mkasu.org

New Website

2011-10-28T22:00:00Z

I just rewrote most parts of my webpage. Now it is based on a static webpage generator powered by Ruby called nanoc. Unfortunately, I needed to remove some features form old page for the moment, but I plan to program them into ruby scripts, so I can re-attach them to the blog.

I think static pages have some advantages compared to my previous solution, which was based on Wordpress. First of all, my web page got A LOT slower over time. Especially the admin webpage wasn't even working sometimes. On top of this, as the new page doesn't use PHP or MySQL anymore, it's safer.

I plan to write here more often in future, hang tight!

Xsyon 2012

2011-02-16T23:00:00Z

I just got into Xsyon, a quite new full sandbox mmo soon-to-be-released. It's kind of new Wurm Online, a lot of easier to get in it supposes. Here are some links to some quite nice beta reviews, both shot this week:

By zaxtor99
You can get part 2-4 in Related Videos, uploaded from same guy obviously.
By Alex Taldren

It's going to start on March 1st "officially", but you can enter the "final" world from tomorrow (Friday 18.02.) when you preorder it now, which I just did. I already downloaded Beta Client and started trying things out. Obviously, I won't play much for today, since they will wipe everything tomorrow evening, but it's a chance to get in hang with UI and stuff.

Unfortunately they've got some Server issues at the moment. As I just got the game, I don't know if it's usual, but for today, server just crashed like 5 times between 1:00-3:00 AM CET. Hopefully, release will be different.

I'll post more stuff about this game after some days trying out features..

Update 18th Feb:

Well, since I'm kind of hyping about this game actually, here are some nice pictures I've found. I borrow them from official gallery, which is available here. I like there pictures because you can see what's possible with current set of features in game.

So, now it's 13:00 pm CET. The webserver for Xsyon are currently in maintenance to patch up for headstart. 11 hours to go and I'm very excited. I haven't played the game a lot since I bought it (which was yesterday), because I don't want to start stuff just before final wipe. Although, I've figured out how some crafting things work, so I can at least start playing it and don't need to figure out UI when Prelude starts (that's how the headstart's called I guess).

Since I don't want big pictures on my main page, just click read more to view them.

Update 28th Oct:

I haven't play this game since a week after launch. Beta and hyping was nice, but the game itself most certainly were not. Unfortunately too small developers to repair bad gameplay and buggy stuff. Can't recommend it for the moment.

Minecraft - Go buy it.

2010-08-22T22:00:00Z

I just discovered a very nice little game. It's called Minecraft and is some kind of sandbox game. You can compare it to building objects with Lego. Currently, it's in alpha state which mostly supports singleplayer. Multiplayer is in work. It's in rapid development; there are often patches with new stuff and bugfixes of course. In Singleplayer, you can build your stuff (whatever you want) like in Lego, when it turns dark, there are enemies which are trying to kill you and destroying your stuff, so you'll need to defend and kill them with sword/armor! On next day you can start building further. The game gets very addictive - hopefully the multiplayer will come out soon.

Currently, some very very old versions are for free, though, you need to buy the game to get access to newer versions - 9,95EUR for the moment, but price will raise as soon beta starts.

Here are some videos which convinced me to buy: http://www.youtube.com/watch?v=4ev8UW1qa1Q&feature=search http://www.youtube.com/watch?v=oB6KADe7_WM&feature=related http://www.youtube.com/watch?v=bs-3f0HqxG4&feature=related http://www.youtube.com/watch?v=wFg67iiw4UE&feature=related

More Informations: -> http://minecraft.net/ - Official website -> http://www.minecraftforum.net/ - Official forums -> #minecraft at irc.esper.net

Here are some screenshots of the fortress I'm currently building:

Switched Server II

2010-08-16T22:00:00Z

I've just switched my server to a Linode. Very nice features and services there. Server's very fast, compared to my old one.

When I'm connecting from Germany to my Linode in New Jersey, it's actually faster than connecting to my old server in Frankfurt, Germany ;) . Especially in european primetime.

