Tim Hardy

On the default Debian 3.1 setup, you need to be root to shut your computer down. This makes sense on a server but is a nuisance on a desktop machine.

To enable ordinary users to shutdown without having to type the root password, you need to use sudo which allows named users to run certain commands as if they were root.

The configuration file /etc/sudoers is edited by root with the tool visudo. Since visudo uses vi as the default editor you may want to change this unless you’re comfortable with its somewhat cryptic interface.

Your default editor is controlled by the $VISUAL variable. To permanently set your default editor as root edit /root/.bashrc and add the line export VISUAL=/usr/bin/joe, replacing joe (my favourite) with your own favourite console editor: /bin/nano is installed by default on Debian and is simple to use.

Now that you’re ready to edit, run visudo. You could edit the file directly but visudo has two added benefits: it prevents more than one person trying to edit the configuration file at the same time and more importantly it provides syntax checking when you finish editing and warns you if you’ve made any mistakes.

In the section headed # User privilege specification add: tim ALL = NOPASSWD:/sbin/shutdown -[hr] now (Obviously replace “tim” with your own username!)

Now you will be able to run shutdown as an unprivileged user without having to enter a password. Remember that /sbin will not be in your $PATH so type /sbin/shutdown -h now to run it.

Once this is working, you are ready to enable shutdown in gdm. Edit /etc/gdm/gdm.conf and change the line SecureSystemMenu=true to read SecureSystemMenu=false. You will no longer need to enter the root password when you select the Shutdown or Restart options in the gdm drop down menus.

Quick tip: to convert a html document to text, stripping out all the markup tags and just leaving the content, use the lynx browser:

lynx -dump example.html > example.txt

This works on both local and remote files.

When I booted my system today, I found that mail had stopped working (by which I mean the unix command line utility “mail”).

Using verbose mode revealed that the problem was to do with name resolution.

tim@withnail:~$ echo hello | mail -v -s "Test" nobody@example.com
LOG: MAIN
< = tim@example.com U=tim P=local S=331
delivering 1EIDKX-00021e-VF
R: dnslookup for nobody@example.com
LOG: MAIN
== nobody@example.com R=dnslookup defer (-1): host lookup did not complete


I checked my /etc/resolve.conf into which I’d hand-coded the ip addresses of my ISP’s name servers and found that my entry had been replaced with the local address of my router/dhcp client.

A bit of googling later and I realised that it was the dhclient that was changing the file during the boot process. My router was supplying itself as the DNS and dhclient was doing its job and accepting this as true.

To prevent this happening, edit /etc/dhclient.conf and add the line:

supersede domain-name-servers a.b.c.d, e.f.g.h;

where a.b.c.d and e.f.g.h are the ip addresses of the DNS servers you wish to use in place of the address(es) supplied by your dhcp server. Separate multiple addresses with commas and terminate the whole sequence with a semi-colon.

man dhclient.conf for more information on syntax and options.

This has also fixed my problem with Exim4 taking 10-20 seconds to start - clearly that was a DNS issue - so I’ve disabled yesterday’s hack in case it leads to problems further down the line.

My MTA (exim4) was taking about 10-20 seconds to start, holding back the boot process so I’ve tried this simple hack: Make Debian boot faster

Edit the startup script /etc/init.d/rc.
Changing the line:

startup $i start

to the following:

startup $i start &

Launching the startup scripts in parallel rather than waiting for each to complete first before running the next could cause problems with dependencies but on a vanilla 3.1 install it hasn’t caused any trouble (so far) and the system boots noticeably faster.

I’ve found this excellent tutorial on setting up printers in Debian too late. However it has helped me with the final piece of the puzzle and I now have printing working in firefox under KDE after following the advice to replace:

lpr ${MOZ_PRINTER_NAME:+'-P'}${MOZ_PRINTER_NAME}

with

kprinter --stdin

in the firefox printer properties.

The site debiantutorials has plenty of Debian tutorials, designed to be easy enough for someone migrating from windows. They’re a great timesaver if you’re looking for how to do something not officially supported by debian such as playing encrypted dvds and other codecs such as wmv or installing the nvidia 3D drivers.

I’ve finally done it and made the switch to Debian.

I wanted to reinstal Suse 9.2 (9.3 looks good but has issues on my computer and I’m too busy to fix them) only to find that my installation disk was scratched and wouldn’t work. I’ve become increasingly frustrated with aspects of Novell’s distro recently and, being in a hurry and having a Debian 3.1 disk to hand decided to make the jump.

