Archive

Posts Tagged ‘ubuntu’

CVE-2010-3081: 64bit Linux Kernel Root Exploit

September 20th, 2010 1 comment

Well its been a heavy week on the security front, first up is a Linux root exploit for 64bit Machines.

A vulnerability in the 32-bit compatibility layer for 64-bit systems was reported. It is caused by insecure allocation of user space memory when translating system call inputs to 64-bit. A stack pointer underflow can occur when using the “compat_alloc_user_space” method with an arbitrary length input.

What does that mean? Essentially, some sanity checks in the compat_alloc_user_space function to check the length and ensure that the pointer to the block of memory is within the user-space of the process is valid was missing. The fix has already been committed but if you are running any x64 versions of Linux, make sure you update your Kernel – especially now that the exploit code is publicly available!

Read up on the exploit by Jeff Arnold from Ksplice and use this very useful CVE-2010-3081 high-profile exploit detection tool to determine if you’re boxens are already compromised.

Of particular note from his article is the breadth of exploitable distributions – see the references below for vendor specific information:

This vulnerability was introduced into the Linux kernel in April 2008, and so essentially every distribution is affected, including RHEL, CentOS, Debian, Ubuntu, Parallels Virtuozzo Containers, OpenVZ, CloudLinux, and SuSE, among others. A few vendors have released kernels that fix the vulnerability if you reboot, but other vendors, including Red Hat, are still working on releasing an updated kernel.

After downloading and running the tool under a non-sudo account, you should cheerfully get the following output.

thushan@dingo:~/tmp$ ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)

$$$ Kernel release: 2.6.32-23-server
!!! Not a RHEL kernel, will skip LSM method
$$$ Backdoor in LSM (1/3): not available.
$$$ Backdoor in timer_list_fops (2/3): checking...not present.
$$$ Backdoor in IDT (3/3): checking...not present.

Your system is free from the backdoors that would be left in memory by the published exploit for CVE-2010-3081.
thushan@dingo:~/tmp$

If not, its time to put those security drills into action!

References

{lang: 'en-GB'}
Share

Ubuntu 10.04 and getting Sun JRE instead of OpenJDK

May 2nd, 2010 1 comment

If you’ve downloaded the latest Ubuntu 10.04 Lucid Lynx you’d realise that they ship with the OpenJDK instead of the Sun (Oracle) JRE. The Ubuntu team has decided to move the Sun Java bits to the partner repository which means we need to do a couple of things prior to getting it through apt-get.
First add the repository to your /etc/apt/sources.list via the add-apt-repository command, then do a full update.

$ add-apt-repository "deb http://archive.canonical.com/ lucid partner"
$ apt-get update

Then lets install the Sun JRE & JDK as required.

$ apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts
$ apt-get install sun-java6-jdk

Once installed you can verify the correct JRE is installed with:

$ java -version

I have to say, this release of Ubuntu is incredibly refreshing ūüôā Its matured so well in a short period of time, its definitely got the Lynx Effect(NSFW).

{lang: 'en-GB'}
Share

Fedora 12 released

November 18th, 2009 No comments

It only feels last last month Fedora 11 was released, alas Fedora 12 is out now. Read about the changes and updates found in Fedora 12 or maybe just view the summary or a full list if your ubber keen.

Amongst the many changes, important ones to forward to (from the release notes):

* Optimized performance - All software packages on 32-bit (x86_32)
  architecture have been compiled for i686 systems, with special
  optimization for the Intel Atom processors used in many netbooks,
  but without losing compatibility with the overwhelming majority of
  CPUs.

* Smaller and faster updates - In Fedora 11, the optional yum-presto
  plugin, developed by Fedora contributor Jonathan Dieter, reduced
  update size by transmitting only the changes in the updated
  packages. Now, the plugin is installed by default. Also, RPMs now
  use XZ rather than gzip for compression, providing smaller package
  sizes without the memory and CPU penalties associated with
  bzip2. This lets us fit more software into each Fedora image, and
  uses less space on mirrors, making their administrators' lives a
  little easier. Thanks to the Fedora infrastructure team for their
  excellent work in setting up the infrastructure to generate delta
  RPMs on the fly for all the updates.

