Sunday 31 August 2008

Intrepid Ibex on a Lenovo T60

Think of this post as somewhat of a response, or extension to Pavel Rojtberg's post regarding the need for closed-source drivers for the T60, that I've found on UbuntuWebLogs.org (posted August 30th). I'm also keeping this as install notes for when I will have to reinstall my laptop.

It seems that it is indeed no longer necessary to use closed-source drivers at all for a Lenovo T60 on Intrepid. On hardy, I also used to be forced to run the closed-source FGLRX drivers to handle advanced things like OpenGL (gaming and nice screensavers), dual-head setups, etc.

I've recently setup my work laptop to run Intrepid (alpha 4), and as such I did happen to notice this pretty nice change. So far, it works like a charm. A few notes I'd add however, is that the dual-head setup is slightly complicated if you want to not have to edit xorg.conf too much (since the possibility of running without the file is one of the features of Intrepid). So, here are my notes:

  • Don't even think of installing fglrx at all if you want the open-source drivers to work. The fglrx install (both from apt and from the ATI website) changes a lot of things, including the location of some libraries, it seems. If you install the driver, make sure you take all the steps to be really certain it's completely removed. If you're at the point that you think it's removed and you are now running on radeon or ati, and when you run glxgears or glxinfo it ends with a Segmentation fault, then it is VERY likely that it isn't completely removed yet. My guess would be to look in /usr/lib/xorg for the libGL libraries, and to remove the package that relates to these files (I'm not sure which one yet).
  • Go slowly, and if you're unsure, get rid of xorg.conf to start from scratch.
  • Don't trust the failsafe X configuration wizard too much, do the very basic, get back to some single-headed working config that pleases you and work from there.
  • If you want to run dual-head with a resolution any higher thant 800x600 (which I'd guess most people will want to do...), at this point in time you WILL need to slightly modify your xorg.conf file manually and add a Virtual line in the "Display" subsection of the "Screen" section to support your higher resolution, as described here, but you will NOT need the "MergedFB" option, since that will be taken care of by Xrandr. Hopefully the hard limitation of 1600x1600 as a Virtual resolution will be increased by the time Intrepid is released, but for now it blocks you completely from using xrandr right away to setup dual-head, and forces you to modify xorg.conf manually.
  • If you are like me and use a similar dual-head setup at work and at home with your laptop (but with different monitors), be ready for some minor modifications to xorg.conf. In my specific case, I found that modelines from my work secondary screen (a Samsung SyncMaster something 940a, 17inch), and my home secondary screen (Acer AL1716, 17inch), didn't always match. If I setup the dual-headed config with the failsafe wizard at work, and bring my laptop home, the modelines for work will not allow me to use my home screen, but if I do the config the same way at home, the modelines will still allow me to use my work screen. The modelines were of course completely handled by the failsafe wizard, I didn't have to edit xorg.conf.
  • Don't hesitate to break xorg.conf with some weird config (like refering to the fglrx driver when it isn't installed) to get in the failsafe X wizard if you need to... I don't know of a simpler way to get to it, but I admit I didn't really check.
  • Mind the command: "sudo dpkg-reconfigure -phigh xserver-xorg" to build for you a base xorg.conf file, if you want to start over with a clean config that will work quite nicely for single-screen setups.
The only slight annoyance I can think of, it that the gnome panels show up on my secondary screen every time I boot, but I'm thinking of trying it out like that for a little while.

As for the ath9k drivers, I'm not sure if they are already being used or not, and haven't had a change to look and make sure.

Wednesday 27 August 2008

I learned a new command today

Let's make it simple, it's pretty self-explanatory. Since I'm a netadmin, every little thing can help, and this is no exception. It should make my life MUCH easier.

sudo apt-get install sipcalc


And then:

mtrudel@icarus:~$ sipcalc 10.10.0.0/21
-[ipv4 : 10.10.0.0/21] - 0

[CIDR]
Host address - 10.10.0.0
Host address (decimal) - 168427520
Host address (hex) - A0A0000
Network address - 10.10.0.0
Network mask - 255.255.248.0
Network mask (bits) - 21
Network mask (hex) - FFFFF800
Broadcast address - 10.10.7.255
Cisco wildcard - 0.0.7.255
Addresses in network - 2048
Network range - 10.10.0.0 - 10.10.7.255
Usable range - 10.10.0.1 - 10.10.7.254

-
mtrudel@icarus:~$ sipcalc 10.10.9.9
-[ipv4 : 10.10.9.9] - 0

[CIDR]
Host address - 10.10.9.9
Host address (decimal) - 168429833
Host address (hex) - A0A0909
Network address - 10.10.9.9
Network mask - 255.255.255.255
Network mask (bits) - 32
Network mask (hex) - FFFFFFFF
Broadcast address - 10.10.9.9
Cisco wildcard - 0.0.0.0
Addresses in network - 1
Network range - 10.10.9.9 - 10.10.9.9

-

Beautiful little program, gives you all kind of useful information, and it's free!

