Why I run Debian, and some Debian tricks

Dave Farquhar Linux , , , , , , , , , , , ,

After Dan Bowman pointed out another blogger’s recent difficulties installing Evolution on Mandrake 8.1, I had little comment other than, “That wouldn’t be an issue if you’re running Debian.” Well, I think I said a few other things because I tend to be wordy, but that was the only important thing I had to say.Debian is one of the more difficult Linux distributions to install (you have to know what hardware is in your machine–it doesn’t nicely autodetect everything like Mandrake), but it’s far and away the easiest distribution to maintain. We’ll get back to that in a minute.

Released versions of Debian tend to be ultra-conservative. The current version, Debian 2.2r5, still uses the 2.2.19 kernel, for one thing (and that’s a fairly recent change). The current 2.2 kernel is either 2.2.39 or 2.2.40. All packages (at least all the ones anyone uses anymore) are constantly checked and maintained and patched. In theory, the current stable Debian release ought to be the most bullet-proof Linux available.

Besides Debian Stable, there’s also Debian Testing and Debian Unstable. Debian Unstable is pretty cutting-edge, but I’ve had no problems running it. I just keep up with the current patches and the system runs fine. I know people who run production servers on Testing and Unstable and get away with it.

If you want the latest and greatest stuff, after you install Debian, edit the file /etc/apt/sources.list and uncomment the ftp and http lines. Next, copy and paste those lines, then edit the “stable” to read “unstable.” (Or if you’re more conservative, edit it to read “testing.”) Be aware that occasionally you’ll run into problems running packages from unstable under stable. I ran Evolution, Galeon, Dillo, Sylpheed, and a multitude of other packages from unstable just fine, but when I installed AbiWord (a really nice, lean, mean, superfast word processor, by the way) it failed to run right. I upgraded to unstable, and then it worked perfectly.

OK, let’s talk some tricks.

Want to upgrade your distribution after a new version comes out, or upgrade from stable to testing or unstable? Easy. Type this:

apt-get update ; apt-get dist-upgrade

Then Debian will go download the pieces it needs to upgrade itself.

Want to keep your system up to date with any little changes (security patches, whatever) that may have happened recently? Type this:

apt-get update ; apt-get upgrade

So Debian lets you keep a current and presumably secure installation very easily. If you run that line regularly, you can rest assured that if your system is insecure, it’s not Debian’s fault but rather a misconfiguration on your part.

Want to try out some new piece of software? Forget having to hunt down RPMs or keep track of your distribution CD. Check availability with this command sequence:

apt-get update ; apt-cache pkgnames [name of program]

Found it? Excellent. Install it with this command:

apt-get install [name of program]

And if it wasn’t as great as you heard, you can uninstall it with this command:

apt-get remove [name of program]

System acting goofy? This’ll cure much that ails you:

apt-get clean ; apt-get update ; apt-get check

So from a system administration standpoint, Debian is great. Debian developers often try to justify the difficulty of installation by saying you only have to run it once, and to a degree, they’re right.

Compiling a kernel under Debian

I found a nice document detailing customizing your kernel under Debian. The standard method works under Debian, of course, but it’s cleaner to do it within the confines of your package manager–then it doesn’t go stomping on files you modified. Plus it’s actually a little easier to let Debian handle some of the details.

Here are the notes I took while using the document.

With additions:
Use kernel-source-2.4.17

export CFLAGS=”-O3 -mcpu=i686 -march=i386 -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -malign-functions=4″
export CXXFLAGS=”-O3 -mcpu=i686 -march=i386 -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -malign-functions=4″

Using -march=i686 is known to cause instability and not improve performance by any noticeable amount. The kernel mostly ignores these settings but I set them anyway. You can alternatively set them in the file /etc/profile. If you ever find yourself compiling apps from source, you want these options set so they’ll perform optimally.

A correction:
Debian tar doesn’t seem to support the -I switch for bzip2. So I extracted the archive with the following:
bunzip2 -k -c kernel-source-2.4.17.tar.bz2 | tar -xf –

the -k switch tells bzip2 to keep the original file intact, while -c tells it to extract to stdout. The | redirects stdout to the specified program, in this case, tar. -xf tells it to extract the file.

I got an error on make xconfig:

make: wish: command not found.

