Leaderboard

Funtoo Newsletter, January 2023 A lot goes on in the Funtoo Community in a month. Here are some highlights of what happened along the month of January 2023. And the first thing we have to announce this month is the start of this monthly newsletter itself! Funtoo Newsletter The lack of consistent and effective communication over time have led even active contributors to remain oblivious for months of certain developments have been put forth by other members. This can make things confusing and even frustrating. In order to keep everybody up to speed with what's happening, including major software updates, infrastructure upgrades, community rules, new projects and future expectations we will be publishing this short newsletter every month. Linux 6.1 sys-kernel/debian-sources was upgraded from v.5.18.16_p1 to v6.1.4_p1. This means that now we have '''Linux 6.1''' on Funtoo! The upgrade was fast-tracked due to issues with Realtek Wi-Fi in the previous official kernel, 5.18.16_p1. You can read more about the Realtek Wi-Fi issues in Funtoo Bug https://bugs.funtoo.org/browse/FL-10937. This issue is confirmed fixed in v6.1.4_p1, but Linux 6.1 brings much more. The jump from 5.18 to 6.1 brought 15 thousand non-merge commits, with a lot of improvements. Here are some highlights: Official support for Intel 4th gen Xeon and 13th gen Core (Raptor Lake) processor. Support for ARM-based laptops, such as the Lenovo ThinkPad X13s with the Qualcomm Snapdragon 8cx Gen 3 chip. Support for the new Intel Arc dedicated GPU's. Better performance for AMD Ryzen Threadripper and AMD EPYC. Better Btrfs performance. Countless new drivers, for devices ranging from GPU's to hardware sound and gamepads. Whether or not you will see any difference or not depends a lot on your particular CPU, GPU and other devices, but some people did report that everything seemed to run faster on the new kernel. Plasma-5.25.5 / KDE Gear 22.08.1 These are mostly bugfix releases that came out in 2022's last quarter. After a good amount of internal testing, the new releases have been incorporated into Funtoo in January 2023. Thanks to R0B for pushing this forward and all who tested it (Special thanks to Morphmex!) Some minor bugs were encountered after this update during last month, but they were quickly resolved. Scanner Support for Next Some dependencies had been “beard-trimmed” from Next-release and the scanner support was broken. Now, all the Sane Frontends/Backends, XSane and scanner drivers are fully supported on Next, including OCR capabilities. Development Languages Funtoo now has Go v1.19.5 and Rust to 1.57.0. Python 2.7 is still available but is deprecated, as there's no upstream support anymore. Some packages still require Python 2, but we are working towards upgrading or removing those packages. OpenCL eselect deprecation Funtoo has an eselect module for OpenCL, which allowed the user to choose among different OpenCL implementations (Mesa, AMD, Intel, NVIDIA, etc.). However, in most cases that job can be done by dev-libs/ocl-icd and nvidia-drivers now installs files in different locations, which prevent eselect from working. Some work has already been done towards removing the dependency on app-eselect/eselect-opencl from the ebuilds and we still have 9 ebuilds on the tree that do. When that work is concluded, app-eselect/eselect-opencl itself will be removed from Funtoo. Development Model Changes Funtoo has long adopted the BDFL model (like the Linux Kernel Project), where the decision making was centralized around Daniel Robbins and the staff just followed along. From December 2022, up to the first half of January 2023, a new system was introduced, where Daniel stepped down and BDFL and the decisions were taken by consensus among the staff, as Daniel focused on moving his family across the United States. In the Funtoo project, it was an interesting experience. There was very good work done by borisp, siris, coffnix, adbosco and others on a technical level -- and things looked like they were going in a good direction. But some problems were encountered. Daniel jumped back into BDFL role by the end of January. Daniel saw evidence that too much was given to this team, too quickly, with not enough support, training and clear responsibilities. While they did an admirable job in many areas, 1.4-release had some unresolved breakage lasting several weeks, and the python packaging package had been broken and gone unfixed for some time. While Daniel was originally very upset, he concluded in the end that the staff were put in a challenging situation, performed admirably especially considering the circumstances, and apologized for getting upset in the first place. He acknowledged that he often has unreasonable expectations. More work needs to be done to find the optimal model to allow community leaders to succeed. This realization gave birth to additional development of a more defined community leadership model, which shall be gradually implemented throughout the next few months. It will likely be a mentorship model and as it takes shape, announcements will be made to recruit people interested in learning and contributing in different areas of the Funtoo Project, and an emphasis will be placed on skill building. Stay tuned!

