This article will try to provide a contrast between ‘the Debian way’ and ‘the Slackware way’ when it comes to distribution management. The idea is to really attempt to illuminate people on why Debian, and many other distributions may not be ideal, and why a classic approach such as Slackware still has merit in this world of modern feature-crazy distributions.

I start this article knowing full well that it will offend people, even so, I think this needs to be said.

Now, for some background, I started using Linux sometime in 2000, my first distribution was Mandrake 7.0, and I eventually switched to Slackware 7.1 in order to try and accelerate my learning curve by forcing myself to use a more ‘pure’ environment, this worked fairly well. In the first year, my knowledge of the various modular components and how they fit together grew rapidly. At some point in 2004 I believe, I started using Gentoo on my laptop, and it quickly became one of my favorites. Several months ago, I realized I no longer wanted to spend valuable time waiting for various software packages to compile, I also grew very frustrated with their masking ‘feature’, and decided it would be time to look elsewhere.

And here finally, is the crux (no pun intended) of the story. Out of all the options out there, I figured my best bet would be Debian; after all, if there is one distribution that could be considered a ‘flagship’ of the Linux community, it would have to be Debian. Furthermore I liked the idea that like Gentoo, the base system came in a minimal configuration, and you added packages as you need them. Of course, because of various factors, I didn’t get the chance to do my migration right away, and it ended up being put off for a few months.

Then one day, while googling around for some info on XULRunner, I stumbled upon Mike Hearn‘s blog, where he was discussing Debian’s controversial method of forking software; it is old news, but still important to evaluate I believe. I have to say that this shocked me immensely. Despite not using the distribution yet, and therefore not being a ‘fan’ per se, I held a lot of respect for the project and it’s leaders, for fighting the good fight and standing strong when it came to software freedom. The notion that Debian could do any evil was alien to even a non-user like me. I read on and I found myself agreeing with Mike on pretty much all his points. I googled for more details on this controversy and discovered this which explains some more details about the whole incident. As near as I can see, the Debian maintainers feel that Mozilla’s linking strategy is not ‘unixy’ enough, and have decided to ‘correct’ that by changing the way the software functions on their distribution. This has the potential of breaking compatibility as noted by both Mike and Benjamin. And I would add that this is just a total slap in the face to the hard work of the Mozilla developers. Bottom line is, if you want to get all patch-happy on some piece of software, then change the name; the upstream developers do not deserve to suffer all sorts of support headaches simply because you decided to do your own thing.

The fun doesn’t stop there however. On May 13th, one of the most severe and critical security problems in years was discovered in Debian’s version of OpenSSL, and this problem affects Debian forks as well such as Ubuntu, Mint, DreamLinux (unconfirmed) and MEPIS. All of those are in the top 10 of DistroWatch as I write this (with Ubuntu in 1st place), except for MEPIS which is #12. The issue arose because once again, one of the Debian package maintainers decided to go their own way without including upstream developers in the process. The short of it is that Valgrind, a well known memory debugger, was coming up with “uninitialized data” warnings in code linked to OpenSSL. This apparently is a well known issue, and there have been discussions about why the issue comes up and what to do about it. It is related to the fact that Valgrind and IBM’s Rational Purify usually view “uninitialized data” as a bad thing, when in the case of a random number generator, it is actually necessary.

The Debian ‘patch’ essentially removes the ability for OpenSSL to generate random numbers properly, the result of which causes keys generated with OpenSSL on Debian (and it’s derivatives) to be extremely easy to guess in a short amount of time using an amateurish brute-force attack. Worse yet, this Debian ‘maintainer’ didn’t alert upstream developers to his ‘patch’ and therefore the problem went uncaught for years and has now put many unsuspecting users at risk.

