One project we’ve been working on for a while is single sign-on across all our servers and other services (e.g. SVN repository, a few other things). One thing I wanted to avoid, I guess for mostly religious reasons, was reliance on a Windows instance for any of our production environment. The logical part of my brain knows that people build huge websites with Windows farms and AD, but my gut still doesn’t trust it. So what I wanted to do was setup OpenLDAP as a “slave” to an Active Directory “master” and have all the LDAP info propagate over the slave whenever any changes were made in the master. I’ve done this with DNS – setup Bind as a slave to an AD server and everything basically works as I expect in a Bind-Bind master/slave scenario. Well, it turns out that it doesn’t work like that when it comes to LDAP. Apparently AD doesn’t follow the RFC for LDAP (surprise!) so many things that would be expected to work with OpenLDAP won’t.
This is pretty weird. Bluetooth worked fine under Win XP. The computer is an HP/Compaq nc8430. When I go to the Bluetooth control panel I get “Your computer does not have any Bluetooth adapters plugged in.” The weird thing is, sometimes I’ll see the bluetooth logo in the taskbar at the top, but then when I look again it’s gone and I have no idea how to get it back. When I booted it up this morning I noticed the icon was there so I ran some of the debugging tools for Bluetooth and checked dmesg and this time at least it looks like at least there’s proof that Linux CAN see the Bluetooth adapter, I just don’t get why it then stops recognizing it after just a minute or two, and a reboot doesn’t even consistently bring it back.
So I got this 128 gig Corsair SSD and put it in my laptop at work. After some fiddling I copied my old disk over to my new disk by booting to Knoppix and doing
dd if=/dev/sda of=/dev/sdb bs=4k conv=notrunc,noerror. It’s a lot faster, but what’s really fast now is my Windows XP VM. Anyway, I was looking into other filesystems to try out on SSD to improve speed and I found this article claiming that NILFS is the best choice. So I decided to test it using the same ghetto test I always use for filesystem performance: dd!
This is annoying. I’m attempting to get to my photos on my Win 7 desktop from my Linux laptop. It works in Win XP clients, but smbclient is failing:
[evan@ehoffman ~]$ smbclient -L //192.168.10.105/ Enter evan's password: Domain=[EVAN-WOLFDALE7] OS=[Windows 7 Ultimate 7100] Server=[Windows 7 Ultimate 6.1] Sharename Type Comment --------- ---- ------- Error returning browse list: NT_STATUS_NOT_SUPPORTED session request to 192.168.10.105 failed (Called name not present) session request to 192 failed (Called name not present) session request to *SMBSERVER failed (Called name not present) NetBIOS over TCP disabled -- no workgroup available [evan@ehoffman ~]$
Update: This appears to be resolved in Samba 3.4.3 (release notes). Since there’s no RPM for 3.4.2 for FC11 I downloaded the source and built it and tried the smbclient against my Win7 box and it worked fine.
I’m giddy! I found this post on mozdev.org which was magical.
[evan@ehoffman ~]$ java -version java version "1.6.0_17" Java(TM) SE Runtime Environment (build 1.6.0_17-b04) Java HotSpot(TM) 64-Bit Server VM (build 14.3-b01, mixed mode)
[root@ehoffman plugins]# uname -a Linux ehoffman 18.104.22.168-64.fc11.x86_64 #1 SMP Fri Sep 25 04:43:32 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux [root@ehoffman plugins]# pwd /usr/lib64/mozilla/plugins [root@ehoffman plugins]# ln -s /usr/java/jdk1.6.0_16/jre/lib/amd64/libnpjp2.so
The main thing I was missing was that the plugin isn’t libpluginjava_oji.so, or whatever I thought it was, but libnpjp2.so. Once I created the symlink into /usr/lib64/mozilla/plugins it worked (as verified on http://www.java.com/en/download/help/testvm.xml and http://www.java.com/en/download/installed.jsp).
That’s all it takes to get the Sun Java plugin working in Firefox on Linux.
My work laptop, which I got around the end of 2006, was starting to run like crap. Pretty sure it started around the time I put antivirus on it, which reinforces my theory that antivirus is a virus itself. Anyway, being bored with Windows XP and having already played with Windows 7 at home, I decided to install Linux. The last time I tried Linux desktop was around RedHat 7.3, which was a long time ago… pre-Fedora even. I’m pretty happy with CentOS on the server side and was set to try CentOS 5.3 on my laptop when someone suggested I go with FC due to more bleeding-edge driver support. Even though the hardware is pretty old at this point I figured it was worth a shot.
Generally everything works pretty well. Everything pretty much works out of the box – I had dual screens up at native resolution, it even recognized my phone as a camera when I plugged it in to charge it. Best of all, I was able to resize the NTFS partition (rather than blowing it away) so I can still boot back to XP when the need arises.
There are 2 problems I’ve had so far though:
- the computer now hovers between 76 and 85 degrees Celsius, whereas under Win XP it generally peaked around 68 C. I tried underclocking the CPU down to 250 MHz but the problem persisted.
- The Java plugin for Firefox … wtf? How can this not work? I downloaded Sun’s JDK and symlinked the libjavaplugin_whatever into /usr/lib64/mozilla/whatever/ and that didn’t work. Then I tried “yum install java-plugin” or something like that and that installed some OpenJava-ish plugin which looked like it was going to work, but when I logged into the Raritan KVM and clicked “Connect” it wouldn’t work. I booted up Win XP in a VM and Firefox with Java works fine. Really annoying and dumb.
I’ll probably try Ubuntu tomorrow as several people suggested it runs cooler than Fedora. If that fails then I guess I’ll go to Win7 after all. I also want an SSD for my work laptop now… my Windows VM seems to spent eternity spinning my crappy 5400 rpm drive. Plox.
This is what I use on my CentOS boxes/VMs, it rate-limits the connections and also rate-limits the log messages (to prevent attacks that attempt to fill up the server’s disk).
iptables -N LOGDROP #Create the LOGDROP chain
iptables -A LOGDROP -m limit --limit 1/s -j LOG --log-prefix "LOGDROP: " # Rate-limit the logging so the logs don't fill up the server
iptables -A LOGDROP -j DROP
iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/16 -j ACCEPT # Allow everything from the internal network
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set # create the "bucket"
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j LOGDROP # if there are more than 4 connection attempts in 60 seconds from a given address, log-drop it.
After issuing these commands I run
/etc/init.d/iptables save, that persists the rules to … somewhere. Alternatively I sometimes put all the above commands in some bash script and just call it from /etc/rc.local.
I wrote a crappy perl script to read all the .flac files in a directory and convert them to MP3 using LAME, extracting the meta-data and inserting it as ID3v2 tags. I figured this might be somewhat useful to others, so here you go: