Linux Foundation Introduction to Linux Training On edX

I took the Intro to Linux course on edX. Here are my thoughts.

edX LogoThe Linux Foundation recently created an Intro to Linux course that they made available for free on the edX training platform. I decided to take the course and recently completed it. The course is still available and is free. (It is $250 if you want the “Verified Track” to prove you took, and passed, the course. The course is self paced and online.

My Linux background includes maintaining my own web server on Linux. I learned what I needed to (but not much more) and managed the server from the command line. I shut down my server a few months ago and figured this would be a refresher while filling in some gaps. Plus, this training is targeted to desktop users. My last desktop Linux usage was Mandrake Linux (now Mandriva) about a decade ago and I wasn’t too impressed.

As I mentioned, the course is self-paced and it’s estimated to take 40 to 60 hours. I didn’t time myself and since I did have experience my time isn’t a good indication anyway. The 40 to 60 hours seems reasonable for someone who is new to Linux although much of that time would be working the labs and exploring on your own.

The course uses three distributions for its examples: Ubuntu, CentOS and openSUSE.

The course is called an introduction and lives up to the name. There’s broad coverage that doesn’t go very deep. The course is divided into 18 chapters:

  1. The Linux Foundation
  2. Linux Philosophy and Concepts
  3. Linux Structure and Installation
  4. Graphical Interface
  5. System Configuration From The Graphical Interface
  6. Command Line Operations
  7. Finding Linux Documentation
  8. File Operations
  9. User Environment
  10. Text Editors
  11. Local Security Principles
  12. Network Operations
  13. Manipulating Text
  14. Printing
  15. Bash Shell Scripting
  16. Advanced Bash Scripting
  17. Processes
  18. Common Applications

Each chapter is sub-divided into sections that focuses on one area in the Chapter.

There is some good content within each section. But to really learn you’ll need to work on your own to see what does and doesn’t work. That said, if the goal is to pass the test at the end it’s not too difficult. All the needed material is in the course and there’s no time limit on finishing the final exam. Plus it’s not only open book, it’s open everything.

That ease of passing makes the course unsuitable for using it as proof of knowledge when looking for a job. At least in my opinion. I’d recommend against spending the $250 for the verified certificate which could be included on a resume. There may be exceptions, if you’re new to Linux and want a Linux related job it may help, but you’ll need to consider the course material a starting point and dig in some more.

The material is a mixture of short videos (I only recall one that was over 2 minutes), text and some do-it-yourself examples. The do-it-yourself examples really only enforce the material by having you do it. Some are just typing tests where you’re given the information you need. If you get it wrong you’re given the answer and then have to enter it again. There are a few questions at the end of each section.

Each Chapter has a lab for you to do on your own. The answers are also provided. This is the only part of the training where you need your own Linux installation. The do-it-yourself sections of the training are done online, not in your own Linux installation.

Bottom Line

It’s an introduction course so it can’t be faulted for being basic. I did learn a little. But if you have some self-taught Linux experience like I do, you aren’t going to learn a lot. I’m guessing I spent less than one hour per chapter, so there wan’t a big time investment and it was free. I’d recommend anyone think twice before spending the $250 for the verified track but the course is worth the time investment if you’re new to Linux and want someplace to start.

IPv6 With Comcast and pfSense

I decided to enable IPv6 on my home network to start testing it out. I set it up on pfSense.

I want to start learning about IPv6 so I went back to using pfSense as my router. While my Airport Extreme worked with IPv6 it masked a lot of the nuts and bolts behind a simple interface. Good for 99% of the time and easy to get going, but not if I wanted to learn.

It was fairly straight-forward to get an IPv6 address. But once I got the address my browser tests were all failing. The desktop had a perfectly acceptable IP address using Comcast’s prefix and seemed fine. The light-bulb went off when I could ping ipv6.google.com from the WAN interface (using the ping widget in pfSense) but not from the LAN interface or my Mac desktop. Firewall! So the last step in this precess is to set up a Firewall rule to allow all outgoing IPv6 traffic from my LAN interface. The complete process was as follows:

On your own:

Your ISP and cable modem will need to support native IPv6. Comcast seems to support it nationwide although there may be exceptions (Comcast seems to have moved their IPv6 documentation which used to be at www.comcast6.net). I think all DOCSIS 3 modems will support IPv6. My modem is a Motorola SB6121.