* NetworkManager broadband and other enhancements - NetworkManager,
  originally developed by Red Hat's Dan Williams, was introduced in
  Fedora 7 and has become the de facto network configuration solution
  for distributions everywhere. Enhancements to NetworkManager make
  both system-wide connections and mobile broadband connections easier
  than ever. Bluetooth PAN support offers a simple click through
  process to access the Internet from your mobile
  phone. NetworkManager can now configure always-on and static address
  connections directly from the desktop. PolicyKit integration has
  been added so configuration management can be done via central
  policy where needed. IPv6 support has also been improved.

* Next-generation (Ogg) Theora video - For several years, Theora, the
  open and free format not encumbered by known patents has provided a
  way for freedom-loving users to share video. Fedora 12 includes the
  new Theora 1.1, which achieves very high quality comparable to
  H.264, meeting the expectations of demanding users with crisp,
  vibrant media in both streaming and downloadable form. Thanks to the
  work of the Xiph.Org Foundation's Christopher "Monty" Montgomery,
  sponsored by Red Hat, other Xiph developers and the contribution of
  Mozilla.org, Theora videos now deliver much better quality primarily
  via enhancements in the encoder without any change in the format,
  making it available to all Theora users. Using Theora video and
  Vorbis audio formats, Firefox 3.5 and applications using the
  Gstreamer multimedia framework can deliver free media on the web out
  of the box even better than the previous release of Fedora. Theora
  is being rapidly adopted by several popular websites including
  Wikipedia, VideoPress and DailyMotion. Fedora Project is proud to
  support communities of free culture and open content as part of our
  mission. More details at
  http://hacks.mozilla.org/2009/09/theora-1-1-released/

* Graphics support improvements - Fedora 12 introduces experimental 3D
  support for AMD Radeon HD 2400 and later graphics cards. To try it
  out, install the mesa-dri-drivers-experimental package. On many
  cards, this support should allow desktop effects to be used. Kernel
  mode setting (KMS) support, which was introduced on AMD hardware in
  Fedora 10 and extended to Intel hardware in Fedora 11, is now
  extended to NVIDIA hardware as well, meaning the great majority of
  systems now benefit from the smooth, fully-graphical startup
  sequence made possible by KMS. The Fedora graphical startup sequence
  now works better on systems with multiple monitors. Also on multiple
  monitor systems, the desktop will now automatically be spread across
  all monitors by default, rather than having all monitors display the
  same output, including on NVIDIA chips (where multiple monitor
  spanning was not possible without manual configuration changes in
  Fedora 11). Systems with NVIDIA graphics chips also gain initial
  support for suspend and resume functionality via the default Nouveau
  driver. Initial support for the new DisplayPort display connector
  has been added for Intel graphics chips. Support for Nvidia and ATI
  systems is already under rapid development and will be included in
  the next release of Fedora. Thanks to the Red Hat Xorg team
  including Adam Jackson (X server), Kristian H√łgsberg (Intel driver),
  Dave Airlie and Jerome Glisse (Radeon driver for AMD), and Ben
  Skeggs (Nouveau driver for NVIDIA).

* Virtualization improvements - Not content with all the improvements
  in Fedora 11, we've kicked virtualization based on KVM up another
  notch in Fedora 12. There are extensive improvements in performance,
  management, and resource sharing, and still more security
  enhancements. A new library (libguestfs) and an interactive tool
  (guestfish) are now available for directly accessing and modifying
  virtual machine disk images. Richard W.M. Jones from Red Hat's
  virtualization team has a list of extensive virtualization tools
  available and coming up for Fedora at
  http://rwmj.wordpress.com/2009/10/20/fedora-virt-commands/ 

* Automatic reporting of crashes and SELinux issues - Abrt, a tool to
  help non-power users report crashes to Bugzilla with a few mouse
  clicks, is now enabled by default. Abrt collects detailed
  information automatically and helps developers identify and resolve
  issues faster, improving the quality of individual upstream
  components and Fedora. The SELinux alert monitoring tool has also
  added the ability to report SELinux issues to Bugzilla quickly and
  easily with just a couple of clicks.

