but the whole idea is definitely similar). In such a setup, there are no bundles, and the executable code is already separated from the code that is not architecture-dependent (/usr/share) and thus shareable. So the only parts that cannot be shared, that FatELF would allow to be shared are the executable code parts, like /bin and /lib.

Now let’s start with understanding where the whole idea is going to be applied: first of all, Linux distributions, by their own design, have a central repository for software, which OS X does not have; and that central repository can be set up at installation time for getting the correct version of the software, without asking the user to know about the architecture by itself. The idea of using fat binaries to reduce the size of that repository is moot: the shareable data is already, for most distributions I know, shared in -noarch packages (arch-independent); the only thing you’d be able to spare would be the metadata of packages, which I’m quite sure for most “big” applications is not going to be that important. And on the other hand, the space you’d be saving on the repository side is going to be wasted by the users on their harddrive (which is definitely going to be disproportionally smaller) and by the bandwidth used to push the data around (hey, if even Google is trying to reduce the downloaded size fatelf is not only going against the status quo but also the technical trend!).

And while I’m quite sure people are going to say that once again, disk space is cheap nowadays, and thus throwing more disks at the problem is going to fix it, there is one place where it’s quite difficult to throw more space at it: CDs and DVDs, which is actually one of the things that FatELF is proposing to make easier, probably in light of users not knowing whether their architecture is x86, amd64 or whatever else. Well, this is already been tackled by projects such as SysRescueCD that provide two kernels and a single userland for the two architectures, given that x86-64 can run x86 code.

The benefits listed in FatELF’s page seem also to focus somewhat to the transition between one arch and the other, like it’s now happening between x86 and x86-64; sure it looks like a big transition and quite a few players in the market are striving to do their best to make the thing as smooth as possible, but either we start thinking of the new x86-64 as the arch, and keep x86 as legacy, or we’re going to get stuck in a transition state forever; Universal Binaries for Apple played a fundamental role in what has been a temporary transition, and one they actually completed quite fast: Snow Leopard does no longer support PPC systems, and everybody is expected the next iteration (10.7) to drop support for 32-bit Intel processors entirely to make the best use of the new 64-bit capabilities. Sure there could be some better handling of transitioning between architectures in Linux as well, especially for people migrating from one system to the other, but given the way distributions work, it’s much easier for a new install to pick up the home directories set up in the older system, import the configuration, and then install the same packages that are installed in the previous one.

After all, FatELF is a trade-off: you trade bigger binaries for almost-universal compatibility. But is the space the only problem at stake here? Not at all; to support something like FatELF you need changes at a high number of layers; the same project page shows that changes were needed in the Linux kernel, the C library (glibc only, but Linux supports uclibc as well), binutils, gdb, elfutils and so on. For interpreted language bindings you also have to count in changing the way Ruby, Python, Java, and the others load their libraries since they now hardcode the architecture information in the path.

Now, let’s get to the real only speakable benefit in that page:

A download that is largely data and not executable code, such as a large video game, doesn’t need to use disproportionate amounts of disk space and bandwidth to supply builds for multiple architectures. Just supply one, with a slightly larger binary with the otherwise unchanged hundreds of megabytes of data.

You might or might know that icculus.org where the FatELF project is hosted is the home of the Linux port of Quake and other similar games, so this is likely the only real problem that was, up to now, really come up before: having big packages for multiple arches that consists mostly of shareable data. As said before, distributions already have architecture-independent packages most of the time; it’s also not uncommon for games to separate the data from the engine source itself, since the engine is much more likely to change than the data (and at the same time, if you use the source version you still need the same data as the binary version). The easiest solution is thus to detach the engine from the data and get the two downloaded separately; I wonder what the issue is with that.

On the other hand, there is a much easier way to handle all this: ship multiple separate ELF binaries in the same binary package, then add a simple sh script that calls the right one for the current host. This is quite easy to do, and requires no change at any of the previously-noted layers. Of course, there is another point made on the FatELF project page that this does not work with libraries… but it’s really not that of an issue, since the script can also set LD_LIBRARY_PATH to point to the correct path for the current architecture as well. Again, this would solve the same exact problem for vendors without requiring any change at all in the layers of the operating system. It’s transparent, it’s easy, it’s perfectly feasible.

I hear already people complaining “but a single FatELF file would be smaller than multiple ELF files!”. Not really. What you can share between the different ELF objects, in theory, is still metadata only (and I’m not convinced by the project page alone that that’s what it’s going to do, it seems to me like it’s a sheer bundling of files together): SONAME, NEEDED entries and similar. Unless you also start bundling different operating systems together – which is what the project also seem to hint at – because in that case you also have no warranty that the metadata is going to be the same: the same code will require different libraries depending on the operating system it’s built for.

Generally, an ELF file is composed of executable code, data, metadata related to the ELF file itself, and then metadata related to the executable code (symbol tables, debugging information) and metadata related to the data (relocations). You can barely share the file’s metadata between architectures, you definitely cannot share it between operating systems as stated above (different SONAME rules, different NEEDED).

You could share string data, since that’s actually the same between different architectures and operating systems most of the time but that’s not really a good reason; you cannot share constant data because there are different ordering, different sizes and different paddings across architectures, even two very alike like x86 and x86-64 (which is why it’s basically impossible to have inter-ABI calls!).

You cannot share debugging information either (which might be the big part of an ELF file) because it’s tied to the offset of the executable code, and the same applies to the symbol tables.

So, bottomline, since there are quite a few strawy benefits on the FatELF project page, here is a list of problems caused by that approach:

introduces a non-trivial amount of new code at various layers of the system (kernel, loader, linker, compiler, debugger, language interpreters, …), it doesn’t matter that a lot of that code is already published by now, it has to be maintained long-time as well, and this introduces a huge amount of complexity;
would increase dramatically the size of downloading packages for the optimistic case (a single architecture throughout a household or organisation) since each package would comprise of multiple architectures at once;
would use up more space on disk since each executable and library would then be duplicated entirely multiple times; note that at the time Universal Binaries started popping up on systems, more than one software was released to strip the other architecture out of them to reduce space to be wasted on already-ported or won’t-be-ported systems; while FatELF obviously comes with the utilities by itself, I’m pretty sure most tech-savvy users would then decide simply to strip off the architectures that are useless to them;
would require non-trivial cross-compilation from build servers which right now all the distributions, as far as I know, tend to avoid.

In general, distributions will definitely never going to want to use this; free software projects would probably employ better their time by making sure the software is easily available in distributions (which often means they should talk to distributors to make sure their software has an usable build system and runtime configuration); proprietary software vendors might be interested in something like that – if they are insane or know nothing about ELF, that is – but even then the whole stack of changes needed is going to be way disproportionate to the advantages/

So I’m sorry if Ryan feels bad about contributing to other projects now because people turned down his idea, but maybe he should try for once to get out of his little world and see how things work with other projects involved, like discussing stuff first, asking around and proposing: people would have turned him down with probably most of the same arguments I used here today, without him having to spend time writing unused (and unusable) code.

Fixing CDR records for anonymous calls with Asterisk

2009-11-04T13:16:29Z

Yesterday I was faced with an Asterisk problem logging src CDR records as anonymous, when dialing anonymously from a Snom SIP phone. In this particular situation it was OK to use anonymous as callerid, but not in the CDR records.

Using something like Set(CDR(src)=12345678) doesn't work since most of the CDR records are read-only. Also using Set(CALLERID(num)=12345678) also doesn't give you the expected result for the src CDR record.

However if you set the ANI callerid you will get the expected result, like this: Set(CALLERID(ANI)=12345678).

RTSP clients' special hell

2009-11-03T22:15:25Z

This week, in Orvieto, Italy, there was OOoCon 2009 and the lscube team (also known as “the rest of the feng developer beside me”) was there to handle the live audio/video steaming.

During the preparations, Luca called me one morning, complaining that the new RTSP parser in feng (which I wrote almost single handedly) refused to play nice with the VLC version shipped with Ubuntu 9.04: the problem was tracked down to be in the parser for the Range header, in particular in the normal play time value parsing: the RFC states that I’m expecting a decimal value with a dot (.) as the separator, but VLC is sending a comma (,) which my parser is refusing.

Given Luca actually woke me up while I was in bed, it was a strange presence of mind that let me ask him which language (locale) was the system set in: Italian. Telling him to try using the C locale was enough to get VLC to comply with the protocol. The problem here is that the separators for decimal places and thousands are locale-dependent characters; while most programming languages obviously limit themselves at supporting the dot, and a lot of software likewise use that no matter what the locale is (for instance right now I have Transmission open and the download/upload stats use the dot, even though my system is configured in Italian). Funny that this problem came up during an OpenOffice event, given that’s definitely one of the most known software that actually rely (and sometimes messes up) with that difference.

To be precise, though, the problem here is not with VLC by itself: the problem is with the live555 (badly named media-plugins/live in Gentoo) library, which provides the generic RTSP code for VLC (and MPlayer). If you ever wrote software that dealt with float to string conversion you probably know that the standard printf()-like interface does not respect locale settings; but live555 is a C++ library and it probably uses string streams.

At any rate, the bug was known and fixed already in live555, which is what Gentoo already have, and the contributed bundled libraries of VLC have (for the Windows and OS X builds), so those three VLC instances are just fine, but the problem is still present in both the Debian and Ubuntu versions of the package which are quite outdated (as xtophe confirmed). Since the RFC does not have any conflicting use of the comma in that particular place, given the extension of the broken package (Ubuntu 9.10 also have the same problem), we decided for working it around inside the feng parser, and accepting the comma-separated decimal value instead.

