Archive for the ‘NetBSD’ Category

Update 20110723 – CentOS 6, Sabayon, Slackware, NetBSD, Etc.

July 23, 2011

Long time no see, haters. Since my last update earlier this year, I’ve been pretty busy. Usual stuff: family, work, and sports injuries.

I have a shiny new Lenovo laptop. One of the reasons I chose this one is because I was able to get a list of the hardware and checked it against lists of supported devices. It’s all supported very well under Linux and the BSDs (Net, Open) I looked at.

First thing I did was reduce the very large NTFS partition someone formatted it with (I never have booted this into Windows 7) so that it’s actually quite small. Then I installed a release candidate for Scientific Linux 6 on it, as that was the first available RHEL6 clone. I’ve since changed that over to CentOS 6 using a net install. And since I have no interest in booting the pre-installed OS, I changed my grub menu.lst to no wait, no options, just load that one in a freaking hurry.

As usual, I found some nits to pick about how certain other things were configured and I had to make some changes to get simple things to work. This goes for software as well as hardware.

First the hardware side of it. I thought the inkjet printer I keep in my room was supported out of the box despite noticing the printer would “eat” up paper upon finishing the job — not fully ejecting it before pulling it back in to the printer. It was only the past few days, though, I realized there was more wrong than met the eye. I needed to make some quick scans and xsane reported back I had no scanner. Hmmm. I checked it via scanimage and it was detected. I also double-checked the drivers and saw that the sane backends for hp and usb were there. I decided to see if the hplip site had a newer RPM than is available in any of the repositories I’ve enabled. I entered the relevant information and downloaded an up-to-date RPM with new drivers. Installing it required removing old RPMs. Then I had to set some permissions so I could use the scanner without escalating my privileges to root. The new hplip RPM also resulted in better printing and no more “eating” paper.

There was a variety of software I installed from the normal as well as third-party repositories. Most of it has been without any trouble — only a couple things from a more bleeding edge repository (EPEL) have conflicted with packages from others. Some of the configuration issues have been simple and straightforward. I’m coming around to accepting pulseaudio, especially as it makes some things easier. My Bluetooth headphones work fine and are able to remotely control playlists in totem. Haven’t tried yet in rhythmbox but mplayer (from rpmforge) needs remuco to work.

Even though I’d be exaggerating to call RHEL6 or its clones bleeding edge, it’s still new enough that repositories lack certain packages that I wanted to install. One solution (other than “wait”):

sudo yum groupinstall 'Development Tools'

I’ve recompiled things that bugged me as well as things that were either unavailable or that I wanted to update. I wanted liferea so I had to compile it myself. Dittos sylpheed (NOT claws) and mew (emacs e-mail client). I also wanted an update of org-mode for emacs, but I’ve also played around with compiling other emacsen. This morning, I decided to try sxemacs.

I wasn’t impressed with the clunky xaw widgetry, let alone the faces available on my laptop (trust me, terminus looked only a little better), and I decided against installing GTK1 headers just to see if that would look any better. Not even some minor color changes helped. I usually run emacs from console anyway because it’s easier to run it in screen and then shell in and out, locally or remotely, as needed. The faces (fonts) bother  me a lot more than the widgets — it’s not about the aesthetics as much as if I can clearly see what the hell I’m doing.

I’m going to try this for a while and see how much work it’ll take to get it working the way I use GNU emacs. Just remembered I forgot to change EDITOR=emacsclient to EDITOR=gnuclient. Also, this (last line!) has to go in the init.el to keep from opening a new sxemacs GUI instance:

(require 'gnuserv)
(gnuserv-start)
(setq gnuserv-frame (selected-frame))

Sheesh! Recompiled –without-x. Much better, too, after removing background color (transparent terminal over black wallpaper).

Now the fun of getting my other emacs stuff to work correctly with this.

I also converted my previous laptop over to CentOS 6. I did a minimal net installation, installed xfce from EPEL, and then added some of my own packages (including dwm and jwm because I decided I don’t care for xfce). My ridiculous Acer Aspire One is still running SL6 and still having issues with the fucking Atheros wireless card. When it starts to flake out on me, I pop in a zyd-based USB wireless adapter. Voila. I should blacklist the module for the Atheros card but, honestly, the AA1 has been such a pain in the ass that I seldom use it. I recently updated XP (30-something packages!) after not even booting it for like half a year and suffered some USB-related issues as a result. The good news is under the RHEL6 clones, all the other AA1’s hardware — including both internal card readers — work properly, without having to boot one side with a card inserted.

Okay. The headline mentions other distros and NetBSD. I’m considering some changes on the other laptop because a lot of stuff I’ve compiled for it would be just as easy from scratch instead of using source RPMs or new source. I tried to get a measure of how many packages are installed by default on a minimal install of various distros. I figure RHEL clones will have the most, followed by Debian, and on the other side of the scale will be Slackware and Gentoo (I haven’t used Sabayon before but I like the option of using a binary or portage depending on my tastes — this is why I’m also considering a BSD and pkgsrc).

There are certain distros I’ve taken off my radar list despite having a fondness for them. As I now use laptops, netbooks, and other portable devices — including portable USB storage — about 90% of the time, encryption is very important to me; one of my parents’ was a victim of identity theft in the past couple years and I was already a bit paranoid about what kind of information could be found in plaintext on my computers. On all my computers, I like the option of installing to, or easily setting up, one encrypted LVM which includes at the very least my /home, /var, /etc, and swap. I used to think it was adequate to encrypt just /home and swap but I’ve changed my mind after auditing “identifying” information available elsewhere on an unencrypted system. For example, plaintext wifi passwords in /etc/wpa_supplicant/wpa_supplicant.conf (or elsewhere on a “non-standard” system) or stuff stored in /tmp. I also think it’s not enough that the “core” of the operating system be protected from threats, such as over the Internet; the biggest vulnerabilities usually stem from applications and user choices, and you can’t reboot those problems away — they’ll still be there if (or because) /home and /usr/local are RW, not read-only. When storage is measured in GB and TB and speedy multi-core processors, it’s harder for me to choose to run my OS in some “embedded” style.

Still on my TODO list is my post about what I use instead of OpenOffice.org. Also, I’ll try to write a post about the minimal install I did with more specifics (need to edit my gnote version of it — wish I could import that into this without reformatting) in the near future. As usual, no promises on time lines.

Advertisements

Setting Up Desktop – Part 1

March 15, 2010

I won’t be using my desktop as a desktop very often but I need to get it up and running. After wavering between what to do with it, I started installing something today at lunch. I hope to have it finished by this weekend. Or sooner. I left in the IDE drives because the big honking SATA drive is being used for NAS until I find a big-enough replacement for that (original crapped out).

Yeah, I know. Geez. I didn’t want to do any work at all. I was going to do a minimal Debian net install and only set up what I want. Then I thought I shouldn’t waste anymore time since I installed NetBSD (and Scientific Linux on the secondary drive). Then I was going to just set up MicroCore with only the things I need it to have, and then do more later when I have time. I think, though, that I want a bit more flexibility than Debian and I want to avoid some of the hacky-ness of {Tiny,Micro}Core and have a full set of utilities instead of busybox. As much as I love the latter, it’s just a bit Rube Goldberg in setting up the way I want it to work (not to mention I’d have to compile quite a few things that I want/need which aren’t in the repository); the remaining Linux partition on my AA1 is TinyCore — which I could only use with a USB wifi adapter anymore since I have zero confidence in the Linux ath5k driver with wpa_supplicant — and by the time I add GNU core utils, compile libarchive, etc., I’m pretty close to a Debian/Slackware minimal install anyway. Aside from portage’s bloat, I think I can keep this pretty lean (which is more a goal than a necessity). If I end up regretting Gentoo, I’ll likely install MicroCore and then screw with it more when (if) I can find more time. If it goes as smoothly as it has so far, I could end up putting it on my laptop, too (I’ve aborted several entries I started about excessive dependencies…).

My kernel is still compiling now. I won’t have much chance to mess with it until later tonight (after 24 at the earliest) and probably won’t touch it again until Wednesday. Hopefully I’ll have a “Part 2” up in a timely manner. Haha.

Update 20100209 – Debian Lenny, TinyCore, emacs, ratpoison, oroborus, and security of small distros

February 9, 2010

AA1
I’ve intended to sell this thing but haven’t yet. I updated my AA1 page last week to reflect the fact that I really don’t run Linux on it anymore. I still have {Tiny,Micro}Core set up on it, but I’ve booted that maybe three times in the past few months including once this morning to get my emacs-related files. I don’t know if the issues with wireless were related to the network stack, the ath5k driver itself, wpa-supplicant, or a combination of factors. For the last time, it’s NOT a hardware issue because the problem never happened (meaning started) under Windows; it only happened (started) under Linux and persisted after rebooting. I occasionally boot TinyCore from a USB stick on my other computers (see below).

