Posts tagged ·

linux

·...

Ubuntu 16.10 on Asus ZenBook UX330

Comments Off

As mentioned in a previous post, I recently got the Asus ZenBook UX330 (UX330CA-FC020T, to be specific). It’s a very light weight 14″ decent spec’ed laptop which runs Ubuntu flawlessly. Here are some notes on installing, and first impressions.

UEFI boot and install

As far as I’ve seen, there are at least two versions of the BIOS around for these machines: The display model had an “old fashioned” ASCII text based BIOS, while the one which got delivered had a new UEFI based GUI. Both can boot the Ubuntu 16.10 64-bit live image, but the Secure Boot just needs some tweaking.

Before getting to boot, it’s important that the partition of the USB stick which holds the image is marked as bootable. In GParted, this can be done with the option seen below. Once that is taken care of, transferring the ISO is easily done with UNetbootin.

Once ready, plug in the USB stick, restart the machine, and hold F2 to enter the BIOS / UEFI setup. (Holding ESC will show the temporary boot selection menu). The “easy” mode can be seen below.

From here, press F7 to enter “Advanced” mode, and use the arrow keys or mouse to tab over to the Security options. Towards the bottom of that tab, there’s a sub-menu for Secure Boot. Enter that menu, and disable Secure Boot.

Use F10 to save and exit, and got back into the UEFI setup with F2 to verify that the Ubuntu live portion shows up as “1100, Partition 1″. From here you can change the Boot settings to select the USB portion first, or use F8 to boot from that only once, which should be all you need to get the installation going.

Ubuntu compatibility

Here’s a list of features I’ve personally tried and confirmed to be working. In summary, this machine looks very well prepared for Ubuntu, with no major draw-backs. The only additional setup which might be worth-while is configuring the touchpad to temporarily disable while typing, as described here.

Status
USB ports Work
SD card reader Works, mounts.
Wifi Detects all networks; connects.
Fast re-connect after suspend.
Bluetooth Not tried
Web cam Works with “Cheese”
Suspend Works; resumes quickly.
From Ubuntu menu, lid close, or Fn + F1
Flight mode
(Fn + F2)
Work, reconnects quickly.
Keyboard brightness
(Fn + F3/F4)
Works
Screen brightness
(Fn + F5/F6)
Works
External display
(Fn + F7/F8)
Not tried
Volume buttons
(Fn + F10/F11/F12)
Works
CPU throttling Not tried

Specs

The UX330CA is a decent spec’ed laptop, and there’s a few variations should you want more power. Here’s the selection as it looks in early 2017, comparing to the slightly more expensive UX330UA line.

UX330CA UX330UA
Price range €750 €930 – €1300
CPU Core M3-7Y30 1 (2.6) Ghz Core i5 7200U 2.5 (3.5) GHz -
Core i7 7500U 2.9 (3.5) GHz -
Max TDP 4.5 W 15 W
RAM 8 GB 8 / 16 GB
SSD 128 GB 256 / 512 GB
GPU Intel HD Graphics 615 Intel HD Graphics 620
Display 1920 x 1080 pixels; 13.30″
anti-glare; no-touch
1920 x 1080 pixels; 13.30″
anti-glare; no-touch
USB 2x USB 3.0 A
1x USB 3.1 C
2x USB 3.0 A
1x USB 3.1 C
SD card reader SD, SDHC, SDXC SD, SDHC, SDXC
HDMI Micro HDMI Micro HDMI
RJ45 / LAN No,
comes with USB adapter.
No,
comes with USB adapter.
3.5mm mini-jack 1x 1x
Web cam 1280 x 720 pixel 1368 x 768 pixel
Bluetooth version 4.1 4.1
Wifi version 802.11 ac 802.11 ac
Weight 1.20 kg 1.20 kg
Dimensions (W x L x H) 32.20 x 22.10 x 1.23 cm 32.20 x 22.10 x 1.35 cm
Comments Off

How to disable the touchpad while typing

Comments Off

Most modern laptops come with a touchpad for cursor control. It is typically located below the space-bar, which means it’s easy to rest your palms on it while typing and send the cursor flying. There are two ways to get around the problem: Disable it altogether and use another pointing device, like the red “TrackPoint” or an external mouse; or temporarily turn it off while typing. Here’s how to do both.

First, make sure the these packages are installed:

apt-get install usbutils xinput xserver-xorg-input-synaptics

Permanently disable

Any input device can be configured through the xinput tool. However, as machine configurations will be different, we’ll need to look at what is connected first. This will list internal and connected devices:

lsusb
 
xinput list

The first command will list connected USB devices, which might be relevant. The second command will output a list like the following, where each device has an ID, but which will change based on the machine and what is connected. The example below is from a Lenovo Thinkpad with an external mouse, so three hardware pointing devices are listed: The touchpad; the trackpoint; and the external Logitech mouse. Notice the ID for the touchpad, which is 12 here.

⎡ Virtual core pointer                    	id=2	[master pointer  (3)]
⎜   ↳ Virtual core XTEST pointer              	id=4	[slave  pointer  (2)]
⎜   ↳ SynPS/2 Synaptics TouchPad              	id=12	[slave  pointer  (2)]
⎜   ↳ TPPS/2 IBM TrackPoint                   	id=13	[slave  pointer  (2)]
⎜   ↳ Logitech M570                           	id=9	[slave  pointer  (2)]
⎣ Virtual core keyboard                   	id=3	[master keyboard (2)]
    ↳ Virtual core XTEST keyboard             	id=5	[slave  keyboard (3)]
    ↳ Power Button                            	id=6	[slave  keyboard (3)]
    ↳ Video Bus                               	id=7	[slave  keyboard (3)]
    ↳ Sleep Button                            	id=8	[slave  keyboard (3)]
    ↳ Integrated Camera                       	id=10	[slave  keyboard (3)]
    ↳ AT Translated Set 2 keyboard            	id=11	[slave  keyboard (3)]
    ↳ ThinkPad Extra Buttons                  	id=14	[slave  keyboard (3)]

We can query details about a specific device:

xinput list-props 12
 
xinput list-props 12 | grep Enabled

There are two ways to enable and disable a device: By setting the “Device Enabled” property, or with the xinput command shortcut which does the same:

xinput set-prop 12 "Device Enabled" 0
xinput disable 12
 
xinput set-prop 12 "Device Enabled" 1
xinput enable 12

Temporarily turn off while typing

You might want to use the touchpad though, and only avoid the “fat fingers” problem while typing. Here the syndaemon tool comes to the rescue. It’s a “a program that monitors keyboard activity and disables the touchpad when the keyboard is being used”. It means, you’ll have to make sure it’s running in the background, typically through the start-scripts of your desktop.

