DEBIAN PRO

DEBIAN PRO
DEBIAN

jueves, 29 de septiembre de 2016

Google vs Yahoo


1998: YAHOO refused to acquire Google for 1M
2002: YAHOO realized its mistake and offered 3B, Google requested 5B, YAHOO refused.
2008: Microsoft offered 50B to acquire YAHOO, YAHOO rejected the offer
2016: YAHOO has been acquired for 5B Current, value of Google is around 545B

lunes, 12 de septiembre de 2016

EBITDA


Información sobre EBITDA.
https://es.wikipedia.org/wiki/EBITDA

Como tantos indicadores, pueden dar una idea general de la posición económica de una empresa, pero tener cuidado.

sábado, 10 de septiembre de 2016

Arch Linux


Cada 2/3 meses hay que instalar desde cero un ArchLinux..... son cosas que hay que recordar y darle valor.
Puedes instalar un OBSD 6.0 o un ArchLinux, aunque prefiero Debian, es bueno instalar un Arch también.

Dejo el tutorial de Instalación con XFCE (My Desktop preferido)
https://www.howtoforge.com/tutorial/arch-linux-installation-with-xfce-desktop/

Ante dudas mirar este link también-
https://wiki.archlinux.org/index.php/Installation_guide

lunes, 5 de septiembre de 2016

GPG4USB es tu amigo.


Este post te explicará los conceptos básicos del sistema de Clave Pública/Privada (GPG gnu pretty privacity), anteriormente llamado PGP (Pretty Good Privacy) creado en 1991 por Phil Zimmermann.

Está pensado para que puedas entender los conceptos y aprender a usar la herramienta, algo que vengo usando desde 1999. (ver mis claves mas usadas en https://dcialdella.no-ip.com/dac.asc )

Mi idea al escribir el post es que le sirva a la gente que quiera entender que es GPG, solución gratuita, funcional y para mantener su privacidad.
Intenté hacerlo simple y corto pero no fue tan fácil.


ALGUNOS CONCEPTOS.
¿ Qué es GPG ?
Es un sistema criptográfico compuesto por una clave pública y privada, que permite entercambiar mensajes y ficheros entre personas garantizando la privacidad del mismo, garantizando el ORÍGEN emisor y que SOLO el DESTINO receptor pueda leerlo. También permite "LA FIRMA" de un mensaje para que un destinatario pueda garantizar que lo mandé yo mismo y no fué alterado en el camino.

Una explicación mas detallada, ver aqui https://es.wikipedia.org/wiki/Pretty_Good_Privacy

GPG4USB es un producto gratuito que utiliza GPG pero que permite tener los programas y las llaves en una carpeta. Esa carpeta se puede copiar y tener en un Pendrive (o donde la necesitemos). Sería la versión portátil y fácil de usar, con un GUI muy sencillo y al estar hecho bajo la licencia GPL nos garantiza la calidad y la auditoría de su código.

Los pasos para poder usar GPG son :

* Descargar GPG4USB (que es lo más fácil) de este sitio. https://gpg4usb.org/download.html

* Descomprimir la fichero en una carpeta, personalmente prefiero hacerlo en un PENDRIVE y llevarlo a todos lados. Si quiero usarlo, basta conectar el pendrive y darle doble-click al ejecutable. (mas sencillo imposible !!!!)

* Al ejecutarlo por primera vez, veremos algo como esto.


* A la derecha, veremos que ya tenemos una clave "pública" almacenada en nuestro programa. Es la clave usada por los desarrolladores, con un fingerprint ( F145 3A7A 02E5 4A6F CD41 5C87 80A4 4321 2ECD 733A ), aunque puede que en futuras versiones cambie. Si le damos botón derecho y "SHOW KEYDETAILS", veremos que se creó en el 2008. el email asociado gpg4usb@cpunk.de, la medida de la clave.


* Ahora tenemos que crearnos una clave personal. Será nuestra clave para enviar/recibir información y tiene el mismo valor que las llaves de nuestra casa/coche.
Como comentamos antes, el sistema se basa en un proceso que genera una clave "pública y otra privada". Como analogía, la clave privada es nuestra llave de casa y la llave pública la cerradura de casa. No es exactamente así pero como concepto nos sirve.
Ambas claves trabajarán en conjunto para realizar el proceso de "abrir" algo y también para que quien tenga "una copia de mi cerradura" y yo pueda meter mi llave y abrir, confirmará que esa cerradura es mia.

El proceso de generar la llave y la cerradura utiliza números primos muy grandes y es de los sistemas mas seguros que existen hoy en dia, si alquien quiere copiarnos la lalve o cerradura se dice que demorará cientos/miles de años para hacerlo.
En seguridad, el nivel de "SEGURO" se mide en cuanto tiempo se necesita para romperlo. Hoy en dia GPG es "lo mas seguro".

Para crear nuestra primer llave y candado (clave privada y pública) debemos ir a "KEYS", luego "MANAGE KEYS", luego "KEY" y "GENERATE KEY". En ese punto vamos a crearnos una clave.
Se pueden crear tantas claves como querramos, es gratuito y bueno dar diferentes llaves a diferentes personas.
También usar claves para la familia y otras para fines comerciales.
Y las combinaciones que querramos. Todo esto es gratis, fácil y sirve para tener mas seguridad.

Al crear la clave debemos asociar un nombre (ej: DAC Clave para amigos), un email (para que sea fácil de encontrar luego), un comentario (blabla), la longitud de la clave (hoy en dia la máxima longitud en bits es 4096), es gratis entonces usemos la clave mas grande..... y luego una contraseña que usaremos para validar que somos nosotros para poder usar la clave GPG.
Es decir, para poder encriptar, firmar o desencriptar un mensaje tengo que decirle al programa GPG4USB que "yo soy yo" usando esta clave.
Obviamente esta clave debe ser larga, con letras, números y símbolos especiales para que también sea segura. Lo mismo que cualquiera de nuestras claves de correo, web, etc...

* El proceso demorará unos segundos/minutos hasta que nos aparezca el mensaje de "COMPLETADO", en ese momento ya tendremos nuestra clave PRIVADA/PÚBLICA creada.



* En la ventana de la derecha, aparecerá una línea indicando que ya existe una nueva clave privada/pública (la que acabamos de crear). En mi caso tengo cientos de claves públicas de personas con las que me escribo y mis claves privadas.



* ¿ Qué hago con mi clave pública ahora ?
Botón de la derecha sobre la clave personal que me acabo de crear y selecciono "APPEND SELECT KEY TO TEXT", verán que aparece en la ventana de la izquierda un texto similar a este.
Arriba del mensaje dice "PUBLIC KEY" (Clave pública)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFcV8WkBEACr1HGdclejqG9X41/I1P1Nl+HOjeb0Gq62uVawr4b4/h76sZL/
rgpBG/Kf7enN6uIREQ7X7DCRACEzFEZ1pOfxe0cUiF6Isn9D7fAE9f7SWJE7PIEv
NUEBjs63MzxJLLa6wOuJuB/wmWYe0B3cWcksRXscFjXycgANJrIRbmNJjH3qS3Ny
.....
T3CdoNOz+3G4tBWC6guZDL+vuxE/7fkP/U28EbmH8RsEr8xIzKSsNDOkkeBBbwCx
ZGxczeuXZSeMgpukFEveHGdarN9xU5xfbICQg/h4qx4xdU9EHwz7XfYquLBcT8ft
ZkiDlET0uBlAMa6BR1ncnA==
=9Bl/
-----END PGP PUBLIC KEY BLOCK-----


Como pueden ver arriba de todo es mi CLAVE PÚBLICA.



* Esa clave se copiará a los servidores de claves en internet (pgp.mit.edu y otros) automáticamente.
No hay problemas en copiar mi clave en esos servidores, como tampoco hay problemas en darle mi clave PUBLICA a todos mis conocidos. Es "COMO SI FUERA MI CERRADURA", puedo dar copias porque la llave la tengo yo.

Ese texto generado (clave pública) se que puede copiar y enviar a todas las personas con las que quiero intercambiar mensajes encriptados o que puedan verificar que soy el generador de un contenido.

Cuando creamos la clave pusimos un email, eso quiere decir que otras personas podrán buscar nuestras claves en los servidores de claves públicas (como el del MIT) poniendo ese email. Si buscan dcialdella@gmail.com verán algunas de mis claves.

También es posible exportar la clave privada, lo veremos al final de todo. Sólo es recomendable tener la clave privada en un fichero texto aislado y sin acceso físico por nadie (caja fuerte). Esa clave nos representa y quien tenga ese fichero será nosotros mismos.


* Ahora el concepto principal de GPG.
Si tenemos la clave PUBLICA de alquien (nuestro amigo) le podemos enviar un mensaje encriptado (usando SU clave pública) y solamente él podrá leerlo (porque tiene SU clave privada).
Si él nos envia un mensaje usará nuestra clave pública, nosotros lo leeremos con nuestra clave privada.

Veamos un ejemplo, queremos enviarle un mensaje privado a los chicos que mantienen GPG4USB.

En la ventana de la izquierda escribo un texto, en la derecha SELECCIONE su clave pública.
Y luego pulso el botón de "ENCRYPT", arriba a la izquierda.


GPG4USB encriptó el texto y nosotros debemos copiarlo/pegarlo en el programa de correos que usemos.


Veremos arriba que dice "PGP MESSAGE", este texto es UN MENSAJE PGP encriptado.

