Guru Labs Planet

Today I gave a new demonstration during my shell scripting lecture and
created the following files:

loadavgchecker.sh
messages

VMware Workstation 8 and VMware Player 4 only support kernels up to 3.0. Any later requires patching of the VMware modules.

Patch for VMware Workstation 8.0.1

vmware8.0.1linux32fix.tar.gz

Patch for VMware Workstation 8.0.2

vmware8.0.2linux32fix.tar.gz


$ cd /tmp
$ wget tarball_from_above
$ tar xvf vmware8*linux32fix.tar.gz
$ cd 3.2/
$ sudo ./patch-modules.sh


Recently I was doing some work with GNU GRUB and noticed some really cool features that were new to me! Wow, how things can change!

Of course the reason that it changed was that I was looking at the documentation for GRUB, not GRUB Legacy.

Bummer. I was looking forward to the use of the 'ls' command too!

So why did I want GRUB Legacy documentation and not GRUB docs? Of the three "top" Enterprise Linux distributions only Ubuntu currently ships GRUB. Both SUSE and Red Hat use GRUB Legacy. Oh well. There was some cool stuff I found though.

Aside from the 'ls' command being available one of the other advantages to GRUB that I am waiting to see with Red Hat and SUSE is the ability to use a software raid and/or LVM boot device. Until they implement the newer revision of GRUB you will still have to create a separate /boot partition. Such a bummer.

There were a few other cool items that I saw and thought were worth a mention (lifted directly from the GFD Licensed online manual, see links below):

14.3.32 parttool

-- Command: parttool partition commands

Make various modifications to partition table entries.

Each command is either a boolean option, in which case it must be followed with '+' or '-' (with no intervening space) to enable or disable that option, or else it takes a value in the form 'command=value'.

Currently, parttool is only useful on DOS partition tables (also known as Master Boot Record, or MBR). On these partition tables, the following commands are available:

'boot' (boolean)

When enabled, this makes the selected partition be the active (bootable) partition on its disk, clearing the active flag on all other partitions. This command is limited to primary partitions.

'type' (value)

Change the type of an existing partition. The value must be a number in the range 0-0xFF (prefix with '0x' to enter it in hexadecimal).

'hidden' (boolean)

When enabled, this hides the selected partition by setting the hidden bit in its partition type code; when disabled, unhides the selected partition by clearing this bit. This is useful only when booting DOS or Wwindows and multiple primary FAT partitions exist in one disk. See also DOS/Windows.

14.3.35 play

Recently I was working with a scenario in which the /tmp directory had incorrect permissions. The permissions read as 7777 (u=rws,g=rws,o=rwt). I simply looked at the permissions, recognized that it was incorrect and before I even blinked my fingers had finished running off the command "chmod 1777".

I felt a little confused and almost betrayed when I say what ls told me: dwrsdwrsdwrt.

Wait? What? How could this be?

I tried again and again. Sure enough this was real. There was no typo for me to fix or blurry vision to blame it on. I checked for FACL and file attributes but there were none!

I decide it was time to fall back to my old school skills and try chmod ug-s and check again, expecting the worse. There it was: dwrxdwrxdwrt.

Wait? What?

So a quick check and sure enough chmod 7777 will set the permissions as you would think but, according to the man page on RHEL6, chmod will not unset the SetUID or SetGID bit when expressed numerically.

From the Coreutils announcement:

chmod, install, and mkdir now preserve a directory's set-user-ID and
  set-group-ID bits unless you explicitly request otherwise.  E.g.,
  `chmod 755 DIR' and `chmod u=rwx,go=rx DIR' now preserve DIR's
  set-user-ID and set-group-ID bits instead of clearing them, and
  similarly for `mkdir -m 755 DIR' and `mkdir -m u=rwx,go=rx DIR'.  To
  clear the bits, mention them explicitly in a symbolic mode, e.g.,
  `mkdir -m u=rwx,go=rx,-s DIR'.  To set them, mention them explicitly
  in either a symbolic or a numeric mode, e.g., `mkdir -m 2755 DIR',
  `mkdir -m u=rwx,go=rx,g+s' DIR.  This change is for convenience on
  systems where these bits inherit from parents.  Unfortunately other
  operating systems are not consistent here, and portable scripts
  cannot assume the bits are set, cleared, or preserved, even when the
  bits are explicitly mentioned.  For example, OpenBSD 3.9 `mkdir -m
  777 D' preserves D's setgid bit but `chmod 777 D' clears it.
  Conversely, Solaris 10 `mkdir -m 777 D', `mkdir -m g-s D', and
  `chmod 0777 D' all preserve D's setgid bit, and you must use
  something like `chmod g-s D' to clear it.

