Skip to content

Entries tagged "linux".

I/O stats for Centos

! Edit 12.04.2011 - RHEL/Centos 5.6 finally brings support for iotop. 
You should be able to find an RPM package in EPEL.

Today someone asked me on #centos how he can see what's using so much I/O on the system. Without thinking I replied "iotop", but a google search turned out there is no iotop for Centos 5.

Solution? Too easy!

If you have the RPMforge repo active on your system then just:

yum install dstat
otherwise:
wget http://apt.sw.be/redhat/el5/en/x86_64/extras/RPMS/dstat-0.7.2-1.el5.rfx.noarch.rpm; \
yum localinstall --nogpgcheck ./dstat-*.rpm
After the installation running `dstat -d --top-bio --top-io` will reveal some nice information.

It's important to install dstat from RPMForge and not EPEL or Centos Base, as you will otherwise get a package that is too old and lacking the necessary plugins.

dstat running:

Smartctl - a note to myself

A note to my future self as I never seem to remember these smartctl commands (partly and fortunately because I don't need them often):
1. Quick check
/usr/sbin/smartctl -q errorsonly -H -l selftest -l error /dev/sdX
2. Run some tests if the command above reported any errors:
smartctl -t short /dev/sdX && smartctl -l selftest /dev/sdX

Avoid cp overwrite confirmation

Tonight I have to copy and partially overwrite a lot of data on a Centos 5 system and encountered a little problem.
The "cp" command turned out to be a PITA as it was asking me for confirmation each and every time a file was to be overwritten.
Why is this happening? Because RedHat/Centos guys have added the following alias in bash conf files:
alias cp='cp -i'
-i means interactive, or in more words: "prompt before overwrite (overrides a previous -n option)".
The solution to this safe but annoying alias (in this case) is to `unalias` it or just ignore it by prefixing the command with a \.
\cp -a /home/xyz/* /home/zyx/
No more annoying confirmations, now I can go to bed. ZzzZz.

Linux Raid - replacing a physical device

Right now I'm dealing with a broken linux raid 1 in which both physical drives are reporting lots of bad blocks.
I have chosen the drive that exhibited the least problems and I'm having it cloned with dd_rescue on to a new one from a SysRescCD Live CD
dd_rescue /dev/old-b0rk3d-drive /dev/new-clone-drive
It's a good idea to run the above in a screen, especially if you're doing this via the internet.
Once the cloning is completed I simply put the new drive in the original server and expect it to boot - with a degraded but working raid.
In the next step I add a new empty drive, with a similar size (500 GB in my case) and clone the partition table with sfdisk:
sfdisk -d /dev/existing-drive | sfdisk /dev/new-empty-drive
Use `fdisk -l` before and after the partition cloning to be sure you're doing the right thing.
Once we have an identical partition table on both drives we can start adding partitions from the new drive to our linux raid. Assuming the cloned drive is sda and the new drive is sdb, our md setup should loook like this:
root@sysresccd /root % cat /proc/mdstat 
Personalities : [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] 
md3 : active raid1 sda6[1]
      297780736 blocks [2/1] [U_]
      
md1 : active raid1 sda3[1]
      4192896 blocks [2/1] [U_]
      
md2 : active raid1 sda2[1]
      153597376 blocks [2/1] [U_]
      
md0 : active raid1 sda1[1]
      30716160 blocks [2/1] [U_]

And now let's add partitions to our raid layout:
mdadm /dev/md0 --add /dev/sdb1
mdadm /dev/md1 --add /dev/sdb3
mdadm /dev/md2 --add /dev/sdb2
mdadm /dev/md3 --add /dev/sdb6
And that's that, now we can see the raid resync'ing:
cat /proc/mdstat


We're not finished yet!
As this drive (and therefore its clone as well) was secondary (sdb) on the original system I expect problems with grub.
By default, when installing on to a linux raid Centos/Anaconda only installs grub on the first drive (sda in this case) and therefore my drive being sdb will lack this in its MBR.
If this is the case, we won't be able to boot at all from the cloned hdd, so we need to boot again from the Live CD, mount the linux raid from it and then chroot in to the OS and do the grub magic from there.
Assuming everything works nicely form the Live CD and the md devices are properly mounted under /mnt we can start:
export SHELL=/bin/bash
chroot /mnt/clone
#grub
grub> find /boot/grub/stage1
 (hd0,0)
 (hd1,0)
grub> root (hd0,0)
 Filesystem type is ext2fs, partition type 0xfd

grub> setup (hd0)
 Checking if "/boot/grub/stage1" exists... yes
 Checking if "/boot/grub/stage2" exists... yes
 Checking if "/boot/grub/e2fs_stage1_5" exists... yes
 Running "embed /boot/grub/e2fs_stage1_5 (hd0)"...  15 sectors are embedded.
succeeded
 Running "install /boot/grub/stage1 (hd0) (hd0)1+15 p (hd0,0)/boot/grub/stage2 /boot/grub/grub.conf"... succeeded
Done.

grub> root (hd1,0)
 Filesystem type is ext2fs, partition type 0xfd

grub> setup (hd1)
 Checking if "/boot/grub/stage1" exists... yes
 Checking if "/boot/grub/stage2" exists... yes
 Checking if "/boot/grub/e2fs_stage1_5" exists... yes
 Running "embed /boot/grub/e2fs_stage1_5 (hd1)"...  15 sectors are embedded.
succeeded
 Running "install /boot/grub/stage1 (hd1) (hd1)1+15 p (hd1,0)/boot/grub/stage2 /boot/grub/grub.conf"... succeeded
Done.

grub>quit 
And we're done now: reboot.
! - Please pay extra attention when doing this kind of operations, it's very easy to format the wrong HDD etc. :-)

Spotify, Spotify...

Today I wanted to give Spotify a try as I have heard they released an alpha native version for linux.
However when I went to their site to download the client I got this:
So how do you get it? We’ve packaged the first release as a Debian Squeeze/Ubuntu 10.04 package.
Wait, what?
Since they don't release any source code you'd think they could at least release some generic unpack & run packages so everyone can use it...
Spotify, If a job is worth doing, it's worth doing well!
Anyway, I converted those deb packages to RPM using alien and you can download them from here:
http://dl.nux.ro/spotify/
I installed them with the following command:
#rpm -ivh spotify-client-qt-0.4.7.132.g9df34c0-2.i386.rpm spotify-client-gnome-support-0.4.7.132.g9df34c0-2.noarch.rpm --nodeps
They appear to install and run, however I cannot login (maybe because I use the free version of the account[1]):
$ spotify 
04:15:40.619 I [offline_authorizer.cpp:156] Unable to login offline: no such user
04:15:42.801 I [ap:1387] Connecting to AP B2.spotify.com:4070
04:15:42.829 I [ap:937] Connected to AP: 78.31.8.17:4070
04:15:42.894 E [ap:3285] Connection error:  406
04:16:04.565 I [offline_authorizer.cpp:156] Unable to login offline: no such user
04:16:05.492 I [ap:1387] Connecting to AP b1.spotify.com:4070
04:16:05.506 I [ap:937] Connected to AP: 78.31.8.15:4070
04:16:05.586 E [ap:3285] Connection error:  406

[1] - Yes, their offer is very good and affordable for most people and many dickheads in the music and film industry should learn from them, however they have no excuse for not releasing a decent linux client. The day they do that I'll seriously consider to pay.

How to pronounce linux

Apparently some people[1] don't know how to pronounce "Linux".
Here's Linus pronouncing it:
http://dl.nux.ro/audio/linus-says-linux.oga

[1] - http://www.sys-con.com/node/1523620
"What is Linux? Linux (pronounced “Line-ooks”) is a computer Operating System kernel developed by Linus Torvalds."

Here's to Davmail

Cheers to the DavMail devs for making my life bearable.
For those of you standard protocols lovers stuck in an Exchange environment this might be of interest:
DavMail is a POP/IMAP/SMTP/Caldav/Carddav/LDAP exchange gateway 
allowing users to use any mail/calendar client 
(e.g. Thunderbird with Lightning or Apple iCal) with an Exchange server,
even from the internet or behind a firewall through Outlook Web Access.

DavMail now includes an LDAP gateway to Exchange global address book
and user personal contacts to allow recipient address completion
in mail compose window and full calendar support with attendees free/busy display.
Enjoy!

The first Mandriva fork?

So it begins...
There is rumour around about forking Mandriva.
If you are not living in a cave, you must know that Mandriva (one of the oldest GNU/Linux distros and one that pioneered Linux as a desktop OS) has been through a lot of financial problems and many people left the company.
Given the above the community is more and more unsettled and there seems to be some desire to start a fork.
More details here, and if you don't speak French here's a Google translation.
We're living interesting times. Personally I'd be delighted to see all the Mandriva communities combine forces and keep the distro alive.

Mandriva is forked!

So it happened, a Mandriva fork is on the way and its name is Mageia ("magic").
Curious about how Mandriva S.A. shall respond to this; also curious if this fork will actually prove useful and produce anything (other than dividing the current Mandriva communities).

Mandriva is alive and kicking!

Apparently Mandriva is alive and kicking... and they have big plans!
From a desktop point of view, Mandriva intends to be the BEST KDE DISTRIBUTION IN THE WORLD:
easy to use, stable, rich featured and with excellent localization.
Read the whole post for more details.

The distros killed Python

Have the distros killed python?
Distros keep python alive in the "real" world where you need stuff running reliably and securely for many years!

Not only that, distros will keep any language alive, as long as there is some sort of initiative from its devs to make it available for longer terms (to hell with rubygems since we're at it!).

Get more info about dying processes and run some scripts as well while you're at it

This is sheer coolness. I fuckin love the kernel guys.
Read this article to find out how to get more info about dying processes and how you can run some scripts before they get killed.

Get rid of the orphans in a Centos system

How to find out orphaned packages in your Centos/RHEL system?
yum install yum-utils
package-cleanup --orphans

`man package-cleanup` for more cool stuff

Remote Centos 5 installation over VNC

Remember, remember... no, not the 5th of November, but to use 6-11 chars passwords for VNC when doing remote Centos installations!

RPMs for Courier email suite

Here's a Centos repo containing RPMs for the Courier suite (imap, mta, authlib etc):
http://dl.nux.ro/rpm/5/courier/
Repo file: http://dl.nux.ro/rpm/nux-courier.repo
The packages have been built directly from the courier tarball, didn't bother to tweak the spec file in any way.
Use them at your own risk etc etc.

RPMs for the Debian whois client

Here's another Centos repo containing RPMs for the Debian whois client (jwhois never works!):
http://dl.nux.ro/rpm/5/whois/
Repo file: http://dl.nux.ro/rpm/nux-whois.repo
PS: This should work on Fedora as well.

Change the default source address in Linux

Quick note to my future self on how to change the default source address in Linux (usually the 1st IP that resides on the primary NIC):
ip ro replace default via GATEWAY src IP
Where GATEWAY is the default gateway of the system and IP is the new source IP address (this has to be an existing assigned IP).

Newer kernel for Centos

Want to try the latest kernel on a Centos server? Although that is highly unadvisable, in the desperate and cataclismic event that you really need it, do not forget to enable CONFIG_SYSFS_DEPRECATED_V2, otherwise you'll end up in a kernel panic.
Thanks Toracat for the tip!

BitDefender free Antispam tool for linux

Just found out on the Romanian Linux Users Group list that BitDefender published a tool for fighting spam. It's not open source, but it's free (as in beer) and you can hook it into your favourite MTA!
Get it from here.

RHEL6 review

A nice review once again from The H, this time about the newly released RHEL6.
Check it out here.

More reliable than Microsoft, More open than Oracle, More comprehensive than VMware

PowerAdmin 2.1.5 RC1 released

Erm, will have to make some time for upgrading my PowerAdmin installation:
A new version of Poweradmin has been released: 2.1.5 RC1. This is mainly a bug fix / minor enhancement release.

