Red Hat have published a useful article on Linux daemons, explaining what they each do, and in what circumstances you could disable them. This is obviously good for security and performance.

If you want to really go to town on performance, you might also consider optimising your ext3 volumes :)

Implementing OpenManage Server Administrator (OMSA) on a Dell PowerEdge running Red Hat Enterprise Linux today, I found this, which is the unofficial Dell repository for OMSA. They even provide a couple of scripts to help you import the GPG keys, set the repo up and install the latest version over the net.
Worked like a charm :)

I have been refining my use of Linux as an iTunes client, so I can get a crappy old machine running Linux and use it to access my entire iTunes library over the network. Output can then be to anything via the headphone jack.
To achieve this with Ubuntu 6.10 (Edgy Eft), I have found that the following works:
apt-get install gstreamer0.10-ffmpeg gstreamer0.10-plugins-bad gstreamer0.10-plugins-ugly gstreamer0.10-plugins-bad-multiverse gstreamer0.10-plugins-ugly-multiverse gstreamer0.8-plugins
Then edit /etc/default/avahi-daemon so that
AVAHI_DAEMON_START=1
Restart avahi-daemon (or reboot), and Rhythmbox now discovers and plays all your local iTunes shared libraries.
:)

GNU screen is like a window manager for terminal sessions - when you invoke screen, you can have multiple terminals (screen windows) open and running different processes, a bit like having the multiple desktop spaces in Gnome or KDE.

You can also "detach" screen, which puts all your active screen windows into the background and returns you to your default terminal session. You have now quit screen. This is a bit like disconnecting from a terminal server session - you can log off and log on again later from another machine, and re-attach your screen session. At this point, you can pick up all the processes you left running in your screen windows.

Invoke by using
screen

Screen windows are numbered 0-9

Create a new screen window with
ctrl-a c

Switch to next screen window with
ctrl-a n

Switch to previous with
ctrl-a p

Switch to screen window x with
ctrl-a x

Detach a screen from terminal (put screen windows in background) with
ctrl-a d
note that closing a terminal session without logging out also appears to detach active screen windows.

A detached screen (including all it's windows) can be resumed by invoking screen with the -r option:
screen -r
if you have multiple disconnected screen sessions, you will be told how to reconnect to one of your choice.

This pretty much covers what I need GNU screen for right now, but as is often the way with GNU/Linux software, it is immensely powerful and does way more than this. A screen users manual is here.

I have previously mentioned an article by AnandTech in which they documented a fairly convincing lab exercise in which it was shown that Mac OS X Tiger Server made a pretty poor show of running MySQL. In fact, they claimed, OS X was up to 5 times slower than Linux running the same benchmarks on the same G5 hardware.

We have a customer who presently run a LAMP application (Linux, Apache, MySQL, PHP) that we set up for them on Red Hat Linux, running on Dell PowerEdge hardware and it's doing a sterling job.

Trouble is that they now want to scale up quite significantly, and the server that they presently have can't expand to give them enough storage without an external array (bear with me here).

So, I got to thinking about how we could give them a good value proposition in terms of storage expansion, and that led me to Xserve RAID. I had a chance to chat to the Apple guys at this years Mac Expo, and found out that the Xserve RAID is in fact Red Hat Certified, so that opens up a good option in terms of just bunging more storage on the PowerEdge server. Further research indicates that this may only be for Red Hat Enterprise Linux 3, and we are running 4, so I don't know where that leaves us.

The Apple guys also said that the MySQL performance problem had been addressed in 10.4.7 (but they would). So, while we're at it, we might want to beef up the processing side of things, so why not look at a nice spanky 64-bit Intel Xserve if it's all good now? And if we've got an Xserve and Xserve RAID, then Mac OS X might not be such a bad idea, but that brings us back to the MySQL performance problem.

However, I reasoned that since OS X is now on Intel, perhaps the situation may have changed. A bit more research has led me to find that firstly, AnandTech's findings were skewed, and secondly that OS X may be a more compelling option after all (great article).

