Sabayon Forensics Available, Thanks

September 2nd, 2010 wolfden Comments off

Sabayon Forensics Gnome x86 DVD is officially on the Sabayon Mirrors in the Daily Folder.  I have also updated the Sabayon Forensics Wiki with direct links to the mirrors that have it currently.  Please keep in mind the purpose of Sabayon Forensics.  I will be updating that wiki as time goes on.

Sabayon Forensics is built off the current daily ISO image of the x86 Gnome DVD.  I’ve removed and add various packages and you can find a package list here to view.  If you have questions or concerns on this particular project, email me at wolfden@sabayon.org.  As far as a KDE version, still working on that.  I finally have a spec file that is working, still need to work out some bugs.

It’s main use is to be ran live and I highly recommend using a flash drive for best performance and versatility.  I did test an install in VirtualBox and it went flawlessly for me.  Once installed you could use it as a rolling release just like the normal x86 Sabayon releases.  The project started out to help me with working on fixing and repairing computer systems.  I have used it several times on various desktops and laptops to fix.  Just last week I had a laptop come in that nobody could remember the password to.  I booted up Sabayon Forensics and with chntpw I was able to just remove the current password and enable the hidden Administrator account.  5 minutes I was done and able to boot into the windows desktop again.  I carry it around on my 4GB flash drive so I’m always ready to go with it.

I acknowledged Fabio and Joost for Thanks.  Joost provided some neat work arounds/howtos and Fabio helped me more with the technical things, like getting my local cache working and setting it up for the mirrors.  I am thankful for getting to work with those two.  We have our ups and downs, but that is normal.  The entire Sabayon Crew is very dedicated and we are doing our best with what we have to work with.  Thanks to all the donations and community that has helped make Sabayon grow.  I remember when we were struggling to even get the ISOs to a server for download, now we have a small mirrors page growing.

Thanks to everyone that is doing their thing, please continue doing what you are doing.

Categories: Development Tags:

A Sabayon GNOME Shell spin?

September 1st, 2010 lxnay Comments off

Flash blogging, that is.

Straight, simple, question: how many people would like to try out a GNOME Shell Live distro?

They say that’s the next-big-thing(tm). Do you agree?


Categories: Uncategorized Tags:

Back!

September 1st, 2010 lxnay Comments off

I’m officially back from my 2 weeks vacation.
As usual, bad things happen only when you are on holiday. A customer got a UDP flood (Fraggle) attack and I spent several days doing security auditing and studying tcpdump dumps.

Anyway, there are a lot of things boiling  in my pot, some I’ll start blogging about in the next days, others are expected to be ready to be eaten before the end of September: Sabayon 5.4, Entropy improvements, Molecule features.

While the Sabayon project is constantly looking for new developers and people joining our devel mailing list, I am at the same time looking for new customers!


Categories: Uncategorized Tags:

Google Talk Plugin

August 26th, 2010 wolfden Comments off

Google Blog announced the make a phone call from gmail yesterday.  It’s google so it has to be good right?  Getting it working can be the fun part tho.  There appears to be two ebuilds out there that one can try.  Gentoo Bugzilla 333769 has a 9999 version and cj-overlay has 1.4.1.0 version to try.  If we follow Sabayon wiki article for 3rd Party ebuilds we can get it installed in no time.

As root:

We need to sync with portage and this will take some time to do.  Enjoy a nice spot of tea or something while it runs:

  • emerge –sync

or you can do some needed edits to the /etc/make.conf file, user your favorite editor as root:

  • edit /etc/make.conf
  • add line: PORTDIR_OVERLAY=”/usr/local/portage”
  • uncomment: ACCEPT_LICENSE=”*”

the License thing isn’t necessary, but while you are there, might as well

Lets make our directory into our local overlay that you just put into the make.conf file:

  • mkdir -p /usr/local/portage/www-plugins/google-talkplugin/

lets change to the directory to keep things simple:

  • cd /usr/local/portage/www-plugins/google-talkplugin/

lets get the file now:

now we need to digest it so we can install it:

  • ebuild google-talkplugin-9999.ebuild digest

Once your emerge –sync is done you can get busy installing, but lets do this the proper way to mix it with entropy system.