* New Dracut initrd generation tool - Up until Fedora 11, the boot
  system (initial ram disk or initrd) used to boot Fedora was
  monolithic, very distribution specific, and didn't provide much
  flexibility. This has been replaced with Dracut, an initial ram disk
  generation tool with an event-based framework designed to be
  distribution-independent. Dracut has been also adopted by OLPC which
  uses Fedora; OLPC modules for Dracut are available in the Fedora
  repository. Thanks to the Dracut team, including Harald Hoyer,
  Jeremy Katz, Dave Jones, and many others.

* PackageKit plugins - PackageKit now has a plugin which can install
  an appropriate package when a user tries to run a command from a
  missing package. Another new plugin allows installation of software
  packages from a web browser. Thanks to Red Hat's Richard Hughes and
  the PackageKit team.

* Bluetooth on-demand - Bluetooth services are automatically started
  when needed and stopped 30 seconds after last device use, reducing
  initial startup time and resource use when Bluetooth is not in
  active use. Thanks to Red Hat's Bastien Nocera.

* Moblin graphical interface for netbooks - In additional to special
  compiler optimization for netbooks in this release and the continued
  integration of Sugar interface, the Moblin graphical interface and
  applications are fully integrated thanks to Peter Robinson, a Fedora
  Project volunteer, and others. Collaboration between the Moblin
  project and Fedora was accelerated since Moblin itself is largely
  based on Fedora. To use it, just install the Moblin Desktop
  Environment package group using yum or the graphical software
  management tools, and choose Moblin from the login manager. A Moblin
  Fedora Remix (installable Live CD) for Fedora 12 will also be
  available.

* PulseAudio enhancements - Red Hat's Lennart Poettering and several
  others have made significant improvements to the PulseAudio
  system. Improved mixer logic makes volume control more fine-grained
  and reliable. Integration with the Rygel UPnP media server means you
  can stream audio directly from your system to any UPnP / DLNA
  client, such as a Playstation 3. Hotplug support has been made more
  intelligent, so if you configure a device as the default output for
  a stream, unplug that device -- causing the stream(s) to be moved to
  another output device -- and later reattach it, the stream is moved
  back to the preferred device. Finally, Bluetooth audio support means
  pairing with any Bluetooth audio device makes it available for use
  through PulseAudio.

* Lower process privileges - In order to mitigate the impact of
  security vulnerabilities, permissions have been hardened for many
  files and system directories. Also, process privileges have been
  lowered for a number of core components that require super user
  privileges. Red Hat's Steve Grubb has developed a new library,
  libcap-ng, and integrated it into many core system components to
  improve the security of Fedora.

* SELinux sandbox - It is now possible to confine applications' access
  to the system and run them in a secure sandbox that takes advantage
  of the sophisticated capabilities of SELinux. Dan Walsh, SELinux
  developer at Red Hat, explains the details at
  http://danwalsh.livejournal.com/31146.html 

* Open Broadcom firmware - The openfwwf open source Broadcom firmware
  is included by default. This means wireless networking will be
  available out of the box on some Broadcom chipsets. 

* Hybrid live images - The Live images provided in this release can be
  directly imaged onto a USB stick using dd (or any equivalent tool)
  to create bootable Live USB keys. The Fedora Live USB Creator for
  Windows and Fedora and the livecd-tools for Fedora are still
  recommended for data persistence, encryption and non-destructive
  writes. Thanks to Jeremy Katz. 

* Better webcam support - While Fedora 11 improved webcam support, in
  Fedora 12 you can expect even better video quality, especially for
  less expensive webcams. Red Hat's Hans de Goede, developer of the
  libv4l library, has more details on his continuous upstream webcam
  support enhancements at
  http://hansdegoede.livejournal.com/6989.html. 

* Polished Desktop - The latest version of the GNOME desktop includes
  the lighter Gnote replacement for Tomboy as the default note
  application, and Empathy replaces Pidgin as the default instant
  messenger. The new volume control application, first seen in Fedora
  11, has been improved to cover more advanced users. There are many
  nice tweaks from the desktop team for a polished user
  experience. More details at
  http://fedoraproject.org/wiki/Desktop_Enhancements_in_Fed... 