Not sure how many people out there are like me, but here is a project I just about to complete for a client. I'm not in the IT industry, I'm in construction, a master plumber by trade, but do a lot of building management system integrations, and a lot of really specialty projects, like custom fire pits with iPad controls, high end pools ( we're talking 100K gal completely automated, heat pump / solar water heater for potable water, large solar systems ( looking forward to trying out the Tesla Power Wall ). Generally, anything that requires a computer interface, I'll do. Basic anything is boring, and not for me. Well, this leads my to my latest project that's wrapping up. (3) Years ago, I did a pool system for a client, but they didn't have time to build a structure over the equipment, and over the last (3) years the equipment is starting to fail, the Bahamian sun and sea is brutal on this kind of stuff. So I proposed to he client to build a structure over the equipment to protect it. He said great idea, what will it cost, and I went huh? After some thought and a lot of design work, I draw some plans up and priced it to the client, and he said great, when can you start. So here is the original design. And here is the final structure without paint. The only modification from the original design was the doors, which I custom built from Number 1 grade fir, and used some left over epi wood for the siding. Sanding and painting is all that is left.

Better Late Than Never! Our third newsletter is a bit late -- but has an in-depth article on some as-yet-unexplained aspects of Funtoo related to metatools and our CDN. Definitely worth a read! Each newsletter, we are going to try to feature an in-depth article combined with key Funtoo news for the month. Linux Kernel 6.1.20_p1 is Now Available The sys-kernel/debian-sources-6.1.20_p1 has been unmasked on the meta-repo tree and is available for regular upgrade for everybody. This is basically a “bug fix” upgrade, as no new features or modules were announced. However, 1185 files have been touched by bug fix commits since v.6.1.12_p1, so you might want to consider upgrading your kernel to benefit from them. The Funtoo CDN and Metatools Most people are aware that Funtoo has its own CDN (Content Distribution Network), but few understand the role it has been playing in Funtoo and the potential it has for the future. Over the last month there have been interesting developments regarding the use of the CDN associated with Funtoo Metatools. Metatools lets Funtoo auto-generate up-to-date ebuilds from sites like GitHub. This month we saw the realization of a year-long effort which made Go and Rust packages a lot more efficient. In this article, you will learn about the evolution of our content distribution, from the early days of Gentoo to the latest stage at which Funtoo finds itself right now, as well as some of the inner workings of Metatools and how to use the new extensions in your Go and Rust autogens. Background Historically, Linux distributions used a network of mirrors to distribute their packages, installation media images and so on. This would provide faster downloads for users all over the world who could select a close-by mirror — often inside the very institution they were working from — while also alleviating some of the load on the primary servers. Gentoo made use of a traditional mirror network to distribute its installation media and distfiles but introduced an innovation: for the small files that make up the Portage tree, Gentoo started using the relatively new rsync protocol instead the traditional ftp and http, guaranteeing that only the files that needed update were downloaded, which made the updates a lot more efficient. Funtoo inherited that system from Gentoo, but soon innovated again, adopting the then new “git protocol” instead of rsync. Now instead of downloading the files that changed, it downloads only the changes themselves (the git “deltas”), making the updates even more efficient and faster. Also, this meant that the master Portage tree could now be hosted on GitHub, doing away with the burden of maintaining a network of rsync mirror servers for the Portage tree. This move also made it feasible to group the previously monolithic Portage tree into logical “kits”, each in its independent repository within the “meta-repo”. However, git by its very nature is not suitable for hosting binary files and therefore cannot be used to distribute installation media and pre-built packages, for example. Thus, just moving from rsync to git didn’t mean that Funtoo wouldn’t need to manage a mirror network anymore; installation media, stage tarballs, distfiles and occasional pre-built binaries still needed to be made available for download somehow. At this point, Daniel decided to reach out to CDN77, which generously offered to provide CDN resources to the Funtoo project. The Funtoo CDN A CDN (Content Distribution Network) serves the same purpose as the “mirror network”, but it’s hard to even try to compare what they really are. The best-maintained mirror network will look amateurish and won’t compare in terms of performance to a modern CDN service. The CDN77 service uses caching and high-speed links to make the files easily and rapidly downloadable worldwide, using several geographic endpoints that can cache files and communicate rapidly between each other. For practical purposes, let’s just say that the user doesn’t need to select a “best mirror” and there are no outdated or down mirrors. From the user standpoint, all the available ISO images and stage tarballs appear to be under one single URL: https://build.funtoo.org/, and the distfiles referred to in the ebuilds appear under https://direct.funtoo.org. The CDN will transparently select the fastest route between the user and a server that can deliver the content at the moment of the request. The CDN does not only manage mirrors in strategic points around the world, but also the content can be cached by ISP’s, making it readily available at the fastest speed possible to the users who connect to them. It doesn’t matter if you are in Los Angeles, Bucharest, Jakarta, Buenos