Thursday, December 11, 2008

I, for one, welcome our Google overlords

After battling (or running away screaming from) various open-source CMS solutions, going through a few iterations of rolling my own, and putting up with a really, really, crappy "temporary" (only 4 years!) site, the store's web site is now hosted by Blogger. Discuss.

PS: Oddly enough, Google Sites sucks a bit. I could be wrong, but Blogger seems a heck of a lot more functional and flexible. One would assume that will eventually change.

PPS: This doesn't mean I've given up on open-source CMS solutions. I'd be more comfortable hosting this myself, but at least in the mean time the new temporary solution is Not My ProblemTM.

When will the fun ever stop?

I think the drama with my desktop system is almost at an end. Let's see if I can remember what all went wrong...
  • My new hard drives (Seagate 7200.11 1TB SATA drives) apparently run crazy hot. My old case kept them too close together and/or without sufficient airflow.
  • Obviously this meant I needed a new case, and rather than gut my old case, I thought this would be an excellent excuse to upgrade. I threw together an almost entirely new system with parts on-hand, which happened to include an AMD Phenom 9600, an Asus M3N-HD/HDMI, and some Crucial DDR2/1066 DIMMs. This would have been great, except...
  • Apparently the M3N-HD/HDMI gets the memory timings wrong when you use DDR2/1066. Everything is fine with DDR2/800 or slower. I'm still talking to Asus about this...
  • I would have noticed this fact sooner, except I broke my #1 rule of system building and troubleshooting... I didn't let memtest finish a full pass. After about a half an hour, I decided everything had to be OK, right? It threw the first error after like 38 minutes.
  • After figuring this out, and figuring out that another system with the same RAM on a M3N-HT Deluxe had similar issues, I contacted Asus. They were helpful enough to suggest double-checking the memory timings using CPU-Z, which would have been fine if I had Windows on my system. I finally figured out that I could use an OEM Vista install disk's recovery menu (which will get you to a real command prompt eventually) to run CPU-Z from a thumb drive.
  • While forcing the memory timings fixed (well, mostly fixed) the issues with the M3N-HT Deluxe, my system still wouldn't pass memtest.
  • After trying lots (and I do mean lots) of other things, I eventually gave up and pulled another processor (a 8750) off the shelf. With that, memtest passes, and the system has been stable for over a week.
Imagine all that, with much weeping and gnashing of teeth, spread out over the last nearly 3 months.

The 9600 is on its way back to AMD for a replacement. It will be interesting to see if whatever comes back works... I'm still not 100% sure this wasn't some weird incompatibility between that processor and the board. (I found a post where someone had a similar problem with a 9500 and a different Asus board, and their problem was fixed with a BIOS update.)

Saturday, October 4, 2008

I'm not dead (yet)

So the month of September was consumed by work. If I've been less than responsive lately, blame the 12+ hours/day, 7 days/week lately. (Whee!) And to top it all off, since I've been trying to slack off a little this week (working, say, only 10 hours/day), I finally had some time to migrate my desktop to some bigger hard drives, but now that's turned into a nightmare. (It's a long story, involving 2 dead RAID cards, and now either some bad hard drives that passed burn-in testing fine, or a flaky RAID card.)

To make a long story short, if you really need to contact me, email isn't going to work that great. Without procmail to filter all the Fedora lists, linux-kernel, etc., I just get too much mail to find anything sent to me directly unless I get really lucky. Hopefully after my new RAID rebuilds (which is apparently going to take until tomorrow), I can get the rest of my data moved over, and get my system back up Monday or Tuesday.

It would be really nice to have working email again by the time I head over to Columbus for the Ohio LinuxFest on Thursday. (I'll be teaching a one-day LPI certification prep class there on Friday with Don Corbet.) If you email me and don't get a response in a reasonable amount of time, call the shop... They can always get a message to me.

One good bit of news from the day job though... I need to thank everyone who has worked on the livecd-tools package. I've managed to solve some rather large problems with a heavily customized live CD that I can hand to our employees. If there's a Fedora BoF at OLF, I'll share details then. (Some of it might make sense for a generic live CD.)

Friday, August 22, 2008

SELinux

For the record, I've always been of the opinion that SELinux was a great idea, and it would be incredibly useful. I personally think there are just too many moving parts on the average server (much less desktop) to properly define everything processes on the system are allowed to do.

Over the last couple of days, I helped a client set up new nameservers. The client in question is a university (a small one, but still...), so, as nameservers go, theirs are fairly high-volume.

