Thursday, October 2, 2008

XBox Media Centre Is Really Nice When It Doesn't Drop Network Connection

I did go ahead and set up the XBox Media Centre on my old XBox. The instructions aren't the greatest, but they got me there.

The media centre is much better than I expected. It's pretty, and useable, and looks like the perfect solution for our household. I've already moved my Freevo box into the basement (it's still the media server, even if it's not connected to the TV anymore.)

One thing that was confusing. There's some kind of script on that XBox that tells it if the network is up or not - and it was forever deciding my network was down, even when it was fine. Weird, since it would correctly show the cable as being connected, and the connection being a negotiated half-duplex 100 meg. (Yep - it's an old switch - remember Rule One?) It still read 'Network Down' below.

What fixed it (and don't ask me why) was to set the XBox to Fixed Manual IP instead of DHCP. It's been 'up' ever since. It must be something in the way the various 'dashboards' interact with each other and/or the eth card - but my weirdo solution works.

Tuesday, September 30, 2008

More Adventures with SME server and Friends

Yep - I'm still alive :-)

The spouse called me from home trying to send an email - and Thunderbird was telling her the mail server was temporarily unavailable, and she was on a deadline :-/

My first thought was to ssh in and try to send mail from my linux box on the LAN. Problem was, the DynDNS updater built into the SME server doesn't handle the possibility of being behind a NAT of it's own.

Instead I got her to turn on the LogMeIn service which is on that machine but always disabled, and I got in and started poking around. It was weird. I set up gmail as an smtp server and sent the message that way - which put the gmail account as the reply to on the message. Not a big problem since her gmail account (which she never uses) auto forwards to her 'real' POP account anyway, but an indication it was only a temporary fix.

Called the ISP, talked to first level support (much better than you'd expect - polite, friendly and helpful - gotta love my ISP!) who didn't have any insight into the issue and promised to get second level support to call me. They did - within about a half an hour, and we poked at it for a couple of minutes. Oddly, he couldn't see my attempts at sending an email show up at his end at all (he's watching the mail server logs as he's talking to me). He suggests swapping to port 587 and lo and behold it works fine. He's pretty convinced the problem is mine. I let him go and after a bit it comes to me - the SME server is blocking port 25 outbound I bet. Later on I prove it out

==> telnet 25
Trying the.ip.of.that.server...
Connected to
Escape character is '^]'.

So, while it was nice that LogMeIn got me in, I wanted to get remote ssh up and going again.

A quick google didn't reveal a fix for the built in DynDNS software (I didn't look very hard) so I grabbed ddclient from and followed the Red Hat installation instructions. Worked perfect first try. (If you know of an 'official' package to do this, by all means let me know)

It really points out both edges of the SME sword. If you use DynDNS the way most people do, then their prebuilt config is perfect - easy, helpful and exactly what you want. If you don't want that, you have to start working 'around' the software instead of with it. It's still RedHat, so it's not a big deal in this case, but it's a good example.

Next up I went to forward port 22 thru the modem, thru the SME to my personal linux box. Thru the SME server was easy. Thru that modem was not. I don't find that firewall config easy or intuitive, and I don't like a firewall I'm not comfortable with. I'm really reconsidering the setup.

Sunday, September 7, 2008

SME Server install

Just so you don't think I'm dead or something :-)

I installed SME server on that same box that eBox choked.

Even though SME suggests a minumum of 256 meg, it installed and so far is running fine on just 128. Now, I'm not using it for much more than DNS and a firewall at the moment, so I won't be suprised if it keels over when I add a few services, so far so good!

Here's some notes I made during the install. Kind of stream of consciousness stuff - hope it's at least somewhat understandable.

It has no config questions at all, not even partitioning, without passing options to kernel! Come to think of it - no questions about hostname or primary eth or anything!

I found out later (yeah I know RTFM!) that it does automatic software RAID. If you have two drives it does RAID 1, three drives RAID 5 and four or more drives RAID 6 - all on it's own. That seems to be kind of indicative of the way SME is done. It has a number of nice touches like that which are really neat if it's what you want, but a bit disconcerting if you want to do it all yourself.

Turns out that all the configuration happens *after* the install is complete and it runs a config stage.

First question on reboot was do you wish to restore from backup? Cool idea - hope it only happens on unconfigured box :-P

Second question is admin password. It didn't like my choice (which surprised me - it's over 8 characters and contains a mix of letters numbers and punctuation!) I tried a bunch of variations, and it didn't like any of them, including a really ugly sucker. There's got to be a bug there! Made a note to check on later. Oddly, it doesn't ask for an administrators username, just the password.

Again, after the fact I found out why. If you log in as 'admin' it puts you straight into an 'admin' console with predefined choices for reconfiguring, viewing system info etc etc. You have to log in as 'root' to get a real shell. Both users are set up with the same password.

Third question was server and gateway, private server and gateway or server only. Private means no WAN side services.