Bugfixes:
#340    html and css fixes
#343    language detection fixes in installer
#345    remove unreachable returns
#347    poweradmin-*-db-structure.sql are missing the new tables
#349    Connection fails with PostgreSQL
#354    problem with zone search
#355    MySQL port
#357    Remove usage of REQUEST_URI in confirm urls
#358    Fix sql error with pgsq
#363    add UTF8 encoding for installer
#366    Add master zone doesn't have "add zone" button
#368    fix installer translation
#376    Wrong notification in user creation
#383    Error when reloading page on record delete
#389    serial number increments after error
#395    Undefined variable: meta_edit

Enhancements/new features:
#386    get_zones() speed enhancement
#70     Only Ueberusers are now allowed to delete their own account.
#72     Installer now checks for requirements
#86 + #334      Add new db_type: mysqli
#296    Ability to set the string "PowerAdmin" used for page title/header in the config file
#327    German translation
#330    Improved usability for deleting records
#342    Check if _POST array has required value .
#348    Gracefull fail when zone_templ_records && zone_templ are missing
#356    Smarter sorting for reverse zones
#364    Direct link to install directory
#365    default language for installation should be English
#367    add favicon
#369    add checks for required php extensions
#371    Ability to edit template  name/description
#373    List all domains         link
#377    Cosmetic improvement: Order of fields differ
#379    Redo information saved in session files.
#390    Before checking if TLD is valid, convert to lowercase
#394    Make 'active' letters in the zone list stand out more.
#361    PHP 5.3 compatibility
#382    Cascading updates for all zones belonging to a certain template.

Please read the 2.1.5 RC1 release notes when you are about to install or upgrade to Poweradmin 2.1.5 RC1

You can download Poweradmin 2.1.5 RC1 from the download page.

If you have comments or suggestions, please send them to the mailinglist! Any help is appreciated.

25 sick linux commands

Something that just got into my bookmarks folder:
http://blog.urfix.com/25-sick-linux-commands/

Hetzner quality

Every now and again I am amazed with the services Hetzner provide. Their automated platform is awesome.
You basically do not need to contact their technical support unless dealing with faulty hardware.

Fix Flash sound problem for Fedora 14

And here's how:
http://earth.rockinthebury.com/?p=104

Re-read partition table in Linux

Tonight I needed to clone some HDD. After the cloning finished I wanted to inspect the partitions on the new drive without rebooting (sheer laziness); I obviously couldn't, the OS wasn't yet aware of the new partition table.
To make the OS aware of the new partition table you have 2 options:
1 - reboot
2 - use partprobe or blockdev (--rereadpt).

Good luck! ;-)

Elastix on Xen howto

Elastix is an open source Unified Communications Server software that brings together IP PBX, email, IM, 
faxing and collaboration functionality.
It has a Web interface and includes capabilities such as a Call Center software with predictive dialing.

The Elastix functionality is based on open source projects including Asterisk, HylaFAX, Openfire and Postfix.
Those packages offer the PBX, fax, instant messaging and email functions, respectively.

As presented above (fragment from the wikipedia page), Elastix can be quite useful if you want to run your own PBX.
As it is based on Centos I initially tried to install it the Centos way, but I encountered lots of problems so I ended up using a Linux KVM vm (I'm in love!), tweak that a bit, tar it up and transfer it to a xen dom0.
I have already lost too much time trying to get it installed so I will not comment on this anymore.
I will assume that you will use my Elastix (v2.0.3) xen image and that you also have a working LVM based (Centos) xen dom0. As most things linux there are multiple ways of doing this, this is my way. Let's begin:

- 1 - Let's create 2 LVM volumes for the elastix vps:
lvcreate -L10G -nelastix-root vg0; lvcreate -L1G -nelastix-swap vg0

- 2 - Download and extract the image:
wget http://dl.nux.ro/xen/domU/elastix_32/elastix.tar.bz2; tar xjf elastix.tar.bz2

- 3 - Format the volumes and copy the contents of the tar archive on to the root one:
mkfs.ext3 /dev/vg0/elastix-root
mkswap /dev/vg0/elastix-swap
mkdir /mnt/elastix
mount /dev/vg0/elastix-root /mnt/elastix
cp -a elastix/* /mnt/elastix/
umount /mnt/elastix/

- 4 - Create a xen cfg file for this domU: vi /etc/xen/auto/elastix.cfg
bootloader = "/usr/bin/pygrub"
name = "elastix"
memory = "512"
disk = [ 'phy:/dev/vg0/elastix-root,sda1,w', 'phy:/dev/vg0/elastix-swap,sda2,w' ]
vif = ['vifname=elastix,bridge=xenbr0']
on_poweroff = 'destroy'
on_reboot = 'restart'
on_crash = 'restart'

- 5 - After saving that file start the virtual machine:
xm create -c /etc/xen/auto/elastix.cfg

- 6 - Log in the vm, change the password using the "passwd" command and set up the networking (run "setup" if you don't know which system config files to edit). When asked for a password please input "parola2011" (without the quotes). Please change the root password ASAP!!
- 7 - Visit http://IP_of_VM/ and log in as admin with password parola2011 (change the admin password ASAP!).

Enjoy!

PS: You may want to change some system settings like the keyboard layout (set to uk) and timezone (set to Europe/Bucharest).

When was a linux OS installed?

By mistake I found out how one can discover when his linux OS was installed, well..in most of the cases. Previously I had no idea how to do this and not even this may be the best idea (if you know other ways to do this, let me know):
dumpe2fs -h /your/root/partition|grep created

The command will show when the filesystem was created initially, but if we ask for the / or /boot fs information, then this should be the install date.
E.g.:
sudo dumpe2fs -h /dev/sda2|grep created
dumpe2fs 1.41.12 (17-May-2010)
Filesystem created:       Thu Dec  9 21:34:06 2010

Voila!

Wow Artica

Wow, how did I not hear about Artica before?! Looks awesome.

Mandriva 2011 preview

Wow, Mandriva 2011 preview! Get it while it's hot!

Scientific Linux 6 released

Wow, nice, Scientific Linux 6 is released. Details here.
I'm downloading the DVD right now (thank you Virginmedia for capping me to 2 Mbps, arseholes).

Allow the local user to install and update software without root password

This tutorial is for EL6 and possibly Fedora (12, 13, 14 etc); not sure if it will work on other distros.

