Interesting Smartcard Behavior…

I ma no expert on smartcards (we use Common Access Cards, or CAC, at work).  Recently, I wqaas having issues with ActiveClient reading my card, which told me I had mistyped my pin twice.  Once more, and it would lock out my card.  So I went and asked a coworker how long the timeout is.  He told me there is no timeout – the card count is reset with a successful login.

Worried, I went to my Linux box and logged into webmail with my card, successfully.  Afterwards, ActiveClient on the other machine saw the card fine.

I had a chance yesterday to retest this behavior when another coworker was having similar issues with his card.  He had tried at two different machines to log in with his smartcard, and each time, it was unable to read his card (I did not see the exact error message, but it was not an incorrect PIN entry).  So I offered to let him try on my Linux box (I am the only one using Linux as a workstation), and he was quite surprised to be able to log into webmail from there.  Afterwards, his card worked fine on ActiveClient Windows machines, which was a relief to him, since he had assumed a trip to the ID card office (and a long wait) were in store for him.

I surmise that something on his card got a little scrambled and the Windows ActiveClient could not read what it needed.  The PCSC client, however, not only worked without flaw, it also seemed to clear whatever was bugging ActiveClient.

So, if this happens again, I hopefully will be able to spare someone else a trip to the ID card office.

Advertisements

New Power Supply…

This is a short post.  Last night, I wanted to load up bzflags on my MythBuntu box so I could crush the kids in an epic tank battle.  Too bad my 500W power supply had roasted, and may have been merrily cooking away for a day or more before I found out.

So, off to the store I went, where I picked up a decent 650W power supply with all the right connectors for about $100.  After I got home and installed it, MythBuntu powered up fine and I loaded bzflags.  It was late, so the epic tank battle is on hold.

For now…

Update – My son wiped the field with me.   With glee and a complete absence of pity.  My daughter came close to doing the same thing.  I shudder to think of the beating my wife can deliver behind the barrel of a tank.  I apparently suck at bzflags, but it sure is fun, even losing.  I just blame it on my mouse, or on the wireless network (which works without flaw any other time – curious), or the dog (current tally:  farts, missing treats, losing to my son at bzflags).

Kubuntu 9.04 and Flash Audio…

I finally got sound to work reliably.  Here is what did NOT work:

  • “touch .asoundrc” in the home directory
  • remove and reinstall non-free flash and the installer
  • ensuring the PCM channel was unmuted and not turned down

I did have to make sure that the correct sound card was selected (I have two).  This made a difference for system-wide purposes, but as far as flash went, sites like YouTube were mute.

I finally found a site that gave instructions to install a pulse audio management tool – padevchooser.  I don’t remember which site, because I must have trolled dozens, but this solution worked every time (I had to do this once for each user, as each user).

Opening a terminal and running padevchooser opened up the app in the system tray.  Left clicking it brought up the context menu.  Selecting Volume Control, and the Output Devices tab, I was able to ensure that the correct card was the default.  On the Playback tab, I was able to move the stream to the correct card.  For some reason, they all seemed to default on the other unused card, which is integrated into the motherboard.

Once I did these things, Flash audio was just fine.

Dual-boot Laptop – Vista and Kubuntu 9.04…

I started last night.  First, I decided to use the 32-bit LiveCD installer.  I booted off the CD after shutting down Microsoft Windows Vista Home Premium, and soon was at the GUI (I chose the first option; to test before installing).  Once there, i opened up a konsole session, ran “sudo -i” to get root, and installed gparted – “apt get install gparted”.  After it installed (to RAM of course), I ran it to see what I could do.

NOTHING.

I could not resize the 140 GB partition Windows called a “C drive”, because I forgot to defragment it first.  Crap.  So I booted back into Windows, Safe Mode.  I found the defrag tool under the System Accessories, but it would not run.  I tried from the command prompt as well.  I rebooted, into SAFE Mode With Console, and it still wouldn’t work.  I finally just rebooted into Vista normally – then it worked.  It gave no status other than a flickering hard drive light and a spinning cue that meant it was not finished.  Eventually, it did finish.  It claimed to have been doing it on a schedule, and the last defrag was back on the 5th of May, yet it took over two hours to complete.  Guess what?  It made all the difference in the world.  I suspect it wasn’t really defragmenting after all.

Once I rebooted into Kubuntu Live CD and reran gparted, I was able to resize it.  The first attempt failed – I cut it too close to the bare minimum space i could shrink the drive.  I decided to split it 50-50, giving about 70 GB for each side, and then it worked.  This took another hour, but I had 70 GB or free space.  I went into cfdisk and manually made a 10 GB bootable partition for root, a 3 GB for /var, a 2 GB for /tmp, a 2 GB for swap, and the rest for /home.  i then rebooted into Windows.