Dedicated network or dialup - cool option for those of us rural types that understand high speed networks aren't universal!

The next question was which eth card is which. In my case it correctly indicated that both cards (although different models) use the same driver. Good info, but then it gives you nothing to determine which card it thinks is which. It doesn't identify by model or MAC which is eth0. The options were labelled 'Normal' or 'Reversed' with eth0 marked as the local interface, I took a guess eth0 was the on board NIC and got lucky.

Next question is dchp or pppoe or static - has account name as identifier option for dhcp, or MAC address.

Next question is dyndns provider if desired - cool! Prompted for details including password. In my case it's not working :-( It's probably because it's 'WAN' interface is behind the modem we reconfigured as a NAT router. As a result the WAN IP is still a private network IP, and DynDNS probably rejects those. I didn't see anyway to tell it to use an alternate script or whatever to determine the proper IP address using the provided web interface or admin console. It's probably easy enough to change directly in the /etc config info - I'll just have to go looking.

Next question is dhcp on lan yes or no and range of numbers to provide.

Next question is specified DNS server or not, with the note that you shouldn't use your ISP's DNS server as it's not required. It made me wonder if SME server has the updates for the DNS issues that were big news last month. Another note to go look for stuff....

Save config and it 'activates changes' which looks like changing run-levels.

Noticed 'activating Smolt weekly checkin' - Google shows
Smolt is developed to collect hardware profiles from end users in a opt-in method.

Now I know how SME server has such good user stats. I bet if I read the install manual I'd get the 'opt in' option somehow too :-)

On the whole, it's really a predetermined design, the admin just fills in the blanks.

I had to finally read the manual to get to the web interface. Turns out the default apache page is just an 'under construction' banner, while the management page is at hostname/server-manager/

Not sure if that's an attempt at security thru obscurity...

I also noted the hardware requirements mentioned there are minimum 400Mhz and 256 meg of ram, recommended 1.5Ghz and 512Meg. It's running OK with just 128 so far though!

As it stands, I've configured static IP address thru DHCP (fixed leases) and set host names for all the devices on my LAN. It's a straight forward operation using the web interface, but a little clunky since there's no easy way to get the MAC address from the interface to plug back into the interface. IPCop has a nice option to turn a regular DHCP lease into a fixed lease which means you don't have to resort to cut and paste between an ssh session and the web interface.

I've had a couple of small issues, most of them self inflicted. One of my ethernet cables has a broken lock tab, so it was on the edge of connecting or not connecting depending on how it felt - even though it looked fine.

I also found out that running downloading a couple files via bittorrent seems to completely saturate my (fairly anemic) upstream. It got so bad that DNS wasn't resolving before the PCs gave up trying, so it looked like everything was down, when in fact it was just really really slow. I had some really simple traffic shaping set up on the IPCop box - looks like I'll have to see about adding that to SME as well. I see there's a plugin for it available in the contrib section which is promising.

One other frustration has been the modem as gateway. It works, but that interface is clunky and confusing. I haven't quite decided what to do about that yet.

SME server is certainly a solid solution for a small LAN - especially if you want to leave it in the hands of say a 'Windows Power User'. It's been designed to be easy to use, while retaining some powerful features.

All in all, this blog really hasn't worked out as intended - I figured I'd have the time to get this setup way way down the road from where it's at now. With a busy fall looming, don't expect me to get back to daily entries soon, but I am carrying on, even if it doesn't seem like it.

Before I go on to hardware that eBox and Ubuntu will run well on, I'm going to at least fix DynDNS, install Dan's Guardian or similar and some traffic shaping on the SME server and see how that plays out.

128meg Just Won't Cut It

I installed eBox on the guinea pig a couple of days ago, but didn't proceed to configuration or anything, just left it sitting at the log in prompt.

Here's what I noticed from the installation process.

First off, the eBox CD gives no indication it isn't an Ubuntu CD. I think it's worth a couple of minutes of somebody's time to stick the eBox logo on it, and add a couple of words of text somewhere indicating it's not just a vanilla Ubuntu install CD. I'll have to investigate the eBox bug tracking system at one point and make that suggestion.

In what's likely a related issue, the media check process on the CD fails when you try it. I'm *guessing* that when the eBox project added the eBox installation scripts, they didn't update the media checking function, so it's failing because of the extras. I didn't confirm this, but the installation did proceed ok - so either the media issue is subtle or in an area I didn't use, or my guess is on the mark. Kinda disappointing in a 'fit and finish' kind of way - but not a big problem. (note to self - did I even check the md5sum on the iso?)

I didn't preplan the partitioning, so when I reached that section I was flailing around a bit. I did have a couple of 'huh?' moments, but from past experience with the Ubuntu alternate CD I know that you can get the partitioner twisted up a bit if you flip back and forth between LVM and RAID etc etc and don't approach it in a logical fashion.

