"I keep just enough vi knowledge in my head so that I can edit a Makefile and build Emacs." -- Tony Foiani, 1999
Friday, December 21, 2007
Wednesday, November 28, 2007
How to enable the root user in Mac OS X using NetInfo, or change root's password:
- Open the NetInfo Manager utility (located under /Applications/Utilites/).
- Click the lock (padlock icon) in the NetInfo Manager window.
- Enter an administrator account name and password, then click OK (this isn't Administrator as in root, it's Administrator as in a user account with administrative privileges, typically the first account created during the initial install or setup).
- For Mac OS X 10.2 and later, choose Enable Root User from the Security menu.
- If you have not previously set a root password, an alert box may appear that says "NetInfo Error," indicating that the password is blank. Click OK.
- Enter the root password you wish to use and click Set.
- Enter the password again for verification and click Verify.
- The root user is now enabled.
- Click the lock again to prevent changes.
Monday, November 5, 2007
Social networking
Today I'm trying out a Technorati Profile to see if any of these things actually help. Still got lots to learn! :-)
Wednesday, October 31, 2007
Walking Sticks
If anyone wants to get me something for Christmas, I think these Gold-knobbed "Hame Top Canes" from Brazos Walking Sticks are just gorgeous.
Monday, October 1, 2007
Linux on a Dell Vostro 1700 laptop
At my company, Cedar Creek Software, we recently purchased a new laptop:
Dell Vostro 1700 laptop
Model # PP22X
17" wide aspect-ratio screen
We use SuSE Linux on our workstations, because it "just works" to a greater degree than any other distro I've tried in the last 9 years - at least of all the distros that are still ticking (and I've tried quite a few).
lspci -nn gives the following specs for the monitor:
01:00.0 VGA compatible controller [Class 0300]: nVidia Corporation GeForce 8600M GT [10de:0407] (rev a1)
And the following for the 4965AGN wireless network adapter:
0c:00.0 Network controller [Class 0280]: Intel Corporation PRO/Wireless 4965 AG or AGN Network Connection [8086:4229] (rev 61)
At first I tried SuSE 10.2 and was able to get the monitor working with the usual pre-built nVidia kernel modules from nVidia's repository, but I could not get the wireless adapter to work. Everything else worked fine.
For the wireless, I tried installing the official Intel drivers but I couldn't make it happy with the SUSE-supplied kernel and kernel sources. It kept complaining about the mac80211 subsystem, and many other things. I tried a lot of stuff, including a vanilla kernel, which the Intel drives were unable to patch and use properly (I have not idea what I did wrong). I tried NDISWrapper. Contrary to what it says on the en.opensuse.org wiki, I did get NDISwrapper to work with the Windows XP driver, but it made the laptop unstable - it would just freeze up randomly and I'd have to cycle the power.
Finally I upgraded to a kernel & sources from the SuSE kernel-of-the-day repository (which now seem to have a good set of mac80211 modules sources and all the other things that are needed to support the drive from the Intel wireless project), but then when I'd try to run iwlist and iwconfig it would complain that the module (or something) was complied with support for a higher version of something (I forget exactly what) than the wireless tools.
One of the things I love about SuSE is their hardware support. New hardware is often supported by the very next release of SuSE, however the next version of SuSE - 10.3 - isn't out yet. But it's getting to the final stages of beta testing (thank you, Novell / openSuSE, for the new open development model that gives us access to betas!), so I downloaded the latest LiveCD made from the 10.3 beta tree and discovered that the 4965AGN wireless card worked in the LiveCD environment just fine.
So I've downloaded and installed the RC1 release of SuSE 10.3 on the Vostro 1700. They've made some small improvements to the installer and and distro and I really like it. SuSE is such a fine distro, I strongly recommend it for workstations, laptops, and personal computers.
The troublesome 4965AGN was immediately detected by the installer - Yay! - and works great with no trouble.
The nVidia GeForce 8600M GT graphics card was correctly detected and configured at the optimum size by the 10.3 installer/config tools, unlike 10.2 which left the config set to a low resolution by default. That's with the xorg open source drivers that came with SuSE, of course.
However I did have some trouble configuring the dualhead setup. I needed to be able to use a secondary monitor on the laptop's VGA out as a second screen. I usually use Xinerama, configured with SaX2, for this kind of setup.
I downloaded the latest source driver from nVidia (it's not really all source, but it's the package nVidia provides that allows you to build your own kernel module) and it compiled quickly with no trouble. The documentation on the opensuse.org wiki then says to then use "sax2 -r -m -0=nvidia" to configure the monitor. That works fine for the laptop's own monitor, at 1440x900, but when I tried to use SaX2 to configure Xinerama for the second monitor, it wouldn't work at all. The resulting X config left the laptop's screen turned off and put the laptop screen's setting on the external monitor - which of course were the wrong size, shape and resolution. I spent a good amount of time trying to make this work, then read about using "TwinView" without Xinerma in the nVidia documentation. I tried it out and it works. I tried using the nVidia-supplied config tool, nvidia-xconfig for both the laptop-only config and the dual monitor config and it produced perfect, working configs for both. I highly recommend it.
