Tag Archives: NFS

A meeting secret weapon: the potato

One of the security podcasts I listen to–I’m not sure which one, but this sure sounds like Liquid Matrix–gave some advice the other week about meetings: Bring a raw potato.

With any luck, you won’t need it. But if the meeting gets out of hand, whip out the raw potato and–hopefully you washed it first–eat it. Yes, just like an apple. Supposedly the meeting ends very quickly when you do this.

I was at a meeting about backups last week where I really needed this. We’re at a stalemate. I need some disk space and the ability to connect to it via NFS or SCP. My protagonist wants to come in through MySQL. He’s not coming in through MySQL, and we’re not reverse-engineering a product that costs more than my house. My stance is that we’ll use the product precisely the way it’s designed, so that next week when we need the vendor’s support, they don’t blame whatever problem we’re having on the backups. The product has the facility to back up and restore its data through one of those two protocols, and setting it up takes less time than a single meeting.

Too bad it was a conference call, where I’m not sure it would have the same effect. But the next time I get a meeting request about this when what I need is a destination IP address, account credentials, and a protocol, I’m bringing a potato.

Need a cheap NAS? Grab this floppy and an old Pentium and you’ve got it

I wanted to build a small-as-possible Linux for the purpose of creating a lightweight NAS a few years back. I even downloaded the uclibc development tools and started compiling for the purpose of doing it. Then I got distracted.

I guess it doesn’t matter. I think NASLite had beaten me to the punch anyway.Here’s how it works. You download the appropriate floppy for the network type (SMB for Windows networks, NFS for Unix) and network card you have. You find an old PC. As long as it has PCI slots, it’ll work. Drop in the NIC if there isn’t one there already, and then drop in as many as four IDE hard drives. (The disk will reformat the drives if there’s anything there, so make sure they’re new or scratch drives beforehand.) If the BIOS doesn’t support the drives because they’re too big, disable them in the BIOS. Don’t worry, Linux controls the drives directly so you don’t need the BIOS. Boot off the floppy, and it joins the network and you’ve got a bunch of disk space for the cost of the drives and possibly the NIC.

Nice, huh?

This isn’t suitable for use in most corporate environments since it creates wide-open storage (it might work well as a big file dump, so long as people realize there’s no security there, but I’ve learned the hard way that users tend not to listen, or at least not remember, when they’re told such things). For home networks it’s fine, unless you’ve got wireless, in which case anyone who can get into your wireless network would also be able to get to your NAS.

Even then, it’s useful if what you want is a central repository for programs like Irfanview and Mozilla Firefox that you install on all your PCs and want to keep handy.

At any rate, if you’re creative and careful and have a Linux box and know how to use the dd command (or have a fairly up-to-date copy of WinImage) to copy a 1.72-meg disk image to a floppy, this is a useful tool for you.

Why I run Debian, and some Debian tricks

After Dan Bowman pointed out another blogger’s recent difficulties installing Evolution on Mandrake 8.1, I had little comment other than, “That wouldn’t be an issue if you’re running Debian.” Well, I think I said a few other things because I tend to be wordy, but that was the only important thing I had to say.Debian is one of the more difficult Linux distributions to install (you have to know what hardware is in your machine–it doesn’t nicely autodetect everything like Mandrake), but it’s far and away the easiest distribution to maintain. We’ll get back to that in a minute.

Released versions of Debian tend to be ultra-conservative. The current version, Debian 2.2r5, still uses the 2.2.19 kernel, for one thing (and that’s a fairly recent change). The current 2.2 kernel is either 2.2.39 or 2.2.40. All packages (at least all the ones anyone uses anymore) are constantly checked and maintained and patched. In theory, the current stable Debian release ought to be the most bullet-proof Linux available.

Besides Debian Stable, there’s also Debian Testing and Debian Unstable. Debian Unstable is pretty cutting-edge, but I’ve had no problems running it. I just keep up with the current patches and the system runs fine. I know people who run production servers on Testing and Unstable and get away with it.

If you want the latest and greatest stuff, after you install Debian, edit the file /etc/apt/sources.list and uncomment the ftp and http lines. Next, copy and paste those lines, then edit the “stable” to read “unstable.” (Or if you’re more conservative, edit it to read “testing.”) Be aware that occasionally you’ll run into problems running packages from unstable under stable. I ran Evolution, Galeon, Dillo, Sylpheed, and a multitude of other packages from unstable just fine, but when I installed AbiWord (a really nice, lean, mean, superfast word processor, by the way) it failed to run right. I upgraded to unstable, and then it worked perfectly.

OK, let’s talk some tricks.

Want to upgrade your distribution after a new version comes out, or upgrade from stable to testing or unstable? Easy. Type this:

apt-get update ; apt-get dist-upgrade

Then Debian will go download the pieces it needs to upgrade itself.

