Tuesday, 23 December 2008

Ext3 vs NTFS

During my bi-anual hard disk cleanup, I had a choice to make. Every two years (or so), I upgrade my backup disks to larger capacity. This year, I got several 1 TB hard disks from Samsung (they are fast, quite, reliable, and keep cool).

As I have been using Ubuntu for more than a year without any major problems, I thought of using a native linux file system on my backup disks. What would I want to use NTFS for anyway?

I formatted the first disk to ext3. Next I copied a full 250 GB hard disk to the drive. The whole drive took 3 1/2 hours to copy. The disk was evenly populated with small, medium and large size files. When I was finished, I was quite surprised that a 250 GB NTFS disk (233 GB netto data) would require something like 360 GB disk capacity on an ext3 formatted drive (including an offset ot 14 GB disk overhead).

There are ways to format hard disks specifically to ones needs, reducing overhead and tayloring meta information to a minimum. But using the tools offered by the GUI, you have to make do with the defaults.

In a second round, I formatted the same disk to NTFS. Used space was 233 GB (which would not surprise anyone).

So, if disk space on ext3 is used more freely, is the file system faster?

I timed the copying, using an idle notebook. Here are the results:

FSMB/secMB on Disk
NTFS windows formated13.1233,5
NTFS ntfs-3g formated17.1233.5
Besides the fact that formating a 1 TB disk for ext3 takes some time as opposed to NTFS which takes just seconds, the NTFS file format seems to provide higher transfer rates on Ubuntu while maintaining a smaller footprint on the disk.

Further tests showed a degrading performance when the disk (or directory) gets filled up. After having filled 3/4 of the disk, transfer rates lay at around 4.5 MB/sec.


I have not looked into this in a statistically valid way. File system layout, file size and other aspects have not been covered. From the point of disk space usage, it seems that NTFS is more efficient.

If you want to share your own observations, I look forward to reading from you.

Sunday, 21 December 2008

Upgrading 8.04 Server -> 8.10

Ubuntu 8.04 is a Long Term Support (LTS) release. This implies that automatic upgrades to later releases are supressed in favour of having a stable system.

If one wants to upgrade from 8.04 to 8.10 (server edition) one has to edit the file
Search for the string:
and change it to:
(as described in the comments of the file). Now you should be able to run the upgrade utility:
sudo do-release-upgrade
This will start the upgrade process.

If you have followed previous hints on upgrade in this blog, you might have the upgrade-manager-core utility installed on your system (which includes do-release-upgrade). If not, you have to install it with sudo apt-get --install.

Upgrade takes approximately 20 mins on my server and requires a reboot to finalize the installation process.

Thursday, 20 November 2008

Theme Considerations

Here are my preferences:
I like my desktop to be bright and stimulating. I love a certain kind of blueish gray (or grayish blue as you like). The RGBs are #6B73A9.

I also like the aluminium decoration of the mac. It's clear, its clean and it does not distract from the task at hand. So probably brushed metal look will be nice.

I am not one to have a wild wallpaper desktop image. I prefer calm and quite abstract patterns. I get a kick out of mathematically motivated images.

Lets translate this into requirements:
  • Windows are white or very light gray
  • Borders are medium gray
  • Menus and tool bars are same medium gray
  • No separation lines between window title, menu bar and tool bars
  • Windows in the background are darker than windows in the front
  • Selections are my favorite gray-blue
  • Information windows, tool tips and hints are a faint yellow
  • Text is dark gray, not black (black is to hard on the eye)
  • Window corners are rounded
  • Tabs and panels should look like they are extruded a bit
  • Firefox and Thunderbird have corresponding themes
  • Icons are more photo realistic (however, harddrives do not have to look like the naked bare metal)
  • Prefer XML definition to images (slower loading)
I know that not everyone shares my taste. I think that there should be two themes, one bright and one dark.

I also consider positioning the window buttons (max, min, close) on the top left side. This minimizes the way, you have to move the mouse.

Creating a theme for Ubuntu

Let's face it: Linux themes are pretty ugly. Ubuntu's default theme beats most of them. The brown and orange might remind Mark Shuttleworth of his origins. I will spare you the details of what it reminds ME of.

Tangerine, ClearLooks and all the other prepacked themes are no better.

Ubuntu 8.10 comes with a new theme: DarkRoom. It makes one increasingly sucidal.

I've tried some stock themes from art.gnome.org and gnome-looks.org. The results are sobering (On the right is the most appealing window decoration I found so far. It's called Almond and was last updated in 2006).

I envy Mac users for their simple, visually appealing and intuitive interface. It seems that neither Microsoft nor the whole Linux community can come up with something that can compare to Apples GUI.

