Gentoo Bug Bounties
Some may have noticed that the Gentoo Foundation has funded a bug bounty. This is something fairly new for the Foundation, and I wanted to offer some comments on the practice. Please note that while I’d love to see some of these make their way into policy some day, these are nothing more than my own opinion, and I reserve the right to change my opinion as we gain experience.
The recent bug bounty was for bug #418431, which was to address a problem with git-svn which was holding up stabilization of the latest version of git, which is a blocker for the migration of the Portage tree to git.
What follows are some principles for the use of bug bounties and how I think we fared in this particular case. I’d like to see the use of bounties expand, as right now I believe we under-utilize our donations. However, it is important that bounties be used with care as they have the potential to cause harm or be wasteful.
One more upfront note – I supported the git-svn bounty as it was ultimately worded, as did the other Trustees. Looking back I think we could have done things a little differently, but hindsight is always 20/20, and no doubt we’ll continue to learn as we experiment with this further.
MythTV ION Frustrations
I figured I’d post another update on where things stand with MythTV on Gentoo. It looks like cardoe is finding some time to work on 0.25, which is good to see.
Right now my setup has the backend on Gentoo, and my set-top frontend on MiniMyth. This is a bit of a pain as it is hard to keep these in sync, so I’ve been trying to get this box onto Gentoo to greatly ease upgrades and allow me to update the tree.
However, I’m still running into issues making the switch. I’m running into issues with HD video artifacts on my frontend, which is a Zotac ION-based ITX board. These artifacts can be substantial – lasting tens of frames, causing tearing, leaving large pink areas on-screen, and so on. When I watch the same videos on MiniMyth sometimes I see no artifacts at all, and at other times I might see noise that lasts a frame.
So, something on the Gentoo build is causing minor defects in the stream to result in much more substantial ones by the time they are rendered. The Minimyth build is clearly more error-tolerant.
Unfortunately, I’m not very familiar with the entire rendering chain so I’m not sure which libraries could be at fault. If anybody is familiar with VDPAU rendering and has some suggestions I’m all ears.
Here is a link to the software installed on Gentoo.
Here is a link to the software installed on Minimyth.
A Quick Dracut Module
Since the general trend on many linux distros is towards requiring /usr to be mounted at boot time, I figured I’d see what it would take to get it working using dracut.
I’ve been messing with dracut for a while, and for some reason it stubbornly refuses to detect my raid devices. The kernel autodetection works fine, but this is disabled when booting from an initramfs. Dracut would timeout and drop me to a dash shell, and if I just typed mdadm -As followed by exit it would boot just fine.
Dracut is using udev to set up raid devices, and obviously that is not working.
Beyond this, I’d like to get my /usr mounted pre-boot, and there is a module called usrmount that purports to do just this. However, it isn’t working in my case because /usr is a bind mount to a subdir on an lvm volume, and it just isn’t figuring that out (it doesn’t even run lvm in the first place despite having the module installed, let alone figuring out what to mount in what order – I suspect the lvm module only works if root is on lvm).
My solution to both problems is to build my own simple dracut module. If you want to try it out:
- cd /usr/lib/dracut/modules.d/
- mkdir 91local
- cat > 91local/module-setup.sh
#!/bin/bash
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=shcheck() {
return 0
}depends() {
return 0
}install() {
inst_hook pre-trigger 91 "$moddir/mount-local.sh"
}
- cat > 91local/mount-local.sh
#!/bin/sh
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=shmount_local()
{
mdadm -As
lvm pvscan
lvm vgscan
lvm lvscan
lvm vgchange -ay
}mount_local
Then run dracut to build your initramfs, and it should let mdadm and lvm auto-detect everything before it gets to mounting stuff. You can then use the fstab-sys to mount whatever you need to mount user. However, in your fstab.sys if you’re configuring a bindmount be sure to prepend /sysroot/ before the source directory.
Example fstab.sys:
/dev/vg1/data /data ext4 noatime,user_xattr,barrier=1 0 0
/sysroot/data/usr /usr none bind 0 0
/sysroot/data/var /var none bind 0 0
Hopefully this helps somebody out – the dracut documentation is pretty sparse. In fact, if somebody connected to dracut stumbles upon this I’d be open to a better way of hooking my script – pre-trigger just doesn’t seem right – I’d rather let udev try to do everything first. However, I couldn’t find any way to hook after udev runs but before it bombs out not finding my root device. Suggestions welcome.
