fidzu : Debian

Make of them what you will.

daniels@psyence:~/x/xorg/xserver% wc -l **/*.[ch] | tail -1
730420 total
daniels@psyence:~/x/xorg/xserver% git diff -p xorg-server-0_99_1.. | diffstat | tail -1
2747 files changed, 178062 insertions(+), 628051 deletions(-)
daniels@psyence:~/x/xorg/xserver% echo $((628051-178062))
449989

24 Jul 2008 12:21am GMT

Dear lazyweb, I'm craving for one of these niceties. But unfortunately in Argentina they are very expensive and not easy to find (I think there's not any 'legal' channel to buy them currently). So, anyone coming to DebConf from the States would be so kind as to bring me one of these?

They are small (72 × 128 × 14 mm) and lightweight (226 grams), and aren't so expensive as to be a big risk; I can buy it from here so you don't even have to lend the money for the time being. So if you want to help make a DebConf organiser happy, you know how :-). I can bribe in the form of a nice bbq at home, or a dinner at some restaurant.

Tags: Planet Debian

23 Jul 2008 11:28pm GMT

Several weeks ago, the people in charge of maintaining the Windows machines in my institute were desperate because of a series of virus outbreaks - Specially, as expected, in the public lab - but the whole network smell virulent. After seeing their desperation, I asked Rolman to help me come up with a solution. He suggested me to try replacing the Windows workstations by substituting local installations by a server having several virtual machines, all regenerated from a clean image every day, and exporting rdesktop sessions. He suggested using Xen for this, as it is the virtualization/paravirtualization solution until now best offered and supported by most Linux distributions (including, of course, RedHat, towards which he is biased, and Debian, towards I am... more than biased, even bent). So far, no hassle, right?
Of course, I could just stay clear of this mess, as everything related to Windows is off my hands... But in October, we will be renewing ~150 antivirus licences. I want to save that money by giving a better solution, even if part of that money gets translated to a big server.
Get the hardware
But problems soon arose. The first issue was hardware. Xen can act in its paravirtualization mode on basically any x86 machine - but it requires a patched guest kernel. That means, I can paravitualize many several different free OSs on just any computer I lay my hands on here, but Windows requires full- or hardware-assisted- virtualization. And, of course, only one of the over 300 computers we have (around 100 of which are recent enough for me to expect to be usable as a proof-of-concept for this) has a CPU with VT extensions - And I'm not going to de-comission my firewall to become a test server! ;-)
When software gets confused for hardware
So, I requested a Intel® Core™2 Quad Q9300 CPU, which I could just drop in any box with a fitting motherboard. But, of course, I'm not the only person requiring computer-related stuff. So, after pestering the people in charge for buying stuff on a daily basis for three weeks, the head of acquisitions came smiling to my office with a little box in his hands.
But no, it was not my Core 2 Quad CPU.
It was a box containing... Microsoft Visio. Yes, they spent their effort looking for the wrong computer-related thingy :-/ And meanwhile, Debconf 8 is getting nearer and nearer. Why does that matter? Because I have a deadline: By October, I want the institute to decide not to buy 150 antivirus licenses! Debconf will take some time off that target from me.
Anyway... The university vacations started on July 5. The first week of vacations I went to sweat my ass off at Monterrey, by Monday 14 I came back to my office, and that same day I finally got the box, together with two 2GB DIMMs.
Experiences with a nice looking potential disaster
Anyway, by Tuesday I got the CPU running, and a regular Debian install in place. A very nice workhorse: 5GB RAM, quad core CPU at 2.5GHz, 6MB cache (which seems to be split in two 3MB banks, each for two cores - but that's pure speculation from me). I installed Lenny (Debian testing), which is very soon going to freeze and by the time this becomes a production server will be very close to being a stable release, and I wanted to take advantage of the newest Xen administration tools. Of course, the installation was for AMD64 - Because 64 bitness is a terrible thing to waste.
But I started playing with Xen - And all kind of disasters stroke. First, although there is a Xen-enabled 2.6.25 Linux kernel, it is -686 only (i.e. no 64 bit support). Ok, install a second system on a second partition. Oh, but this kernel is only domU-able (this is, it will correctly run in a Xen paravirtualized host), but not dom0-able (it cannot act as a root domain). Grmbl.
So, get Etch's 2.6.18 AMD64 Xen-enabled kernel, and hope for the best. After all, up to this point, I was basically aware of many of the facts I mentioned (i.e. up to this point I did reinstall once, but not three times)... And I hoped the kernel team would have good news regarding a forward-port of the Xen dom0 patches to 2.6.25 - because losing dom0 support was IMO a big regression.
But quite on time, this revealing thread came up on the debian-devel mailing list. In short: Xen is a disaster. The Xen developers have done their work quite far away from the kernel developers, and the last decent synchronization that was made was in 2.6.18, over two years ago. Not surprisingly, enterprise-editions of other Linux distributions also ship that kernel version. There are some forward-patches, but current support in Xen is... Lacking, to say the least. From my POV, Xen's future in the Linux kernel looks bleakish.
Now, on the lightweight side...
Xen is also a bit too complicated - Of course, its role is also complicated as well, and it has a great deal of tunability. But I decided to keep a clean Lenny AMD64 install, and give KVM, the Kernel Virtual Machine a go. My first gripe? What a bad choice of name. Not only Google searches for KVM gives completely unrelated answers (to a name that's already well known, even in the same context, even in the same community).
KVM takes a much, much simpler approach to virtualization (both para- and full-): We don't need no stinkin' hypervisors. The kernel can just do that task. And then, kvm becomes just another almost-regular process. How nice!
In fact, KVM borrows so very much from qemu that it even refers to qemu's manpage for everything but two command-line switches.
Qemu is a completely different project, which gets to a very similar place but from the other extreme - Qemu started off as Bochs, a very slow but very useful multi-architecture emulator. Qemu started adding all kinds of optimizations, and it is nearly useful (i.e. I use it in my desktop whenever I need a W2K machine).
Instead of a heavyweight framework... KVM is just a modprobe away - Just ask Linux to modprobe kvm, and kvm -hda /path/to/your/hd/image gets you a working machine.
Anyway - I was immediatly happy with KVM. It took me a week to get a whole "lab" of 15 virtual computers (256MB RAM works surprisingly well for a regular XP install!) configured to start at boot time off a single master image over qcow images.
KVM's shortcomings
Xen has already been a long time in the enterprise, and has a nice suite of administrative tools. While Xen depends on having a configuration file for each host, KVM expects them to be passed at the command line. To get a bird-eye view of the system, xen has a load of utilities - KVM does not. And although RedHat's virt-manager is said to support KVM and qemu virtualization (besides its native Xen, of course), it falls short of what I need (i.e. it relies on a configuration file... which lacks expresivity to specify a snapshot-based HD image).
To my surprise, KVM has attained much of Xen's most amazing capabilities, such as the live migration. And although it's easier to just use fully virtualized devices (i.e. to use an emulation of the RTL8139 network card), as they require no drivers extraneous to the operating system, performance can be greatly enhanced by using the VirtIO devices. KVM is quickly evolving, and I predict it will largely overtake Xen's (and of course, vmware and others) places.
Where I am now
So... Well, those of us that adopt KVM and want to get it into production now will have some work of building the tools to gracefully manage and report it, it seems. I won't be touching much my setup until after Debconf, but so far I've done some work over Freddie Cash's kvmctl script. I'm submitting him some patches to make his script (IMHO) more reliable and automatizable (if you are interested, you can get my current version of the script as well). And... Starting September, I expect to start working on a control interface able to cover my other needs (such as distributing configuration to the terminals-to-be, or centrally managing the configurations).

23 Jul 2008 6:50pm GMT

23 Jul 2008 3:46pm GMT

Well, my microblogging of GUADEC failed miserably, mainly because I didn't seem to be able to get a DHCP lease

I hope identi.ca gets SMS support by next time. Either that or maybe just one conference where the network doesn't keel over and die at the sight of a few hundred developers.

I was kinda surprised to find quite a few people who didn't know about stow. If you ever need to make install something, use this.

The sides from my talk are now up on wizbit.org. The wiki's pretty empty at the moment, but we're slowly filling it up…

23 Jul 2008 3:42pm GMT

Here I am writing today to tell something that might not be known outside Brazil - at least, I haven't read much in English about it - the attempt to turn the Internet into a government surveillance device.

This story goes back to 2006 (and even back), when we first successfully blocked the approval of a bill that would, in effect, turn the Brazilian Internet into a giant Big Brother. This bill was introduced by Senator Eduardo Azeredo as a replacement to a series of other similar bills that were attempted before and was followed by a strong resistance by civil organizations, one of those being ASL, of which I am proud of being one of the founders. By that time we ended having it postponed for more debate.

It happened that the bill made a come back last weeks, and was pushed into approval by a subcommittee of the Senate (one that was suppose to deal with the constitutionality of bills) and now is heading to the Chamber of Deputies for appreciation. Apart from the first debates back in 2006, nothing happened between then and the approval. The bill have changed a little bit, but not much as to change its effects.

In Brazil, we have two legislative houses, Federal Senate and Chamber of Deputies. If a Law Project is proposed by one, is revised by the other. So we have already lost 50% of the fight. Ronaldo Lemos, professor of Fundação Getúlio Vargas (think about a Brazilian version of "Harvard Law School") have already stated how dangerous such a Law can be, once approved. In his own words: "The wording of the law is too broad, and can be applied in several cases. The interpretation of what is a crime or not will be done by a criminal judge, who is used to deal with homicides and not with technology".

Since its approval in Senate, several people have been putting together a resistance. Central to it is a Petition, hosted at Petition Online, that already holds 64-thousand signatures. One of the writers of that petition, André Lemos, a university professor and researcher, have said that the regular user will have the feeling of being watched, and not knowing if what he's doing in legal or not: "For instance, if I disseminate a virus without knowing, will I be arrested? Can I exchange my files in P2P networks (my pictures, my musics, my text files) without asking for permission? How will the ISPs interpretate these exchanges? Can I copy a part of a text from a blog and paste it into mine? This law creates a feeling of insecurity and generalized fear".

FGV's Center for Society and Technology have published an analysis of the Law Project, and have spotted a lot of problems in it. For instance:

• Unlock a cellphone to be used in another carrier or unlock a DVD player, so it reads disks from different regions, can be a crime punished with 1 to 3 years of imprisonment and a fine, as deals article 285-A;
• Copy something from a blog that doesn't state access restrictions is turned into a crime since a blog is covered by copyright and, if not stated otherwise, those restrictions should apply, and someone that copies can be punished with the same 1 to 3 years of inprisonment and a fine, as deals article 285-B;
• Unlock the iPhone using softwares like "jailbreak" is turned into a crime punished with 2 to 4 years of imprisonment and a fine, as deals article 163-A. Even put a link somewhere in your site pointing to the software "jailbreak" is considered a crime;
• The ISP is turned into a surveillance apparatus, and is mandate to inform the authorities about any of the crimes the Law deals with, as states article 22.

Thinking of how I can help, after sending an email to every Deputy whose email address I was able to get, I decided to translate the law into English (I also uploaded a version with indentation, since it's pretty hard to understand the whole law without it, if you're not used to), so the World can be made aware of what's going on in Brazil. I also just sent an email with it to EFF, asking for their help. Not that I think they can do much, but they surely will know one or two strings to pull in order to put more pressure on the Brazilian government. I also hope that, once this post reaches Planet Debian, even more people become aware of the issue. In a sense, this is an appeal for all the Freedom Culture lovers out there to take any actions they can to help us prevent this Law Project to become a Law.