As I noted before, the installer was straightforward although the partitioner interface was not as clear as it could have been. Configuring XFree86 was far easier than I remember. Overall, very easy for someone with a little previous experience of linux.

Setting up the printer however was a confusing struggle. An hour of googling and experimenting and I got it running in the end. Suse’s Yast is definitely a far easier tool for setting up peripherals and one that masks a lot of the underlying complexity (making it better for a user who just wants to print but less interesting for the geek who wants to learn all about how it works).

I was naively surprised to realise that Debian does not support mp3 encoding out of the box but soon fixed this by adding a new source to my /etc/apt/sources.list:

deb ftp://ftp.nerim.net/debian-marillat/ sarge main


This allowed me to

apt-get update
apt-get install lame


and I was able to start creating files for my new mp3 player. I’m an instant apt-get convert. What a great package installer.

Overall, I’m very happy with Debian so far. It lacks the Suse cosmetic polish and exposes more of the underpinnings of the system which may not appeal to everyone but if you value curiosity over usability then Debian may be right up your street.

Podcasting is overrated but I am addicted to IT Conversations.

I’ve been looking for a portable MP3 player that works well with linux for a long time. I wanted something small and light, with long battery life and a backlit display that shows the file name. I wanted to be able to mount the file system and copy files across directly as well as the ability to delete files on the device itself. One gigabyte seemed the ideal size: just enough space to squeeze a few albums in as well for when I need a break from the spoken word.

Finally I’ve found the ideal player for my needs: the 1GB Zen Nano Plus.

It’s very small, fitting into that tiny jeans pocket for which I’ve never previously found a use. It runs around 18 hours on a single charge, takes AAA batteries, supports drag and drop and uses USB 2.0. (It has a number of extra features too like radio, direct encoding to mp3, voice recorder etc that I do not want or need but one never knows when they might come in handy).

It might lack the smooth finish of an Apple device but it is perfect for my needs. It’s small and light enough to take anywhere and not notice you’re carrying it. Now I can make the most of otherwise dead time spent travelling, queuing, shopping or waiting.

Ordering Tracks
Albums are defined by folders. However, tracks within each album/folder play in alphabetical order rather than track number order. To get round this, the supplied Windows software from Creative manipulates the file names:

When you sort your audio files using ID3 tags, Zen Nano Media Explorer adds a 3-digit prefix (a number from 000 to 999) to each filename. For example, Song 1 is renamed as 001_Song 1.

(From the Creative Windows help files)

Since I’m using linux, I’ve written a quick and clumsy bash script that does the same thing: nanoplaylist.

After ripping a CD to mp3s, cd to the generated directory and run the script to rename each file appropriately.

eg

tim@withnail:~/mp3/WAITS Tom/Small Change$ ls
WAITS Tom - Bad Liver And A Broken Heart.mp3
WAITS Tom - I Can't Wait To Get Off Work.mp3
WAITS Tom - Invitation To The Blues.mp3
WAITS Tom - I Wish I Was In New Orleans.mp3
WAITS Tom - Jitterbug Boy.mp3
WAITS Tom - Pasties And A G-String.mp3
WAITS Tom - Small Change.mp3
WAITS Tom - Step Right Up.mp3
WAITS Tom - The One That Got Away.mp3
WAITS Tom - The Piano Has Been Drinking.mp3
WAITS Tom - Tom Traubert's Blues.mp3
tim@withnail:~/mp3/WAITS Tom/Small Change$ nanoplaylist
tim@withnail:~/mp3/WAITS Tom/Small Change$ ls
001_WAITS Tom - Tom Traubert's Blues.mp3
002_WAITS Tom - Step Right Up.mp3
003_WAITS Tom - Jitterbug Boy.mp3
004_WAITS Tom - I Wish I Was In New Orleans.mp3
005_WAITS Tom - The Piano Has Been Drinking.mp3
006_WAITS Tom - Invitation To The Blues.mp3
007_WAITS Tom - Pasties And A G-String.mp3
008_WAITS Tom - Bad Liver And A Broken Heart.mp3
009_WAITS Tom - The One That Got Away.mp3
010_WAITS Tom - Small Change.mp3
011_WAITS Tom - I Can't Wait To Get Off Work.mp3


The script assumes that you have not modified the mp3s since you ripped them and that your software has ripped them sequentially, first track first. Download nanoplaylist here.