I may not be a developer, but even I can see the absolute stupidity behind the OpenSSL debacle. And it is all because of their absolute refusal to respect the wishes of upstream developers regarding their software. This is nothing new of course; distributions have been doing this sort of bullshit for years. I recall back in the day when Red Hat ended up shipping a CVS version of GCC known as “GCC 2.96″, which broke compilation with many packages, the official stable GCC release at the time was 2.95.3, and this newer 2.96 version was actually a development snapshot for the upcoming 3.x releases. Then there was the whole controversy with various distributions shipping broken copies of MPlayer due to patent fears; SuSE and Debian (yep, them again) were two notable offenders as I recall.

Essentially, for whatever reason, some distributors seem to think that their Linux distribution is a proper place to dump all their dirty hacks and patches, and to completely spit at the hard work that upstream developers put into their stable releases. It is heartbreaking to see the community in this sort of uncooperative state.

Many years ago I read an opinion article titled “Does Slackware still matter?“, I remember being pretty miffed about the whole thing, but at the same time I couldn’t really produce a comeback. Over the years of course I’ve gained more insight into these matters, and I can now definitively say that, YES, it matters perhaps more than any distribution currently out there.

Patrick Volkerding started Slackware back in 1993, and the first release came on July 16th of that year. Originally not intended to be a serious project, it eventually grew, and exists to this day as the longest living Linux distribution ever. The philosophy behind the project very much obeys the “Keep It Simple, Stupid” philosophy, or KISS for short. The idea is that the system should shy away from over-reaching complexity and abstraction layers, and instead keep things clean. In following this philosophy, most of Slackware’s packages are often sparsely modified compared to their upstream counterparts, and given that this is a one-man project, it would be pretty difficult to go around patching everything and then having even more testing to deal with. There are some exceptions I would imagine, perhaps some security issues and so on; also, back when the Gnome environment came standard, Patrick would often have to clean up after the upstream Gnome, and make sure it doesn’t essentially ‘take over’ the system.

I truly believe that the Slackware way of distributing, is the right way, with minimal changes from upstream, and very few abstraction layers for configuration (bash scripts like netconfig are all that come to mind), as well as an easy to work with BSD init script set up, it is easy to see that Slackware does not ‘hide’ the system from you like many others do.

I mean let’s be clear, when you use Gentoo, with it’s bizarre init and config system, you don’t learn Linux so much as you learn ‘Gentoo’, and when you use SUSE, you don’t learn Linux so much as you’re just learning ‘SUSE’, and so on with every distribution. Now of course I may be exaggerating; after all there are more similarities than differences, and truly, experienced Linux users can easily pick up another distro and understand what’s going on. Besides, often many of the ‘default’ usual configuration files will point you in the right direction, like when editing resolv.conf on Gentoo, a note will mention how you have to add your DNS servers in /etc/conf.d/net instead. Even so, it does mean that there are serious challenges in administering many boxes with different distributions.

Of course, the first natural riposte to my article will probably be “are you against freedom of choice or something?”, and the answer to that question is no, I am not. I fully understand that everyone has the freedom to do things their own way, and of course, to the “Windows user” that joins the Linux community through Ubuntu, they probably don’t care whether resolv.conf is edited directly or whether there is some abstraction layer; but to people who want to learn system administration, it can be a pain in the ass to move between distributions if you haven’t learned how the system really works behind all the abstraction. And of course, it is a slippery slope; there are configuration hacks/abstractions, and then there are actual source code patches that change the behavior of the program in question; and we can see that this patch-happy attitude can often have some serious repercussions, like in the Debian OpenSSL case. If anything, I am not suggesting we all become robots and obey one standard ‘method’ of doing things, however I think there needs to be a more conservative attitude when it comes to breaking consistency with upstream. Let us remember that upstream projects develop the applications, and distributions are supposed to distribute.

To conclude and sum this up, when I download a package from a distribution’s repository, I think it is not unreasonable to expect the package to be the same as the one I would download from the upstream maintainer’s website. If it isn’t, then there isn’t really much of a point to pitching the idea of online package repositories as an alternative to traditional methods of software distribution. I think Mike Hearn’s example of a distribution mirror altering a package is a very good example, because in such a scenario, many individuals would be outraged and angry, and yet Linux distributions get away with this kind of thing all the time.

And that is pretty much all I have to say about that.

