Delete-Key in zsh

I’m a big fan of zsh. Besides it having an awful amount of features, it was this guide (called “User-friendly user guide”) that brought me up to speed on unix-shell matters back then.

So it’s only logical that my default shell is the one the guide is about ;-)

What annoyed me majorly was that in Gentoo Linux, the delete key did not work in zsh (unless of course you count outputing ~ instead of forward-deleting as “working”).

Finally I got around to fixing that.

Adding

bindkey    "^[[3~"          delete-char
bindkey    "^[3;5~"         delete-char

to your .zshrc enables your delete key on every thinkable keyboard. Finally!

Working with subversion

I’m currently making first steps using Subversion and it’s going quite well. It took some time to get the $Id$ expansion to work though, but this article helped me in the end.

The next thing I’m going to do is trying to migrate a simple project (no braches, no tags) from CVS to subversion. I know there are some tools out there which promise being able to do that for you, so I hope it’ll work.

The final step would be to migrate over PopScan, which has gotten quite complex these days: About 5 branches, countless tags and three years worth of history data. If that too goes well, it’s “welcome subversion” for me. If not, I think, I’ll postphone the migration until the tools get better. I absolutely don’t want to have my code in different source management systems.

I’ll keep you posted.

Gentoo and Jabber

Already in 2002 I did my first experiments with jabber and I really liked what I saw when still reading the documentation. Setting up the server was a real pain, but eventually I got it working.

Then came the thing with our server and having in mind the hard work needed for setting up jabber, I deceided not to rebuild the jabber-configuration – even more so because aim-transport still does not support those fancy iChat-AIM-Accounts while Trillian does.

But today after having seen that iChat in Tiger is going to support jabber, I finally deceided that adding my beloved server back would be a cool thing…

And the whole adventure turned out to be another point where Gentoo shines above all other distributions: The ebuilds for jabber and the two transports I am using (AIM and ICQ) where already beautifully preconfigured. And not only that: They where current too (hint to debian… ;-) )

One thing did not work at the beginning: I could not register with the AIM-Transport. A quick glance at the configuration file of aim-t showed me that the preconfigured config file uses another port (5233) than the recommended settings in the main configuration file (5223).

All in all it took me about 10 minutes to get my old jabber installation back. With current versions of all the tools involved and without writing own startup scripts or other fancy stuff. This is one of the reasons I really like Gentoo

Oh… and in case you ask: My Jabber-ID is pilif@chat.sensational.ch. It’s not listed in the global user directory.

And if you’re asking what client I’m using: Though its interface may need some improvement, jajc is in my oppinion the best client you can get if you are using windows

RAM doubler ;-)

I have a server (running gnegg.ch) with 1.5 GBytes of RAM and I’m running Gentoo Linux (another candidate for my all-time favourites list, but it’s still too soon for that. I’m only working with it for a little bit more than one year). And as I wanted the thing to be as secure as possible, I created a kernel from scratch without module support.

What I’ve always asked myself is why the heck “free” just lists 896 Mbytes of available memory:

galadriel root # free -m
             total       used       free     shared    buffers     cached
Mem:           885        193        692          0          6         69
-/+ buffers/cache:        117        768
Swap:          976          0        976

At first I had a BIOS problem in mind, bit after having seen GRUB recognizing the whole amount of memory, I came to the conclusion that there must be some problem in the kernel

As 2.6 is still quite new, I waited for the next gentoo-dev-sources to be released which happened somewhere around today. With the new kernel the problem still existed, so I dug deeper

dmesg output something like this in its first lines:

Warning only 896MB will be used.
Use a HIGHMEM enabled kernel.

Though I misread the second line as a status message (stating that HIGHMEM is being used) instead of a request, I entered the above message to Google Groups and found out that the second line indeed is the solution to the problem

In Processor type and features, set High Memory Support to 4GB and recompile your kernel.

What I don’t understand: I’m having this problem with 1.5GB of RAM and this option seemed to me like talking about 4 GB. But Google was helpful like most of the time, enabling me to virtually double the available RAM

galadriel root # free -m
             total       used       free     shared    buffers     cached
Mem:          1520        333       1186          0         12        158
-/+ buffers/cache:        162       1358
Swap:          976          0        976

Nice! Isn’t it?