To make a long story short, we wanted to go nuts with locking down these nameservers, so I left SELinux enabled, installed bind-chroot, etc. I had one real problem... SELinux wouldn't let me mount a separate filesystem at /var/named. Once I figured out this was happening and found the audit message in dmesg, I ran audit2why and got a somewhat helpful explanation and suggestion for a solution. Still, I can't help but feel like it's a bug that I can't mount a filesystem there...

Other than that, things went pretty smoothly. I went to the trouble of making sure all the config files, zone files, etc. were all labelled properly, which was a little painful, but once I figure out how, it wasn't all that bad. I just had to train myself to do "ls -laZ" instead of just "ls -la" to verify things. I even wrote a little script to reset permissions, owners, and labels all at once. It went something like this:
#!/bin/sh

usage() {
echo "Usage: $( basename $0 ) --reference=RFILE file1 [ file2 [...] ]" >&2
exit 1
}

if [ $# -lt 2 ] ; then
usage
fi

chown "$@" || usage
chmod "$@" || usage
chcon "$@" || usage

(My thanks to whoever decided that all three of those commands should have a "--reference=RFILE" option. :-)

The SELinux tools are pretty decent now, but this little exercise pretty much just reinforced my opinion that SELinux is only useful if the sysadmin is willing to invest some time in setting everything up properly.

I hate to be negative... Seriously though, I still see software installation instructions that tell users to "chmod 777" some directory to make things work. (The last time I saw that, it was instructions for some software that was distributed as an rpm. It was sad on so many levels...) Software developers generally suck (IMHO), and most people who do system administration aren't much, if any, better. And that's with our, what, almost 40-year-old security infrastructure? Users aren't even waiting to have a problem... They just immediately turn off security. It's no wonder that most Fedora troubleshooting tips start by having the user disable SELinux.

Anyway, I can't decide if I'm just whining here, if I'm trying to tell a story, or if I'm trying to make a point... I think my point is not that SELinux is bad, but we need to set expectations appropriately. It is a tiny bit unrealistic to expect our packagers to get everything to work right with SELinux. And that's the part we can control... The users just aren't going to get it, period. Maybe ever.

sigh

Saturday, June 21, 2008

Success!

$ rpm -q rakudo parrot
rakudo-0.6.3-1.fc9.x86_64
parrot-0.6.3-1.fc9.x86_64
$ perl6 -e '"Hello".say;'
Hello
$ perl6 -v
This is Rakudo Perl 6, revision 0 built on parrot 0.6.3
for x86_64-linux-thread-multi.

Copyright 2006-2008, The Perl Foundation.

YAPC::NA 2008 round-up

On the first day of YAPC, I gave a talk titled Perl on Fedora.



(Google Docs lost a little formatting in translation, but I've cleaned that up, and I think the results look substantially better than what I actually presented.)

It was the first talk I've given at a conference. I thought it went reasonably well, but I've made a mental note to prepare much further in advance next time, and to learn how to make a presentation that doesn't look lame. (I think I may have a tiny bit of PowerPoint envy.)

On the second day, David Wheeler took some time to talk with me about the Bricolage package I've been working on. It turns out it might actually work as-is, at least for PostgreSQL. I have some work to do to make it work for other databases.

On the third day, I finally got some time to work on my Parrot package. I got it to build with the latest version of Parrot, then broke it to add sub-packages for all the various languages I could figure out how to build. Hopefully Real Soon Now I'll have a rakudo (Perl 6) package, plus packages for a bunch of other random languages like bf.

Tuesday, June 10, 2008

Still in love...

As I mentioned before, I'm really liking the ThinkPad X300. My only real gripe at the time was the lack of battery life. Well, last week I got the 3-cell "Option Bay" battery (which replaces the optical drive), and today I finally got the 6-cell replacement "main" battery.

As I'm typing this, powertop says I have 5.8 hours remaining, and I've been running for 24 minutes. So not exactly the 10 hours advertised on Lenovo's site, but, hey, definitely not bad.

I'm taking this thing to YAPC next week, so after living with it for a week, I should be able to do a full review.

Oh, and according to the shipping scale at the shop, with all 9 cells worth of battery, the X300's total weight is up to 3.5 pounds.

Monday, May 26, 2008

Packaging Bricolage

I've been very occasionally working the last several years on packaging Bricolage, a CMS written in Perl (and implemented using Mason). Unfortunately, until very recently, Bricolage would only work on Apache 1 (and mod_perl 1). That has (finally) changed with the recent release of Bricolage 1.11.0.

Recently, I've been putting in a lot of time just trying to build a package, and I finally have something that will build and install (source rpm). I don't pretend even for a moment that it will work, but at least it's a start. (It also doesn't make rpmlint at all happy, but I'll get to that...)

At this point, I could really use some help getting the package to work, testing it, etc., so it can be submitted for review.

