Encryption on the cheap

Dave Farquhar General , , , , ,

Disspam cruises along. It’s not often that I gush about a program, let alone a 4.5K Perl script, but Disspam continues to make my life easier. Granted, it simply takes advantage of existing network resources, but they’re resources that were previously (to my knowledge) limited to the mail administrator. Literally half my e-mail at home today was spam. Disspam caught every last piece.
A little scripting of my own. I’ve got a client at work who wants absolute privacy guaranteed. He and his assistant have some files they don’t want anyone else to be able to read, period. Well, there’s no way to guarantee that under NT, Unix, or VMS. Under NT, we can take away anyone else’s rights to read the file, but an administrator can give himself rights to read the file once again. We can make it set off all kinds of sirens if he does it, but that security isn’t good enough.

Well, the only way we can guarantee what they want is with encryption. But we’re nervous about making files that one and only one person can read, because last year, one of our executives went on vacation in Florida, fell ill, and died. We don’t want to be in a situation where critical information that a successor would need can’t be unlocked under any circumstance. So we need to encrypt in such a fashion that two people can unlock it, but only two. So the client’s backup is his assistant, and the assistant’s backup is the client. That way, if something ever happens to one of them, the other can unlock the files.

Password-protected Zip files are inadequate, because any computer manufactured within the past couple of years is more than fast enough to break the password through brute force in minutes, if not seconds. The same goes for password-protected Word and Excel documents. Windows 2000’s encryption makes it painfully easy to lock yourself out of your own files.

So I spent some time this afternoon trying to perfect a batch file that’ll take a directory, Zip it up with Info-Zip, then encrypt it with GnuPG. I chose those two programs because they’re platform-independent and open source, so there’s likely to always be some kind of support available for them, and this way we’re not subject to the whims of companies like NAI and PKWare. We’d be willing to pay for this capability, but this combination plus a little skullwork on my part is a better solution. For one, the results are compressed and encrypted, which commercial solutions usually aren’t. Since they may sometimes transfer the encrypted package over a dialup connection, the compression is important.

Plus, it’s really nice to not have to bother with procurement and license tracking. If 40 people decide they want this, we can just give it to them.

The biggest problem I ran into was that not all of the tools I had to use interpreted long filenames properly. Life would have been much easier if Windows 2000 had move and deltree commands as well. Essentially, here’s the algorithm I came up with:

Encrypt:
Zip up Private Documents subdirectory on user’s desktop
Encrypt resulting Zip file, dump file into My Documents
Back up My Documents to a network share

Decrypt and Restore:
Decrypt Zip file
Unzip file to C:Temp (I couldn’t get Unzip to go to %temp% properly)
Move files into Restored subdirectory on user’s desktop

I don’t present the batch files here yet because I’m not completely certain they work the right way every time yet.

They don’t quite have absolute security with this setup, but that’s where NTFS encryption comes in. If these guys are going to run this script every night to back the documents up, it’s no problem if they accidentally lock themselves out of those files. If their laptops get stolen, all local copies of the documents are encrypted so the thief won’t be able to read them. And the other user will be able to decrypt the copy stored on the server or on a backup tape. Or, I can be really slick and copy their GPG keys up onto the same network drive.

This job would be much easier with Linux and shell scripts–the language is far less clunky, and file naming is far less kludgy–but I have to make do. I guess in a pinch I could install the NT version of bash and the GNU utilities to give myself a Unixish environment to run the job, but that’s a lot more junk to install for a single purpose. That goes against my anti-bloat philosophy. I don’t believe in planning obsolescence. Besides, doing that would severely limit who could support this, and I don’t have to try to plant job security. I always get suspicious when people do things like that.

Stopping spam.

Dave Farquhar General , , , , , ,

Forget what I wrote yesterday. I was going to post the stuff I wrote in Ohio when I realized it isn’t all that good, it’s definitely not useful, and the people who annoy me the most are the people who can’t get over themselves. No one cares what I ate for breakfast, and the only people who care what went on in Ohio already know.
So here’s something useful instead. It’s the coolest thing I’ve found all year. Maybe all decade, for that matter.

