Recently in Encrypted partitions in Debian Category

I've been waiting. And while I don't generally recommend an in-place upgrade of a production machine, especially one with problematic hardware (in my case that "problematic" bit being the Intel 830m chipset and its 82830 CGC graphics controller) and a fully encrypted hard drive, I do have unencrypted backups, and I'm ready to leave Debian Lenny behind and see how well Squeeze does on my machine and for my tasks.

So I did the prep, did an update/upgrade in Lenny, changed my sources.list, did another update in Squeeze, and I'm running the dist-upgrade now, pulling in some 900+ packages and hoping the thing will boot when its all done.

Yes, I have the day off. Thus I have the machine free for just such an upgrade.

And yes, this is the sort of thing I do on my day off. Take it up with my therapist.

I've been thinking about building my own very small machine around the dual-core Intel Atom processor with Nvidia graphics. Yes, I know that Nvidia is freedom-hating and all, but I think that for the small form factors such as Mini-ITX, Intel and Nvidia are heading in the right direction when it comes to compactness, power consumption and graphical sophistication.

I usually begin my search with my favorite Mini-ITX vendor, Logic Supply, but I have also begun looking at pre-assembled systems that ship with Linux. Both ZaReason and System 76 are building small boxes around the Intel Atom/Nvidia platform, some single core, others dual core — and I do recommend the latter.

The one stopping point for me, other than money, is that I'm not sure whether or not these pre-built boxes have CPU fans or use passive cooling from massive heatsinks. For years now I've been leaning toward machines with no spinning fans either in the box itself (on the CPU or elsewhere) or the power supply. With Logic Supply I can easily make this happen.

At ZaReason, the Ion Breeze 4220, starting at $399 for single-core, offers a variety of options, including the above-mentioned dual-core Ion CPU. I don't know if Earl, the ultra-accommodating chief technology officer at ZaReason, is offering the option of a fanless motherboard — I'll ask him.

System 76 offers its Meerkat Ion NetTop with dual-core Ion starting at $359.

One thing that ZaReason offers in the Ion Breeze that I like is an optional external fanless power supply.

I've been running my converted Maxspeed Maxterm thin client as a standalone Linux/BSD box almost since the beginning of my foray into open-source operating systems, with only a single fan blowing across the Mini-ITX motherboard and its heat-pipe-cooled CPU. The fan doesn't work when the box is upright, so for all intents and purposes this is a fanless computer, and I've never had a problem with thermal issues — in fact, it runs quite cool, if not quickly with its VIA C3 Samuel processor (that's supposed to be a 1 GHz model but for some reason only runs at 500 MHz), maximum of 256 MB RAM and woeful sound and video chips.

Right now the Maxspeed is running Debian Lenny from an 8 GB CF card inserted in the thin client's built-in CF-to-IDE interface. Yep, no spinning hard drives either.

System 76 does offer solid-state drives on the Meerkat Ion, starting at $110 extra for a 40 GB Intel drive.

If the Intel Atom Ion processor isn't what you're looking for, both System 76 and ZaReason have plenty of other desktop, laptop and server machines to look at.

The best thing about buying a computer from a shop that ships with Linux (in the case of these two retailers, Ubuntu) is that your hardware is pretty much guaranteed to work. You'll have audio, video, suspend/resume, all that stuff that sometimes is hard to get straight on the box that shipped to you with Windows.

In the times I've spoken with ZaReason's Earl, and the company will build, test and ship pretty much anything you want. They specialize in Ubuntu, but you can ask for a box to be loaded with Debian or CentOS, and I believe they'll do it.

Do ZaReason and System 76 charge more than your standard computer seller? Probably. You can't get the kind of bottom-of-the-barrel deals that are offered on the cover of the Office Depot circular, but those machines often do have bits of hardware that you'll tear your virtual hair out to get working properly.

When you get a machine from a company that specializes in Linux, not only will everything work, but you'll get support that will help you clear up any issues.

And for many people — and I'm getting more like this myself with less time available for banging-my-head-against-the-wall tinkering — it's worth a little extra money for somebody else to have figured out all the issues, or in the case of these companies, to choose hardware components that work well with free, open-source operating systems from the start.

And even if you are a tinkerer, chances are it ZaReason or System 76 have built you a machine, it won't just work well in Ubuntu but will be a great platform for other Linux distros you might want to run.

Not wanting to leave out BSD, you can get a pre-built and -loaded PC-BSD (based on FreeBSD) laptop as well as two workstations (prices unknown) from IXsystems, the company behind PC-BSD. They seem to specialize in selling servers running FreeBSD and ask that interested buyers request a quote to receive pricing info. They're also offering CD and DVD sets of FreeBSD 8.0 if you don't want to bother downloading the ISOs and burning your own discs.

Not to go off on a tangent or anything, I've been giving FreeBSD a lot more thought lately. I've run OpenBSD on the desktop as my primary system for about six months, and I'm considering FreeBSD instead for a future test for the following reasons:

• Easier upgrades and much longer cycle
• More focus on desktop users with hopefully better (and more meta-style) packages for things like GNOME
• Flash 9 and possibly Flash 10 support through the Linux compatibility layer
• Better performance
• I really don't need it for architectures other than Intel/AMD (although PowerPC and SPARC 64 are available; side note — on the various pages emanating from its platforms page, FreeBSD offers not only official manuals from the makers of the hardware in question but also links to other BSDs that run on the architecture. A very nice touch, I think)
• Community that actually cares about end users who aren't developers

I need to try some live images of recent FreeBSD/PC-BSD releases. (Is PC-BSD a live CD yet? I haven't kept up, but I did utilize the live environment of DesktopBSD back when I was testing it).

I never did the full review I promised of Dru Lavigne's excellent "The Best of FreeBSD Basics" book, but I find it to be an excellent reference for the FreeBSD and PC-BSD user. Dru is one of the best writers around in the Unix community, and even if you don't run BSD you can learn a lot about using Unix/Linux from this book. I got a whole lot about the shell, file permissions and other Unix sys-admin tasks, from "Basics," just as Michael Lucas' discussion of sudo in "Absolute OpenBSD" makes that now-way-out-of-date book extremely relevant and useful for anybody running any kind of Unix/Linux today who wants to make the most of sudo in their own environment (and especially on the server).

On the same tangentially arrived-at topic, Dru Lavigne's latest book, "Beginning PC-BSD: Frugal Unix for Power Users," is slated to be released three days from now. If past work is any indication, this will be an excellent book for anybody contemplating the use of PC-BSD.

I'd rather Dru write a book on using FreeBSD on the desktop — not necessarily PC-BSD but building out a FreeBSD-based desktop through ports or packages — but I can understand her focusing on PC-BSD given that the iXSystems-led project is a lot closer to what Linux users are used to.

I've been running Debian Lenny exclusively for more than a week now, and I can tell you that in an apples-to-apples comparison with Ubuntus 8.04 through 9.10, my immediate impression is that you do get a recognizable speed boost in just about all operations between the generic Lenny and generic Ubuntu on my 9-ish-year-old hardware, a Toshiba Satellite 1100-S101 laptop with 1.3 GHz Celeron processor and 1 GB of PC133 RAM.

By "generic," I mean each distro's default GNOME desktop and mostly default applications.

Things just happen a bit quicker the way Debian ships over Ubuntu's stockish build.

I don't know if such a difference can be detected on newer hardware since I'm pretty much not running any. But I've always noticed that Debian and Slackware offer a pretty good speed advantage over many other distributions on the older, underpowered and often under-memoried machines I happen to run.

I happened to run all the recent Ubuntu releases, as well as Debian Lenny, on the same hardware.

And did I forget to mention that I'm running Lenny with fully encrypted LVM?

I originally set up this laptop as a test for encryption, which I think is a must on a laptop — who wants to lose it and have all of your data potentially compromised? I chose fully encrypted LVM in the installer along with the standard GNOME desktop, and that's pretty much what I'm running right now.

And even with whatever overhead the encryption adds to the CPU load, I still feel a lot more quickness (and use a lot less memory) than in Ubuntu.

I know Ubuntu has more services running by default, and I expect that Ubuntu can be tuned and tweaked to run as fast as Debian, but in this case I didn't have to do anything.

