I'm not dead (yet)

So the month of September was consumed by work. If I've been less than responsive lately, blame the 12+ hours/day, 7 days/week lately. (Whee!) And to top it all off, since I've been trying to slack off a little this week (working, say, only 10 hours/day), I finally had some time to migrate my desktop to some bigger hard drives, but now that's turned into a nightmare. (It's a long story, involving 2 dead RAID cards, and now either some bad hard drives that passed burn-in testing fine, or a flaky RAID card.)

To make a long story short, if you really need to contact me, email isn't going to work that great. Without procmail to filter all the Fedora lists, linux-kernel, etc., I just get too much mail to find anything sent to me directly unless I get really lucky. Hopefully after my new RAID rebuilds (which is apparently going to take until tomorrow), I can get the rest of my data moved over, and get my system back up Monday or Tuesday.

It would be really nice to have working email again by the time I head over to Columbus for the Ohio LinuxFest on Thursday. (I'll be teaching a one-day LPI certification prep class there on Friday with Don Corbet.) If you email me and don't get a response in a reasonable amount of time, call the shop... They can always get a message to me.

One good bit of news from the day job though... I need to thank everyone who has worked on the livecd-tools package. I've managed to solve some rather large problems with a heavily customized live CD that I can hand to our employees. If there's a Fedora BoF at OLF, I'll share details then. (Some of it might make sense for a generic live CD.)

SELinux

For the record, I've always been of the opinion that SELinux was a great idea, and it would be incredibly useful. I personally think there are just too many moving parts on the average server (much less desktop) to properly define everything processes on the system are allowed to do.

Over the last couple of days, I helped a client set up new nameservers. The client in question is a university (a small one, but still...), so, as nameservers go, theirs are fairly high-volume.

To make a long story short, we wanted to go nuts with locking down these nameservers, so I left SELinux enabled, installed bind-chroot, etc. I had one real problem... SELinux wouldn't let me mount a separate filesystem at /var/named. Once I figured out this was happening and found the audit message in dmesg, I ran audit2why and got a somewhat helpful explanation and suggestion for a solution. Still, I can't help but feel like it's a bug that I can't mount a filesystem there...

Other than that, things went pretty smoothly. I went to the trouble of making sure all the config files, zone files, etc. were all labelled properly, which was a little painful, but once I figure out how, it wasn't all that bad. I just had to train myself to do "ls -laZ" instead of just "ls -la" to verify things. I even wrote a little script to reset permissions, owners, and labels all at once. It went something like this:

#!/bin/sh

usage() {
   echo "Usage: $( basename $0 ) --reference=RFILE file1 [ file2 [...] ]" >&2
   exit 1
}

if [ $# -lt 2 ] ; then
   usage
fi

chown "$@" || usage
chmod "$@" || usage
chcon "$@" || usage

(My thanks to whoever decided that all three of those commands should have a "--reference=RFILE" option. :-)

The SELinux tools are pretty decent now, but this little exercise pretty much just reinforced my opinion that SELinux is only useful if the sysadmin is willing to invest some time in setting everything up properly.

I hate to be negative... Seriously though, I still see software installation instructions that tell users to "chmod 777" some directory to make things work. (The last time I saw that, it was instructions for some software that was distributed as an rpm. It was sad on so many levels...) Software developers generally suck (IMHO), and most people who do system administration aren't much, if any, better. And that's with our, what, almost 40-year-old security infrastructure? Users aren't even waiting to have a problem... They just immediately turn off security. It's no wonder that most Fedora troubleshooting tips start by having the user disable SELinux.

Anyway, I can't decide if I'm just whining here, if I'm trying to tell a story, or if I'm trying to make a point... I think my point is not that SELinux is bad, but we need to set expectations appropriately. It is a tiny bit unrealistic to expect our packagers to get everything to work right with SELinux. And that's the part we can control... The users just aren't going to get it, period. Maybe ever.

sigh

Success!

$ rpm -q rakudo parrot
rakudo-0.6.3-1.fc9.x86_64
parrot-0.6.3-1.fc9.x86_64
$ perl6 -e '"Hello".say;'
Hello
$ perl6 -v
This is Rakudo Perl 6, revision 0 built on parrot 0.6.3
for x86_64-linux-thread-multi.