Now if your wondering when this change was implemented you may be surprised.
This was a feature implemented in 2006 for release 6.0 of coreutils.

This package was released with RHEL6 so you don't see the behaviour in RHEL5.

So who knew you could set but not unset SetUID and SetGID bits numerically?

- Mike

http://lists.gnu.org/archive/html/coreutils-announce/2006-08/msg00000.html

PS

The drama is a dramatization.

Note:

 * 2011.09.29 - Minor formatting update.

The RHEL6.1 beta was released today. At Guru Labs we have to stay on top of the latest changes so that our Linux training has full coverage. I read the release notes and the following items stood out to me.

• New biosdevname style network interface names on some new Dell servers. Disabled by default everywhere else (for now).
• Control Groups updated with the "autogroup" feature and I/O throttling.
• The crashkernel=auto parameter syntax is removed. The default parameter syntax is now crashkernel=:[@offset].
• New kernel message dumper for easier kernel panic analysis
• Support for the embedded graphics/GPU in the new Intel Sandy Bridge CPUs
• Being able to take a snapshot of a mirrored logical volume is fully supported
• Now possible to combine RAID0 (striping) and RAID1 (mirroring) in a single logical volume in LVM
• Improved support for iSCSI adapters at installation and boot time, including the ability to separate login credentials for iSCSI (A feature I requested when I added iSCSI coverage to our training materials and noticed the deficiency)
• Lots of KVM/QEMU updates
• Btrfs is a technology preview (x86_64 only)
• Lots of new "technology previews" added

If you have a RHEL6 box which ships both Apache and Tomcat6 you might want to connect the two together. You probably have looked around for mod_jk as a RHEL6 RPM or SRPM (src.rpm).

You find that It isn't in EPEL, and it isn't in Red Hat Optional Server 6 RHN channel, etc.

It seems that the new way forward with RHEL/Fedora world is to use mod_proxy_ajp. For example, the RH/Fedora project Spacewalk switched from mod_jk to mod_proxy_ajp.

Note that mod_proxy_ajp is a core module of Apache 2.2 and newer so this should be a rather definitive/final change in recommended connector for Tomcat and Apache.

Read the docs, but to get you started in configuration first you'll want to configure Tomcat's conf/server.xml file to have something like (which may already exist):

<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

And Apache with something like:

<Proxy *>
 AddDefaultCharset Off
 Order deny,allow
 Allow from all
</Proxy>

ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/

For about 10 years, I lived only about 3 miles from my office. Since moving into my new home, I have about a 35-40 minute commute. This has given me the opportunity to listen to audio that I didn't have before. I don't mind listening to music, and I enjoy it, but given the choice I'd rather listen to something educational and interesting.

Recently I discovered This American Life which I has been amazing. The episodes come out once a week, and I eagerly wait for the next one to be released.

They have a rather large archive of back shows since it has been airing since 1995. On their website you can listen to the MP3s of the archive, or you can purchase them on iTunes or Amazon.

They have a "short list" of recommended shows from their archive, and also "other favorites".

I figured out the light weight obfuscation used to conceal the URLs to the MP3s, and came up with the following to download the "short list" and the "other favorites":

SHORT LIST:

U=http://audio.thisamericanlife.org/jomamashouse/ismymamashouse/
for i in 109 175 206 218 241 355 360 396
> do
> wget $U$i.mp3
> done

OTHER FAVORITES:

U=http://audio.thisamericanlife.org/jomamashouse/ismymamashouse/
for i in 27 38 46 61 77 84 88 90 103 118 119 154 164 178 181 186 192 199 203 204 220 233 246 248 252 253 268 275 282 290 299 304 322 339 352 361 381 388 403 405 427
> do
> wget $U$i.mp3
> done

If you elect to use my technique, please Donate to This American Life.

I use grep a lot. Today I realized that others might not know that GNU grep can highlight matches, or how to combine it with less. So here's part of my Bash config, and some examples uses:

alias grep='grep --color=auto'
alias egrep='egrep --color=auto'

function legrep {
  egrep --color=yes "$@" | less -R
}

$ legrep '[Gg]nome' */*.xml
$ legrep -i foo /usr/share/dict/words
$ grep bar | egrep -v 'baz|qux' | legrep bar

SUSE has long used YaST as a management tool. It makes it easy to make changes to your system without knowing (or caring) what happens behind the scenes.

At Guru Labs, our Linux Training is all about teaching students what happens "behind the scenes". We strive to document the official and best practice techniques (not always the same thing, unfortunately).

Recently we were updating our courseware and wanted to document how to disable IPv6 in the various Enterprise Linux distributions. The question came up, "What does YaST actually do when you toggle the Enable/Disable IPv6 checkbox in the YaST network module." To answer that question I performed the following steps on SLES11.

Search for the string IPv6 in the YaST network module.

grep -n IPv6 $(rpm -ql yast2-network)

In the output, found these lines looked interesting (Note the Disable/Enable strings)

/usr/share/YaST2/modules/Lan.ycp:316:global void SetIPv6(boolean status){
/usr/share/YaST2/modules/Lan.ycp:324:void writeIPv6(){
/usr/share/YaST2/modules/Lan.ycp:424: writeIPv6();
/usr/share/YaST2/modules/Lan.ycp:654: status_v6 = _("Support for IPv6 protocol is enabled");
/usr/share/YaST2/modules/Lan.ycp:656: link_v6 = Hyperlink (href_v6, _("Disable IPv6"));
/usr/share/YaST2/modules/Lan.ycp:662: status_v6 = _("Support for IPv6 protocol is disabled");
/usr/share/YaST2/modules/Lan.ycp:664: link_v6 = Hyperlink (href_v6, _("Enable IPv6"));

Based on my experience I guessed that the writeIPv6 function does the work of enabling and disabling IPv6 on the system.

So I took a look at that function using the line number found by grep:

vim /usr/share/YaST2/modules/Lan.ycp +324

I found the following:

void writeIPv6(){
SCR::Write(.target.string, "/etc/modprobe.d/ipv6", sformat("%1install ipv6 /bin/true", ipv6?"#":""));
SCR::Write(.sysconfig.windowmanager.KDE_USE_IPV6, ipv6?"yes":"no");
}

That pointed me at the two files "/etc/modprobe.d/ipv6" and "/etc/sysconfig/windowmanger".

Looking at the files it seems YaST simply removes/adds the comment character in front of the one-and-only line in the file /etc/modprobe.d/ipv6 and it toggles the variable KDE_USE_IPV6 in /etc/sysconfg/windowmanager.

If you ever have the need to discover what YaST is doing behind the scenes, you can use the same technique.

As far as blogging software goes, it's hard to go wrong with Movable Type. It is open source, supports PostgreSQL (unfortunately, due to be dropped in MT5.0, hopefully it will be re-added in 5.1), supports multiple users and blogs out of the box, can operate in static, partial-dynamic, and full dynamic mode.

If for some reason you or a user forgets their password you can reset the password via the following SQL commands

PostgreSQL

Make sure to install the postgresql-contrib package if you don't already have it installed.

Install the crypto functions into the Movable Type database, this is a one time task.

psql -d movabletype -f /usr/share/pgsql/contrib/pgcrypto.sql

Now connect to the movabletype database and run the following command to reset a password:

UPDATE mt_author SET author_password = crypt('the-new-password', gen_salt('des')) WHERE author_name = 'USERNAME-GOES-HERE';

MySQL

The MySQL database already has the crypto functions built-in, so reset the password with the following SQL statement:

UPDATE mt_author SET author_password = encrypt('the-new-password') WHERE author_name = 'USERNAME-GOES-HERE';

Tools available with Fedora and Red Hat Enterprise Linux for converting CDs to lossless FLAC archives include Sound Juicer, Rhythmbox, and the command line tool abcde. The first two are graphical applications in GNOME that use MusicBrainz for metadata; the latter provides numerous options for converting to FLAC, Vorbis, and MP3 (among other formats), using CDDB for metadata. I wanted something simpler, resulting in a minimal set of metadata (consistent with ID3), and following a stricter Unix model of each tool focused on one job, doing that job well.

The result, flaccda, is a POSIX compliant script for converting CDs to FLAC, a script for converting CDs to MP3, and a supporting script for removing MusicBrainz metadata from FLAC archives created by tools such as Sound Juicer.

The source may be downloaded from my website at http://oberon07.com/flaccda.

I noticed in the list of Common Fedora 12 Bugs that in order to run the current version of Adobe Acroread for Linux it must be launched with:
GDK_NATIVE_WINDOWS=1 acroread

Note that GDK is the underlying graphical toolkit for creating GUI applications using GTK (most commonly for applications used on the GNOME desktop). The Linux version of Adobe Acroread uses GTK/GDK.

I was curious about GDK_NATIVE_WINDOWS=1 and I found the following information:

From www.gtk.org I found

---

GDK has been rewritten to use 'client-side windows'. This means that GDK maintains its own window hierarchy and only uses X windows where it is necessary or explicitly requested. Some of the benefits of this change are

• Reduced flicker
• The ability to do transformed and animated rendering of widgets
• Easier embedding of GTK+ widgets, e.g. into Clutter scene graphs

---

Launching an app with GDK_NATIVE_WINDOWS=1 application turns off this feature. This is needed if the application manipulates the windows it creates using direct X API calls or a mixture of X API and GDK instead of just going through GDK. When using "client-side windows" all window manipulation by an application must go through GDK. Adobe needs to update Acroread to be compatible with this feature.

Here is a video demonstration from Alexander Larsson showing some of the effects made possible with 'client-side-windows'. You can also check out his blog post The return of client side windows:

The official documentation on ClientSideWindows is here.

My Lenovo Thinkpad T61p died today, but I'm still in a good mood. I've never had such a positive experience calling any company's support line before.

Finding the phone number for Lenovo was a bit of a hassle, but everything else was painless. I spent less than two minutes in the call queue before talking to a human being. Lenovo was careful to mention several times that they were transferring me to their Georgia call center. The cynical might suspect they meant the eastern European nation, but I'm inclined to believe it really was the state. The person I spoke with had an American accent and understood everything I said. He wasn't blindly following a script, but actually listened to what I said and responded appropriately. Within a minute he had decided to replace the entire mainboard. No hassle!

I've recommended Lenovo before because of the quality of the Thinkpad. Now I can add the amazing support. IBM's hand off to Lenovo scared me a little, but they seem to be doing an excellent job. Let's hope it stays that way.

I have a ThinkPad T61p Fedora 11 Linux laptop. Lately for some Linux training products we have been developing I've been doing alot of virtualization work on my laptop. Even though it has a fast dual core CPU, 8GB of RAM, and a fast internal 500GB SATA hard drive I've been seriously bottlenecked when I have a bunch of virtual machines doing lots of I/O. Some operations that normally take 20 minutes to complete have been taking 90 minutes. That is a serious productivity killer.

I need to add more hard drives and spread the I/O load across them. I would like to upgrade to a SSD drive, but I require 500GB capacity and although the just hit the market, it has several draw backs (besides the price) including using a MLC architecture. I briefly considered USB 2.0 hard drives but I knew that the USB 2.0 connection was a bottleneck

I decided to add an external eSATA hard drive using an ExpressCard eSATA controller.

Here are raw sequential I/O throughput the benchmark numbers on three drives. I tested the performance using hdparm -tT /dev/{sda,sdb,sdc}

Internal SATA SAMSUNG HM500LI 500GB
73.4 MB/sec

eSATA Western Digital WD10EVVS-63E 1TB "My DVR Expander"
85.1 MB/sec

USB 2.0 Lacie 120GB rugged
24.4 MB/sec

I used a Syba SD-PCBX-ESA2 ExpressCard SIL3132 Chipset 2x e-SATA II, 54mm. The great thing about Linux is that the controller was supported out of the box by Linux's sata_sil24 driver. I had nothing to install. I just plugged everything in and it all worked.

It would have been nice if my laptop had a built-in eSATA port. Hopefully my next Calpella platform based Thinkpad will have bottleneck free USB 3.0 ports and hopefully eSATA as well.

One of the things that has been a both a blessing and curse for me has been the lack Internet on flights.

Every flight I take I am reminded how much I have become tied into a network. It seems that each trip I try to grab new email, a website or do an SSH connection before remembering that for one reason or another, on the ground or in the air, that I can't.

Fortunately there are industrious types out there that have fixed this problem for me.

The foundation for the solution has been in place since 1991 with a simple napkin.

