Browsed by
Category: How To

Ubuntu 14.04 LXC Setup with Unprivileged Containers

Ubuntu 14.04 LXC Setup with Unprivileged Containers

Comments 0 Comment

I have been spending a lot of time searching for alternatives to virtual machines. I do love my VMs but I hate the idea of dedicating resources (such as RAM) that never get used. There is memory ballooning but it is a trade off for the usage of other resources. Also I am crazy and obsessive about efficiency. VMs still have their place but we now have a new, awesome tool available to us: LXC.

Install

The LXC team offers us a PPA making this setup super easy. This will also handle future updates for us.

Install the software…
sudo apt-add-repository -y ppa:ubuntu-lxc/stable
sudo apt-get update
sudo apt-get install lxc

Network

Optional
You could skip this step but then you would only be able to access your containers on the same host on which they are run. There is also port forwarding (say, via iptables) but that is overly complicated for anything other than simple TCP/UDP stuff (and boring). We are going to do a bridge so that all containers can access the network and all remote hosts can access the containers as if they were physical machines on the network.

This should have been installed with LXC but just to be safe…
sudo apt-get install bridge-utils

Fire up your favorite text editor and open /etc/network/interfaces. In it add
auto lxcbr0
iface lxcbr0 inet static
 address [primary IP address]
 netmask [primary netmask]
 gateway [primary gateway]
 dns-nameservers [primary DNS server(s)]
 bridge_ports [primary network interface]
replacing everything above within and including the brackets.

Next we need to replace all lines for the primary network interface with
iface eth0 inet manual

You may have multiple network segments. Configuring this is left as an exercise for the user.

Unprivileged Containers

We could just start creating containers now. However a potential problem may arise as they will all be run as root. Theoretically this is fine because you should never be able to break out of a container but bugs happen. So we are not making ourselves more vulnerable than we need to be we will be setting up unprivileged containers to be run as our unprivileged user.

Allow our user account to use the bridge…
echo "$USER veth lxcbr0 1024" | sudo tee -a /etc/lxc/lxc-usernet

Create Upstart script…
In /etc/init/lxc-unprivileged.conf add…
description "LXC Unprivileged Containers"
author "Mike Bernson <mike@mlb.org>"

start on started lxc

script
 USERS="[user]"

 for u in $USERS; do
  cgm create all lxc$u
  cgm chown all lxc$u $(id -u $u) $(id -g $u)
  lxc-autostart -L -P /home/$u/.local/share/lxc | while read line;
  do
   set -- $line
   /usr/local/bin/startunprivlxc lxc$u $u $1
   sleep $2
  done
 done
end script

Make sure to replace [user] with your user account.

Create the container start script…
In /usr/local/bin/startunprivlxc add…
#!/bin/sh

cgm movepid all $1 $$
sudo -iH -u $2 -- lxc-start -n $3 -d

… and make it executable…
sudo chmod +x /usr/local/bin/startunprivlxc

Create our mappings and settings for our containers to use…
mkdir -p ~/.config/lxc/
echo "lxc.id_map = u 0 100000 65536" > ~/.config/lxc/default.conf
echo "lxc.id_map = g 0 100000 65536" >> ~/.config/lxc/default.conf
echo "lxc.network.type = veth" >> ~/.config/lxc/default.conf
echo "lxc.network.link = lxcbr0" >> ~/.config/lxc/default.conf

Create Contaiers

Here is where the magic happens.

lxc-create --name [name] --template download

Again with the text editor open ~/.local/share/lxc/[name]/config. In it add
lxc.start.auto = 1

Make sure to replace [name] with your container name in both commands.

These two steps will allow you to create new, unprivileged containers which autostart on boot running the distribution, release, and architecture of your choice.

Attach to Contaiers

In order to get into the console you only need a single command…
lxc-attach --name [name]

If you like you can use this to install an SSH server (do not forget to setup a new user so you are not logging in as root). You could also just log into the host and lxc-attach each time. Up to you.