  • emerge google-talkplugin -av
  • Calculating dependencies… done!
    [ebuild N ] media-gfx/nvidia-cg-toolkit-2.1.0017 13,410 kB [0]
    [ebuild N ] www-plugins/google-talkplugin-9999 0 kB [1]
    Would you like to merge these packages? [Yes/No] No

We want to select No cause we don’t want portage to install any more than it has to, so lets use entropy to install the deps.

  • equo install media-gfx/nvidia-cg-toolkit

Lets double check now:

  • emerge google-talkplugin -av
  • Calculating dependencies… done!
    [ebuild N ] www-plugins/google-talkplugin-9999 0 kB [1]
    Would you like to merge these packages? [Yes/No] Yes

Now, we can select Yes and soon we see – Recording www-plugins/google-talkplugin in “world” favorites file…   Pretty painless huh?  So now we need to make entropy find it.

  • equo rescue spmsync
    >> Scanning Source Package Manager and Entropy databases for differences…
    >> Differential Scan…Are you ready ? [Yes/No] Yes

Yes we are ready.

  • >> @@ Someone added these packages. They would be added to the system database:
    >> # www-plugins/google-talkplugin-9999
    >> ++ (1/1) >>> Adding www-plugins/google-talkplugin-9999
    >> @@ Database update completed.

Thanks!

Now you may see portage and entropy complaining about some config files needing updating.

  • equo conf update
    Your choice (type a number and press enter): -9

Use -9 to just dump and get rid of them so you will never be bothered by them again.

Open up your browser and see if the plugin is there.  In firefox and chrome use the url and enter in  about:plugins to see and you should hopefully see something like:

  • Google Talk Plugin Video AcceleratorFile: libnpgtpo3dautoplugin.so
    Version:
    Google Talk Plugin Video Accelerator version:0.1.43.3

Now, even tho my browser sees it, google still said I still needed the plugin.  Apparently a known issue and is hitting people.  Well I switched out the ebuild in this how to for the one in cj-overlay 1.4.1.0 version, digested and emerged it and it worked just fine.  I did this on the Sabayon KDE 5.3 x86 version and got it to work with 1.4.1.0 version.  Which one will work for you?  I dunno, the guy that created the 9999 version claims it works on x86_64, but wasn’t sure about x86.  I haven’t had time to try it out on a 64 bit version of Sabayon yet.  So your mileage may vary, but at least this should get you 99.95% there.

So what did we accomplish here.  We used a supported method to install a package that is not yet in entropy.  We safely mixed portage and entropy.  We have a working google talkplugin.  I can’t be for certain when it will be in entropy, probably once they get a stable ebuild, but it’s already been request on the Sabayon Bugzilla for the entropy team to take a look at, so no need to go requesting it.

Happy Chatting!

Categories: Development Tags:

Performance vs Readability: the biggest dilemma

August 19th, 2010 lxnay Comments off

Let’s say you want to start a FLOSS project.
How many people did that up to now? Many.
But there is a problem, or better, a conflict of goals.

In one hand, you have the need of making your code fast enough. Which task is even more complex if you are using an interpreted language (for reasons out of the scope of this blog post). On the other hand (:D) there is the very important requirement of keeping your code human readable.
Languages, in general, have several “syntax levels” basing on developer’s skills. Newbies tend to stick to what is the standard way of writing, say, a for loop, while more skilled people are able to exploit all the potential of the language by using very exotic “code constructs”. Again, I don’t want to get into any particular language here, I just want to explain the trade-off that a developer, especially a FLOSS one has to accept when writing software.

It’s obvious that the two things, performance and readability, don’t play nice together. And the former, causes wannabe-developers to have hard times understanding how a particular function works. The worst case here is that the same developers will give up ahead of time. This is one of the reasons why the faster and more complex a codebase is, the harder is to start contributing to it.

There are two reasons that bring developer to choose performance over readability anyway: the former brings them an orgasming sensation of owning the whole World. And writing obfuscated code is just another way to tell the world how c00l someone is (l33t). Unfortunately, most of the times people doing that are right. Because it’s the only way to get applications working without annoying users with high wait times.

“In a perfect world, there wouldn’t be no need for caching”. Myself.

Yes, caching is a perfect example of the trade off between readability and performance. Caching a particular data retrieval code, increases its complexity, by the need of validating, tainting, generating, removing, (etc), cached data.


