Archive for the ‘Debian’ Category

How did Microsoft get Vista so wrong?

Tuesday, May 6th, 2008

Before anyone accuses me of being a Linux bigot, I would like to say that I’ve been frustrated by Ubuntu lots of times. Wireless networks on laptops have always been a bit of a bugger and my latest install on a partition of my laptop has been no exception. Getting an EEE PC has shown me how good Linux on a laptop can be, if it’s set up right by the manufacturers. Ubuntu does quite a good job at this but it’s certainly not for the impatient. Dell, Samsung, anyone, please start selling more Ubuntu laptops with all that boring driver nonsense sorted out!

Working with Debian servers at the command-line has never been anything but an unalloyed pleasure. I have a extremely complicated set of tasks that I want to achieve and the stable version of Debian has always done them quickly and painlessly. Some stuff takes research. I’ve no idea how much of my career has been taken up with reading tutorials on the syntax of UNIX config files, probably more time than I’m going to get back. But once you know something and it works it works well. On servers (which, at a glance, are indistinguishable from their counterparts from the 1970s), the bottlenecks have always been my intellect, knowledge and imagination.

And then there’s Vista.

At first I thought that it was a brilliant. Good look, nice fonts, WinKey+Tab 3D funkiness and so on. But then you use it and before long you need a shot of whiskey just to calm your nerves.

If I access an FTP server (even on a cheap shared host) or SSH daemon, logging on and moving from directory to directory is quick. Most programs, including Nautilus out of the box on Ubuntu, allow you to store previous connections. XP used to remember the SMB shares that I had accessed. However, in Vista, every time I go to the network window in the start menu, the list has to be refreshed. Why? And does this takes so long? Does the computer ping the whole of 192.168.*.* or something?

Eventually, you get a list of computers on the LAN. You start to move about but just going from one folder to another can take up to a minute. Eventually you get to a folder that just locks up the computer for a few minutes, Explorer tells you that access is denied and restarts Explorer.

You get a link to

http://support.microsoft.com/?kbid=937097

which tells you that an error occurred and gives you information on how to load up the event viewer that also tells you that an error occurred. Great! I guess that I better contact my system administrator.

I had hoped that the Vista service pack would sort this sort of nonsense out but it hasn’t.

I’m loath to spend an evening hacking away at config files on the Ubuntu partition of my laptop just to get the sodding wifi adapter to work but anything’s gotta be better that the soul destruction that is using Vista all day everyday.

People talk about Cognitive Surplus:

http://jeremy.zawodny.com/blog/archives/010218.html

I guess that any system where the bottleneck isn’t your intellect, like Vista and Ubuntu some of the time, then the thoughts that should be going into your work end up getting clogged. Hence, the need for hard liquor…

Linux from Scratch and Vitualisation

Sunday, October 7th, 2007

I’ve been looking at the Linux from Scratch site recently and been thinking about whether making my own custom Linux installation would be worth the time and effort.

The only programs that I might describe as being of primary importance that I use on my servers are Apache with PHP, MySQL, Postfix and Courier. I’ve been toying with the idea of doing my own DNS serving but have kept putting it off. I’d like to separate these services to their own virtual machines for security and reliability. Having a complete installation of Debian on each virtual machine seems like overkill. Also, configuration of each machine should be tailored to the use of each program. Therefore, a custom installation of Linux à la “Linux from Scratch” seems like a good idea.

I imagine that others must have had a similar idea to this at some point. Does anyone know of any projects that are trying to build custom distributions honed for a single services to be run as a guest OS?

Apache Config on Debian for phpMyAdmin

Monday, July 2nd, 2007

I’ve just been installing phpMyAdmin on a Debian server. This is very easy; simply:

# apt-get install phpmyadmin

However, if you are working on a machine with many vhosts, you need to set up a vhost for pma. Again this is not difficult, the vhost is mostly standard. The following allows access to the phpMyAdmin vhost over HTTPS on port 50002 with basic authentication. It assumes that the public (/etc/apache2/ssl/phpmyadmin.example.com.public.pem) and private (/etc/apache2/ssl/phpmyadmin.example.com.private.pem) key files, the password file (/etc/apache2/passwords/passwords) and the group file (/etc/apache2/passwords/groups) exist and that port 50002 is not blocked by the firewall.

<VirtualHost 1.2.3.4:80>
    ServerName phpmyadmin.example.com

    Redirect permanent / https://phpmyadmin.example.com:50002/
</VirtualHost>

Listen 50002
NameVirtualHost 1.2.3.4:50002

<VirtualHost 1.2.3.4:50002>
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/phpmyadmin.example.com.public.pem
    SSLCertificateKeyFile /etc/apache2/ssl/phpmyadmin.example.com.private.pem

    ServerName phpmyadmin.example.com

    DocumentRoot /var/www/phpmyadmin

    <Location />
        AuthType Basic
        AuthName "phpmyadmin on example.com"
        AuthUserFile /etc/apache2/passwords/passwords
        AuthGroupFile /etc/apache2/passwords/groups
        Require group developers
    </Location>
</VirtualHost>

You run into difficulties, though, when you restart the server if you have the default AllowOverride settings. Normally it’s a good security practice to keep your Apache configuration as locked down as possible and only allow directives to be overridden when it’s necessary. Equivalent statements are true in any field of computer with regards to security. phpMyAdmin’s .htaccess file (as supplied via apt) has a number of directives that are not allowed by default config and it’s necessary to allow them in the vhost conf file.

I came up with:

<Directory /var/www/phpmyadmin>
    AllowOverride Options Indexes FileInfo Limit AuthConfig
</Directory>

Details of the AllowOverride dirctive can be found at

http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride

I have to admit that I’m a little confused about the way that they grouped the directives that you can allow to be overridden. Why are AuthConfig and Limit separate groups? There seems to be a lot of semantic overlap there. What about allowing Options to be overridden? What if a sys admin wants to limit which individual options can be overridden?

Altogether, that’s:

<VirtualHost 1.2.3.4:80>
    ServerName phpmyadmin.example.com

    Redirect permanent / https://phpmyadmin.example.com:50002/
</VirtualHost>

Listen 50002
NameVirtualHost 1.2.3.4:50002

<VirtualHost 1.2.3.4:50002>
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/phpmyadmin.example.com.public.pem
    SSLCertificateKeyFile /etc/apache2/ssl/phpmyadmin.example.com.private.pem

    ServerName phpmyadmin.example.com

    DocumentRoot /var/www/phpmyadmin

    <Directory /var/www/phpmyadmin>
        AllowOverride Options Indexes FileInfo Limit AuthConfig
    </Directory>

    <Location />
        AuthType Basic
        AuthName "phpmyadmin on example.com"
        AuthUserFile /etc/apache2/passwords/passwords
        AuthGroupFile /etc/apache2/passwords/groups
        Require group developers
    </Location>
</VirtualHost>