Smoothwall Firewall project

Saturday 17 December 2011

The sad news of the death of Christopher Hitchens

The path to Atheism for most people on the planet is complex and fraught with a great deal of inner contemplation about the big issues that face us poor scared and frightened humans. It is with the help of great writers and thinkers that this process can be crystallized into your own detailed understanding and the ability to formulate your own view of these big questions.

Now, I can't say that Christopher Hitchens was the only or indeed main influence in my change of understanding. In fact he came very late to my party of transformation , which was far more deeply influenced initially by science and specifically the evolutionary writings of people like Darwin and Dawkins.

What he did bring once I discovered his work was a writer and essayist of such great conviction and clarity of thought, that it would be worth reading his work even if you were the most bigoted religious believer. The many articles and essays that covered an enormous array of topics and subjects. The realisation that this man was not just interested in a single topic , for which he has been grotesquely pidgin holed by some corners of the media, but was in fact deeply involved in many issues , of which religiosity was just one.

One thing I'm glad to say we had in common was our love of Evelyn Waugh, and thanks to his many books and essays on George Orwell, he has encouraged me to re-engage with a writer I loved when I was much younger. His insightful coverage of the many American presidential candidates and successful incumbents was always a delight to read. His characterisations of the current crop of extreme right wing religious Republican candidates was as humorous as it was salient.

I would also encourage others to seek out his many articles and essays from magazines like The Slate, Vanity Fair, The Statesman and The Atlantic to name but a few. Each one will question your beliefs and make you think about the topic being covered.

I certainly look forward to reading more of his works on Orwell, and I would suggest dear reader that it would be profitable to yourself to do the same.

Rest in peace Mr Hitchens, you will truly be missed.

Wednesday 7 December 2011

Issue with git client and Ubuntu 11.10 through corporate proxy

If like me you use git for storing code and configuration files, then it can become a problem when using it through a corporate proxy if you have the wrong versions.

I found today while trying to do a git clone the following error:

emote HEAD refers to nonexistent ref, unable to checkout

After searching around the web I came across this post.

This does indeed work.

Basically the problem is that the version of libcurl3 included with Ubuntu 11.10 has problem authenticating through a proxy. You either have to use 11.04 or upgrade your libcurl3 to the version in the next release of Ubuntu(precise), which fixes the issue.

I hope this saves you some effort.

This link also offers URL's to grab the latest deb packages to install, and more back ground on the issue.

Monday 5 December 2011

How to add another hard disk to your Xen virtual machine

If like me you have many Xen virtual machines that have been running for a while, you will likely come across the problem of having to increase the disk space, as the services or jobs the virtual machine offers over time changes.

Now you could increase the size of the existing disk, but I always feel that offers a level of risk, which with adding a new disk and using LVM or a new mount goes away.

Ok, so firstly we need to create a new virtual disk on the physical harddisk with the following command:

dd if=/dev/zero of=vm01-disk2.img bs=1G count=50

This will give us 50GB of new space. You can of course change the size to what ever you require, if your physical disk space will allow it.

Then we need to edit the Xen virtual machine configuration file and add in the new disk.

On my virtual machine host this is in /etc/xen/vm01

The line that needs to be altered is obviously the disk line, like so

disk = [ "tap:aio:/opt/xendisks/vm01.img,xvda,w",\
"tap:aio:/opt/xendisks/vm01-disk2.img,xvdb,w" ]

NB Notice the slash which allows the configuration line to expand over two lines in the configuration file.

Once you have done this, you can use the virsh and xm commands to restart the virtual machine , so that the new disk is available inside the virtual machine.

Once your VM has re-booted, you will notice another disk, which you can then either add to your LVM configuration, or just format and mount in a new directory. Here is my new mount as an example.

/dev/xvdb 50G 19G 29G 39% /opt/tomcat

Monday 31 October 2011

Using the lightweight Fedora LXDE desktop for snappier Virtual machines

While having a look at Fedora 16 beta within Virtualbox virtualization software, I decided to use a more lightweight desktop environment.

Over the last couple of years as hardware has improved the desktop systems that sit on top of X windows have started to become more complex and powerful, but as a side effect have become resource intensive, which is not ideal for virtual machines.

There are many great different types of lightweight desktop environments, but one that is now supported by all the main distributions is LXDE.

Fedora 16 installation was a breeze - though I recommend upgrading Virtualbox to version 4.1.4 before you start for better support.

The lighter desktop has indeed made a massive improvement over speed and repsonsiveness to the Gnome 3 shell I installed on the Fedora 15 image I tested.

The menus and layout my be a little legacy for some, and perhaps for everyday use, but when most of the time is spent in a terminal widow, that is not the end of the world.

Here is a snap of the initial machine once installed.

There are many new features in this release of Fedora, including the latest 3.1 kernel, deltarpms with presto , the use of systemd instead of the now very old SysV daemon management & control and the use of specifically locked ethernet hardware to configuration definitions - so you see p2p1 instead of eth0 for instance.

The final release is only a few days aways, and for people who like cutting edge open source software Fedora is a good choice.

Give it a try and see what you think.

Wednesday 12 October 2011

The FUD used against Linux , really annoys me

If you are not familiar with the term FUD, it stands for Fear, Uncertainty and doubt, which are more commonly described as lies in technical circles. They are used by marketing people to stop people using others products, just in case.

Over the years I have seen this tactic used many times by large corporations to scare companies into buying their product's, but none have used it more often and more perniciously than Microsoft.

Well, they have tried everything against Linux, and have told lies by the bucket load, yet still the system gains market share, where today you can almost guarantee that if you go somewhere on the web, the server powering that site will be Linux.

I have also used it on my laptops for years, and this summer on holiday put it through it's paces , but taking it with me to do some work while on the road in Spain. It never missed a beat. Every little dusty side street eating house that offered WIFI, I could connect to, I could do whatever I needed, whenever I needed, without fail. The one device that did let me down on occasion was my iPad, rarely, but it did.

So the facts are Ubuntu Linux on my Dell laptop 100% success, Apple iPad 98% success.

I love my iPad, so I'm not making some cheap point about it , but a fact is a fact.

So the next time someone tells you something about Linux, do some research and find out the facts. Linux is not perfect, but then neither are any of the systems offered, but Linux is free and you can laways help make it better.

Less FUD, and more facts please.

Here is a link to try it for yourself.

Ubuntu Linux

Sunday 3 July 2011

DNSMASQ config on Ubuntu desktop for fast DNS lookups

Here is a quick rundown on how to use dnsmasq as a fast DNS cache. I was driven to set this up, as the DNS servers that my flat company supply are like treacle on a very cold day.

Help on installing DNSMASQ

Install the daemon, and then edit /etc/dnsmasq.conf to listen on port You need to find the line that has #listen-address= and remove the hash and add the address.

Add this nameserver into the top of /etc/resolv.conf file at the top, and restart the daemon. This is where Linux looks for it's DNS servers.

/etc/init.d/dnsmasq restart

Do a DNS lookup like this to test - dig
Look at the time returned, and then do it again, and look at the time difference, a lot faster isn't it.

Advanced fun and games.

If you want to look at the contents of the cache that dnsmasq is curently storing (in memory)then you need add the -q parameter to the startup scipt, just tag it onto the end. The start-up script is in the /etc/init.d directory, and you need to scroll down to the start function. You will see a long list of parameters that get passed, just add the -q to the end.

Then restart the daemon.

To look at the cache we need to send the SIGUSR1 parameter to the kill command to dump the currently held cache into the /var/log/syslog file. Use the following command to do that.

kill -s USR1 1234 - for instance where 1234 is the PID number of the dnsmasq running daemon. You can find that with the ps -ef | grep dnsmasq command.

If you want to add static DNS entries into your cache, edit the /etc/hosts file and add your required , and often used DNS entries in there. These will be read when dnsmasq starts , and will be available immediately without reference to an upstream DNS resolver. So they will be extrememly quick, which is just what I wanted.

For a quick guide on DNS look here.

Quick guide to DNS

Thursday 30 June 2011

Using rtorrent on a remote Centos server for 24/7 downloads

As I'm sure you all know a lot of information is passed around the Web using bittorrent. Most of the clients have a nice GUI front end that allow you to easily grab the torrent files and start downloading.

What if you don't have a GUI on the machine you wish to use, or what if this is to be a 24/7 service for you. Well Linux as always has solutions, and one of those is a program called rtorrent. If you only like flashy interfaces this is not for you, but it works perfectly, and is very reliable.