There’s a few settings to play around with and also a CLI client “synclient“. See also the synaptics driver documentation for more options.

Having this in a startup script will cover most common use cases:

/usr/bin/syndaemon -i 1 -t -d

Comments Off

Linux compatible notebooks and laptops

Comments Off

You’d think that there would be a sizable market for a Linux based laptop, but Microsoft maintains its stronghold, and if anything it’s getting harder to buy random hardware and expect it to just work. Due to the UEFI bootloader; Secure Boot; various proprietary buttons solutions; touch screens; and no or little support from the hardware vendors. After doing a bit of research in small and mid-range notebooks and laptops that works with Linux, here’s a brief summary.

Most of the newer devices were evaluated with a USB live version of Ubuntu 16.10 64-bit.

(Disclaimer: This is not meant to be an exhaustive list of all available brands or Linux compatible devices. Please take it as a snapshot in time of the laptops which happened to be available in my local market. Also note, beyond being a consumer of some of the mentioned laptops, I’m not affiliated with any of them).

Lenovo

The Lenovo Thinkpad is still top of the line when it comes to business laptops. After using the Carbon X1 2016 4th generation edition for about half a year, it’s a sure all-time favorite. It’s available with Intel’s 7th generation Skylake CPU at various speeds, it does not get warm and uses little battery, which again makes for long battery life. A full working day without carrying a charger is usually not a problem.

Any Lenovo Thinkpad you’ll pick up will support Linux easily. It has a huge community and following, which means drivers, special buttons, sensors etc. get support quickly. The exception might be some of the more exotic variants of the Yoga Book (which run Android). In general, booting and installing any version of any GNU/Linux distribution is not a problem.

The downside is of course the price. At 1500 to 2500 Euros, it can be a tough pill to swallow if you’re buying new. However, there is also a healthy used-marked, so if you’re willing to wait a bit longer to get the latest tech, it’s a good compromise.

Asus

In hardware circles, ASUS is perhaps more famous for their high quality motherboards, but they also have a healthy range of laptops, many of which support Linux. I looked at a few models, with the ZenBook as the clear winner.

ZenBook UX330

These are nice! In fact, there’s a wide range of configurations colors and prices, most with 13.30″ full 1080HD screens, some with touch screens or larger screens. The cheapest version is now around €750 for an Intel m3-7Y30 dual core (4 threads). At only 4.5 W TDP, it does not get warm and is fan-less. It comes with 8 GB RAM and 128 GB SSD which is decent. Best of all, it’s only 1.3 kg, so just as light as the Lenovo Carbon.

There seems to be a few different BIOS versions on these models. The traditional text-based BIOS had no problems booting the Live USB. However, with the UEFI version, a bit of fiddling with Secure Boot and Boot Priority was required. Turning off Secure Boot and making sure USB partition was marked with a “boot” flag fixed it. (Spoiler alert: I’ll get back to this in a another post, as I already bought this machine).

Furthermore, on Ubuntu 16.10, everything works out of the box: Wifi; suspend; all function buttons: volume; screen dimming; flight mode; touch pad enable/disable. Battery life looks promising at around 10 hours.

The higher end versions, with i7 CPUs; 16 GB RAM; 256/512 GB SSD are probably the closest competitors to Lenovo’s light weight laptops at the moment. At about 25% lower price, they might certainly be worth considering.

R105HA

The Eee line from a few years back were nice super-small “ultrabooks”, albeit somewhat under-powered by today’s standards. A more recent edition, the R105HA is a €240 2-in-1 11″ detachable table and keyboard. It has a USB A slot; it booted to the GRUB menu, but failed to load the Live UI. It could be that it’s not a x64 based CPU at all; not sure.

E402SA

A bit further up the range, but at similar price there’s the E402SA. It’s a 14″ laptop, with full sized keyboard, but only 2 GB RAM and 32 GB SSD. Still not bad for €280. It booted the Ubuntu live stick fine. Wifi; volume buttons; suspend works. Screen dimming works, but not through the function-buttons. The main downside is the cheap keyboard, where the SPACE-key is hinged in the middle, so it might not register a thumb-click in its corners.

PEAQ

I’m not familiar with this brand, and it could be only a label on generic OEM devices of some kind. However, I thought it was worth including, since they had the cheapest smallest notebook I came across.

PNB C111

This is an 11″ but full 1080HD laptop with a tiny keyboard; think early Asus Eee. The €180 version comes with an Intel Celeron N3060 CPU; 2 GB RAM; 32 GB SSD. It is light, but feels plasticy. And as mentioned, the keyboard is cramped, even for small fingers.

It booted the Ubuntu 16.10 64-bit live image fine, and wifi; volume function keys and suspend all work out of the box. Screen dimming also works, but not through the function buttons (this seems to be a common problem).

Other

HP and Dell

There were a few HP and Dell laptops in the shops I went to, but where I tried, none of them would boot the USB image. This could be down to bad luck; the Asus Zenbook was also difficult in UEFI mode, however, I’m not sure they are good options at higher prices than the Zenbook range.

System 76

This is one of the long time dedicated Ubuntu Linux hardware retailers. They don’t make their own hardware though, and instead merely put their name on OEM devices. The problem is, as much as I’d like to support a Linux hardware vendor, it comes at a very high price for mid-tier hardware. Of course, they put extra effort into making sure the drives are all available for their products, including keeping their own driver package repository running, but I’m not sure it’s worth it.

The version I have experience with and bought was the “Gazelle Professional” for some $1300. (New edition here). It works and has been running for five years, it’s nice, but extremely heavy even for its time. At some 4 kg with the charger, it can no longer be considered portable. The newer version in the picture above is the Lemur, at 1.6 kg and starting price of $700.

Comments Off

cryptsetup basics

Comments Off

Talking about encryption in the previous post, I realized there are a few details I keep having to look up. This is a collection of the Frequently Asked Questions about cryptsetup formatting and mounting.

Note: For all the following examples, the example device /dev/sdX is used. It’s a device and file which doesn’t exist, on purpose. When replacing with your own e.g. /dev/sda or similar, be careful!

