Introducing YippieMove '09. Easy email transfers. Now open for all destinations.

Over the last year I have run a server using the Linux flavor Gentoo. While most of the servers I deal with these days run FreeBSD (WireLoad’s servers included), I was curious about what speed I could get out of old hardware with Gentoo. Gentoo is a system built to make it easy to compile every little piece of software in the system with the biggest and baddest gcc flags imaginable for your particular hardware. In theory this should lead to a faster system.

The experience has been a bit of a mixed bag. There are things I really like about Gentoo: the package management, USE flags and the sophisticated dependencies system. But unfortunately the drawbacks are severe for a server setting.

The Good

The system is better than most Linux systems I have seen when it comes to general package management and installation. The emerge command is excellent. It makes it easy to update and install software together with the necessary dependencies. A well thought out system called USE flags complement this system well. Rather than having to tinker around with every program you compile, you can set some global USE flags. Most packages will take note and your system will be made into one harmonious whole of software agreeing with each other about what should be used and what should not.

The easiest way to describe the benefits of this is by comparison to a normal FreeBSD server and the installation process. Assume that you don’t have X11 and that you don’t want it. Now, you are installing PHP and you want to have support for graphical operations (image conversion, CAPTCHA generation, etc). So you find the make flags to do this and you add them to your make.conf. You hit ‘make install’. During the build process the ports system goes out to build the dependencies of your graphics library. The graphics library requires fonts. The fonts want a font manager. The font manager is by default configured for X11. Wait, X11? Suddenly, X11 becomes a dependency and you find yourself hitting Ctrl-C rapidly!

In Gentoo on the other hand you would have -x11 in your USE flags and everything would be cool. It’s a slick system.

An OS X Term window showing Gentoo executing 'emerge -pv screen' with colored output.
Colorful Gentoo.

Gentoo also has an active community. As we have mentioned in this blog before, there is an excellent forum for Gentoo users. There are also little touches like how Gentoo uses colors by default, to improve clarity and to go easier on the eyes.

Disadvantages Expressed in Time

All of these things make it a pleasure to use Gentoo. I would love to use it for a desktop some day, should my Apple OS X machine fail me. But I really don’t see myself using Gentoo in a server setup again. Here’s why:

1. Gentoo is Time Consuming to Install
At least when I installed Gentoo there wasn’t really any installer. The documentation is excellent and describes exactly what you need to do, but it takes a while. In fact, it took me several hours to set up my first Gentoo system. And that was just the beginning.

2. Gentoo is Even More Time Consuming to Install
The strength of Gentoo is the compile everything mentality – at least that seems to be the main selling point. Unfortunately on my low-end test server it took about three days to compile even the base system with Apache, MySQL, Python and some other important software. My machine was working non stop compiling things during this time.

I understand that the latest recommendation is to not perform a so called ‘stage-1′ installation anymore. I would recommend following this suggestion. But then what happens to the compile everything advantage?

3. Gentoo’s Stability Strategy: Update Everything
Since it takes a long time to compile a program, you usually don’t want to have to do it too often. Unfortunately Gentoo encourages you to update software on a frequent basis, just for the sake of updating.

There is no ‘stable’ version of Gentoo. Gentoo is rather a moving target where emerge will forever cause your system to approach the cutting edge. From the Gentoo handbook:

From the beginning, Gentoo was designed around the concept of fast, incremental updates.

If all you’re concerned with is keeping your web server up, what you usually want to do is to set up a stable system and then forget about it. You install security updates as needed but that’s it. With Gentoo, this isn’t really feasible because there is no ‘stable’ Gentoo release.

What’s worse, there will on occasion be a sort of ‘system update’. This is called a new ‘profile’. The Gentoo documentation and the handbook will at this time encourage you to update to this new profile. A profile update will try to replace your basic system. If you are a system administrator, rather than a desktop user, this should be enough to scare the living daylights out of you!

A profile update will touch a very large number of configuration files, and it may even alter your startup process. Obviously this is not something you want to do to any server. It would be very difficult to verify that everything works as it used to afterwards, and you’d be fairly likely to end up with broken configuration files that may stop working the next time you reboot. This is in fact exactly what happened to me, despite a substantial time spent updating /etc files. The end result: the machine had to be resuscitated on-site with associated downtime.

