In light of World IPv6 day, the Gentoo Linux Infrastructure team would like to announce new IPv6-availability of several services, and list the existing IPv6 services. Every service listed below is running a dual-stack native IPv4/IPv6 service, no tunnels.

The new services available via IPv6 are:

• http://forums.gentoo.org/
• http://www.gentoo.org/
• AnonSVN, AnonGit

The existing services available via IPv6 are:

• CVS/SVN/Git services for developers
• http://sources.gentoo.org/
• rsync://rsync.gentoo.org/ - our primary rsync rotation
• rsync://${CC}.rsync.gentoo.org - our regional community rsync rotations
• A number of our mirrors

All of our IPv6 services will remain online after today, unless serious IPv6 problems (esp. regarding routing) are encountered.

Gentoo would like to extend thanks to all our sponsors & mirrors who have provided IPv6 service, and the servers to make use of it!

Working on my conference travel plans and wishes for the year. I am downgrading OLS to a maybe, the cost is becoming more of a factor. Likewise, while I had incredible fun at FOSDEM last year, and OSCON in 2006, I cannot justify the airfare/hotel expenses for them. I would like to attend SCALE at some point as well, but uncertain for the same cost reason.

• February 25-27, SCALE 9x @ Los Angeles, CA, USA. [SCALE9x].
• April 11-14, MySQL UC @ Santa Clara, CA, USA [MySQLconf].
• April 13, Embedded Linux Conference @ San Francisco, CA [ELC].

• April 27-30, STS-134 launch @ Kennedy Space Centre, FL, USA [STS134].
• May 26-29, Bowen Island, BC, Canada.
• June 25-26, Mini Maker Faire Vancouver @ Vancouver, BC, Canada.
• August 17-19, LinuxCon 2011 @ Vancouver, BC, Canada [LinuxCon].
• August 25-28, PAX Prime 2011 @ Seattle, WA, USA.

• July 25-29, OSCON @ Portland, OR, USA.
• August 7-11, SIGGRAPH 2011 @ Vancouver, BC, Canada.
• October 19-22, Access 2011, @ Vancouver, BC, Canada.
• October 22-23, Google Summer of Code 2011 Mentor Summit @ Mountain View, CA, USA.

• February 5-6, FOSDEM @ Brussels, Belgium.
• June 13-15, Linux Symposium @ Ottawa, ON, Canada.
• September 7-9, Linux Plumbers @ Santa Rosa, CA, USA.

SCALE9x

Arriving on the 24th actually

MySQLconf

I will be manning the phpMyAdmin booth, like past 5 years.

ELC

Dropped in for just one day for hallway track

STS134

KSC grandstand seats to see the penultimate launch :-)

LinuxCon

Local this year, so no travel costs :-)

2011/04/26

Added GSoC, Access 2011, Bowen Island, STS-134

The province is saying that there is sufficient Nightbus service, so they aren't going to extend the SkyTrain hours:

TransLink's Ken Hardie says they can't run SkyTrain later because the tracks need maintenance. "We have night bus routes that basically follow Canada Line, the Expo Line and the Millennium Line, so they duplicate those routes and they run all night."

I don't disagree that the maintenance is needed, but my objection in your claim that the NightBus routes "run all night".

Almost all of the NightBus routes have a final bus leaving the downtown core at 03h09. The first buses in the morning then start leaving the downtown area between 05h00 and 06h30. The exceptions: the N10, with downtown departures up to 04h39 (1 hour gap to the start of normal service). The N16, which stops at 03h28.

This means that if you are downtown and want to leave AFTER that, perhaps because your job had you working downtown, or you were chatting with friends, then you're stuck.

I would like to ask Translink to add the few more trips that it would take to continue to run 30-minute service intervals until the resumption of regular morning service. The N10 is almost there, it just needs one more set of Downtown departures. Make our transit system really 24-hours!

I apologize for doing this, but recent onslaught of spammers (~35 in the last 5 days) have left me with no choice: I've changed comments from non-friends to be screened by default AND require a captcha.

Those that have followed me for a while might have seen me previously complain at journalism that's misleading, wrong, or outright fictitious. Now I've got another case...
This article by Ed Bott at ZDNet:
Linux infection proves Windows malware monopoly is over; Gentoo ships backdoor? [updated]

The article was first published 2010/06/12 20:37 UTC.
It claims to be "worse" when updated at 2010/06/14 19:30 UTC.

Gentoo had a revision bump to a known good copy of the tarball at 2010/06/12 16:34 UTC (using a different filename, and verified against the GPG signature provided by upstream), so it was ALREADY fixed when the article was published. The old revision was explicitly removed at 2010/06/12 21:18 UTC.
Commit data for fixes:
Changes for unrealircd-3.2.8.1-r1.ebuild
Changes for unrealircd-3.2.8.1.ebuild

The trojaned tarball was then removed from the Gentoo master mirror at 2010/06/13 08:00 UTC, about 11 hours after the article was published. It would have been sooner, but it was a matter of bad timing.