Yesterday, my page had some problems, because I forgot to acticate mod_rewrite shame. Now, everything should work correctly again.

vServer Security Guide GERMAN

2010-08-04T22:00:00Z

Hier ein Mirror von meinem vServer Security Guide, mit dem ich im Carrot-Server Wiki den Award "Wiki Editor des Monats" zusammen mit einem 40 Euro Amazon Gutschein gewonnen habe ;) . Hoffentlich nuetzt es hier auch jemandem.

vServer Security Guide

Da es hier keinen vernuenftigen Artikel zur Absicherung eines Servers bzw. Serversicherheit im Allgemeinen gibt, dachte ich, das koennte ich mal kurz aendern.

1. Vorwort/Disclaimer

Immer wieder hoert man Geschichten von uebernommenen Rootservern, vServern und den entsprechenden Folgen. Falsche Absicherung kann eine Menge Traffic verursachen (beispielsweise durch Spambots, die deinen falsch abgesicherten Server als Mailserver zum verschicken ihres Spams nutzen) oder auch Klagen den Briefkasten bringen (durch illegale Daten, die von Hackern auf fremde Server hochgeladen werden zur Verbreitung).

Um einigen Linux Administratoren einen Denkanstoss oder eine Hilfe (fuer Neulinge in dem Bereich) zu geben, schreibe ich diesen Guide. Vorsicht: Er erhebt keinen Anspruch auf Vollstaendigkeit. Auch ich bin eher der Hobby-Linuxadministrator und es gibt wohl eine Menge Administratoren mit mehr Erfahrungen.

Bitte bedenkt: Um Sicherheit sollte man sich kuemmern, bevor etwas passiert.

Mein Guide basiert aus der Sicht einer Ubuntu 10.04 Neuinstallation, laesst sich aber im Grunde auch auf jedes andere System uebertragen.

2. Passwoerter

Obwohl du im spaeteren Verlauf lernst, wie man sich mit einer Schluesseldatei mit ssH verbinden kann, ist eine richtige Passwortwahl trotzdem das A&O bei einer wirkungsvollen Serversicherheit.

Einfach um ein paar Tipps zu geben:

Verwende keine Namen, Woerter oder Geburtsdaten, das ist bei deinem Kreditkarten PIN genauso schlecht wie bei deinem Server. Grund: Bruteforce (d.h. Durchprobieren)-Attacken verwenden meist beim ersten Durchlauf Woerterbuchabfragen, wodurch man beim Passwort "baum" relativ schnell gehackt werden duerfte.
Moeglichst 10-12 Stellen lange Passwoerter
Wenn moeglich, 1-2 Zahlen und 1-2 Sonderzeichen.
Ein guter Anhaltspunkt ist das Programm pwgen. Ich empfehle "pwgen -y 10". Allerdings muss man sich solche generierten Passwoerter auch merken, Passwoerter NIEMALS aufschreiben.
Als sicher und gut zu merken gelten so genannte Passphrases, bei der man sich einen ganzen Satz ausdenkt und nur feste Fragmente davon hernimmt. z.B: (Mal in einem Video auf der Cebit gesehen) "Die Gabi hat Brust-Groesse 75c" -> "DGhBG75c" ;) .

3. SSH

SSH ist der erste Schnittpunkt, mit dem man in Beruehrung kommt, wenn man sich mit dem Server verbindet. Dementsprechend ist es der erste Anhaltspunkt wo Sicherheit wichtig ist.

Eine kleinere Sache, die das Hintergrundrauschen in den Logfiles verhindert, ist Security by Obscurity, also der aendern des Ports. Standardmaessig ist ssH auf Port 22 und daher spammen viele Bruteforce Scripts IPs mit Port 22 durch. Um dies zu verhindern, kannst du den Port deines ssH Servers umlegen. oeffne dazu /etc/ssh/sshd_config und aendere den Port auf beispielsweise 2022. Im gleichen Zusammenhang kann man kurz schauen, ob der Server fuer das neuste Protokoll ausgelegt ist oder noch aufs aeltere eingestellt ist und dies beheben.

