TimeDigit.com: 2010

Friday, December 17, 2010

Linux needs a Marketing Plan

There is no arguing that Linux is the most open yet powerful OS out there.
It was developed over the Internet and over time as it has evolved it has given back its due to the Internet by becoming the backbone of the infrastructure that runs the Internet as we know today. An overwhelming majority of the servers, routers, firewalls and clients on the Internet today run on Linux. Not to mention the numerous cellphones, readers, set top boxes, live streaming on TV etc.
But there is a problem still. Ask anyone on the street, what OS do they use mostly? What are the different OS's that they know of for computing devices? 90% will say Windows, 5% will say apple and less than 2% will say Linux. And this is a contrast to the fact that the Linux based servers, search engines and network equipments are behind the Internet. There is a big disconnect between how the Internet functions and how the Internet is perceived by the masses. The reason is one small word "Marketing". Linux is based on the Freedom principles--thats great. But who is to Market it to the masses? Linux is considered by the numerous folks as something only meant for the geeks. Something that is cryptic, ugly and difficult to work with. If you look around the other OS'es that have mainstream recognition, they are riding on their Marketing and brand image. Linux has nothing like that. There is not even one print or electronic Advertisement for Linux as a brand. Have you seen one Linux Advertisement talking just about Linux on TV? or magazines? or web( If you have, please share). And no wonder no one knows about it or takes interest. As is evident in the low market share for Linux in the desktop OS segment. Some one has got to take the lead here, guys...

Thursday, December 9, 2010

Google Chrome OS - Do we need another OS?

On Dec 07, 2010, in San Francisco, Google previewed its Chrome OS based hardware.In their previous announcement earlier this year, they had promised the release of the Hardware+Software offering in the form of a Web enabled Chrome OS based Laptop by end of this year. But looks like it will be delayed by a few more months and it will be only by Spring of 2011 that this product will come to public. On a very high level, it is a Black colored Matte finished lightweight Laptop running not a full blown OS but a thin-client like Chrome OS that is essentially a glorified Web Browser. More info is on Google website.
Chrome or Chromium is and OS that Google developed on top of the Linux kernel. The main objectives are Speed, Security and Simplicity. Thus doing away with the usual OS that is sometimes a hindrance to ideal web experience. Note that while "Chrome OS" is an Operating System Look alike (though different in some ways), just "Chrome" (without OS) is just another browser like Firefox or IE. They project that in the coming years, Computing will become more and more Cloud based and networked. So standalone OS, Apps and Utilities will become redundant. Thats where their offering of a complete solution of a laptop that lacks even a traditional hard disk drive is unique. Every Techie knows, hard disk drives are where the traditional OS lives and disk drives are the slowest element in the hardware. So if you do away with those two, there is a lot of Speed gains.
While I like the fact that finally someone had the guts to come out with a complete hardware and software solution based on the Linux kernel, which means there is a great boost to Opensource here, I'm not very sure if throwing yet another OS type out there is a real solution. Note that Google already has another Linux based "Android" that is doing great in the Mobile/Touch screen hardware domain. Time will tell if we really needed another OS (lookalike) or we could have done with the existing OS'es to address the 3S (Speed, Simplicity, Security) challenges out there. At least we have more choices now than going to only the Monopolistic Proprietary OS vendors out there..You know who I'm talking about..One is ugly and bad. The other looks like a half eaten fruit and is Evil nonetheless...

WikiLeaks and all the Drama..

Now unless you are living under some non-descript rock somewhere remote, you are bound to have crossed paths with news waves harking about the recent WikiLeaks drama. Long story short, WikiLeaks.org founded by a 39 year old Australian by the name Julian Assange, recently published on the web thousands of classified documents which if not disastrous for many Leaders and Governments across the globe have at the least been embarrassing. And since then, there has been lot of buzz about if this sort of public humiliation by WikiLeaks was justified, if it was credible, if it really helps any cause, if it put any soldier or intelligence folks in line of danger and all the bla bla bla.. Not only that there have been some interestingly curious developments around WikiLeaks soon after like Amazon.com pulling down WikiLeaks from their Servers under Government Pressure, WikiLeaks being unavailable for a while under cracker attack, WikiLeaks moving off to a Swedish domain, PayPal, Mastercard and Visa going down or facing Denial-of-service attacks. Plus the most amazing of all, two Swedish women suddenly having filed lawsuits again Julian Assange for assaulting them in non-gentlemanly ways followed by Mr. Assange getting arrested in London and his supports on the street or the web retaliating in their own ways.
Interesting sequence of events this all.
Now here is my comment. From the point of view of Freedom of the Web, WikiLeaks has a right to Free speech. They may also have a right to comment and present their opinion. But like they say, one persons rights end where another person's nose begins (or something like that), what needs to be seen is if these revelations are infact in any way beneficial to the larger Population in any way. The long term impacts of this episode will be know only in Time. I'm not very sure if it will create a sudden increase of distrust or violence in any part of the world. Nor am I sure if it will lead to a sudden burst of Happiness, Peace and Prosperity. Let us all wait and watch..

Wednesday, December 1, 2010

Google E-Reader is coming..but WHEN?

If you are like me you would not want to part with your Freedom at any cost. You would not want to be told what to do. Applying this to the use of the Internet and the infrastructure surrounding it, you would not want to be locked to one vendor, platform or device. No wonder, people like us don't like the idea of Proprietary hardware and software platforms which impinge on your sense of Identity and restrict you from doing what you want to do with your own Time, Resources, Hardware and Software. The whole idea of Freedom is jeopardized by those companies who every few months come out with a new way of restricting your freedom. The biggest Axis of Evil in this list -- Apple and Microsoft.
Considering this, it was a pleasant news when Google said earlier this year that they would release their platform independent E-book store (Google Editions? or whatever the name is) by Fall of 2010. Now this is December already and still waiting. Although there has been a news lately which says they are going to do so by end of the year in US and early 2011 rest of the world. It is said they want to make sure that there were no unforeseen problems with their product post-launch. Understood. But then may be no need to create a hype about it. Announce it when ready. May be a Marketing ploy -- who knows. Whatever the reason, the Freedom oriented people would like this platform as it allows you to buy your Ebooks using only the Google account and then read it on ANY platform--just need a web browser. No need to buy another Locked in hardware or software platform. So kudos Google. Ok, now its late..hurry up.

Monday, November 29, 2010

Tim Berners Lee on Freedom on the Web

Tim Berners Lee is the one person, every web surfer owes something to. In Dec 1990, he was the one who demonstrated the functionality of the web on the Internet as we know today. He is credited with developing the protocol underlying the framework of the Web--viz., HTTP or HyperText Transfer Protocol. Although rudimentary precursors to Todays Internet were present since the day of the ARPANET back in the 60s, it was the introduction of the very important protocol HTTP that brought the web and the Internet to the mainstream.