So I headed off to www.debian.org/distrib/packages. At the bottom of the page, there’s a form where you can type a filename and it’ll tell you what package it comes from. Type in “wish,” hit enter, and I get a long list, including /usr/bin/wish8.3 in a package named libs/tk8.3. Sounds promising. So I do an apt-get install tk8.3 and I’m in business. Type make xconfig again, and we’re set. This page is also a really good way to hunt down packages if you don’t know exactly how Debian named it.

Options I chose for kernel compilation:

Code maturity level options: prompt for development and/or incomplete code/drivers. I answered Yes, so I’d get modern filesystem support.
Loadable module support: I answered yes to all. I’ve read that disabling modules and compiling everything directly into the kernel can improve performance but I’m wary of that. If the kernel’s too big, the system won’t boot. And the idea of modules is to keep only what you need in memory. So I suppose there are instances where a no-modules kernel could increase performance, but there are certainly instances where it would hurt. I chose to be conservative.
Processor type and features: I changed a couple of the defaults. Double-check the processor family option; in my experience it’s usually but not always correct. Enable MTRR support unless you’re using a 486, Pentium, or AMD K5 CPU. All other reasonably modern CPUs, including AMD, Cyrix, Intel, and WinChip, support MTRRs for increased GUI performance. Since the PC I’m using only has one CPU, I disable SMP support. Then I enable local APIC and IO-APIC support on uniprocessors.
General setup: I accepted the defaults, because aggressive use of APM makes me really nervous. Under Windows, APM always does me more harm than good.
MTD: Since I don’t use any flash memory devices, I accepted the defaults of No.
Parallel port support: Curiously, this was disabled by default. This PC has a parallel port but I only use network printers, so I left it disabled to save a little memory.
Plug and play configuration: I said no to ISA plug and play support, since this machine is a laptop and won’t have any ISA PnP cards. On modern PCs that have no ISA slots, say N.
Block devices: The defaults are usually sufficient, but some configurations need RAM disk support and initrd support turned on. If you’re going to mess around with ISO images, you’ll probably want to turn on loopback device support.
Multi-device support: I’ve never seen a laptop with RAID, so the default of disabling it all works great for me.
Networking options: The defaults are fine for most uses. If you’re going to make a router or firewall out of your PC, enable Netfilter.
Telephony support: I disabled it.
ATA/IDE/MFM/RLL support: Disable it if you have an all-SCSI system. I don’t. Turn on SCSI emulation support if you use a CD-R or CD-RW. Under IDE chipset support/bugfixes, disable the chipsets your PC doesn’t have. This laptop has an Intel chipset, so all I had enabled were Generic PCI IDE chipset support, Sharing PCI IDE Interrupts support, Generic PCI bus-master support, Use PCI DMA by default when available, Intel PIIXn chipset support, PIIXn tuning support.
SCSI support: I have an all-IDE system (unfortunately), so I disabled it. Note that SCSI emulation for a CD-R counts as a SCSI device, as does a parallel port Zip drive. Since I have neither, I’m safe disabling it to save some memory and speed up boot time slightly.
IEEE 1394 (Firewire support): I disabled it since I have no Firewire ports.
I2O device support: I disabled it.
Network device support: This can be tricky. I turned off SLIP and PPP since I don’t use them. You may need PPP. I turned off ARCnet support, which you’ll probably do as well since ARCnet is very rare. I have a 100-megabit 3Com 3c556 NIC in this laptop, so I went into Ethernet 10 or 100 Mbit, drilled down to 3COM cards, and said yes to 3c590/3c900 series, since that’s the driver the 3c556 uses. I turned off the others. I like to compile support for the machine’s NIC straight into the kernel when I can, since it speeds up network configuration at boot time. On servers, I’ve been known to compile support for every type of NIC I own into the kernel, so that if I ever have to change NICs, it’ll come back up automatically without any configuration from me. I turned off wireless, token-ring, PCMCIA, ATM, amateur radio, infrared, and ISDN support.
Old CD-ROM drivers: You can probably turn this off, unless you know you have an old proprietary 1X or 2X CD-ROM drive. These were the drives that generally plugged straight into an ISA sound card, and they were very common on 486s. I sold tons of these things in 1994; I’m pretty sure that by the time I was selling PCs again in the summer of 1995, everything I was selling had an IDE drive in it.
Input core support: I don’t use USB input devices, so I turned it off.
Character devices: Near the bottom, after Ftape support, there are options for specific chipsets. You can find out what chipset you have by typing the command lspci in a shell. (You have to be root to do this–use the su command if you’re logged in as yourself, as you should be.) This laptop has an Intel 440BX chipset, so I turned off the VIA, AMD, SiS and ALI support.
Multimedia devices: Disable video for Linux unless you have a capture card. Most will disable Radio adapters as well.
File systems: I enable Ext3 and ReiserFS, along with DOS FAT and VFAT (as modules), ISO 9660 and Joliet, NTFS read-only (as module). Under network file systems, I enable SMB since I (unfortunately) work in Windows environments. I disable NFS since we have no NFS servers.
Console drivers: The defaults work for me.
Sound: Since I have onboard sound, I enable sound support and pick my chipset, in this case, ESS Maestro3. I disable all others.
USB support: I have USB ports but don’t use them. I left it enabled just in case, but I’m not sure why.
Bluetooth: I don’t use it, so I disabled it.
Kernel Hacking: I disabled Kernel debugging, the default.
Whew! Hit Save and Exit. Exit X to save some system resources while compiling and installing.