(In time, I'd like to thank Alexandre Oliva, who revised the translation).

Update (2008-07-23 11:50): Steve Langasek also revised the translation of the Law Project and I've made a "cherry-pick merge", which resulted in the version currently linked in the text above. Older version of the plain and the indented documents are still available. Thanks Steve!

23 Jul 2008 2:54pm GMT

PostgreSQL upgrade from 8.2 to 8.3. This really should be automated (... but I guess I understand why it's not.) At least it does work as advertised, thanks a lot to Julien Danjou. And thanks to Martin Pitt and the PostgreSQL developers for making it so painless to run several PostgreSQL versions side by side. Now there's a serious database.

23 Jul 2008 12:43pm GMT

LUGRadioLive 2008 by sheilaellen (cc-by-2.0)

One aspect I didn't mention in the LugRadio Live Event Review was how old-fashioned it seemed in some ways.

I guess I've got used to seeing conferences experimenting with various web2.0 toys like live-blogging, feedback walls and so on, or the excellent live video streaming of DebConfs, but it was a bit of a surprise to find myself the only person in the audience who connected to the IRC channel from the event.

One possible reason for that was that the wireless network was a bit difficult, or at least that was what I was told. I felt quite smug with my 3G smartphone IRC client (which I'll blog about later) until Rufus Pollock mentioned the 800+ patents involved in 3G. Damn - I guess I hate freedom.

In one way, I guess it's appropriate if the network wasn't up to the task. Broken networks were a regular feature of early ALUG meetings, as the end of this email hints.

Web2.0 was there a little bit. There was a facebook page (which I accidentally spammed while travelling to the event), flickr:lugradiolive and a twitter link of #lugradiolive - but how does that work? There's no user called lugradiolive and you can't have usernames containing # Update: twitter:#lugradiolive (thanks to Dave Briggs for the explanation in a comment).

Anyway, seeing as there will be another LUG Radio Live, maybe we can arrange something more interactive but free-software-friendly for 2009?

More reviews I've read: davee: Lugradio-in' makes me feel good…, Peter Cannon: The party's over for LugRadio Live and No': Lugradio Undead - but why aren't more people writing about this event? There seemed to be enough there. Or are they out there but I'm just not seeing them?

23 Jul 2008 7:18am GMT

d-shlibs source code to Git. I'm migrating all code that I get my hands on to Git. Today I touched on d-shlibs, so I'm migrating that to Git today.

23 Jul 2008 5:28am GMT

Unfortunately the free ride I've had for the last oh, gee, it must be something like four years, is coming to an end, so I have to find somewhere else to co-locate daedalus. Thanks Ben, you've saved me a packet!

The first step is to figure out roughly how much traffic this thing is doing. Fortunately I've been running Argus on it for donkey's ages, so I should be able to figure that part out.

Then I have to find a colo facility, (preferably in Brisbane, to avoid too much dicking about with moving the hardware), which won't charge me an arm and a leg for traffic. I'd prefer a flat monthly fee if possible.

I also need to do some soul searching to decide if it's even worthwhile continuing to keep a physical server. I could move my mail to Google Apps, the photos to Picasa, but I kind of like my blog the way it is. I spent a non-trivial amount of money of daedalus about 3 years ago. It's a grunty server. It seems something of a shame to get rid of it, but I could potentially get a virtual server a lot more cheaply.

The other option would be to try and generate sufficient income with it to cover its costs, but that has all sorts of tax implications, not to mention having to maintain a service level agreement. I really don't have the time or inclination to be doing all of that on the side.

All stuff to think about.

I have an amorphous month to move my server, so if anyone out there has suggestions on a colo provider in Brisbane, please drop me a line.