Gentoo bug 323691.

The article also claims: "There’s a great deal of comment in the Talkback section of this post about how official repositories can be trusted. It appears that system broke down thoroughly in this case."
This claim is bogus. The developer that updated the package made perhaps a mistake in trusting that the upstream had not been tampered with. However, in lacking anything to verify against (the upstream apparently did not sign releases at that point), he couldn't have detected the backdoor except by manual inspection of all the code. He downloaded the package AFTER it had been tampered with (2009/11/11 I believe), so he never saw the tamper-free version either.

The entire point of the Gentoo Manifests are to ensure that OUR mirrors are not the point where a compromise is introduced. We can detect upstream changes by this same mechanism, but they mostly tend to be upstream deciding to 'fix' something without bumping the version number. In this regard, they functioned perfectly.

P.S. I'm not saying the existing Gentoo mirroring is perfect either, see my prior writings on tree-signing, and the "Attacks on Package Manager" papers by Cappos et al., which are blocked only with the full tree-signing system.

(This post inspired by Petteri Räty (betelgeuse)'s similar post

For this year's Gentoo GSoC projects, I'm a mentor on two of our suggested ideas (but also interested in totally new ideas that fit my fields):

• upstart on Gentoo
• Distfile Fetcher Intelligence

Do you actually understand the project idea?

This is actually a gap that I didn't expect to exist, but I have seen in previous years. This is mainly a difference of expectations between the proposal and what the potential student sees as what the idea really entails.
Using Upstart as an example, it supports an existing init.d compatibility mode, but we're not interested in that. Instead we want our init.d scripts to be treated just like upstart jobs (located in /etc/init/). The init.5 manpage shipped with upstart gives a good start...

Code maintainability

betelgeuse spoke about long-term maintenance, but you should think about it long ahead of that. Some degrees of abstraction, and avoiding difficult to understand logic should be prevalent here. betelgeuse mentioned spaghetti code, but it's important to realize that even well formatted code can impose a much larger mental workload if not well thought out.

Timezones, Timezones!

Most of your project should not be blocking on asking for mentor advice, as timezones and real world pressures often conspire to prevent easy real world communication. I may live in UTC-7, but my hours drift as needed by work but I tend to be online anywhere between 17h00 UTC and 10h00 UTC. If you're trying to communicate with me on a regular basis, this can be tough, so being able work on a problem independently, ask highly directed questions via email can go a long way.

Good advice for any prospective GSoC student, regardless of gender

I'm also a mentor for Gentoo again this year, after taking a break last year.
You can find our list of potential ideas here: Google Summer of Code 2010 ideas for Gentoo
But don't limit yourself to them! Creative ideas can get you very far too :-)

I'll also be the infrastructure contact for the accepted SoC students, for any issues you have with the source code repositories (we'll be offering Git again), your shell accounts, and a sounding board on deploying your successful project (for those that hosting or larger resources).

Sitting in the MirrorBrain talk at FOSDEM, taking notes.

Actively used since ~2007.
Split between the redirector and the tester, explicitly made separate.
SourceForge helped with the ASN/Closest-Network side.
Metalinks and P2P support.
Scans mirrors for filelist to see what's present.
Load limiting by making director support mirrors that are limited to a local network / AS / country etc.
MetaLinks don't have Magnet links presently, but I noted that it should be possible to include it.

Using GeoDNS directly for lookups can cause trouble with partial mirrors. Ideally need to put a MirrorBrain server on each continent/region, and GeoDNS to point to that. Also, from some countries, bandwidth to adjcaent countries that might have a mirror is MUCH worse than bandwidth to a well-connected country elsewhere. Past user experience noted with a user in Mozambique, for whom the fastest mirror was via satellite to Canada. Routing data IS needed to make that best choice.

MirrorBrain mailing lists also have a generic non-project-specific "networkers" list for talk between content providers and mirror admins, non-specific to any app.

In the early hours of this morning, a spammer managed to get the IP of the Gentoo list server on the NiX Spam RBL... simply by spamming the subscribe address :-(. This caused approximately 2000 deliveries of normal list mail to be rejected while the server was present on the RBL.

Why did this happen? I do agree on the importance of spamtrap accounts, but they MUST check the content of their messages. A list confirmation message MUST NOT be considered as spam.

The original subscribe request came from what seems to be a compromised server in Secunderabad, India. So it wouldn't have been detected by RBL focused on modem/dialup addresses.

Short of raising the bar to subscribe (with a specific token that needs to be included, and then it's only a matter of time till spammers include it too), there isn't much we can do to block stuff like this at the list-server level. There is no way to detect than an address is a spamtrap. There cannot be by definition, as the spammers would avoid it themselves otherwise.

