Life Pattern

Tag: linux

  • Virtual Private Servers

    A year ago I decided it’s about time to get a Virtual Private Server for my pet projects. Prior to that I had 2 sites on a shared hosting server and some other non-web network related apps spread around workstations that are always on. But at some point it all started to get messy and moreover I needed to put a few more things online. So I decided to get a VPS and consolidate all of my projects in one place. Compared to shared hosting environment the VPS gives me more freedom and fine grained control over the exact versions of applications and libraries I use among other things. It requires more work on my part though.

    The fact that I have 10 years of experience working as a (unix) systems and network administrator is very handy when it comes to installing, configuring and troubleshooting the software I use on my VPS. Unfortunately it doesn’t help that much with the selections process so I had to sit down and filter the myriad of VPS providers out there.

    I dug through blogs & forums, asked friends. Web Hosting Talk forums were particularly useful. Finally I have chosen Future Hosting. It turned out to be a good choice indeed. I’m with them for almost a year already and there weren’t any major issues. I asked for PTR RRs (that’s reverse resolving from IP to hostname) and their support staff quickly added these for me.

    However good a hosting provider is you must keep a backup of your own. I was rather passively looking for second VPS provider for some time. One day I saw (can’t remember where) a Comfy Host’s ad. It looked suspiciously cheap at $10/mo to me and I haven’t heard anything about them before. But this was supposed to be a backup VPS so I decided to give it a try. I placed my order with Comfy Host using my PayPal account and started waiting for a welcome email. One day later I received an email saying that due to the surplus of orders my VPS setup will be delayed a little bit. Ok it happens. Few days later I had to submit a support ticket to ask what’s going on with my account. After some more back and forth support tickets I got my VPS up and running.

    I used it for three months and it was pretty stable. I used it only for my automated daily backup and monitored it with nagios. Then one day suddenly the monitoring lost connection with the VPS. Since it is a backup server and I was busy with other things I let it stay this way for a week. Finally I logged into the control panel and guess what… I was paying on a monthly basis after receiving an invoice from Comfy Host. Last month I didn’t receive an invoice. And I couldn’t pay either because according to the control panel I didn’t owe money despite being late with the payment. Hm… I submitted a ticket to ask why is that. I had to wait several days for a reply that read:

    “Sorry about the late reply. The ticket seems to have been overlooked without a response. We received no payment and therefore your VPS was shut off.”

    Enough. I went looking for another backup VPS. I remembered that Leo from Zen Habits once said he is satisfied with his current provider – namely slicehost.com. So I’m with slicehost.com as my backup VPS for about a month now. So far so good.

  • Family’s IT Consultant: The Computer Display

    In today’s world of technological wonders few of us wouldn’t welcome some guidance. And since my friends and relatives know I work with computers they often ask me to help solve various issues and help them choose their new electronic devices. Actually it might have been worse… not that I’m not helpful guy (I am friendly) but I’m not the most communicative person out there so they don’t bother me as much as they might probably wanted to. On the other hand quite a lot of my friends are IT experts 🙂

    Anyway, my little niece Teda will be starting school this fall. She already has a room of her own, her parents are buying her textbooks and other school aids and finally a computer. We decided to use an older computer to keep the cost down and invest instead in a good display.

    The computers I work with are quite specific and I had to brush up a little bit my knowledge of general purpose desktop systems. For example my personal computer is a 3 years old IBM ThinkPad X41 (12″ screen) and I’m totally satisfied with it’s performance and features. The rest are servers with 8 or more hard drives and 8 CPU cores each.

    We decided to go for a 19″ or 20″ wide screen TFT LCD display but also weren’t willing to pay more than 450 leva (~$350). First things first and I went for learning more about various types of current TFT technologies on the market. I almost instantly ruled out TN displays and focused on MVA panels since IPS wouldn’t fit in our price range. Most of the MVA panels are more pricey than we liked but finally I spotted an Asus PW201 that according to the manufacturer’s specifications was built with a P-MVA panel and also its price has recently dropped from about 700 leva to 449 leva.

    This price drop seemed suspicious to me so I called the shop to make sure that this particular model and batch is P-MVA and not TN. After they assured me several times that this is a P-MVA panel (they called their warehouse) I proceeded to order but still suspicious I wrote in the order’s comment field: “If you are not sure whether this monitor is of P-MVA type please cancel the order”.

    Finally the display arrived. I paid to the delivery guy and opened the box. Oh boy, this thing looks splendid. Very stylish. It has integrated stereo speakers although expectedly the sound quality is mediocre. The integrated USB hub is very convenient because you don’t need to crawl under the desk in order to plug USB devices. Audio, USB and VGA cables run together so despite using DVI for video you’ll have to use the VGA cable as well. The buttons on the front are actually small touch sensitive areas and react somewhat erratically. My overall impressions about PW201 are very good. It is definitely worth its price.

    I intended to install Kubuntu 8.04 (Hardy Heron) so I hooked up monitor’s DVI port to the PC, attached the keyboard and… suddenly realised I don’t have an optical drive on this PC. Okay let’s try network install 🙂 I followed the instructions listed at http://wiki.koeln.ccc.de/index.php/Ubuntu_PXE_Install but since I wanted to install Kubuntu I opted for “console only” installation in the Ubuntu installer. After the installation had finished I installed the rest of the Kubuntu with:

    sudo apt-get install kubuntu-desktop

    So far so good. The X server detected the Nvidia GeForce4 MX 440 graphics adapter and used nv to drive it. It properly detected the monitor’s properties and started in the panel’s native resolution of 1680×1050. Unfortunately the nv opnesource driver lacks 3D acceleration (because Nvidia refuses to provide the hardware specifications needed to add 3D support) and this is where I spent 3 hours trying to get the proprietary nvidia driver to work properly with my setup. Most of the time was spent trying to set it up to use 1680×1050 but nvidia driver kept thinking that PW201 has maximum pixel clock of 135 MHz when it’s actually 146 MHz. Finally I found this set of options working for me:

    Section “Device”
    Identifier “GeForce4 MX 440 with AGP8X”
    Driver “nvidia”
    Option “ExactModeTimingsDVI” “true”
    Option “NoBandWidthTest” “true”
    Option “ModeValidation” “NoDFPNativeResolutionCheck, NoEdidMaxPClkCheck, NoMaxPClkCheck”
    EndSection

    This did the trick but after only few minutes of playing video with mplayer and Xv (Xvideo) output driver the video window started to show only colorful noise. Tried OpenGL output driver and worked better but used 95% of the CPU vs. 55% for Xv (that’s AMD Athlon XP 1800+). Moreover after half an hour video artefacts started to appear all over the screen and I reverted to the “nv” driver.

    I don’t know whether this is a software/driver problem or maybe the graphics adapter is having some issues but since it works with the nv driver (and my niece doesn’t need 3D acceleration) I’ll stick with it for now.

  • Linux kernel vmsplice root exploit

    Two strings walk into a bar. The first says, “Hello, I’d like a ciderO’y?kI’U`,E’*@???’?? ?!>A~Xx?(y’n?.” The second says, “Please excuse my friend, he’s not null-terminated.”

    If you are running Linux kernel newer than 2.6.17 but older than 2.6.24.2 or 2.6.23.16 then any local user can easily become root or at least crash your system.

    There are actually two different security issues related to vmsplice() system call and both of them could lead to local privileges escalation. This is especially bad for people who don’t fully control content on and access to their servers – e.g. web hosting companies. The other bad news is that vmsplice() is part of the core kernel and there is no configuration option to exclude it.

    Two separate exploits have been publicly released which exploit each of the two issues respectively.

    The first issue was classified as CVE-2008-0009 and CVE-2008-0010 and was fixed by linux kernels 2.6.23.15 and 2.6.24.1.

    The situation with the second issue, classified as CVE-2008-0600 was much worse. It was introduced with the initial implementation of vmsplice() and affects all kernels after 2.6.17 inclusively. There was an exploit in the wild for more than 24 hours without proper fix for the problem. I’m sure that even though there are patched versions now – linux 2.6.24.2 and 2.6.23.16 – at least 2-3 more days will pass before the number of vulnerable systems is reduced enough.

    IMHO this is one of the worst 0-day Linux kernel exploits in years. I hope it won’t happen again soon. But you should be careful because all this has happened before and will definitely happen again someday.