23 Jul 2008 4:56am GMT

Although it still nominally has my name on it, the Debian dovecot package has for a long time been looked after by Fabio Tranchitella. Recently, Joel Johnson has joined the team and he has prepared a package for version 1.1.1 which was uploaded to experimental a couple of days ago. Upstream thinks 1.1.1 will probably not be stable enough for Lenny but a backport will be provided (perhaps even by me!) Testing/Unstable will stick with the 1.0 series until after the release.

23 Jul 2008 3:49am GMT

77020 packets transmitted, 18029 received, 76% packet loss, time 77049435ms
rtt min/avg/max/mdev = 20.026/130.848/2245.752/287.550 ms, pipe 3

Above are the ping results from pinging my server (hosted on a business DSL connection). Telstra stuffed up and appear to have entirely disconnected DSL for a few suburbs (based on reports from a client who has several clients in that region that all went offline simultaneously). It's affected at least two ISPs (every DSL service uses Telstra's backbone). The above ping results show almost 17 hours of outage, but it was really more like 18 (I didn't start pinging until I realised it was down). Telstra's response to the problem reports (which my client raised via two ISPs) was that it would take until the end of the next business day. The problem was reported at 10AM, so Telstra was apparently happy with two entire business days of outage.

I think that the root cause of such problems is the terrible performance of Sol Trujillo [1] (or "Telstra's Sole True Hero" as suggested in Crikey [2]). Under Sol's leadership Telstra stock has not performed well (it's a monopoly - it's supposed to reap money), it's lost market share in every area where competition is permitted and it hasn't made it's customers happy.

Sol is taking an approach to business that works well for some big companies in the US (and for the mining and automative industries in Australia). He has been trying to force the government to extend the Telstra monopoly with the Fibre To The Node (FTTN) plan [3]. His idea was to have small Telstra boxes (nodes) spread around the suburbs with short copper runs to each home, each node would have absolutely no spare space for other ISP equipment and therefore the other ISPs would not be able to provide a service. The claim was that FTTN was needed for decent performance but ADSL2+ has been shown to work well in the areas where FTTN was proposed.

Telstra even sent out brochures to stock-holders encouraging them to lobby members of Parliament on behalf of Telstra's rent seeking [4]. However Australia is not like the US and this didn't work, they couldn't even get Telstra stock holders to support such plans. Speaking for myself, my interests as a Telstra stock-holder (and I own more Telstra shares than the median stock holder) are vastly outweighed by my interests as a consumer of telecommunications services.

I would like to see the government nationalise the local loop and the exchange buildings and then provide fair and equal access to all telephone companies and ISPs (including Telstra). Then we can have true competition in this market and the companies that provide the best services will win. Currently Telstra resembles one of those inefficient Soviet monopolies. We need some capitalism in the telco industry!

• 
  
• [1] http://en.wikipedia.org/wiki/Sol_Trujillo
• 
  
• [2] http://www.crikey.com.au/
• 
  
• [3] http://www.zdnet.com.au/news/communications/soa/Optus-threatens-war-over-Telstra-s-fibre-plans/0,130061791,139225166,00.htm
• 
  
• [4] http://en.wikipedia.org/wiki/Rent_seeking
• 
  

Share This

23 Jul 2008 1:24am GMT

Today I had the honour to prepare and announce the first Blosxom release after exactly two years and six days.

The primary cause for the Blosxom 2.1.0 release date this week was to get our development efforts of the last two year into Debian Lenny with a nice version number (i.e. one without snapshot dates in the package version ;-). The second biggest cause was that it just was time. But Debian Freezes always give you a good kick in the ass. ;-)

Rhonda plans to prepare an updated blosxom package for Debian during the day. So if Planet Debian is broken in a few days, you know whom to blame: Me and my last minute bug fixes. ;-)

But since you seem to be able to read this, the release shouldn't be too broken - because of course my blog already runs the very fresh Blosxom 2.1.0 release. ;-)

23 Jul 2008 12:01am GMT

In case you missed it, alien 2.0 was final released (5 weeks ago).

