All posts by Matthias Scheler

Taming the Edgy Eft

Issue 25/2006 of the c’t magazine included a DVD with the (at that point) new Ubuntu 6.10 Edgy Eft Linux distribution. And because the grass is always greener on the other side on the other side of the fence I decided to install it on one of my PCs recently.

My first surprise was that Ubuntu’s famous graphical installer didn’t work on my hardware at all. The Linux on the DVD displayed a splashscreen which doesn’t work properly with my ATI Radeon X850 XT and disabled the text consoles. That wouldn’t have mattered if the X11 server would have worked. But unfortunately it crashed immediately which left the box completely unusable. This was somewhat of a surprise because the 6.9 server I was using under NetBSD worked fine.

I reset the machine and selected the expert mode installation. Because it is text mode based it work without problems. The expert mode is flexible and comfortable at the same time. It took less than half an hour to finish the installation on my 3GHz Pentium 4 system with a reasonably fast SATA harddisk.

When the system came up after the installation I was stuck again: the text consoles were unusable, the X11 server wouldn’t start and no SSH service was availabe. I had to reboot the machine hard, boot it into single user mode and turn off the splash screen in the grub configuration. I brought the machine up, installed and configured the OpenSSH server package to be able to login remotely. Searching the web I found various hints and finally got the X11 server working. I’m not completely sure what really went wrong initially because now both the radeon driver and ATI’s proprietary driver work fine. My best guess is that the ATI driver didn’t work without a configuration file, crashed the X11 server and the driver was never loaded. But the splash screen is definitely something that the Ubuntu developers should get rid of or at least turn it off by default. I like eye candy but it should never get in the way of using the system. Hmm, why does Windows Visto come to my mind?

The next thing I did was updating all the installed packages to get security fixes. Thanks to APT it was really easy and did only take a few minutes. After the necessary reboot because of the kernel update I began to add a lot of extra packages: zsh, emacs, mutt, autofs, NIS client, WindowMaker and a lot more. Some of the package (e.g. NIS client) even provided an interactive setup which was very convenient. I was especially impressed by Linux’s automounter which was easy to setup (because my NIS server provides Solaris style automounter maps) and works much better than NetBSD’s amd(8).

The following day I wanted to configure IPv6 which turned out to be somewhat difficult. It is hard to find any documentation how to do that under Ubuntu. Most of the web pages that Google finds tell you how to turn IPv6 off because it makes Firefox a bit faster in some broken network setups. I finally found a web page which explained how to configure IPv6 under Debian. And because Ubuntu uses the same network configuration tool I got IPv6 working following those instructions. The only remaining problem was that the Linux kernel insisted on using stateless IPv6 autoconfiguration. It took me several hours to figure out how to turn that off. The main problem was to get sysctl to work as desired:

  1. None of the IPv6 related kernel parameters are available when one of the startup scripts reads /etc/sysctl.conf. Adding the ipv6 module to /etc/modules to get it loaded early enough fixed that problem.
  2. Although the Linux kernel provides global settings to disable stateless autoconfiguration you have to disable it on the particular network interface, too. This is again tricky because the necessary kernel parameters aren’t available before you configure the interface.

I ended up with the following settings in /etc/sysctl.conf:


The interface configuration in /etc/network/interfaces looks like this:

iface eth0 inet6 static
up /sbin/sysctl -q -w net.ipv6.conf.eth0.accept_ra=0 && /sbin/sysctl -q -w net.ipv6.conf.eth0.autoconf=0
address 2001:...:3
netmask 64
gateway 2001:...:1

You would think that one of the above configuration changes should be enough. But for some weird reason you need both of them. I really prefer NetBSD’s approach to IPv6 interface configuration:

  1. Stateless autoconfiguration is off by default.
  2. Sending the ICMP Router Solicitation messages is handled by an userland application called rtsol(8).

I spend a bit more time to get the sound (/etc/asound.conf was missing) and 3D acceleration (DRI doesn’t work before you disable the TV output in /etc/X11/xorg.conf) working and finally got to a useful desktop configuration. But besides the better performance of GL blankers in xlockmore there wasn’t much difference to the previous NetBSD-i386 4.0_BETA2 setup.

