neuro.me.uk

I have a cheap dedicated server running Ubuntu Linux — the 8.04 LTS “Hardy Heron” release — with Kimsufi, the budget arm of French hosting company OVH. All their Linux servers (and FreeBSD servers too, I think) are provisioned with their own custom, static kernel. This, they say, makes it “secure”. It also makes it a pain in the ass to use, since you lose kernel module functionality. So I went through this scary, but straightforward process to put the standard Ubuntu kernel back. Note that I did this procedure on their entry level C-05G server, and your mileage may vary dependent on which server you lease from them, and what hardware specification you have (and ergo what kernel drivers you’ll need). Stuff you should type below is in bold type.

First, let’s check what kernel we’re running:

neuro@hera:~$ uname -a
Linux hera 2.6.27.10-grsec-xxxx-grs-ipv4-64 #6 SMP Fri Aug 14 10:29:05 UTC 2009 x86_64 GNU/Linux

Yup, some scary, weird kernel that OVH have compiled and installed themselves — although to be fair, they do provide kernel configs to compile a different variant yourself, but I wanted to use the stock Ubuntu 64-bit kernel.

So after doing sudo apt-get update && sudo apt-get upgrade to make sure everything else is up to date, let’s install the GRUB boot loader, and the stock Ubuntu Server kernel image.

neuro@hera:~$ sudo apt-get install linux-server grub
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
linux-image-2.6.24-24-server linux-image-server
linux-ubuntu-modules-2.6.24-24-server
Suggested packages:
grub-doc mdadm linux-doc-2.6.24 linux-source-2.6.24
The following NEW packages will be installed
grub linux-image-2.6.24-24-server linux-image-server linux-server
linux-ubuntu-modules-2.6.24-24-server
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 24.4MB of archives.
After this operation, 111MB of additional disk space will be used.
Do you want to continue [Y/n]?
Get: 1 ftp://mir1.ovh.net hardy-updates/main grub 0.97-29ubuntu21.1 [871kB]
Get: 2 http://security.ubuntu.com hardy-security/main linux-image-2.6.24-24-server 2.6.24-24.59 [17.8MB]
Get: 3 http://security.ubuntu.com hardy-security/main linux-ubuntu-modules-2.6.24-24-server 2.6.24-24.39 [5671kB]
Get: 4 http://security.ubuntu.com hardy-security/main linux-image-server 2.6.24.24.26 [26.6kB]
Get: 5 http://security.ubuntu.com hardy-security/restricted linux-server 2.6.24.24.26 [26.6kB]
Fetched 24.4MB in 2s (9414kB/s)
Preconfiguring packages ...
Selecting previously deselected package linux-image-2.6.24-24-server.
(Reading database ... 38251 files and directories currently installed.)
Unpacking linux-image-2.6.24-24-server (from .../linux-image-2.6.24-24-server_2.6.24-24.59_amd64.deb) ...
Done.
Selecting previously deselected package linux-ubuntu-modules-2.6.24-24-server.
Unpacking linux-ubuntu-modules-2.6.24-24-server (from .../linux-ubuntu-modules-2.6.24-24-server_2.6.24-24.39_amd64.deb) ...
Selecting previously deselected package grub.
Unpacking grub (from .../grub_0.97-29ubuntu21.1_amd64.deb) ...
Selecting previously deselected package linux-image-server.
Unpacking linux-image-server (from .../linux-image-server_2.6.24.24.26_amd64.deb) ...
Selecting previously deselected package linux-server.
Unpacking linux-server (from .../linux-server_2.6.24.24.26_amd64.deb) ...
Setting up linux-image-2.6.24-24-server (2.6.24-24.59) ...
Running depmod.
update-initramfs: Generating /boot/initrd.img-2.6.24-24-server
Running postinst hook script /sbin/update-grub.
Searching for GRUB installation directory ...
No GRUB directory found. To create a template run 'mkdir /boot/grub' first. To install grub, install it manually or try the 'grub-install' command. ### Warning, grub-install is used to change your MBR. ###

