Posts Tagged ‘linux’

Removing Encryption from Home Directories in Ubuntu 9.10

Friday, March 5th, 2010

I recently assembled a new workstation for home and in the process did a clean install of Ubuntu 9.10 on the system.  Though I have been working with Ubuntu’s very handy ecryptfs setup for encrypted home directories, I had limited such to laptops and had never done so on a desktop system before.  I figured I would give it a try and see what happened.

Performance tests done by others had always shown that there was a slight degradation of speed on ecryptfs encrypted filesystems, which I had fully expected, but I ran into something I hadn’t dealt with on my laptop: directory trees with hundreds of thousands of files.

The difference in speed of accessing individual files a few at a time in ecryptfs was never really noticeable, but I had never tried to stat a tree of 600,000+ files before.  It was as if my brand new system was an artifact from the ’70’s.  It dropped to its knees and cried.

Not believing how slow it was, I tested the issue by copying the directory tree to an unencrypted filesystem on the same physical hard drive and the same task (running ‘tree’ on the directory structure) took only a few seconds, instead of minutes.  It was apparent that any task which had to do a lot of file stat processing, simply dragged to a crawl under ecyptfs.

I was left with the dilemma of how to deal with changing my entire home directory under the ecryptfs system – complete with Ubuntu’s handy automatic mounting – to a standard, unencrypted form.  A bit of searching on the Web lead to dozens of approaches, some as drastic as copying the files to an unencrypted filesystem and removing the ecryptfs software.  That seemed ludicrous to me.  There should be no reason to disable an entire feature globally, to deal with one directory.

I finally came across some handy information on a blog, which gave me a clue as to how the automatic mounting worked in Ubuntu 9.04.  Although not exactly the same as the Ubuntu 9.10 implementation, it was more than enough to give me a very simple way to not only remove the encryption from my home directory, but to allow the system to work for me in creating an encrypted directory to use within my home directory, which took advantage of the slick auto-mount setup the Ubuntu developers had designed.

So, should anyone stumble on this issue, I’ll detail the steps taken here on how to alter Ubuntu 9.10 to switch a full home directory encryption to a normal home directory with an auto-mounting encrypted sub-directory.  The process is amazingly simple.  All text in red are actual commands to type. Green text is a file or directory path. “username” is a token for the name of your account.

  • Logoff the system.  No occurrences of your user account should be active.
  • Login as root or a different sudo enabled account.
  • Make sure that your account’s home directory is not mounted, using the ‘df‘ command.  If it is still in place, use umount /home/username to un-mount the encrypted filesystem.
  • Change the line “/home/username” to “/home/username/Private” in the /home/.ecryptfs/username/.ecryptfs/Private.mnt file using your favorite text editor.
  • mkdir /home/username/Private
  • chown username.username Private
  • Reboot the computer. (You can try restarting the cryptdisks init scripts, but I didn’t have any luck with it.)

When you login now, your previous home directory will be mounted at /home/username/Private instead of at /home/username.  Login the first time using a console rather than X11 (Ctrl-Alt-[F1-F6] from the login screen should be available) and move what files you want from ~/Private to your home directory and use the ~/Private encrypted directory for your sensitive documents.  Moving your dotfiles and hidden sub-directories back into /home/username is a good idea, unless you feel like re-configuring Gnome or KDE.

From this point on, Ubuntu will continue to automatically mount and dismount your ~/Private directory, just as it did for your entire home directory before.

Tags: , , , , , , ,
Posted in Asides, Computers | No Comments »

A Tale of Two Systems (Three, really)

Wednesday, April 29th, 2009

I downloaded Kubuntu 9.04 the day it came out, to see if the bugs and other irritations of the previous release candidates had been worked out. At first, I installed it on my laptop, a Compaq Evo N800w and everything worked flawlessly out of the box, except for the PCMCIA wireless card, which I have yet to work out. That is, as they say, another story.

I worked on the laptop for a day or so and found myself quite happy with KDE 4.2.2 and the features it had. Though I had originally thought that the Plasma system would be worthless to me, once I found out that many plasmoids could be put in the dock(s) – it was an easy sell. The home directory encryption through ecrypt and flawless mounting of said directory at login, plus the added speed (quite noticeable) and large file size support of the EXT4 filesystem were icing on the cake.

I appreciated the new features and the new look and grew to like it enough to take the plunge. I installed it on my desktop system at home and work.

That’s when my troubles began. The saga went as such…

The systems both ran on an nVidia Quadro FX 3000 video card, which have served me well for some time. My old setup was running KDE 3.5.10 with Compiz-Fusion 0.7.4 without a single problem. I had been running Beryl for some time and Compiz before that and have only had a handful of crashes over the years, no worse than dropping out of X to the KDM login screen.

Kubuntu 9.04 was not destined to be that nice to me.

After installing on my home machine via Kubuntu’s upgrade path from 8.04 LTS to 9.04, things ran well enough for a time. But I started to get random lockups. Not X crashing, or even a kernel dump – it just locked up. After a hard reset, there was nothing in the logs to say why – which lead me to believe it is was kernel issue and a bad one.

At first I thought that perhaps the update process was messed up and I should install from scratch. After reading a few posts on various groups talking about disabling KDE4’s desktop effects to stop lockups, I figured I’d try that first. No luck. I disabled Compiz, going right down to bare bones KWM. No luck. Random lockups, with no rhyme or reason to them.

It smelled like a kernel issue to me, but I had no proof.

I finally decided to update my work workstation, which had the same card, to see if it might be an nVidia driver issue. No problems, even running with two monitors. The motherboards were different as were the CPU’s, but the video cards were identical, which made me put the aspect of a video driver problem on the back burner.

On a lark, a friend of mine gave me an old card he wasn’t using anymore, an nVidia GeForce 7600 GS. The 7600 took a newer driver and has a different GPU, which I thought might help me diagnose things if it worked without a problem. No go. It still locked up. It still smelled like a kernel issue.

So far, my home workstation was the only victim. Something with the motherboard, perhaps? I would have kept thinking that way, except that over the weekend, the work system locked up as well. Nothing in the logs. No sign as to why. I wasn’t even logged in locally to the machine, just remotely across SSH.

Now I had two different CPU’s (both AMD), two different motherboards and two different video cards (both nVidia, but running different drivers) which kept locking up on me. Thinking that perhaps the nVidia commercial drivers were the problem, I removed those from the equation and ran the open source “nv” driver instead on both machines. No luck, they both still would lock up randomly. My home workstation locked up when KDM wasn’t even running, as I tried installing a different driver, so I suspected that the video drivers and X11 were not the issue involved.

However, I had also reached my limit of tolerance. I reinstalled Ubuntu 8.04 LTS on both machines and have had no problems at all since. Yet, the laptop has yet to exhibit the same symptoms…

Though the laptop is using the open source drivers for it’s ATI video chip, it is running with Compiz and KDE4’s full effects and has no problem. I honestly don’t think this is an X issue.

What my mind keeps returning to is one factor: the CPU. Both of the desktop systems, with different motherboards, run AMD CPU’s. My laptop is running an Intel Mobile Pentium 4. I suspect that there is some nasty bug in the 2.6.28 kernel which doesn’t play well with AMD chips. Since I have nothing to go on in the logs and no kernel dumps to submit, I’m left waiting to see if the rest of the world runs into the same. Time will tell, I guess.

In the meantime, I’ll be patient. I can wait for KDE4, as attractive as it has become. Perhaps I’ll even try a different distribution with KDE4 included, to see if I have similar results – only this time I’ll do it on an AMD machine which is purely sacrificial.

I’ve been happy with Ubuntu, being Debian based, but allowing for real-world software at the same time. However, if I remain with the distribution it will be on a caveat: if I don’t have a couple of sacrificial machines to test on first, I’ll wait for the next LTS release.

I should have known better from the start.  A 96 hour ordeal, I could have avoided.