Is it really so hard? To find out will create my own theme.

... the Austrian Ubuntu Theme (AUT) ...

Here is my plan:
  1. Read into the subject: I have to understand how Gnome uses Metacity and rendering engines to draw the GUI.
  2. Define how the theme should look like
  3. Modify an existing theme to learn how things interact
  4. Create raw minimal theme: I have to figure out what is minimally required
  5. Resolve extras (Panels, awn)
  6. Learn how icons work
  7. Create a customized set of icons
  8. Make a .deb installer to install the theme on any machine
  9. Test on several machines runing Ubuntu (8.04.1 LTS and 8.10) and possibly Debian
  10. Write a HOW-TO that covers more than the bare Gnome tutorial
  11. Start a SourceForge project
I will post here regularly. Your recommendations are welcome.

Wednesday, 29 October 2008

Updating to Ubuntu 8.10 (64bit)

I recently described that upgrading to 8.10 beta was no pain at all. Today I upgraded my production notebook (as tomorrow will be the big day and I presume there will be no bandwidth available).
sudo update-manager -d
Here are some miscellaneous updates on my previous report:
  • VMware Workstation 6.5 offers a new dialog informing you that kernel drivers require updating. You can confirm and it does it automatically. (Hey, this is a feature I long waited for)
  • There is something with the new font in Mozilla. It is slightly slimmer (like Helvetica vs. Arial) and it gives a much nicer look on pages.
  • OpenOffice installation as described in my previous article works on 64bit equally well.
My thanks to Canonical (the Debian group, the Gnome fellows, the OpenOffice folks and all the others that participated). This edition of Ubuntu deserves to be called a desktop alternative.

Tuesday, 28 October 2008

Open Source tool to migrate Outlook calendar

When I moved from Windows to Ubuntu, I faced one mayor hinderance: Outlook.

In particular, migrating calendar entries from Outlook was near impossible.
  • OL2003 lets one export one single calendar item to iCal format (and you have to use a trick to even get there).
  • OL2007 lets you export more than one entry at once, if the entries are less than 1000 and do not span more than a 10 year periode (earliest to latest entry).
The last limit is particularly nasty, as birthdays will not migrate and if you have more than 1000 entries (which I had), you have to partition the export (which means you have to switch to list view, which also shows canceled and updated calendar entries).


Cut a long story short, I wrote a little program, available on SourceForge that exports all calendar items at once, regardlessly.

FreeMiCal comes as a source zip-package or just the executables (for easy use). It is written in C# and requires nothing more than a Windows machine with Outlook 2003/2007 and .NET 2.0 installed.

FreeMiCal was downloaded over 11.000 times in the last year. It seems to do the job and helps obliviate Outlooks calendar lock-in.

OpenOffice 3.0 on Ubuntu 8.10

OpenOffice 3.0 is not released with Ubuntu 8.10. I downloaded OOo300 (.deb) from the OpenOffice web site, unpacked them and tried to install it.

Using the update shell script did not work

Installing all .debs packages manually is possible but tedious. One also risks that aptitude or apt-get does not see the installation. Certainly, old packages are not removed. This page describes the procedure. Not recommended.

Using dpkg-scanpackages to create a Packages.gz is a possibility. However, this requires to install from a local drive which produces errors. Not nice, but works.

The Fast lane

The following procedings seems the fastes and most secure way to install OpenOffice 3.0 and maintaining the upgradability on the fly:
  1. Launch Synaptic Package Manager
  2. Select Settings/Repositories (this will start the Software Sources control panel)
  3. Add the following line to the Third party software repositories:
    deb http://ppa.launchpad.net/openoffice-pkgs/ubuntu intrepid main
  4. Close the dialog and confirm that the list of repositories will be reloaded
  5. Choose Mark All Upgrades
  6. Apply changes.
This will upgrade your OpenOffice 2.4.1 to 3.0. It will also migrate your settings (some things are reset though, like the year offsetting digit replacement).

I have tested this on Ubuntu 8.10 32bit and it works. On 8.04.1 64bit it seems that not all programs are available as packages (e.g. Draw and Impress are missing). I turns out, this is due to missing libraries.

VMware Workstation 6.5 on Ubuntu 8.10

VMware Workstation 6.5 comes in 32bit and 64bit flavours. If you download, you can either get RPMs or installable files, that end in the extension .bundle. These are combined shell scripts with embedded binaries.

Installation works fine. First I had to chmod the file to be executable, then sudo ran it. Ths installation starts a graphical installer that does the rest. If you have Eclipse installed, you can accept the path to the debugger. Other than that, no excitement.