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hQIMAxRjiX6x1+xoAQ/9Hkbu/OyETJVB/kdjbXoEXFdqd2yD9KoyjwH5DQ/HJ/MW
zLCJzYHdDhWEdJ9Fy+4awDEywQCyLHCdE/jHfcGhUhQdFn18GVFKv30Wjh/bvZb/
eYl4glKjJcHLUgGeO/Vo33QDq9OlYw989qMH12GNUzT8ya2pxVhcDQCYXwBiMmiz
09E09u0Fm6xFB3HQlyNisi69QOU6v0OckO8OMqc7EVDsRuwrcG4TkGJOQJAoVdz8
5SPyEkTfBxscwFjjph7yGZc2EjOhwnCdzAJENcwiBkFxMao/+vVRvrPYVAMC0lwB
BfSl4eowsK/SE19MGzcqhuXLj8Z3nQ/U8p8LsBHs20WqsLH6igKDPl6SnAdiV7+g
p45Flr52wM80j2FxRmqncP8vzL/NZqBe6B5nisZhjHJs3AWdk5GqfU8Lrw==
=RxYM
-----END PGP MESSAGE-----

* También tiene un botón de FILE, para encriptar y des-encriptar un fichero, seleccionamos el FICHERO INPUT (Entrada), el fichero OUTPUT (Salida encriptada) y que clave queremos usar (usará la clave pública de los destinatarios)


* Supongamos que escribo un texto en la ventana de la izquierda, y SELECCIONO la clave de alguien PERO NO SELECCIONO MI PROPIA CLAVE, el mensaje se encripta y SOLO el destinatario puede verlo. ESO ME EXCLUYE y yo no puedo des-encriptar el mensaje porque no estoy entre los destinatarios del mismo (o mi clave pública no se usó para encriptarlo).

En esta pantalla, encripté un mensaje para alguien y luego quiero desencriptarlo. No podré porque no tengo la clave PRIVADA del destino necesaria para ver el contenido.
Tuve y usé la clave pública de otro para encriptarlo, pero sin la clave privada del otro no puedo desencriptarlo.




* El último concepto es la firma de un mensaje.
En la ventana izquierda escribo un texto y selecciono "SIGN" (firmar), aparecerá un mensaje similar a este.
Se puede ver que dice "SIGNED MESSAGE, dentro está el texto en claro (no está encriptado, está firmado. Y debajo la firma.
Alguien puede pegarlo en su ventana y decir "VERIFY". Para garantizar que fué enviado usando mis llaves.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Esto es un mensaje firmado que garantiza que lo escribí yo.

dac
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXza6KAAoJEAKSVO1cS35oFuoP/A2xWepKrbvNOwVne8bdR8PT
QKftMDG1IBdEF80dHtr9n+7vm5pOUOdgI0Sw1kXLiQIcBAEBAgAGBQJXza6KAAoJ
EFrfEQONEt0KFuoP/21Ewph/D0zBSkMIjOelZrgoOFVlsUQzx+xXx/9f11bcYTWu
Y+C0XM2KsLcTKLQ+FGxXLmtkq8waP547qBkFKNFpv6z+LcnJHEJBF5kiookP
=YVwT
-----END PGP SIGNATURE-----




viernes, 2 de septiembre de 2016

Debian 8.5 - OpenBsd 6.0 OBSD (Part II)


* After config the Proxy/Repositories for OpenBSD.

pkg_add install xfce (to have the same that Debian)
3 minutes downloading and installing components.

A good link to install XFCE4.
http://www.gabsoftware.com/tips/tutorial-installing-xfce-on-openbsd-4-8/

pkg_add install firefox gimp yelp unzip zip sox ruby python remmina postfix pidgin ntp conky cups gcc git gnupg keepassx libreoffice
(can't install tcpdump perl r-base mysql-server mysql-client alsa gambas3 girl htop )


df -h
Filesystem Size Used Avail Capacity Mounted on
Filesystem Size Used Avail Capacity Mounted on
/dev/wd0a 530M 57.7M 446M 11% /
/dev/wd0k 4.5G 20.0K 4.3G 0% /home
/dev/wd0d 841M 10.0K 799M 0% /tmp
/dev/wd0f 1.3G 372M 900M 29% /usr
/dev/wd0g 776M 212M 525M 29% /usr/X11R6
/dev/wd0h 2.9G 2.5G 217M 92% /usr/local
/dev/wd0j 1.6G 2.0K 1.5G 0% /usr/obj
/dev/wd0i 1.2G 32.6M 1.1G 3% /usr/src
/dev/wd0e 1.2G 17.8M 1.1G 1% /var

Now with all packages installed (90% the same that Debian) the space used is +/- exactly the same.
372 + 212 + 57 + 2500 + 32 + 18 = 3191 mb = 3.2 GB

So, at the end the space needed in Debian and OBSD is very similar.







Debian 8.5.
Disk space used 3gb
Memory near 190 mb used (swap free), less than 0.3% CPU usage.


Filesystem Size Used Avail Use% Mounted on
udev 513M 0 513M 0% /dev
tmpfs 105M 3.5M 102M 4% /run
/dev/sda1 12G 3.0G 8.0G 28% /
tmpfs 523M 70k 523M 1% /dev/shm
tmpfs 5.3M 4.1k 5.3M 1% /run/lock
tmpfs 523M 0 523M 0% /sys/fs/cgroup
tmpfs 105M 4.1k 105M 1% /run/user/115
tmpfs 105M 8.2k 105M 1% /run/user/1000


OpenBsd 6.0, now running XFCE and some GUI tools installed.





Another big point is the "Application Versions", I detected it in the past lots of times....
Debian use a newest version of APP, and BSD/OBSD use older versions.
This is another big point for the security options, why use an old version if we have a new one (with improvements and bug fixes ?), and specifically OBSD being the "Most secured"


DEBIAN 8.5

OBSD 6.5


Debian 8.5 y OpenBSD 6.0 (obsd) Part I


During the past week I was in a chat about the new version of "OBSD 6.0" and I had talk about "Debian 8.5", comparatives are next step.
I don't want to say "who is better, or fast, or nice, or....."

I prepared this post with the instalation process in both O.S. and post instalation process, smart people have to identify which is better.
(my personal opinion is Debian off course...)

The second part, post installation is here.

I Choose VirtualBox, last version and my ASUS TP300La notebook as the hardware. &4 bits in both VM Servers and ISOs. Trying to do the standard process in both.
The complete process is this:



1. Environments with both servers, same virtual configuration
1 cpu, 1 gb ram, disco near 12 gb, network bridged, sound/usb connected. (both standard options)




2. Installation.

The option to choose Graphic and Text install is a "+1",
with the graphic install you could check your video card/monitor too.

Debian could choose Graphic or Text install, (Text selected)
OBsd 6.0, just text install




3. Debian Select Keyboard and Location, timezone.
OBSD Select Keyboard





4. Install Part 2.
OBsd hostname, ethernet card, dhcp, ipv6.
Select services to startup, ssh, X server, Timezone.
Debian, name, password, user. (not network config yet).



5. Disk partition.
Simple way Whole disk / Entire Disk.

Debian all in one partition, EXT4 98%, Swap 2%

OBSD. 10 partitions (may be too much) or net, depending of the usage of the server.
for Real service bringing service to lots of users, this is great. For 1 user not too much.



6. Packages / APP.

OBSD, select HTTP to install them.
Debian, installing "base packages", kernel, some basic tools, and config them into disk, and later ask for Mirrors (repositories)



7. Select all packages from Standard Install, define PROXY and go.
OBSD, select all packages (default), near 1 minute to install all of them (7) using cd0 (local cd)

Debian, select Mirror, define proxy. Less than 1 min. to download packages info.
Select GUI, services and "blends", I choose XFCE (a bit larger/heavy than others), ssh. (d7c)
More than 5 minutes to download and install 1047 packages (basic, + xfce + services), timing related to speed of access to internet.
Install GRUB (1 second)


8. OBSD reboot and start it.

9. Running

OBSD less than 1 minute and running in GUI. Type user/pass and graph terminal (o9b).
2nd reboot, same time... I guess the first boot was really fast and no special differences between 1th and 2nd boot.

Debian, reboot, startup. With XFCE4, login. XFCE4 running (d9b)



10. Updating

************************************
OBSD, useradd -b /home/dac -m dac (create a new user)
not sure what's the error, but the pkg_check failed. (o10)
pkg_add mc (failed too).

export PKG_PATH=http://ftp2.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/
pkg_add mc (error, I can't install it)

The PKG_ADD is similar to "APT/APT_GET" in debian
the Ports folder is similar to "Rolling release" where an APP is downloaded (source), and compiled in each server.


Installing "screen" utility
# pkg_add screen
quirks-2.241 signed on 2016-07-26T16:56:10Z
Ambiguous: choose package for screen
a 0:
1: screen-4.0.3p6
2: screen-4.0.3p6-shm
Your choice: 1
screen-4.0.3p6: ok


# pkg_add mc
quirks-2.241 signed on 2016-07-26T16:56:10Z
Error from http://ftp2.eu.openbsd.org/pub/OpenBSD/6.0/packages/amd64/mc-4.8.16p0.tgz
ftp: ftp2.eu.openbsd.org: no address associated with name
Can't find CONTENTS from http://ftp2.eu.openbsd.org/pub/OpenBSD/6.0/packages/amd64/mc-4.8.16p0.tgz
--- mc-4.8.16p0 -------------------
Can't install mc-4.8.16p0: bad package



I FOUND THE ERROR
I had to add this lines in /root/.profile file to define REPO online and THE PROXY.