I did this with pfSense version 2.1.4-RELEASE (i386). An update was released as I was working on this so this isn’t the latest version, but I did’t want to change versions in the middle of my work. I did upgrade to 2.1.5 after enabling IPv6 and there weren’t any IPv6 issues.)

  1. In pfSense, go to the System -> Advanced -> Networking Tab and verify that “Allow IPv6” is enabled. (Mine already was, but I’m not sure of the default.)

    Screenshot showing IPv6 enabled
    Figure 1
  2. In pfSense, go to Interfaces -> WAN and select DHCP6 as the “IPv6 Configuration Type” (Figure 2).
    Screenshot showing DHCP6 enabled on WAN
    Figure 2

    The DHCP6 Client Configuration Panel will appear. Select 64 as the “DHCPv6 Prefix Delegation size” (Figure 3).

    Screenshot showing prefix delegation size
    Figure 3

    (If you run multiple subnets in your house or business Comcast seems to support a PD of 56 but I haven’t tested it.) Save the changes.

  3. In pfSense, go to Interfaces -> LAN and select Track Interface“ as the ”IPv6 Configuration Type“ (Figure 4).
    Screenshot showing LAN configuration
    Figure 4

    The ”Track IPv6 Interface“ section will appear. Select WAN and the IPv6 Interface and ”0“ as the ”IPv6 Prefix ID” (Figure 05).

    Screenshot showing LAN configuration
    Figure 5

    Save the changes.

  4. In pfSense, go to Firewall -> Rules and create the following LAN rule (Figure 6).

    Screenshot showing the firewall rule
    Figure 6
  5. Reboot pfSense.
  6. Reboot clients if they already had IPv6 enabled, otherwise enable IPv6 on the clients.

After this I scored 10/10 on Test your IPv6. with the only issue being that my browsers prefer IPv4 over v6, but that’s not a pfSense issue. I could reach IPv6 only sites such as ipv6.google.com. Now it’s time to start going through other apps and see if they use IPv6. Have you enabled IPv6 yet?

Synology DSM 5.0-4493 Update 4 Released

Support.

Synology has just released Update 4 for DSM 5. The updates fixes OpenSSL and Kerberos security issues among other things. The last Synology security exploit to hit the news was based on old vulnerabilities. So while it’s a pain you should plan to patch as soon as it’s practical. I updated my DS212J, DS212+ and DS1511+ without a problem. And so far, no new errors have surfaced.

 

Google dominates top 10 apps, says ComScore

Google dominates top 10 apps, says ComScore.

This is another “duh” survey. Android dominates in pure market share for smartphones (over 85%). The real story here is that Facebook is number 1. Maybe not a shocker, but people do have to install it and set it up.

Other non-Google apps are Instagram (owned by Facebook). Apple Maps and Yahoo News. Apple Maps surprised me being tied for #10. With all the bad press and the fact that Apple only has about 22% of the market this was unexpected.

 

This is What’s Wrong With Security Reporting

Yahoo news picked up this story and it trended to the top (many others also carried it with the same sensationalization . While the meat of the story may have some good information (although not new information), the headline and conclusions are meant to draw clicks.

Headline:

Your Gmail App Is Shockingly Easy to Hack

In the first paragraph:

..allows them access to mobile Gmail accounts with a 92 percent success rate.

What’s wrong with this? Well, for one the “hack” requires downloading a malicious app to your Android phone. And that 92% success rate? Only among those that download the malicious app.

Yes, it would be nice if shared memory could not me accessed. But that shared memory access also brings benefits (OK, I assume the benefits part. Don’t ask me to list them).

They didn’t test other mobile OS’s but say the hack should work on them too. I’m no developer but I thought on iOS shared memory wasn’t, well, shared by apps. Which resulted in many of the complaints about apps not working together. I’ve also read comments that apps don’t access shared memory on Windows Phone. So this calls into question that assumption by the researchers.