Formatting a new physical drive

Before working with a new drive, it’s recommended to check for bad blocks, to confirm it’s not a DOA (Dead on Arrival). If it is, you might want to claim it on the warranty immediately to avoid losing data in the future.

This command will check for bad blocks, as well as fill the disk with random data to better hide the encrypted volume later:

badblocks -c 10240 -s -w -t random -v /dev/sdX

Next is the partition setup, where all you need is a new cleared (similar to unformatted, but actually cleared) partition. In the gparted UI it’s simply “New -> Cleared -> Apply”, while on the CLI it would go something like this, to create an optimally aligned, primary partition.

parted /dev/sdX mklabel gpt
parted -a optimal /dev/sdX mkpart primary '0%' '100%'

Now, coming to the encrypted volume, you could just use a passphrase, and skip the first line, or store a salted hashed password in a key-file. The benefit of the latter, is that it will generally be a more secure key, and yet you could re-created the keyfile if you lost it, assuming you remember both the password and the salt.

mkpasswd --m=sha-256 --salt='SOME_SALT' | tr -d '\n' > /tmp/key-file

cryptsetup luksFormat /dev/sdX1 /tmp/key-file
cryptsetup open /dev/sdX1 unenc --key-file /tmp/key-file

Notice the mapping name “unenc“, which can be anything of your choosing.

Finally, format and mount the drive. Here, the ext4 file-system is used, with 1% reserved for system

mkfs.ext4 -m 1 -O dir_index,filetype /dev/mapper/unenc
mount /dev/mapper/unenc /mnt/tmp

Creating an encrypted file volume

In some cases, it is useful to encrypt only a small part of the disk, or even move the encrypted container around. A loop device can create a filesystem inside a file residing on any file system, be it USB stick, network mount or local disk.

First, you will have to create an empty file. The dd command will copy zeros to the specified filename. The total size is block size times count, or 500 MB in this example:

dd if=/dev/zero of=myfile bs=1M count=500

Then establish the loopback. It will become available on /dev/loop0, and can be formatted and mounted like any other block device.

losetup /dev/loop0 mycryptfile

Now repeat the luksFormat and filesystem format commands from above:

cryptsetup luksFormat /dev/loop0
cryptsetup open /dev/loop0 mycrypt
mkfs.ext4 -m 1 /dev/mapper/mycrypt
mount /dev/mapper/mycrypt /mnt/tmp

Key managment

Most of the cryptsetup commands above have at least two options when dealing with the keyslot: A passphrase and a key file. Typically, a passphrase is typed in on the prompt when unlocking the partition or modifying the other keys, while a key file is supplied using the –key-file argument. In terms of security, the first is “something you know”, while the latter is “something you have”.

To list the active keyslots use the following command. It will work both on an open and closed partition.

cryptsetup luksDump /dev/sdX

To add a new key with a prompted password:

cryptsetup luksAddKey /dev/sdX

or a randomly generated key-file:
dd bs=512 count=4 if=/dev/urandom of=~/keyfile_for_sdX iflag=fullblock

cryptsetup luksAddKey /dev/sdX ~/keyfile_for_sdX

To erease one of the existing key-slots, assuming you have more than one.

cryptsetup luksKillSlot /dev/sdX <key slot number>

You might also want to backup the LUKS header, which includes the key-slots, so in case you overwrite existing keys, you can restore the header and unlock with the old keys. It should be noted, that this header will then be able to unlock the partition given any password or keyfile in its keyslots. So, even if you change a password, the old header can be restored and an old password used to unlock. Therefore, it should be considered a secret file and stored securely just as the key file.

cryptsetup luksHeaderBackup /dev/sdX --header-backup-file ~/header_for_sdX

Finally, you might need to wipe the whole encrypted volume. You can do this with the luksKillSlot command, or manually remove all keys, and then change or add the remaining one with a password or keyfile you later remove or forget. E.g. by generating a key-file on the RAM disk /dev/shm, and then rebooting to lose it.

Comments Off

Upgrading Debian Wheezy 7 to Jessie 8

Comments Off

Upgrading from Debian 7 to 8 is reasonably straight forward, following the official instructions. These shorter summaries are also useful references.

Very briefly then, make sure you have backup.
dpkg --get-selections "*" > dpkg_selections.txt
tar zcvf upgrade_backup.tar.gz /etc /var/lib/dpkg /var/lib/apt/extended_states /etc/mysql/my.cnf /etc/fuse.conf /etc/ssh/ssh_config

Update /etc/apt/sources.list, and replace all occurrences of wheezy with jessie.
sed -i 's/wheezy/jessie/g' /etc/apt/sources.list

If VirtualBox is installed, update to the new key:
wget -q -O - http://download.virtualbox.org/virtualbox/debian/oracle_vbox_2016.asc | sudo apt-key add -

Then comes the upgrade dance, with a few prompts, warnings, questions.

apt-get update
apt-get upgrade
apt-get dist-upgrade

After the upgrade, it is recommended to purge unused packages
apt-get purge $(dpkg -l | awk '/^rc/ { print $2 }')
apt-get autoremove

It is also recommended to install the linux-image-* metapackage, e.g. for AMD CPUs
apt-get install linux-image-amd64

Finally, cross your fingers and reboot.

Comments Off

Securing a Postfix mail server – TLS transport encryption

Comments Off

I previously discussed SPF and DKIM setup for the Postfix mail server. Here’s some notes on TLS transport encryption. (Although, maybe those articles should have come in opposite order).

Using a self-signed certificate (which should be fine for small scale usage), setup is rather easy and straight forward. Creating the keys and certificats boils down to these instructions, copied from here. (Similar instructions here).

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem
openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 500

Modifying /etc/postfix/main.cf, you might end up with something like this, assuming you’ve copied the keys as indicated by the linked article.
smtp_use_tls = yes
smtpd_use_tls = yes
 
smtp_tls_note_starttls_offer = yes
 
smtpd_tls_security_level = may
smtpd_tls_ask_ccert = yes
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
 
smtpd_tls_key_file = /usr/share/ssl/certs/postfix/device.key
smtpd_tls_cert_file = /usr/share/ssl/certs/postfix/device.crt
smtpd_tls_CAfile = /usr/share/ssl/certs/postfix/rootCA.pem

Once all the changes are made, restart postfix:
service postfix restart

Now you can verify the setup with telnet:
telnet mail.example.com 25
 
EHLO example.com
STARTTLS

This should yield:
220 Ready to start TLS

Another way to confirm the setup is to send an email to a gmail.com account, and observe the lock status icon on the header field drop-down, explained in detail here.