The things that don’t make sense are the most important data collected. Time and again, getting to the bottom of a minor performance anomaly that should not exist reveals a design flaw or failure in my understanding, and curing it leads to an advance in our performance that was well worth having. Time and again I have learned the importance of not letting any code go in without benchmarking it. Things that could not possibly affect performance, do, over and over again, and if you don’t catch it immediately, you might never catch it.

Hans Reiser in interview shares some of the most important lessons he’s learned in his career as a software developer/architect.

Marcus Ranum set up and managed the US President’s email server (whitehouse.gov) during its first year of operation. No one could doubt his security credentials. In this insightful Security Focus interview he shares his worries about the state of computer security and alleges that “80% of corporate desktops are infected with spyware, 15% of them are infected with keystroke loggers”.

The interview is depressing reading. He’s damning about the current state of computer security and fatalistic about the future.

I believe we’re making zero progress in computer security, and have been making zero progress for quite some time. Consider this: it’s 2005 and people still get viruses. How much progress are we making, really? If we can’t get a handle on relatively simple problems such as controlled execution and filesystem/kernel permissions, how much progress are we going to make on the really hard problems of security, such as dealing with transitive trust?

Before Linux users start congratulating themselves on their choice of operating system, we need to get Marcus Ranum to sit down with Linspire CEO Michael Robertson.

Linux, like Mac OS X, is championed as a secure operating system in comparison to Windows XP that, unpatched, will become infected within 20 minutes of connecting to the internet. Michael Robertson is threatening that reputation. He believes that running as root for daily tasks is not dangerous. Desktop users of his company’s distribution will be doing exactly that by default.

Creating a distro targetted at the less technologically literate that allows them to run as root as standard is a disaster waiting to happen.

Robertson defends himself by pointing out that they do have the option of creating non-root users but anyone who would consider that option is unlikely to be installing Linspire in the first place. It will make for disastrous PR for Linux as a desktop operating system when one of his target audience installs some malware in the near future thinking it’s a sexy videoclip of the latest tabloid pin-up and then wonders how their credit card details got stolen. Does anyone think that people will understand that Linspire isn’t Linux? All distributions will be tarred with the same brush in the popular imagination.

It’s as if Robertson has heard the words “running as root” enough times to think he knows what it means only to reveal a fatal ignorance with his decision. I want to say Marcus Ranum is to Planck what Michael Robertson is to Planck’s chauffer but it is not true. Robertson is a very intelligent man but for some reason he is flying in the face of conventional security advice.

Unix/Linux got to grips with controlled execution and filesystem/kernel permissions a long while ago. Dragging Linux back to the insecure by default model of Windows to make it easier to use seems foolishly short-sighted.

Still it might be nice to have some native viruses for Linux at last. So far, they’ve proved difficult to run under Wine.

I’ve been using Suse since 8.1 and I love it. I was moving around a lot when I started with linux and often didn’t have dial-up, let alone broadband. Having seven CDs (and one DVD) full of applications and the source code was a major selling point.

The installer is intuitive and the documentation is very thorough. Everything is well integrated and the security updates are excellent.

I paid for upgrades all the way to 9.1 but since then I haven’t had the money to spare to pay for an update every six months. 9.2 is available for free download. That’s what I’m running on my desktop and laptop and it works well for me.

My sources list in YAST (the main Suse configuration tool) plugs into the Suse ftp sites so when I want to install something it downloads it from there and handles all the dependencies.

yast -i $package is every bit as easy as apt-get install $package.

There are several things that annoy me about Suse including the way subfs mounts hotplugged devices with a name derived from the item id number (fixed in 9.3) and the distributor’s caution about codecs meaning it won’t play encrypted DVDs out of the box. The latter is easy to fix, the former too hard for me.

I’ve installed Debian 3.1 on another partition and am dual-booting now but I find I’m still using Suse all the time largely because I haven’t got round to copying over my bookmarks, firefox extensions etc. into Debian. The Debian installer is not as polished as I expected it to be and configuring X was a PITA that took me back to my very first fumblings with linux (Redhat 5.1 I think?). However, once I’d got past that little hurdle, I was presented with an installation that seems rock solid and responsive.

I haven’t played enough to go beyond that superficial impression.

It’s on the todo list - along with a whole lot of other things.