In any event it works on other mobile OS’s, even for Android the headline should be “Installing malicious app will cause security issue!” But I guess that falls into the non-clickworthy “duh” category.

Synology DS212+ Rebuild

The system drive of my Synology NAS ran out of space. I resolved the immediate problems but there was still damage done. I decided the quickest solution was a complete system rebuild.

Synology feature image tile - blackI recently ran out of system drive disk space on my Synology 212+ NAS. While I was able to free up the space and resolve the immediate problems I was still having less critical problems. Photos were no longer being indexed and thumbnails weren’t being created. In addition, the system monitor application and widget weren’t reporting any usage information. There may have been other issues but I stopped looking once I decided that a rebuild was the fastest way to recovery. I already had good and verified backups. Since the NAS was accessible again I was able to verify configuration settings to make sure I had the latest information.

Attempts to fix the problem while trying to preserve the data and not do a full firmware wipe and re-install all failed to resolve the problem. Most of the rebuild was easy enough, simple file copies from my backups, but there were some issues worth mentioning.

Configuration Backup

In addition to the file backups I also backup the Synology configuration once a week but I did it again just to make sure I have the latest configuration.

This is done through the Control Panel as show in the following screenshots. The results is a single file with a .dss extension.

Synology DSM 5 Control Panel
Select “Updates and Restore” from the Synology Control Panel
Synology Configuration Backup
Select the “Configuration Backup” tab then click the “Backup Configuration” button
Confirm the backup
Confirm the backup by clicking “Yes”

Reset Procedure

The reset procedure worked as described, with one change. In step 6 I had to do the reboot manually, otherwise the NAS was in “Migratable” mode and not install mode.

DSM 5 Synology Assistant
Migratable – not what I want – it didn’t fix my problems.
DSM 5 Synology Assistant
Not Installed – what I want

The reset procedure is:

  1. Have the Synology system in the ready state.
  2. Look at the back of the Synology System, find a small reset hole near the USB ports.
  3. Using a paper clip, gently depress and hold down the recessed button for about four seconds.
  4. The system will beep once.
  5. After hearing the system beep once, release the button and press it again for another four seconds.
  6. The system will beep three times and execute a reboot. This is where I had to manually reboot.
  7. After rebooting, launch the Synology Assistant and install the firmware.
  8. Restore the configuration file.

The configuration file restore is done through the same screens as the configuration backup except the “Restore Configuration” button is selected.

Share Creation & Package Installs

I had to recreate my shares. While the user IDs were restored with the configuration I did have to set the share permissions and any disk quotas.

Packages also had to be re-installed and any configuration manually entered. Any package which requires an index needs to rebuild that index. For me this was Audio Station, Video Station and Photo Station. Photo Station was a hassle and gets a section dedicated to it down below.

Photo Station Re-Install

Photo Station was the biggest hassle among all of this. This was mainly due to the DSM 5 Photo Station Uploader. I has actually just used the DSM 4 Photo Uploader to move the Photos to my DSM 212J and it wasn’t bad. But I upgraded to the DSM 5 uploader to be on the latest version, which in theory is always best.

The DSM 5 uploader definitely uploaded the photos faster than the DSM 4 uploader, but it missed many of the thumbnails so the Synology NAS started to do its own, much slower, thumbnail creation.

The Photo Uploader does the thumbnail creation on the computer (which in my case is a Mac Mini). I could see multiple convert processes running during the upload and my Mac wasn’t otherwise busy. I had to group the uploads in relatively small batches. Because of my directory structure this was at most 2,000 files per upload. I definitely had problems anytime I tried to upload more than 4,000 files. It’s like something started to break around 2,000 files and it came completely off the rails after about 3,000.

But even this wasn’t perfect. There were several times I went in and deleted directory trees where the upload failed to upload thumbnails. The re-upload then worked OK. But this was tedious and in the end out of about 40,000 uploaded files Synology told me it had about 8,000 files to index. This took a few days.

