Home » debian » Page 4

debian

More on building under a small Linux environment

Well, I’ve been playing a little bit with Erik Anderson’s uClibc-based development environment mentioned in the previous two posts.
When I compile, I issue the command export CFLAGS='-Os -s -mcpu=i386 -march=i386' to create small-as-possible binaries. Using the default flags, the Links web browser balloons to nearly 2.6 megs on my dual Celeron, mostly due to the debug symbols. It drops to around 760K with those options. Specifying i386 binaries shrinks them down at the expense of some speed on some CPUs (especially 486s and first-generation Pentiums), so you have to set your priorities. It doesn’t matter nearly as much on newer CPUs. But I’m pretty sure if you’re interested in uClibc you’re not just running it on Pentium 4s.

For the record, Links compiles without warnings without doing anything special to its configuration and seems to run without incident (I immediately used it to locate and download more source code to compile). Samba’s more difficult, giving some warnings in various places. It may or may not require some special configuration in order to actually run (I didn’t have time tonight to test it), and of course that could result in some reduced functionality. The binaries total 9.3 meg, which isn’t bad considering it implements a complete Windows NT-compatible file server as well as some simple client utilities for connecting to NT shares on a network. The files themselves are about 20% smaller than on a stock Debian system.

Erik Anderson says the majority of Unix software will compile under uClibc, which is probably true. I generally see compiler warnings occasionally even when using a completely mainstream system.

Yes, I’m still alive

I had to take some time away to clear my head and find myself. It’s a survival tactic; the guy other people wanted Dave to be hasn’t been getting the job done.
Besides, anyone who’s worth anything will like the real Dave better than Dave the Chameleon anyway. Those who like Dave the Chameleon better can go find themselves someone else to be a chameleon. There doesn’t seem to be any shortage of people who are willing. But I think it’s rude to ask someone to change before you really get to know him or her, don’t you?

So I’ve been ignoring the site partly because when I’m paying attention to it, it’s really tempting to try to figure out what to write to make myself popular. And partly because it’s a distraction when I’m trying to figure out who I am. Writing is a big part of me, but it’s only part of me.

So I dug out some things I enjoyed in the past. I’ve been reading F. Scott Fitzgerald and listening to Peter Gabriel and U2 (early stuff, long before they got popular) and Tori Amos and Echo and the Bunnymen. The way I used to do things was to go look for stuff that most people overlooked, rather than letting current trends tell me what to like. So none of that’s cool anymore. Big deal.

The majority isn’t always right. Exhibit A: Disco.

I remember when I was in high school, either my freshman or sophomore year, a popular girl a year older than me came up to me and told me I needed to be more of a rebel. I thought about that and came to the conclusion that I was a rebel. She and her crowd were rebelling against authority figures. I was rebelling against conformity.

Oddly enough, I ended up sitting next to her boyfriend in Spanish class not long after that. We couldn’t stand each other at first, but then it turned out we had a lot more common ground than either one of us could have imagined and we became friends.

I can’t help but think of Fitzgerald. Fitzgerald was the spokesman of his generation, a generation not at all unlike ours, a generation that lived to excess and partied harder than any generation before, and up until GenX came along, or since. It’s obvious from Fitzgerald’s writing that he saw the excesses and even though it fascinated him, obviously there was a lot about it that he didn’t like. Yet his lifestyle didn’t change much. The result? The Voice of the Twenties was dead, aged 44, in 1940. Although some of his contemporaries recognized his greatness then, he was mostly remembered as a troublesome drunk.

Would Fitzgerald had lived longer if he’d been more of a rebel of a different sort? Well, I’d like to think so.

I’ve also been playing with computers. I pressed my dual Celeron back into duty and upgraded to the current version of Debian Unstable (I last did that sometime last summer, I think). It’s much, much faster now. I suspect it’s due to the use of GCC 3.2 or 3.3 instead of the old standby GCC 2.95. But I’m not sure. What I do know is the machine was really starting to feel sluggish, and now it feels fast again, almost like it felt to me when I first got it.

I’ve also been playing with PHP accelerators. I know I can only speed up a DSL-hosted site by so much, but my server serves up static pages much faster than my PHP pages, so I want that.

I’ve played around with WordPress a little bit more. It appears the new version will allow me to publish an IP address along with comments. I like that. I’m sick of rude people slinging mud from behind a wall of anonymity. I’m sure they’re much smarter than I am. So they ought to set up their own Web sites, so they can say whatever they want and enlighten the masses. If, as my most recent accuser says, what God wants is for Dave Farquhar and people like him to shut up, it won’t take much to drown my voice out.

OK, I’m done ranting. I’m gonna go in to work tomorrow and be my own person. I’m going to do what’s right, and not what’s popular, even when doing what’s right makes me unpopular. I’m going to stay focused and driven. The possibilities ahead are more important than the mistakes of the past and whatever happens to be missing from the present.

And there’ll be less missing with my vacationing coworkers back in the office.

And everything that’s true about work is true about life at home as well. Speaking of which, when I was out this weekend I noticed I was drawing second looks from girls again. Eating healthy again must be helping. That can’t be bad.

Well, this has to be the most disorganized and unfocused thing I’ve written in years. But I need to post something.

I’ll be back when my head’s more clear.

That wasn’t the Sunday I had planned

I was hoping that by now I would be upgraded to WordPress, the successor to the b2 blogging program that I use, and that I would have a running DietLinux box on some system, and that I’d be coming back to you with some cool tricks you can do with a Knoppix CD.
I’m 0 for 3.

WordPress is up and running inside my firewall, and there are some nice things about it, but if I move, I lose some stuff. Such as? Most of the code I had Steve write for me won’t run under WordPress. No recent comments, no scoring whatsoever, and searching gives you the posts, rather than links to the posts, which could be deadly if you searched for the word “the.”

Seeing the entries right away when you do a search or hit a category link is fine on blogs that don’t have a lot of entries, but when I have 1,200+ of them, that’s bad. It’s better to return titles with links to the entries.

What do I gain? The ability to make entries and not publish them just yet. The ability to close entries to comments. Movable Type-compatible pingbacks and trackbacks. In a future version, multiple categories per post. That’s all worth a lot.

So I’ll move. Not just this weekend, sadly.

A big chunk of the day went to fixing Gatermann’s web server. The nice thing about Linux is you never have to reboot it. (If you run Debian, you can even upgrade across versions without having to reboot.) The bad thing about Linux is that since you never have to reboot it, if you power it down, you really don’t have much way of knowing if the system’s going to come back up. After jumping through way too many hoops, we got the thing booted with a rescue disk, and when I looked at it, I couldn’t figure out how the system ever booted the first time. For one thing, I couldn’t find a kernel. Obviously at some point in this system’s life, something went horribly, horribly wrong.

Nothing we could think of would repair it, so we ended up archiving all the important stuff like /etc, then wiped and reinstalled. I’m sure if we’d persisted, we could have brought it back to life, but from the time he got here to the time I started reinstalling, three CDs had played on my stereo. I can install Debian in 15 minutes on a fast system, and 35 minutes on a slowpoke.

Don’t get me wrong, I’m not mad or upset or anything. I’m a little disappointed that I wasn’t able to fix it in 10 minutes though. But then I remember that two of those CDs that played during that timeframe were by The Cure. If two hours straight of The Cure doesn’t make you feel a a little down on yourself, nothing will.

But I’ll have to give Bob and his revolving door of bandmates credit for making me think about it. There was a time when I would have given almost anything to be the biggest Unix guru in St. Louis. That’s over. These days system wizardry is a means to an end. It pays me enough money to give me a house in a middle-class neighborhood, and a car that’s practical yet draws looks, and leaves enough left over to do nice things for people. Although the job can be demanding, I have more free time than Dad ever had. I mean, I found out this morning that three of my friends have started a band and I got to hear a very early mix of their CD. I can get excited, because I’ve got enough time to at the very least go see them. And if they need someone to write some propaganda for them, I can do that.

After dinner, I re-tackled the WordPress project, but that part of my brain’s just fried. I had to laugh at a question Steve asked me in e-mail. He asked why weekends take more out of him than the workweek. I know the answer to that one. Since we’re low-tier aristocrats, we’ve always got stuff that needs to be done. And the stuff around the house can very easily be more draining than the stuff we do for 40 hours a week. And when the workweek gets to be too much, you just call up a friend and take a long lunch–make up the time at the end of the day after everyone else has left and the office is quiet–and talk about home ownership and other low-tier aristocratic things to get your mind off work.

So as much as I’d love to go find some vexing question and solve it and then turn it over to Google to direct people with the question to my answer, I just don’t have it in me. Not today. And thinking about work to try to escape the drains of low-tier aristocracy seems, well, sick.

A Peter Gabriel CD and a book would be really good right about now.

I’m taking everyone’s advice and doing what I love

I cracked out my IBM PC/AT-turned-K5/100 today and fired it up for the first time since I bought my house. I wanted to download some ISOs and play with some things like DietLinux and Knoppix, but my aged AT is the only system I have with a usable CD burner. The hard drive in my box that contains my good CD burner died back in February or so, and I had other priorities (ahem), so I never replaced the drive. Now I’ve got different other priorities (which I won’t talk about just yet), but even if I had another drive, I can’t seem to find my Nero CD. So it just makes more sense to pull the AT off the bench.
I must have pillaged it for parts at one point because the SCSI host adapter and NIC were both missing. So I replaced them, and fired it up and the HD was gone. I know I saw an HD in there, so I checked the BIOS and found it wasn’t set up right. So I autodetected everything, rebooted, and Linux refused to boot. I popped out the Debian installation CD, selected the “mount a previously initialized partition” option, and saw the partitions on /dev/hdc, rather than /dev/hda where I would expect them. When I was pillaging, I must have pulled the IDE cables and plugged them back in the wrong place when I was finished. I can’t remember those kinds of details anymore. I’d rather spend those neurons remembering details about a girl (like, say, that she likes Tori Amos and Train and Delerious?) than obscure details about a computer I rarely use.

I probably could have fixed it by editing /etc/fstab (actually /target/etc/fstab when you’re booted from the Debian installer) and then re-running LILO, but I’ll always be more confident in my knowledge of hardware than of any operating system, so I reached for a screwdriver and went for the sure thing. Popping the case for the 12th time and rearranging the cables rendered the system bootable again.

The machine’s hostname is burn. Nice. That’s one of my favorite songs by The Cure. I tried a couple of the usual suspects for the root password, and I was in.

Incidentally, I’m doing all of this stuff in pursuit of answers. You’ll be hearing from me again later this weekend.

If I had my own Linux distribution

I found an interesting editorial called If I had my own Linux Distro. He’s got some good ideas but I wish he’d known what he was talking about on some others.
He says it should be based on FreeBSD because it boots faster than Linux. I thought everyone knew that Unix boot time has very little to do with the kernel? A kernel will boot more slowly if it’s trying to detect too much hardware, but the big factor in boot time is init, not the kernel. BSD’s init is much faster than SysV-style init. Linux distros that use BSD-style inits (Slackware, and optionally, Debian, and, as far as I understand, Gentoo) boot much faster than systems that use a traditional System V-style init. I recently converted a Debian box to use runit, and the decrease in boot time and increase in available memory at boot was noticeable. Unfortunately now the system doesn’t shut down properly. But it proves the concept.

He talks about installing every possible library to eliminate dependency problems. Better idea: Scrap RPM and use apt (like Debian and its derivatives) or a ports-style system like Gentoo. The only time I’ve seen dependency issues crop up in Debian was on a system that had an out of date glibc installed, in which case you solve the issue by either keeping the distribution up to date, or updating glibc prior to installing the package that fails. These problems are exceedingly rare, by the way. In systems like Gentoo, they don’t happen because the installation script downloads and compiles everything necessary.

Debian’s and Gentoo’s solution is far more elegant than his proposal: Installing everything possible isn’t going to solve your issue when glibc is the problem. Blindly replacing glibc was a problem in the past. The problems that caused that are hopefully solved now, but they’re beyond the control of any single distribution, and given the choice between having a new install stomp on glibc and break something old or an error message, I’ll take the error message. Especially since I can clear the issue with an apt-get install glibc. (Then when an old application breaks, it’s my fault, not the operating system’s.)

In all fairness, dependency issues crop up in Windows all the time: When people talk about DLL Hell, they’re talking about dependency problems. It’s a different name for the same problem. On Macintoshes, the equivalent problem was extensions conflicts. For some reason, people don’t hold Linux to the same standard they hold Windows and Macs to. People complain, but when was the last time you heard someone say Windows or Mac OS wasn’t ready for the desktop, or the server room, or the enterprise, or your widowed great aunt?

He also talks about not worrying about bloat. I take issue with that. When it’s possible to make a graphical Linux distribution that fits on a handful of floppies, there’s no reason not to make a system smooth and fast. That means you do a lot of things. Compile for an advanced architecture and use the -O3 options. Use an advanced compiler like CGG 3.2 or Intel’s ICC 7.0 while you’re at it. Prelink the binaries. Use a fast-booting init and a high-performance system logger. Mount filesystems with the highest-performing options by default. Partition off /var and /tmp so those directories don’t fragment the rest of your filesystem. Linux can outperform other operating systems on like hardware, so it should.

But when you do those things, then it necessarily follows that people are going to want to run your distribution on marginal hardware, and you can’t count on marginal hardware having a 20-gig hard drive. It’s possible to give people the basic utilities, XFree86, a reasonably slick window manager or environment, and the apps everyone wants (word processing, e-mail, personal finance, a web browser, instant messaging, a media player, a graphics viewer, a few card games, and–I’ll say it–file sharing) in a few hundred megabytes. So why not give it to them?

I guess all of this brings up the nicest thing about Linux. All the source code to anything desirable and all the tools are out there, so a person with vision can take them and build the ultimate distribution with it.

Yes, the idea is tempting.

The Abit BP6 and modern Linux distributions

Mail from Dave T.: I bumped into a place that is selling a used, functional Abit BP6 and a 400MHz Celeron to go with it. I already got another 400 MHz Celeron so it would be perfect. I always wanted to try out SMP but so far I haven't thought it was worth it. Now I can buy this combo and make my dream come true 🙂
I looked for reviews on the board but most of them were from 1999 and early 2000, when Linux was using kernel 2.2 and there also seemed to be problems with bios on the BP6 causing stability issues. None of the reviews were recent.

Being a long time reader I remembered you talking about owning a BP6 and a quick search confirmed that you were running a dual 500MHz BP6. Do you still have it? If I buy the board then I'll be running Linux of course so I was wondering if you do that as well? How well does it work? Stability? I know that processors in a dual configuration should have identical stepping. If the two are not the same stepping, do you think it will pose a problem? What power supply rating would you recommend for 2x400MHz Celerons?

Thanks,

/Dave T.

The Abit BP6, for those who are unfamiliar with it, was a popular board among enthusiasts back at the turn of the millenium, because it was the first really cheap and easy SMP board. Prior to the BP6, to run dual Celerons you had to resort to some trickery, either soldering on slocket-type adapters or, later, playing with jumpers on them. The BP6 just allowed you to buy a pair of cheap Socket 370 Celerons and drop them on. A lot of people bought Celeron-366s and overclocked them to 550 MHz with this board.

It’s been forever since I’ve mentioned my BP6 because I’ve never found it newsworthy. My main Linux workstation runs on an Abit BP6 with dual Celeron-500s (originally a pair of 366s, which I upgraded a couple of years ago). I bought the board in late 1999 or early 2000 and it’s still my second-fastest PC.

I run Debian Unstable on it, running updates every month or two, so I’m running bleeding-edge everything on it most of the time. The kernel is either at 2.4.19 or 2.4.20. I’ve been running 2.4-series kernels on the BP6 pretty much since the 2.4 series came out, although I’ve changed distributions several times since then. The board has an Intel 440BX chipset, which used to be common as dirt, so I expect even 2.6 kernels and beyond won’t have problems with it.

I haven’t updated the BIOS on my BP6 in years, if ever. I’ve found the system to be stable–the only problems I’ve ever had could easily be attributed to memory leaks. Things would get goofy, I’d run top, and I’d find XFree86 had several hundred megs of memory allocated to it. I’d kill X, and then the system would be fine. So the rare problems I have probably aren’t the board’s fault, but rather the fault of bleeding-edge software. I was confident enough in the system’s stability that this Web site ran on that system for several weeks and I never had problems.

CPUs are supposed to be identical stepping. I’ve seen dual-CPU machines with different steppings work together without having any problems that I could directly attribute to the mismatch. It’s not a great idea and I wouldn’t run my enterprise on a mismatched system–although one of my clients does–but for hobbyist use at home at a bargain price, why not?

As far as power supplies, I ran my BP6 with dual 500s on a 235W box in an emergency. It’s had a 300W box in it for most of its life, so I’d go with a 300W unit, or a 350W unit if you want to overengineer the box a little bit.

Performance wise, I find it adequate but I run IceWM on it, and my primary browser is Galeon. Evolution runs fine on it. Some of the more resource-intensive desktop environments might pose a bit of a problem.

As far as upgradability, if you don’t overclock, the fastest Celerons you can use are Celeron-533s. If you want to do dual processing, you’re limited to the Mendocino-core Celerons. Celerons faster than 366 MHz didn’t overclock well; the limit of the Mendocino core seems to have been around 550 MHz or so.

Adapters to allow newer Celerons to work on the board ought to let you go higher (I haven’t tried it) but the newer Celerons have their SMP capability removed. So theoretically this board tops out at a 1.2 GHz Celeron with an adapter, but that pretty much defeats the purpose of getting a BP6. That’s also probably why they’re cheap when you can find them; the kinds of people who bought these boards in the first place aren’t going to be too happy with two CPUs in the 500 MHz range these days.

But I’m pretty happy with mine. I’ll run it until it dies, and that’ll probably be a while.

Optimizing a web server

Promises of better Apache performance have me lusting after lingerd, a very obscure utility that increases performance for dynamic content. It’s been used on a handful of little sites you might have heard of: Slashdot, Newsforge, and LiveJournal.
Unfortunately there’s no Debian package, which means compiling it myself, which means compiling Apache myself, which also means compiling PHP and MySQL, which means a big ol’ pain, but potentially better performance since I could go crazy on the GCC optimization flags. Hello, -O3 -march=i686!

And if I’m going to compile all that myself, I figure I might as well compile it all myself and get the high performance across the board and get GCC 3.2x into the picture for even better performance. The easy way to do that is with lfs-install, which builds a system based on Linux From Scratch. For workstations I’d rather use something along the lines of Gentoo, but for servers, LFS is small, mature, and reasonably conservative.

Supposedly metalog offers improved performance over the more traditional syslogd or sysklogd. The good news is that those who are more sane than me and sticking with Debian for everything can take advantage of a Debian package (at least in unstable), and just apt-get away.

If I have any sanity left, I’ll think about minit to replace SystemVInit and save me about 400K of memory in a process that’s always running, and fgetty to save me a little more. I’ve tried fgetty in the past without success; it turns out fgetty requires DJB’s checkpassword in order to work.

Keep in mind I haven’t tried any of this yet. But the plan sounds so good in my current sleep-deprived state I couldn’t help but share it.

Confessions of a SQL 7 junkie

My name is Dave, and I’m a Microsoft junkie. So are the people I hang out with every day at work. We’re all junkies. We’re addicted to the glamor drug of Microsoft SQL Server 7.
I’m still trying to recover from the nightmare that is Microsoft SQL Server.

You see, I have a problem. My employer and most of its clients rely heavily on SQL Server. SQL Server is a touchy beast. We have some servers running completely unpatched SQL Server 7, for fear of breaking a client’s application. No, I absolutely will not tell you who my employer is or who those clients are.

That makes us, in Microsoft’s eyes, socialism-loving pinko Commies, since we won’t migrate to SQL 2000. Unfortunately, SQL 2000 isn’t completely compatible with SQL 7. So we’re forced into being pinko Commies.