Want to keep your system up to date with any little changes (security patches, whatever) that may have happened recently? Type this:

apt-get update ; apt-get upgrade

So Debian lets you keep a current and presumably secure installation very easily. If you run that line regularly, you can rest assured that if your system is insecure, it’s not Debian’s fault but rather a misconfiguration on your part.

Want to try out some new piece of software? Forget having to hunt down RPMs or keep track of your distribution CD. Check availability with this command sequence:

apt-get update ; apt-cache pkgnames [name of program]

Found it? Excellent. Install it with this command:

apt-get install [name of program]

And if it wasn’t as great as you heard, you can uninstall it with this command:

apt-get remove [name of program]

System acting goofy? This’ll cure much that ails you:

apt-get clean ; apt-get update ; apt-get check

So from a system administration standpoint, Debian is great. Debian developers often try to justify the difficulty of installation by saying you only have to run it once, and to a degree, they’re right.

Compiling a kernel under Debian

I found a nice document detailing customizing your kernel under Debian. The standard method works under Debian, of course, but it’s cleaner to do it within the confines of your package manager–then it doesn’t go stomping on files you modified. Plus it’s actually a little easier to let Debian handle some of the details.

Here are the notes I took while using the document.

With additions:
Use kernel-source-2.4.17

export CFLAGS=”-O3 -mcpu=i686 -march=i386 -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -malign-functions=4″
export CXXFLAGS=”-O3 -mcpu=i686 -march=i386 -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -malign-functions=4″

Using -march=i686 is known to cause instability and not improve performance by any noticeable amount. The kernel mostly ignores these settings but I set them anyway. You can alternatively set them in the file /etc/profile. If you ever find yourself compiling apps from source, you want these options set so they’ll perform optimally.

A correction:
Debian tar doesn’t seem to support the -I switch for bzip2. So I extracted the archive with the following:
bunzip2 -k -c kernel-source-2.4.17.tar.bz2 | tar -xf –

the -k switch tells bzip2 to keep the original file intact, while -c tells it to extract to stdout. The | redirects stdout to the specified program, in this case, tar. -xf tells it to extract the file.

I got an error on make xconfig:

make: wish: command not found.

So I headed off to www.debian.org/distrib/packages. At the bottom of the page, there’s a form where you can type a filename and it’ll tell you what package it comes from. Type in “wish,” hit enter, and I get a long list, including /usr/bin/wish8.3 in a package named libs/tk8.3. Sounds promising. So I do an apt-get install tk8.3 and I’m in business. Type make xconfig again, and we’re set. This page is also a really good way to hunt down packages if you don’t know exactly how Debian named it.

Options I chose for kernel compilation:

Code maturity level options: prompt for development and/or incomplete code/drivers. I answered Yes, so I’d get modern filesystem support.
Loadable module support: I answered yes to all. I’ve read that disabling modules and compiling everything directly into the kernel can improve performance but I’m wary of that. If the kernel’s too big, the system won’t boot. And the idea of modules is to keep only what you need in memory. So I suppose there are instances where a no-modules kernel could increase performance, but there are certainly instances where it would hurt. I chose to be conservative.
Processor type and features: I changed a couple of the defaults. Double-check the processor family option; in my experience it’s usually but not always correct. Enable MTRR support unless you’re using a 486, Pentium, or AMD K5 CPU. All other reasonably modern CPUs, including AMD, Cyrix, Intel, and WinChip, support MTRRs for increased GUI performance. Since the PC I’m using only has one CPU, I disable SMP support. Then I enable local APIC and IO-APIC support on uniprocessors.
General setup: I accepted the defaults, because aggressive use of APM makes me really nervous. Under Windows, APM always does me more harm than good.
MTD: Since I don’t use any flash memory devices, I accepted the defaults of No.
Parallel port support: Curiously, this was disabled by default. This PC has a parallel port but I only use network printers, so I left it disabled to save a little memory.
Plug and play configuration: I said no to ISA plug and play support, since this machine is a laptop and won’t have any ISA PnP cards. On modern PCs that have no ISA slots, say N.
Block devices: The defaults are usually sufficient, but some configurations need RAM disk support and initrd support turned on. If you’re going to mess around with ISO images, you’ll probably want to turn on loopback device support.
Multi-device support: I’ve never seen a laptop with RAID, so the default of disabling it all works great for me.
Networking options: The defaults are fine for most uses. If you’re going to make a router or firewall out of your PC, enable Netfilter.
Telephony support: I disabled it.
ATA/IDE/MFM/RLL support: Disable it if you have an all-SCSI system. I don’t. Turn on SCSI emulation support if you use a CD-R or CD-RW. Under IDE chipset support/bugfixes, disable the chipsets your PC doesn’t have. This laptop has an Intel chipset, so all I had enabled were Generic PCI IDE chipset support, Sharing PCI IDE Interrupts support, Generic PCI bus-master support, Use PCI DMA by default when available, Intel PIIXn chipset support, PIIXn tuning support.
SCSI support: I have an all-IDE system (unfortunately), so I disabled it. Note that SCSI emulation for a CD-R counts as a SCSI device, as does a parallel port Zip drive. Since I have neither, I’m safe disabling it to save some memory and speed up boot time slightly.
IEEE 1394 (Firewire support): I disabled it since I have no Firewire ports.
I2O device support: I disabled it.
Network device support: This can be tricky. I turned off SLIP and PPP since I don’t use them. You may need PPP. I turned off ARCnet support, which you’ll probably do as well since ARCnet is very rare. I have a 100-megabit 3Com 3c556 NIC in this laptop, so I went into Ethernet 10 or 100 Mbit, drilled down to 3COM cards, and said yes to 3c590/3c900 series, since that’s the driver the 3c556 uses. I turned off the others. I like to compile support for the machine’s NIC straight into the kernel when I can, since it speeds up network configuration at boot time. On servers, I’ve been known to compile support for every type of NIC I own into the kernel, so that if I ever have to change NICs, it’ll come back up automatically without any configuration from me. I turned off wireless, token-ring, PCMCIA, ATM, amateur radio, infrared, and ISDN support.
Old CD-ROM drivers: You can probably turn this off, unless you know you have an old proprietary 1X or 2X CD-ROM drive. These were the drives that generally plugged straight into an ISA sound card, and they were very common on 486s. I sold tons of these things in 1994; I’m pretty sure that by the time I was selling PCs again in the summer of 1995, everything I was selling had an IDE drive in it.
Input core support: I don’t use USB input devices, so I turned it off.
Character devices: Near the bottom, after Ftape support, there are options for specific chipsets. You can find out what chipset you have by typing the command lspci in a shell. (You have to be root to do this–use the su command if you’re logged in as yourself, as you should be.) This laptop has an Intel 440BX chipset, so I turned off the VIA, AMD, SiS and ALI support.
Multimedia devices: Disable video for Linux unless you have a capture card. Most will disable Radio adapters as well.
File systems: I enable Ext3 and ReiserFS, along with DOS FAT and VFAT (as modules), ISO 9660 and Joliet, NTFS read-only (as module). Under network file systems, I enable SMB since I (unfortunately) work in Windows environments. I disable NFS since we have no NFS servers.
Console drivers: The defaults work for me.
Sound: Since I have onboard sound, I enable sound support and pick my chipset, in this case, ESS Maestro3. I disable all others.
USB support: I have USB ports but don’t use them. I left it enabled just in case, but I’m not sure why.
Bluetooth: I don’t use it, so I disabled it.
Kernel Hacking: I disabled Kernel debugging, the default.
Whew! Hit Save and Exit. Exit X to save some system resources while compiling and installing.

The end result was an up-to-date kernel (2.4.17) that was about 200K smaller than the stock 2.2.19 kernel and boots to a login prompt in 18 seconds flat, as opposed to 45 seconds before. Much of the improvement is due to the 3c590 driver loading faster as part of the kernel rather than as a module, and the kernel no longer searching for phantom SCSI devices. But Charlie Sebold told me it’s his experience that recent 2.4.x kernels boot a lot faster than earlier kernels.

It’s not perfect–I don’t have sound completely working yet–but I found some clues. I’m not overly concerned about sound support though. The system beeps at me when I have mail, and for work purposes, that’s all the sound I need. I don’t see any point in turning my PC into a multimedia tribute to Billy Joel or Star Wars or Quake III.

Victory over a cantankerous Pentium-75

Yes, the cantankerous Pentium-75 finally realized that resistance is futile, because I have more stamina than most computers. The problems when we started: sound was flaky, CD audio didn’t work, the modem didn’t work, and the system didn’t always boot properly. Once I got my mitts on it, things quickly got worse and the system wouldn’t boot at all except in safe mode, and of course nothing works in safe mode.
After borrowing some hardware from Gatermann (I don’t know where all my AT stuff went but I sure can’t find it) and spending some serious time with it (writing about NFS and flipping back and forth between my writing station and the P75), it works. Very nicely, in fact. It blows away most Pentium-233s I’ve seen. Seriously. It boots in 30 seconds. Word loads in 10-12. That’s hardly a cause for celebration when a system with a K6-2/500 and a modern hard drive boots Windows in 20 seconds and Word 97 in 4, but consider this: This is a 75 MHz Pentium with 256K L2 cache, a SiS 5500 chipset, a mere 32 megs of RAM, a #9 Vision 330 video card (with an S3 764 chipset), an ISA ESS688-based sound card, and a very old 850 MB Maxtor hard disk. Vintage 1995 all around. Cast in that light, this machine kicks some serious butt.