The installer copies both VMware Workstation 6.5 as well as VMware Player 2.5 onto the machine. It recognises and takes over the old settings (both network and VM favorites). Also the software recognises fingerprint readers as well as bluetooth devices.

The installation still requires vmware-config.pl if you change kernel modules.


A new feature in VMware Workstation 6.5 is Unity. It allows guest applications to run in parallel with native host applications.

In practice this means, I can run Visual Studio side by side to my native OpenOffice or Geany IDE.

If nothing else, this feature is the reason to upgrade.

Other than that, there are background snapshots, background operation, enhanced settings on VMs, etc.

Saturday, 11 October 2008

Making films in GCompris

I wanted to make a film in GCompris recently. GCompris is an educational suite for children.

There is an animation program in the suite and I wanted to integrate my own characters (the set included is limited). There is a directory with a Readme file which says: All custom images in here.

Well: I can put custom images into this directory. The software stores animation sequences into this directory as well. So far so good.

Unfortunately, I cannot add my own characters to the application or my film for that.

I'm still looking for a way to add my own characters to the film. Keep you posted (appreciate hints all the same).

PS: Tyler has an important hint on how to do this. I think it's worth for everyone to read his comment. Tyler, thanks.

Friday, 10 October 2008

Lost notification icons

Sometimes I loose my notification area. This is where programs like Firestarter or Network manager put their icons to inform you about some system state.

Here is how I get them back (this is mainly a reminder as it always takes me some hours to refigure out the procedure):
  • In the area where you want to see the notification ...+ Add to panel...
  • scroll down to Notification area
  • click Add...
should do the trick.

Saturday, 4 October 2008

Easy system backup tool

Before upgrading 8.04 to 8.10 I did a full backup of my harddisk. There are several tools around but I found CloneZilla to be well suited and easy to use.

CloneZilla comes in two flavours:
  • LiveCD (for on the fly backups)
  • SE (Server Edition for workgroup or corporate backup)
There is another source that offers an added feature:

CloneZilla - SystemRescueCD - SuperGrub

This is a compound bootable CD that offers both CloneZilla and SysResCD in one package. The latest version can be downloaded here. Additionally to CloneZilla this CD offers a system recovery CD and a tool that allows to repair the grub boot loader.

Upgraded to Ubuntu 8.10 (32bit)

I upgraded to 8.10 b1 today.
sudo update-manager -d
My first impression is positive. The system upgraded fine on my HP nx8220. Some visuals irritate me though:
  • Menus now have two broad lines indicating a submenu (I liked the black triangles)
  • Some icons come directly from the gnome desktop (The quit icon is a running man in green, while the original was this ring with a vertical bar on red ackground)
  • There are two ways to exit a session. One allows to switch users, the other adds shutdown and hibernate to the menu.
Some apps were dropped to maintain compatibility to Debian:
  • I used AVscan as a frontend to clamAV. This was dropped. I replaced it with ClamTK (which has a nicer GTK+ GUI). It's ok.
I had a tool that allowed to adjust the display (external monitors, frequency, and resolution). displayconfig-gtk was dropped (after being introduced in 8.04). The Preference panel "Screen Resolution" offers the functionality as well as lets the display be controlled from the panel. This is nice.

What else needs mention?
  • Netbeans comes in V6.1 (nice and fast. Core modules update from the Netbeans website)
  • MonoDevelop is V1.0 (disappointing, as V2.0 a1 is out)
  • Geany is 0.14 (offers improvements under the hood, I keep it as a fast IDE)
  • Network Manager 0.7 offers a clear and clean interface for managing network connections (there will be thorough testing this on my side)
  • There is OpenJDK with Webstart on the machine
I did not find much of a change with Gnome 2.24. Tabs in Nautilus are OK but nothing spectacular. I didn't find the promised improvements on PAM so far.

Tuesday, 30 September 2008

VMware Server 2.0 changes some things

VMware Server 2.0 is out and installing it changes some things.

First, installing over a running VMware Server 1.0.7 did not work. The installation routine complained about a running instance of the server:
vmrun stop /path/to/vm/file.vmx
solves the issue. I installed over the previous version (the installation routine deinstalled 1.0.7 for me).

No problems installing, however, the installation routine asked for a http port and suggested port 80. Port 80 is taken by apache and the installation routine acknowledges this. I also run MUI (the web frontend for 1.0.x) on port 8333. This does not work either.

One can choose any free port (as there will be a Tomcat server be installed).

VMware Server 2.0 comes with its web interface integrated (as mentioned, Tomcat). There is a browser based console window that installed without any problems.

