Life with Linux

Those of us who have been using UNIX based systems since the Dark Ages remember that printing was one of the most annoying, obnoxious, difficult to set up things about the whole thing. Those days are long gone. Today, printing with Linux is even easier than with Windows.

I’m serious.

Go out, buy a printer, throw away the driver CD that came with it, and just plug it in to your Linux system. This is what will happen:

Plug in your printer and start printing!

Firefox Print dialog

That’s right, no messing with drivers, no installing any stupid software that’s going to slow down your computer and cause you all sorts of headaches down the road, no extra drivers to install, you just plug it in and it works. Try that with Windows.

(This ease of use demonstration was performed on Fedora 9. Almost every printer manufactured through early 2008 is supported. For information overload, see LinuxPrinting.org.)

Yesterday I changed out the web server software on this server, replacing the venerable Apache with a web server almost nobody’s ever heard of except for, ironically, Russian spammers.

Well, OK, more people than that have heard of nginx, a lightweight, high-performance HTTP server and reverse proxy which was written by Russian coder Igor Sysoev. nginx is supposed to be able to handle as many as 8,000 to 10,000 requests per second using comparatively little memory, and while I get nowhere near that level of traffic, Apache has been a bit of a dog for quite a while, eating up all my memory and on occasion just taking my server out entirely.

So it had to go.

Now if you’re a web server administrator and you’re thinking of replacing Apache (and if you aren’t, you should think about it) the first thing you have to know is that there is no drop-in replacement for Apache. Things you’ve been accustomed to for years are suddenly going to be entirely different. For instance, nginx has no facility comparable to Apache’s .htaccess files, so it’s not going to work for shared hosting providers where multiple users have web sites on a single server. But I don’t have this problem, since I run all my sites on my own CentOS-based servers.

The first thing I did was to get a copy of the nginx-0.6.31 source RPM from the Fedora repository, update it to the latest version (0.7.6 as of this writing) and rebuild RPMs on my CentOS box. RPM may not be the perfect packager, but it at least keeps track of everything, so I try to use RPMs to install software whenever possible. If they aren’t available in CentOS repositories, I’ll grab a Fedora RPM and rebuild it.

After spending several hours Sunday writing up configuration files for my 16 HTTP virtual hosts and two SSL hosts, adding in customized nginx rewrite rules for software such as WordPress that I run, writing my own Red Hat init script to start PHP in FastCGI mode, and testing as much as I could, I stopped Apache and started nginx around midnight. I had a few problems with an SMF forum that I have, and caught a problem where I put the wrong document root in one virtual host, but the cutover went largely without incident.

I’d never used FastCGI before, and all my previous experiences with PHP in CGI mode were disappointing. I liked having it as an Apache module. And FastCGI doesn’t address my number one complaint about CGI, that it mangles HTTP headers. so I can’t tell in PHP exactly what came in on the wire. But I can’t argue with the results: With nginx, the site is much faster, memory usage has dropped significantly, the site is much faster, my server is running cooler, the site is much faster, and did I mention the site’s much faster?

I can probably even get away with downgrading my server and still have much more capacity to serve requests than I did with Apache. It’s that much smaller and faster.

I do have two complaints about missing features in nginx, though. The first is the lack of IPv6 support. I’m told that Igor plans to add this in the near future, and if he doesn’t, I may do it myself.

The second is the lack of content negotiation. This is where the server dynamically picks a file based on one or more possible alternatives. For instance if you request /index then the server looks for all files starting with /index and serves whichever one it thinks is most appropriate given whatever information the user has supplied (e.g. language, content encoding, and so forth). I used this little trick to remove the “.php” from some of my URLs in some custom PHP scripts, and all of those broke. Fortunately I was able to work around this with a simple configuration file change which I share here in case it helps someone else. Add this in the relevant location section:

                if (-e $request_filename.php) {
                        rewrite ^(.+)$ $1.php last;
                }

This will serve a file /example.php when you request the file /example.

Overall I’m quite impressed with nginx so far. I expect that now this server will stand up to anything that digg or slashdot can throw at it without even blinking. And now that I have room to grow, it’s time to actually start growing until I am getting 8,000 hits a second.

Well, after some two years, we’ve finally gotten encrypted root filesystem support into Fedora. (And it’s been far too long since I’ve updated this site; sorry.)

The good news is you’ll be able to set up encryption during the installation of a new system. You don’t have to install and then convert it anymore.

The bad news is it’s got bugs. Though I suspect they will be worked out before release.

Here’s a quick walkthrough of what installation with encrypted partitions is going to look like in Fedora.

First thing to do is decide whether you want the system encrypted in the first place.

In the installer as it is now, encryption is enabled by default. If you bypass this screen without looking, you may wind up surprised later. But, if you’re reading this, probably you won’t be.