User postinst hook script [/sbin/update-grub] exited with value 1
dpkg: error processing linux-image-2.6.24-24-server (--configure):
subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of linux-ubuntu-modules-2.6.24-24-server:
linux-ubuntu-modules-2.6.24-24-server depends on linux-image-2.6.24-24-server; however:
Package linux-image-2.6.24-24-server is not configured yet.
dpkg: error processing linux-ubuntu-modules-2.6.24-24-server (--configure):
dependency problems - leaving unconfigured
Setting up grub (0.97-29ubuntu21.1) ...

dpkg: dependency problems prevent configuration of linux-image-server:
linux-image-server depends on linux-image-2.6.24-24-server; however:
Package linux-image-2.6.24-24-server is not configured yet.
linux-image-server depends on linux-ubuntu-modules-2.6.24-24-server; however:
Package linux-ubuntu-modules-2.6.24-24-server is not configured yet.
dpkg: error processing linux-image-server (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of linux-server:
linux-server depends on linux-image-server (= 2.6.24.24.26); however:
Package linux-image-server is not configured yet.
dpkg: error processing linux-server (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
linux-image-2.6.24-24-server
linux-ubuntu-modules-2.6.24-24-server
linux-image-server
linux-server
E: Sub-process /usr/bin/dpkg returned an error code (1)

OK, that didn’t look so good, but it’s all right. Now, we’ll fix the problem that GRUB was complaining about, then complete the install.

neuro@hera:~$ sudo mkdir /boot/grub
neuro@hera:~$ sudo apt-get install grub
Reading package lists... Done
Building dependency tree
Reading state information... Done
grub is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
4 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Setting up linux-image-2.6.24-24-server (2.6.24-24.59) ...
Running depmod.
update-initramfs: Generating /boot/initrd.img-2.6.24-24-server
Running postinst hook script /sbin/update-grub.
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... Generating /boot/grub/default file and setting the default boot entry to 0
Searching for GRUB installation directory ... found: /boot/grub
Testing for an existing GRUB menu.lst file ...

Could not find /boot/grub/menu.lst file. Would you like /boot/grub/menu.lst generated for you? (y/N) y
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-2.6.24-24-server
Updating /boot/grub/menu.lst ... done

Setting up linux-ubuntu-modules-2.6.24-24-server (2.6.24-24.39) ...
update-initramfs: Generating /boot/initrd.img-2.6.24-24-server

Setting up linux-image-server (2.6.24.24.26) ...
Setting up linux-server (2.6.24.24.26) ...

And that’s that part fixed! Now we just need to configure GRUB to point in the right direction, and install it to the MBR (Master Boot Record).

neuro@hera:~$ sudo grub-install --recheck --root-directory=/ /dev/sda
Probing devices to guess BIOS drives. This may take a long time.
Installing GRUB to /dev/sda as (hd0)...
Installation finished. No error reported.
This is the contents of the device map //boot/grub/device.map.
Check if this is correct or not. If any of the lines is incorrect,
fix it and re-run the script `grub-install'.

(fd0) /dev/fd0
(hd0) /dev/sda
neuro@hera:~$ sudo grub
Probing devices to guess BIOS drives. This may take a long time.

[ Minimal BASH-like line editing is supported. For
the first word, TAB lists possible command
completions. Anywhere else TAB lists the possible
completions of a device/filename. ]
grub> root (hd0,0)
root (hd0,0)
grub> find /boot/grub/stage2
find /boot/grub/stage2
(hd0,0)
grub> setup (hd0)
setup (hd0)
Checking if "/boot/grub/stage1" exists... yes
Checking if "/boot/grub/stage2" exists... yes
Checking if "/boot/grub/e2fs_stage1_5" exists... yes
Running "embed /boot/grub/e2fs_stage1_5 (hd0)"... 16 sectors are embedded.
succeeded
Running "install /boot/grub/stage1 (hd0) (hd0)1+16 p (hd0,0)/boot/grub/stage2 /boot/grub/menu.lst"... succeeded
Done.
grub> quit
quit