Finally, the official Postfix documentation and notes on authentication (older doc) might come in handy.

Comments Off

SPF and DKIM on Postfix

Comments Off

A recent post by Jody Ribton laments the fact that DIY mail servers are having a hard time not getting blocked or rejected in today’s email landscape. The ensuing Slashdot discussion dissected the problem, and came up with a few good pieces of advice also seen on this digitalocean guide:

  • Make sure the server is not an open mail relay.
  • Verify that the sender and server IP addresses are not blacklisted.
  • Apply a Fully Qualified Domain Name (FQDN) and the same host name as the PTR record.
  • Set a Sender Policy Framework (SPF) DNS record.
  • Configure DomainKeys Identified Mail (DKIM) on the sending server and DNS.

Sender Policy Framework (SPF)

“Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain’s administrators”. [Wikipedia]. It is configured through a special TXT DNS record, and further setup on the sending part is not required.

This guide outlines the parameters, and the easiest way to get started is actually this Microsoft provided online wizard. Given a domain, it will guide you through the settings and present you with the DNS record to add at the end. If the domain already has a SPF record, it will verify it, and also take the current settings into account through the steps.

DomainKeys Identified Mail (DKIM) on Postfix

DKIM offers similar email spoofing protection, but also offers simple content signing. From Wikipedia: “DomainKeys Identified Mail (DKIM) is an email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain’s administrators and that the email (including attachments) has not been modified during transport. A digital signature included with the message can be validated by the recipient using the signer’s public key published in the DNS.”

Configuration is quite straight forward on Postfix, and this guide shows a typical setup and some common pitfalls. If the same email server caters for multiple domains, an alternative configuration is required. This guide covers those details. Another DNS TXT record on the domain is also required. Finally, once the setup is complete, this tool can be used to verify the DNS record.

Verify the configuration

For both SPF and DKIM, the setup can also be verified by sending an email to check-auth@verifier.port25.com. In addition, an email can be sent to any Gmail account, and by viewing the original message and headers, an extra Authentication-Results header can be seen. See the last guide for further details.

 

 

Comments Off

Manual wifi config in Debian

Comments Off

Most modern GUI based distros handle setup and management of Wifi connections very well these days. However, sometimes you need to go the way of the command line. The following outlines the basics in Debian, plus some useful commands.

Driver
First, the Wifi device I had laying around was a Realtek based USB dongle similar to this. The driver for that is in the non-free repository, so I added the parts in bold to my /etc/apt/sources.list

deb http://ftp.ch.debian.org/debian/ wheezy main contrib non-free
deb http://ftp.ch.debian.org/debian/ wheezy-updates main contrib non-free

I could then install the driver:
apt-get update
apt-get install firmware-realtek

Config
There are two config files to handle: The basic network configuration (/etc/network/interfaces), which also includes wired networks and the loopback, and the WPA wifi specific configuration (/etc/wpa_supplicant/wpa_supplicant.conf). Although it is also possible to specify wifi parameters in the network interfaces file, it is better handled by the wpa because then you can configure settings for multiple networks (e.g. home and work) as seen below.

/etc/network/interfaces contains the following:

# The loopback network interface
auto lo
iface lo inet loopback

# Wired ethernet
auto eth0
iface eth0 inet dhcp

# The primary network interface
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
      wpa-driver nl80211
      wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

The loopback lo interface is configured, a wired eth0 port, and the wlan0 wifi. All networks are set to come up automatically, the last two use DHCP to get their address, and the Realtek nl80211 driver is specified as well as a reference to the WPA Supplicant config.

/etc/wpa_supplicant/wpa_supplicant.conf contains:

ctrl_interface=/var/run/wpa_supplicant
update_config=1

network={
    ssid="my_home_network"
    key_mgmt=WPA-PSK
    psk="wifi passphrase"
}

network={
    ssid="my_work_network"
    key_mgmt=NONE
}

Here two networks are configured: A home network with WPA encryption and its passphrase, and an open network for work.

To bring the wifi network up, simply run the following. If iterating on the configuration, it’s has to be stopped first.

ifdown wlan0 && ifup wlan0

Useful commands
Other useful commands while debugging this include:

For general network configuration and status:

ifconfig

iwconfig

For listing all available networks and their parameters. This works even before you have connected to a specific one, so it’s a good test to see if the wifi device is even working:
iwlist wlan0 scan

For starting the wpa supplicant manually and checking the wifi configuration. Notice the specific driver and interface name:
wpa_supplicant -B -Dnl80211 -iwlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

Comments Off

PC build: Silent yet powerful

Comments Off

It’s been a long time since I’ve had the chance to put together a machine. The one I’m typing on right now has a more than five years old AMD Athlon 64 X2 5050e, and one of its HDDs report 47220 Power_On_Hours, or 5.4 years. It was fun to look at some new hardware.

This build is not for me, though. My father’s current machine is from 2005, and the AMD Sempron 2600 1.6GHz has kept up well, however would not be a good fit for the new requirements: A silent build which can handle a modern Ubuntu distribution plus Windows 7 in a VM. After good advice from Redditors on r/buildapc, I got the following components.

Main

Storage

The rest

 
 

Requirements and reasoning

At € 1055 (in June 2014), it’s not a cheap build, and I could definitely have saved a bit here and there. However, that was not my main concern – my father deserved something top-notch. I wanted something powerful enough so that it would last many years to come without upgrading, yet silent for the living room. That’s why some of the components are somewhat over-provisioned: the fanless 460W PSU, while I expect the peak draw to be less than 150W; 16 GB RAM, 256 SDD, 4 TB HDD.

For the CPU, I went for the four core Intel Core i5 4570 (LGA 1150, 3.20GHz), based on redMarllboro’s advice. It is indeed more powerful than the AMD A10-6700 I had originally planned for, and furthermore, the virtual cores would not benefit the VM much.

With the CPU fixed, I narrowed down my search for an Asus motherboard to the ASUS Maximus VII Ranger (Z97). That was based on the following criteria: more than 4 SATA ports, Intel Ethernet controller (I try to keep away from Realtek based on this issue, even if that was WiFi related), 4 DIMM slots, an onboard DVI and/or VGA port. Turns out, that really narrows it down, and about the only contender was the ASUS Sabertooth Z97 Mark 2, however that only has HDMI and Displayport embedded.