The game plan was a 256meg /boot with the rest on LVM. On the LVM I had a swap partition of 768meg (overkill, I know, but I knew this machine would need swap) and the rest in /. I figured the file share for clients would be on it's own partition I'd set up later. Looking back afterwards, I was kicking myself for not at least putting /var/log on a separate partition, but I could 'fix that in the mix'
as they say.

There were no options to the rest of the install really, just pick which ethernet card was primary, time zone, keyboard etc. I kept waiting for questions but they never came.

On reboot I was struck with just how long the reboot was taking. It seemed to take forever (no, I didn't time it...) Some of it was one time only stuff like generating RSA keys, but I was thinking to myself it wasn't looking very spouse friendly. She'd expect it to be working by the time her client PC booted back up - or at least close to it - not sitting around waiting for a server that she only vaguely remembers is there to complete doing something she can't even see. I was reconsidering my limited RAM machine at this point.

There were two errors during that initial boot. One was Dan's Guardian failing to start up, with a comment about editing the config file. Made sense, since I hadn't configured anything to do with
saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library.

None the wiser, I made a note to look into that further too. :-)

I also see from my scribbed notes I saw mention of Quagga, but I didn't make a note as to why I made a note about Quagga!

Googling quickly about again, it looks like Quagga is related to routing, probably BGP stuff or similar.

The installation didn't take that long, but I was out of time, so I left it sitting at the log in screen with my notes.

When I came back to it this morning, I was met with a screen full of error messages about killing apache processes due to lack of ram :-( I guess that's that.

So, I've reached a couple of conclusions.

1 - Hardy + eBox = more than 128 meg of ram required

2 - I was disappointed with the lack of choice during the install. Maybe it was a good way to get the flavour of an eBox set up, but it went against the grain of an old knob twister like me. Next time I think I'll do the eBox install the Ubuntu way - install from a vanilla server CD, and add the eBox packages afterwards.

Friday, August 29, 2008

I hate 'meta' posts - but here's one anyway...

I really don't like talking about blogging in a blog - especially when it's supposed to be an 'on topic' blog like this one. None the less, here I am.

Life's been 'interesting' lately, and I'm just not having the time to create my home server - forget blog about it too. Apologies. The entries are still coming, and I hope to get back to at least every couple of days until the initial setup is complete, but I'm not going to be there in the next little while anyway.

To keep this from being a totally wasted entry I can mention this - I applied a fresh coat of heat transfer paste to the cpu and heat sink, then ran a memory check over night with no reoccurance of heat issues or memory problems. Looks like that machine is back in business.

Just as a backup, I also tested a very similar Dell GX110, which has roughly the same CPU and 256 meg of old fashioned SDRAM. So, if things fall apart with machine A I can just keep right on going.

If you're tired of waiting for entries whenever I happen to get to them, I'm giving you an out.

Here's the Cole's Notes version of installing and using eBox from

This blog - endless regular entries - condensed to three pages....

Well, kind of anyway.

Let me know what you think of the entries so far!

Monday, August 25, 2008

Snafu Number One

OK, so to test the hardware I grab my hot off the cd burner copy of the eBox installer and walk over to the system. That's weird - I could have sworn I left it on sitting at the BIOS settings screen.

Turn it on, see Warning - the previous system shutdown due to a thermal event!

Doesn't sound good. A thermal event? I guess you're saying it overheated? I don't image they come with ice monitors.... Maybe it's just another example of poor translation, but sometimes I really wonder why engineers try so hard to sound like English professors being paid by the word.

I turned it back on and booted up from the cd. It looks exactly like the Ubuntu server cd - eBox isn't mentioned anywhere. I started checking the cd for defects. After a couple of minutes it turns off :-(

Same warning when I power it back on.

I don't get it though! There's only two fans and they are both turning, and all the dust bunnies where kicked outside.

I pull out the air deflector around the CPU (where it vents out the back) and I note that the heat sink is clean and fastened down ok - but moves on the cpu.

On old machines like this normally the heat sink grease has welded the two together, but on this one the bond has been broken. I don't know when that happened, but it seems like the culprit. I'll have to dig up my heat sink grease and try again tomorrow.

Sunday, August 24, 2008

Choosing The Victim

This is actually pretty straight forward. Meet the sacrifice.

As I've mentioned previously, I've got a bunch of old PCs lying around, and this one is typical.

A Dell Optiplex 200 desktop style case. It will fit nicely on top of my HVAC unit on the basement, and not look too out of place. It's not hard to work on, and it's even reasonably quiet. It does have one of those Dell proprietary power supplies (grrr.... see rule 4) but I have a spare.

It's a 733 MHz Pentium III, slow by today's standards, but it will run a modern linux ok, with one problem - it's 128meg of RAM. Since it uses the defunct RAMBUS style ram, buying some or finding some used stuff to add in it isn't easy or cheap.

On the other hand, that makes it perfect for this project. I can find RAM for the other boxes and make them able to run a modern Gnome or KDE ok, but not this one. What else could I do with it? Heck, it's got ISA slots - that's got to be good for some geek cred.

Luckily not requiring X reduces the need for RAM substantially. It's quite possible that I'll find it lacking once I start using it, but I'm going to start and see how it goes. It'll be a nice comparison, since this is the same box I tried to run Aastaro on earlier.

I'm sure ACPI issues probably mean suspend to disk or ram doesn't work on a mainboard this old, but as a server it shouldn't be necessary. With only a cpu and power supply fan, and being a PIII hydro usage isn't that bad. I'll try and measure it later.

I have a number of old Fujitsu drives of about 8 gig. I'll use one of them as the system drive. Since it looks like we're going to try eBox, SME server and perhaps vanilla Ubuntu server, the plan is to swap hard drives after each installation. That makes it easy to change back and forth between them, while keeping the hardware identical for comparisons.

I'll put another much larger drive (or two) in later to handle media files. If I use LVM I should be able to transfer forward to the new drives easily once I've picked a winner.

Flipping through the BIOS shows a couple of settings to pay attention to, and a bunch of options we can disable.

First off, the date and time is correct, so at least the battery on the mainboard isn't shot. It'd be a pain to find that out after the fact. I'm disabling the floppy in the BIOS and disconnecting the power to it - I can't see using it for anything.

Since there's no option to pick a boot device via the keyboard, the startup order will have to be CDROM then hard drive. Going into the integrated devices menu I turned off the sound, the mouse port, the serial ports and the parallel ports, leaving on the internal speaker and the built in network card. I added a standard PCI 3com 905B nic earlier for the Aastaro test, since it wouldn't recognize any of the old ISA cards I have kicking around. I turned off reporting keyboard errors since I won't keep one attached and set it to auto power on whenever it's got AC.

Next up are some quick tests to make sure are hardware is ok.

Thursday, August 21, 2008

Another Competitor - This is getting pretty busy!

Just tripped over Amahi.

From a quick perusal of their website, it's a home-server type setup currently in beta- with a twist.

Currently based on Fedora 8, with plans to support Fedora 9, CentOS and Ubuntu.
They want you to 'sign up' before you install, and they have a Terms of Service section that mentions 'premium services' It looks like remote management is their 'secret ingredient', and they want to monetize things at one point or another. Nothing wrong with that, but not the direction I'm interested in heading at this point.

They do have some cool bullet point features, like compatibility with Vista's built in calendars (which I know nothing about) and Apple iCals.

Also interesting was they have a backup service called 'PPA' that seems to be a combination of partimage a and network booting, ala clonezilla. So, you just reboot, hit F12 to boot from the network and pick either backup or restore. Pretty slick.

But, (getting on my soapbox), you have to manually reboot and trigger the backup. In my experience if you leave backups to the end users, they don't get done. My wife, for instance, is not interested in a process like this, and wouldn't be likely to get it done regularly. I'd rather have something I can schedule so nobody has to worry about it.

At any rate, Amahi looks like interesting competition, and a good source for ideas if nothing else.

Wednesday, August 20, 2008

Hacking the Gnet BB2060

I began to write a fair treatise on this, then realized it probably wasn't necessary. What I did likely won't apply to your set up directly. If you want more details, drop a comment below and I'll try and oblige.

Of note - don't go messing with your modem at random unless you
  • are familiar with this stuff
  • are patient and careful
  • don't mind spending lots of time without a working internet connection
There are some settings in here that relate to how the modem interacts with the DSLAM, and I have no idea what they should be. If you change the wrong setting, you'll get to keep both halves of what's left :-) I did note the manual claims the default reset puts it back to bridged mode, and other settings that pretty much resemble my starting point, but I didn't try it.

The modem's default LAN interface is at and uses the username DSL with the password DSL. Something that didn't occur to me until I starting changing settings is that this modem/router has a plain http interface, so whatever you do is sniffable on the LAN. It doesn't mean much in most home settings, but do make sure your LAN is secure before you start changing things, or you might not be the last one to be making changes! Another weird fact is that the http interface didn't render properly in Epiphany. Firefox worked fine though.

Start by downloading the documents from Gentek's ftp site under ADSL modems. The biggest part of what I did was plainly laid out in the quick start 'ethernet port configuration' guide. There's a complete manual there as well if you want all the details. I've got more reading to do myself.

Of note, the ftp site also shows a Firmware section, but several forums I visited seemed to indicate reflashing this particular modem is very prone to bricking it, and that it's just not worth chancing it.

It's a bit amusing that the most repeated line in the quick start guide is


I did of course. :-) Here's the highlights.

First up look at the Admin tab and find the Backup/Restore option. Make a backup of your settings before you start so you have a fall-back position. Then make another backup when you are done so you can upload it again later when the modem dies and you get a new one from your provider. (Murphy says he'll send you a different model, unless you fail to make your backup now of course.)

Note on this tab there is a Commit and Reboot section. The save buttons all through the web interface make the settings active, but don't make them permanent. You have to 'Commit' them so they take effect the next time. The Reboot option is quicker and easier than unplugging it all the time.

