No-one runs Linux, right? Well, not quite: here’s a list of fifty Linux users you might not expect. From our own government, to foreign states, to aircraft, to some of your favourite websites, Linux is everywere.
Why not give Ubuntu a spin today?
I just discovered Lightweight Portable Security a Linux distribution released by the US Air Force. The idea is that it’s a system which boots from a CD or flash drive and works entirely in volatile memory—thus any malware is unable to survive a reboot.
They even have an LPS-Remote Access which is the only way to access government systems without government-furnished equipment. That’s pretty cool!
It’s a nifty idea, particularly for folks who have to travel and use unknown hardware a lot. Of course, a true paranoid would develop his own version of LPS, not use one from the Air Force.
One of the few things I miss about Fedora when using Ubuntu and related GNU/Linux distributions is the ease of setting up fairly complex disk partitioning schemes. I’m a big believer in disk mirroring (to protect against hard drive failure) and in encryption (to protect against data loss due to hardware theft), and Ubuntu requires use of an alternate, text-based installer while Linux Mint doesn’t even do that much.
Fortunately, this is Linux, which means I have all the tools I need to get this to work. Many thanks to this guide from 2008, which provided the base instructions.
Note that I do not set up software RAID (mirroring) in this case, as these instructions are for a laptop. If you want mirroring, my advice is to build two partitions on each mirror, one for /boot and one for the mirror volume, then build an encrypted volume atop the mirrored volume; add that encrypted volume to a volume group; and finally build logical volumes in that volume group.
A note about naming: throughout these instructions I refer to rootvg as the root volume group. This is fine for small installations; however, if you ever move disks between computers that also have their own group called rootvg, this causes trouble (generally, failure to recognise the new physical and logical volumes). For that reason, in practice I usually name my volume group with some unique name, perhaps related to the hostname.
cryptpv /dev/sda5 none luks
/dev/mapper/rootvg-swaplv none swap 0 0
dm_mod dm_crypt sha256_generic æs-i586
After following these instructions, you should have a fully-encrypted root volume running Linux Mint.
Here’s a list of 97 essays for programmers, each written by a different author. They look pretty interesting, and the ones I’ve read seem pretty smart.
My acquaintances know that I work in computers; my friends may know that I’m a Unix sysadmin; my close friends might actually know that Unix is a computer operating system. What few if any of them know is why I use Unix, why I love using it and why I will not own a computing device without it. It boils down to the fact that I do not merely use computers; I wield them to some end—and there has not been an OS which has combined mainstream success and wieldability like Unix has.
Way back in the Dark Ages when I was in college, Thomas Scoville noted that Unix afficianados are a different sort; I think this is why. We don’t just use some code someone else wrote to make the computer do something he thought of; we write our own, to make the computer do something no-one ever thought of before. We don’t react to some foreseeable problem in some predetermined manner; we prevent the foreseeable problems from occurring in the first place, and discover new ways of resolving the unforeseeable.
A computer which doesn’t empower me in that way is merely a device. I might use it as I do a toaster, a screwdriver or a phone, but I will never live in it as I do on a command line.
The Electronic Frontier Foundation have a neat tool out: the Panopticlick. Many folks don’t know this, but every time you visit a web page your web browser sends lots of information to the web server you’re talking to—stuff like what web browser you’re using, what sort of pages you can read, which plugins you have installed and so forth. This is necessary in order for the remote web server to answer you appropriately. But it can be used to identify you.
How? Imagine that your web browser is just describing you: it might say that you have brown hair, blue eyes, fair skin, a mole on your left cheek, a slight limp, prefer wearing plaid shirts, never wear a hat, have a birthmark on your left ankle and so forth. None of those data are unique: the world is full of brunettes, full of folks with blue eyes and so forth. But there’re not that many brown-haired, blue-eyed, left-cheek-moled folks out there—and still fewer have fair skin, and fewer still have a slight limp, and fewer still have birthmarks on their left ankles.
Why does this matter? Well, it matters in the same sense that fingerprints matter. Every time you touch something, you’re leaving fingerprints—and every time you visit a website you’re leaving a fingerprint. Pretty nifty, huh?
Gunnar Ritter, maintainer of the commonly-used mailx
program, explains
why it’s not available on Windows. It’s an interesting
tale of how the kluges deep within that semi-operating psuedo-system
mean that even in 2010 design decisions made in the Seventies afflict
Windows.
They afflict Unix too, of course, but generally our design mistakes were smarter than Windows’s design mistakes. Even in error we’re better.
Here’s a nifty list of 100 interview questions for developers. I can’t say that I can answer them all, but I know most…and will learn the rest.
You just can’t ask for a better headline than this. It looks like the London Stock Exchange, having lost a packet due to using Microsoft and Accenture technology, has decided to call the whole thing off. No word yet on what the replacement will be, although Linux is one option.
Not that Linux—or even Unix—is necessarily the best option. There are even better OSes out there, for example any mainframe OS. The remaining midrange OSes like IBM i might not be a bad fit either.