So obviously, if Tim Berners Lee has something to say about the web and the Internet, one has to sit up and take notice. Recently he published an article on the well respected Science journal 'Scientific American' about his concerns about the waning of Freedom and Neutrality of the Web. You can read the article here.

What is important is that it raises the very important question of what happens when certain individual organizations and companies decide to armtwist the net surfers into following a certain behavior that is profitable to only those organizations/companies and to no one else. Take for example, Apple itunes. It is the most proprietary platform for Music that you can imagine. If you want to listen to the music it offers, you have to make sure you register your device, promise not to share your music with anyone, use only the features the software offers, remain dependent on the vendor and pay up every time you want to listen to something new. Not just that, even the hardware devices are locked in to the itunes account, you cant even change the battery of your device if you wanted to--in short total usurping of your Freedom to use your own hardware and software as you like. In direct violation of the principles on which the Internet community and its philosophies are based. The Internet and the web was designed to be the most open platform of our generation and the generations to follow. However, vested interests like Apple and Microsoft chip away at the very foundations of those principles by monopolizing the web and Business practices that benefit noone else but their coffers...

Tuesday, November 23, 2010

Linux HowTo: Log Rotation with logrotate utility

If you have managed any Linux/Unix system for any length of time, you are bound to have been amazed at the amount of logs and trace files your system is capable of producing. The fact that Linux systems are able to manage all of their jobs and activities based on a handful of configuration files is pretty impressive. And they shell their output to textfiles that can be extremely useful in troubleshooting and debugging. However, this also underlines that you will have to do something about the log and trace files because if you dont, it is highly likely that you will run out of diskspace soon.

Thankfully, Linux comes with an utility to help you in this. The utility is called logrotate. A simple description of the too according to man pages is :

# man -f logrotate
logrotate            (8) - rotates, compresses, and mails system logs
logrotate           (rpm) - Rotates, compresses, removes and mails system log files.

At the very simplest, logrotate program is a log file manager. Its default configuration can be found in /etc/logrotate.conf. If a certain system utility like syslog or apache seeks little more than the basic default configuration, you can create a new configuration file (or modify an existing configuration file). The non default configuration files are to be found in the directory /etc/logrotate.d.

But wait. That is not all. If you want to automate the management of log rotation you can employ the good old scheduling utility cron. Simply add a new entry for the program (like syslog) whose logs you want to manage using logrotate in crontab.

For example, here is a cron entry to manage logs for syslog utility:

#/etc/cron.daily/logrotate
#! /bin/sh

0 0 * * * /usr/sbin/logrotate   /etc/logrotate.d/syslog

In the above, once a day (at midnight), logrotate will read the configuration file for syslog utility (in /etc/logrotate.d) and take the actions specified in that config file. The actions could be as simple as doing certain actions before the rotation and doing certain other action post rotation. In my system, the syslog logrotate config file looks like this:

# cat /etc/logrotate.d/syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

And the default logrotate config file looks like this:

# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    minsize 1M
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

Monday, November 22, 2010

Android will be the # 1 Mobile Platform

Going by the impressive growth that Android has registered in the short 2 years it has been around, all indications are that it is doing great and will keep doing so for a long time to come. Infact, it is only a matter of time before it becomes the #1 Mobile Platform. Even Steve Wozniak agrees.
And that is cool. Android is based on Linux. Linux is based on the GNU / Opensource License. This means, if corporations like Google, identify the opportunities behind FOSS (Free Open Source Softwares), and are willing to enhance and advance its development, then even the most proprietary of companies (like Apple) will acknowledge the challenge FOSS presents.
While this is certainly a positive news, FOSS still has a long way to go before it can become mainstream. Take a look at computer sales for the home consumer market for example. There are hardly any manufacturers who are willing to use FOSS as OEM install for their hardware. Look at proprietary companies like Microsoft and Apple on the other hand, they are easily accessible. This is a lesson for FOSS community. The Opensource ideals are good and great. But until some the critical mass of End user experience of Linux and Android reaches that of the competitors in terms of reach and polish, there are many challenges in the way for FOSS to become universally acceptable. Nevertheless, good job. Keep it up Linux and Android !!

Thursday, November 11, 2010

Linux HowTo: My Top 10 Linux Commands

My Top Ten Linux Commands of all Time:

# ps          - Process status. Comes with a lot of options eg: 'ps -ef' and 'ps -l'

# man       - Manual of commands. Very useful for quick reference on commands. eg: man -f <cmd>

# find        - Finds files by names, file type, modify time etc. eg: find . -name <filename>

# grep       - Searches regular expressions in files. eg: grep <search criterion> <filename>

# vim         - Visual editor improved. Indispensable for shell scripting.eg: vim <shell script>

# who        - Tells who is logged in.

# w            - Similar to who but more detailed.

# uname     - info about the system, OS, kernel version etc. eg: uname -r, uname -a

# ping         - Sends an ICMP packet to check basic network connectivity. eg: ping <remotehost>

# mailx        - inbuilt mail agent. Very useful in sending notifications and alerts esp from shell scripts.
                   - eg: # mailx -s "subject" recipient1, recipient2,.. < message body

Amazon removes Books advising Paedophiles

First Read this - http://news.blogs.cnn.com/2010/11/10/amazon-com-book-defending-pedophilia-sparks-boycott-call/?hpt=Sbin

Then Read this - http://www.abc.net.au/news/stories/2010/11/12/3064233.htm?section=justin

Amazon was recently in news for putting on sale on its ubiquitous Amazon.com the book advising Paedophiles.
But after a media outcry, it was promptly taken off the sales. Earlier it was reported that they had defended their decision to put the book on sale in the first place. Whatever the initial move, looks like, the vehement protests and barrage of emails and phonecalls made them change their mind.

I think that is a smart move on their part to remove the book from sales on their site. In doing so, they have probably helped arrest the damage to their reputation (and may be even the stock price?). In my opinion, the Internet is a Free phenomenon which at the same time is incredibly resilient to perversity. While Freedom on the Internet can allow a certain organization to try to do something they deem right, the response of the Internet community is sometimes big enough for the organization to revert or atleast rethink their first move. That is important. Afterall, Freedom is good thing but abuse of Freedom is not. One person's Freedom to do something can not be allowed to take another's Freedom. Not on the Internet atleast. I think, Amazon's book sale would have encouraged paedophiles and thus resulted in violation of Freedom of many others who dont want the Internet to be used as a medium to pronounce perversity. Lesson learnt by Amazon, I suppose...