The Inside Security Rescue Toolkit (INSERT) is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM. INSERT contains a multitude of useful tools to be at your hand in a variety of situations:

full read-write support for NTFS-partitions using captive and linux-ntfs
support for various file system types:
locally: EXT2,EXT3,REISERFS,REISER4,JFS,XFS,NTFS,FAT,MSDOS,MINIX,UDF,HFS,HFS+,HPFS,UFS,UNIONFS
net based: NFS,SMBFS,CIFS,NCPFS,SSHFS,AFS
support for linux software RAID and LVM2
support for WLAN adapters
network analysis (e.g. nmap, tcpdump)
disaster recovery (e.g. gparted, gpart, partimage, testdisk, recover)
virus scanning (Clam Antivirus with GUI avscan)
computer forensics (e.g. chkrootkit, foremost, rootkit hunter)
surf the internet (e.g. the web browser dillo [enhanced version], the graphical FTP client gFTP)
network boot server to boot network boot enabled clients that cannot boot from the CD (insert-remote)
installation on a USB memory stick (usb-install)
based on Linux kernel 2.6.12.5 and Knoppix 4.0.2

xubuntu is the low-power, small-footprint version of ubuntu (using xfce):
"Xubuntu is the newest official Ubuntu derivative distribution, using the
Xfce desktop environment and a selection of GTK2 applications. Its
lightweight footprint is well suited for low-end hardware and thin
clients. Xubuntu builds on the solid foundation of Ubuntu, with
world-class hardware support and access to a vast repository of
additional software.
=== On the Desktop ===

* Xfce 4.4beta1 including a more flexible panel, many panel plugins
and icons on the desktop
* Thunar file manager
* GDM desktop manager
* Gnome Office (latest Abiword and Gnumeric)
* Evince document viewer
* Xarchiver archive manager
* Xfburn simple CD burner
* Xubuntu System Tools for GUI system administration
* Firefox 1.5.0.3
* Thunderbird 1.5.0.2
* Package updates manager
* Graphical .deb package installer (''GDebi'')

* New documentation (''Xubuntu Desktop Guide'')
* New and more consistent artwork

and more.

In addition, OpenOffice.org and Gnome CUPS Manager are included on the
alternate CD but not installed by default."

This is an awesome article on software mirroring under Linux - I came a cropper today because I didn't understand the requirement to manually configure grub before the first disk in the mirror fails (D'OH!). The article also describes rebuilding the mirrored pair when yu've added a fresh disk following a failure. Very handy indeed :)

OpenSourceCMS.com is a handy site that demos all kinds of open source CMS systems. You can go and play with them before having to go through the pain of an install yourself, and the systems are wiped clean every 2 hours so you can wreak whatever havoc you like :)

SELinux from scratch - an article from IBM on how to implement SELinux on systems that are not SELinux aware. This might be a handy way to get to understand SELinux.......

Stuff that I have only just come to know about: Nexenta is a GNU/Solaris distribution. Whilst not part of the Debian project, they have used Debian and the OpenSolaris kernel to make a distro. Nice.
Also FreeBSD 6.0 has been released.

IBM have published some useful LPI Exam Prep guides.

A new project that I am farting about with at home is getting Linux running on an old Ultra 5 that I have lying about. Why? - well the old Ultrasparc is an incredibly well made and robust hardware platform - I've seen these things running Solaris as servers in dusty back rooms without interruption for years. Plus, the geek factor of running one of these things is awesome.
I presently host a small Mambo site for my own use from home, and right now it's on a crappy old Dell PC with a PII 333 CPU and 312MB RAM. The 64-bit 400MHz UltraSparc IIi CPU with 265MB RAM is therefore almost an upgrade :)
This machine also allows me to remotely connect in and test connections over the net to stuff I set up for customers, so I need X and a graphical web browser.
Anyway, installing Debian on the Ultra5 was a piece of cake. However, things are getting a bit more tricky now that I'm fetterng with it, so I thought I'd make some notes.
I installed Debian 3.1 Sparc on the Ultra 5 by simply giving it a "boot cdrom" command from the "ok" OpenBoot prompt and following the normal debian installer. My CD was a netinst job, and I just selected to install the graphical environment, as I'll apt everything else as I need it.
My Ultra5 has a Sun m64 graphics head, which Sun made a big song and dance about when it was new, but it turns out that it's pretty much an ATI Rage chipset, so I selected ATI for the graphics, and X was up and well, except the mouse didn't work.
I have one of the newer 3-button sun mice that connects to the keyboard using a PS/2 type connector. This post helped me out here, as I was able to use od as described to determine that I needed to use the /dev/sunmouse identifier. Once I'd hacked this into the X config file, I was good to go.
At this point I had an Ultra5 running Debian Sarge on a stock 2.4 kernel, with X and networking, which is all I need (I'm not bothered about sound - it's a server). So far, so good.
And this is where I balls it up.......
Next I wanted to upgrade to a 2.6 kernel. Mainly this was because I like to be up to date, but stable and the 2.6 kernel in the Debian stable tree gives you this. Secondarily, at boot time, I was getting some errors relating to the hard disk on the Ultra5, and I had read somewhere that these are fixed in the 2.6 kernel.
So, I used apt to install a stable 2.6 kernel for 64-bit sparc, and rebooted. The disk errors were gone, but so was X, and I couldn't log in at the console as the keymap was buggered. Nice.
The answers to almost all of this are here in this article, but this still didn't get my mouse going again. Using od agan, I was able to determine that the 2.6 kernel saw my mouse as /dev/psaux now, rather than /dev/sunmouse. Once I realised that I needed to tell it to use the PS/2 protocol, we were in business again.
At this point, I have an Ultra5 running Debian Linux on a 64-bit 2.6 kernel with X. I am a happy customer - this server will hopefully run for years!
My current XF86Config-4 file has stanzas for both 2.4 and 2.6 kernel device maps, so you could just chop and change which are selected in the ServerLayout stanza as appropriate. Download my XF86Config-4 here.
Next steps will be to install and configure Apache, MySQL etc., but that's for another day. If there's anything unusual involved , I'll post it.