From this situation, I also ended up comparing the various RTSP clients that we are trying to work with, and the results are quite mixed, which is somewhat worrisome to me:

latest VLC builds for proprietary operating systems work fine (Windows and OS X);
VLC as compiled in Gentoo also work fine, thanks Alexis!
VLC as packaged for Debian (and Ubuntu) uses a very old live555 library; the problem described here is now worked around, but I’m pretty sure it’s not the only one that we’re going to hit in the future, so it’s not a good thing that the Debian live555 packaging is so old;
VLC as packaged in Fedora fails in many different ways: it goes in a loop for about 15 minutes saying that it cannot identify the host’s IP address, then it finally seem to be able to get a clue, so it’s able to request the connection but… it starts dropping frames, saying that it cannot decode and stuff like that (I’m connected over gigabit lan);
Apple’s QuickTime X is somewhat strange; on Merrimac, since I used it to test the HTTP tunnel implementation it now only tries connecting to feng via HTTP rather than using RTSP; this works fine with the branch that implements it but fails badly in master obviously (and it doesn’t look like QuickTime gets the hint of changing to RTSP protocol); on the other hand it works fine on the laptop (that has never used the tunnel in the first place), where it uses RTSP properly;
again Apple’s QuickTime, this time on Windows, seems to be working fine.

I’m probably going to have to check the VLC/live packaging of other distributions to see how many workaround for broken stuff we might have to look out for. Which means more and more virtual machines, I’ll probably have to get one more hard drive by this pace (or I could probably replace one 320G drive with a 500G drive that I still have at home…). And I should try totem as well.

Definitely, RTSP clients are a hell of a thing to test.

closed captioning on dvds (and ripping them)

2009-11-03T21:10:38Z

In ripping my DVDs, I try to future-proof it as much as I can, by putting in as many elements as I *think* I might need or want someday down the road. One of those elements is subtitles. There are three types of subtitles that can be on DVDs -- VobSub, closed captioning and SDH -- and the first two can be extracted fairly easily. I have no idea how to access the SDH ones. I think you need either a newer DVD player or a Blu-Ray one.

I've been ripping my TV shows, and so far I haven't seen any really hard and fast rules on what to expect with them on DVD. Part of the reason is that I just haven't been paying much attention to subtitles until recently.

I was playing with ripping one show last night, and I saw the CC logo on the back of the case, so I went to check the rest of my library to see which other ones had it. Nearly my entire library of Warner Bros. DVDs displayed the logo -- even for much older cartoons (Looney Tunes, Scooby Doo) -- once again staying consistent with the fact that the studio puts a lot of effort into the quality of their releases.

I just started playing with extracting CC though, and just barely wrote the code to my DVD ripper to extract them, so I have no idea what the other series are like, if they have subtitles or not -- VobSub or CC. I usually don't find out until I actually go to rip them.

Extracting the closed captioning subtitles is a lot easier and faster than getting the VobSub streams. For Linux (and Mac and Windows) there's a nifty OSS program called ccextractor. Once you have your VOB video file on your harddrive, just run that on the movie, and it will create an SRT subtitle file of the closed captioning text. It's great, and really fast, taking probably under a minute on a 60-minute video on my box. Comparatively, when ripping a VobSub stream, you need to read the DVD directly which causes its own bottleneck, and then demux the entire stream. It takes probably around 3 to 5 minutes for an episode of the same length.

Another thing I like about the closed captioning titles is that because they are extracted as SRT, it's easy to look through them since they are just text files. If you're really anal, you can correct typos yourself. The VobSub subtitles are all bitmaps. I've also noticed that on some DVDs, where there were issues with framerates or something else, that the VobSub timestamps will be off ... and sometimes either they will show up clumped together at the beginning of the film or the sync will be way off. I think that this has to do with the dumping process, somewhere, but I'm not sure. I've never really taken the time to pin down the source.

So, with closed captioning being easier and faster to extract, as well as editable and the timestamps haven't had any issues for me (yet), it's quickly becoming my preferred subtitle format.

There's only one small issue with using ccextractor, and that is you won't know if there are any captions in the VOB until after it's made its trial run. The program will create an .srt file regardless when you run it, but the file will be empty if it couldn't find any. That's the only drawback. With VobSub, you can know if there are subtitles just by probing the DVD using lsdvd or something similar.

Muxing it into matroska is simple, too. Just pass it as a file argument and you're done.

As a sidenote, while my bend application that I wrote and use to rip DVDs would be a major pain to setup for someone else, I've rewritten it recently so that it uses individual classes to access every object directly: DVD, DVD track, DVD VOB, Matroska file. They are standalone classes written in PHP if anyone wanted to use them, feel free. You would also need my tiny class of shell functions as well, since they all make calls to it.

The DVDVOB one makes it simple to extract the subtitle stream. In fact, all the classes make things relatively simple. They have made writing my code so much simpler.

ratchet and clank: a crack in time

2009-11-02T16:53:04Z

One thing I will readily admit is that I'm not a veteran gamer. Not having a video game console for most of my life will kind of do that to you. Thankfully, though, to an abundance of free time, a large HDTV and no pesky girlfriend to spend money on, I can resolve that issue gradually. Not knowing what the heck kind of games is out there has its drawbacks now and then (I have a really small library of games), but it does have it's positive upswings too, for instance, when I "discover" something new quite by accident.

This weekend while puttering around, I decided to check out the latest demos on the Playstation Network, and downloaded one for Ratchet and Clank Future: A Crack in Time. There were two demos, interestingly enough, one for Ratchet and one for Clank. I got Ratchet's. As is with most demos, I wasn't expecting much (it's a pretty high failure rate when it comes to interest), but I fired it up to give it a whir.

The game dropped me in a weird landscape with a gun, and I kind of groaned to myself .. not another shooter. I suck at shooters, which is one reason I've been avoiding console gaming a lot. But, as I started playing it, here's the sequence of thoughts that went through my head:

How the heck do I shoot my gun?
How do I shoot my special weapon?
Holy crap, I have hoverboots?
Oh my gosh, this game is fun!
Repeat last step, about 500 times.

Heh. It was awesome. So much, in fact, that when I finished, it said that the game came out last Tuesday!? Well, you know what that means to a man who has spent his whole life evolving a careful sense of patience and self-mastery ... I paid full price for it at Best Buy 15 minutes later.

I've since played through probably a third of the game, and I'm just now starting to lose steam. Wow, it is fun.

First of all, the graphics are absolutely amazing. It's just eye-popping nice. I'm actually surprised that they'd put so much effort into the artwork for a game that is mainly for an audience much younger. But the quality shines through in every aspect so far.

The game has one of my favorite features of all time, too -- no penalty for deaths. It just starts you back up where you left off. I love that. I'm sure one of the reasons I never had a console growing up was because I realized early on that it was an issue-aggragator rather than a calming, enjoyable experience. Let's just say it's a good thing that those Nintendo controllers were hard plastic -- they could take a lot of damage at high velocity speeds.

Another really nice touch about the game is it has a degree of free-range movement. There are lots of different places you can go, and while the storyline is linear, you can take breaks from it and go back to where you were before to finish things up or just screw around. Its fun. It gives you enough freedom to screw around if you want, or get into a serious adventure if you're up for the run.

The only thing I don't like about it is playing as Clank. So far, it's just a chore.

The storyline is great, too, and there is some great dialogue / writing in there. Really original and funny. Something else I really enjoy too is the ability for the character to upgrade himself and his weapons. I grew up with the gold-box of AD&D gaming, and I always loved levelling my guys. This isn't the same level of complexity, but still I think it's a nice touch that your character's abilities improve as the guys get harder in the game. It only seems fair.

All around, a really awesome game. And it turns out, as I discovered, that there's apparently a whole series of Ratchet and Clank games, too. I'm really skeptical that any of the others would be nearly as good as this one, but who knows. At least they're not as expensive by now.

The PIE is not exactly a lie…

2009-11-02T16:33:52Z

One very interesting misconception related to Gentoo, and especially the hardened sub-profile, is related to the PIE (Position-Independent Executable) support. This is probably due to the fact that up to now the hardened profile always contained PIE support, and since it relates directly to PIC (Position-Independent Code) and PIC as well is tied back to hardened support, people tend to confuse what technique is used for what scope.

Let’s start with remembering that PIC is a compilation option that produces the so-called relocatable code; that is, code that is valid no matter what base address it is loaded at. This is a particularly important feature for shared objects: to be able to be loaded by any executable and still share the code pages in memory, the code needs to be relocatable; if it’s not, a text relocation has to happen.

Relocating the “text” means changing the executable code segment so that the absolute addresses (of both functions and data — variables and constants) is correct for the base address the segment was loaded at. Doing this, causes a Copy-on-Write for the executable area, which among other things, wastes memory (each process running will have to have its private copy of the executable memory area, as well as the variable data memory area). This is the reason why shared objects in almost any modern distribution are built relocatable: faster load time, and reduced memory consumption, at the cost of sacrificing a register.

An important note here: sacrificing a register, which is something needed for PIC to keep the base address of the loaded segment, is a minuscule loss for most architectures, with the notable exception of x86, where there are very few general registers to use. This means that while PIC code is slightly (but not notably) slower for any other architecture, it is a particularly heavy hit on x86, especially for register-hungry code like multimedia libraries. For this reason, shared objects on x86 might still be built without PIC enabled, at the cost of load time and memory, while for most other architectures, the linker will refuse to produce a shared object if the object files are not built with PIC.