Now, one could argue that both of those MBs are overkill for what I’m building. However, most of the boards I’d be looking at would be in the €100-150 range anyway, and as price was really not a main issue here, why not go for the latest chipset? Furthermore, the “Republic of Gamers (ROG)” marketing from Asus I find somewhat misleading. The Maximus board looks aggressive in black and red, but surely it is the hardware specifications which matter. For example, the 10K Black Metallic Capacitors are welcome when cooling is an issue. Also, some of the ROG “features” in the form of software are dubious at best: How is a RAM disk a feature of the MB? On most GNU/Linux distributions, it’s there by default under /dev/shm.

For storage, an SSD is a no-brainer these days, and the only questions are: How large? And is additional storage required? 128 GB might have been just enough, but with ~50 GB for the Ubuntu host OS, ~40 GB for the VM, and ~30 GB for swap it would have been very tight. (In fact, post install, only 70 GB is left on a 256 GB disk). Doubling to 256 GB is less than double the price. I will require more storage space, so added the 4 TB spinning disk. When it comes to WD Red over Green, it’s only about €10 difference, so another no-brainer.

As the VM will be running Windows, my plan is to back it up frequently, in the hope of recovering from certain problems of that OS. Now, several people on r/buildapc thread advised against this. I suppose they are mostly right; it might be possible to lock down a Windows installation to the point where malware and adware is not a problem. The first and second issues with that are I’d have to spend a lot of time learning about it, and I would not be very interested. And why should I? A restricted install with no direct user access to system binaries and most applications delivered from a trusted cryptographically signed source has been the norm on most GNU/Linux distributions for more than a decade. It takes no effort at all, so why go with something inferior? If this machine and setup can avoid my father spending hundreds of bucks at PC Repair shops every year, it will pay itself back quickly and be a success.

 

Silent and cool

The most important requirement for this build was to make it silent. The fanless Seasonic P-460 achieves that without breaking a sweat. At normal load, which is 35 to 50 W at the power socket (220 V; in EU), I’ve measured its temperature of the PSU at 31 C. Also, the modular cable system is very nice, as it means no lose cables hanging around. In fact, there are no cables crossing the motherboard at all, as seen in this picture.

For the CPU, I had wished for passive water cooling, however most solutions on the market today are downright ugly. If the Zalman Reserator tower was still around, I would have gotten that. The compromise was therefore the over-sized Noctua NH-U14S. Again it is probably a bit of an overkill, however the benefit is that it’s not pushing the limit of the cooling, so it remains silent and cold. CPU temperatures at load is around 30 C, and at peak 45 C when the case fans kick in. The part which gets warmest is the Z97 chipset heat-sink, at around 36 C.

One of the features I appreciated most with the ASUS Maximus VII Ranger motherboard was the fan-control. Five fans can be controlled individually based on temperature. Both PWM (Pulse Width Modulation) and DC (voltage) regulation is possible, based on fan type. As seen in the pictures below, the two case fans are off when they are not needed, and kick in slowly when it gets hot. On low to normal load the CPU fan spins at 350 RPM, and can barely be heard if you put your ear right next to the case.

Finally, the only other moving part in the machine is the Western Digital 4 TB Red HDD. At a maximum rotation speed of 5400 RPM it is not dead silent, but quiet enough.

 

Building

Building this machine came with a lot of fun! The Fractal Design case was pure joy to work with. All aspects were well thought out: Easy access to left and right side (back of MB), excellent cable management, easy disk mounting slots, two large (and quiet) fans. Gone are the days of scratched and bleeding hands because of sharp edges around the case. And the fact that there are no cables criss-crossing the motherboard not only looks good, but also makes for good airflow. If I were to say anything against the case, it would have to be that it is big heavy beast.

The other components were also top notch, and caused no problems. In particular the modular Seasonic PSU and cable system is very welcome. You only have to plug in the cables you actually need, so no lose ends hanging around. The fact that the PSU comes in a pouch which competes with expensive cologne is also a nice touch.

The Noctua NH-U14S is a massive cooler. And it was another reason why I ended up with the Define R4 case; it was one of the few cases which had enough clearing for the cooling block. With a 14 cm fan it keeps the CPU nice and cool. The initial boot was without the fan, and temperatures went up to about 45 C in the BIOS. With the fan at lowest speed (about 350 RPM), it sits at around 35 C (still without having applied thermal paste; will wait till it’s shipped). The only concern I had was with fan direction. Its default orientation was to blow air from the RAM side backwards over the cooler. Currently, I’ve put it on the other side, so it sucks air over the block, and blows it right out at the rear fan. I might experiment with the difference of direction and position.

Here are a few pictures while building, followed by a couple of BIOS screen shots.

(Click for larger images.)


(Click for larger images.)

 
 

Software

As mentioned above, the goal was to have an Ubuntu installation, with Windows 7 in a VM. I chose Ubuntu 14.04 (aka “Trusty Tahr”), since it is a Long Term Support (LTS) release, and figured this would be the right balance between stability, supported hardware and packages. Other distributions I am currently using include Fedora and Debian, but for this build I figured hitting the middle-ground would be OK, thus Ubuntu. Since my father is used to Windows, I went for the simple Xfce 4 desktop, with a familiar taskbar, window icons and SHIFT+TAB application switching. As seen in the screen-shots below, it blends nicely with the seamless VirtualBox integration.

I tried and installed both the alternative Xubuntu ISO and the main Ubuntu ISO. The main difference is the default desktop, which is Xfce in the former. However, that had boot problems with Secure Boot, even after I enabled “Other OS” in the BIOS. It would install fine, but not find the boot image afterwards. It was possible to repair that by refreshing Grub, however it gave me a bad feeling at the start. The main Ubuntu ISO had now boot issues, and changing the desktop is just a matter of installing a package and selecting a different option at log-in. (The Ubuntu variations are really a bit redundant in that regard. Especially when other basic functionality, like boot, fails).

