08.11.04

Hardware Change (2)

Posted in English, Linux at 12:41 am by Rodrigo

Damn IRQ’s..

The USB devices (including Firewire) still share the same IRQ (21). I tried to balance them using the acpi_irq_balance kernel option.. it didn’t work. The only remaining option to use is append="pirq=xx[,xx[..]]", and hope for the best. If only the “xx” were easy to calculate..

The “other O.S.” upgrade has gone.. emm.. well. I just booted there and it worked, though I had to reinstall all the PCI device drivers, because they were lost in the upgrade. Just two problems remain:

  • Everytime I boot I receive two warnings about bad drivers.. Those are the two IDE channel device drivers.. something about an “hdc” (not the same as Linux, I believe). I tried deleting them, restoring them, reinstalling the VIA 4-in-1.. nothing works. I will have to try safe mode one of these days.
  • There are a lot of devices sharing the same IRQ’s. Apparently, Windows XP doesn’t recognize the IO-APIC in my new motherboard, so I have to reinstall it, just to make it work better. Well, that’s hardly something new for a lot of people, but for me it’s terrible: I have reinstalled it just once in 4 years..

08.07.04

Hardware Change

Posted in English, Linux at 12:37 am by Rodrigo

  • My old MSI K7T266 motherboard for a new Soyo SY-KT600.
  • My old Athlon Thunderbird 1400 for a new Athlon XP Barton 2800+.
  • A new CPU cooler (Zalman CNPS7000A-AlCu) and round 80-pin IDE cables.

This was a good upgrade.. I could not run some games (True Crime for example) because the Thunderbirds don’t have SSE capability.. the same with some NVidia demos. And finally, it was the Doom 3 hardware upgrade :).

Upgrading Linux was a breeze. My old motherboard also had a VIA chipset, so the support was compiled in the kernel. I had some problems with lm-sensors and the ethernet card, but they were solved quickly.

IO-APIC was a different matter. Nothing worked when I enabled it in the BIOS. It took me some time to realize that the MPS version was wrong: When I had it set at 1.1, PCI devices didn’t work. But if I changed it to 1.4, everything was ok. But I still have every USB 1.1, USB 2.0 and Firewire in the same IRQ:

           CPU0       
  0:     122473    IO-APIC-edge  timer
  1:        513    IO-APIC-edge  i8042
  8:          1    IO-APIC-edge  rtc
  9:          0   IO-APIC-level  acpi
 14:      20799    IO-APIC-edge  ide0
 15:         19    IO-APIC-edge  ide1
 16:        236   IO-APIC-level  nvidia
 17:        124   IO-APIC-level  eth0
 19:          0   IO-APIC-level  EMU10K1
 21:        154   IO-APIC-level  uhci_hcd, uhci_hcd, uhci_hcd, uhci_hcd, ehci_hcd, ohci1394
NMI:          0 
LOC:     122416 
ERR:          0
MIS:          0

Well.. I’ll see into that problem later. Now, the hard part: trying to upgrade Windows XP without re-installing (yeah, I know it’s hard).. I hope it doesn’t take too much time..

08.06.04

LSHW

Posted in English, Linux at 12:34 am by Rodrigo

This is a very nice tool to list your hardware. Something like this (lshw -html, as root).

Mozilla Tabs

Posted in English, Linux at 12:26 am by Rodrigo

This is a little script I wrote to ease the interaction between mozilla and the rss-grab gdesklet.

The script checks if there’s an instance of mozilla running. If there is, it opens the url given as argument in a tab inside the running mozilla instance. If there isn’t, it creates a new instance of the browser.

Run this script (instead of mozilla) when there’s a click in one of the gdesklet url’s, and bingo! No more multiple mozilla instances!

Reference: http://www.mozilla.org/unix/remote.html.

07.28.04

ACL’s in Linux

Posted in English, Linux at 12:15 am by Rodrigo

Yesterday, at work, we needed some security policies to access files in a Linux server. Perfect time to deploy ACL support.. but first, I had to investigate how to do this.

First: Kernel support for ACLs

Right now (kernel 2.6.7), Linux has support for ACLs in all the major filesystems: ext2, ext3, reiserfs, jfs and my favorite: xfs (I will discuss this favoritism in another article). The support has to be enabled in the kernel, with the respective options:

  • CONFIG_{EXT2,EXT3,REISERFS}_FS_POSIX_ACL (which depend on CONFIG_{EXT2,EXT3,REISERFS}_FS_XATTR: filesystem extended attributes) for ext2, ext3 and reiserfs respectively,
  • CONFIG_JFS_POSIX_ACL for JFS, and
  • CONFIG_XFS_POSIX_ACL for XFS.