VMware Server Console for the client provides an error:
Unable to connect to the remote host: 501 Global command GLOBAL server-vmdb to non-host agent targets not supported.
I did not find a version of the linux client that works with 2.0 yet. However, it's not neccessary either. The built in browser console does the job nicely.

Upgrade VMware Tools in virtual machines

I strongly recommend updating the VMware Tools in Windows VMs. Much to my surprise, the visual performance and speed increased significantly. Also I could adjust my screen resolution to fit the size of my monitor.

VMware Server 2.0 offers another nice feature that I missed previously: Administration of user rights via the graphical interface (remember, you had to set file access rights to allow for different user rights in the VMware Server).

After installation of VMware Server 2.0 I deinstalled the MUI on the server and the client console on my client machines. I don't need them.

Sunday, 31 August 2008

Dovecot terminates unexpectedly

Recently my dovecot IMAP server died regularly. In my log files I found the following message:
dovecot: 2008-08-31 09:12:50 Fatal: Time just moved backwards by 11 seconds. This might cause a lot of problems, so I'll just kill myself now. http://wiki.dovecot.org/TimeMovedBackwards
The wiki describes the cause - the clock of my server is not in sync - but does not offer much of help. Usage of ntp is suggested.

Openntpd syncs the system clock but does not slow it down (effectively causing the same problem). ntp offers to slow down the clock with side effects to database and CMS.

Examination of the logfile reveals that webmin runs a time sync just before dovecots unnatural death. OK, here's the cause.
Aug 31 09:13:01 myserver /USR/SBIN/CRON[12345]: (root) CMD (/etc/webmin/time/sync.pl)
dovecot: 2008-08-31 09:12:50 Fatal: Time just moved backwards by 11 seconds. This might cause a lot of problems, so I'll just kill myself now. http://wiki.dovecot.org/TimeMovedBackwards
Restarting dovecot right after the time sync will solve the problem. You can do that from the webmin user interface:
System/Scheduled Cron Job/Create a new scheduled cron job
/etc/init.d/dovecot restart
select time right after /etc/webmin/time/sync.pl
and you are done.

Sunday, 15 June 2008

Updating VMWare Server, MUI and Console

Updating VMware Server 1.0.5 to 1.0.6 works fine. However, installing VMware MUI afterwards breaks with VMware MUI 1.0.6.
VMware Server must be installed on this machine for the VMware Management Interface to work
Installation aborts.

In order to fix this I had to remove the library libgcc_s.so.1 in /usr/lib/vmware/lib/libgcc_s.so.1:
mv libgcc_s.so.1 libgcc_s.so.1_orig
Installation of MUI worked fine afterwards.

In order to start the management interface during the next reboot one has to add a few lines at the beginning of /etc/init.d/httpd.vmware:

/usr/bin/test -d "$RUNDIR" || \
/bin/mkdir -p "$RUNDIR" && /bin/chown "$OWNER:$GROUP" "$RUNDIR"
Now, the management interface survives a reboot.

This workaround fixed the installation problem of the server console on the workstation as well.

Saturday, 17 May 2008

Linux week in Vienna

May 15th to 17th, the Austrian chamber of commerce held their annual Linux weeks in Vienna.

Besides giving interested visitors the opportunity for hands on experiencing Linux, topics focused on
  • Beginners and Switchers
  • Linux in an educational environment
  • Business and Government
I held a presentation together with my daughter covering our experience with (Ubuntu-) Linux and educational software. I did the theoretical part, while Paula gave a hands on demonstration of
Here are some pictures of the event.

Overall, the Linux week was a great success.

Thursday, 8 May 2008

Interesting Ubuntu blog

Searching the web for solutions to my problems I ran into this interesting blog.

I also would like to refer you to a blog that is maintained by a co-member of Ubuntu-Austria, Martin Lettner.

May the force be with you.

April 30th = Independence Day

On April 30th, 2008 I celebrated Independence Day.

I had switched my last application from Windows to Linux.

Free at last.

Monday, 28 April 2008

Distribution Upgrade 7.10 -> 8.04

As with the upgrade from 7.04 to 7.10:
  1. sudo do-distribution-upgrade
  2. keep the configuration files
  3. accept deletion of outdated files
  4. reboot
For a complete list of prerequisites visit my old article here.

There is an error in Webmin 1.410. It shows Apache2 server as being stopped. This is not the case as one can verify with ps afx | grep apache2. I will post a fix as soon as I found one.