Windows behaved as expected, like it had been punched int the mouth, but didn’t know by whom.  It rescan itself, determined that everything was still ok, and rebooted again.  This reboot came up fine.  Satisfied I had not broken Vista, I rebooted a final time back into the Live CD.

I went ahead and formatted everything with XFS except the swap partition:

  • mkfs.xfs -f -d agcount=1 -i attr=2 -l lazy-count=1,size=128m,version=2 /dev/sda3
  • mkfs.xfs -f -d agcount=1 -i attr=2 -l lazy-count=1,size=128m,version=2 /dev/sda5
  • mkfs.xfs -f -d agcount=1 -i attr=2 -l lazy-count=1,size=128m,version=2 /dev/sda6
  • etc…

I then made the swap partition and then installed, choosing to manually select my partitions and not to format them.   I went to bed, abd when I woke up and checked in the morning, it was done.  I had been unable to get wireless to work (no proprietary drivers needed, just would not work) on the Live CD, so I had connected it up via network cable.  Once I booted into the new system, I saw that it had a GRUB entry for Windows (it works).  After logging into KDE, I was able to set up a working wireless connection with no real drama.  I also modified my /etc/fstab to mount the XFS partitions with the following options:

noatime,nodiratime,logbsize=256k,logbufs=8

I edited /etc/X11/xorg.conf and added in the section to reenable the CTRL-ALT-BACKSPACE zap for X:

Section "ServerFlags"
      Option          "DontZap"               "false"
EndSection

I installed the medibuntu repositories, the kubuntu-restricted package, the sun-java6 package, the non-free flash package, the libdvdcss and libdvdread packages, lots of TTF fonts, the MSTTF core fonts, skype2, firefox, thunderbird, and the packages needed for a DoD smartcard.

Links:

Medibuntu

DoD CAC

Thunderbird setup with AKO

Kubuntu-restricted and Sun-JRE6

Xorg no-zap

Results:  It boots and shuts down much faster than Vista.  It is a Compaq lapto, Pentium Core-Duo, 1 GB RAM, uses the ath5k driver for wireless, has an integrated Intel graphics adapter (maybe 800 fps max on glxgears), and a 160 GB SATA drive.  It has sound, a mic, speakers, a DVD writer, some USB ports, and a network jack.  Overall, not too bad for what I need it to do.  But it is a little shaky and unstable from time to time, so I have shut off the compositing effects and unloaded some troublesome widgets (RSS news widget especially seemed flaky).  But the suspend and hibernate functions work great, and the webcam i bought (Logitech) worked right off the bat with skype.  So did my smartcaard reader.  I also installed the Acrobat Reader from the Adobe website – with it, I added the coolkey security device and am able to sign fillable PDF files with my card.  DVDs also play (region-free, of course).

So, these are my ramblings on the notebook.  I dual-booted because my wife insisted I keep Vista, just in case the Linux machine she is on dumps.  But she is getting more comfortable without Vista already – I can tell.

Wireless and Kubuntu 9.04…

I tried to connect my media computer to my wireless network and failed. I ended up running a wired connection to it and searching online for an answer. There is a lot of stuff out there regarding problems with the KNetwork Manager app being brain-dead with wireless. I did some checking and found that my wireless chipset, a Broadcom BCM 4318 AirForce One 54g should work. I ran the command lshw -C network and the results seemed normal. The b43 modules was loaded. Yet I could not get it to connect. I also stumbled over a possible fix with KWallet – using no password, creating an entry and allowing KWallet to use that for the network connection. It still did not work.
Then I went to the System menu, Hardware Drivers, and looked at the proprietary drivers. The Nvidia driver and the Broadcom driver were both listed but not enabled, so I enabled each. As soon as the Broadcom driver loaded, I recreated the network connection and was in immediately.

Not too smooth, overall. I can appreciate the frustration lots of folks are having with this issue, and the one with KNetworkManager not connecting to a network that does not broadcast an SSID. Some notification that more drivers needed to be loaded would have been really helpful here. I understand Ubuntu [GNOME] and Xubuntu [XFCE] are not having these issues.

Impressions of Kubuntu 9.04 and VMware-Server 2.0.1…

So far, RAID-10/LVM/XFS is working quite well with Kubuntu 9.04.  Jaunty picks up hardware effortlessly.  I plugged in a USB thumb drive, and a little notification pops up.

Ok.

I plug in my camera, and it sees it fine,no muss, no fuss.