All of them, except XFS, use the same POSIX ACL kernel infrastructure for common system calls (option CONFIG_FS_POSIX_ACL). XFS uses its own, but it’s totally compatible (after all, all of them are POSIX ACLs), so the applications in user space see the same thing.

Second: The filesystem

The filesystems (at least the ones I tested: reiserfs and xfs) are not created with ACL support: this is added in a per-file basis only when one explicitly sets the ACL. The filesystems just have to be mounted with the “acl” option:

% mount -o acl /dev/foo /bar

As always, XFS does its own: if kernel support for ACLs in XFS is enabled, one doesn’t need to use the “acl” mount option, because it’s implicitly used (actually, ACLs can’t be disabled if the kernel support is enabled.. not that it matters too much, because the performance and disk cost is negligible).

Set the “acl” option in /etc/fstab for the filesystems you want ACL support enabled and the super-user configuration is over.

Third: Setting and Getting ACLs

Now we need application support. In Debian, SuSE and Fedora, the package is called ‘acl’, and it has the two commands we need to set and get ACLs: setfacl and getfacl (it has another command: chacl, but that is for IRIX compatibility only).

All files in an ACL-enabled filesystem have the default basic ACL, which corresponds exactly to the permissions given to the file in the non-ACL-enabled filesystem. This permissions can be read with getfacl, like this:

% getfacl acl.txt
# file: acl.txt
# owner: rodrigo
# group: staff
user::rw-
group::r--
other::r--

You can see the permissions are the same that can be set with chmod: read, write and execute for user, group and other. The file name, owner and group can also be seen in the output.

Now the interesting part: files can have “extended ACLs”, which are an extension of the classical Unix permission model. For example, if I don’t want anyone to mess with my file, I usually use chmod 600 acl.txt, like this:

% chmod 600 acl.txt
% getfacl acl.txt
# file: acl.txt
# owner: rodrigo
# group: staff
user::rw-
group::---
other::---

Now, I want to grant the permission to read and write my file to another user, “chacal”.. but we’re not in the same group! With the classical Unix model, I would have to create another group exclusively for me and chacal, add both users to the group, change the group ownership of the file to the new group and set the permissions of the file to 0640. With ACLs, I use:

% setfacl -m u:chacal:rw acl.txt
% getfacl acl.txt
# file: acl.txt
# owner: rodrigo
# group: staff
user::rw-
user:chacal:rw-
group::---
mask::rw-
other::---

You can see that there are two new fields in the acl: another user and a mask. We see that this user, chacal, can read and write the file, like the owner. But the mask purpose is not so clear. It represents the maximum set of permissions all fields can have, except user:: and other::. The effective permissions given to chacal are what appears in user:chacal (rw-) and’ed with the mask (rw-). If we limit the mask:

% setfacl -m m::r acl.txt
% getfacl acl.txt
# file: acl.txt
# owner: rodrigo
# group: staff
user::rw-
user:chacal:rw-                 #effective:r--
group::---
mask::r--
other::---

We see that though the user permissions still are ‘rw’, the mask only permits read, so that’s what chacal gets.

If we want to remove chacal permissions, we set his access to zero (setfacl -m u:chacal:- acl.txt) or we can remove him completely from the list (setfacl -x u:chacal acl.txt).

Regular files only have one kind of ACL, called the ‘access ACL’. Directories have two ACLs: the access ACL and the default ACL, which is used to set the initial ACL of new files created inside the directory (only for files created after the default ACL has been set). This default ACL is manipulated in the same way access ACLs are; we just have to put the ‘-d’ flag in the setfacl command.

% mkdir hello
% chmod 755 hello
% setfacl -d -m g::- hello
% setfacl -d -m o::- hello
% setfacl -d -m u:chacal:rx hello
% getfacl hello
# file: hello
# owner: rodrigo
# group: staff
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:chacal:r-x
default:group::---
default:mask::r-x
default:other::---

% cd hello
% touch bye
% getfacl bye
# file: bye
# owner: rodrigo
# group: staff
user::rw-
user:chacal:r-x                 #effective:r--
group::---
mask::r--
other::---

As you can see, the file has inherited its access ACL from the default ACL of its parent directory. The same happens with directories, though they also inherit the default ACL from their parent.

Fourth: Application support for ACLs

What happens with ACL support in existing applications? As far as I know, the usual kernel system calls (like open(2) or creat(2)) know about ACLs, and inherit them from the parent directory (if this directory has a default ACL).