Of course I did make adjustments here and there to make Debian Lenny work the way I want:

• In Nautilus, clicking on a folder doesn't open a new window like in stock Debian GNOME. Instead it opens in the same window (like stock Ubuntu GNOME).
• I configured Iceweasel to transmit its browser name as Firefox because I have an SAAS app that demands it.
• I added Java from the Debian non-free repository and Flash from Adobe's .deb package
• I'm slowly adding fonts so I can see more foreign-language and other characters in applications. The main thing I need to figure out is which font will let me see Unicode "smart quotes," which show up in Ubuntu but not in Debian; I know Debian is using Unicode, but I'm wondering why all those characters don't display.
• I use Thunderbird and not Evolution as my mail client, so I added Icedove and the Debian equivalent of Ubuntu's Sunbird/Lightning calendar app, Iceowl.
• Debian already doesn't ship F-Spot but instead uses Gthumb by default; that's exactly what I want.
• I haven't yet started using Debian Backports, but if I feel the need to use the Tomboy replacement Gnote (which is faster and Mono-free), I can get it there.

That's about it.

I'm in the process once again of modifying my rsync scripts to back up the Debian installation's /home files. This time I used Gparted via the PartedMagic live CD to label the partitions on my Toshiba backup drive, so the drives now mount with those names, making modifying the scripts extremely easy.

If I think about it too much, I might start "missing" the newer applications that Ubuntu's six-month releases offer, and I could always upgrade this Debian installation from Lenny to Squeeze, the current Testing release, which includes Firefox/Iceweasel 3.5.x and OpenOffice 3.1.x (as opposed to 3.0.x and 2.4.x, respectively, in Lenny), but when it comes to my day-to-day work (which has a) limited my time for futzing around with software and b) made having a working computer more important than ever), Debian Lenny, old packages and all, is getting the job done just fine.

And speed is good ...

Have you read the past 25 or so entries in this blog?

Once I finally solved all my issues with Ubuntu 8.04 LTS, I decided to start the upgrade path to version 9.10.

I wanted newer applications. I needed better hardware drivers.

But especially with 9.10, nicknamed Karmic Koala, I've had to deal with too many issues. I'm tired.

And aside from the laptop on which I'm running Ubuntu beginning its own hardware death spiral, its CMOS battery long dead, LCD screen sprouting a half-dollar-sized black blotch and taking the lower right half of the screen with it, I have what I always seem to have.

X issues.

Finally things seemed to be going well. A kernel update took my shutoff of kernel mode setting out of /boot/grub/menu.lst and I could miraculously run X with the aforementioned kernel mode setting, no xorg.conf file needed.

Then an Xorg update rolled in, and suddenly the screensaver, if let run too long, would render the Toshiba Satellite 1100-S101 laptop inoperable. The machine was running, but the mouse and keyboard were dead to it.

Even returning ctrl-alt-backspace X-killing had no effect. (Note to self: Even though X works with kernel mode setting, could KMS be responsible for the keyboard/mouse death?)

I enjoy debating the removal/inclusion/reimagining of the GIMP, F-Spot, Pidgin, Empathy, Mono and Ubuntu One as much as the next blogorrhea-striken geek, but as Linux Outlaw Fab and Jermaine of "Flight of the Conchords" say, it's business time

I didn't know exactly when it would happen, but with 8-year-old laptops running on glue, various varieties of tape and other household sundries, it pays to have a backup.

And this post comes to you from that backup, the "other" Toshiba Satellite 1100-S101, which has had a fully encrypted LVM installation of Debian Lenny — the project's current stable distribution — on it for a number of months.

Sure, this Toshiba hasn't had working sound almost since I first grabbed it out of a pile of to-be-recycled laptops in various states of dismemberment.

And its space bar is a little flaky.

And the display's inverter is intermittent, requiring frequent manual presses of the lid-closing switch to bring the display back.

But the X issues that plagued my Intel-running laptops since Lenny was in Testing have long since been mastered (again, thank you Arch Linux Forum members, who've given me many an xorg.conf hack, most of which have worked).

I've been reluctant to switch laptops because I'm always midstream. I have over 2 GB of POP mail in Thunderbird on the Ubuntu laptop and another 3 GB or so of other files.

Sure, I could install Debian (or Slackware or fill-in-your-favorite) over Ubuntu, but I'm not yet ready to take that step.

I can and probably will update my rsynced backups in Ubuntu and move everything over to this Debian Lenny machine.

I didn't think it was "ready" for my work flow. The biggest problem is that I've started using Audacity, and that won't go so well on a laptop with no sound.

But otherwise I've got Iceweasel (which sends its name out to the Webby world as "Firefox," as one of my SAAS applications requires), I'll bring the mail from Thunderbird to Icedove (although the new year ahead is as good a time as any to start piping my mail through Gmail and leaving it in the cloud).

I have Flash installed, which I need semi-frequently. Same for Java. And I'll need to add MP3 support. Even if I can't hear the files, every once in awhile I have to verify that they'll play.

I've been using gThumb as my main image editor. Yes, it's that good. And luckily gThumb, not Ubuntu's favored (and much less capable) F-Spot, is in the Debian Lenny default desktop install.

All the rest of the GNOMEish tools I use in Ubuntu are here. Gedit (which is really growing on me and would grow even more if there was a keyboard shortcut to change the case of letters), Epiphany (again, I've really enjoyed using the Webkit version in Ubuntu, but Epiphany is still a great browser with Gecko), the GNOME terminal, the Nautilus file manager, Synaptic (although I've pretty much abandoned it for Aptitude, especially with Ubuntu's cryptic method of having an Update Manager window "magically" appear at seemingly random times).

I finally figured out how to get my Cnet CWD-854 USB WiFi adapter to work using the rt73 driver.

NetworkManager, despite not being the newer and greatly improved version I first saw in Ubuntu 8.10, is working fine.

I have gFTP, even though I've started using Nautilus for FTP. Yeah, I don't have OpenOffice 3.1 for the occasional .docx file sent my way, but I've got plenty of other machines that do have OO 3.1.

I need the basics to work. And I need them to keep on working. I can't keep fixing things every time there's a software update.

Nowhere does the phrase, "Your mileage may vary," apply more than in the world of Linux and BSD operating systems.

But in the case of this hardware and my workflow, it's Debian time.

Somewhere between the debut of Ubuntu 9.10 (Karmic Koala for those into animal names) and today, the developers/maintainers/overlords of what many consider the leading Linux distribution have fixed the dreaded "kernel mode setting bug" that rendered the X Window system on many computers using Intel video hardware unusable until kernel mode setting was turned off.

I found a fix for this fairly quickly, as I have for the other Ubuntu-related problems befalling one of the two Toshiba Satellite 1100-S101, 2002-era laptops I rescued from the to-be-recycled heap when the Daily News moved offices what now seemed like a millennium ago.

Back to the kernel-mode-setting issue. I barely understand the reason for kernel mode setting, although my faint grasp of the details involves something about the kernel configuring the X server (or perhaps I should just say "the video") and not the Xorg program itself. Seeing a blank screen after booting my first time into Ubuntu 9.10 was not a welcome sight.

As I said, I quickly found the way to turn kernel mode setting off for Intel video, but I thought this potentially show-stopping bug was a bit of a turnoff, shall we say, for potential, new and/or less-experienced users of Linux.

Well, somewhere along the way, this bug was fixed.

How do I know?

Due to another seemingly ill-advised change in the way Ubuntu does its thing — namely lamely notifying users about software updates at intervals that even an ancient astrologer couldn't ascertain and in a most obtrusive way, botching a process that used to be quick and clear — I've been doing my updates in the terminal using Aptitude (which I find usually does a more complete job than apt alone when installing, removing and updating software in apt-based system such as Debian and Ubuntu).

Today I opened a terminal and did the usual:

$ sudo aptitude update

followed by

$ sudo aptitude upgrade

Some 50+ packages, including the kernel, were in need of an upgrade. (After completing this process, which installed kernel 2.6.31-15 to replace 2.6.31-14, I checked the "older" kernel, and it does X just fine with kernel mode setting, so the fix must either be in the older kernel or another package in the system.)

I don't know if the usual Update Manager or apt would have done this in the exact same way, but as part of the aptitude upgrade process, a message in the terminal asked me how Aptitude should handle my /boot/grub/menu.lst file, since it was "locally modified" (can't remember the exact wording, but that's the gist) and needed to be changed to accommodate the kernel update.