Configuring VMware Server

In Kernel 2.6.23, a change was introduced that breaks vmware-server (a complete explanation can be found here):

Another solution is to get the vmware-any-any-patch116.tar.gz. I unpacked the tar and copied vmmon.tar and vmnet.tar into /usr/lib/vmware/modules/source.

vmware-config.pl configured the server (ignore the warnings, the server starts fine), and ran vmware-config-mui.pl.

Server is now up and running.

Sunday, 27 April 2008

UMTS Modem in Ubuntu 8.04

Dial up internet connections are easy to set up, one might think. I wanted to connect to my ISP using a PCMCIA UMTS card. Searching the internet I found three different approaches:
  1. use wvdial to set up a ppp connection
  2. use gnome-ppp to set up a ppp connection
  3. use a specific software (like umtsmon or vodaphone-mobile-link)that installs all required drivers
I run Ubuntu 64 on my notebook, so vodaphone does not work. There is an ancient x64 .deb package that refuses to install. The tar files don't compile due to missing twisted python modules. and finally (after installing twisted) it refused to start.

I found a much simpler solution: Gnomes network-manager.

network-manager allows you to configure 1 dial up connection. It requires some tweaking of a configuration file in order to reap the maximum speed from your modem but other than this, it is an easy solution without any bells and whistles.

Configuration of network manager
  1. Left click your network icon in the top right of your Gnome panel. Select "Manual configuration..."
  2. Unlock the dialog
  3. Select "Point to Point connection" and edit its "Properties" (this brings up a 3-tabbed dialog)
  4. On the General-Tab tag "Enable this connection" and adjust the connection type, access point name and account data.
  5. Change connection type to "serial modem" to enter the phone number. Change back to GPRS/UMTS. The phone number gets stored in the configuration file
  6. On the Modem-Tab type the modem port. In my case I hat to overwrite what was offered by the dialog ("/dev/ttyUSB0"). I found this information in the gnome-device-manager.
  7. The Options-Tab allows to set the modem to provide the default route (which is helpful on the road) and to accept the DNS servers from your provider. I did not select "Retry if the ..." reconnect option here, but rather in the configuration file (as this sets it to retry permanently)
  8. OK and close the configuration dialog and you are done.
Insert the card, left click the network icon in the panel. You can "Dial Up Connections>/Connect to ppp0 via Modem...". It takes a few seconds, then the connect is made.

There is not much of an indication as the line being up. On my modem, the LED is on permanently. Network-manager does not change its icon to reflect connection status.

Configuration myths and files

There are lots of rumors out. Here is what I found out:
  • wvdial and other command line tools use /etc/wvdial.conf to configure dialup connection.
  • gnome-ppp and network manager use ~/.wvdial.conf (in your home directory)
Both files use similar syntax but Gnome does not read /etc/wvdial.conf or setup configuration in /etc/ppp...

Here is my .wvdial.conf:
[Dialer Defaults]
Modem = /dev/ttyUSB0
ISDN = off
Modem Type = USB Modem
Baud = 460800
Init = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Init3 = at+cgdcont=1,"IP","mynetwork"
Init4 =
Init5 =
Init6 =
Init7 =
Init8 =
Init9 =
Phone = telefonnumber_from_provider
Phone1 =
Phone2 =
Phone3 =
Phone4 =
Dial Prefix =
Dial Attempts = 1
Dial Command = ATM1L1DT
Ask Password = off
Password = mypassword
Username = myusername@mynetwork.domain
Auto Reconnect = off
Abort on Busy = off
Carrier Check = on
Check Def Route = on
Abort on No Dialtone = on
Stupid Mode = off
Idle Seconds = 180
Auto DNS = on
;Minimize = off
;Dock = on
;Do NOT edit this file by hand!
Despite the last line, the file can be edited by hand. network-manager honors changes in the file. I changed Baud from 57600 to 460800. This provides significant increase in performance.

VMware 6.03 on Ubuntu 8.04 compile error

After upgrading Ubuntu to 8.04, I ran into an error reconfiguring VMware with vmware-config.pl:
include/asm/bitops_32.h:9:2: error: #error only can be included directly, and vmmon-only compile failes
I found a helpful blog describing 10 easy steps to fix the problem. Here is the list of steps (security issues corrected)
  1. cd /usr/lib/vmware/modules/source
  2. cp vmmon.tar vmmon.tar.orig
  3. sudo tar xvf vmmon.tar
  4. cd vmmon-only/include/
  5. sudo vi vcpuset.h
  6. change line 74 from: #include “asm/bitops.h” to: #include “linux/bitops.h”
  7. rm vmmon.tar
  8. sudo tar cvf vmmon.tar vmmon-only/
  9. sudo rm -rf vmmon-only/
  10. sudo vmware-config.pl
After this, I could start VMware. Robert, thank you.