Up to now, I said nothing about hardened at all, so let me introduce the first relation between hardened and PIC: it’s called PaX in Linux, but the same concept is called W^X (Write xor eXecute) in OpenBSD – which is probably a very descriptive name for a programmer – NX (No eXecution) in CPUs, and DEP (Data Execution Prevention) in Windows. To put it in layman terms, what all these technologies do is more or less the same: they make sure that once a memory page is loaded with executable code, it cannot be modified, and vice-versa that a page that can be modified cannot be executed. This is, like most of the features of Gentoo Hardened, a mitigation strategy, that limits the effects of buffer overflows in software.

For NX to be useful, you need to make sure that all the executable memory pages are loaded and set in stone right away; this makes text relocation impossible (since they consists of editing the executable pages to change the absolute addresses), and also hinders some other techniques, such as Just-In-Time (JIT) optimisation, where executable code is created at runtime from an higher, more abstract language (both Java and Mono use this technique), and C nested functions (or at least the current GCC implementation, that makes use of trampolines, and thus require executable stack).

Does any of this mean that you need PIC-compiled executables (which is what PIE is) to make use of PaX/NX? Not at all. In Linux, by default, all executables are loaded at the same base address, so once the code is built, it doesn’t have to be relocated at all. This also helps optimising the code for the base case of no shared object used, as that’s not going to have to deal with PIC-related problems at all (see this old post for more detailed information about the issue).

But in the previous paragraph I did write some clue as to what the PIE technique is all about; as I said, the reason why PIE is not necessary is that by default all executables are loaded at the same address; but if they weren’t, then they’d be needing either text relocations or PIC (PIE), wouldn’t they? That’s the reason why PIE exists indeed. Now, the next question would be, how does PIE relate to hardened? Why does the hardened toolchain use PIE? Does using it make it magically possible to have a hardened system?

Once again, no, it’s not that easy. PIE is not, by itself, neither a security measure nor a mitigation strategy. It is, instead, a requirement for the combined use of two mitigation strategy, the first is the above-described NX idea (which rules out the idea of using text relocations entirely), while the second is is ASLR (Address Space Layout Randomization). To put this technique also in layman terms, you should consider that a lot of exploit require that you change the address a variable points to, so you need to know both the address of that variable, and the address to point it to; to find this stuff out, you can usually try and try again until you find the magic values, but if you randomize the addresses where code and data are loaded each time, you make it much harder for the attacker to guess them.

I’m pretty sure somebody here is already ready to comment that ASLR is not a 100% safe security measure, and that’s absolutely right. Indeed here we have to make some notes as to which situation this really works out decently: local command exploits. When attacking a server, you’re already left to guess the addresses (since you don’t know which of many possible variants of the same executable the server is using; two Gentoo servers rarely have the same executable either, since they are rebuilt on a case by case basis — and sometimes even with the same exact settings, the different build time might cause different addresses to be used); and at the same time, ASLR only changes the addresses between two executions of the same program: unless the server uses spawned (not cloned!) processes, like inetd does (or rather did), then the address space between two requests on the same server will be just the same (as long as the server doesn’t get restarted).

At any rate, when using ASLR, the executables are no longer loaded all at the same address, so you either have to relocate the text (which is denied by NX) or you’ve got to use PIE, to make sure that the addresses are all relative to the specified base address. Of course, this also means that, at that point, all the code is going to be PIC, losing a register, and thus slowed down (a very good reason to use x86-64 instead of x86, even on systems with less than 4GiB of RAM).

Bottomline of the explanation: using the PIE component of the hardened toolchain is only useful when you have ASLR enabled, as that’s the reason why the whole hardened profile uses PIE. Without ASLR, you will have no benefit in using PIE, but you’ll have quite a few drawbacks (especially on the old x86 architecture) due to building everything PIC. And this is also the same reason why software that enables PIE by itself (even conditionally), like KDE 3, is doing silly stuff for most user systems.

And to make it even more clear: if you’re not using hardened-sources as your kernel, PIE will not be useful. This goes for vanilla, gentoo, xen, vserver sources all the same. (I’m sincerely not sure how this behave when using Linux containers and hardened sources).

If you liked this explanation that costed me some three days worth of time to write, I’m happy to receive appreciation tokens — yes this is a shameless plug, but it’s also to remind you that stuff like this is the reason why I don’t write structured documentation and stick to simple, short and to the point blogs.

links for 2009-11-02

2009-11-02T12:02:42Z

Seth's Blog: Trolls

Of note: volunteers aren't paid to ignore anyone, so Seth's point about being paid to ignore trolls doesn't apply. I also think it meshes poorly with the thought of creating a community or a positive environment.

(tags: community)

Manually installing CSI apps on the NMT

2009-11-02T09:17:23Z

If you like me don't want to install the Community Software Installer, when installing applications to the Networked Media Tank (NMT), then here is a simple guide.

First start by downloading the repository info from: http://repository.nmtinstaller.com/RepositoryInfo.zip

Open the XML file and locate the URL of the package you want to install and download the ZIP file.

Extract the ZIP file to your /share directory on the NMT, using NFS/FTP. Make the appinit.cgi file executeable.
chmod 755 appinit.cgi

On the NMT browse to HARD DISK and execute install.htm

Enjoy your newly installed app:)

modsecurity as final antispam solution? Not really

2009-10-31T18:06:42Z

In my previous post about comments I’ve described some more notes about my antispam solution based on mod security, and then some people actually wondered about its validity as a final solution. So let me explain a bit further.

I’m not saying that modsecurity is perfect and that it does its job perfectly well; actually, I always have to disable some of its rules because are sometimes positively stupid or effectively braindamaged, like the “PHP source disclosure” rules in the latest release (2.5.10) that stops any request that would return “fread” to the user; so almost any half-interesting piece of source code.

In general, while modsecurity is doing its job, I recognize that it’s not a perfect solution to everybody. I still find it a nicer solution than captchas, but maybe the two things could be merged: instead of implementing this antispam measures in mod_security, at Apache level, they could be implemented at application level, with an extension library. At that point it’d be possible to choose whether the client is either of: trusted, untrusted, positively a spammer. First and last cases are obvious: the comment is either passed or killed right away; untrusted clients would be presented a bad bad captcha to solve.

This would tie in with not only user-agent based filtering, but also DNSBL and Honeypot’s httpBL and even email verification, and the blogspam webice .

One very interesting use of this would solve the current difficult-to-decide situation where anonymous clients, such as TOR, end up being abused by the spammers, and the decision between keep allowing them to comment, and that of just killing them all is not quite as easy; I can see the reasons for using TOR, but the amount of SPAM is just too much (I wonder if I should do something along the lines of making the blog available directly on the TOR network and then killing the IPs coming from lists like TornevallNET ).

And a word about email verification; some people seem to find it funny to use some common fake email addresses like anonymous@the.net when posting a comment. I seriously have a beef with that. The reason why this is, is very simple: I don’t care whether you enter an email address or not! I don’t require you to; if you do, you get gravatar integration and I can contact you, but that’s about it; you can simply avoid filing the field if you don’t want me to know your email address. If I could check the email address for validity with modsec, I’d be rejecting such comments to begin with.

I’m probably not going to work on this myself for now, but this is an idea if somebody wants to look at it.

Amazon failures

2009-10-31T15:21:31Z

This is one of those long overdue posts that I’ve thought about for quite a bit and that I should have completed a long time ago, but that did wait till today for a series of different reasons.

You might have noticed that my wishlist contains some items that are correctly classified as “electronics”. Up to last July or so, Amazon UK didn’t ship that stuff to Italy at all; since then, they said that they do ship them to Italy. Since from time to time I could use some gadget but I don’t need it hard enough that I would get it by myself, I thought it would have been a decent way to handle the wishlist to put some stuff in there.

Unfortunately, it seems like Amazon does not allow for the items to be shipped to Italy by using the wishlist, even though it would be sent without a glitch when ordering it myself. There seem to be two reasons for that: Amazon always tries to add the cheapest option to the wishlist, which often times is a “Marketplace” option, and since they require an explicit authorisation to give personal addresses to those sellers, it doesn’t work when sending something to someone else.

Also, interestingly enough, they have no problem to send the electronics from the German Amazon website (which is how Thomas was able to send me the MX Revolution mouse), since they still ship from the same warehouse it seems. I guess this is just one more Amazon failure (the last one I wrote about was from an year and a half ago).

At any rate, I have for now cleared up the wishlist so that all the items in it are actually available to be sent (they are all books, CDs or videogames); if you want to send me an appreciation token, those are definitely welcome; if you wish to make a more function donation, you can either send me hardware directly (contact me in case you’re interested to know what I’m looking for — right now one thing would definitely be an 8-port Gigabit switch since my 5-port one is exhausted, and another thing that I’ll probably never stop needing is accumulators, or rechargeable batteries if you prefer; ~1000mAH AAA or ~2800 mAH AA are definitely welcome), or you can use Amazon gift certificates, with those I’m able to order the hardware by myself.

And by the way I also learnt the hard way myself why I should pay attention about ordering hardware from Amazon: I ordered a Belkin powered USB HUB… and it arrived – quite obviously thinking about it in the aftermath – with a British power socket. Which would have been a good thing for the Nokia bluetooth headset (so that I could use it to charge the phone when I was in London) but which wasn’t as good for an USB HUB. I still have to find a complete solution for that.

Anyway, to make this announcement less useless, I wish to thank user99, Carlo and Daniel for their improvement to Autotools Mythbuster which has been updated today. Thanks guys!