PSSH is another open source ssh client for Palm OS 5 - works fine on the Treo 650, apparently.

I'm real pissed off with having no iTunes client on Linux, as my entire music library is available from a mt-daapd server at home. This is a great solution, as I mostly use Macs and can stream my music wherever I am.
However, I have a crappy old intel laptop that I thought I might use as a dedicated device for streaming music in my front room (it's too crappy for real use as a computer any more - Celeron 333, maxed out at 128MB RAM, 10GB, 800x600 display!). Trouble is, due to the lack of a Linux iTunes client, I have to run Windows on it. :(
I'm now thinking that perhaps running iTunes under WINE might be a plan, and Frank's Corner has some notes that indicate this is a real possibility. I'll post back if I ever get round to working on it (I'm also having problems with WPA under Linux with it right now).

F-Spot is a photo management tool for Gnome - kind of an iPhoto for Linux.

25 Reasons to Convert to Linux, compiled by The Linux Information Project

WPAHowto - Ubuntu Wiki

All About Linux is another blog (much more polished than this one) that deals with Linux. this week there's an interesting post on using Gentoo.

Red Hat have put up a page entitled Linux is Easy with some flash animations of how easily you can set up a web server, a file and print server or a network services server (DNS, firewall, DHCP).
There's nothing too advanced here judging by the Apache one. but I guess that's because the Red Hat GUI tools still only allow for basic configuration - in my experience, if you want to do anything advanced you still need to get your hands dirty with .conf files.
That said, this is still a good step towards encouraging Windows sys admins that Linux is not to be feared, and that is the first step towards convincing them that in some roles, it should be embraced.......

I'm a long time fan of SmoothWall, but if I was considering an alternative, I'd definitely be evaluating m0n0wall.

A useful list of linux commands.

Grisoft Freeweb: Grisoft Introduces AVG Free for Linux Virus Protection

One of those things I really must find the time to learn about is ClamAV, which is Open Source anti-virus software for UNIX and UNIX-like platforms (i.e. Linux & BSD). There's no file cleaning, but there is real-time scanning and reporting as well as a host of plugins, including one for mail servers.
What's more, there is now the ClamWin Windows port, and (even better) the ClamXav port for OS X.

Here's a nice article about a Linux user getting to grips with a Mac mini. What I liked about it was the techie criticism of Apple's O/S - the spinning beach ball syndrome is apparently due to poor parallelism due to the Mach microkernel.

Check out the useful essential house-keeping tasks for Ubuntu.
Still doesn't help with my ATI card though......

strange symphonies - Blog Archive - Ubuntu 5.10 Preview on R52

Ubuntu: Installing VMware Workstation 5.5 RC1 in Breezy - this guy uses symbolic links to fake a correct gcc version.
Alternatively, this guy on the forums actually installs multiple versions of gcc.

Matthew Thomas - Blog Archive - My first 48 hours enduring Ubuntu 5.04. An intelligent and interesting critique of Ubuntu from a Mac user's perspective.