Aires or Cape Town, you will have the same fast and reliable experience downloading content from a CDN. This move completely freed Funtoo from the need for any kind of mirror network for any purpose. At first, only the Funtoo stage tarballs and distfiles were uploaded to the CDN. But there were some distfiles referenced from some ebuilds from the Gentoo snapshots that were using Gentoo mirrors, which risked being altered or removed without notice. Realizing that, Daniel wrote a script to populate our CDN with a full collection of source code, so that this would not become an issue. Then the CDN was made the default “mirror” for all distfile sources and the “fastpull service” was added to the Funtoo Portage, providing users with a fast, reliable and universally accessible download point for all their source code. But Funtoo is not about ebuilds from Gentoo snapshots. The real deal are the “autogens”, which in theory can generate anything — not just ebuilds — using the logic contained in a “generator”, and a Jinja template. Metatools is essentially an advanced Python-based API for creating ebuilds, which contains useful tools for automatically checking the latest or all the available versions of packages, downloading the sources and generating ebuilds based on information found online or contained inside the downloaded tarballs. The generator can also take parameters from a YAML file, thus allowing a single Python generator to generate ebuilds for hundreds of different packages. It Starts With the Spider Metatools itself has a highly-efficient Web spider which is used to download the sources for all autogenned ebuilds. When the autogen is run in developer mode, fastpull only downloads the source tarball to the local computer, but when it’s run on our official regen infrastructure, all distfiles grabbed by the spider are immediately made available on the CDN, so that source code is always available even if the original repository goes offline. In 2022, the second-generation of our fastpull technology was released, which stores files indexed by their sha512 sum hash rather than their file names. Thus, Portage can request distfiles from our CDN by their sha512 sum hash, and then save them locally with their original file name. This completely eliminates the possibility of having an infamous Portage “digest mismatch”. Also in 2022, the ebuild-generation component of metatools gained a new and very powerful feature called “Dynamic Archives”, which allows the autogens to create their own tarballs. These can be modified or repackaged versions of the original source tarballs, maybe with the addition of some icons or documentation downloaded from different places. They can also be a “prepared” version of the sources, so that the generated ebuild can drop the dependencies that would then be needed to prepare the sources or build the documentation. They can be used to build tarballs from git clones that include git submodule sources, which are usually missing from the GitHub tarballs. This leads us to the biggest story of March, 2023: the new golang and rust extensions to the github-1 generator that showcase the power of the Dynamic Archives within metatools. The golang Extension Metatools have had for some time the ability to peek into source tarballs for software written in Go Language to extract the gosum hashes and download urls for its dependencies, which could then be used to create an ebuild with a long SRC_URI, which would hold both the URL for the main package and also all its dependencies. This allowed us to have up-to-date ebuilds for packages that were written in the Go Language. In order to use this generator, however, it was necessary to use a custom python autogen rather than a generic YAML one. Also, the resulting ebuild was sub-optimal, since it was based on the existing Gentoo go-modules.eclass which required listing every single required go module individually in SRC_URI. For many golang-based ebuilds, this resulted in hundreds of entries in SRC_URI. Even though our CDN is very efficient for downloads, Portage downloads files one at a time, so each entry in SRC_URI takes a minimum of a few seconds each to download. Add a hundred (or two!) entries in SRC_URI, and the download of sources could take 10 or more minutes! Quite annoying. Fortunately, Funtoo doesn’t have to settle for that sub-optimal experience. Thanks to dynamic archives, invakid404 and drobbins were able to develop a solution. Rather than individually list each required go module in an ebuild, the autogen itself could create a single tarball which contained all necessary go modules, and this tarball would be magically populated on our CDN. The ebuild could now reference one additional file, rather than hundreds, and we were able to magically work around the Portage fetch performance issue. Emerging ebuilds for golang-based packages could be made fast again. As of April 5, 2023, these dynamic golang autogens are now active in the main tree – net-misc/rclone is one example of such packages. To make these improvements easier to use, the go-modules.eclass was optimized to transparently use Funtoo’s go-module bundles, and a new extension to the metatools github-1 generator was introduced. To make your golang-based autogen automatically create a “golang bundle” (tarball), just two additional lines are needed (the last two ones in the YAML below): mypackage_rule: generator: github-1 packages: - my package extensions: - golang The rust extension Also included in the harvester/2023-03 branch is the "rust" extension to the github-1 generator, which works in an analogous form to that of the golang extension, with a conjunction of new code added to the existing rust metatools sub and to the github-1 generator. harvester/2023-03 has been merged into "production Funtoo", meaning that this functionality is now fully active and in use. Next Time In the April issue, we’ll begin a series of tutorials on Pull Requests and the Funtoo Git Repository and how it works. You’ll learn about the Funtoo tools & metatools, the kit-fixups repository, and end with the git pull request workflow.

Our Second Newsletter! Welcome to our second official Funtoo Linux newsletter, covering the time period of February 2023! It’s exciting for us to get into a rhythm with newsletter releases. We have a much meatier newsletter this month, with recent technical updates, great news about Oleg aka angry_vincent, a profile of Kery, a new user – and his install challenges, and some really useful and detailed info about our bug tracker and how to use it well. Let’s start by covering the latest updates: Latest Updates Funtoo Linux now has debian-sources-6.1.12_p1 enabled by default. This appears to be working well with all the key packages that require kernel compatibility (zfs-kmod, nvidia-kernel-drivers). Harvester’s “harvester/2023-01” branch has been merged into master, meaning that all harvester changes are now part of official releases. The most notable change is an upgrade of binutils to 2.39_p5, as well as a harfbuzz update. We now have “harvester/2023-03” active and ready for PR’s. Our focus for March – updating Xorg. Adriano Bosco (aka “adbosco”) is working on this at the moment. Oleg and Ukraine Those who have been a part of the Funtoo community for quite some time are aware that Oleg, aka angry_vincent, used to serve as the project lead for several years, where he competently supported the Funtoo user community with great support and assistance. You may not be aware, however, that Oleg lives in Ukraine, and has been very personally impacted by Russia’s invasion of Ukraine, even prior to the “special military operation”. By extension, there is a personal connection between the events in Ukraine and the Funtoo Linux project. Even though the conflict is very far away from most of us, it feels very close. There is good news here, though. Daniel has been chatting with Oleg recently and Oleg will be assisting with maintenance and improvement of Funtoo from Scratch, and associated efforts, as he is able. We are really happy to have Oleg back in our community. If you see him around online, please welcome him back! New Jira We are now running a new version of Jira, which comes with its own set of changes. Let’s look at each one. Comments The latest comments on each issue are now at the top of the page, rather than the bottom. This is more convenient for some. However, this feature is still in its infancy, and even with the latest comment at the top of the page, there is a problem – the “Add Comment” button will still be at the bottom of the page, so if you want to add to the discussion, you have to scroll all the way to the bottom of the page anyway. D’oh! And if it’s an issue with many comments, the latest ones will be hidden, so you can’t easily reference the latest comment to write a response. Double d’oh! Atlassian, please fix this soon! You can toggle back having the most recent comment at the bottom of the page by clicking this button on the right top of the comments: Workflow Cleanup In a feature that is better thought-out, workflow steps are now organized under their own sub-menu, rather than being individual buttons. This is a welcome change which cleans up the UI quite a bit: New Rules? In addition to Jira itself, the official “rules” for creating an issue on the Funtoo Bug Tracker (https://bugs.funtoo.org) were updated by Daniel. Previously, Daniel had a very gentle and metaphorical set of guidelines, which were in green, which appeared when the “Create” button was pressed on bugs.funtoo.org. Now, there are much stricter and direct rules that appear, which are in red. The underlying philosophy hasn’t changed, but the way the rules are being explained has gone through a dramatic change. The new bug tracker rules are designed to set clear expectations on what is acceptable, to ensure that compliant bug reports are filed. The stricter rules are necessary to provide clear guidance to the community, but are not intended to discourage you from filing issues on the bug tracker. Just please follow these new rules, and you will be fine. Here is the new text: If you are using personal overlays, custom USE settings or other non-standard things on your system, then your bug will be given low priority or may even be closed with little or no explanation. We are focused on supporting Funtoo users, who use Funtoo's official profiles with minor deviations only. In your new issue, please include: A description of what you were trying to do -- not just the actual breakage. This is called giving us context. A description of what happened. A description of what you expected to happen. How you are being impacted by this issue. Please attach build logs and ego profile show output, if appropriate. For feature requests, new package additions or other improvements please include an explanation of why the issue is important to you and could be beneficial to the Funtoo community. Please include any other information that might help us reproduce the issue. Please DON'T do the following: DON'T attach emerge --info output -- instead please attach ego profile show output as is much more useful and will allow us to try to reproduce the issue. DON'T use anything in Gentoo as justification to do or not do something in Funtoo -- Funtoo is a separate community with its own processes and development and we are under no obligation to do something just because Gentoo does it, or not do something because Gentoo doesn't do it. Please see the Wolf Pack Philosophy for more background on these rules. Users who repeatedly and flagrantly ignore these rules when reporting bugs may be banned from the Funtoo bug tracker and related community resources. It’s worth spending some time to discuss the rationale behind this