|
||||
HomeGraffitiWebCamAboutSiteVisualDevGPG Key |
Orb Designs Grafitti -- January 27 thru February 02, 2003
Welcome to Orb Graffiti, a place for me to write daily about life and computers. Contrary to popular belief, the two are not interchangeable. EMAIL - I publish email sometimes. If you send me an email and you want privacy or anonymity, please say so clearly at the beginning of your message.. |
MONDAY
Tues
Wed
Thu
Fri
Sat
Sun
January 27, 2003 - Updates at 0941 EST
Good morning. I have little to say this morning. It's a day off for me, since the one customer that might have needed my attention has neglected to send in a signed contract. We'll end up dropping everything and blowing out the rest of the schedule when that happens, but in the meantime, a nice quiet day is in the making. About the time the stupid bowl was getting actually started (as opposed to the initial eight or so hours of pre-game pre-infantile idiocy), it started snowing here. Only about half an inch or so stuck, and the roads look pretty good. We'll probably get out and do our belated weekend shopping today.
I spent a fair hunk of yesterday on a couple of small projects - I tested out the 3.1rc2 release of OpenZaurus on my SL-5500. That didn't work out so well - there were problems with the networking setup. I couldn't get wireless going at all. So I'm back on the 3.0 release, and everything's hunky and dory.
Then, in the wake of Tom's problems with Red Hat's new Beta (scroll down to the Friday post), I decided to give it a go myself. I found a good fast mirror that yielded peak rates up around 430 KB/s, and pulled down the ISO image files overnight on Saturday into Sunday. Yesterday morning, I checked the MD5SUM values for the three images. No point in burning a bad download, eh?
Have I ever shown you how that works? There are two methods. Some sites give you the MD5SUM on a web page, and you can run the command against each file, then compare the output string to the published string. Initially, that verifies that you've got a good download. Additionally, if you get your MD5SUM information from a different site than your download site, you can have a reasonable assurance that you've got an un-tampered with version (as two separate sites are unlikely to have been hacked). Ah, but anyway, here's the way that md5sum works:
bilbrey@goldfinger ISO $ md5sum phoebe-i386-disc1.iso
2efd84238ecf11110a4ff18be03e44e7 phoebe-i386-disc1.iso
Now that works just fine, and I'm sure you enjoy checking 32 character hexadecimal strings visually just as much as I do. By the way, that process can take a while. It's running a byte-wise computationally intensive algorithm against a pretty large file, neh? Even on my dual-processor fast Athlon box, this can take a while.
There's an easier way to check the sums that doesn't involve your visual acuity. Many sites offer the MD5SUM data in a file that you can download. Then you can have the md5sum program check against the file data for you, thusly:
bilbrey@goldfinger ISO $ ls
MD5SUM phoebe-i386-disc1.iso phoebe-i386-disc2.iso phoebe-i386-disc3.iso
bilbrey@goldfinger ISO $ cat MD5SUM
2efd84238ecf11110a4ff18be03e44e7 phoebe-i386-disc1.iso
4877e9001790ad526702a59794a4e4ae phoebe-i386-disc2.iso
888843ca390d2a88f63355541fda8e9a phoebe-i386-disc3.iso
bilbrey@goldfinger ISO $ md5sum -c MD5SUM
phoebe-i386-disc1.iso: OK
phoebe-i386-disc2.iso: OK
phoebe-i386-disc3.iso: OK
Only that last command was necessary to check the files against their MD5SUM values, but I wanted to show you how the files and data looked. One possible hitch in this process is that in the file, the MD5SUM values may be formatted differently than the output of your version of the md5sum program. For example, the data might look like this:
bilbrey@goldfinger ISO $ cat MD5SUM
phoebe-i386-disc1.iso 2efd84238ecf11110a4ff18be03e44e7 654671872
phoebe-i386-disc2.iso 4877e9001790ad526702a59794a4e4ae 676823040
phoebe-i386-disc3.iso 888843ca390d2a88f63355541fda8e9a 578617344
Some versions of md5sum arrange their output fields differently, or print additional data, such as the actual byte-count of the file being checked. This is yet another backstop against files being different, although it's assumed (but not mathematically proven, AFAIK) that md5sum values are unique for each distinct file. The fix for MD5SUM data being different is to run the md5sum program against a small file (so that it runs quickly), then format your downloaded checksums to match that (carefully not changing values, of course. And yes, the number of spaces in between fields is significant. Once I spent quite a while tearing my hair over what turned out to be a single space in the file, and a double space in the md5sum output.