Spam begone. I hate spam. It wastes my time and my bandwidth and, ultimately, my money. I’ve seen some estimates that spam costs ISPs as much as $5 per month per account. You’d better believe they’re passing those losses on to you.

There are tons and tons of anti-spam solutions out there, but most of them run on the mailserver side, so for an end-user to use them, they have to set up a mail server and either use it for mail or run fetchmail to pull the mail in from ISP’s mail servers. I’ve done that, but it’s convoluted. But that’s trivial compared to setting up the anti-spam kits.

I was crusing along, vaguely happy, when my local mailserver developed bad sectors on the hard drive, so one day when I went to read my mail, I heard clunking noises. I turned around, flipped on the power switch to the server’s attached monitor, and saw read errors. Hmm. I hope that mail wasn’t important…

Eventually I shut down my mail server and put up with the spam, hoping I’d come up with a better idea.

I found it in a Perl script called disspam.pl, written by Mina Naguib.

It took a little doing to get it running in Debian. Theoretically it’ll run on any OS that has Perl installed. Here’s what I did in Debian:

su (to become root)
apt-get install libnet-perl (Perl couldn’t see the network without this, so the next command in this sequence was failing. This hopefully isn’t necessary on other distros, as I have no idea what the equivalent would be.)
perl -MCPAN -e shell (as per readme–I accepted the defaults, then when it asked for CPAN servers, I told it my continent and country. Then it gave me 48 choices. I picked a handful at random, since none were any more obviously close to me than others.)
install Net::POP3 (as per readme)
quit
cp sample.conf disspam.conf
chmod 755 disspam.pl

Next, I loaded up disspam.conf into a text editor. It looks just like a Windows-ish INI file.

The second line gives me an exclude list. It’ll take names and e-mail addresses. So I put in a few important names that could possibly be blocked (friends with AOL and Hotmail addresses). That way if their ISPs ever misbehave and get blacklisted, their mail will still get to me. Then I popped down to the end of the file and configured my POP3 mailbox. I had an account I hadn’t read in a week, so I figured I’d get a good test. Just drop in your username, password, and POP3 server like you would for your e-mail client. If you have more than one account, copy and paste the section.

Bada bing, bada boom. You’re set. Run disspam.pl and watch. In my case, it flagged and deleted about a dozen messages, typical of what I usually get, like mail offering me Viagra or access to horny cheerleaders or how to find out anything about anyone (which I already know–I have a journalism degree). The only questionable thing it flagged was mail from MLB.com. I can’t get off their mailing list ever since I voted online for the All-Star game. No importa, I never read that mail anyway. I could have always added MLB.com to my exclude list if what they had to say mattered to me.

But if you’re like me and get lots of mail–that was my less-busy account–and about half of it is spam, that stuff’s going to scroll by really fast. So here’s what I recommend doing: when you execute disspam.pl, use the following command line:

~/disspam/disspam.pl ~/disspam/disspam.conf >> ~/disspam/disspam.log

Then you can examine disspam.log. If disspam ever deletes something it shouldn’t have, you can add the person to your exclude list and e-mail them to ask what they wanted. It looks to be less work than deleting all that spam. Probably less embarrassing too. Have you ever accidentally opened one of those horny cheerleader e-mail messages when there were people around? Yikes!

I fired up Ximian Evolution, pulled down my mail, and had 15 new messages. No spam. None. Sweet bliss.

It’s just version 0.05 and the author considers it beta, but I love it already.

Unix’s power allows you to string simple tools together to make powerful ones. Here are some suggestions.

You can e-mail the log to yourself with these commands:

mail -s disspam [your_address] rm ~/disspam/disspam.log

If you want the computer to do all the work for you, here’s the command sequence:

cronttab

Then add these entries:

0 0 * * * mail -s disspam [your_address] * 0 * * * ~/disspam/disspam.pl ~/disspam/disspam.conf >> ~/disspam/disspam.log

If you read your mail on the same machine that runs disspam, you can substitute your user account name for your e-mail address and save your ISP a little traffic.

You’ll have to provide explicit paths for disspam.pl and disspam.conf.

