Archive | 2007

SELinux Modules

Dan Walsh of Red Hat talks about SETroubleshooter that translates the gobbledegook error messages from SELinux and better explain what the issues are. Tool audit2allow generates the SELinux macro language (audit2allow’s been around for a while). audit2allwo -M builds a module and prompts the user the commands needed to incorporate it: a te file for type enforcement, a pp ‘policy package’ that contains the policy and a compiler that generates a .mod file.

Package selinux-policy-devel provides the tools to generate a new policy that can confine an application . Policygentool takes a ModuleNane and an Executable as parameters. Dan used the smart card daemon as an example. He used the tool and generated a basic template, started the service, viewed the logs, added in the policies needed to support the behaviors of the tool and re-generated the module. “Lather, rinse, repeat.”

There’s a package on the FC6 called policycoreutils-gui which I think is called system-configure-selinux (Dan didn’t have it installed) that will let you do much of this without working from the command windows.

Tag: fudconboston2007


Bryan Clark shows how Mugshot is linked to digg and and his blog and picasa and flickr and google video and yahoo video and… whew! Live client for Linux and Windows. See what your friends are doing, posting, reading, playing music. Mugshot can be the overarching links of IM, email, digg, and more. With a centralized server, you could open a VM on a foreign machine and have it bring down your web presence environment. Primarily they are working on client. Server is open sourced, but not well documented. They are supporting 5000 users on two boxes and believe they can scale. Sarbannes-Oxley and other regs would require a lot of corporate users to work on something inside their firewall or with auditing. Will be interesting to see how it grows.

Tag: fudconboston2007

Fedora Core Release Engineering

Jessie Keating, F13 (’cause his keyboard goes up to 13). Fedora Release Engineering. Very open topic – how its done, how he’d like to get it done. New build system trying to get open-sourced from RedHat, replacing Plague.

His job: marshall package collection and keep them working. “DistFC7” is a package collection of everything in FC6 plus Extras. “Rawhide” nightly build. Regularly, create a freeze. Tags are fairly inexpensive, so “F7Test1” is easy to apply. Spin off freeze, run intensive tests on that tag. Different “spins” or collections of tests are done for each frozen tag: desktop, server, KDE “spins” are coordinated by Jessie. Questions remain on how to triage failed builds – what qualifies as a showstopper.

Pungi” builds a distribution from a manifest, based on multiple languages and architectures. Reads from core repositories, extras, locals, finds the “best” module, resolves all of the dependencies to build a tree of source. Hands off the anaconda tools, build-install, that actually creates images. Next step involves sorting the many package dependencies to create a package order that would allow install from CD1, CD2, CD3. There’s a magic XML file called “comps” that is a combination of experience, black magic and wild guesses. Then, making ISO file systems requires its own black magic as there are a lot of obscure flags that differ depending on the target of i386, PPC, 64-bit and so forth.

Needed: post-build validation before handing things off to QA. Bloat is an issue: a 9-CD, 2DVD distro is hostile, expecially to bandwidth-expensive. Would like to create some different images that don’t include the kitchen sink: “desktop” that’s a browser, chat, email, etc. “server” is a base set plus a set of optional servers. “KDE” spin. Would like to be able to add additional recipies, like an “Eclipse” spin that has a fully-configured install with all the dev tools ready to go. Need help with fine-tuning the manifest. Sorting through the (many bizarrely-named) hardware packages. Need help with “comps” – how to overlay the different issues of dependencies and choices, mandatory, default and priorites.

I never knew how sausage was made 😉

Oh, and then there’s the issue of updates…

Tag: fudconboston2007

I’m Blogging This…

Live from FUDCon Boston 2007 at Boston University’s Photonics Center. Wifi provided by the Fedora group, beautiful facilities. The Unconference format got presenters to do a 2-minute elevator pitch for their sessions. We took a break and voted on the sessions we wanted to attend, and the organizers shuffled the large and small rooms and time slots and I’m sitting in the first sesion on Mugshot.

Got to see a neat piece of hardware presented by an foaf as we got coffee. The Pepper Pad is a lightweight Linux-based, AMD Geode-based handheld Etch-A-Sketch sized device with full video capabilities, wireless networking, USB, and lots of features. It’s based off Fedora Core 4 with their own yum repositories. Nice form factor, major cuteness factor.

Tag: fudconboston2007

Livingston: Upgrade Vista with Vista

In Brian Livingston’s “Windows Secrets” newsletter, Brian writes, “Windows Vista, in my opinion, is a big improvement over Windows XP in many ways. But the new operating system is distinctly overpriced.” and “But I’ve tested a method that allows you to clean-install the Vista upgrade version on any hard drive, with no prior XP or W2K installation — or even a CD — required.” While this is good news for all who want to upgrade their hardware while installing Vista, it points out a way to buy the cheaper Upgrade version and get the same effect as the more expensive Full version.”