Ah, so I've digressed. Having successfully burnt ISO images that have been checked to death, was I able to install Phoebe, you ask? And well you might. I was, but there were a couple of false starts on the path. The first time, I used the pre-existing partitions that I already had set up on Garcia, and just set them for re-formatting. I made all of my other selections, including some fairly detailed package choices. Then I gave approval to install, the thing started chunking along, and hung up trying to reformat the previously defined (by Slackware) swap partition. The only option that Phoebe offered me was to exit the installer and reboot. Bah!
So I went back through, wiped all of the partitions on both disks, defined a new and spacious set of partitions, and selected an EVERYTHING package set (to save time). This time when I started the installation, it happily formatted and mounted all of the partitions. First hurdle cleared. Then the installer decided that I didn't have enough space in /usr to install the EVERYTHING package set. Arrrrgh!!!. I clicked on the back button to re-define my partition sizes... but the installer wouldn't let me go there, claiming that the partitions had been "activated" and there was no going back. Double Bah! That's a lie based upon their installer not being fitted out to demount the partitions. That's all it is. I could have recovered from this with a less sophisticated installer (like Gentoo's for instance, where my fingers and their command line comprise the whole of the installer).
One last pass I gave it, figuring that I'd run into the same problem that Tom had, where Phoebe just stopped at some point during package installation. But nope, this time it worked. I got all the way through the install. During the firstboot process, the Date-Time module was broken and generated errors, but didn't blow up the running process. Nice graceful failure mode, there. Then I ran up2date and pulled down about 400 MB of updated programs. There I left it. More when I know more.
Now that I've bored you to tears for a Monday morning repast, I'll let you move forward into your day. I know, that I have "little to say this morning" turned out to be a bit of a lie, but I meant well. Have a great one.
Mon
TUESDAY
Wed
Thu
Fri
Sat
Sun
January 28, 2003 - Updates at 0736
Howdy. First order of business, in case you haven't been paying attention lately - We've got new articles up on LinuxMuse, including the latest from Greg about a crack attempt on our machine. We're learning new stuff and having fun, why not join us?
I've been learning a bit more about the SQL Slammer (or Sapphire SQL Worm?). Here's something I posted up on Linuxmuse, and emailed to several different people I know via front- and backchannels. There were a number of responses, one of which, from Dave Farquhar, I include here:
It turns out (of course) that it's not just SQL Server that's vulnerable to this beastie (hereafter known as Bill's Tapeworm, or BT). It turns out the the Microsoft Desktop Engine (MSDE) is also at risk, and that's installed by an extraordinary number of applications, many of which are listed below.
http://www.sqlsecurity.com/forum/applicationslistgridall.aspx
I have a couple of recommendations. First off, even if the firewall rules block 1434 and 1433 inbounds, put explicit outbound denials on (from LAN to WAN) for those ports, both TCP and UDP. That way if somehow the infection gets in via some other vector yet undiscovered, it won't start up a new infection packetstorm.
Secondly, probe every machine on the networks you control for vulnerable machines, then patch each. There's a one standalone tool here:
http://www.eeye.com/html/Research/Tools/SapphireSQL.html
Here's the latest from MS on the subject, including a new patch installer...
"Microsoft has re-released Microsoft Security Bulletin MS02-061 with a new patch which combines an installer, the functionality of MS02-061 and the previously released hotfix associated with Q317748."
> Long MS URL to Slammer alert <
Happy Monday.
Thanks, Brian.
I might add that if you've got a big NT network, I suggest getting Update Expert from St. Bernard Software. (www.stbernard.com). It'll scan your network, tell you what's out there and what updates are available. Then it'll download them for you. Think centralized Windows Update with intelligence. And sometimes UE knows about an update before Microsoft has made it easily available. Schedule a maintenance weekend, send out an announcement that everyone needs to leave their PCs on, and UE will make a security rollout pretty painless. Definitely worth the money. And it'll save you enough time to learn a whole lot about Linux.
I used it one Saturday to bring our overpopulated server farm (probably on the order of 40-50 servers) up to date after two years of neglect by my predecessors. Now, in light of SQL Slammer, I can go back to the PHBs and pat them on the back for letting me schedule that maintenance weekend; that stroke of brilliance on their part, combined with good firewall work on our part, helped prevent that attack, and how's about we extend that success by scheduling a two-hour maintenance window each month to stay current....? (Then I'll go wash my face.)