Apart from the default ISO packages, I added the following. There you can see xfce4, the VirtualBox packages, various utilities, and a few benchmarking tools. Nothing much came out of the later. Instead, see the CPU graphs below, which shows calm and moderate load while running Windows in the VM.

apt-get install autossh bonnie++ conky cpuburn dbus dos2unix elementary-icon-theme emacs evince fancontrol feh geeqie gimp git gitk gnome-icon-theme-extras gnome-icon-theme-full gnome-icon-theme-symbolic gnome-terminal gnupg gparted gthumb htop iftop imagemagick iotop k3b kdiff3 libnss-myhostname lmbench mencoder mplayer mtr nmap openssh-server parcellite policykit-1 policykit-1-gnome policykit-desktop-privileges screen smart-notifier sysbench sysstat tango-icon-theme tor tree usbutils virtualbox virtualbox-guest-additions-iso vlc wireshark xfce4 xsensors xubuntu-icon-theme

The installation of Windows in the VM is very simple. One important option to notice, is the Intel Virtualization Technology (VT-x) setting in the BIOS, as seen here. Once that is enabled, the rest is a breeze. VirtualBox comes with a brief but useful “wizard” which guides you through creating the image. I opted for a 40 GB, 2 CPU cores, 8 GB setup. After that, add the install medium (physical CD or ISO), and boot. Windows 7 will reboot about ten times, just as in the old days, but eventually will leave you with a full fledged install. Right after installation, it’s useful to add the VirtualBox Guest Additions, which amongst other things enables the seamless mode. Also, a shared mount-point is useful, and can be easily enabled through the VirtualBox settings. It automatically appears in Windows.

The CD/DVD drives are passed through, and the physical drives were mapped to similar drives in the VM. For shared directories / drives, I wanted to makes sure the they were mounted to the same Windows drive all the time, regardless of other mount points. Thus, the VirtualBox setting does not use auto-mount, and instead the directory was manually mounted as seen in the Dropbox example below.

Installing Dropbox was a matter of downloading and installing this package, and start it as an unprivileged user. Then, in order to make that available in the Windows image as well, the top Dropbox directory was shared as a drive. (Note: The Windows VM is intentionally not connected to the network). Finally, a requirement was to have that fixed on C:\Dropbox, which was achieved with a symbolic link in Windows. The following lines has to be executed in a shell run “as Administrator”:

net use x: \\vboxsvr\Dropbox
mklink /d x:\ c:\Dropbox

One of the few special applications which requires Windows, was Corel Paint Shop Pro (PSP). The usage pattern for this is typically to download something from the web, and the process it. To make this easy and seamless, I added a Firefox plug-in so every image gets an extra right-click menu item which opens the image in PSP inside the VM. Details for this is explained here.

Finally, another special Windows only application was the genealogy program Aldfaer. The requirement here was that it could be updated, over the web. To make this work, the main install is on Ubuntu, with an option to run and update from Wine. However, it runs better inside the VM, so the application folder is mapped to Windows through another shared folder in VirtualBox. I will go into detail regarding this setup in a later post.

Writing this a few months after the machine was delivered, I’ll declare it a success. Raw performance is at a very different level from what my father was used to. The machine is silent, and in fact is turned on most of the time (as opposed to the old which he never used because of fan-noise). The split Ubuntu / VM setup is slightly complicated, but seems to work out well. As expected, the Windows install has already regressed, but it is easy to go back to a previous Snapshot, instead of re-installing everything again. This machine will definitely last a long time.


(Click for larger images.)

Comments Off

Making an ARM Linux based computer from scratch

Comments Off

Over at Henrik Forstén’s blog, he has a write-up of his very impressive project where he designed, assembled, soldered and installed an BGA (Ball Grid Arry) ARM based board from scratch.

He discusses board design challenges with a four-layered PCB, considerations with traces for DDR2 RAM, CPU, and three voltage supplies. There are many pictures showing the soldering process. His summary is: “Many people say that soldering BGAs is hard but based on this experience I can’t agree. Maybe I just got lucky but I didn’t have any problems with them.”

Once the board is all put together, he goes on to boot Linux. That also proves somewhat tricky, and he ends up with a three-phase boot using an ARM bootloader, U-boot, and finally a custom built kernel.

He says, “I don’t really care about the usefulness of the board and this whole project is more of a learning experience”. Clearly it was a great success.

Comments Off

chroot to ARM

Comments Off

chroot allows you to “run a command or interactive shell with special root directory”, as the man page says. However, it is assumed that the second level root directory is built for the same CPU architecture. This causes a problem if you want to chroot into an ARM based image, for the Raspberry Pi, let’s say. qemu-arm-static, some “voodoo” and several tricks come to the rescue. The process is documented well at Sentry’s Tech Blog, and the original seems to be by Darrin Hodges.

After downloading and unzipping the image, it has to be mounted. There are a few ways to go about this, but I found the easiest was to use plain old mount with an offset. The typical RPi image file is a full disk image, as opposed to a single partition or ISO though. We are after the second partition, which in our case starts at sector 122880. (See this discussion for how to find the correct starting sector using fdisk).

mkdir /mnt/rpi
mount -o loop,offset=$(( 512 * 122880 )) 2014-01-07-wheezy-raspbian.img /mnt/rpi

Next we’ll copy a statically built QEMU binary for ARM to the mounted image. You might need to install QEMU on the host system first. Furthermore, we need to mount or bind the special system directories from the host to the chroot.

apt-get install qemu-user-static
cp /usr/bin/qemu-arm-static /mnt/rpi/usr/bin/

mount -o bind /dev /mnt/rpi/dev
mount -o bind /proc /mnt/rpi/proc
mount -o bind /sys /mnt/rpi/sys

Next comes the magic. This registers the ARM executable format with the QEMU static binary. Thus, the path to qemu-arm-static has to match where it is located on the host and slave systems (as far as I understand).

echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm-static:' > /proc/sys/fs/binfmt_misc/register

Finally, it’s time for the moment of truth:

chroot /mnt/rpi

uname -a
Linux hrb 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 armv7l GNU/Linux

In some cases, the error “qemu: uncaught target signal 4 (Illegal instruction) – core dumped” occurs. User kinsa notes here that the lines of the file ld.so.preload (i.e. on the slave, /mnt/rpi/etc/ld.so.preload) has to be commented out (with a # in front).

Congratulations, you now have an ARM based chroot. What to do with it? Maybe install a few “missing” packages before copying over to one or more SD cards, set up the users, modify passwords, etc. Or take advantage of the CPU and memory of the host system or compile from source.

apt-get install htop tree ipython ipython3 gnuplot

As a final note, when done, you want to clean up the mount points.

umount /mnt/rpi/dev
umount /mnt/rpi/proc
umount /mnt/rpi/sys
umount /mnt/rpi

Comments Off

iodine – IP over DNS

1 comment

A recent stay in a couple of Germany hotels revealed a few things: First, American cultural imperialism has spun out of control, to the point where hotel receptionists are now footsoldiers for those who claim ownership of music and movie content. One hotel owner told us he had been fined two thousand Euros for MP3s downloaded by guests. While in another hotel I was hard pressed to get a second access code on their WiFi, and was not allowed to sign for the it on behalf of my wife. No wonder the The German Pirate Party has wind in its sails.