* GNOME Shell preview - Fedora 12 includes an early version of GNOME
  Shell, which will become the default interface for GNOME 3.0 and
  beyond. To try it, install the gnome-shell package, and use the
  Desktop Effects configuration tool to enable it. It will only work
  correctly from the GNOME desktop environment, not others such as KDE
  or Xfce. This is a preview technology, and some video cards may not
  be supported. Thanks to Owen Taylor from Red Hat and the GNOME Shell
  team. 

* KDE 4.3 - The new KDE features an updated "Air" theme and fully
  configurable keyboard shortcuts in Plasma, improved performance and
  new desktop effects in the window manager, a new bug reporting tool,
  and a configuration tool for the LIRC infra-red remote control
  system. 

* Cool new stuff for developers beginning with Eclipse Galileo, which
  includes more plugins than ever before. Perl 6 is now included,
  along with PHP 5.3. For Haskell developers, the Haskell Platform now
  provides a standardized set of libraries and tools. But one of the
  biggest changes for developers is that most of the nice new features
  of Fedora 12, from Bluetooth to webcams, are implemented through
  underlying libraries, and many of the improvements will be included
  simply by relinking your application. Also available in this release
  are SystemTap 1.0 for improved instrumenting and debugging of
  binaries, complete with Eclipse integration, and the newest NetBeans
  IDE for Java development. 

* Cool new stuff for sysadmins include added functionality for
  clustered Samba services (including active/active configurations)
  over GFS2; and the ability to boot a cluster of Fedora systems from
  a single, shared root file system. 

* Multi-Pointer X - The update to X.Org server 1.7 introduces the X
  Input Extension version 2.0 (XI2), with much work contributed by Red
  Hat's Peter Hutterer. This extension provides a new client API for
  handling input devices and also Multi-Pointer X (MPX)
  functionality. MPX functionality allows X to cope with many inputs
  of arbitrary types simultaneously, a prerequisite for (among others)
  multitouch-based desktops and multi-user interaction on a single
  screen. This is low-level work of which applications and desktop
  environments will incrementally take advantage in future
  releases. More details are available in the Release Notes and in the
  XI2 tag of Peter Hutterer's blog at
  http://who-t.blogspot.com/search/label/xi2 

Download them from Fedora or if your a local:

I’m torn between using the latest Ubuntu or Fedora on the client.

{lang: 'en-GB'}
Share

Part I: Rebuilding ZEUS, the journey of training the next home server

October 6th, 2009 No comments

I’ve been looking at upgrading our existing home server from the archaic (and unsupported!) Ubuntu Gutsy (because I was feeling gutsy at the time) to something newer, fresher and that will last me atleast another 2 years. This is purely for my documentation.

Current Setup

Currently running an AMD setup with Ubuntu Gutsy (7.10) – I didn’t think it would last this long, honest! Ubuntu 6.06 had too many issues with the hardware/driver incompatibilities.

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=7.10
DISTRIB_CODENAME=gutsy
DISTRIB_DESCRIPTION="Ubuntu 7.10"

On an ASUS A8N-SLI Deluxe motherboard (because you know, servers need SLI!) sporting a AMD Athlon64 3200+ (the only AMD CPU at home!) with 2Gb of RAM (hey, DDR1 wasn’t cheap enough!)

lspci

00:00.0 Memory controller: nVidia Corporation CK804 Memory Controller (rev a3)
00:01.0 ISA bridge: nVidia Corporation CK804 ISA Bridge (rev f3)
00:01.1 SMBus: nVidia Corporation CK804 SMBus (rev a2)
00:02.0 USB Controller: nVidia Corporation CK804 USB Controller (rev a2)
00:02.1 USB Controller: nVidia Corporation CK804 USB Controller (rev a3)
00:04.0 Multimedia audio controller: nVidia Corporation CK804 AC'97 Audio Controller (rev a2)
00:06.0 IDE interface: nVidia Corporation CK804 IDE (rev f2)
00:07.0 IDE interface: nVidia Corporation CK804 Serial ATA Controller (rev f3)
00:08.0 IDE interface: nVidia Corporation CK804 Serial ATA Controller (rev f3)
00:09.0 PCI bridge: nVidia Corporation CK804 PCI Bridge (rev f2)
00:0a.0 Bridge: nVidia Corporation CK804 Ethernet Controller (rev f3)
00:0b.0 PCI bridge: nVidia Corporation CK804 PCIE Bridge (rev f3)
00:0c.0 PCI bridge: nVidia Corporation CK804 PCIE Bridge (rev f3)
00:0d.0 PCI bridge: nVidia Corporation CK804 PCIE Bridge (rev f3)
00:0e.0 PCI bridge: nVidia Corporation CK804 PCIE Bridge (rev a3)
00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control
01:00.0 VGA compatible controller: nVidia Corporation G70 [GeForce 7300 GT] (rev a1)
05:06.0 RAID bus controller: Silicon Image, Inc. SiI 3114 [SATALink/SATARaid] Serial ATA Controller (rev 02)
05:07.0 RAID bus controller: Silicon Image, Inc. Adaptec AAR-1210SA SATA HostRAID Controller (rev 02)
05:0a.0 RAID bus controller: Silicon Image, Inc. SiI 3114 [SATALink/SATARaid] Serial ATA Controller (rev 02)
05:0b.0 FireWire (IEEE 1394): Texas Instruments TSB43AB22/A IEEE-1394a-2000 Controller (PHY/Link)
05:0c.0 Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller (rev 13)

