|
|
|
Last Week Next Week Insights Index Daynotes.com Email: tom@syroidmanor.com
Apologies for my spotty performance this week -- as the saying goes, I've been busier than a fart in a windstorm ;-)
My chroot'd/SSH/CVS project is 99% functional. Unfortunately, the 1% I've yet to surrmount is a show-stopper. I'm having trouble getting the key component (a piece of sendmail code) to compile correctly. And given I'm not a programmer by any stretch of the imagination, the whole process has become... er... challenging to say the least. I'm learning lots, though, and I suppose that counts for something.
The balance of my week has been taken up with writing a ton of documentation regarding all the steps I've taken so far, what failed, why, how I overcame things, etc. The point is to ensure I have a full record of my exploits both for myself, and anyone else who might have to either become involved in the project or take over in my absence.
Today is Turkey Day here in the Great White North. It's always been a mystery to me why we celebrate Thanksgiving a full month ahead of our American counterparts. Generally speaking, it makes for a lot of unnecessary complications for cross-border dealings; more so for me, as I work for a US-based company. Ah well. Nobody consulted me on the dates for statutory holidays, so it's pretty much out of my control.
Other than roasting a nice bird, today we're busy doing routine household maintenance and I'm trying to help my friend Brian get his wireless card working. All the usual weekend stuff...
To my Canadian readers, Happy Thanksgiving. To everyone else, hope you're having a great weekend. Hopefully next week I'll be able to return to my usual daily postings. Be well; be good.
Very productive day yesterday.
I got wireless working under Gentoo. Joy and rapture. It took a bit of digging, but in the end the problem was relatively minor -- a configuration file out of sorts. In the process I also managed to resolve a long-standing routing problem. The end result is a nice clean init cycle, the removal of all "hacks" I stuck in /etc/conf.d/local.start, and fully functional networking whether I'm using wireless or plugged into a CAT cable. Double joy and rapture.
I've returned to the Gentoo-ized (spelled, highly patched and tweaked) 2.4.19 kernel on Phaedrus, using the latest -r10 ebuild. So far it's very responsive and working as advertised. I'll pound on it for a few days before giving it a "recommended" rating, but my experiences with Gentoo's patched kernels have to date be very good. I suspect -r10 won't disappoint. Unfortunately, the openMosix 2.4.19 kernel is not ready for prime-time due in large part to incompatibilities with GCC 3.2. I plan to return to openmosix-2.4.18 on my two dev boxes as time permits.
No luck yet getting KDE beta-2 to compile, but I'm not worried. Trying it didn't break anything, and my current CVS-20020926 build is as stable as a rock. And highly useable, I might add.
Last night I managed to work through all the intricacies of setting up a chrooted, SSH-only, CVS repository on Phoenix. Building and installing the requisite binaries is not terribly difficult: Download the latest stable CVS source, build it "static" (in other words, with any necessary libraries compiled into the executable; necessary, due to the fact CVS is "locked" in a chroot environment and has no way to access libraries outside the chroot tree), and hack a couple other bits of code to make everything work properly. The difficult, labor intensive part is anticipating the needs of the repository and creating an appropriate directory structure to contain everything. The scenario I'm currently working with is complicated by the fact I want TWO separate CVS stores (a dev store and a "live" or working store), and because of the way SSH is threaded into the picture, this implies two separate and unique project trees. I spent about four hours penciling / experimenting with various designs and I think I have a keeper. Today I'll strip out my preliminary test tree, rebuild everything accordingly to match my new design, and test the end result. You'll know when I do.
Here's a mid-week giggle for you -- you'll especially appreciate this if you have kids. Landon is at the age where he's still a handful and a classic imp, but starting to think through things and react to the trouble he causes. This morning I was working in my office, and suddenly became aware of the fact it was awfully quiet in the other room. Quiet is an Ungood sign when you have a three-year-old. Nine times out of ten it means he/she is up to something. I peeked around the corner, and sure enough, the TV was on and Landon was nowhere to be seen. Mmm. I went upstairs, and there he was, mopping up a spill in front of the fridge. He had dumped the milk carton on the floor, and rather than panic or call for help, he had simply fetched a pile of kitchen towels and was diligently wiping up the mess. One minor problem. The milk carton was still on its side in the middle of everything, leaking. So there was Landon, concentrating on the spill, and there was the milk carton merrily leaking out into the pile. Heh. Needless to say, I had a good chuckle over the whole incident...
Enjoy the fall weather and have a super day.
A beautiful, picture-perfect fall day -- crisp, sunny, and just a hint of warmth in the soft breeze.