For my personal laptop or even work station I don't see a reason to require the root password to install or update programs from trusted sources (i.e. repos from which we imported the gpg keys). In order to allow the regular user to perform such actions we use PolicyKit. As such we need to write 2 new pkla (PolicyKit Local Authority) files:
vi /var/lib/polkit-1/localauthority/50-local.d/10-pkgkit-pkginstall-policy.pkla

and copy/paste the following:
[Let All Install Packages]
Identity=unix-user:*
Action=org.freedesktop.packagekit.package-install
ResultAny=no
ResultInactive=no
ResultActive=yes

This will allow all users to install new programs either by using pkcon or its graphical counterpart gpk-application.
In order to update packages we need to write a new pkla:
vi /var/lib/polkit-1/localauthority/50-local.d/10-pkgkit-pkgupdate-policy.pkla

and copy/paste:
[Let All Update Packages]
Identity=unix-user:*
Action=org.freedesktop.packagekit.system-update
ResultAny=no
ResultInactive=no
ResultActive=yes

That's about it. Now you can use pkcon install blah or pkcon update as a normal user. Alternatively you can use "System > Administration > Add/Remove software" or "System > Administration > Software update".

Enjoy!

The difference between Fedora and Ubuntu

For me it could go down as this - in Fedora the Terminal is a System Tool, in Ubuntu it's a mere Accessory. :-)



* Obviously I'm referring to the Gnome DE menu and the Gnome Terminal application.

Install Skype in EL6 (RHEL 6/ Scientificlinux 6/ Centos 6)

UPDATE 14th August 2014: Microsoft has released a new Skype version, 4.3.0.37 - you need AT LEAST this version to be able to login any more as they seem to have changed something in the authentication process. It is available in my repo, grab the latest from here: http://li.nux.ro/download/nux/dextop/el6/i386/

UPDATE: For Skype 4.0 instructions click here.

I used to have here some instructions on how to get skype installed from official RPM, then overwrite the binary with a static one to get it to work etc etc - quite a PITA. Now you can just install an RPM[1] to get the same result; so, if you have my repo installed (nux-dextop) just do:
yum install skype
If you do not have my repo installed:
wget http://li.nux.ro/download/nux/dextop/el6/x86_64/skype-2.2.0.35-3.el6.nux.i586.rpm
yum localinstall --nogpgcheck ./skype-2.2.0.35-3.el6.nux.i586.rpm
All of the above needs to be done as root, obviously.
You may want to browse http://li.nux.ro/download/nux/dextop/el6/x86_64 for newer skype rpms; who knows what will happen next to the linux client. It has always sucked in one way or another, I can't see it improving now that Microsoft has bought them.
If you run intro problems with this RPM let me know at rpm at li.nux.ro ! Thanks.


[1] - Thanks Russian Fedora repo, it's their package actually!

Cheerio!

Speed up your Centos box by using the pdnsd caching name server

Update: these exact same instructions work on EL6, too (tested it on my ScientificLinux 6 workstation).

Today I was looking into installing a dns caching server on my Centos box so it wastes less time looking up hostnames. I wanted something as light on resources as possible (my dom0 server has only 512MB RAM).
First I thought of dnsmasq, but then I reconsidered as I didn't want something that can also do DHCP, and anyway, AFAIK dnsmasq doesn't use the dns root servers, but your upstream ISP name servers.
My second thought was dnscache (from the djbdns suite), but I really didn't feel like compiling all that stuff (daemontools, ucspi etc). And anyway.. dnscache is _old_.
After all that fuss I remembered reading about pdnsd somewhere so I checked it out: exactly what I needed!

Why do I like it?
- It's small
- It's fast
- It's secure (goes around dns cache poisoning)
- Does persistent caching (good for not permanent connections, also for machines rebooting often)
- Knows IPv6
- Installation is very easy

Installing it on Centos 5 was a no brainer. The RPM package is not in any 3rd party repos that I use (mostly EPEL nowadays - and of course my own :> ). Luckily the developer also mantains RPMs for Centos x86_32 and x86_64:
rpm -ivh http://www.phys.uu.nl/~rombouts/pdnsd/releases/pdnsd-1.2.8-par_el5.x86_64.rpm
(It's a good idea to check the homepage as newer versions might be available)

The configuration is equally easy (a sample config file comes with the rpm package). Here's mine, should work on most servers:
// Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup!
// Read the pdnsd.conf(5) manpage for an explanation of the options.
// Add or remove '#' in front of options you want to disable or enable, respectively.
// Remove '/*' and '*/' to enable complete sections.

global {
	perm_cache=1024;
	cache_dir="/var/cache/pdnsd";
#	pid_file = /var/run/pdnsd.pid;
	run_as="pdnsd";
	server_ip = 127.0.0.1;  # Use eth0 here if you want to allow other
				# machines on your network to query pdnsd.
	status_ctl = on;
#	paranoid=on;       # This option reduces the chance of cache poisoning
	                   # but may make pdnsd less efficient, unfortunately.
	query_method=udp_tcp;
	min_ttl=15m;       # Retain cached entries at least 15 minutes.
	max_ttl=1w;        # One week.
	timeout=10;        # Global timeout option (10 seconds).
	neg_domain_pol=on;
}

# The following section is most appropriate if you have a fixed connection to
# the Internet and an ISP which provides good DNS servers.
server {
	label = "root-servers";
	root_server = discover; # Query the name servers listed below
				# to obtain a full list of root servers.
	randomize_servers = on; # Give every root server an equal chance
	                        # of being queried.
	ip = 	198.41.0.4,     # This list will be expanded to the full
		192.228.79.201; # list on start up.
	timeout = 5;
	uptest = query;         # Test availability using empty DNS queries.
	interval = 30m;         # Test every half hour.
	ping_timeout = 300;     # Test should time out after 30 seconds.
	purge_cache = off;
	exclude = .localdomain;
	policy = included;
	preset = off;
}


source {
	owner=localhost;
#	serve_aliases=on;
	file="/etc/hosts";
}

/*
include {file="/etc/pdnsd.include";}	# Read additional definitions from /etc/pdnsd.include.
*/

rr {
	name=localhost;
	reverse=on;
	a=127.0.0.1;
	owner=localhost;
	soa=localhost,root.localhost,42,86400,900,86400,86400;
}
/*
neg {
	name=doubleclick.net;
	types=domain;   # This will also block xxx.doubleclick.net, etc.
}
*/

/*
neg {
	name=bad.server.com;   # Badly behaved server you don't want to connect to.
	types=A,AAAA;
}
*/


Just save the above as /etc/pdnsd.conf and start the daemon:
service pdnsd start

Have it started upon boot:
chkconfig pdnsd on

And update your resolv.conf file:
echo nameserver 127.0.0.1 > /etc/resolv.conf

Enjoy!