… and now both kernel and bootloader are installed. Time for the scary part. From another machine, ping the server (if you’re running Windows, and pinging from the command prompt, use ping -t instead of just ping to continuously ping rather than just try 5 times; press Ctrl+C to cancel the ping at any time). Now that we’re monitoring whether the server is up or not, we can reboot it to use the new kernel …

neuro@hera:~$ sudo shutdown -r -f now

Broadcast message from neuro@hera
(/dev/pts/1) at 10:14 ...

The system is going down for reboot NOW!
neuro@hera:~$ logout
Connection to hera closed.

You should see the server stop responding to pings, then a minute or so later, start responding again.

If it doesn’t respond after a few minutes, don’t panic, use the Netboot mode to reboot your server, using a network-boot kernel. Once there, you can simply do sudo lilo -v which will re-install the original LILO bootloader, using the OVH-installed kernel, or stick with the netboot kernel if you like.

However, if the server does start responding to pings again (and it should), you can now ssh back in and check things out …

$ ssh hera
Linux hera 2.6.24-24-server #1 SMP Tue Aug 18 16:51:43 UTC 2009 x86_64

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To access official Ubuntu documentation, please visit:

http://help.ubuntu.com/

Last login: Sun Sep 20 06:43:01 2009
neuro@hera:~$ uname -a
Linux hera 2.6.24-24-server #1 SMP Tue Aug 18 16:51:43 UTC 2009 x86_64 GNU/Linux

Woo hoo. A standard Ubuntu kernel, that can take kernel modules, and be updated regularly using apt-get, aptitude, etc. Of course, you can mix this up using other packaged kernels, such as the -rt real time kernel, or the -xen kernel to use Xen virtual machines. Go nuts, because at least now you can use your server as Shuttleworth and co intended!

Note: this procedure worked perfectly for me, but as mentioned at the start, YMMV: I can’t be held responsible if it all goes tango uniform, and Bad Things Happen. Proceed at your own risk, and good luck!

(With apologies to Monty Python)

Four well-dressed men sitting together at a LUG meeting, surrounding a laptop running Ubuntu 9.04.

First Yorkshireman (1Y): Ahh … Very passable, this, very passable.

Second Yorkshireman (2Y): Nothing like a good install of Ubuntu Jaunty, eh Gessiah?

Third Yorkshireman (3Y): You’re right there, Obediah.

Fourth Yorkshireman (4Y): Who’d a thought fifteen years ago we’d all be sittin’ here recordin’ a podcast usin’ Jokosher on Ubuntu?

1Y: Aye. In them days, we’d a’ been glad to have Slackware installed on t’hard disk.

2Y: A beta of Slackware.

3Y: Without network card or CD-ROM drive.

4Y: Or a hard disk!

1Y: In a filthy Packard Bell.

3Y: We never used to have Packard Bell. We used to have to use RM Nimbuses.

2Y: The best we could manage was to suck on a piece of a Sinclair QL.

4Y: But you know, we were happy in those days, though we were poor.

1Y: Aye. Because we were poor. My old Dad used to say to me, “Money doesn’t buy you operatin’ systems.”

3Y: ‘E was right. I was happier then and I had nothin’. We used to use Yggdrasil Linux on an old Compaq with half of case missin’.

2Y: Case? You were lucky to have a case! We used to have motherboards and components scattered about floor for ’servers, all hundred and twenty-six of ‘em, no cable ties. Half the things were un-updated; we were all huddled together in one corner for fear of being DDoSed!

4Y: You were lucky to have updates! *We* used to have to hand-patch kernels every week!

1Y: Ohhhh we used to dream of hand-patching kernels! Woulda been a weight lifted to us. We used to infiltrate remote systems to snoop on the kernel to see what’d been changed the night before to reverse engineer t’changes back on our own kernels. Patches!? Hmph.

