Older blog entries for Stevey (starting at number 184)

I spent a while today flirting with slash-like weblog / portal software.

By far the simplest to install and use that I found was YAWNS (Yet Another Weblog News System).

This is a Perl-based system using HTML::Template and MySQL, all software I have running on my my website already.

I'm toying with the idea of setting up a Linux/Debian system administration site with little tips, documentation, and mini-howtos.

On the one hand I find it an attractive idea to post all my own experiences and discoveries together, such as how to use openvpn, etc.

On the other hand there is the the Linux documentation project, Debian planet and Debian Help already.

So I guess I'll sit on the idea for a few days, write entries as if I were doing it for real then see how long I keep it up.

Update: - See the current mockup here.

Last night I tried to add a new drive (80Gb) to my primary desktop machine, undecided.my.flat.

I powered down the box, fiddled around with cabling until I could physically fit the drive inside the box and then powered it back up.

It's a good job I didn't put the case back together - as nothing worked. No BIOS beep. No drives spinning up. Nothing.

I did the obvious thing, I disconnected the drive I'd just added leaving the machine in the same state as it's been for the past year or two. Nothing.

I have no idea why but the machine refused to boot, or make any kind of noise at all now. It's dead.

Sure I may be a little rough and ready when tinkering with hardware. Sure I may not care about static protection as much as I might but adding a new disk shouldn't fry a machine.

I tested all the connections I could see, unplugged everything that wasn't onboard in a futile attempt to track down the problem.

The power supply is good, the CPU fan comes on, the power lights come on, but no sign of spinning up either the disks, the floppy, or the CD-RW/DVD combo drive.

So I ripped out the original drive, the new drive, the memory and then moved them into the body of my other machine, tara.my.flat. (I had to pull out the single drive in there to fit it in).

So now I have a machine with two drives, two CD-RW/DVD combos, and 512Mb of memory.

Hardware Joys

I'm constantly impressed with the ease at which Linux systems cope with different hardware.

After moving my primary drive from a machine with an onboard SiS chipset to a different host box it came up without any problems.

Sure the networking didn't work, sound was b0rked, and GDM failed to start because X was setup to expect an onboard SiS driver, not the Nvidia card that box had. All that aside it worked well and by bedtime I had a working box, but I was too tired to do much with it.

I setup the NVidia FX5200 with this Debian NVidia HOWTO. Very well written and the whole job took only a few minutes. I'd never heard of module-assistant before now, but it worked wonderfully well.

Getting the onboard NIC going was trivial, Xine continued to play my DVDs once I'd sorted out the sound driver (via82xxx_audio) and I tested that the USB toys I have still worked.

Laptop Fun

I installed GNOME on my laptop to see how well it worked.

It installed a suprisingly large number of packages including abiword, gnumeric, and many more.

This is the first time I've seen/used GNOME in years and I was very pleasantly suprised.

It's not as lightweight as my usual IceWM setup (clearly!) but it was pleasant enough to use. I didn't hate it, even though it would insist on playing movies and music with Totem (which mostly failed) rather than Xine.

I fixed it up as well as I could then declared the rest of the night a computer-free evening.

Ice-cream + Sleep = Happy Steve.

Thanks to several kind readers - I know have a group of sources for Debian related clothing available to the UK.

• Open Stuff is a Belgian company with lots of Debian related stuff, and a fantastic Space Invaders shirt!
• Steven McIntyre has some Debian shirts available still and is based in the UK.

I also got pointed to the Debian-UK Cabal, which I'm too scared to investigate further ;)

I think I will look over the Debian site and see if there's an obvious place for this information to be added - I know that there are consultant lists, and other supplier information. It might be worth adding a section if there isn't already, or including UK listings if there is a relevent area for it.