Port 22
aendern zu:
Port 2022

Protocol 1
aendern zu:
Protocol 2

3.1 Kein Root

Um es seinem Hacker nicht unglaublich einfach zu machen, werden wir aufhoeren auf einem Root Account zu arbeiten. Dafuer erstellen wir mit

adduser name
oder:
useradd -m name
passwd name

einen neuen Benutzer. Dies wird der Benutzer sein, mit dem wir uns in Zukunft einloggen. Um mit dem trotzdem als Administrator arbeiten zu koennen, installiert man nun das Paket sudo, falls eh nicht schon im System installiert ist.

apt-get install sudo

nun braucht man den User nur mehr zur Gruppe sudo hinzufuegen.

adduser name sudo

Achte darauf "name" durch den Namen deines Benutzers zu ersetzen. Mit "sudo" kann man als normaler Nutzer Befehle mit root-Rechten ausfuehren. Dafuer muss man dem Befehl ein "sudo" voranstellen. Danach muss man sein eigenes Passwort eintragen (nicht das des Root-Benutzers). Auch kannst du unterschiedlichen Leuten root Zugriff geben, ohne das diejenigen das Root-Passwort benoetigen. Ein weiterer Vorteil von sudo: sudo protokolliert automatisch alle benutzten Befehle unter /var/log/auth.log. Wenn also was seltsames auf deinem vServer passiert, lohnt sich ein Blick in die auth.log um eventuelle Fremdzugriffe zu identifizieren.

Wenn du dich nun per ssH unter deinem neu erstellten Benutzer einloggen kannst und per sudo Befehle mit Rootrechten (z.B. "sudo ifconfig") ausfuehren kannst, kannst du nun die Einstellungen deines ssH Servers veraendern, dass er kein root-Login mehr erlaubt (wenn du dies machst ohne zu testen ob dein neuer Benutzer funktioniert, kannst du dich leicht aussperren und musst mit Rescue Konsole arbeiten, also pass auf).

Editiere dazu die Datei /etc/ssh/sshd_config wie folgt:

PermitRootLogin yes
aendern in:
PermitRootLogin no

wenn du dabei bist, aendere auch:
PermitEmptyPasswords yes
in:
PermitEmptyPasswords no
leere Passwoerter widerstreben jeden Sinn von Systemsicherheit.
(und anschliessendes /etc/init.d/ssh restart)

3.2 Authentifikation mit Public / Private Key

Der Auth mit einem Pub/Priv Key erhoeht die Sicherheit ungemein. Nach richtiger Konfiguration kann man sich nicht mehr mit einem einfachen Passwort in den Server einloggen sondern benoetigt einen aufwendig verschluesselten Schluessel der Gegenstueck zu einem zweiten Schluessel auf dem Server ist (kann man mir bis hier hin folgen?). Dieser Schluessel, den man braucht, um eine ssH Verbindung herzustellen, ist dir, und nur dir, verfuegbar, in Form einer Datei. Ohne diese Datei ist Zugriff auf den Server nicht moeglich (von Rescue Konsole mal abgesehen). Durch diese Methode der Authentifikation wird der Server abgesichert gegen Bruteforce-Attacken (d.h. man kann das Passwort nicht mehr "durchprobieren").

aendere deine /etc/ssh/sshd_config wie folgt:

PubkeyAuthentication no
in:
PubkeyAuthentication yes
(und anschliessendes /etc/init.d/ssh restart)

Benutze nun den Befehl "ssh-keygen -t dsa". Wahlweise auf deinem privaten Linuxsystem oder auf dem Server (spielt im Grunde keine Rolle). Die Passphrase, die du eingeben musst, ist ein neues Passwort, was deinen private Key verschluesselt. Nimm etwas woran du dich gut erinnern kannst, du musst es bei oefters mal eingeben.

Du erhaelst anschliessend zwei Dateien. ~/.ssh/iddsa und ~/.ssh/iddsa.pub. Die Datei mit .pub ist dein Public Key. Dieser Schluessel muss auf dem Server verbleiben. Kopiere die Datei iddsa.pub nach ~/.ssh/authorizedkeys. Wenn du mehrere Benutzer hast, kannst du im Grunde fuer alle den gleichen Public Key benutzen: kopiere dafuer jeweils die iddsa.pub in den Ordner ~/.ssh/authorizedkeys der Benutzer (Die Tilde ~ ist das unter Unix uebliche Zeichen fuer das Home Verzeichnis der Benutzer).

