This week­end I made some progress in the lin­ux­u­la­tor:

• I MFCed the report­ing of some linux-syscalls to 9-stable and 8-stable.
• I updated my lin­ux­u­la­tor-dtrace patch to a recent -cur­rent. I already com­piled it on i386 and arundel@ has it com­piled on amd64. I counted more than 500 new DTrace probes. Now that DTrace res­cans for SDT probes when a ker­nel mod­ule is loaded, there is no ker­nel panic any­more when the linux mod­ule is loaded after the DTrace mod­ules and you want to use DTrace. I try to com­mit this at a morn­ing of a day where I can fix things dur­ing the day in case some prob­lems show up which I did not notice dur­ing my testing.
• I cre­ated a PR for portmgr@ to repocopy a new linux_base port.
• I set the expi­ra­tion date of linux_base-fc4 (only used by 7.x and upstream way past its EoL) and all depen­dent ports. It is set to the EoL of the last 7.x release, which can not use a later linux_base port. I also added a com­ment which explains that the date is the EoL of the last 7.x release.

I just updated to a recent -cur­rent and tried the new nullfs. Sock­ets (e.g. the MySQL one) work now with nullfs. No need to have e.g. jails on the same FS and hardlink the socket to not need to use TCP in MySQL (or an IP at all for the jail).

Great work!

Michael W. Lucas pub­lished his new book “SSH Mas­tery” (no link to an online store, get it from your pre­ferred online or offline one in your part of the world).

Do you think you know a lot about SSH? I thought I did when Michael searched tech­ni­cal proof-readers for this book. I offered to have a look at his work in progress and he gen­tly accepted (while I do not get money for this, I am one of the per­sons he thanks for  the tech­ni­cal review in the begin­ning, so I am involved some­how and as such you should take the fol­low­ing with a grain of salt).

I already had user restric­tions in place before the review, but now I nar­rowed down some restric­tions based upon some con­di­tion­als. I already used SSH tun­nels for var­i­ous things before (where legally applic­a­ble), but I learned some addi­tional VPN tech­niques with SSH. I already used mul­ti­ple ssh-keys for var­i­ous things, but Michael pro­vides some inter­est­ing ways of han­dling a large-volume of ssh-keys over mul­ti­ple machines. … I really hope that my review was as valu­able for Michael, as it was for me to do the review.

He ends the book with “You now know more about SSH, OpenSSH and Putty than the vast major­ity of IT pro­fes­sion­als! Con­grat­u­la­tions”, and this is true, and all that in his writ­ing style where you can come with a prob­lem, read about it, and leave with a solu­tion (nor­mally with a lit­tle bit of enter­tain­ment in between).

I know a lot of peo­ple which work daily with SSH, and they know only a small part of what is pre­sented in this book. In my opin­ion this book is a must-have for every System/Database/Application/Whatever Admin­is­tra­tor in charge of some­thing on an UNIX-like sys­tem, and even “nor­mal users” of SSH (no mat­ter if they use PuTTY, or a ssh com­mand line pro­gram on an UNIX-like sys­tem (most prob­a­bly it will be OpenSSH or a clone of it)) will get some help­ful infor­ma­tion from this book.

I can only rec­om­mend it.

Just before christ­mas I decided I will spend the “immense” amount of 40 EUR for a graphic card for a sys­tem which was with­out one. The sys­tem is sup­posed to replace my dying home-server. I already moved every­thing, except my Desktop-in-a-Jail (actu­ally it is my home-cinema-jail).

The old sys­tem had a Radeon 9200SE, and it was enough for what I used it for. Now… for a few bucks you can get a lot more horse­power today. After look­ing around a lit­tle bit I decided to buy a NVidia card. I made this deci­sion because it looks like I can get bet­ter dri­ver sup­port for it. So I got a GeForce GT 520 with 1 GB of RAM (I doubt I will be able to use that much RAM) and with­out a fan.

