Other OS info

Even though this blog is very Microsoft centric, I do work with other operating systems.

My "Unix" background dates back to IBM AIX, SGI Irix, and of course, Linux. I 'experimented in college' with other operating systems like OS/2, FreeBSD, SunOS, Solaris and BeOS.

Even before then, I ran a BBS under various computer systems starting with an Atari 400 self-modded/self-soldered from 4k to 52k. It even had a toggle switch to switch between 52k and 48k memory sizes because some programs couldn't address the last 4k properly.

The BBS progressed to an Atari 1040ST, then to a 386 running Desqview, then to a 486 running OS/2. A mutated/updated form of OS/2 (eCOM Station) still runs a good amount of ATMs and other POS systems.

Anyway, back to the future - today, I still like to tinker with various operating systems and kernels, case in point:

Windows Vista as a host, VMWare 6.0 as the virtualization software, Redhat Fedora 7.90 (Rawhide), and kernel 2.6.23-0.71.rc2.fc8.

I took a Fedora 7 VM image and decided to live dangerously on the bleeding edge and enabled the development repositories. The end result is a pretty nice OS. I wish I could use the fancy 3D effects but at least I get to play with some of the newer technologies.
I still am on the fence whether I like KDE or Gnome better. I always had a soft spot for Enlightenment way back when too. It is interesting to see stuff that was in Enlightenment about 10 years ago get rolled into other products in 2007.

Kernel 2.6.23 will or has merged, depending on when you read this, a lot of patches that have been waiting on the sidelines. One of the more notable ones is the Xen patches.

I'm not using Xen at the moment but it was nice to see this fly by when the kernel was booting:

[snip]
VMI: Found VMware, Inc. Hypervisor OPROM, API version 3.0, ROM version 1.0
Booting paravirtualized kernel on vmi
ACPI: Battery Slot [BAT1] (battery present)
[/snip]

Reporting the battery status seems to be working properly, and ditto for the paravirtulization "stuff" with VMWare 6.0

Next goal: ESX 3.0.2 in a VM under Workstation 6.0 - I actually have a reason for wanting to do this, honest.

Almost a year after ESX 3.0.1 came out, ESX 3.0.2 is now released!
You can read the release notes here.

Consolidated Backup 1.0.3 also came out. Read the release notes for that here.

A few days ago, VirtualCenter 2.0.2 came out too. Read the release notes for that here.

To download the new versions, go here.

Here are some of the messages of the impending doom of the hard drive on the server:

WARNING: Kernel Errors Present
Buffer I/O error on device hdc1, ...: 10 Time(s)
EXT3-fs error (device hdc1) in ...: 1 Time(s)
EXT3-fs error (device hdc1): e ...: 33 Time(s)
end_request: I/O error, dev hdc, sector ...: 187 Time(s)
hdc: DMA timeout error ...: 1 Time(s)
hdc: dma timeout error: status=0xd0 { B ...: 1 Time(s)
hdc: dma_intr: error=0x40 { Uncorrect ...: 1 Time(s)
hdc: dma_intr: status=0x51 { DriveReady SeekComplete Error } ...: 1 Time(s)
lost page write due to I/O error on hdc1 ...: 10 Time(s)

/dev/hdc :
Prefailure: Seek_Time_Performance (8) changed to 245, 246, 247, 248

Currently unreadable (pending) sectors detected:
/dev/hdc - 32 Time(s)
1 unreadable sectors detected

Offline uncorrectable sectors detected:
/dev/hdc - 32 Time(s)
1 offline uncorrectable sectors detected

By the time I was able to log in, the drive had tanked.

It is probably best just to point you to the Fedora Wiki FC6 page for all the latest and greatest news about Fedora Core 6.

Here is a short list of what is new:

• Installer multi repo support. iSCSI, firewire and USB storage installation
• New DNA theme
• Dejavu LGC font on locales where it shows a good difference like Greek language.
• GCJ web plugin playing an interesting applet
• Compiz eye candy + planned integration for switching the window manager easily.
• Pupplet - Yum based updater applet
• Brand new system-config-printer
• Xen virt-manager user interface
• Eclipse 3.2
• Alacarte menu editor
• Orca Screenreader
• setroubleshoot - SELinux graphical trouble shooting tool.
• Dogtail - desktop automation and testing framework
• GNUCash 2.0
• Fedora on Intel Macs

This looks promising and doesn't use the 'captive' trick of using the ntfs.sys at all. I wouldn't trust it with non-backed-up data just yet, but I like being able to move data back and forth without doing VM tricks and network shares.

http://sourceforge.net/mailarchive/forum.php?thread_id=23836054&forum_id=2697

Other people seem to be hopping on the bandwagon as well:
http://zakame.spunge.org/blog/2006/08/11/ntfs-3g-love/

It looks like the latest revision is dated 08-11-2006 so far.
http://mlf.linux.rulez.org/mlf/ezaz/ntfs-3g-download.html

More info here:
http://fedoranews.org/cms/node/1207

The big items are support for the Intel Macs, and a lot of incremental updates.