/proc/cpuinfo

processor       : 0
vendor_id       : AuthenticAMD
cpu family      : 15
model           : 47
model name      : AMD Athlon(tm) 64 Processor 3200+
stepping        : 2
cpu MHz         : 1000.000
cache size      : 512 KB
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 1
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt lm 3dnowext 3dnow up pni lahf_lm ts fid vid ttp tm stc
bogomips        : 2011.59
clflush size    : 64

This faithful boxen has been the primary source of our fileserver (XFS+LVM 3Tb) – used internal to our house and also by others who upload their stuff to be backed up. Subversion repositories, Apache/LightHttpd test servers for PHP work, Virtualisation for Windows 2003, 2000 and SqlServers running for testing and several other things (think: TeamCity, Continous Integration tools, Confluence etc). Its also been damn convenient when your at work or on holidays to be able to login, muse about via SSH and even fix things remotely.

Needs & Wants

The new server will need to fufil the following roles:

  • Function as a NAS to continue to offer backup (via users home directories) and storage options
    • No file-system constraints asside from no Ext3 or ReiserFS.
  • Offer the ability to still run Virtual Machines, need to virtualise CentOS, Ubuntu and Windows for testing, they’ll be running in¬† Bridged mode
  • No real need for a Gui (I can consider myself a little l33t than a few years ago)
  • Run a Subversion repository (not that hard!)

The idea is to have a bare bones operating system install and have the virtual machines handle the hard and ugly work – webservers to test things, servers to try development deployments (java) and other bits and pieces. The core OS just has to manage the NAS and allow the ability to SSH in to offer subversion access.

Hardware

The hardware I’ve picked from things I had around the place, the only thing I’ve bought is just new sticks of RAM.

  • Motherboard: ASUS P5QL-PRO
    This board offered some excellent specifications via the P43 chipset, the things I looked for was the number of SATA ports ‘out of the box’ – 6 native SATA2, the number of 1x PCIe slots (2!) for future addions of PCIe SATA adapters and the maximum amount of memory possible (8Gb). Oh ofcourse, something cheapy and that can run the CPU I had around. A Gigabit NIC was also important (dual would be better!) but if it wasn’t supported I had a trusty Intel PRO 1000MT Server PCI cards to fill the void – almost everything supports them (e1000)!
  • CPU: Intel Core-2 E6750 – 2.66Ghz (65W TDP, VT)
    Importance was Intel-VT support, low TDP and a dualcore thats not too high.
  • RAM: Corsair TWIN2X4096-6400C5 (4Gb kit x 2 = 8Gb)
    Cheapy cheapy, twice the fun of a regular kit, slightly higher CAS, but who CAreS this isnt being overclocked.
  • Graphics: ASUS 9400GT PCI-Express
    The cheapest graphics card to be found at the legendary& award winning computer store MSY Technologies. Depending on how the drivers go (I’m usually biased towards ATI for all Linuxes) I might endup paying for a ATi card later.

Next up the investigation, be warned though I started this initially back in June/July (possibly a bit earlier).

{lang: 'en-GB'}
Share

THIS IS FEDORA: Fedora 11 Released

June 9th, 2009 No comments

This is FEDORA.

