Danny's Weblog

2008 Aug 28 [ Thu ]

Some grumbles about Ubuntu 7.1 Gutsy Gibbon

I installed Ubuntu for the first time a few months ago. I have installed many versions of Linux, but for a long time I had been using Windows for most things, and Linux (mostly Damn Small Linux) basically for security in internet cafes.

A Linux distribution naturally consists mainly of applications, most of which are the same for different distributions. In this post I will try to address issues which are mainly Ubuntu-related.

1. The main reason I picked Ubuntu was that I had the impression that the majority of Linux apps were available for Ubuntu as binaries. That's also why I installed 7.1, not 8.04 which had already been issued at that time: the apps were already ported and debugged to 7.1.

2. Indeed, I have generally been pleased with installing apps under Ubuntu. The system is easy and fast, with few bugs. I mostly (lazily) used the Synaptic GUI, but occasionally used apt-get when a webpage specified a command-line.

3. I am not quite so happy with the update process. I personally hate any app – including the update app – if it insists on running at at startup and hogging the machine till it completes. OK, it wasn't tough to go in and change the setup so that it doesn't run until manually triggered, but actually what I would have preferred is an automatic reminder, plus – even better – a setup which ran the update at very low priority.

4. An even *worse* point about various processes like the update process was that they *completely took over the interface*. I was unable to run the GUI system tools to even find out what was happening. I was also unable to swap out of X Windows and open a console – at least after I had previously tried to alt-tab. I think this is quite serious: how can it *possibly* happen? I have always hated the way MS Windows takes many seconds to respond to a ctrl-alt-del, but this was way worse. Perhaps Red Hat etc are no better.

5. Actually, I was surprised that ctrl-alt-del does not bring up an interface which allows you to kill an amok process. I would think the most urgent need for an unmaskable interrupt is exactly that: things like logging out are just shortcuts.

6. The system does have multiple language support, but it is not that easy to find, and since there are multiple approaches what info there is seems a little muddled. I was able to set up multiple foreign-language keyboards, but it turns out the interface only allows a maximum of four, which doesn't seem to be documented. You will need to install something to indicate the current keyboard state separately: search for "Gnome indicator applet".

7. I was quite surprised that the internal hard drive was reported as SCSI. The drive hardware is certainly IDE. I haven't seen any other reports of this.

8. The initial install (and operation with the live CD) showed several strange little video problems. For instance, the command bar was initially above the area that the mouse could get to. After some guesswork it seems to work quite reliably now, but I don't really know what I did to fix things.

9. My Motorola V360 works about the same under Linux as Windows – ie the software is full of bugs.

10. For fun I installed "desktop drapes", a utility for automatically switching your desktop background at startup. This turned out to have serious bugs and I have now completely deleted it, mainly because it needs Mono, which I am ideologically opposed to: I don't want anything running MS. NET code on my machine. The only other thing needing Mono was some sort of photo sorting utility which I also deleted.

Also, it turned out that the Mono process was the *worst* offender as far as taking over the machine was concerned.

11. I have still not found a way to avoid the chocolate-colored background that covers the screen at startup. It clashes with my desktop colors and I cannot imagine anyone actually preferring it. (The "splash" screen is something else, which only appears for a second or two on my machine.)

12. Overall I think I might have preferred the KDE desktop. A lot of features seem more mature in KDE, like support for sshfs URLs in the file browser.

13. I found it surprisingly tough to install new fonts, at least by following the docs.

14. I was surprised that the firewall was not running initially. This should be part of the setup.

15. For simple backups you may want to check out grsync. There does not seem to be any backup utility in the default setup.

16. The location where apps get installed, both in the filesystem and in the screen menu, is inconsistent. Some apps do not get a link in the menu system at alll. Perhaps this info is stored somewhere by Synaptic: it was quite irritating to have to check it manually.

17. Firefox would occasionally cause heavy, uninterruptable disk activity – initially I assumed Firefox was the culprit in all such cases. Actually, increasing the size of the cache to 250 MB seems ot have fixed it.

18. Setting up to use the Medibuntu depository (for non-open-source drivers) was surprisingly clumsy and poorly-documented. Also, it didn't appear to work after I installed it, but now seems to be working by magic.

19. I have not been able to make my wifi card work, although it is returning info about the local wireless networks (four or five are visible from my location). It may be something strange about trying to run with both a wifi and a hardwired connection. Certainly the user interface for doing so is full of peculiar bugs.