Stella - a Centos desktop remix

Hello everybody, I'm doing a Centos 6 desktop oriented remix called Stella. This has been brewing since the summer and it's starting to get ready.
I've backported a lot of packages from Fedora and Rpmfusion and bundle several other repos, too, resulting in a big range of software available, including but not limited to:
LibreOffice, VLC, MPlayer, Shutter, Arista, Java, Flash, GParted etc

You can read (just slightly) more about it here: li.nux.ro/stella.
I'd love to receive any feedback.


Cheerio!
Nux

Hide other users' processes in Linux

And at last we have the equivalent of security.bsd.see_other_uids in Linux without the need to mess around with grsecurity! This is a security feature I've waited to land in Linux for a LONG time.
This characteristic can be enabled if you have kernel 3.3 (EL6/rhel/centos users can get it from here - thanks ajb!), but hopefully RedHat and other distributions will backport this feature in their kernels, too. The required patches are here and here.

So, how it works? Simple:
- mount /proc with the option "hidepid=1" to stop a regular user to see other processes but his when doing `ps` or `top`
- mount /proc with the option "hidepid=2" to not only stop the user from seeing other processes, but also disables the user's capacity to list /proc/$PIDs that are not his
- mount /proc with the option "hidepid=0" to go back to standard behaviour, all users can see all processes - this is the default
- there is also the "gid=xxx" mount option that lets the specified gid see all processes, even when hidepid is set to 1 or 2

You can read more about it here.

Enjoy!

The Linux desktop is just fine

<< Today I read this rant about how the Linux desktop is not free enough. I almost stopped at the first sentence but still read on. I have to comment on a few things, but of course I don't have a google+ account, it's not free enough.

Desktop Linux Owns Too Many Apps

Ingo Molnar says: Desktop Linux distributions are trying to "own" 20 thousand application packages consisting of over a billion lines of code and have created parallel, mostly closed ecosystems around them. Not really, distributions maintain packages and you are always free to join discussions with most package maintainers/distributions, it's often easier than you think (mailing, IRC, etc) and mostly doesn't require creating an account with google. If your distribution isn't open enough, change. >>

The rest here.

ROSA 2012 Marathon

Update! - In the meanwhile Rosalab have officially announced the beta:
http://www.rosalab.com/blogs/beta-release-of-rosa-marathon-2012-is-no



Right; it's been happening for a while but now there's this web page that kind of makes things more "official":
http://wiki.rosalab.ru/en/index.php/Release_notes_ROSA_Marathon_2012

To quote from that web page:
"ROSA 2012 Marathon is a LTS (long time support) release with guaranteed security and software updates for 5 years. Based on Mandriva/ROSA 2011 repositories with lots of improvements and updates. It is recommended for Enterprise, SMB and SOHO which do not need the "bleeding edge" technology, but require stable software and ability to work for a long time without reinstalling the system. This is the first release completely built using the ABF system."

So it looks like Rosa Labs, the Russian group behind most of what's happening now at Mandriva S.A. has got enough of shareholders dicking around and forked the distribution? It would seem so.

Mageia has a step sister in ROSA now, the newest Mandriva fork. Or is Mandriva slowly being renamed to ROSA? Things are getting interesting again.

By the looks of it the distribution is still in testing but the nightlies look at least usable; there's no final release date yet.
Here are some download links for the testing ISOs:
http://mirrors.coreix.net/MIB/rosa2012lts/iso/beta/

Use on your own risk, there's no official announcement yet.

Stellar refreshments

Hello there!
I've made some new builds of Stella. There's nothing dramatic about them, still based on CentOS 6.2 + updates.
The one thing more remarkable is the NONPAE build for people with CPU's that are not PAE capable. This build uses only the NONPAE Elrepo kernel v3.
Notice I replaced the "TEST" suffix - which was putting off some people - with "BUILD".

More info and download links in the forums: http://forums.nux.ro/index.php?t=msg&goto=292.

ROSA 2012 LTS released

And at last the russians of Rosalabs have announced the final release of ROSA 2012 LTS, codenamed Marathon!

Read more about it HERE.

Download from here:
http://mirror.rosalab.ru/iso/ROSA.Desktop/ROSA.2012.MARATHON/

If you want a modern, good looking, KDE based distro that is supported for the next 5 years then ROSA is for you.
If you're a Mandrake/Mandriva fan, like me, then ROSA is for you, too. :-)
This page explains more about what ROSA brings to the table:
http://www.rosalab.com/products/desktop/

Stella 6.2 BUILD16

Hello, the other day I've released a new build of Stella with some fixes for Broadcom WiFi (b43) and VLC.
Announcement and download link here:
http://forums.nux.ro/index.php?t=msg&th=53&start=0&

Enjoy!

Rosa-users mailing list is now open

ROSA Linux is letting us know that their first public English mailing list is now OPEN.

Feel free to go and register.

This should be a nice addition to their English speaking forums.

Skype 4.0 on EL6 (CentOS/Stella, ScientifixLinux, RHEL, PUIAS) update

UPDATE 14th August 2014: Microsoft has released a new Skype version, 4.3.0.37 - you need AT LEAST this version to be able to login any more as they seem to have changed something in the authentication process. It is available in my repo, grab the latest from here: http://li.nux.ro/download/nux/dextop/el6/i386/

So after a long long time we finally have a new Skype linux release - and it's not even a beta!
This seems to be the first release under Microsoft's auspice and I hope it will run well and not bother the users with too many annoyances (I hear the Windows version has in-call ads now? wtf!).
As usual, EL users will still not be able to just "rpm -ivh" their packages - this has never been Skype's strongest point, not even after M$'s acquisition, but it's not like I was expecting anything.
Here's how to install it manually: http://wiki.centos.org/HowTos/Skype.