For the dual-head config just plug in the external monitor and run (as root):
nvidia-xconfig --twinview
Dell Vostro 1700 laptop
Model # PP22X
17" wide aspect-ratio screen
We use SuSE Linux on our workstations, because it "just works" to a greater degree than any other distro I've tried in the last 9 years - at least of all the distros that are still ticking (and I've tried quite a few).
lspci -nn gives the following specs for the monitor:
01:00.0 VGA compatible controller [Class 0300]: nVidia Corporation GeForce 8600M GT [10de:0407] (rev a1)
And the following for the 4965AGN wireless network adapter:
0c:00.0 Network controller [Class 0280]: Intel Corporation PRO/Wireless 4965 AG or AGN Network Connection [8086:4229] (rev 61)
At first I tried SuSE 10.2 and was able to get the monitor working with the usual pre-built nVidia kernel modules from nVidia's repository, but I could not get the wireless adapter to work. Everything else worked fine.
For the wireless, I tried installing the official Intel drivers but I couldn't make it happy with the SUSE-supplied kernel and kernel sources. It kept complaining about the mac80211 subsystem, and many other things. I tried a lot of stuff, including a vanilla kernel, which the Intel drives were unable to patch and use properly (I have not idea what I did wrong). I tried NDISWrapper. Contrary to what it says on the en.opensuse.org wiki, I did get NDISwrapper to work with the Windows XP driver, but it made the laptop unstable - it would just freeze up randomly and I'd have to cycle the power.
Finally I upgraded to a kernel & sources from the SuSE kernel-of-the-day repository (which now seem to have a good set of mac80211 modules sources and all the other things that are needed to support the drive from the Intel wireless project), but then when I'd try to run iwlist and iwconfig it would complain that the module (or something) was complied with support for a higher version of something (I forget exactly what) than the wireless tools.
One of the things I love about SuSE is their hardware support. New hardware is often supported by the very next release of SuSE, however the next version of SuSE - 10.3 - isn't out yet. But it's getting to the final stages of beta testing (thank you, Novell / openSuSE, for the new open development model that gives us access to betas!), so I downloaded the latest LiveCD made from the 10.3 beta tree and discovered that the 4965AGN wireless card worked in the LiveCD environment just fine.
So I've downloaded and installed the RC1 release of SuSE 10.3 on the Vostro 1700. They've made some small improvements to the installer and and distro and I really like it. SuSE is such a fine distro, I strongly recommend it for workstations, laptops, and personal computers.
The troublesome 4965AGN was immediately detected by the installer - Yay! - and works great with no trouble.
The nVidia GeForce 8600M GT graphics card was correctly detected and configured at the optimum size by the 10.3 installer/config tools, unlike 10.2 which left the config set to a low resolution by default. That's with the xorg open source drivers that came with SuSE, of course.
However I did have some trouble configuring the dualhead setup. I needed to be able to use a secondary monitor on the laptop's VGA out as a second screen. I usually use Xinerama, configured with SaX2, for this kind of setup.
I downloaded the latest source driver from nVidia (it's not really all source, but it's the package nVidia provides that allows you to build your own kernel module) and it compiled quickly with no trouble. The documentation on the opensuse.org wiki then says to then use "sax2 -r -m -0=nvidia" to configure the monitor. That works fine for the laptop's own monitor, at 1440x900, but when I tried to use SaX2 to configure Xinerama for the second monitor, it wouldn't work at all. The resulting X config left the laptop's screen turned off and put the laptop screen's setting on the external monitor - which of course were the wrong size, shape and resolution. I spent a good amount of time trying to make this work, then read about using "TwinView" without Xinerma in the nVidia documentation. I tried it out and it works. I tried using the nVidia-supplied config tool, nvidia-xconfig for both the laptop-only config and the dual monitor config and it produced perfect, working configs for both. I highly recommend it.
For the dual-head config just plug in the external monitor and run (as root):
nvidia-xconfig --twinview
Thursday, August 2, 2007
Emacs Example Tutorial: kill a block of text
When trying to learn to use Emacs, I had a very hard time finding out how to kill a multi-line block of text in Emacs. When I say "block" I mean a square or rectangle that does not include anything outside the marked area, in other words, not including the rest of the lines - whatever portion I didn't mark. For example, the equivalent of "Block Mode Editing" like in Kate, or UltraEdit.
If you go search on google for this kind of block "cut", you'll normally find documentation telling you to use C-w (note to newbies: in emacs documentation when you see "C-", that means the Control key, and when you see "M-", that means the Meta key, which is the "Alt" key for most PC users. So C-w is Control-w). This kills all text on every line, including the end of the line, within the whole region, from the Mark to the Point. When I am trying to trim out a block of text from multiple lines (such as an unusually large comment block, or a portion of a column from a tabulated text file), I don't want the whole line killed, just the letters and other characters inside the square block.
I finally found that this is called killing the "region-rectangle", and the command is:
C-x r k
For those that don't know: you "mark" a region in Emacs by positioning your cursor in one corner of the area you want to mark and hitting Control-Spacebar. You will see Emacs respond with the message "Mark set". Then navigate the cursor (I always use the arrow keys, but I guess there's other ways to do it) to the opposite corner of the region you want to mark. The "region" is now marked as a rectangle between wherever you started (when you hit Ctrl-Space) and wherever your cursor is now sitting.
If you go search on google for this kind of block "cut", you'll normally find documentation telling you to use C-w (note to newbies: in emacs documentation when you see "C-", that means the Control key, and when you see "M-", that means the Meta key, which is the "Alt" key for most PC users. So C-w is Control-w). This kills all text on every line, including the end of the line, within the whole region, from the Mark to the Point. When I am trying to trim out a block of text from multiple lines (such as an unusually large comment block, or a portion of a column from a tabulated text file), I don't want the whole line killed, just the letters and other characters inside the square block.
I finally found that this is called killing the "region-rectangle", and the command is:
C-x r k
For those that don't know: you "mark" a region in Emacs by positioning your cursor in one corner of the area you want to mark and hitting Control-Spacebar. You will see Emacs respond with the message "Mark set". Then navigate the cursor (I always use the arrow keys, but I guess there's other ways to do it) to the opposite corner of the region you want to mark. The "region" is now marked as a rectangle between wherever you started (when you hit Ctrl-Space) and wherever your cursor is now sitting.
Wednesday, July 25, 2007
Deleting files based on content: using find, grep, xargs and rm
Today a user asked me to help remove a deluge of spam from their inbox, since they had been flooded by a particular spammer. Well, everyone makes mistakes sometimes and today was my day: I made a mistake with -print in the find command and accidentally deleted all of the users's email. Whoops.
All the spam contained the the word "Desv" as part of the from. I could have used grep, but there were so many files in the directory that grep -i Desv * complained that the argument list was too long - this is a nice "safety" feature of bash that wasn't always there. Someone figured they should limit the shell globbing of * so it couldn't generate a gigantic list that could cause buffer overruns. So I had to use find to get around the file glob size restriction. The right syntax for find turned out to be:
find . -exec grep -l Desv {} \; | xargs rm
All the spam contained the the word "Desv" as part of the from. I could have used grep, but there were so many files in the directory that grep -i Desv * complained that the argument list was too long - this is a nice "safety" feature of bash that wasn't always there. Someone figured they should limit the shell globbing of * so it couldn't generate a gigantic list that could cause buffer overruns. So I had to use find to get around the file glob size restriction. The right syntax for find turned out to be:
find . -exec grep -l Desv {} \; | xargs rm
Thursday, July 19, 2007
Simple Newbie's Guide to netstat
I've been using Linux for 8 or 9 years now and I have always heard that, in order to find out what program or process is using a given open port on your computer you should use the program "netstat".
Whenever I've asked just exactly how one uses netstat, I've been told "netstat -a".
Now, for those that think that's the right answer, please go try "netstat -a" and see just exactly what it tells you. Can you use that information to find out what program or process is holding that mysterious port open? Uh-huh. I thought the same thing the first time I tried it.
I have essentially ignored netstat and worked around it, because it's man page is one of the better examples of a wonderfully esoteric but not-too-helpful man page: it lists paragraph after paragraph of command options, leaving the average newbie's mind in a rather confused state.
Today I took the time to read the long-winded man page and found that netstat really can tell me what I want to know:
-v Gives "verbose info" (of course), though I didn't find this very handy.
-l Shows only listening sockets. This is not a default option, and you really want to see the information -l has to show you.
-e Display additional information.
-p Show the PID and name of the program to which each socket belongs.
-p is the real winner here: it shows you the process number of the program that's using this port, and the name of the program. This will enable you to find the process in ps, and/or kill that process.
Since "netstat -a" puts out a whole lot of info, I found that starting with "netstat -lt" and "netstat -lu" is a great first or second step for finding your open ports (the other one being port scanning, which you really should do anyway). Once you find a port you want to close, you can run "netstat -aevp" and grep for the port number (or port name as found in /etc/services) you are interested in to find the program's PID and name (netstat -aevp | grep 59849).
Give it a try:
netstat -lt
netstat -lte
netstat -ltv
netstat -ltp
netstat -aevp
netstat -aevp | grep sunrpc
netstat -aevp | grep domain
Whenever I've asked just exactly how one uses netstat, I've been told "netstat -a".
Now, for those that think that's the right answer, please go try "netstat -a" and see just exactly what it tells you. Can you use that information to find out what program or process is holding that mysterious port open? Uh-huh. I thought the same thing the first time I tried it.
I have essentially ignored netstat and worked around it, because it's man page is one of the better examples of a wonderfully esoteric but not-too-helpful man page: it lists paragraph after paragraph of command options, leaving the average newbie's mind in a rather confused state.
Today I took the time to read the long-winded man page and found that netstat really can tell me what I want to know:
-v Gives "verbose info" (of course), though I didn't find this very handy.
-l Shows only listening sockets. This is not a default option, and you really want to see the information -l has to show you.
-e Display additional information.
-p Show the PID and name of the program to which each socket belongs.
-p is the real winner here: it shows you the process number of the program that's using this port, and the name of the program. This will enable you to find the process in ps, and/or kill that process.
Since "netstat -a" puts out a whole lot of info, I found that starting with "netstat -lt" and "netstat -lu" is a great first or second step for finding your open ports (the other one being port scanning, which you really should do anyway). Once you find a port you want to close, you can run "netstat -aevp" and grep for the port number (or port name as found in /etc/services) you are interested in to find the program's PID and name (netstat -aevp | grep 59849).
Give it a try:
netstat -lt
netstat -lte
netstat -ltv
netstat -ltp
netstat -aevp
netstat -aevp | grep sunrpc
netstat -aevp | grep domain
Tuesday, July 17, 2007
Monday, June 4, 2007
Installing non-free Sun Java on Debian
There seems to be some confusion (at least for some folks) about what it takes to install Sun's Java on Debian. It is against Debian's policy to distribute "non-free" packages in the main tree, however, that's exactly what the "non-free" repository is for.
Using the Debian web site's package search will quickly show that they do, in fact, offer "commercial" java packages.
For etch 4.0 (stable), just add "non-free" to your /etc/apt/sources.list:
deb http://ftp.us.debian.org/debian/ etch main contrib non-free
Run (as root, of course) "apt-get update" then "apt-cache search java2" and you'll find:
sun-java5-jdk
sun-java5-jre
Currently they are version 1.5.0-10-3.
To install them run:
apt-get install sun-java5-jdk sun-java5-jre
Using the Debian web site's package search will quickly show that they do, in fact, offer "commercial" java packages.
For etch 4.0 (stable), just add "non-free" to your /etc/apt/sources.list:
deb http://ftp.us.debian.org/debian/ etch main contrib non-free
Run (as root, of course) "apt-get update" then "apt-cache search java2" and you'll find:
sun-java5-jdk
sun-java5-jre
Currently they are version 1.5.0-10-3.
To install them run:
apt-get install sun-java5-jdk sun-java5-jre
Tuesday, May 8, 2007
Passwordless log in with SSH keys
A very fine feature of UNIX operating systems is native support for services like SSHd. SSH provides shell access on remote computers - encrypted, so no one can snoop your passwords. SSH comes with various utilities including scp, which allows you to copy files and folders to the remote server (and all this traffic and data is encrypted). You can also use ssh as rsync's transport mechanism for synchronizing directories across computers. If you want to automate tasks like this (scheduling unattended backups with cron, for example), you'll need the computer that's initiating the connection to be able to log into the remote computer without being prompted for a user to input a password.
This is where ssh 'keys" come in. You create a private/public key pair on your computer ("the client"), and put the "public" key up on the remote computer ("the server"). After that, when you log into the remote computer, you are no longer prompted to enter a password (so long as you made the key correctly).
To generate a pair of keys with no passwords, using the standard RSA type of keys, run the following command on the computer you are connecting from:
ssh-keygen -t rsa -N ""
This will create two files: ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
Copy - with scp - the public file ~/.ssh/id_rsa.pub up to the remote computer you will be connecting to (or sending data to). Then log into the remote server and put the contents of that public key into the ~/.ssh/authorized_keys file. An easy way to do that is like this:
cat >> id_rsa.pub ~/.ssh/authorized_keys
Using the double "greater than" brackets ensures that if ~/.ssh/authorized_keys already exists, the new key will be added to the file, and not overwrite any existing keys that might already be in place.
After that, you should be able to connect from the client with the key pair to the remote server without being prompted for a password.
This is where ssh 'keys" come in. You create a private/public key pair on your computer ("the client"), and put the "public" key up on the remote computer ("the server"). After that, when you log into the remote computer, you are no longer prompted to enter a password (so long as you made the key correctly).
To generate a pair of keys with no passwords, using the standard RSA type of keys, run the following command on the computer you are connecting from:
ssh-keygen -t rsa -N ""
This will create two files: ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
Copy - with scp - the public file ~/.ssh/id_rsa.pub up to the remote computer you will be connecting to (or sending data to). Then log into the remote server and put the contents of that public key into the ~/.ssh/authorized_keys file. An easy way to do that is like this:
cat >> id_rsa.pub ~/.ssh/authorized_keys
Using the double "greater than" brackets ensures that if ~/.ssh/authorized_keys already exists, the new key will be added to the file, and not overwrite any existing keys that might already be in place.
After that, you should be able to connect from the client with the key pair to the remote server without being prompted for a password.
Wednesday, May 2, 2007
Mac OS X Keyboard Shortcuts
Apple provides a nice list of keyboard shortcuts for OS X:
http://docs.info.apple.com/article.html?artnum=75459
My favorite: "Shift-Command-Delete": Empty Trash
http://docs.info.apple.com/article.html?artnum=75459
My favorite: "Shift-Command-Delete": Empty Trash
Reporting ebay scam email
I don't know if it does any real good or not, but I've taken to forwarding all ebay spoof/scam/phishing email to spoof@ebay.com (which gives me a nice little automated reply stating "This message did not originate from eBay . . .") At least that way eBay will have more recorded instances of such emails in case they ever file legal proceedings against these scammers.
Tuesday, May 1, 2007
Passing environment variables to sudo
A user on the Fink mailing list wrote to tell me that instead of editing /etc/sudoers to maintain the PERL5LIB variable, you can optionally pass it through on the command line, like this:
sudo env PERL5LIB=$PERL5LIB cpan
sudo env PERL5LIB=$PERL5LIB cpan
Wednesday, April 25, 2007
Controlling KDE applications from the shell
I came across this the other day on accident:
kfmclient --commands
You can do a rather fascinating number of things to KDE in the shell through kfmclient, including opening a new Konqueror window, opening a new tab in an existing Konqueror window, starting an application from its ".desktop" file, rearrange/refresh your desktop, copy and move files (I presume this would include copying to/from the various IOSlave protocols like fish://).
Try these, for example:
kfmclient newTab 'url'
kfmclient exec .
Since quotes work as well as ticks ( ' ), you could wrap this into a shell script like this:
kfmclient newTab "$somedest"
I haven't come up with any terrific uses for this yet, but it's promising.
kfmclient --commands
You can do a rather fascinating number of things to KDE in the shell through kfmclient, including opening a new Konqueror window, opening a new tab in an existing Konqueror window, starting an application from its ".desktop" file, rearrange/refresh your desktop, copy and move files (I presume this would include copying to/from the various IOSlave protocols like fish://).
Try these, for example:
kfmclient newTab 'url'
kfmclient exec .
Since quotes work as well as ticks ( ' ), you could wrap this into a shell script like this:
kfmclient newTab "$somedest"
I haven't come up with any terrific uses for this yet, but it's promising.
Thursday, April 19, 2007
Revisiting the CPAN initial configuration screen
Recently I made a fresh install of Debian Etch from a NetBoot disk and started installing CPAN modules before I realized the compiler tools - make, gcc, automake, autoconf and friends - are not part of the default NetBoot minimal install (Ok, so I wasn't thinking. That's why it's called minimal, after all.)
Most of the CPAN packages would not compile, returning various make errors. I was stumped when they still would not make after installing make and the other tools, until I realized that CPAN was not able to find make in the PATH during it's initial configuration.
The may be a faster way to do this, but I decided to run the initial configuration again to CPAN would pickup make.
The way I found to do this is open CPAN:
perl -MCPAN -e shell
and then type:
o conf init
to reconfigure.
Most of the CPAN packages would not compile, returning various make errors. I was stumped when they still would not make after installing make and the other tools, until I realized that CPAN was not able to find make in the PATH during it's initial configuration.
The may be a faster way to do this, but I decided to run the initial configuration again to CPAN would pickup make.
The way I found to do this is open CPAN:
perl -MCPAN -e shell
and then type:
o conf init
to reconfigure.
Tuesday, April 10, 2007
When a short sudo timeout drives you crazy . . .
I've recently discovered an easy configuration option for sudo to make the timeout a little longer.
Just add the following line to your /etc/sudoers config file:
Defaults:your_username_here timestamp_timeout=900
(using your actual system username instead of "your_username_here")
The number at the end is how many seconds you want sudo to wait before prompting for a password again.
Just add the following line to your /etc/sudoers config file:
Defaults:your_username_here timestamp_timeout=900
(using your actual system username instead of "your_username_here")
The number at the end is how many seconds you want sudo to wait before prompting for a password again.
Thursday, March 29, 2007
Apple's Mac 10.4.9 Update breaks CPAN access to Fink when using sudo
The short story: as a new security measure, the latest version of sudo strips out various environment variables pertaining to perl. If you have been using an older version of sudo on any *NIX (certainly if you're using Mac OS X) your old version of sudo did not behave this way. This may change the behavior of any scripts you run with sudo.
More explanation:
Apple's latest OS X update, Mac OS X 10.4.9 Combo Update, includes Security Update 2007-003.
If you have installed either of these updates, you have a new version of sudo, which will prevent CPAN (and any other perl script you run as root via sudo) from accessing any libraries you have installed with Fink. For that matter, this would apply to any custom installations into non-default directories, such as /usr/local/, possibly projects other than Fink are affected including GnuDarwin - I don't use any of the others so I'm not sure.
The real source of the problem (which will probably end up affecting users of many other operating systems and programs, not just Mac/Perl) is that the latest version of sudo has a new security check which stripping out all environment variables except a few. Apparently older versions of sudo have been doing this for a while (perhaps always, I'm not sure) but the latest change is that PERL5LIB, PERLLIB and PERL5OPT are now included amongst the variables that get stripped out.
I have my .profile loading the fink script that sets the PERL5LIB variable up for both my regular user and root (which is the way Fink is configured by default), but in spite of this (and even when I manually set PERL5LIB in .profile), my custom PERL5LIB does not get picked up when I run CPAN with sudo anymore.
The solution I found, is to edit my sudoers config and add the following:
Defaults env_delete-="PERLLIB PERL5LIB PERL5OPT"
Which "subtracts" those variable from sudo's list of vars to remove (this in effect "undoes" the latest security update with a configuration override. Consider carefully if you want to override it or not).
I tried adding:
Defaults env_keep+="PERLLIB PERL5LIB PERL5OPT"
( env_keep is in the sudoers manpage), but apparently env_keep doesn't work that way.
I'm sure that overall, sanitizing the environment variables for sudo is a good thing, but the unexpected change sure threw me for a loop when things suddenly started breaking.