The uploader is capable of running multiple upload windows on the desktop . This made things worse when I tested it so only doing one upload process at a time is recommended based on my experience.

If the NAS is busy, say with an unrelated file copy, the photo upload will also miss more thumbnails than it uploads. I quickly learned not to even try uploading the photos until the rest of my files were restored.

While not a bug, one thing to keep in mind is the way that Photo Uploader handles the “skip files that have been uploaded” option. In my testing it seems the uploader only looks at the file name and not any other attributes. For example, I put all my original photos in specific directory tree (albums). I have other albums (directories) with “best of”, edited photos or by a topic for viewing. The same name is frequently used across all albums even if there is some minor editing. With this option selected only the first file encountered gets uploaded and the rest are skipped. The file names are remembered from session to session.

Using the photo uploader as part of the reset process does work, it’s just very time consuming. I’ll be testing the built in application backup to see if it works any faster.

Wrapping Up

The good news is I was able to completely restore my Synology NAS from my standard backups without any lost data. Under lessons learned I need to look for a better way to restore the Photo Station files. I like Photo Station and expect the number of photos it manages to grow. Hopefully the application backup will work faster.

Looping Synology NAS Logon

My Synology DS 212+ acted like it was possessed by a demon. I eventually traced the problem and resolved it.

Synology feature image tile - blackMy Synology DS212+ NAS went wonky today. Wonky seems like an appropriate technical term. It had stopped indexing some photos I uploaded so I took the usual troubleshooting step and rebooted. Then things went down hill from there.

After the reboot, and logging on with the admin ID, I would keep getting the initial Welcome Wizard although it wouldn’t let me actually do anything and run through the wizard. Despite this, I could access the file shares.

Screenshot showing welcome wizard

After the usual browser troubleshooting steps I hadn’t made any progress. I found that I could access the server from my iPhone if I used DSM Mobile. But as soon as I would try the full DSM I’d get the wizard.

DSM Mobile gave me enough access so that I could give my regular ID system administrator privileges. Once I did that I could logon to the full website with my regular ID but with greater access to check things out. That’s when I noticed that the DSM Upgrade gave me a out of disk message. A full system volume sure would explain a lot although there’s not much I could do from the GUI.

Screenshot showing out of disk message

First I enabled SSH:

Screenshooting showing SSH setting

Then I used terminal to SSH into the Synology NAS as root. The root password is the same password given to the Admin ID.

>ssh root@192.168.1.100    (IP address of Synology NAS)

One connected I ran the following commands:

 >mkdir /tmp/work/  
 >mount /dev/md0 /tmp/work/  
 >cd /tmp/work/  

Then I worked my way down to find out which directory is using too much and then the large files:

>du -hs *

This will list all the directories and their sizes. I change into the largest directory (mine was nearly 2GB and was var). I switched into the directory and executed ds -hs * again. Eventually I found I had two 800+ MB files in /var/log/httpd. Both were archived logs so I deleted them as follows:
>rm sys-cgi_log.1
>rm sys-cgi_log.1.xz

I still had a much smaller sys-cgi_log file so it seemed safe to delete those two.

I rebooted after deleting the files.

I still had to run through the welcome wizard when I logged on with admin. I simply picked the option to “skip” any configuration and was brought to the DSM desktop. My user specific desktop settings were gone but all files and services are there.

The monitoring app and widget can’t connect to the service so won’t run. This is a minor annoyance. A search of the forums shows a re-install as a solution. If this is the only problem I have, I’ll wait to see if the next patch fixes the problem.

What caused the log to grow so large still needs some research. But for now I’ll monitor their size.

End of an Era

My Windows Home Server era lasted six and a half years but finally came to an end this month.

Windows Home Server splash screen tileJuly 2014 brought the end of an era that began in January of 2008. I shut down my Windows Home Server. Except for a brief two month fling with an Ubuntu home server I’ve had a Windows Home Server running for the last six and a half years. There’s nothing replacing it. Although, an existing Synology NAS takes over some duties.

