September 2009 Archives

blowfish-notext_openbsd.jpg

Recently, I decided to rebuild my Asterisk box. The catalyst in this decision was my distaste for the Trixbox distribution. More specifically, the very difficult time I had updating the software (ie kernel, modules, libraries, etc). I'll probably never understand the rationale of these YUM repositories. Case in point - I was running CentOS 5.2 and needed to rebuild the zaptel drivers. Running a simple 'yum -check-update' would spew all types of repos errors. So, I would then have to scour the net to find suitable repos for hardware configuration. These repos would seem to change on a regular basis. I simply found updating RPM based distros a royal PITA. Perhaps I became spoiled with the simplistic tar ball or .deb approaches.

I also found that Asterisk 1.2.4 was getting rather long in the tooth. Though, I had heard that updating to 1.4.x would require substantial tear up of my initial configuration. Some folks even suggested that I would lose some level of customization too. Perhaps the last straw, was the mysterious disappearance of my dialtone. I spent a couple days troubleshooting the concern. A couple of calls to Broadvoice tech support only added to my frustration. Of course the problem was on my end and not their end.

So, I figured I'd take the plunge into a GUI less Asterisk install. I fully expected to stub my knuckles a bit, but I knew that it would be far more educational and extremely gratifying.

Now the question was which Linux distro would I use? Obviously, I needed a very lean install, as my server only had a 10GB hard disk. Modest amount of 512MB RAM. I was leaning towards Slackware, because Dann Washko rebuilt TLLTS Asterisk box using Slackware v12.0. Then I saw slackmini project, which was based on Slackware v13.0 rc1 and was bundled with Asterisk 1.6.1. While both may have been great choices, I wasn't sure that Slack was small enough for my needs. My beloved distro has grown to DVD size (most Linux distros have grown in size), fine for a robust desktop, but not for a meager PBX server install. So you ask, "Why didn't I use Slack 7.1 or Slack 8.0"? The earlier Slackware distros (pre v 9.0) were small enough to fit on a CD.
Well, I desperately wanted the 2.6.x kernel. So both of those older yet much smaller slack installs were ruled out.

Enter OpenBSD! A very mature and secure OS, which I had been longing to try for quite sometime. I suppose that I never had the need to scratch this particular itch.
Well, the proverbial teaching moment had arrived albeit by necessity. So, I decided to take the plunge.

First observations

  • Disk Partitioniong
  • pkg_add & Ports
  • Mounting ext3 filesystems

The disk partitioning schema is quite different than classical Linux /dev/hd* or /dev/sd*
A quick look at /etc/fstab demonstrates this point..
$ cat /etc/fstab
/dev/wd0a / ffs rw 1 1

I'm not sure how the disk partitioning labeling conventions were derived, but I would imagine that it is probably a holdover from earlier Unix paradigms. It also took me awhile to figure out how to modify and write out the changes to the disk during my partitioning exercise. I suppose that I'd become dependent on the familiar fdisk partitioning tool. After I RTFM I figured it out. Not too tough, just different.

After installation, I was delighted to learn that the entire base install weighed in at a meager 480mb. Of course that is prior adding ports and other various. Still that is pretty impressive.

IMHO, the BSD package management system is perhaps the most powerful aspect of the OS.
If you have ever spent time fooling around with RPM dependency hell, you can definitely appreciate a robust package management tool. I was amped to take ports for a spin.
Before I got into ports I had to setup simple pkg_add environment. Basically, the pkg_add utility circumvents the need to compile / build software. It just seems to grab all of the required library dependencies from the chosen FTP server dictated by the 'PKG_PATH' variable.
It is very important to read the docs found here -> FAQ They do a very good job explaining some of the pitfalls people run into when trying to configure an OpenBSD system. One nagging problem that I created was mixing -current with -stable packages. If you do this evil, pkg_add utility will throw all types of dependency checking errors. I was chastised in #openbsd (IRC) for committing this mortal sin.
Really a bummer. It would seem that you cannot backout these sorts of changes. Once you decide to follow the -current tree you cannot decide to run -stable or vice versa.
Not sure how I created this problem, as I was simply attempting to install subversion so that I could get Zaptel/Dahdi drivers for openbsd. It seems that Asterisk-BSD developers only offer the Zaptel/Dahdi drivers from a subversion tree. Without the ztdummy drivers teleconferencing won't work. I'm still untangling the mess that I created. Oh well, I digress..