The first entry causes it to mail the log at midnight, then delete the original. The second entry filters your inbox(es) on the hour, every hour. To filter more frequently you can add more lines:


* 10 * * * ~/disspam/disspam.pl ~/disspam/disspam.conf >> ~/disspam/disspam.log
* 20 * * * ~/disspam/disspam.pl ~/disspam/disspam.conf >> ~/disspam/disspam.log
* 30 * * * ~/disspam/disspam.pl ~/disspam/disspam.conf >> ~/disspam/disspam.log
* 40 * * * ~/disspam/disspam.pl ~/disspam/disspam.conf >> ~/disspam/disspam.log
* 50 * * * ~/disspam/disspam.pl ~/disspam/disspam.conf >> ~/disspam/disspam.log

This program shouldn’t be necessary for very long. It’s short and simple (4.5K worth of Perl) so there’s no reason why mail clients shouldn’t start incorporating similar code. Until they do, you run the risk of disspam and your mail client getting out of sync and some spam coming through. If you read your mail on a Linux box with an mbox-compliant client like Sylpheed or Balsa or Kmail, you can bring fetchmail into the equation. Then create a .fetchmailrc file in your home directory (name it ~/.fetchmailrc to ensure it goes to the right place). Here’s the format of .fetchmailrc:

poll SERVERNAME protocol PROTOCOL username NAME password PASSWORD

So here’s an example that would work for me:

poll mail.swbell.net protocol pop3 username dfarq password censored

Next, set your mail client to no longer check for mail automatically, then type crontab and edit your disspam lines so they read like this:

* 20 * * * disspam.pl disspam.conf >> ~/disspam.log ; fetchmail (your server name)

In case you’re interested, the semicolon tells Unix not to execute the second command until the first one is complete. If you have more than one mail account, add another fetchmail line.

As an aside, Evolution seems to use the mbox file format but it doesn’t store its file where fetchmail will find it. I think you could symlink /var/spool/mail/yourusername to ~/evolution/local/Inbox/mbox and it would work. I haven’t tried that little trick yet.

But even if you’re not ambitious enough to make it run automatically and integrate with all that other stuff, it’s still a killer utility you can run manually. And for that matter, if you can get Perl running on NT or even on a Mac, this ought to run on them as well.

Check it out. It’ll save you time and aggravation. And since it only reads the headers to decide what’s spam and what’s not, it’ll save bandwidth and, ultimately, it’ll save your ISP a little cash. Not tons, but every little bit can help. You can’t expect them to pass their savings on to you, but they’ll certainly pass their increased expenses on to you. So you might as well do a little something to lower those expenses if you can. Sometimes goodwill comes back around.

Catching up.

Dave Farquhar General , ,

One of these days I’ll get around to posting the stuff I wrote in Ohio. I didn’t think I’d have culture shock out there. I can’t decide if Ohio is in the midwest or if it’s really an eastern state, but St. Louis is awfully eastern for a midwest city, and my dad was from Doylestown, Penn., so I lived with an easterner for 18 years of my life.
Look for that tomorrow, maybe. I’d have to unpack the laptop to post that material and I really don’t feel like doing that. I’ve had a fairly productive day, cleaning the place up a bit and politicking and reading Exodus, and I’m going to conveniently remember that Sabbath runs from sunup to sundown, and the sun is down (never mind that the Sabbath takes place on Saturday–this is my convenient re-interpretation, thank you) so I’ve got my excuse to be lazy, which means kick back with a cup of decaf green tea and let the stream of consciousness flow.

Politicking. Yes, politicking. I found myself in the distressing position this week of being a moderate. I’ve always been an outspoken conservative/libertarian (whichever stance will offend the most people is the one I generally took in print in college), except on religious matters, where I’ve always found a way to be a flaming liberal. When I ditched the liberal theology, I gravitated towards modern practices, which put me right back in the liberal camp.

I find myself caught between two very strong personalities, one that wants radical change yesterday, and the other who finds the status quo very comfortable. That in itself makes me uncomfortable, because our comfort level isn’t very high on God’s priority list. And the mission statement of our church is Reaching people for Christ, equipping people in Christ. When I look around at all the GenXers in our congregation who could be reached more effectively, the status quo makes me very uncomfortable. Ministry starts to go downhill fast when the focus shifts to numbers, but I can think of a dozen faces we could help equip more effectively.

I’d much rather equip one person effectively over the course of a year than 12 in a so-so fashion, but with the status quo, I’m questioning whether we can equip one more person effectively. By the same token, alienating 20 people in order to satisfy one person and potentially gain new people is a net loss, even if you eventually gain more than you lose. You don’t just turn someone’s world upside down for no reason.

Hence, I’m suddenly a moderate.

I don’t like being a moderate on much, so I’m going to go find something I can take an extreme position on.

Shaving. That’ll do it. Unix and VMS master Charlie was talking about razors on his page. I can take a strong position on shaving. Become a Nazarite and don’t do it. Life is much simpler afterward. It takes less time to get ready in the morning, and you end up looking like Richard Stallman so no one will come near you, which means you have fewer social problems, thus making your life even simpler.

Except these days, there’s e-mail, so people can talk to you without having a clue what you look like. And I like being able to walk up to girls without them shrieking something about the ghost of John the Baptist and running away at about 60 miles per hour. But if you get your jollies by trying to prove the Cheetah isn’t the fastest land mammal, I think I just told you how.

But I digress, as usual.

I was having a conversation about a year and a half ago with a good friend and mentor, and I told him about an incident I found myself in. I was having lunch with an old friend, female, in Kansas City, and I found I’d forgotten my razor. So, before I went to see her, I went out and bought a drag razor and my sister showed me how to use it. I’d never shaved with a blade in my life. (She was worth impressing. But don’t get any ideas, because she’s married now.)

“Once you go to a drag, you never go back,” my friend said.

Oh, I went back alright. The drag gets a whole lot closer, but even with a really high-quality one, I can still cut myself occasionally. Once I learned the secrets, I never cut myself with an electric. And an electric is so much faster, because you don’t have to bother with shaving cream and filling the sink with water, and you (usually) don’t have as big of a mess to clean up afterwards. There are two tricks with electric razors. OK, three.

1. Brand matters. A lot. My dad used to give me the electric razors he tried and didn’t like. I figured out really quickly why he didn’t like them. They were like shaving with a Sherman tank. They didn’t shave close, and I felt like I had a rash afterward. Sometimes they’d turn me beet red too, and I wasn’t even mad or embarrassed. My dad would never let me try his Braun. So one day I snuck in after he’d left for work and I tried it. Good stuff.

So if you don’t like your electric, try another brand. I’ll never use anything but a Braun. If a Braun doesn’t work for you, your face might be better suited for a Remington or a Norelco. They must work for some people, seeing as someone buys them.

2. Use pre-shave. The most common brand is called Lectric Shave, but there are others. Rub your face down with it a couple of minutes before you shave. It can make a big difference. With pre-shave, my 3-stage Braun gets just about as close as a blade.

3. Clean your razor! Your razor is not a gateway to a netherworld where your whiskers disappear to. If your razor just isn’t getting very close, pop the top off it and empty it out. It’ll work better afterward. And you’ll have a mess to clean up, like you would if you used a blade.

More video editing

Dave Farquhar Video ,

I’ve been playing around with the public domain films at The Internet Archive. The movies in this collection are generally old industrial films, newsreels, promotional films, and amateur movies, some from as early as 1917. There’s a ton of old WWII and Cold War footage. The quality varies, of course, but much of it is very good, and very interesting to an armchair historian like me.
If you just want to watch old short films, the streaming RealAudio and downloadable Divx files are fine.

If you’re wanting to make your own videos using this footage–one could very easily make corny war movies using this stuff–I recommend using the MPEG-2 files rather than the Divx files. MPEG-2 is a less-lossy format than Divx, plus the files are higher resolution. They’re also about 10x larger, but worth the extra trouble if quality is important to you.

Adobe Premiere won’t allow you to do anything with the large MPEG-2 files out of the box, but don’t let that stop you. I found a freeware MPEG-2 codec. I have no idea how long this link will be good, but give this link a shot. Gatermann warned me about doing a Google search on that specific filename–it brings up some pretty disturbing content. Try searching on things like MPEG2, Win32, and codec, rather than the specific filename.