Fedora 11 aka Leonidas has been released.¬†Whilst the front page is yet to be updated the mirrors are being updated as I write and ISO’s are being propogated.

Download ISO:

In Australia? Try the local mirrors:

Bit of a torrenter? See the Torrent Tracker page.

Approximate sizes (from internode):

Fedora-11-i686-Live.iso             688M
Fedora-11-i686-Live-KDE.iso         686M
Fedora-11-x86_64-Live.iso           691M
Fedora-11-x86_64-Live-KDE.iso       693M

See the Fedora 11 Release Notes for more information about changes in this release, the Fedora 11 feature list or the Unoffficial Fedora 11 Guide.

I’ve been awaiting this release primarily for the Linux Kernel v2.6.29 (in comparison to Jaunty‘s Kernel 2.6.28) which brings a slew of updates to the table – in particular KMS (Kernel mode setting – flicker free graphics), the inclusion of Btrfs in the kernel for preliminary testing and better memory mangement. Ofcourse Fedora 11 ships with X.org 1.6 as well. With the inclusion of GCC 4.4 all packages are now compiled with gcc4.4 too.

I’ve only dabbled in Fedora 10, but I think its a worthy move from my primarily Ubuntu lifestyle.

Whats really interesting though, is that Ubuntu 9.10 seems to have a decent performance bump, so whilst the wait for Fedora 11 is over, its time to get excited about the snappier the Karmic Koala.

{lang: 'en-GB'}
Share

Think outside the box: Getting VirtualBox 2.x running in Jaunty

April 25th, 2009 No comments

Here’s a quick guide on getting VirtualBox 2.x running in Ubuntu 9.04.

First make sure you add the VirtualBox repositorys to your sources:

$ sudo nano /etc/apt/sources.lst

Then add the following to the top of the file:

# VirtualBox Intrepid Repository
deb http://download.virtualbox.org/virtualbox/debian intrepid non-free

The Jaunty repository should be made available soon, in the meantime the intrepid release will work. Next we need to add the Sun public key:

$ wget -q http://download.virtualbox.org/virtualbox/debian/sun_vbox.asc -O- | sudo apt-key add –

This will download the key and add it to your keychain. Now we need to update our sources so Aptitude knows whats around.

$ sudo aptitude update

Next we need to download some build tools so we can build the kernel modules properly.

$ sudo aptitude install build-essential linux-headers-$(uname -r)

This will download the latest build tools and the headers for the kernel your running. Next lets grab the VirtualBox distribution.

You can elect to use the Open Source Edition (virtualbox-ose)  or the Free Edition (virtualbox-2.2). Differences between the two are specified on the VirtualBox site.

$ sudo aptitude install virtualbox-2.2

Then you may find that the VirtualBox Driver may fail to install. Here is where we manually do it.

$ sudo /etc/init.d/vboxdrv setup

This will stop any existing modules, remove the netfilter and virtualbox kernels, rebuild and start the modules for you.

From this point on you can use VirtualBox. Find it in Applications > System Tools > VirtualBox.

{lang: 'en-GB'}
Share

Weekend Nerding: Ubuntu 9.04 and GCC 4.4.0 released!

April 24th, 2009 2 comments

Just verfied that today is Friday – they really need an RSS feed for this. What better time to release GCC 4.4.0 and the highly anticipated Ubuntu 9.04.

GCC 4.4.0 brings improved C++0x support, a new register allocator and with the merge of the Graphite branch, which is “a new framework for loop optimizations based on a polyhedral intermediate representation”. More changes are detailed in their release notes.

As for Ubuntu 9.04, all the lovely bits of changes are documented in the Ubuntu 9.04 overview and dont forget the updated UbuntuGuide for Jaunty. Download links and local Australian Mirrors for iinet & internode.

Woo yeah for Friday.

{lang: 'en-GB'}
Share

Rebuilding Zeus: Part 1 – Preliminary Research and Installing Ubuntu 9.04 RC1

April 19th, 2009 1 comment

Just spent a fair chunk of today getting a rebuild of Zeus going – our affectionately dubbed Ubuntu server at home. This is the third rebuild (hardware wise) in the past 5 years (sheesh its been that long?), but I’m not complaining. First Ubuntu’fied version (5.10 – Breezy Badger) ran on an Pentium 4 3Ghz (Socket 478), noisey little guy that sucked quite a bit of power which was my old development box¬† that served me well.

