Archive for the ‘Scitech’ Category

Unbound and FreeBSD

Wednesday, September 25th, 2013

Unbound is now the default resolver in FreeBSD 10. This is really good news. Bye bye BIND.  I have been running my DNS services on NSD and unbound for several years now.

Update: OpenBSD has also imported to unbound but BIND is still the default.

Git vs. Fossil

Sunday, June 30th, 2013

Being spoiled by fossil I found out today how difficult is to edit a damn git commit message after you have pushed to a public repository. It involves messing with the history, something fossil explicitly prevents you from doing. The result is that I moved the little project I’m working on from github to chisel.

Dports vs. Pkgsrc

Thursday, June 20th, 2013

I’m running DragonflyBSD 3.4.2 in VirtualBox. It was updated just today from 3.2.2, which worked like crap mainly due to the fact  that the host box is an Athlon 64 x2 box with 2G of RAM running Linux. I merely wanted to test some Perl stuff, got frustrated and ended up reinstalling the whole thing. So far 3.4.2 runs noticeably better. And the installer is fast. I can’t recall any OS install being as fast as dfly on a real machine, let alone in vbox.

DragonBSD traditionally came with pkgsrc for package management. If you wanted, say vim, you couldn’t install it directly if there wasn’t a binary package available for your platform. You would need to compile it from source. Needless to say, compiling anything in vbox on this machine is overkill. So is a bmake search which may take a while to extract the dependency database. In truth is it takes way too long, because I gave up along the way at 500 packages (out of 5k) and several cups of tea.

Since 3.4, the FreeBSD ports collection was ported to dfly. It’s called Dports. Being used to ports on FreeBSD, I gave it a try. For this task dfly uses the pkgng tool by default, which is really cool. With a single command you can do just about anything concerning packages, in a fashion similar to pw(8). The result? I checked out the dports collection and downloaded a package index in about five minutes. You only need to do this once. Then I was able to install zsh, vim, rsync and perl from binary packages in practically no time.

At this point DragonflyBSD is a very usable server OS. In some ways I like it better than FreeBSD.

Leaking process info?

Friday, March 29th, 2013

Wondering how to restrict your users to only see their own processes in Linux? A quick answer that comes up is the grsecurity patch, but that doesn’t cope very well with the apparmor functionality in Ubuntu’s kernel. Fortunately, not long ago Openwall developer Vasiliy Kulikov came up with this kernel patch that allows us to mount the proc filesystem with the hidepid and gid options, achieving this. All the details are supplied at the above link. The patch was imported into mainline kernel 3.3, I believe. As a side note, this has been backported to Debian Wheezy and Ubuntu Precise kernels.

Of course, FreeBSD has a similar option since 4.0, configurable via sysctl.

Htpasswd in Perl

Saturday, February 16th, 2013

I was forced to write a htpasswd utility in Perl 5 out of frustration. Neither nginx nor squid provide one and I’m not going to install Apache tools just to get such basic functionality. I was also dissatisfied with this one as it doesn’t do MD5 passwords, doesn’t handle spaces in passwords and the CLI is completely useless. You can get it here. It aims to behave as closely as possible to the original htpasswd utility in Apache. One needs to at least install Apache::Htpasswd and Term::ReadKey in order to run it. In fact the latter is only required for interactive mode. If you also want SHA1 hashes, then you need Digest::SHA and MIME::Base64 installed. SHA1 and plain text hashes are only implemented in output only mode. I should have probably used Authen::Htpasswd instead, as it supports file based operations with these hashes out of the box. This is left for a future revision or as an exercise to the user.

Update 03/03: Rewritten with Authen::Htpasswd. The script also got smaller while doing more.

Small screens

Wednesday, January 23rd, 2013

Openbox. The perfect window manager for netbook screens. No panels, no icons on the desktop, no useless eyecandy, no nothing that would get in the way. Just a simple root menu, keybindings and the dock – should you want to run anything in it. Of course one could also run one of several panels or a fullblown desktop environment. Here’s a guide.

Linux issues

Sunday, November 25th, 2012

Some of the Linux people are unhappy with the direction udev is heading toward (integration with systemd) and have decided to fork it. This discussion also concerns Debian as they are looking to replace sysvinit with something more modern, without breaking compatibility with the other platforms they support – which systemd and upstart do, because they rely on Linux specific components such as udev and dbus. Upstream vendors are pushing changes that break compatibility with other Unix-like platforms such as *BSD. This practice even threatens to further break compatibility between Linux distributions.

Console scrollback

Friday, October 26th, 2012

Trying out Minix 3 in VirtualBox lead to a very unpleasant surprise: no console scrollback. What a complete waste of time to use an operating system that comes with a console that doesn’t scroll. This reminds me of NetBSD, where you have to recompile the kernel in order to get a scrolling console. Or use window, tmux or screen to achive such basic funtionality. Hello? We are not in 1970 anymore, at the beginning of the Unix epoch. In 2012 this is a bug, not a feature. Today,  you can run Unix on microcontrollers.

Apples and oranges

Sunday, October 21st, 2012

I’ve recently switched jobs and my new employer is using iMacs for Perl development. It’s my first contact with Apple and OS X after being a long time Linux user and also running FreeBSD for more than a decade, along with less and less Windows usage. I won’t insist on Windows since it’s not an Unix family OS. Below are my impressions after two weeks of OS X 10.6 usage for software development.

The good: Nice and responsive graphical user interface. The fonts, the graphics and the quality of the display are beautiful, unlike anything I’ve seen so far. When you run CPU and I/O hogging tasks in the background, the GUI is respnsive and doesn’t lag like Windows or X11 does when you fill up the RAM. Best of all, when you open a terminal you’ll find an Unix-type OS underneath with Perl and Java included in the base OS. You cand also install the chain of development tools via Xcode or get just the command line tools if you only need them instead of the whole IDE. The next logical step is to install the open source software Apple didn’t include via Macports or Homebrew or even pkgsrc. As an IDE we use Eclipse and it runs smooth. Otherwise OS X is user friendly and easy to use. If you want to configure something, it’s usually easy and straightforward. Configuration options aren’t obfuscated and hidden under 5+ levels of menus like in Windows 7.

The bad: Some of the open source packages are not very well supported and break or segfault, like mcrypt did. But that’s alright since they aren’t supported by Apple anyway, right? Missed the RPM hell? Try Macports.

The ugly: While there’s nothing ugly about Macs, the whole Apple box is essentially an appliance. If you just want a high quality computer that does the job at the end of the day, that’s fine. When you want to add hardware, be prepared to buy it from Apple at a premium. You can build a more powerful PC for the same amount of money, but you probably won’t do it inside a monitor or a box as small as the Mac mini.

PHP bugs

Sunday, May 20th, 2012

I am sick and tired of upgrading PHP and friends – packages upon some extensions it builds depend on, which web developers are normally using, like libxml2, freetype or libpng (both of them required by gd). In 2012 alone I have received no less than three critical security advisories for PHP alone, two for libxml2, one for freetype and one for libpng. Most of them involve serious vulnerabilities leading to remote code execution. So far I had to upgrade PHP and friends no less than seven times this year! I am seriously considering running a FEMP environment in a FreeBSD jail. It would make the upgrade process even more of a hassle and complicate things but would at least the host system won’t get compromised that easily.

Find out why PHP sucks, sucks, sucks from the programmer’s point of view. I’m not a programmer and PHP has worked fine for me. And it still does. Just that it’s annoyingly full of ugly bugs.