the debian user

This mornings upgrade of Cacti on Etch wasn’t a very good one - it only displays

Invalid PHP_SELF Path

Get back the old one with:

sudo aptitude install cacti=0.8.6i-3.2

Then things should be back to normal. See also: Bug #479618 with the severity grave.

Update (only one(!) day later…):

As usual, Debian developers are super-fast. Now Cacti 0.8.6i-3.4 is available, and it just works. Thanks, Sean (or whoever uploaded this)! You rock.

Seems like ATI/AMD did the absolute right thing with opening up their drivers and/or hardware specs, following the good example of Intel. The good news of the day are:

If you have an IGP (integrated graphics chip set) like the RS480, or the RS690, then with the patch to a bug in MESA, the open source driver named “xf86-video-ati” now provides 3D, and you can expect that for example Compiz will finally run on your hardware. Non-proprietary.

Read David Airlie’s Blog for more info. Found on Phoronix.

The short version: packages for Fedora 8 and 9 are underway; I’ve read nothing so far within the Debian pages I’m following, but once that patch arrives in Sid, we all know it will take some 10 days or so to make it into Lenny as well.

This is great news indeed. Finally, we can start thinking about actually buying ATI graphics. And choice is what it’s all about, right?

Since I put my workstation, which is at the same time the MythTV server / backend streamer for the family into a new case and added another TV card, I had some issues.

No matter in which PCI slots I used these cards (two analog ones, a V-Stream Terminator with SAA7133 and a Hauppauge Win-TV with BT878 chip sets), they changed device numbers during boot time. So sometimes card 1 was /dev/video0, sometimes card 2 had that device number. Additionally, the BT878 card changed its /dev/dsp number. Not good if after each reboot (and they happen sometimes, because I wanted to dual boot into something newer than Etch for instance), you had to stop the mythtv-backend, change TV-Card settings accordingly, and then to restart the backend again.

This shouldn’t normally happen with PCI cards, but well, different timings, the moon phases, some weird things you could never analyze without real expensive equipment, … after all, a PC is only human as well, right? Hm.

I had read about udev already, but never actually cared much for it, not even to make rules for hot-pluggable stuff like USB sticks and so on. However, now I had to read, so this is what I did. Interesting, really. But for my special case here, a short intro on the MythTV Wiki should also give enough information for those whose /dev/video0 and /dev/video1 are swapping.

For the impatient: find out more than you want to know with just using

udevinfo -a -p $(udevinfo -q path -n /dev/video0)

(or video1 for your second card), then use part of those informations for writing a rule for udev. This is what I ended up with:

# this file was generated by wjl on Sat Apr 19, 2008
# to give persistent names for video and dsp devices to MythTV
#
# Add these symbolic device names to the mythbackend setup,
# and they should not change anymore (be persistent).
#
# let’s start with video:
KERNEL==”video[0-9]*”, ATTR{name}==”saa7133*”, SYMLINK+=”video-saa7133″
KERNEL==”video[0-9]*”, ATTR{name}==”BT878*”, SYMLINK+=”video-bt878″
#
# and then create a symlink for the bt878 DSP:
KERNEL==”dsp[0-9]*”, SUBSYSTEM==”sound”, DRIVERS==”Bt87x”, SYMLINK+=”dsp-bt878″

After that, as already commented in the rule file itself, use these symbolic names in the TV Card Setup of your MythTV backend. And that’s it. After the next boot, you (and MythTV) should be using these symbolic names instead of /dev/video0 or /dev/dsp1.

See “Writing udev rules” on reactivated.net or a pdf from linuxformat.co.uk for further and much more thorough advice.

Steve McIntyre - congratulations!

According to Manoj (and later to Gunnar), “Uncle Steve”, like someone called him at or after FOSDEM 2k6, won the elections and will be the new Debian Project Leader starting this Thursday or Friday.

Steve, whom I had the pleasure to meet at FOSDEM two years ago, will surely be representing the Debian Project in a great way. So this time, our congrats go to Scotland (with greetings to Marc and Raphael as well).

Then maybe you should answer on this and/or this mail. Thanks to Kartik Mistry for pointing us to it via the planet.

Ubuntu community manager Jono Bacon announced the 24th of April as the release date for Ubuntu’s next major - and even long-term stable - release, codenamed “Hardy Heron”.

André Gondim announced and described the upcoming Beta of the operating system, which also has a Wiki page already.

Carla Schroder has an article about how to get a webcam working under Linux.

