All posts by Matthias Scheler

Welcome to NetBSD 4.0_BETA2!

Today I finally found the time to update my home server from NetBSD 3.1_STABLE to 4.0_BETA2. As usual the update went off without major hitches. I booted the 4.0_BETA2 kernel into single user mode and was pleasantly surpised that it automatically found the root filesystem on the hardware RAID. NetBSD 3.x kernels required a hardwired root filesystem to boot on my server.

Updating the userland was the next task: I extracted the base distribution binary sets, used postinstall(8) to handle most of the necessary changes and fixed the rest (missing users and groups) manually. In addition I replaced all installed packages with 4.0_BETA2 binary packages built on another machine a few days ago. After updating the boot blocks I rebooted the machine again and allowed it proceed to multiuser mode uninterrupted.

Most services worked without problems. Sendmail didn’t start because I hadn’t updated its startup scripts, Postfix tried to start because I hadn’t disabled it. I corrected both issues and my server has been working fine ever since (which is admittedly only a few hours at the moment). So far I had not much time to play with the new features. But I managed at least to switch the /tmp filesystem from MFS to tmpfs.

My next home server improvement project is to replace Sendmail with Postfix. But that will require more time and studying of the Postfix book to complete the configuration files.

Mac OS X … Blessing or Curse?

These days my preferred desktop machine at home is my Power Mac G5. The machine is reasonably fast, very silent (or at least less noisy than the other machines) and runs Mac OS X.

And using Mac OS X on your desktop computer is nice:

  1. The user interface is easy to use, consistent (unless you use X11 applications), looks nice (a matter of taste of course) and is very fast despite the eye candy.
  2. Features like 3D acceleration (even for X11 applications) and dual head mode work out of the box without any tinkering.
  3. Mac OS X comes with most of the necessary multimeda bits and pieces to deal with today’s Internet (e.g. Macromedia Flash, Java and QuickTime). More stuff (e.g. Windows Media support, RealPlayer) is available as easy-to-install downloads.
  4. If iLife 06 is installed on your computer Mac OS X can store, manage and edit all your photos and videos created with your digital camera or camcorder.
  5. Watching a DVD works out of the box. Creating a video DVD is very easy thanks to applications like Roxio Toast Titanium.
  6. Connecting my father in law’s scanner-printer-combination went smoothly. The necessary drivers were on a CD-ROM comming with the printer. It took only a few mouse clicks to install them. Afterwards all the features of the printer including the scan button on the front worked without problems.
  7. And beneath the shiny surface there’s a real UNIX like operating system. All you need to do is launch the terminal application and you’ll get a shell prompt.

But not all is well in Mac OS X land:

  1. The basic security approach in Mac OS X is reasonable: users don’t use an adminstrator account (in UNIX terminology: you don’t login as root). If an operation requires administrator privileges Mac OS X asks for an administrator’s account and password first.
    But unfortunately Apple went to far too keep things nice and simple. They often forget security implications when adding new features.
    After installing Mac OS X you get automatically logged in. You have to change the configuration to enforce a login with account name and password. Another prime example is the default behaviour of the browser Safari. As soon as it has finished downloading a disk image (a file with a Mac OS X filesystem in it) it mounts the image automatically. And that can cause bad things including a kernel panic if the filesystem in the disk image is corrupted. A user which is a member of the administrator group is also allowed to change a lot of system settings by default which could compromise the system’s security. Fortunately you can (and should) tighten security by turning off all these features.
    Besides having an insecure default configuration Mac OS X also suffers from a lot of security problems caused by avoidable bugs. There was (before the last security update) a setuid shell scripts (bad idea) which used the user supplied command search path (you’re out).
  2. Integrating Mac OS X into a network seems easy. And managing your basic network configuration is pretty easy. Ad hoc access to a file server via CIFS is also well supported including a graphical network browser.
    But if you need a more sophisticated setup things become difficult. Something as simple as a static NFS mount is actually tricky. Performance of CIFS and NFS over TCP is very bad by default until you find the magic knob to tune the TCP performance. Certain features (e.g. remote desktop access) just don’t work for accounts managed by a network directory service (e.g. NIS).
  3. Mac OS X is also cranky from time to time. Something stops working and it is really hard to figure out why.
    Yesterday the installation of the Cisco VPN client would just not start on my wife’s PowerBook G4. She had to log out and log in again to make it work.
    My personal archenemy in Mac OS X is lookupd. Besides causing NIS problems it hung my Mac at least twice when Firefox tried to lookup an unresolvable hostname.

Does this mean that Mac OS X is just another Windows? I would actually argue that Windows is a bad Mac OS X imitation. A lot of the new features in Windows Vista are already available in Mac OS X Tiger or even older versions. And while the security problems in Mac OS X can be solved by a more restrictive default configuration and better quality assurance Windows still has fundamental problems.

Despite the present problems I’m still enjoying the blessing of Mac OS X … and curse it occasionally.

You can’t improve on Perfection

Yesterday my wife and I visited one of our favourite pubs, The Bridge in Waterbeach. I was looking forward to have my favourite dish on their menu: the Aberdeen Angus Burger with Stilton and mushroom topping. Besides tasting great this burger doesn’t leave you hungry.

When we arrived in the pub we discovered that the menu had changed … which is always a bad sign. I studied it anxiously and found my worst fears confirmed: the burger was no longer on the menu.

I told myself not to panic and searched the menu for a replacement. I found the Rumpsteak Burger and ordered it with the Brie and mushroom topping. I tried to keep the hope alive that the new burger might be as good as the old one.

Unfortunately it wasn’t. Don’t get me wrong, it wasn’t a bad burger. But there was no way it could compete with the Aberdeen Angus Burger. The meat wasn’t as delicious, the Brie cheese was too greasy and the bun tasted a bit wishy-washy. In the end I left the pub somewhat disappointed.

I really hate it when that happens. I find something I like and they improve it or stop making it for no good reason. 🙁