P.S.  For those that thing that 96 hours is a long time, bear in mind that the lockups were random and I was restoring my home directory and other partitions from backups as well between OS versions back and forth.

Tags: , ,
Posted in Asides, Computers, Personal | 2 Comments »

KDE4 Revisited

Thursday, October 30th, 2008

Back in February, I took a look at the new KDE4 and what I had found was less than desired. Always willing to re-address an issue, I installed the newer 4.1 version of the beta and dug around a bit.

I found much of what I had complained about has been cleaned up. Configuration is much easier now and previously missing configuration controls have been put back in place. The KDE team has restored my faith in the new version with this alone. I was dreading a Gnome clone.

They also canned the Duplo Lego look, for something not quite as chunky, but still too large. Thankfully, with the re-established controls in place, you can fix it quickly.

The Plasma widgets never really impressed me and they still don’t, though they are getting better. Dolphin is an interesting file manager, but konqueror still holds my heart there. Both are included, of course, so choice rules supreme. (Not that I do much with a graphical file manager, as the command line is where I typically roam.)

Kickoff finally has the ability to revert to the standard KDE3 style menu. Thank you!

Integration with Compiz-Fussion was seamless and I didn’t run into any troubles – rather amazing considering the complexity of it.

However, the one thing KDE4 still lacks is application stability. I couldn’t go for longer than ten minutes at a time without an application crash. Scrolling menus often didn’t refresh correctly. Shortcut settings would change in the interface, but not work. KMail couldn’t empty the Trash folder on my IMAP accounts without dying. The desktop itself never died, but I couldn’t get much work done.

In short, KDE4 is not ready for real work, but it’s getting better – much better. Once the environment is out of beta, I’m pretty confident at this point that it will suit me just fine and satisfy my needs for a completely configurable desktop environment.

Again, I’m thankful. I didn’t really want to move to Gnome.

Addendum: It appears that the newly released Kubuntu 8.10 has abandoned KDE3 and gone exclusively with KDE4.  I can’t imagine why they would do this, considering the issues I’ve seen with lack of stability.  Time to dig up a test machine and try a fresh install, I think.

Tags: , , , ,
Posted in Computers | No Comments »

Debian Idiocy

Tuesday, May 20th, 2008

So that I’m not accused of being unfairly biased against Microsoft (I am biased against Microsoft, but I don’t believe I’m being unfair about it. :twisted: ) I have to comment on the latest fiasco from the Debian Linux team.

This one hit me head on and caused me a few hours of unwanted work, as well as a general feeling of unease, as the two workstations and three servers I own personally are using Ubuntu’s OpenSSL and OpenSSH packages (Ubuntu is a derivative of Debian.)

The problem is a simple one.  The package maintainer of OpenSSL of the Debian project decided that because Valgrind and IBM’s Rational Purify were having issues with error messages when linked against OpenSSL, that he’d ‘fix’ OpenSSL and OpenSSH (and everything else using libssl) by removing the code needed to generate truly random numbers for key generation.  This limited keys to being seeded by a short INT: 1 to 32,768.  Well, you don’t have to be a security expert to know that if you are limited to 32,768 “random” numbers, it won’t take long to brute force attack such keys.

Hence, the problem.  All versions of OpenSSL and OpenSSH used by Debian since Sept. 17th, 2006 up to the recent Debian updates, use this retarded random number scheme and generated easily broken security keys, for otherwise secure standards.

What this meant for me was a general feeling of insecurity and now a distrust of the Debian distribution, not to mention a few of hours of my life I would have rather spent doing anything but replacing keys.  This isn’t just an innocent mistake, this is moronic maneuver beyond belief.  Gergely Risko, sums it up nicely.

The whole mess was caused by one person, Kurt Roeckx.  He took a shortcut rather than a valid fix for a simple problem. To make it worse, he somewhat tried to cover up his mistake by releasing the real fix (putting the code back in) in the “unstable” release code, and not saying a word about it for a full week.