Better.

I plug in my webcam – no notification, it just works.

Sweeeet.

I plug in my HP printer, and I have to dig around to see that it was added as quietly and politely as you please, ready to print.

Awesome.

I ran out of things to plug in.  Kubuntu 8.04 (the previous version I was using) didn’t boot nearly as quickly, took longer to load the desktop after login, and was good about detecting devices, mostly, but needed polish and charm.

9.04 has it in spades.  I am really quite impressed with the hardware cababilities of it.  There are some programs, like adept, I am missing, but the learning curve for the newer stuff is really more like a learning bump.

Update:  It even loaded the sensors package to track temperatures.  Wow.

I am running 64-bit now, and flash and java work fine.  It took me a while to find the right libjavaplugin and link it into the Firefox plugins folder, but flash 10 worked fine and installed easily.

VMware-Server is a different story.  The 64-bit is slow, flaky, and cranky.  It times out all the time, it resets often, and it just stalls doing stuff.  I now have a VM ready for loading, but it took all day to fight it into doing so.  And I found no reliable cure, to include swapping out the java jre version used for a later version.  I am really dissapointed with the 2.0.1 release in terms of ease of install, performance, and reliability.  Oh well, at least it installed without needing a special patch or script.

Update:  After a huge fight, I got a new Windows XP VM made.  Using the command ‘watch “du -s –si /home/vmguests/WinXP” ‘, I was able to get a sense of the speed of the file system when I was creating the virtual disk files.  I chose to make one large file at once for each of the two disks; C drive (15 GB), and E drive (48 GB).  With the watch command updating every two seconds, I was able to see that the RAID-10 XFS filesystem was handling about 100 Mbps as the disk files were created.

Once I had made theVM, loading it was uneventful.  Just a regular Windows XP professional install, like any other.  The vmware-server played nice mostly after that and has continued to do so.  I have only had to log out once due to unresponsiveness, and have not had to restart the server services.  The VM is quite fast, and allows my wife to see her video streams in Media Player 11 with only minor stuttering of the video.   Audio is fine.

I really like the USB visibilty of vmware-server.  The VM picked up the printer as if it were directly connected, and once I loaded the drivers for it, I was printing from the VM like normal.  All of my USB devices can be presented to the VM, which is an area I had problems with in the past with the 1.x versions of vmware-server.

Anyway, my wife is set up with her login and has a shortcut to RDP to the Windows XP VM, where she can login and watch her JNet streams.

HOWTO – Kubuntu 9.04, RAID-10, LVM2, and XFS…

Time to rebuild the Beast…

The poor thing had been in sparse use since it started shutting down (really, just POOF! –  it may as well be unplugged) randomly.  I didn’t pursue it for months, because I am fundamentally lazy at home.

(I think I mentioned this before.)

But with a trip coming up, and me needing a laptop for it, and my wife saying I could have hers if I got her Windows-based internet movie playing experience working on another computer, and the release of Ubuntu 9.04, well, let’s just say the planets finally aligned.

So I burned several CD’s – Xubuntu Live 9.04 (32-bit), MythBuntu 9.04 (64-bit), Kubuntu 9.04 Live (32-bit), and Kubuntu 9.04 Alternate Install (64-bit).  I rebuilt my targeted media PC first as Kubuntu.  I got a 1 TB SATA drive, put it in my beast computer, and used scp to back up everything in the house to it (execpt the Vista laptop).  It power dropped several times before I finally got it all (I hope).  Then I popped it into my media PC (not Microsoft – I call it that because I have it hooked up to the VGA port on my flat-screen TV).  I then loaded the Live CD of Kubuntu 32-bit and will use it as a backup in case my beastie dies while I am away.  This way, my wife is not stuck unable to watch her Japanese TV program downloads.

You have no idea how important that is to maintaining a happy family.  Seriously.

Anyway, enough boring crap.

I first installed the seven SATA drives I had (four pulled from the media PC, one was already installed, and two were sitting in a drawer), each identical 80 GB Hitachis, and left them powered up overnight to find any serious drive errors.  I got seek errors on the one I suspected of being bad, and tossed it.  Trust me – it was bad.

(That may explain why it was sitting in a drawer…)

The other six have stayed quite civilized.  Maybe they got the hint.

After trial and error, I used a combination of the Live CD to google and hand-build the file system, and the alternate 64-bit CD to install.

Why hand-build?  I guess that’s just how I roll…  And it gave me total control over how I built it.

Playing around with the drives, I found I could reliably pop the power just by running “hdparm -Tt /dev/sda”, so off I went to get a new power supply.  I found a 650W PS that more than makes up for my failing 450W PS, and let me clean up my cable mess as well.  Out with the old, in with the new, and everything is smooth as silk.