More

There are many more things you can do. For example, create separate networks (say, one for public communications and another for container-to-host-to-container communications) or limit resources so one rouge container does not ruin it for the others and the host itself. A dedup‘ing filesystem (such as ZFS) would also probably get great ratios.

Research, experiment, and play with this very cool bit of engineering.

Sources

https://www.launchpad.net/~ubuntu-lxc/
https://help.ubuntu.com/lts/serverguide/network-configuration.html
https://help.ubuntu.com/lts/serverguide/lxc.html

Thanks

Mike Bernson

https://lists.linuxcontainers.org/pipermail/lxc-users/2015-January/008221.html
https://lists.linuxcontainers.org/pipermail/lxc-users/2015-January/008222.html

Compile and Install PostgreSQL 9.2.x from Source on Ubuntu 13.04 Server

Compile and Install PostgreSQL 9.2.x from Source on Ubuntu 13.04 Server

Comments 3 comments

Working on a project for which I am using MySQL. As much as I love the thing it has been scaring me a little since Oracle bought them. They have pledged to keep the project open-source friendly a while back but I still worry. PostgreSQL seems like it might be a good fit for me so here are the steps I took to get it up and running from source on Ubuntu 13.04 Server.

  • Make sure our required tools are installed:


    sudo apt-get update
    sudo apt-get install zlib1g-dev libreadline6-dev gcc make

  • Download the latest source and extract:


    wget ftp://ftp.postgresql.org/pub/source/v9.2.x/postgresql-9.2.x.tar.bz2
    tar xjfv postgresql-9.2.x.tar.bz2

    Note
    I am using v9.2.4 for this example as it was the latest at the time of this writing. Simply replace x with your version number.

  • Compile and install:


    cd postgresql-9.2.x/
    ./configure
    make -j y world
    sudo make install-world

    Note
    Replace y with the number of processor cores you would like to use. This step generally does not take long so if you wanted to omit -j and its argument all together that would also work.

  • Copy start up script:


    sudo cp contrib/start-scripts/linux /etc/init.d/postgresql

  • Remove working directory:


    cd ../
    rm -rf postgresql-9.2.x/
    rm postgresql-9.2.x.tar.bz2

  • Add user:


    sudo useradd postgres

  • Create data directories:


    sudo mkdir /var/lib/postgresql/
    sudo chown postgres:postgres /var/lib/postgresql/

    Create data:


    sudo su - postgres -c "/usr/local/pgsql/bin/initdb -D /var/lib/postgresql/"

  • Create configuration directory:


    sudo mkdir /etc/postgresql/
    sudo chown postgres:postgres /etc/postgresql/

    Move configuration:


    sudo mv /var/lib/postgresql/postgresql.conf /var/lib/postgresql/pg_hba.conf /var/lib/postgresql/pg_ident.conf /etc/postgresql/

    Open postgresql.conf:


    sudo nano /etc/postgresql/postgresql.conf

    Change postgresql.conf:


    data_directory = '/var/lib/postgresql/'
    external_pid_file = '/var/run/postgresql.pid'

    Note
    These are the bare minimum changes. You will probably want to scan the file and change it to better suit your needs.

  • Open start up script:


    sudo nano /etc/init.d/postgresql

    Change start up script:


    PGDATA="/etc/postgresql/"
    PGLOG="/var/log/postgresql.log"

    Under ## EDIT FROM HERE add:


    PGGROUP=postgres
    PGPID="/var/run/postgresql.pid"

    Above su - $PGUSER -c "$DAEMON -D '$PGDATA' &" >>$PGLOG 2>&1, under start) add:


    touch $PGPID
    chown $PGUSER:$PGGROUP $PGPID

    Under su - $PGUSER -c "$PGCTL stop -D '$PGDATA' -s -m fast", under stop) add:


    rm $PGPID

  • Make start up script executable:


    sudo chmod +x /etc/init.d/postgresql
    sudo update-rc.d postgresql defaults

  • Start service:


    sudo service postgresql start

  • [Optional] Make commands available to all users:


    sudo ln -s /usr/local/pgsql/bin/* /usr/local/bin/

    [Optional] Make C includes and libraries available to all users:


    sudo ln -s /usr/local/pgsql/include/* /usr/local/include/
    sudo ln -s /usr/local/pgsql/lib/* /usr/local/lib/
    sudo ldconfig

    Note
    These just make life slightly easier. If you prefer you can always just call everything by their absolute paths or put them in your $PATH.

