This article will try to provide a contrast between ‘the Debian way’ and ‘the Slackware way’ when it comes to distribution management. The idea is to really attempt to illuminate people on why Debian, and many other distributions may not be ideal, and why a classic approach such as Slackware still has merit in this world of modern feature-crazy distributions.

I start this article knowing full well that it will offend people, even so, I think this needs to be said.

Now, for some background, I started using Linux sometime in 2000, my first distribution was Mandrake 7.0, and I eventually switched to Slackware 7.1 in order to try and accelerate my learning curve by forcing myself to use a more ‘pure’ environment, this worked fairly well. In the first year, my knowledge of the various modular components and how they fit together grew rapidly. At some point in 2004 I believe, I started using Gentoo on my laptop, and it quickly became one of my favorites. Several months ago, I realized I no longer wanted to spend valuable time waiting for various software packages to compile, I also grew very frustrated with their masking ‘feature’, and decided it would be time to look elsewhere.

And here finally, is the crux (no pun intended) of the story. Out of all the options out there, I figured my best bet would be Debian; after all, if there is one distribution that could be considered a ‘flagship’ of the Linux community, it would have to be Debian. Furthermore I liked the idea that like Gentoo, the base system came in a minimal configuration, and you added packages as you need them. Of course, because of various factors, I didn’t get the chance to do my migration right away, and it ended up being put off for a few months.

Then one day, while googling around for some info on XULRunner, I stumbled upon Mike Hearn’s blog, where he was discussing Debian’s controversial method of forking software; it is old news, but still important to evaluate I believe. I have to say that this shocked me immensely. Despite not using the distribution yet, and therefore not being a ‘fan’ per se, I held a lot of respect for the project and it’s leaders, for fighting the good fight and standing strong when it came to software freedom. The notion that Debian could do any evil was alien to even a non-user like me. I read on and I found myself agreeing with Mike on pretty much all his points. I googled for more details on this controversy and discovered this which explains some more details about the whole incident. As near as I can see, the Debian maintainers feel that Mozilla’s linking strategy is not ‘unixy’ enough, and have decided to ‘correct’ that by changing the way the software functions on their distribution. This has the potential of breaking compatibility as noted by both Mike and Benjamin. And I would add that this is just a total slap in the face to the hard work of the Mozilla developers. Bottom line is, if you want to get all patch-happy on some piece of software, then change the name; the upstream developers do not deserve to suffer all sorts of support headaches simply because you decided to do your own thing.

The fun doesn’t stop there however. On May 13th, one of the most severe and critical security problems in years was discovered in Debian’s version of OpenSSL, and this problem affects Debian forks as well such as Ubuntu, Mint, DreamLinux (unconfirmed) and MEPIS. All of those are in the top 10 of DistroWatch as I write this (with Ubuntu in 1st place), except for MEPIS which is #12. The issue arose because once again, one of the Debian package maintainers decided to go their own way without including upstream developers in the process. The short of it is that Valgrind, a well known memory debugger, was coming up with “uninitialized data” warnings in code linked to OpenSSL. This apparently is a well known issue, and there have been discussions about why the issue comes up and what to do about it. It is related to the fact that Valgrind and IBM’s Rational Purify usually view “uninitialized data” as a bad thing, when in the case of a random number generator, it is actually necessary.

The Debian ‘patch’ essentially removes the ability for OpenSSL to generate random numbers properly, the result of which causes keys generated with OpenSSL on Debian (and it’s derivatives) to be extremely easy to guess in a short amount of time using an amateurish brute-force attack. Worse yet, this Debian ‘maintainer’ didn’t alert upstream developers to his ‘patch’ and therefore the problem went uncaught for years and has now put many unsuspecting users at risk.

