Author Archives: Gen2ly
I’ve been using my built-in nvideo 7050 video card for a while now and for a built-in card it’s pretty good. I get decent compositing and Urban Terror plays around 30 frames per second but I’ve come to realize that I just want to be able to do more: play better games, watch HD video… so I decided to update my video card and now I’m amazed at what it can do. If you’re thinking about upgrading yours, this is what I learned from mine.
Digging in the Pockets
Yeah that $200 dollar top-of-the-line video card looks cool, but most of us don’t wanna spend dollars like that for something we use a couple hours of the day. Video cards can be pricey but even on a modest budget you can get a decent card a good step up from a built-in one. Good $40-80 cards can be found that can easily double frame rates and help you play new or newer games. Save yourself a little budget for a power supply too as video cards take a good amount of wattage and many stock desktops only provide power for the components involved. With $100 (minus $20-40 in rebates) you can get a fifth tier video card and a power supply to go with it.
Whats Your Motherboard Got?
Pop open your hood to see what you got (or if you’re lucky enough you’ll have an owners manual that tells you). In most recent desktops for the last few years are PCI Express slots and are very good for video cards. If you have an AGP or PCI even these can have cards added that can help improve performance. For the purpose of this upgrade I’ll be talking about PCI Express.
A PCI Express slot will look something like this (see bottom of page). If you’re not sure, look closely at the motherboard. Alot of motherboards print a small label like PCIE next to the slot. If you got that, you’re good to go. This could be either a PCI Express 1.0 or 2.0 slot. 2.0 slots add alot of bandwidth but at this time no video card is really able to take advantage of it. You also don’t need to worry about what PCI Express version video card you buy either as 2.0 is backward-compatible with 1.0.
Queen of Hearts – Picking the Right Card
To pick a good nvidia card, nvidia appends their card versions with a couple letters. The version tells the capabilites of the card (OpenGL 2.1, DirectX10…) while the lettering indicated performance. GS cards are clocked the lowest, GT is middle, GTS is high, and GTX is extremely high. For example the 9500 GT is nvidia’s last generation card with medium performance. A good place to compare video card performance is Tom’s hardware’s video card hierarchy page (includes nvidea and ATI).
It’s pretty hard to go wrong with any of top level video card but a word of warning: not all branded video cards are alike. Because third party companies assemble the components together you will occasionally see a components that are skimped on. I’ve seen a number of poor reviews on what normally should be a pretty good video card. I get alot of my reviews at newegg. Newegg offers good prices on alot of different cards and they have a customer review section for each product, so most of the reviews are pretty up front. Compare the card with different vendors that offer the same branded product to be sure you’re getting all you should.
A couple things I noticed comparing vender cards was that some of them offer a good number less stream processors and others would use old memory chips. There can be any kind of cavaets like this so keep your eyes open. Memory isn’t terribly expensive these days and you should at least try to find something with DD3 or above.
The amount of memory you choose is important too. I had one person tell me that 512 MB of memory is the sweat spot, that you would never really use more than that. But when I tried Crysis on my 756 MB graphic card, it almost maxed it out. Memory on the video card is almost directly proportional to the resolution. I have a 1440×900 resolution which isn’t the biggest so if you have something bigger you might want to consider a 1 GB card. Memory spills over to the computer memory but it’s better if it’s kept on the card.
Another thing to consider when getting a video card is what type of outlets it has. Most newer cards have two DVI’s and a HDTV outlets (and sometimes svideo).
Fire and Brimstone (or Noise, Heat, and Size)
If you looked over some video cards already you’ve noticed how big some of them look. Unfortunately most video card specifications don’t have measurements listed. When there’s not alot of space by your PCI Express slot look at the reviews and see if anyone else had trouble getting them in. If they did you should look for a low-profile card. Or you might wanna take a chance and try to put one in – most manufacturers are good about taking back such products.
Think about just how hot your card may get too. The high-powered cards available have a good size fan on them but that fan isn’t going to do alot of good if your computer case has hardly any vents. A card that gets too hot is gonna have a much shorter life span.
One of the most common gripes I read in the reviews about video cards was how that some of them sounded like a helicopter taking off. Yeah these cards get pretty hot and your bargain basement versions don’t put alot of money into quiet fans. If you think a constant buzz is gonna bother you after awhile you may have to look into a more expensive card with a better fan or a card with less performance.
9/10 Ladies Prefer the Graphic Man
If you anticipate you’re going to need a real workhorse of a computer, and you got the extra slot for it, remember SLI. SLI is Nvidia’s technology that allows graphic cards to work in parallel process to one another (ATI’s is called Crossfire). To utilize this technology though you’ll need a an nvidia motherboard 680i or greater and a supported PSU.
Power Supply (PSU) and Cables
No shying off it, almost everyone is gonna have to get one. It’s not fun to have to pay the extra cost of another PSU but I can tell you they are fun to put in. Do yourself a favor and don’t think you might just get by. If a PSU gets overtaxed it will shut down your computer or possibly even worse things. And don’t listen to what the video card recommendations say, alot of times they just give an estimate and have no idea what you are running in your computer. Newegg has a PSU calculator that will give you a good idea what you need.
Now check what cable connections you need. Unplug your box (all external connections), destatic by touching the frame, and trace all your PSU connections. You’ll probably need at least these: 2 SATA power (one for hard drive another for DVD/CD), one main power (motherboard) 24 pin connector, a 4 pin CPU power cord, and a 6 pin PCI-Express cable. The 6 pin PCI-Express cable isn’t a big deal as most cards include a dual-molex to 6 pin adapter and most PSU’s have at least 4 molex cables. For the motherboard cable almost all new ones have a 24 pin slot, the PSU’s though (to be compatible with older motherboards) have 20 and 4 pin cables that can be snapped together. When you look to buy make sure the cables are long enough. SATA plugs are often put on one wire several inches apart, are your components close enough together?
Someone in the know posted in a forum that for a good video card you’re gonna want 30 amps on the rails. I couldn’t get more information on this but I’m pretty sure he meant that you want 30 Amps delivered to your video card. One molex cable on my power supply has 16A and another has 17A they plug into the dual-molex adapter that in turn plugs into the video card. I’ve played games for several hours at a time and haven’t had any problems.