P.S.: As I said when starting out, I know some folks will be offended by this, and I know how articles and posts like this can easily cause flame wars, I hope there are no hard feelings. Also, it seems that one of the first instincts when reading an article like this is for people to question the author’s competency and so on, I hope you can manage to keep it civilized despite any disagreements you may have with my opinion.

I have to say, I really didn’t expect this kind of traffic for my humble little post about the Valve Source engine possibly coming to Linux, especially given that I reported on it a week or two after Phoronix! And seriously, 1500+ diggs, wow.

In any case, that aside, something has been bugging me, and as usual, I can’t just let it go.

Some individuals have been referencing my post, only to be shot down by people claiming my 3rd point is invalid because EA supposedly handled the PS3 port work. I have to say, nice detective work. I haven’t kept up with console release news recently, so I missed the story about EA having done the port.

However… This is completely irrelevant regarding my point. Sure, in the article I imply that Valve did it, ok, so substitute Valve for “EA”, the important point is that the code EXISTS. Somewhere, somehow, there is a version of the Source Engine out there that is powered by OpenGL. Furthermore, I would be willing to bet that the OpenGL work, at the very least, is all Valve’s, and that EA only did the PS3-specific bits.

Why do I say something so speculative? Because when the HL2 source code was leaked years ago, the engine used OpenGL as a backend. Now we all know that the HL1 engine was based on Quake1, and that the Source Engine was developed from scratch specifically for HL2, but it’s possible the general engine components were done first, and the rendering backend last, so maybe this OpenGL code from the leaked version was actually an evolution of the HL1 rendering backend, who knows?

Of course, when you factor in the Postal III port, everything more or less falls into place, and you start to get a picture of what’s going on, Valve has to have their own OpenGL somewhere, because I just can’t see a dev house like RWS or Akella writing an entire rendering backend on their own, if they were going to go through that trouble they would’ve been better off using an engine that fit their needs better.

Now I hope this settles the issue. Keep in mind that my post wasn’t designed to be authoritative on the issue, I am merely looking at the various clues, and drawing certain conclusions from them. If I am wrong, and there isn’t a Linux port, well, the points stand up on their own, in the end all it will mean is that Valve completely wasted some source code that they already had in their hands, for whatever reason.

Anyways, that’s it for me. Until next time, take care of yourselves, and each other. :)

EDIT: I respond to the ‘EA wrote the PS3 Orange Box port’ comments here.

I’ve been meaning to write this post for awhile. It’s old news by now I’m sure, Phoronix first posted their story here on May 7th. But regardless…

I’m not sure what else I can add that the Phoronix article didn’t cover. However it seems some people are dismissing this as just a baseless rumor and no one seems optimistic about the possibility of it actually happening. So I’ll list the three main points here.

1. Valve puts up a job posting asking for a “Senior Software Engineer”, with one of the responsibilities being to “Port Windows-based games to the Linux platform”.

2. An upcoming game, Postal III is slated to have Windows, Mac and Linux ports. This game is designed using the Valve Source Engine. This is probably one of the strongest points, how are they going to make a Mac and Linux port without OpenGL? Clearly something is afoot. ;)

3. The Orange Box was released on the Playstation 3, a system that isn’t known to have any viable Direct3D/DirectX API implementations, on the contrary, it uses an OpenGL ES derivative and some other libraries standardized by the Khronos Group. It also uses Nvidia’s Cg shader language, which is also cross-platform (yes, works on ATI too). This means that either Valve already ported their game engine to OpenGL, or they are using an emulation layer such as Wine. Transgaming has been known to license their Cedega (Wine derivative) backend to console game developers, they did so for The Sims on the PS2 and some others too I believe. This by the way is not mentioned on the Phoronix article, and I’m not aware of any other site that has mentioned this (which is what makes my article unique I suppose).