I may not be a developer, but even I can see the absolute stupidity behind the OpenSSL debacle. And it is all because of their absolute refusal to respect the wishes of upstream developers regarding their software. This is nothing new of course; distributions have been doing this sort of bullshit for years. I recall back in the day when Red Hat ended up shipping a CVS version of GCC known as “GCC 2.96″, which broke compilation with many packages, the official stable GCC release at the time was 2.95.3, and this newer 2.96 version was actually a development snapshot for the upcoming 3.x releases. Then there was the whole controversy with various distributions shipping broken copies of MPlayer due to patent fears; SuSE and Debian (yep, them again) were two notable offenders as I recall.

Essentially, for whatever reason, some distributors seem to think that their Linux distribution is a proper place to dump all their dirty hacks and patches, and to completely spit at the hard work that upstream developers put into their stable releases. It is heartbreaking to see the community in this sort of uncooperative state.

Many years ago I read an opinion article titled “Does Slackware still matter?“, I remember being pretty miffed about the whole thing, but at the same time I couldn’t really produce a comeback. Over the years of course I’ve gained more insight into these matters, and I can now definitively say that, YES, it matters perhaps more than any distribution currently out there.

Patrick Volkerding started Slackware back in 1993, and the first release came on July 16th of that year. Originally not intended to be a serious project, it eventually grew, and exists to this day as the longest living Linux distribution ever. The philosophy behind the project very much obeys the “Keep It Simple, Stupid” philosophy, or KISS for short. The idea is that the system should shy away from over-reaching complexity and abstraction layers, and instead keep things clean. In following this philosophy, most of Slackware’s packages are often sparsely modified compared to their upstream counterparts, and given that this is a one-man project, it would be pretty difficult to go around patching everything and then having even more testing to deal with. There are some exceptions I would imagine, perhaps some security issues and so on; also, back when the Gnome environment came standard, Patrick would often have to clean up after the upstream Gnome, and make sure it doesn’t essentially ‘take over’ the system.

I truly believe that the Slackware way of distributing, is the right way, with minimal changes from upstream, and very few abstraction layers for configuration (bash scripts like netconfig are all that come to mind), as well as an easy to work with BSD init script set up, it is easy to see that Slackware does not ‘hide’ the system from you like many others do.

I mean let’s be clear, when you use Gentoo, with it’s bizarre init and config system, you don’t learn Linux so much as you learn ‘Gentoo’, and when you use SUSE, you don’t learn Linux so much as you’re just learning ‘SUSE’, and so on with every distribution. Now of course I may be exaggerating; after all there are more similarities than differences, and truly, experienced Linux users can easily pick up another distro and understand what’s going on. Besides, often many of the ‘default’ usual configuration files will point you in the right direction, like when editing resolv.conf on Gentoo, a note will mention how you have to add your DNS servers in /etc/conf.d/net instead. Even so, it does mean that there are serious challenges in administering many boxes with different distributions.

Of course, the first natural riposte to my article will probably be “are you against freedom of choice or something?”, and the answer to that question is no, I am not. I fully understand that everyone has the freedom to do things their own way, and of course, to the “Windows user” that joins the Linux community through Ubuntu, they probably don’t care whether resolv.conf is edited directly or whether there is some abstraction layer; but to people who want to learn system administration, it can be a pain in the ass to move between distributions if you haven’t learned how the system really works behind all the abstraction. And of course, it is a slippery slope; there are configuration hacks/abstractions, and then there are actual source code patches that change the behavior of the program in question; and we can see that this patch-happy attitude can often have some serious repercussions, like in the Debian OpenSSL case. If anything, I am not suggesting we all become robots and obey one standard ‘method’ of doing things, however I think there needs to be a more conservative attitude when it comes to breaking consistency with upstream. Let us remember that upstream projects develop the applications, and distributions are supposed to distribute.

To conclude and sum this up, when I download a package from a distribution’s repository, I think it is not unreasonable to expect the package to be the same as the one I would download from the upstream maintainer’s website. If it isn’t, then there isn’t really much of a point to pitching the idea of online package repositories as an alternative to traditional methods of software distribution. I think Mike Hearn’s example of a distribution mirror altering a package is a very good example, because in such a scenario, many individuals would be outraged and angry, and yet Linux distributions get away with this kind of thing all the time.