3Y: Well when I say “patch” it was a hard copy of a diff printed on continuous paper with the green lines on it, but it were a patch to us.

2Y: We stopped gettin’ our hard copies; we had to fly to Finland and get Linus to transcribe bloody diffs onto notebooks!

4Y: You were lucky to have notebooks! There were a hundred and sixty of us passing code changes across Europe by t’game of Chinese Whispers.

1Y: By phone?

4Y: Aye.

1Y: You were lucky. We lived for three months in a telephone exchange intercepting phone calls on the off-chance we’d catch your Chinese Whispers. We’d scratch the diffs onto nearby bits of copper wire, swallow ‘em and spend fourteen hours on bog trying to get em back again when we got home. Then our Dad would thrash us t’sleep with his copy of BYTE!

2Y: Luxury. We use to have to swim t’Finland at three o’clock in the morning, sneak up to Torvalds’ house, spy on him until he typed in the bits we thought he was changing, scribble them down on newspaper and post them and ourselves back by DHL, come home, and Dad would beat us around the head and neck with a broken Tulip network card, if we were lucky!

4Y: Well we had it tough. We used to have to get up at twelve o’clock at night, figure out t’diffs by mental projection, lick t’diffs onto EEPROMs for 1,166 Swatch Internet beats, debug the compiler with a slide rule, and when we got home, our Dad would slice us in two with unsheathed Cat 5.

3Y: Right. I had to steal kernel diffs from you bastards, invent time machine, go back in time, give diffs to Torvalds to implement as the first version of the code instead of the twentieth, go forward in time, and find all the diffs already implemented in the kernel I got with Slackware, and when we got home, our Dad would kill us, and dance about on our graves singing the Free Software Song.

1Y: But you try and tell the young people today that … and they won’t believe ya’.

ALL: Nope, nope …

As someone said on IRC this morning: “the FSF appear to have come up with the perfect plan for how to look like a bunch of annoying, smart-arse tossers“. Has the Free Software Foundation gone nuts?

Update 13:30: I don’t seem to be alone on this: popey, mgdm, ZDNet, Slashdot.

I’ve been saying for a while that the more zealous methods used by proponents of Free software have been somewhat over-the-top, and do more to detract from the FOSS public image than to build upon it in a constructive way. Now they’ve taken a sip from the poisoned Kool-Aid. The FSF, via it’s Defective by Design campaign, is advocating that people block-book sessions at an Apple Store’s Genius Bar, a sort of drop-in and bookable repair and support centre. “Having lots of slots booked will get Apple’s attention and ensure that the Geniuses have done their homework”, says the ‘Apple Challenge’ page, posted by FSF employee Matt Lee. The rationale apparently is that Apple is now the enemy, since Vista is doing more damage to itself than anyone else can from outside Microsoft, and the first target are the Apple Store’s Genius Bars.

Update 13:35: Just noticed this on IRC …
[13:33]<mgdm> popey: you mean mattl actually uses a Mac?
[13:33] <popey> he does
[13:33] <mgdm> IRONY OVERLOAD *head asplodes*

My employer purchased both AppleCare and ProCare for my MBP, which has come in extremely handy when the ‘O’ key snapped off (keyboard replaced overnight), my battery failed to hold a charge (replaced immediately upon attending pre-booked Genius Bar session) and my motherboard GPU failed (motherboard replaced in 90 minutes). Now imagine any of the following scenarios: you’re unsure how to use your newly purchased Macbook; you’re trying to connect a camera to your Mac to transfer photos to iPhoto and print them to send to relatives in a frame; your machine has failed in some way and urgently needs repaired, as you use it for your business. You try to book a session at the Genius Bar to resolve any of these issues, and … it’s fully booked. For days. Wow, they must be busy.