I use a Centos 5.6 virtual server in the cloud for all sorts of uses, like a socks proxy and an SSL endpoint, and this is where I wanted to run the client. This machine is not very powerful, so you don't need to worry on that score. There are many Linux virtual machines you can obtain these days, for not a great deal of money.

Firstly, you need to visit this web site and download three RPM's.
Site for RPMS


Now, depending on how you configured your machine, there may be other dependencies, so check when you install these as follows

rpm -ivh *.rpm

Once this is done, I would then also make sure that the "screen" application is installed, as this will allow you to start rtorrent on the remote server, and re-connect to it when you desire. Spend a few moments looking at "screen" commands on the web to understand how it fits together - like here.

Using Screen

So now, I run screen and then I run rtorrent.

Once rtorrent is loaded, read this web page for an excellent quick guide to using the application:

How to use rtorrent as pro

Once you have your torrent running, you can detach from your screen session, with the CTRL-A d command. You can now logout of remote server, and all is still running.

To re-connect, you just login to the remote server again, and then run screen -r, and you will be back looking at rtorrent happily running.

This is very useful for downloading Linux ISO distribution files etc.

Saturday 28 May 2011

Setting up an Adhoc wifi hotspot for your iPad using Ubuntu Linux

Well, since moving into my flat in Berlin, I have been stuck without wifi, which has rendered my iPad a little less useful than it was before. The flats just supply you with an RJ45 socket in the wall and an Ethernet cable.

So knowing how flexible Ubuntu Linux is, I thought I would have a look around and see if there was a way to set it up. There were lots of very good articles, a blog posts on the topic, and the truth is with Linux it couldn't be easier.

You basically just have to click on you network connection icon in the Gnome panel, and select "Create new wireless network" , give it a name and select the security type.

The only thing I have read, and found with my wifi network adapter is that they don't always support all forms of security, so you will need to test.

I started with no security, then WEP 40bit, then WEP 128bit and finally WPA. Your mileage may vary, so test them all.

It works perfectly, and I was able to download my newspapers , books, films etc etc.

Tuesday 15 March 2011

Changing the network settings with VMware player 3.1 on Linux

I came across an issue today, where I wanted to remove one of the virtual network interfaces that gets installed when you install VMware player. This turned out to be relatively straight forward, once you know where to look.

In VMware workstation , you get a great graphical tool to amend and alter the virtual network configuration, but not so with the free VMplayer.

The reason I wanted to do this was remove the virtual interface vmnet8, as I'm not using any NAT's interfaces, so this is not needed and will only consume resources.

Firstly point your favourite editor at /etc/vmware/networking as a root user and then modify the file like so.

7 answer VNET_8_DHCP no
8 answer VNET_8_DHCP_CFG_HASH B9130F0FB783D3AC081BDA79708F4635E63130A4
11 answer VNET_8_NAT no

The key , is that you have turned all the VNET_8 answers to no instead of yes.

Once this is safely saved, run the following commands to re-start the networking.

sudo vmware-networks --stop ; sudo vmware-networks --start

Once you have done this, if you now issue an /sbin/ifconfig you will notice that vmnet8 does now not appear.

Tuesday 25 January 2011

I have decided to become an Android Polytheist ;-)

Well, after many years of trying to stick to just the one omnipotent & omniscient Deity, with no success, and all my prayers being completely ignored I decided to bring in a legion of Deities rather than rely on just one.

This course of action was brought on by the loss of my beloved Android Smartphone, so I duly put in a call to his Holiness Lord Android of Google.

I burnt a chicken - normal with my cooking skills , ran around the office like a headless chicken, and then asked for the return of my phone.

Alas, like all previous attempts with just the one, switching to a few of them seems to have the same pointless effect, but at least I got the feeling I was talking to someone via my blog , and perhaps the odd person who reads this will feel the power of the Lord Android and send me a new phone ;-).

I had a lot more success talking to the nice chap in the Phone store , who gave me a new sim chip to stick in an old phone.

Ironically, later in the day I did get an email from Google asking to have a chat about a job they have going, so perhaps Lord Android does move in mysterious ways, and I'll end up getting a Google Android phone as part of the deal.