export PKG_PATH=http://ftp2.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/

export http_proxy="http://192.168.1.2:8080"
export https_proxy=$http_proxy
export HTTP_PROXY=$http_proxy
export HTTPS_PROXY=$http_proxy

export ftp_proxy=$http_proxy
export FTP_PROXY=$http_proxy

After this,
pkg_add install mc


quirks-2.241 signed on 2016-07-26T16:56:10Z
Can't find install
mc-4.8.16p0:libffi-3.2.1p2: ok
mc-4.8.16p0:python-2.7.12: ok
mc-4.8.16p0:glib2-2.48.1: ok
mc-4.8.16p0:png-1.6.23: ok
mc-4.8.16p0:oniguruma-5.9.6: ok
mc-4.8.16p0:libslang-2.2.4p2: ok
mc-4.8.16p0:libssh2-1.7.0: ok
mc-4.8.16p0:gdiff-3.3p0: ok
mc-4.8.16p0:unzip-6.0p9: ok
mc-4.8.16p0: ok
Look in /usr/local/share/doc/pkg-readmes for extra documentation.
--- +python-2.7.12 -------------------
If you want to use this package as your default system python, as root
create symbolic links like so (overwriting any previous default):
ln -sf /usr/local/bin/python2.7 /usr/local/bin/python
ln -sf /usr/local/bin/python2.7-2to3 /usr/local/bin/2to3
ln -sf /usr/local/bin/python2.7-config /usr/local/bin/python-config
ln -sf /usr/local/bin/pydoc2.7 /usr/local/bin/pydoc





I installed "PORTS" too.
wget http://ftp2.eu.openbsd.org/pub/OpenBSD/6.0/ports.tar.gz
Untar it into /usr/ports (141 mb used)



# pkg_add install xfce
quirks-2.241 signed on 2016-07-26T16:56:10Z
Can't find install
Error from http://ftp2.eu.openbsd.org/pub/OpenBSD/6.0/packages/amd64/xfce-4.12p3.tgz
ftp: ftp2.eu.openbsd.org: no address associated with name
Can't find CONTENTS from http://ftp2.eu.openbsd.org/pub/OpenBSD/6.0/packages/amd64/xfce-4.12p3.tgz
--- xfce-4.12p3 -------------------
Can't install xfce-4.12p3: bad package



************************************
Debian, apt update, apt upgrade, apt dist-upgrade (the standard way to update server) (d10).
apt install screen

apt-get install screen
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
byobu | screenie | iselect
The following NEW packages will be installed:
screen
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 586 kB of archives.
After this operation, 1004 kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org/debian stretch/main amd64 screen amd64 4.4.0-4 [586 kB]
Fetched 586 kB in 9s (64.3 kB/s)
Selecting previously unselected package screen.
(Reading database ... 84818 files and directories currently installed.)
Preparing to unpack .../screen_4.4.0-4_amd64.deb ...
Unpacking screen (4.4.0-4) ...
Processing triggers for systemd (231-4) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up screen (4.4.0-4) ...
Processing triggers for systemd (231-4) ...



apt-get install mc
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
mc-data
Suggested packages:
arj catdvi | texlive-binaries dbview djvulibre-bin genisoimage gv imagemagick
links | w3m | lynx odt2txt poppler-utils python-boto python-tz zip
The following NEW packages will be installed:
mc mc-data
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 1776 kB of archives.
After this operation, 7112 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://ftp.us.debian.org/debian stretch/main amd64 mc-data all 3:4.8.17-1 [1265 kB]
Get:2 http://ftp.us.debian.org/debian stretch/main amd64 mc amd64 3:4.8.17-1 [511 kB]
Fetched 1776 kB in 6s (259 kB/s)
Selecting previously unselected package mc-data.
(Reading database ... 84878 files and directories currently installed.)
Preparing to unpack .../0-mc-data_3%3a4.8.17-1_all.deb ...
Unpacking mc-data (3:4.8.17-1) ...
Selecting previously unselected package mc.
Preparing to unpack .../1-mc_3%3a4.8.17-1_amd64.deb ...
Unpacking mc (3:4.8.17-1) ...
Processing triggers for mime-support (3.60) ...
Processing triggers for desktop-file-utils (0.23-1) ...
Setting up mc-data (3:4.8.17-1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for hicolor-icon-theme (0.15-1) ...
Setting up mc (3:4.8.17-1) ...
update-alternatives: using /usr/bin/mcview to provide /usr/bin/view (view) in auto mode



In Debian to compare instalation process to OBSD, I think in download linux-sources
and "compile" tools and install from Source. (gcc, make, others)

apt-get install linux-sources



11. Resources Used.
Make sense to invest hours to use 50 mb less in something ?
Our notebooks/servers have 4/8/64gb ram..... and Teras in disks.

