Fedora

Warren wondered whether it would make any sense including a version of scp or ssh which do not encrypt their traffic on the network.

As far as I can see, such a tool would indeed be useful for many tasks. "brokensh" might not be that useful, but "brokencp" is certainly useful.
Consider the roadwarrior with his notebook who is transferring some data from the server to his notebook. He is already encrypting the data-traffic by using openvpn or ipsec. The network between his tunnel-terminator and the server can be considered secure. He would save CPU-time by not having to encrypt the traffic twice.
Or the system-administrator who has to copy a whole tree of files, including permissions from one machine to another. He could just call tar c /dir | ssh root@server tar xv to achieve this. If the machines are directly connected the transfer is probably faster, as the data does not need to be encrypted. Generally, I do help myself in this case by using netcat, but still.

I for one do like the idea of selectivly disabling encryption for scp as long as the authentication against the remote system is secure, that is no cleartext password crosses the wire. I do not care if the attacker sniffing my line is able to reconstruct the latest Fedora ISO image which I'm copying, I do care that he is not able to sniff my password.

I tried the free as in beer vmware-server on our new quad opteron and probably got exactly what I deserved when using tainted modules. :-)

general protection fault: e040 [1] SMP
<Jan/04 01:48 am>last sysfs file: /class/scsi_host/host0/stats
<Jan/04 01:48 am>CPU 0
<Jan/04 01:48 am>Modules linked in: ipmi_devintf ipmi_si ipmi_msghandler vmnet(U) vmmon(U) ipv6 
ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables
x_tables video sbs i2c_ec i2c_core button battery asus_acpi ac parport_pc lp parport st sg e100
serio_raw pcspkr ide_cd k8_edac mii cdrom edac_mc floppy tg3 shpchp dm_snapshot dm_zero dm_mirror
dm_mod sym53c8xx scsi_transport_spi 3w_9xxx sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
<Jan/04 01:48 am>Pid: 2317, comm: vmware-vmx Tainted: P      2.6.18-1.2747.el5xen #1
<Jan/04 01:48 am>RIP: e030:[<ffffffff88395db1>]  [<ffffffff88395db1>] :vmmon:Task_Switch_S1B1+0x183/0x976
<Jan/04 01:48 am>RSP: e02b:ffff8801e79c7bb8  EFLAGS: 00010282
<Jan/04 01:48 am>RAX: ffff820000000000 RBX: ffffc2000003d000 RCX: 000000000000e040
<Jan/04 01:48 am>RDX: ffff82000000e040 RSI: 0000000000000000 RDI: ffff8801e9bf6000
<Jan/04 01:48 am>RBP: 00002aaaada80a80 R08: 7fffffff00000001 R09: 0000000000000000
<Jan/04 01:48 am>R10: ffff8801e79c7e98 R11: 0000000000000048 R12: ffffffff8058e000
<Jan/04 01:48 am>R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000660
<Jan/04 01:48 am>FS:  00002aaaada80a80(0000) GS:ffffffff8058e000(0063) knlGS:0000000000000000
<Jan/04 01:48 am>CS:  e033 DS: 002b ES: 002b
<Jan/04 01:48 am>Process vmware-vmx (pid: 2317, threadinfo ffff8801e79c6000, task ffff8801ee6fd040)
<Jan/04 01:48 am>Stack:  736282f99c4145dc  000000009d53f5e8  ffff8801e9bf6000  0000000000000246
<Jan/04 01:48 am> 000000008005003b  00002aaaabb65290  00000000b41c1cc3  0000006300005eaf
<Jan/04 01:48 am> 820000000000efff  ef980ea576c5ffff
<Jan/04 01:48 am>Call Trace:
<Jan/04 01:48 am> [<ffffffff883994eb>] :vmmon:Vmx86_RunVM_S1B1+0x3f/0x1a8
<Jan/04 01:48 am> [<ffffffff8838c21e>] :vmmon:__LinuxDriver_Ioctl+0x387/0xd35
<Jan/04 01:48 am> [<ffffffff8027f6f0>] __wake_up_common+0x3e/0x68
<Jan/04 01:48 am> [<ffffffff8022e141>] __wake_up+0x38/0x4f
<Jan/04 01:48 am> [<ffffffff80260729>] _spin_lock_irqsave+0x9/0x14
<Jan/04 01:48 am> [<ffffffff802976dd>] futex_wake+0xc6/0xd5
<Jan/04 01:48 am> [<ffffffff803045f9>] avc_has_perm+0x43/0x55
<Jan/04 01:48 am> [<ffffffff8838daf7>] :vmmon:LinuxDriver_Ioctl+0x529/0x583
<Jan/04 01:48 am> [<ffffffff8030512d>] inode_has_perm+0x56/0x63
<Jan/04 01:48 am> [<ffffffff803045f9>] avc_has_perm+0x43/0x55
<Jan/04 01:48 am> [<ffffffff8026a78d>] monotonic_clock+0x35/0x7b
<Jan/04 01:48 am> [<ffffffff803051ce>] file_has_perm+0x94/0xa3
<Jan/04 01:48 am> [<ffffffff8838db74>] :vmmon:LinuxDriver_CompatIoctl+0x23/0x36
<Jan/04 01:48 am> [<ffffffff802d7230>] compat_sys_ioctl+0xc5/0x2b1
<Jan/04 01:48 am> [<ffffffff8025d54d>] ia32_sysret+0x0/0xa
<Jan/04 01:48 am> [<ffffffff8025d4e2>] ia32_syscall+0x1e/0x6b


<Jan/04 01:48 am>Code: 0f b6 42 05 83 e0 0f 83 f8 0b 75 0c 8a 42 05 83 e0 f0 83 c8
<Jan/04 01:48 am>RIP  [<ffffffff88395db1>] :vmmon:Task_Switch_S1B1+0x183/0x976
<Jan/04 01:48 am> RSP <ffff8801e79c7bb8>
<Jan/04 01:48 am> <0>Kernel panic - not syncing: Fatal exception
<Jan/04 01:48 am> (XEN) Domain 0 crashed: rebooting machine in 5 seconds.

I fear I'll have to look into xen a bit more and use that in the meantime.

UPDATE: Turns out, it's currently impossible to do what I want:

• Xen and VMware are impossible to run at the same time
• Running ia32 guest inside of a x86_64 Xen instance does not work. It seems to be a planned feature though.
• qemu is slow and the binary kernel accelerator does not work on x86_64

I guess I'll just have to disable Xen for now and go with vmware until I have new hardware for the soon to be virtualized host. :(

At this last year's Chaos Communication Congress in Berlin there was a short presentation about the One Laptop Per Child system.

I couldn't make the talk itself but managed to take a closer look at the OLPC later on when it was on display at the Wikipedia booth.
My opinion of the device so far is mixed.
The software collection looks nice but still a bit rough about the edges.
The hardware in general definitely looks good. Small, portable and low-power. The display especially is really good looking and offers an enjoyable sharp display. I expected something a bit more low quality after following the swizzle mode blog post by Manu but was positivly surprised.
The keyboard however sucked!

I might be spoiled keyboardwise as I'm nearly exclusivly using IBM Model M Keyboards which feature distinct tactile feedback and I really detest the soft keyboards which are generally available today.

The OLPC keyboard however is something else. I haven't yet seen such a mushy keyboard in a notebook. The keys are quite flat with a very small keydrop of said 1mm. This would be acceptable if there would be some more resistance when depressing the keys. The BTest-1 System I tried however was so squashy I had to keep looking at the screen to check if the key I pressed actually was pressed.
In general the keyboard feels rotten which is a pity as the system would otherwise be very neat.

I'll be in Ireland from the 11th of September (cheap flights, *nudge* *nudge*) to the 25th on vacation together with Mara.
As this year's aKademy, the kde developer conference, is going to take place in Dublin from the 23rd on, I'm wondering if I should plan on being the last two days in Dublin. After all, aKademy is fun. At least that was the opinion after being part of the team who made aKademy 2004 a huge success.

So, who else from fedora/redhat is going to be there and who knows a good karaoke bar? And is it going to be better than Linuxtag 2005 in Karlsruhe?

I've finally gotten myself a SIP hardware phone after testdriving several softphones and finding each lacking. Even ekiga (formerly known as gnomemeeting) doesn't really satisfy:
Nearly no debugging output, meaning I have to whip up ethereal all the time, and many crashes when shutting down the app are not really strong points.

Anyway, I chose a Snom 360 SIP-phone after finding out, that the device is running an embedded Linux. Unfortunately, the company is turning from completely open firmware versions to gpl source and lots and lots of binary-only userspace daemons. However, there is a project trying to write a replacement firmware for the Snom 360.

After connecting the phone the the local network and seting up some external sip providers, one quickly notices the problems NAT is posing for SIP. When not configuring a STUN Server and a RTP Proxy the signalling of your call succeeds, but you will not be able to hear anything.
Bummer.

Luckily there exists a nat-helper module for iptables, allowing your router to track and modify the SIP packets and thus letting the audio packets through the nat and the firewall.
Unfortunately this module is not yet included in the main kernel but only available in the Netfilter Patch-O-Matic.

However, with the help of the new kmodhelper building external modules for your Fedora kernel is no big deal anymore. Simply download sip-conntrack-nat-kmod-0-1.20060717svn.2.6.17_1.2157_FC5.src.rpm and rebuild the module for your kernel version:

[andreas@bofh ~]$ rpmbuild --rebuild sip-conntrack-nat-kmod-0-1.20060717svn.2.6.17_1.2157_FC5.src.rpm \
        --target=$(uname -m) --define "kversion $(uname -r)"
Installing sip-conntrack-nat-kmod-0-1.20060717svn.2.6.17_1.2157_FC5.src.rpm
Building target platforms: i686
Building for target i686
...
Wrote: /home/andreas/fedora/redhat/RPMS/i686/kmod-sip-conntrack-nat-0-1.20060717svn
       2.6.17_1.2157_FC5.i686.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.23234
+ umask 022
+ cd /home/andreas/fedora/redhat/BUILD
+ cd smixer
+ rm -rf /var/tmp/smixer-1.0.4-1-root-andreas
+ exit 0
[andreas@bofh ~]$

Next, you can install the just built module with "rpm -ivh your_rpms_pathkmod-sip-conntrack-nat-0-1.20060717svn.2.6.17_1.2157_FC5.i686.rpm".

All that is left to do is edit /etc/sysconfig/iptables-config to load your newly installed module.

# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES="ip_nat_sip ip_nat_ftp ip_nat_h323 ip_nat_irc"
...

After calling "service iptables start" your SIP phone will suddenly start working and you can hear the person at the other end. And all that without having to fiddle with specific port-forwardings over a huge number of ports.
Yay! \o/

[Note to english speaking readers, aggregating this blog: The following article is written in german about gaining root on a piece of embedded server monitor hardware from Rittal and configuring ssh access. If there is demand, I'll translate this article in english as well.]

Ich hatte zuvor ja schon hier und hier ein wenig über das Rittal CMC-TC System gesprochen, dass wir verwenden um unseren Serverschrank zu überwachen.

Das System selber ist soweit ja sehr schön, und hat auch ein paar nette Features, aber leider fehlt z.B. der ssh Zugang. Telnet anzubieten ist doch schon ein wenig schwach heutzutage. Das ganze wäre ja kein Problem, würde Rittal sich an die GPL Lizenz halten, und mir den Sourcecode und die Buildumgebung zur Verfügung stellen, die gebraucht wird um sich einen eigenen sshd zu installieren.
Nunja, mal schauen was das noch wird.

Nun will ich aber dennoch einen ssh Daemon auf dem Gerät haben, was sich auch nicht als sonderlich kompliziert rausstellt. Man muss das Gerät nur booten und den vorhandenen sshd starten.

Aber fangen wir vorne an.

Schauen wir uns also mal die Bootmeldungen an:

U-Boot 1.1.3 (Jun  8 2005 - 15:08:40)

U-Boot code: 20F00000 -> 20F1A868  BSS: -> 20F1EE48
RAM Configuration:
Bank #0: 20000000 16 MB
Board: CMC-PU2 (Rittal GmbH)
Flash:  8 MB
In:    serial
Out:   serial
Err:   serial
Hit any key to stop autoboot:  0
no DHCP
## Booting image at 10030000 ...
   Image Name:   ARM Linux-2.4.27
   Created:      2005-04-22   4:52:03 UTC
   Image Type:   ARM Linux Kernel Image (gzip compressed)
   Data Size:    698499 Bytes = 682.1 kB
   Load Address: 20008000
   Entry Point:  20008000
   Verifying Checksum ... OK
   Uncompressing Kernel Image ... OK

Starting kernel ...

Linux version 2.4.27-vrs1 (mkr@s020403) (gcc version 2.95.4 20010319 (prerelease/franzo/20011204)) #2
     Fri Apr 22 06:49:12 CEST 2005
CPU: Arm920Tid(wb) revision 0
Machine: ATMEL AT91RM9200
On node 0 totalpages: 4096
zone(0): 4096 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: root=/dev/mtdblock3 ro ethaddr=00:d0:93:12:34:56 ip=192.168.0.190::::
     CMC-TC-PU2::off console=ttyS0,9600
mtdparts=cmc_pu2:128k(uboot)ro,64k(environment),768k(linux),4096k(root),-
Calibrating delay loop... 89.70 BogoMIPS
Memory: 16MB = 16MB total
Memory: 14452KB available (1382K code, 275K data, 60K init)
Dentry cache hash table entries: 2048 (order: 2, 16384 bytes)
Inode cache hash table entries: 1024 (order: 1, 8192 bytes)
Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Buffer cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
CPU: Testing write buffer: pass
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
JFFS2 version 2.1. (C) 2001 Red Hat, Inc., designed by Axis Communications AB.
RAMDISK driver initialized: 16 RAM disks of 8192K size 1024 blocksize
 Amd/Fujitsu Extended Query Table v1.3 at 0x0040
number of CFI chips: 1
cfi_cmdset_0002: Disabling fast programming due to code brokenness.
Creating 5 MTD partitions on "CMC PU2 flash":
0x00000000-0x00020000 : "uboot"
0x00020000-0x00030000 : "environment"
0x00030000-0x000f0000 : "linux"
0x000f0000-0x004f0000 : "root"
0x004f0000-0x00800000 : "Partition_004"
i2c-core.o: i2c core module version 2.6.1 (20010830)
i2c-dev.o: i2c /dev entries driver module version 2.6.1 (20010830)
ttyS0 at MMIO 0xfefc0000 (irq = 6) is a AT91_SERIAL
ttyS1 at MMIO 0xfefc4000 (irq = 7) is a AT91_SERIAL
ttyS2 at MMIO 0xfefc8000 (irq = 8) is a AT91_SERIAL
ttyS3 at MMIO 0xfefcc000 (irq = 9) is a AT91_SERIAL
ttyS4 at MMIO 0xfefff200 (irq = 1) is a AT91_SERIAL
eth0: Link now 100-FullDuplex
eth0: AT91 ethernet at 0xfefbc000 int=24 100-FullDuplex (00:d0:93:12:34:56)
eth0: Davicom 9196 PHY (Copper)
AT91 Watchdog Timer enabled (5 seconds)
Found AT91 i2c
I2C: RS5C372 RTC driver successfully loaded
CMC buzzer driver $Revision: 0.2 $
CMC digital IO driver $Revision: 0.2 $
Serial driver version 0.03 (2004-12-17) with no serial options enabled
ttyS5 at 0xc2084000 (irq = 29) is a TI16752
ttyS6 at 0xc2086000 (irq = 30) is a TI16752
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 1024 bind 1024)
eth0: Link now 100-FullDuplex
IP-Config: Guessing netmask 255.255.255.0
IP-Config: Complete:
      device=eth0, addr=192.168.0.190, mask=255.255.255.0, gw=255.255.255.255,
     host=CMC-TC-PU2, domain=, nis-domain=(none),
     bootserver=255.255.255.255, rootserver=255.255.255.255, rootpath=
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
NetWinder Floating Point Emulator V0.97 (double precision)
VFS: Mounted root (cramfs filesystem) readonly.
Freeing init memory: 60K
serial console detected.  Disabling virtual terminals.
init started:  BusyBox v0.60.2 (2002.10.10-17:17+0000) multi-call binary
eth0: ROVR error
eth0: ROVR error
Startup CMC
no update..
CMC Applications
rs422, Version: V2.00, Build Date: Mon Sep 19 18:01:58 2005
eeprom, Version: V2.00, Build Date: Mon Sep 19 18:00:03 2005

rs232, Version: V2.00, Build Date: Mon Sep 19 18:39:00 2005

CMC-TC-PU2 Thu Jan 1  1970 00:00:15, User 0
CMC-TC-PU2 login: VCC status = OK
cmc_main, Version: V2.15, Build Date: Wed Nov 16 15:20:38 2005
No Options..

Setting up clock 18:03:30 15.06.2006

CMC-TC-PU2 Thu Jun 15  2006 18:03:35, User 0
CMC-TC 192.168.0.190 login:

Eindeutig. Ein Linux mit einer BusyBox Shell. Eine im Embedded-Bereich sehr verbreitete Kombination. In diesem Fall leider ein Lizenzverstoss.

Jetzt stellt sich die Frage, wie man root wird. Als Login hat man naemlich nur cmc und admin zur Verfügung, die beide normale Useraccounts sind und anstelle einer Shell ein fertiges Menü starten.

Im Nachhinein, nachdem man sich auf dem Gerät umgeschaut hat, fallen mir verschiedene Möglichkeiten ein, aber die einfachste ist dem Bootloader zu sagen, dass ich gerne eine Shell hätte.
Mehr Details gibt es im Rest des Artikels.

Luya is wondering whether Sun's recent press release, stating that they will be allowing distribution of their closed binary Java stack together with the operating system such as debian, fedora et al., means something for the GCJ project or Fedora.

The GCJ project is the GNU Compiler for Java, which aims to be a free replacement for the proprietary JDK from Sun. Right now, it's not there yet, but it's getting there.
However, it's good enough to compile the Java bits from OpenOffice. More about Java on Fedora can be seen on the Fedora Wiki.
For the casual user GCJ is enough. I've been using it for my University assignments exclusivly and it works like a charm. Even though, the compilerun is slooooow.

Anyway, back to Luya's question. Will the ability to ship the closed source JRE and JDK mean that Fedora's focus will shift from GCJ and Classpath?
The easy answer is no.
Fedora is all about free and open software. This will mean, that a closed source Java stack won't get into the Fedora Core nor will it get into Fedora Extras.
In case you need the JRE or JDK from Sun for your Fedora installation, the JPackage Project has some good RPMs.

Actually, the real question should have been, does Sun feel that it's hand is being forced by projects such as GCJ and GNU Glasspath?

Just seen on f(r)eenode/#fedora-extras:

[05:37] < Seg> Anyone use/used Sylpheed?
[05:37] < Seg> Seems like a good replacement for the email part of Evo.
[05:38] < BobJensen> Seg: USPS is a good replacement for the email part of Evolution some days

So true. :-D
(Note: USPS is the United States Postal Service)

Endlich ausgeschlafen. Ich habe mich dann doch entschieden erst gegen 13:30 auf dem LinuxTag aufzutauchen. Das Vormittagsprogramm war dann doch nicht soooo wichtig. ;-D Ausgeschlafen (heute war es zum Glück ein wenig kühler), frisch geduscht ging es dann los mit dem Ziel erstmal Pizza oder sowas zu jagen.

Netterweise traf ich auf dem Vorplatz ein paar Red Hat Leute die meinten ich solle einfach zum Stand gehen, sie hätten noch was zu essen.
Lecker. Mozarella, Tomate und Salat plus Brötchen.
Sogar ein sehr interessantes Zubereitung. Muss ich bei Gelegenheit mal selber probieren. Ein halbes Brötchen, mit Frischkäse oder Butter beschmiert, dann ein Salatblatt und oben drüber dann den Belag. Es gab Käse, Pute, Lachs, Mozarelle und Tomate.
Das ganze dann natürlich entsprechend verziert. Wallnuss und Kräuterbutter beim Käse, Petersilie beim Rest. Lecker!

Gesättigt ging es dann weiter auf dem Linuxtag.

Wie sehr sich Pläne doch ändern können.
Eigentlich war ja angedacht nach dem LinuxTag 2005 noch mit dem CCC Stuttgart und dem CCC Karlsruhe/Entropia gemeinsam zu grillen.

Pustekuchen.

Nach Ende der Messe hing ich kurz am RedHat Stand rum, um mir was zu trinken zu holen, kurz aufräumen zu helfen und anschliessend zu schauen ob man noch tolle Sachen zum abgreifen findet. (Fand ich nicht.).
Als das dann erledigt war, meinte lx noch, man würde sich nachher noch im Hotel treffen und dann essen gehen, und ich solle doch mitkommen.
Der Beginn eines langen abends...

Das Mittagessen bestand aus "Studi 2" und vielen Getränken in der "Kippe", eine Studentenkneipe in Karlsruhe. 3,50 für Schnitzel mit Bratkartoffeln ist wirklich ein vernünftiger Preis. ;-D
Die Diskussionen während dem Essen waren wieder excellent, wie üblich.
Das ist wirklich ein riesiger Vorteil beim Linuxtag: Es ist fast egal mit wem man sich unterhält, man lernt meistens was neues oder hat eine anregende Diskussion.

Nach dem aufwachen bin ich erstmal wieder daran erinnert worden, warum ich Karlsruhe nicht vermisse.

Wie die Jahre davor war es warm, schwül und komplett Windstill. Das Ergebnis ist unangenehm: Man wacht auf, klebt überall am Körper und fühlt sich gerädert. Gut, gerade letzteres mag auch daran liegen dass die Bauarbeiter auf der Strasse um 7:00 Uhr anfangen zu arbeiten. Wahhhhh. Also unter die Dusche...

During a recent Q&A Rebuild of the current Red Hat Enterprise Linux codebase and the Fedora Core codebase I found a number of packages which wouldn't build correctly in the new buildsystem.

As adding bugs in Bugzilla is a chore, when it's done via the webinterface I made a few bookmarks and bookmarklets, which make working with bugzilla.redhat.com easier:

It's over. The sixth GUADEC (Gnome User And Developer European Conference) has come to an end.

I'll explain a bit about our network layout, how to configure a Linksys WRT54GS with OpenWRT as a managed accesspoint for a conference, what problems arose with the 4G Access Cubes we used as a wireless bridge for Internet access and some tips and tricks in a future post.

But for now, let's just say it was fun and according to some of the attendants it was also the best GUADEC Conference ever.