|Linux Domain Admins as root||Wednesday 26th November 2014|
It is possible to add some Linux distributions to a Windows Active Directory domain. On openSUSE 13.2 this is a case of ensuring you've got the "samba-client" package installed and you should be able to see "Windows Domain Membership" under "Network Services" in YaST.|
Adding is fairly simple and you can select whether you want to authenticate users and create home directories.
This will grant everybody with an AD account logon rights to the box. Brilliant, but you probably want to be able to administer the box too. As Linux tries to encourage us not to logon as root, but to instead elevate our privileges explicitly when doing sensitive commands through the "sudo" command, we should try and embrace that with our Windows membership.
To grant all Domain Admin users access to run sudo for anything on the box we need to adjust the sudoers file. This is something that YaST allows us to configure, but it falls apart when trying to handle spaces in group names, so we have to do it by hand.
To edit the file, you cannot just use VI, you need to use a special command "visudo", which runs vim in some magical mode for this file. Then you just need to add the following line to the bottom of the file:
%DOMAIN\\domain\ admins ALL=(ALL) NOPASSWD:ALLReplacing "DOMAIN" with whatever your domain is. The % means it's a group.
Users logged in through AD in the domain admins group will be able to run sudo without being prompted for the root password.
|pfSense ping Virtual IP||Tuesday 11th November 2014|
I'm currently trying out pfSense as a virtual firewall/router. I have to say I'm rather impressed! I have been planning to take a look at it for some time, it has a solid following and the press is nothing but good. I felt though it might be bit of a plunge that I didn't have time for and, being fully featured, a pain to get configured just right. It clearly has a corporate focus unlike things like DD-WRT that are clearly more domestically focused.|
The reason I finally gave it a go was I was having trouble getting openSUSE to make a PPPoE connection to my broadband modem - I was trying to see if it would work through a virtual switch. As a last ditch attempt I thought I'd try pfSense to rule out the software - it worked straight away, in fact it was very easy to setup, so easy in fact I decided to stick with it.
I was pleasantly surprised at the level of detail in the on-screen notes. Where you often have a box with a TLA that only hardened professionals know what to enter, pfSense does an excellent job of hinting you if you're unsure. It is vastly more configurable and extensible that I thought and easily provides the minimal functionality I got out of DD-WRT. It has far better UI support for some of the more convoluted networking things, which on DD-WRT resulted in having to write the commands by hand.
There is only one thing that got me stuck and that is how to handle a block of IP addresses on the WAN interface. I have a small /29 block of IP addresses that I want to serve up through the same firewall. But using PPPoE, only the default address is assigned. This is easily solved, but to get things working just right, you have to be a bit picky. Virtual IP can be easily configured, but the trick is to add each IP address explicitly as its own IP alias, and not use any network blocks or the like.
Once they've been added as IP aliases you can continue on your merry way, selecting them from the destination list when wanting to use NAT. The only problem I had was with ICMP and pings. Often best practice is to not have your Internet connected devices respond to anything, this though is often sometimes far from practical. So I wanted to allow pings to work. Adding in a firewall rule to allow it worked fine for my default WAN address but not for any of the VIPs. A search of the net and a trawl of IRC didn't help. In the end I ran a packet capture whilst pinging a VIP externally, it showed that the pings were coming in but the response was going back out from the default address and not the address of the VIP. Which meant nothing married up.
The fix then is quite simple and that is to add a NAT for all ICMP traffic on each of the VIPs to go to the default external WAN address. NATting takes care of address translation so when the response is sent back, it appears to be coming from the VIP instead of the WAN address.
Hope this helps somebody.
|Gigabyte GA-X99-UD4 boot loop||Friday 7th November 2014|
I recently bought a spanking new Gigabyte GA-X99-UD4 motherboard for a new build. Having previously used a Gigabyte in my X58 build I was happy with the quality, performance and stability of their products.|
The UD4 motherboard, to me, is the sensible choice out of the X99 launch line-up. Although new boards have been released since that may be a smarter purchase (I've not looked). Gigabyte were at the front of the trend using high-quality components on their high-end boards. Solid-state capacitors, thicker copper on the PCB etc. I've seen many motherboards fail in my time, but the Gigabyte ones seem to be pretty tough even with some hot overclocking.
