Ravelry is a knit and crochet community. In an interview with Tim Bray of ongoing, their site engineer Casey Forbes says: “We have 7 servers running Gentoo Linux and virtualized into a total of 13 virtual servers with Xen.” On these servers they use nginx, HAProxy, Apache, MySQL, and of course Ruby on Rails (with Passenger). And how they use it!
We’ve got 430,000 registered users, in a month we’ll see 200,000 of those, about 135,000 in a week and about 70,000 in a day.
We peak at 3.6 million pageviews per day. That’s registered users only (doesn’t include the very few pages that are Google accessible) and does not include the usual API calls, RSS feeds, AJAX.
Actual requests that hit Rails per day is 10 million.
900 new users sign up per day.
The forums are very active with about 50,000 new posts being written each day.
Thanks for sharing the details, it’s what keeps us developers running. At least those as vain as me.
Just like last year, the German publication Linux Magazin, interviewed projects at LinuxTag and created a video collage. If you’ll skip through the video anyway, be sure to see fauli and me dance at 1:30 and lu_zero at 6:20. Ohh, and you want more pictures? Check out this site with pictures by Andie Gilmour.
LinuxTag 2009 is over. I slept 12 hours after that, slightly less than the total of sleep I got throughout the four days. But it was amazing. There’s so many people I have to thank that made this a unique experience. Here’s my attempt at a partial list. Thanks to…
- All visitors for keeping us busy through discussions, compiling buttons together, and by accepting all our sneaky attempts to hand out flyers.
- Gentoo e.V. for covering the costs for printing flyers, buttons, banner, sweets and drinks.
- Alex Legler for designing the flyers, the banner, making sure they get printed in time, and manning the booth.
- Sebastian Pipping for designing both the t-shirts and word cloud with me, and giving valuable of feedback on the booth presentation. He also organized sweets and the diner table of Tuesday evening.
- Christian Faulhammer for manning the booth longer than anybody else; he helped out throughout all four days, from the first minute until his train left.
- Tobias Scherbaum for approving all our funding requests; being there even at a busy time and organising the two Gentoo book samples.
- Wernfried Haas and Claudia, for creating and hanging up the great Larry prints again. What would a Gentoo booth be without them?
- Sebastian Dyroff for driving all the boxes to the exhibition grounds and back to my place, and staying at the booth for quite a while.
- Luca Barbato for being around every now and then, while not busy at the ffmpeg booth.
- Florian Streibelt for fixing the presentation machine, providing some hardware on short notice and his booth service.
- Daniel Sturm for lending the button machine and buying all supplies, and manning the booth.
- Fabian Groffen for taking the long drive from the Netherlands, and work the booth despite partying.
- Valentin Haenel for being at the booth on Saturday.
- Torsten Schmits for manning the booth on Friday. (Hope you get better soon!)
- Björn Tropf for preparing the flyer with Alex and being there two days.
- Gordon Malm for proof-reading and improving the flyer.
- Tobias Kral and an unknown messenger for getting the stickers and mouse pad to the event.
- Benedikt Böhm, Christian Parpart, and Hanno Boeck for stopping by at the booth and saying hello.
- All LinuxTag helpers for all the work they did, including full-time catering. Special thanks to Daniel, Sebastian Pipping and Fabian for participating in that.
- All corporate sponsors of the event, they paid for catering and parts of the Social Event.
- Fedora for the free pizza on Friday.
- Ubuntu Berlin for the barbeque on Saturday.
- All those who offered help for next year. We will come back to you, LinuxTag 2010 is June 9 to 12.
Let me finish with a few bytes of statistics. There were more than 10 000 visitors, we sold 39 t-shirts, drank 34 bottles of Mate and 10 bottles of water, and ate 3 kg of sweets. Ohh, and here’s us again:
Last row, from the left: rbu, grobian, sping, fauli behind dertobi123, a3li, Claudia and amne. Front row: Florian, Sebastian Dyroff, Dan Levin.
It’s time for a great summer in Germany again! And what better opportunity to spend it than with Gentoo friends at LinuxTag?
The largest Linux consumer and developer fair in Europe will be taking place Wednesday, June 24th to Saturday, June 27th. And of course Gentoo will be there with a booth. Meet some of the developers of your favourite distribution, and satisfy all your ebuild needs, maybe even have us fix one or the other bug. We even hope to bring some merchandise this time. So if you haven’t registered for a hostel or hotel, you might want to do that now.