Also on this tab is the user section. You probably want to change the default password from it's very original setting.....

On the Services tab, under uPnP - disable it. (Unless you like things changing your firewall rules without telling you about it)

Also on the Services tab, under SNTP, add as a server so the logfiles the router keeps actually mean something. :-)

There's lots of other stuff here you can explore like some simple parental controls, SNMP etc.

I could have left the LAN side as manually assigned IP since in the final setup all that will be hooked up to it is our home server (see the last post for a pretty diagram), but I decided to turn DHCP on. That way I can use it without the home server in the interim, and it shouldn't cause us any issues down the road. I did pick an oddball IP subnet rather than the ever popular range - when you start connecting subnets via VPN's or what have you, it's so much easier if all the pieces involved don't overlap at all.

I did get one nasty surprise as I was doing this. I used the Admin Management Control section to turn off all the various management interfaces of the modem on the WAN side. I left only http and telnet on the LAN side active.

The telnet thing is pretty interesting actually. It looks like it has an extensive CLI interface that operates quite differently than the http style one. I left it active so I can explore that further when the mood strikes.

Now here's the nasty part. No matter what I did, or what settings I put in that management panel, http, telnet and ftp were all available on the WAN side!
That's such a nasty bug I wonder if it's deliberate to all ISP's into their modems regardless of what the user specifies? Just goes to show - always test to make sure you accomplished what you think you did.

To make sure the router can't be altered from the WAN side, I ended up using the firewall section under Services - IP Filter. Simply changing the security level to 'low' activated the rules that blocked the telnet, http and ftp ports. As we go along with our home server project I'm sure we'll end up revisiting this page for more fine-tuning, but those simple rules in combination with the natural firewalling NAT provides will get us going here anyway.

I tried running downloading a sizable torrent over the last couple days (yes, my high speed is a bit of an oxymoron, but the torrent is multiple gigabytes...) and it's been rock solid. So far I feel like I'm on the right track.

Now, if I can resist the urge to dig out my old XBox and keep going with this project instead we can make some real progress.....

Tuesday, August 19, 2008

Never choose the obvious if there's a better choice....

Today I'm looking at network topography.

Looking at our list of services we want our server to provide, it's pretty obvious we need all the traffic to flow through our server. You can't do web filtering etc. without it.

My home network is pretty typical. I've got four desktop computers, a laptop and a Nintendo Wii. For network gear there's a typical cheap wireless router, a switch and a DSL modem provided by my ISP.

The wireless was bridged with the wired side. That way the wireless network and the desktops etc were all on the same subnet.

I'm comfortable that the combination of WPA encryption and below ground placement of the wireless router makes it unnecessary to segregate the wireless further.

So, why can't I just put our new home server right there where the IPCop box was? Well, we want it to serve files and maybe handle email as well. The common wisdom is your server shouldn't be your firewall. There's two reasons for that. One, the firewall is the first line of defense. It's most likely to be attacked first, and losing control of it shouldn't mean you've lost control of all your documents etc too. Secondly, the more stuff there is on your firewall, the more stuff the bad guys have to try and find a weakness in.

Note this is really one of the bigger flaws of the MS Small Business Server that our previous commenter pointed out - all your eggs are in one basket, and that basket is exposed to the internet.

OK, so if we can't put our server on the front lines, then why don't I put the wireless router after the modem in front of the server? Two strikes against that idea too.

One, the laptop is often used as a remote control for one or another of the desktops. If the wireless is a separate subnet, then I'm going to have to poke holes in firewalls etc. to make that possible, limiting our flexibility.

Second, that makes the whole network depend on that $30 router - and I have seen too many times where a cheap router is the source of intermittent issues and frequent lockups.

What else could I do? Well, we could put yet another box in front of our server after the modem. It would have to be a linux box or a quality router to avoid issues. But yet another computer is likely to fall afoul of rule zero :-) and it's hard on hydro too. Buying a quality router breaks rule one.

I must admit I was considering lowering my security standards. I thought I'd painted myself into a corner with this one. Then I started looking at that modem my DSL provider gave me....

It's a Gnet BB2060 - a pretty common aDSL box they hand out to everybody that's a customer. My ISP sets them up 'bridged' so that you run your PPPoE software on a router or PC and the box acts just as a modem. On the other hand, their competition has started handing out 'routers' that act as both the modem and router. They provide DHCP services etc on the LAN side, and do the authentication internally, so clients just run standard DHCP.

I dug up a manual for my modem on line (thanks Google!) and it turns out, as I suspected, it can function either as a bridged modem or a router/modem combo.

I'm not sure what my ISP would think about me doing this - and I'm not going to ask - but I have a very solid relationship with them and a spare modem I can borrow from work if I run into something really weird.

If your ISP is one of those multinationals you might want to think about what happens when you call with a service complaint and the modem doesn't work like it's supposed to on their phone support flowchart.

Now I know that modem is just a $30 box just like my own wireless router, but I have to depend on it anyway, so I'm hoping having it act as router isn't going to make it any less reliable. On the positive side, rebooting the modem is a standard troubleshooting step my wife is comfortable with and it's easily accessible (unlike that wireless router).

The next post will detail what I had to change (and what I was careful to leave alone)
I might even snag some screenshots.

Out of sequence - XBMC How To That Looks Interesting

It's not in the regular flow of things, but it is at least apropos.

I've got an XBox with a dying DVD drive in the basement (who doesn't?)

This is the first How-To I've seen that doesn't involve either the Replay device or a hardware mod chip. It falls nicely into Rule 1 :-) I've looked at using the XBox for a media centre device before, but was hesitant to spend more money on a dead box, especially since all Xbox mod stuff seems to have that grey-market feel to them. I'm sure some (most? all?) of the hardware mod vendors have a good product, but I had no current word-of-mouth that I trusted to pick one.

Now, I should note this How To has two BIG caveats.

  1. I haven't tried this yet. It might be complete baloney.
  2. You have to disconnect IDE cabling on both your PC and XBox at least once - while it's in use! I wouldn't be doing this with an XBox or a PC you love - the results could be tragic. I've accidentally hot swapped IDE devices before, but I cringe every time it happens, and I'm sure sooner or later the smoke is going to come out.
Caveat Emptor

Thursday, August 14, 2008

eBox Making All The Right Moves

I sent a quick email to Soren asking about how eBox was integrating into Hardy.

Looking back at it I probably should have emailed the ubuntu-server list rather than Soren directly, but he was quite gracious.

While he professed to not be familiar with the eBox installer, he did say that eBox provided the packages in Hardy, and it's possible they will become the maintainers in Intrepid directly. In addition he commented on how they have responded in one form or another to all of the concerns raised.

All in all, it looks like the eBox guys are trying hard to be model citizens and should be congratulated.

So, eBox is definitely in with SME server. Next up we pick a network topography. (that's a big word for figuring out which wire to plug in where :-)

Wednesday, August 13, 2008

Ebox - the default web based GUI for Ubuntu Server

The obvious starting point for an Ubuntu home server has got to be eBox.

Both the Hardy server guide and the community pages have (essentially identical) entries on eBox, and it's packages are in the universe repositories for easy installation.

Furthermore, since Webmin has been pretty much depreciated for bad behaviour eBox is really the only game in town at the moment.

One thing I'm unclear on is just how separate eBox and Ubuntu server are. The suggested spec for Hardy seems to say that eBox does go it's own way, and once you start using it you're stuck with it.

As a result, I'm left wondering if the download from the eBox website gives me subtly different results than using the eBox packages in Universe.

Luckily, this is all about open source development - so I can just go ask the guys doing the job where they are at! I'm off to post a note to Soren (his name is on the blueprint) on the ubuntu-server list and we'll find out for sure.

Tuesday, August 12, 2008

The schedule's shot to heck - but we're forging ahead...

Just a quick note to let you all know that I'm sure glad I had a backlog of material lined up to get you to this point. It's not going to be quite a regular for the next little while.

I've had two hardware failures on the main server at work combined with a family vacation and lots of 'real life' stuff that's made finding time to do this difficult.

Don't worry - it's going forward - it's just going to be at a slower pace for the next little bit.

Feel free to post your comments in the meantime!

Sunday, August 10, 2008

At Last - A Real Contender

While looking at Clark Connect info, I saw mention of SME server.

A quick pop over there and a perusal of the forums left me impressed.

Like Clark Connect, with a long history and busy forums.
Unlike Clark Connect, this seems to be a community project first and foremost.
For example, elections and discussions were right out front in the forums.

They keep up to date useage stats, showing a pretty reasonable number of units in service.

The feature list is quite complete including an LDAP server and mention of plug ins like Jinzora, Dan's Guardian and Asterisk.

It is based on CentOS 4, and specifically mentions they try upstream packages unpatched to allow them to quickly flow through.

OK, I think it's time to pay attention to Rule 4. Before I started, I was pretty sure I was going to end up using Ubuntu Server 8.04, and just had to decide if I wanted to try (tomorrow's entry) Ebox on top or not. SME Server is making me reconsider. It looks like it should do everything I want it to - except teach me more about Ubuntu.

So here's a thought - old PCs I have in abundance. Why not install 'em both and see how we make out? All it costs is my time :-)

Saturday, August 9, 2008

Astaro - Are Two Half Loaves Better Than One?

Astaro is a commercial distribution that presents itself as a 'Security Gateway'.
They bundle up their software with a hardware solution and sell it as a complete package or just the software.

Their target market is really SonicWall and similar products. They claim to use the best of both open source and closed source products. Their software is available without fees for home users.

Astaro promotional material shows a very slick professional looking GUI. Their list of firewall and security related options is really extensive. IPSec to IDS and all stops between are covered.

Astaro doesn't really qualify to be my home server for a couple of reasons. Like any true security/firewall solution it doesn't serve files. Most security professionals would tell you a server has no place on a firewall. On the other hand, with the number of bells and whistles they are all packing into their boxes these days, I can't see where adding Samba makes much of a change in their overall target footprint. And of course it's a proprietary product.

Nonetheless, I was curious. It was considered as a possible solution for work, so I thought I'd take it for a spin.

The installer would get roasted on your average Linux distro review site. It's littered with oddities. For instance, the first screen tells you to use the arrows to navigate the installer screens, hit Tab to change the option and hit Enter to accept the changes and move on. Then the next screen says it's going to wipe your hard drive, and tells you to hit F8 to continue :-/ Nowhere does the tab key seem to do anything, and there's never a 'back' option. You can hit escape though - and it'll quit right out of the whole installation proceedure....

The first couple of times I tried it I thought I had a bad CD because it kept saying 'Installation Failed - Restart' Turns out that was incompatible hardware, because when I changed boxes it got a little farther. That time it recognized half my ethernet cards and posted a message saying it couldn't be a good firewall on just one ethernet card.

Now it is linux, and if you do things like using control-alt-Fx to look for other consoles you can see a whole lot better what's going on, but the default install screen is pretty terse, and the options are few.

Once I had it installed it tells you to reboot and log in via the web gui to complete the installation. I did so, and imediately started seeing the polish that shows up in their marketing materials. It's a nice boot screen, and looks quite professional. The web gui is pretty too - at least what I saw of it.

I set the passwords, and ran thru the wizard, but once I turned a few options on it turned my target box into a complete waste of time. The GUI became so unresponsive that it was unusable. I actually rebooted sure that it must be hung or acting up, but no - it was DDOSing itself. I'm not sure why the hardware passed their check during the installer, because it was completely unable to run their product.

It's probably a good product for what it's designed for, and I'm guessing a gig of ram would have made it perform usefully, but I'm not wasting time here when it won't due what I need it to anyway. Onwards!

P.S. If this is really what you want, rather than a home server - take a look at IPCop, Smoothwall, Vyatta, and Untangle among others. Gotta be one there you like.

Friday, August 8, 2008

A Fallback Position

Started looking at Clark Connect.

I've got to say - it looks feature complete.

It's been around since 2000 so I doubt it's going away anytime soon.

The forums are very active, so it's obviously well used.

I'll probably give it a try if I can't find anything else - before I start from scratch.

Why the reluctance then? Well, I can't put my finger on it, but it just seems so darned commercial. I mean the 'Community' page is 50% a request to put up banner ads for Clark It's like the 'find the free version' game that Grisoft plays with AVG on their website. (With Grisoft that's free like no cost incidentally - I won't promote them further with a link).

Maybe I'm too sensitive, but I found the Wikipedia article more straightford and informational than the company site. Do you know I can't find the fact it's based on Red Hat anywhere on the Clark Connect site? They talk about the 30 day trial but not about the 'free forever' version anywhere. It's Wikipedia that confirmed for me the community version is no charge.

So, other than it's based on Red Hat rather than Debian/Ubuntu it certainly seems to fit most of my needs, but it's not making me excited about it. Not logical maybe, but not my choice for right now.

Thursday, August 7, 2008

Satega - Ubuntu Home Server Redux ?

Checked out Satega

I wonder why they picked the name Satega? To me it's the name of the Ronin's homeworld.
And yes, I know they are spelled different. It's just the only thing that comes to mind.

They've got a cool logo. And they seem to have at least a couple of real devs with a Launchpad site and some code written. But it still seems like it's in the discussion stage. Unfortunately I don't grok git well enough to poke around and see the amount of code they are writing. Maybe they're farther along than I think they are. At any rate, I'm not waiting. Looking at their comments they're still thinking bigger scale than I need, and they're inventing new stuff I'd rather let somebody else get the bugs out of.

A simple interface to the server stuff isn't what I want. It could use tinkertoy controls with video help for every step and my significant other still wouldn't use it or care. That's my job - she just wants the results.

Wednesday, August 6, 2008

The Competion - Part One

Windows Home Server - no need to rewrite that - looks comprehensive enough.

What to steal?

The ideas I've already mentioned.

Network monitoring ala Nagios seems like overkill - I only care if my PC is on when I'm in front of it - and then I can look at the pretty lights :-)

Printer Sharing - yep - I've got a couple of inkjets I could share out that way

A bunch of server items that I planned on using that aren't really end user features - like RAID, headless operation etc - all come free with Linux and don't deserve a bullet point here.

Aha - media sharing via Windows Media Connect. Might be useful if we ever get an Xbox. Won't work on the Wii though. See Media Tomb

From earlier research the only solution for the Wii seems to be Jinzora

Nothing else grabs me as 'gotta have it'

Tuesday, August 5, 2008

Step One - Survey The Field - Do We Need To Do Anything?

