IOException.de » OpenBSD http://www.ioexception.de Ausgewählter Nerdkram von Informatikstudenten der Uni Ulm Wed, 19 Mar 2014 22:01:00 +0000 de-DE hourly 1 http://wordpress.org/?v=3.9.1 Interview: Henning Brauer http://www.ioexception.de/2013/10/16/interview-henning-brauer/ http://www.ioexception.de/2013/10/16/interview-henning-brauer/#comments Wed, 16 Oct 2013 16:13:45 +0000 http://www.ioexception.de/?p=2231 Henning Brauer

This time the interview series continues with Henning Brauer (@HenningBrauer).

Amongst other things, Henning is an OpenBSD developer and involved in projects like pf, OpenNTPD or OpenBGPD. pf is a BSD-licensed, advanced packet filter and a default component in OpenBSD. It is comparable to e.g. iptables, though in my opinion pf is a superior and better designed tool with a clear syntax that makes configuration very comfortable. I found it to be a very nice tool and it seems like I am not the only one: pf has been ported to many other operating systems and is e.g. integrated into Mac OS X Lion. Since it is licensed under the permissive BSD license (as everything within the OpenBSD source tree) it is possible for companies to integrate the code within their proprietary systems.

Henning is also the founder and CEO of BSWS, an ISP/MSP based in Hamburg, who makes heavy use of free software. As Henning told me, their technology stack consists basically only of free software. I think this is very nice. It always makes me happy to see businesses build upon free software, contributing back to the development of such.

Who are you and what do you do?
I’m Henning Brauer, 35. I’m the CEO of BS Web Services GmbH, an ISP/MSP here in Hamburg. I have been an OpenBSD developer since 2002, heavily involved with pf – redesigned it completely with Ryan McBride, last not least. I started OpenBGPD a good 10 years ago, OpenNTPD a bit thereafter, and the privsep/messaging-Framework I wrote for bgpd is used by almost all newer daemons in OpenBSD these days. These days I mostly work on the kernel side, the network stack, and pf as an integral part of it. Aside from that I wrote femail, am a board member of the EuroBSDcon Foundation, and do local politics.

Which software or programs do you use most frequently?
I heavily use OpenBSD, which might not come as a surprise. All my laptops run OpenBSD, my workstation at work does, and the vast majority of our servers, routers, firewalls etc run OpenBSD as well. The base system covers a lot of my needs already – webservers are obviously important for my work, all newer setups are on our base nginx, some older ones still on our forked Apache. mysql plays an important role, and unfortunately OpenLDAP as well. Almost all hosts run symon (auto-configured) and most also use femail. LaTeX is used for all documents that we produce.

On the Desktop side, I use mutt for email, both firefox and chromium for the web, tho the latter is foremost a tweetdeck container. mupdf for most PDFs. I fortunately don’t need an office suite. For my presentations I use magicpoint.

Why did you decide to use your particular operating system(s) of choice?
In the late 90s we had a bad DoS attack against a webserver running linux, which behaved poorly. I had the attack recorded and replayed it against a couple of other operating systems. FreeBSD behaved well, OpenBSD much better, and since I liked what I saw (I hadn’t looked at OpenBSD really before) that’s what I picked and stayed with.

Today, the choice is easy. OpenBSD is a good fit for almost all tasks I am confronted with, and since I am so much involved I can fix issues when I run into them instead of having to wait for a vendor or a project to react (or just hope for it), really understand what’s going on when things don’t work and fix issues properly instead of applying stupid workarounds that last from 12 to noon. The result is a setup that is very reliable and very secure, which in turn means that our monitoring doesn’t drive us nuts by demanding fixes at the worst possible times – and happy customers.

In what manner do you communicate online?
Email and twitter, foremost.

Which folders can be found in your home directory?
Found by whom? None for almost everybody.

Which paper or literature has had the most impact on you?
I’m not really into tech books. The few I have read over the last couple of years were all books I was involved with, as tech reviewer – “The Book of PF” and “Absolute OpenBSD” are to be mentioned here, both excellent books.

For papers & presentations, I cannot pinpoint one. I regularily go to conferences – EuroBSDcon, BSDcan and AsiaBSDcon are the standard ones – and visit talks that sound interesting, not just “our” ones. They often bring some kind of enlightment (the Q&A / discussions after my own presentations too). I often end up reading papers when researching on something, but couldn’t point out a specific one.