If you choose to dance with the devil, you need to pay the devil his due. A far better choice to send a message to Microsoft that their software is overpriced is by purchasing a Mac or installing Ubuntu or Fedora or Red Hat or SuSE or Debian or just sticking with the software you have. That’s how the market works. Using Microsoft’s software in violation of their questionable licenses just puts you in a bad position. I’m surprised to see Brian presenting it this way: it’s a handy tip for upgraders (and a best practice for getting a stable system), but it’s not the right path for people building new machines. I wonder if Microsoft will be able to patch this behavior to detect this kind of “upgrade” or whether they’ll change their installer to prevent it.

Florida to scrap touchscreens; convictions in Ohio recount-rigging

Ars Technica: Florida to scrap touchscreens; convictions in Ohio recount-rigging

Rumor has it that Florida governor Charlie Crist will announce tomorrow that his state plans to scrap tens of millions of dollars worth of touchscreen voting equipment and move to a system based completely on optical scan ballots. The Miami Herald claims that the total tab for overhauling the states electoral system could be as high as $35 million.

I hope the rumors are true. Optical scan means that voters can see what they voted and mechanical and manual recounts are possible. While there’s still a danger of someone tampering with the optical scanner software/firmware, there’s at least a possiblity of audits.

On the vote rigging, it’s worth reading the entire original article to hear how lame-brained it was. It’s sad to think that the higher officials who ordered/sanctioned/approved or were oblivious to this behavior when they shouldn’t have been, got away scot-free. While the vast majority of voting officials are hard-working honest folks, everything they do has to be transparent and above-board to avoid scandals like this.

Comments on a deadline?

I’ve installed Auto-Close Comments on this WordPress blog. I love having simple programmable widgets to make the management of the blog simpler! However, I notice when browsing the blog that the posts show “No Comments” and you have to click that link to see “Comments are closed.” I’ll see if there’s a way to hack this to prevent annoying readers by allowing a useless click.

Free Linux Device Driver Development

Greg Kroah posts an open letter to all device manufacturers, offering free development of Linux device drivers through the new Linux Foundation (formerly Open Source Development Labs) here:

“The driver will be written by some of the members of the Linux kernel developer community (over 1500 strong and growing). This driver will then be automatically included in all Linux distributions, including the “enterprise” ones. It will be automatically kept up to date and working through all Linux kernel API changes. This driver will work with all of the different CPU types supported by Linux, the largest number of CPU types supported by any operating system ever before in the history of computing.”

Awesome! Read the entire post here

Hauppauge shipping wrong card in PVR-150 boxes

Passing on a warning from the GNHLUG mailing list: at least at, folks are reporting that when they buy a PVR-150, a card for capturing video off cable, they’re ending up with a different card in the box, one that’s not compatible with current PVR-150 software. At our MerriLUG meeting 11 days ago, we had Jarod Wilson presenting on MythTV and the PVR-150 got prominent mention. It’s been on sale recently in on of the Big Boxes. Perhaps it’s being discontinued? In any case, the manufacturer needs to make good on what they claim is in their boxes. Hopefully, this is just a packaging issue.

Followup: nope, it appears to be intentional by Hauppauge. There’s an entry in their Wikipedia page referring to this, and a quick Google shows that this is a known issue on the site and the ivtv-users mailing list. Very disappointing behavior. Caveat emptor.

Watering the Net Roots | Linux Journal

Blogging over at Linux Journal in “Watering the Net Roots,” Doc Searls suggests “On the one hand, you can look at Verizons dumping of rural New England business as a kind of red-lining.” That’s the view of the IBEW over at 3,000 CWA and IBEW Members Fight Rural Telecom Redlining In New England

“Verizon’s landline sell-off is yet another example of a race-to-the-bottom economy,” said Verizon customer service rep and CWA Local 1400 Vice President Mike O’Day, at a public forum in Burlington sponsored by newly elected U.S. Senator Bernie Sanders. “It will adversely affect our jobs and the quality and reliability of local phone service throughout the whole region. Vermonters will be at the mercy of a small, highly-leveraged North Carolina-based company that will try to make a quick profit for its investors.”

In a recent NHPR interview, an economic development specialist stressed the importance of bringing more internet access to New Hampshire, especially the North Country, to develop local high-tech jobs to replace those lost as tourism and the snow season melts away.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.