This is a classic example of why you shouldn't install any updates of any kind, including security updates, on production servers, without first analyzing exactly what the update is going to change! :-)
More explanation:
Apple's latest OS X update, Mac OS X 10.4.9 Combo Update, includes Security Update 2007-003.
If you have installed either of these updates, you have a new version of sudo, which will prevent CPAN (and any other perl script you run as root via sudo) from accessing any libraries you have installed with Fink. For that matter, this would apply to any custom installations into non-default directories, such as /usr/local/, possibly projects other than Fink are affected including GnuDarwin - I don't use any of the others so I'm not sure.
The real source of the problem (which will probably end up affecting users of many other operating systems and programs, not just Mac/Perl) is that the latest version of sudo has a new security check which stripping out all environment variables except a few. Apparently older versions of sudo have been doing this for a while (perhaps always, I'm not sure) but the latest change is that PERL5LIB, PERLLIB and PERL5OPT are now included amongst the variables that get stripped out.
I have my .profile loading the fink script that sets the PERL5LIB variable up for both my regular user and root (which is the way Fink is configured by default), but in spite of this (and even when I manually set PERL5LIB in .profile), my custom PERL5LIB does not get picked up when I run CPAN with sudo anymore.
The solution I found, is to edit my sudoers config and add the following:
Defaults env_delete-="PERLLIB PERL5LIB PERL5OPT"
Which "subtracts" those variable from sudo's list of vars to remove (this in effect "undoes" the latest security update with a configuration override. Consider carefully if you want to override it or not).
I tried adding:
Defaults env_keep+="PERLLIB PERL5LIB PERL5OPT"
( env_keep is in the sudoers manpage), but apparently env_keep doesn't work that way.
I'm sure that overall, sanitizing the environment variables for sudo is a good thing, but the unexpected change sure threw me for a loop when things suddenly started breaking.
This is a classic example of why you shouldn't install any updates of any kind, including security updates, on production servers, without first analyzing exactly what the update is going to change! :-)
Friday, March 23, 2007
KDE Konsole Usage Survey
Robert Knight (Konsole lead maintainer) has posted a useage survey concerning the Konsole application. To quote the survey:
" The aim of this survey is to collect information about the needs of Konsole's current users, and how they use the software. This information will be used to design the facilities for setting up the terminal and saving / restoring the state of the terminal in KDE 4.
This survey has 28 questions spread over 5 pages. All of the questions are optional. Question number 28 allows you to provide any additional comments which you would like the developers to read. "
So if you're KDE Linux user and you like the Konsole, why don't you head on over to the survey and help Robert out?
" The aim of this survey is to collect information about the needs of Konsole's current users, and how they use the software. This information will be used to design the facilities for setting up the terminal and saving / restoring the state of the terminal in KDE 4.
This survey has 28 questions spread over 5 pages. All of the questions are optional. Question number 28 allows you to provide any additional comments which you would like the developers to read. "
So if you're KDE Linux user and you like the Konsole, why don't you head on over to the survey and help Robert out?
Wednesday, March 21, 2007
CPU reviews for the average Linux Desktop user
I had a look around the net trying to find some useful reviews comparing CPUs for the average Linux office-progam desktop user.
There are a great deal of articles on the web reviewing CPUs, but they tend to have several problems.
The worst problem by far is that most articles tend to compare the CPU being reviewed with either the last ones reviewed, or the last few previous releases of any given CPU (and it's competitor).
Now in the 90's, that would have been ok, but nowadays there are new CPUs being released practically every month (if not more often), and there's also an incredible number of CPU families that are not usually compared to each other in a review.
So, for example reviews that take the two very latest Intel and AMD DualCores and compre them to each other are pretty much worthless for a lot people - it's like comparing apples from different sides of the same tree (or off the same branch). How does the latest CoreDuo compare to last year's 64 bit Opteron? Best wishes on the hunt to find articles like that.
Like many office users, I don't care how fast a CPU runs 3D programs, games and video/audio encoding.
What runs KDE the fastest when you have all the standard office applications running (FireFox, OpenOffice, Kontact) and SpamAssassin starts sucking the life out of your box while Kontact checks for new mail?
Yes, there are plenty of CPU reviews out there, but most of them do not tell me if the latest Dual-Core 64-bit Whoopie runs Kcalc, emacs or apache faster than my P4 2.8 Ghz. Most of them focus on gaming, 3D, floating point intensive Windows applications. I'm not interested in that.
To my relief I found that Tom's Hardware does in fact have a database with the last few years worth of processors compared at http://www23.tomshardware.com/cpu.html.
Best of all, they let you pick what benchmark you want to use to compare the CPU, including some more "normal" comparisons such as printing a 200 or 950 page MS office file to PDF, and even some multi-tasking benchmarks such as running PDF making while AVG Antivirus is scanning, or decompressing a file while photoshop is running.
If anyone else knows of some good basic CPU reviews (not 3D, game and video oriented), please leave a comment - I'd love to hear about it.
- JW
There are a great deal of articles on the web reviewing CPUs, but they tend to have several problems.
The worst problem by far is that most articles tend to compare the CPU being reviewed with either the last ones reviewed, or the last few previous releases of any given CPU (and it's competitor).