Update: For those that have not yet noticed it: The title of this entry does hint at products like this, though this one is at least honest in its description.

Speed up

Maybe you have noticed that this page loads faster than before – especially faster than it did the last two weeks or so. Maybe you wonder too, why there was this downtime at the end of march.

I won’t go into many details, but gnegg.ch (and a whole lot of other stuff) is now running on a brand new server (slightly faster machine) with Gentoo Linux using a 2.6.4 Kernel.

This due to some sucker hacking into the older machine last march, installing a quite destabilizing rootkit (thanks for that… this lead me to notice the crack quite fast…), modifying a lot of html-files and php.ini so that nearly every page served contained a IFRAME utilizing a IE exploit to install some kind of dialer (the IFRAME linked to forced-action.com). The wonderful and gratifying work of this unknown and soooo cool guy caused me to return home from vacation to do some rescuing work.

This is not the usual stinking phpNuke-Exploit (we were not running any phpNuke anyway) as this would not lead to a rootkit getting installed.

Again: Many thanks for your “hard work”, dear anonymous hacker. You got me the much needed opportunity to finally install Gentoo. And not only that: You even got me a faster Server to work on (to prevent any further downtime during reinstallation of the new OS). Now that this episode finally has come to an end, I will have a look at those disk-images I took from the compromised machine. Let’s see what I find out.

pptp + linux = much fun.

Actually it’s not that bad. Its just another of those things-that-work-stop-working-and-it-takes-ages-to-find-out-why-things.

For about four weeks I had a problem that LAN-Connections did not work after resuming from hibernation and I was unable to access my pptp-server in the office from home. On the linux side a got a timeout while waiting for LCP-Resonse (or something like that) and on the windows-side, the whole process stopped while validating my (long and thus quite secure despite the flaws in the pptp-protocol) password.

Who would have thought that those problems share one thing: The common cause ;-)

For accessing another server of a client behind a cisco-router, they provided me with the “CISCO VPN Dialer” which, when connected provides an option called “Stateful firewall (Always On)”. I confess. The “always on” suggest that this not-so-well working firewall (have I said that I hate desktop-firewalls, especially those by ZoneLabs which this VPN Dialer obviously uses) also is running when the applicatoin is not, but then again: Who could think, that something stays running even though there is not GUI indication (and no way to turn it off, besides re-dialing) whatsoever?

I found this out when I tried to ping my workstation form a Linux-Server within our network, which I tried after seeing that VMWare stopped working too (incredibly useful for making screenshots of strange OSes).

So my expirience with this cool CISCO VPN-Dialer is as follows:

  • Breaks well-working applications (VMWare)
  • Makes me unable to use my own network while connected (despite the checkbox telling me otherwise)
  • Breaks PPTP (and I already suspected Linux)
  • Is incompatible with the Hibernation Mode that comes with Win 2000 and later
  • Is an usability nightmare as it does not provide any visual feedback of being running despite the fact that an always running firewall and a VPN-Dialer do have nearly nothing in common.
  • Is an even worse usability nightmare as there is no way to turn that firewally thing off besides building up the VPN-Connection which has even less to do with a firewall than the tool alone.
  • Is insecure: Everyting besides the PPTP-Connection was well working when using WLAN to connect to the network – even the ping from the server to my machine.

    Great product indeed.

Gentoo on a xSeries 235 Server

Yesterday, one of the harddisks (or was it the SCSI-Controller – it does not matter…) of our very old, self-assembled developement/fileserver went down. As we had backupped the important data and I had a spare PC running Linux (the multimedia machine I wrote about here), getting a working environement was a matter of about two hours (one I used up trying to get the old server to boot again).

Anyway: We deceided that it was time to move away from self-assembled machines to something more professional (and hopefully more reliable), so we ordered a IBM (we really like those machines – great support, long warranty and rock-solid) xSeries 235 machine which arrived today.

I deceided to install Gentoo Linux on the machine as it will mostly be used as my developement server (and as a windows-fileserver for our data), so eventual downtimes do not really matter (but latest versions of the installed software are important) – a nice testbed for this distribution until I roll out production machines running Gentoo.