The interesting part of it: she has a Viewsonic VX2255 22″ wide screen display, which has a built-in USB webcam, microphone, and speakers. And according to Carla, that one works with the uvcvideo driver:

$ lsusb
Bus 005 Device 002: ID 04f2:b021 Chicony Electronics Co., Ltd
$ dmesg
[20093.973828] usb 5-8: new high speed USB device using ehci_hcd and address 2
[20094.211937] usb 5-8: configuration #1 chosen from 1 choice
[20094.318310] Linux video capture interface: v2.00
[20094.341023] uvcvideo: Found UVC 1.00 device ViewSonic 1.3M, USB2.0 Webcam (04f2:b021)
[20094.344865] usbcore: registered new interface driver uvcvideo
[20094.345151] USB Video Class driver (v0.1.0)

Thanks for the good tip, Carla! Maybe we should offer this one to the Linux crowd, for people who need video conferencing. If you consider the built-in extras, it even has a killer price…

Disclaimer: this is what we call “in eigener Sache” in German, meaning something like “on his own account”, according to LEO. What I want to say is - in a short “executive summary”: I just opened ZaReason Europe, based in Germany. So I tried to write something like a press release (link included), and to explain.

It all began during last year’s summer, when I wrote about “The state of Linux on Laptops” on my private blog - which I ended with something like:

” My two cents about this: the state of Linux on laptops is a sad one.”

and:

” I should go and build my own one, and offer it with Debian and (x)Ubuntu preinstalled, and become stinky rich. What do you think?”

Soon after that, I discovered ZaReason, a California-based company who did just that. No, they didn’t become “stinky rich” AFAIK, but they did something even better. They make computers and laptops just for open source people, and in their spare time, they volunteer in the local not-for-profit accrc.org to build even more computers - for free, and for those who cannot afford to buy them. So I wrote about that company here on The Debian User, and called my article “Cool preinstalled ‘buntu systems“. From the responses on that article, I learned that some customers were really happy with what ZaReason did.

I had moved down to Bavaria last year, but the job which brought me here didn’t last too long, so I was looking for alternatives. And while making good contacts to the local Linux User Groups, and helping out the Debian Project with the Systems Fair in Munich, that idea from summer began to form in my head again:

Why not offer computers, pre-built with Linux, to the people I like, or to their friends and families? I’m not a great coder, but as a former sysadmin I know my way around hard- and software enough to set up solid systems. So if these people (Debian Developers and such) provide all that great software, I could at least offer them some hardware, right?

Going that way with ZaReason was only the next logical step. Why re-invent the wheel, or try to set up competition, when there could be co-operation?

So here we are. I sat down for two weeks over Christmas, and wrote a business plan. On January 2nd/3rd, I officially started an own business. Within the next two weeks, I set up another internet server, and began buying and selling stuff already, mostly for friends. I wanted to let Cathy, founder, owner and CEO of ZaReason, Inc. make the official statement, but she asked me to hack up something, and here it is: my first ever trial on a press release:

Press Release from Feb 19, 2008

It’s a .pdf in both German and English, ~60kB.

So - this is posted on The Debian User, and so it will become aggregated on both the English Debian User Planet, and also on Planet SysAdmin. I will also put it into LXer Linux News, but to avoid interest conflicts in the future, I won’t report on ZaReason anymore here or on LXer, only on my private blog. Or maybe I’ll set up a company blog; who knows? Even Jonathan Schwartz writes about business, and I really like what he writes sometimes…

Which ends my lengthy explanation. And also most of my work during the last 2 months, where my family only saw my back, when I was sitting at the computer. But wow, these are interesting times!

In case you didn’t read that pdf, or cannot use the links in them, here they are again:

ZaReason Inc., based in Berkeley, California, and
ZaReason Europe (Deutschland), based in Freising, Germany.

Thanks for your consideration, and for your interest. And thanks again to all the developers of free and open source software - without you, this wouldn’t be possible!

This is aimed at beginners - or at least, at non-developers. Every so often, we forget to mention the “easy” stuff like this, and people get confused, or - like in this case - downright frightened by warnings like these:

I played through this situation here with a virtual Ubuntu 7.10 “Gutsy” machine (in German, but you will get the picture), because on my standard desktop (which is Debian Etch), the “problem” simply didn’t occur, and only after a friend asked me about it, I became aware of the situation.

So - what does this picture mean and say? To the end-user, who may be interested in logging into a site like the one here, or to even buy something from there, it’s a downright scary message - someone could possibly “intercept” his connection like the typical “man in the middle”, and steal at least personal data, if not even credit card information, or money. So, some of the people will be afraid and never come back. Others will probably “just click this thing away” with hitting “OK”, and proceed.