Well, no, it’s actually a bunch of uber-asshole Free software zealots thinking they’re “special”, attempting to monopolise a consumer resource in an attempt to “educate” or “catch out” Apple Store employees, some of whom may have used Macs for years, others may have had a crash course in Apple products so that they know as much as they can about the stuff they sell, but little else. Why harass these people? It’s like having a constant stream of people going up to the counter at McDonald’s and espousing the benefits of a low-carb, high-fibre diet to the person who can do the least about it. Genius Bar employees may know all about FOSS, but critically it’s not their job to promote it. It’s not a “product” to be “sold”, but a philosophy to be shared.

A plea to the FSF: stop harassing Apple staff, and stop alienating the very people you’re trying to “save”. There are better, more ethical, more agreeable methods to promote FOSS. What you’re doing is none of those things. In the meantime, you’ve virtually guaranteed I will never promote, condone, contribute or donate to any FSF body, project or campaign. I’ve had a “Warning, DRM” defectivebydesign.org sticker on my Macbook Pro for a while now, mainly for comedic value. It’s gone now. I no longer want to be seen to be promoting these idiots in any way. As much as I love the thought of Free and Open Source Software being used everywhere and anywhere, this is just not the way to be going about it.

Yes, I’m in Rant mode again; just sent this to PC Pro magazine:

To: letters@pcpro.co.uk
From: neuro@well.com
Subject: Wishlist

Hi PC Pro Letters,

I was pretty disgusted to note the completely haphazard manner in which David Fearon researched and documented Ubuntu Linux’s “downsides” in your “Who’s Killing Windows?” feature (p122, issue 156). He references the relatively complex Synaptic package manager application to add and remove software, when for over a year a simple and usable “Add/Remove Applications” applet has been sitting at the bottom of the Applications menu in every standard install of Ubuntu. The rest of the article was littered with errors, and this has led me to a wishlist, a la Jon Honeyball’s (p128-129, issue 156).

1. PC Pro should endeavour to contract writers who are knowledgeable on their chosen topic. If they can’t write authoritatively about the subject they are submitting articles on, they shouldn’t write them at all. The Real World section is terrible for being full of inaccuracies while purporting to be written by experts.
2. More editorials from high profile figures from outside the IT industry, and real critical pieces from regular contributors such as Dick Pountain’s diatribe on cover discs.
3. No more rambling back page rants from Jon Honeyball, please.
4. More space for readers’ letters; surely you receive more than 10 usable missives a month? This is the age of Web 2.0, interactivity!
5. Less screengrabs of websites in Real World and elsewhere, cf Steve Cassidy’s MS and IBM grabs (p175-176, issue 156). I understand writers sometimes struggle to find appropriate art, and that pictures speak thousands of words, but it’s akin to BBC News Online posting a shoddy screengrab of google.com to talk about Google. If you have to screengrab, at least get an app or relevant shot.

This is the first I’ve been compelled to write to PC Pro to complain in years of reading, and the magazine is otherwise consistently excellent. Hopefully this will be taken as constructive criticism and not just a random slating! Keep up the good work.

At last, someone at Google has realised something that I and others have known about for ages: it takes ages to install applications on Windows because everything is disparate and has its own installer.

On Ubuntu, I can fire up a simple Add Applications applet which allows me to browse a selection of apps of varying kinds, such as development tools, Internet utilities and browsers, games, and so on. On Windows, once the core operating system and freebie MS applets are installed, I have to seek out the stuff I want from many different places.

Google Pack will change that. It provides a simple install/uninstall one-window interface to Google and select third-party applications on the Windows platform. They are:

• Google Earth, Desktop, Toolbar, Picasa, Talk, and the new Video Player and Pack Screensaver;
• Mozilla Firefox with Google Toolbar, Norton AntiVirus 2005 Special Edition, Ad-aware SE, Trillian, Gallery Player HD, RealPlayer, and Adobe Reader.

That reads like an excellent line-up of useful apps to be installed on a brand-new machine. It’ll also auto-detect previously installed apps, so if you’ve already got the latest releases of Google Earth and Adobe Reader installed, it’ll mark them as up-to-date and leave them alone.

Genius, just genius. You have to ask why Microsoft didn’t do this years ago.