The UD4 in particular had a decent PCIe layout, making use of all 7 ATX expansion slots, a lot of other brands had 6 - may not be an issue, but I certainly had maxed out the expansion slots on my last build with upgrades and SLI. Keeping this flexibility is important to me. There are then other boards in the Gigabyte X99 series that are more expensive but add little for me. You can get one with Wifi built in (if you're spending money on an X99 platform, you should cough up for an Ethernet cable), or you can get one with the obscure "Killer" LAN network interface instead of the highly performing and well supported Intel gigabyte nic. Keeping with the main-stream when it comes to computers saves so much pain in the long-run. I've had so many issues with drivers for lesser well known manufacturers. Not always on day-one, but when a new OS is released, or I want to do something more than surf the net.
As often with the cutting edge, things have teething problems, as a geek I accept that this will be the case if I buy in on day one. The UD4 is no exception, but luckily Gigabyte are pretty good at rolling out beta BIOS updates to resolve issues - and my system appeared to be fine. That was until I enabled XMP on my memory. XMP is embedded settings for your memory and it's speed. Your system will run your RAM at the default settings, but performance memory is capable of so much more, exactly what is detailed in XMP on the modules. You select the profile in your BIOS and your computer gets faster. Brilliant.
In particular I was trying to use the XMP profile on my Corsair CMK16GX4M4A2666C15 memory to clock it at 2,666MHz instead of the default 2,133MHz. This worked fine until I connected USB devices to the front of my case (or directly to the front USB headers on the motherboard). I have a fan-controller and card-reader which attach here, so fairly important to me. In this situation, the system would not successfully POST (power-on-self-test), and instead get stuck in a boot loop where it would fail to boot and restart itself with default settings.
This started off really disheartening, as to start with I didn't know what was causing the issue. I had to go back to basics of unplugging everything and then putting them back in to see what would cause the problem, which is how I identified the USB ports as being the problem. I contacted Gigabyte support who asserted that the memory I am using has been tested with the board and it's probably an issue with the memory. This though clearly was not the case as the system was stable and fine with XMP - provided the front USB ports weren't connected. A previous beta BIOS (F9c) had already resolved the same boot-loop issue with the front USB ports even without XMP enabled, so the problem seemed clear.
Luckily Gigabyte provided me with an experimental BIOS - which made absolutely no difference. I went back to them and seemed to get back to first-line support again. After pushing back again all went quiet until yesterday when I received a F9f BIOS - currently unavailable on their web-site - which resolves the issue.
So - if you've stumbled across this site through search because of a similar issue, you'll need to update your BIOS to F9f, hopefully this will be on the Gigabyte web-site soon, if not you'll have to raise a support ticket with them.
|Freelancer game||Wednesday 5th November 2014|
With Elite: Dangerous looming I've been feeling the urge to play a space-game. The last good one I remember was Freelancer, I really enjoyed that game on the Wireplay multiplayer server.|
Released in 2003 it's a bit dated now in terms of graphics but was a pretty detailed game with a huge fan and modding community. There isn't so much information around for it these days, but just enough in archives to get the good stuff.
It's a pretty big world, and without hints from other people it would get too boring before you found them. Still, I never did finish the campaign story the first time round, so I discarded my old save-games (yes, I have save games from 2003) and started afresh. I enjoyed the campaign more so than the first time I tried it. I paid more attention to reputation and was more careful about which factions I took missions for this time, as I knew this could be game-breaking if you're constantly being swarmed by enemies.
I was a little disappointed all my efforts were reset at the end of the story. Still, a single run against the "DSE" storage units outside Fort Bush put my rep back to tolerable, and a single (albeit expensive) bribe for the Junkers at Rochester Base sorted me for the rest of the game.