UPDATE: Now there is an RPM that does all the dirty work. If you run Stella or Centos with nux-dextop repo active then you can just yum install skype, otherwise:
wget
ftp://mirror.yandex.ru/fedora/russianfedora/russianfedora/nonfree/el/updates/6/i386/skype-4.0.0.7-3.el6.R.i586.rpm
yum localinstall --nogpgcheck skype-4.0.0.7-3.el6.R.i586.rpm
The RPM maintainer is Arkady L. Shane of the Russian Fedora community. Thank you, Arkady!

Enjoy!

Stella 6.3 released

Following the release of CentOS 6.3 I finally managed to get Stella 6.3 out as well.
This is more an issue of incrementing the numbers since people running Stella have already received the updates from Centos 6.3. So, what's new in your favourite EL-based remix?

- all the cool new stuff in EL 6.3
- updated multimedia stack:
   new FFmpeg (0.10.4), MPlayer (1.0.14020120205svn) and VLC (2.0.3) (backported from RPMFusion. Thanks guys!)
- updated in nux-dextop repo: 
   Clipgrab (thanks symbianflo!), Minitube, Audacity 2.0 (available as audacity-freeworld)
- new inclusions in nux-dextop repo: 
   Megamario (SuperMario clone), Geeqie, Mumble suite, Phantomjs, Tarsnap and SCrypt

Also, as a bit of a news, pkgs.org is now indexing my repos nux-dextop and nux-misc - as such, searching for EL6 RPMs might give you results from li.nux.ro :-)


Download 64 and 32 bit (NONPAE as well) ISOs from a mirror near you:

UK
RO


For any problems with Stella GNU/Linux use the forums (preferred) or email me directly: stella@li.nux.ro.

ROSA Enterprise Linux Server "Helium" 2012

So after a period of silence after their test edition ROSA has finally announced a final release for RELS:
Main advantages of ROSA Enterprise Linux Server "Helium" 2012:

    Red Hat Enterprise Linux 6 package base.
    Centralized management of user accounts.
    Web-based administration and configuration interface.
    High scalability.
    Support for Windows and Linux clients.
    Improved data and service security by means of strong user authorization with "Single SignOn" possibility.
    Easy integration with existing corporate networks.
    A ready-to-use basis for deploying cloud solutions.

Download from here: http://mirror.rosalab.ru/rosa-server2012/iso/.


Interesting!

Long Term supported kernel in ElRepo for RHEL and the clones

The good people at elrepo.org just announced on their blog that in addition to the kernel-ml, tracking the current mainline kernel, we now also have kernel-lt (!!!) tracking the current long term supported mainline kernel.

So if you feel like going a bit more bleeding edge, but not too much, then kernel-lt is for you!

ZFS on CentOS

For those interested in running ZFS on EL6 via kmods, I snatched and updated the kmods in PUIAS. Testing so far has been _minimal_ (beware, Selinux needs to be in permissive mode or disabled altogether). Any feedback welcome.
Installation is very easy:
wget -P /etc/yum.repos.d/ http://li.nux.ro/download/nux/zfs/nux-zfs.repo
yum --enablerepo=nux-zfs install kmod-spl kmod-zfs zfs spl zfs-dracut
modprobe zfs

See you at FOSDEM 2013

See you at FOSDEM!

GlusterFS 3.4 hits Alpha

People interested in distributed filesystems will be glad to hear GlusterFS has reached v3.4 Alpha.
This new version brings a lot of new and really cool stuff to the table:
    WORM (write once read many)
    Operating version for glusterd
    Block device translator
    Duplicate Request Cache
    Server Quorum
    libgfapi
    VM image storage improvements – not related to QEMU integration; related to performance improvements
    NFSv3 ACL support
The new QEMU integration should massively increase performance when used as backing storage for KVM virtual machines. Really nice!

More info on the project's blog: http://www.gluster.org/2013/02/new-release-glusterfs-3-4alpha/

Stella 6.4

Following the release of Centos 6.4 recently I'm pleased to publish the same version of Stella.

There is nothing special about this release other than the changes brought in by EL 6.4.

Download from the usual locations:
http://mirror.li.nux.ro/li.nux.ro/ISO/
http://ftp.ines.lug.ro/li.nux.ro/

Enjoy!

Swap on a file

Using a file based swap has several benefits. Among the most important for me are the fact that it can be increased and decreased extremely easily; the other bonus, just as important is that I don't need to maintain complex partition tables.
The above reasons are especially important if you are running a virtualised OS where extra flexibility/simplicity helps and the performance difference is not really that big[1], both swap types are SLOW. :-)

Let's proceed. First we need to create a - say - 500M file; the best way to do it is via "fallocate" as it requires virtually no I/O (man fallocate), but you can also use good old "dd" if you're on an old OS:
fallocate -l 500M /swap.IMG

Next we need to format it, add it to fstab and mount it:
chmod 0700 /swap.IMG
mkswap /swap.IMG
echo "/swap.IMG		swap		swap	defaults	0 0" >> /etc/fstab
swapon -a

If you ever get in a situation where you need to increse swap you can simply do the above for a new file or just increase the current file:
swapoff /swap.IMG
fallocate -l 1000M /swap.IMG
mkswap /swap.IMG
swapon /swap.IMG
Voilà!

If you're working on a virtual machine you might want to avoid swapping as much as possible (many swapping instances generate significant I/O). This can be done via sysctl:
sysctl -w vm.swappiness=0
And also add "vm.swappiness = 0" to /etc/sysctl.conf to make it permanent between reboots.
"vm.swappiness = 0" means it will swap only to avoid an out of memory condition.

HTH.

[1] - http://lkml.org/lkml/2005/7/7/326

10 years of SELinux

Apparently the EL and Fedora world has been using SELinux for 10 years now. It also made it in Debian.
Here's a very nice article about it:
 We are celebrating the SELinux 10th year anversary this year. Hard to believe it.
 SELinux was first introduced in Fedora Core 3 and later in Red Hat Enterprise Linux 4. 
 For those who have never used SELinux, or would like an explanation...