For a more sensitive server than my test system, you’ll want to simply retire the system whenever a new profile comes out. Just start over fresh with a new Gentoo installation on an alternate machine and go through the setup process. This way you can be fairly sure it’ll work even after a reboot. Once you’ve verified that everything works, switch to the new system.

4. Gentoo’s Security Strategy: Update Everything
As you might be aware, FreeBSD has a nice little program called portaudit. This utility will alert you if you have any software installed with known security holes. Then you can go ahead and update that software with a simple ‘portupgrade‘ command. There’s rarely any problem with this process.

Now, Gentoo also has something like portupgrade. What it doesn’t have is portaudit.

In all fairness, Gentoo has an experimental command called ‘glsa-check’. This command automatically examines whether your system is affected by vulnerabilities described in Gentoo issued security advisories. It also knows what steps need to be taken to fix a given security issue. I really like this development, but I understand that this command is not considered production ready. The Gentoo manual page about it is filled with warnings that this is a tool under development.

In the meantime, Gentoo rather encourages you to update the whole system. And of course a system wide update tends to cause just the amount of havoc you would expect from it.

Gentoo too Time Consuming and too Risky for Servers

I firmly believe in updating server software only when you need to. If you don’t need new features, and things are working, why change anything? If you update anything you will doubtlessly need to update configuration files. You will need to fix things that break in the upgrade process. This is exactly what happened to me with Gentoo during its test year. I had nearly no idea of what I was updating as I ran the dreaded but most needed “emerge world” update. And once I was done I still no idea. I spent a long time working my way through updates in the /etc folder, using the built in ‘etc-update’ command. I tried to read the enormous emerge log file and take appropriate actions. And still things broke.

The best way to keep a system stable is to get it working and then not changing anything. This is hard with Gentoo. Gentoo wants you to change a lot of stuff. It wants to be bleeding edge.

And hence my conclusion. Gentoo is fun to play with, but oh is it time consuming. I guess that’s the cost of living with a hardcore compile everything attitude – you’ll be on the bleeding edge and you better make sure you can balance on such a thin edge. For a desktop system, Gentoo seems fabulous. Fun to work with, colorful, a beautiful ports like system for software. USE flags.

But for a server, especially a production server, Gentoo just isn’t time effective. It’s both the time it takes to put in security updates, and the time possible reinstalls will take. I believe there were three profile updates for Gentoo in 2006, and very little support for older profiles. If you’re like me you’d probably much rather not reinstall your servers three times a year!

In closing I want to quote something Gentoo told me recently:

* An update to portage is available. It is _highly_ recommended
* that you update portage now, before any other packages are updated.
* Please run ‘emerge portage’ and then update ALL of your
* configuration files.

Call me stressed out but I really can’t fit too many ‘update ALL of your configuration files’ into my schedule. :)

Author: Tags: ,
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.

We’ve finally opened our bank account. Now we need an accounting system. Since we have little or no intention of doing any accounting ourselves, we need something that both our accountant and we can easily access.

Naturally, my first idea was to open a Quickbooks Online account. Looking at the costs; $9.95/month for the first 3 months, and then $19.95/month, it was reasonable. Everything online. Easily accessible for both me, Alex and our accountant. It can even communicate with our bank. I looked at some of their interactive demos, and it looks really good.

So why didn’t we sign up right away? Well, looking a bit closer, I discovered something unexpected. Quickbooks Online ONLY SUPPORTS WINDOWS 2000/XP WITH INTERNET EXPLORER. Seriously? What kind of web-developer creates an online service that is platform dependent? That defeats half the purpose of having the service web-based. Their recommendation for Mac/other users is to use Virtual PC or other Windows emulator. Are these guys for real?

To make it even more funny/sad, they do offer their ‘offline’ software for both Mac OS and Windows. So they can apparently write a Mac OS application, but cannot make their web service platform independent.