Secondly, even without these surveillance tactics in place, connecting to the abundance of half-open WiFi networks without authenticating can be useful. They are open in the sense that WiFi encryption is not used, and you can acquire a local IP without password. Most of the time, these networks are set up with a local log-in page, which grants you access for a specific device (MAC based) typically for a fixed amount of time. However, before the authentication code and password is entered, some traffic is let through: DNS requests have to work to get to the log-in page, and local hotel page. This is the basis of several TCP/IP over DNS protocols. I choice iodine, and successfully used the hotel network without log-in.

iodine is a bespoke server/client protocol which lets you tunnel IP4 data over DNS requests/responses. It works by setting up an extra network interface (TUN/TAP device) on both server and client, so that any traffic can be tunnelled. It takes care of a lot of the nitty-gritty settings itself, and probes for best settings. Finally, iodine is available for most popular platforms, including GNU/Linux (in the default repositories of Fedora and Ubuntu), *BSD, Android. However, make sure the same version is running on both client and server, as the author states that compatibility between versions is not a project goal.

Detailed setup is covered by several people, including their own HowTo and README; a CentOS compile example; and one for Debian. Thus, I wont repeat those details, and only cover some of the gotchas I stumbled upon and lessons I learnt:

  1. Start small and expand: The client/server can be brought up on the same machine, so make sure to try that first. Then try on the same local network, or remote but open networks, and finally on a semi-open network.
  2. Watch your firewall! The default DNS port, 53, is typically blocked, so you’ll have to punch through and forward that. Also make sure you open for UDP on that port! Use nmap from different locations to confirm that the port is open throughout. nc (Netcat) is useful in debugging the connection, but again make sure it’s UDP.
  3. Make sure the DNS entries for your domain are correct. You need two entries, and with some providers, it might not be obvious how to fill in their web-form to achieve the exact settings. I found this example most helpful.
  4. Debug the DNS setup using the CLI command dig, and the DNS web-tool by MXTools. For dig usage, this comment was useful.
  5. Use the test page provided by the author of iodine. It gives detailed and useful error reports on how far you’ve come with your setup.

With some luck, you’ll have a working setup, and will now be prepared for the next time the hotel receptionist does not give you enough WiFi vouchers for all your devices. Having said that, it does not really replace full access, as the connection will be “modem-slow”, or even worse. However, you do get access, which is sometimes what counts.

A client is is also available for Android from iodine, and Marcel goes into details on how to compile and run. I’ve not tried yet, and it seems there’s room for an easy to install F-Droid package there. More about that later.

The Do-It-Yourself Cloud

1 comment

“In the cloud”

The buzzword “cloud” seems to be here to stay for quite a lot longer. The problem is that it is rather ill-defined, and sometimes it is used to mean “on the Internet”, regardless of how or where a particular service or content is hosted.

It is not before we pick up further buzzwords that we can add some meaning to the term: Although there are even more terms used, I would like to focus on two of them: Infrastructure as a Service (IaaS), or what traditionally has been called “hosting”; virtual or dedicated machines which you can install and operate on OS root level with little or no oversight. Examples include your local hosting provider, and global businesses like Amazon EC2 and Rackspace.

Secondly, Software as a Service (SaaS), where you don’t write the software or maintain the system yourself. All it takes is to sign up for a service, and start using it. Think Google Apps, which includes GMail, Docs, Calendar, Sites and much more; or Salesforce, Microsoft Office 365, etc. Often these services are billed as “free”, with no financial cost to private users, and the development and operating costs of the provider is financed through various advertisement programs.

Black Clouds

The problem with the later model, Software as a Service, is that it can put many constraints on the user, including what you are allowed to do, say, or even make it difficult for you to move to another provider. In his 2011 essay “It’s the end of the web as we know it”, Adrian Short likens the later model to tenants: If you merely rent your home, there are many things you will not be allowed to do, or which you do not have control over. Short focuses on web hosting where using a service like Blogger will not let you control how links are redirected, or were you to move in the future, take those page-clicks with you onto your new site. The same goes for e-mail: If AOL decides that their e-mail service is not worth-while tomorrow, many people will lose e-mails with no chance to redirect. Or look at all the storage services which collapsed in the wake of the raid on MegaUpload. A lot of users are still waiting for FBI to return their files.

More recently, the security expert Bruce Schneier wrote about the same problem, but from a security perspective. We are not only tenants he claims, but serfs in a feudal system, where the service providers take care of all the issues around security for us, but in return our eye-balls are sold to the highest bidder, and again it is difficult to move out. For example, once you’ve invested in music or movies from Apple iTunes, it is not trivial to move to Amazon’s MP3 store; and if you’ve put all your contacts into Facebook, it is almost impossible to move to MySpace.

In early December, Julian Assange surfaced to warn about complete surveillance, and governments fighting to curb free speech. His style of writing is not always as straight to the point as one could wish for, but in between there is a clear message: Encrypt everything! This has spurred interesting discussion all over the Internet, with a common refrain: Move away from centralized services, build your own.

Finally, Karsten Gerloff, president of the Free Software Foundation Europe (FSFE), touced on the same theme in is talk at the LinuxCon Europe in Barcelona, in November 2012. He highlighted the same problems with centralised control as discussed above, and also mentioned a few examples of free software alternatives which distributes various services. More about those below.

Free Software

The stage is set then, and DIY is ready to become in vogue again. But where do you start, what do you need? If not GMail or Hotmail, who will host your e-mail, chat, and other services you’ve come to depend on? Well, it is tempting to cut the answer short, and say: “You”. However, that does not mean that every man, woman and child has to build their own stack. It makes sense to share, but within smaller groups and communities. For example, it is useful to have a family domain, which every family member can hinge their e-mail address off. A community could share the rent of a virtual machine, and use it for multiple domains for each individual group; think the local youth club, etc. The French Data Network (FDN), has a similar business model for their ISP service, where each customer is an owner of a local branch.