I’d almost be willing to forgive him for the initial mistake, if it weren’t for the fact that even a non-expert in security code (aka, me) could tell at a glance that this was a very bad thing to do.  That he tried to silently re-introduce the code back in without letting people know of the dangers, is even less forgivable.

If the Debian team has any integrity, they’ll move Kurt over to something that he can better handle, something which is not essential to security.  No sense in throwing out the maintainer with the bath water, as it were.

In the meantime, I don’t think I’m going to have a lot of trust in ‘fakechroot’ doing the right thing, either.  (Kurt maintains that package as well.)

Tags: , , , , , , , , ,
Posted in Computers | No Comments »

KDE 4

Thursday, February 21st, 2008

I don’t personally use Windows for anything but a gaming console, so if you’re not a Linux or BSD propeller head, this blurb might not mean anything to you. Windows users don’t have a desktop choice, so this entire topic is going to be an alien encounter, and if you think that Vista’s Aero is an advanced interface, you’ll definitely be traveling well outside of known space here. One thing to think about, however, poor Windows laden sods: KDE 4 applications will run on Windows. Perhaps this article might not be of interest to you, but KDE4 might be after all is said and done.

Currently I’m running KDE 3.5.8 using Compiz-Fusion 0.6.2 as the window manager and it is a beautiful marriage of functionality for how I work on a computer. So, I was excited to see what KDE4 had to offer that might improve things or simply surprise me. I took a little time over the weekend to checkout KDE 4.0.1 on my Kubuntu 7.10 system and I have to say that my feelings are mixed.

On one hand, Plasma seems to be heading toward its desired goal and will likely be an improvement to the desktop metaphor in the long run. Personally, I don’t use the desktop for anything but a background image, as I hate icons and widgets being covered up by other Windows I’m working in. I find it very annoying to have to close or make windows transparent to see the widget and I don’t want a widget on top of my working application, either. Dragging widgets off the desktop and into the taskbar can avoid the desktop clutter, but I already have this. I run a single session of gkrellm and all widgets I need for monitoring and what have you are in a contained dock which isn’t covered and takes little room on the screen. So for me, Plasma probably won’t offer a lot, as it adds nothing to my work environment. However, for the typical desktop user, I think it will add quite a bit to the experience.

It is good to see the typical file and folder concept extended to be more than a visual key to a hierarchical filesystem. Container systems such as KDE3’s Basket is a similar step in the right direction. Organization of material by thought process, rather than filesystem placement is a more natural organization system. Aside from a few anal people like myself, most don’t really implement much of a logical hierarchy to their personal files to be useful in locating needed material. Plasma’s not-quite-finished ability to “zoom” between relational structures has some real potential and that holds my keen interest.

I also liked the polished look of things, though the default large font sizes annoyed me to no end. Once I had that straightened out, my general experience improved dramatically. The OpenGL additions seemed to work seamlessly and frankly, I’m a sucker for eye candy as long as it has some functionality as well. (Though, there was nothing there that I don’t already have with Compiz-Fusion, KDE-only users will appreciate it.) The true integration with Compiz-Fusion’s virtual desktops via the KDE desktop manager was a long desired feature on my list and it’s implemented beautifully.

Honestly, my enthusiasm wanes about there. There are many things that I found disappointing with the interface and I hope it is not a sign of things to stay.

First and foremost, where did the traditional hyper-configurable nature of KDE go? The whole reason that I chose KDE over Gnome was two fold: the ability to customize everything, from the layout of menus, to the exact width and height of specific applications when opened (to name just two of thousands of customizable settings); and the integrated application intercommunication that DCOP made so easy to use.