20. I looked all over for how to set the default handler for files by extension. It turns out that Ubuntu provides a utility for setting a default multimedia handler etc – System - Preferences - Preferred applications. However, it doesn't go by file extension. You set that in your file browser, ie Nautilus in my (standard) case. I suppose that makes sense, but it took me a long time to think of it.

Btw, the problem I was trying to fix was .swfs. Totem had been set to handle them by default, but it couldn't open any .swf I tried. Gnash, on the other hand, works quite well.

21. I was unable to install VMWare, and found a bug report that said it had something to do with having the machine offline during the install. I would have thought that should be the normal procedure.

22. Generally, I have been disappointed with the default Ubuntu setups with respect to security. For instance, the default Firefox setup provided with 7.1 leaves all functions enabled. On the other hand, the default Adblock Plus setup seems designed to actively mislead.

2006 Oct 13 [ Fri ]

Sorry about "how to reattach to a job"

A few days ago an article showed up by mistake on my log. I had written it years ago but found that the content wasn't correct before I posted it, so I put it aside by the expedient of changing the filedate to a date unimaginably far in the future.

That happened to be this September 27th. The blogging software obediently started displaying it.

I didn't notice for a while and when I did I wasn't sure if I should erase it or publicly disavow it as I am doing now; eventually I came down on the side of not rewriting history (for the sake of my two faithful readers – hi, Seymour and Piotr!).

The article: www.panix.com [http://www.panix.com/~dannyw/weblog/Computers/Opsystems/Linux/jobs01.html]

Incidentally, I still haven't really figured out the problem. I tried sending a msg to panix help, who didn't know either. However, the workaround is to use the "screen" utility, which has a built-in command to reattach to broken sessions. Do "man screen".

2006 Sep 27 [ Wed ]

How to reattach to a job

Some tasks in Unix are relatively easy: "You want to just read a text file? Sure! Just do man less!!". (You think "less? Less?? wtf?".)

Other tasks are less easy to find. In particular, certain aspects of the shell are hard to find because they are documented under the shell rather than as a separate utility. Also, even if you have a hint about what function or keyword they are related to, it is very difficult to search the gigantic man file for your shell because the name of the function tends to be short or common.

This is I guess my "mea culpa" for not finding the answer to the following problem: if you lose the connection to a login session and the server retains a suspended version of the task you were running (ie the editor, mail client, etc) how do you reattach to it?

Here's the answer, at least for the cshell. First you probably want to examine the list of suspended jobs in order to be sure which one you want:

jobs -l

Then you can restart it with fg:

fg %job

Restart a suspended vi with "%vi" or "%?string" to specify a job containing "str ing"

2004 Nov 18 [ Thu ]

Hiding a Knoppix distribution on the CD

It seems from the following Slashdot suggestion that some companies frown on using Knoppix: the poster details a trick for making the CD appear to contain only innocuous media files when read under DOS:

My favourite hack... (Score:2) by m50d (797211) on Wednesday November 17, @02:38PM (#10845061) books.slashdot.org [http://books.slashdot.org/comments.pl?sid=129900&cid=10845061]

Knoppix-STD is only ~460 mb, which leaves 240 mb you can use to your advantage. Put some "normal" files in there - I use a set of mp3s and play them on my mp3 cd player, alternatively some "work"-type files or a set of ebooks. Then create the iso with mkisofs -r -J -hide-joliet KNOPPIX (and -hide-joliet index.html etc. if you leave those files in there) Now you have a bootable cd full of security tools which, when viewed on a windows pc, looks completely innocuous.

The "hide-joliet" thing means "leave the directory information for Linux/Knoppix, but write no directory info that Windows can understand". Regrettably the "mkisofs" program runs only under Linux, as far as I know. On the other hand, if you have a Knoppix disk...

The above posting was from a discussion of a new book about Knoppix: books.slashdot.org [http://books.slashdot.org/books/04/11/16/1835224.shtml]

2004 Nov 02 [ Tue ]

"Vector Linux" -- Slackware distribution optimized for older machines

You often hear that Linux can run well on older machines, but the big-name Linux distributions actually need fairly close to current specs. What do you do if you have an older computer?

