Movin’ On Up!

I have moved! Check out my new home at:

http://blog.falconindy.com

While this page will remain up indefinitely, please update your bookmarks as I will no longer be posting here.

Saving Keystrokes With Brace Expansion

Bash is a wonderful fully featured shell that provides a multitude of ways to cut back on your keystrokes. One of my favorite features, which I don’t see used often enough, is brace expansion. Simply put, brace expansion lets you specify multiple similar arguments without retyping the commonalities.

With this handy feature, you can do a multitude of things. You can make a backup copy of a file:

cp /etc/mpd.conf{,~}  #Same as cp /etc/mpd.conf /etc/mpd.conf~

Then you can restore that file:

cp /etc/mpd.conf{~,}  #Same as cp /etc/mpd.conf~ /etc/mpd.conf

Obviously, it doesn’t stop here. You can make a whole directory structure:

mkdir -p /squashed/{usr,opt}/{rw,ro}  #Same as mkdir -p /squashed/usr/rw /squashed/usr/ro /squashed/opt/rw /squashed/opt/ro

Bash will expand ranges as well. You can create a zero padded range like so:

echo {000..100}  #Will print 000 001 002 003 ... 097 098 099 100

Ranges aren’t limited to being numerical. Better yet, expressions can be the preamble and postscript to each other.

echo {0..9}{A..Z}   #Prints 260 strings!

If you really use your noodle you can nest expressions, though I’ve personally not come across a situation where this has been needed (yet).

Gno More Gnome: Enter the Tiling WM

Gnome has always treated me well. It provides many of the features a user needs on a daily basis, and then some. Converts from Windows will appreciate the similar look and feel of a task bar, mouse behavior, and floating window layout thanks to Compiz or Metacity. Gnome has been my DE for quite some time now. I tinkered with KDE and XFCE, but they never seemed to behave as cleanly as Gnome. As my Linux skills have developed, I’ve found myself increasingly using the terminal. I’m proud to say that I’m 100% sold on Vim as a fully functional text editor with just about every feature I could ever want. My music player of choice is ncmpcpp — an ncurses based front end to MPD, and I use irssi for IRC. Gnome-Do, a fantastic application launcher, essentially was relegated as a launcher to urxvt. Then it hit me. Why am I bothering with this now seemingly archaic mouse-centric interface when I’m constantly using the keyboard? My GUI should complement this! I browsed around looking at various tiling window managers which were purported to be more keyboard friendly. Here’s a few I checked out:

Xmonad: Fairly lightweight, but being based entirely in Haskell, ends up being a fairly large investment if you’re not already using other Haskell programs. The config is, of course, also based in Haskell. Any changes require a recompile of the source code, as the config is essentially a header file, but this can be done on the fly and isn’t that unfriendly of a process. Addons such as Xmobar exist to give you a launcher and panel interface, making the environment more immediately informative. Given the Haskell overhead requirement and my lack of interest in learning the language, I quickly moved on. This isn’t to say that I’m discounting Xmonad as a window manager. A Haskell programmer would be more than at home here.

AwesomeWM: This tiler is, as you might expect, completely awesome. I found it to be somewhat full featured for the lightweight world of tilers. The source and config is written in Lua — a language I’m very familiar with after writing addons for World of Warcraft for a year. However, because its interpreted, it can be a little less responsive than a window manager based on a compiled language.  Awesome comes with several  helper libraries to improve your experience, colorfully named such as: awful, beautiful, wicked, and naughty. They bind with outside programs to give you features such as keybindings, popup notifications, and widgets. The downside is that the author of Awesome doesn’t live up to his own WM. Many users have left Awesome frustrated because of the tendency of the author to change the entire configuration format on a new release. Writing a proper config for a tiling WM can be tedious the first time. I’m not sure I want to be forced into rewriting just to get access to new features and bug fixes. It was here that I had my first introduction to a tiler called DWM, which Awesome is a fork of.

DWM: Dynamic Window Manager by suckless.org. Or as I would like to call it, Damn! Win Much? In addition to uncovering this via Awesome, I had also read briefly about DWM by way of the Arch Linux forums. I had seen oh-so pretty snapshots of users’ desktops in the monthly screenshot thread. This WM is about as basic as it gets, but it quickly grows on you. The codebase and config are both C, and who doesn’t have gcc installed on a Linux box? After gleefully compiling and building a package for DWM (which took less than 10 seconds), I was wondering if it would even work. Was I missing a file? An entire directory? There were no errors. Hrmm.. a quick check with `du -sh` in the build directory revealed something beautiful: The source code, dump files, compiled code, and the ready to install package comprised less than 400kb. It runs. A recompile is required when changing the config, but it can be done seamlessly. By executing dwm in an infinite loop via .xinitrc, you can recompile and reinstall DWM, use the default shift+mod1+q to kill the WM, and it immediately pops back with all your programs still running. Fabulous. The WM makes gratuitous usage of what it calls tags. Programs are defined in the config as associated with these tags so that they’re always opening where you expect them. Dmenu is another piece of software made by suckless meant to complement DWM. It’s an application launcher that will make Gnome-do users feel right at home. One last bit of praise — DWM has a man page in which no user of this WM will want to go without reading, as it provides extraordinarily useful shortcuts which you will use on a regular basis. You’ll also find that they’re somewhat reminiscent of Vim — mod1+h, j, k, l invocation is present.

Scrotwm: Honorable mention for name.

I’ll definitely be sticking with DWM for a while. While I’m not rushing off to uninstall Gnome just yet, I’m thinking it’s only a matter of time. One other thing to mention about almost any of these low level tiling managers is that the config doesn’t end with the WM specific config file. You’ll find yourself writing all sorts of helper scripts as well as fleshing out your .xinitrc, .Xresources, .xsession, .profile, etc. in order to complete your GUI experience. I won’t lie. It’s going to be a lot of work to get it just right, but similarly to a program like Vim, you have to look ahead and know that with the steep learning curve comes great power and fantastic results. You’re not alone though. The great Google provides unlimited resources for configuring just about everything, and many users of DWM and other tilers have made available their dot files and configurations via GitHub.

The Joy of Sec(urity)

Security is a big buzz word these days. As CPUs gets faster, the power of those with malicious intent increases, so on some level, it warrants some concern. The latest release of Ubuntu boasts the ability to encrypt not only your data partitions, but your swap as well. While this does have its place, I believe that whole hard drive encryption is often used unnecessarily, while other more appropriate security measures are ignored. Let’s examine something that I do feel is worthwhile, and can sometimes be overlooked.
SSH, for example, is a protocol that I use almost every day to access my home LAN. It’s easy, convenient, and far too often not secured properly. Here’s some easy steps you can take to make sure you don’t have any unwanted intruders:
  • Port: Change the access port for your SSH server. As the saying goes, “security through obscurity is no security at all”, but we’re not going to give an armchair cracker an excuse to think that your public IP is intriguing. The set of ports that most malefactors are interested in are in the 3 digit range, because that’s where the majority of the service ports are defined by the IANA. With that in mind, pick a port well into the 4 digit range, and try to make it something you’ll remember. Of course, you’ll need to make sure that you’re forwarding the correct port on your firewall as well.
  • Protocol: Ensure that SSH-1 access is disasbled by specifying “2”. SSH-2 clients are readily available for Linux and Mac via openSSH and Windows via PuTTY, so there’s no excuse for using an outdated protocol with proven security flaws. This also means using an rsa/dsa key pair for your host key. If you find that your default configuration was set to allow SSH-1 connections, you may have to regenerate the host keys with ssh-keygen.
  • ClientAliveInterval: Set a timeout for your sessions. This option is specified in seconds and will automatically disconnect you if you’re idle for longer than this duration. This is useful in case you’re pulled away from the computer you’re working at and forget to close your session.
  • Use your /etc/hosts.deny and /etc/hosts.allow to your advantage. If you’re only going to be connecting from specific locations, find out the public IPs of those locations and add them to your hosts.allow, while ensuring that hosts.deny denies everything else.
  • RSAAuthentication and PubkeyAuthentication: Use assymetric encryption to authenticate yourself by specifying “yes” to these. Making a public and private key pair is easy, and far more secure than any password you could ever dream up (and hope to remember). Controlling physical access to the keyfile is trivial, as well. Limit the number of places it exists. For example, my key only exists in two places: buried in my home directory with restricted permissions, and on my USB drive which stays attached to my keychain. It also uses a strong password which wouldn’t be easily cracked by a dictionary or brute force attack.
  • PasswordAuthentication: Disable password based authentication by specifying “no” to this. This goes along with the above. If you’re going to be carrying around your private key, there’s no need to leave the door open for someone to try and brute force their way into your system with a password. You can, however, allow password access from within your own network by using the “match address” parameter in your sshd_config file. There is a caveat with this: if you have a wireless network, please make sure its secure. Use WPA2 encryption with a strong passphrase, filter MAC addresses, set a narrow DHCP scheme, and if you’re truly paranoid, you can use a network mask of more than 24 bits to reduce the number of available addresses across the entire network. In other words, if you set a subnet mask of 28 bits or 255.255.255.240, you effectively have a network of 14 addresses, including your router (xxx.xxx.xxx.1 through xxx.xxx.xxx.14). This handy Subnet Calculator can help you find the fine tune your network to your needs.