Then with the release of the fornicating Feisty Fawn (Ubuntu 7.04) I moved over the server to an AMD box, a AMD 3200+ on a ASUS A8N-SLI Deluxe (which featured the incredibly shakey NForce 4 SLI chipset) with a modest 2Gb of DDR ram.

NVIDIA nForce4 APIC Woes

Unfortunately I didn’t realise that by using the NForce 4 chipset under Linux I’d have to wrestle with APIC issues due to an issue with the chipset and regressions.

If you fall into the above hole, edit your grub boot menu:

$ sudo vi /boot/grub/menu.lst

And change your booting kernel with two new options:

title           Ubuntu 7.10, kernel 2.6.22-14-generic
root            (hd0,5)
kernel          /vmlinuz-2.6.22-14-generic root=UUID=c7a7bf0a-714a-482e-9a07-d3ed40f519f5 ro quiet splash noapic nolapic
initrd          /initrd.img-2.6.22-14-generic
quiet

You may want to also add that to the recovery kernel just incase. This will effectively disable the onboard APIC Controller as its quite buggy. More information is available on Launchpad.

Its been chugging along nicely for the past 2 years – the time is always in accurate (about 8 minutes ahead) but the uptime right now is:

thushan@ZEUS:~$ uptime
19:54:06 up 147 days,  7:27,  7 users,  load average: 0.22, 0.43, 0.32

So I figured its time to put these issues behind and redo the server infrastructure at home.

Goals

There are some goals in this rebuild.

  • Try out Ext4 and remove the use of ReiserFS and JFS which don’t seem to be going anywhere (JFS here and here). ZFS would be nice (but no FUSE!) to try out, but I’m hoping Btrfs brings some niceties to the table.
  • The new Zeus needs to look at virtualisation a little more. Right now, alot of the QA for Windows builds of our stuff is done on several machines all over the place. Consolidate them to 1 Server with VT support, plenty of RAM and use a hypervisor (mentioned later) to manage testing.
  • Provide the same services as the existing Zeus:
    • SVN + Trac
    • Apache
    • MySQL / Postgres
    • File hosting, storing vault sharing content across the computers around (the whole house is gigabitted).
    • Fast enough to run dedicated servers for Unreal Tournament, Quake, Call of Duty 4 and a few other games.
    • Profiles, user data needs to be migrated
  • Messing about with the Cloud-Computing functionality in Jaunty.
  • Provide a backend for the Mythbuntu frontends.
  • Last another 2 years

Hardware

My previous workstation motherboard was the awesome ASUS P5W-DH Deluxe with a Intel QX6850 CPU, powered by the Intel 975 Chipset that has lasted for alot longer than anyone had predicted. But earlier this year I had a problem with the board that warranted a RMA request. As I had to have a machine I ended up buying an ASUS P5Q-Pro and did a re-install (same CPU). So instead of selling off the P5WDH I’ve decided to use that board coupled with a Intel E6750 which was picked because it supports Intel VT and it was lying around. Otherwise I _wouldnt_ consider using this setup – overkill!!! But I do want this setup to last and be beefy enough to support a little more than a few VM’s running concurrently.

Pretty shots are available here. Otherwise, the test bench, the tuniq and a pretty shot of my setup at home (no its not clean).

Software

Clearly Ubuntu¬† 9.04 is where its at, its sleeker, blindingly fast to boot thanks to the boot time optimisations and sexier desktop thanks to the visual tweaking and the new Gnome 2.26 inclusion. The installer has matured greatly, gone is the plain old boring partition editor based on GParted and a sleek new timezone picker. To make the most of the RAM in the box, 64bit edition of Ubuntu-desktop is what I’m installing.

Installing Ubuntu, use a UNetbootin!

So you grabbed the latest ISO, burn and chuck it into an optical drive and way you go aye… *IF THIS WAS 2005*!!! As mentioned in an earlier post, grab a copy of UNetbootin, select the ISO you mustered from your local free ISP mirror and throw it inside your USB thumb drive. These days USB drives are dirt cheap, I picked up a Corsair Voyager 8Gb (non-GT) for AUD$39.