With the Radeon 9200SE I was not able to get the 3D stuff acti­vated (at least in the jail, I did not try with­out), Xorg com­plains about a miss­ing agp­gart mod­ule but I have AGP in the ker­nel (no /dev/agpgart out­side the jail). I did not spend time to inves­ti­gate this, as the main pur­pose — play­ing movies — worked. Now with the NVidia card I decided to give the 3D part a try again.

After adding the NVidia device entries to the jail, and a lit­tle bit of fight­ing with the Xorg-HAL inter­ac­tion, I got a work­ing desk­top. The biggest prob­lem to ver­ify that 3D is work­ing was, that I did not had xdri­info installed. After installing it, I noticed that it does not work with the NVidia dri­ver.    Next stop nvidia-settings: runs great, dis­plays a nice FreeBSD+NVidia logo, and … tells me that OpenGL is con­fig­ured. Hmmm… OK, but I want to see it!

As I decided to switch from Gnome to KDE 4 at  the same time (I was using KDE when it was at V 0.x, switched to Gnome as it looked nicer to me, and now I switch back after read­ing all the stuff in the net that KDE 4 is “bet­ter” than Gnome 3), I was a lit­tle bit out of knowl­edge how to see the 3D stuff in action. So I quickly went to the set­tings and searched for some­thing which looks like it may use 3D. To my sur­prise, it was already using 3D stuff. Nice. I fully real­ized how nice, when play­ing a video and using Alt-Tab to switch win­dows: the video was play­ing full speed scaled down in the window-switcher-thumbnail-view.

That was too easy. I am happy about it.

Now that I have a work­ing setup of X11-in-a-jail for Radeon and GeForce cards, I want to cleanup my changes to the ker­nel and the con­fig files (devfs.rules) and have a look to get this com­mit­ted. A big part of this work is prob­a­bly writ­ing doc­u­men­ta­tion (most prob­a­bly in the wiki).

I still want to see some fancy 3D stuff now. I tried to install x11-clocks/glclock, but the build fails with an unde­fined ref­er­ence to ‘glPoly­gonOff­se­tEXT’. Any rec­om­men­da­tion for a fancy 3D dis­play? My pri­or­ity is on “fancy/nice” with as less vio­lence as pos­si­ble. Most prob­a­bly I will look at it once and then dein­stall it again, so it should be avail­able in the Ports Col­lec­tion (or included in KDE 4).

I have the habit to chmod with the rel­a­tive nota­tion (e.g. g+w or a+r or go-w or sim­i­lar) instead of the absolute one (e.g. 0640 or u=rw,g=r,o=). Recently I had to chmod a lot of files. As usual I was using the rel­a­tive nota­tion. With a lot of files, this took a lot of time. Time was not really an issue, so I did not stop it to restart with a bet­ter per­form­ing com­mand (e.g. find /path –type f –print0 | xargs –0 chmod 0644; find /path –type d –print0 | xargs –0 chmod 0755), but I thought a lit­tle tips&tricks post­ing may be in order, as not every­one knows the difference.

The rel­a­tive notation

When you spec­ify g+w, it means to remove the write access for the group, but keep every­thing else like it is. Nat­u­rally this means that chmod first has to lookup the cur­rent access rights. So for each async write request, there has to be a read-request first.

The absolute notation

The absolute nota­tion is what most peo­ple are used to (at least the numeric one). It does not need to read the access rights before chang­ing them, so there is less I/O to be done to get what you want. The draw­back is that it is not so nice for recur­sive changes. You do not want to have the x-bit for data files, but you need it for direc­to­ries. If you only have a tree with data files where you want to have an uni­form access, the exam­ple above via find is prob­a­bly faster (for sure if the direc­tory meta-data is still in RAM).

If you have a mix of bina­ries and data, it is a lit­tle bit more tricky to come up with a way which is faster. If the data has a name-pattern, you could use it in the find.

And if you have a non-uniform access for the group bits and want to make sure the owner has write access to every­thing, it may be faster to use the rel­a­tive nota­tion than to find a replace­ment command-sequence with the absolute notation.