Monday 25 August 2008

Intrepid's install takes a bus ride-long

I installed Intrepid Alpha 4 on my work laptop tonight. It's pretty nice -- it took the time of the bus ride home from work, plus a little more time.

So far, I'm not sure how well things go, but there has already been some small issues: failure on my first install try with full-disk encryption w/ LVM. Shortly later, some video corruption in usplash (and kept up if switching from X to consoles).

Other than that, there's been one instance where the Graphics submenu stayed open, wouldn't close (even if I clicked on an application -- nothing would happen), so I had to restart X.

Mostly however, it seems so far like it's stable enough to do actual work -- quite unlike Hardy's alphas which kept freezing my poor Thinkpad T60. VPNs work with vpnc, and ... not sure yet if they work through network-manager: network-manager-vpnc wouldn't enable the Add button, and I haven't had a chance to reboot yet.

Other than that, I like the NewHuman theme a lot ... not surprising given that Darklooks was already my favorite.

Evolution used to work, and now somehow tries to connect to the wrong Exchange server, although it doesn't hold its name anywhere in the config that I give the Exchange plugin -- maybe it tries to read domain information somewhere, but that doesn't seem quite ready yet.

Ah, I can't even think of other things to try anymore... Maybe more in a new post. I've got to check if a lot of bugs are opened yet.

And the bus ride... it takes about half an hour. Not bad, but that's definitely something that will need to be worked on.

Saturday 23 August 2008

UDF 2.5 support in Ubuntu, new network-manager

For the past week and half, I've been using the new network-manager packages from the network-manager team's PPA. My understanding was that these packages are pretty close to what will be included in Intrepid, while they seem to me like they have the benefit of being stable enough to be usable (and quite efficiently too!) on my work laptop... which needless to say, needs to be totally stable. I initially ran into small issues with password prompting for VPNs, but those have been resolved for a little while now. Anyway, here is the line you'll need to add to your sources.list file if you wish to try out the new network-manager packages:

deb http://ppa.launchpad.net/network-manager/ubuntu hardy main
deb-src http://ppa.launchpad.net/network-manager/ubuntu hardy main
One of the great things about the new packages is the possibility of running multiple connections concurrently (for example, both wireless and wired connections at the same time), and, in my opinion, much cleaner handling of multiple connection profiles -- for when you want to use static IPs for some place, DHCP elsewhere -- perfect for the mobile worker!

Also, I've struggled the other day with reading a UDF volume I created on my girlfriend's computer running Vista. Not expecting any issues with a newly burnt DVD, I happily chose to write the data in Vista's UDF format, only to notice that the specific format that is used is not recognized by Ubuntu, at least not in kernel 2.6.24-19. To add support for UDF 2.5, you will need to patch your kernel as directed in this fine Ubuntu Forums post:

http://ubuntuforums.org/showthread.php?t=718744

Happy hacking!

Wednesday 13 August 2008

More packaging fun

After a little break for vacation (and an awesome trip to Quebec city!), I'm back at working on the two packages I'm trying to get included in Ubuntu: congruity, and it's dependency; concordance.

Today, I've learned to clean up my debian/rules file (and got nice errors when I got too enthusiastic at it), and creating watch files.

The watch file stuff is quite interesting. It is quick, and efficient... If you want to learn how to use this to keep your packages up to date with the upstream (for example, a sourceforge project!), consult the very complete wiki entry about it at https://wiki.ubuntu.com/PackagingGuide/Howtos/DebianWatch.

Watch files basically contain lines of strings to parse in order to let utilities like uscan and uupdate download any new updated build tarballs from upstream.

Tuesday 12 August 2008

OpenChange: a nice boost for Linux adoption in the enterprise?

Since I'm already a happy user of Linux at work and fortunate enough to have other means to access email, calendar, and other services traditional on a Windows infrastructure through workarounds and generally complex tricks, I'm quite interested in the developments on offering support for the Windows infrastructure in Linux.