Changes in the comment antispam

2009-10-31T11:02:01Z

You probably remember the series of posts I already wrote about my antispam that uses the User-agent field to reject at the source a number of comments that are likely to be spam. The idea is definitely working right, just yesterday it filtered out 134 spam comments (no false positives, after a quick check), and at the same time I have no need to use obnoxious captchas, or to block comments on old posts (and just yesterday I got an interesting one on an almost year old post ).

Unfortunately this was still not perfect; luckily there is a second antispam pass that is applied directly by Typo using some heuristics (like the number of links) and akismet; this second pass is both good and bad. For instance it always marks as spam the posts where people do provide references for their comment, which is a bit tiresome. Sure it does not delete the posts, but only queue them up for moderation, but still. Unfortunately the second pass couldn’t be disabled or loosened up because usually I would get around three spam comments every day or so (which is still a lot less compared to the hundreds sometimes the filter kills at the source).

But last night, thanks to Mark, I was able to refine the antispam even more (and the comment policy now is updated to reflect that); I added a couple more DNSBL (DNS-based blacklists): proxyBL DroneBL and CBL . I left them running on the untested input during the night and the results are quite interesting. Just one or two hits on ProxyBL, but about two posts an hour hit DroneBL right away, and of those a few wouldn’t have hit my usual User-Agent-only antispam.

But since I don’t want to hit other services when I can filter the spam myself, I’ve now re-configured the checks to only apply if the comment didn’t hit any other check first (this way all the bogus user agent posts would be dropped and then the remaining “valid” ones would be checked). In particular, CBL is set as the very last check, for a very important reason: CBL does not sanction its use for non-mail related filtering. Unfortunately, CBL is also the only list that had a couple of IP addresses from which false negatives arrived yesterday, so I really wouldn’t have wanted to ignore it entirely. But I am responsible for any problem related to CBL with this kind of use; please don’t ever bother CBL upstream about this.

And another change, related to the blog spam, might be of interest. I’ve tried re-enabling the trackback support, but as it was easy to guess, there seems to be nothing but spam passing through it nowadays; very few valid installations actually use the trackback support, and they definitely don’t justify the amount of spam I’d be getting; on the other hand, Typo should be able to trackback itself to link posts together when I note something about them, and that’s one thing that I’d really like to keep; so for now I’ve enabled the trackback feature from within Typo, but I’ve stopped it on the Apache configuration, by allowing only the server’s own IP address to access the location.

I’ll publish the modsecurity configuration someday in the near future, hopefully.

Curses::Toolkit is on CPAN

2009-10-30T23:30:52Z

After few months of delay, Curses::Toolkit is now available on CPAN.

Curses::Toolkit tries to be a modern toolkit to implement semi-graphical interfaces using Curses. It's inspired by Gtk.

I gave a presentation of Curses::Toolkit at the French Perl Workshop 2009, and at the Open Source Developers conference France 2009. BooK presented it as part of a Lightning Talk at YAPC EU 2009 where I couldn't participate. Thanks to him for that. I will try to participate to London Perl Workshop this year and give a talk about it as well. I have received quite good feedback from people and users about it.

I'd like to mention that Jerome Quelin helped me with the initial release, injecting some Dist::Zilla magic into Curses::Toolkit. Thanks, Jerome.

What next ? I'll try to post a video of what is currently possible with Curses::Toolkit. I need to add more widgets and signals, and fix some bugs. Also, migrating to Moose is on the todo list. The module is usable now, but you can't really build a very nice big application with it.

Want to help ? If you have some free time, please consider helping me on next development of the module. You don't need to be a coder, here are some of the things you could help with :

Improve documentation : current documentation has some errors, and a better front page for the module would be good.
Create a Tutorial : preferably in POD, but not tied to follow sub-modules' names
Help implementing additional widgets
Create new themes : it's all about colors
Help the migration to Moose

If you're interested, contact me. The source is here

Gentoo: About “optimizing”

2009-10-30T18:26:29Z

As Linux-Mag points out (Gentoo Optimizations Benchmarked) using gcc optimizations for "omg, teh speed" is not all that practical. Sure, I'll add some compiler flags here and there as long as I am compiling everything anyway but I don't consider that a feature of Gentoo Linux.

I actually prefer Gentoo for the package management and customization via USE flags (even with the headaches that they cause sometimes).

pixar blu-ray

2009-10-30T14:29:48Z

Reading the Blu-Ray review for Up, I would take this statement and drop in Wall-E for the movie, and the same would be true:

"Up brushes against the stratosphere with a dazzling, picture-perfect ... transfer that boasts more breathtaking spectacle and stunning scenery in a single shot than many high definition presentations deliver in two hours."

I can't comment on Up since I don't own a copy, but I can say the same holds for Wall-E.

Watching a Pixar movie on Blu-Ray made every single hedge I ever had about the format completely disappear.

Improved VDPAU abstraction

2009-10-30T13:47:52Z

Recently, Aaron Plattner from NVIDIA announce libvdpau 0.2, which a wrapper for driver specific VDPAU implementations. You may have noticed that nvidia-drivers shipped a libvdpau.so library for a while now for apps to link against while placing their actual implementation in libvdpau_nvidia.so. Newer ebuilds of nvidia-drivers will no longer install libvdpau.so, nor any of the headers and install will rely on this being installed. Other applications, like MythTV will instead depend on x11-libs/libvdpau.

In addition to this change, there’s a new package called vdpauinfo in the tree. Some people might know it from the NVNews forums as vdpinfo. However, Aaron got the author’s permission to add it to freedesktop.org and rename it to vdpauinfo to match the library.

Introducing media-video/miro

2009-10-30T10:53:00Z

Miro described itself as Open-source, non-profit video player and podcast client. It's actually somewhat a swiss-knife for videos if you are using video sharing services (like youtube or dailymotion), following podcasts and downloading videos via bittorrent.
Miro lets you do everything in one place. You can directly search for a video, download it and see it locally. Then you can organize your videos whatever it comes from and remove them when you want. To me, it's sound like the equivalent of songbird for videos.

Miro is also known for it's "Adopt a line" campaign which consist of paying 4$ per month to adopt a line of code and support the project. An innovative idea which seems to work.

So, bug 131527 is now fixed and Miro is known as media-video/miro in Gentoo's tree.
Try it and report bugs !

NFS access restrictions on the PCH A-110 NMT

2009-10-30T08:25:53Z

My Linux based Networked Media Tank (NMT), A PopCornHour A-110 normally only allow clients in the same subnet as the NMT to mount NFS exports. If you somehow need to change that, here is how to do it.

First you have to install telnet or dropbear SSH to have console access to the PCH.

I didn't quite find any convenient way to edit files on the PCH, so I'm just using FTP to download, edit on the laptop, upload and move into correct place.

Download and edit it with your favourite FTP client (default username and password combo ftpuser:1234).

Add the following three lines just before the reload function. Do remember to remove the leading +:
then /usr/sbin/statd > /dev/null 2> /dev/null fi

+ #Hack to change IP restrictions of NFS mounts
+ echo "/share 192.168.2.0/255.255.255.0(rw,sync,root_squash,anonuid=1001,anongid=1001)" >> /etc/exports
+ exportfs -a
}

reload()
{

Likewise you can change reload if you want.

Remove the file from /share before uploading:
rm /share/nfsserver.sh

Then upload it with FTP.

Move it in place and restart the service:
mv /share/nfsserver.sh /mnt/syb8634/etc/nfsserver.sh chmod 755 /mnt/syb8634/etc/nfsserver.sh /mnt/syb8634/etc/nfsserver.sh stop /mnt/syb8634/etc/nfsserver.sh start

Mount and enjoy:-)

Using sshfs with rtorrent

2009-10-30T01:56:31Z

I had this genius idea about using sshfs with rtorrent. I thought that this use case would fit best in situations where you have good bandwidth but not much diskspace, such as my linode VPS (review). So, I'll attempt to share my findings in this regard.

If you are not familiar with rtorrent. You just need to know that it is a powerful, lightweight bittorrent client. It has a "watch" feature that watches a directory for new torrents, and obviously it can put downloaded files in a specified location. I tried both of these with sshfs.

First, I was having trouble with rtorrent just 'freezing' up when I put a torrent file in the sshfs accessible watch dir. I didn't quite know what was wrong here. Research led me to rtorrent bug 322 and that sshfs did not support filesystems without mmap properly. Darn. More research led me to a recent kernel commit that looked promising. Low and behold, reboot my host with 2.6.31.x kernel and rtorrent works with sshfs watch and destination directory. Yay.

Well, not so fast...

The performance is quite poor with the destination directory on sshfs. This is to be expected because now your download speed for torrents is limited to the download speed of your final destination. But, rtorrent was only giving me a sustained speed of 1/4 of that demonstrated with a simple file copy to the destination. I speculate that this is from the rtorrent overhead or maybe fragmenting? Not sure exactly and I don't care. My solution to this was to use the rtorrent "move on finished" feature that downloads the file to local disk and then moves it to sshfs destination after it is finished. Amazingly, this works quite well.

My testing scenario was the following:
-79MB Gentoo 2008.0 install cd torrent. With the complete sshfs solution, it took ~6 minutes to download (to the sshfs destination) and then 5 minutes to check the hash. So, roundtrip of 11 minutes from start download to seeding. With the on_finished solution, it took 1 minute to download (to local disk) and 1 minute to check the hash and move to the sshfs destination. For a roundtrip of ~2 minutes from start of download to seeding.

In conclusion, this isn't the perfect solution because you impose a large bottleneck into the mix and unintended I/O activity on the local disk. However, it works for me and what I am doing. Maybe it will give someone else some ideas in the future.