Another MythTV Update
Agreeing with some advice on gentoo-dev, I’m going to post this as a blog entry instead of a Gentoo news item. The quick version of this update is expect to see 0.24.1 in portage in a few days. The long version follows…
Read the rest of this entry »
KDump on Gentoo
I’ve been trying to learn a little more about kernel debugging (part of my quest to learn a little more about btrfs), and I figured I’d post a quick howto on getting kernel crash dumps captured on Gentoo.
Read the rest of this entry »
The Foundation Activity Tracker
If you haven’t noticed on gentoo-nfp, I’ve created an activity tracking page (with the help of David Abbot) to track periodic compliance activities for the Foundation.
Some have asked why do this, and why not simply use the Gentoo Calendar/etc to accomplish this?
Read the rest of this entry »
What’s Up With MythTV on Gentoo?
I’ve gotten a few fair questions over the last few weeks about the status of MythTV on Gentoo. Here is a quick synopsis of where things stand…
Read the rest of this entry »
Gaps in the Cloud
Well, I’ve been getting a lot of use out of my CR-48 ChromeOS netbook, and I’ve found that I can do almost everything I normally do with it, although not always with FOSS. There are a few gaps that I haven’t found either proprietary or FOSS options for, and that is the focus of this post.
The biggest one is financial management. I’ve been stuck away from home for about a week and my CR-48 is my main lifeline to the outside world. I can look up my bills online, and pay my bills online. The one thing I can’t do from my CR-48 is access my checkbook register.
The problem is that I’m using Quicken for my checkbook, and the only way to get at that remotely is to remote desktop into a windows server over ssh (perhaps a virtual one). The CR-48 doesn’t support either RDP or ssh connection forwarding (which is the only way I’d ever use RDP – without setting up a VPN or something equivalent).
The most obvious proprietary alternative online is mint.com, but it really isn’t a Quicken alternative. Mint is great for telling me what happened last week, but horrible for telling me what will happen three weeks from now. I get paid monthly, so I can’t afford to pay somebody $500 today only to find out that I have some big transaction coming in three weeks from now that will send me into the red. Sure, I could just keep some huge balance in my account, but I’d rather keep large balances someplace more useful (like paying down loans or in some kind of decent investment).
Email is a big FOSS gap. Right now I’m using Gmail and that is great. However, it would be better if I could set up my own cloud hosting for Chrome OS authentication/syncing, and have a Gmail-like experience with FOSS. The closest I’ve seen is RoundCube, which is nice, but it lacks the keyboard shortcuts and streamlined interface of Gmail. Drag-and-drop is a real pain on a netbook, and just being able to hit “e” or archive to deal with incoming mail is a lot easier than the multiple-click-on-small-icons workflow of RoundCube to do the same.
FOSS up till now has tended to focus on big desktop applications. I guess it makes sense from the standpoint that the average desktop user isn’t going to set up their own LAMP box. However, I’m perfectly happy to set up a LAMP box and run my own cloud-based services. It just seems like there aren’t many worth running.
I suspect we’ll start to see better solutions if cloud-based netbooks (running ChromeOS or whatever) take off. As we move towards a more mobile world, it becomes more important for data to be accessible on the run.
Oh, and if nothing else it would be REALLY nice if somebody came up with an NX client that runs as a Chrome application. I’ve seen a VNC app, and I guess I could sort-of live with that (if it supports ssh), but NX would be much nicer. An RDP-over-ssh app would also be nice…
First Experiences with the Chrome OS Netbook
Just got a nice surprise in the mail on Thurs – a CR-48 Google Chrome Netbook! Here are some of my first impressions from it.
I have given Chrome OS a test drive or two over the last year, either in virtual machines or using USB drive packages of it. My impression at that time was that this had some potential, but my experience was fairly marred by the low performance of USB flash or virtual machines, and of course the touted benefits like battery life and fast boot don’t really work out well in that kind of environment.
With the Netbook, those particular features stand out – and they do make a big difference. Granted, perhaps my experience with laptops in general has been marred by my employer’s tendency to load their standard image up with junk, but I’ve never found laptops to be “instant-on” in real life, and they struggle with battery life. With Chrome OS I tend to just let it sleep most of the time and I get real instant-on, and if I do power it down the 10 second boot time is VERY realistic – perhaps even pessimistic. Login time – oh, about two seconds. I haven’t tested the full battery life though others have – in my heavy use in the last few days I haven’t gotten the thing under about 85%.