Now in the 90's, that would have been ok, but nowadays there are new CPUs being released practically every month (if not more often), and there's also an incredible number of CPU families that are not usually compared to each other in a review.
So, for example reviews that take the two very latest Intel and AMD DualCores and compre them to each other are pretty much worthless for a lot people - it's like comparing apples from different sides of the same tree (or off the same branch). How does the latest CoreDuo compare to last year's 64 bit Opteron? Best wishes on the hunt to find articles like that.
Like many office users, I don't care how fast a CPU runs 3D programs, games and video/audio encoding.
What runs KDE the fastest when you have all the standard office applications running (FireFox, OpenOffice, Kontact) and SpamAssassin starts sucking the life out of your box while Kontact checks for new mail?
Yes, there are plenty of CPU reviews out there, but most of them do not tell me if the latest Dual-Core 64-bit Whoopie runs Kcalc, emacs or apache faster than my P4 2.8 Ghz. Most of them focus on gaming, 3D, floating point intensive Windows applications. I'm not interested in that.
To my relief I found that Tom's Hardware does in fact have a database with the last few years worth of processors compared at http://www23.tomshardware.com/cpu.html.
Best of all, they let you pick what benchmark you want to use to compare the CPU, including some more "normal" comparisons such as printing a 200 or 950 page MS office file to PDF, and even some multi-tasking benchmarks such as running PDF making while AVG Antivirus is scanning, or decompressing a file while photoshop is running.
If anyone else knows of some good basic CPU reviews (not 3D, game and video oriented), please leave a comment - I'd love to hear about it.
- JW
Tuesday, March 6, 2007
An Easy Linux-VServer Tutorial
At work we are always needing "one more computer . . ." for endless tasks, tests, development environments, secure areas, workspace for "untrusted" personnel that does not give them access to the rest of our project areas - the list is endless.
We've tried quite a lot of things over the years, including attempting to roll my own secure "jailed" system using SELinux on SuSE combined mini Debian install in a chrootjail (it didn't work :-) ).
Other projects that deserve honorable mention include bochs, xen, various jails and restricted shell, VMWare, VirtualBox.
Recently I've come across "Linux-VServer", which gave me a refreshing surprise: it is easy to install and use, resonably secure, and certainly self-contained.
I found a pretty good, brief article describing how to setup Linux_VServer under Debian Etch, but it left out a few important details (like how to get ssh access to your new install!), so I wrote a "helper" article describing in more detail the steps for a quick, easy install.
If you are interested you can read my article here:
http://www.cedarcreeksoftware.com/articles/general/an-even-easier-linux-vserver-tutorial.html
We've tried quite a lot of things over the years, including attempting to roll my own secure "jailed" system using SELinux on SuSE combined mini Debian install in a chrootjail (it didn't work :-) ).
Other projects that deserve honorable mention include bochs, xen, various jails and restricted shell, VMWare, VirtualBox.
Recently I've come across "Linux-VServer", which gave me a refreshing surprise: it is easy to install and use, resonably secure, and certainly self-contained.
I found a pretty good, brief article describing how to setup Linux_VServer under Debian Etch, but it left out a few important details (like how to get ssh access to your new install!), so I wrote a "helper" article describing in more detail the steps for a quick, easy install.
If you are interested you can read my article here:
http://www.cedarcreeksoftware.com/articles/general/an-even-easier-linux-vserver-tutorial.html
Wednesday, February 28, 2007
Helpful SuSE documentation and download sites
Here's a collection of sites I've found useful for information on SuSE (trust me, not all the sites out there actually provide useful information :-) )
Documentation and Info:
* http://susewiki.org/index.php?title=Main_Page
* http://opensuse-community.org/
* http://en.opensuse.org/Welcome_to_openSUSE.org
* http://susewiki.apanela.com/
* http://susefaq.sourceforge.net/
Blogs on SuSE: http://www.planetsuse.org/
Good Third-Party packages:
[I strongly suggest you use the SMART package manager, or at least YaST repositories or apt. You won't be disappointed, they are all easy to use after a minimal amount of configuration]
* Guru's RPMs http://linux01.gwdg.de/~pbleser/
* Packman's RPMs http://packman.links2linux.org/
* James Ogley's http://www.usr-local-bin.org/rpms/
Documentation and Info:
* http://susewiki.org/index.php?title=Main_Page
* http://opensuse-community.org/
* http://en.opensuse.org/Welcome_to_openSUSE.org
* http://susewiki.apanela.com/
* http://susefaq.sourceforge.net/
Blogs on SuSE: http://www.planetsuse.org/
Good Third-Party packages:
[I strongly suggest you use the SMART package manager, or at least YaST repositories or apt. You won't be disappointed, they are all easy to use after a minimal amount of configuration]
* Guru's RPMs http://linux01.gwdg.de/~pbleser/
* Packman's RPMs http://packman.links2linux.org/
* James Ogley's http://www.usr-local-bin.org/rpms/
Friday, February 23, 2007
Firebug Firefox Extension - tweak any web page
Earlier this week someone directed me to a FireFox extention called "FireBug" - possibly the most interesting tool for web developers I've ever come across.