For the software to provide the services we need in our own stack, we find ourselves in the very fortunate situation that it is already all available for free. And it is not only gratis, it is free from control of any authority or corporation, free to be be distributed, modified, and developed. I’m of course talking about Free and Open Source Software (FOSS), which has much to thank Richard Stallman for its core values, defined in the GPL. (“There isn’t a lawyer on earth who would have drafted the GPL the way it is,” says Eben Moglen. [“Continuing the Fight“]). We may take it for granted now, however, we could very easily have ended up in a shareware world, where utilities of all kinds would still be available, but every function would come with a price tag, and only the original developers would have access to the source code, and be able to make modification. Many Windows users will probably recognize this world.

Assuming one of the popular GNU/Linux distributions, most of the software below should already be available in the main repositories. Thus it is a matter of a one-line command, or a few clicks to install. Again a major advantage of free software. Not only is it gratis, it usually refreshingly simple to install. The typical procedure of most proprietary software would include surfing around on an unknown web site for a download link, downloading a binary, and trusting (gambling really) that it has not been tempered with. Next, an “Install Wizard” of dubious usefulness and quality gives you a spectacular progress bar, sometimes complete with ads.

The DIY Cloud

The following is a list of some of the most common and widely used free and open source solutions to typical Internet services, including e-mail, web sites and blogging, chat and voice and video calls, online calendar, file sharing and social networks. There are of course many other alternatives, any this is not meant to be an exhaustive list. It should be plenty to get a good personal or community services started, though.

  • The Apache HTTP web server is the most widely used web server on the Internet, powering shy of 60% of web sites (October 2012). It usually comes as a standard package in most distributions, and is easy to start up and configure. For the multi-host use-case, it is trivial to use the same server for multiple domains.
  • If you are publishing through a blog like this one, the open source WordPress project is natural companion to the Apache web server. It too is available through standard repositories, however, you might want to download the latest source and do a custom install, both for the security updates, and to do custom tweaks.
  • For e-mail, Postfix is typical choice, and offers easy setup, multi-user and multi-domain features, and integrates well with other must-have tools. That includes SpamAssassin (another Apache Foundation project) and Postgrey to handle unwanted mail, and Dovecot for IMAP and POP3 login. For a web-frontend, SquirrelMail offers a no-frills fully featured e-mail client. All of these are available through repository install.
  • Moving into slightly less used software, but still very common services, we find the XMPP (aka Jabber) servers ejabberd and Apache Vysper, with more to choose from. Here, a clear best-of-breed has yet to emerge, and furthermore, it will require a bit more effort on the admin and user side to configure and use. As an alternative, there is of course always IRC, with plenty of software in place.
  • Taking instant chat one step further, a Voice-over-IP server like Asterix is worth considering. However, here setup and install might be tricky, and again, signing up / switching over users might require more effort. Once installed, though, there are plenty of FOSS clients to choice from, both on the desktop and mobile.
  • Moving on to more business oriented software, online calendar through the Apache caldav module is worth exploring. As an alternative the Radicale server is reported to be easy to install and use.
  • A closely related standard protocol, WebDav, offers file sharing and versioning (if plain old FTP is not an option). Again, there is an Apache module, mod_dav, which is relatively easy to set up, and access in various ways, including from OSX and Windows.
  • DIY Internet

    That list should cover the basics, and a bit more. To round it off, there are a number of experimental or niche services which is worth considering to their propitiatory and closed alternatives. For search, the distributed YaCy project looks promising. GNU Social and Diaspora aim to taken on heavy weights in social networking. Finally, GNUNet and ownCloud are peer-to-peer file-sharing alternatives.

    The future lies in distributed services, with content at the end-nodes, rather than the hubs. In other words, a random network, rather than scale-free. Taking that characteristic back to the physical layer (which traditionally always has been scale-free), there are “dark nets” or mesh nets, which aim to build an alternative physical infrastructure based on off-the-shelf WiFi equipment. Currently, this at a very early experimental state, but the trend is clear: Local, distributed and controlled by individuals rather than large corporations.

Cool Linux games on Fedora

1 comment

Linux might not be famous for its games, however there are still plenty around. You will not find the latest Call of Duty, though. Rather, there is a long list of classics and small and fun games. From the Scumm based offerings from Revolution, to remakes of classics like Freeciv, LinCity, and Ultimates Stunts.

Fedora offers a dedicated “spin” installation for games, which offers more than hundred small and big games. Below is a random pick of a few favourites, along with their RPM package names.

As far as I understand, many of them are OpenGL based, or require a properly configured graphics card to run.

  • Beneath a Steel Sky – beneath-a-steel-sky-cd
  • Lure of the Temptress – lure
  • Flight of the Amazon Queen – flight-of-the-amazon-queen-cd
  • Freeciv – freeciv
  • Glaxium – glaxium
  • Mania Drive – maniadrive
  • Ultimates Stunts – ultimatestunts
  • Tremulous – tremulous
  • Abuse – abuse
  • LinCity – lincity-ng

And to install them all!

yum install beneath-a-steel-sky-cd lure flight-of-the-amazon-queen-cd freeciv glaxium maniadrive ultimatestunts tremulous abuse lincity-ng

Mobile OS

Comments Off

In the world of OSes for mobile phones, there have been a lot of changes lately, with some going away and others joining the race. A while back, Intel announced that they would drop MeeGo, which means that it is dead since there is nobody else to support it if the community can’t keep it going. But at the same time, they said the code would be merged with another mobile OS. Intel and the Linux Foundation will be steering the OS with the very unfortunate name Tizen (it can easily be mistaken for meaning penis in some of the Scandinavian languages).

Meanwhile, over at Nokia they are betting on Windows Mobile (and making many of their employees disgruntled), while at the same time releasing the already defunct MeeGo OS in their N9 phone. However, since these are all OSes for high end smart phones, they also need something for their so called “feature phones” which are not power full enough (or have different user groups) to drive all the complex functionality. Enter Meltemi, ironically enough a Linux based OS to replace Symbian S40 series.

The story does not end there, though. Amongst the free mobile OSes, KDE is entering the race. Not with a complete separate OS, but rather a UX platform, Plasma Active, with an API for phones, tables, set-top boxes, home automation, and so on. Plasma Active has to run on top of some OS, and currently they are using MeeGo and openSUSE based Balsam Professional.

It is refreshing to see a lot of movement in this area, and hopefully it will lead to a free alternative. However, the at moment it is still looking somewhat bleak for truly free mobile phone OSes. The firmware and driver issue seems to be never ending, and not even the OpenMoko can escape it.

Comments Off