Thursday, November 4, 2010

Linux HowTo: SSh Primer

Secured Shell or ssh uses the technology of public-key-cryptography as the base.
    -it requires two keys to open a file (public + private); somewhat like a bank locker which req two keys (bank's + user's)
    -public   key is freely accessible.
    -private key is strictly restricted.
    -The combination of public + private key is supposed to be unique.

-how it works?
        . both receiver and sender must have access to each others public key
        . sender encrypts:     sender priv key + receiver pub key + data
        . sender sends
        . receiver decrypts:    sender pub key + receiver priv key + data

Note:
-ssh is a proprietary protocol owned by the Finnish company ssh communications security.
-although the source code for original ssh is open, varios restrictions are imposed about its use and distribution.
-openssh is the opensource version of ssh under the openbsd project and is more popular and secure than the original ssh.

-To be fully secure, all insecure connections in a network need to be eliminated.
-eg:    host 'a' connects to host 'b' via telnet; host b connects to host 'c' via ssh.
          then in this case, due to the insecure a-b conn, the traffic bet b-c can be monitored and cracked.

-useful commands:
        # yum -y install openssh-server
        # rpm -qa | grep -i openssh
        # service sshd    start | stop | status
        # ssh -6 user@server                [ ipv6 ]
More
        . /etc/ssh/sshd_config                [ server daemon ]
        . /etc/ssh/ssh_config                  [ client   daemon ]
        . ~/.ssh/known_hosts                [ a directory of ssh hosts ]

-ssh tunneling = port forwarding     =    poor man's vpn
-using one hostA to connect securely to another hostB (ie via hostA)
        clientA# ssh    -L    local_port:hostA:dest_port   hostB
    ie:    clientA-----hostA====hostB
    ie:    user on clientA authenticates on hostA but securely connects to hostB.
    ie:    it is a way for people inside a firewall or proxy to bypass the firewall restrictions and get to the computers in the outside world.

-ssh tunneling = port forwarding = a way to forward otherwise insecure tcp traffic through ssh.
-utility             = allows users to access securely their company data while remote (home, internet, etc)
-as long as the user has an ip conn to the Internet, he can connect to the remote server securely.

-sftp is a secure ftp service offered under ssh daemon.
        # sftp    user@host
        sftp>bla bla
        sftp> bye

Linux HowTo: Virtualization Primer - VM, Xen, KVM

Virtualization    -    abstraction of computer resources to simulate a non-real env (via h/w, s/w or both).

-Some virtualization terms:
        -host os       - the base host
        -guest os/vm         - the virtual machine
        -hypervisor            - also called virtual machine monitor (vmm)
                                     - the abstraction layer that emulates a virtual set of resources (eg cpu, ram, disk)
        -h/w emulation      - s/w is used to emulate cpu instruction set. so guest vm runs slower than a standalone. eg bochs
        -para virtualization    - s/w based where the guest vm kernel is modified to fit in the host env. speed comparable to a standalone. eg xen
        -full virtualization - the vm is broken at the host cpu level. guest vm runs without any overhead or modification. eg kvm

-kvm
        - kernel based vm
        - builtin linux kernel based, ie, it turns the linux kernel into a hypervisor.
        - since various linux distros are based on the common kernel, kvm is compatible to several distros.

-virt-install Command:
        -virt-install is a cmd line tool to create virtual machines.
        -you can install it in this way:
            # yum groupinstall    virtualization        or
            # yum install virt-install

-the virtual machine daemon is libvirtd.
-eg:      # service libvirtd    start    | stop    | status

-To create a vm env:
            # virt-install    --prompt        [it prompts you for responses like vm name, ram, disk etc]

Wednesday, November 3, 2010

Linux HowTo: NFS Primer

NFS or Network File System was introduced by Sun Microsystems in the 1980s as a mechanism to share files with remote hosts. In those days, when the network technology were primitive (and the Internet unknown), this was a great innovation. Over the years, NFS has matured and has been adopted by virtually all Unix and Linux systems. This discussion is a brief primer of the same topic.

-in nfs, which is a client-server technology, the client server communication happens via rpc (remote procedure call).
-portmap -    is the rpc service manager. Whenever a service wants to make itself available on the nfs server, it needs to register itself with portmap.
-portmap tells the client, where the service is located on the server.

-current versions of nfs are 2, 3 & 4. version 3 being the most common and widely used.

-nfs can be a kernel builtin or it can be a standalone nfs daemon.
-the default seems to be the standalone nfs daemon.

-the primary nfs config file is /etc/exports. and its format is:
        <dir>    <client(permi)>            [ there could be multiple clients ]

-to export /etc/exports:
          # exportfs <option>
-eg:    # exportfs            -a=export all, -r=reexport, -o=options like ro, rw, no_root_squash (default is root_squash)etc

-to see current mounts:
        # showmount -e

-to mount an nfs fs on client side:
        # mount -o     <options>    server:/dir        options like ro, rw, soft, hard, bg etc...

-hard     mount    -    client waits indefinitely
-soft    mount    -    client will timeout eventually

-nfs intr     -    nfs interrupt option     - enables processes to interrupt and move on if nfs is not responding.

-default block size in nfs:
        - version 2,3        -    1 KB
        - version 4           -    4 KB
-the above can be tuned using wsize & rsize params        (write and read).
-eg:    in /etc/exports:
            serverA:/home    /mnt/home    nfsvers=3,rw,bg,rsize=8192,rsize=8192

Tuesday, November 2, 2010

Linux HowTo: Preventing SYN Flood denial of service attacks

-Denial of Service Attacks - are malicious attacks on a system by a remote host which sends numerous connection requests in a rapid succession there by overwhelming the resources of the destination and effectively 'denying' its services to other legitimate users or hosts.

-SYN flag    -    a special denial of service tcp packet sent by source host to dest host when starting a tcp connection.

-SYNACK    -    the acknowledgement of SYN flag from dest to source.

-after the source receives the SYNack, it sends a ack to the SYNack (to dest). this completes the handshaking.

-until this time, a table of SYN and SYNack is maintained on the dest.

-SYN flood    -    a situation in which, the source sends numerous SYN flags but no SYNack; so the SYN just pile up on the dest and bring it down.

-SYN cookie    -    a linux mechanism to prevent SYN flood by tracking the rate of SYN. if the rate is high, it gets rid of the SYN.