You are also more than welcome to contribute to the booth, either by attending as a staff member (free entrance to the show is only one of the many benefits!), or by organising t-shirts, flyers and maybe even cups. Please contact me via email if you’re up for that.
And now back to hacking on my thesis and some security bugs… oh, and NetworkManager 0.7.1 is coming, thanks to Robert Piasek and Gilles Dartiguelongue who have been contributing a lot to the ebuilds while I was slacking.
I often need to copy small files (configs, scripts, patches) from one machine to another and I have found using “cat” and copy-paste to be very unreliable for this: You lose tab characters, file names, permissions, and it cannot handle binaries. Plus, it gets tedious for long text files. So I added a function to my .zshrc that takes file names as an argument and prints shell code you can simply copy and paste into a remote ssh session. The current working directory will then contain the files:
rbu@localhost ~/copy-example $ ls -l
total 8.0K
-rw-r--r-- 1 rbu rbu 29 2009-04-01 17:24 doc1
-rwx--x--x 1 rbu rbu 181 2009-04-01 17:25 some-bin
rbu@localhost ~/copy-example $ copy doc1 some-bin
cat<<E=O=F | perl -MMIME::Base64 -e 'print MIME::Base64::decode(join("", <>))' - | tar xj
QlpoOTFBWSZTWbDjvy4AANl///6/SH1QLn+oZAgORH7jngCAcExyZEJgBABAYABqMEQJMAEbbbMN
QKR5TaEwAn6oxGaGiYAQDCNPTSY9QmTT0AaptKbUxGhHoaAE0aY0AAAEMJowEYTJglEinqD1Mgeo
ZGagAHqM0RkyNAD1D1PUADynlMBeffJ2xSkqIiZOGCIOv87QvSzIWsqS1GG4qIB55xMGD5cgy2Ya
IgH0wmmgmcKCEZJL0BilCat4n/ubxlVIXfIgMCABOZxo2zA0pK5IxR1+ikXrUe7bmHxeL1jyK6fe
fcO0xLbzPXYIxokkI+yKJynt03pqRDZQfBMbvdEaBRQwjQZvEhdVNDcIAOAhVyeeaKerlMFSJYBM
56ibgEosooEIAO8PC9oAbQmOVk8YoGRBgkN9wH8oaOxCgeCuu6VCljLtzvDSGdIYGcPOgRVh+LBi
u/AotDOnl/uuQtH7Md37RU6SE4jjPOLUEHLj0OIOKTNkqk1FiehcQSg62CAQ/4u5IpwoSFhx35cA
E=O=F
On the remote host you can simply paste this code:
buchholz@remotehost:~/target-dir$ ls -l
total 0
buchholz@remotehost:~/target-dir$ cat<<E=O=F | \
perl -MMIME::Base64 -e 'print MIME::Base64::decode(join("", <>))' - | tar xj
> QlpoOTFBWSZTWbDjvy4AANl///6/SH1QLn+oZAgORH7jngCAcExyZEJgBABAYABqMEQJMAEbbbMN
> QKR5TaEwAn6oxGaGiYAQDCNPTSY9QmTT0AaptKbUxGhHoaAE0aY0AAAEMJowEYTJglEinqD1Mgeo
> ZGagAHqM0RkyNAD1D1PUADynlMBeffJ2xSkqIiZOGCIOv87QvSzIWsqS1GG4qIB55xMGD5cgy2Ya
> IgH0wmmgmcKCEZJL0BilCat4n/ubxlVIXfIgMCABOZxo2zA0pK5IxR1+ikXrUe7bmHxeL1jyK6fe
> fcO0xLbzPXYIxokkI+yKJynt03pqRDZQfBMbvdEaBRQwjQZvEhdVNDcIAOAhVyeeaKerlMFSJYBM
> 56ibgEosooEIAO8PC9oAbQmOVk8YoGRBgkN9wH8oaOxCgeCuu6VCljLtzvDSGdIYGcPOgRVh+LBi
> u/AotDOnl/uuQtH7Md37RU6SE4jjPOLUEHLj0OIOKTNkqk1FiehcQSg62CAQ/4u5IpwoSFhx35cA
> E=O=F
buchholz@remotehost:~/target-dir$ ls -l
total 8
-rw-r--r-- 1 buchholz buchholz 29 Apr 1 17:24 doc1
-rwx--x--x 1 buchholz buchholz 181 Apr 1 17:25 some-bin
And now for the shell action to do this (in ZSH):
function copy() {
STR=$(tar cj $@ | perl -MMIME::Base64 -e 'print MIME::Base64::encode(join("", <>))' \
- ; exit $pipestatus[1] ) || return $?