Bonus! :)

4. Steam represents a unique opportunity for Valve, you see many who use Linux are often known to be more technically skilled than the average user, it is possible that game companies have known for a long time that there were many potential customers on Linux, but that they figured piracy would lower sales down too far, unlike on Windows where there is a huge majority of clueless users who may not even know how to pirate something, most Linux users are adept enough to do far more. This concern if it exists, is all but completely eliminated with Steam. Valve could also make a lot of money selling download statistics and usage data to other companies.

Phoronix also suggests that the UT3 Linux client delay could be related to this given that Epic has recently started offering their games through Steam. The implication seems to be that maybe Epic wishes to launch the Linux client through Steam, if this were the case, then Ryan Gordon would definitely be correct when he said “If I told you what the specific problem is, you wouldn’t believe me” during an interview at LinuxHardware.org. Can you imagine?:

“Yeah, it’s being delayed because of Steam”
“oh.. ok… .. wait.. — WHAT?”

In any case, we’ll have to wait patiently for more news. Personally I think the three first points are probably the strongest indications that this may happen. At the very least, it seems there is already, or will be an officially-maintained OpenGL backend for the Source Engine. Whether this translates into a Linux/Mac port remains to be seen. I mention the Mac too now because if they do a Linux port, it is doubtful they will not also release a Mac version, it is essentially as simple as a recompile to take a unix/posix/opengl/sdl application between Linux and Mac. Anyways, until next time. ;)

The other day a coworker of mine was trying to test if he could access an RDP server on our network, we started by pinging it to see if it was live. My computer is a laptop that runs Linux, but we happened to have a Windows XP machine nearby which I was setting up for someone else. So we used that to test if RDP itself worked. It occurred to me that RDP is used pretty often by people on our network, and that it might be handy to be able to access RDP servers from my laptop in case I ever needed to. After a bit of googling I found rdesktop: http://www.rdesktop.org/

I recall finding this once before, but back then I didn’t feel I needed it. In any case, on most Linux distributions, installing a new application is as simple as one command:

apt-get install rdesktop
yum install rdesktop

…or in my case:

emerge rdesktop

Which compiled/installed the package for me. Emerge is a Gentoo Linux utility, not all distributions require compiling, the two other commands I listed before are on Debian/Ubuntu and RedHat/Fedora respectively, and install binary packages as opposed to compiling.

After that, I simply typed “rdesktop n.n.n.n” where “n.n.n.n” is the IP address of the server we were test-connecting to earlier, and it worked fine. Of course I didn’t have the password for that machine.

Today, Koopa gave me an address so I could try it out a bit more extensively, I connected to it, logged in, and began playing around. It seemed to work fairly reliably, I was able to open several applications and check various server logs, I even opened up IE and browsed around just for the sake of testing. The last thing I did, which I considered the ultimate test, was to see if I could copy text from the RDP session and paste it into my local Linux machine. The first time I tried it didn’t work, but I believe this was just because of Linux’s sometimes random clipboard behavior, I tried it later and it worked great.

All in all I have to say that this is a great solution for anyone who works at a primarily Windows company, but wants to run Linux on their desktop. I’m sure many of you already are aware about Samba which will let you use windows file and printer shares. And if you need to access Exchange/AD stuff, there is the Ximiam Evolution email client which is comparable to Outlook in it’s features and compatibility with microsoft protocols.

As a bonus, a bit of googling reveals that there is also an RDP server for Linux which I have to say surprised me, especially given that the protocol was designed specifically for Windows and integrates a bit more deeply with the Windows system than say… VNC. The server is named Xrdp, and it is available here. As the screenshots show, it seems to work pretty well, despite having an ugly login screen. I think that the login screen is likely a result of some strange details in the RDP protocol, my guess is that the screen that is normally presented to windows users via RDP isn’t exactly the same one they see when logging on locally, and even if it is, it’s likely deeply integrated with the RDP protocol, so they probably had no choice but to write one from scratch for Xrdp directly on top of X11, which isn’t a bad thing, it doesn’t affect functionality.