The bigger news for Test 2 is that it is going to include the DT_GNU_HASH support in glibc and binutils which boosts dynamic linking performance by about 50%, apparently.

Using version 4.04 of multitail no longer goes into a spawn cycle when system logs rotate. The program author, Folkert van Heusden, contacted me in e-mail and sent me a version of 4.05 which I am also going to install shortly, but it looks like the fixes between version 4.00 and 4.04 did the trick!

Great program! Great author!
If this were an e-bay auction, "A++++++++"

I've always been used to the Redhat/Fedora way of setting up aliases in /etc/sysconfig/network-scripts-ifcfg-: but SuSe/Novell Linux is slightly different. I see a lot of hackish examples/bad advice on the internet on how to set it up on SuSe/Novell Linux so I figured I'd make a note of it here.

To do it "right" under SuSe, you modify the main configuration file for your ethernet adapter.

For example, 'ifcfg-eth-id-de:ad:co:ed:ba:be' where the de:ad:co:ed:ba:be is replaced by a real MAC address.

As an example, you want the main IP of the system to be statically set to 192.168.100.1, and the other IPs to be 192.168.100.100, 192.168.100.101, and 192.168.100.102

Your original configuration will probably look something like this:

BOOTPROTO='static'
BROADCAST='192.168.100.255'
IPADDR='192.168.100.100'
MTU=1500
NAME='My awesome no-name PCI \"bus-mastering\" NE-2000 clone $1.99 CPU-cycle-hogging wondercard'
NETMASK='255.255.255.0'
NETWORK='192.168.100.0'
REMOTE_IPADDR=''
STARTMODE='onboot'
USERCONTROL='no'
_nm_name='bus-pci-0000:01:04.0'

You will want to change it to look like this:

BOOTPROTO='static'
BROADCAST='192.168.100.255'
IPADDR='192.168.100.100'
MTU=1500
NAME='My awesome no-name PCI \"bus-mastering\" NE-2000 clone $1.99 wondercard'
NETMASK='255.255.252.0'
NETWORK='192.168.100.0'
REMOTE_IPADDR=''
STARTMODE='onboot'
USERCONTROL='no'
_nm_name='bus-pci-0000:01:04.0'
IPADDR1='192.168.100.100'
NETMASK1='255.255.255.0'
LABEL1='0'
IPADDR2='192.168.100.101'
NETMASK2='255.255.255.0'
LABEL2='1'
IPADDR3='192.168.100.102'
NETMASK3='255.255.255.0'
LABEL3='2'

Save that and restart networking with '/etc/init.d/network restart' and you are good to go with:
eth0 set to 192.168.100.1
eth0:0 set to 192.168.100.100
eth0:1 set to 192.168.100.101
eth0:2 set to 192.168.100.102

The 'LABELx' settings are just setting the alias label you see after the 'eth0:'
You can get away with leaving out the 'LABELx' statements. One side effect is that you won't see the aliases under 'ifconfig'.

I know you can do this with 'yast' and other utilities but this seems more direct and easier to do on a high latency SSH console.

If anything, this is a note to self. I tend to keep a session of multitail open on any server I like keeping an eye on. Typically it will include the security logs, http logs, error logs, and audit logs. In a few instances when 'logrotate' has kicked in overnight while a 'multitail' session was open, watching the files that were getting moved, all hell breaks loose.

Since the file handle/files that multitail watches suddenly disappear/become invalid, the spawned 'tail' children go into a psuedo-fork-bomb/zombie loop.

For instance, this morning I awoke to about 3000 rapidly spawning and dying 'tail' processes that made it difficult to near impossible to pull up a process list. When that failed, I ended up browsing /proc to see if something bad was going on. I also peeked at /proc/loadavg which was actually pretty normal. Since I have some sane ulimits set on the machine in question, the overall problem didn't become a system-wide out-of-memory problem/crash.

When I get a moment I'll see if I can hack a way to make multitail a little more friendly to files getting purged from under it.