 SElinux is a labeling system. Every process has a label. 
Every file/directory object in the operating system has a label.
Even network ports, devices, and potentially hostnames have labels assigned to them. 
 We write rules to control the access of a process label to an a object label like a file. We call this policy. The kernel enforces the rules.
Sometimes this enforcement is called Mandatory Access Control (MAC). 

 The owner of an object does not have discretion over the security attributes of a object.
Standard Linux access control, owner/group + permission flags like rwx, is often called Discretionary Access Control (DAC).
SELinux has no concept of UID or ownership of files. Everything is controlled by the labels. Meaning an SELinux system can be setup without an all powerful root process.
Read more ...

Stella GNU/Linux 6.5

Hello, following the release of CentOS 6.5 earlier I'm pleased to announce the release of updated Stella ISOs carrying the same version numbers - 6.5.

Download the 32 bit ISO or the 64 bit one (more mirrors available from the project's page).

If you are interested in more details you should check out the RHEL 6.5 release notes:
https://www.redhat.com/about/news/press-archive/2013/11/red-hat-launches-latest-version-of-red-hat-enterprise-linux-6
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.5_Release_Notes/index.html

Enjoy! :-)

Forcing a reboot or shutdown in Linux

Sometimes we need to test various things in Linux that require instant and/or abrupt reboots or shutdowns.
While for reboots one can use `reboot -f`, I was not aware of a way to do a forced shutdown, until now.
The trick is to use the Magic SysRq key:
# reboot
echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger
# shutdown
echo 1 > /proc/sys/kernel/sysrq
echo o > /proc/sysrq-trigger

Happy testing! :)

Openvm.eu - the first Cloudstack "market place"

This week I have launched OpenVM.EU.
OpenVM is a repository of templates and appliances for various Linux distributions, made specifically for Apache Cloudstack.
So far it is very much work in progress, but images will start pouring in shortly.

Thanks go to Ian for being willing to help with creating the Debian/Ubuntu images!

New Shutter packages for EL6 & EL7

Shutter is a wonderful project which started as a screenshot tool, but I find myself using its editing capabilities more and more. I barely touch GIMP nowadays!
I have updated the Shutter packages for EL6 and EL7 the other day. You may notice some improvements and a few UI changes (nice icons).
To install it you need EPEL and nux-dextop repos on your system. Check this page for how to do that if you do not have them already:
http://li.nux.ro/repos.html

Once that's done, just:
yum install shutter

Enjoy!

Install Skype on CentOS 7 (and other RH clones)

Hello there. CentOS 7 is a fresh and major release, but fear not, Skype works well on it.
As usual, just yum install skype if you have my nux-dextop repo installed or just grab the latest RPM from here http://li.nux.ro/download/nux/dextop/el7/x86_64/ and install it.

Don't be shy and let me know if you encounter any issues - rpm at li.nux.ro !

Nested virt - Xenserver on KVM

At openvm.eu we need to test templates on Xenserver and KVM, however the basic OS for the build environment is CentOS 7 (with KVM).
In order to test the templates on Xenserver we had to run this HV as a KVM guest (gotta love virtualisation!); however by default Xenserver will complain that you can't run any HVM guests, only paravirt ones (PV). This sucks because PV is used less and less with HVM being in the spotlight.

Luckily with KVM we can forward the VMX CPU flag to a guest and as such make it available to Xenserver, for it's HVM mode.

There are a few things to be aware of though:
1 - in libvirt do give the Xenserver VM a good CPU profile (I used Core2duo) and make sure the VMX flag is set on "require"
2 - stock CentOS 7 kernel has a problem with nested virt at the moment, do use a newer kernel[1] (I'm using kernel-ml from elrepo-kernel)
3 - make sure the kvm_intel module is loaded with the option nested=1. For this to happen I reload/rebooted with this in /etc/modprobe.d/kvm-intel.conf:
options kvm-intel nested=1

Now enjoy docker on centos, in xenserver on kvm on centos. :-)


[1] - https://bugzilla.kernel.org/show_bug.cgi?id=45931 - this will likely be fixed in future CentOS/RH kernel updates, I hope

Changing an AD password from CentOS Linux

Changing the AD password from linux is surprisingly straighforward.
Just run the passwd command as you would normally!
If that doesn't do it, then just issue this command, replacing of course the variables with your own values:
smbpasswd -r $AD-server -U $AD-username

Voilà, enjoy!

Bypassing BT HomeHub

So you have BT Infinity, the white Openreach modem is up and running and you have broadband via wired or wifi through the fancy BT HomeHub; but you are a geek or a freak and you want to run your own router.
You want to use your local linux box, custom dd-wrt router or who knows, perhaps a Raspberry PI. Fair enough. Here's how to do it:
1 - disconnect the BT HomeHub router from the white modem
2 - connect your linux machine to the modem (LAN1 port usually)
3 - run pppoe-setup on the linux machine and answer the questions accordingly. Interestingly the user/password I used seem to be sort of gibberish, but do work: "Internet@btbroadband.com" and the password "broadband".
I chose not to let pppoe-setup set the DNS or firewall for me, ymmv. Start the connection with /sbin/ifup ppp0.

That's it, enjoy your broadband!

Links: https://community.bt.com/t5/BT-Infinity-Speed-Connection/Openreach-How-I-can-connect-my-PC-directly-into-Openreach-white/td-p/716632

Protect KVM processes from OOM killer

While running clouds on Linux KVM hypervisors it may happen that some of your virtual machines processes get killed by the OOM killer in order to free up memory.

Depending on your situation, the OOM killer may be instructed not to kill certain processes; but if you go this way make sure you know what you are doing and how resources are used.

So, to proceed with protecting KVM processes from out of memory scenarios, we need to run a few commands:
1 - determine the PID of the processes, we can use pgrep for this
2 - protect them from OOM killer by changing the PIDs oom_adj value to -17 (OOM_DISABLE); if you use a 3.x+ kernel then you need to change oom_score_adj to -1000 instead as oom_adj is deprecated

This can be wrapped up in a one-liner such as this:
for PID in $(pgrep qemu-kvm); do echo -17 > /proc/$PID/oom_adj; done

That would work in CentOS 6, but if you are on a newer kernel than that (say 3.x like the one in CentOS 7) then use this:
for PID in $(pgrep qemu-kvm); do echo -1000 > /proc/$PID/oom_score_adj; done

You might want to double check your KVM processes run as qemu-kvm, that's the program's name in CentOS, it may differ in other distributions.