change, and how Funtoo intends to use the bug tracker going forward. Bug Tracker 101 Let’s dive into some deep thoughts about the bug tracker, which will help you to understand why we do things the way we do, and help you use the bug tracker as an expert. The Funtoo Project utilizes the bug tracker in a quite peculiar way. Most projects will put in place strict rules in certain areas, but not others. For example, in most communities, you can receive unpleasant feedback from developers if you file a duplicate or if you let it show that you didn't read and understand the documentation thoroughly. On the Funtoo bug tracker, duplicates are welcome: they show that there are more people concerned about that issue, each one with their own personal experiences. On Funtoo, if you struggled enough trying to accomplish something to the point you thought you found a bug, then we consider it to be a bug, even if the issue was caused by something you did wrong. In the Funtoo ideal, everything should “just work” in the most intuitive way possible. If it doesn't, then that fact, in and of itself, is a bug. This is also different from most projects. Our openness about user experience provides some temptation to use the bug tracker as the project’s main forum for discussing various ideas and improvements – and here is where it is important to understand a subtle but important rule that is enforced: any idea proposed on the bug tracker as a feature request should include justification as to why this change would be beneficial to you as well as to the larger Funtoo community. This means you should not simply describe the technical change, but also make clear the motivation and reasoning behind it. This is very different from how most bug trackers operate, where pure technical discussions are the norm. In Funtoo, the “heart” of every issue should be a human story and with a clear explanation of how it benefits people. Not sure if others are interested in your idea? At least explain how it benefits you. So, you have permission to discuss your personal needs on the bug tracker. But at the same time, Daniel doesn’t support the idea of using the bug tracker for general discussion – all comments on each issue should be focused on the specific issue at hand, and moving it towards resolution. And careful attention must be paid by all participants to not “hijack” the issue with tangential comments or ideas. The bug tracker is not an appropriate place for a “general brainstorming”-style discussion. If your idea is still in the brainstorming stage, Funtoo Linux does have forums at https://forums.funtoo.org, which are recommended for discussions, as well as Discord and Telegram servers/channels. These are great resources for soliciting feedback on your ideas. So – did I mention that Funtoo rules were a bit peculiar? These subtle but important rules, when followed consistently, make a huge positive difference for the Funtoo community. This user-centric way of using the bug tracker – with clear limits – tends to get misunderstood. Users will assume we allow free-flowing discussion, or think we are extremely strict and avoid reporting important issues that are annoying to them personally, thinking we don’t care. Neither one of these extremes is the reality at all. It’s probably fair to say that we are strict in how we use the bug tracker, but we are strictly focused on having a productive and positive force for improving the human experience with Funtoo. Finally, it’s important to understand that in Funtoo – unlike in Gentoo – we are all using standardized profiles, not every possible USE flag combination – and that the bug tracker is primarily focused on improving our official profiles. Issues related to non-standard settings will be significantly deprioritized. On the other hand, if our official profiles aren’t working for you, that itself is a bug, and you should explain how our default settings are sub-optimal and how we should change them or improve Funtoo so you don’t need to use custom USE settings in the first place. If in doubt – create an issue. We will give you feedback if it is best handled elsewhere. New User – Kery Kery joined the community on February 17th, when he was about to install Funtoo for the first time. He downloaded the GNOME stage3 Westmere tarball and started the installation process, but he would run into weird error messages, like chroot and even bash failing due to “illegal instruction”. It turns out that Kery had chosen the correct sub-architecture tarball “Westmere tarball” for his Pentium P6200 (Arrandale variant of Westmere), but the fact is that P6200 lacks the extensions SSE4.1, SSE4.2, AES and PCLMUL, which GCC assumes are available on every Westmere chip. The solution was to choose the core2 tarball instead, which matches the Westmere Pentium P6200 actual available instruction set. Basically, what happens here is that the chip manufacturer and the GCC developers have different opinions on what constitutes an “architecture”, or “sub-architecture” to use the Funtoo terminology. For the manufacturer, “architecture” means how the chip is physically built; for GCC, it means what instruction set is available. Both are correct most of the time, but in the case of the Westmere chips, not all models ship with the same instruction set. In the P6200 case, it has the same instruction set as what GCC considers to be a Core2 chip. Kery also found out that our fchroot tool would silently fail when there was a CPU instruction set incompatibility between the binaries in the tarball and the physical hardware on which fchroot running. After working through these issues, Kery managed to successfully