What’s the best linux distribution?

Lots of people ask me what’s the best Linux distro, some say what’s the best for a newbie others want to setup a home server and some others want to build a gatekeeper. So what’s the best distro to accomplish all this?

To be sincere I like OpenSuSE a lot and I use it for all my personal things and my work laptops, but I wouldn’t recommend  it for server usage, I don’t recommend any of the desktops distros (aka distribution) for that matter due to a simple issue. The  desktop distros like OpenSuSE, Fedora, Ubuntu , etc have a small support cycle. This means that if you want to have security upgrades you’ll need to be constantly updating your server install.

For usage in a server environment I like to use SLES, RedHat and CentOS. The support cycle is great (at least 5 years), the stability and endurance of the OS is great in any of them.

Once again I prefer SLES, this is due to the great tools and support they provide.However I don’t say the same about RedHat support, whenever I need them I  had to find the solution on my own.

These are the two main scopes of Linux distros out there, the desktop and server, but they aren’t the only scopes where you have Linux. For instance if you want to have a firewall, proxy, content filter, qos, and traffic shaping I would recomend the excellent Endian FW (www.endian.it).

If you want to have your linksys/asus and other router working with linux, you may use dd-wrt, would you like to have an older computer as a

media center look at Geex-Box. A hacker distribution so you can test your systems security just download BackTrack. The list can continue and you will be able to find a distribution suited to your needs. Some may need just a live cd or dvd system, other a complete server suite like SME server (that will give you the same offer as Windows small business).

To conclude I don’t think there’s a better distro, there are differences and those differences make some people like one distro over the other.

Personally I like OpenSuSE and SLES.

Cheers,

Pedro Oliveira



Kernel 2.6.31 is out and rocking!

This weekend I’ve had some free time so I tested a new kernel on my suse 11.1 x86_64 system. I’ve been a beta tester for the kernel for some time and I was eager to test the final version.

There are plenty new features, the one I enjoy more are probably on the filesystem area but there is plenty to choose.

This version adds USB 3.0 support, a equivalent of FUSE for character devices used for proxying OSS sound to ALSA, some memory management changes that improve interactivity in desktops, readahead improvements, ATI Radeon Modesetting support, support for Intel’s Wireless Multicomm 3200 Wifi devices, kernel support and a userspace tool for performance counters, gcov support, a memory checker for unitialized memory, a memory leak detector, a reimplementation of inotify and dnotify on top of a new filesystem notification infrastructure, btrfs improvements, support for the IEEE 802.15.4 network standard, IPv4 over Firewire, many new drivers, small improvements and fixes.

You may see the hole list here:

http://kernelnewbies.org/Linux_2_6_31

I still didn’t do extensive testing but so far so good ;), although my kde4.3  seams to lag a bit, I’m not sure if this is from the new kernel or the changes I’ve done within KDE itself.

On the other end with server machines it works perfectly, i’m doing stress tests on two virtual servers and memory usage / IO times / CPU usage.

On the test i’m using two opensuse 11.1 x86_64, one as 2.6.27 kernel version and the other 2.6.31, same amount of memory and 2 cpu each on the same host. Hope to have some more data in a few days and then post the results (cacti graphs) here if they are relevant.

So, what are you waiting for… TRY IT

Cheers

Pedro Oliveira

Create a dynamic dns service with BIND

Hi,

Some of us use an dynamic DNS service to access our home server or desktop, but with cheap INTERNET access prices you may think in having your own server (these days you can have 100/10MB fiber connection for 50€), that if you don’t like the cloud concept.

But what if you don’t want do use the domain name that your dynamic DNS provider give you (something like myhome.dyndns.org), lets say that you want www.at-my-domain.com. You have two options:

1 – You buy/rent a custom DNS Service (arround 40€/year/domain)

2 – You build your costom DNS server with BIND or TINYDNS.

I’ll write about the second one, but before we start let me tell you the implications this setup has.

1.º – Need root access to the server.

2.º – If you have a lot of domains you’ll have a big DNS overhead, this because you’ll have to have a small TTL (time to live) on the DNS requests you server, this to keep other DNS servers and clients updated.

3.º – Need to have cron running.

4.º – Need to have BIND installed.