Gnome 2.28.1 full steam

2009-10-30T00:04:29Z

http://cia.vc/stats/author/eva

My CIA profile went from about one commit every 17.35 housr to one every 16.56. The difference does not seem big but the calculation is diluted on about 6 years due to a KDE dev sharing the same nick. This amounts to 158 commits tonight.

~arch is now at about 85% of completeness for Gnome 2.28.1, a few commits are missing due extra complexity (hey it still took my 3 hours to do that). Beware that this release still has a few rough edges, especially policykit migration buts. So if you get cut, please come to bugzilla but do not expect sweet words and attention if I see comments like "dude why do you keep on breaking ~arch". It's ~arch, beat it.

Original post blogged on b2evolution.

New Home

2009-10-29T21:39:19Z

The new server I had setup few weeks ago got hacked, brute force ssh attacks being made from it... I had spent some time setting it up, and now I'm bored.

So, I decided to migrate my blog to a hosted solution. As I'm a big fan of movable type, I decided to give Typepad a go. So this is yet another rebirth of my blog (I think it's the 6th time now).

I'll use that opportunity to catch up with the Perl blogging Iron Man competition.

More to come about Perl and Curses::Toolkit, my baby :)

Happy Birthday Noah!

2009-10-29T19:40:14Z

Today is a special day--it is the twelfth birthday of the greatest kid in the entire world! I just wanted to wish you a very Happy Birthday buddy, and I hope that this upcoming year brings you the most happiness, joy, and fortune possible. Even though we haven't been able to spend time together lately, I'm always thinking about you. I love you Noah, and always will.

This kitten made me think of Ms. Cleo. I hope that she is keeping you company, and that she serves as a reminder in the same way that the note you wrote me does. It never leaves my side.

|:| Zach |:|

Podcast 65 Bashed In The Head

2009-10-29T18:33:43Z

In this podcast I talk about my progress learning Bash for Gentoo ebuild development.

LINKS:
Bash By Example
http://www.ibm.com/developerworks/library/l-bash3.html
Linux Command Line and Shell Scripting Bible
http://xrl.us/bfzigo
Learning the Bash Shell
http://oreilly.com/catalog/9780596009656
Gentoo Tools
http://devmanual.gentoo.org/tools-reference/index.html
Sed By Example
http://www.gentoo.org/doc/en/articles/l-sed1.xml
Bash Guide
http://mywiki.wooledge.org/BashGuide
Grep
http://www.panix.com/~elflord/unix/grep.html
Awk
http://www.grymoire.com/Unix/Awk.html

irc network freenode channel #linuxcrazy

Download

Response to a comment

2009-10-29T08:30:25Z

Benjamin wrote a comment on my last post, and I'll share my answers here because those questions come up every now and then, so it's better to try to inform everyone. (That and I never write on this blog, so this is a perfect excuse to do so)

If you assume compile problems, why is that thing unmasked?

Xorg-server 1.7 is not getting stabilized, it's just getting unleashed onto unstable. Unstable means exactly that. Of course we try to do our best and we won't release something we know will break. The idea behind unstable is for users to test the new and shiny stuff before it hits stable.

If you don't want to help fix bugs, use stable. It's as simple as that.

I've always been irritated by the way the xorg team handled masked/unstable/stable releases, as even rc's were unmasked at times.

Releases in X-land are tough. The numbers almost mean nothing. For instance, the last stable version in the 1.5 series was 1.5.3-r6. And despite the apparently stable version number, it currently has 80 patches to make it run smoothly.

On the opposite side, the current stable server is 1.6.3.901-r2, which is indeed a "pre point release" only has a couple patches. And 1.7.1 doesn't have any patches.

So don't let the version number fool you, they mean almost nothing.

As for what we put in portage, well X is a complex piece of software. It used to have more than a million lines of code and it's been getting some tough love these last 2 or 3 years. And up until recently, drivers were a mess. I had shivers every time a new driver was released : "How many systems will this break?" was a question I asked myself over and over.

There are probably a lot of people who put the xorg-server in package.keywords because they needed/wanted feature X/Y or because it fixed some bug for them (it did for me). So now I get a release that possibly breaks build in unstable?

Again, unstable is for power users who are not afraid of filing bug reports if something breaks. We try to make sure that things don't break every day, but Gentoo being a source distro with billions of possibilities (USE flags, CFLAGS, arches, packages, ...),you can't reasonably expect us to try every possible combination.

So we ask for you help (via bugzilla) in return. Gentoo is a community distro, after all.

So there, that's it for today, I hope y'all know a bit more about how we manage X and unstable packages.

Blog posts are no replacement for documentation

2009-10-27T22:23:56Z

Since I was asked in a previous post I’d like to make some notes about why I “document by blog post” in so many occasions.

I know perfectly well that my blog posts are no replacement for proper documentation; code, procedures and policies need to be properly documented, and tied to the project they are supposed to document. Documentation by blog post is difficult to write, manage and search, and can be indeed useless for the most art.

So why do I write it? Well, most of the time I start a blog post with some ideas in mind, write down it, and then depending on the feedback I either continue the topic or drop it entirely. I guess the most prominent counter-example is the For A Parallel World (which I know I haven’t updated in a while).

Writing proper documentation is important, and I know that pretty well, I have written and ranted about that before as well. And it’s knowing that, that I started the Autotools Mythbuster project which, to be honest, has given me mixed feedback, and satisfaction. The problem is: writing a blog takes just a modicum of effort, because I don’t have any obligation about form, or grammar, or language; I might soft-swear from time to time in a post, I might rant, I might have some smaller mistakes around, both in grammar and content, and so on. I don’t go updating blog posts to fix grammar and style and so on. Writing complex and organized documentation requires a lot more work, and when I say a lot I mean quite a lot more. Of course the result is also of much higher quality, because of that.

I have tried finding alternative routes to get the good results out without having to just apply that much effort in my (unpaid) free time; the first option was LWN, which actually helped me paying for a good part of Yamato’s hardware. Unfortunately LWN is not a perfect solution for me; partly because my topics tend to be quite low-level, too low-level for the LWN readers I’m afraid, and too distant from the Kernel as well (which is probably the only low-level area that LWN really writes a lot about); the other problem is that LWN is still something similar to a magazine, a journal, and thus does not allow an easy way to organised documentation; like autotools-mythbuster is. It would still be a puzzle of entries; of higher quality than a blog, but still a puzzle.

The classical form for organised documentation is that of a book; in today’s age, ebooks are also quite often used, to avoid the whole mass-production and distribution trouble for topics that might not be of enough interest (interestingly enough, that’s not true still for a lot of books, so lately I actually had to by more paper books because I couldn’t find PDFs of them to use with the Reader). Now, this also have troubles; as you might remember I already tried looking for a publisher for Autotools Mythbuster, before going with the open project it’s now.

The idea behind that would have been putting as much effort as possible into that single piece of documentation, complete it as much as possible and get it out in some complete form. There you go: high-quality results, paid effort, and organised up. Unfortunately, finding a publisher is never an easy task, and for that topic in particular, I ended up hitting a stone wall: O’Reilly already had somebody working on the topic, and the book is out now I think (I haven’t read it). This actually was ignoring a problem with classical books: they cannot easily be updated; and documentation often has to be, to correct mistakes, grammar, style, and especially to be kept up to date with what they document. For instance, Autotools Mythbuster has a specific section on forward porting (which I’ll probably keep updating for the future versions as well).

So the final option was making it an open book; again, the effort is not ignorable, so my first solution was to write on it on a donation basis: would have covered the effort I needed to put into it, and would still have been able to be there for everybody. I didn’t count in the fact that the topic is too developer-oriented to actually be of any use to people who would be donating. Indeed, I wish to thank the last two donors (in terms of time), Thomas Egger (who sent me a good mouse to replace the stupid Mighty Mouse, you’ll soon see results about that, by the way), and Joseph Booker (who sent me some books, I started with The Brief Wondrous Life of OScar Wao because I was meaning to read it for almost two years now, but the useful one will soon prove useful, I’m sure). But they, like most others, never explicitly named the guide. And so I’m trying to find more time for the general postings than that in particular.

Just a note before you start wondering about the guide; yes I haven’t updated it in a while. Why? Because I sincerely feel like it’s not useful any more. As I said it requires a positive amount of effort to be extended; there is, true, some interest on it, but not enough to actually have moved anyone to ever try funding its extension. With O’Reilly now publishing a complete book on the matter, I don’t think it’s worth my time keeping it up. I might still extend it if I have to correct some build system, or if I discover something new, but not going to keep extending it by my own will without such a need.

Bottom-line: I could probably write more extensive, organised, and precise documentation about lots of stuff, especially the stuff I write about on the blog from time to time, but the problem is always the same: it requires time and effort; and both are precious commodity; most of my time is already committed to paid work nowadays, and Gentoo is getting more and more to the third place (first is work, second health). Documenting what I can with the blog is, in my opinion, still better than nothing, so I’ll keep doing that.

Intel graphics and gaming, Abiword 2.8.0

2009-10-27T19:07:03Z

Last night I installed UT2004 on my laptop, after not playing it since June. The laptop in question is an older ThinkPad R61i, with an Intel X3100 graphics chip. I know -- not the best for gaming. However, most online reports I found indicate that it's acceptable for such an old game as UT2004, so I figured it'd be worth a shot. The Intel graphics drivers have made a lot of progress in the last two years, especially on the 3D front, right? Right?

Kinda. After reducing all settings to "low" and dialing back the resolution to 1024x768 (native is 1280x800), the game is playable, but with very uneven framerates. Looking toward the middle of a map, or anyplace with a lot of action, introduces a good stutterfest; frames are down to between 8 and 18FPS. I enabled a few extra options such as pixel shaders and VBOs in UT2004.ini to add a bit more performance, but it's still marginal.