22 Jul 2008 9:57pm GMT

One of long standing things on my todo list was to make synchronisation work from my cell phone (Sony-Ericsson K750i) to some PIM application on Linux side (as a GNOME user Evolution is the natural choice). I tried it several times but it never actually worked. Today I gave it yet another try and I finally succeeded on first attempt :-).

As a first step I just wanted to make a backup of all things. Gammu can do it quite well and it's the tool I trust for this purpose:

gammu backup /tmp/phonebook.vcf
gammu backup /tmp/calendar.vcs

Now it's time to play with OpenSync. We will use setup guide and SyncML guide as a starting point. As I had in past problems with both sides - both phone and Evolution failed with some random errors, I wanted to go step by step. So I started with setting up phone to files synchronisation:

msynctool --addgroup file2phone
msynctool --addmember file2phone file-sync
msynctool --addmember file2phone syncml-obex-client

Now we need to configure file storage, just tell it where it should store the data:

msynctool --configure file2phone 1

And change path in your editor to something like:

<?xml version="1.0"?>
<config>
  <!-- directory path for file-sync -->
  <path>/home/foo/phone-backup/</path>

  <!-- should care of subdirectories (TRUE or FALSE) -->
  <recursive>FALSE</recursive>
</config>

Now the more tricky part comes, we need to set up phone end:

msynctool --configure file2phone 2

Fortunately we can use example from the SyncML guide and just fill in Bluetooth address (you can get it using hcitool scan) and channel (sdptool browse 00:b0:0b:fa:ce:00):

<?xml version="1.0"?>
<config>
  <bluetooth_address>00:b0:0b:fa:ce:00</bluetooth_address>
  <bluetooth_channel>7</bluetooth_channel>
  <identifier>Sony Ericss</identifier>
  <version>1</version>
  <wbxml>1</wbxml>
  <username></username>
  <password></password>
  <type>2</type>
  <usestringtable>0</usestringtable>
  <onlyreplace>0</onlyreplace>
  <onlyLocaltime>0</onlyLocaltime>
  <recvLimit>0</recvLimit>
  <maxObjSize>0</maxObjSize>
  <contact_db>Contacts</contact_db>
  <calendar_db>Agenda</calendar_db>
  <note_db>Notes</note_db>
</config>

And now we should be able to synchronise whole phonebook from phone to selected directory:

msynctool --sync file2phone

Okay, this works, let's try more complicated thing - include Evolution in the chain. The steps are the same, config file for phone is the same, Evolution plugin has sane defaults you usually don't have to touch:

msynctool --addgroup phone2evo
msynctool --addmember phone2evo evo2-sync
msynctool --addmember phone2evo syncml-obex-client
msynctool --configure phone2evo 1
msynctool --configure phone2evo 2

But now comes the tricky thing - Sony-Ericsson phones usually have something broken around notes (or it is broken in OpenSync, I don't care, simply synchronisation fails without this step) and we have to avoid synchronisation of them. This can be done by changing filter file in group we've created above (usually in file ~/.opensync-0.22/group2/filter.conf):

<?xml version="1.0"?>
<filter>
  <note/>
</filter>

And finally we can start the synchronisation and it should work:

msynctool --sync phone2evo

You can also GUI multisync0.90 to do the configuration and start synchronisation, but it is not much different, you also still have to edit XML files.

22 Jul 2008 6:12pm GMT

This past weekend was tiresome and this week will be more of the same. See, I moved yesterday to our new house. We have much unpacking to do and sleep to catch up on. Add to that that we don't have cable or Internet yet, I have to pick up my car from the shop, go to work, clean the old house and keep feeding the alpacas that aren't moved yet. Oh and Debian will be freezing this week sometime and my NVIDIA team still has a lot of work to do. NMU's are appreciated. Sigh.

22 Jul 2008 5:01pm GMT