What has had the greatest positive influence on your efficiency?
Unix :-)

How do you approach the development of a new project?
I think about it for some time, before I write the first line of code. I need to get clear on the structure, break the task down to many small ones. Then get clear on the APIs, including the strictly internal ones, and THEN start coding. Sometimes talking to other developers helps a lot, we frequently use whiteboards.

The worst thing one can do is to sit down and start coding immediately. Spend time on designing your software, don’t just let it happen. Structure is extremely important, breaking down things into smaller, ideally self-contained blocks.

Which programming language do you like working with most?
Depends on the task. For kernel or high-performance network daemons it is C of course. For things like web applications or the like where you really want a higher abstraction level C would be absolutely inapproriate. I frequently use perl for company stuff, accompanied by some shell code (the latter obviously not for web stuff).

In your opinion, which piece of software should be rewritten from scratch?
That’s a tough one. I do believe in evolution, look where the constant revolution approach lead to for the GNU world: gazillions of similar projects, repeating each others faults instead of learning from history. The NIH syndrome (Not Invented Here) is one of the biggest problems in the free software world.

That said, there is a point where evolution is not the right approach. When the base is so bad that you end up rewriting everything anyway, might as well start from scratch. When there is a fundamental design issue, there is barely a way around starting over.

Let me use an example where I was involved: why did I write femail? It is just a little /usr/sbin/sendmail program that doesn’t have a queue but offloads the mail immediately to another mail server via SMTP. There is mini-sendmail doing the same thing. Besides that being GPL and thus not free, I was horrified when I looked at the code. The author brags about it being so small in terms of lines of code – which is pretty damn easy if you use ridiculously long lines instead of the usual 80 char limit. The code is outright unreadable, lack of proper indentation also doesn’t help. Unreadable means unreviewable which in turn has almost always meant buggy as hell. We call that “write-only code”. I then found out that it isn’t even remotely implementing the relevant RFCs, but just the most common subset – play fast and lose. Unusable. So I went on and wrote femail from scratch, which I use in hundreds of installs and which apparently spread quite widely.

femail has been used as the sendmail-compatible command line interface in OpenSMTPD – that’s a nice example on our approach, look for existing code before starting from scratch, faults already made elsewhere don’t need to be repeated.

What would your ideal setup look like?
Not sure that involves computers at all…

Click here for the full picture.

]]>
http://www.ioexception.de/2013/10/16/interview-henning-brauer/feed/ 0
tmux ohne root-Rechte installieren http://www.ioexception.de/2013/06/14/tmux-ohne-root-rechte-installieren/ http://www.ioexception.de/2013/06/14/tmux-ohne-root-rechte-installieren/#comments Fri, 14 Jun 2013 11:24:37 +0000 http://www.ioexception.de/?p=2201

Ich bin seit langer Zeit begeisteter Nutzer von tmux. Tmux ist ein Terminal Multiplexer (wie auch GNU Screen). Das bedeutet, dass man mit tmux mehrere (oder auch sehr viele oder auch nur eine) Shells in einem einzigen Terminal haben kann, was in sehr sehr vielen Fällen unheimlich praktisch ist. Ich verwende tmux unter anderem für folgende Zwecke:

  • Um mehrere (Kommandozeilen-)Programme gleichzeitig sehen zu können. Früher habe ich dafür einfach das Terminal-Programm mehrfach geöffnet. Das hat auch seine Berechtigung, wenn man z.B. seine Window-Manager-Funktionen nutzen möchte, um zwischen den Terminals zu wechseln. Auf Dauer hat sich hier tmux aber als praktischer herausgestellt. Unter anderem auch wegen des folgenden Punkts:
  • Um Text in der selben Shell oder zwischen verschiedenen Shells kopieren und einfügen zu können (Copy & Paste). Tmux bietet hierfür wunderbare Unterstützung.
  • Um in einer Shell zurück-scrollen zu können. Klar, fast alle Terminal-Programme können das auch. Aber mit tmux kann ich dann auch gleich noch Text kopieren. Und es funktioniert auch in Terminals, die nicht auf einer grafischen Oberfläche laufen.
  • Um meine laufenden Prozesse nicht zu verlieren, wenn aus irgendwelchen Gründen das Terminal geschlossen wird. Wenn ich mich z.B. auf einem Server per SSH anmelde, dann starte ich zuallererst einen tmux. Wenn jetzt die Internetverbindung abbricht, dann läuft der tmux auf dem Server weiter und ich kann mich einfach neu verbinden. Das Gleiche gilt natürlich, wenn man versehentlich sein grafisches Terminal schließt, oder X11 abstürzt.