The MPEG-2 files don’t play back well on your computer because they’re interlaced, but they’re beautiful in Premiere and on a composite monitor.

Another hint for using this archive: Don’t download the files with your browser. FTP into ftp.archive.org. A separate FTP client will download the files much more quickly than your Web browser. Make sure you’re using binary mode. You can find a free GUI FTP client here if you need one.

Printing with HP

Dave Farquhar General , ,

I drove into North St. Louis tonight. The computer lab I set up at Bethlehem Lutheran needed some maintenance. It turned out to be very minor maintenance (fortunately)–their HP LaserJet 1200 printer had come unshared from the Win98 box that hosts it, so none of the other PCs could print. So I reshared the printer, connected the rest of the machines to it again, and printed test pages. It worked. I did a little more cleanup since I was there. These computers live a hard life. Fortunately, they’re completely standard microATX systems so getting parts for them will be easy and cheap.
I really need to set up a Linux box to host the printer though. If the printers were hosted by a keyboardless, headless Linux box, they couldn’t come unshared. A Samba print server takes me about an hour to set up, so it’d be a good investment of time. And I’d have my choice of 486s to do it with. I showed one of their staff how to share out a printer just in case it happens again.

They have a second printer as well, an HP DeskJet 660 donated by one of their field workers, and I was going to hook it up but I couldn’t find the stash of cables I used to have up there. I had a parallel cable out in my car for the longest time too, but I went out there, tore my car apart, and couldn’t find it. I must have given it to someone at some point. So I’ll be making another trip up there next week after I run across one. The DeskJet is just there for backup purposes.

The choice of HP printers may make some people curious. The DeskJet was donated. The 1200 is just a really fast, really inexpensive printer. I know Lexmark has something comparable now, but at the time we bought the 1200, there wasn’t much else in its class. It’s a very solid printer. HP’s not the best about providing new drivers when operating systems come out, but there’s a dirty little secret that apparently people don’t want to talk about (or maybe they don’t know). You can always use an older HP printer driver with newer printers. I could run both the 1200 and the DeskJet off an old LaserJet II driver. Microsoft always provides drivers for some of the classic HP printers. In a pinch, I run laser printers off a LaserJet 4 or LaserJet 5 driver. On high-end printers I lose the ability to select trays, but on a low-end printer like the 1200, I won’t lose a thing. So if you can’t find a driver, try the closest match you can find, and fall back on a lowest-common denominator like a LaserJet II if that fails.

Ugh.

Dave Farquhar General

Ugh. (Yeah, I’m using big words today.) I’m behind, I know. I haven’t posted anything of substance for a few days. I’m being hit from every possible direction right now, which is why I’m behind on my e-mail and behind on the site.
My apologies. I probably ought to cancel, but I’m making time tomorrow to go out for pizza with some friends who have a way of putting things in perspective. (I’d better not tell ’em that though. It’ll go to their heads.) I’ll be thinking more clearly afterward.

So, anyway… I’ve got stories from Ohio, I’ve got some hardware talk, but before all that I’ve gotta take care of some business that blew up while I was out of town.

The hysteria on StarOffice…

Dave Farquhar General

Various sources are reporting Sun’s plans to begin charging for StarOffice. Sun, meanwhile, is mum on the subject.
Nowhere has anyone reported that Sun, by the strictest definition of the word, already charges for StarOffice. You can buy it at retail. It’s fairly cheap, but we’re not talking five bucks. I’ve seen a retail-boxed StarOffice 5.2, with Sun’s logo on it, at Circuit City within the past year. Price was about 40 bucks, as I recall.

Sun is mum on the subject. It could be that Sun plans to charge $100 for it and take away the free download. Or it could be that 6.0 will cost $40 at retail but remain downloadable for free on the Web. It’s anybody’s guess, precisely because Sun hasn’t said anything yet.

It’s non-news until Sun announces a shift from current policy. But this isn’t the first time non-news has garnered attention and it won’t be the last.

One more thing. On a completely unrelated note… This picture really scares me.