The end result was an up-to-date kernel (2.4.17) that was about 200K smaller than the stock 2.2.19 kernel and boots to a login prompt in 18 seconds flat, as opposed to 45 seconds before. Much of the improvement is due to the 3c590 driver loading faster as part of the kernel rather than as a module, and the kernel no longer searching for phantom SCSI devices. But Charlie Sebold told me it’s his experience that recent 2.4.x kernels boot a lot faster than earlier kernels.

It’s not perfect–I don’t have sound completely working yet–but I found some clues. I’m not overly concerned about sound support though. The system beeps at me when I have mail, and for work purposes, that’s all the sound I need. I don’t see any point in turning my PC into a multimedia tribute to Billy Joel or Star Wars or Quake III.

Linux on a Power Mac 7500

Dave Farquhar General , ,

I built a Linux box earlier this week. There was a Power Mac 7500 at work that was begging for a conversion. Actually it’s a classic Hackintosh, assembled from the pieces of a 7500 and a dead 7600, so it’s running at 133 MHz instead of its original 100 MHz, and with 128 megs of interleaved EDO RAM. And it’s SCSI. So it had plenty of memory, a server-grade disk, and a RISC-based CPU. I had to see what it could do once it was unencumbered by the Mac OS GUI.
I chose Debian, because Debian installs very little extraneous garbage and because it’s super-simple to maintain.

And I’ll never complain about the difficulty of installing Linux on a PC again. Not that I’ve complained in a really long time, but Linux on an old Mac is a pain.

It’s nearly impossible to make these old Macs boot Linux directly, so you do a dual-boot trick, installing MacOS and then installing BootX, which is a control panel that pops up early in the boot process and asks you what OS you want. The default is Linux. Pick Linux, or let it time out, and that annoying smiling guy disappears, replaced by the glorious text-mode (bet you didn’t know the Mac had one of those, did you?) screen of the Linux boot process. Oh yeah, there’s a smiling picture of Tux up in the right-hand corner while it’s all going on. It’s a cool Wizard of Oz-like effect, I think.

So you boot off your MacOS CD, make yourself a 20-meg Mac partition, install just the base OS and the multimedia stuff, which includes the Apple CD/DVD-ROM driver–I didn’t realize that wasn’t part of the base OS and was wondering why I couldn’t read CD-ROMs anymore. Then search the CD for Stuffit Expander and Disk Copy. You’ll need those too. The version of Stuffit that came bundled with MacOS 8.5 couldn’t do anything with BootX on the Debian CD, so you’ll need to find a newer version on another Mac and then sneakernet it over. Then you use Disk Copy to generate images of the boot and root CDs. Drop BootX in System Folder::Control Panels, drop the Debian Kernel in the Linux Kernels subfolder of the System Folder, insert your Debian CD, then boot off the floppies, and you’re ready to go.

Apple hardware–old Apple hardware at least–is generally pretty reliable, so if you’ve got ancient Macs at work you need to put to something useful, this is a good way to do it. They’ll give better file server performance than a Snap server and you can even do software RAID configurations. Old desktop Macs have two 3.5″ bays, so you can mirror disks, and there is an external SCSI port for expansion if you want to do other types of RAID or connect a tape drive. And they’d make great intranet servers.

What did I do with the Mac? I made it into a PDF server. It’s great. I print to the phantom printer, and PDFs pop up in its file share. It’s lightning fast–by the time I pop over to the share to pick up the file, the server’s had enough time to create the PDF. So this 133 MHz Mac running Linux can generate PDFs in less time than it would take to print the file. I had problems with the GNU Ghostscript package (gs), so I ended up having to use Aladdin Ghostscript (aladdin-gs) instead. No big deal to me, since I’m not a GNU bigot.

I tried to make the service available to the Macs on the network too, by installing netatalk, but the phantom printer doesn’t work right. I’m still hoping to resolve that. Making shares with netatalk is frighteningly simple, but making printers with it is less fun than configuring XFree86 by hand.

Even with the difficulties, Charlie and I had it working well for Windows clients in a couple of hours. I think it was a good investment of a couple of hours, taking a computer off the scrap heap and making something useful out of it without having to buy any software.

It’s time.

Dave Farquhar General

I’m back. I needed some time to sort everything out, regroup, and, well, be something resembling a typical 27-year-old. And thanks to Dan Bowman for pointing out some of the facilities Greymatter has to take care of problems. I’d never felt the need to look for them. But now I know. And should those fail, Apache also has facilities as well. It’s good to be root.
As for Katelyn, I’ve learned to assume that no news is good news. Brad didn’t call me at all on Wednesday, and I saw him at a meeting Wednesday night and we talked, but he didn’t mention anything about her. That means no unexpected changes, which is never a bad thing.

A story. I think I’ll just wrap things up with a story. I went and saw Luke Tuesday night. Luke talked about how people sometimes treat him because of his MDA, which confines him to a wheelchair. It was so sad. Stupid. Pointless. It reminded me of something that happened a few years ago.

I was in college. I was in a fraternity. During my junior year, a young man visited us for dinner. This wasn’t uncommon; people who were interested in the house often visited for dinner. We’d show them around, answer their questions, and whatnot. What was unusual was that this young man had a condition–polio, if memory serves–that left his legs immobile, so he walked with crutches. He moved along just fine. As I recall, he even went upstairs to get the grand tour. There was some concern that if he did move in, he’d always have to live on the second floor, as opposed to the third, to minimize the amount of climbing he’d have to do. But that wasn’t a really big deal.

He left, and someone called a meeting. So there we were, the actives, sitting in the dining room. We talked about him a little, then one guy stood up and spoke.

“You do know that if he does move in here, one of you guys has to room with him.”

“What’s wrong with that, Frank?” I asked.

“Well, I’m not gonna room with him. There’s something wrong with him. Would you want to room with him?”

I pointed at one of the guys sitting at the table with Frank. “Look at Gotsch,” I said. “He’s handicapped in a way, right? His hand’s in a cast, and he can’t do everything you and I can do. And you know what? It’s his own fault his hand’s in a cast, due to his own stupidity punching a wall. Does anyone think any less of him? That guy–” and I motioned outside–“didn’t do anything to cause his handicap. I don’t think any less of him. He can room with me.”

I paused and looked at Frank.

“Assuming he’d be willing to live around someone like you.”

I guess he wasn’t willing, because he never came back. And a big part of me was glad. Not that I didn’t want a roommate–I didn’t want someone to have to go through that garbage.

A couple months later, I moved out too.

Update on Katelyn

Dave Farquhar General

Brad called me late on Wednesday with an update. They’ve taken Katelyn off her pain medication, which included morphine, and she’s struggling with the pain and withdrawal. Brad said she cried for a 17-hour stretch. It’s good that she’s strong and healthy enough to be able to do that, but heartbreaking that she would hurt enough to do that.

Katelyn’s out of ICU!

Dave Farquhar General

There is lots of news on Katelyn, and almost all of it is good. Katelyn got out of ICU today. They removed all the tubes from her, except her feeding tube, which she has always had. She’s in a private room, and the doctors say she ought to be able to go home in 2-5 days!
Her lungs still have not cleared completely, but with everything else going well, the doctors are less worried about it now. She still will not eat on her own, which is why the food tube is still there, but she has never eaten on her own so that is probably understandable.