Also look to be sure that you have the necessary room for a larger PSU. I wasn’t expecting it but the unit I bought was a good inch deeper than the original and made for a tight fit.
Real cheap PSU’s start around $15 dollars but you might be able to find a good enough one for a basic system at $20. Most people recommend though that you look for PSU’s beginning at the $40 price range.
This is my first time buying a video card so if I messed something up or missed anything important, let me know!
Configuring the BIOS, Linux and a good budget video card are in Upgrading Your Video Card Part 2.
Webkit in General
Webkit is a rendering engine based on KHTML (KHTML is KDE’s Konquerer’s rendering engine) that has been radically modified by Apple for their web browser Safari. Because Webkit has received a good amount of development it will probably replace KHTML in KDE soon.
Rekonq is an effort to replace KHTML with Webkit in Konquerer. One of the first things you’ll notice about Webkit is that it renders pages really fast. This could be because that it’s new but from my tests Webkit seems to be able to render anything that Firefox can. Not only that but Webkit renders web pages beautifully.
Still in it’s early stages, Rekonq doesn’t add many configurations yet: saved passwords, minimum font size, saved tabs… And with qt’s version of Webkit redirects dont’ work yet.
Arora has been in development longer than Rekonq and has a few more configurations. It includes privacy settings, tab session savings, proxy…
Arora’s a good browser that’s coming along nicely. If I were to gripe about anything of Arora is that it does a big no by forcing a default font so that web pages just don’t look the way they should.
Googles’ new browser Chrome also uses Webkit but was originally designed for Windows. Thankfully though Google had the good graces to open-source the project and very early Linux builds are being made. I didn’t get a chance to try Chromium yet. As development has centered on developing Chrome 32 bit no version is available for my 64 bit machine. And it looks like I may not being trying Chromium soon either as developing a 64 bit version will require mounting some pretty big bumps. I did try cxchromium though (an altered version of Chrome design to run under wine) and I did get an idea what they are trying to do. I like the modular tabs that seperate different webpages and http boxes nicely. Also I like all-in-one http box that can be used for searchs, previously visited sites, and bookmarks.
Update: thinkMoult Has a good guide on Chromium and has found a way to run Chromium on 64 bit systems.
Midori I’m going to label as the current champ of Linux Webkit browsers. It’s able to save tabs, has a minimum font size setting, works with flash nicely, and has the ability to page zoom. Midori uses GTK and appears to be progressing nicely:
Midori may be the first real Firefox alternative in Linux. Hopefully they’ll fix the same error that Arora makes by forcing a default font.
Awhile back Epiphany made the committment to switch from Gecko (Firefox’s default rendering engine) to Webkit. Unfortunately development has been slow and didn’t make it into Gnome 2.26. Looking at the newest version though it looks about ready.
Epiphany updated it’s http box too to behave more like Firefox’s awesome bar does and it’s a nice touch. Again this browser forces a default font and configurability is limited. Epiphany though for the most part runs great on lower-end machines.
Leader of the Pack
I thought about switching to another web browser because i use KDE and would just prefer it that way. I can say that I was pretty close. From my tests Webkit could render anything Firefox did as good or better. And flash worked good with all of them for the most part. None of these browsers though recognized the java plugin. While I’m sure there’s a hack out there, I didn’t really want make a hack and try to remember how to erase it later. Mostly why I didn’t leave Firefox is that there are some great things about Firefox that are hard to leave behind. First, the awesome bar is well…awesome. Not only can I find previously viewed webpages easily, but also I can find webpages that I visited long ago plus the awesome bar does it quickly. I also find that I use web page zooming in Firefox quite a bit. Just because how some web pages choose their font sizes, reading a long article with small fonts can be a strain on the eye. Firefox not only zooms the entire page but it also remembers the settings so that next time I go back there I don’t have to do it again.
No I don’t think I’ll be migrating away from Firefox anytime soon but I don’t think a good Webkit browser is too far off on the horizon.</p
I don’t post screenshots usually because they just don’t get my attention. If i’m able to get things done then it doesn’t matter if i’m with AIG or on Gilligan’s Island. On my desktop, I don’t have fancy spinning-cubes, fire-drawing cursors, or wallpapers that leave a negative image floating on the back of my retina. What i do got is a desktop that would hopefully make Bender’s God happy :) :
There are plenty of movie players for Linux but my all time favorite is MPlayer. Not only is MPlayer quick and responsive but it can play almost anything. I’ve used MPlayer before but I realized that my movies weren’t playing just as I wanted them too – no menu support, picture quality wasn’t as I expected. If you’d like to play DVD’s with player, here’s a guide that can show you how to get good functional DVD player.
Presentation is a large part of a good movie experience. Movie companies and movie theaters put a good deal of consideration over how a movie looks and sounds. THX for example became a standard in the movie industry defining such. Therefore, how your display looks also will represent the quality of the movie you play with MPlayer. There are a couple things you can do to create good picture quality on your monitor but first a quick bit on colorschemes.
Windows and Mac OS both have built in colorschemes (also known as ICC profiling). Colorschemes define such things for the display as color balance and gamma. Linux by default does not have any colorschemes defined. Often new users will report that their display when first installed looks “too bright”. There is no way to define a colorscheme in Linux but most of this “too bright” reporting is because of gamma and there is something you can do about that.
The best option so far for Linux is if you got an nvidia card and use the standard nvidia drivers. If you do, it includes a tool called ‘nvidia-settings’. This program will allow, contrast, brightness, color and gamma change for the GUI. If not, you’ll have to look a program to discover the proper gamma for Linux like Monica. Use monica to calibrate your gamma. Calibrating Monica you’ll notice the whole display will change. Ignore this and just be sure your red, green, and blue gammas are set ok. When this is done, Monica will display an option to have Monica load at desktop startup. This can be done but it’s better to have the X server know the settings directly because if you play games (for instance) your gamma will be reset. The X server can be made aware of the gamma in the “/etc/X11/xorg” file. For example:
Section "Monitor" Identifier "Monitor0" Gamma 0.86 0.85 0.87 EndSection
Gamma values are in RGB order. Restart the X server to have the gamma values permanently applied.
[default] # driver and codecs vo=vdpau:deint=2,gl:yuv=2:force-pbo,xv, vc=ffh264vdpau,ffmpeg12vdpau,ffwmv3vdpau,ffvc1vdpau,coreavc,dummy, ao=oss,alsa srate=48000 #mixer-channel="Master" # options mc=1 # keeps video and sound in sync heartbeat-cmd="qdbus org.freedesktop.ScreenSaver /ScreenSaver SimulateUserActivity" # disable screensaver #fs=1 # full-screen #dr=1 # direct rendering # Picture settings contrast=24 brightness=12 saturation=-14 hue=-8 [protocol.dvd] profile-desc="profile for dvd:// streams" alang=en af=volnorm=1 # increase amplitude for movies because of wide dynamic range #vf=yadif=3,hqdn3d=3:2.8:1:3 # for deinterlacint (tv shows) [protocol.dvdnav] profile-desc="profile for dvdnav:// streams" profile=protocol.dvd mouse-movements=yes nocache=yes fs=1
Selecting Video and Audio Output Devices
MPlayer defaults will work on just about any media. If you want to test MPlayer, try:
Track 1 almost always has something on it and you should get a good idea how MPlayers plays with the default settings. First thing you should do is decide what video output driver to use. Most people tend to use xv, this is the XVideo extension and has hardware accelerated playback. I however use the OpenGL driver because it give me slight better performance. For example:
mplayer -vo gl:yuv=2:force-pbo -dr -framedrop -fs dvd://1 mplayer -vo xv -dr -framedrop -fs -cache 8192 dvd://1
For OpenGL you’ll have to use a proper yuv setting, look into “man MPlayer” for all the options. Adding the ‘-dr’ option to make sure direct rendering gets used and add ‘-framedrop’ because if a CPU intensive task starts in the background audio and video will get out of sync. Using -fs will start MPlayer in full screen-mode.
For xv make sure to use the ‘-cache’ option as xv video doesn’t play well without it.
For audio, I just allow use MPlayers default. I’ve tried setting ‘-ao alsa’ but occasionally I get skips with that and find the default (usually aoss) works better.
One of the things you’ll notice at this time is that their is a little noise to the picture quality. This is common because TV’s have built-in noise-reduction filters. You’ll also notice if you are playing a DVD recorded tv show that the picture appears “lined”(interlacing). TV’s produce pictures by displaying alternate lines. So a property called deinterlacing is used to produce a combined image. To add deinterlacing and a noise filter try this:
mplayer -vo gl:yuv=2:force-pbo -dr -framedrop -fs \ -vf yadif=3,hqdn3d dvd://1
Yadif is a good deinterlacer and hqdn3d will help to smooth the picture. I find that hqdn3d produces a bit too blurred image so I’ve reduced it to:
mplayer -vo gl:yuv=2:force-pbo -dr -framedrop -fs \ -vf yadif=3,hqdn3d=3:2.8:1:3 dvd://1
For movies that aren’t interlaced MPlayer won’t use the yadif filter.
MPlayer may choose to alter the aspect-ratio which will result in a distorted picture. I think there is some legacy code in MPlayer that tries to scale based on screen size. Add ‘-noaspect’ to prevent this from happening:
mplayer -vo gl:yuv=2:force-pbo -dr -framedrop -fs \ -vf yadif=3,hqdn3d=3:2.8:1:3 -noaspect dvd://1
Contrast, Brightness, and Saturation
Even for a properly monitor the picture isn’t going to look quite right because movies use a different colorspace that is designed for proper display on a television. While not perfect this too can be corrected to a good degree with brightness, contrast, and saturation values.
If you’re using the gl driver, you’ll be able to adjust contrast, brightness, hue, and saturation with 1 and 2, 3 and 4, 5 and 6, 7 and 8, respectively. To add the values to the command line:
mplayer -vo gl:yuv=2:force-pbo -dr -framedrop -fs \ -vf yadif=3,hqdn3d=3:2.8:1:3 -noaspect \ -contrast 14 -brightness 8 -saturation -9 dvd://1
If you’re using the xv driver, you can use the software equalizer to enable the ability to adjust these values:
mplayer -vo xv -dr -framedrop -fs -cache 8192 \ -vf yadif=3,hqdn3d=3:2.8:1:3,eq2 -noaspect -contrast 14 \ -brightness 8 -saturation -9 dvd://1
mplayer -vo xv -dr -framedrop -fs -cache 8192 \ -vf yadif=3,hqdn3d=3:2.8:1:3,eq2=1:1.14:0.08:0.91 -noaspect \ -contrast 14 -brightness 8 -saturation -9 dvd://1
New versions of MPlayer (as of this writing MPlayer-28347-4) now include support for DVD menus. MPlayer will have to be compiled with “–enable-dvdnav” for DVD menus to work. From the command line, tell MPlayer to use DVD menus:
mplayer -vo gl:yuv=2;force-pbo -dr -framedrop -fs \ -vf yadif=3,hqdn3d=3:2.8:1:3 -noaspect \ -contrast 14 -brightness 8 -saturation -9 dvdnav://
You can also add support for being able to choose DVD menu items with the mouse:
mplayer -vo gl:yuv=2;force-pbo -dr -framedrop -fs \ -vf yadif=3,hqdn3d=3:2.8:1:3 -noaspect \ -contrast 14 -brightness 8 -saturation -9 \ -mouse-movements dvdnav://
If using MPlayer with DVD menu support make sure you do not to have caching on or MPlayer won’t work properly.
That’s it! You should now have a great DVD player for you Linux.
Sometimes selections in DVD menus don’t get recognized. I found that pressing 5 will bring them up again.
MPlayer uses keyboard presses for input. A basic reference of commonly used keys:
- F – Fullscreen toggle
- Q – Quit
- P – Pause
- ← – Backward 10 seconds
- → – Forward 10 seconds
- ↑ – Forward 1 minute
- ↓ – Backward 1 minute
- Pgup – Forward 10 minutes
- Pgdown – Backward 10 minutes
- !/@ – Backward/Forward Chapters
- Arrow Keys or Numpad Arrow Keys – DVD navigation
Because DVD navigation binds to the arrow keys, they cannot be used to skip while using DVD navigation.
Users of newer Nvidia cards might want to look at MPlayer support for VDPAU (Purevideo technology).
Lastly, thanks to electro for his hqdn3d values.
Man pages by default use
less for displaying. I’ve used vim before to for colored text in man pages but something got bjorked in an update. To have color with man pages termcap will need to be invoked. Thanks to nico for the tip.
All that needs to be done is to export bold and underline values of termcap. Adding the values to the
~/.bashrc will make sure that they are always used:
# Less Colors for Man Pages export LESS_TERMCAP_mb=$'\E[01;31m' # begin blinking export LESS_TERMCAP_md=$'\E[01;38;5;74m' # begin bold export LESS_TERMCAP_me=$'\E[0m' # end mode export LESS_TERMCAP_se=$'\E[0m' # end standout-mode export LESS_TERMCAP_so=$'\E[38;5;246m' # begin standout-mode - info box export LESS_TERMCAP_ue=$'\E[0m' # end underline export LESS_TERMCAP_us=$'\E[04;38;5;146m' # begin underline
And source the
~/.bashrc to have it work:
Notice I used Arch and Gentoo colors, my two favorite distros :) :
I just installed KDE 4.2 a couple days ago with everything running great but when I went to change the panel font today I noticed that the fonts to choose from were beginning to blur. This wasn’t like this a couple days ago. Then I started up Firefox and the fonts were really blurry, like headache blurry. I renamed all my kde configuration folders and logged in again to no effect. Then I deleted all of KDE temp files first in
/tmp and then in
/var/temp and I couldn’t get it fixed. Finally I discovered this was from an overwritten
~/.fonts.conf file, fontconfig eventually adding options it previously hadn’t. To cut to the quick, I learned how to configure fontconfig and even learned howto enable fontconfig system-wide and now my fonts look great. Fontconfig works great if you keep it basic, so I’ve updated my post on Better LCD Font Rendering. Enjoy.
In you would like to rid the cruft on your system, or if you system has a virus (unlikely) or even if you want to install the system again at a later day a good way to do this is to package all your installed emerges. This can be done with a slightly-modified version of holla’s bash script:
Once this is done you can backup your Gentoo system by:
Obviously you might want to do more like
/root. Then you can extract the tar on a new stage3 and
emerge -K --deep world. I’d recommend not trying this if too much time has passed between backup and reinstall as portage configurations may have changed, but otherwise it can save you alot of compiling time.
Please read the comments for other (easier) ways to do this.
Normally you don’t update the kernel at every release unless hardware doesn’t work as expected or you really need the slight performance enhancements you may get from new kernel technologies. But… if you have a new module you need to add you may as-well.
A great site that posts about kernel upgrades is kernel newbies, you’ll need to understand the options for updating and while you’re at it you can upgrade to ext4 – don’t worry, it’s easy.
Dog the Kernel
So you don’t download upteen kernel source between kernel update you may as well just unmask the version you need:
/usr/src/linux link to your the new kernel sources:
Here’s a few options answers:
If you want to find out if you BIOS is corrupted or if someone has been tampering with it:
2.6.28 can also Reserve low 64k of ram on AMI/Phoenix BIOS’s that as some developer that I lost a link to said, “This might as well solve a wide range of suspend/resume breakages under Linux.”
People may have heard about the new GEM Memory Manager for GPU memory that can help improve draw-speeds dramtically. GEM is a modern GPU memory manager and is already built into the kernel so it doesn’t need configuring. Only the intel 915 driver has this support yet but others will eventually follow.
Now build and install the kernel:
/boot/grub/grub.conf to add the new kernel:
Rebuild the driver packages that attach to the kernel (tell me if has to be done after reinstalling, cause I forgot to do it :) ):
Upgrading to Ext4
Ext4 is the evolution of ext3 and provides tons of enhancements. Ext4 looks to be a real good modern filesystem. Linux is good.
/etc/fstab and change filesystems from ext3 to ext4.
If you have a seperate boot partition, it’s best to leave it as ext2 or ext3. If
/boot is part of your root filesystem, you’ll need to install a patched version of grub that understands ext4. In Gentoo versions of grub greater than 0.97-r9 have the patch built-in.
Or whatever you hard-disk is.
Next you’ll need to boot from an installCD as converting partitions should not be done on mounted media. I used the Sabayon DVD. This step take like a nanosecond.
And you’ll need to fsck to fix the nodes.
All is good in the world. Adio!
Following the ‘not enough time on my hands’ FreeBSD dive with a Power Mac, I decided to continue on BSD tourbus to OpenBSD. A good friend recommended it to me in the middle of my FreeBSD install and I’d of like to heard about it alot sooner. OpenBSD turned out to be a really great os, particularly for a router/firewall. I now have OpenBSD running successfully and it’s running good. The install does take a bit of work but the results are b-e-a-utiful.
OpenBSD is a shootoff of NetBSD (Berkly Software Distribution) that focuses on security – the code that is in OpenBSD is carefully audited. This guide will walk you through a basic install of OpenBSD (a few parts are macppc specific) and adds parts if you’d like to make OpenBSD a router.
Dual Boot MacOS?
The OpenBSD installer only has support for fdisk and not mac-fdisk so if you plan to dual-boot MacOS you should partition either with mac-fdisk (see the FreeBSD install link above), or with a Mac OS util like Disk Setup. Create one partition for Mac OS and another for OpenBSD. However, this install focuses on a whole disk install of OpenBSD.
Beginning with the installer
You might want to use OpenBSD’s Installation Guide as a companion guide along with this.
Put in the CD on a mac – you’ll have to start the cd from the Open Firmware prompt. Hold (Apple + option + O + F). at boot and at the OF prompt, type:
The release cd will allow you to install, upgrade or use the shell:
If you say no, you will be taken to fdisk where all you’ll be able to do is to type and label partitions. OpenBSD uses a two layer disk partitioning system: ‘fdisk’ and ‘disklabel’. If you are using the whole disk fdisk will be automatically configured.
‘disklabel’ is a tool to create partitions.
You’ll be shown available Network Interface Cards (NIC)s. If you’re building a router, you’ll have two. The first one will get it’s address via the ISP DHCP server. On the second one assign a LAN address like 192.168.111.7.
If you choose dhcp, OpenBSD install will try to get a lease from the DHCP server. I didn’t bother connecting the cables because InstallerCD’s are notably insecure and the installer doesn’t need it anyway.
Enter your Domain Name Servers (separated by a space) and password for root account. Choose your install sets, the defaults will give you a basic system.
Enter timezone, and then your done with the basics.
Reboot and start the Open Firmware prompt and boot OpenBSD by:
There are a few tasks that need to be done to finish the install following the afterboot manpage.
If a reliability or security issue effects you, you will have to patch your system – a detailed proposition which I will detail in another post.
check ‘date’, ‘hostname’, networking will be done in a bit.
Add new user
Set-mailserver aliases in
Run ‘newaliases’ to update sendmail aliases.
A sendmail-configuration file will need to be built, from papamike:
Sendmail configuration files are built with a macro-processor. A macro-processor is basically a program that scans text looking for defined symbols, which it replaces by other text — or other symbols. The one used with Sendmail is called m4… So m4 inputs a macro configuration file, with extension .mc, and outputs a sendmail configuration file to standard output. Typically we redirect this output to a file, with extension .cf
Luckily there are some examples. If not planning to use sendmail externally (i.e. to the internet) use openbsd-localhost.cf.
Then test it:
A valid config will give no output. Now tell the the sendmail daemon to load the configuration file at boot in
The -C/ is necessary, it’s not a typo.
Daily, weekly, monthly scripts
Run the daily and weekly scripts to make sure they run alright.
Rebuilding locate database:
Not installing locate database; zero size
vi /var/db/locate.database“, put a space in, save it “:x”, and run the weekly script again.
Tighten up security
OpenBSD doesn’t have a journaled file-system, meaning that you could lose critical disk data in event of a crash. Rather OpenBSD has incorporated soft updates a userland program that performs a likewise task that also improves disk performance by utilizing a cache. Adding the softdep option to each ffs partition in
/etc/fstab will enable soft updates at next boot.
CD/DVD define mount point
Following the Network FAQ. The installer will have created
/etc/hostname.<NIC> for each device you have. Make sure they are correct:
For a router, ip-forwarding will need to be enabled in
Enter your DNS servers in
If you are planning to be testing a firewall and disconnecting your internet-connection from time to time, its good to up dhclients timeout. ‘dhclient’ rechecks it’s connection to the DHCP server on an exponential scale if it is unable to locate it it will take down the WAN NIC. Add to
dhclient.conf and get larger timeouts as time goes by:
To be able to connect the LAN PC to the network this guide uses dnsmasq (a good solution for small networks) but first it is a good idea to setup firewall and close unused ports.
Enabling a Firewall
Building a firewall is a necessary evil, even on the most secure of systems networking will be the greatest security-hole. Here are a few tips for working with PF:
Enable PF at Boot:
‘ftp-proxy’ will need to be enabled to ftp past a firewall, first enable it at boot:
Enable ftp-proxy in the NAT section of your pf.conf:
And in the filter section, anchor ftp and allow pass out:
Another good idea is when writing block-rules to log them to be able to test the firewall and to see if there are any attempts to attack the firewall:
To check your PF configuration for errors, run:
A couple other commands:
To test the firewall in real time, run ‘pflogd’ then:
To have pflog load at boot:
You may have to reboot to have pflog0 show up in ifconfig. Now that the firewall is up you can start (or restart) the network:
Adding a Package
OpenBSD has two ways to add software: package and ports. Packages are pre-built binaries that can be downloaded and quickly installed onto your system and are the recommended way to add software to your system. OpenBSD also has a port system that contains information necessary to build packages and their dependencies from source.
Those are back ticks BTW. `uname -r` adds your release version of OpenBSD you are using and `machine -a` will be your architecture. To source (reload) your .profile so the variable is known to the korn shell:
Then add a package:
A couple other package commands:
Configure the LAN
Now that you can add a package you can add dnsmasq and get your router going. It is possible to define a static-route and not to have to use a DHCP server to define an address and route, but using a DHCP server makes the job tons easier. dnsmasq is a great lightweight application that will provide a route to and from the LAN machine. dnsmasq is also provides a DNS cacher to make resolving of domain names very very fast.
If planning on creating a LAN of > 50 machines you should use the pre-installed dhcpd.
dhclient.conf will need to be edited again to know that dnsmasq is handing dns requests. Redirect dhclient to localhost and dnsmasq will take it from there.
dhclient by default appends to
/etc/resolv.conf details to use the pre-installed BIND name server assuming people are going to use it. BIND isn’t enabled by default and since dnsmasq is handling this, comment out “lookup file bind” in
/etc/resolv.conf.tail and restart the network:
Now you can start dnsmasq:
To load at boot put in rc.local:
To have your LAN computer connect to your router set it to dhcp and connect.
Test DNS caching:
Do it again and you’ll notice a faster lookup.
Many NTP configurations default to pool.ntp.org which is great for a whole list to choose from from the entire world, but it’s better to use something local ;). Add to
Because ntpd slowly adjusts the clock if it’s off you can add to crontab entry to get it fixed daily:
Securing the Network
A good firewall will close ports but some applications may try to open them again. Best to close any ports you don’t need. Run netstat and get a good idea of what’s open:
Shows open ports:
TCP – 13 37 22 113
UDP – 514
To find out what these ports do:
daytime, time, ssh, auth, and syslog (udp). You can find more infomation about the port (like the program that opened it) with:
Most people don’t use daytime, time, auth anymore and can be safely disabled in
The Syslog port can not be turned off in inetd. It is invoked in rc.conf with no “-u” flag meaning that it is listening on UDP port 514 but that incoming packets are ignored, it is only used to send. You’ll will also see a couple ports open for tcp6 (ipv6) like ::1.587 or ::1.25 these are loopbacks (local) for ipv6 and will be secure from the outside world.
Using nmap is an ever more reliable way to test for open ports. Now that the firewall is up, you might want to add nmap and test it.
SSH opens port 22 to world by default, If you don’t plan on accessing from outside you can bind it to your LAN computer in
Also root login is a bad idea, since the regular user is able to su this is a good idea to define:
Add a key so trusted computers can connect:
Use a password that is not your login password. Name the output something useful like powermac-dsa-key. These keys by default are generated into the local
~/.ssh/ directory but belong in the accessee’s
~/.ssh directory. Move them to the LAN computer
~/.ssh to be a trusted computer.
That should get you a good start.
I had tried FreeBSD on an x86 machine about eight years ago and really liked it: good install, nice tools, excellent documentation. FreeBSD is the glitter of the BSD’s for it’s x86 centrality. So when I heard that FreeBSD was available for PowerPC’s I decided right away to try. Ok, it’s been a couple years, but I haven’t been in these circles lately. This is a guide to getting started on FreeBSD with the PowerPC differences being noted.
Read the whole guide before deciding to commit to FreeBSD. FreeBSD is still a newcomer to the PPC world and requires a good amount of attention. Or you might just want to help it out anyway.
Here are some Things You Just Learn As You Go
Check and see if the if the packages you need are supported for your platform. This is FreeBSD’s fault there is no mention about the ports which I’ll get to later.
Take the time and try to get to know someone in the ircchannel. No offense to the guys are #freebsd (a couple were very very helpful) but for the most part they are busy developing or working and they knew do book-loads of documentation for handbook and don’t want to repeat themselves.
Take your time with it. I thought coming from Linux I’d feel right at home but some tools are completely different – even versions of tools you have in Linux work slightly different.
The BSD that’s Right For You
Before you get into one BSD, all three are pretty unique, make sure you choose the right one. I got this great detail from jdbaker’s page (it’s several years old) but details it nicely.
…the one with the most bells and whistles is FreeBSD… FreeBSD has the largest development team, the largest user base, the largest number of ported applications, and the largest collection of active e-mail lists. It also has the best documentation… FreeBSD is extremely easy to install directly via an Internet connection.
FreeBSD currently runs on Intel-compatible 32-bit processors (including the AMD Athlon) and on the DEC Alpha processor (now out of production), and is being ported to Itanium, AMD’s x86-64 (Opteron/Sledgehammer), PowerPC, and Sparc64. While porting the operating system helps to flush out subtle bugs, portability is not FreeBSD’s specialty– it’s primarily of interest to owners of Intel-compatible hardware.
OpenBSD: Rock Solid Security, Fanatical Attention to Detail
OpenBSD is the perfectionist’s version of BSD. Almost Spartan compared to the others, it installs with many features intentionally disabled to avoid potential security holes. Its highly focused development team is constantly tweaking, critiquing, and auditing every line of the code, and their commitment to excellence shows in the operating system’s track record…
OpenBSD requires more technical knowledge and skill to use effectively than FreeBSD, and therefore is not the best choice for beginners… OpenBSD is available and actively developed for a wide range of hardware platforms, from x86 to Mac to Sun. It does not, however, cover as many platforms as does NetBSD…
NetBSD: Now playing everywhere
NetBSD is the portability champ of the BSDs, running on everything from generic x86 boxes to exotic hardware such as the BeBox and the Sega Dreamcast…. Keeping the operating system portable means keeping the code clean, and so the other BSDs often borrow code from NetBSD…
FreeBSD can be downloaded and put on a cd:
FreeBSD’s PowerPC installer has limited support for partitioning a disk. I discovered it was easiest to use mac-fdisk. I booted up my Gentoo Minimal InstallCD and partitioned on a 10G disk as:
I bobbed a bit from the FreeBSD recommendations. They recommended most the disk space should go to
/usr and very little to root. I planned to do back ups to
/ though and made it bigger, but /usr may not have been big enough –
/usr can fill up really fast with packages and the ports tree. If building a mail-server
/var should be much larger and closer to the top.
On older Newworld Power Macs the cd will not boot by holding down C, rather it has to be invoked from Open Firmware. Hold down Apple+Option+O+F at boot and type in this to boot the CD.
The FreeBSD Handbook is excellent documentation so I’ll just give a quick glance here and note differences in the PPC installer.
The arrow keys, space, and tab will navigate through the installer, read the quick start guide and other docs – they’re not that big.
NFS Secure yes, DHCP yes PCCard NO, set ftp username and password, /usr/bin/vi, media type CD.
Don’t worry if you forget anything you can latter enter sysinstall from disk and add what you need in configure post install.
Beginner Install Notes
Theres no console keymap selector yet but USB keyboards are supported. The disk editor is a trimmed down version of the one in the install guide, but with the disk already partitioned Iwas able to apply partitions to mount points. There’s also no boot manager setup and we’ll have to use Open Firmware again later to boot the new install.
When it come to Distribution types choose Kern-Developer so that the ports tree is added as well as the kernel sources (a custom kernel will likely have to be built). Now you will have to wait a bit as the files get loaded to disk.
A few network questions will be asked: DHCP, Gateway (for use as a network route which is what I’m doing), NO to inetd (very very insecure)… Don’t bother connecting to the network now as the install has no firewall and wouldn’t be secure. Besides with no packages available (besides the CD ones) it doesn’t do any good at this stage anyway.
No systemconsole settings or timezone. When you exit you’ll be asked to use UTC or local time. If this is the only OS you install on this machine choose UTC.
No Linux Compatibility or Mouse Settings. You’ll now get a message, “Unable to target packages/INDEX file from the selectedmedia” because you’re not connected to the internet but I doubt it would work even if you were.
Setup other users, When you get to “Visit the general configuration menu for a chance to set any last options?” I said yes and added ntpdate.
Grehan said this the best:
Here’s the rub: OpenFirmware doesn’t understand UFS2. It does understand iso9660 and HFS+, so the loader must live on a disk/partition of that type. So, you can…:
Define your own / hard-disk parition.
Alot of utilities in FreeBSD match those in Linux but at times provide a slight different flavor.
/etc/rc.conf is a general one-in-all configuration file for FreeBSD.
rc.conf will have options to start services, configure network cards…
/etc/inetd.conf will allow connections on ports and pass control of the connection to whichever program is listed.
Getting Hardware Working
During the boot process you may see that FreeBSD sees a device but will tell you (no driver attached). If you missed the boot up messages, you can look at them with:
FreeBSD will only load what it’s told to or what is built into the kernel. If your devices are on the hardware supported list then your device must be a module that was not loaded. Look in
/usr/src/sys/conf/NOTES or better
/usr/src/sys/<yourarch>/conf/NOTES and discover what the modules name is. Then locate the
The realtek chip I have on my network card wasn’t automatically loaded. To load a module:
kldstat will show loaded modules. Also check dmesg to see if it loaded correctly. To have it load permanently on boot add it to /boot/loader.conf (this file may have to be created).
You can see helpful examples of loader.conf stuff in /usr/share/examples/bootforth/ and “man loader.conf”.
Ok, thats long in tooth, I’ll try to make this next part more down to earth.
I don’t do anything without first creating a firewall to protect the pc and to build a firewall a kernel has to be compiled with support for it. When building a custom kernel you can also add any drivers you need and remove the ones you don’t for a leaner kernel.
FreeBSD provides three different firewalls, from the FreeBSD mailling list:
In my option the PF firewall has the easiest to use rule set and built in table functions for automated black listing attacking IP address. Its major weakness is it has very poorly designed logging function that results in very cumbersome usage.
IPFilter comes next. It has easy logging and rules usage. It lacks the auto black listing table building of PF. These two firewalls were ported to FreeBSD from other Unix flavored operating systems. Both have teams supporting and maintaining them.
The final firewall is IPFW that is the first firewall included in FreeBSD many years ago and was developed by the FreeBSD team. IPFW also lacks the auto black listing table building of PF, and its nated rules are much harder to get working using all stateful rules…
PF was originally designed as replacement for Darren Reed’s IPFilter, from which it derives much of its rule syntax. PF looks to be becoming the defacto firewall for FreeBSD and is listed first in the documentation.
PF by FreeBSD 7.1 isn’t built into the kernel so a custom kernel will need to be built. If you never compiled you own kernel before, don’t fret, if you know your hardware it’s realatively simple. There’s a configuration file where you enable any hardware and options:
/usr/src/sys/conf/NOTES will better describe the drivers and options available but it’s best not to add drivers/options from it as they are probably not supported in the PowerPC kernel yet. Also look at at “man <driver>” for more details about drivers and what other driver/options they depend on.
I uncommented the realtek-driver and took out a couple drivers I didn’t need:
Here are the other options I did. I passed safe-cflags for this particular Power Mac in
CONF_CFLAGS. Though the kernel doesn’t support altivec, GCC (the compiler) does, which will help build the kernel quicker. I also had to tolerate denying strict aliasing (which is normally a good idea to leave in) because the pf driver and a couple others refused to build with strict aliasing:
All other modules, drivers should be left in unless you know what you’re doing. The 7.1 powerpc kernel is still relatively young and the kernel config has all the options it needs or are available, tinkering too much will likely only bring problems.
Now build your kernel and install it:
If there is an error in your config gcc will recognize it and exit defining the config file followed by the line in doesn’t understand:
Or it will tell you options that are not allowed. “installkernel” will transfer your kernel to the boot directory and have it load automatically at boot.
Before you reboot your computer you may as well set up your firewall so that it will load at boot and you can get on the network.
rc.conf file will need to be edited so that PF will be loaded at boot:
Most times when you see an “
*_enable” listing in rc.conf, it is a daemon and can manually started (e.g.
/etc/rc.d/pf start) or else the system will need to be restarted for the daemon to load.
/etc/pf.conf file is the configuration file for the firewall. All rules for the firewall are put here. PF goes by the policy of “last match win”. That means that is a ruleset has a rule to “block all” before a rule allowing traffic that traffic will be allowed.
A few things to watch for when doing rules:
- “Last match wins” except for “quick” which disables any further rule processing for that packet.
- Alot of people use the policy: allow all out and filter in. This is good in most cases.
- ORDER is very very important. A missed placed rule, option, table, queing will not allow PF to load.
I’m not going to give my firewall out (it’s not there yet) but here’s a template to follow (NIC’s) can be found out with ifconfig:
To check your PF configuration for errors, run:
To setup your NIC in rc.conf:
Your hostname will need to be set too. The best I could figure it is look in your Windows, Mac, Linux(/etc/resolve.con), Networking program and look for search address. On Linux it came before the DNS servers and looked like:
Replace search with the hostname you want to call your pc.
Reboot your computer add you network cable and if all goes well, you have a new kernel load with firewall as a bonus. If it doesn’t just go back and select and select the old kernel (kernel.old) in Open Firmware.
A Few PF Commands
Now that network is going you can begin adding packages to FreeBSD. The first program to add is a lightweight DNS server so I can connect to the LAN, but before doing that the compiler needs to be setup.
Because we have to use the ports collection to add packages the compiler needs to be set up to compile them. With the compiler setup then we’ll compile cvsup to update the ports tree.
I built my
make.conf with known compiler flags for the Power MAC G4 processor for optimized builds and added the CVSup flags that will tell cvsup how to work:
If we were on a system supporting pre-build packages, adding a package would be easy:
However, since PPC users don’t have a package repository packages must be built with source-code. If you didn’t add the ports collection, go back into sysintall (in configuration) and install it now. You might also want to choose a nearby FTP (in Options). The ports tree will likely need to be updated the best way to do this is with cvsup. Cvsup will need to be installed first:
distclean‘ removes the downloaded source file and ‘
clean‘ removes the compiling files.
Each time you update the ports tree make sure you run ‘make index’ to build an index file.
Give yourself some time as this process can take awhile.
About updating grom Matthew on the FreeBSD mailing list:
…recommended (if you choose this route) that the first port
you install should be sysutils/portupgrade, then use portupgrade to
install everything else.
portsdb -U will update the ports tree and make an index (though cvsup is supposed to be faster).
Other FreeBSD Utils
To find a port with it’s information:
ports-mgmt/portaudit which will automatically check all installed applications for known vulnerabilities; a check will be also performed before any port build.
Send a BugReport
To be able to connect the LAN to the internet defining static-routes turned out to be a humungous task, so I decided to install a DNS server on the Network Router to define routes for me rather trying to manually define them.
FreeBSD by default installs BIND the well-known industry-standard of name servers. BIND is powerful and robust but is overkill for a Network Router serving one or two machines and a pc that only as 512 of memory.
I really like FreeBSD and I wanted to build it. I’m done a backup and haven’t made up my mind to what I’m going to do. For now I just need to find out how to get a network router up and running.
There’s alot of attribution going out. To the guys at #freenode, thanks understanding my Linux-presupposition. And to JohnBlue in the FreeBSD forums when I made things tougher than they needed to be. A big thanks to cyberciti who had a lot of good tips on configuring FreeBSD. And anyone elses wikis, blogs that Iread. FreeBSD makes me want to get an x86. :)
I had been considering building my own server for a home network and decided to buy an old garage Power Mac G4 400. This is a good computer and will work great as a server definitely so I decided to install Ubuntu Server on it. I’m a Gentoo user normally but being the adventure that I am I decided to try something new.
Ubuntu official doesn’t support PowerPC documentation or installation-CDs anymore but the community do still produce installtion-CDs.
Processor - G4 400MHz RAM - 512 MB Videocard - Rage 128 Pro, AGP 4xsl Hard Drive - 10.3 Quantum Fireball LM10.2 Network - Built-in Sun GEM Gigabyte Ethernet - TRENDnet TEG-PCITXR Gigabyte Ethernet - uses Realtek 8169 chipset
The best place to begin with an old computer is to test the hardware. Apple has done a good thing and made their PowerPC Hardware Test CDs available for download. You’ll need Mac OS X to burn CD dmg images though, I’ve tried various Windows (MagicISO) and Linux utilies (dmg2iso, dmg2img, acetoneiso2) that don’t work.
I’m building a server to use as a firewall so all the hardware is there except an additional network card. Another network card will be needed to route to another computer. Here’s good list of Power Mac G4 network cards that work in OS X, check and see if there is a Linux driver for them. The card listed above does.
The firmware will need to be updated to the most recent available. You can check this by booting into Open Firmware (Apple + Option + O + F) at boot and looking at the OF version on the top then compare it to the newest on Apple’s website.
This firmware update requires Mac OS 9.1, luckily I have an old iBook 9.0 install disk that installed. The old software update panel doesn’t work any more though but the 9.1 update can be downloaded. I downloaded the files onto my Linux desktop and burned them to disk:
mkisofs -o PowerMacG4-Updates.iso G4_FW_Update_4.2.8.smi.bin \ Mac_OS_9.1_Update.smi.bin cdrecord -v -dao PowerMacG4Firmware.iso
Reset NVRAM, PRAM, Clock
It’s a real good idea to reset the NVRAM, PRAM and Clock in case any values are set incorrectly:
- Remove or disconnect the memory battery. Leave the battery disconnected for 5-10* minutes.
- Reinstall or reconnect the battery.
- Depress the CUDA (aka PMU) button (for 5 seconds) with a non-metallic (plastic, wood, etc.) device.
- If this doesn’t work, change the RAM. Either add or remove a stick then zap the PRAM (Apple+Option+P+R), wait for three chimes. After that shutdown, add/remove the RAM and start again.
Clock Set, Optional Password
Boot into Open Firmware again and set the clock (military time):
decimal dev rtc sec min hour day month year set-time
Optionally you can add security so no one can tamper your Open Firmware settings, and add protection from being able to be able to boot directly to disk, CD, or netboot.
I used Linux to download and burn the install CD, Ubuntu CD’s can be found here.
And burned them with:
cdrecord -v dao name.iso
The Power Mac G4 Sawtooth Open Firmware only has rudimentary support for Linux and cannot boot Linux CD’s by holding down C or holding down option. Rather you will need to direct OF to the Linux InstallCD’s yaboot file:
Select Kernel and Options
The Ubuntu Installer will now ask what kernel to load and will tell of a few options that can be passed to the kernel. For most people, the default install-ppc will do – use -smp for duelcpu systems. I decided on the expert-powerpc.
Switch to Console for a Couple Tasks
When the installer begins a couple tasks may need to be done. First if you didn’t use the Apple Hardware Test Disk, check the hard disk now for bad blocks. Also the console too add the ide-scsi device to the kernel, the Debian installer fails to recognize it. Get to the second console by pressing Ctrl + Alt + F2.
Check for Damaged Blocks on Drive(s):
Bad blocks can cause serious problems running software. If you discover a bad block it will be marked and not used but be warned when drives begin to get bad blocks the drive is almost always failing.
mac-fdisk -l mke2fs -j -c /dev/sda
DVD/CD-ROM Drive Not Detected
On this computer, the installer failed to load the driver to have the DVD/CD-ROM work (go ahead – it won’t hurt if you don’t need it):
Return to the install by doing Ctl + Alt + F1
Time to Build
Basically you just go step by step. Select you langauge and in keyboards select “macintosh” for keyboard. “Detect and Mount CD-ROM” should now work, then “Load debconf…” and then “Load installer components from CD”. I did this quickly after the “Detect and Mount…” option because once the CD was forgoten by the installer.
In “…InstallerComponents” the only option I choose was “mirror select” but its buggy and didn’t work for me. You can find the mirrors available and then you have to enter the mirror without any subdirectories (e.g. ftp.osuosl.org) in the next dialog enter the subdirectorties (e.g /pub/ubuntu-releases/). I ended up choosing the default UK mirror. The mirror can later be change in
You’ll need to have to download some files for the download to complete so setup the network.
When you get to partitioning choose the one right for you. I decided on the LVM with encryption. This too has a bug. I got a dialog that said “No NewWorld boot partition was found…”. Yaboot (the Mac bootloader) requires this to boot. As I said its a bug and you can ignore it. It will ask you, “Go back to the menu and resume partitioning?” Select “No” and write the partition table.
The rest should be pretty self explanitory, configure the package manager, users… I opted to have a root account because I know “rm -f /” is bad. ;) Install the software you need. The Ubuntu Server Guide details plenty of options: a dns server, firewall, web server… I installed OpenSSH server because it’s easier just to have one monitor on my desk. LAMP to use apache for webadmin tasks (OSSEC-HID, snort) and DNS Server to setup a local LAN.
Now install the yaboot bootloader (skip LTSP), and thats all you need to do. End the installtion and it’ll ask you what type of clock you want. I set the clock to UTC time.
Reboot system and see your new Ubuntu server.
I’ve built a script to use from the command line that I’ve put on the Ubuntu Forums for package management.
change console font in
Debians bashrc tanks – better bashrc
Good luck with your new OS!