And that is pretty much all I have to say about that.

P.S.: As I said when starting out, I know some folks will be offended by this, and I know how articles and posts like this can easily cause flame wars, I hope there are no hard feelings. Also, it seems that one of the first instincts when reading an article like this is for people to question the author’s competency and so on, I hope you can manage to keep it civilized despite any disagreements you may have with my opinion.

For those not aware, there are other emulators out there for the Nintendo 64 apart from Project64, however nearly all of them have been left out in the dust. Over the years many other projects have gotten little attention. This isn’t a big tragedy apart from the fact that Project64 is closed-source, and win32-only (although it does run well in Wine).

The only F/OSS emulator for N64 had always been Mupen64, which was often criticized for being quite a bit less mature than Project64 and some others. In any case, it was in development so we all figured it would ‘get there’ eventually… Until 2005 shortly after the release of version 0.5.1 (win32), when the project just froze. Then 2006 came and went, then 2007… And seemingly no progress was being made. It was a sad state of affairs because Mupen64 was essentially the only hope for Linux users to have a native N64 emulator for their platform.

Now, finally. After a few years, a new team has come together to work on the Mupen64 codebase, they have dubbed their project “Mupen64Plus” (a little generic if you ask me), and they’re hard at work, hacking away. From the little research I’ve done, it would seem the leader (Richard42) of this new project was a long-time contributor to Mupen64, and the original head of the Mupen64 project (Hacktarux) was planning on adding some of Richard’s new work back to the original project. I’m not sure if this merge happened or not, but it seems that on the Mupen64 homepage, the last version is still 0.5.1 for Windows and 0.5 for Linux. So who knows what happened.

I’ve been hanging out in the IRC channel for the new project for a few days now, it’s more of a developer channel, so I’m a bit out of place, even so, I like hanging out, I figure maybe I’ll learn a thing or two from the masters. :)

It seems everything is well underway. Their homepage already has a release, version 1.3, which worked pretty well for me barring a few issues. This is obviously only an initial release, so don’t expect it to be light-years ahead of the original Mupen64, but with time it could evolve to be the best out there. If you have any problems with this release, make sure you file a bug report in the “Issues” section of that page (I filed one for Ogre Battle the other day), developers need info on problems to be able to fix them, and if you’re not a developer, this is the best way to help. Make sure your report is detailed, provide the md5 hash for the rom you’re using, and list which plugins you were using. Trying different settings on the plugins and seeing if there are different results, and adding this info to your bug report(s) can go a long way towards helping along with debugging.

So now we mere mortals can only wait and see how this unfolds, but it definitely looks very promising. A big thank you to all the individuals working on this fork, and keep up the good work. The N64 and Emu fans of the world are all rooting for you! (I’m such a ham…)

A note on closed-source emulators:

I must say I’ll never understand the concept behind the “closed-source emulator”. After all, the philosophy behind the emulation community at large is to make sure that old classic games do not become forgotten or die off just because a console is no longer in widespread use. After all you can only have so many game systems hooked up in your living room at once, and a lot of these old games can often be more fun then many newer titles. To me, a closed-source project is always more vulnerable for many reasons, not only does it not benefit from the open-source “with enough eyes, all bugs are shallow” philosophy, but I would imagine that a closed codebase is easier to attack if you’re a company. Think about UltraHLE and Bleem! back in the day, if they had been Open Source, it would’ve been impossible to stop the code from spreading and evolving. Neither Nintendo nor Sony would have any legal recourse to stop individuals from hacking on the code. If preserving the classics, and making sure they can run on modern platforms is your goal, then opening the code under an OSI-compliant license is the only realistic option to achieve that goal, otherwise companies do have the power to stop you if they choose.

I have to say, I really didn’t expect this kind of traffic for my humble little post about the Valve Source engine possibly coming to Linux, especially given that I reported on it a week or two after Phoronix! And seriously, 1500+ diggs, wow.