Howto Script a Secure Copy
or
scripting scp and sftp network file copies

Today I needed to set up a scheduled file copy between two Linux servers. Due to security requirements, I could only use ssh. Here's how I got on.

Before going any further I would like to state that this is, as usual, written so that I can come back to it in 6 months and remind myself how this works. It is therefore written for someone of my Linux abilities, which is to say familiar with Linux, but not a guru. However, if you don't understand at least the basics of TCP/IP networking, Linux system administration, ssh, and public/private key pairs, then this might not be much use to you as understanding of that stuff is implicit in the notes below.

OK, firstly, let me set the scene by saying that:
- the copy had to be a pull operation (internal server pulling from DMZ server)
- the target (DMZ) server only allows SSH protocol 2
- root logins over SSH are disabled

So, the difficulty is that there is no way to script an SSH copy and provide a user password. This script is scheduled, so it must not require any interaction.

The solution is to use a public-private ssh key pair for authentication of the ssh session (this stuff rocks!).

OK, so first I created a user on each server (source and target) with the same username. This is a standard Linux user, as it is only to be used for the purposes of this copy operation. The only caveat is that on the target (DMZ) server, the user has to have read access to the files you want to copy.

Next, I created the ssh key pair on the internal server. The deal is that this server will establish the connection, so it holds the private key. We give the public key to the target server. That way, only our internal server can establish an authenticated session to the target server using the keys (i.e. without a password).

To create the ssh keypair, we log in as our user account created earlier and use the following command:
ssh-keygen -t dsa

Note that this can take a minute on a slow server. When prompted for a password, just hit enter - we are setting a blank password. (If we do not set a blank password, then our scripted copy will require interaction to type the password). You can also specify rsa instead of dsa for the key type for SSH2 if you like (and if you're a nutter and not worried about security, rsa1 is the type for SSH1, but I would not use SSH1 on any production systems as it is insecure).

This creates two files in ~/.ssh:
id_dsa
and
id_dsa.pub

In a fairly self-explanatory naming convention, id_dsa is our private key and id_dsa.pub is our public key. For obvious reasons, do not ever export the private key or make it available over the network in any way, as it can be used to access the target server without a password.

Next, we need to set up the target (DMZ) server to allow ssh connections authenticated by our public key. We do this by logging in as our new user on the target server and editing ~/.ssh/authorized_keys. Note that if this file does not exist, you can just create it.

We then set the file up with our new public key by appending our public key to whatever is there already.

Now we test the connection from the internal server to the target (DMZ) server, by issuing the following command on the internal server (logged in as our new user):
sftp targetserver
e.g.
sftp webserver
or
sftp 192.168.0.1

If all is well, you will be straight into an sftp session without being prompted for authentication. This means that the session has been authenticated by the certificate key pair.

Now we can do some scripting!

The command I used today is as follows:
scp -2 -r user@targetserver:/directory/subdirectory /home/user/subdirectory/

Note that this uses scp (secure copy) rather than sftp, as it's a bit less cumbersome for this type of operation. The -2 option forces SSH2, and the -r makes the copy recursive.

So, finally I just chucked this command in a script that also rotates the last three copies on the internal server (so we have the last three days copies on disk) and set it to run in the new user's crontab (sending output to /dev/null, of course).

In summary, this is a nice way of securely harvesting data from a DMZ server to an internal host. The only slight, super-paranoid security concern is that the public key on the target (DMZ) server contains the FQDN hostname of the internal server. This is not an attack vector, but if the DMZ server was compromised, it could give an attacker useful information about the internal DNS naming structure.

Note that experimentation suggested that removing the FQDN name (an indeed the user name) from the public key on the target server still allows connection, but I haven't researched this, and it may well be the case that this would allow connection from any host (or any user) using the private key, rather than just from the internal server (and specified user) so I have not made this change on my production server.

This is a nice problem to have to look into: Ubuntu only sees the first 900MB of RAM due to native support for only that much in the default i386 kernel.
Next step is to upgrade the kernel; the question is, which kernel should be used for a Centrino CPU? (I'm guessing 686).

GenUX Launches Technical Support | GenUX

Mark Shuttleworth on Ubuntu. Interesting.

The next release of Ubuntu will support an LTSP implementation.

LXer: 10 Days as a Windows XP User: A GNU Perspective on Things