If I ever have some time I might try setting up a Linux server at home that uses Xrdp, and I’ll make a more detailed post about it. For now, I’m signing off. Later everyone, and happy remote-computing. :)

When comparing Sprint and Verizon’s EVDO service, Verizon usually came up short, given their 5GB monthly cap, and terms of service that restricts everything but browsing and e-mail. However, with Sprint suffering through a rocky financial stretch, it looks like their CEO has decided that customers were getting too much, for too little. drew  directs my attention to a leaked memo posted on the dslreports.com forum, which says monthly caps are coming:

Quote

Sprint reserves the right to limit throughput speeds or amount of data transferred and to deny, terminate, modify, or suspend service if usage exceeds 5GB per month in total or 300MB/month while off-network roaming. Check your subscriber agreement rights on Sprint.com.

There’s no word yet just how tough enforcement will be. You may have to cross the bandwidth gestapo at Sprint several times during the year in order to have your wrist slapped. Sprint’s CEO, in a meeting with employees, apparently told them he believes the caps will only really impact about 1% of their EVDO user base.

Source: http://www.dslreports.com/shownews/Sprint-To-Impose-5GB-Monthly-EVDO-Cap-94576

Now with that said, if this is true, it will not bode well for me.  I believe that I am one of the 1% of users.  I use the card about 3-4 hours a day 3 days a week.  During this time, I am actively browsing the web and have email open.  The email is the key component here, as outlook is a bandwidth PIG!  I need to look up my statements and see how much bandwidth I am really using.  If this change is truely going to happen, I am going to cancel my service with sprint and move to verizon.  I have asked other laptop users I’ve sat with and inquired about the dead spots and they said that their service works like a champ.  I always get about 1 to 2 dead spots during my train ride.  Of course, I think I use it more (irc demands continual connection) that your average user wouldn’t notice.  If I fly under the 5 gig cap, verizon it is!  Time will tell…

OK, well for those of your that do not know, a Sierra Wireless 597E is a card that allows me to get broadband access to sprint’s networks.  I’ve had the Novatel Merlin EX720 card for a long time and very happy with it.  Every once and awhile, I check around and make sure that I have the best bang for my buck.  I mean, the Merlin card works great, but what if another card blows its socks off?  Well, after doing some research, it seems that there is NO benefit to upgrading from what I can tell.  Here are the specs between the two cards:

Sierra Wireless 597E, Express Card

• Express Card – works in Windows and Linux laptops and Macbooks
• Rev A Ready
• Broadband-like download speeds where available
• Flip-up antenna and an external port (to attach signal booster antenna)
• Sprint PCS Connection Manager^TM Software
• New chipset that supports increased upload and download speeds
• Backward compatible with all versions of the Sprint Vision and Power Vision networks
• OS Support: Windows Vista, XP, 2000, Mac OS X, Linux
• Express to PC Card Adapter Included
• One Touch Activation! Software is Stored on the Device. No CD Needed.
• Updated User Guides
• Price – $329 (before any discounts)

Novatel Merlin EX720, Express Card

• Express Card – works in Windows laptops and Macbooks
• Rev A Ready
• Broadband-like download speeds where available
• Flip-up antenna and an external port (to attach signal booster antenna)
• Sprint PCS Connection Manager^TM Software
• New chipset that supports increased upload and download speeds
• Backward compatible with all versions of the sprint Vision and Power Vision networks
• OS Support: Windows Vista, XP, 2000, Mac OS X
• Price – $329 (before discounts)

Now, it seems that the only benefit the newer card has (Sierra Wireless 597E for those of you that forgot) is better mac support and a bigger antenna.  While the bigger antenna would probably yield better service (logic speaking) I do not get a lot of dropped zones on my 1.5 hour train ride.  Both cards operate on the same network speeds and both cards are compatible to my laptop.  For those of you that do not have express slots, I would advise you to look into the USB alternatives.  Laptops do not come with PCMIA slots anymore, so investing in that technology would be foolish.  With that said, I do not see any reason to upgrade at the time.