Besides the hardware-RAID5 the new server had built in, we plugged an old 120GB IDE drive to be used as storage area for not-so-important files (read: music, temporary files,…) – additionally it contained all the current developement work, so I had to copy it’s contents down to the new virtual RAID5 drive.

Installing was quite easy, but unfortunatly, the current gentoo-sources kernel (2.4.20 – heavily patched) does not support the DMA-Mode for IDE-Devices on the onboard chipset (ServerWorks something), so copying about 30 GB of data from the IDE drive to the RAID was not funny and neither was doing anything on the server when transfers to the IDE drive where running. It was slooow!

Installing a current 2.4.22 vanilla-sources kernel solved the DMA-Problem but raised another: The xSeries 235 uses a Broadcom bcm5700 Gigabit Ethernet chipset which is not supported under a vanilla kernel. Of course, I forgot to patch the driver in before I rebooted the newly created kernel which forced me to go down to the basement, compile the driver and go up here again to write this text.

Anyway: The server is now working like a charm. I really look forward to really use it and to take advantage of the greatly increased speed (PII 500 Mhz -> Xenon 2.6 Ghz and more than twice as much RAM than before)

OSX and OpenLDAP

Finally. It works. I got Richard’s OSX-Box to authenticate against my OpenLDAP server, I set up yesterday (acutually, it authenticates against the replica but this does not make any difference). Here’s what I did:<ol>

  • As I have the homeDirectory attribute in the form /home/username, and Mac OS X has the users in /Users/username, I actually have two ways to fix this: a) add another attribute to the LDAP-Server called osxHomeDirecotry or something like that. This was no alternative as I don’t have an enterprise number yet so I could not legally create an OID for such an attribute. b) symlink /home to /Users. That’s what I did.
  • Now I started the “Directory Access” Utility in the Application/Utilities folder.
  • I’ve removed the checkmark on LDAPv2, selected LDAPv3 and clicked on “configure”
  • The next step was to remove the checkmark “Use DHCP supplied LDAP-Server” as my DHCP-Server does not supply an LDAP server (and I don’t even know which option-code that would be on the DHCP-Server).
  • Now I’ve clicked on the “more”-Arrow to display the advanced settings where I’ve entered the hostname of the internal (replica) LDAP-Server. In LDAP Mappings, I’ve selected “Custom”, the SSL-Checkbox stayed un-checked after my un-successful tries to get OpenLDAP to use my self-signed certificate yesterday. I’ll get back to this as before I get productive with my setup.
  • In the new dialog that popped up, I had to make some adjustments:

    (In my explanations, I assume, your accounts have objectClasses of inetOrgPerson, posixAccount and shadowAccount).

    1. Under “Users”, set the RecordName to “uid”
    2. I had to add a Record called “Group” to Users and assign “primaryUID” to it or the group of the user was not recognized (see the prior entry to this blog)
    3. Under “Group” add the RecordName-Attribute and assign cn to it or the Group was not recognized later on.
    4. Now close the dialog by hitting “OK” and then close the Next dialog too with “OK”
    5. Now select the “Authentication”-Tab and chose a “Custom” search path. Add your newly added LDAP-Server.
    6. Do the same with the Contacts-Tab – although I have not yet figured out how to get this to work.
    7. Hit “Apply”
    8. Reboot
      The last step is very annoying: I had to experiment quite a bit with the mapping settings to finally get my LDAP-Groups recognized and get the right primary group assigned to LDAP-Users (it was always 0/wheel which is not what I wanted – not at all). There is no way to get the OS to recognize changes you make in the Direcotry Access Utility but to reboot the machine. I’m happy, OSX boots that fast. If it had been windows I’d stell be wating for the reboots to complete ;-)

      What have I accomplished?

      • I can login with the LDAP-Accounts be selecting “other” in the Login-Screen and then entering username and password
      • I can su to any LDAP-Account
        What still does not work:

        • passwd
        • Although I can set a new password in the system preferences, the changes do not get written back to the LDAP-Server

          About the password-changing-problems, I will have a look at pam. Until then, I’m quite happy, I finally got it to work.

          I really hope, someone will find this useful…