If you have no idea what I'm talking about with multitail, please check out the website for it:
http://www.vanheusden.com/multitail/

It is like tail on steriods.

Sometimes it is handy to know what version of BIND someone is using on a site, especially when the people involved have no idea what BIND is or what you are talking about when you ask them.

Quick and easy way with the BSD/*nix version of nslookup:

“nslookup -q=txt -class=CHAOS version.bind. 0 dns.roflcopter.com"

Server: dns.roflcopter.com
Address: 127.0.0.1#53
version.bind text = "9.2.4rc6"

So, if 'dns.roflcopter.com' actually existed, they are running 9.2.4.rc6.

On any DNS server that I have running BIND, I tend to fake the version returned, so this isn't always accurate. You can accomplish this by setting 'version' within the options section of named.conf

For instance:

options {
directory "/var/named";
version "Go away"
};

Why? I don't like users knowing the version numbers of software I am running. Worms and script kiddies love looking in search engines/etc for versions of software that can be easily exploited. For instance if your system advertises that it is using "Whizzbang 1.0.1" and a new exploit comes out for any version of 'Whizzbang' earlier than 1.0.2, you will most likely have people trying to get in. Of course most scripts will just try a brute-force attack, and if you are vulnerable, you are already hosed.

A great resource for securing BIND by Rob Thomas (not singer), is located here: http://www.cymru.com/Documents/secure-bind-template.html

Wow.

I would be kind of cool to be on this migration team.
"Yeah, let's power down this Pentium and replace it with this Opteron"

http://www.woodtv.com/global/story.asp?s=4771988

Seems like they could have scheduled it a little better, as mentioned in the article:

"The upgrade is unprecedented and comes at a time notorious for severe weather in West Michigan. The National Weather Service will be shutting down one of its largest eyes on the sky for five days; five days with little to no radar."

I haven't used it yet but it looks like a good way to keep the bad guys out. Of course, changing the default port always helps quite a bit too for the automated scripts out there.

SSHd Filter

Fail2Ban - automated prevention help

Blocks IPs after it has determined that the IP trying to get in is a 'bad guy' - great for SSH servers and other services that are commonly attacked brute-force style.

A great HOWTO writeup is here:
http://www.the-art-of-web.com/system/fail2ban/

You could always get real clever and do port knocking but that is sometimes a hassle.

http://mobile.newsforge.com/mobility/06/02/09/1727256.shtml?tid=104&tid=132

I seem to live in the last known area to have analog cable with Charter Cable in Michigan. We are surrounded by digital cable, but our Crockery Lake substation has yet to be rebuilt. DSL is not available in the area either, and even if it were, it would be iDSL at best. I'd love to pull in a T1 into my house and setup a little wireless ISP but I know for a fact that the instant I do such a thing, for a big cost outlay, suddenly digital cable will be available out here.

I know for a fact that there is a lot of interest around here for something better than ISDN. Right now when I'm at home, I'm on my cell phone with a data plan. So now it is a race between whether digital cable with cable modems get here first, or EVDO gets rolled out in Grand Rapids. If I pay off enough bills and can get enough people to subscribe to a wireless subscription, I might have to get a T1 in here for any decent speeds.

Anyway, long rant, but I would love to get VOIP on my little WRT54GS but over a cell phone on 1xRTT (144kbit - basically just about IDSL speeds - I sometimes get 16k/sec) , VOIP just isn't viable. Too much latency variance and not enough 'fat pipe'.

[snip]

1.1. What's New In Fedora Core 5 test1

* Xen virtualisation software and yum package manager are now well integrated within the Fedora installer. The installer interface is more streamlined. Remote logging and improved support for tracebacks is included.
* Pup, a graphical updater using yum, has replaced rhn-applet.
* GNOME 2.12 and KDE 3.4 desktop environments are available.
* GNOME Power Manager and GNOME Screensaver are available as a technology preview within this release.
* OpenOffice.org 2.0 final release is included. OpenOffice.org now uses system versions for many of the libraries leading to increased performance and efficiency.
* Xorg X11R7 release candidate 2 has been included in this release. This is the first modular version, which helps in providing additional features and bug fixes at a faster pace.
* Kernel 2.6.14 is included. Software suspend is enabled in this release.
* SCIM has replaced IIMF in Fedora Core in this release.
* There are changes in the animated mouse cursor theme.
* Fedora Project now has a new logo.

[/snip]

Hopefully it won't have the "Bloated Evlis" feel that FC3 and FC4 have. Even on a fast machine, FC3 and FC4 seemed to run a bit clunky.