I'm rather disappointed. I'm not having nearly as great an experience as other Linux users, and certainly not as good as the Windows gamers who've benchmarked Unreal on this hardware. However, I did also catch the huge xorg-server 1.7 update as well, so maybe there have been some performance regressions since 1.6. It makes it a little hard to determine the areas that could use tweaking. I don't have anything special in my xorg.conf, just a default resolution. It's possible there's a setting I'm missing.

I'd like to try UT2004 on my desktop workstation, which has a RadeonHD 4550 card, but all reports indicate that even the latest git checkouts of the open-source drivers still don't work with Unreal. Apparently the game can't even launch, much less run at playable speeds. But as rapidly as the drivers are maturing, I'm hoping this'll be fixed in a month or so. Call me optimistic.

* * *

It looks like Abiword 2.8.0 was released today, so I wrote an ebuild and made it available in my devspace. I've been hand-writing these things for awhile. It took quite a bit of research to determine what went into the 2.7 betas, and now I'll have to do another overhaul of the 2.8 ebuild to account for the new plugin system. There's no longer a separate abiword-plugins package; they're all distributed in the base 2.8.0 archive. This means there will be a lot more tricky configure checks and USE flags, which sucks from a flexibility standpoint. Keeping the plugins in an external package was much simpler, so I'm a bit disappointed by this upstream decision.

Still, right now you can download and install Abiword 2.8.0 using my ebuild. While it needs a few cleanups, it will get you set up with a fully functioning basic Abiword install, though the only available plugin (as shown in the "Plugins" dialog) is .odt support.

This new version launches much quicker than 2.7.10, and it seems to have fixed all the rendering errors and even the crashes that happened with basic operations. Basically, you can click stuff now without worrying.

Cleaning up my ebuild is a long task, thanks to those darned plugins. Patches welcome, or I suppose you could always just wait and see what ends up in Bugzilla.

Original post from Planet Gentoo.

Backward free software advocacy

2009-10-27T12:51:10Z

Another funny thing I noticed on the comments for my guest post about Free Software Fundamentalists is that there is a very strange conception of how to interact with proprietary software when you’re definitely forced to.

Quoting the comment on why you shouldn’t use proprietary software:

.bq When you use proprietary software, you give them market share, which further funds their development, which widens the gap between them and their free competitors. It’s like buying then freeing slaves: you do it out of good intention, but unintentionally you empowers the slave traders, who enslave even more people. True, you can get a mostly free software, but you still empower the proprietary software.

Now, beside the fact that the particular author of that comment really needs some reality check done (comparing software and slavery first, and torture later, would show some serious lack of perspective on their part), one would expect that the problem is the “market share” thing. And indeed, I know that quite a bit of “Free Software Advocates” seem to be sustaining ideas like the Pirate Party, and other kind of “freedom no matter what” activities. Don’t get me wrong, I can understand them to a point, but I’m not really agreeing with them fully.

I can understand very well the point of “civil disobedience” related to the non-availability of some kind of content or software, or so on. As I said before I also download, unauthorized, Bill Maher’s show since it’s unavailable in Italy (for no good reason I can think of). On the other hand I’m not proud of that and, given the choice of paying to watch it, I’d be definitely fine with paying for it.

What I really can’t get my head behind is the idea that, to avoid giving funds to proprietary software developers, you should copy, crack, or otherwise hinder the distribution of that software. Sorry, but respecting copyright is what the Free Software movement has been basing itself on, thanks to the GPL. Now, I know that Stallman now declared that the GPL was a “workaround” and that getting rid of copyright altogether is the way to go… I’m quite sure I don’t agree; we do need a reform in copyright almost everywhere, but I still don’t think that it’s going to help free software to kill copyright entirely.

Piracy is definitely not the way to go, in my view. Of course I’m not the kind of person who says “piracy is bad so get rid of all the tools allowing it”, because I do see that a lot of the tools actually used for piracy are used for very legit cases as well: being able to decrypt and rip a DVD does not always mean that you are going to distribute it illegally; you might want to have it available on an HDD-based set-top-box on your TV; you might want to put it on your iPod or PSP, or whatever, and so on. The same goes for CD.

Piracy is, at many levels, detrimental to Free Software; let me give you an example, getting back to the family unit I described before where pirated software was the norm, even when it only required functions well covered by free software like Gimp, Inkscape or OpenOffice. Now, in their case I was able to bring them on board with the free alternatives based on the fact that, obviously, pirated software often is a truck loaded with viruses and other kind of malware. If it wasn’t for that, their reasoning would have been “If I have to choose between a mediocre software that is available for free, when I could have, as free as that, software that costs lots of money and is thus obviously better?”.

Now, any half-decent computer geek knows very well that “costs lots of money” doesn’t necessarily mean “it’s good” (Windows, anyone?). On the other hand, normal people almost always reason in that sense (and can be seen in so many ways it’s not even funny, be it software, hardware, or stuff that has nothing to do with computers); to ignore this is silly if your target is advocating free software. So you got to find another way to explain it to them.

The usual argument about the philosophy comes up to a point; especially when you sanction piracy, this really starts to be watered down. The argument about lock-ins also doesn’t really count with “commoners” since the lock-in will only mean they’ll keep pirating the same software, and will make sure that all the computers they have have the same pirated software on them. (It would be much better if software companies really tried to struck down heavily on piracy).

What remains is simply this: make sure that the Free Software gets better, and better, and better than proprietary software. To do that, though, you need to get out of the mental shelter of “it doesn’t matter if it’s mediocre, you have to prefer it”. And now please let me cover my ass about one very likely rebuttal that I have seen before: “Well, to me it’s more important that the software is free than it is perfect”; it’s a valid point for you. And I’m definitely not going to tell you “use that proprietary software, it’s better!”.

On the other hand if you wish to ~~force~~ suggest other people to use Free Software, you should learn that most of the users out there care first to get their work done, and then whether the software is free or not. Those who use computers to do any kind of job not directly involved with development will use whatever tool allows them to get paid at the end of the month (and somebody compares that to torture and war? oh my…); those who use a computer just for entertainment will care even less about what they are using, since they don’t even expect reliability out of it (mostly because of Microsoft’s past operating systems, I guess).

Guess who’s really widening free software’s reach? Advocates who have lost contact with reality and the masses of users out there? Or me and the rest of the pragmatic guys who work hard every day to create more and better free software?

Note: I have already said it before but I want to make it explicit once again (with the “right tone” for the issue). I know that a lot of developers out there don’t give a f♥♥k about “widening free software’s reach” and would most likely prefer that “the masses of users out there” stood the f♥♥k away from them. To them I’m not really saying anything, they are free to do whatever they prefer. I’m simply upset by those who declares themselves “advocates” or “evangelists” and then behave in that way.

Xorg-server 1.7 in ~arch

2009-10-26T21:50:42Z

It's out there now, available in ~arch. Like always, you'll need to rebuild your drivers, just look-up the command given by the server's ebuild (use eread if you've lost the output).

This release took a little longer to unmask not because of the server (it's a nice change). It's because a lot of headers were moved around from library packages to proto packages and vice versa. The ABI of X libraries has not changed, but I'm pretty sure there will be compile errors in some packages.

If that's the case, please file bugs in bugzilla.

Thanks for reading this public service announcement.

Edit: There will not be a package.keywords list for stable users. Xorg-server 1.7 is intended for ~arch users only, at this moment. And all bugs from stable users will be closed INVALID. We will start creating lists when we want to stabilize it.

new feeds

2009-10-26T17:46:23Z

I've been having a slew of issues running Apache on my Linode VPS, which I'm still trying to pin down, so in an attempt to offload some of the usage, I'm now going to use Feedburner to provide the RSS feed for Planet Larry.

I know I've played with Feedburner in the past, and kind of flip-flopped on whether to use it or not, but this time I'm sure I'm gonna stick with it. It's better for users, since they will always have a feed available (whether I have issues or not), and it's better for me since I can offload that part of the network traffic, which is actually quite a lot.

I've already updated the feeds and my apache config to do a permanent redirect, but if you want the feed URLs directly, here they are:

Planet Larry: http://feeds.feedburner.com/planet_larry
Larry the Universe: http://feeds.feedburner.com/universe_larry

Sorry for the inconvenience. It seems like everytime I post about Planet it's bad news or maintenance. Believe me when I say that it aggravates me far more than it does you.

Specifically, the issues I'm having is that Apache is sucking up all the available RAM, of which I only have 360 megs on my account. It's then rolling over to using all the swap space as well, which only slows things down even more. I've just started playing with tweaking the MPM configuration a bit, and I'm still trying to find a reasonable solution for my configuration.

In the past, the Linode had been seizing up occassionally, and I'd normally just reboot it and get on with my life. Recently, I installed monit (an awesome app), and pinpointed that the issue seems to always be with apache. Now, I'm just trying to narrow it down even more from there, but offloading the RSS feeds seems like a good step to take anyway ... I get gigabytes of traffic per month just on that, believe it or not.

I'm toying with the idea of setting up lighthttpd instead, but I really prefer apache, and would rather set it up to behave in a low memory environment instead. So, for any downtime in the near future, chances are it's just me tweaking something. At least now, thanks to monit, I have a much better idea of when something goes wrong.