Sources
http://www.postgresql.org/docs/current/static/installation.html
http://www.postgresql.org/docs/9.2/static/server-start.html

Compile and Install Redis 2.6.x from Source on Ubuntu 13.04 Server

Compile and Install Redis 2.6.x from Source on Ubuntu 13.04 Server

Comments 1 comment

Working on a project for which I am using MySQL. As much as I love my relational databases they may not always be the best tool for the job. As such, for the first time, I am evaluating other solutions. Redis seems like it might be a good fit for me so here are the steps I took to get it up and running from source on Ubuntu 13.04 Server.

  • Make sure our required tools are installed:


    sudo apt-get update
    sudo apt-get install make gcc

  • Download the latest source and extract:


    wget http://redis.googlecode.com/files/redis-2.6.x.tar.gz
    tar xzfv redis-2.6.x.tar.gz

    Note
    I am using v2.6.14 for this example as it was the latest at the time of this writing. Simply replace x with your version number.

  • Compile and install:


    cd redis-2.6.x/
    make -j y
    sudo make install

    Note
    Replace y with the number of processor cores you would like to use. This step generally does not take long so if you wanted to omit -j and its argument all together that would also work.

  • Copy and open Redis configuration:


    sudo mkdir /etc/redis/
    sudo cp redis.conf /etc/redis/
    sudo nano /etc/redis/redis.conf

    Change the following options:


    daemonize yes
    dir /var/lib/redis/
    syslog-enabled yes
    syslog-ident redis
    syslog-facility local0

    Note
    These are the bare minimum changes. You will probably want to scan the file and change it to better suit your needs.

  • Remove working directory:


    cd ../
    rm -rf redis-2.6.x/
    rm redis-2.6.x.tar.gz

  • Add user:


    sudo useradd redis

  • Create data directories:


    sudo mkdir /var/lib/redis/
    sudo chown redis:redis /var/lib/redis/
    sudo mkdir /var/log/redis/
    sudo chown redis:redis /var/log/redis/

  • Setup start up script:


    sudo nano /etc/init.d/redis-server

    Within this file add the following and save/close:


    #! /bin/sh

    ### BEGIN INIT INFO
    # Provides: redis-server
    # Required-Start: $syslog $remote_fs
    # Required-Stop: $syslog $remote_fs
    # Should-Start: $local_fs
    # Should-Stop: $local_fs
    # Default-Start: 2 3 4 5
    # Default-Stop: 0 1 6
    # Short-Description: redis-server - Persistent key-value db
    # Description: redis-server - Persistent key-value db
    ### END INIT INFO

    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    DAEMON=/usr/local/bin/redis-server
    DAEMON_ARGS=/etc/redis/redis.conf
    NAME=redis-server
    DESC=redis-server
    PIDFILE=/var/run/redis.pid

    test -x $DAEMON || exit 0

    set -e

    case "$1" in
    start)
    echo -n "Starting $DESC: "

    touch $PIDFILE
    chown redis:redis $PIDFILE

    if start-stop-daemon --start --quiet --umask 007 --pidfile $PIDFILE --chuid redis:redis --exec $DAEMON -- $DAEMON_ARGS
    then
    echo "$NAME."
    else
    echo "failed"
    fi

    ;;

    stop)
    echo -n "Stopping $DESC: "

    if start-stop-daemon --stop --retry 10 --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
    then
    echo "$NAME."
    else
    echo "failed"
    fi

    rm -f $PIDFILE

    ;;

    restart|force-reload)
    ${0} stop
    ${0} start

    ;;

    status)
    echo -n "$DESC is "

    if start-stop-daemon --stop --quiet --signal 0 --name ${NAME} --pidfile ${PIDFILE}
    then
    echo "running"
    else
    echo "not running"

    exit 1
    fi

    ;;