I found out today about OpenChange a somewhat new project to deliver MAPI support in various tools by implementing MAPI in a library. Although this is still fairly new and probably not yet ready for any kind of production use, I'm definitely going to give this some effort and try to have it run... perhaps even contribute code to it?

In my opinion, OpenChange brings a promising "outlook" for the future to enterprises wishing to migrate desktops to Linux, without necessarily going through the lengthy and complicated process of migrating Active Directory domains, Exchange servers with millions of messages, and other features in use immediately. For enterprises, although Linux desktops seem a good idea for, among other things, alleviating licensing costs; most are not yet ready to scrap complex Windows-based architectures, and will instead wish to make good use of them until upgrade (or migration) is no longer avoidable.

On the bright side, although OpenChange is not quite ready, Evolution at least has come a long way since previous versions provided on Ubuntu repositories. Since Hardy, it crashes less often, and you can even actually see free/busy information for other AD users, when Evolution decides it wants to cooperate :)

On the same subject, now that Active Directory integration is available through the use of Likewise Open on Hardy, joining a machine to a Windows domain is easier than ever. The constant state of progress I'm noticing from all distributions, but especially Ubuntu on the subject of Windows integration definitely gives me a lot of hope for the future.

Sunday 3 August 2008

RSA SecurID integration

Short rant here... Why is it that GNOME or KDE don't support using SecurID (or OTP or anything like that that could potentially display a prompt other than "Password: ") ? To me, it is a fairly important requirement, if not for server applications, at least for the interfacing between servers and Ubuntu desktops.

We use RSA SecurID to control access to systems. If you try to use the new PAM module provided by RSA, and attempt to connect to a system using, for example, sFTP, you will notice that nautilus or dolphin will just hang there, waiting indefinitely for something, and eventually time out. This is annoying, I feel like it could be something relatively simple to fix, and I am certain it would help not only Ubuntu, but just about any distribution to see more interest from large corporations, only because the security they use is supported, and does not pose a usability problem.

Interestingly, Dolphin in KDE4.1 seems to respond a little better, and actually displays a "OpenSSH" window with a PASScode prompt... However, it then complains immediately that it cannot grb the keyboard, and even if you type something it will not be used... and the prompt will still reappear 5 times :)

I will probably take a second attempt at fixing the issue, or at least finding where the problem starts, at least in nautilus. Is there anyone who knows that could point me in the right direction?

Encrypting data in Hardy...

Think of this post as a more or less of a response to David Thomas' post about how to encrypt data in Ubuntu... However, as a little warning, this has the potential to cause you issues depending on where you are travelling, what is the political climate like where you are going, or if your country has regulations about using encryption. I'm thinking France here, for example, where if I'm not mistaken you are not allowed to use specific encryption algorithms like 3DES or AES? If I'm mistaken, please let me know.

As for me, I'm only using it as a theft protection device, don't want people to have access to sensitive data that could be on my drive if I forgot my laptop somewhere or had it stolen.

Anyway, so you can encrypt your whole disk in Ubuntu. This feature has been available since Gutsy in the installer, where it will permit you to partition your whole disk using LVS and LUKS or some other system. You could also do the partitioning yourself, provided you remember to create the partition for "physical volume for encryption" first, and then use that as a "physical volume for LVS"... You'll also need to have /boot separate, unecrypted. Here's a nice overview of using the installer to encrypt the whole drive: http://learninginlinux.wordpress.com/2008/04/23/installing-ubuntu-804-with-full-disk-encryption/

Also, you can use another very nifty tool called TrueCrypt. Sadly, while some GUI (or so they seem, at first glance) tools exist in the repositories to interface with Truecrypt, the actual software still doesn't appear to be available. You can however get it here, on the official TrueCrypt website.

To setup a truecrypt drive, plug a USB key for example, run truecrypt, select the device and options and follow the directions. I've found that they are all pretty clear. I personally use this to secure my GPG key and lists of contacts... Oh, and my hackergotchi too :)

TrueCrypt happens to have this interesting feature where you can hide an encrypted volume inside another one, and thus benefit from "plausible deniability", since if only the outer volume was decrypted, the data contained (which would effectively be your inner encrypted volume) would not be distinguishable from random data -- still, I probably wouldn't let my life depend on people's lack of curiosity.

Anyway, using these two options, and strong passphrases, you would be able to deter most attempts at reading your personal, sensitive data, and you won't have to worry about the proprietary company information you were carrying to be viewed by your laptop's thief.

For now though, there's still nothing more secure than keeping sensitive data in your head only. Encryption can always, given enough resources thrown at it, be cracked, so this just one more thing to ... keep in mind.