Oh, one other tweak I've made is that the planet script itself is more robust as well. That thing used to run out of control, but I've made some changes that will ensure that if it runs away, at least it won't bring down the system. I also started playing around with the idea of writing my own feed parser to replace the Planet software completely, and it looks like it's going to be much simpler than I imagine. I haven't actually started down that path yet, since I have bigger projects to complete, but I'm actually enthusiastic that it'd be far, far simpler than I imagined.

netflix on ps3

2009-10-26T17:33:42Z

Okay, so you're going to be able to stream Netflix on your PS3 soon, blah blah blah, that's all in the news right now. However, I'm skeptical as to the connection here, and the way this is being deployed. Namely, why is this add-on feature provided through a disc instead of being integrated into the PS3 firmware? I have a simple theory: Sony doesn't want to kill it's little baby, the Playstation Store, that sells and rents movies, and is instead making getting Netflix a bit of a speed bump.

Of course, this is all theory since the actual product isn't out yet, but hey, I like a good mystery.

Before I go on, though, here's the sources of the actual news that everyone is feeding off of. I know when I'm looking for details I hate reading everyone's interpretation of it in an attempt to get a spin on what it means -- which, of course, is exactly what I'm doing. At least I'm linking back to the source.

Okay, so, there's three things I find suspicious here about the whole thing:

The Playstation blog entry is written by Netflix, not Sony.
You need a disc to use it.
Sony said back December of '08 that it was focusing on its download service.

My take on the whole thing is that Sony doesn't like it, but they are allowing it, albeit grudgingly. Using the Playstation Store is a ridiculous experience in DRM that only makes renting movies easier by being able to download them instead of going to the store. It manages to duplicate the nasty elements of high prices, limited availablity, and poor choice of selections. Netflix's library isn't that great *right now*, but I'd still rather pay $9 a month to stream as much as I want for one month, versus $5 for one movie limited to a 24-hour viewing period.

Anyway, my big question is, why isn't it part of the PS3 firmware, similar to how it works on the Xbox 360? Dunno. Again, I don't know if the disc is a one-time install, or if you need it everytime you want to use the service. The press release leaves out those details. In fact, all it says about it is that "Initially, watching movies instantly streamed from Netflix via the PS3 system will be enabled by a free, instant streaming Blu-ray disc that is being made available to all Netflix members." When they say "initially", I imagine that means that it's not going to be that way forever.

They also say, "Netflix members simply slide the disc into their PS3 systems to reveal movies and TV episodes that can be watched instantly" so I assume that you do have to have it in the box to watch it.

Either way, I guess I'll find out next month if I get my own disc to play with.

The reason I'm watching this so closely though, is because short of the Roku, nothing has come close to delivering a worthy UI to watching Netflix on the TV (that I own ... No 360 for me). I've written about the Netflix plugin on Tivo before, which is downright embarrassing, so I'm really hoping that the PS3 one will more than make up for that. I would really hate to have to use the disc every single time, though, since that would really make me lose interest in using it on a regular basis ... and the conspiracy theorist in me thinks that that is exactly what Sony is hoping for.

what i’m watching, part three

2009-10-26T16:03:02Z

I'm starting to notice a curious trend, that I enjoy writing a lot of my blog entries on a Monday morning. For some reason, that's the time I'm most interested in writing anything at all, and I generally have a slew of topics to pick from. Today's no different, it seems.

I haven't written one of my posts about recent watching habits in a long time, so I thought it'd be a nice revisit since I've seen a few things again that aren't really deserving of posts in of themselves. I'll ramble them off in whatever manner I even remember them.

Astro Boy

I ended up seeing Astro Boy, unexpectedly, on opening night even, at the theater ... and I loved it. The more I think about it, the more I realize how much I liked it.

I was *extremely* skeptical about seeing this one, because of it's manga background ... something that has proven time and time and time again, that I just don't have a passing interest in. I just don't have the brain for it, I guess, which in some ways is keeping me from becoming a first-class art / entertainment geek. Ah, well. My tastes are in a world all their own, that's for sure.

But I remember seeing the trailer, again, about a week or so before the movie came out, and I thought, "Huh, this actually looks pretty good!" And I liked it.

The story was really simple, and, the best way I can describe it ... almost ... well, simple is the best way to put it. The story doesn't take any weird, random tangents, instead almost following a direct storyline of the events without any diversion or discussion. It was actually quite refreshing to see the story neither dumbed down or trussed up. With one exception, each of the characters was consistent all the way through. It was just good. I wanna go see it again.

Oh yah, and every scene with the RRF is just hilarious.

Surrogates

I had been waiting to see this movie for a long time, ever since I saw the trailer for the first time. I just knew I was gonna enjoy it, regardless of how bad it might turn out to be. I wasn't quite sure what to expect, since it was a sci-fi action / thriller with Bruce Willis, which could go all kinds of directions. As far as action movies go, it was rather tame ... hard questions about society aside. That surprised me.

The story itself was weak, which would probably explain why I haven't heard much about it, good or bad, or in reviews and what-not, but the concept it portrayed -- people living their lives artificially -- struck me on a number of levels. I kept thinking about the many analogies of how our society does that anyway, through the Internet, through virtual escapes of any kind (video games came to mind). It was just really, really cool. It also raised a lot of points of you never know who is behind the artifical mask, either. For someone who gets really sucked into the virtuality of second lives sometimes, and suffers from the after-shocks of trying to use it as an escape during hard times, the film really hit me, and I enjoyed it quite a lot. It's definitely not going to be a popular theme with the masses, but I liked it a lot. I wish the story was better, though.

Calling Philo Vance

Now this is an old movie (1940). I recorded a bunch of Philo Vance movies on my Tivo when TCM aired them a while ago, and I just now got the urge to watch some old movies this weekend, and I found this one. It was a little odd.

I had a little hard time following it because, apparently, this is a staple character of movies back in the day, and this was the first film I saw him in after he'd already starred in quite a few films and radio shows. I imagine it would be like stepping in to watch the 14th of 20 Sherlock Holmes films, never have knowing the man or his methods before, and wondering what the heck is going on and why it's interesting. That's exactly how it was for me, here.

I'd heard of Philo Vance, only in passing, since I've seen his name before in my attempts to collect old time radio shows.

The movie itself moved at a really clipped pace, and Philo solved the murder almost as quickly as he found the details. Anyway, it was a bit strange, but I love watching old movies so it was still fun.

playing with x264

2009-10-26T15:29:52Z

There's a couple of reasons I don't encode my video. One of them being that, everything I encode myself, I can just notice the drop in quality. However, with the right parameters and the right codec (x264) I can get it looking really nice, and I can hardly notice a difference. It comes at a bit of a tradeoff, though.

Here's a snip of a sample ffmpeg output I generated last night:

$ time ffmpeg -y -i movie.vob -r 30000/1001 -acodec copy -croptop 60 -cropbottom 60 -s 720x480 -aspect 16:9 -deinterlace -vcodec libx264 -vpre hq -crf 15 -threads 0 movie.mp4

FFmpeg version SVN-r20371, Copyright (c) 2000-2009 Fabrice Bellard, et al.
built on Oct 25 2009 14:09:56 with gcc 4.3.3

Input #0, mpeg, from 'movie.vob':
Duration: 00:29:43.93, start: 0.280633, bitrate: 6492 kb/s
Stream #0.0[0x1e0]: Video: mpeg2video, yuv420p, 720x480 [PAR 8:9 DAR 4:3], 9000 kb/s, 59.94 tbr, 90k tbn, 59.94 tbc
Stream #0.1[0x80]: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
[libx264 @ 0x1c64530]using SAR=32/27
[libx264 @ 0x1c64530]using cpu capabilities: MMX2 SSE2Slow
[libx264 @ 0x1c64530]profile High, level 3.0
Output #0, mp4, to 'movie.mp4':
Stream #0.0: Video: libx264, yuv420p, 720x480 [PAR 32:27 DAR 16:9], q=10-51, 200 kb/s, 30k tbn, 29.97 tbc
Stream #0.1: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s

Stream mapping:
Stream #0.0 -> #0.0
Stream #0.1 -> #0.1
Press [q] to stop encoding
frame=43411 fps= 7 q=-1.0 Lsize= 767982kB time=1783.95 bitrate=3526.6kbits/s

real    103m29.692s
user    155m46.121s
sys     8m0.649s

Which brings me to the second reason I don't encode stuff ... time. Seven frames per second, on my fastest box at home, heh. For a 30 minute video, it took a very long time. The video looks great, though. I can still notice a drop in quality when there is text or titles on the screen, but that's the exception. The size was almost exactly 50% the original (1.4 GB to 750 MB).

The backstory for this particular video though, was that it was presented in letterbox, and I wanted to re-encode it so I didn't have to make a pan & scan config for just that file on my box. So, I cropped the black bars off the top and bottom and resized it.

One small annoyance I have, is that all DVD source video always shows up as 59.94 frames per second when being probed by ffmpeg, and I have no idea why .... every single one of them does that, and it drives me nuts, since all the NTSC DVDs are going to be 29.97 or variable frame rate. So, I have to specify to encode the new video to 29.97, otherwise, it will encode it to 59.94 by default and nearly double the size.

Also, I'm only doing a one-pass video encoding, ironically because I don't like waiting.

I have little interest in encoding my video, because my boxes are so slow, but at a savings of 50% in storage space, the idea always keeps me curious. Unfortunately, because I'm so picky about quality, it takes a long time to find something that I like, and even longer to encode everything. On top of that, I have little to no interest in buying a faster computer right now, so I just kind of shrug the whole thing off.

I can't deny that the video looks very nice, though. Kudos to x264 and ffmpeg.

Gnome 2.28.1 is there

2009-10-25T23:32:45Z

http://dev.gentoo.org/~eva/gnome/gnome-2.28.0.html

Just added gnome-2.28.1 ebuild to the overlay, only had to keep two dependencies down. Since we are now finished with gnome-2.28 core, time to squash bugs, there is quite a number of them already, if you want to participate, just visit the overlay status/TODO or status/BUGS files, or visit gnome 2.28 official release tracker bug

Played with gnome-shell, kind of nice but still needs applet work done as I can't use gnome-globalmenu applet anymore and I'd like to keep to vertical space real estate. Plus I don't like the actual replacements for notification area and clock applet, they do less. I bit worried about speed in activities menu as well, it's damn slow on my Core2@2.2Ghz which I can't understand.

Also worked on some other ebuilds like geoclue, emerillion and seed, not easy on downstream packaging so delayed until further notice.

Original post blogged on b2evolution.

What's missing in Btrfs

2009-10-25T16:33:23Z

So, after being completely betrayed[1] by Ext4 not once, but twice, I decided to evaluate my FS options for /home .

FAT* are not an option, neither is NTFS.
Ext2 is primitive and HFS/HFS+ is just not Linux.
JFS is nice, but (atleast parted) doesn't support grow/shrink.
I've used XFS before, and found it to be more reliable than Ext4. However, deleting dirs with thousands of small files is too slow (a common operation when compiling)
ZFS would've been an option if my earlier experiences with ZFS-FUSE weren't so horrid.
Did not even consider NILFS. It's too new, and I don't know much about it.

It ended up being a choice between the reliable Ext3, or the new-fangled Btrfs. Why Btrfs? Because I've been using it as my Gentoo Distfiles and Portage tmpdir since v0.16, and found it to be the /most/ resilient to power failures of all my partitions.

I ended up selecting Ext3 for /home, but let's see why.

What's missing in Btrfs:

Growing the filesystem to the "left" of the partition. The error message when you try this is cryptic (common in btrfs-progs). However, since for other FSes this essentially involves "move to left and grow to right", I suppose the "move" part is what's missing in btrfsctl.
Pathetic ENOSPC handling. It either throws an ENOSPC at around 75% or when the metadata space fills up. Not sure which, but it's supposedly fixed for 2.6.32.
Volumes once created cannot be deleted. Again, fixed in 2.6.32.
Parted doesn't support editing/creating Btrfs partitions. Support for detecting it was proposed recently; but, I still don't see it in either "master" or "next". This is not a Btrfs problem, but certainly affects whether I'd use it.
There were other minor irritants (with btrfs-progs, mostly), but those will go away with time

Ext3 might have bad performance (especially w.r.t fsync), but atleast it's more reliable. In conclusion, I'll use Ext3 in data=ordered mode for /home till 2.6.33 is out; and then I'll convert my Ext3 partition to Btrfs and forever be happy :}

1. betrayed == sending everything into /lost+found after a forced fsck due to an earlier fsck after a power failure

Dusting off the MIPS boxes

2009-10-25T12:06:37Z

Well… it has been a while… No, I haven’t gone AWOL, just been busy with other things for the past few months.

I’m now in the process of updating my MIPS boxes so that I can resume testing packages. I now have a stable kernel on my O2 (I nicked Debian’s kernel image… to install you just run ar x on the .deb, then unpack the data.tar.gz created into your /) and can seriously look at the userland.

First priority will be developer-related tools that I know well and can test quickly… Subversion is one that I’ll probably tackle, since the version we currently have keyworded is masked. Ditto for git. I’m sure I’ll find other things to get started on, but those two will make doing everyhing else easier.

I’ve also started on some new profiles. People can have a look at http://git.longlandclan.yi.org/?p=gentoo-mips-profiles.git or clone the repository at git://git.longlandclan.yi.org/gentoo-mips-profiles.git to give them a try. When I’ve given them a good thrashing and am satisfied, I’ll look at merging them into the tree, but for now, this is my staging area.

Hopefully with a stable base system upcoming, and new profiles, then I’ll look at new stages, and get this show back on the road.

Testers wanted for x86

2009-10-25T11:15:18Z

You are running a stable x86 system (at least almost, and for the core components like kernel, system set and X)? Great, we are looking for your help. If you want to try out the following packages and report back (even if everything is running smooth) to me (fauli AT gentoo.org) or the team (x86 AT gentoo.org), we would be happy. Stabilising so many core compontents that might render you system unusable is a big thing, so a lot of testing is appreciated. The packages in detail:

Thanks in advance to everyone who cares

Gentoo Ten Live DVD 10.1 Release

2009-10-25T04:03:25Z

Attention Gentoo Community,

After numerous bug fixes and enhancements the Ten Team would like to encourage everyone to try out the 10.1 release.

A FAQ is available to assist you. We have also started a thread in our Forum. Please post any BUGS you encounter.

Please download the latest testing release for your architecture Gentoo Ten Live DVD 10.1 x86 | Gentoo Ten Live DVD 10.1 amd64.

Thanks for your continued support,

The Gentoo-Ten Project

David Abbott contributed to the draft for this announcement.

FDC09 photos! Here they are!

2009-10-24T20:36:31Z

As promised, here are some pics from FDC09! Michele Tameni, Fabio Erculiani (me), Vincenzo Di Massa and Yusef Maali (new, “honoris causa” Sabayon developer) on these.

Working together

2009-10-24T15:33:23Z

Recently, I've noticed some behaviour by package maintainers that really annoys me. I'm talking about the way stabilization requests are made. Normally, a package maintainer opens a stabilization request bug (STABLEREQ) detailing which version(s) of which package(s) he wants the arch teams to test and stabilize.

Another closely related request which suffers from the same problems I'll detail below are keyword requests. Those are pretty much the same as STABLEREQ, but for "~arch" instead of "arch". Also, the testing required usually is not as strict as that for STABLEREQ for obvious reasons.

For simple packages, neither usually causes problems. For complex packages, this may mean that dependencies need testing and keywording, in some cases five to ten packages on top of the one requested. Unfortunately, some package maintainers have taken up the habit of just dumping the request for their package in bugzilla without checking what dependencies might be needed. Checking the dependencies also involves which versions of the dependencies actually work, which ones are stable (yes, this might mean talking to other package maintainers!).

Another related gripe I have is being pushy with time frames when stuff should be tested and stable and when trouble comes up (test suite fails etc), completely ignoring the bug report the arch team files for half a year or longer.

This kind of added workload (of rather dreary work, to boot) is what makes arch testing so tedious sometimes. Not to mention the burn-out it causes. Not getting any positive feedback (from either users or other devs) doesn't help, either.

Guess I'm turning into a grumpy old dev. But still, try to be a bit nicer to the arch testers, mkay?

PS: Note that there are very positive counterexamples, too: the emacs guys always provide test plans, the security guys are always nice to work with, too. And of course several individuals who are just nice to work with.

Avogadro 1.0.0 Released!

2009-10-23T22:02:00Z

It is with great pleasure that I announce the release of Avogadro 1.0.0. After many years of work we have released what we consider to be a stable Avogadro release on Mole Day, which seems appropriate given the projects's name. There are still some rough edges, but I think this is a good release. With your help we can fix bugs in the release while working on new features in trunk.

Avogadro - Code Swarm from Marcus Hanwell on Vimeo.

What better time to look back to the beginnings of Avogadro. There was a blog post made today by Sourceforge about Avogadro detailing a little of that history. I have also made a code_swarm movie visualizing the history of the Avogadro project. There have been quite some changes in that time both at a project level and a personal level.

I would like to thank Google for sponsoring me for a GSoC project in the summer of 2007. Also Geoff Hutchison for giving me the opportunity to work with him at the University of Pittsburgh on interesting computational and visualization projects. Then there is my new employer, Kitware, who have provided me with an exciting opportunity to push scientific visualization and cross platform development to its limits.

To finish off a great day, my wife has informed me my new espresso machine has arrived! I am going to Camp KDE in January too!

Goodbye my dear friend...

2009-10-22T03:37:00Z

I received a phone call this evening that will undoubtedly change the course of my life from this point onward. A dear and trusted friend, indeed more like a brother, decided to take his own life this morning. He had been hurting a lot lately, and we talked often about his struggles. However, over the last few weeks, he seemed to be getting better. He was involved in another musical, and when I asked him about it, he had nothing but good things to say; his positive mentality toward the arts had returned. He was the greatest musician I had ever met, but to mention that one talent of his would be wrong as it would lessen the impact of all his other qualities.

Mike, we had some amazing times over the last decade. We played some great music, showed each other new artists, watched some quality films, had a blast at many plays, discussed all the issues of the times, danced with philosophies both familiar and foreign to us, pondered the emotional ups and downs of life, laughed at our own fallacies and shortcomings, discovered new places and new ways to look at old ones, and confided in one another the depths of human existence. I will never forget these times, and for the remainder of my days here I will regret not being able to talk you into sticking it out in order to create thousands more.

May you find the peace for which you were searching, and if you can part with some, please send it back here for the rest of us.

Goodbye my dear friend, and may we meet again at another time to catch up.

With love,
Zach

Machinarium on 64bit Gentoo Linux

2009-10-22T03:32:00Z

I had to spend a few hours trying to get Machinarium(flash required) running on my laptop the other night. Turns out the solution was too easy:

# USE=32bit emerge -av www-plugins/adobe-flash

Damn.

PS. if you like old-school adventure games, puzzles, or desolate post-apocalyptic cityscapes populated by melancholy anthropomorphized robots (yay), you could do worse than support Linux gaming by dropping 20 bucks on this fine piece of work.