Saturday, May 24, 2008

I'm in love.

My ThinkPad X300 showed up unexpectedly a couple of days ago. (There's a shortage of the things, so even though I ordered it a few weeks ago, I still wasn't expecting it for a couple of weeks. Luckily, since we're a reseller, our Lenovo sales rep expedited the order a little bit.) I need to use it a little more before I do a complete review, but I wanted to share my first impressions while I can still remember them.

First of all, it just seems bigger in real life than it does in pictures. It's definitely much lighter than the average laptop. (I'll be curious to see how much the 6-cell battery and the "Option Bay" battery, which replaces the optical drive, change the feel of the thing. We forgot the Option Bay battery on the actual laptop order, so we ordered it separately later. Neither of the bigger batteries have shown up yet.)

The weird part is that it feels totally normal. Everything is proportioned like a bigger laptop, so unless you set it next to a full-sized laptop, it just feels natural. Plus you get a full-sized keyboard, which anyone used to a ThinkPad should appreciate. (I have to note that this is my first ThinkPad, so I'm hoping the escape key won't bug me too much.)

So far my only complaint is that I don't seem to be getting anywhere near the advertised battery life, but there could be a lot of reasons for that, and I haven't really looked very closely at the problem yet. (For all I know, it could be some side-effect of something on Fedora 9.) (Update: It turns out I'm still waiting for the 6-cell battery to ship, so I've just been using the 3-cell. The 2-2.5 hours I'm seeing are still around half what is advertised though...)

Speaking of Fedora 9, I did my first fresh install of F9 on the X300. I have some first impressions of it to share as well, but I think I'll do that in a separate post...

In the mean time, I think I need to go shopping for a new laptop bag/case/backpack/whatever. I'd love some suggestions from X300 owners...

Saturday, April 12, 2008

imapsync

I'm working on a job today where we might need to use imapsync. I didn't see it in Fedora (or in the package review queue), so I whipped up a package for it (unpacked). I doubt I'll have time to submit it soon, so if anyone wants to run with it, you have my blessing. (Cc me on the bugzilla request so I'm aware of it though, please.)

There are some UTF-8 warnings from rpmlint that need to be fixed. See the comments at the beginning of imapsync.spec.

Monday, March 10, 2008

YAPC::NA 2008 abstract

This talk will cover the current state of Perl development in Fedora (and, by extension, RHEL, CentOS, etc.). Topics will include the following:

  • Status of Perl on Fedora
    • Perl SIG

    • Number of Perl modules available in Fedora and EPEL

    • What we have and what we're missing

    • Licensing

  • Using Perl packages
    • Using virtual rpm dependencies

    • yum, repoquery, etc.

  • Packaging Perl modules
    • Generating packages using cpanspec

    • Building packages with rpmbuild

    • Using mock

    • Checking for problems with rpmlint

    • Submitting packages for inclusion in Fedora

Wednesday, January 30, 2008

And the fun continues...

I have desktop effects in KDE 4! For a while, it seemed like no matter what I tried, kwin gave the following error:
Failed to create Scene object. Compositing disabled
The solution was to turn off Xinerama and switch to using TwinView. I can't say that I'm thrilled with that, but since I only have two monitors on one video card at the moment, it does work.

Oh, and I'm learning to like the yum-skip-broken plugin... It makes yum a fair bit slower than usual, but a slow (but working) "yum --skip-broken update" is better than a failed "yum update".

Friday, January 18, 2008

Rawhide eats babies - Film at 11

So since moving into the new store, I haven't been doing as much Fedora work as I'd like (or need to). I thought I might kick myself in gear a little if I tried actually running rawhide on my personal desktop.

As an aside, I should note that the box in question has been hand-upgraded since Slackware 2.0 in July of 1994 when it was a 386SX/16. Sometime in 1995 or 1996, I converted the box from a.out to ELF by hand. Then a few months later I installed rpm so I could install some interesting applications that were available in Red Hat Linux. (By this point I was running RHL on all of my newer systems.) At some point, I converted my initscripts over to RHL-style SysVinit and ran almost entirely RHL packages. I never ran the installer for upgrades (doing upgrades by hand with rpm at first, with apt later) until I upgraded from FC1/i386 to FC3/x86_64. Since then, all my upgrades have been done with yum. (Oh, and the box that started life as a 386SX/16 is now a dual dual-core Opteron 265. I think it is on its 8th motherboard. I'm about due for the 9th, but that's another story...)

So, anyway, I was running Fedora 8, fully updated, so I tried just doing "yum --enablerepo=*development update" (the "*" so I'd get livna too). That didn't work for some reason I don't remember now, so I thought I'd try breaking up the upgrade into smaller, more managable chunks. I started by doing "yum --enablerepo=*development update yum* rpm*". That didn't exactly work.