install Funtoo on his P6200 box using the Core2 tarball, but when he tried to run any GNOME application, the entire session would crash and he’d be thrown back to the login screen. He had followed the instructions in the documentation in the order they were presented, but that didn’t lead to a working GNOME desktop as expected. It took some digging, but he soon found out that the problem was that he hadn't installed the correct X driver. So, he went back to the documentation to find out how to do it. He learned that he needed to add the “gfxcard-intel” mix-in to get the driver he needed and run a full world update. It turns out that this mix-in, which is normally enabled by default, is not enabled for the core2_64 subarch. Unfortunately that still didn't work. He couldn't even start the X server now. Eventually, he discovered that he needed the i915 mesa driver, which is provided by the gfxcard-intel-classic mix-in instead, which led to another world update. Basically, he had found another bug, but this time the bug was in the documentation. The “classic” driver enables the “xf86-video-intel” ebuild, which is required for some older Intel integrated graphics chips, but is no longer the recommended default, which is now provided by the modesetting driver enabled by the “gfxcard-intel” mix-in. Once his video was working, another bug was found. Kery was using the “lxqt” stage3, and he found that LXQt was not being enabled as the default desktop environment. Another bug, and another thing for us to fix. Probably most Funtoo user (or Gentoo user for that matter) have gone through some struggle when they installed the system for the first time. What makes Kery's story different is that he happened to go down a path that hit a surprising number of bugs and he communicated everything, both his difficulties and his findings. Each roadblock has its own issue reported on the bug tracker, and we will be addressing every reported issue by improvements to our stages and documentation to prevent other users from encountering similar problems in the future. His efforts in reporting the issues will result in Funtoo being better for everyone. Thanks, Kery, for taking the time to do this! We’re going to be working on the issues you reported. EOL Thanks everyone for joining us for this month’s newsletter! Our plan is to make this newsletter a true “hub” for our distributed Funtoo community and appreciate you reading all the way to the bottom 🙂

OK, you've got your SSL certificate and you have tengine or nginx setup, but you need it secure. After all, you've heard of all the recent DH attacks, BEAST, CRIME, FREAK, Heartbleed and others, right? Is your system already secure? Test it! Check out The SSL Labs Test Site. I'm getting an A+ rating! The following assumes tengine, but nginx is exactly the same, just s/tengine/nginx/g; Need a certificate? OK - I highly recommend StartSSL. It's FREE! These guys will step you through the process by following the instructions on their site. If you have problems, the tech support via email is instantaneous and incredibly professional. My cert was the free variety, but if I ever upgrade, I will go to them because the support (to a non-paying customer no less) was so good. OK ... Make a file /etc/tengine/ssl.conf (or equiv for nginx): >#- Ports to listen on, all addresses, IPv6 and IPv4listen [::]:443 ssl;listen 443 ssl;#- Support current SSL standards and options onlyssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";ssl_session_tickets off;ssl_stapling on;ssl_stapling_verify on;#- And some security related headersadd_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";add_header X-Frame-Options DENY;add_header X-Content-Type-Options nosniff; Now, go into your sites-available and in the server{} configuration for the site you want to include SSL, add these lines: >include /etc/tengine/ssl.conf;ssl_dhparam /etc/ssl/tengine/dhparam4096;ssl_trusted_certificate /etc/ssl/tengine/startssl_trust_chain.crt;ssl_certificate /etc/ssl/tengine/ssl-unified.crt;ssl_certificate_key /etc/ssl/tengine/ssl.key; Now, there are 4 files here for SSL in addition to the one we just included. Let's look at where they come from. First, you should have a certificate file (ssl.crt in the following), and a key for that file (private_ssl.key). The CRT begins with "-----BEGIN CERTIFICATE-----", but you will need to view this in vi, not less (less will try to decode many of these files). Your private key is password protected (the key is "-----BEGIN RSA PRIVATE KEY-----" followed by a line that says ENCRYPTED). Since you probably don't want to issue a password every time you start your server, let's fix that first. >openssl rsa -in private_ssl.key -out /etc/ssl/tengine/ssl.key Easy enough? And we have one of our lines done. 3 to go! The next is to create a chain of certificates back to the root. For StartSSL, you download their cert: >wget https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem Then make the file you need with your cert and theirs. Here's your next 2 files! >cat ssl.crt sub.class1.server.sha2.ca.pem > /etc/ssl/tengine/ssl-unified.crtcp sub.class1.server.sha2.ca.pem /etc/ssl/tengine/startssl_trust_chain.crt Now, the final command for the final file: >openssl dhparam -out /etc/ssl/tengine/dhparam4096 4096 4096 might be overkill, but 1024 is the minimum and you might as well go all out just in case 1024 gets broken next month! Be sure all these files are secure! >chmod 0600 /etc/ssl/tengine/* Delete originals, clean up, then restart tengine. Next I'll cover gzip compression, detecting mobile client, and joomla configuration. Any particular one anyone wants to see first?