Back to googling, I found a collection of sites that allowed me to piece together what I think, and hope, is a very solid compromise between performance and reliability.  Space is not too much of an issue, since only one VM will be running on this system, and we are not huge downloaders.  As long as it has more space than the laptop (160 GB), it is fine.

System specs:

  • Athlon FX-53 (the old obsolete server-board-based one with 959 pins or something).
  • 2 GB of registered memory, I forget how fast.
  • An old NVidia AGP 7600 GT card (I think).
  • Four SATA ports onboard (two controllers, no hardware RAID enabled).
  • One four port add-in PCI SATA controller (RAID disabled).
  • No special BIOS tweaks.
  • Six SATA drives, 80 GB each, /dev/sda, /dev/sdb, /dev/sdc, /dev/sdd, /dev/sde, /dev/sdf.
  • Fans.  Lots of fans.
  • 64-bit Kubuntu 9.04, alternate install CD.  Supports VMware-Server 2, and can run 64-bit and 32-bit virtual machine guests.

From the Live CD:

Opening Konsole and Konqueror:

sudo -i

Partitioning the drives:

cfdisk /dev/sda

  • sda1 primary 82 MB type FD (Linux RAID), bootable – this will be the RAID-1 /boot partition of six drives (ext3)
  • sda2 primary 404 MB type FD – this will be the swap partion on RAID-10 and LVM
  • sda3 primary 82 GB type FD – this will be the OS partition on RAID-10 and XFS

sfdisk -d /dev/sda | sfdisk /dev/sdb

sfdisk -d /dev/sda | sfdisk /dev/sdc

sfdisk -d /dev/sda | sfdisk /dev/sdd

sfdisk -d /dev/sda | sfdisk /dev/sde

sfdisk -d /dev/sda | sfdisk /dev/sdf

REBOOT (power cycle), run Live CD again, same apps opened:

sudo -i
apt-get install mdadm lvm2 (the live CD does not get RAID and LVM on its own – so install them)

RAID-1 and RAID-10 (all active, no spares):
Link = http://www.howtoforge.org/install-ubuntu-with-software-raid-10

  • boot partition: mdadm -v -C /dev/md0 -c 256 -n 6 -l 1 /dev/sd[abcdef]1 – RAID1 so LILO can boot it, all drives for max redundancy.
  • swap partition: mdadm -v -C /dev/md1 -c 256 -n 6 -l 10 -p f6 /dev/sd[abcdef]2
  • os partition: mdadm -v -C /dev/md2 -c 256 -n 6 -l 10 -p f2 /dev/sd[abcdef]3

cat /proc/mdstats to see RAID sets:

md2 : active raid10 sda3[0] sdf3[5] sde3[4] sdd3[3] sdc3[2] sdb3[1]
239817216 blocks 256K chunks 2 far-copies [6/6] [UUUUUU]
[=================>…] resync = 86.1% (206697408/239817216) finish=12.6min speed=43546K/sec

md1 : active raid10 sda2[0] sdf2[5] sde2[4] sdd2[3] sdc2[2] sdb2[1]
393472 blocks 6 near-copies [6/6] [UUUUUU]

md0 : active raid10 sda1[0] sdf1[5] sde1[4] sdd1[3] sdc1[2] sdb1[1]
79872 blocks 256K chunks 6 far-copies [6/6] [UUUUUU]

unused devices:

Next, set up LVM:
Link = http://www.linuxdynasty.org/lvm2-how-to.html

Physical Volumes:

  • pvcreate /dev/md0
  • pvcreate /dev/md1
  • pvcreate /dev/md2

Volume Groups:
create, with useful names:

  • vgcreate boot-vg /dev/md0
  • vgcreate swap-vg /dev/md1
  • vgcreate os-vg /dev/md2

activate:

  • vgchange -a y boot-vg
  • vgchange -a y swap-vg
  • vgchange -a y os-vg

pvdisplay and pvscan to see physical volumes:

PV /dev/md2 VG os-vg lvm2 [228.71 GB / 4.00 MB free]
PV /dev/md1 VG swap-vg lvm2 [384.00 MB / 0 free]
PV /dev/md0 VG boot-vg lvm2 [76.00 MB / 0 free]
Total: 3 [229.16 GB] / in use: 3 [229.16 GB] / in no VG: 0 [0 ]

vgdisplay and vgscan to see volume groups:

Reading all physical volumes. This may take a while…
Found volume group “os-vg” using metadata type lvm2
Found volume group “swap-vg” using metadata type lvm2
Found volume group “boot-vg” using metadata type lvm2