Saturday, 26 April 2008

VMware Server console in 8.04

After upgrading Ubuntu 7.10 to 8.04 my VMware Server console would not start:
wolf@wb:~$ vmware-server-console
/usr/lib/vmware-server-console/bin/vmware-server-console: /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_3.4' not found (required by /usr/lib32/libcairo.so.2)
/usr/lib/vmware-server-console/bin/vmware-server-console: /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_4.2.0' not found (required by /usr/lib32/libstdc++.so.6)
/usr/lib/vmware-server-console/bin/vmware-server-console: /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_3.4' not found (required by /usr/lib32/libcairo.so.2)
/usr/lib/vmware-server-console/bin/vmware-server-console: /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_4.2.0' not found (required by /usr/lib32/libstdc++.so.6)
/usr/lib/vmware-server-console/bin/vmware-server-console: /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_3.4' not found (required by /usr/lib32/libcairo.so.2)
/usr/lib/vmware-server-console/bin/vmware-server-console: /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_4.2.0' not found (required by /usr/lib32/libstdc++.so.6)
I found a helpful link here. The resolution would not work for me (as you can see in the error messages above. However, removing the library libgcc_s.so.1 did the trick.
root@wb:/usr/lib/vmware-server-console/lib/libgcc_s.so.1# mv libgcc_s.so.1 libgcc_s.so.1_orig
Now the console works fine.

Sunday, 30 March 2008

Drupal 5.2 on Ubuntu 7.10 with Postgresql backend

Installing Drupal 5.2 on Ubuntu 7.10 with Postgresql requires several steps.
  1. Install php_pgsql (the required files are not installed after selection of the database
  2. Manually create a database user and a database:
    createuser -D -A -P drupal5
    createdb -O drupal5 drupal5
    Using the automated setup scripts creates a database that is not owned by the drupal user. Later, the installation process will not be able to create the required tables. It seems that dbconfig-common has its trouble handling postgresql databases.
  3. Install drupal using
    apt-get install drupal5
    Choose to set up the database manually. The dialog is likely to frighten you away, but you have already done everything necessary.
  4. Change the ownership of the data files. The script changes /var/lib/drupal5 to www-data (with is what Apache needs to read files). However, the files are in /usr/lib/drupal5. As they are still owned by root -> Error messages.
    chown -R www-data:www-data /usr/lib/drupal5
    does the trick.
  5. In /etc/postgresql/8.x/main/pg_hba.conf add a line:
    host drupal5 drupal5 password
    allows drupal to access the local database.
  6. Restart Apache and Postgresql
  7. In a browser query the server:
    You should see the Drupal logon screen.
  8. Create an administrative user
As easy as this list of actions sounds and as clear it seem now what one has to do, it was hard to figure out from all the error messages where the problem lay.

There is a helpful link in the Ubuntu forum. It helped me understand what was going on durign the installation process.

Error in OpenOffice DicOOo wizard

The dictionary installation wizard of OpenOffice 2.3 is not working correctly. You can start it, start DicOOo macro and download language specific dictionaries, thesauruses and hyphenation module. However, after launching OpenOffice again, spellchecking is still missing.

What's wrong?

Apt-get installs OpenOffice with a set of language packs. If one wants to install more language packs, OpenOffice offers a wizard to install them. I need some extra language packs for my work:
There are two officially announced methods to install:
  1. Use the wizard as root will install additional dictionaries into the /usr/lib/openoffice branch of the file system (I didn't try this, so I don't know whether it works)
  2. Use the wizard as user to install into the local home directory (I tried this and it definately did not work)
If you use local installation, all files fo into ~/.openoffice/user/wordbook directory. All files get copied. A special file - dictionary.lst - contains a list of installed language packs. You can install spell checking, hyphenation and thesauruses seperately (or exclude them by editing dictionary.lst)

In Windows installations local dictionaries get installed into a directory ...dict/ooo in the local application tree. It turns out that OpenOffice looks in ~/.openoffice/user/dict/ooo for additional language packs.

A better solution

Installing something into a directory which is not maintained by the installation scripts of the distribution may backfire later. If you want to give a user a specific language pack, installing into ~/.openoffice/user/dict/ooo is the only working solution.

If you want to install language packs globally, there is a better solution: Install the myspell localized languages.
This will not only install spellchecking, hyphenation and thesaurus for OpenOffice but will provide the same functionality for Mozilla Firefox and Thunderbird.


Friday, 21 March 2008

Adding Spamassassin to Postfix

Adding spam protection to Postfix, I installed Spamassassin. The Postfix web documentation describes installing Amavis as this also provides virus protection. I kept it simple by just using Spamassassin as a post queue filter.