Debian. (d11)
Running with basic/network/standards tools
Firefox, Libreoffice, Gimp, Ristretto & VLC.
Disk space used 3gb
Memory near 190 mb used (swap free), less than 0.3% CPU usage.
Service running (ssh 22)

Filesystem Size Used Avail Use% Mounted on
udev 513M 0 513M 0% /dev
tmpfs 105M 3.5M 102M 4% /run
/dev/sda1 12G 3.0G 8.0G 28% /
tmpfs 523M 70k 523M 1% /dev/shm
tmpfs 5.3M 4.1k 5.3M 1% /run/lock
tmpfs 523M 0 523M 0% /sys/fs/cgroup
tmpfs 105M 4.1k 105M 1% /run/user/115
tmpfs 105M 8.2k 105M 1% /run/user/1000

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 192.168.10.168:22 192.168.10.156:34968 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:57911 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp6 0 0 :::5353 :::*
udp6 0 0 :::60036 :::*
raw6 0 0 :::58 :::* 7


OpenBsd 6, running, only basic tools installed and no GUI tools (o11)
600 mb on disk, 54 mb used (with FVWM GUI)

Filesystem Size Used Avail Capacity Mounted on
/dev/wd0a 530M 42.1M 461M 8% /
/dev/wd0k 4.5G 20.0K 4.3G 0% /home
/dev/wd0d 841M 20.0K 799M 0% /tmp
/dev/wd0f 1.3G 372M 900M 29% /usr
/dev/wd0g 776M 212M 525M 29% /usr/X11R6
/dev/wd0h 2.9G 5.2M 2.7G 0% /usr/local
/dev/wd0j 1.6G 2.0K 1.5G 0% /usr/obj
/dev/wd0i 1.2G 2.0K 1.1G 0% /usr/src
/dev/wd0e 1.2G 5.3M 1.2G 0% /var

Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
ip 0 0 *.* *.* 17
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 192.168.10.167.22 192.168.10.156.58616 ESTABLISHED
tcp 0 0 127.0.0.1.25 *.* LISTEN
tcp 0 0 *.22 *.* LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
udp 0 0 192.168.10.167.25592 81.19.96.148.123
udp 0 0 192.168.10.167.14580 194.140.131.21.123
udp 0 0 192.168.10.167.34583 193.145.15.15.123
udp 0 0 *.514 *.*
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp6 0 0 *.22 *.* LISTEN
tcp6 0 0 fe80::1%lo0.25 *.* LISTEN
tcp6 0 0 ::1.25 *.* LISTEN
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
udp6 0 0 *.514 *.*





12. Service running on
DEBIAN.
PID TTY TIME CMD
1 ? 00:00:00 systemd
2 ? 00:00:00 kthreadd
3 ? 00:00:00 ksoftirqd/0
5 ? 00:00:00 kworker/0:0H
6 ? 00:00:00 kworker/u2:0
7 ? 00:00:00 rcu_sched
8 ? 00:00:00 rcu_bh
9 ? 00:00:00 migration/0
10 ? 00:00:00 watchdog/0
11 ? 00:00:00 cpuhp/0
12 ? 00:00:00 kdevtmpfs
13 ? 00:00:00 netns
14 ? 00:00:00 khungtaskd
15 ? 00:00:00 oom_reaper
16 ? 00:00:00 writeback
17 ? 00:00:00 kcompactd0
18 ? 00:00:00 ksmd
20 ? 00:00:00 khugepaged
21 ? 00:00:00 crypto
22 ? 00:00:00 kintegrityd
23 ? 00:00:00 bioset
24 ? 00:00:00 kblockd
25 ? 00:00:00 devfreq_wq
26 ? 00:00:00 watchdogd
27 ? 00:00:00 kswapd0
28 ? 00:00:00 vmstat
41 ? 00:00:00 kthrotld
42 ? 00:00:00 ipv6_addrconf
48 ? 00:00:00 deferwq
99 ? 00:00:00 ata_sff
144 ? 00:00:00 kpsmoused
166 ? 00:00:00 kworker/0:2
569 ? 00:00:00 scsi_eh_0
573 ? 00:00:00 scsi_tmf_0
577 ? 00:00:00 scsi_eh_1
578 ? 00:00:00 kworker/u2:3
579 ? 00:00:00 scsi_tmf_1
581 ? 00:00:00 scsi_eh_2
583 ? 00:00:00 scsi_tmf_2
642 ? 00:00:00 bioset
643 ? 00:00:00 bioset
674 ? 00:00:00 kworker/0:3
682 ? 00:00:00 kworker/0:1H
739 ? 00:00:00 jbd2/sda1-8
740 ? 00:00:00 ext4-rsv-conver
769 ? 00:00:00 systemd-journal
772 ? 00:00:00 kauditd
779 ? 00:00:00 systemd-udevd
1398 ? 00:00:00 systemd-timesyn
1403 ? 00:00:00 dbus-daemon
1422 ? 00:00:00 NetworkManager
1423 ? 00:00:00 rsyslogd
1425 ? 00:00:00 avahi-daemon
1427 ? 00:00:00 systemd-logind
1428 ? 00:00:00 ModemManager
1429 ? 00:00:00 cron
1430 ? 00:00:00 anacron
1438 ? 00:00:00 avahi-daemon
1478 ? 00:00:00 polkitd
1503 ? 00:00:00 sshd
1507 tty1 00:00:00 agetty
1514 ? 00:00:00 lightdm
1523 tty7 00:00:06 Xorg
1526 ? 00:00:00 dhclient
1575 ? 00:00:00 systemd
1576 ? 00:00:00 (sd-pam)
1633 ? 00:00:00 dbus-launch
1634 ? 00:00:00 dbus-daemon
1678 ? 00:00:00 lightdm
1683 ? 00:00:00 systemd
1684 ? 00:00:00 (sd-pam)
1690 ? 00:00:00 sh
1715 ? 00:00:00 dbus-launch
1716 ? 00:00:00 dbus-daemon
1732 ? 00:00:00 ssh-agent
1743 ? 00:00:00 xfce4-session
1745 ? 00:00:00 at-spi-bus-laun
1750 ? 00:00:00 dbus-daemon
1754 ? 00:00:00 at-spi2-registr
1756 ? 00:00:00 xfconfd
1762 ? 00:00:00 xfwm4
1766 ? 00:00:00 xfce4-panel
1768 ? 00:00:00 Thunar
1770 ? 00:00:00 xfdesktop
1771 ? 00:00:00 nm-applet
1777 ? 00:00:00 xfsettingsd
1778 ? 00:00:00 applet.py
1780 ? 00:00:00 gvfsd
1790 ? 00:00:00 light-locker
1794 ? 00:00:00 pulseaudio
1795 ? 00:00:00 rtkit-daemon
1801 ? 00:00:00 dconf-service
1805 ? 00:00:00 xfce4-power-man
1808 ? 00:00:00 polkit-gnome-au
1817 ? 00:00:00 xfce4-notifyd
1818 ? 00:00:00 upowerd
1845 ? 00:00:00 panel-6-systray
1846 ? 00:00:00 panel-2-actions
1850 ? 00:00:00 gvfs-udisks2-vo
1853 ? 00:00:00 udisksd
1864 ? 00:00:00 gvfsd-trash
1871 ? 00:00:00 gvfsd-metadata
1977 ? 00:00:00 packagekitd
2083 ? 00:00:00 xfce4-terminal
2087 ? 00:00:00 gnome-pty-helpe
2088 pts/0 00:00:00 bash
2093 pts/0 00:00:00 su
2094 pts/0 00:00:00 bash
2097 ? 00:00:00 kworker/0:0
2179 ? 00:00:00 sshd
2181 ? 00:00:00 sshd
2182 pts/1 00:00:00 bash
2191 pts/1 00:00:00 su
2192 pts/1 00:00:00 bash
2194 pts/1 00:00:00 ps