Der Private Key, auf dem Computer wo ssh-keygen ausgefuehrt wurde unter ~/.ssh/id_dsa zu finden, ist Gegenstueck zu deinem Public Key. Dieser Key wird benutzt, um dich auf deinem Server einzuloggen. Sichere den Key irgendwo ab, sorge dafuer das niemand ausser dir Zugriff drauf hat.

Um dich nun auf den Server einzuloggen, musst du nur deinen ssH Client darauf einstellen, den Private Key zu benutzen. Unter Putty macht man dies beispielsweise unter Connection -> ssH -> Auth -> "Private Key file for authentification:". Beim ssH Client unter Linux oder OSX muss die Datei unter ~/.ssh/id_dsa liegen, wie sie ssh-keygen beim Ausfuehren auch platziert. Dies musst du auf allen Computern machen, wo du dich mit dem Server verbinden willst!

Versuche nun dich mit dem Server zu verbinden. Wenn eine Passwortabfrage kommt, versuche es mit deinem bei der Ausfuehrung des Befehls ssh-keygen festgelegtem Passphrase. Wenn die Verbindung mit dem Server ueber die Authentifikation mit dem Private Key funktioniert (achte darauf, dass dein ssH Client explizit erwaehnt, den Private Key zu benutzen), kannst du ssHd so konfigurieren, dass er Passwort-Authentification nicht mehr annimmt und fortan nur noch private Keys benutzt (ansonsten waere die ganze Arbeit ja fuer die Katz gewesen, wenn man trotzdem noch Bruteforcen koennte ;) ).

aendere dazu in der sshd_config einfach folgende Variable

PasswordAuthentication yes
in:
PasswordAuthentication no

4. LAMP Umgebung

Da eine LAMP Umgebung wohl einer der haeufigsten Zwecke eines vServers ist, hier einige Tipps die man beim Einrichten einer LAMP Umgebung beachten sollte.

4.1 PHP

PHP gibt in Standardeinstellung Daten von sich Preis, die eventuell Hacker benutzen koennen, um Sicherheitsluecken ausfindig zu machen. Editiere deine php.ini, unter Ubuntu zu finden unter /etc/php5/apache2/php.ini wie folgt:

disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
magic_quotes_gpc = On

4.2 MySQL

Du solltest umbedingt den Zugriff auf deine MySQL Datenbank von aussen sperren. Meisten benutzt man die MySQL Datenbank so oder so nur "von innen", sprich von einem PHP Skript heraus "localhost" aufgerufen. Fuer solch einen Verwendungszweck muss der Server nicht von aussen an ansprechbar sein, es ist sogar ein erhoehtes Sicherheitsrisiko wenn er es waere.

Um dies zu tun, oeffne /etc/mysql/my.cnf und fuege folgende Zeile hinzu:

bind-address = 127.0.0.1

Benutze gute Passwoerter (siehe Kategorie "Passwoerter") fuer deinen MySQL Root Account. Wenn moeglich, erstelle fuer verschiedene Webseiten die du laufen hast unterschiedliche MySQL Benutzer mit anderen Passwoertern.

5. Tipps

Ein paar Abschluss Tipps, um dir noch ein paar Sachen auf den Weg zu geben:

Moeglichst wenige Dienste auf einmal laufen lassen. Jeder zusaetzliche Dienst kann eine zusaetzliche Sicherheitsluecke an den Tag legen. In dem Sinne solltest du auch so wenig Software wie moeglich installiert haben.
Fuehre regelmaessig (am besten Taeglich) Sicherheitsupdates durch. Falls dir das nicht moeglich ist, versuche Rss Feeds zur Sicherheit deiner Distribution (jede groessere Distribution hat Sicherheitsmailinglists auf der Sicherheitsupdates angekuendigt werden) zu abonnieren und so auf dem laufenden zu bleiben.
Fuehre unterschiedliche Dienste als unterschiedliche User aus. Die Distributionen machen dies automatisch, bei Paketen die ueber die Paketverwaltung installiert wurden. Wenn du allerdings selbststaendig Dinge installierst, beispielsweise ein Gameserver, fuege einen neuen Benutzer (z.b. "gameserver") hinzu und lasse den Prozess ueber diesen Benutzer laufen. So verhinderst du Root-Zugriff fuer den Fall das der Gameserver eine Sicherheitsluecke aufweist.
Ich rate allgemein von FTP Servern ab und rate dazu, Dateizugriff ueber SFTP zu machen. SFTP laeuft auf dem ssH Protokoll und ist mit einem SFTP Clienten erreichbar wenn ssHd auf dem Server laeuft. FTP oeffnet nur einen weiteren sicherheitsanfaelligen Dienst.
Postfix oder allgemein Mailserver Sicherheit ist noch eine ganz andere Geschichte. Wenn du so etwas vor hast, informier dich bitte selbst ueber Sicherheit. Ich hab leider von dem Thema Mailserver zu wenig Ahnung, um den Guide entsprechend zu erweitern. Mailserversicherheit steht im Mittelpunkt wenn es um Spambots geht. Falsch eingerichtete Mailserver werden schnell zur Kostenfalle wegen uebermaessig genutzten Traffics.
Tipp: ueberlege, ob Google Apps fuer dich nicht eine Alternative darstellt.
Teste mit "netstat -tulpen" welche Ports offen sind auf deinem Server. ueberlege, ob jeder Dienst sein muss, oder ob du nicht benoetigte Dienste herunterfahren kannst.

6. Schlusswort

So, das ist alles was mir gerade dazu einfaellt. Ich werden den Guide bei Zeiten noch erweitern. aenderungsvorschlaege oder Kommentare bitte an marc@mkasu.org. Falls sich jemand zu Mailserversicherheit auskennt (oder was anderem), darf er gerne selbst hand anlegen und den Guide erweitern.

Sandbox MMORPGs

2010-06-05T22:00:00Z

I'd decided to make a small list of Sandbox I know and found on the internet. I didn't test all of them yet, but since it's my most liked sub-genre, I might will in the end.

Eve Online

One of the biggest Sandbox MMORPG in current time. Big publicity because it has got the biggest server cluster of any MMO and only one single server worldwide. Science Fiction Genre paired with an extremely complex gameplay. Serves any kind of Combat/PVP, Crafting and Trading in very comlpex and ordinary ways compared to most other MMOs.

URL: http://www.eveonline.com/

Model: P2P

Random Youtube Link so you can see what it looks like: http://www.youtube.com/watch?v=Yz9soxnwNd0

Darkfall Online

I've written a lot about Darkfall Online. First time I've played it, it felt like a Morrowind as MMORPG - even though I know, it's not, it really feels alike - because of several gameplay mechanics. First person combat (at least magic and archery), leveling skills per-use with no overall skill caps, same goes for attributes (at least until a very high value). Several features like Housing and Sieges make guild politics stuff very playful. Unfortunately (for some people), it has a very high amount of grinding.

URL: http://www.darkfallonline.com/buydarkfall/?cp=EU90ECE3AE840D7CB30432EBAEBDA8E10D

Model: P2P

Random Youtube Video: http://www.youtube.com/watch?v=MvVRMuQrW8Y

Mortal Online

I could say the same thing about Morrowind/Oblivion I've wrote about Darkfall in this chapter. Mortal Online is some kind of Ultima Online revival, compared with newer graphics, by some kind of small independent Swedish company.

As the only game in this list, it ain't released yet, though it will in 3 days. Most of the people say it'll be a premature release, only time will show how it will turn out.

Very high amount of sandbox features, especially as there is nothing else but sandbox (no quests, no npc driven story).

URL: http://www.mortalonline.com/

Model: P2P

Random Youtube Video: http://www.youtube.com/watch?v=c8LAZe47BuE

Ultima Online

The father of Sandbox MMORPGs, originally designed and developed 1997 by Origin Systems, nowadays still in development by Electronic Arts. I guess everyone should already know the name, if not, go to Wikipedia and help yourself. Now.

URL: http://www.uoherald.com/news/

Model: P2P on Original servers // Free on Freeshards like http://www.uogamers.com/ or http://www.uodivinity.com/

Random Youtube Video: http://www.youtube.com/watch?v=8cPlFT6j1qM

Craft of Gods

A very new and unknown MMORPG by a Russian company. Haven't tried it yet, but read about it at several places. From stories told, a little bit buggy but some nice ideas.