In any case, that aside, something has been bugging me, and as usual, I can’t just let it go.

Some individuals have been referencing my post, only to be shot down by people claiming my 3rd point is invalid because EA supposedly handled the PS3 port work. I have to say, nice detective work. I haven’t kept up with console release news recently, so I missed the story about EA having done the port.

However… This is completely irrelevant regarding my point. Sure, in the article I imply that Valve did it, ok, so substitute Valve for “EA”, the important point is that the code EXISTS. Somewhere, somehow, there is a version of the Source Engine out there that is powered by OpenGL. Furthermore, I would be willing to bet that the OpenGL work, at the very least, is all Valve’s, and that EA only did the PS3-specific bits.

Why do I say something so speculative? Because when the HL2 source code was leaked years ago, the engine used OpenGL as a backend. Now we all know that the HL1 engine was based on Quake1, and that the Source Engine was developed from scratch specifically for HL2, but it’s possible the general engine components were done first, and the rendering backend last, so maybe this OpenGL code from the leaked version was actually an evolution of the HL1 rendering backend, who knows?

Of course, when you factor in the Postal III port, everything more or less falls into place, and you start to get a picture of what’s going on, Valve has to have their own OpenGL somewhere, because I just can’t see a dev house like RWS or Akella writing an entire rendering backend on their own, if they were going to go through that trouble they would’ve been better off using an engine that fit their needs better.

Now I hope this settles the issue. Keep in mind that my post wasn’t designed to be authoritative on the issue, I am merely looking at the various clues, and drawing certain conclusions from them. If I am wrong, and there isn’t a Linux port, well, the points stand up on their own, in the end all it will mean is that Valve completely wasted some source code that they already had in their hands, for whatever reason.

Anyways, that’s it for me. Until next time, take care of yourselves, and each other. :)

Doing randomness over the internet I stubled along these Parody Commercials procuded by novell. A lot of my Linux friends (Like Azalyn and RJ who write for this blog) have made several jokes about including linux into the mix of these commercials. It looks like Novell beat them to the punch…

PS: Linux is HOT!

PS: Linux is hotter in the jacket…

EDIT: I respond to the ‘EA wrote the PS3 Orange Box port’ comments here.

I’ve been meaning to write this post for awhile. It’s old news by now I’m sure, Phoronix first posted their story here on May 7th. But regardless…

I’m not sure what else I can add that the Phoronix article didn’t cover. However it seems some people are dismissing this as just a baseless rumor and no one seems optimistic about the possibility of it actually happening. So I’ll list the three main points here.

1. Valve puts up a job posting asking for a “Senior Software Engineer”, with one of the responsibilities being to “Port Windows-based games to the Linux platform”.

2. An upcoming game, Postal III is slated to have Windows, Mac and Linux ports. This game is designed using the Valve Source Engine. This is probably one of the strongest points, how are they going to make a Mac and Linux port without OpenGL? Clearly something is afoot. ;)

3. The Orange Box was released on the Playstation 3, a system that isn’t known to have any viable Direct3D/DirectX API implementations, on the contrary, it uses an OpenGL ES derivative and some other libraries standardized by the Khronos Group. It also uses Nvidia’s Cg shader language, which is also cross-platform (yes, works on ATI too). This means that either Valve already ported their game engine to OpenGL, or they are using an emulation layer such as Wine. Transgaming has been known to license their Cedega (Wine derivative) backend to console game developers, they did so for The Sims on the PS2 and some others too I believe. This by the way is not mentioned on the Phoronix article, and I’m not aware of any other site that has mentioned this (which is what makes my article unique I suppose).

Bonus! :)

4. Steam represents a unique opportunity for Valve, you see many who use Linux are often known to be more technically skilled than the average user, it is possible that game companies have known for a long time that there were many potential customers on Linux, but that they figured piracy would lower sales down too far, unlike on Windows where there is a huge majority of clueless users who may not even know how to pirate something, most Linux users are adept enough to do far more. This concern if it exists, is all but completely eliminated with Steam. Valve could also make a lot of money selling download statistics and usage data to other companies.