Categories: Uncategorized Tags:

Why do FLOSS developers keep ranting?

August 16th, 2010 lxnay Comments off

I have a theory, listen carefully.
A theory about why FLOSS sometimes sucks so bad.
Keep reading.

Many of us do FLOSS coding for the ultimate glory of just doing it. Learning, filling empty days with something to do or simply because we need to feel important for somebody else (I’m pointing the finger to you, behated [my opposite of beloved] library developers).
A rainy Sunday is still a rainy Sunday, and most of us find the couch and afternoon naps quite boring.

Here comes the problem. Developer Joe has a boring afternoon to fill, so he starts thinking about how to improve the API of his library that, accidentally, hundred of thousands users are happily using and find fine as it is.

He starts coding and messing with it and, since he’s a free mind, he doesn’t have to respect any API deprecation rules that most companies (for example) have in place for morons like him. Of course, there is no roadmap, Joe just woke up in the morning and decided to change everything. He also has the excuse that he’s not paid and doesn’t give a fuck about supporting users. He just wants to show how good he can be writing code (hoping to get hired by Google, IBM or Oracle — thank god the guy [Developer Joe is a creation of mine] knows ubuntards and doesn’t expect Canonical to hire him after a mission-impossible phone interview where the hardest task was trying to figure out what the interviewer was about to say).

So, it happens that a small change in the API, causes a small change in the ABI, that eventually, causes its shared object name to get bumped from libjoe.so.1 to libjoe.so.2. The little tiny small invisible change Joe did, for sake of speed and architectural cleanliness (OF COURSE! IT HAD TO BE DONE (sarcasm)) breaks other 35 applications and in general around 425 shared objects that were linking against it, requiring their developers to understand what Joe did, voiding all the testing their applications got until now and eventually+hopefully making the program working again with the new libjoe, spending the next two weekends (oh, they don’t have anything else to do, too).

It’s a perverse game that will never stop.

What’s the moral? Unknown people will indirectly break your application someday, and it’s not a security flaw, it’s just because they were getting bored.
Any solution? Yes, don’t use lame fuck people’s libraries.


Categories: Uncategorized Tags:

WGO Gets a New Home – Update Bookmarks

August 16th, 2010 wolfden Comments off

I finally decided to consolidate my web hosts down to one instead of 3. I had moved all my other sites and wgo was my last one to move and gave me the most problems. I’m not really sure why, but once I was able to get into the admin panel I did the automatic reinstall via the web and it seems good now. My guess, some where between ftping down and up something didn’t go well.  So the new url is http://wolf911.us/wgo/ I already updated the feedburner rss, so it should be getting all updates.

I’ve also been working hard on a mini wiki for Sabayon Forensics and getting that ready.  Fabio is getting it set up so our build server will have the spec file and will build the isos and kick it out to the mirrors for download.  I’m still trying to figure out when and what on it.  I think I will only kick out a new release as a new kernel comes out.  I need to update it to 2.6.35 now that the dailys on the build server have been migrated to 2.6.35.  Than I should be good to 2.6.36.  I only have the gnome version done and I took a look at doing a KDE one, but having some serious doubts about doing it as the file size is getting heavy.  I’ll see and take a closer look at it when I get out of vacation mode.  So far my vacation has been nothing but fixing and working on computers, need to get out and have some fun.

I will post update when Sabayon Forensics hits the mirrors.  I first need to catch up to Fabio who is also in vacation mode, but first some fun.

Have fun!

Categories: Development Tags:

The worst code snippet I’ve ever seen

August 15th, 2010 lxnay Comments off

People working with me, know how much I do truly stress in regards to code quality.
Ok, it’s not the worst, I don’t even remember what the worst was, but I recall a lot of time-variant bugs caused by issues like the one in the snippet below. Problems like this can really upset you, but let’s start from the beginning, here’s the snippet (sorry for the pic, but wordpress is a pita — also see my devil mouse pointer in action).

Oh Good Lord! I spent 10 minutes wondering from where I should start discussing this code. I decided to start from the most visible issues. This code almost breaks any coder rule and looks like shit. I won’t tell you from where I took it, but trust me, it’s code that has been used for some time somewhere.
First of all: the scope of the code (“hey, it’s alpha software! we know it”) DOES NOT justify you at all! This code is clearly shit, warm and soft cow dung I’d say!