I suppose pkg_add utility could be compared with 'apt-get' utility found on Debian based systems. Last word on pkg_add. Since ftp is the chosen protocol, you simply gain access to the repository via anonymous login. I'm not sure how package content verification works. I could not find any evidence of md5sum at work anywhere. I suppose I'll need to read a bit more.

One other bit of confusion that I ran into was that I expected the openbsd ISO to include the ports software that can be found here -> /usr/src. Wrong answer. The ISO was essentially a bare bones network install tool. It simply took a bit of reading to figure out that you run CVS to take a snapshot of the ports repository of your choice. Once you take the appropriate snapshot of the ports tree you have chosen. The source code and ancillary libraries are grabbed by via CVS and /usr/src is created.

Something similar worked for me..

# cd [portsdir]/; cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_4_5

This process could take a while if you're running on a slow connection. Once you begin to use the ports system, you'll immediately discover that running 'make' in the appropriate ports directory for the software of choice becomes quite trivial. Very cool indeed. Some people might compare BSD ports to Slackbuilds or Gentoo Portage experience. Once again this will only work if you haven't munged your source tree ( ie mixing -current with -stable).

I suppose the one deal breaker and actually quite befuddling discovery was the lack of out-of-the-box support for ext3 filesystem. I spent a considerable amount of time backing up the config files of my erstwhile Trixbox install to an external USB hard disk. My assumption was that I'd simply be able to plug it into my new BSD box and run 'mount -t ext3 /dev/sda2 /mnt' To my disappointment this failed miserably. Apparently BSD only supports read / write abilities for ext2 filesystem. Egads, I'm very surprised. In the Linux world this would be synonymous to a world without samba. That is not being able to transfer files from M$ windows computers.

Yes, I'm being a bit dramatic here ;-) Anyway, I failed in my first attempt to mount the disk.
It is important to note that you can actually mount ext3fs within OpenBSD. In fact there are ext2fs (e2progs) tools which allow you to manipulate the ext2fs. After all ext3fs is actually ext2fs with the journaling feature added. I'm not so sure that you can mount the native BSD (FFS) filesystem within Linux. I'll have to research that answer.

I can only guess that it has something to do with the GPL? Who knows. Considering the install base of machines running ext3 and reiserfs (albeit shrinking), you would expect compatibility. Ext2fs is a non-journalized filesystem that doesn't get much use on desktop or servers. I would imagine you could find ext2fs on embedded systems. Most people have at least a 60GB disk in the machines. Try running fsck on 320GB disk, not so much fun. If Theo de Raadt is reading this he'd probably say, "AG get off your dead ass and fix it." He'd probably be correct, as the concern is easily solved by community intervention. Perhaps not very many people care. Just a little surprised that is all.

Overall the experience has been a good one. It reminds me of early days with Unix and Linux. Much learning to be had. Not a bad thing at all. I would encourage more Linux users to take the BSD plunge. There are many powerful security enhancements within BSD. I happen to think Packages and Ports are quite impressive. Not sure I would run BSD on a desktop system, as I'm just very comfortable with Linux. For an asterisk box, or any other server... Absolutely.

*Sigh*, Now if I could just get subversion installed without the nagging ssl.17.0 and crypt.14.0 library errors. Repeat after me.. Never mix -current with -stable.....

Reblog this post [with Zemanta]

Twitter Experiment Ends (Revisited)

Image representing identi.ca as depicted in Cr...

Image via CrunchBase

Well my account was restored about 3 weeks ago, but I've not posted anything new. This is due in large part to my discovery of indenti.ca Actually, there is only a lone post under my profile there too. Go figure. Anyway, I thought it would be humorous and perhaps helpful to explain what occurred and ultimately why I will not be using twitter very much anymore.

Below is an excerpt from the Twitter help desk with their rationale for suspending my account.

Hi there,

Your account was suspended because it posted updates that indicated that your account was in actuality compromised. Updates may have been indicative of the Koobface virus (http://en.wikipedia.org/wiki/Koobface) or indicative of you giving your username and password out to a 3rd party website that promised "more followers fast!" Unfortunately, the vast majority of these third party sites are actually fronts for phishing and have already been implicated in the selling of usernames and passwords. As a result, we are taking precautionary measures and notifying you that you've been sending out updates that you may not have wanted to sent out. Some of these sites also have downloaded Koobface onto users' computers.