I suspect some of the problems were hardware-related. After reinstalling Windows, I went and grabbed an audio CD (the always-cheerful Still, by Joy Division), dropped it in, and it indicated it was playing. But I didn’t hear anything. So I stopped the CD and checked the hardware. The CD-ROM drive was set up alone on the secondary channel (good), as a slave device (not good). The audio cable looked like it was seated properly but I wasn’t sure. I took the drive out, gave it a once-over, triple-checked all cable connections, and let it go. I powered up, grabbed another CD (Tori Amos’ Little Earthquakes this time), and by the time I got the speakers plugged into the right jack, Tori Amos was asking why we always crucify ourselves. I didn’t have an answer to that question, but I had sound. Good. Either this computer doesn’t like Joy Division, or what I did fixed it.

I did a few more tweaks (OK, a lot more tweaks, because I’m a bloody perfectionist) and soon I had an overachieving P75 sitting atop the now-infamous Tower of Power. I think I’m going to keep an eye on it for one more day, then deliver it.

There are a large number of P233s at work that won’t launch Word in 10 seconds, and they certainly won’t boot Windows in 30.

So, the owner should be happy with it. I’m pretty happy with it. And I’m very glad to have some tangible numbers about what’s possible with the tricks in my book.

If this Pentium-75 is putting your system to shame, you can put an end to that.

Finishing touches: I let RAM Stress Test, by Ultra-X (trust me, you want to go to www.ultra-x.com, not any of the similar addresses–BIG mistake) run for about 20 hours straight. After 100 cycles without a failure, I restarted, booted into Windows, installed Juno (yuck), cleaned up the network settings, then installed Netscape and defragged the drive. The system is still pretty darn fast for what it is.

And, having run RAM Stress Test on the memory (it has commodity memory in it), I have reasonable confidence in the memory, and thanks to SpinRite, I have the utmost confidence in the drive (a Maxtor).

Attempting to optimize Windows with explicit paths

An interesting idea, this. But I’m not sure it’s worth the required time investment to see if it makes a difference for you.

From: ChiefZeke
Subject: Items to consider
To: dfarq@swbell.net

Dave,

A few more items to consider:

The various *.ini files usually point to files to load as oemfonts.fon=vgaoem.fon. Would it not be better to edit all files so that the full path is used instead; as above:
oemfonts.fon=c:\windows\fonts\vgaoem.fon ?

Also, when Folder Options – File Types – Registered File Types is reviewed many items are listed similar to rundll setup.dll ***. Again, would it not be better for the user to edit the complete listing so that the complete path is used; as above:
c:\windows\rundll.exe c:\windows\system\setup.dll *** ?

While I’m well aware of the tedium involved in doing the necessary editing I would think the end result would be worth it.

Jerry

Since Windows only looks in \Windows\Fonts for fonts, I don’t see how specifying a pathname there would help matters, and it might hurt. And I believe the ini files look for device drivers and the like in \Windows\System and possibly \Windows\System32 exclusively.

The registered filetypes is an interesting idea. Since Windows traverses the path (normally C:\Windows;C:\Windows\System;C:\Windows\Command) looking for that stuff, theoretically, putting a pathname in front of stuff that’s in C:\Windows\Command or C:\Windows\System would make it find the file slightly faster. How much faster depends on how full those directories are, of course.

I wouldn’t start editing without first making a full backup of the \Windows tree (or at the very least, a backup copy of the registry). I fear it might be an awful lot of work for very little gain. I’m always interested in even small speedups, and I’m sure I’ll end up trying it at some point (when I’m not banging my head against the wall learning NFS, NIS and NDS so I can write about them).

Proceed with caution, but if you try it I’m of course very interested in the results.

From: ChiefZeke
Subject: Re: Items to consider
To: Dave Farquhar

Dave,
It wasn’t only the .FON files I was talking about. I was also thinking of the .DRV, .ACM. etc files. In fact, I’ve already edited SYSTEM.INI and WIN.INI to add the path in all those places that I’ve determined warrant it.

Also, while it took about three hours. I’ve also edited the entries for registered filetypes and that went smoothly. I feel there is no need to back-up anything, at this time, to accomplish that task. When you’re doing the editing the path and filename are monitored and any errors get a ‘beep’. Further, long-file names are also ‘beeped’ if they are not enclosed in ” “.

Since all operations are subjective as to how fast our computers really are I will confess I noticed no differential in speed during Windows start or program loading.

Jerry

vestigating that. It’s hard to know what tricks are going to make a difference and which ones won’t. I suspect specifying a path would help really slow systems with extremely crammed system directories more than modern systems with optimized directories.