From the History of AirCell at www.aircell.com: "The idea for Aircell began in 1991 in a barbecue restaurant in Denison, Texas, where company founder Jimmy Ray first made sketches on a paper napkin for an affordable telephone system for airplanes. Ray's subsequent investigation of the market and exploration of alternate technologies resulted in the formation of Aircell."

Since then AirCell has created a network of cellular towers across the US. The main difference between sprint, at&t, t-mobile or any other cellular carrier is the frequency and the direction of their antennas.

A traditional carrier will point their antenna towards the horizon. AirCell points their antenna towards the sky.

On the underside of the plane is placed an antenna. Inside the plane is a high end server.

AirCell even uses Linux: "With a Linux-based operating environment and standard connectors, other aircraft components and avionics can be connected to the AirCell system."

Wow, how cool is that?

Since Delta announced it was going to deploy GoGo Inflight Internet on its entire US fleet back in August of 2008 I have been hoping to find myself on one of these wifi enabled flights.

The last time that I flew out to BWI from Salt Lake City and got one of the coveted First Class upgrades, I had been told that I would have power (which there was, but the connection sucked) and wifi. Turns out that there was no wifi.

I knew though that it was going to simply be a matter of time since they were working their way through their fleet. The MD88 commuter jets were already done.

So you can imagine my excitement when the flight form BWI to ATL was on an MD88.

Not being sure if the next segment (the vast majority of time home would be from ATL to SLC) I had to take a chance to explore GoGo.

On the whole it was fairly useful, if overpriced.

So the nitty-gritty details:

Pros:

Gogoinflight.com was free.
Delta.com was free.
Download speed was over 2mbps.
Very little seemed to be blocked.
Seemed stable.
Available at and above 30k feet.

Cons:

Upload was around 300kbps.
SIP / VoIP appeared to be blocked. --> This could go into the pro section actually.
Cost was prohibitive.
Pay for one flight segment at a time.
Have to create an account.
Apparently there is some content filtering in response to employee concerns.
Not available for the whole flight, including being stuck on the runway.
The service(s) you are connecting to should be encrypted as the "hotspot" isn't.

Pricing:

Ironically GoGo hypes their pricing on their website as "down-to-earth". One of the things that I really dislike about their pricing is that, with the exception of the 30 day pass, they charge for access per flight. So if your flight is made up several flight segments, for instance going from BWI to ATL, wait two hours in Atlanta before flying ATL to SLC, well you get to pay twice and different amounts.

I have been struggling to determine who GoGo thinks they are going to get to pay for their service out of this deal. Clearly there are going to be people that pay for the novelty of it. Then there is going to be the highly wired business professionals that want to stay connected as long as possible.

Finally there will be the people that are on vacation and willing to spend the extra money to make the trip a little more bearable. These are the same people that will buy an $8 cold sandwich on the plane.

The price structure is going to be a bit prohibitive from most travelers and even the average, occasional business traveler.

GoGo uses the following pricing structure, again per flight:

Mobile devices on any length of flight is $7.95. Unfortunately not all phones (mine included) will let you turn off all radios except wifi.

Laptops and other devices on a flight shorter then 3 hours pay $9.95.

Laptops and other devices on a 3 hours or longer (regardless of the remaining length of the flight) pay $12.95.

For those that travel frequently you can pay $49.95 for 30 day unlimited access on one airline (only Delta or Virgin America). If you frequently ride both of those airlines you can buy a 30 day pass for each.

So in the end it was a very decent connection. In fact I found myself looking forward to having a better connection then in the terminal waiting to board. The price was a bit much and I wish I had known for certain that wifi would be available on the longer of the two flights. Of course if they offered a 24 hour pass instead of per flight payment I would have been all set.

If I was still travelling two to three weeks a month I might find it worth paying the 50 bucks for an unlimited access every month, but I don't and I would miss my alone time.

So for the time being I am going to resign myself to the fact that at 30,000 feet I MIGHT have the option of watching Hulu or working on that cross country flight, but won't whip out the credit card to quickly to pay for the experience.

http://www.aircell.com
http://www.gogoinflight.com
http://www.delta.com

Delta Announcement: http://aircell.mediaroom.com/index.php?s=43&item=86
Delta to Filter Internet from AJC: http://www.ajc.com/news/content/business/stories/2008/10/03/wifi.html

http://en.wikipedia.org/wiki/Aircell
http://en.wikipedia.org/wiki/Gogo_Inflight_Internet

**Note: on 07/16/2009 made some minor grammatical and spelling updates.