The next day Firefox was released. Because the new release included several security fixes I immediately downloaded the precompiled Mac OS X distribution and installed in on my Power Mac G5. Later on the same day Geert Hendrickx updated the Firefox 2.x package in pkgsrc and I could update the Firefox package on my NetBSD server, too. I also tried to update the Ubuntu system via apt-get. But an update for Firefox wasn’t available. Today, more than a week later, the update for the Firefox package was finally released. But other security fixes e.g. for GnuPG or Wireshark are still missing.

Ubuntu looks promising and I especially like their code of conduct. The NetBSD project could definitely use some of that spirit. But an operating system distribution without timely released security fixes isn’t very useful, at least not for me. Security fixes don’t always get released as timely in NetBSD land as I would like them to. But in contrast to Ubuntu NetBSD doesn’t have a company and a lot of money behind it. And I know how to update things in pkgsrc if I have to.

Mac OS X and NIS … just not good friends

When I started using a Power Mac G4 running Mac OS X as desktop machine a year ago I decided to use NIS and NFS on the machine. That would allow me to share data easily and kept my personal file on my server which uses RAID and gets backed up.

Getting NIS and NFS to work wasn’t very difficult using Marcel Bresink’s excellent instructions.The first problem I encountered was poor NFS performance, about 2MB/sec over Gigabit Ethernet. Following the advise of a fellow NetBSD developer I tried using NFS over UDP. While this is usually slower and less reliable it fixed the problem in this case. Reading a large file via NFS now runs at 30MB/sec. The only remaining problem was that I could occasionally not log in after booting up the machine. This happened about once a week and restarting the machine via the login window usually fixed the problem.

Unfortunately the problem got a lot worse when I upgraded the hardware to a Power Mac G5. I wasn’t able to login after one out of three (re)boots. On at least one occassion the problem required half a dozen reboots before I could finally use the machine. I also experienced a new problem where my account would work but the home directory couldn’t be mounted. This error required logging in as a local user and removing the bogus home directory which got created because NFS didn’t work. The automounter would otherwise not mount my home directory even if NIS worked fine.

The situation became unbearable and I began to analyzed the problem. I tried modifying the NIS startup script with little success. After a while I realized that lookupd was causing the problems with NIS. It sometimes failed for no apparent reason to talk to the NIS server. The result was that either the NIS accounts were not available or that the automounter couldn’t load the NIS mount map and the home directories weren’t accessible. I finally figured out the sequences to get my Mac working when it was in that dodgy state:

  1. Login using a local account.
  2. Open a Terminal window and use sudo zsh to get system administrator privileges.
  3. Force a restart of lookupd with killall lookupd.
  4. Wait a moment and tell the automounter to reload its configuration via killall -HUP automount.

I became tired of doing that manually of course and finally wrote a shell script which did the job automatically. The scripts gets started from /etc/rc.local like this:

nohup /usr/local/sbin/fix-nis 25 >/tmp/fix-nis.log 2>&1 &

Using that brute force approach fixed the problem. If I can’t login after booting the machine I just wait a few seconds until the scripts teaches lookupd a lesson and can finally login and access my home directory.

I nevertheless wanted to know what causes those problems and posted an article in a german Mac OS X network related newsgroup. In the resulting discussion somebody pointed out that Marcel Bresink has added a section about Mac OS X Tiger related NIS bugs to his instructions. It seems that Apple introduced quite a lot of bugs with the integration of launchd into Mac OS X Tiger. I remember that the Solaris 10 on my company laptop at a previos job had similar problems because Sun had also invented a parallelised system startup with that operating system release.

So the good news is that my NIS setup at home isn’t broken. But the bad news is that there is no better solution than my brute force shell script. Let’s hope that Apple fixes these problems in Mac OS X Leopard.

Wireless Security

Quoting from a dialog I had on IRC recently:

*Me* Your neighbour allows you to share his broadband via his WLAN?
*He* Yes, and we use a MAC address access list to stop other from doing the same.
*Me* But you don’t need an access list if you use WPA or WPA2 because it doesn’t approve the security.
*He* Oh, we are only using WEP because my neighbour’s old 802.11b WLAN card doesn’t support it.
*Me* He should really buy a better one to able to use secure encryption.
*He* Yes, he’s going to do that because my notebook with builtin 802.11g has faster Internet access than his computer now.

Wireless security is a hopeless matter because people just don’t care. 🙁