Thanks to everybody that helped - and especially those who didn't chastise me for poor google skillz ;)

PS. When it comes to pimping, I'm hireable for Debian related troubleshooting or setup.... I've worked on big sites such as Machinima.com - stood up to a Slashdotting when I migrated it to Debian :)

After reading Daniel Stone talking of wearing a Debian T-shirt I'm reminded that I still don't own one.

Having never been to any of the conferences for distance/expense reasons I've looked online a few times for local (read UK) based suppliers and not found any.

I printed up the open use logo onto a couple of mugs a few months back, I think I made 10 or so and sold 8 of them, keeping two for myself :)

So if anybody can point me at an online store for selling debian branded clothing I'd appreciate it, even better if they donate to the project.

DVD

Another timely piece I read was Steve McIntyre's piece of fitting Sarge onto DVD.

Whilst looking at online suppliers for clothing I came across DebianShop.com and I've mostly made up my mind to buy a copy of Sarge on DVD, as a simple means of getting all the binaries and source for auditing purposes.

I hope that we can get it to fit on a single DVD, honestly I just naively thought it wouldn't be an issue!

Advogato

People seem to be abusing the site, for both attempting to execute Javascript on profile pages (try harder it's possible ;) or for creating link spam.

Sad to see ..

Recently too much time has been spent working with automating package updates on a farm of Debian machines.

Thanks to apt-get updating a single machine is very simple.

Updating a collection of machines can be as simple as running 'apt-get update && apt-get upgrade' on each one in turn.

However that's fairly ineffecient.

The next thing that normally happens is the addition of a proxy server, so that packages are only downloaded once regardless of the number of machines which require it.

This works well, and makes the manual upgrade less painful.

However you soon run into the problem of wanting to automatically upgrade a machine without doing it manually.

The naive thing to do next is to add a cronjob to perform the upgrade.

Sooner or later this will break as the upgrade asks you questions, etc.

So .. you end up installing manually on a host once, answering any questions and trying to create the answers on the target machines before forcing the upgrade.

My thought was to install an agent upon each of the machines and nominate one to be the update server.

This is the master and will download the .deb files on a schedule, these updates are copied over to the clients using scp and installed using `ssh update@client cat answers | dpkg --install .. ` - where this answers file was created manually on the master.

There are a couple of other things you can do next, remotely query packages on all the hosts, and force updates from the central machine on a schedule.

The only thing that I see is that you are effectively installing the software on the master host before pushing it out - using a staging area is good, but using the staging area on the important patching machine is bad.

I'm sure other people handle things differently, but it's not a bad approach and seems mostly stable.

I've not really seen anything obvious for managing updates across distributions, that would be a an interesting job.

Assuming you have a staging/testing area for each distribution most of the mechanics would stay the same.

The only distribution specific parts would be:

• Downloading updated packages / slack / rpm / deb
• Listing installed packages and versions on a client
• Forcing a non-interactive installation of a single package
• Handling any dependencies for new or changing packages, should be handled too I guess.

Useful to have, not interesting or necessary enough for me to construct. Probably.

Sounds like the kind of thing big companies with different installations would pay money for though ...

I'm in the middle of going through a painful process of updating my website.

All I want to do is add 'class=external' to all the links I have going offsite - so that I can add a little graphic to the link to indicate this.

This should be a trivial thing to do but I'm finding it very painful - I've had a brief hunt around for a simple Perl script to do it for me, but nothing obvious presents itself to me.

I should be using HTML::Parser, etc, but I'm not sure exactly how to handle this myself..

The other day when shopping for a new Widescreen TV I saw a USB game controller on offer at the local supermarket.

It wasn't too pricy and looked like it had a good range of buttons and a fun layout so I added it to the trolley.

(I'm still amused that I bought a widescreen TV from a supermarket - somewhere that I've only previously bought food from. They had a good range of models and I think I got a bargain :)

When getting it home I wasn't sure what would happen, either:

• The thing wouldn't be recognised and I would have to hack some USB code
• The thing would work perfectly and I'd get to play Super Mario Bros 3 with a working controller and not my keyboard.