First install the package:
sudo apt-get install spamassassin spamc
(You will need the spamassassin client later).

By default, Spamassassin logs into syslog. So you do not need to modify /etc/spamassassin/local.cf. You do need to enable Spamassassin by enabling launching the spamd daemon. Modify /etc/default/spamassassin by setting:
This will do the trick.

Finally you need to modify /etc/postfix/master.cf. Edit the line:
smtp inet n - - - - smtpd
smtp inet n - - - - smtpd -o content_filter=spamassassin
and add:
spamassassin unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
to the end of the file (you have to indent line 2 and 3 in order to maintain the logic of filters). You also might find these lines in different forums. They suggest creating a new user account "spamd". I was reluctant to do this as it roadens the attack surface to the server. Starting Spamassassin with user nobody works perfectly fine.

Start Spamassassin and restart Postfix and there you are.

Tuesday, 11 March 2008

SD Card not working

I remember my SD card working in 6.10. I never checked in 7.04 but as i tried to read one in 7.10 I found out that SD cards do not work on either HP notebook I have.

This seems to be a known issue. The build in Ricoh SD card reader does not work.

I found some very clever hints to work around this issue. They all seem to stem from one single source and suggest to adjust PCI settings.

One tried to load module for TI card reader (?) Excuse me. Well, I tried in vain.

Another tried to set the PCI slot to readable.
sudo setpci -s 03:01.2 0xCA=0x57
sudo setpci -s 03:01.1 0xCB=0x02
sudo setpci -s 03:01.1 0xCA=0x00
Well it did not run (i did change the slot to the correct number). Here is a script that finds the slot automatically:
modprobe -r sdhci
setpci -s `lspci | grep "SD\/SDIO\/MMC\/MS\/MSPro" | awk '{print $1}'` 0xCA=0x57
setpci -s `lspci | grep "SD\/SDIO\/MMC\/MS\/MSPro" | awk '{print $1}'` 0xCB=0x02
# setpci -s `lspci | grep "SD\/SDIO\/MMC\/MS\/MSPro" | awk '{print $1}'` 0xCA=0x00
modprobe sdhci
This one does not work either.


It seems that there are some kiddies fiddling around with code they do not understand. Worse, they introduce regression errors and refuse to fix them. Continuing development like this will not build up a decent reputation for Ubuntu :-(

Installing Postfix SMTP server

Actually I installed Postfix before installing Dovecot. However, it took some tweaking to get dovecot running.

By default, postfix installs inboxes into /var/mail in a flat file format. This disallows creation of folder structures in the INBOX. I also run several domains on one server. It is simple to tell postfix to accept any combination of username@domain_x. In operation, this will lead to combinations that are certainly not desirable.

To fix this, I had to set up some domains as virtual domains in /etc/postfix/main.cf:
virtual_alias_domains = my.domain
virtual_alias_maps = hash:/etc/postfix/virtual
I also want to allow for certain type errors. If someone does not know the correct email address, I consider it convenient to give some support. So I set up aliases in /etc/aliases like:
first.last@my.domain user
f.last@my.domain user
first_last@my.domain user
flast@my.domain user
This usually provides a reasonable catch for misspelled email addresses. The same procedure applies to mail aliases for the virtual domaines. However the translation table goes into /etc/postfix/virtual.

I used domain masquerading to conceal mail sent from client computers. They are sent with my main domain:
masquerade_domains = my.domain
Did I already mention I am aware about security? Well, I am. I adjusted which client is allowed to connect:
smptd_client_restriction = permit_mynetworks, reject_unknown_client, permit

smtpd_helo_restrictions = permit_mynetworks, reject_unknown_client, reject_invalid_hostname, reject_unknown_hostname, permit_naked_ip_address, reject_non_fqdn_hostname, permit

smtpd_sender_restrictions = permit_mynetworks, reject_unknown_client, reject_invalid_hostname, reject_unknown_hostname, permit_naked_ip_address, reject_non_fqdn_hostname, reject_unknown_sender_domain, reject_non_fqdn_sender, permit

smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_client, reject_invalid_hostname, reject_unknown_hostname, permit_naked_ip_address, reject_non_fqdn_hostname, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_recipient_domain, permit
These restrictions are set in order of Postfix processing. I kept all restrictions in each line in order to catch Windows client behaviour.

Finally, in order to allow dovecot to connect and manipulate my folder structure without limitations, I had to set the mailbox directory:
home_mailbox = Maildir/
I experimented here and it did work. But it never was right. Some mistakes were:

home_mailbox = ~/Maildir/ ... created a directory ~/~/Maildir/ that is hard to cd into.
home_mailbox = /home/%u/Maildir/ ... created a %u directory in /home. As all mailboxes are stored into this directory, this leads to collisions. Not so good.