-to activate SYN cookie:
        # sysctl    net.ipv4.tcp_syncookies             [shows]
        # sysctl -w    net.ipv4.tcp_syncookies=1       [sets ]    To make it persistent across reboots, edit /etc/sysctl.conf

-to set the max number of simultaneous open files:
        # cat /proc/sysc/fs/file-max                    [shows]
        # sysctl -w    fs.file-max=value

Linux HowTo: PAM Primer

PAM    -     Pluggable Auth Module

- a security layer in Linux that takes on the task of authentication on behalf of apps instead of apps having to do so themselves.
- each application has its own pam config file. if a specific config is not there, a default file is still there.
-how? - when programs need to authenticate someone, they call one of the functions in pam library.
- pam then checks the config file for that application. if a specific config is not there, a default file is still there (/etc/pam.d/other)
- the config file tells the pam library module what checks to perform.
- the checks performed by the library module may be as simple as checking /etc/passwd or more complex as checking with an ldap server.
- the config files exist in    /etc/pam.d
- The library modules exist in   /lib/security.

    app -> config -> library module <-> user

-Each line in a pam config file is evaluated line by line. Each line returns a success or failure flag. The summary of the flags is returned to the app.

-Config file format:
- col 1 module_type - auth, account, session, password
      [auth ask for passw; account=account attribs( egtty type); session=env settings, logging password points to the module to change passw]
- col 2 control_flag   - required, requisite, sufficient, optional
- col 3 module_path - actual path of the library
- col 4 arguments   - optional, has values like debug, no_warn, use_first_pass etc...

-recommended to leave the default config file /etc/pam.d/other as it is (it is very restrictive by nature).

-To fix pam errors, you can log into single user mode.
-a good place to look is /var/log/messages.

Friday, October 29, 2010

Linux HowTo: Library Files

Almost all of Linux programs depend on some thing called library files.

-the idea behind library files:

. to simplify programmers lives by providing a repository for commonly used shared program fragments.

. this reduces the main program size as you only need to invoke the libraries as a reference link (eg #include xyz.so)

. shared library files usually have a '.so' filename extension; '.so' = shared object

-note: besides shared libraries, there are static libraries which have a '.a' filename extn. they are used for backward compatibility to older programs.

-eg: libc.so - the library for C programs.

Gimp toolkit - the library for onscreen widgets (buttons, scrollbars, menubars etc) in Gnome

Qt - the library for onscreen widgets (buttons, scrollbars, menubars etc) in KDE

-the library path for the system is set in the file /etc/ld.so.conf or in the env variables LIBPATH or LD_LIBRARY_PATH

-displaying libraries that a program depends upon:

-eg: # ldd /bin/ls [ shows the library dependencies for the /bin/ls binary ]

-display config info for libraries, currently loaded in memory:

# ldconfig

Thursday, October 28, 2010

Linux HowTo: rpm, yum, dpkg, apt

First the Basics:

-libraries:

. os software modules that can be used by many different programs.

-packages:

. software files that are installed on a linux system.

. usually distributed as tarballs in two forms - rpm or debian.

-package info, mainly dependencies on other s/w is tracked in the form of a database.

-Although it is possible to install both forms of packages on a system (ie both rpm and debian), it is recommended to go with only one.

-rpm is the most popular package form for linux. redhat developed rpm and released it under gpl.

-redhat linux is available for atleast 5 cpu architectures:

. x86 - first by intel/then by amd etc

. x86-64 - first by amd/then by intel etc

. alpha - dec/compaq/hp

. ia-64 - intel itanium

. sparc - sun

-yellow dog linux is a distribution of linux developed by fixstars in 1999 for powerpc cpus used then by macos pcs.

-for the most part, the source rpms can be used to build packages on any cpu architecture.

-pkg name convention:

. pkgname-a.b.c-x.arch.rpm

-where a.b.c - version

x - build

arch - cpu type (most commonly i386, which represents x86 cpus from 80386 onwards)

-eg: . samba-3.0.25b-5mdv.x86_64.rpm

-useful rpm cmds:

# rpm -q a i <rpm pkg> [ query ]

# rpm -i v h <rpm pkg> [ U for upgrade - generally install is safer than upgrade ]

# rpm --rebuild <rpm pkg> [ rebuilds the binaries from the source code]

-source rpm files are actually modified cpio archives.

-so it is possible to extract individual files from the source rpm by reconverting them to cpio archives.

-for this the program called 'rpm2cpio' is used.

-eg: # rpm2cpio blabla.src.rpm > blabla.cpio

-then # cpio -i --make-directories < blabla.cpio

-or # cpio -idmv < blabla.cpio

-this results in extraction of files in the current dir.

Yum cmd -yum originated with yellow dog linux but now incorporated with red hat.

-it automates a lot of tasks in searching, downloading and installing rpms.

-one drawback of yum is that it can only install what is in the repository and that too over the Internet.

-eg: # yum list | install | upgrade | erase | info .. <pkg name>

-the main rpm config file is /usr/lib/rpm/rpmrc.

-the main yum config file is /etc/yum.conf ; other config files are in /etc/yum.repos.d dir.

-debian does not focus on flashy gui but its derivatives like ubuntu do. debian tries to be as opensource and bug free as possible.

-gnu hurd kernel != gnu linux kernel

-debian pkgs are incompatible with rpm, but the principles of operation are similar.

-dpkg cmd - cmd to manage debian pkgs ( like rpm cmd that manages rpm pkgs ).

-eg: # dpkg -i r p .. <pkg name> ( i= install, r= remove, p= print info etc )

-dpkg can be useful for managing one or a few packages.

-apt-get cmd is the debian equivalent of yum in rpm world - it automates several steps in managing deb pkgs.

-apg-get looks for config info about pkg locations in /etc/apt/sources.list

-eg: # apt-get check | install | upgrade | remove <pkg name>

-debian pkgs usually have '.deb' extn (like .rpm for rpm pkgs).

-the main config file for dpkg is '/etc/dpkg/dpkg.cfg'.

-the main config file for apt are '/etc/apt/sources.list' and '/etc/apt/apt.conf'.

-package conversion:

. sometimes it requires a pkg conversion between rpm to deb or vice versa.

. utilities like 'alien' help to do that.

-alien requires that both pkg managers be installed (rpm and dpkg).

-eg: # alien --to-rpm <aprog.deb>

# alien --to-deb <aprog.rpm>

-common cause of package dependency problems:

. missing libraries

. incompatible libraries

. duplicate / mismatched names

-common answers to package dependency problems:

. force the install

. rebuilding pkg from source

. modifying system config files, etc..

Wednesday, October 27, 2010

Linux HowTo: dd command

The dd command is an old command carried over from the Mainframe computing days of the yore. It stands for 'Data Dump'. Also known as 'data destroyer' as a pun, in case not used carefully (since it can destroy disk partitioning very innately and cleanly). It is considered as a good choice of disk to disk backup methods at a very native level, it can even be used to copy whole partitions or filesystems. For details refer below:

-dd backup method:

. sequential file image of a partition irrespective of the filesystem knowledge that reside on the partition. dd cmd does so.

. backup of partition using only the used fs. dump cmd does so.

-dd requires that the restore be done on an equal or bigger partition.

-dump can restore to partition that is sufficient to hold the used fs.