Then you select your desired passphrase. (If you want to store a key on external media, such as USB stick, you can delete the passphrase and set this up after first boot.)

One thing to note is that Fedora prompts very early in the boot process for the encryption passphrase, and at the time the prompt is shown, no keymap has been loaded, so the system is using the default U.S. keymap. This means you won’t be able to type the passphrase correctly if you have a non-U.S. keyboard. You can probably work around this issue by selecting a U.S. keymap during installation, avoiding any odd characters in the passphrase you set, and selecting the keyboard map you really want during first boot.

If you select to review your partition layout, you’ll notice that the entire LVM PV is encrypted. This was done for ease of use and some other reasons.

But if you’re one of the 5 or 6 people (like me) who have been testing this functionality for the last two years, you probably have encrypted LVs instead. These will continue to be supported, and the installer should read them and prompt you for your passphrase when you perform your upgrade to Fedora 9. If not, it’s a reportable bug, so please test this.

Unfortunately, anaconda (the installer) still has some bugs.

Here, we see that it’s failed to create the encrypted PV. This bug has been reported already and should hopefully be fixed by the time Fedora 9 is released.

(By the way, anaconda can dump that traceback to a remote host via ssh. This is a nice touch; the last time I saw anaconda break, there was no way to get the traceback saved.)

As you probably know, I’ve been using an encrypted root filesystem (using encrypted LVs; the encrypted PV functionality is very recent) for a couple of years now. I’m looking forward to this installation issue to get sorted out so that I can more thoroughly test it and convert my own system to encrypted PV. (And I have to repartition the disk to reinstall Windows Vista with BitLocker anyway, but that’s another story.)

Aside from the keymap issue, there are some other caveats to using the feature right now, though. You may have trouble if you use a right-to-left language, such as Arabic or Hebrew. You also can’t hibernate your Fedora 9 system, even though the Hibernate button is shown; the computer won’t resume correctly. You must suspend, or shut down, until this functionality is added.

Even with the bugs and missing features needing to be added, I’m glad to see this feature finally come to fruition. Fedora is, unfortunately, one of the last major Linux distributions to gain this long-demanded capability, and I’m glad I don’t have to make RPMs for people anymore.

For a variety of reasons I use Fedora Core 6 as my primary operating system, both at home and on my laptop. And for security reasons, I need to have my filesystem encrypted, so that in the event that my laptop is lost or stolen, my confidential data does not fall into the wrong hands.

Unfortunately, while Fedora Core 5 and 6 support an encrypted swap partition, it doesn’t yet support encrypted root filesystems. (Due to release timing, official support is currently targeted for Fedora Core 7.) However, that doesn’t mean it’s impossible. In fact, I’ve done it. This is the second of a two-part series on encrypting your Fedora Core system.

Read the rest of this entry…

For a variety of reasons I use Fedora Core 5 as my primary operating system, both at home and on my laptop. And for security reasons, I need to have my filesystem encrypted, so that in the event that my laptop is lost or stolen, my confidential data does not fall into the wrong hands.

Unfortunately, while Fedora Core 5 does support an encrypted swap partition, it doesn’t yet support encrypted root filesystems. (It’s looking like the support won’t make it into Fedora Core 6 either, due to release timing.) However, that doesn’t mean it’s impossible. In fact, I’ve done it. This is the first of a two-part series on encrypting your Fedora Core system.

Read the rest of this entry…

When you are installing Linux, regardless of which distribution you choose, one question is always the same. How do you boot your system?
Read the rest of this entry…

One of the first things you may notice, the first time you use Linux and start up Firefox to get on the Web, is that you aren’t seeing Flash animations. Flash is a technology by Macromedia that’s used to distribute many different types of multimedia. Usually they are cartoons such as Homestar Runner or Invasion of the Gabber Robots, though Flash is used to distribute other kinds of multimedia presentations, as well. For instance, CBS News uses Macromedia Flash to show video news clips on its own and its affiliate stations’ Web sites. If you’re new to Linux and you’re missing those nice Flash movies, this is what you do.
Read the rest of this entry…

As a new Linux user, one of the first things you’re likely to discover during your daily Web browsing is a small number of sites which refuse to let you in because you aren’t using Internet Explorer. Today I’m going to show you how you can deal with sites such as this.
Read the rest of this entry…

If you’re considering making the switch to Linux, you almost certainly will have discovered that there are hundreds of Linux distributions, all of which are different from each other in subtle ways.

So how do you figure out which one to use?
Read the rest of this entry…

A study of 2004 browser security data shows that Internet Explorer is the least secure of the three major browser platforms: IE, Mozilla and Opera.

To conduct the study, the Browser Security Test people simply looked at how many days of 2004 each major browser had an unpatched remote code execution bug, that is, a problem which would let an attacker do whatever he wanted with your computer.
Read the rest of this entry…