Issue 1: catching a base exception class just because you don’t know what your code could do means that you don’t know what you are doing. To write reliable code, you need to make your code crash! Or force it to work outside your mindset-boundaries. If things can go wrong, they will go wrong. Costs of maintaining such code will grow with the time and with the amount of functions using your library. What happens if at some point, results stops to be a list of lists (or tuples) [(1,2,3), (4,5,6)]? You will never know that, because the IndexError exception is going to be caught by the generic “except:” statement you wrote.
There are only two exceptions to this rule:
  1. If you want to catch any exception, then execute some logging function and eventually raise (throw) the exception that you are handling. In case you cannot use the “finally” statement.
  2. If the library you’re using sucks. It happens with some standard Python modules, like xml.doc.minidom. I had to use that utterly broken way of coding too, but under very controlled circumstances.

Issue 2: the code between try/except statements is too long. You may think I’m still talking about “Issue 1″ but I’m not. In general, you should not try to handle a lot of code inside it. For the reason that code mutates over time, requirements change, architecture changes and you could end up stuffing more code inside it and cannot afford to try to reduce the exposure to a particular exception, that should always handle a very specific case. Besides, using a lot of code inside try/finally while making sure to free resources in any case (file objects/descriptors and other critical things like file or thread locks) often due to security requirements is generally accepted (ehehe, at least by me).

Issue 3/4/5/infinite: it’s clear that the guy has no Python knowledge nor he/she spent time reading some Python books or the library documentation in regards to dictionaries. The second for statement could be one-lined by writing: ready = items.values() — or, with Python 3.x: ready = list(items.values()).
Playing with list indexes off lists not directly generated from the very same code snippet is just looking for troubles. An IndexError can accidentally happen and in the case above, nobody will notice it.
There are many other mistakes in that code, and I am frankly bored of talking about it. I spent one year trying to educate people I was working with about such errors, It’s just like somebody doesn’t know how C strlen() or strncpy() works in certain, corner-case circumstances (like omitting the final 0×00 [blame WordPress] if the buffer is not big enough, etc).
Hoping to have educated at least today.

Categories: Uncategorized Tags:

Vacation!

August 13th, 2010 lxnay Comments off

Hello world, I’m officially on vacation till the end of the month. After a year of non-stop work, rants and “OMG-when-I’ll-be-on-vacation”, I can now take a break, spend more time reading my beloved books (currently: Understanding the Linux Kernel && GNU Make both from O’Reilly) sleeping in the afternoon, watching movies, eating pizza and spaghetti and making cookies.

It seems that my previous blog post caught the interest of many readers, so I’ll try to continue to blog about coding quality and best practices and, consequently about QA in software engineering. Please don’t take what I write personally, I have a strong sense of homour (humor — for American readers) after all.

At the same time, I kindly ask people emailing me to be patient, I’ll answer you in 48/72 hours, and not immediately, during my vacation. This is vacation DAY 0, and it’s rainy outside, yay! (/sarcasm)


Categories: Uncategorized Tags:

Kernel Upgrade Refresher

August 10th, 2010 wolfden Comments off

Here we go again with a new kernel and people are simply forgetting that you also need to update your modules/drivers once you pull a new kernel.   Please refer to Sabayon wiki on understanding upgrading before you drive the support staff to raging alcoholics.

A quick and easy command to issue is:

# equo update && equo install linux-sabayon && equo world

Reboot to new kernel.

What does that do?  It will update your repository, install a new kernel if one is available and than it will install the modules/drivers  that fit your new kernel.  A kernel should never be automatically pulled, if it does, file a bug on our bugzilla immediately.  It will also update your grub.cfg file and add the new kernel.  So if you are one that is editing /boot/grub/grub.cfg by hand, make a back up of that file so you can edit and restore it.  It doesn’t hurt to make a back up of it anyway just incase.  Grub2 is about as stable as an active volcano near a plate line.

# mv /boot/grub/grub.cfg   /boot/grub/grub.cfg.backup

Now you have a file called grub.cfg.backup to always refer to.

Please pass this info on to all your buddies, help save the support crew.

Categories: Development Tags: