Debian on my Sun Ultra 5

After playing with Solaris 10 for a few months I decided to try one of the linux-SPARC64 ports on my little ultra5.

My Sun Ultra 5

It’s a decent little box with an Ultra Sparc IIi @ 400Mhz and 512mb ram but one thing it lacks that I wish it had was SCSI. Sun used IDE in the Ultra5/10 to make it’s price point as low as possible. Unfortunately their choice of IDE controller chips wasn’t the greatest and the disk I/O performance on the ultra5 is terrible. Perhaps that was a strategic move on Sun’s part to ensure the Ultra 5/10 didn’t undercut sales of it’s much more expensive workstations and servers. And of course, Sun being Sun you can’t just use any old PCI SCSI card, you need one with Sun boot code support which immediately makes the price 2-3x the going rate for a decent SCSI card. Anyway, all that aside it’s a cheap little machine to learn the quirks of Sparc64 on.

Solaris is nice to know but truly a pain in the butt to work with compared to Linux if you want to build GPL software. I tried FreeBSD sparc64 but found the port a little unstable. I don’t know if it’s the age of the platform or the fact that anyone that wants to run Sun hardware is likely to be running Solaris but most distro’s that used to support Sparc have either gone away or stopped releasing sparc builds. Thankfully debian still has a well maintained sparc port that seems to be running fine on my little Ultra5.

There are a few quirks like the local console (keyboard/mouse) doesn’t appear to work, the console on serialA works fine though. I’m currently using my Ultra5 for backups with rsync, a music server running gnump3d and a secondary DNS caching box for my network. Soon it will be running a Hylafax fax server and Nagios monitoring. If I can find a Sun SCSI card cheap enough on ebay I will be running my DAT tape drive on it as well. Not bad for a machine that cost $100 used two years ago.

Update Nov 2007: This little machine made the trip across the country with me and is currently my webserver. If you’re reading this you’ve used CPU cycles on my ultra5! 🙂

Portupgrades gone wrong…

In a blaze of stupidity I missed the courier-imap config files in my backup script so tonight when upgrading said package I managed to destroy pop3 access to the entire mail server. Nice one. Anyway, things should be back to normal shortly, rewriting the configs as we speak. I guess that’s what I get for wanting to upgrade software that was working perfectly to begin with.

SSH key authentication made easy…

If you’re using openssh to connect to remote unix hosts the best way to handle authentication in most cases is with ssh keys. On windows you can use putty for ssh and pageant to manage your ssh keys. You can even create a shortcut in the startup folder with the following contents in the target box:

"C:\Program Files\PuTTY\pageant.exe" "c:\documents and settings\username\keys\id_rsa.ppk"

This will load pageant when windows starts and automatically prompt you for your passphrase. This is very convenient if you do a lot of ssh’ing to different machines since you never have to type another password or passphrase once pageant is loaded.

On a linux workstation you can have similar ssh key management with a tool called keychain. Keychain will allow you to load your ssh keys once and have them availible to all your open terminals. Normally you would have to type “ssh-agent bash && ssh-add” to have your key loaded, and this would only work in the current terminal window, something that can be quite frustrating.

On ubuntu you can install keychain with the following commands in a terminal window:

sudo apt-get install keychain

Then add the following lines to either your ${HOME}/.bashrc or /etc/bash.bashrc file.

keychain keyfilename
. ~/.keychain/`uname -n`-sh

Replace keyfilename with the name of your private keyfile, usually id_rsa or id_dsa. Now when you open a terminal you’ll be prompted with a passphrase dialog once. After that all your terminals should allow you to ssh without your passphrase or password.

Something else I would suggest is putting the following lines in your ${HOME}./ssh/config file.

Host *
ForwardAgent yes
ForwardX11 yes

This will enable ssh key forwarding from your host to the remote host, allowing you to use your key on any host from the remote host. It also enables X11 forwarding, something that’s nice if you want to use an X app on a remote machine and have it appear on your local display. A little slow but very nice to have sometimes.

Dual Head on linux Redux

So after a 6 month hiatus away from the dual head desktop setup I’ve decided to venture that way again. Nvidia has excellent linux driver support (what’s up ATI?) and using their binary X windows driver it’s really quite simple to implement dual head support. I simply added the following lines to my screen config in /etc/X11/xorg.conf file and restarted the X server.

Section "Screen"
Identifier "Default Screen"
Device "NVIDIA0"
Monitor "BENQ P992"
DefaultDepth 24
Option "TwinView " "on"
Option "TwinViewOrientation" "RightOf"
Option "MetaModes" "1280x1024,1280x1024;1024x768,1024x768;1280x1024,NULL"
Option "SecondMonitorHorizSync" "30 - 96.0"
Option "SecondMonitorVertRefresh" "50 - 120"
SubSection "Display"
Depth 24
Modes "1280x1024" "1024x768"

With twinview enabled X is unaware that there are two display devices and two monitors, this is all done by the binary Nvidia driver. So far it’s working great, the xinerama extensions in the Nvidia driver are allowing most apps to start in one window even though the virtual screen is 2560 (1280 + 1280) pixels wide. There’s nothing more annoying than having applications constantly centered in between both monitors.

Cleaning your Maildir

If you’re running a mail server like Qmail or my new favorite Postfix chances are you’re using the Maildir mailbox type. I like Maildir because it stores each mail in a separate file, making cleaning and managing mailboxes very easy on the server. Also, Maildir works over network filesystems like NFS much better, meaning you can have several mail servers using the same mailbox store and if messages are received for the same person on multiple servers there is no problem with access to the mailbox because the message will be stored in it’s own unique file.

Recently I was tasked to review a mailbox that was forgotten about on a mail server and had accumulated a lot of spam junk messages. Since there was a chance that there was valid mail in the box it was decided that we should task someone to go through it. The problem was there was 74,000+ messages in the mailbox, over half of which was surely spam and viruses.

With a simple find . -type f -exec grep -l -i "spamword" '{}' ';'|wc -l I was able to find and count the number of messages that contained spamword. Then by changing the command to find . -type f -exec grep -l -i "spamword" '{}' ';'|xargs rm -v I was able to remove all the messages that contained this word. By removing common spam words like “viagra, cialis, poker, pharmacy” I was able to cut down on a lot of messages.

Next was to scan for viruses. Using Clam Antivirus you can scan a maildir for viruses by using the –mbox command line switch. I chose to move all infected mails to a dir so I could later check them out by hand (just to be sure).

mkdir /tmp/clamscan-infected
chmod 777 /tmp/clamscan-infected/
clamscan --mbox -i --move /tmp/clamscan-infected/

I use /tmp because the directory needs to be one that clamscand in unprivileged mode can read/write to.

By scanning and removing commond spam words and viruses I was able to cut the messages down to around 22,000. I’m sure 99% of those are spam too.