New Desktop/Workstation
It came with Windows XP Pro installed. I first installed Scientific Linux 5.4 via the live CD, which provides a Gnome desktop. I’ve already posted about adding an old hard drive that had OpenBSD 4.3 on it, on which I installed NetBSD 5.0.1 after backing up $HOME. I’ve been too busy to even update SL54 (which I know has updates because I was also running it on my new-old laptop for a while), let alone configure NetBSD beyond the basics (e. g., setting up my network card even though it’s not yet networked, SSH, etc.). I’d hoped to set it up further this past weekend but I’ve been eye-deep in a stack of reports to edit and charts to generate.

New-Old Laptop
I’m still using Debian Lenny, which I installed using net install. I let it go ahead and install the default Gnome desktop even though I initially thought about just doing a minimal installation and adding what I wanted. One of the reasons I did that is because life has been so hectic the past 18-24 months that I care a lot less about bloat than I do about the convenience factor and having everything ready to roll. Otherwise I’d already have the other computer set up and ready to roll, no?

I have switched some apps around, though. I was using xemacs but decided instead to revert to GNU emacs 21.4 from backports so I’ll have more of the modes I’ve come to take for granted and which require either finding via apt or from their developers. I’m posting this now via weblogger.el (which I’ll have to clean up later) from within emacs. I’ve also installed oroborus and am using it instead of metacity within Gnome (edit ~/.gnomerc to include a line “export WINDOW_MANAGER=oroborus”); this is RAM-sparing to some degree but not nearly enough. I already have ratpoison installed as well, and will more likely than not start paring down on the Gnome bloat as I find time. I’ve been running ratpoison mostly under another user account.

Other Computers
My ancient ThinkPad got a minimal install of Debian Lenny several months ago but hasn’t been booted in at least a month. I may use it for TinyCore. Or as I’d intended with Lenny just to be a temporary HTML/blog server for home use. I may just use MicroCore if I do that.

Nothing to report on my old MMX box. I haven’t booted it in so long I don’t even remember what it has on it.

Unfinished Business
Speaking of {Tiny,Micro}Core, I started on a screencast/presentation back before Christmas that I alluded to at least once here. I’ve been too busy to finish it. It’s in response to a question that was asked at the TCL forums about using TCL as an enterprise Linux replacement. I wanted to demonstrate beyond the more obvious answers why I thought it was unsuitable and worked out a quick and dirty concept to show how vulnerable such a distro — based basically on one file — could be. This kind of goes beyond the security of the image being read-only and, accordingly, being able to reboot into its original state; instead, I wanted to see how difficult it would be to take advantage of the fact that the image is on a read-write partition which can be mounted by user tc locally or remotely and then replaced. My little POC requires user interaction at this stage (which was in maybe 20 minutes’ work) to basically get a corrupt image to replace the original so that each subsequent booting of it isn’t actually the “pristine” original tinycore.gz image but instead the corrupted one (which could have any variety of “reconfigurations” in it, but mine basically pings another computer when it has an IP and has a message stored in a file stating what changes have been made to the original image).

I haven’t decided if I’ll go through and see if I can get it to work remotely without user interaction. Even if I do that, I won’t post it here. Sorry, kiddies.

Since these small image-based distros typically lack logging facilities, it would be trivial to pull this off and possibly leverage vulnerabilities in various packages to further make a mess of it. The smaller the distro’s base image, I think the less noticeable it would be. With my download speed, I can download the TinyCore image in just a few seconds.

Also, I tested this on USB. It’s trivial to test if something has been booted from sd{a,b} and contains a directory named boot containing a file called tinycore.gz. The same applies to other small distros which similarly use one file to store the operating system, allows full sudo (or, in the case of some like Puppy, root only), etc. Even though something is running from RAM, it’s still found on a storage device attached to the computer and can be mounted (unless it’s quickly removed). So I don’t think this is inherently more secure than anything else (or inherently secure at all), and the smaller size could be a disadvantage since it would take less time to download and be less likely to be detected by most users.

As improbable as it is that such things can be accomplished without some kind of user interaction or physical contact with a USB stick to install a corrupted image, it’s still possible. Add in potential vulnerabilities from various packages — including browsers, improperly set up servers, etc. — and the possibilities increase both locally and remotely.

No, the sky is not falling, but there is a potential for risk even though the image itself is read-only. The image may be, but its partition isn’t. The risk may be acceptable for most uses. It isn’t acceptable for enterprise use — not without some kinds of safeguards that enterprise distros have to help reduce problems like this from occurring.

I’m not knocking these small distros. I think they have a special niche, but too many people think they can be one-size-fits-all. Enterprise-grade distros — including RHEL and its clones, SLED, etc. — have a variety of safeguards that would be “bloat” in something designed to be small and minimal. Adding those things to a minimalist distro would seem to be counter to their very purposes. That includes everything from security enhancements to logging facilities (you really do want to know who logged into which computer at what time on what day, and having every user named “tc” can’t be of much use if you need a chain of custody for various computer records, file records, changes, etc.). Moreover, the packages or extensions these small distros offer typically don’t undergo the same level of testing as in enterprise distros, are more often than not bleeding edge rather than tested and stable versions, and aren’t signed. Even signed/trusted repositories aren’t free from trouble as the RedHat/Fedora people found out a couple years ago when their mirrors were compromised.

I’ll see if I can finish the presentation and get it posted soon. Then again, I thought I would’ve had that done a month ago. Stay tuned.

Update 20100130: Musical Hard Drives, NetBSD, Scientific Linux

January 30, 2010

I’d alluded last weekend that I’d installed NetBSD on a spare hard drive in my new workstation. That drive was the last (I think) OpenBSD 4.3 install I had before I had to go care for family in 2008. Hard to remember anymore, I only know that when I ran last it showed my last reboot was a couple days after I returned last year. Anyway, I’d already installed Scientific Linux 5.4 on another spare hard drive I put in the workstation and set up separate partitions on it. My only nitpick about SL’s installer on the live CD version is that it doesn’t allow many options as far as partitioning or filesystems but that’s not a big deal to set up afterward. (Note: the full install/net install CDs use anaconda.)

I switched drives around so my old OpenBSD 4.3 one would be master. Once I logged in (after finally remembering my root password and changing my user password), I looked around and saw a few things I wanted to make sure I backed up before using that drive for something else. I added entries to my fstab for the other drive so I could copy them to my user account on it (that drive is eventually going into another computer; sorry about image quality but I didn’t have the computer networked when I set up).

I recently said some unkind things about the reviewer of a NetBSD-based live CD on a certain website because he complained that it didn’t automatically mount things for him. The BSDs — excluding possibly desktop-oriented projects based on any of the BSDs — don’t enable such things by default. I also recall in a simulated install of KDE packages one time that directions flew up my screen about enabling various daemons to get it all working if so desired. It’s just a different perspective on things. The BSDs are true to their Unix roots, and Linux distros by and large are true to their “GNU’s Not Unix” (heavy emphasis on “not”) roots. Let me be a little more constructive than I was at that website and show how easy this stuff is (especially if you bother to read the documentation).

I installed NetBSD from CD. The installation took a few minutes. Granted, it’s not like installing the average Linux distro — it doesn’t have a graphical installer, it doesn’t have all kinds of apps to install. It’s pretty basic, but you add what you want on top of it instead of whatever some developer decides to include. It’s fast, it’s easy (RTM), painless. It takes a bit of time to configure and set up but it’s a blank slate and you’ll know exactly what’s going on because you’re the one turning all the stuff on that you want to be on.

I wanted to get my files I copied over to the SL54 drive from the OpenBSD install so I decided to set up /etc/fstab to include my SL54 drive. The first command I ran was dmesg | grep wd1 to make sure the drive was detected as wd1 (the next step would tell you the same thing but I usually look at dmesg first). Then I did disklabel wd1 to get information (man disklabel if you want specific options) about the partitions on that drive.

Once I had that, I could edit fstab accordingly and/or mount the partition I need. In this case, the partitions I wanted were g and i and I needed to make directories (mkdir /mnt/wd1{g,i}) for them and then mount them. Then I was able to get my stuff I’d copied from my old OpenBSD install as well as the few things I’ve had time to get on the other SL54 drive. Hardly a hassle.

I haven’t had time to do anything else with that drive (meaning with NetBSD) yet because things are hectic with family and work. Funny how that works out sometimes — get a new computer, fiddle around with a couple of hard drives, and then have to get back to them in a week or two or three (I’ve only been using SL54 on it). For what it’s worth, I’m very pleased with Scientific Linux 5.4, which is compiled from RHEL5 sources. I’ll write a review of it soon — and probably before I get back to setting up NetBSD.