5.º- Need a Dynamic DNS service provider for your initial domain, don’t forget to check use wildcard option, check www.dyndns.org, install and configure the client (following the documentation) and test it afterwards.

6.º- Need direct access to port UDP port 53, check your firewall, and hosts.deny file if you use TCP Wrappers.

7.º – This post is not about DNS security, you should read about it and hard your setup furthermore.

I’m going to set this up in a OpenSuSE 11.0 (X86_64) , but this setup should be suitable for other distros with small changes.

Imagine that you have bough the domain starwars-xpto.com

Lets start by BIND configuration and to do this lets edit /etc/named.conf and add the following lines

zone “starwars-xpto.com” in {
file “master/starwars-xpto.com”;
type master;
allow-transfer { any; };
};

now lets create and initial setup file by creating the file:

/var/lib/named/master/starwars-xpto.com

and add some initial content:

$TTL 60

@               IN SOA          yourhost.yourdomain.name.      root.yourhost.yourdomain.name. (

1249459201      ; serial

10800           ; refresh

3600            ; retry

604800          ; expiry

86400 )         ; minimum

starwars-xpto.com.         IN MX           10 mail.starwars-xpto.com.

starwars-xpto.com.         IN NS           ns1

starwars-xpto.com.         IN NS           ns2

mail                    IN A            83.132.158.224

ns1                     IN A            83.132.158.224

ns2                     IN A            83.132.158.224

*.starwars-xpto.com.       IN A            83.132.158.224

After this just reload named:

/etc/init.d/named reload

and test it:

dig @your_dns_server_IP www.starwars-xpto.com

you should get something like:

; <<>> DiG 9.6.1 <<>> @localhost www.starwars-xpto.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55310
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.starwars-xpto.com.            IN      A

;; ANSWER SECTION:
www.starwars-xpto.com.     60      IN      A       83.132.158.224

;; AUTHORITY SECTION:
starwars-xpto.         60      IN      NS      ns1.starwars-xpto.com.
starwars-xpto.         60      IN      NS      ns2.starwars-xpto.com.

;; ADDITIONAL SECTION:
ns1.starwars-xpto.com.     60      IN      A       83.132.158.224
ns2.starwars-xpto.com.     60      IN      A       83.132.158.224

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 17 18:02:31 2009
;; MSG SIZE  rcvd: 120

If you got something like that it’s great, you have your BIND configuration working, if not, check the logs. Bind is really picky with the syntax, and by the way you can’t use # as comment in the config file just the ;

Now lets go to the interesting part, creating the script that will change your ip address on bind configuration whenever it changes. Just create a script wherever you want, my custom system scripts are usually in /root/bin so I’ll keep using it.

Lets create and edit the file /root/bin/update_dns not forgetting to change yourdomain_at_dyndns.org

just copy/past the content bellow:

#!/bin/bash

BIND_DIR=’/var/lib/named/master’ ;

DOMAIN=$1;

BIND_FILE=$DOMAIN ;

if [ $# -ne 1 ] ; then

echo Usage: update_dns domain ;

echo EX: update_dns domain.com;

exit ;

fi

function get_ip ()

{

echo `dig yourdomain_at_dyndns.org | grep yourdomain_at_dyndns.org | grep -v ‘;\|CNAME’ | awk ‘{print $5}’` ;

}

function update_dns ()

{

DATA_SEGUNDOS=`date +’%s’`;

DOMAIN_=$1

IP_=$2

BIND_WORK_DIR_=$3

BIND_WORK_FILE_=$4

if [ “$IP_” != “`grep ‘IN.*A’ /var/lib/named/master/$BIND_FILE | grep -v SOA | awk ‘{print $4}’ | uniq`” ] ; then

cat $BIND_WORK_DIR_/$BIND_WORK_FILE_ | sed s/'[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}’/$IP_/ > /tmp/$DOMAIN_ ;

cat /tmp/$DOMAIN_ | sed s/'[0-9]\{10\}’/$DATA_SEGUNDOS/g > /tmp/$DOMAIN_.bind ;

cat /tmp/$DOMAIN_.bind

rm $BIND_WORK_DIR_/$BIND_WORK_FILE_ ;

mv -f /tmp/$DOMAIN_.bind $BIND_WORK_DIR_/$BIND_WORK_FILE_ ;

rm /tmp/$DOMAIN_* ;

echo `date +’%b %d %H:%m:%S’` “Domain: $DOMAIN_ updated to IP: $IP_” >> /var/log/messages ;

chmod -R 755 /var/lib/named/master

else

echo “No need for update” ;

fi

}

function restart_dns_server ()

{

if [ ! -f /tmp/restarting_named ] ; then

touch /tmp/restarting_named;

/etc/init.d/named stop;

sleep 3 ;

pkill -9 named ;

sleep 1 ;

/etc/init.d/named restart ;

rm /tmp/restarting_named

else

sleep 10 ;

restart_dns_server ;

fi

}

IP=`get_ip` ;

if [ “$IP” != “`grep ‘[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}’ $BIND_DIR/$BIND_FILE | awk ‘{print $4}’ | uniq`” ] ; then

update_dns $DOMAIN $IP $BIND_DIR $BIND_FILE ;

restart_dns_server ;

fi

Finally you just need to setup cron, just type crontab -e

and add an entrace like

*/5 * * * * root /root/bin/updatedns starwars-xpto.com

Just wait the 5 minutes and check if the ip changed with the dig command as wrote above.

After all this and as the last step of configuration go to the domain provider were you bought your domain (ex: www.godaddy.com) and configure it to use as name server the NS1.yourdomain_at_dyndns.org and NS2.yourdomain_at_dyndns.org.

and your done.

This isn’t a easy setup to do but if you have multiple custom domains it can save a few € every year, I know in my case it does.

Cheers,

Pedro Oliveira

Kde 4.3 – Innovation or just patching?

Recently I upgraded my KDE version 4.2 to the 4.3 and I’ve been using it for a few days now. As said before I don’t mind using betas and do some testing, but as with everything there is an exception, in my case it was KDE, I used the first KDE4 betas and come back to 3.5 then used the 4.1 when it was stable, then 4.2 and tried the beta 4.3… once again came back to the 4.2, now that is stable I’m using version 4.3, and for the first time in KDE4 I can say it’s stable. In my opinion KDE4 was released way to early, and although usable it was needing serious work around it. I’m a Linux user with several years of experience and didn’t have much trouble using it, but for instance my wife would go crazy, so till KDE4.3 she was using KDE3.5.

What changed in this last version of KDE that made me upgrade all my machines to KDE4.3?

The KDE community has fixed over 10,000 bugs.

Implemented almost 2,000 feature requests in the last 6 months.

Close to 63,000 changes were checked in by a little under 700 contributors.

If you want to read more about it just check this link.

All this made KDE4.3 more user friendly, more reliable, more polished and prettier.

So, what more can I say about it? JUST INSTALL IT AND GIVE A TRY you won’t be disappointed.

In conclusion is there innovation or just patching in KDE 4.3? Definitely both, there’s hundreds of new features and even more bug fixes. Both are equally important and KDE really need this ultimate push to be the ultimate Desktop Manger.

Cheers and see you next time

Pedro Oliveira

ps – bellow there are the install instructions and a vid of kde4.3 in action.

If you need help to install it just check the install instructions (from www.kde.org):

Debian KDE 4.3.0 packages are available in the unstable repository.

  • Fedora
    • Rawhide development repository, however the packages there may depend on other Rawhide packages and are therefore not suitable for installation on previous releases.
    • Unofficial Fedora 11/10 packages are hosted at the kde-redhat project.
    • Kubuntu packages are available for 9.04. More details can be found in the announcement on Kubuntu.org.
    • Mandriva provide packages for
2009.0 i586 2009.0 x86_64 2009.0 SRPMS
2009.1 i586 2009.1 x86_64 2009.1 SRPMS

Please refer to README to more information.
For Mandriva Cooker ( development ) users, 4.3.0 is will be available at cooker repositories.

openSUSE packages are available for openSUSE 11.1 (one-click install), for openSUSE 11.0 (one-click install) and for openSUSE 10.3 (one-click install) and openSUSE Factory (one-click install). A KDE Four Live CD with these packages is also available.

Magic Linux KDE 4.3.0 packages are available for Magic Linux 2.5. See the release notes for detailed information and the FTP tree for packages.