At this point I don’t know what system we’ll settle with. A web-based accounting system would be to prefer, but it needs to be platform independent (since Alex and I use Mac OS, and we don’t know what our accountant will be running). I’ve been looking at both Gnucash and TurboCASH, which are two Open Source applications, but neither of them are web-based or support multiple users.

The search goes on. If you have any suggestions, please let us know.

Author: Tags:
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.
Jan
20.
Comments Off
Comments
Category: Business

We were well prepared. We had every possible company paperwork neatly filed in a manila folder, three forms of personal identification each; our suit pants had perfect creases, our shirts crisp white. When we entered the bank, heads turned.

Either that or we were dressed pretty much like normal and didn’t have a single form except in digital format. And when we entered the bank we had to sit down and wait like everyone else. :)

Either way we have now taken our first ‘official’ action as a company, and WireLoad has opened a bank account. The idea is mostly that we want to pay things out of a company account instead of our personal accounts going forward.

Just to let you know: Washington Mutual, the bank of our choice, was not able to accept digitalized copies of company documents. The following things were needed, at least here in California and for Washington Mutual:

  • Articles of Organization, with the ‘File’ stamp indicating it had been filed with the government.
  • Statement of Information. In particular the bank needed to know who owned the company. There might be other ways to demonstrate this but a statement of information is probably the easiest way.
  • An Employer Identification Number (EIN) from the IRS.
  • Two forms of identification for each person. Viktor previously had an account with Washington Mutual, so a single form of identification was sufficient there. I had to provide two pieces. This turned out to be easy: a primary id, my driver’s license, and a secondary id: a credit card with my name on it.
  • A checkbook to make the initial deposit/pay fees.

All in all it wasn’t too bad. Apparently we can expect checks and a debit card to arrive within a few weeks. The terms for the account weren’t bad either. Free checks, free debit-cards, no minimum balance and no charges for deposits or withdrawals. That’s pretty much all we need at this point.

Author: Tags: ,
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.
Jan
16.
Comments Off
Comments
Category: Business

I just finished our EIN application. The application was fairly straight-forward, but we had to decide on a couple of things before before we could submit the application (such as fiscal year and if we wanted to file as a corporation or partnership).

You need an EIN to be able to hire people and to open a bank account.

Then you can fill out the application on IRS homepage.
I’d recommend that you read Understanding EIN before you apply.

Author: Tags: ,
Introducing YippieMove '09. Easy email transfers. Now open for all destinations.
Jan
15.

iTunes
The other day I decided to buy myself a Wireless Mighty Mouse after being a loyal Logitech customers for years. I’ve always loved Logitech’s mouses and keyboards, but I’m sick of their lack of support for Mac and Linux. Therefore I ordered a Mighty Mouse from Apple. So far the mouse works fine, and I really like the fact that you can turn it off with a simple switch underneath, in contrast to Logitech’s MX900, where I had to remove the battery every time I put the mouse in my bag (to avoid having the laptop wake up).

Configuring your Mighty Mouse. The first thing that bothered me after installing the drivers for the mouse was that the right-button was not activated. This was a simple thing to fix: just change the mapping in the “Keyboard and Mouse” in “System Preferences.” When doing this I also realized that I could re-map all the buttons on the mouse to different applications. This lead me to think about how much it bothers me to have to go and right-click on the iTunes icon and select “Next Track” all the time. Why can’t I map one of the keys to switch track?

I knew I had a set of apple-script that I used with HID eFiddler to control iTunes with my Logitech diNovo. One of them told iTunes to switch to the next track – perfect! I tried to make that one to execute when I pressed a button. This didn’t work, since the Mouse-config only supports App-files to bind with a button. IconSo I opened the Script Editor and saved it as an Application and voiala! I could now bind one of my buttons to switch track. The great thing with this is that it works regardless of what application you’re working in, since it’s an application that launches. Sure, there’s a bit of delay (<1 sec), but it works.

Author: Tags: ,

© 2006-2009 WireLoad, LLC.
Logo photo by William Picard. Theme based on BlueMod © 2005 - 2009 FrederikM.de, based on blueblog_DE by Oliver Wunder.
Sitemap