I knew I wanted to get a Sabre very heavy fighter so knew I had to keep the pirates neutral and also level my character up and get enough money for the top-spec stuff. Which leads to the backbone of the non-story game; trading.
Back in the day, it was the Diamond Run that everybody raved about, and I can remember doing it frequently. Head off to Solarius Station in Omega-11 (or Freital Base if you're friendly with the Red Hessians). This is where all the diamonds come from, so it's cheap. Paying ~$200 per unit you'd then wind your way up to New Tokyo via Sigma-13 and sell them on for $1650 a unit. You could then carry on to Tau-37 and stock up on Niobium from Falkland base for $160 each and turn back to Rheiland going "across the top" through the often hostile Omicron Alpha and Beta and down to Leipzig Station in Dresden and selling your cargo for $1600. You could shorten the journey a bit by paying higher prices when you purchased, so it depended on how long you wanted to spend travelling or how hostile systems were.
What wasn't around in the early days was the rather nifty Freelancer Companion, which is a small app that lists the best trades from your current location, with the added bonus of routing information it can also work out the profile per distance. This was a bit of an eye opener as the Diamond Run, whilst grossing the most income is only rated at $117/sec out and $102 back. Using this tool, other routes became far more profitable.
The best route (which apparently will only work in Single Player as the jump-hole is locked in multiplayer) is to take Cardamine from the Junker's Yanagi Depot in Sigma-13 at $510 a unit, through the very close (about 5K) jump hole to New Berlin to sell on the planet at $1349. This nets $621/sec, which is staggering compared to the infamous Diamond Run. Sure Cardamine is a restricted item but the Rheiland police don't get enough time to scan and make you drop before you've docked with the planet. You can get $221/sec on the return trip with Engine Components. Each trip is only a couple of minutes long so it's a great way to rapidly cash, and level, up.
In the end, I got my Sabre from Planet Malta ($560K), Class 10 Adv. Brigandine Positron Shield ($312K), two Prometheus from the Viking wreck (Omicron Alpha, 6D), I had already picked up Diamondbacks from a wreck Sigma-13, 5C. Topped it off with some Skyblast B's from somewhere and a Adv. Debilitator for the shields from Detroit Munitions.
And that's pretty much the most powerful ship you can put together in the normal game. And then of course, unless you're really into your roll-playing games it gets really, really dull. I enjoyed the nostalgia of drifting through space, having the odd epic-laser battle and finally destroying ships in New York with a single shot. But once you've got your character as you want, what's the point in playing any more? This time round it took me 20 hours from beginning to end, including leaving the game open whilst getting snacks etc. I remember I managed to get about 60 hours of the multiplayer with other people. Not really superb.
This then is my fear for Elite: Dangerous. Also having picked up the free The New Kind 30th anniversary edition of the original Elite and spec-ing up my ship in about four hours, I'm wondering whether I'll keep interest in the new game, out later this year.
There is a lot more to explore in Elite: Dangerous, all 400 billion stars in our galaxy - but that's an impossible feat, nobody will visit them all (do the maths, it's staggering) - so what is there to do? Even in multiplayer, with no ability to quickly get from one side of the galaxy to another it's likely you'll never come across another human player if you decide to step out of the starting "core" systems. You can explore systems, make money, and improve your ship - so what's left once you've done that?
Pretty much combat. There are vast oceans of games that don't have any levelling or building characters. You just pit yourself against an enemy and fight to the death. And this is where Freelancer fell down, it's too easy to make the game easy by keeping on the good side of everybody and it's also too easy to kill ships once you've got yours levelled up, as your ship is so far more advanced.
Elite should be able to keep people coming back before if the combat is accessible and but not easy - and critically, the AI fly their ships in a believable fashion. You won't be able to spend a great deal of time fighting humans because of their rarity and mostly because a lot of them will cry when you get in the way of their trading simulation and promptly ignore you (removing themselves from your environment).
Time of course will tell, but hopefully more than 20 hours of time.