Well. someone has apparently done the work for you: try Vector Linux: linux.slashdot.org [http://linux.slashdot.org/article.pl?sid=04/10/30/1726254]

The above discussion mentions many other interesting ideas re Linux installs. For instance "debootstrap":

Sure - there is a script, called debootstrap, that will take a debian mirror and the set you want (stable, testing, etc), and install a minimal debian system in a directory of your choice.

2004 Sep 14 [ Tue ]

Connecting multiple screens and keyboards to one computer

From Slashdot: slashdot.org [http://slashdot.org/article.pl?sid=04/07/03/1923255]

The idea here is to save money etc relative to a diskless workstation approach. You're limited by the number of video cards you can stuff in the motherboard, obviously.

Slashdot gave me a link to this site: www.c3sl.ufpr.br [http://www.c3sl.ufpr.br/fourhead/index-en.php] which would appear to know what they're talking about, although it's not clear to me why it would be so complex: I would have thought that this is the sort of thing that standard X installations could handle with just a little reconfiguration.

I'm attracted by the idea of saving space and power relative to diskless workstations. I'm currently thinking of setting up say four to six student workstations this way.

A dissenting voice: slashdot.org [http://slashdot.org/comments.pl?sid=113365&cid=9602517]

OTOH, he can find NCD network terminals (used) for 10 USD each. I wish I could.

2004 Aug 16 [ Mon ]

How to use Linux to make encrypted phone calls

In a recent Slashdot discussion on VoIP, someone said it was easy to set up an encrypted VoIP link in Linux:

nc -l -p 7001 >/dev/dsp &

ssh -R 7000:`hostname`:7001 $1@$2 "cat /dev/dsp|nc localhost 7000"

Yes, that's just two lines of code. The "nc" program is a general-purpose utility for setting up IP ports; "/dev/dsp" means the Linux machine's sound system. "ssh" handles the encryption.

(Those appear to be *backticks* around "hostname": I think he means "the backticks run the hostname program to return your own IP address", not "fill in the name of your host between these here single quotes".)

His original posting:

yro.slashdot.org [http://yro.slashdot.org/comments.pl?sid=118072&cid=9977051]

Another poster made the point that when IP6 is implemented we can all have our own IP numbers and we won't need centralized directory services (which can be filtered and blocked).

2004 Jul 11 [ Sun ]

Automate backups on Linux -- useful shell script examples

www-106.ibm.com [http://www-106.ibm.com/developerworks/linux/library/l-backup/?ca=dgr-lnxw02Backup]

This is worth reading through even if you already have a backup scheme you like, because:

1. It has a lot of general background on backing up between machines – especially using ssh, etc, to handle security issues: ssh-agent, etc.

2. There were several handy tips about shell scripting, eg:

eval `ssh-agent`

2004 Jun 03 [ Thu ]

Making your own version of Knoppix

Knoppix is a special distribution of Debian Linux which is designed so that it can boot from a CD and run entirely in RAM, without needing anything to be written to your hard disk.

Many people have released their own modified versions of Knoppix, for things like providing the MAME game emulator environment. The following URL shows you how you can assemble *your own* Knoppix distribution. If I ever get the energy (today I felt like death) I'd like to make a version of Knoppix that can boot off a mini-CD.

gnubox.dyndns.org:8080 [http://gnubox.dyndns.org:8080/~sunil/knoppix.php]

The above link looks like it might be mirrored on other servers. Here's a snatch of text in case you need to Google for it:

This document describes how I built a custom live cd from knoppix. My primary motivation to build this cd was to include some of my favorite applications which are missing from stock knoppix CD. If you find any errors in this document please drop me a mail here

2004 May 29 [ Sat ]

How to set up Oracle under Linux

A few years ago I had to repeatedly set up Oracle under Linux, Sun and NT4. Basically I worked from a cheat sheet which I kept adding new gotchas to. Eventually the requirements became very restrictive indeed – it would only work with a version of Red hat that was several generations ago, etc – although that was when RH bungled a major version upgrade.

Btw, I hate the graphical install.

A recent Slashdot discussion had this link on how to set up Oracle under Linux: www.puschitz.com [http://www.puschitz.com/OracleOnLinux.shtml]

I haven't looked through it but superficially it looks good and I will refer to it the next time I do an Oracle install.

2004 May 20 [ Thu ]

Correction re Linux for SE Asia

Yesterday I referred to an article I'd seen in the Bangkok Post: www.panix.com [http://www.panix.com/~dannyw/weblog/Computers/Opsystems/Linux/khmer01.html]

It turns out my memory about the article was completely wrong! It was actually in the Nation for 2004-05-17.