[

mood

|

pissed off

]

My bicycle was stolen earlier this evening. Sufficiently close to see the guy cycling away with it. Drove around a bit with Dave looking for it, but didn't find :-(

• Orange DeVinci St Tropez (large)
• Reward if you return it!
• Extensive scuff damage to the handlebar ends
• Panier Rack
• Rain fenders
• 2x front LED lights
• 2x rear LED lights
• Serial: SA…863

Last time I had my bike stolen I was in the downtown eastside. This time it was stolen from outside my house, NOT visible from the street or alley, around 23h00 at night.

Monty Widenius (one of the original authors of MySQL) has asked for help in lodging objections to Oracle's purchase of Sun Microsystems.

I have no objections to the EC posting my mail, but I thought to also post it here, and help spread the word.

I've been prodding at the concept of the new network script in OpenRC-0.5, and I'm at a loss to try and see why Roy has decided to toss the old network config system away. The new system doesn't have a lot of capabilities, and most significantly totally loses the ability to restart a single interface without affecting the rest of the system. If it's just for a rewrite, then I'm not too worried, but unless all the functionality is still there, I'm worried we are going to move backwards with it.

At the same time, I don't think many people are aware of how powerful the "old" network configuration mechanism is. The net.examples file is only the start, once you start mixing in the pre/post calls, there's a lot of power. It's capable of some feats that I don't see used even in certain parts of the Gentoo documentation^[1]. I've put together some of my gems of conf.d/net, and if you have some, I'd love to hear them. Leave a comment or email me the scripts, along with a description.

Configurations available

• Easy to maintain HE.net (Hurricane Electric) IPv6 tunnels - Download
• Running two ISPs at home (basic multi-homing) - Download
• "Enterprise" multi-homing setup, with 4 paths to the Internet - Download

Hosting

I've also started a bit of storage in my Gentoo webspace for these collected works of network configuration, with a bit more documentation.

Notes

1. The Gentoo docs have this for IPv6: Gentoo IPv6 Router Guide, Tunnel Configuration. You could bring it up manually, or you could just take the IPv6 config above and use it straight with your variables filled in. Volunteers welcome to help merge that config into the Gentoo IPv6 documentation.

solar was asking about release statistics, so I grabbed the current data from Bouncer. The nearly 34k releases for 10.0 is just in the 5 days that it's been out. I included the various architetures that were part of each released 'product', to make some degree of comparision possible.

• 2008.* has the LiveDVD's pulled from mirrors due to size complaints.
• bt-http-seed was an (failed) experiment with a set of mirror URLs for trying to load-balance Bittorrent's HTTP seeding
• Bouncer really needs replacing, but there's nothing really good to do so that I'm aware of. mod_sentry isn't nice. Other suggestions welcome. Should support products, architectures within products, seperate check/serve URLs, detailed hit recording for analysis.

To add a new USE flag, that's globally enabled for all Linux profiles, what's the minimum set of profiles that need to change? Deprecated profiles must be handled as well, for users that need to migrate still.

I ran into this today, while working on the USE=modules changes for linux-mod.eclass.

As an attempt to solve this, I munged up some GraphViz work to show profile inheritance, pictures as the end. Both sets have the trailing profiles "/desktop", "/developer", "/server" turned off for the 2008.0 and 10.0 releases, to cut down on the noise.

Graphs and script for download.

Odd observations

• Several Prefix profiles (linux/{amd64,ia64,x86} link to 2008.0 profiles explicitly instead of the generic architecture)
• default/linux does not bring in base. Some profiles at a glance neglect this and might not have base brought in at all.
• "embedded" is all alone in the tree.

Question for any skilled GraphViz users:

If all nodes in a given subgroup/cluster have an edge going to a single destination node, is there any way to get graphviz to replace them with a single fat edge from cluster to destination node?

[

mood

|

annoyed

]

So for our Vancouver heatwave (I noted 39C away from the water today, in the shade!), it's finally claimed some of my computer hardware. Most annoying, the battery backup unit (BBU) in the newer fileserver, and 1.5 of the disks of the RAID1 array in the old server...

My website and personal email will be offline for a day or two while I ensure my backups are up to date, and redeploy to the newer fileserver (after I buy a new BBU tomorrow).

[

mood

|

contemplative

]

I wasn't aware of this forthcoming movie until some of my co-workers mentioned it today, and watching the trailers, it wasn't the movie itself that caught me (but it looks promising too), but rather the usage of South African settings and historical footage from the apartheid era. As a South Africa, some of it is just too eerily familiar. It's just really apartheid again, with a twist that it's against "real aliens" now, not the forced alienation of the black population.

• Trailer #1
  Original footage: Starting at 0:35, for 6 seconds.
• Trailer #2
  Same original footage, 0:26 for 2 seconds.
• Original short film
  The SABC logo is too new for 1990, the one used is post-1994.

I really need to get back to writing in this blog. In the meantime, I scoured my email for the last 2 years of fortune submissions that I hadn't compiled together yet, and make a release. Go forth and amuse yourselves with it.