Feels like little bit WoW-ish theme/world from screenshots.

URL: http://www.craftofgods.eu/

Model: P2P

Fallen Earth

Even though I disagree a little bit after playing the Trial (which felt very linear), a lot of people consider Fallen Earth being a Sandbox game. Maybe you should give it a try. Felt fairly nice to play, I would have played it longer (or considered buying it), if I wouldn't have been busy with Darkfall back when I tested FE. :)

It plays in an Apocalypse / end time scenario on Earth (like Fallout 3).

URL: http://www.fallenearth.com

Model: P2P

Random Youtube Video: http://www.youtube.com/watch?v=Wx8i2SAitKQ

Random Youtube Video: http://www.youtube.com/watch?v=3kS49z7dTaE

Starcraft 2

2010-05-03T22:00:00Z

Currently in Starcraft 2 Beta. Got a key yesterday from a nice guy in a forum.

Even when I'm not that into RTS games and strategy games of any kind, Starcraft 2 feels nice - makes even fun to me. I'm currently thinking of preordering it, cheapest place I found it (with dealspwn.de ;) ) is Thegamecollection.net with GBP27,99 (incl. shipping). Game.co.uk is GBP32,97 or something with shipping. Unfortunately, on german sites, it's like 55 Euros. Not that it's not worth it, but I feel ripped off when someone one country next to me, which ain't third world, gets it for half the price ;P.

Nevertheless, I have to mention, I am really really bad in RTS games, most probably because I've never ever played one longer than two hours. Hopefully Starcraft 2 ain't that frustrating. The first try in ladder.. well.. was. :) Currently training myself in custom games vs. bots. Which are really bad, but hey I have a chance to win (like.. everytime without even doing stuff. But better than ladder though).

I'm adding some screenshots or videos later.

Gentoo Linux + MacBook Pro 5.2 v1.1

2010-04-10T22:00:00Z

After my tries back in December where I installed an Ubuntu Linux 9.10 on my MBP 5.2, which then crashs to hell when I tried to upgrade it to 10.04 beta, I decided to switch back to Gentoo. I have not used it since like 5 years, but when I gave it a try on my server, I decided to give it a try on my laptop as well because it performed so smoothly. Long story short, Linux on a MBP ain't that easy because a lot distributions have got some compatibility issues.

Installation

I used Gentoo Daily LiveCD amd64 Build to boot into installation since I've got 4GB RAM, if you've got less, you might consider using x86. Normal Gentoo Installation, nothing special mac-ish, if you have no experience in installing Gentoo, take a look at the Gentoo Handbook. The handbook advises use of fdisk to partition your harddrive. I'd recommend you to make partitions pre-install under OSX with diskutil or at least use parted to not to screw your partition table (many fdisk versions are not compatible with the Apple Partition Tables (GPT) and may corrupt them, I don't know if Gentoo's does, but don't risk it).

I used following settings in /etc/make.conf:

CFLAGS="-O2 -march=core2 -pipe -msse4.1 -fomit-frame-pointer"
CXXFLAGS="-O2 -march=core2 -pipe -msse4.1 -fomit-frame-pointer"          

CHOST="x86_64-pc-linux-gnu"
MAKEOPTS="-j3"

INPUT_DEVICES="keyboard mouse synaptics evdev"
ALSA_CARDS="hda-intel"
VIDEO_CARDS="nvidia nv vesa fbdev"

With INPUTDEVICES, ALSACARDS and VIDEO_CARDS, most of the hardware stuff will be installed per default and you don't need to think of them later on when you're configuring X11 and stuff.

Software: Kernel

I used gentoo-sources 2.6.31-r10 without other patches (no mactel or something). Here's my .config file: click. It's not perfectly configured, but hey it works perfectly. If you have no experience in your own kernel configurations, I recommend you to make a genkernel kernel AND a self configured kernel, just in case your self configured one doesn't boot, you can boot with your genkernel one to make a new selfconfigured.

The most important MacBook Pro specific stuff is listed in the Gentoo Wiki http://en.gentoo-wiki.com/wiki/AppleMacbookPro/Configuration_Files/Kernel

You should build SATA Stuff as well as the Intel SATA Drivers (PIIX) directly into the kernel, if not, your system might not start correctly.

Software: Bootloader

I use GRUB with normal configuration described in Gentoo Handbook. No problems in combination with rEFIt (if you don't have rEFIt, install it. Now. It makes a look of things easier when it comes to boot different operating systems on Macs).

I installed my grub directly to my root partition instead of MBR (so /dev/sda3 instead of /dev/sda).

Edit: Software: Xorg / KDM

To get your Xorg server self-detect your hardware, you might want to set the 'hal'-USE flag.

I had a problem with my input devices in combination with the KDE login manager called kdm. It did not work properly until I've set the 'consolekit'-USE flag and added it to boot up scripts

euse -E consolekit hal
emerge -DuvaN world
rc-update add consolekit default &amp;&amp; /etc/init.d/consolekit start

Both not MBP specific, but I had problems as well as a reader of my blog emailing me.

Hardware: Nvidia Graphics

When you set the nvidia flag in VIDEO_CARDS in your make.conf, portage should normaly install nvidia-drivers when you're going to emerge xorg-server. If not, you should install it in the end (emerge nvidia-drivers). On my system, Xorg could mostly configure itself on first launch. If not, here's my xorg.conf.

Hardware: Broadcom Wireless

Wireless is a little bit harder, but not impossible. Firstly, you need to install the broadcom-sta drivers. Since they are flagged as testing and also flagged as incompatible license, you need to do 2 changes in config before you can emerge them:

echo ">=net-wireless/broadcom-sta-5.10.91.9.3-r3" > /etc/portage/package.keywords
echo "ACCEPT_LICENSE='*'" &gt; /etc/make.conf
emerge broadcom-sta

Hopefully it installs without errors. Maybe it claims you did some false options in your kernel config. You should recompile your kernel without them and install broadcom-sta again if that happens.

modprobe wl

If that works without problems, good for you, first step to wireless networking is done. Next, you'll need the package wpa_supplicant, to login to your WPA2 W-LAN. If you don't have an encrypted wlan, wireless-tools should be enough to connect, but I guess most people use WPA encryption.

emerge wpa_supplicant

Now, you need to add two lines to your /etc/conf.d/net file:

modules=( "wpa_supplicant" )
wpa_supplicant_eth1="-Dwext"

You should make a symbolic link in your /etc/init.d/ folder to start your net interface correctly at boot. If you don't know which interface is your wlan card, check ifconfig. It might be eth0, eth1 or wlan0.

ln -s /etc/init.d/net.lo /etc/init.d/net.eth1       or .wlan0      or .eth0
rc-update add net.eth1 default      or .wlan0      or .eth0

Last thing you need to do is put your login details to /etc/wpa_supplicant.conf. If file doesn't exist, create it. Following content:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=1

network={
    ssid="NAMEOFYOURWLAN"
    psk="YOURWPA2PASSWORD"
    priority=5
}

Be sure to replace the SSID and PSK with the name of your wpa2 network and passphrase.

/etc/init.d/net.eth1 start

Now your wlan should hopefully work.

Hardware: Bluetooth

Basic bluetooth stuff should work out of the box (at least it did for me). Be sure to add the btusb module to your kernel. If it does not work, emerge bluez manually.

To get everything working correctly I needed to configure /etc/conf.d/bluetooth and set hci2hdi to TRUE.

To configure bluetooth hardware, I'd recommend either emerging bluez-gnome and then bluetooth-applet / bluetooth-wizard or emerging the blueman tool, which is unfortunately masked as testing (so put it to your /etc/portage/packages.keywords), but worked good for me.

My bluetooth apple keyboard and mighty mouse worked without mousewheel / special keys without configuration and stuff. To get mousewheel as well as special keys running, I needed to pair it correctly with blueman.

Hardware: Touchpad

Touchpad worked completly out of the box. No configuration on my side (ok, well, the line in my make.conf, but nothing besides that).

Hardware: Keyboard Backlight / Screen Display Backlight

To get these things, I needed to do following commands:

emerge pommed
rc-update add pommed default
/etc/init.d/pommed start

Overall

So, thats all for now. I hope my guide helped you a little bit. Hopefully I didn't forget something, if so, write a comment and I try to edit my post.

v1.0 - Initial version

v1.1 - Added hal / consolekit Section

Switched Server

2010-04-06T22:00:00Z

I just switched server with my web page and several other stuff I use.