I think it's the Python tradition to 'shamelessly steal what ever is useful'

(Yes, I feel like throwing around unattributed quotes lately. Ya want proof they're real? Go find it :-P )

So why not buy something? Oh - that's rule one, and rule four. That throws out a lot of stuff like Windows Home Server, that probably don't do what I want anyway. Worth a look to see what it does to steal ideas from though.

We said we liked Ubuntu, so is there an Ubuntu home server already?

Well, sort of. Ubuntu Home Server has a website, and a wiki, and forums, and lots of ideas, but at first glance to me it looks a bunch of unorganized stuff that was started twice and still hasn't put out anything I can actually use. Ooops - looks like it's dead again...

Note to self - keep it small and easy. It's obviously easy to fire around blog entries and hard to deliver when you've got big ideas and no programmers. Hmmm, sounds like me....

Off to find other possibilities and report what I think about them as I go.

Think I'll time these short blog posts to come out daily or something to make it look good for the aggregators or whatever rather than posting seven things today and nothing for a couple of weeks.

Monday, August 4, 2008

Step Zero - Define The Problem

Einstein was once asked if he had an hour to save the world from total destruction, what would he do? His comment was he'd spend 58 minutes defining the problem, and 2 minutes looking for the solution.

On the other side of the fence in a recent interview somebody asked Linus about 'innovation' and he replied
I have never had trouble finding people with crazy ideas. I have trouble finding people who can execute.
All right, now I've got enough quotes to start an argument, what about Rule Number Four?

Guess Linus wins this round. Lets figure out what we need roughly and get on with it.

0 - as close to zero maintenance as possible. I might be on vacation, the hydro might go out for a day, or real life just might be more interesting that day. Has to be 'no worries'

1 - Backup Drop Spot - Computer problems are a lot easier to solve with a working backup :-) And on a home network backups can be a real bitch. Lots of big files, no organization, and the most demanding users you'll ever find anywhere - your significant other and family members who just know that you're the computer geek who's supposed to know how all this stuff works right?

2 - DNS - Because my family aren't into remembering IP numbers

3 - aDSL PPPoE connection maintaining. Because it has to work whenever they want the internet, no muss, no fuss

4 - DHCP - more of the it should just work for friends and family stuff

5 - Central file share - because maintaining multiple copies of all your movies and music is silly, and makes Rule 1 even harder to follow

6 - Firewall

7 - Web filtering. My kids are old enough to try typing things, and young enough not to know why that's a bad idea. And yes, I supervise them, but I don't pretend to believe I'm perfect, and they aren't just a bit sneaky from time to time :-)

8 - Cross platform (see Rule 3)

9 - Central sign on and mobile profiles for the kids - because they don't care which computer they use, and they shouldn't have to really.

10 - Safe remote access to all machines.

11 - Guest wireless and wired access that doesn't give away the keys to kingdom for visitors

12 - Mail server that downloads mail regularly, virus scans it and stores it before the end pcs see it

13 - lots of flexibility to do other stuff I haven't thought of at the moment.

Sunday, August 3, 2008

What The Heck Is This?

This is an experiment.

My IPCop firewall died yesterday (hardware I think - it's been flawless for years but bad the last couple of days).

Of course using a white box as a firewall is a bit of a waste of hydro, and overkill for the job in a lot of ways. It's kinda noisy too, although I just installed mine next to the furnace so one more fan is no big deal :-)

I moved my wireless NAT router so it's the main firewall for our home network, but it's missing so many features I'd like that I immediately started thinking about putting a PC back in there.

Yes, I could by a better wireless box that does everything I want, or buy one and put DD-WRT or something similar on top, but hears the rub (and RULE NUMBER ONE FOR THIS BLOG)

My budget is $0.

Ooops, time for RULE NUMBER TWO.

My time is free.

OK, with those rules out of the way, and a bunch of old whitebox PCs floating around not doing anything, that resolves the 'why not use something designed to do that job' argument. Oh, and I plan on going beyond what a box with 8 meg of ram and a USB port can do anyway.

So, what am I going to use?
Well, let's start with RULE NUMBER THREE

Propriatery sucks. If you qualify or identify with rules 0, 1 and 2 - then by golly you should be able to do exactly the same things I do and get the same results. Anything that gets in the way of that is the enemy. So, Windows is out - so is Mac OSX. I don't know much about the BSDs, so I'm going linux. Ubuntu specifically because I want to learn more about that flavour.

Last but not least is RULE NUMBER FOUR

I'm making this up as I go along. Or, stated differently - what you see is what you get.

I really don't intend this blog to be readable, or pretty, or grammatical.

If you find something here, cool, but I don't intend (at least at this point) to try and make this make sense. It'll likely be a combination of a bunch or URLs for further info, stream of consciousness thoughts and specs, and records of what I did when.

If we end up with something useful, then we pretty up the documentation and give it to the world - after all, PROPRIETARY SUCKS!