OBSD

PID TT STAT TIME COMMAND
1 ?? Is 0:01.00 /sbin/init
84152 ?? Is 0:00.00 dhclient: em0 [priv] (dhclient)
74648 ?? Isp 0:00.00 dhclient: em0 (dhclient)
42357 ?? Isp 0:00.00 syslogd: [priv] (syslogd)
2432 ?? Sp 0:00.01 /usr/sbin/syslogd
36845 ?? Is 0:00.00 pflogd: [priv] (pflogd)
83868 ?? Sp 0:00.01 pflogd: [running] -s 160 -i pflog0 -f /var/log/pflog
25347 ?? Ip 0:00.01 ntpd: dns engine (ntpd)
549 ?? S



13. Remote access SSH, not too different.

Debian
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Sep 2 11:39:49 2016 from 192.168.10.156
dac@d85:~$

OBSD
Last login: Fri Sep 2 11:43:13 2016
OpenBSD 6.0 (GENERIC) #2148: Tue Jul 26 12:55:20 MDT 2016

Welcome to OpenBSD: The pro-actively secure Unix-like operating system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
#






NEXT POST the final tunning with
OBSD and XFCE4, Firefox, space usage.
Debian tunning.

The second part, post installation is here.

jueves, 1 de septiembre de 2016

OBSD vs Linux


I had read this post.

https://sivers.org/openbsd#comment-58246

I good post about Installing OBSD in Notebooks.
http://sohcahtoa.org.uk/openbsd.html

And my reply for it.

I had read all the post and I want to write this text.

* I really appreciate your post, I want to read different ideas from different persons and if are "more different" is better.
They forced me to think differently.

* I use Linux in all my notebooks and I prefer it, but this is the principal reason why I had read your post. (I will try to not compare them) I love FBSD and use it during University age, but later found Linux as the best option "for me". I use Windows and OSX (Virtualized) too.

* About daily usage, "do you really use it daily?" (browsing, write letters, presentation, access remote servers using RDP (win protocol), share information on intenet ?
I'm really curious about your job (daily tasks). and how could you be productive using only OBSD. Could you say what's your "job" ?

* Linux is a Kernel, ubuntu, xubuntu, debian, gentoo and others are distros, falvored. So when you said "Ubuntu is for Beginners". I say YES, but Gentoo, Manjaro and others distros are similars to BSD/Obsd. In the way of the componentes are installed and used.
Again a different kernel.