Das alles sind eher Kleinigkeiten, die sich aber in der täglichen Arbeit als ungeheuer wertvoll herausstellen. Ich wüsste gar nicht mehr, wie ich ohne meinen tmux klar kommen sollte.

Jetzt ist tmux nicht unbedingt auf allen Rechnern, mit denen man so zu tun hat, verfügbar. Die Rechner des Linux-Pools der Uni-Ulm haben zum Beispiel keinen tmux installiert. Da ich aber unbedingt einen haben wollte, habe ich mich entschieden, diesen einfach selber zu kompilieren. Das ist nicht ganz trivial, da tmux einige Abhängigkeiten hat. Während meiner Recherche bin ich dann auf ein Skript gestoßen, welches tmux lokal installiert, sodass man keine root-Rechte benötigt. Vielen Dank an den Autor für diese Hilfe! Ich habe das Skript nicht komplett ausgeführt, sondern einzelne Befehle davon verändert angewandt, da ich einige der Schritte darin schon selbst erledigt hatte. Man kann es also auch wunderbar als Nachschlagewerk verwenden.

Damit war’s das auch für heute.
Bis bald,
Matou

]]>
http://www.ioexception.de/2013/06/14/tmux-ohne-root-rechte-installieren/feed/ 2
mplayer configuration for OpenBSD http://www.ioexception.de/2012/07/26/mplayer-configuration-openbsd/ http://www.ioexception.de/2012/07/26/mplayer-configuration-openbsd/#comments Thu, 26 Jul 2012 15:37:32 +0000 http://www.ioexception.de/?p=1929 I had some issues with getting smooth video playback on my X220. I always ran into flickering, slow output or audio/video synchronization issues. Since I couldn’t find any fitting configurations and since VLC didn’t play things smoothly either, it makes sense to publish a working config with which I came up after investing some time. So this is my ~/.mplayer/config:

framedrop=1
vo=x11
cache=32768
cache-min=99
cache-seek-min=99

For a detailed explanation look through the man-page. Basically mplayer fills a 32M cache before starting playback, uses X11 as the video ouput driver, and skips frames in favor of a/v synchronization.

On another Thinkpad, a T510, mplayer -cache 32768 -cache-min 99 -cache-seek-min 99 -vo gl:swapinterval=0 -lavdopts skiploopfilter=all -vfm ffmpeg worked best.

In my case, I additionally run $ apm -H before starting the video. On my system videos play a lot smoother when apm runs in high performance mode.

]]>
http://www.ioexception.de/2012/07/26/mplayer-configuration-openbsd/feed/ 0
Interview: Dominik ‘phil’ Lang http://www.ioexception.de/2012/07/25/interview-dominik-phil-lang/ http://www.ioexception.de/2012/07/25/interview-dominik-phil-lang/#comments Wed, 25 Jul 2012 10:24:04 +0000 http://www.ioexception.de/?p=1833

I got to know phil early on when I started studying. Now, some years later, the situation changed a bit and he is now one of my roommates and a close friend. He is also one of the most enthusiastic free and open source software fighters I personally know. As such he made a larger and larger part of his friends migrate to OpenBSD. A few of his code snippets can be found on his website. After his friends pursued him for months he lately gave an amazing talk at the ChaosSeminar in Ulm on OpenBSD (in german).

Who are you and what do you do?
My name is Dominik Lang and I am also known as phil, a nickname that was somehow established when I first entered university. Currently I am in a Masters program for Computer Science at the University of Ulm. My main interests in computer science are security, networking, operating systems and Unix.

Which software or programs do you use most frequently?
Most of the time I work on the command line with a shell. I use xterm with tmux and ksh. A lot of the time I’m writing stuff with an editor, which is nvi. Other than that, standard tools such as cd, ls, rm, mv, cp, sed, grep and ssh. An instance of Firefox is also always running somewhere, although I don’t surf around much except for a few technical blogs because I see the web primarily as a means for information exchange.

Why did you decide to use your particular operating system(s) of choice?

OpenBSD! For various reasons:

Security:
Security has always been my main focus and interest. It is mostly looked at from a high level point of view by computer scientists. Complex models and standards are created; the more generic the better. However, often the design is overly generic and the complexity usually isn’t needed and therefore one of the most important rules of security isn’t complied with, namely simplicity. Secondly, someone has to implement all that stuff: Higher levels of complexity lead to more bugs, as do bad design and ugly code.