It allows you to open a console for any page you are browsing (not just on your own server- if it loads in your browser, you can work with it) and view and change the code in a very convenient manner - to me it is much easier than the typical "view source" method. Want to know what your favorite site would look like with a black background? Find your bgcolor tag and modify the color - presto, you have a black background.
FireBug provides a host of other features too, though.
One really useful feature is a graph that shows where HTML and CSS layout controls are trying to place each object, showing a small boxed example with rulers and guides. Great for finding out why things aren't lining up correctly.
Another really slick feature is the "network monitor" that shows how long it takes each element to load - perfect for finding out why some pages take a mysteriously long time to load.
Also worth mentioning is the error console and logging, including JavaScript errors.
Quick Install:
http://releases.mozilla.org/pub/mozilla.org/extensions/firebug/firebug-1.01-fx+fl.xpi
If the install link doesn't exist by the time you read this page, head over to the project's page on the FireFox Extensions site:
https://addons.mozilla.org/firefox/1843/
Project home page: http://www.getfirebug.com/
It allows you to open a console for any page you are browsing (not just on your own server- if it loads in your browser, you can work with it) and view and change the code in a very convenient manner - to me it is much easier than the typical "view source" method. Want to know what your favorite site would look like with a black background? Find your bgcolor tag and modify the color - presto, you have a black background.
FireBug provides a host of other features too, though.
One really useful feature is a graph that shows where HTML and CSS layout controls are trying to place each object, showing a small boxed example with rulers and guides. Great for finding out why things aren't lining up correctly.
Another really slick feature is the "network monitor" that shows how long it takes each element to load - perfect for finding out why some pages take a mysteriously long time to load.
Also worth mentioning is the error console and logging, including JavaScript errors.
Quick Install:
http://releases.mozilla.org/pub/mozilla.org/extensions/firebug/firebug-1.01-fx+fl.xpi
If the install link doesn't exist by the time you read this page, head over to the project's page on the FireFox Extensions site:
https://addons.mozilla.org/firefox/1843/
Project home page: http://www.getfirebug.com/
Friday, February 16, 2007
Blocking web banner advertisements
A great deal of web sites I use to look up technical information run way too many banner ads. I know they provide some revenue, for the company, but the thing is, I /never/, ever click on those banners. So they won't be getting any click-counts from me.
In the mean time, they are annoying, sometimes distracting, and often ugly. I've also had badly designed Flash banners crash my browser.
My workstation runs SuSE Linux, and Firefox is my browser of choice for browsing the wide web. adBlock Plus is great tool for doing away with the banners in Firefox.
Here's some quick install links if you are running any version of Firefox or Mozilla-Seamonkey:
Install adBlock XPI: http://releases.mozilla.org/pub/mozilla.org/extensions/adblock_plus/adblock_plus-0.7.2.4-fx+fl+zm+tb.xpi
Install primary filtersets after installing adBlock:
abp://subscribe/?location=http%3A%2F%2Feasylist.adblockplus.org%2Fadblock_rick752.txt&title=EasyList
abp://subscribe/?location=http%3A%2F%2Feasylist.adblockplus.org%2Feasylist-element_rick752.txt&title=EasyElement
I'm sure those links will break when a new version is released, so here's the project homepage:
http://adblockplus.org/en/
The install page at Mozilla's Extentions directory:
https://addons.mozilla.org/firefox/1865/
And the list of filtersets to subscribe to:
http://adblockplus.org/en/subscriptions
Enjoy!
In the mean time, they are annoying, sometimes distracting, and often ugly. I've also had badly designed Flash banners crash my browser.
My workstation runs SuSE Linux, and Firefox is my browser of choice for browsing the wide web. adBlock Plus is great tool for doing away with the banners in Firefox.
Here's some quick install links if you are running any version of Firefox or Mozilla-Seamonkey:
Install adBlock XPI: http://releases.mozilla.org/pub/mozilla.org/extensions/adblock_plus/adblock_plus-0.7.2.4-fx+fl+zm+tb.xpi
Install primary filtersets after installing adBlock:
abp://subscribe/?location=http%3A%2F%2Feasylist.adblockplus.org%2Fadblock_rick752.txt&title=EasyList
abp://subscribe/?location=http%3A%2F%2Feasylist.adblockplus.org%2Feasylist-element_rick752.txt&title=EasyElement
I'm sure those links will break when a new version is released, so here's the project homepage:
http://adblockplus.org/en/
The install page at Mozilla's Extentions directory:
https://addons.mozilla.org/firefox/1865/
And the list of filtersets to subscribe to:
http://adblockplus.org/en/subscriptions
Enjoy!
Thursday, February 15, 2007
Intro
I'm a system administrator for a small Central Texas IT Company, Cedar Creek Software. We specialize in custom programming projects, usually involving relational database programming for website backend engines.
I am also a technical consultant for a variety of businesses and organizations, including my father-in-law's stained glass studio, Stanton Glass Studio.
I specialize in small LAN and heterogeneous network administration, mostly using Linux and Mac OS X.
I am also a technical consultant for a variety of businesses and organizations, including my father-in-law's stained glass studio, Stanton Glass Studio.
I specialize in small LAN and heterogeneous network administration, mostly using Linux and Mac OS X.
Subscribe to:
Posts (Atom)
Posts