-dd cmd syntax:

# dd if=<input file path> of=<output file name>

-eg: # dd if=/dev/sda3 of=backup-1 [ copies /dev/sda3 partition to a file called 'backup-1' in pwd ]

# dd if=/dev/sda3 of=/dev/fd0 [ copies /dev/sda3 partition to floppy drive ]

# dd if=/dev/sda2 | gzip > backup-2 [ copies /dev/sda2 partition as a gzipped file 'backup-2' in pwd ]

-note:

. dd cmd copies all blocks - whether used or unused (ie empty); also the output location needs to be atleast as big as the input.

. dd cmd can be used an easy way to troubleshoot IO:

# time dd if=/u03/oradata/devenv/one.dbf of=/dev/null [ reads file and times it ]

# dd --help [ or man dd for more help/details ]

Internet Kill Switch: A not good Idea

Did you hear that news about the Internet Kill Switch Bill? Well the idea is that in the unfortunate event of an Terrorist or Cyber Attack on the US, the White House can turn off certain parts or most of the Internet from being accessible to anyone. It is basically an over-arching security measure against cyber attacks. There is much debate about whether this is justified and/or even possible. But nonetheless, it is an area that I think every one of us who access the Internet should be aware of.
However, the collateral damage is that the very concept of Internet as we know is something that can be turned off from the netizens as a result of this legislation.
The Internet evolved in the labs of government funded Defense labs in late 60s. But it quickly grew out of those realms from not just control perspective but also from applications perspective. Today the Internet is the worlds biggest network. It has all the information that you want and more. And its continuously evolving. They say the IPv4 protocol that can address about 4Billion addresses is not enough. So we have IPv6 which can address 10^38 individual nodes. And it is available in every part of the globe. Also to note, it has users and applications from all parts and corners of human imagination. Nutshell, you can't imagine today's world without the Internet. One of the fundamental reasons for the explosive growth of the Internet is that is not owned by any one single organization or government. It harbors individual development, Open collaboration of ideas and innovations from hundreds of thousands of users, user groups and orgs. Although some of the big organizations that have the direction of the Internet under tab are in the US like ICANN and IETF. But the point is the reach of the Internet is not limited to just US. Nor is its applicability. That said, the Internet was originally meant and still continues to be primarily a forum of Open Ideas, Collaboration and Freedom. It is the most Open Platform of our generation and must remain so for future ones. Therefore misuse of this extremely important medium by those who want to harm other humans or terrorize them or suppress freedom is wrong. Such usage of the Internet must be denounced and prevented with adequate security while maintaining the Internet access to millions others who just want to access Internet for Innovation and Collaboration for the good of all humans and generations.

Monday, October 25, 2010

Linux HowTo: My Top 10 Sys Admin Commands

Following is a the list of top 10 most useful system admin commands I find indispensable in managing my Linux Ubuntu Laptop.

1- Finding my ID:
        # id -a                                        - shows who I am, what groups I belong

2- What machine:
        # uname -a                                 - shows my OS version, kernel, Platform

3- OS Version (specific to Ubuntu):
        # lsb_release -a                          - shows my Ubuntu version and release

4- Hostname:
        # hostname                                 - shows me the hostname, allows to set new hostname also.

5- Run level:
        # who -r                                     - shows current and previous runlevel, default is 2 on Ubuntu

6- Initialization state:
        # init <n>                                    - sets the initialization state, n=0 is halt, n=6 is reboot, n=2 is default.
7- Date and Time:
# date                                         - show system date and time. Also allows to set new date/time as root

8- Network Interfaces:
        # ifconfig -a                                - shows all my network interfaces and status thereof

9- Network connectivity:
        # ping   <hostname>                   - polls a remote node and verifies network connectivity using ICMP

10- Network connectivity:
        # traceroute <hostname>            - Traces each hop in the path of a network packet

Friday, October 22, 2010

Linux HowTo: LDAP Basics

LDAP or Lightweight Directory Access Protocol
- a set of open protocols developed at University of Michigan in 1992
        - it is a simple database of information on a network (not rdbms); microsoft active directory uses ldap concept.
        - data is organized in a hierarchial client server structure (like dns) - called 'directory info tree'

-how ldap works?
        - client connects to ldap server    - this is called binding
        - server authenticates
        - client queries the server

-ldap can store a variety of data - like plain text, binary, images or public key certificates etc.
-it can serve as a authentication or id management system;       it can completely replace nis.
-it can serve as dns, mail router etc.

-ldap terms:
        . entry        -    unit of ldap data                -like primary key
        . attribute    -    addtional support data for entry        -like columns depending on primary key
        . objectclass    -    special attributes                -like composite primary keys
        . schema    -    a set of ldap rules                -like data dictionary
        . ldif        -    plaintext 'ldap data interchange format    -like sql output or sqlldr

-ldap daemons:
        . slapd    -    standalone ldap daemon        - like a listener
        . slurpd    -    standalone replication daemon    - like db link for data exchange bet servers
    -note:    openldap    -    is opensource implementation of ldap

-To install openldap server and clients in one go:
        # yum    -y install    openldap-servers    openldap-clients               [ multiple pkgs in one cmd ]
-To configure openldap server , edit the following file:
        # vim    /etc/openldap/slapd.conf
-To start / stop openldap server:
        # service ldap    start | stop | status
-To query ldap server, the foll cmd is used:
        # ldapsearch    <options>
-To configure ldap client:
        # system-config-authentication

Linux HowTo: File Permissions Basics

Every File on a Linux system has permissions for owner, group and world. These three govern who can access a file. Note that everything on a Linux System can be resolved to a File--eg files, directories, keyboard (input), output (screen), error etc.

-if you have only read permi and no exec permi on a dir, you can neither view nor access the contents of that dir.

-if you have only exec permi and no read permi on a dir, you cannot view the contents of the dir but access them.

-Normally, programs run with the invokers permissions, not the owners.

-But with suid and sgid, the programs run with the owners permissions, not the invokers.

-suid and sgid have an 's' bit in place of the 'x' bit in the permission list.

-such programs are called suid programs or sgid programs.

-octal value of suid = 4, sgid =2 and suid+sgid =6. eg: chmod 6755 afile, chmod 4755 afile, chmod 2755 afile.

-if the file is executable, suid or sgid are represented by lowercase 's'. if it is not an executable, suid/sgid is uppercase 'S'.

-sticky bit - prevents 'world' users to delete files from a dir even if they have write permissions on the parent dir.

-sticky bit is represented as 't' or 'T' for world users. t = exec but no delete. T = neither exec nor delete (just like suid,sgid s or S).

-sticky bit is represented by octal 1.