KDE4 hasn’t lost the application intercommunication, it has merely switched to D-Bus, still allowing modular components to be used by multiple applications and cross application communication is still there, (though I haven’t played with it yet, as I have with various scripts to manipulate the DCOP environment in KDE3,) but the GUI customization options are simply gone. It’s dumbed down, giving no where near the flexibility of KDE3’s normal environment. Mind you, since a lot of configuration is apparently now being handled by XML files (D-Bus standards,) or so I’ve read somewhere, perhaps customization is merely a text editor away. Unfortunately, I couldn’t find a single source of documentation for doing any of this yet. I’ll admit as well that I have to learn D-Bus usage in general, as I’ve barely examined the system. I am actually excited about D-Bus being used, though, as Gnome and many other applications use D-Bus – allowing the functionality of KDE to extend well outside of the scope of KDE itself. I would imaging it is Compiz-Fusion’s support of D-Bus which allows the KDE4 virtual desktop manager to interact seamlessly, for example. This was a great decision on the KDE design team’s part.

I mentioned the large default font sizes earlier and I wish I could say that this ended with fonts. The new taskbar is a eye sore, far too large for my tastes. There is no option to resize the taskbar in KDE4 at all and that’s inexcusable in my book. I want control of my interface, especially a part that intrusive. Speaking of super-sized interfaces, everything in KDE4 felt that way. It reminded me of working on the Amiga years ago. Huge this and large that – a veritable Duplo Lego block desktop. This would be excusable if you could tweak it how you wanted from the default, but again, such is not the case. This Windows-like behavior of locking you into someone else’s aesthetic viewpoint, really turned me off. The lack of customization for each application came to be no different than the general desktop. It’s gone. KDE4 applications seem as non-customizable by default as Gnome or plain X Window System. It can be done, I’m certain, but a simple GUI method for doing so is missing and desired. About the only thing kept from KDE3’s customization system is the ability to change keyboard shortcuts.

By far the worst of the interface change is the main menu, Kickoff. The layered, step-into approach that Vista blew chunks with, is mirrored here. Eh gads! I can’t express how annoying this menu system is for me! I find it clumsy and slow. The original Kmenu and Tasty Menu (which I use in KDE3) are far superior. One can only hope that decent replacements for Kickoff come out for KDE4. Raptor, doesn’t look to be it. I need a menu where I can quickly examine offerings based on category, listing available applications that I may never have run before.

Moving away from interface design issues – though I realize that KDE4 is currently in Release Candidate form, it feels more like a beta to me. Konqueror crashed on me repeatedly and when I added my server’s Sitebar URL to the Konqueror sidebar, it wouldn’t refresh. Even resizing the sidebar left behind non-erasable tracks of the previous divider positions. I also couldn’t fill in form data on any URL I tried within the sidebar.

KMail seemed equally robust – that is to say, it crashed three times on me in half an hour, finally loosing all settings for server (IMAP and SMTP) accounts in the last crash.

As it stands to date, KDE4 is certainly not ready for prime time when it comes to stability. I expected some problems, but what I hit was too much. This is beta or even alpha level software, if we’re being honest here.

If its customization ability is going to be locked into the current state, without the hyper-flexibility I’m used to with KDE3, then I’m going to start shopping for a different desktop manager. Plasma offers nothing for me, really – which unfortunately seems to be KDE4’s eggs in one basket. It will be great for those who use desktop icons and various gadgets, who don’t cover the whole available screen with application windows, or are willing to hit a key to hide those or bring widgets to the forefront – but that’s not me.

Quite honestly, Compiz-Fusion provides enough of the tweaking and interface control I need for almost everything, so having a desktop manager on top of that has been for the inter-application connectivity more than anything else, coupled with a functional taskbar. With D-Bus being used as a standard, I’ll be able to run KDE4 applications (once they’re release quality) without having to run the entire KDE environment and still have the inter-application operations.

The lack of application level customization in KDE4 might actually make me re-examine Gnome. There will be no need to have the bloated taskbar and other interface crud, if KDE4’s only advantage over Gnome is Plasma – which I won’t be using. With both desktop environments running D-Bus, inter-operations should be seamless. I’ll run KDE4 apps when I need them, no matter the desktop environment running.

I’ll hold off final judgment until KDE 4.1.x is released, as I imagine it will truly be a release candidate by that time. At that point we should be able to tell if the lack of customization is simply an oversight for the time being, or the nature of KDE to come.

Tags: , , ,
Posted in Computers | No Comments »