At least rpm still worked. I manually updated apt. It was working fine for a little while (although dist-upgrade wouldn't quite work due to some confusion between packages being renamed/replaced, multilib weirdness, etc.) but then when I finally came up with a small transaction for it to run (hoping to get yum working again by upgrading python and a few other things), it complained about size mismatch on some packages on my local mirror. After holding some of them to try to get around the problem, all of a sudden apt-get would hang on any command and suck 100% of the CPU.

So, understandably a bit frustrated at this point, I decided to try smart out. The GUI crashed repeatedly. It filled up /var copying repodata off my NFS-mounted mirror. When I finally got around all that, it had the same problems "apt-get dist-upgrade" did.

So I gave up on smart and decided to try to get yum working. Obviously there was just a missing dependency somewhere, probably just on the newer python in rawhide, but unfortunately the newer python required a newer openssl, which means upgrading just about everything. So after cleaning up a bunch of unnecessary i386 packages, I cheated and installed the newer python, openssl, and a few other things with "rpm -Uvh --nodeps". (Note: Don't try this at home. I'm a professional.) Guess what? After all that yum blew up with the same error as before.

So back to apt. I uninstalled apt entirely, moved my /etc/apt/ out of the way, and reinstalled apt. I recreated the bare minimum configuration that I needed. After that, apt-get worked again! (Something finally worked right!) I did a "apt-get -f install", which sucked in most of the packages from rawhide, and it worked! And yum even worked! Next, I tried "apt-get upgrade". That worked, although it held back a lot of packages. When I tried "apt-get dist-upgrade", I started getting size mismatch errors again.

So I went back to yum. A yum update got me completely upgraded. Time to actually start testing...

I restarted X. Well, I tried to restart X. Guess what? The nvidia binary driver doesn't play nice with the newer Xorg server. So I tried nv and nouveau. Neither would drive my second monitor. (I run a dual-DVI 7800GT.) So I went back to the nvidia binary driver and downgraded X to the Fedora 8 version. Luckily, that actually worked.

I have a whole list of things that are messed up in KDE 4(.0.0, as I'm sure every KDE fan including myself would be quick to point out). In no particular order:
  • In general, things (panel, desktop stuff) aren't Xinerama-aware.
  • The panel won't auto-hide, resize, or otherwise not be in the foreground.
  • The Oxygen kwin theme doesn't seem to be configurable. It's nice and all, but the window borders are way too wide, and I'd really like a color change in the title bar or something else really obvious to let me know which window has the focus. That, or somebody needs to implement focus-follows-eyes.
  • Desktop effects don't work for me. I'm still trying to figure this one out. (Could be related to this. I'm still using version 100.14.19 of the nvidia driver from livna. The 169.07 driver made etqw crash.)
In other news, Firefox (or, as it refers to itself, Minefield) looks nice. It seems to run really well in fact. Unfortunately, the only extension I use that has been updated for Firefox 3 is Flashblock. Ironically, the flash plugin isn't actually working though. (In the process of upgrading, I ditched 32-bit Firefox for the 64-bit Firefox though, so I might just need to work a little to get nspluginwrapper working. At least I hope that's all it is...) (UPDATE: The applix-libs package installed in 1998 was mistakenly providing libXt.so.6, libSM.so.6, libICE.so.6, and various other things it shouldn't have. Apparently I had removed the correct versions while upgrading. Reinstalling those libraries made flash work again.)

On another positive note, I ran (package naming guidelines-violating) OpenOffice.org not-quite-2.4.0 briefly to look at a resume someone sent me, and it looked nice and ran fast, so no complaints there.

Oh, and etqw hangs after a while, but it started doing that on Fedora 8 + updates a couple of weeks ago, so I expected that. (It crashed entirely with 169.07. Backing off just the nvidia update made it only hang. Good thing I still have an un-updated laptop I can run the game on... :-)

Thursday, January 10, 2008

Goodbye Perl6::Bible. Hello Perl6::Doc.

Ralf and I seem to have discovered independently at nearly the same time that the Perl6::Bible "module" is finally being replaced with Perl6::Doc. I have a perl-Perl6-Doc package sort of ready, but I am not sure what to do about a few things.
  1. Do we bother to obsolete the perl-Perl6-Bible package? I wouldn't be surprised if I was the only person who bothered installing it.
  2. If we obsolete the perl-Perl6-Bible package, should we symlink the p6doc script to p6bible on the off chance that anyone was using the p6bible script?
  3. What do we do about the name conflict with the p6doc script included with Pugs?