Upgrading a P2-300

Dave Farquhar General , , , , , ,

Case study: Revitalizing a PII-300
It took me three and a half hours one night to squeeze another year or two of useful life out of a PII-300.

A fellow member of the Board of Directors at my church approached me one night. “Would you reinstall the OS on my computer?” he asked. He had a PII-300, not a barn burner by any modern measure, but not a slouch of a computer either. But as a performer it had been very much an underachiever of late. I had walked him through reinstalling the operating system over the phone back around Christmas and it had solved some problems, but not everything. It appeared his computer needed a clean start.

When I looked at it, I agreed. It wasn’t particularly stable and it definitely wasn’t fast. He had a Castlewood Orb drive to facilitate quick backups, so I had him copy his data directories (named Documents and My Documents), along with his AOL directory, over to the Orb. I also spotted a directory called Drv. As an afterthought, I grabbed that one too.

I proceeded to boot off a CD-ROM-enabled boot floppy. Tepidly, I typed the magic words format c: at the command prompt. Quickly I noticed a problem: the words “Saving current bad sector map” on the screen. As the drive formatted, Rick asked the magic question. “What do you think of partitioning?”

Dirty secret #1: Any time you see bad sectors, you should absolutely FDISK the drive. Bad clusters can be caused by physical problems on the disk, but they can also be caused by corruption of the FAT. No disk utility that I’ve ever seen (not Scandisk, not Disk Doctor, not even SpinRite) fixes that. The only way to fix that (verified by a technicians I talked to at Gibson Research, the makers of SpinRite) is to fdisk and format the drive.

Dirty secret #2: FAT16 is much faster than FAT32. Since Rick wasn’t opposed to partitioning the drive, I created a 2GB FAT16 partition. You do this by answering No when fdisk asks if you want to enable large disk support. This partition holds the operating system.

I exited FDISK, ran it again, and this time answered Y when it asked the cryptic large-disk question. I created a partition that spanned the rest of the drive. Then I rebooted, typed format c: then format d:, and watched for bad clusters. There were none. Excellent.

End result: I had a 2-gig FAT16 C drive and a 6-gig FAT32 D drive.

Dirty secret #3: Never, ever, ever, ever, ever (unless someone’s holding a gun to your head) install Windows as an upgrade. You have a Windows 95 CD and a Windows 98 upgrade CD? So what. Install Windows 98 on the bare drive. Setup will find no Windows installation present and ask for your Windows 95 CD. You insert your Win95 CD, it investigates it to make sure it’s not a blank CD with win.com on it somewhere, then asks for your Win98 CD back. End result: a clean install. Even if you install Win95 immediately followed by Win98, you get extra garbage you don’t need. And it takes twice as long.

Windows took about 30 minutes to install. I tackled his applications. When I installed MS Office, I did a complete install with one exception. I drilled down into Office Tools, found Find Fast, and unchecked it. Find Fast is a resource hog and doesn’t do anything useful.

I installed Office to drive D.

He’d bought Norton Systemworks on sale one weekend, hoping it would help his performance. It didn’t. I showed him a trick. Rather than install Systemworks directly, I explored the CD, drilled into the Norton Utilities directory, and ran Setup from there. I intentionally left out almost everything. Speed Disk and Disk Doctor are the two superstars. I also kept the Optimization Wizard. I left out most of the rest, because the other stuff doesn’t do anything useful but it sure slows down your system. When it asked about running Disk Doctor at startup, I said no. It just slows down startup and doesn’t do anything useful. I did let it replace Scandisk with Disk Doctor. That way if you get an improper shutdown, Disk Doctor can clean up the mess before Windows starts and makes a bigger mess. But Disk Doctor should run when you need it. Not all the time.

Then I drilled down into the Norton Antivirus directory and installed it. Then I did the same for Ghost. I needn’t have done that. Just copying the Ghostpe.exe file out of that directory onto a boot floppy suffices. More on Ghost later.

I installed this stuff to drive D.

Next, I installed his scanner software, Lotus SmartSuite, and his DVD decoder.