echo "cat<<E=O=F | perl -MMIME::Base64 -e \
'print MIME::Base64::decode(join(\"\", <>))' - | tar xj"
echo "$STR"
echo "E=O=F"
}
If you are using bash, you need to replace “exit $pipestatus[1]” with “exit $PIPESTATUS” :-/
OpenSSH 5.1 is out, and besides a Security issue that does not affect Linux or the BSDs, it includes a new feature labelled VisualHostKey, aka SSH Fingerprint ASCII Visualisation. Using an idea proposed in the 1999 paper Hash visualization: A new technique to improve real-world security by Perrig and Song, an image with 18×9 resolution is generated from the fingerprint of the SSH server, and is displayed to the client.
Since the feature is experimental, and the algorithm to generate the image should not be considered final yet, display is disabled by default. You can see a test-run in the screen capture, and a (just for fun) list of images of my known hosts. I wonder how long it takes to remember that face… doesn’t it look like bit like Marge Simpson?
Now why all this, you are asking?
It is deemed that images are easier to compare and remember than the usual 32 hex digits, and I believe everyone has to judge by him/herself if that is true. How many of those SSH/OTR/SSL… fingerprint digits do you check*? All of them? Any, at all? Where did you derive your latest Firefox SSL CA certificates from? At a time where I cannot trust my provider to run a secure DNS server, verifying the authenticity of either the other side of communication, or the data in transit is most crucial. Let’s finally get that Tree Signing going!
* If you only check the first 4 digits, and the last 2 — you are riding on a 24 bit fingerprint.
There are only two days left until the LinuxTag in Berlin will start (May 28-31), and Gentoo will be featured with a booth again this year. It’s been some busy weeks for us, and I hope our presentation will turn out to be satisfactory. Even if we do not have the financial backing of other projects.
Speaking of money, if you are still in need of free tickets for all four days, drop me a mail. First come, first served.
If you run any kind of server, especially Debian or Ubuntu, or grant users access to your server, you might want to read the Debian Security Advisory DSA-1571-1 or Ubuntu’s Security Notice USN-612-1 for CVE-2008-0166, and check your encryption keys:
It is strongly recommended that all cryptographic key material which has
been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
systems is recreated from scratch. Furthermore, all DSA keys ever used
on affected Debian systems for signing or authentication purposes should
be considered compromised; the Digital Signature Algorithm relies on a
secret random value used during signature generation.
The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
distribution on 2006-09-17, and has since propagated to the testing and
current stable (etch) distributions. The old stable distribution
(sarge) is not affected.
Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
connections. Keys generated with GnuPG or GNUTLS are not affected,
though.
This vulnerability is caused by a patch shipped in Debian, Ubuntu, and other derivatives. Gentoo’s OpenSSL version is not affected, but everyone should check user-provided public keys (such as OpenSSH’s authorized_keys) using the Debian/OpenSSL Weak Key Detector.
Update: Ben Laurie of OpenSSL is making a point that Vendors Are Bad For Security, which I would not follow in that general form. What I have to grant him: Mechanisms of peer review must be employed properly and patches discussed with upstream. If you follow this philosophy, Vendors Are Good For Security.
The TU Berlin students of the Freitagsrunde, which I am a part of, organized a series of talks last summer called the Distro Bash. In three sessions Linux and Unix enthusiasts met and discussed merits and flaws of their favorite (or most hated) distribution. Most of the speakers were active users or developers, who studied or worked at the TU Berlin. The talks were rather informal, usually accompanied by live demonstrations. We had about 30 to 40 people attending each session and I learned a lot about how other systems work.
Apparantly, I was not the only to feel this way. Tobias Klauser of the Zürcher Hochschule für angewandte Wissenschaften in Switzerland who heard of (or attended?) our series started an own session of Distro Bashs in the Linux User Group of his university. Too bad I can’t be there, but it’s great to see how our idea travels and evolves. Read more about it in press reports at Pro-Linux and symlink.