The title was "Group works to build joint operating system". You can find it at http://www.nationmultimedia.com although I couldn't figure out how to give you a direct link: you have to search for "Virach" and/or "Sornlertlamvanich".

Thailand's "National Institute of Information and Communication Technology" is going to work with Burma, Cambodia, Laos and Vietnam, to create "Linux MLE" for Burma (Myanmar), followed by LinuxVTE for Vietnam, Laos with Linux LTE and Cambodia with Linux CTE.

When I looked for that institute on the web, I got the strong impressiion it's linked to one of the same name in Japan, although that's not in the article. ...Oh yeah, it says so right on their home page: www.nict-asia.org [http://www.nict-asia.org/index.htm]

They should call the project "The Greater Asia Co-Prosperity Linux".

The article referred to search engines as one of the areas of development. This has occurred to me before: without predictable whitespace, how do you even detect word breaks in Thai and Cambodian? Still, Google sems to manage it for Thai. (In fact, if you're trying to use Google in Thailand, it's hard to reliably prevent Google from automagically giving you a Thai-language page.)

2004 May 19 [ Wed ]

Announcement in today's Bangkok Post about Linux for SE Asia

I omitted to write down a reference for this and now I can't find it, so I don't have a link. But the Bangkok Post business section reported today that a Linux group – I think it's associated with Nectec – is going to produce a version that works with Thai, Cambodian and Vietnamese.

When I read that I thought "waitaminute, Vietnamese is a Roman alphabet with a few accent marks. Why do they need to associate with riffraff that use a Pali script??"

This was state of the art for Linux a few years ago: www.camweb.org [http://www.camweb.org/bbs/webmaster/index.cgi?noframes;read=2011]

Here's a link to Nectec; www.nectec.or.th [http://www.nectec.or.th/english/]

2004 Apr 06 [ Tue ]

Getting laptops to work with Linux

Here's a link to a good article, and intelligent replies, at Linux Journal: www.linuxjournal.com [http://www.linuxjournal.com/article.php?sid=7464&mode=thread&order=0&thold=0]

Basically the writer, Doc Searls, seems to be saying that even now, years after people started trying to get Windows laptops to run Linux, it's still a big pain. He seems to be recommending Mac OS X laptops for people who are not masochistic.

In my own case there are various problems with that approach:

1. In Asia there are few stores which support the Mac

2. In Asia, likewise, most software is for the PC, not the Mac (for some reason there appears to be a lot more Mac software in Phnom Penh than in Thailand – this may be because Windows does not have native support for Khmer fonts, and I understand the Mac does).

3. Because a large slice of the job market is for people to maintain and administer Windows systems, I like to keep in touch with Windows problems. (Still, I can recommend Proxomitron till I'm blue in the face and nobody listens. Oh well.)

2004 Mar 08 [ Mon ]

Nice website with links to Linux distributions

Here's their page with links to small Linux distributions (my current interest): www.linuxlinks.com [http://www.linuxlinks.com/Distributions/Mini_Distributions/]

They have various other links of course eg floppy: www.linuxlinks.com [http://www.linuxlinks.com/Distributions/Floppy/]

2003 Dec 28 [ Sun ]

Video hardware that works with Linux

A few months ago I was actively looking for this and never felt huge confidence. Apparently there's quite a lot of hardware that *can* work with Linux because it uses standard chips, but this is hardly ever apparent from the packaging or even the mfr's website, so I never proceeded.

Here's a good Slashdot discussion: ask.slashdot.org [http://ask.slashdot.org/askslashdot/03/12/27/205257.shtml]

2003 Dec 02 [ Tue ]

Interesting argument for why companies actually release their code in GPL

The "GPL"is the Gnu Public Licence, the licensing scheme promulgated by Gnu under Richard Stallman. Most programs running under Linux are released under the GPL (although plenty are not).

Here's an interesting argument for why companies actually do, as opposed to being legally required to under the GPL, release software they write:

Re:There is one solution to piracy: free software (Score:4, Insightful) by cduffy (652) on Monday December 01, @02:25PM (#7601406)

> Yeah, people who have no respect for commercial products will definitely respect the GPL/LGPL. Countries with no respect for human rights or even copyright will definitely honor the GPL/LGPL, too.

Sure they will, because it makes economic sense to do so.