Phoronix also suggests that the UT3 Linux client delay could be related to this given that Epic has recently started offering their games through Steam. The implication seems to be that maybe Epic wishes to launch the Linux client through Steam, if this were the case, then Ryan Gordon would definitely be correct when he said “If I told you what the specific problem is, you wouldn’t believe me” during an interview at LinuxHardware.org. Can you imagine?:

“Yeah, it’s being delayed because of Steam”
“oh.. ok… .. wait.. — WHAT?”

In any case, we’ll have to wait patiently for more news. Personally I think the three first points are probably the strongest indications that this may happen. At the very least, it seems there is already, or will be an officially-maintained OpenGL backend for the Source Engine. Whether this translates into a Linux/Mac port remains to be seen. I mention the Mac too now because if they do a Linux port, it is doubtful they will not also release a Mac version, it is essentially as simple as a recompile to take a unix/posix/opengl/sdl application between Linux and Mac. Anyways, until next time. ;)

The other day a coworker of mine was trying to test if he could access an RDP server on our network, we started by pinging it to see if it was live. My computer is a laptop that runs Linux, but we happened to have a Windows XP machine nearby which I was setting up for someone else. So we used that to test if RDP itself worked. It occurred to me that RDP is used pretty often by people on our network, and that it might be handy to be able to access RDP servers from my laptop in case I ever needed to. After a bit of googling I found rdesktop: http://www.rdesktop.org/

I recall finding this once before, but back then I didn’t feel I needed it. In any case, on most Linux distributions, installing a new application is as simple as one command:

apt-get install rdesktop
yum install rdesktop

…or in my case:

emerge rdesktop

Which compiled/installed the package for me. Emerge is a Gentoo Linux utility, not all distributions require compiling, the two other commands I listed before are on Debian/Ubuntu and RedHat/Fedora respectively, and install binary packages as opposed to compiling.

After that, I simply typed “rdesktop n.n.n.n” where “n.n.n.n” is the IP address of the server we were test-connecting to earlier, and it worked fine. Of course I didn’t have the password for that machine.

Today, Koopa gave me an address so I could try it out a bit more extensively, I connected to it, logged in, and began playing around. It seemed to work fairly reliably, I was able to open several applications and check various server logs, I even opened up IE and browsed around just for the sake of testing. The last thing I did, which I considered the ultimate test, was to see if I could copy text from the RDP session and paste it into my local Linux machine. The first time I tried it didn’t work, but I believe this was just because of Linux’s sometimes random clipboard behavior, I tried it later and it worked great.

All in all I have to say that this is a great solution for anyone who works at a primarily Windows company, but wants to run Linux on their desktop. I’m sure many of you already are aware about Samba which will let you use windows file and printer shares. And if you need to access Exchange/AD stuff, there is the Ximiam Evolution email client which is comparable to Outlook in it’s features and compatibility with microsoft protocols.

As a bonus, a bit of googling reveals that there is also an RDP server for Linux which I have to say surprised me, especially given that the protocol was designed specifically for Windows and integrates a bit more deeply with the Windows system than say… VNC. The server is named Xrdp, and it is available here. As the screenshots show, it seems to work pretty well, despite having an ugly login screen. I think that the login screen is likely a result of some strange details in the RDP protocol, my guess is that the screen that is normally presented to windows users via RDP isn’t exactly the same one they see when logging on locally, and even if it is, it’s likely deeply integrated with the RDP protocol, so they probably had no choice but to write one from scratch for Xrdp directly on top of X11, which isn’t a bad thing, it doesn’t affect functionality.

If I ever have some time I might try setting up a Linux server at home that uses Xrdp, and I’ll make a more detailed post about it. For now, I’m signing off. Later everyone, and happy remote-computing. :)