-eg: Kali$ chmod 1544 ab/bb/bbc

-r-xr--r-T 1 Kali staff 8 Apr 9 22:15 ab/bb/bbc

Kali$ chmod 1545 ab/bb/bbc

-r-xr--r-t 1 Kali staff 8 Apr 9 22:15 ab/bb/bbc

-file permissions (rwx) and access modes (sStT) apply only for non-root users.

-in other words, root users can delete files even if they dont have the permissions / access modes set so for the file.

-to prevent such accidents, the 'immutable flag' is used.

-immutable flag prevents even root from deleting files until the flag is unset.

-to set the immutable flag, chattr -+i cmd is used.

-to view the immutable flag, lsattr cmd is used.

-eg: # chattr +i afile [ sets immutable flag for afile, even root cant delete it ]

# lsattr afile [ shows immutable flag permi ]

# chattr -i afile [ unsets immutable flag ]

-man capabilities for more on immutable flag.

-umask - permissions that a user does not want to grant automatically to newly created files / dirs.

-umask is like the octal-negative of file permissions. eg: umask 022 => default permi will be 755.

Linux HowTo: Redirection Basics

Linux (like Unix) comes with the very powerful command line option of input, output and error redirection. In simple terms it means taking the input and showing the output and/or error on non default sources. Note that the standard devices are Std in = 0, Std out = 1 and Std err = 2.

-To redirect both standard output and standard error into a file the following operator is used:

- &> or &>>

-eg # cmd > output.txt 2>&1

-eg # cmd > /dev/null 2>&1

-note: . this discussion didn't talk about redirecting standard input (only standard output and standard error).

. so this form of redirection works only for standard output and standard error.

-input redirection works like this:

# cmd < afile

-eg: # sort < afile [ it is just like sort abc ]

-'here document' is a special type of input redirection where a redirector is << and a word is used a marker for start and end.

# cmd << keyword

bla bla

keyword

-eg: # sort <<st [ here the chosen keyword = st ]

> a

> Q

> A

> b

> st

A [ <-- sorted output started from here ]

numbers

-pipelines ( a series of pipes ) only only work between stdin and stdout.

-stderr can not be piped.

eg: # cat afile | grep 'test' | sort | uniq -c - sorts and counts unique occurances of word 'test' in file called afile.

Friday, October 15, 2010

Linux HowTo: MBR and Grub

The Grub boot loader can be installed in the

          . MBR or
          . the partition boot record of a partition or
          . on removable media (floppy, cd, usb key)

-grub config file is /boot/grub/grub.conf
-grub cmd /sbin/grub or /usr/sbin/grub is a small but powerful shell that supports several grub cmds.
-grub.conf is generated by anaconda, the linux installer.

-In the grub.conf file :

            . all counting in grub.conf starts with 0. eg 'default=2' implies 'default os = 3rd stanza'
            . splashimage = the background image for the grub boot menu.
            . root = partition that will be booted (ie /boot partition).
eg:   root (hd0, 6)     => /dev/hda7 = /boot partition.
       root (hd1, 10)   => /dev/hdb11 = /boot partition.
       root (hd2, 7)     => /dev/hdc8 = /boot partition.

- initrd => initial RAM disk => the disk partition that contains modules needed by kernel before file systems can be mounted.

-To install grub to a removable disk use the 'grub-install' cmd
-eg: for floppy disk:

            # grub-install /dev/fd0

-note: this loads the stage 1 boot loader (ie mbr) to the first sector of the floppy disk which loads stage2 boot loader ( ie grub, which lives on the hard disk)

-stage1 bootloader on floppy will still show empty when mounted as the first sector does not show up in the filesystem.
-stage1 bootloader only has a list of block addresses for stage2 bootloader.
-So if a partition address changes (say because of installation of a 2nd os on the system eg in a dual boot system), grub needs to be reconfigured in order for stage1 to locate stage2 bootloader.

-anyone having access to the grub cmd line also has access to files on the filesystems without the restrictions of file / owner permissions.
-the habit of creating a boot floppy or usb disk is good because it can help in case the mbr gets overwritten by another os install.
-even if the boot floppy or usb disk are not available, then linux install disk can be used to go in recovery mode and then mbr reinstalled.
-eg:      # chroot /mnt/sysimage [ on the recovery window, to make /mnt/sysimage as root mount directory ]

            # grub-install [ reinstalls mbr ]

-remember:
[[ 1st 512 bytes = mbr + partition table + bootloader (optional) ]]
[[ mbr = 1st sector = stage1 boot loader ]]
[[ bootloader = stage2 boot loader ]]

Thursday, October 14, 2010

Linux HowTo: Disk Types and commands

Three prominent Disk types in Linux:

. ide - low cost, smaller - stands for 'Integrated Drive Electronics', usually seen in home computers
. pata - same as ide - stands for 'Parallel Advance Tech Attachment (from PC - AT Days)

. scsi - bigger, better perf - stands for 'Small Computer System Interface', usually seen in servers

. sata - improved ide - stands for 'Serial ATA'

-To see disk info:

# cat /dev/hdx - ide

or # cat /dev/sdx - scsi
. /dev is a virtual fs like /proc & /sys.

-Note:
. Although scsi / sata are 'serial' bus technologies as opposed to ide / pata which are 'parallel' bus tech, the performance of scsi / sata is generally better due to their superior engineering and bus size; scsi / sata is also more expensive than ide / pata.

-scsi :

. was designed for connecting streaming devices like tapes and block devices like disks, cds, dvds etc. but now extended to printers/scanners.

. was designed to allow multiple devices on one bus--the bus-controller controlling the data traffic.

-scsi defined by ANSI.

-useful files and cmds:

# cat /proc/scsi/scsi, scsi_info, sginfo.

-USB

-usb 2.0 supports speeds upto 480 Mbps.

-usb cable has 4 wires - two for signals and one each for power and ground.

-To see usb info:

# cat /proc/bus/usb

# cat /proc/bus/usb/devices

-Linux filesystem is a single fs with the / as the top root dir.

-To view the different devices like floppy, cdrom etc, on the same fs, you mount them on their mount points.

-In this regard, different mount points are treated as different devices.

-This is different from Windows where every drive letter (A, B, C..) has its own fs.

-some example dirs under / :

. bin - essential cmd binaries

. sbin - essential system binaries

. lib - essential libraries & kernel modules.

-disk partition names:

. /dev/hdx - ide

. /dev/sdx - scsi / sata

-sector = 512 bytes

-track = sum (sectors) in one read of disk arm

-cylinder = sum (tracks) in one read of disk arm

-Partition types:

. primary - one of the 4 partitions limited by the master boot record (mbr); mbr resides in the 1st sector of the disk (ie the first 512 bytes).

. extended - one of the primary partitions that is logically broken to create more than 4 partitions.

. logical - one of constituents of the extended partition.