I am happy with the current setting. A symlink from /var/mail/user to /home/user allows for easy administration.

Finally postfix works as intended, domains are separated correctly, users can store folders in their INBOX and dovecot connects beautifully ;-)

Thursday, 6 March 2008

Installing Dovecot IMAP server

It's time to replace my good old Exchange server with something more open source. Dovecot seemed a pretty stable and secure IMAP server.

Dovecot requires some tweaking. First, the logs are placed into syslog. If you don't like it (like myself) you have to change the location of the logfile. In the configuration file /etc/dovecot/dovecot.conf enter (or change if set):
log_path = /var/log/dovecot.log
This will produce a log file that grows in size without any restriction. I didn't like this so I added a script that rotates the log files on a daily basis:
# dovecot SIGUSR1: Re-opens the log files.
/var/log/dovecot*.log {
/bin/kill -USR1 `cat /var/run/dovecot/master.pid
2>/dev/null` 2> /dev/null || true
Name this file /etc/logrotate.d/dovecot and place it into the correct directory.

I also changed the greeting string in /etc/dovecot/dovecot.conf to:
login_greeting = *
as I do not want Dovecot to notify every weired spammer about who it is.

There is a caveat in dovecot. If your server adjusts the system time regularly and your system clock runs slightly faster than the NTP server, dovecot will terminate itself with an error message:
dovecot: 2008-03-06 23:59:54 Fatal: Time just moved backwards by 9 seconds. This might cause a lot of problems, so I'll just kill myself now. http://wiki.dovecot.org/TimeMovedBackwards

As the wiki states, there is no easy way around this. I created a cron job to restart dovecot each day at 0:02. If the server terminated, the script will start the daemon. If the server is running, restarting it will not harm the system.

This is a dirty workaround. I shall have to get through to installing ntpd later.

Sunday, 17 February 2008

The end of the Domain concept?

Late 1999 I held a presentation about future developments in computer security. By then, there was an overwhelming hipe in firewall installations. During my speech I was asked about my personal opinion about how firewalls will develop in the future.

My response was quite surprising to the audience.
Firewalls and Virus protection are as protective as a perforated condom works for saver sex.
The audience was not happy. They came for support in their next major investment. Speakers before and after me were praising the techology as a panacea for any sorts of protection.

After my presentation a professor of the local university approached me. He congratuated me on the overall speach but commented, that I was completely wrong on my deduction that firewalls would be unnecessary devices in the future.

9 years after

The Dot.Com bubble was building up, Application Service Provisioning was on the verge, it was clear by then that most communication in the future would traverse through three ports only: HTTP/HTTPS and SMTP (well, there still are some more around).

If so, every communication channel would be redirected in the future to use one of these channel (it proved correct as we see large scale spam and web site attacks and only a few successful expliots).

9 years from now

Where's the point?

Systems cannot be protected at the perimeter any more. Protection schemes have to be introduced into every software service and application. With the increasing offerings of Web Services, boundaries between companies vanish (yet the title). Our carefully crafted computer domains will erode. As soon as they are consolidated (after mergers and company consolidations) they will be obsolete.

We have to use services and data across company boundaries. Small companies have to share information in order to withstand the pressure introduced by large multination enterprises.

If so, this raises the question of who has and who owns information (in the form of data).

DRM becomes DARM

What we see in the music industry is an absurde effort to protect rights. DRM, Digital Rights Management (or restriction of rights of the owner) is a technological approach to manifest control over the use of data.

DARM, Data Access Rigths Management (sorry, I did not come across any suitable term so far), will be the next development. What ACLs are to the operating system, DARM will be to information.

DARM will not only cover the rights to access information, but also timing information and environmental parameters that allow for viewing the content (similar to cascaded style sheets on steroids).
In this future, the concept of computer domains makes no sense.
Notebook users (especially those using Microsoft Windows) have trouble traversing domains. Trusts on the domain level have to be set up or the user will not be able to access any peripherals or services provided by the local domain.

With the concept of Service Oriented Architecture carried on, the IT of the company of the future will pretty much look like an encapsulated ISP. Services will be offered to anyone subscribing to it.
  • Questions about ownership of data and services have to answered.
  • Issues of multi cultural access and presentation have to be solved.
  • Problems relating to the timely validity will arise.
  • Censorship and circumvention of it will be on the agenda.
But I doubt that in 9 years from now we will see a logon dialog that offeres the domain as third parameter to authentication.