Since I use Chrome as my day-to-day browser I basically was up and running about two minutes after turning the thing on. This is touted as another benefit of Chrome – any device is basically interchangeable with all the cloud syncing. I could see this being useful for an employer – just have a pool of laptops and let employees grab one and use it, rather than having a 1:1 assignment. Provisioning new units of course would be a snap as well.
Performance of the unit is fine – a few webpages that run slowly in Chrome on my desktops run slow on the netbook, but really I see nothing to complain about here.
So, let’s talk about the downsides to the hardware. I’ve always struggled with trackpads. This one doesn’t have hardware buttons, it is purely gestures, and it has two levels of sensitivity (though I’d appreciate if the hard-press required SLIGHTLY less force). I’ve disabled tap-to-click, as perhaps I’m ham-handed, but I find that I constantly bump it and mess up whatever I am typing. Perhaps some intelligence would help here – ramp down the sensitivity when I’ve just typed 500 consecutive characters with no mouse use (hmm, maybe this is a good use for that send-feedback button). Without a hardware button to hold, click-and-drag is difficult except for very short drags, and that complicates things. Also, I’ve found the right-click and middle-click gestures to be unreliable, sometimes causing navigation I don’t want to happen which of course tends to slow me down and possibly lose work.
Click-and-drag is a problem for me, because of the way I manage email. I am a big Thunderbird user, and I used to use SquirrelMail for those times I needed remote access via the web. I just switched to Roundcube which is a little nicer if you have to live with nothing but web, but that app is short on keyboard shortcuts (sounds like another feature request coming on – n for next would be nice, and a delete shortcut as this thing has no DELETE key). I have been browse over search kind of guy with emails for years, and I’m finding that sorting mail into folders with this netbook is pretty painful. I suspect that I’ll need to change over to more of a search mentality to cut down on my need to browse. Gmail really is a better model for limited UI experiences, and I’m wondering if much of that time I spend micro-managing my email is a value-add.
I’m still on the fence about drinking the cool-aid and switching to Gmail entirely, at least as my primary mail interface (perhaps with an archive being sent to my server for safety). Right now I’m hosting my own email, and I really like not having to deal with quotas/etc, and the security of not having it all out on the cloud. I guess if I want to be really trusting I may be able to just have Gmail be an IMAP client to my server. It would be really nice if I could figure out a way to easily just have an IMAP-only password for my account – I’m sure with a little hacking I could get that working, and my email is backed up daily so not too much could go wrong there.
Right now the number of apps that work offline is fairly limited – mainly just notepads/etc. For the most part I’m using my Cr-48 around the house, which doesn’t make that a big problem. In fact, it is pretty rare for me to be completely without network, and my android phone really covers those kinds of remote situations well already. The Cr-48 does have 3G with Verizon, with 100MB free per month for two years. I’m not sure how much I’d even need to use that, but this really would be all I need for the rare email check on the road.
App selection for Chrome is still pretty limited. I’d really like to see:
- Offline Email Client
- NX Client
- SSH Client (better than the crosh one which works in a pinch)
- Offline Google Docs (ok, now I’m dreaming)
- Decent Media Player and File Browsers for external storage
One thing I have found is that you really need to use it for a day or two before passing judgment. Some of the things that drove me craziest passed as I got used to doing things differently. However, I’m still not sure I’m ready to do away with home/end/pgup/pgdown/delete (I never use insert).
I’m sure there will be more to follow. I’d be interested in the impressions of others as well.
Gentoo and Security Updates
While it pains me a bit to say this, and I don’t have a great deal of time to type this, I wanted to at least try to get some kind of word out to our user community that the high-profile kernel regression announced a few weeks ago (and fixed a few weeks ago in almost every other distro), remains a vulnerability in Gentoo with no clear timeline for resolution.
Gentoo bug 337654 is tracking this issue.
Users can emerge a more recent version of gentoo-sources to get the patch, and I’d recommend doing so if local root exploits are something that concern you.
I’d like to dwell a bit longer on solutions, but I don’t really have time to do so right now. Clearly the kernel team could use help with security issues. The security team probably could use help as well in staying on top of these kinds of issues. I don’t want to kick people when they are down – Gentoo is an all-volunteer effort. However, situations like this really don’t do much to improve the reputation of the distro, and at the very least we need to inform users when problems like this arise.
Rich0's Gentoo Blog 