Dave
Now, about my Talkabout mailing list. I've had a couple of bad addresses recently pop up, and the Mailman software notified me that it had inactivated these accounts pending new information:
So if you're interested, folks, please resubscribe under a new address. Then either unsub from your old account or drop me a line and I'll take care of it for you. For those of you who don't know what it's about, Talkabout is a mailing list I run that's a discussion list. It's currently pegged at extraordinarily low on the mailing-list-traffic-o-meter, but we hope to correct that one of these days.
I had an odd dream last night about a teacher who was arrested because some meddling busybody thought that the picture of a geographical region (let's just call it a state for purposes of argument) looked too much like a weapon. This led me to thoughts of entire football teams being expelled for explicit violence and throwing about an item that might be a bomb or satchel charge of some type or another. How about whole schools where all of the boys have been suspended for a year because they have a weapon of rape concealed on their person, with a promise of another year's suspension if they come back with it next year. I am beginning to believe that bleeding heart liberal pacifists really are destroying our country, killing our children's spirit and rewriting our history to back their views.. Saddam and bin Laden might as well lay down their arms and laugh themselves to death. We're doing it to ourselves - all they have to do is be patient.
The question I have is, how do we take back our hearts and souls, and teach our children that not everything that is dangerous is bad? That we survived fights and accidents and all sorts of things that today would bring out the lawyers and cops in herds and droves... sigh. I can't get past this right now.
Mon
Tues
WEDNESDAY
Thu
Fri
Sat
Sun
January 29, 2003 - Updates at 0710
Good morning. I've got a long slow drive in front of me, since there was freezing rain falling overnight, and it's supposed to be pretty slick out there. In other news, I had just finished updating to KDE 3.1 just before the formal announcements hit the wire yesterday morning. Is it nice? Yes, it's nice. It's definitely an improvement over 3.0.x, and I strongly recommend that you upgrade once your distro vendor has packages ready. Otherwise, of course, you can pull source packages and build it yourself...
There was a 50/50 split of spam and real mail in my box this morning. The good part there is that all of the UCE, anatomical and Nigerian millions offers, etc. were all nicely pre-segregated into my spam folder, courtesy of SpamAssassin running on Rocket, our server at RackShack. A quick glance to be sure that there were none from someone I really knew, and poof, the whole directory's blown away.
I only caught about 5 minutes of the State of the Union Address last night. That makes two, counting the Stupid Bowl that I only saw highlights of. Was there anything impressive about the way Shrub read from his teleprompter that I didn't get from my brief glimpse? I only saw the very end, where Junior was doing his best Billy Graham impression (except that the Reverend is a better speaker, neh?)
See, I could have told you I have nothing but drivel this morning. But now the caffeine's soaking in and I need to get driving. Have a lovely day.
Mon
Tues
Wed
THURSDAY
Fri
Sat
Sun
January 30, 2003 - Updates at 0723
Good morning. I had a moderately successful day yesterday. I found the key to compiling the newer xclass libraries on a fairly old installation of Solaris. Then, in the process of working out how to build the rfb suite (for x0rfbserver, yes, that project again), we started noticing odd things. Later, the machine wouldn't come back following a reboot. Um, what? Root not recognized? Something's horked on the box -- very weird.
So in the evening, I mucked about for a while with prelinking, at Greg's urging. As you may or may not know, a program doesn't run all by itself in a vacuum. When you start a program like Konqueror, another program called a linker jumps to life and figures out which libraries of shared code are needed by the invoked program, loads those into memory, and inserts into the memory the locations of the procedures and functions that are thus loaded. That way, many programs can share the same code, and use it effectively and efficiently. But for any large program, there are a fair number of these "relocations" that the linker has to cope with, and that takes significant time.
To show what's happening before prelinking is setup, I rebooted Gryphon, started X, and ran the following commands (with bits snipped out):
bilbrey@gryphon bilbrey $ export DISPLAY=""
bilbrey@gryphon bilbrey $ LD_DEBUG=statistics time konqueror
. . .
02953: runtime linker statistics:
02953: final number of relocations: 28388
02953: final number of relocations from cache: 55511
Command exited with non-zero status 1
0.27user 0.01system 0:00.91elapsed 30%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (2274major+54minor)pagefaults 0swaps
The first line, setting the DISPLAY environment variable, is needed so that the program doesn't start on screen but terminates instead, letting me time just the loading of the program. You can see from the final numbers above that there were over 28K relocations performed by the linker, and that the initial program load took 0.91 seconds. That's definitely noticable, especially since it doesn't include any display operations.
Next, I emerged the prelinker program (which pulled down another couple of pieces it needed, the dependency management of Gentoo's Portage system is wonderful). Please note that there are a number of preparatory steps to successful prelinking - I followed the document here: http://www.gentoo.org/doc/en/prelink-howto.xml. I exited from X, and ran the prelinker against my laptop system. Then I rebooted the system (to clear memory and ensure a clean test) and got the following results.
02457: runtime linker statistics:
02457: final number of relocations: 0
02457: final number of relocations from cache: 1938
Command exited with non-zero status 1
0.01user 0.02system 0:00.13elapsed 21%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (1149major+58minor)pagefaults 0swaps
There is an 86 percent improvement in program loading and linking time, down to 0.13 seconds, put down to that marvelous number: 0 relocations. Just for fun, I ran a second invocation right afterwards, to simulate the load time when many code segments are already memory resident. It's down to 10 milliseconds. Lovely.
0.01user 0.01system 0:00.01elapsed 142%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (1149major+58minor)pagefaults 0swaps
Now the first instance of most binary programs on my screen come to life noticeably faster, and multiple windows virtually explode onto the screen, popping into existence while the depressed mouse button is still returning to its upright position. Prelinking, check it out today!
OK, I've gotta roll. See you around.
Mon
Tues
Wed
Thu
FRIDAY
Sat
Sun
January 31, 2003 - Updates at 0715
Good morning. I was out of time before I started. Last night was the first Laurel Linux LUG meeting I've made - it was small, entertaining and enlightening. But it's definitely time that I started hooking into the networks out here. So more when there's more to report. KDE 3.1 and prelinking together continue to rock, heavily. Beyond that, I've not much to say. I'll be back later if something comes up. Have a good day, and happy Friday!
Mon
Tues
Wed
Thu
Fri
SATURDAY
Sun
February 01, 2003 - Updates at 0900 and 1030
Good morning. One bit of good news in my inbox this morning. The gentleman who was having trouble with installing TrueType fonts at our Laurel Linux meeting the other night has now had success. I guess the walkthrough I did on Gryphon right there in the meeting helped, eh?
The January stats looked nice and strong (here), with a few interesting search phrases, aside from the old standards...
Steven DeRose writes in with some updated information:
From: Steven J. DeRose
Subject: My Ethernet wiring page has moved, please update your link
Date: Sat, 1 Feb 2003 01:30:06 -0500Google tells me you refer to my Ethernet Wiring site in email posted at http://www.orbdesigns.com/bpages/z20001218.html
My wiring page was at http://www.stg.brown.edu/~sjd/wiring/CAT5-wiring.html
That page is no longer available on that server. It has moved to: http://www.derose.net/steve/guides/wiring/
Just thought I'd let you know in case you have occasion to use/link/refer to it again sometime.
Thanks!
Steve DeRose
Done, Steve, and I've back posted the new link to that two year old page, so that others searching can find it with ease! Now to take it easy for the rest of the weekend. I'm whacked. See you folks around, soon.
A sad morning... The space shuttle Columbia broke up over Texas, enroute to landing in Florida. The breakup happened at about 200,000 feet, and there's almost certainly no survivors. Here's a story on CNN: http://www.cnn.com/2003/TECH/space/02/01/shuttle.columbia/index.html.
Mon
Tues
Wed
Thu
Fri
Sat
SUNDAY
February 02, 2003 - Updates at 1420
Rick D. Husband, Commander
William C. McCool, Pilot
Michael P. Anderson, Payload Commander
David M. Brown, Mission Specialist
Kalpana Chawla, Mission Specialist
Laurel Clark, Mission Specialist
Ilan Ramon, Payload Specialist
Ladies and gentlemen of the crew of STS-107, Rest in Peace.
Mon
Tues
Wed
Thu
Fri
Sat
Sun
Last Week
<-- * -->
Next Week
Visit the rest of the DAYNOTES GANG, a collection of bright minds and sharp wits. Really, I don't know why they tolerate me <grin>. My personal inspiration for these pages is Dr. Jerry Pournelle. I am also indebted to Bob Thompson and Tom Syroid for their patience, guidance and feedback. Of course, I am sustained by and beholden to my lovely wife, Marcia. You can find her online too, at http://www.dutchgirl.net/. Thanks for dropping by.
All Content Copyright © 1999-2003 Brian P. Bilbrey.