The problem with Windows is not simply that it’s shoddy: all software has bugs, generally lots of them (Lord knows Linux has plenty). The problem is that it’s not resilient to those bugs, and that one has a great deal of difficult working around those bugs and flaws. Unix really isn’t that great in and of itself but one can extend it and massage it into shape; Windows isn’t that great (although the operating system itself—I don’t mean the user interface—might actually be better), but what you see is more or less what you’re going to get.
I’ve added more packages to my repository:
If you use Common Lisp to do graphics work, maybe these will be of some assistance.
Announcing the Octopodial Chrome Yum Repository I have packaged many Common Lisp packages for Fedora 11. Furthermore, I have set up a Yum repository to make it very easy to install Common Lisp packages. All you need to do is grab the repository RPM and install it. If using Firefox then Package Kit should open automatically; if using a command line you can install with:
rpm -ivh octopodial-chrome-11-1.fc11.noarch.rpm
From then on you can install new software as normal,
using yum on the command line, Add/Remove
Software
in the GUI or whatever your normal install method is.
The following software packages are currently available:
Please pass this information on to anyone who uses Common Lisp on Fedora.
A fundamental principle of the Internet is that all hosts are peers, that is, there is nothing fundamentally different about your laptop or Time magazine’s web serving computers: each is a computer; each can run the same software and communicate in the same way; neither is privileged over the other.
Net neutrality is an important implication of this principle. Basically, all hosts on the Internet have the same access to resources as any other host. That doesn’t mean that one can’t charge people for different types of access (e.g. online subscriptions to the Wall Street Journal), but it does mean that one can’t forbid some hosts from trying to talk to you while allowing others to do the same.
The big entertainment corporations hate the idea of net
neutrality, as it means that they actually have to convince their
customers to purchase their wares; they prefer a model like basic
cable, where every subscriber pays for BET or Nickelodeon regardless
of whether he wants it. They would like to form partnerships
with ISPs, charging all of an ISP’s customer in order
to provide content that only a few use.
Disney is the first to actually go ahead with this. It doesn’t matter whether or not I want to use their sports website (let’s put it this way: I have never watched a sports game on my computer, and I don’t expect to ever watch a sports game on my computer); my ISP is paying Disney no matter what—much as a shopkeeper might pay a mafioso—and thus I am paying Disney a little bit of money every month.
Note that this has nothing to do with sports. It could be a service I like—maybe something about homebrewing, or about politics, or whatever: it’s outright wrong to sell access at the ISP level rather than at the customer level.
Although it is rather neat that this involves Disney. Another online
commentator noted that Disney is to culture what thyroid cancer
is to metabolism.
It’s appropriate that The Mouse be
behind this latest instance of a monopolist abusing its position.
One of the truly wonderful things about programming in Common Lisp is that the system is complete interactive: the programmer can manipulate anything at run time, including the language itself. This is a really powerful technique—but how does one preserve the state of the system between reboots? And how does one get an image-based Lisp system to play nice with Linux’s system service model?
Well, John Wiegley published a great technique a few years which I’ve adapted for Tasting Notes. It’s remarkably simple: create a user to run the system as (just like other services like PostgreSQL or httpd); then create a standard init.d script to run the system. The really clever thing he does is start the system itself, a Swank listener and a kill port. Starting the system is self-explanatory, but what about the rest?
Swank provides a live connexion to a running Lisp system via which one can interact with the system’s internals. It’s pretty cool, and Wiegley’s method gets the job done. So far this is pretty standard stuff; I’ve used it in my own software.
The really clever bit is this bit of code here:
(sb-bsd-sockets:socket-bind socket #(127 0 0 1) *kill-port*) (sb-bsd-sockets:socket-listen socket 1) (multiple-value-bind (client-socket addr port) (sb-bsd-sockets:socket-accept socket) (let ((stream (sb-bsd-sockets:socket-make-stream client-socket :element-type ’character :input t :output t :buffering :none))) (princ "Saving core and shutting down…" stream) (terpri stream)) ;; Close up the sockets (sb-bsd-sockets:socket-close client-socket) (sb-bsd-sockets:socket-close socket))
What this does is wait until someone connects to *KILL-PORT*, then
proceeds to shut down the system, kill all threads and cleanly exit.
Smart and very simple: all the shutdown script has to do
is
Finally, it calls SB-EXT:SAVE-LISP-AND-DIE to save the current Lisp environment to a file; the next time it starts up it will run that image, so the software’s complete history is saved.
All in all, extremely nifty; I ported Tasting Notes to start using it this weekend.
Apple uses H.264 for a lot of its trailers; unfortunately Fedora
doesn’t come with it out of the box. Fortunately it turns out
that ffmpeg (available from RPM
Fusion) does support it, so all you need to do is run
Last night I upgraded to Fedora
11. I have to say that I’m impressed! It’s the first
Fedora upgrade in a long time which went in quickly and cleanly,
without any problems that had me tearing my hair out, which was a
problem with past releases (and I—a professional sysadmin and
geek—had trouble then you know that normal people did).
Overall, Fedora 11 looks more like a polishing
release than a
feature release: for the most part, things look & behave the same,
but they do it better, with fewer bugs.