My Windows Home Server started with two small drives on a HP Windows Home Server version 1. It grew to a home built box with over 20 TB of disk by the time WHS 2 was released. Eventually it began to shrink and by the time I shut it down it was an HP MicroServer with four 3 TB drives plus an OS drive. My needs continued to shrink and even this was more than I needed.

By far most of my drive space was used by video files. These, along with files being archived, were all that was on my Windows Home Server. All my non-video data had been moved to my Synology NAS.

The growth of streaming and cloud services meant my local video library rarely grew. Even in the rare cases where I bought a video, all else being equal, I’d prefer a cloud purchase and not have to worry about local storage. My Blu-Ray purchases for the past year could be counted on one hand.

I rarely accessed the WHS files, yet the server was running 24 hours a day, seven days a week. So as I was looking to downsize and save electricity, this was an obvious first choice.

So I cleaned up the files on my Synology DS1511+ NAS which I uses for backups and files storage and copied my video library to the available space. I had so many duplicate files and backups I was also able to free up another five 3 TB drives that were in an expansion unit and still have room for the WHS files.

So I copied the Windows Home Server files to the Synology 1511+ and then copied them to a few of the freed up drives to be put in storage as a backup. The Synology 1511+ just gets fired up every weekend to refresh backups and verify the drives still spin.

I moved a couple of the 3 TB drives to my Synology 212+ NAS which serves as my main data storage for what I consider my active data. The extra space will be used for time machine backups and future needs.

Windows Home Server will be supported into 2016 so there was no rush for me to replace it. Despite this, time has moved on and now my Synology NAS is better suited to my needs which doesn’t include needing terabytes of files being always available.

Disabling DHCP on an Airport Extreme Router

I’ve been looking at the Apple Airport Extreme.

Disabling DHCP on an Airport Extreme Router

I’ve been testing an Airport Extreme Router and found that I couldn’t disable using it as a DHCP server. Well, actually if it’s in bridge mode it won’t be a DHCP server but I wanted it as a router, not a bridge.

I’m using what are the current Airport Extreme and Airport Utility. The Airport Utility version is 6.3.2 (632.3). The Airport Extreme shows a version of 7.7.3 (which I assume is the firmware but it just says version) and the part number is ME918LL/A. It is the current model at the time of this post (July 2014).

The three router modes are:

Available router modes
Available router modes

I wanted to use it as a NAT router but without DHCP. I already have a DHCP server I want to keep (my Synology NAS). I couldn’t really turn off DHCP but there was an easy enough way to get around this limitiation.

The short instructions are summarized in the screenshot below (details later).
Configuration to prevent DHCP addresses
1. Set a small DHCP range using IP addresses that aren’t used by the real DHCP server or any other device on the network. (Actually, it can probably duplicate another device but this is cleaner.) In the screenshot I used 192.168.1.253 to 192.168.1.254. I had to use two addresses, the same beginning and ending addresses weren’t allowed.
2. Create dummy DHCP reservations for each of the IP addresses. The MAC addresses don’t have to be real.

Detailed Instructions

  1. Open the Airport Extreme Utility and go to the Network tab and click the Network Options button.
    Airport Extreme network tab
  2. Set a DHCP range that’s appropriate for your network. Use addresses that aren’t used by any of your computers or other DHCP ranges. (In theory none of these addresses should be used, but keeping things valid will avoid problems.) Save the screen and you’ll be back on the network tab.
    DHCP range
  3. Click the “+” sign under “DHCP Reservations.
    Click the + to add the DHCP reservations
  4. Type in a description, make sure “MAC Address” is selected for “Reserve Address By” and type an dummy Mac address. I just type the number “1” (or 2) until it stops me. Then save the information.
    Screenshot of the DHCP reservation
  5. Repeat step 4 for all IPs in the DHCP range. The Airport Utility will prefill an unreserved IP in the range so you don’t need to keep track.
  6. Save everything all the way out and your Airport Extreme will restart.

In the end the Airport Extreme is still running a DHCP server, except it doesn’t have any IP addresses to hand out so the “real” DHCP will be the only one to respond.