A casual on-line conversation with a nice guy from Linux community:
seven: «I’m very busy preparing Linux Day 2010 at the moment.»
geekscrap: «Whoa! it’s in october, isn’t it? You’re taking it early!»
seven: «This year it’s going to be big.»
You’ve been warned.
When your computer or server has access to multiple LAN segments with different address spaces and different gateways to the Internet, there’s a nice feature called policy routing that allows you to use all of them simultaneously without having to re-configure your network topology. This is especially useful when you want to increase the bandwidth and resilience of a single computer or server without the burden of being an Autonomous System (BGP peering, Internet Registry bureaucracy, etc.).
Here are the steps to setup multiple uplinks through policy routing on Gentoo:
One way to receive up-to-date reports about vulnerability issues is subscribing to vulnerability RSS feeds: they update on demand, they don’t rely on your mail subsystem and they don’t fill up your mailbox. The only drawback is that you could miss alerts if you don’t sync your feeds for a long time, but if you’re a IT security manager, you don’t have a life, so how could it happen anyways? 
Here’s the top feeds you should be subscribed to (CVE tags are reported in brackets):
The above list is also available as OPML file you can import into your feed reader.
Recently, I’ve browsed several how-to’s regarding the possibility of unlocking a LUKS root volume remotely using an SSH connection. For reference, the first of its kind is the one for Debian, published at Coulmann.de. Some of these how-to’s were posted to forums and mailing-lists and received many thankful comments from sysadmins wondering how to make their encrypted secure setup also easy to administrate.
The problem with their approach is simple: they asked how to fix their setup, but forgot to ask what they’re trying to protect. Having your root filesystem on an encrypted disk doesn’t protect you from remote exploitation or credential leaks. It just protects you from the risk of someone being able to access your machine locally and steal your data, or just steal the whole machine altogether. Now, if I were an attacker having access to your hardware locally, I could easily setup a trap for you in less than 5 minutes:
GNU screen is a nice utility that allows running multiple interactive shells from the same terminal session and allows you to detach from your terminal while keeping those shells alive. Later on, you can re-attach to your background screen to get back to your shells. It has a lot more features like automatic session logging and terminal window splitting. You can discover them all in the manual.
How many times did you start a long-running task like gcc compilation on a remote server and then suddenly needed to disconnect from your shell? Maybe you just needed to move to some other place with your laptop, but if you disconnected from your LAN, your ssh connection would go down. How many times you thought “Damn, if I had launched screen before this…”?
A common problem with Linux software RAID (aka md) happens when you try to use a disk that was previously part of some other disk array. Symptoms include: wrong volume size, unable to add device to raid, volume UUID mismatch. To fix the problem you need to use mdadm utility on the disk to cleanup:
# mdadm --zero-superblock devicepath
If you need to apply this fix on a system that doesn’t boot up (for instance when your root volume is on RAID), remember that mdadm and other disk administration utilities are available in Gentoo minimal installation disk.
Recently I replaced my mother’s PC, and I thought I could switch her to Linux. She was previously using Windows XP with several Open Source applications (Open Office, Firefox, Thunderbird, etc), so I decided to install Ubuntu 9.10, since it seems that it’s most devoted to non-expert users (she’s over-sixty and not inclined to change her computing habits).
The installation was straightforward and hardware support was really seamless (whew! ACPI works like a charm on new Dells), however I noticed that once the system is running, the “works with clueless user” claim (they call it “alternative to Windows“, but that’s the actual meaning) lasts only five minutes.
In the beginning, Linux was a free general purpose OS and it was not clear how Linux companies would generate profits out of it. In 1999 RedHat company went public and started to develop a real business plan. After a few years, in 2003, one of its main competitors, SuSE Linux, was acquired by Novell. Since then, both companies worked hard to reduce their involvement in desktop solutions and develop a segment known as “server market”.
One of the key technologies of enterprise server market is Storage Area Network: an infrastructure that abstracts storage resources. When Linux companies started to compete in server market, Linux had support for accessing SAN storages (Fibrechannel and iSCSI drivers), advanced disk partitioning support (LVM and EVMS), but no free shared-storage filesystem. So RedHat acquired Sistina’s GFS, a shared-storage filesystem, imported some work from OpenGFS developers, released it under Open Source license and evolved it to GFS2.
One of the best lessons you can learn from Gentoo is you can export most of its juice to other OSes. I’ve been using Gentoo as main Linux distro since 2001. Currently I have a few setups where drawbacks of migrating to Gentoo would exceed benefits, so I decided to increase affinity by adding some Gentoo look’n'feel. This week I will post some tips to setup Gentoo console colors on other operating systems.
Under UNIX-like operating systems, there are several ways to manage long-running processes such as daemons. Process management is a crucial aspect of system maintainance and therefore it’s one of the aspects to take into account when planning a deployment. Since available solutions are getting more and more complex and specialized, I thought of writing a series of articles to recap the state of the art and draw up a comparative analysis.
This post deals with two system-wide alternatives, sysinitv and Mac OS X’s launchd: the first represents the tradition, while the latter represent innovation. Feel free to use comments to share your tips.