Your account should now be unsuspended; please only reopen this ticket if you encounter further issues. It is, however, extremely important that you take the following actions:

a. Scan your computers for viruses / malware, especially if
unauthorized tweets continue to be posted in your accounts even after
you've changed the password.

b. Use a password that you don't use anywhere else and never use the
former password on a compromised account. Create a new and difficult
password unique to Twitter that consists of both letters and numbers

c. Check the Connections page at
http://twitter.com/account/connections and revoke the access
privileges of any third party applications that you do not recognize.

d. Avoid providing your username and/or e-mail and password to
untrusted third-party sites.

e. Remove any updates that you did not post personally; leaving these
updates can result in your account being re-suspended.

I did not bother to reply to the help desk. After reading this I immediately gathered that the help staffers are part-time folks, likely working from home. I received identical replies from different admins. The reply is a classical scripted response. The admins made the mortal mistake in that they assumed I was using M$ windows. Secondly, they assumed that my machine had been compromised and assimilated into a some weird bot net.

All wrong assumptions. I have been using Linux since '96. None of my machines have ever been 0wned or have I ever seen any malware on my LAN.

Now that Twitter has been poking in the dark with assumptions. I'll tell you what likely happened. I utilize a proxy which kills ads and also helps mask browser client information. Pairing this software with TOR, my network traffic is scrubbed and fairly sanitized.
Apparently, Twitter spends its cycles tracking client IP addresses and will suspend an account that appears to be using different IP addresses in real time. So, once they observed this behavior they _assumed_ that my computer was part of a malicious botnet.
Hilarious, but quite annoying. Anyway, I have discovered identi.ca and the alpha geeks live there :-)

Like other social networks, once they become mainstream they become crap. If Oprah is using it, I probably shouldn't be there.

You can follow me at my new identi.ca account.

Reblog this post [with Zemanta]

Fiduciary Responsibility

WASHINGTON - DECEMBER 06:  House Financial Ser...

Image by Getty Images via Daylife

The effect of the Recession or Depression depending upon which region of the US that you reside has been well documented. Many of my friends and colleagues have been directly impacted by job loss and an imploding housing market. The sad reality is that many people have lost 30-50% of the value on their homes. No fault of their own, they followed the so-called American dream. As responsible homeowners, they paid their mortgages dutifully and made sure that they did not purchase more home than they could afford. That is the unspoken rule that your monthly mortgage should be no more than 1/3rd of monthly income.

After doing what was correct, many folks are conflicted.

Some have resorted to just walking away from their mortgages, after all these loans are secured instruments which use only the property as collateral. Moreover, some folks believe that due to a failing economy, lenders will later 'overlook' their indiscretions. Perhaps the conversation would go, "So you're claiming bankruptcy and you've foreclosed on your home?" , the reply , "Yes I have. " The credit lender would reply, "Oh yeah 2009 CY, everybody was doing that then. Special circumstances, we'll forgive you." How likely is that scenario? Heh, don't believe the hype. That sort of stuff never works out the way you might envision it. Particularly for people of color. Unfortunately, in a Capitalist society, good credit is your only saving grace. Business deals are best done leveraging other folks money in a strategic and smart fashion.

There are a few ways to combat the depressed housing market. I might add that these strategies are not full proof, but they are options. If you own a Fannie Mac property, you can take advantage of the gov't led program. You can also request that your mortgage be modified; particularly if you have been paying on time.

One more word on some of these programs which help people avoid foreclosure.
The Obama campaign has created the making homeAffordable effort. While is quite noble and probably helpful, I have learned that it may not be totally enforceable. As an investor, it does appear that the banks appraising properties that they suspect do not meet the 125% Loan-to-Value. This is a very foul policy as it defeats the spirit of the Obama program. So once again, the banks win? Well, maybe not. My approach is to be aggressive and empower myself with knowledge. Lastly, I will continue to live a frugal lifestyle and live below my means whenever possible. Coupons and receipt reconciliations are my favorite past times.

Hold your head up and be encouraged.

Reblog this post [with Zemanta]

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 4.25

About this Archive

This page is an archive of entries from September 2009 listed from newest to oldest.

August 2009 is the previous archive.

October 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.