Part of the reason SQL Slammer hit was because of the touchiness of the service packs and hotfixes, and part of it was the difficulty in installing them. The hotfix that would prevent SQL Slammer requires you to manually copy over 20 files, mercifully spread out over only two directories. But it takes time and it’s easy to make a mistake. So Microsoft released a SQL 2000 patch with a nice, graphical installer. But the pinko Commies like me who still use SQL 7 have to manually copy files.

Now, SQL 7 isn’t vulnerable to SQL Slammer, but it has plenty of security flaws of its own. And there’s one thing that history has taught us about viruses. Every time a new virus hits, a game of one-upmanship ensues. Similar viruses incorporating new twists appear quickly. And eventually a virus combining a multitude of techniques using known exploits appears. A SQL Slammer derivative that hits SQL 7 in one way or another is only a question of time.

Someone asked me why we can’t just leave everything unpatched and beef up security. The problem is that while our firewall is fine and it protects us from the outside, it doesn’t do anything for us on the inside. So the instant some vendor or contractor comes in and plugs an infected laptop into our network–and it’s a question of when, not if–we’re sunk. Can we take measures to keep anyone from plugging outside machines into our network? Yes. We can maintain a list of MAC addresses for inside equipment and configure our servers not to give IP addresses to anything else. But that’s obstructive. The accounting department is already supremely annoyed with us because we have a firewall at all. Getting more oppressive when there’s even just one other option isn’t a good move. People in the United States love freedom and they get annoyed when it’s taken away, even in cases that are completely justifiable like an employer blocking access to porn sites. But in a society where sysadmins have to explain that an employer’s property rights trump any given individual’s right to use work equipment for the purpose of seeing Pamela Anderson naked, one must be picky about what battles one chooses to fight.

In a moment of frustration, after unsuccessfully patching one server and breaking it to the point where SQL wouldn’t run at all anymore, I pointed out how one can apply any and every security patch available for Debian Linux at any instant it comes out with two commands and the total downtime could be measured in seconds, if not fractions of a second. And the likelihood of breaking something is very slight because the Debian security people are anal-retentive about backward compatibility. The person listening didn’t like that statement. There’s a lot more software available for Windows, he said. I wondered aloud, later, what the benefit of building an enterprise on something so fragile would be. Jesus’ parable of building a house on rock rather than on sand came to mind. I didn’t bring it up. I wasn’t sure it would be welcome.

But I think I’ll keep on fighting that battle. Keeping up on Microsoft security patches is becoming a full-time job. I don’t know if we can afford a full-time employee who does nothing but read Microsoft security bulletins and regression-test patches to make sure they can be safely deployed. I also don’t know who would want that job. But we are quickly reaching the point where we are powerless and our lives are becoming unmanageable.

Such is the life of the sysadmin. It’s a little bit of a rush to come into crisis situations, and a lot of my clients know that when they see me, there’s something major going on because they only see me a couple of times a year. In the relatively glamor-less life of a sysadmin, those times are about as glamorous as it gets. And for a time, it can be fun. But when the hours get long and not everyone’s eager to cooperate, it gets pretty draining.

Running a Web site without static IP with Linux and DynDNS

I run this Web site without a static IP address. I registered an address at DynDNS.org which, as long as I keep it updated, keeps me on the ‘Net.
In the past I’ve used a Windows-based program to keep my address updated. But the hard drive in that Windows box took leave of its life a few days ago. Somehow my IP address didn’t change for a few days, but then my DSL modem fell off the ‘Net.

Then I found setup instructions for Debian and Dyndns, which solved that problem. There’s a Dyndns client in Debian now, which this document explains, so now my Web server can keep itself online without any help from a Windows box and without me writing any nasty code.

Now, I haven’t tested this theory, but I suspect one could use DynDNS plus DHCP or PPPoE to run a Web site with a registered domain name without paying the extra monthly fee for a static IP address. The trick would be to set up your registered name’s DNS record as a CNAME to your DynDNS name.

Setting up the DNS records is left as an exercise to the reader, mostly because my understanding of it is good enough for me to do it myself, but not to explain it–when I’ve tried in the past, all I’ve succeeded in doing was confusing both of us.