Funtoo Newsletter, June-August (Summer) 2023 Welcome to the current installment of the Funtoo Newsletter. This newsletter combines multiple months -- June through all of August -- so, essentially our summer newsletter, for those of you in the northern hemisphere. We're going to hit all the key technical changes in this newsletter: Funtoo Linux 1.4 Deprecation (re-announce) The End of Genkernel -- Welcome "Funtoo Ramdisk" Massive updates from Summer Harvest (harvester/2023-08) I'm planning a follow-up newsletter for community and development news, since this newsletter got too long. This follow-up newsletter will cover: The Forums -- Back from the Dead? Maybe! Dev Corner: All the Epics! (What's going on with bug tracker) Let's cover the important technical stuff now. Funtoo Linux 1.4 Deprecation Announced in our previous newsletter, but worth repeating here -- Funtoo Linux 1.4 will be "retired" by the end of 2023. See the previous newsletter for more details -- but for now, just know that you should upgrade to "next-release" if you are not running it already. The best way to upgrade is by performing a new install of Funtoo Linux some time before the new year. It is technically possible to upgrade from 1.4 to next, especially on server systems with minimal packages, but we don't recommend it. The End of Genkernel -- Welcome "Funtoo Ramdisk" For the longest time -- almost since the beginning of the project -- Funtoo has had a forked version of Gentoo's genkernel which we used to build our official kernel and initramfs. For an equally long time, I have wanted to completely rewrite genkernel from the ground up. There was always some distraction that prevented me from doing this, and we were able to keep genkernel hobbling along for around a decade -- but it was time to do something about it. What were some problems with genkernel? Several. Many people haven't really liked it because it built your kernel and your initramfs -- this made it cumbersome to use. There has been a long-held desire to separate this functionality. It has also amassed a ton of features and become very complex and its code base is difficult to refactor and improve. So we needed a better foundation going forward. After September 11, 2023, when harvester/2023-08 updated are merged into Funtoo Linux, Funtoo Linux will have a new initramfs building tool called ramdisk, which will be utilized by the new debian-sources 6.4.13_p1 ebuild to build your initramfs. genkernel is no longer used. As a quick introduction to ramdisk, I will include an excerpt of the README from its official funtoo-ramdisk pypi page (https://pypi.org/project/funtoo-ramdisk/😞 As you can see, ramdisk is an exciting and innovative project which will continue to deliver new goodness related to booting. I hope you enjoy it! 🙂 Summer Harvest With the close of summer comes the merging of our development work from the harvester/2023-08 branch. This is a branch where we can make possibly breaking changes and work out kinks before things hit end users. Thanks to all who contributed to the summer harvest this round. Here is a brief and incomplete summary of changes in harvester, plus any hotfixes added to the master branch during this time: gcc-12 added, along with updated binutils. Introduction of funtoo-ramdisk (see previous section) Linux 6.4: debian-sources-6.4.13_p1 Reworking of libreoffice-bin to remove unnecessary deps. Updated NVIDIA drivers. FL-11523: forward-port rtl89 Wi-Fi to address flakiness issue docker, docker-cli, docker-compose, docker-buildx, containerd, runc updates/fixes (thanks siris) ZFS 2.2.0_rc4 with Linux 6.4 compatibility, with 2.2.0 final soon to follow. zathura document viewer autogen (thanks to cuantar) pgplot update (thanks to cuantar) gocryptfs, jq, meilesearch, nix, lowdown, mdbook autogens (thanks to invakid404) libxcb, libcpuid hotfixes (thanks to invakid404) go-1.21.1 (thanks siris) Inkscape 1.3 and updates to boost to allow this. typeprof build failure (thanks borisp) geany reworked ebuilds (thanks grouche) firefox-117.0, thunderbird-115.1.1 (thanks borisp) Updated libbson, mongo-c-driver, cri-tools (thanks geaaru) Multiple python module fixes/maintenance (drobbins) lightdm-mini-greeter autogen (thanks izder456) ibus-skk and dependencies, remove ibus-pinyin and pyzy (thanks madman10k) Add feature to allow PEP 517 python modules autogens to be determined automatically (drobbins) Fixes of kit-fixups git pre-commit hooks. Many thanks to all who contributed. End OK, that's it for now -- stay tuned for an additional community/newsletter supplement that will cover more topics.

Gentoo was my first linux try that made sense. The source code is there, the compiler is there. And everything makes sense. There are difficulties along the way, but because the system made sense, it is always a worthwhile goal to overcome these difficulties. Maybe, Gentoo is a more coherent system. And now, that Funtoo is here, i will definitely give it a try.

If you use a content management system for your site, it probably already deals with mobile systems. But, what if you have parts of your site that aren't in a CMS, or you do your site by hand? Well, it would be nice to either redirect from www.example.com to m.example.com, or (my preference), to redirect to a subdirectory. I like the subdirectory approach because I can easily share content with the main site via symlinks (such as the content management system). Normally, this isn't a nice thing to do to your caches since any caches along the way won't know that the symlinked files aren't the same, but if you can solve that, let me know. The following method redirects the user if they are on a mobile browser, but still allows them to use the "Request Desktop Site" feature. Just include the file in your tengine or nginx server configuration. The actual rewrite is done at the end. Scroll to the bottom and you'll see the line to edit. I tried to attach the file, but it said I'm not permitted to upload files of that type. Cut-Paste or email me and I'll send it to you. >#- This file for doing redirects based on mobile detectionset $mobile_rewrite do_not_perform;#- chi http_user_agent for mobile / smart phonesif ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {set $mobile_rewrite perform;}if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {set $mobile_rewrite perform;}set $force_dt_cookie "";if ($args ~ 'desktop=true') {set $mobile_rewrite do_not_perform;set $force_dt_cookie "desktop=true";}add_header Set-Cookie $force_dt_cookie;if ($http_cookie ~ 'desktop=true') {set $mobile_rewrite do_not_perform;}location /m {error_page 404 /m/error/404.html;}#- redirect to /m except /m, /mail, /joomlaif ($mobile_rewrite = perform ) {rewrite ^(?!(/m|/joomla)+) /m$request_uri? break;break;}#- To redirect to m.example.com, change above rewrite to# rewrite ^ https://m.example.com$request_uri? break; That's it! I just put my mobile files in the /m directory of the server.