Common applications like ls, cp, mv know about ACLs: mv moves ACLs even between filesystems of different type (xfs to reiserfs, etc.). cp with the -p (preserve) flag does the same. ls needs some explanation: when a file has a basic ACL, the output of ls is the same:

% ls -l bye
-rw-r--r--  1 rodrigo staff 0 Jul 28 16:23 bye

This means that the file ‘bye’ has read and write access to the owner (me), and read access for the members of the group ‘staff’ and for everyone else. If a file has an extended ACL, the output is:

% ls -l acl.txt
-rw-r-----+ 1 rodrigo staff 0 Jul 28 12:40 acl.txt
% getfacl acl.txt
# file: acl.txt
# owner: rodrigo
# group: staff
user::rw-
user:chacal:rw-                 #effective:r--
group::---
mask::r--
other::---

As you can see, in this case the meaning of the fields is different. First, the presence of an extended ACL is displayed using a ‘+’ character after the permission fields. The permission fields are read in the same way as the basic ACL, except the middle one (the group permission), which is replaced by the mask of the ACL.

Other applications may or may not have support. Of the ones I tested, gzip, bzip2 and tar don’t have support. Files compressed or tar’ed using these tools lose their ACLs. For tar there is an alternative, star, which does ACLs and a couple of other things (complete unicode support and unlimited filename length, among others).

For python lovers (like me) there is a library which can be used to manipulate ACLs from inside an application: pylibacl (debian users: python-pylibacl).

This has been the exciting world of POSIX Access Control Lists.. See you!

07.12.04

Review: Silent Hill 2 (PC)

Posted in English, Juegos at 11:59 pm by Rodrigo

There are some things which should have never been made.

Luckily, this is not one of those.

This is the sequel of the game which redefined survival horror games.. at least the couple that existed back then when it appeared.

Welcome to Silent Hill.. again.

“In my restless dreams I see that town, Silent Hill..
You promised you’d take me there again someday, but you never did.
Well, I’m alone there now in our ‘special place’, waiting for you..”

This is how the game starts. You read a recent letter from your wife.. your late wife, which has died three years ago. A very intrigued James Sunderland (that’s you) travels to Silent Hill to find the author of this letter, but he finds something else.. something disturbing and not entirely human.

The game is very disturbing, specially because of one of your enemies, Pyramid Head. This.. creature, is one of the scariest creations in the history of videogames. When you see him for the first time, it’s behind some steel bars, looking at you, not moving. When you pass again by the bars, he’s not there. So you begin to wonder.. is he hunting me? And that’s when the fear begins to build up.

A very dark scenery, nice ambient sounds (sometimes, good music) and some very well designed monsters make this a very exciting experience. The story is quite good, actually, it’s a masterpiece in the world of games. It’s about love. The endings are excellent. I got the ‘Leave’ ending, where you.. well, play the game and you will know.

I cried.

When you’re playing, the story is unravelling before your eyes. There are clues, pieces of the great jigsaw of Silent Hill 2. They tend to appear more to the end of the game, and finally, in a place of great memories, you get a shocking revelation. The story IMHO, is better than the story of the first Silent Hill. It is not related, save by the town which happens to attract the.. unlucky ones.

I played the PC version which graphically is the best of the three versions (PS2, X-Box and PC). It’s a really good port, not requiring a extremely powerful machine, but with very good graphics nonetheless.

The audio is very good. It makes you very uneasy, and some special effects (like the ones in the Prison) are extremely disturbing and scary.

The gameplay is good. Some people complain about the controls, but you can remap all of them, even to a joystick or gamepad (I played using a PS2 gamepad with an USB connector, no force feedback). The menu is very accesible, and it’s easy to find everything you want. The map is nice, and very necessary, specially in some areas like the Labyrinth (amazing, no? :)).

I find this game better than the original. “Silent Hill” is scary, but in a “this is another world” sense. “Silent Hill 2” is very scary, in a “this is my own world, but something is very wrong here” sense. This makes the experience easy to assimilate, and more successful at making you uneasy.

In conclusion, this game is a must. For survival horror fans, and for people in general. It’s a bit short, but this is compensated by a very high replayability (multiple endings, hidden items and weapons, four difficulty levels) and a powerful story (but you must play it almost to the end to grasp all of it).

  • Game: Silent Hill 2
  • Platform: PC
  • Duration: 6 to 10 hours
  • Graphics: 9/10 (very good graphics)
  • Audio: 9/10 (nice audio.. disturbing)
  • Gameplay: 7/10 (some weird cameras, too simple fighting system)
  • Replayability: 10/10 (short games, a lot of options in each one).
  • Story: 10/10 (beautiful)
  • Overall: 9/10 (great game)