Last but not least, check the logs! Make sure that your security measures are effective. If you see an IP that looks malicious and you haven’t set a deny all rule in hosts.deny with explicit allows, add the offending IP’s entire network to the deny list.

Happy SSH’ing!
Random website for those of you out there who are PC builders and think you have mad skillz. Check out  these and see how how much you have to learn about true artistry.

Arch Winix

Linux has always piqued my interest. Unfortunately, I was never willing to give up Windows because of my fondness for gaming. When I quit playing World of Warcraft over this past summer, my first instinct was to ditch Windows as well. Kick two bad habits once, right? I started with Ubuntu‘s Jaunty Jackelope, which whetted my Linux appetite. However, in the following months, I found myself getting bored and frustrated with the lack of control present in system. It’s great for some people, but for similar underlying reasons I ditched Windows, I felt it was time to move on to something bigger and better. Enter Arch Linux.

Installation

I’ll admit that installation was slightly daunting the first time around. Unlike Ubuntu, the “Live CD” drops you into a command prompt. You’re given 2 helpful hints: The users ‘root’ and ‘arch’ have no password and run ‘/arch/setup’ to install. Welcome to flavor country. Really though, the installer is fairly simple, and as long as you complete every task on the list, the install will go well. After I got my packages downloaded and installed, I got excited about the next step: Configure the system. I figured I’d get some sort of list of options to mull over and confirm. Wrong. You get a list of system config files and your choice of Vi or Nano. It’s also mentioned that you’re allowed to dump out to another tty (using alt+f-#) to edit “other” system files. What system files? Where am I? If you make it past the spiked pit, err config, you set your root password, install GRUB, and you’re done. Hurray! Back to the command prompt where you’re told to reboot. Wait, what? I don’t have a desktop yet? Oh god, where’s my X Server? You’re left feeling like you’ve just been violated.

Documentation

I jest, though. The documentation in Arch’s Wiki, in this case the Beginner’s Guide, is amazingly detailed and helps you through every step of the way. It guides you through the base install and helps you to build the X-Server, install video drivers and find a suitable desktop environment. The wiki continues to amaze me with the amount of useful info it provides. Want to install Samba? No problem. Not happy with your network management and you’d prefer Wicd or netcfg? Easy. Need a detailed tutorial on the ins and outs of NFS? Done. Want to build a mail server with Postfix backed up onto MySQL and with SquirrelMail for web access? It’s all there.

I just discovered recently that ManDB is more complete, with more info pertaining to a programmar’s view of Unix. For example, section 2 of the read and write functions don’t exist in Ubuntu. This may not seem immediately useful to everyone, but I’ve been dying to see those pages for quite a while now given their pertinence to writing assembly in Linux.

Architecture and “The Arch Way”

The first thing I noticed as a difference as far as system functionality was that Arch uses a BSD style init. WTF does that mean? Run levels still exist, of course, but you’ll find that everything that you once found in Ubuntu’s /etc/init.d/ is in Arch’s /etc/rc.d/. Instead of having shell scripts to install and uninstall services to various runlevels, you have /etc/rc.sysinit, /etc/rc.conf, /etc/inittab, and /etc/rc.local for your startup scripts. rc.conf is the real workhorse, controlling your extra hardware modules, network setup if you use the ‘network’ daemon, and your daemons.

Above all else, an element of control is ubiquitous in system management. Example: your daemons are kept in an array in rc.conf — the order of the daemons determines the order that they startup and shutdown. Pacman, when doing updates and installs, will never touch your config files. Instead, it leaves a config file with a .pacnew on the end. Its up to the user to run a diff and figure out what’s changed. Of course, given the element of control comes more responsibility. You have a full fledged root account on this distro, and you’ll definitely put it to use. Double check your spelling, and make glorious backups.

Another minor point: Something I noticed early on is that Arch is fairly aggressive in their kernel building. By default you’re given a low latency RCU implementation, which on a high level, means that more things are crammed into the CPU, and faster. That’s one of the items that compelled me to recompile Ubuntu kernels. A 2 hour process every few weeks is now less “necessary”. I’m sure that can only mean that someday soon I’ll be wading through my module list and recompiling to strip out the unnecessaries.

Package Management

Pacman has a slightly steeper learning curve than apt-get, but in practice, it’s far a more logical system. Execution is specified as an operation followed by options, all of them being a single letter. The command ‘pacman -Syu’ will do a full system upgrade — the equivalent of ‘apt-get update;apt-get dist-upgrade’. Upgrade didn’t go so well? Just run ‘pacman -Suu’ and you’ll be downgraded. The Q option prints your locally installed packages. Qs searches it. Ss is similar to Qs, but searches the repos. Check out the Pacman Rosetta of package management.

More points in favor of pacman. There are over a dozen wrappers for pacman that make it even more powerful. I use two of them, and really, I only need to use one. Powerpill implements pipelined downloads. Yaourt (Yet AnOther User Repository Tool) does everything pacman does, but adds improved search features as well as seamless access to the AUR (see below). I still use powerpill on a daily basis, but yaourt should do be doing everything. Yaourt’s config allows you to modify what it acts as a wrapper for. Better yet, so does powerpill. I have pacman-color (just adds color to pacman), powerpill, and yaourt all installed right now. Yaourt wraps powerpill, powerpill wraps pacman color. Swanky.

Repositories themselves are FAR simpler than Ubuntu. No need to go out and find a PPA every time you want to install a new program because you fear the uncleanliness of compiling and installing from some noodle noggin’s make file. Arch, by default, includes 4: Core, Extra, Community, and Testing (not enabled by default). The AUR (ArchLinux User Community Repository) also exists, which is a community maintained repo of unsupported (by Arch devs) programs. You do have the ability to add further repos, but they’re extremely rare, and I can’t see a point because of ABS.

Makepkg is what I consider to be one of the most excellent parts of Arch. Armed with a properly formatted PKGBUILD and .install file, makepkg will create a pacman munchable package out of any source code you want. Run ‘pacman -U myprogram.pkg.tar.gz’ and pacman will install and maintain it. The makepkg system ties in heavily with the ABS.

ABS is the Arch Build System. The command ‘sudo abs’ builds and/or syncs the ABS tree. The “tree” is a whole bunch of directories named by packages under /var/abs/, all separated out by repository. The list bears a striking resemblance to the contents of the actual repositories. Each directory holds a PKGBUILD file and some other basic information describing the package. Want to rebuild a package with some extra options? Maybe you need to patch a source file? Or maybe, you belong with the Gentoo crowd because you just want to recompile everything under your own architecture to squeeze out those last few IPS.

Real example: GNOME 2.28 changed some functionality in gnome-screensaver that VLC used to inhibit the screensaver while watching a movie (GNOME says its VLC’s fault for using an outdated poke function). After much searching, I found a patch through Launchpad and extracted the necessary bits (reworking it slightly for my line numbers). Navigate over to /var/abs/extra/ to grab the gnome-screensaver-2.28 branch, and then alter the built script in the PKGBUILD to include the patch file. Run makepkg. Not 5 minutes later, I have a patched and installed gnome-screensaver-2.28. Add it to the IgnorePkg array in /etc/pacman.conf and VLC inhibts dat shit like a pro.

Community

Despite having a smaller community than Ubuntu, the members of said community are far more useful than your average Ubuntu user who’s just coming over from Windows looking for a Virus free environment. Arch relies on the dedication of this small community to keep the OS alive. The forums are solid, but make sure to do your homework before posting. Don’t be a help vampire. The admins know a ridiculous amount, and developers can be found there on a somewhat routine basis. Others frequenters have been dubbed ‘Trusted Users’, which means they’ve contributed to development and the AUR.

Jerry’s Final Thought

I spent a buttload of time paring down Ubuntu to a point where I was almost happy with it. I teetered on a point where removing anything else would basically destroy the system. I hated that I couldn’t remove Firefox because the ‘ubuntu-desktop’ package needed it. Pro-tip: don’t remove that package. Arch is the polar opposite. Over a weekend, I built Arch up to the point where I’m only running what I need. By design, it looks an awful lot like my Ubuntu install did, but runs a lot faster and more smoothly. To top it all off, I have a better understanding of how my system operates, increasing my ability to fix breakages.

I thought I might manage to get a section in here about things that I missed from Ubuntu. I have no regrets.



Follow

Get every new post delivered to your Inbox.