-The boot partition must be a primary partition and reside completely in the first 1024 cylinders;

-this is because the bios can't read or boot from the boot partition, if this condition is not met.

-usually 100 MB for boot partition is ok.

-partition recommendations:

. first define boot

. then define swap

. then define root ( / ), /usr, /opt, /var in a single large partition (usually / )

. after that define rest of the system like /home etc.

-Note: even if a system can have 4 primary partitions, it can still have more than 4 bootable os partitions; this is possible bec of boot-loaders.

-eg. of boot loaders = grub, lilo, bootmagic.

Wednesday, October 13, 2010

Linux HowTo: IOPorts, Interrupts, DMA

The computer, in order to communicate with the hardware devices connected to it, assignes and uses certain mechanisms like ports, interrupts, dma. These signals are transmitted over the buses on the motherboard..

-bus:

. communication channels over which peripherals communicate with the cpu.

. bus exist on the mother board.

. current bus architecture is called PCI. PCI replaced ISA that came with PC-AT in 1984. Hence ISA was also called AT Bus.

. PCI supports 32 bit devices. ISA supported upto 16 bit devices.

-To see PCI devices:

# cat /proc/pci

or # lspci

-ports:

. When cpu needs to communicate to peripheral devices, it does so by writing to IO ports or simply ports.

. each device has its own separate port that is not shared with other devices.

-To see the IO ports on the system:

# cat /proc/ioports

-Note: ports are denoted in hexadecimal eg. 37A

-interrupts:

. interrupts or IRQs are signals generated by peripherals for the cpu to know.

. when the cpu receives an interrupt signal, it temporarily suspends all its activities and attends to the interrupt (thats why called 'interrupt').

. interrupts may be shared between peripheral devices (unlike ports)

-To see interrupts:

# cat /proc/interrupts - current interrupts

# dmesg | grep -i share - to see shared interrupts besides other things.

-dma:

. direct memory access

. for faster peripheral devices, generating interrupts to talk to cpu and then gain access to RAM could slow things down.

. dma solves this problem by granting the peripheral direct access to memory areas; basically bypassing the cpu.

# cat /proc/dma

# dmesg | grep -i dma - to see dma info besides other things.

-pnp

. with the advent of newer and multitude of peripherals, ports and interrupts became scarce. for instance two devices could not share ports or irqs.

. thats when plug n play (pnp) concept came into being.

. pnp devices report a set of interrupts/ports they need for working at boot time to bios and the system then doles those ports/irqs on need basis.

. These days, pnp is a standard feature of most computers.

Tuesday, October 12, 2010

Linux HowTo: Package Repositories and Commands

Contemporary Linux is based on two main camps of Software Package Types. One is based on the Red Hat Packages and the other on Debian. The popular Linux offering from Canonical called Ubuntu is based on the Debian packages. It was originally derived in 2004 from one of the Debian unstable releases and named 'Warty Warthog'. A new release is made available every 6 months; the latest one being 'Maverick Meerkat'. Here we discuss some commands to manage the packages in Linux..

===

-config file for client update repositories in ubuntu:
        . /etc/apt/sources.list
-pkg install dir in ubuntu:
        . /var/cache/apt/archives
-dpkg -l = rpm -qa = lists installed packages
-dpkg does not resolve dependencies.
-apt-get resolves dependencies.
-to update local package database (in /var/cache/apt/archives?):
        # apt-get update
-to compare against available upgrades:
        # apt-get upgrade
-to review available repositories:
        # apt-cache depends <pkgname>
-note: apt-cache depends on the freshness of repositories, which is done by 'apt-get update'
-to review available repositories from install cdrom
        # apt-cdrom
-repository types:
        . main        - opensource, supported by cano
        . restricted    - proprietary, supported
        . universe    - opensource, not supp by cano, supp by wider ubuntu opensrc cmomm
        . multiverse    - proprietary, not supp by cano.
-local directories (or even ftp, http, nfs dirs) can be created as repositories.

-local repositories are configured in /etc/apt/sources.list
-it has cmds in pairs like this:
        . deb http://...        -specifies location for binaries
        . deb-src http://...        -specifies location for source code
-repository types are main, restricted, universe, multiverse.
-software downloads from mirror sites is possible in http, ftp or rsync.
-to open software download dialog:
        # software-properties-gtk
-alternate graphical methods:about:home
        # synaptic
or     # update-manager
-synaptic reload button = apt-get update equivalent
-above cmd updates the rep db /var/cache/apt/archives based on repos in /etc/apt/sources.list

-sometimes it is advisable to setup a local network mirror which serves hosts in a lan.
-such a local mirror can be updated infrequently to a remote mirror using:
        . apt-mirror    to
or    . rsync
-to create local mirror:
        # apt-get install apt-mirror
        . configure /etc/apt/mirror.list & set the var base_path which points to local rep.

Monday, October 11, 2010

Linux HowTo: PAT, NAT, VPN

Before we jump into PAT, NAT and VPN, lets take a step back and begin with the technology behind many of these services called Port Forwarding...

-Port Forwarding-
    -Also called Port Mapping is the process of changing of the destination address and/or port on a packet.
    -Port forwarding on the router permits communications by external hosts with services provided within a private lan
    -this permits public hosts (eg on the Internet) to connect to a specific host within a private lan.
-scenarios of Port Forwarding:
    -running a public http server within a private lan at port 80
    -permitting ssh access to hosts on the private lan from the Internet at port 22
    -permitting ftp access to hosts on the private lan from the Internet at port 21.
-Port Forwarding is achieved by-
    -iptables cmd     in linux

-Note:
-Two cases of Port Forwarding are PAT (Port Address Translation) and NAT (Network Address Translation). PAT is subset of NAT.
    -NAT Translates IP addr only. 1to1 IP translation also called Static NAT.
    -PAT Translates IP addr + port (ie socket). Also called NAT overload.

    -In a typical home lan via a router, the Internet sees only the router which holds the public ip addr.
    -the hosts behind the router are invisible to the Internet.

    -PAT permits communication between hosts on a private n/w and hosts on a public n/w.
    -It allows a single IP addr to be used by many hosts on a private n/w.
    -PAT device (usually router) transparently modifies IP packets as they pass through it.
    -PAT device modifies the senders IP Addr and Port number (to a public ip and port)
    -PAT is also known as NAT overload.
    -PAT operates on layer 3 & 4 (network, transport resp). NAT operates only on layer 3.

    -Socket    -ip + port pair        (much like a telephone line and its extn).
    -the socket needs to be known by both source and target host for communication to happen.

-VPN
    -a n/w that uses a public telecom n/w like the Internet to provide remote network access.
    -the goal of vpn is to provide same level of security as a private n/w at a fraction of the cost.
    -vpns came in vogue in around Y2K when leased lines were the only option available and that too at a high cost.
    -vpns actually spelled the end of leased lines.
    -vpns provide security by encapsulating the traffic between the two nodes in cryptographic tunnels.
    -vpns use several protocols for providing security - eg ssh, ipsec (ip security), ssl etc.