And if you've followed this tale of woe, you already know I had modified menu.lst, the configuration file that controls how the GRUB bootloader works, to turn off kernel mode setting for the i915 driver and get the display working once again in the GUI right after my upgrade from 9.04 to 9.10

I knew how to replicate the fix (stopping the boot process while GRUB was running, turning off kernel mode setting by editing that line in menu.lst for that boot and then going into menu.lst to add the fix permanently), so I let the system replace my /boot/grub/menu.lst with the one "provided by the maintainers." (Again, I'm paraphrasing; guess I should have done a screen shot. And while we're at it, who exactly are The Maintainers? Wasn't that an '80s band? ... I digress.)

I let the system rewrite GRUB without turning off kernel mode setting. Aptitude finished upgrading the system, and the system prompted me to reboot.

I did. I expected X to be inoperable after the system booted up, but much to my very pleasant surprise, everything works perfectly, X included. And still no xorg.conf is needed.

So for my system anyway, which uses the Intel Corporation 82830 CGC [Chipset Graphics Controller]. as lspci tells me in a terminal, X is seemingly as good as if not better than it's ever been.

And that means Linux in general, Xorg and Ubuntu in particular, appear to be cleaning up what has been a long graphics nightmare for Intel-powered video (and that's a whole lot more people than should've been put through what we've had to endure over the last very long while).

Like I said, Aptitude hasn't asked me until today to modify /boot/grub/menu.lst. I had been meaning to do a test of kernel mode setting to see if anything had changed, but right now I know it has.

I always say you should wait at least a month if not two before installing a new release of just about anything, especially Ubuntu. And if I had waited a month, I'd be upgrading to Karmic right about now, presumably with all the bugs fixed that have troubled me since my initial upgrade (chronicled painfully in a three-part series that somehow, some way, sprouted a fourth part with a flurry of follow-ups).

My review of Ubuntu 9.10 during the first week I used it was much more critical.

But now, at Ubuntu Karmic +1 month, I'm happy to the point of mild delirium (in a good way).

And my Ubuntu motto is now: Good (and patched) things come to those who wait.

What about the other Toshiba?: The other Toshiba, unlike the Ubuntu-running model, has a working CMOS battery, and also unlike the Ubuntu Toshiba, has a dead sound chip and a spotty display that, due to a bad inverter or something like that, needs the lid-operated screen-blanking switch to be pressed by hand every once in a while to bring the display back to life.

That "other" Toshiba formerly ran OpenBSD 4.4 until the whole thing blew up in my botched 4.5 in-place upgrade. It now runs Debian Lenny (and very well, too) with fully encrypted LVM. I'd have only encrypted /home and /swap, and perhaps also /tmp, but between you and me, that kind of thing is just too hard.

Hell, encrypting /home in OpenBSD is too hard. You'd think that in an operating system famed for its security and paranoia, creating an encrypted /home would be easy as peasy (and by that I mean a choice offered during the installation). But no. OpenBSD does encrypt /swap by default, I believe, and I wish it would at least give the installing user the option of encrypting other partitions without more extensive geekery than is already needed to get an OpenBSD system up and running.

I know. I! KNOW! that Ubuntu now offers users the ability to encrypt /home during the install (and there are forcefully geeky ways of turning an unencrypted /home into an encrypted one), but since all of my current Ubuntu installations began their lives with the live CD installer for 8.04 LTS, I haven't had the opportunity to choose an easily created encrypted anything.

And since the Debian text-based installer (as well as the nearly identical Ubuntu "alternative" installer) has offered fully encrypted LVM at least since Etch, I chose that for this experimental/backup Debian Lenny installation. I still think that carrying around a laptop with unencrypted personal data is a very bad idea, and I really shouldn't be doing it. But I'm too damn lazy to reinstall Ubuntu from scratch on my main Toshiba (or go through the aforementioned geekery to do it after the fact).

Now my plan is to wait — WAIT! I SAY! — for the next Ubuntu release, 10.04 LTS, to age a few months (like a homemade wine, which I also hope to craft in my garden shed, backwoods/prison/old-country-style) before doing a complete reinstall on whatever my main machine is at that time, during which I will encrypt /home, /swap and probably /tmp as well, keeping an unencrypted backup on a physically secured (i.e. off-site) USB-connected drive.