Tag Archives: linux

Linode Kernel Check

Posted on by
2

[Update: Linode changed their data format on 3 August 2011 which broke this script - it has now been amended.]

[Update 2: And again on 22 August 2011. Amended again.]

I host this site on a Linode, because it’s like having my own dedicated server, running whatever distro I like (Debian, in my case), for twenty bucks a month.

One of the many advantages of Debian is its insanely awesome package management. However, one of the very few disadvantages of running a Linode as opposed to a real dedicated server, is that your kernel package is managed from outside the VM, rather than within.
Continue reading

OpenBSD

Posted on by
Reply

I spent the last couple of days rebuilding my home server, replacing Debian GNU/Linux 3.1 (Sarge) with OpenBSD 3.7. Why? Well, largely to expand my knowledge of UNIX-like systems other than Linux. I’ve been using Linux for several years, I’ve dabbled with Solaris too, but never really done a great deal with any of the BSDs other than installing, failing to work out the intricities, and deleting in a short space of time. This time I refused to replace it until I’d at least learnt how it worked.

The two main major differences I hit upon are the lack of easy updates and the lack of the enormous user community I’ve become used to with Debian.

Under Debian, you can ensure that your system is fully patched and up to date by entering:

apt-get update && apt-get -y dist-upgrade

Under OpenBSD it’s a little more complicated:

cd /usr
export CVSROOT=anoncvs@anoncvs1.ca.openbsd.org:/cvs
cvs -d$CVSROOT checkout -rOPENBSD_3_7 -P src

This checks out the entire source code of the base system (including most (but seemingly not all) errata since release) to /usr/src, with the kernel source placed into /usr/src/sys. It’s several hundred megabytes in size, so you may want to have a nice cup of tea (and maybe a biscuit) to hand while you wait.

Once this gargantuan mass has finished downloading, you can update your base system by firstly recompiling your kernel, then rebooting into the newly built kernel:

cd /usr/src/sys/arch/i386/conf
/usr/sbin/config GENERIC
cd /usr/src/sys/arch/i386/compile/GENERIC
make clean && make depend && make
cp /bsd /bsd.old
cp bsd /bsd
reboot

Once this is done (and assuming it works), you can rebuild userland:

cd /usr/src
rm -r /usr/obj/*
make obj && make build

Again, this will take some time. Hob nobs are good, although I’m a Rich Tea man myself.

Once this is done, your base system will (probably) be up-to date. You still don’t have any applications though.

That’s right – OpenBSD’s base system is indeed impressively secure, but it doesn’t actually contain very much in the way of useful applications. I needed to add the following applications and libraries from the ports tree – this is a collection of Makefiles to tell the system how to build the collection of actual useful software that isn’t part of the base system. Incidentally, the software held within the ports tree “does NOT go through the thorough security audit that OpenBSD follows”. So your super-secure system just lost its super-security by your installing vaguely useful stuff on it. I was very surprised indeed to realise that this includes GnuPG.

I’ve had to install the following from ports so far:

autoconf, bzip2, centericq, db, gdbm, gettext, glib, gmake, gnupg, gnuplot, help2man, irssi, jpeg, libiconv, libslang, metaauto, netpbm, nmap, pcre, png, popt, samba, screen, slrn, tcl, textutils, tiff, tinyproxy, vim, wget.

Each of these was compiled from source. Acquiring the ports tree in the first place requires another CVS checkout:

export CVSROOT=anoncvs@anoncvs1.ca.openbsd.org:/cvs
cd /usr
cvs -q get -rOPENBSD_3_7 -P ports

Thankfully this isn’t anywhere near as large as the early checkout – just over 8Mb or so.

So now I’ve got a working OpenBSD system, cleverly partitioned, featuring a chrooted Apache service, thoroughly audited secure software (apart from the apps I’ll actually be using the most), and the smug sense of self-satisfaction that you compiled everything yourself (see Gentoo Linux).

But does it work? Well… no.

Installing and setting up tinyproxy and slrnpull required me to write a variety of shell scripts, which would have been supplied with Debian (and probably most other Linux distros). Upgrading the system takes hours. The IRC channel is practically dead, and there is little to no useful documentation outside the official site. The official site is, to be fair, excellently written to the point of installing and booting your system for the first time, but if you want to do anything useful after that then you’re going to have to piece together different snippets of what you need to know from various pages across the site.

I guess I’m bringing a lot of preconceptions about how these things should work from the Linux world, but I think even the most hardened BSD traditionalist would accept that centericq should at least work, rather than garbling the terminal display so that I have to restart Putty. I’ve spent a couple of days learning about this alternative world of UNIX, and I’ve learnt a few things. But I think I’ll just call it a weekend away, and head back to the safe pastures of Debian for now.

Spooling News

Posted on by
6

I’m one of the few people I know who still read news. Not newspapers, not news websites. Newsgroups.

Why have they fallen by the wayside on the modern internet? Something to do with the September that never ended? Who knows.

But there are a few select (mostly technical) groups which I like to catch up on every day or two.

NNTP seems to be a painfully slow protocol though – either that, or the various ISPs I’ve used are in the habit of throttling it. Neither would surprise me. But I’ve found slrnpull to be a great offline solution. It downloads all the unread articles in your subscribed groups, and stores them on your local machine for later perusal.

There’s even a Debian package for it – so it’s simple to install on my distro of choice. Except the package is broken, and doesn’t tell you how to fix it. Here’s a quick guide.

  1. editor /etc/news/server – enter the name of your news server
  2. editor /etc/news/slrnpull.conf – append the names of the newsgroups you read. The comments within the file explain the syntax.
  3. mv /etc/cron.daily/slrnpull /etc/cron.hourly/ – Tell cron to run slrnpull hourly instead of daily
  4. cd /var/spool/ ; ln -s slrnpull/news/ news – This is the crucial step that seems to be missing from the package install script. A bug has been filed here.
  5. wait for the cronjob to run, or run it manually
  6. slrn –spool – You’re now reading all articles from the spool on your local machine, so there’s no network latency whatsoever.

General Failure

Posted on by
Reply

Who is ‘General Failure’ and why is he reading my hard disk?

The old joke is rather less funny this evening, since my hard drive is currently doing a passable impression of a washing machine full of rusty nails. I’m only able to post this entry because of the godsend that is Knoppix.

I fly to Thailand on Saturday, and I doubt I’ll be buying a new hard drive before then. So apologies in advance for what I guess will be a severe lack of entries this week…

An Unlikely Alliance

Posted on by
Reply

This gem was posted to Slashdot on Friday, but I’m still catching up after a weekend away. It’s an article by Gary Wolf for Wired Magazine, on what the future might hold if the unthinkable happened, and Linus Torvalds was hired by Microsoft.

It’s 2008, and Windows is now a Desktop Environment running on top of a stable open source base, rather than (as currently) an OS in its own right. Read The Microsoft Memo.

Back to reality, I don’t think it would ever happen, but perhaps a hybrid solution could be a way forward. Windows is a lot more stable than it used to be, by the way. I use Windows XP on my home workstation, because it works better than anything else for me. It’s not perfect, but it doesn’t crash anywhere near as much as 95/98 used to, and there’s software available for pretty much everything I need to be able to do with my computer.

But I use Debian GNU/Linux on my home server, becase I don’t need to download music or play games on that machine, and stability is more important than application support for that machine, given that it’s only generally used as a file/web server.

Windows has maybe 99% application support, but is only about 90% reliable, in my experience. Linux is more like 99% reliable, but has maybe only 90% of the application support it needs. What if the two really could be combined?