This is where OpenBSD comes in. Their view on security is a more practical one: simplicity (on the user’s and the developer’s side) and well designed, clean, readable code. Rather than putting complex layers on top of each other, they aim to solve the problem at its root and make things right from the beginning on.

Freedom:
The never-ending debate on the definition of freedom: GNU vs BSD. As one might guess, I support the BSD view of freedom but this isn’t a major reason for me to use OpenBSD. However, how the OpenBSD project pursues freedom is. The OpenBSD source tree is as free as it can get. Blobs are not an option. The project’s developers are among the leading fighters for open hardware documentation. I haven’t seen this dedication in another project. Other projects incorporate proprietary code or sign NDA’s which is a step back for open source / free software.

All in all, I share the same views as the OpenBSD developers and their uncompromising pursuit of security and simplicity has influenced me a lot.

In what manner do you communicate online?
I use mcabber as an XMPP client and for email I use OpenSMTPD as an mta, fdm as an mra and mmh as an mua. This allows me to integrate my online communication into my ksh/tmux environment.

Which folders can be found in your home directory?
A lot of folders. ;)
I haven’t yet found a fully satisfying solution how to structure my data. I created folders as I went along and mostly they just stayed as they were. Some of them are very chaotic, others are more structured.

The most important folders are:

Mail: self explanatory
bills: self explanatory
bin: self-written tools / programs / scripts
development: this is where I keep the sources of my self-written stuff
digmed: movies / series / photos / music etc.
docs: papers / books etc. → CHAOS
downloads: self explanatory → CHAOS
dumps: temporary dumps from tools / webpages / other stuff
log: some of my own tools log to here
notes: stuff that I want to remember or drafts
src: this is where I keep sources of external projects and also local patches
tmp: all sorts of random stuff, which doesn’t fit in anywhere else → CHAOS
uni: all my university stuff

Which paper or literature has had the most impact on you?
That is a tough question. Theres no THE literature as in a “bible” in my life. There is one concept which is my motto and pretty much is the basis of all my decisions: KISS – keep it small and simple. However, I can’t remember where and when I first heard of it. Other than that, the following writings probably inspired me the most.

In everyday life I’d say the writings of Morihei Ueshiba, the founder of Aikido. His writings have taught me to treasure life more. I do not share his religious views, but rather his idea of how to approach life.

In computer science it has probably been “The Art Of Unix Programming” by Eric S. Raymond. It was my first more thorough contact with the Unix philosophy, which has also inspired and guided me.

What has had the greatest positive influence on your efficiency?
Two things: an open source operating system and the shell in combination with tmux.

By using an open source OS I can easily tailor my system / working environment as I want it. I’m not stuck with the interface the selling company puts in front of me, but can choose to change it to my own needs.

Also the transition from mainly working with a GUI to almost completely working with a shell. For a computer scientist and programmer, a shell interface can boost efficiency by a huge amount. A simple scripting interface is right there to use directly in the command line. That’s when I said goodbye to boring / repetitive tasks. =) In combination with the shell, tmux also sped up things a lot, because one can comfortably change between different shell sessions.

How do you approach the development of a new project?
The first thing I usually do is just lie down comfortably on a sofa or bed and just think about what I want to do, which problems I want to solve, what the finished project should be able to do and how the UI should look like.Pretty much a sort of requirements engineering and a first design in a sort of meditative state. ;)
Then I begin to code the ideas. I usually need a proof of concept and a first kind of prototype before I can go on and really think about a reasonable design. Because then you have a better feeling of what the result should look like and what technical problems you will encounter.

In your opinion, which piece of software should be rewritten from scratch?
I have often heard that the OpenSSL API isn’t as easy to use as it could be. For such a critical library, the API should be rewritten to be more user friendly. Also, all major browsers should be rewritten to get rid of the bloat. =)

What would your ideal setup look like?
Welcome to my secret room, which can only be entered through a cliche secret door in a bookshelf. The room is a storage hall, one half filled with all kind of gadgets like in iron man and displays and server racks and the other half is a gym with cool obstacles. My main workstation looks like the 7 display workstation in Password:Swordfish, but of course the whole setup is running OpenBSD (including all the servers and routers etc.). Because clearly the hall is pretty large, there is a hoverboard to get from point A to point B quickly. For the case of a zombie apocalypse, there is a stash of lightsabers. Ah, who am I kidding, I’d be constantly playing with them and program them as mood and disco lights. ;)

Click here for the full picture.

]]>
http://www.ioexception.de/2012/07/25/interview-dominik-phil-lang/feed/ 0