It’s in our responsibility to educate, so this is what I’m trying to do here. So let’s start with the first possible reason for that scary pop-up thing, which says:

“Ihr Browser erkennt die Zertifizierungsstelle nicht, die dieses Zertifikat herausgegeben hat.”

which - translated by me - means:

“Your browser doesn’t know the certification authority which issued this certificate.”

Hm. Could be, right? The problem with those certificates, especially for private people or small businesses is that they are expensive (I know some guy who became a billionaire with issuing those, and later he sold that shop and started a Linux distribution based on Debian). So maybe here we have one of those small shops whose owner cannot afford - or doesn’t want to spend money on - one of those commercially sold certificates. Instead of this, he made up his own certificate authority or used a free one, which isn’t included in the browser’s list of known authorities. Clicking on “Zertifikat untersuchen” (or: “examine certificate”) will confirm the latter.

So - what can we do?

Fortunately, in Debian and Ubuntu, there’s a package called “ca-certificates”, which has a list of those authorities which issue certificates to anyone without asking for money. Ubuntu users wouldn’t find it with the “Add software” menu entry; they have to fire up Synaptic to do so. And Synaptic is found under:

System — Systemverwaltung — Synaptic-Paketverwaltung (in the used German Gutsy), or

Desktop — Administration — Synaptic Package Manager (in my English Debian Etch menu).

Once Synaptic has started, there’s a button “Suche” (”search”), which brings up a small window:

And into that search box, you type in what you’re searching for - in this case, it’s the package “ca-certificates”. Another click on “Suchen” (”search”) in that smaller window will search the already downloaded repository on the local machine for a match.

And voilà - it’s found, and a short description and a list of to-be-imported certificate authorities is shown:

Here I tried to make use of the small checkbox in front of the package name already, and there’s another small window opening, asking me what I’d like to do (with only one possible answer at this point, which I confirmed).

Ok; for the moment this is the only package we want to install, so I have to apply this:

A click on the green-checkmarked menu item called “Anwenden” (”Apply”) will actually start the process of downloading and installing the package, which is what we want in this case.

Still, we have to confirm again, like in the next picture:

Again, we see the packages to be installed, and if we’d like, we could view details about them, we could select to only download but not to install them at the moment, or we just proceed - which is what we do here.

And up comes the next window:

And Synaptic, that nice frontend to aptitude, does its magic. It connects to the repositories defined in /etc/apt/sources.list, downloads the wanted package(s) from the first possible location, and after downloading, it installs them. No need to use any search engine in the world to install software in Linux; especially so in Debian or Ubuntu…

Ok; let’s try again.

The next time the user fires up his or her browser - in this case, Firefox on Ubuntu - the scary security warning doesn’t appear anymore when trying to register or to log in. Instead of this we have a secure https connection with a small lock symbol, which tells us - when clicked - that we are using a web site which is verified by CAcert, which is an authority we now trust. We have a secured connection which uses an AES-256 “scrambling” of the whole connection. So we’re not afraid that anyone except the server we want to reach will get any information.

What if it didn’t work? Could be that we’re using a different Linux distribution, or even a proprietary operating system, or Firefox is simply not aware of the changes?

Well, if your Linux distribution or other OS doesn’t have the ca-certificates package, you have to manually download the root certificate from cacert.org - they have a Howto on their Wiki page which explains how to do that. Get their cert as a *.pem file, and save it somewhere (in Debian/Ubuntu, the place for this would be in /etc/ssl/certs).

Then, within Firefox:

You go to Einstellungen — Erweitert — Verschlüsselung — Zertifikate anzeigen

(Preferences — Advanced — Encryption — View Certificates)

Here you can check if you really have the needed authority:

As you can see here, you won’t find CAcert under “C”, but under “R” - like “Root CA”. If you do not see CAcert as an authority at this point, then you can import the manually downloaded or ca-certificate-included *.pem from this window.

Like mentioned already, under Debian or Ubuntu, you’ll find it in /etc/ssl/certs:

Here also, it is called “root.pem”. Once you “open” this (”Öffnen” in German), it should become installed into your browser.

And from now on, the security warnings should have gone.

What have we learned? Well, from now on you can visit the secure sites of friends or small businesses without being afraid - and you have done it the correct way, with not just clicking away things with “Accept”, without really understanding them.

If you have an own web presence which has an own IP address (a small so-called “vserver” will do), then you can do the same to get your site secured without spending lots of money to do so (tho setting up this is probably beyond “entry” level, but I can explain that later, should the need arise).

Now have fun and feel safer.

For those of you who want to test the upcoming “Etch-and-a-half” before it’s even released, I stole these lines from the official Wiki page:

How can a user test Etch-n-Half before it’s released ?

Simply add the etch-proposed-updates sources after main in your /etc/apt/sources.list.