The latest GNOME desktop looks even nicer than before, with clean lines and subtly eye-pleasing colours. It’s an improvement on the last, which was itself an improvement over previous versions. Session state appears to be working again, which is good (it was broken in Fedora 10).
I was able to get SBCL, PostgreSQL and CLSQL easily installed and got my beer tasting notes site back up and running very easily.
Likewise for the rest of this website and for all the other programmes I have installed on this computer. All in all it’s been a remarkably pain-free—even enjoyable—upgrade experience.
I can recommend the upgrade whole-heartedly. For those of you stuck on broken, proprietary, freedom-hating OSes: now’s the time to switch over. It’s worth it, really.
As most of my readers know, my day job is as a Unix system administrator for a large outsourcing company. What’s Unix, the non-technical among you might ask. Well, basically it’s just about the greatest computer operating system to achieve widespread use (there have been better or more interesting ones, but they never really took off). It turns 40 this year. Kinda funny that I work on something almost nine years older than I am.
Kinda sad that the computing world hasn’t adopted anything better in the intervening decades either.
Due to recently discovered vulnerabilities in the SHA-1 hashing algorithm, I am transitioning from my old PGP key to a new one. My old key was:
pub 1024D/47740A63 2001-06-26
Key fingerprint = 347A 5D07 607B 6D88
6882 5F64 4361 EBDA 4774 0A63
My new key is:
pub 4096R/A65E2454 2009-05-16
Key fingerprint = 0113 A3F5 598B 51C2
4D24 950B EC98 693D A65E 2454
An easy way to import the new key is to run gpg
–fetch-keys
http://www.octopodial-chrome.com/~ruhl/A65E2454.asc to fetch it
from my webserver; alternatively you could fetch it from MIT’s
public keyserver with gpg –keyserver pgp.mit.edu
–recv-key A65E2454
.
If you already know my old key, you can verify that the new key is
signed by the old one with gpg –check-sigs
A65E2454. If you don’t already know my old key, you can
check the fingerprint against the one above with gpg
–fingerprint A65E2454.
If you’re satisfied that you have the correct key and that you
trust it and me, you can sign my key with gpg –sign-key
A65E2454
If you _do_ choose to sign my key, it would be very useful if you
would upload the signatures, either by emailing to me with gpg
–armour –export A65E2454 | mail -s ’OpenPGP signatures
for A65E2454’ eadmund42@gmail.com
or by sending them to a key server with gpg –keyserver
pgp.mit.edu –send-key A65E2454
.
Please feel free to contact me if you have any questions. Sorry for the inconvenience, but it’s the price we must pay in order to have security.
Many thanks to Daniel Gillmor for his quick guide to making the transition.
Bob Martin proposes that software development teams model themselves after craft guilds, with a master programmer supervising journeymen programmers who supervise apprentices. Not only that, but computer science degrees would be replaced by apprenticeship in most cases. He demonstrates that such a team would be fairly inexpensive and could be highly productive. It’s an intriguing idea.
My big concern with eliminating college is simply that higher education expands the mind. But is it really necessary to spend $200,000 between the ages of 18 and 22 in order to expand one’s mind? Perhaps that’s really just a luxury for the rich.
The Guardian uses lots of free software to run their website. Recently, they discovered a bug, tracked it down, fixed it and submitted the patch to the developers. Were it proprietary software, they would have discovered it, but would have been unable to track it down or fix it, and the odds are that their vendor would not have considered it a high priority.
Free software rocks.
I recently discovered Craiglook, a mashup which adds a nifty search interface to Craigslist. For example, all bikes for sale within 20 miles of Denver. Might be more useful than the normal Craigslist.
Well, that title is a bit alarmist, but it’s true: Excel corrupts gene names and Riken identifiers in spreadsheets. I have to ask: if you’re doing anything important, why are you using Microsoft software to do it?
The Apple Macintosh turns twenty-five today. I still remember how amazing it was when Dad brought one home, and how much cooler the Mac, and Mac software, and Mac people, were than any other computer of the time. We boys spent hour upon hour playing Deja Vu and Dark Castle, making pictures in SuperPaint, writing papers and so on.
I’m a Linux geek now, but I’ll always have a certain soft spot in my heart for the classic black-and-white all-in-one Macs.
Computers generally track time as the number of units of time (e.g. second or milliseconds) since some date (called the epoch); Unix counts the seconds since 1 January 1970 at 00:00:00 GMT. Well, at 23:31:30 on 13 February 2009 it will be 1,234,567,890 since the epoch.
Yeah, I’m just a bit of a geek…
Tonight I upgraded to Fedora 10,
which was relatively less painful than such upgrades have been in the
past. One big problem, though, was
getting Blosxom working. Try as
I might, I kept on getting errors
in Permission
denied: exec of ’/var/www/blosxom/bin/blog’
failed.
After lots of playing around, I discovered the solution: just
run
Anyway, if you’ve been having this problem, there’s the solution.
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 
|
| Technorati
Profile
MEgalopolis font courtesy of Smeltery.
This is my blogchalk:
United States,
Colorado, Englewood, Centennial, English, , Robert, Male, 21–25, Free
Software, Society for Creative Anachronism.