Today, in addition to my usual "Buzz" routine, I'll be taking my first faultering steps at setting up a chroot'd CVS server on Phoenix. The CVS server is just one part of a larger project for work that will -- if all facets fall into place as planned -- keep me busy for the next year. As most of my involvement centers on spec'ing, installing, then administering everything remotely, I need to work all the bugs and gotchas out of CVS before the actual implementation phase. Which means anticipating any and all "Murphy-ish" problems that might spring from the shadows, and having solutions in place. Put another way, I have to fully understand all the underlying mechanisms of CVS so I can troubleshoot and repair the system without a lot of head-scratching. Yes, I'm gonna be a busy boy.
I'm still trying to get the ebuilds for KDE-3.1-beta2 to build on my notebook. So far, no joy. KDE-base craps out with several errors about "nsplugins" not playing nice. I'll keep trying; eventually I'll get it. I see Dan has a new CVS snapshot up on his site (20021006), so I might give that a shot later tonight. A tip of the hat to Gentoo's Portage ports system. Despite the fact I've had no luck building KDE beta 2, the failed compiles have not broken my existing installation in any way. I'm typing this under Gentoo/JEdit right now. I don't have wireless working yet either, but I admit I haven't tried too awful hard. It's a matter of trying different combinations of PCMCIA-CS 3.2.1 with various builds of the linux-wlan-ng driver until I hit the right match. Time consuming stuff, which is why I've back-benched it for the moment.
Speaking of the relative merits of Gentoo, I must take exception with Roland's comments Brian posted last week. There is nothing whatsoever inherently unstable about Gentoo, nor is there anything inherent in Gentoo that would compell someone to continually "emerge" their system on a routine basis. Gentoo is all about choice. If you want bleeding edge, go right ahead and emerge -u world every day if that's your cup of tea. Yes, things are gonna break. But as Brian and I have noted many times in the past, we like to slay dragons; that's how we learn. But I've also got a box sitting here running a base 1.2 install on it that I haven't touched in three months. It's behind a firewall, doesn't do anything critical, and doesn't need anything special. It's simply a test box for odd projects.
However -- and I repeat -- I never, ever blindly "emerge world" even the bleeding edge Gentoo installation I run on Pheadrus. I always run emerge -up world (or system) and selectively update any desired updates one by one (emerge -u packagename).
Time for a bite to eat, then onward into my day. Be well.
Happy Monday... hope your weekend was as excellent as mine. I managed to avoid everything computer-related for two whole days (trust me, not an easy task for a chandelier-swinging workaholic like me). The weather was pleasant and dry for the most part, so we puttered in the garden, raked leaves, tended to the usual weekend household chores, slept, and just generally hung-out. On reflection, my decision was a good one. By the time Friday was said and done, I was thoroughly spent and without much of a sense of humor. For the first time in ages I actually awoke this morning feeling rested and ready to slay more dragons. Yep. I think I'll have to "close the lid" like that a little more often.
Actually, I lied. I did spend a considerable amount of time this weekend doing something computer-related. Reading. Friday I picked up Aeleen Frisch's Essential System Administration (O'Reilly and Associates; ISBN 0-596-00343-9), 3rd Edition -- Just released a couple weeks ago. If you administer *NIX systems in any way, shape, or form, or if you simply want to broaden your *NIX knowledge-base, you'll want to pick up a copy of this book. It's big (1000+ pages), but it's comprehensive and extremely well-written. Buy it, read it, understand it -- cover to cover -- and implement Frisch's techniques/recommendation. Your system(s) will be more secure, more stable, and you'll be more savy by doing so. There's not much regarding admin this title doesn't cover. There's chapters on filesystems, security, user/group management, a detailed accounting of the startup/shutdown init scripts, DNS/Mail server configuration, backup and restore techniques, and lots and lots of material on all aspects of networking. Plus Frisch covers configuration specifics for HP-UX, AIX, Linux, Solaris, FreeBSD, and Tru64. I learned more about user/group management in two hours than I've soaked up in 15 years of using and administering systems. Highly recommended.
Based on what I gleened from Essential System Administration over the past few days, I started creating a new "securing and hardening" checklist to use on all new systems I'm responsible for. I also assembled some shell scripts to check for setuid/setgid bits, scan a system for errant file permissions, and several other chores that up until now I performed manually. I'll share when I get the list assembled and tested a time or two.
Send questions or comments about this site to
webmaster@syroidmanor.com.
Copyright © 1998-2002 Tom Syroid. All Rights Reserved