-Tunneling protocol-
    -a n/w protocol that encapsulates payload of another n/w protocol.
    -this is routinely used in vpn.
    -tunneling usually has two protocols operating - the 'delivery protocol' that encapsulates the 'payload protocol'
-eg:    -delivery protocol = ssh, payload protocol = smb; ssh + smb = ssh tunneling protocol.

Note: In contrast to IP based Computer networks, traditional networks like Cable TV provides TV Broadcast in the form of Radio Freq Signals over optical fiber or coaxial cables.
    -This is different from traditional TV Broadcast via radio waves over-the-air.
    -Cable TV networks have a high bandwidth.

Linux HowTo: HAL Basics

Ever wondered how does your computer magically sense and install your usb drive or cd? Welcome to the world of 'plug and play' using the concept of HAL--Hardware Abstraction Layer--A software that sits between your kernel and hardware.

    -hal    - hardware abstraction layer.
    -automatic detection and initialization of hardware (plug n play) happens because of hal.
    -hal works under the daemon called 'hald'.
    -hald maintains a database of currently connected hardware.
    -hal      = sysfs    + udev    + hald    + dbus
    -sysfs    = stores settings about hald
    -udev    = listens for new devices and kicks off procs; acts as the manager of files in /dev dir.
    -hald     = the daemon, maintains a database of h/w conn currently
    -dbus    = handshakes hardware and actual running proc.

Modules - Modules are snippets of code pertaining to a specific hardware. Modules are the way in which kernel manages a hardware. Modules can be loaded and unloaded on demand; this is most commonly seen in case of plug and play devices.

Useful Module commands:
    -lsmod         - lists currently loaded kernel modules.
    -lspci           - lists h/w connected via the pci bus.
    -lspcmcia & lsusb cmds behave similarly.
    -lshal and lshw show info about currently conn devices.

    -modprobe - probes modules
    -insmod       - inserts modules
    -rmmod       - removes modules

Wednesday, October 6, 2010

Linux HowTo: MBR, Grub, Lilo etc

Here is a discussion about Linux's MBR (Master Boot Record, Grub (Grand Unified Bootlader) and Lilo (Linux Loader)..

===

Partition types:

. primary - one of the 4 partitions limited by the master boot record (mbr); mbr resides in the 1st sector of the disk (ie first 512 bytes).

. extended - one of the primary partitions that is logically broken to create more than 4 partitions.

. logical - one of constituents of the extended partition.

-the boot partition must be a primary partition and reside completely in the first 1024 cylinders;

-this is because the bios can't read or boot from the boot partition, if this condition is not met.

-usually 100 MB for boot partition is ok.

-partition recommendations:

. first define boot

. then define swap

. then define /usr, /opt, /var in a single large partition - perhaps / ?

. after that define rest of the system like /home etc.

-mbr lives in the first sector of the first primary partition. the mbr contains the partition table, info about the partitions in the system.

-Since a sector = 512 bytes, mbr = 512 bytes & in turn partition table = 512 bytes.

-every media (disk, floppy, cd) contains an executable code in the mbr even if the code is only to put a message "Non-bootable disk in drive A:".

-this is the code that is loaded by bios during the bootstrap. this is called 'stage1 boot loader'.

-this code from mbr / stage1 boot loader (ie first sector) looks for active primary partition and loads the first few blocks of that partition into ram.

-these few blocks from active primary partition comprise 'stage 2 boot loader'.

-stage 1 + stage 2 = boot strapping.

-the above works fine if there is only one os in the system. but if there are multiple os, then another piece of code called boot-loader is needed.

-the boot-loader allows the user to select one of the os to boot, ie choose which set of first os-disk-blocks to load into ram.

-Note: even if a system can have 4 primary partitions, it can still have more than 4 bootable os partitions; this is possible bec of boot-loaders.

-eg of boot loaders = grub, lilo, bootmagic.

-bootloader lives in an os partition and is invoked by the mbr. [[ (mbr.exe) ] --> (bootloader.exe) --> (rest of os partition) ]

-Why is grub > lilo?

Because when changes are made to the system (new os, new kernel) lilo boot-setup needs to be recreated from the cmd line whereas for

grub only the grub.conf file needs to be re-edited.

-Lilo can be installed in the

. MBR or

. the partition boot record of a partition or

. on removable media (floppy, cd, usb key)

-lilo config file is /etc/lilo.conf

-Grub can be installed in the

. MBR or

. the partition boot record of a partition or

. on removable media (floppy, cd, usb key)

-grub config file is /boot/grub/grub.conf

-grub cmd /sbin/grub or /usr/sbin/grub is a small but powerful shell that supports several grub cmds.

-grub.conf is generated by anaconda, the linux installer.

-In the grub.conf file :

. all counting in grub.conf starts with 0. eg default=2 => 3rd stanza.

. splashimage = the background image for the grub boot menu.

. root = partition that will be booted (ie /boot partition).

eg: root (hd0, 6) => /dev/hda7 = /boot partition.

root (hd1, 10)=> /dev/hdb11 = /boot partition.

root (hd2, 7) => /dev/hdc8 = /boot partition.

. initrd => initial RAM disk => the disk partition that contains modules needed by kernel before file systems can be mounted.

-To install grub to a removable disk use the 'grub-install' cmd

-eg: for floppy disk:

# grub-install /dev/fd0

-note: this loads the stage 1 boot loader to the first sector of the floppy disk which loads stage2 boot loader (which lives on the hard disk)

-stage1 bootloader on floppy will still show empty when mounted as the first sector does not show up in the filesystem.

-stage1 bootloader only has a list of block addresses for stage2 bootloader.

-So if a partition address changes, grub needs to be reconfigured in order for stage1 to locate stage2 bootloader.

-Anyone having access to the grub cmd line also has access to files on the filesystems without the restrictions of file / owner permissions.

-the habit of creating a boot floppy or usb disk is good because it can help in case the mbr gets overwritten by another os install.

-even if the boot floppy or usb disk are not available, then linux install disk can be used to go in recovery mode and then mbr reinstalled.

-eg: # chroot /mnt/sysimage [ on the recovery window, to make /mnt/sysimage as root mount directory ]

# grub-install [ reinstalls mbr ]

-Remember:

[[ mbr = 1st sector = stage1 boot loader ]]

|-> stage2 bootloader partition 1 -> grub menu option 1

|-> stage2 bootloader partition 2 -> grub menu option 2

|-> stage2 bootl<<<oader partition 3 -> grub menu option 3

. . . . . .

TimeLinux1