Copyright 2006-2008, The Perl Foundation.



YAPC::NA 2008 round-up

On the first day of YAPC, I gave a talk titled Perl on Fedora.



(Google Docs lost a little formatting in translation, but I've cleaned that up, and I think the results look substantially better than what I actually presented.)

It was the first talk I've given at a conference. I thought it went reasonably well, but I've made a mental note to prepare much further in advance next time, and to learn how to make a presentation that doesn't look lame. (I think I may have a tiny bit of PowerPoint envy.)

On the second day, David Wheeler took some time to talk with me about the Bricolage package I've been working on. It turns out it might actually work as-is, at least for PostgreSQL. I have some work to do to make it work for other databases.

On the third day, I finally got some time to work on my Parrot package. I got it to build with the latest version of Parrot, then broke it to add sub-packages for all the various languages I could figure out how to build. Hopefully Real Soon Now I'll have a rakudo (Perl 6) package, plus packages for a bunch of other random languages like bf.

Still in love...

As I mentioned before, I'm really liking the ThinkPad X300. My only real gripe at the time was the lack of battery life. Well, last week I got the 3-cell "Option Bay" battery (which replaces the optical drive), and today I finally got the 6-cell replacement "main" battery.

As I'm typing this, powertop says I have 5.8 hours remaining, and I've been running for 24 minutes. So not exactly the 10 hours advertised on Lenovo's site, but, hey, definitely not bad.

I'm taking this thing to YAPC next week, so after living with it for a week, I should be able to do a full review.

Oh, and according to the shipping scale at the shop, with all 9 cells worth of battery, the X300's total weight is up to 3.5 pounds.

Packaging Bricolage

I've been very occasionally working the last several years on packaging Bricolage, a CMS written in Perl (and implemented using Mason). Unfortunately, until very recently, Bricolage would only work on Apache 1 (and mod_perl 1). That has (finally) changed with the recent release of Bricolage 1.11.0.

Recently, I've been putting in a lot of time just trying to build a package, and I finally have something that will build and install (source rpm). I don't pretend even for a moment that it will work, but at least it's a start. (It also doesn't make rpmlint at all happy, but I'll get to that...)

At this point, I could really use some help getting the package to work, testing it, etc., so it can be submitted for review.

I'm in love.

My ThinkPad X300 showed up unexpectedly a couple of days ago. (There's a shortage of the things, so even though I ordered it a few weeks ago, I still wasn't expecting it for a couple of weeks. Luckily, since we're a reseller, our Lenovo sales rep expedited the order a little bit.) I need to use it a little more before I do a complete review, but I wanted to share my first impressions while I can still remember them.

First of all, it just seems bigger in real life than it does in pictures. It's definitely much lighter than the average laptop. (I'll be curious to see how much the 6-cell battery and the "Option Bay" battery, which replaces the optical drive, change the feel of the thing. We forgot the Option Bay battery on the actual laptop order, so we ordered it separately later. Neither of the bigger batteries have shown up yet.)

The weird part is that it feels totally normal. Everything is proportioned like a bigger laptop, so unless you set it next to a full-sized laptop, it just feels natural. Plus you get a full-sized keyboard, which anyone used to a ThinkPad should appreciate. (I have to note that this is my first ThinkPad, so I'm hoping the escape key won't bug me too much.)

So far my only complaint is that I don't seem to be getting anywhere near the advertised battery life, but there could be a lot of reasons for that, and I haven't really looked very closely at the problem yet. (For all I know, it could be some side-effect of something on Fedora 9.) (Update: It turns out I'm still waiting for the 6-cell battery to ship, so I've just been using the 3-cell. The 2-2.5 hours I'm seeing are still around half what is advertised though...)

Speaking of Fedora 9, I did my first fresh install of F9 on the X300. I have some first impressions of it to share as well, but I think I'll do that in a separate post...

In the mean time, I think I need to go shopping for a new laptop bag/case/backpack/whatever. I'd love some suggestions from X300 owners...