If you do not want to do this manually every time a VM is created you can simply create a cron job to do it for you every X minutes; if you spin up instances very often then you may set it as frequent as 1 minute:
echo '*/1 * * * * root for PID in $(pgrep qemu-kvm); do echo -1000 > /proc/$PID/oom_score_adj; done' > /etc/cron.d/oomprotect

If you run into memory usage issues, do have a look at KSM as it can help optimise memory utilisation (but at the cost of extra CPU usage).

A week with Wileyfox Swift

Recently I have been looking for a new phone to replace the old Motorola XT910 which had begun to test my nerves.
In the end I have decided it's not worth spending several hundreds ££ on a "flagship" device that will probably get replaced in 2 years time, I also am not a fan of contracts, so it had to be a sim-free device.
I had a look at the sim-free devices available and I have ended up with 2 reasonable choices:
- Motorola Moto G
- Wileyfox Swift
The set of features I was looking for was:
- open (unlocked) bootloader so I can fiddle with it (I'm a fiddler :> )
- 5" or smaller (hard to find non-enormous devices any more)
- CHEAP (I'm also cheap :> )
- reasonable quality

After navigating around for info, reviews and so on I have chosen Wileyfox Swift, especially because of pricing and specs.

Motorola Moto G 3rd Gen 1GB RAM, 8GB disk is ~£150.
Wileyfox Swift 2GB RAM, 16 GB disk is ~£120. The same spec'ed Moto G is around £200, quite the difference!




The Wileyfox was swiftly dispatched by Amazon and I got to play with it just a couple of days after placing the order.

First impressions were really good. This is a nifty, little machine. Plastiky, but solid and quite slim!
The display doesn't look ginormous and is very crisp and bright.
Booting up to and general use of CyanogenOS 12.1 was a pleasure and it felt like a breath of fresh air coming from the old and locked-down Motorola XT910 - good bye bloatware!
I love the new Privacy Guard feature in Android and the fact that I can now have fine grained control over what applications can do and access.
I am also happy about the availability of Truecaller anti-spam functionality, though I have not started to use it yet.


Things I like, not necesarilly about the hardware, but on the whole:
- dual micro-sim - never again shall I buy a single-sim device!
- decent battery life, it gets me through the day easily and charges fast 
(still a long way from the 3200mAh of the XT910)
- good build quality, considering the price
- crisp and bright display
- pretty fast, I'm yet to experience any lag - though I don't use any heavy apps such as games
- good control of the apps via Privacy Guard, really Android should have had this from the beginning
- default OS is nice and clean, without the usual crapware and some great additions
- easily hackable, trivial to play with the ROMs etc - great for developers and techies!
- holding the back button pressed for slightly longer kills the current app. How I craved for something like this!


And some things I don't like:
- the camera - it's the biggest let-down of this device, 13MP and 5 lens, but it's mediocre at best,
can be enough for some quick snaps for Twitter etc, but nowhere near the quality of the e.g. Galaxy S4 one
and in many cases worse than the camera in my old 2011 Motorola XT910.
For a while I thought there is some sort of film covering the lens, alas not, it's just crappy. :)

- the dual SIM experience is OK-ish, but surprisingly less so than the Nokia Asha 503, not as much control,
I hope future Android releases will improve this

And a few issues...
My first actions were to secure the phone, i.e. setting a PIN and also enabling scrambling of the input layout; next was encrypting the phone. These 2 should be done by everyone, alas few care - or understand enough to care about the security. Manufacturers should put more effort in this.

Moving on, I hit a problem, because that's what happens when you fiddle. :)
While still at an experimental stage of using this phone, I wanted to go back to an unecrypted state ... and to my surprise I noticed it's not really possible anymore. Perhaps there is some shell thingy that can be done to disable it, but it's certainly missing from the UI and I hadn't enough time to fiddle any more with it that day.
I went straight for a re-flash of the CyanogenOS which is available at https://cyngn.com/support; this wiped out the encryption (along with my data).
This is very easy to do, takes 5 minutes. Start with putting your phone in fastboot mode then install android-tools (Android SDK) on your computer so you have "fastboot" and "adb" utils available.
wget http://builds.cyngn.com/factory/crackling/cm-12.1-YOG4PAS1T1-crackling-signed-fastboot.zip
unzip cm-12.1-YOG4PAS1T1-crackling-signed-fastboot.zip
sudo fastboot -i 0x2970 flash boot boot.img
sudo fastboot -i 0x2970 flash system system.img 
sudo fastboot -i 0x2970 flash recovery recovery.img
sudo fastboot -i 0x2970 reboot
Problem solved!

Flashing the OS via Fastboot created another problem though, it had not left enough free space on the data partition to allow for the disk encryption to be enabled.
This meant I had to do it manually, seemingly a simple operation, but which will also wipes your data - good thing I messed around with this phone before putting in "production":
- reboot in recovery mode (adb reboot recovery)
- get a shell (adb shell)
- check /proc/partitions and /proc/mounts for your "data" partition and resize the filsystem on it to use 32Mb less space 
(just substract 32768 from the number shown in /proc/partitions), this WILL WIPE YOUR DATA. e.g.
~# mke2fs -T ext4 -L data /dev/block/mmcblk0p31 12951023
- reboot and you're done, once the phone is up and running you can encrypt it again!

Besides encryption, I also recommend installing a firewall application, I have found AFWall+ to be excellent, it's both in Google Play and F-Droid. If you like to stay in control of your device, this frontend to iptables surely helps.

I have also disabled Gmail, Google calendars and pretty much everything Google I could except Play; I'm currently sync'ing my contacts, calendars, tasks and notes from a local installation of Owncloud.
This has been a surprisingly pleasant experience and warrants another blog post in the near future.

Conclusion
The Wileyfox Swift has been so far a very nice experience, more than worth the £120 I paid and I recommend it to anyone who wants a "no bullshit" smartphone experience.
Watch out for the camera, if you like to take beautiful pics, this will probably let you down. Having said that, it's not totally worthless and is fine for a quick snap.