I copied the data back over from his Orb disk, noticed his modem wasn’t working, and installed the device driver I found in the Drv directory I’d copied over to the Orb as an afterthought. (I’d much rather back up too much stuff than not enough.) Then I copied his AOL directory over to drive D and installed AOL 5.0 over the top of it. It picked up all his settings.

I cleaned up c:msdos.sys and rebooted, watching the time. It booted in about 45 seconds, including POST. I was happy. Rick was very happy.

I did the other standard Windows optimizations outlined in chapter 2 of Optimizing Windows. I cleared out his root directory on C. Then I ran Norton Speed Disk. I had it do the full file reordering and directory sorting bit (also described in Optimizing Windows). Clearing out the root directory makes disk access much more efficient, but only after Speed Disk discards the now-empty directory entries. Directory sorting makes disk access more efficient by putting the important files early in the list so Windows finds them faster. The results are marvelous.

Finally, I ran Ghost. I copied the Ghost executable to a boot floppy that contained the Castlewood device driver internal.sys, then booted from it and Ghosted his drive to the Orb drive. Fifteen minutes later, he had an image of his system, so he can return back to this state any time he wants.

End result: Rick’s P2-300 with an 8-gig Quantum Bigfoot drive (a notoriously slow hard drive) and 288 MB RAM received a new lease on life. Despite its slow processor and hard drive, it performs better than a lot of consumer-level PCs available today.

That was a good investment of 3 1/2 hours.

Another RISC platform for Linux

Dave Farquhar Linux , , , , , , , , , , , , , ,

Vintage workstations. I’ve read two articles this past week about running Linux or another free Unix on vintage hardware.
http://www.debianplanet.org/article.php?sid=605
http://www.newsforge.com/article.pl?sid=02/02/19/049208&mode=thread

And while I can certainly appreciate the appeal of running a modern free Unix on a classic workstation from the likes of DEC or Sun or SGI, there’s another class of (nearly) workstation-quality hardware that didn’t get mentioned, and is much easier to come by.

Apple Power Macintoshes.

Don’t laugh. Apple has made some real dogs in the past, yes. But most of their machines are of excellent quality. And most of the appeal of a workstation-class machine also applies to an old Mac: RISC processor, SCSI disk drives, lots of memory slots. And since 7000-series and 9000-series Macs used PCI, you’ve got the advantage of being able to use cheap PC peripherals with them. So if you want to slap in a pair of 10,000-rpm hard drives and a modern SCSI controller, nothing’s stopping you.

There’s always a Mac fanatic out there somewhere willing to pay an exhorbinant amount of money for a six-year-old Mac, so you won’t always find a great deal. Thanks to the release of OS X (which Apple doesn’t support on anything prior to the Power Mac G3, and that includes older machines with G3 upgrade cards), the days of a 120 MHz Mac built in 1996 with a 500-meg HD and 32 megs of RAM selling for $500 are, fortunately, over. Those machines run Linux surprisingly well. Linux of course loves SCSI. And the PPC gives slightly higher performance than the comparable Pentium.

And if you’re lucky, sometimes you can find a Mac dirt-cheap before a Mac fanatic gets to it.

The biggest advantage of using a Mac over a workstation is the wealth of information available online about them. You can visit www.macgurus.com to get mainboard diagrams for virtually every Mac ever made. You can visit www.everymac.com for specs on all of them. And you can visit www.lowendmac.com for comprehensive write-ups on virtually every Mac ever made and learn the pitfalls inherent in them, as well as tips for cheap hardware upgrades to squeeze more speed out of them. I learned on lowendmac.com that adding video memory to a 7200 increases video performance substantially because it doubles the memory bandwidth. And on models like the 7300, 7500, and 7600, you can interleave the memory to gain performance.

Besides being better-built than many Intel-based boxes, another really big advantage of non-x86 hardware (be it PowerPC, Alpha, SPARC, MIPS, or something else) is obscurity. Many of the vulerabilities present in x86 Linux are likely to be present in the non-x86 versions as well. But in the case of buffer overflows, an exploit that would allow a hacker to gain root access on an Intel box will probably just crash the non-x86 box, because the machine language is different. And a would-be hacker may well run into big-endian/little-endian problems as well.

http://homepages.ihug.com.au/~aturner/7200boot.html