Logical Volumes, create with useful names:

  • lvcreate -L 76M -n boot-lv boot-vg
  • lvcreate -L 384M -n swap-lv swap-vg
  • lvcreate -L 10G -n root-lv os-vg
  • lvcreate -L 2G -n var-lv os-vg
  • lvcreate -L 3G -n temp-lv os-vg
  • lvcreate -L 213.7G -n home-lv os-vg

lvdisplay and lvscan to see logical volumes:

ACTIVE ‘/dev/os-vg/root-lv’ [10.00 GB] inherit
ACTIVE ‘/dev/os-vg/var-lv’ [2.00 GB] inherit
ACTIVE ‘/dev/os-vg/temp-lv’ [3.00 GB] inherit
ACTIVE ‘/dev/os-vg/home-lv’ [213.70 GB] inherit
ACTIVE ‘/dev/swap-vg/swap-lv’ [384.00 MB] inherit
ACTIVE ‘/dev/boot-vg/boot-lv’ [76.00 MB] inherit

So far, partitioning, RAID-10, and LVM are done. Format using swap, ext3 (boot) and XFS:

  • mkfs.ext3 /dev/boot-vg/boot-lv
  • mkswap /dev/swap-vg/swap-lv

XFS Links:
http://www.csamuel.org/2008/03/23/btrfs-013-and-xfs-benchmarks
http://oss.oracle.com/projects/btrfs/dist/documentation/benchmark.html
http://everything2.com/index.pl?node_id=1479435

http://www.issociate.de/board/post/472270/New_XFS_benchmarks_using_David_Chinner%27s_recommendations_for_XFS-basedoptimizations..html

  • mkfs.xfs -f -d agcount=1 -i attr=2 -l lazy-count=1,size=128m,version=2 /dev/os-vg/root-lv
  • mkfs.xfs -f -d agcount=1 -i attr=2 -l lazy-count=1,size=128m,version=2 /dev/os-vg/var-lv
  • mkfs.xfs -f -d agcount=1 -i attr=2 -l lazy-count=1,size=128m,version=2 /dev/os-vg/temp-lv
  • mkfs.xfs -f -d agcount=1 -i attr=2 -l lazy-count=1,size=128m,version=2 /dev/os-vg/root-lv
  • mkfs.xfs -f -d agcount=1 -i attr=2 -l lazy-count=1,size=128m,version=2 /dev/os-vg/home-lv

df -h to see:

/dev/mapper/os–vg-root–lv
9.9G 4.1M 9.9G 1% /target
/dev/mapper/os–vg-var–lv
1.9G 4.1M 1.9G 1% /target/var
/dev/mapper/os–vg-temp–lv
2.9G 4.1M 2.9G 1% /target/temp
/dev/mapper/os–vg-home–lv
214G 4.1M 214G 1% /target/home
/dev/mapper/boot–vg-boot–lv
74M 5.6M 65M 8% /target/boot

Install using the 64-bit Alternate Install CD for Kubuntu 9.04.  Use the ext3 partition for /boot, the XFS partitions for /, /var, /tmp, and /home, and use the swap partition.  Do not format anything  – it will then only demand to format the swap partition.  I hand-formated to get additional control over how XFS was formatted.

I always separate /home to survive any OS rebuilds I might have to do, or a distro change.  I also separate out /var (so if it fills up, it does not fill up the root space), and /tmp (VMware stores lots of stuff there when snapshotting virtual machines, so make the room).

It installed LILO with the large-memory option on /dev/md0, and reran LILO successfully.  There was some misinformation out there that LILO would boot from a RAID-10 volume.  Yeah, only if it looks exactly like a RAID-1 mirror.  Whoops.

Mount options for XFS I put into /etc/fstab after successfully booting:

-o noatime,nodiratime,logbsize=256k,logbufs=8

Conclusion:  Well, it hasn’t thrown up yet.  I guess that is good.  It seems plenty fast, but I have not really exercised it.  I do not think I will mess with the kernel for a while – I need it to be very stable while I am away, which is exactly when it is most likely to break.

Next, I will put VMware-Server 2 on it and install a 32-bit XP VM for my wife to use with her JNet TV streaming addiction.  I am assuming it won’t work with Firefox and Linux, but I will try that also, to be sure.  She switched to that after Pandora TV changed for the worse.

Should it all work out, I will putty her Windows settings over (bookmarks really), finish up her XP VM, and finally get around to fixing her Vista laptop with a prescription-case extra-strength dose of Xubuntu.

I can hardly wait.