Sadly (?) it was the latter.

Mmmm Mario

Dragons

To cement my geek credentials I got a Tattoo of Smaug today.

He took two hours to etch upon my body (full size [26k])

Debian

The fun continues with the Sun Netra T1. I'm now running kernel-image-2.6.8-1.

The machine works like a dream, and I'm in the middle of writing some simple Admin scripts to do port-forwarding to machines inside my LAN from the outside.

This will allow me to connect via VNC without having to think about setting up the right options for SSH all the time.

(I think there'd be a market for a simple GUI wizard too: 1. Enter your gateway address, 2. Enter your internal ip/name, 3. Select the services you wish to forward to your localmachine. 4. confirm, 5. Launch SSH with the magic options - do it?)

Yesterday I installed Debian Stable (woody) upon a Sun Netra T1. (Following these brief instructions).

My first non-x86 Debian box!

Right now it's roaring like an aeroplane in my front room, so I must find a place to sit it.

Given the fact that these boxes are both Dual NIC'd I'm going to be using it for my router, way overkill I guess!

Things I've discovered, since upgrading to Unstable:

• 64 bits are fun
• Kernel-Image-2.6.x doesn't exist
• Serial Consoles Rock!

The machine is hooked up to a Telewest broadband connection, so it gets its external IP address via DHCP, and it's internal side is fixed - (192.168.1.0/24 is my unoriginal choice).

It's running DNSMasq internally so it can cache and serve DNS for internal LAN machines, and it's also running squid.

I need to think of things for the beast to run as it's a little under utilised so far. I guess it will serve MP3s when I install my GNUMP3d on it. First though I need to replace the second 9Gb drive with a 40Gb one!

Mostly the machine will be running as a gateway, but I want to do SSP work on it as a non-intel machine. Between the two it should probably be pretty busy :)

It's always bugged me that the Advogato site doesn't allow more than one post from a single user to end up in the recentlog page.

Now I'm starting to become annoyed with the various "Planets" which amass different blogs from other sites, they are very interesting to read - but because many of them have a lot of active readers it is very common for a piece I wish to refer back to to "fall of the end".

What's the solution? Well I guess it could be simple to poll the sites RSS feeds and enter each entry into a database of some kind, but copying peoples words like that for personal (ab)use seems wrong.

I guess I should just bookmark things more often.

Debian

This week I've made a few uploads, but close to a release I'm loathe to make too many big changes.

I've also been getting ready for more auditing work. That's kind stopped recently due to my holidays and visitors being in the house. Still with the Sarge release out of the way things should pick up again.

Work

Still looking for a new job, but I've managed to find some small pieces of work setting up servers for friends in exchange for stuff.

I also managed to buy a cheap Sun Netra T1 - which I am looking forward to installing Debian upon.

I'm just in the planning stages of my first program to run on Windows for a long time.

What I want to write is a program which will scan for, identify, and remove spyware.

In the office environment, despite my best efforts, we see repeated infections of very similar pieces of code.

Rather than just detecting those thus far seen I would like to write a generic framework for detecting these little toys.

So far I've looked over a few programs such as the aging Adaware, but I've not seen any so far that do all the work.

Nor do any of the current spyware detectors seem to have open/available data sets.

The working of the code should be fairly trivial - there are four or so different areas that need to be scanned:

• The registry
• The filesystem
• The startup areas, including .ini files
• Internet Explorer plugins
• Possibly network connections should be examined

The only hard part is coming up with a GUI for displaying the program - and working out how to have the data that we're using be arranged and read.

Obviously the application must have the data files available for download over the web with self-updating facilities.

HTTP download of an archive with a signature check should be sufficient.

I'm not sure how easy this job will be on the whole - MD5 checksumming of binaries may not be 100% reliable - but it seems like an interesting thing to start anyway.