My new VPS runs on Gentoo Linux, powered by Carrot-Server D2?. I can clearly recommend them, fast servers for really cheap prices (20gb HDD, 250gb Traffic, 1GB RAM guaranteed + 5GB burst ram for 9 Euro (~12 Dollars as of April 9th)). Everything works without problems. Support is unbelievable (response after 2hours at Easter Sunday). Servers are in Germany.

I've got a webserver (PHP+ Ruby on Rails Support), a mailserver, a distcc server (for speeding up some local gentoo emerges), a svn server and a Counter Strike Source Server at 178.63.249.71 running. Server seems stable, no network problems so far.

If you're looking for a nice and cheap VPS hoster in Europe, check them out. My "friend id" (= referal) is 420, if you'd like to support me ;) .

Just tested Dropbox

2010-04-02T22:00:00Z

I've been searching for a good cloud storage up since some weeks. I previously tested JungleDisk, but I weren't really satisfied, because it's really slow and lacking of some features.

Some days ago, I started using Dropbox. A very nice cloud-based sharing service for private or business use. The free subscription covers 2 Gigabyte of space (+ additional space when you refer people). You can activate it on every computer and drag files to it, they will be shared through all computers immediately. On top of that, there is a feature to make shared folders. If you get friends to create a Dropbox, you can share a Folder with them. Each file which is dragged into it, will be delivered to your friends computer (don't drop Viruses.. it's a two way street :D ). Great way to send someone screen caps or documents. What makes it great is the speed. And the fact that it just works. No configuration or laggy buggy applications, just working dropping files and receiving results on other computers in seconds.

There are two special folders, which are automatically created when you first install your Dropbox application. They are called "Public" and "Photos". As the name suggests, the public folder is public. You can create weblinks by rightclicking on files (dropdown menu which covers Dropbox entry). The Photos-Folder creates web-based photoalbums, similar to picasaweb or flickr, if you're familiar with these services, when you're dropping fotos inside.

You can extend the free space to 10,5 GB by refering friends. If thats not enough (because you use it to backup or something), you can purchase a 50GB or 100GB plan for 9,99$ / 19,99$. Dropbox Application is available for Windows, Linux and Mac OS X as well as mobile phone versions for iPhone and Android I guess. Of course, you can reach the files through web page.

Aside from sharing documents with friends or setting up online photo albums, there are some useful tricks or things you can use Dropbox for. Backing up your music and most important documents and stuff may be a good idea if you're considering buying a 50/100GB plan. As it does support using symlinks, you can use the tool, to backup simply every application data, including game save games or your firefox/thunderbird profiles, by either symlinking the folders to your Dropbox or copying the files and re-configure destinations.

Short guide for syncing firefox profiles if you aren't familiar with symlinks:

Copy your current firefox profile to a subdirectory in your Dropbox. Your current profile may be in %AppData%/Mozilla/Firefox for Windows, ~/.mozilla-firefox for Linux or somewhere in User-Library on OS X.
Start your firefox through cmd/terminal with the parameter -p or -ProfileManager depending on operating system.
Delete your old profile.
Create a new profile chosing the profile destination in your dropbox where you saved your old profile.
Do this on every system. Use this only when systems are used on different times, since the profile is locked while Firefox is used.

For Thunderbird it is pretty much the same thing.

If you've got an iPhone: You should really check out the Dropbox App. My favorite feature: Directly uploading photos and videos to your Dropbox you shoot with your iPhone.

If you're interested in Dropbox, please sign up using my referal link, you'll also get 250MB more when signing up through it.

https://www.dropbox.com/referrals/NTU2NTc5Njg5

P.S.: If you still have problems imagining what Dropbox is, I'd suggest you viewing the "Introduction" video on the Dropbox web page.

mkasu.org

New Website

Xsyon 2012

Minecraft - Go buy it.

Switched Server II

vServer Security Guide *GERMAN*

Sandbox MMORPGs

Starcraft 2

Gentoo Linux + MacBook Pro 5.2 v1.1

Switched Server

Just tested Dropbox

vServer Security Guide GERMAN