    *)
    echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" >&2

    exit 1

    ;;
    esac

    exit 0

    Make script executable:


    sudo chmod +x /etc/init.d/redis-server
    sudo update-rc.d redis-server defaults

  • Start the server:


    sudo service redis-server start

Notes

  • I have not experimented with this on a 32-bit machine but I doubt it would be very useful for anything other than seeing what is what. If you are going to use this in anything remotely resembling a production environment I would use a 64-bit machine without question.
  • I disabled snapshotting for my tests as I will not need it. If you end up using it– such as in the default configuration– you might want to add vm.overcommit_memory = 1 to /etc/sysctl.conf.
Show Hidden Files in OS X 10.7 (Lion) and OS X 10.8 (Mountain Lion)

Show Hidden Files in OS X 10.7 (Lion) and OS X 10.8 (Mountain Lion)

Comments 1 comment

After a long search I recently replaced my aging netbook. I ended up with one of the new 13″ MacBook Airs on which I dual-boot OS X (for firmware updates, Xcode for iOS development) and Linux Mint.

Attempting to access an older project with some hidden files I discovered I could not see them by default. I went into File -> Preferences..., no option. I went into View -> Show View Options, nothing there that helped. Turns out the solution is a bit more cumbersome.

What you need to do is open Terminal and type in:

defaults write com.apple.Finder AppleShowAllFiles YES

Make sure you restart Finder after for the change to take effect.

Convert an OpenCV 2 Image to an Allegro 5 Image In C/C++

Convert an OpenCV 2 Image to an Allegro 5 Image In C/C++

Comments 0 Comment

Just a quick sample for converting an OpenCV 2 image (Mat) to an Allegro 5 image (ALLEGRO_BITMAP).

First we need to setup some things and have places to store some stuff:

#include <allegro5/allegro.h>
#include <allegro5/allegro_image.h>
#include <cv.h>
#include <highgui.h>

cv::VideoCapture video([device number/filename]);
cv::Mat frame;
ALLEGRO_BITMAP *image = al_create_bitmap([width], [height]);

Next the guts:

video >> frame;
if ( !frame.empty() ) {
	al_set_target_bitmap(image);
	al_lock_bitmap(image, ALLEGRO_PIXEL_FORMAT_ANY, ALLEGRO_LOCK_WRITEONLY);
	for ( int y = 0; y < [height]; y++ ) {
		for ( int x = 0; x < [width]; x++ ) {
			cv::Vec3b &pixel = frame.at(y, x);
			al_put_pixel(x, y, al_map_rgb(pixel[2], pixel[1], pixel[0]));
		}
	}
	al_unlock_bitmap(image);
}

A few notes:

  • OpenCV 2 does not often work in RGB unless you make it. It is typically the reverse, BGR. Unless you have a specific need I see no reason not to do the conversion on-the-fly as above.
  • This sample assumes everything is the same width, height, color depth, ect, so watch out for that. Allegro, in particular, may slow to a crawl if you do not watch your conversions.
  • I am very not happy with the performance of this so it does need some work in that respect. It does, however, work very well otherwise. My goal is to get my Atom-based netbook running this smoothly. The Raspberry Pi may be a pipe dream but I am going to try.
  • This was tested in Linux with hardware I know what to expect out of. If there is any chance your webcam/video/whatever may return something other than a 24-bit (uint8, uint8, uint8) BGR color space you will need to account for that. Both OpenCV and Allegro have a number of functions/macros for that kind of thing.

This is mostly for my own notes but I figured someone else might also be interested. None of this is meant to be complete but, if you are struggling like I was, this should be all you need to pass that hurdle. Give a man a fish… alright, back to my cold, week-old “chinese” food and root beer.

Update 2012.11.28
After some more experimentation (and a nudge in the right direction from Peter Wang) I have tweaked the guts and it now runs much, much faster:

video >> frame;
if ( !frame.empty() ) {
	ALLEGRO_LOCKED_REGION *region = al_lock_bitmap(image, ALLEGRO_PIXEL_FORMAT_ANY, ALLEGRO_LOCK_WRITEONLY);
	for ( int y = 0; y < [height]; y++ ) {
		for ( int x = 0; x < [width]; x++ ) {
			uint32_t *ptr32 = (uint32_t *)region->data + x + y * (region->pitch / 4);
			*ptr32 = (frame.data[y * webcam_width * 3 + x * 3 + 0] << 16) | (frame.data[y * webcam_width * 3 + x * 3 + 1] << 8) | (frame.data[y * webcam_width * 3 + x * 3 + 2] << 0);
		}
	}
	al_unlock_bitmap(image);
}

Encrypted Linux Mint 13 and Linux Mint 14 Install

Encrypted Linux Mint 13 and Linux Mint 14 Install

Comments 15 comments

As an updated version of my previous article, here are the steps I took to get an encrypted Linux Mint 14 install. This article should also be used for Linux Mint 13 as I discovered some very minor issues with the old method (seriously, they were so minor I would not bother reinstalling if you were not already planning to).

So, zzzoooooommm:

  • Boot into any Linux Mint 13 or Linux Mint 14 installation disc.
  • Setup our storage:
    • In a terminal install and load the required tools: sudo apt-get install -y cryptsetup lvm2 && sudo modprobe dm-crypt
    • In a terminal partition sda: ( echo "o" ; echo "n" ; echo "p" ; echo "1" ; echo "" ; echo "+256M" ; echo "n" ; echo "p" ; echo "2" ; echo ""; echo ""; echo "w" ) | sudo fdisk /dev/sda
      • Some might call a 256MB /boot partition a bit excessive. Storage is cheap so it does not bother me too much but you could go down to ~64MB or so. Resizing an encrypted partition is not as easy as resizing an unencrypted one so if you are unsure ~128MB might be a better minimum.
      • This will wipe all of sda.
    • [Optional] In a terminal, if you are very paranoid, fill your encrypted partition with random garbage using one of these:
      • Much faster: sudo dd if=/dev/urandom of=/dev/sda2 bs=1M
      • More secure: sudo shred /dev/sda2
    • In a terminal create an encrypted LUKS device: sudo cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --verify-passphrase /dev/sda2
    • In a terminal open the encrypted device: sudo cryptsetup luksOpen /dev/sda2 system
      If you would like to do multiple installations you can replace system with virtually any name you like so long as you replace it with the same name throughout this article. I suggest you use the inteded hostname either way.
    • In a terminal create your encrypted logical volumes: sudo vgcreate system /dev/mapper/system && sudo lvcreate -n root -l 100%FREE system
    • In a terminal format the partitions: sudo mkfs.ext2 /dev/sda1 ; sudo mkfs.ext4 /dev/mapper/system-root
      • I always like to specify -m 0 for both filesystems (turns off the reserved blocks percentage). If everything explodes, for some reason, and I can not boot I can always get in with a LiveCD.
  • Install Linux Mint 14:
    • Open the Install Linux Mint shortcut on the desktop.
    • When asked about the the automatic partitioning select Something else.
    • Select /dev/sda1 and click the Change… button.
      • Under Use as select Ext2 file system.
      • Under Mount point select /boot.
    • Select /dev/mapper/system-root and click the Change… button.
      • Under Use as select Ext4 journaling file system.
      • Under Mount point select /.
    • Make sure /dev/sda is selected for Device for boot loader installation.
    • Click Install Now.
      • When it complains about the swap space just continue as we will do this later.
      • When it complains about the the existing partitions not being formatted just continue. We formatted them in a previous step but if you like you can do it again here to get the installer filesystem defaults.
    • [Optional] When you get to the Who are you screen check Log in automatically. Since you will need to enter a passphrase to unencrypt the disk there is no threat if the machine falls into the wrong hands (there are a lot of ninjas in my apartment). I recommend setting the user password to match the encrypted passphrase for simplicities sake.
    • When the installation is completed and you are prompted to restart select Continue Testing.
  • Ready new Linux Mint 14 installation:
    • In a terminal mount new installation: sudo mount /dev/mapper/system-root /mnt && sudo mount /dev/sda1 /mnt/boot && sudo mount -o bind /dev /mnt/dev && sudo mount -o bind /sys /mnt/sys && sudo mount -t proc proc /mnt/proc
    • In a terminal change into new installation: sudo chroot /mnt
    • In a terminal setup network resolution: echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" >> /etc/resolv.conf
    • In a terminal install and load the required tools: apt-get install -y cryptsetup lvm2
    • In a terminal setup our configuration for booting: echo "system UUID=$(ls -l /dev/disk/by-uuid | grep sda2 | cut -d ' ' -f 9) none luks" > /etc/crypttab && update-initramfs -u -k all
    • [Optional] In a terminal add swap: dd if=/dev/zero of=/swap bs=1M count=$((`free -m | grep -e "^Mem:" | sed -e 's/^Mem: *//' -e 's/  *.*//'` * 2)) ; chown root:root /swap ; chmod 600 /swap ; mkswap /swap ; echo "/swap none swap sw 0 0" >> /etc/fstab
    • In a terminal change back to LiveCD: exit
    • In a terminal unmount new installation: sudo umount /mnt/proc ; sudo umount /mnt/sys ; sudo umount /mnt/dev ; sudo umount /mnt/boot && sudo umount /mnt
  • Reboot into your new, encrypted installation.

A few notes:

  • If you already have an installation you want to encrypt without a fresh install the steps should be very similar. You will need to setup GRUB 2 yourself as, per this article, the Linux Mint 14 installer does it for you. I have not experimented with it but it should not be too hard to figure out.
  • These instructions may very well work with other distros, too, but I have not tested that.
  • This can all probably be stuck into a script. Maybe I will some time down the road (hell, I do enough of these a month).
Compile Allegro 5.0.x on Linux Mint and Ubuntu

Compile Allegro 5.0.x on Linux Mint and Ubuntu

Comments 4 comments

As a sister article to my Cross Compile Allegro 5 Programs in Linux for Windows post, here are the steps I took to get Allegro 5 installed on Linux Mint 13, Linux Mint 14, and Ubuntu 12.10:

  1. Download and extract the latest .tar.gz-compressed source.
  2. Install the required packages: sudo apt-get install -y cmake g++ freeglut3-dev libxcursor-dev libpng12-dev libjpeg-dev libfreetype6-dev libgtk2.0-dev libasound2-dev libpulse-dev libopenal-dev libflac-dev libdumb1-dev libvorbis-dev libphysfs-dev
    • [Note] Would be a good idea to do a sudo apt-get update first.
  3. Create a workspace: mkdir "build" && cd "build/"
  4. Create make files: cmake "../"
    • [Note] By default cmake will want to configure make for a release shared build. If you want a debug build you will need -DCMAKE_BUILD_TYPE=Debug or -DCMAKE_BUILD_TYPE=Profile for a profiling build.
  5. Compile: make
    • [Optional] By default make will not eat up all the processing power it can. Add -j# to change this behavior, where # is the number of job you would like to have running in parallel. If you machine is more or less idle the number of processors available should not hurt anything. If you are using your machine you might want to some half that number instead.
  6. Install to respective paths: sudo make install && sudo ldconfig
    • [Optional] Recommended if you are unsure as to why this step is optional.

If you want to compile an Allegro 5 C++ application– assuming you completed all the steps above and have g++ installed– you can run g++ [source file(s)] -o [output] `pkg-config --libs allegro-5.0`. There are, of course, many more Allegro 5 add-ons (check out pkg-config --list-all | grep allegro) but I will leave using those up to you to discover on your own.

As of this writing Allegro 5 v5.0.8 was the latest version.

Update 2012.11.28
Seems I already had some things installed from some other projects so I did not notice some missing dependencies. Thanks to weapon_S and sorry about that.

Shutting Down Windows 7 Without Installing Updates

Shutting Down Windows 7 Without Installing Updates

Comments 0 Comment

With the exception my gaming machine I have abandoned Windows. Still, however, I do some times deal with it.

One of the more common annoyances is trying to shutdown when Windows has downloaded, but not installed, updates. In this case Windows may take forever and a day to finally cut the power. If you need to go somewhere in a rush, this blows. If you are on a laptop and the battery is about to die you are better off with hibernation (which has to be enabled, takes up a decent amount of disk space, and has its own problems), putting the machine to sleep (which has its own problems), or just letting it die at the desktop. If you interrupt the update process– say, because it has been nearly 30 minutes– you risk explodeorizing your install.

There is an option built into Windows 7 that will allow you to add an ‘Install Updates And Shut Down’ in Shut Down Windows dialog box option. For some reason it is not enabled by default, but that is pretty easy to take care of:

  • Start, Run, enter gpedit.msc.
  • Surf over to User Configuration, Administrative Templates, Windows Components, Windows Update.
  • Edit Do not adjust default option to ‘Install Updates And Shut Down’ in Shut Down Windows dialog box to be Enabled. Make sure Do not display ‘Install Updates and Shut Down’ Option in Shut Down Windows dialog box is not set to Enabled.

The option will only appear when there are updates that need installing. You could also change your Windows Update settings but if you got here you probably are not interested in doing that.

I have not tested this with other versions of Windows. I assume this applies to Vista/Server 2008 and up but do not hold me to that.

Encrypted Linux Mint 13 Install

Encrypted Linux Mint 13 Install

Comments 4 comments

Check out my other article instead of this one.

Unity is a nice interface which is becoming increasingly polished. As a matter of fact I have switched a number of family members over and they are loving it. It, however, is seriously flawed for “power users” like myself. For example, I often have many text editors open at once and Unity slows me way down (yes, I lived in it for at least one month to give it a fair chance, no this is not an article about why I dislike Unity for my own use).

I have since moved over to Linux Mint 13 with Mate. Since I hate the idea of having any of my data unencrypted, and Linux Mint 13 does not support it in the installer, I needed a solution. I even held off installing it on all my machines until I could ensure my useless collection of funny pictures were protected from… some… scary, funny picture-related threat.

Any way, we should get started before I start looking at those pictures for the rest of the day. I am going to assume sda here but if you want to use another disk simply substitute for that.

Here we go:

  • Boot into any Linux Mint 13 installation disc.
  • Setup our storage:
    • In a terminal install and load the required tools: sudo apt-get install -y cryptsetup lvm2 && sudo modprobe dm-crypt
    • In a terminal partition sda: ( echo "o" ; echo "n" ; echo "p" ; echo "1" ; echo "" ; echo "+256M" ; echo "n" ; echo "p" ; echo "2" ; echo ""; echo ""; echo "w" ) | sudo fdisk /dev/sda
      • Some might call a 256MB /boot partition a bit excessive. Storage is cheap so it does not bother me too much but you could down down to ~64MB or so. Resizing an encrypted partition is not as easy as resizing an unencrypted one so if you are unsure ~128MB might be a better minimum.
      • This will wipe all of sda.
    • [Optional] In a terminal, if you are very paranoid, fill your encrypted partition with random garbage using one of these:
      • Much faster: sudo dd if=/dev/urandom of=/dev/sda2 bs=1M
      • More secure: sudo shred /dev/sda2
    • In a terminal create an encrypted LUKS device: sudo cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --verify-passphrase /dev/sda2
    • In a terminal open the encrypted device: sudo cryptsetup luksOpen /dev/sda2 system
      If you would like to do multiple installations you can replace system with virtually any name you like so long as you replace it with the same name throughout this article.
    • In a terminal format the partitions: sudo mkfs.ext2 /dev/sda1 ; sudo mkfs.ext4 /dev/mapper/system
      • I always like to specify -m 0 for both filesystems (turns off the reserved blocks percentage). If everything explodes, for some reason, and I can not boot I can always get in with a LiveCD.
  • Install Linux Mint 13:
    • Open the Install Linux Mint shortcut on the desktop.
    • When asked about the the automatic partitioning select Something else.
    • Select /dev/sda1 and click the Change… button.
      • Under Use as select Ext2 file system.
      • Under Mount point select /boot.
    • Select /dev/mapper/system and click the Change… button.
      • Under Use as select Ext4 journaling file system.
      • Under Mount point select /.
    • Make sure /dev/sda is selected for Device for boot loader installation.
    • Click Install Now.
      • When it complains about the swap space just continue as we will do this later.
      • When it complains about the the existing partitions not being formatted just continue. We formatted them in a previous step but if you like you can do it again here to get the Linux Mint 13 filesystem defaults.
    • [Optional] When you get to the Who are you screen check Log in automatically. Since you will need to enter a passphrase to unencrypt the disk there is no threat if the machine falls into the wrong hands (there are a lot of ninjas in my apartment). I recommend setting the user password to match the encrypted passphrase for simplicities sake.
    • When the installation is completed and you are prompted to restart select Continue Testing.
  • Ready new Linux Mint 13 installation:
    • In a terminal mount new installation: sudo mount /dev/mapper/system /mnt && sudo mount /dev/sda1 /mnt/boot && sudo mount -o bind /dev /mnt/dev ; sudo mount -t proc proc /mnt/proc ; sudo mount -t sysfs sys /mnt/sys
    • In a terminal change into new installation: sudo chroot /mnt /bin/bash
    • [Optional] In a terminal update out-dated pakcages: apt-get update && apt-get -y dist-upgrade && apt-get -y autoremove && apt-get clean
    • In a terminal install and load the required tools: apt-get install -y cryptsetup lvm2 && echo "system UUID=$(ls -l /dev/disk/by-uuid | grep $(basename /dev/sda2) | cut -d ' ' -f 10) none luks" >> /etc/crypttab && update-initramfs -u -k all
    • [Optional] In a terminal add swap: apt-get install zram-config ; dd if=/dev/zero of=/swap bs=1M count=$((`free -m | grep -e "^Mem:" | sed -e 's/^Mem: *//' -e 's/  *.*//'` * 2)) ; chown root:root /swap ; chmod 600 /swap ; mkswap /swap ; echo "/swap none swap sw 0 0" >> /etc/fstab
      • I often only run with zRam but it is rarely a bad idea to also have a disk-backed swap.
    • In a terminal change back to LiveCD: exit
    • In a terminal unmount new installation: sudo umount /mnt/sys ; sudo umount /mnt/proc ; sudo umount /mnt/dev ; sudo umount /mnt/boot && sudo umount /mnt && sudo cryptsetup luksClose system
  • Reboot into your new, encrypted Linux Mint 13 installation.

A few notes:

  • If you already have an installation you want to encrypt without a fresh install the steps should be very similar. You will need to setup GRUB 2 yourself as, per this article, the Linux Mint 13 installer does it for you. I have not experimented with it but it should not be too hard to figure out.
  • These instructions may very well work with other distros, too, but I have not tested that.
  • This can all probably be stuck into a script. Maybe I will some time down the road (hell, I do enough of these a month).

Update 2012.09.25
I should proof read more gooder. Sorry about that.

Slow Wi-Fi Speed with Linux While on Battery Power

Slow Wi-Fi Speed with Linux While on Battery Power

Comments 0 Comment

I recently installed a new distro on my netbook. After using it for a few seconds I knew something was wrong with the wireless connection as it was hell’a slow. Could not figure it out at first but then I saw what I was missing: It was only slow while running on battery.

Turns out it was the power management. Whenever I went over to battery it kicked in and my ~3MB/s speeds went to ~32KB/s. Big, big drop so something must be done, right? Right.

Just create /etc/pm/power.d/wireless with:

#!/bin/sh

iwconfig wlan0 power off

Then make it executable with chmod +x /etc/pm/power.d/wireless.

This will disable wireless power management whenever the machine goes to battery power. Problem solved.