I'm a big fan of trying anything new, but the cardinal rule for me is this: Don't mess with the data. If you don't what to lose those irreplaceable pics of grandma, keep it on a separate drive. This is my mantra. I love playing with my system, updating, tweaking, and exploring. But this can be dangerous to your data. This is also the reason why I chosen to use zfs as my storage for all my data. I can get to it from just anywhere. If it's unix(-like), I can download the kernel modules and access it. I feel like zfs is the becoming the unix(-like) version of fat32. Let me explain. I just did some consulting on a smartos job, but I had to p2v an existing Windows 2k3 server, with a dying hard drive. Smartos is great an all, but it is really not setup to virtualise an existing machine. So I place the failing drive into my setup, created a zvol the same size as the failing drive, dd the old drive to the new zvol. Created a new KVM instance, and booted the thing up. After some general cleanup and a massive amount of defragging, I had a good image ready for production. Smartos side of things was fine, json took a little getting used to, helps finding a good validating editor, zfs send | zfs receive, brought up the zvol, and away I went with the client configuration, igmadm create and all. Now the setup is in production, and all seems to be well. But the real point of this endeavour is this, ZFS is getting to the point of being truly cross platform. The only thing that can't read ZFS is windows, and that access is a samba share away. As much as I like Smartos, I love Funtoo. If I was going to roll out a data centre with clean installs, then Smartos is a great base. But p2v a small business client, not so sure. That's why I'm thinking about a Smartos like Funtoo usb bootable read-only install, and keeping with the way Funtoo is, basically a recipe for using the existing tools to create it, because that is the right way to do it. Our BDFL gives us the tools to do anything we want with his creation, we as users of Funtoo, get to assemble it as we need to get the job done. This is my idea, bootable usb Funtoo minimal, bare essential tools, read only root, builtin zfs kernel and xen hypervisor. Now just to figure out how to do it........

drobbins demands faqs so yer gonna get em... embedding images results in thumbnails, they're forever hosted at funtoo untill drobbins decided to nuke the website. to make large image postings, navigate to the tools above the post entry form and to the left of <> is an image to feed external (or internal) urls to. in the "my media" button you can attach garbage to posts, such as your blog entries or images you've posted.... like my "punch babies" or "dead larry" above is a quote box to the right of <> to get past the quote box, press enter a few times.... <> is code... it pops up a window to enter code, to get past it again press enter a few times. ><h1><b>hello</b>world</h1> twitter just links a twitter link. @6three6sixes6 to the left of font is special bb code. you can enter acronyms twitters and some others. they give hover dialog, mouse over the below word to see it in action. shart below the post is attachment stuff.... attach files to show up in my media for future postings. to change forum entry titles, ie from "my funtoo's borked" to "[solved]my funtoo's borked" go to "full editor mode" instead of quick edit mode. bam that's the faq jack

sorry drobbins, winters coming, and this -23 Celsius shit drives me crazy, i have alot of time to think about things. my quest is to wake from recurring dreams, to the collective recurring dream people call reality. ok personal philosophy... im a pantheist, meaning i see nature as god, and science as the quest to know god. i am a very small part of nature therefore i am small part of god. my parents are my creator, and they are of nature. im observing what's right in front of me..... personal meaning of life.... the meaning of life to me is to create a better world than i was given for my children, and their childrens children. my work ethic is next to insane. ill work to the bone for zero pay to these ends. im a how and why kind of person, "because" is not a sufficient answer. i do acknowledge i do not know everything, and sometimes i have to accept "i dont know how it works but it does" as an answer. programmatic unbalanced equations with fractal recursion, of infinite loops, and applied mathematics.... just as a computer program can feed back in on its self and perpetually load my dreams consist of using applied mathematics to make this problem a real world problem. i want to harness the power of the infinite loop, that leads back to its starting point to give another power cycle. how this works, the chain on the right side is longer, and heavier than on the left. the equation is unbalanced, and feeds back into its self. its a natural fractal. https://www.youtube.com/watch?v=2QRKzwgG_-U this one is like swinging on a swing set, you pump, and relax at specific times... you accumulate more energy than you put into it. only a robot is doing the pumping...

Look mom, it works!