* About the minimal configuration, I think it's deppends of the Linux Distro. Some of them are "relly spartans as Obsd is". You could install kernel a 30 simple tools. just it. More/less the same in Obsd.
(I compared many times Gentoo with Obsd, I use Obsd in a virtual server daily)
I don't think so. The instalation is the starting point of a distro. and some of them are exactly the same that Obsd.

* About secure and graphic, more/less the same. In Linux you could install text only, and later add Graphics, and all the internet service are available as in Obsd/Fbsd. Web, smtp, ntp, dhcp, ftp, sshd and others...

* About the auditing in code, or security in OBSD, I have to say "OK", I trust a bit more in OBSD by monolitixc reasons, but onkly a bit. the Linux Kernel is programmed and maintained by a very specific group coordinated by Linus, if we talk about ftpd then "OK" it's a special group coding the tool. I give a +1 in security to OBSD, but the tools that you run over it, like Firefox/filezilla/remmina/gnome/xfce/gimp will have the same level of security (in the app code) in both O.S. Do I missing something ?
If you will run Firefox in OBSD, Your version will be older than in Linux. or not ?

* DOCs, I'm completelly disagree with this. if you search in Google I will found 30x more posts about a question in Linux that in Obsd, and maybe 15x more In Linux that in Fbsd.
The google indexed pages are related to Linux, then FBSD and some of them in Obsd, and sometimes I have to go to FBSD instead of Obsd to find something about a config file/configuration.

* Linux <> Android <> Distros <> BSD <> OSX.
yes and no, you mention about Android, the kernel used in Android is different to the used in X86; RISC, AS400, PowerPC and the same is with BSD and OSX. similar but not exactly the same.
For a begginers, Android is the same that Linux, but it's not true. The kernel, bash, services, drivers, modules, components... hardware.... all is different except 50%of the Kernel.
I think it's not a good comparative to add Android here.

* Instalation, off course it's not the same to install a 200 mb iso and compared to a 1.2 gb (Xubuntu), the timing to install them is different, the process too, and at the end you will have a completely different O.S.
If you want to compare install time, try to install OBSD, try to install XFCE, the graph tools, an LibreOffice package, other componentes and THEN... compare it to Xubuntu (as an example).
I promise I spend more time to install OBSD with them that Xubuntu (I install both every month for other reasons).

* About Rock-Solid... again.... 50%.
If you compare standard OBSD installed with a Gentoo simple install. you will have +/- the same. last versions, 80 mb used in the first startup, 2% CPU usage, no service running, no GUI, no other Services, no daemons, no running process interacting with your hardware (for example WIFI CARD, SD Reader, HDMI driver).
Yes, OSB (and the same with Kernel Linux) will use only some megas, very low CPU, and only a small number of components running.
You mention "less is more" (the samne that the less tool , instead of the more tool.... je je)
less program running, less issues, less cpu overhead, less interruptions, less services.... and the end. less troubles.
But again, this is an hypothetical situation and your O.S: will not do anything else apart from Ping/reply, ssh.

* Ports, something similar to (apt packages), but in my experience a bit frustrate because some daily tools needed are not in the Port folder, and I have to download tgz and compile it. Yes, this "rocks" but not for a daily usage and not upgradeable easily.

* Some questions I have are, how did you install OBSD in a Notebook like mine (Asus tp300), touchpad, Wifi, sd, external USB+HDMI, external USB+Ethernet card, 12 gb ram, 4 cpu, touch display, hibernate technology, Display drivers by Intel, attach windows disk with NTFS, and OSX Disk too. Interact with other servers in a network, access remote servers (gui or text), update your O.S. without producing errors between versions of components (in GUI and GUI tools), how many days did you wait until a patch is available to upgrade your PC ?
and if it's a Kernel patch ? and if it's in Firefox (as an example again), or Filezilla ?
How did you install other componentes if they are not in the ports ?
did you have to install the gcc, make and other dev tools to compile applications ?

* if you will need a SSHD server and only this, isolated, without other service running, use a very few resources.... and a very specific configuration.... may be OBSD it's the best option.
If you want to run a HTTP server, and only this... may be.
But today the "service" that we have to offer is presented by some apps running togheter in the same server or in pair servers (app+db), or clusters.
And I imagine a FBSD or OBSD server running one of these componentes. (maybe a firewall or balancer).
And in this specific activity, web srv (without GUI, remote tools, without other services, with only a few megas and 2 vcpu) I will suggest to use OBSD. But only in this specific case.

I use Linux, Windows, OSX, FBSD daily. I'm DBA+Linux Sr. and have to use different engines (Oracle, Informix, MySQL, SQL Server, Postgresql.... and SQLITE too) and I like to be updated about the O.S. and RDBMS.

Again, I like to read different waves to know other ideas but I think you have to suggest the OBSD Usage with not valuated reasons.

I don't want to write this as a complain... sorry about it. If it's what you understand reading my post.

I want to understand your opinion about your daily work, daily activities, kind of tasks you make with your O.S. because without the other tools... it's not really nice to use it.

dac