Why would you want to do that?  You wont need to use CD-RWs, delete and put another ISO and whats more, it will install in no time. With the VoyagerI got the core OS installed in 5 minutes Рafter selecting the iinet local software sources mirror. Funky?

Hypervisors

I got into the Virtualisation game early, VMWare 2.0 (2000-2001) is where it all began after seeing a close friend use it. Unfortunately I had to almost give up my kidney to afford to buy it. Then a brief time  I moved to Connectix VirtualPC when VMWare 4.0 arrived and messed up my networking stack, but went back to VMWare 3.0 for a little while. Then eventually moved back to VirtualPC 2004 after Microsoft acquired Connectix (it was free from the MSDN Subby) and back again on VMWare with version 5.

Fast forward to 2009, we have some ubber quality hypervisors. VMWare still has the behmoth marketshare but a little birdie got some extra power from the Sun and impressed everyone lately with its well roasted features. But the critical decision was which hypervisor to use, we have VMWare Server (1.0 or the 2.0 with its web interface – errr!), XenServer (which is now owned by Citrix) or VirtualBox.

After playing around with VMWare Server 1.0 last year I was left wanting more, so naturally I moved to VMWare Server 2.0 not knowing that the familiar client interface is GAWN, instead in its place is a web based implementation – VI Web Access.¬† It was slow and clunky and took a while to get used to – but the fact that it showed the status via the web was funky, but runnig an entire VM Session via a browser plugin (which hosed every so often) was far from impressive ūüôĀ

It finally boiled down to deciding to go with VMWare Server 1.0 (released mid-2006), leaning onto XenServer (seems to include a bit of a learning curve) or to move to a brighter pasture with Sun VirtualBox – which is what I use on my development boxes. I’m still playing around with all three to see how they fair. I am a little biased towards VirtualBox (¬† I reckons its awesome ja! )¬† but as this is a long-term build I can’t knock out VMWare Server out just yet nor go the full para-virtualisation with XenServer which is probably what I’ll end-up doing.

I’ve only got a few days before the final release of Ubuntu 9.04 arrives and all this research prior is to make sure things go smoothly next weekend.

{lang: 'en-GB'}
Share

Funky Jaunty: Ubuntu 9.04 Release Candidate, its almost here!

April 17th, 2009 1 comment

Excited Jen? You should be. Ubuntu 9.04 (aka Jaunty Jackalope) will be out in less than a week, and if you cant wait, grab the Release candidate and give it ago.

Amongst the highlights:

Our main server box (Zeus) is still running 7.04, so I think its about time I upgrade the little guy to the latest and greatest, 2 years later with a fresh dose of hardware.

{lang: 'en-GB'}
Share

QuickTip: Extracting all files in multiple folders in Linux

April 11th, 2009 No comments

I just got sent a bunch of backup snapshots nicely compressed in RAR format in 20Mb segments in multiple folders. Nice I thought, now you’d have to iterate through 80 folders, and extract each rar file and merge them all into the same folder.

/media/Storage/Shared/Backups/AcronisTrueImage.WEBSOFTWARE-X.20090201/*.rar
/media/Storage/Shared/Backups/AcronisTrueImage.WEBSOFTWARE-X.20090202/*.rar
/media/Storage/Shared/Backups/AcronisTrueImage.WEBSOFTWARE-X.20090203/*.rar

So I threw the files onto our linux box (didnt want to run this through Cygwin) and knocked up a little gem to iterate through all the folders and extract the RAR files and put them into the root folder.

$ find -type f -name ‘*.rar’ -exec unrar x {} \;

Nice and neat. This uses the find command to iterate through all the RAR files and executes the unrar command. In order to get this to work, you should get (in my case) the Backup folder and execute the above, then it will iterate through (again in my case) the /AcronisTrueImage.*/ backup folders and find the rars and uncompress them to Backups folder.

On the subject of backups, the only solution you ever need is Acronis True Image, I’ve trusted them to manage our backups for close to 7 years now (True Image Deluxe even had ReiserFS support in 2002), I use Echo Workstation but Home would suffice for most.

{lang: 'en-GB'}
Share