One of the many hats that I do is that I administer the PBX for my company.  This morning, I noticed that I am unable to login to the client piece.  I figured I would go check to see if all the services were running when I noticed that I was not able to verify ANY services.  When I go to the services, I get the following error:

The system encountered the following error while reading the list of services on:

Error 6: The handle is invalid

Now I looked online and noticed that not a lot of information was found on this error.  I found that odd since it is windows 2000 and would figure that all errors would have massive amounts of documentation by now.  Who knew?  What I did find was that a forum requested rebooting.  I have sent a request to reboot the server and we will see if that clears up the error.  Once I find the solution, I will post it.

The newest game on addictinggames.com is Icescape 2.  Here is the review and walkthrough.

http://www.addictinggames.com/icescape2.html

The whole premise of this game is that it’s a puzzle and you get to click around and find stuff and move.  Then you get to this control panel to open the door you can’t get through, and you’re stuck.  You can’t get out, and the game is over.

It looked pretty good, but it’s way too short.

I finally got sick of the damn touchpad on my laptop automatically clicking stuff without my finger even being on the button, so after hunting on Google for phrases like “auto click,” “random click” and “phantom clicking,” I finally figured it out. Synaptics touchpads have a tap-mode “feature” for auto-clicking whenever you tap the touchpad. It’s so sensitive that it’s triggered by casual movement of the mouse. I’d find myself randomly opening up links and selecting half a page of text.

I’ve been able to deduce from various Google hits that there’s an option to turn this off somewhere in Windows’ control panel.

But, like most things in Linux, it takes a little bit more effort.

1. As root (either by logging in as root, or with sudo), open up /etc/X11/xorg.conf with your text editor of choice.

2. Find the section labeled: Section “InputDevice” and within that section, look for Option “MaxTapTime” “180″

That option may have a different time; if so, change it to “0″, and if it’s not there at all, then add it like this: Option “MaxTapTime” “0″

Note: I’m using the synaptics driver (identified by Driver “synaptics”). I don’t know how or even if it’ll work with other drivers.

3. Save the file, and restart X either by logging out the same way you normally do, or by simultaneously hitting Ctrl+Alt+Backspace.

Now you should no longer be able to select things by tapping repeatedly on the touchpad!

Well, it seems that the settings on my security log are a little too high. I log into a computer I just built and it claims the security log is full. I look at it and here is the log information:

Event Type: Success Audit
Event Source: Security
Event Category: Privilege Use
Event ID: 578
Date: 1/25/2008
Time: 4:02:50 PM
User: DOMAIN\KOOPA
Computer: KOOPAPC
Description:
Privileged object operation:
Object Server: EventLog
Object Handle: 14090552
Process ID: 716
Primary User Name: KOOPAPC$
Primary Domain: DOMAIN
Primary Logon ID: (0×0,0x3E7)
Client User Name: KOOPA
Client Domain: DOMAIN
Client Logon ID: (0×0,0x8EAAD)
Privileges: SeSecurityPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Well so I look online to find out what this information means.  This is what I find.

This event indicates that the specified user exercised the user right specified in the Privileges field. To understand Primary and User fields see event 560.

Some user rights are logged by this event – others by 577. Still other, “high-volume” rights are not logged when they are exercised but simply noted as being held by a user at the time th user logs by event 576.

On Windows Server 2000, this event is logged for the “SeSecurityPrivilege” whenever the security log is viewed or cleared because these operations require the use of the “Manage auditing and security log right” (aka SeSecurityPrivilege). For some reason Windows Server 2003, in the same situation, does not log this event. Occurrences for SeTakeOwnershipPrivilege also appear however the object handle can’t be found in any other events in the log so there is no way to identify the object that the “client” user took ownership of. Likewise, Windows Server 2003 does not log this event.

Note: 576, 577 and 578 do not log any activity associated with LogonRights such as the SeNetworkLogonRight.

Do not confuse 576, 577 or 578 with events 608, 609, 620 and 621 which document rights assignment changes as opposed to the exercise of rights which is the purpose of 576, 577 and 578.

Microsoft’s Comments:

These are high volume events, which typically do not contain sufficient information to act upon since they do not describe what operation occurred. 

http://www.ultimatewindowssecurity.com/securitylog/Event.aspx?EventID=578