So, you're building your own linux distribution (or piece of embedded hardware, or whatever). You want to use Samba, but you need to write a few patches. Fine. You write your patches, and then you have two choices:

- Pay your programmers to port your patches to work against a newer samba every time one comes out

- Release your patches back to the Samba project and let *them* front-port your patches for you.

Guess which one is cheaper? No, really.

Most (not all, but most) commercial compliance with the terms of the GPL happens not because it's the legal thing to do, but because it makes good economic sense.

2003 Oct 18 [ Sat ]

Good overview of creating your own Linux distribution

I have never really grasped the full horror of creating my own Linux distribution. The following Slashdot article seems to me to give a very graspable concise overview of the steps you need to create a floppy or CD botable system.

ask.slashdot.org [http://ask.slashdot.org/askslashdot/03/10/16/172211.shtml]

Of course several people in the thread suggested that BSD is advisable for firewalls, etc.

build your own linux floppy.... (Score:2) by josepha48 (13953) on Friday October 17, @12:48PM (#7240900) www.jimweller.net [http://www.jimweller.net/jim/lfw/]

Rather than relying on some distro to do it for you. Biggest problem I had was getting a usable floppy image and using ext2 fs.

Most of those root floppy distros use minix fs so if you want to see what is on them you need to mount a minix fs. I think there is a little more to it than that but not much. Basically what they do is create a kernel image and then use dd to put it on a floppy. Then they create the filesystem image and use dd with an offset to tell it where to start on the floppy. Then they use dd again to create the floppy iamge back on the drive. It is really not that hard to do, just a lot of steps.

Problem is that it is limited as just a firewall / router. Not much you can really get on a floppy. I went the CD image route myself and used FreeBSD. After using ipfw(v1&v2), ipf, ipchains, and iptables I like ipfw2. It is real easy to understand what is going on and it is stateful. Also my cd image is now down to 61 Meg and includes bind9, apache2, snort, ipfw2, perl, and ipsec and routes traffic through 3 interfaces (2 wired / 1 wireless). It runs on an old Dual Pentium 233Mhz MMX with 128Meg RAM and I don't have to worry alot about a hacker getting control cause they cannot overwrite the binaries on a cdrom ;-) and nothing is open on the outside. It is also nice cause all the clients can use the same DNS number and I don't have to keep up with what my ISP is doing as far as dns. Also a CDROM gives you more flexability than a floppy. Its worth looking into. I'd rather not place the URL of my documentation here, as I don't want to risk being slashdotted to death.

2003 Jul 12 [ Sat ]

Upgrading the software installed on a Linux system is hard

Windows systems have considerable binary compatibility. Just recently I was about to download Zonealarm and was quite surprised to find in the small print that they have stopped supporting W95. There are many detail differences, and system utilities are of course particularly liable to be incompatible, but a standard app like Photoshop probably supports every Windows product.

Linux systems are created using significantly different libraries. If you try to install a binary rpm that requires a missing library, you may try to install an updated library, only to find that it breaks your old apps. And if you break your rpm system you are doubly screwed.

In the course of a Slashdot discussion: developers.slashdot.org [http://developers.slashdot.org/developers/03/07/11/1735240.shtml?tid=106&tid=185] someone made the following statements:

Re:Linux usability (Score:1) by binford2k (142561) on Friday July 11, @09:13PM (#6421331) (www.securityexchange.net [http://www.securityexchange.net/)]

> Now this whole episode took me a matter of hours. Whereas Windows would take me a whole 30 minutes to choose what I did/didn't want to install and then download my fixes.

Why didn't you just drop them all in a directory and execute rpm -Uvh * instead of manually installing one at a time? That let the package manager do what it does best . . .figure out the best way to install your packages.

As far as the 30 minutes on windows deal, on my Debian box I type apt-get update; apt-get upgrade and walk away. On my Gentoo box I type emerge sync; emerge -u world and walk away. Mandrake has urpmi that does the same thing, Connectiva has apt for rpm. If you would have looked, Redhat8 has an automatic updater that will do it for you. Shit, even Slackware has an automatic updater in the works.

Get your information straight before you bitch. Just because you can't figure it out doesn't mean it doesn't have that capability.

I'm not entirely convinced...

---

Debug: hittotal: 27 startban: 0 dancookie: endbandate: banned: 0 tempdate: tert: jse: jsno jsh: 27