Katelyn is improving

Dave Farquhar General

Dave says Katelyn’s color is back to normal, they removed a breathing tube, and she’s doing much better!! The scare from Saturday was just one doctor’s opinion, not Katelyn’s doctor, based on chest xrays and nothing else. John and Karin said they’re hoping she might get to come home this week. There is still room for complications but things look a lot better now.
Dave said one of the people in the group is a nurse who used to assist in heart surgery. She said that even 10 years ago, people with Katelyn’s condition just didn’t survive.

Update on Katelyn

Dave Farquhar General

Dave reports slow but measurable progress on Katelyn. He also verified the spelling of her name. The doctors removed a tube yesterday relating to breathing. The last Dave heard, there’s been progress and there’ve been setbacks, but the general trend has been forward. A group from the church is going to visit Katelyn’s parents, John and Karin, tonight. Dave may join them.

A reminder from your sponsor…

Dave Farquhar General

Just a reminder, for those who seem to have forgotten. I produce the content on this site. I write it, edit it, and post it. I usually sink far more time into it than I should. I don’t make any money off it, other than the occasional sale through an Amazon link, which usually amounts to $15-$20 per year. But making money was never my intent.
This is a hobby. I write about what I feel like writing about, when I feel like writing about it, how I feel like writing about it.

I don’t owe you anything. Nobody is forcing you to read this. Nor have I ever solicited donations, and I don’t have any plans to start.

I’d like to think I usually produce decent-quality stuff. Some days are worse than others. It’s not easy to come up with new and insightful and interesting stuff every day, which is why sane writers take a day or two per week off. And sometimes I run out of time, so I call it done and post it, figuring whatever I can give you is better than nothing.

I guess I was wrong about that.

This is a difficult time. I don’t know what people want me to write about right now, and frankly I don’t give a rip. Yeah, I’m moody, and yeah, I’m a bit down, and I’ve got a (mostly) one-track mind. You can deal with that, or you can join that small band of readers who’ve decided to be part of the problem. Faced with having to choose between not giving a rip about my neighbor or not giving a rip about your computer problem (or not being thorough enough for your tastes), the decision will be the easiest one I ever made in my life.

I’ll be back when I bloody feel like it. And not a nanosecond sooner.

That faith thing.

Dave Farquhar General

I talked to Brad again last night, since Brad’s my go-between to Katie’s family, whom I hardly know (and who have absolutely zero time to be talking on the phone right now–they talk to Brad and let Brad talk to the rest of the Oakville gang, then my little tidbits go out to who-knows-where).
Dan Bowman forwarded some comments from a nurse that were encouraging. I passed those on to Brad. I read him the comments from yesterday’s post. Brad asked me if I’d print him a copy to keep. I set some sort of land-speed record hitting ctrl-p. (Mice are for wimps.)

And I got to thinking aloud about that huge plan God’s got again. He knows twelve billion people better than I’ll ever know any single human being. I’m not even certain I can tell you who I sat next to in church last Sunday. I certainly can’t tell you all the names of the people immediately in front of me and behind me. God knows all the hows and whys and therefores about them.

One summer I sat down and wrote out on paper an algorithm that I could translate into a computer language and simulate a baseball game. Alternatively, I could do the math using a calculator and some dice. Run it 162 times for each team in a league, and I could simulate a baseball season. I could tell you what 48 players might do in a single game, what 624 players might do over the course of 162 games. I was pretty proud of myself for figuring that out.

So I could figure out what might happen if the Royals were to somehow pry Rafael Palmeiro away from the Texas Rangers. But God knows what would happen. No questions about it. And He knows how it would affect quality of life, and even if it would affect operation of a stoplight across the Kansas border in Olathe for some bizarre reason.

And He knows about the things that really do matter. I can simulate something as trivial and, as much as it pains me to say it, unimportant as a baseball game. It stretches my little brain to its limits, but I can describe it mathematically. I can’t even begin to do that with a human life.

Knowledge is power. He’s got the monopoly on both of them. Good thing He’s on my side. Yours too.

So why do I find myself not trusting Him all the time? It doesn’t make any sense.

I guess if I ever needed any proof that I’m human, I just got it.