Department of Earth System Science zender@uci.edu
University of California Voice: (949) 824-2987
Irvine, CA  92697-3100 Fax: (949) 824-3256

Contents

List of Tables

1 CCSM: Community Climate System Model

1.1 CAM: Community Atmosphere Model

1.2 CLM: Community Land Model

Make Linux workstation capable of running CLM offline:

2 ESS 200B: Earth System Physics

2.1 iPod

The primary reference for using the Apple iPod with Linux is http://www.cavecanen.org/linux/ipod. Two Linux applications for managing iPod music are GNUpod and gtkpod.

2.2 Cameras

If your Linux uses modules, load the following modules: Support for USB. Also select either UHCI (Intel PIIX4, VIA, ...) support, UHCI Alternate Driver (JE) support or OHCI-HCD (Compaq, iMacs, OPTi, SiS, ALi, ...) support.

In particular, CompactFlash relies on the USB driver.

2.2.1 CompactFlash

To transfer files from your Camera’s CompactFlash to disk, first mount the CompactFlash card as a vfat file system:

This CompactFlash is enumerated as an IDE drive here, because it is inserted into the system on the PCMCIA bus (in a PCMCIA adaptor). CompactFlash to USB adaptors are at least as common. The USB sub-system uses SCSI drivers, so CompactFlash drives will be enumerated as SCSI drives (e.g., /dev/sda1) when mounted through a USB port.

By default, CompactFlash devices require root priveleges—they are not user-writable unless opened with the appropriate mask:

In this mode users may read and write files but can not actually own files or directories.

The vfat filesystem does not support multiple user identities and priveleges. However, the device may be mounted with a particular UID and GID which will allow full user read-write access.

This is the recommended way to mount CompactFlash used for backup and file transfer purposes.

2.2.2 Memory Stick

A Memory Stick, aka a USB Flash Drive, is very similar to CompactFlash device. As always the Flash Memory HOWTO is very useful.

To quickly backup and copy material to my black attache memory stick, use

To quickly backup and copy material from virga to my grey Attache memory stick, use

To synchronize transient and sensitive data directories on two sides of a firewall, copy data to an obscure intermediate machine accessible from both sides of the firewall:

In the old days, to mount a Memory Stick one did this:

For Linux 2.6 kernels, make sure to install udev.

The Memory stick with a USB adaptor appears automatically in the /sys filesystem as a SCSI drive:

It must still be mounted. See the rsync description in Section 9 for examples of how to back up to CompactFlash and Memory Stick media. I bought a PNY Technologies “Attache” 4 GB USB 2.0 Flash drive on 20060729. I bought a second PNY Technologies “Attache” 4 GB USB 2.0 Flash drive on 20071006.

3 X and XFree86

X tends to have large memory leaks. Sometimes the problems are due to the X server, and sometimes the problems are due to programs which never free graphics space requested by the X server. The xrestop monitors resources consumed by the X server.

3.1 X and XFree86: Configuration

A configuration tool has been built directly into the XFree86 server accessible with XFree86 -configure. XFree86 -configure generated a perfectly working XF86Config file for lanina, and is the method I now recommend. XFree86 4.0.1 also has a different and new configuration tool, xf86cfg. xf86cfg did not generate a working/optimal configuration file for lanina, so I do not recommend this method. Both these methods should generate fairly good configuration files which must be stored as XF86Config-4, e.g., /etc/X11/XF86Config-4. Note the extra ”-4”, which indicates suitability for XFree86-4.x. Version 4 uses dynamically loaded modules for each particular chipset so there is no need to symbolically link the X Window System server (e.g., /etc/X11/X) to anything.

XFree86 version 3.3.x uses the file /etc/X11/XF86Config, which may be generated by Xconfigurator:

In XFree86 version 3 the correct X server should be dynamically linked to the generic server file, e.g.,

The Google googleearth application requires correctly functioning OpenGL drivers. The xorg.conf file instructs X to load these drivers with

It is important that glx precede GLcore. The glxinfo command reports the OpenGL driver status.

Use import to save an X window to an image format

Tweaking the default XF86Config file is often necessary for special performance. The following tweaks to swcursor and XkbOptions are useful

1. Software cursor to allow large cursors. In Section "Device" add
   # csz++  
   # 19991005: "swcursor" required for 96 x 94 pixel ~/.lightning cursor  
      Option "swcursor"  
   # csz--

2. Swap positions of capslock and control keys. In the InputDevice section for the keyboard add
   #csz++  
   # Swap positions of capslock and control keys  
      XkbOptions  "ctrl:swapcaps"  
   #csz++

   In the InputDevice section for the keyboard add

   #csz++  
   # Make pressing both touchpad buttons at same time emulate middle  
   # button on 3 button mice  
           Option      "Emulate3Buttons" "on"  
   #csz++

   Adjust the speed of the touchpad mouse using the MinSpeed, MaxSpeed, and AccelFactor, options in the Touchpad section

   Section "InputDevice"  
   Identifier "Synaptics Touchpad"  
   Driver "synaptics"  
   Option "SendCoreEvents" "true"  
   Option "Device" "/dev/psaux"  
   Option "Protocol" "auto-dev"  
   Option "HorizScrollDelta" "0"  
   Option "MinSpeed" "0.5"  
   Option "MaxSpeed" "0.7"  
   Option "AccelFactor" "0.0350"  
   EndSection

   Another way to do this is to add

   Option "SHMConfig" "on"

   and then

   aptitude install ksynaptics

Make sure the 100-dpi fonts are installed or else many xterm and emacs fonts will appear chunky.

Font management and installation is described by the Linux Documentation Project (LDP) at http://www.linuxdoc.org/HOWTO/Font-HOWTO.html. X can be made to use any font desired, but the required procedures to do so are arcane. Here is a skeleton outline:

Also, make sure the X-server loads the modules to handle freetype and Type 1 (Adobe) fonts. This is accomplished by having

Notice that the font server can use the MS Windows fonts directly from the Windows fonts directory, /wnd/windows/fonts. However, the fonts in this directory first must be prepared for use by running a few commands in that directory:

Also, make sure all the fonts are world-readable.

When fooling with X configurations it is convenient to have a clean way to shut down and restart all X processes. This can be done by initializing the system to a new runlevel. Most Unices start multi-user mode and all network applications except the X server in runlevel 3. Runlevel 5 starts the same processes as runlevel 3 and starts the X server as well. Thus initializing a system to a different runlevel (usually 3 or 5) is a clean way of starting an stopping X processes. The telinit command serves this purpose. Shut down all X processes with telinit 3. Restart all X processes with telinit 5. Set the default system runlevel in /etc/inittab. This is what determines whether X automatically starts on reboots.

Some computers have terrible default X settings which may be corrected by use of xset, usually done in ~/.xinitrc. For example, lanina has DPMS turned off by default, and very slow key repeat settings so its ~/.xinitrc contains

The keyboard repeat rate may be changed with the kbdrate command. The -r options sets the repeat rate in characters per second. The maximum allowed rate, 30 cps, gives a nice response.

The default mouse movement rate is also susceptible to fubaration.

xvidtune generates modelines which center the picture on the monitor.

The XAPPLRESDIR contains X defaults for various programs.

These defaults may be over-ridden on a per-user basis by implementing X resources in the .Xdefaults file.

3.2 XFree86: NVidia Graphics drivers

Source code drivers that support all of the advanced features of theubiquitous NVidia graphics cards are unavilable. Two type of drivers are available. First, the XFree86 project nv driver is open source and works well with all 2D drawing commands. Second, NVidia supplies binary-only nvidia drivers which support full 3D acceleration and OpenGL graphics. The nvidia kernel modules are closed source, prone to errors, and must be re-installed after the kernel is recompiled. Since there is no easy mechanism to retain multiple nvidia modules for multiple kernels on one machine (e.g., for testing), the constraints of the closed-source modules are bothersome.

Since these drivers are modules, installing them requires kernel recompilation which, in turn, requires kernel headers.

Note that recent Debian kernel packages require the initial ram-disk (initrd) to be specified in the GRUB menu.lst.

Linux experts re-compile their own kernals frequently. GNU/Linux will not boot into X until the correct X server module is available for the current kernel. Download NVidia drivers from http://www.nvidia.com/object/linux.html. Integrate the NVidia drivers into these kernels by hand:

When using the closed source NVidia module driver, make sure that XF86Config-4 references nvidia not the open-source XFree86 driver nv.

The X.org and XFree86 X servers write output from the initialization process to /var/log/Xorg.0.log and /var/log/XFree86.0.log, respectively.

Ubuntu Breezy Badger packages for NVIDIA cards:

3.3 Performance Profiling

clay is set up to do performance profiling by both oprofile and PAPI with HPCToolkit. This required a kernel patch and recompile. There is one module for each approach: oprofile for oprofile and perfctr for any software that requires the PAPI modifications (specifically, hpcrun from the HPCToolkit). There are other performance tools that use the PAPI API (Tau, for one), but so far we only have HPCToolkit installed. As a side note, most Ubuntu kernels have the oprofile module available, but we are not aware of any with the more exciting perfctr patch applied and the perfctr module available.

The Oprofile homepage is http://oprofile.sourceforge.net/docs Oprofile first requires

Second, initialize the oprofiled daemon and start it collecting info. This command depends on your exact hardware/software configuration.

The path must lead to the uncompressed linux ELF executable, not to typical vmlinuz compressed boot sector that is installed in the /boot directory. For clay.ess.uci.edu:

In order for hpcrun to work, perfctr module must be modprobe-loaded and /dev/perfctr must be mode 644. When ready to collect info, do a sudo ls to initialize the timeout on the sudo command so later commands do not ask for passwords. For ncbo, assuming ncbo has been compiled with the -g option,

The output is a text file that gives the time spent in each function. The poll_idle time is that time which the CPU(s) has spent doing nothing, i.e., idling. For a lightly loaded dual-CPU machine, you would expect to obtain about 50% in poll_idle running a single serial job.

To use HPCToolkit, make sure that oprofile is not loaded, and load the perfctr module.

The PAPI API has access to necessary hardware counters once the perfctr has been loaded. After this, profiling is relatively straightforward. To profile a command, prefix it with hpcrun, e.g.,

The hpcrun options are typically a set of hardware counters you want to access during the run.

These options are requested as follows

hpcrun profiles everything that results. For example, command_to_profile is a shell command, then hpcrun profiles every subcommand in the shell, and gives each its own output file in the form of: app_name.PAPI_TOT_CYC.clay.ess.uci.edu.10137.0.

Process hpcrun output files into something usable with hpcquick. hpcquick is a Perl script that calls some other hpctools to generate the XML database (in its own subdirectory) that hpcviewer needs.

To use oprofile on clay requires a re-compiled kernel with the profiling switches enabled. Once re-compiled, the kernel may require a new Nvidia driver. This may require un-installing and purging packages, e.g.,

If the package is not purged, then /etc/init.d/nvidia-glx, which runs at each startup, may wipe out the TLS links that the new Nvidia driver needs.

3.4 Virtual Private Network: VPN

Use a Virtual Private Network (VPN) to obtain a UCI net address from an off-campus computer.

NACS uses allows browsers to request a VPN by logging into the UCI VPN Proxy at https://vpn.nacs.uci.edu.

3.5 XFree86: Security

X supports a number of security measures, not all of them helpful. By default, the Debian distribution prohibits X connections connections from any processes not started by the current desktop owner. Apparently this is enforced through so-called TCP-forwarding. TCP-forwarding may be prohibited with the -nolisten tcp argument to the X server. To permit other users access to your desktop display, remove this argument from appropriate file(s). Debian starts the X server from xserverrc (/etc/X11/xinit/xserverrc). The gdm.conf file (/etc/gdm/gdm.conf) may also need to be modified.

Another way of allowing access to your X desktop is to authorize access from all clients using the xhost command:

This may be risky unless the desktop sits behind a firewall or is offline.

3.6 XFree86: Multiple sessions

Default X display is accessible as Ctl-Alt-F7 on RedHat Linux For a different number of bitplanes on default display, use, e.g., startx

To create a second display at, say, 24 bits-per-pixel (), accessible as Ctl-Alt-F8, use

To create a second display using a test XF86Config file, use

For secutrity reasons, the path to the XF86Config file must be a relative path, not an absolute path.

Table 1 summarizes the keystroke commands related to X Windows.

Accessing virtual consoles and starting multiple sessions is the same in XFree86 4.x as XFree86 3.x. However, the specification of the color depth has changed from -bpp to -depth. To start X with 24 bit color the command is

Display managers such as xdm, kdm, and gdm start X themselves, and require that non-default options be passed directly to the X server in the configuration file, e.g., /etc/X11/gdm/gdm.conf, or /etc/kde/kdm/kdmrc. Before configuring display managers individually, however, it is wise to consider setting many parameters in the system-wide X configuration file, XF86Config-4. For example, adding DefaultColorDepth 24 to Section "Screen" should cause the X server to always run with 24 bit-planes.

3.7 LCD Projectors

LCD Projectors interact with X in strange ways. The ESS Department projector works best at resolution fxm. The IGPP projector works best at resolution fxm.

3.8 Desktop

The X server automatically starts at the specified system runlevel. The default runlevel is specified in /etc/inittab, and is OS-dependent. In a given runlevel (RedHat uses runlevel 5 for this, Debian uses runlevel 2), X automatically starts the display manager specified in /etc/desktop. The most common choices are GNOME, KDE, and XDM. These choices invoke the display managers gdm, kdm, and xdm, respectively. These display managers are capable of starting any desktop on the system (as determined in their configuration settings). Naturally they default to their appropriate desktops, e.g., kdm starts the K desktop environment. This default may be over-ridden by /etc/X11/default-display-manager

3.9 JPEG

Processing JPEG files produced by IDL.

4 Disk Management

4.1 RAID

RAID is Redundant Array of Independent Disks. Reference: http://en.tldp.org/HOWTO/Software-RAID-HOWTO.html

4.1.1 Hardware

(Will Kitto helped with this setup)

The RAID on biogenic consists of 4 × 150 GB Maxtor disks. There are two Promise disk controller cards installed in biogenic, with two disks connected to each card. The jumpers on each disk were set appropriately. All disks are ”master” not ”slave”, so the disks have the following IDs:

4.1.2 Getting Promise cards to work

The Promise cards were not supported by the kernel (that comes with RH7.2). A patch was found to support the Promise chipset, and a new kernel was made, with all the RAID modules included. I do not know if RH8.0 has support for the Promise cards, but I would guess yes.

4.1.3 Software

The devices were setup to run software RAID-5 (i.e. not RAID done in hardware). This means that of the 4 disks, only the capacity of 3 (i.e., 450 GB) is available for users (the other 150 GB are for redundancy). I followed the instructions that you’d see in any typical RAID howto (e.g. as per the reference). The raidtab was setup

To check the status of the RAID, view /proc/mdstat:

I have had a disk failure a couple of times (a RAID failure fixable with raidhotadd, not an actual problem with the disk). Issuing the raidhotadd command fixed it (first view /proc/mdstat to see which disk failed):

Bootup and shutdown: It does not appear that any of the RAID commands (raidstart or raidstop) appear in any of the startup or shutdown scripts, but it all seems to come up and down properly.

RAID commands: raid0run, raidhotgenerateerror, raidstart, raidhotadd, raidhotremove, raidstop

4.2 Servers: Sand

Modifications 3.29.05 by hjm

4.3 Formatting Disks

Ocassionally disks are added or need to be replaced. There is a lot one can know about formatting disks. Fortunately, a few commands suffice for most situations. The venerable fdisk family of commands is important. The recommended formatting command is cfdisk, a curses-based disk partition table manipulator.

The command to build a Linux filesystem is mkfs.

Once the disk is partitioned (with cfdisk) and formatted with (mkfs), add an entry to the /etc/fstab. The entry should be for, e.g., /dev/hdc1 (the partition) not /dev/hdc (the disk). Make sure the mount point exists as a directory, e.g., /data, before attempting to mount it.

In May 2007, I formatted a 100 GB replacement disk for elnino as ext3 using the partition name hdc1. This seemed to work fine for a few reboots until one day in June the hdc1 device could not be found. I found the other disk devices were using sda1-style terminology presumably because they are using SATA drivers. After changing the /etc/fstab entry from hdc1 to sdb1 the new drive mounted again. There was no data loss.

4.4 Creating LVM

LVM is Logical Volume Management. Reference: http://tldp.org/HOWTO/LVM-HOWTO/

vg commands:

Entry in /etc/fstab:

Bootup and shutown: It does not appear that any of the LVM commands appear in any of the startup or shutdown scripts. However, dust seems to have a perpetual problem of shutting down, because it hangs on the umount command (recall that all the computers mount /home from dust, so it is tricky for this disk not to be busy). Typically upon shutdown, I am forced to just power-off at the point that dust gets stuck. Upon boot-up, everything usually comes up fine after the disk is checked.

4.5 LVM on ashes

We installed LVM managing some partitions on ashes.ess.uci.edu.

4.6 Knoppix

Knoppix is a Linux distribution useful for previewing hardware and for rescuing downed computers. Knoppix offers many boot time options. Specify these at the boot: prompt.

Knoppix is very useful for restoring corrupted systems. Typically this requires mounting the disks on the filesystem. Knoppix does this automatically by double-clicking on the disk icon (alternatively, on may use the mount command). Then the disk must be set to enable-writing. Knoppix makes this available through the mouse menu. Finally it is usually necessary to change from user knoppix to user root before doing any serious repairs. The command sequence to fix a bad sector on a reiserfs partition on ashes was:

Assuming corruption is found and the disk, may want to unmount the disk and attempt to rebuild the filesystem tree

Many ATA-3 and later ATA, IDE and SCSI-3 hard drives include Self-Monitoring, Analysis and Reporting Technology (SMART) utilities. The smartmontools package uses these capabilities to monitor and tests for disk problems. The command line program is smartctl, and the daemon is /etc/init.d/smartmontools which uses the configuration in

The lm-sensors package complements the SMART utilities.

4.7 Mirroring Disks

Chad Cantwell used hardware RAID 1 to join two Maxtor 150 GB disks on dust as /home on dirt.ess.uci.edu. Mirroring disks to other disks is a smart strategy for creating high-availability storage. The RAID status is in /proc/mdstat. mdstat contains a percentage done while setting up, and then the final RAID status afterwards. This is configured via /etc/raidtab.

4.8 Garbage collection

Through time most disks accumulate unwanted files such as core dumps, intermediate files, and obsolete files. Unless care is taken, a substantial portion of free disk space may be used by unwanted files. The following short script uses find to locate and sort in order of descending size the largest 100 files within the ${drc} hierarchy.

The results are stored in /tmp/bgf_foo.txt. Find files that contain foo in their names:

4.9 Disk corruption

Disks die occasionally and it is prudent to gain familiarity with disk recovery strategies (although these are no substitute for making regular off-site backups!). Disk blocks that are unwritable are known as bad blocks. When disks develop bad blocks they may still function for quite a while, but restarting the system may become tedious as manual fsck’s become mandatory. Specific disk repair commands are filesystem-dependent. The default Linux filesystem is ext2, which is supported by a package of utilities known as e2fsprogs. The dumpe2fs command displays useful information about a device, such as the block size, chunk size, etc. The e2fsck command is used to monitor and repair ext2 filesystems.

Ext2 filesystems support the notion of a bad block list, i.e., a list of blocks it will not attempt to write to. The recommended procedure to create such a list is to first identify the device, e.g., /dev/hda7. Then logout of any windows accessing that device and unmount it. This may be tricky if the partition is used by the umount itself (or a dynamic library upon which the executable depends, libc, for example). If this occurs, one can presumably boot from a rescue floppy and execute umount from there. Then run e2fsck -c on the device.

A highly recommended rescue floppy known as “Tom’s root boot” is available from http://www.toms.net/rb/home.html.

hjm++ 1.23.06 updatedb (on sand). ’locate’ is a very useful tool on many *ix systems, however it can overwhelm you with output, especially if it is used on a system that has filesystems and backup directories. It is useful to grep the output to for the lead path or remove backup directories from being included in the locate db, by entering them in the /etc/updatedb.conf. This has been done on sand to avoid cluttering the output with repeated entries from the backup mirrors. hjm–

5 Software

5.1 netCDF Browsers

There are at last four freely available netCDF file browsers: ncview, ncBrowse, NCVweb, and panoply.

5.1.1 ncBrowse

ncBrowse ncBrowse is a Java application.

5.1.2 panoply

panoply It functionality is somewhat limited in that logarithmic axes are not allowed.

5.1.3 ncview

ncview Dave Pierson’s excellent ncview software must be installed by hand. Since it relies on UDUNITS, it is important to build that as well.

ncview allows logarithmic transformation of coordinates.

5.1.4 NCVweb

The NCVweb package is designed specifially for viewing netCDF files produced by the Atmospheric Radiation Measurement (ARM) Program. NCVweb is for web-based visualization. It uses NCO for aggregating data.

5.2 Python

The netCDF interface to Python is Python has at least 2 actively maintained netCDF interfaces: http://met-www.cit.cornell.edu/noon/ncmodule.html by Bill Noon, and http://starship.python.net/crew/hinsen/netcdf.html by Konrad Hinsen.

5.3 Mail

My Linux servers run sendmail, or the postfix interface to sendmail. This program, like other daemons, can be restarted using killall -HUP sendmail. To start the program, use the RedHat control-panel. The outgoing SMTP server is set in the file /etc/sendmail.cf or /etc/mail/sendmail.cf in the line beginning with DS. Mail that has not yet been delivered is stored in the /var/spool/mqueue directory. Incoming mailbox (e.g., /var/spool/mail/zender) must be known to Emacs.

There is a good example of how to set up postfix for Ubuntu machines at http://www.ubuntulinux.org/wiki/DialupEmailHowto. This example works for ashes.ess.uci.edu.

All too often, mail does not get delivered. Thus it is very important to keep a file copy of all messages before entrusting them to the Mail Transfer Agent, (MTA). At the very least, CC yourself on all mail you send. If it does not reach you, it did not reach its intended recipient. Undelivered mail is stored in /var/spool/mqueue-client. Undelivered messages have non-zero sizes.

Occasionally it is necessary to move mail between machines. Mail folders which are in standard format can be simply joined together using the cat command. As of September 2002, the correct UCI POP server to use for incoming mail is pop.uci.edu. The SMTP server to use for outgoing mail depends on the Internet address of the client. In general, setting SMTP server to localhost.localdomain works fine. This requires correctly configuring a Mail Transport Agent (MTA), such as Postfix, first. When configuring the SMTP client (e.g., thunderbird) delivery protocol, a good option to select is (TLS), in particular, the ”TLS, if available” option.

Clients directly connected to UCI may use smtp.uci.edu. See http://www.nacs.uci.edu/computing/e4e.html for additional UCI details. Clients at remote locations have two basic options for for sending mail from the remote location, port forwarding or changing mail servers. Port forwarding works from any remote location. Being portable, it is recommended for all short-term trips where there is no advantage to being on a local mail server. The goal of port-forwarding is to redirect traffic on the local port to the hostport on the remote host. This forwarding is done via encrypted tunnel so the remote_client must have trusted access to the remote server. This command forwards 2025 traffic on localhost to port 25 on the SMTP server. The tunneling is done on a trusted remoted client.

The tunnel must remain open for this port-forwarding to work (do not close the window).

Another example is to route around firewalls so that, for example, the clientpc (a laptop) behind a firewall can access software repositories (such as the Ubuntu archives) that would otherwise be inaccessible.

A second option is to login to an authorized SMTP server. All non-UCI SMTP servers must use port 587. Clients directly connected to wsu.edu should use mail.wsu.edu (WSU blocks mail routed through localhost.localdomain SMTP servers). Clients directly connected to Cox.net should use smtp.west.cox.net. Clients directly connected to cgd.ucar.edu, or to wireless.ucar.edu should use mailhub.cgd.ucar.edu. Clients directly connected to greenspeedisp.net should use mail.greenspeedisp.net.

Setting the SMTP server in Mozilla is non-intuitive. Select the Outgoing Server (SMTP) setting at the bottom of the accounts menu presented by Edit | Mail and Newsgroups Account Settings.

Emacs rmail mode provides an excellent environment for editing and sending mail. rmail understands your .mailrc file and, moreover, works with all features of Emacs. Remember to change the Emacs SMTP server when roaming.

Sometimes it is useful to combine or juggle rmail and Mozilla/Thunderbird mail folders:

My user preferences file, prefs.js, was corrupted on 20060222. Upgrading thunderbird while it is running is usually safe. However, this major upgrade (to version 1.5) appeared to corrupt it. See http://www.mozilla.org/unix/customizing.html#prefs Create a new profile with mozilla-thunderbird -profilemanager. To see all your firefox settings, view the URL about:config in a Firefox browser.

5.4 Macintosh OS X

OS X is based on FreeBSD. The OS X equivalent to ldd is otool

5.4.1 Fink

Fink is a Debian-based system for installing packages on OS X. Fink comes as a “disk image” file with a .dmg suffix. Clicking with the pointer on a disk image file causes a sequence of actions to occur: the file is mounted, the contents appear as icons, etc. The same effect may be achieved from the command line with the hdiutil and installer commands.

6 Programming

6.1 Operator precedence

The operator precedence of most languages follows that of the C language. Table 2 summarizes operator precedence of C. Precedence decrease from top to bottom (the first line has highest precedence).

6.2 Regular expressions

The alphanumeric pattern specifying a group of strings is called a regular expression. Special characters are $, ^, ., ⋆, +, ?, [, ], and \.

• “.” Matches any character except newline
• “⋆” Match smallest possible preceding regular expression as many times as possible
• “+” Match preceding regular expression at least once
• “?” Match preceding regular expression once or not at all
• “[ ... ]” Character set
• “[^ ... ]” Complemented character set
• “^” Match beginning of line
• “$” Match end of line
• “\” Quote special characters
• “\w” Matches any word constituent character
• “\W” Matches any non-word constituent character

In the replace expression, \& stands for the match found for the whole regular expression, and “\N” stands for the match to the Nth occurence of the “\( ... \)” pair. A floating point number match is [Friedl, 1997, p. 128]

The “?” makes the negative sign optional. The regular expressions used for lexically recognizing doubles in ncap and in ncgen, respectively, are

Using regular expressions in Emacs is both a pleasure and a problem. Some example regular expression search and replaces that work, and what they do

One often composes text in an Emacs buffer, then copies and pastes that buffer into another program, e.g., a browser or mail program. Browser and mail windows often have column-width limits imposed, so it is helpful to compose with the same column-width in Emacs. The command to set the maximum buffer width is set-fill-column. The argument to this command is the number of columns. Entering the argument to Emacs commands is non-trivial. The example of setting the number of columns to 80 show this: ESC 80 ESC x set-fill-column RET. This command might be written in Emacs short-hand as

Bash supports a wide variety of pattern operators for shell filename expansion, aka globbing. These globbing operations filter all files and directories present through a filter including one or more wildcard characters.

I also have a custom Perl script, fl_rnm.pl, for renaming files.

The most common shell pattern matching operators, such as ⋆ and ?, have minimal functionality as regular expressions. The Bash shell supports extended regular expressions in filename globbing via the shell option extglob. Activate this functionality using the shopt command:

6.3 Bash

Use hash to rehash commands in Bash, e.g., hash -r. This is equivalent to rehash or reset in csh. Systemwide defaults are set in /etc/ssh/ssh_config.

The Bash shell supports a wide variety of built-in commands, command line editing, job control, and history features.

6.4 Internationalization I18N

Create a local directory structure to hold ⋆.mo (“machine object”) files created from ⋆.po (“portable object”) by gettext machinery. One directory is needed for each language.

System-wide translation database is under /usr/share/locale. The installation of gettext() is its own documentation. Examine /usr/share/gettext/intl to see how its done.

Emacs po-mode.el should be loaded whenever ⋆.po files are loaded.

7 Files

7.1 Date conventions

This section describes conventions for naming files from geophysical models. We adopt the usual convention that DD is a two digit sequence to indicate the day of month DD [01, 02,…, 31], MM is a two digit sequence to indicate the month of year MM [01, 02,…, 12], and YYYY is the four digit Common Era year. It is often useful to select files based on their date convention. In such cases it is useful to have regular expressions (cf. §6.2) for each date convention: Date components like MM and YYYY are not just keyboard inputs, they are also variables, since useful information may be derived from them. For example, the number of years N in a file containing data from years YYYY and ZZZZ is N = ZZZZ - YYYY + 1.

Valid replacements for DD are [0123][0-9]. Valid replacements for MM are [01][0-9]. Valid replacements for YYYY are [0-9][0-9][0-9][0-9].

Climatological values are abrreviated clm, which is best interpreted as “all of the available data present when the command was run”. Syntactically, clm works equivalently to YYYY. However, clm is only three characters, while YYYY is four characters. This distinction helps reduce errors when commands use globbing to do the right thing, e.g.,

1. ${caseid}_YYYY Annual mean
2. ${caseid}_YYYYMM Monthly mean
3. ${caseid}_YYYYMMDD Daily mean
4. ${caseid}_YYYYMMDDHH Hourly mean
5. ${caseid}_YYYYMMDDHHMM Minute mean
6. ${caseid}_YYYYMMDDHHMMSS Second mean
7. ${caseid}_clm Climatological mean
8. ${caseid}_clmMM Climatological monthly mean
9. ${caseid}_YYYYZZZZ_MM Ensemble mean of month MM from years YYYY through ZZZZ (one record)
10. ${caseid}_YYYYZZZZ_0112 Ensemble mean of seasonal cycle sampled from years YYYY through ZZZZ (twelve records)
11. ${caseid}_YYYY_ZZZZ_MM Timeseries of month MM from years YYYY through ZZZZ (ZZZZ - YYYY + 1 records)
12. ${caseid}_YYYY_ZZZZ_MMNN Timeseries of month MM through month NN means from years YYYY through ZZZZ (ZZZZ - YYYY + 1 records)
13. ${caseid}_YYYY_ZZZZ_0305 Timeseries of Springtime means from years YYYY through ZZZZ (ZZZZ - YYYY + 1 records)
14. ${caseid}_clm_0112 Twelve month seasonal cycle
15. ${caseid}_YYYY_0112 Annual mean seasonal cycle (12 records). Note this is an exception to the general rule. It is unambiguous, however, because the mean of all twelve months is simple representable by the ${caseid}_YYYY convention
16. ${caseid}_YYYY_MMNN Mean of months MM through NN (1 record)
17. ${caseid}_YYYY_0305 Springtime mean (1 record)
18. ${caseid}_YYYY_ZZZZ Annual mean timeseries (multiple records)
19. ${caseid}_YYYYMM_ZZZZNN Monthly mean timeseries from YYYYMM to ZZZZNN, inclusive (multiple records)
20. ${caseid}_YYYYMMDD_ZZZZNNEE Daily mean timeseries from YYYYMMDD to ZZZZNNEE, inclusive (multiple records)
21. ${caseid}_YYYY_ZZZZ_t Mean of annual mean timeseries from YYYY to ZZZZ, inclusive (single record)
22. ${caseid}_YYYYMM_ZZZZNN_t Mean of monthly mean timeseries from YYYYMM to ZZZZNN, inclusive (single record)
23. ${caseid}_YYYYMMDD_ZZZZNNEE_t Mean of daily mean timeseries from YYYYMMDD to ZZZZNNEE, inclusive (single record)

8 System Administration

8.1 Backups

Simple but effective system backups are made each night. In February, 2009, Daniel Wang designed these backups to copy the server pbs.ess.uci.edu to the backup host pbs1.ess.uci.edu. The backups are controlled by a Cron script. From his 20090213 e-mail:

The Cron system performs specified actions at regular intervals. The cron program checks for actions to perform once per minute. Currently, all backups are handled by the crontab file of the root user. Use the crontab program to alter any user’s crontab.

The crontab program stores each user’s crontab in /var/spool/cron. For the root user, this is /var/spool/cron/root and /var/spool/cron/crontabs/root for RedHat and Debian GNU/Linux, respectively. Currently this system backup crontab file is

The first column is the minute of each hour for an action. The second column is the hour of each day for an action. The third, fourth, and fifth columns are the day of month, month of year, and year for the corresponding actions. Asterisks denote all values for the corresponding field. Always backup data to at least two physically separate locations!

My personal, user-specific crontab file is

Note that the backup commands themselves are only valid when specified with fully qualified paths. This security feature of Cron helps prevent malicious files from being inadvertently executed.

Backup binaries from /usr/local/bin (e.g., ddd, netscape). The script bck.pl is devoted to this, and works for ZIP disks and LS120 drives too. “Dot” files (e.g., .cshrc, .mailrc, .netscape directory) should be relatively safe as they are frequently archived by CVS. The most important files to backup thus become files in the mail directories.

8.2 Mounting devices

Make sure CDROM is in fstab, mounting it as /dev/cdrom is OK, mounting it as /dev/hdc is also common.

Occasionally, such as when rescuing lost systems, it is helpful to mount disk partitions from a command line shell, e.g.,

9 rsync

rsync is the program to synchronize non-archived files among remote machines. Files and directories which are not controlled by a source code control system are notoriously hard to keep synchronized. Examples are my directory of PDF journal papers, LATEX class files, and web directories. The general syntax of rsync is rsync src dst. A common mistake is to use the same path depth in src and dst arguments when normally the src path should be one level deeper than the dst path,

The previous two commands are equivalent and the first form is preferred.

Specifying -av is usually recommended for recursive synchronization without modifying file attributes. Hence the typical commands to keep machines in sync are

Often backups are made to CompactFlash or Memory Stick devices, described in Sections 2.2.1 and 2.2.2.

There are different types of back-ups. Often a primary source location contains all important information, and is the first repository to remove deprecated files. Back-ups of this primary repository, i.e., secondary repositories, should delete these deprecated files.

9.1 Slink

NCAR CGD uses a tool called slink which makes numerous separate software installations appear as one whole tree.

9.2 Documentation

GNU/Linux documentation is a little scattered. RedHat and Debian GNU/Linux install program-specific documentation in /usr/share/doc.

9.3 PPP

Modem is /dev/ttyS0, which should be linked to /dev/modem. /dev/modem must be usable by all. This should be set with control-panel. Must get correct permissions and ownerships on various files and directories: Line speeds, etc. have not changed from RH5 defaults Permissions are a major security issue!

Some security configurations may require that ’pppd be run with the setuid=root bit set, and some distributions ship pppd with mode=644. In this case, use, e.g., chmod +s /usr/sbin/pppd.

9.4 Batch Queues

Two batch queue handlers are in use at NCAR and UCI, the NQS Network Queueing System and the AIX LoadLeveler system. LoadLeveler is described at http://www.scd.ucar.edu/docs/blackforest/batch.html. The commands to submit jobs in these systems are qsub and llsubmit, respectively. The commands to query jobs in these systems are qstat and llq, respectively. The commands to cancel jobs in these systems are qdel -k and llcancel, respectively.

9.5 Remote shell service rcp, rsh, ssh, telnet...

Make sure .rhosts is installed and NOT group/other writable! Turn on sshd, telnetd, httpd in, at least, run levels 3–5. Turn on services in runlevel 2 if they should be running even when the X-server is not.

9.6 Root

Change shell to tcsh using control-panel

Install abbreviations to root’s .cshrc file, e.g.,

9.7 LATEX

All LATEX notes are contained in ltx.tex and ltx.ps.

9.8 Library

Often unresolved external links are reported by a loader and the required library must be located. A useful procedure to follow is to change to the library directory and use the nm command to search for the missing subroutine

9.9 Info

After installing packages in /usr/local which install info in /usr/local/info, you need to update /usr/local/info/dir

9.10 Networking

nslookup returns information about the machine on the Internet with a given name or IP address. Use control-panel to set network parameters such as hostname in /etc/hosts, e.g.,

and the nameserver in /etc/resolv.conf:

9.11 C development

kernel-headers and glibc-devel are required to develop C language programs, but not installed by default

9.12 Time and TimeZone

Use --utc option to indicate that HW clock is kept in coordinated universal time or UTC, which is virtually identical to Greenwich mean time or GMT. This option is set during the installation of GNU/Linux.

A better option seems to be using rdate to set the system clock and then hwclock to set the hardware clock to the system clock.

Note that time.nist.gov may refuse connections, so consider alternatives like ntp.ucsd.edu. Inserting this command in /etc/rc.d/rc.local ensures time is set correctly on each reboot (assuming machine is on network at boot time). I think this resets the hardware clock, and not just the system time.

The preferred solution is to use NTP, the network time protocol. The NTP homepage is http://www.eecis.udel.edu/~ntp. and the NTP FAQ is http://www.eecis.udel.edu/~ntp/ntpfaq/NTP-a-faq.htm. As of about 1999, few Stratum 1 timeservers will accept synchronization requests from Stratum 3 machines. Stratum 3 machines should synchronize with any publically accessible Stratum 2 server, listed, for example, at http://www.eecis.udel.edu/~mills/ntp/clock2.htm. I chose server 132.239.254.49 = ntp.ucsd.edu. Alternatively, the ntpdate command works just like rdate, and can be used when the NTP daemon itself is unavailable.

Changing the system timezone is described at http://www.wikihow.com/Change-the-Timezone-in-Linux.

9.13 Perl

9.14 Links

Whenever /home is re-installed, many links must be recreated. Links may be listed with

For machines at NCAR, it is best to store source code in /fs/cgd/home0/zender and create links to ${HOME} so that the larger object files and executables will not consume the expensive space on the central fileserver.

9.15 Install /etc/initscript to boost stacksize so CCM can run

9.16 Math Libraries

Compile libspecfun.a. Normally, the double precision version of libspecfun.a, located in src.dp should be built and used. However, on Alpha chips using f90, this results in gamma_ being un-defined. In this case, build the single precision source (and hence function names) using double precision flags:

9.17 Hardware description of Zender group computers:

Dell Support
1-800-624-9896 (general)
1-800-234-1490 x69080 (general)
http://premiersupport.dell.com

For all machines: Netmask = 255.255.255.0
Default gateway (subnet 14) = 128.200.14.1
Croul Hall Default gateway (subnet 24) = 128.200.24.1
Rowland Hall (old) Default gateway (subnet 93) = 128.200.93.1
Rowland Hall (new) Default gateway (subnet 185) = 128.195.185.1
CalIT2 Default gateway (subnet 185) = 128.200.197.1
Engineering Gateway Broadcast (subnet 14) = 128.200.14.255
Primary nameserver (UCI) = 128.200.1.201
Secondary nameserver (UCI) = 128.200.192.202
UCI News server = news.service.uci.edu
UCI POP server (newer, should work) = pop.uci.edu
UCI IMAP server = imap.uci.edu
UCI SMTP server = smtp.uci.edu

ashes.ess.uci.edu = 128.200.14.90
Dell Inspiron 8500
Arrived 20030408
Service Tag C2PNM21
Express Service Code 26285412457
UCI Property #: 039003448
Pentium IV 2.4 GHz 512 KB L2 Cache
Wireless card is TrueMobile1400
MAC address: 00:90:4B:B2:09:86 (wireless internal chip TrueMobile1400)
MAC address: 00:0b:db:17:83:0d (wired)
aptitude install bcmwl5driverloader
Broadcom wireless card: http://www.linuxant.com/drivers_bcmwl/bcmwl5/downloads-license.php
Installed driver Broadcom 01/09/2003, 3.10.39.0
ndiswrapper driver for Broadcom wireless chip installed 20061216 as aper http://ubuntuforums.org/showthread.php?t=25683 /cdrom/Setup/I8500/bcmwl5.inf /cdrom/Setup/bcmwl5.sys
License Key: 87-A7-39-A4-18-C0
email address: zender@uci.edu
Registered as eth1
hda: FUJITSU MHS2060AT, ATA DISK drive 60 GB
hdc: HL-DT-STCD-RW/DVD-ROM GCC-4240N, ATAPI CD/DVD-ROM drive
hdc: ATAPI 24X DVD-ROM CD-R/RW drive, 2048kB Cache, UDMA(33) Intel 810 + AC97 Audio, version 0.24, 04:35:38 May 6 2003
Broadcom 4401 Ethernet Driver bcm4400 ver. 2.0.0 (03/25/03)
eth0: Broadcom BCM4401 100Base-T found at mem faffe000, IRQ 11, node addr 000bdb17830d
0: nvidia: loading NVIDIA Linux x86 nvidia.o Kernel Module 1.0-4349 Thu Mar 27 19:00:02 PST 2003
AC97 modem device forced to iobase_0=0xb400, iobase_1=0xb080, irq=11
http://www.linuxvoodoo.com/store/index.php/cPath/45_66 Bought netgear card from Fry’s on 20041211 for $45-$25=$20 NetGear WG511 802.11B/G D-Link Wireless Cardbus NIC 802.11 g 108Mbps MAC address: 00:09:5B:E8:C4:E1 (NetGear WG511 802.11B/G)
20050818: Bad internal disk, problem report filed with Dell https://wiki.ubuntu.com/HardwareSupportMachinesLaptopsDell suggests pci=noacpi,acpi=noirq

biogenic.ess.uci.edu = 128.200.14.73
Dell Precision 530
Arrived Jan 10, 2002
Serial number: HJKZ411
Service Tag HJKZ411
Express Service Code 38189387557
UCI Property #: 019003703
Intel(R) Xeon(TM) CPU 1.50GHz

hp5850.ess.uci.edu = 128.200.15.157:
Hewlett Packard 5850 Color inkjet printer in Croul 1101

silt.ess.uci.edu = 128.200.14.156:
clay.ess.uci.edu = 128.200.14.158:
UCI property number (for both as Los Alamos Cluster:) 059000194 Los Alamos Computers (LAC) order #014214 Both are dual opterons on a Tyan Tyan S2885ANRF motherboard (onboard firewire) Dual AMD Opteron 246 (2.0 GHz, 1M L2 cache) 2G PC3200 registered ECC DDR RAM (1 has 2GB of PC2100, one has 4GB of PC3200) nVidia Corporation NV34 [GeForce FX 5200] 128MB RAM w/ video w/DVI, 3x 250GB WD SD series SATA disks WDC WD2500SD-01K hdc: SONY DVD RW DW-D26A, ATAPI CD/DVD-ROM drive 3.5 inch floppy drive Onboard gigabit NIC Multimedia audio controller: Advanced Micro Devices [AMD] AMD-8111 AC97 Audio (rev 03) Four port USB 2.0 PCI card Logitech Z560 400W speakers (4 satellites + sub) Chenbro SR10403 enclosure (3 case fans) Enermax 460W power supply (quiet and dependable) disks are mostly in raid5 config: Filesystem 1K-blocks Used Available Use/dev/md1 15496084 1864536 12844376 13tmpfs 1028532 0 1028532 0/dev/md0 100954 14318 81424 15/dev/md2 462259168 34468 438743308 1none 5120 2708 2412 53where the md devices are setup like this: DEVICE partitions ARRAY /dev/md2 level=raid5 num-devices=3 UUID=b190d39b:cad75d67:7abb3ee1:8c71f882 devices=/dev/sda8,/dev/sdb8,/dev/sdc8 ARRAY /dev/md1 level=raid5 num-devices=3 UUID=ba4fb7ff:85a95d9c:988a6647:1d9d8f8c devices=/dev/sda6,/dev/sdb6,/dev/sdc6 ARRAY /dev/md0 level=raid1 num-devices=2 UUID=c8d86633:d20e14e3:f9025448:de67a792 devices=/dev/sda5,/dev/sdb5 Monitors are: Viewsonic VP201b 20” LCD: Model number VLCDS26064-2W Serial numbers: A21050401846, A21050401861 Connections to Cisco 3550 first floor switch are 1 Gb s-1 to jacks 75 (sand), 48 (silt), and 56 (clay). These occupy ports 1–3 of the total 10 jacks. In switch closet, blue panel goes to station, yellow goes to switch.

dirt.ess.uci.edu = 128.200.14.25:
Dell Precision 610
Shipped 19990902 from Dell Computer on UCI PO
System Service Tag 4R5EJ
Express Service Code 7985179
Dual 500 MHz Pentium III Xeon with 512 KB Level 2 cache
1 GB RAM
Primary SCSI controller for hard disks: Adaptec AIC-7890 Ultra2/Wide LVD controller (Adaptec 2940 UW-equivalent)
Two 36 GB SCSI disks: QUANTUM Model: ATLAS 10K 36WLS
Secondary SCSI controller for CDROM: Adaptec AIC-7880 internal Ultra/Narrow and
external Ultra/Wide (Adaptec 2940 UW-equivalent)
SCSI CDROM NEC Model: CD-ROM DRIVE:466
Audio: System-board-integrated 16-bit Crystal CS4237B audio controller chip which emulates Sound Blaster Pro card from Creative Laboratories, Inc. NIC: 3Com 3C905b-TX Wakeup On LAN-capable (uses a 3Com 3C918v2 ASIC)
24” Dell UltraScan P1690
1920x1200 @ 60 Hz, 75.0 kHz hsync
See http://support.dell.com/oti/monitors/P1690/En/specs.htm
Dell warranties monitor syncs at 1920x1200 resolution with hsync = 95 kHz, vsync = 76 Hz, dotclock = 245.5 MHz, horizontal/vertical sync polarity = -/-
Video controller: Diamond Viper 770D AGP PCI video adapter with 16Mb of SGRAM
This controller is based on the NVidia RIVA TNT2 chipset and uses the XF86_SVGA driver
IOmega 250 MB ZIP drive

elnino.ess.uci.edu = 128.200.14.97
Dell Precision Mobile Workstation M50 $4400
Arrived 20030129
Service Tag 4RPK921
Express Service Code 103-826-513-53
UCI Property #: 039003413
1 GB RAM
15” UXGA
IEEE 1394
elnino inherited haze’s second battery, which is a 66 Whr JP-04M778-42016-2CR-1656
24x CD R/W 8x DVD ROM
nVidia, Quadro?4 500 GoGL, 64MB, VGA
Intel Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz stepping 07 512B L2 Cache
hda: IC25T060ATCS05-0, ATA DISK drive
hdb: Samsung CD-RW/DVD-ROM SN-324B, ATAPI CD/DVD-ROM drive
NB: hdb requires ide-scsi driver hdb mounts as sr0 hdc: HITACHI_DK23EB-40, ATA DISK drive
hde: SanDisk SDCFB-1024, CFA DISK drive Floppy drive(s): fd0 is 1.44M
Attached scsi CD-ROM sr0 at scsi0, channel 0, id 0, lun 0
sr0: scsi3-mmc drive: 0x/24x writer cd/rw xa/form2 cdda tray
agpgart: Detected Intel i845 chipset Intel 810 + AC97 Audio, version 0.21, 09:15:48 Aug 14 2002
eth0: 3c59x eth1: Looks like a Lucent/Agere firmware version 8.10
Uses hermes, orinoco, and orinoco_cs modules MAC address: 00:08:74:E4:EC:3F (wired)
MAC address: 00:02:2D:85:5C:3E (wireless)
Firewire IEEE 1394 uses ohci1394: Linksys Wireless G Broadband Router:
S/N CDF80E406886 MAC 0013107D321C Ownership ID 4HFFS4BW Device ID 5ZRJG2FV ZyXel AG200 Wireless 802.11a/b/g USB adaptor (Based on Atheros chipset) S/N S510500149 MAC 00A0C5B810C7 http://www.zyxel.com/product Cleaned fans 20070917 using on-line service manual Found with search for ”Dell Precision M50 Service Manual” http://support.dell.com/support/edocs/systems/wsm50/en_sm/index.htm elnino’s internal 60 GB disk drive died  20080120 This was an IBM travelstar Model: IC25T060ATCS05-0 5400 RPM Received replacement 80 GB disk drive died in 20080205 This was an Samsung

esmf.ess.uci.edu = 128.200.197.165

Sony DSCF828 Digital Camera
SanDisk ImageMate USB 2.0 Reader/Writer for CompactFlash Type I & II
Model SDDR-91 Part Number 20-90-00091 1 year warranty SanDisk CompactFlash 1.0 GB www.sandisk.com/registration 5 year warranty Sony Camera Case LCS-VA3

haze.ess.uci.edu: 128.200.14.62
Dell Inspiron 8000
Dell order #: 609532437
UCI is Dell customer #: 6774301
Laptop is UCI PO #: 0119L03200561
Shipped on 2001/07/31
System Service Tag JGP4R01
Express Service Code 423-685-352-17
Touchpad is PS/2 compatible
Two 59 WHR LI-ION batteries
Pentium III 1 GHz
512 MB SDRAM
48 GB Hard drive
Fixed Internal CD-RW/DVD combination drive
100 MB ZIP drive, interchangeable with 3.5” floppy drive
15” UXGA display
Video controller: NVIDIA GeForce 2 Go Video, w/ 32 MB DDR, AGP 4X
Grey Microsoft USB mouse with 3 buttons
Audio controller: ESS Maestro 3
Xircom RealPort 10/100 + 56K Ethernet/Modem Combo PC Card, Type 3
PCMCIA tulip_cb driver:

Bought extra battery from http://www.computergiants.com Attached to printer

hp5180.zendernet = fxm
HP Photosmart C5180 All-in-One Printer-Scanner-Copier Purchased from Carrefour Echirolles 20070905 Takes 6-pack ink cartridges type part number 363 Hangs off zendernet router MAC address #: 001a4b954ae8
Serial Number: MY6CRQ217F04MK
Firmware Version: R0631MxNxxN0
Service ID: 17249
Problem printing is: Network host ’192.168.1.2’ is busy; will retry in 30 seconds

Netgear wireless router in SMU
WGR614v7 Serial #: 1JS2767T02DC9
MAC address #: 001B2F5B6BFC
Default access: http://www.routerlogin.net
ESSID: zendernet Router settings date-stamped and saved to virga:

Came with WG111v2 USB 802.11g card: MAC address #: 00184DFF1D2C
S/N: 1AC174BP09583

Comprehensive Static IP list for Zender computers:

Comprehensive Wireless MAC list for zendernet router:

zendernet router reserved IPs:

hp4600.ess.uci.edu = 128.200.14.123
COLOR LASERJET 4600DN 17PPM 96MB PAR ENET 2-EIO PS3 PCL6/5C
Purchased from GST. Inc. 17707 Valley View Ave. Cerritos CA 90703-7004 Arrived Jan 23, 2003
Serial number: JPBKB18664
UCI Property #: 039003414
17 ppm clr
600x600 DPI
96 MB RAM
10 GB disk
81.0180 EIO 1 ERROR messages: If you have a 615N/J6057A card and you get EIO errors, open a ticket for your free replacement. You have a bad card. 1-800-HPINVENT.

Green Laser Pointer Originally with three Vinnic L1154 batteries http://www.batterymart.com/battery.mv?p=BAT-LR44 has a picture of these batteries and gives their technical specifications as Volts: 1.5, mAh: 120., Chemistry: Alkaline Dimensions: 11.6 X 5.4 (Dia x Ht. MM) The bumpy (negative) side faces into the pointer, against the spring The flat (positive) side faces out of the pointer, toward the chain I believe the pointer came with three L1154 batteries The pointer does not work with three Rayovac 303/357 batteries The pointer does work with four Rayovac 303/357 batteries, but the lid will not shut Hence, the problem seems to be that the aggregate power is not enough The Rayovac is a Silver Oxide chemistry, like the Vinnic S1154 (but not the L1154).

ipcc.ess.uci.edu = ipcc.calit2.uci.edu = 128.195.185.75
pbs.ess.uci.edu = pbs.calit2.uci.edu = 128.195.185.76
The Wiki for PBS is at http://tephra.ess.uci.edu/PBSWiki
tephra.ess.uci.edu = 128.200.14.171

givre.ess.uci.edu = 128.200.14.205
Charlie’s new laptop Dell Precision M6400

glace.ess.uci.edu = 128.200.93.87
Xianwei’s computer grele.ess.uci.edu = 128.200.93.88
Bob’s computer

neige.ess.uci.edu = 128.200.14.122
Dell Precision M6300 64-bit architecture uses EM64T instruction set Received at UCI/SMU 20071221/20071228 Dell Service Tag: JB1S8F1 Complete Care until 20111213 Gold support until 20111213 Express Service Code: 42026989213 4 year limited warranty plus 4 year NBD on-site service and complete care Gold technical support issues: 20090111 Case #: 631107288 AC Power supply. Spoke to Trevor Intel Core2 Extreme CPU X7900 2.8 GHz 800 MHz FSB
17” UltraSharp Wide Screen WUXGA
24x CD-RW/DVD burner, 8x DVD+/-RW, DVD-ROM, Blu-Ray Re-writable
4 GB RAM NVidia Quadro FX 1600M 512 MB Windows Vista Business Product ID: 89576-OEM-7332141-00054 Intel Wireless WiFi 4965AGN Broadcom NetXtreme 57xx Gigabit Controller MAC address: 001C231F2730 (wired broadcom)
MAC address: 001DE0289E6D (wireless ipw4965AGN)
Sound controller problems:

Get video working: nvidia-glx-new UPEK Fingerprint Reader

virga.ess.uci.edu = 128.200.14.189
Dell Inspiron 9400
Received at UCI 20060221
Dell Service Tag: F1N0J91
Express Service Code: 327-508-573-33
4 year limited warranty plus 4 year NBD on-site service and complete care
Gold technical support
Intel Core Duo Processor 2 GHz/667 MHz FSB
17” UltraSharp Wide Screen UXGA WUXGA
8x CD/DVD burner (DVD+/-RW) with double layer DVD+R write capability
2 GB RAM Logitech MX1000 Laser Cordless mouse: 29.1 ROM GP Logitech Resolution 800 DPI, 5.8 MP s-1 Logitech S/N: LZB533350679 MAC address: 00:14:22:EF:61:8E (wired)
MAC address: 00:13:02:0A:7C:E5 (wireless ipw3945)
Bluetooth Dell Wireless 350 Bluetooth Internal (2.0+ enhanced data rate)
Bluespoon AX2 Logitech QuickCam Pro for notebooks IEEE 1394
scsi0 : ata_piix Vendor: ATA Model: Hitachi HTS72101 Rev: MCZO scsi1 : ata_piix Vendor: _NEC Model: DVD+-RW ND-6650A Rev: 102C SCSI device sda: 192426570 512-byte hdwr sectors (98522 MB) 1 PCI Express card slot Zero pcmcia slots Video: 256 MB Nvidia GeForce Go 7800 eth0: Broadcom 4400 10/100BaseT Ethernet 00:14:22:ef:61:8e Intel PRO/Wireless 3945 80211a/g minicard
# Sound: http://wiki.ubuntu.com/DebuggingSoundProblems # Turn off internal speakers when headphones plugged in # echo options snd-hda-intel model=ref — sudo tee -a /etc/modprobe.d/alsa-base

flyash.ess.uci.edu (originally named lanina):
usually dhcp-14116.ess.uci.edu, dhcp-14118.ess.uci.edu (wired) or dhcp-086159.mobile.uci.edu,dhcp-086183.mobile.uci.edu (wireless)
Dell Inspiron 7500R
Dell order #: 320036478
UCI is Dell customer #: 6774301
Laptop is UCI PO #: 0120L03002256
Shipped on 20000111
System Service Tag Y20Z8
Express Service Code 572-015-24
Touchpad is PS/2 compatible
Pentium mobile III 500 MHz
512 MB 100 MHz RAM
25 GB Hard disk
120 MB Super disk, aka LS120 (mounted as /mnt/ls120 = /dev/hdc)
Display is 15.0” SXGA+ active matrix color
Video controller: ATI Mobility P, 64 bit, AGP 2X w/ 8 MB RAM (ati X.org server)
Controller supports 32 bit color but LCD display limited to 18 bit
Infrared IrDA 1.1 port
Logitech first mouse 3 button PS/2 compatible
Audio controller: ESS Technology Maestro-2e (Sound Blaster Pro-compatible)
udev:DEVPATH=/bus/pci/drivers/ES1968 (ESS Maestro) udev:UDEV [1170546089.233339] add@/module/snd_es1968 udev:PHYSDEVDRIVER=ES1968 (ESS Maestro) http://occy.net/taxonomy/term/6?from=20: ”In order to get sound working on my Mom’s Dell Inspiron 8200, using Ubuntu Linux, I had to do the following:”

Wireless: Lucent technologies Orinoco silver card Orinoco MAC address: 00:02:2D:09:82:E2 Xircom 32bit Cardbus Ethernet 10/100 + Modem 56 (aka CBEM56G 1.03)
Xircom MAC address: 00:10:A4:08:12:31 PCMCIA tulip_cb driver:

CBEM56G ethernet cable: CABLE-ETH122 CBEM56G modem cable: CABLE-MOD444 PCI controller: Texas Instruments PCI 1225 Cardbus
Airlink AWLC3026 802.11b/g card purchased 20061216 from Fry’s: MAC 00:03:2F:36:D5:51

Video modes supported:

Do horizontal and vertical refresh rates have any meaning for TFT/LCD displays? Installation programs ask for these variables and the following settings are reported to work for the i7500 at 1400x1050: hsync range 31.5 -82, vrefresh 40-110. For haze the horizontal refresh should be set at 28–90, while the vertical should be set at 40–110. NB: ATI RAGE card at 1400x1050 resolution does not work on Fedora/Ubuntu unless magic option “vga=792” is added to kernel boot line, e.g., in grub.conf or menu.lst

lanina.zender.org = 128.200.14.80
Compaq Presario 5240
Purchased 19990312 from CompUSA in Boulder  $1100
AMD K6-2 3d Processor at 400 MHz
Serial number 1X91CFDH8662
10 GB Hard disk
hjm:03-03-05 added 200GB disk, added ProMEPIS (Debian) OS, in following partitions: hda1-10GB -OS, hda2-1GB swap, hda3- /home ( 78GB) hda4 -/data(spare) 64 MB RAM
hjm: 03-03-05 upgraded to 256MB (with simms from home) 120 MB Super disk, aka LS120 (mounted as /mnt/ls120 = /dev/hdd)

Floppy drive(s): fd0 is 1.44M
Rockwell HCF 56 kbps DataFax modem on PCI bus COM2 (/dev/ttyS1)
3COM-US Robotics 56 kbps winmodem on ISA bus COM1 (/dev/ttyS0) IRQ4
NIC: PCI Fast ethernet DEC 21143-based controller
Graphics: Rage LT PRO AGP 2X (XF86_Mach64 server)
USB
PCI disk controllers

sand.ess.uci.edu = 128.200.14.132
Western Scientific $4000
Chassis Serial number 1012003577
Arrived 20040221
Service Tag fxm
Express Service Code fxm
UCI Property #: 049003617
2 GB RAM
Two AMD Opteron(tm) Processor 244s at 1.8GHz
Bought without monitor
Now using Dell UltraSharp monitor same as biogenic
Network card sk98lin Logitech cordless mouse/keyboard: Navigator Duo Graphics Card: ASUS V9520 Series CPU Graphics card powered by NVIDIA GeForce FX 5200 GPU. Supports AGP 8x Motherboard: IWILL DK8X: Eight sockets for up to 16 GB RAM Use 184-pin Registered PC2700/2100 ECC DDR memory modules Two 32-bit/33 MHz PCI slots One 64 bit/66 MHz PCI slot Two PCI-X slots One AGP Pro 8X slot hda: DVD: Plextor Model PX-708A Internal 40X ATAPI DVD+-R/RW CD-R/RW drive hdc: DV-516D 0106 ATAPI 48X CD/DVD-ROM drive Tech Support (800) 443-6699 Hank Vu (800) 443-6699 x. 211 hank@wsm.com

2.28.05 mods 3.29.05 by hjm 200 gb disk from lanina moved to sand on IDE bus 1 new hoary ubuntu distro loaded on 200gb disk as:: Filesystem 1K-blocks Used Available Use/dev/hda1 10482044 2048572 8433472 20tmpfs 1786416 0 1786416 0/dev/hda6 105294788 5897208 99397580 6/dev/hda3 73278252 2128912 71149340 3/dev 10482044 2048572 8433472 20none 5120 2836 2284 56

sand was upgraded to 4GB ram, of which 3.5 is available to the system - a little mentioned weirdness of Opteron systems is that the 0.5 GB of RAM just below 4 GB disappears into the memory-mapping black hole that AMD inherited from INtel.

After the SW raid experiment, sand has 3ware Escalade HW raid card driving eight identical Western Digital 2500jd drives in a RAID 5 config yielding  1.7TB usable. It looks to the system like a single SCSI disk.

5.13.05 - disk failure on sand’s RAID5 partition - detected on reboot in dmesg, not by log or email as expected. At this point, the data was still intact and SHOULD have been backed up to another system, but since it was HW RAID5 AND it was 3ware controller (known for reliability (HA!) and robustness (HA!)) AND this was acting as the backup for other systems (which were still OK) AND the data was  200GB at this point, I thought it was ok to go ahead. MISTAKE!

First thing was to find the problem of why we hadn’t been informed of the failure beforehand. The controller ( a 3ware Escalade 86506-8port driving 8x250GB identical WD disks) has, like most such cards, a BIOS-based utility for setting up the RAID which actually worked pretty well, except that unlike SW RAID, you can’t use the raid immediately in degraded mode (while it’s building the checksum info across the raid) - you have to let it sit there for hours (it’s a 1.6 TB array) while it checksums the entire array (even tho there’s nothing on it to begin with). That done, it looks like a giant scsi disk to the OS - so far so great.

3ware also comes with a web-frontend utility called 3dm and a commandline utility called tw_cli. When I had installed the 3dm, I had gone thru the installation script, checked that there were no error messages, checked that I got an email verification and then forgot about it - altho thinking about it - I must have gotten the email from the script, not the app. I did not check that the web server interface was working as I didn’t think I’d ever use it. MISTAKE.

Now I DID need to talk to the controller and the 3dm/tw_cli were the only things that could while the OS was running. THIS is one of the downsides of a hardware RAID - you’re stuck with the tools that the vendor gives you. Since I was running on a 64-bit SMP Linux (Ubuntu), dual opteron, the installation bash script ran fine, but the monitoring daemon silently failed (32 bit code and I was running a 64-bit-only OS). So nothing was hearing the controller screaming that a disk had died and the RAID was now running in degraded mode. (as noted above, the only thing that let us know this was an entry in dmesg on a reboot.)

After verifying that this software was in fact incompatible with the OS, I tried to find an upgrade that WOULD let me talk to the controller. I figured that 3ware being a vendor of high-end hardware, my kind of machine would be among their main targets. And I was right - BUT ... Trying to find the software that was compatible with my system was an exercise in frustration - 3ware’s web site is walled off from google’s bots (like almost all corporate sites) and since 3ware is relatively high end hardware, there are not a lot of messages on the linux BBSs about such failures and how to deal with them. So after a couple hours of browsing I had to go back to the 3ware site and deal with their oh-so cool web design that doesn’t show URLs in any way different than regular text. The text only shows up as a hyperlink if you mouse over it. I noticed this and then had to mouse over entire pages of text, line by line to search for likely hyperlinks.

The one that finally took me to the page I needed was buried in a paragraph that I almost overlooked. Turns out the SW does exist, but is NOT specified for the controller I have (8506-8) but the 9000-series controller (which is noted in the fine print as being backwards compatible with the 8000-series). ALso, it’s not ’released SW’ , it’s being ’In Engineering Phase’. To make a long story shorter, I ended up downloading and trying several versions of software until I finally stumbled over the right software - the 64bit versions of the 3dm2 and cli for the 9000-series controllers. This installed OK and apparently ran. The web interface software however, while it started up and presented an optimistic login screen, gave no indication of what the passwords should be or where to go to set them. After looking in the config file (/etc/3dm2/3dm2.conf) only to find encrypted passwords, I then wandered around the 3ware web site trying to find documentation about how to set or even find out what the initial passwords were. There were no docs or help files or README’s with teh software (it’s ’3ware’ for those of you going thru the same hell; you can change them via the web interface when you finally get in.)

Re the passwords - nothing - or at least nothing I could find in about an hour’s searching. I finally decided to look in the installation script - bingo. The passwords are set and encrypted into the config file from there. SO after setting them to what I wanted, FINALLY I was able to log into the web interface and talk to the controller. And in fact after being able to log in, the help file DOES tell you what what the password is and how to change it.

Actually the tw_cli app also works, but it’s pretty ugly (altho give them credit - they DID make 2 linux-specific clients). The one that I needed was the 3ware 9000 series 3DM2 Linux64-bit one - helpfully, on the web page I eventually found: (http://3ware.com/support/downloadpageeng.asp?SNO=4), both the 32 bit and 64 bit one are named the SAME THING.

So here I am, talking to the 3ware controller via the web interface and while it’s not fantastic, it’s really not bad. And one disk has been marked bad. So now I have to replace the bad disk. I’m just about to bring the system down to do this, when I realize the disks are sitting in the expensive hotswap cages we bought for this specific purpose, so (after unmounting the filesystem) I take a deep breath, and pop the offending disk. ... ... nothing happens - the system doesn’t freeze or explode or anything - it looks like it has actually worked - and the 3dm2 interface shows that the bad disk is now gone. GREAT! I quickly replace the disk with a spare and slam it back in again - and there it is on the web interface. Now isolated all by itself.

Now - how to go about adding it back to the RAID? The Web interface is a bit dodgy on how to go about adding this disk back into the array. And the help pages are not particularly helpful; the Maintenance help page sort of obliquely refers to this scenario, but certainly doesn’t give any specific step-by step instructions. You’d have thought that since one of the primary reasons for buying such an expensive controller is to be able to replace a RAID5 disk on the fly, they might have a specific mention of such an eventuality. The way I did it is to add the disk to a new ’UNIT’ and then add that UNIT to the previously defined RAID5 UNIT and request that the new combined unit be rebuilt. That seemed to work and the controller went about integrating the new disk into the raid 5 array. Again, it was not possible to mount the array and use it while it was being integrated, like you can do with SW RAID under linux. This took several hours, and in the end, it FAILED. That was the just about the last straw. After spending $ and time (=$) on this escapade (that’s what the Escalade series SHOULD be named), the thing fails to rebuild the array. (But at least it now reports via email that it has failed.) So now what???

The filesystem was a reiserfs to begin with. As a last resort, I try to rescue the thing with a fsck.reiserfs. After reading the dire warning about this being the last thing you should try, I give it the –rebuild-tree option and go home. This being 2TB of disk, it takes a while. Later that night I see it’s completed and try to mount it. To my astonishment it mounts. I do a ’df’ - hmm - that’s not good - only 3started (the raid had only been running a short while). I’m not at all happy to see that it the only directory on the partition is ... lost+found. This dir contains the rubble of what used to be about 200GB of expensive and carefully groomed earth-sensing and atmospheric data.

So go ahead - ask me - Am I happy that I spent the extra tobuyahardwareraidcardratherthantwo30 4port sata controllers and using SW RAID?

I probably couldn’t have done all this disk hot-swapping with a non-HW RAID card, but the cost of a reboot for most of us is not that big a deal. That said, I’m not sure of the total complexity that doing such a thing under SW RAID would have entailed. To do this with 2x 4 port controllers would have required additional complexity and I’m not sure it can be done easily with mdadm. And it is possible that I did something wrong in the 3ware rebuild - I’ll be sending this narrative back to them as well.

As a postscript to this, I should also mention that while most Linux server vendors sell 3ware cards, at least one (Los Alamos Computers) suggests SW raid as being both significantly cheaper and faster. They suggest the Promise SATA TX4 for about 70.Newegghasthesupported - in - kernelSiliconImagechipsettedSyba4portcardfor30. If you remember my previous posts, I was surprised to find SW RAID to be a bit (10-20that I probably should have tried the SW RAID on a full 2TB array.

Well, you makes your choices and you takes your chances.

Currently, the 3dm2 SW is running and should be restarted with a reboot (commands to re-start are in /etc/init.d/local. Will test to be sure. The 3dm2 web interface can be gotten at sand:888 and the password for user (read-only) is ’3ware’. The admin password is about a coyote-resistant neighbor’s cat.

6.7.05 - noticed that the 3dm2 daemon was reverting to original settings on each reboot. It hadn’t written a config dir (/etc/3dm2.3dm2.conf) and so was losing the config. It also wasn’t complaining that it couldn’t do it, to stdout/err, to dmesg nor to syslog.

rsync backups: There is an rsync cron job in /etc/crond.daily/rsync.home2data that will rsync the /home dir (where the web site is, the local dir tree, an all user dirs, as well as some additional stuff) to the /data/home dir. It’s stored uncompressed, so we can squeeze a bit more data out of it if we want. The rsync is initiallized and tested and will write an entry into the syslog. excluded dirs/files can be entered in the file: /etc/rsync/sand.home2data.exclude, one per line. 6.7.05 - also rsyncing the web site to soot so it can be used as a backup server in case sand explodes again. Note that it is being owned as’hjm’ so it may have to be recursively chowned on soot, tho I think it will work fine

There is a /etc/init.d/local file that is responsible for starting a variety of local services - the license manager, the nco-bm benchmark server, makeing sure apache starts, mounting the /data dir, etc. It should be updated on a change with:

installed gnome as well for Dan. Just as well - kde has some issues with the kernel 2.6.11-1 SMP installed. extras include: libxml2-dev libxml2-doc libxml2-utils bonnie++ xosview tkdiff kompare kdesdk-doc-html ssh apcupsd guarddog vncserver synaptic ddd ddd-doc pydb glibc-doc gnuplot libqt3-dev tree nedit joe gnome

sand is now sitting behiind a pretty restrictive firewall so if things don’t work, that may be the reason. In fact, it was preventing the nco-bm server from getting data on udp port 29659 until guarddog was changed to address that issue.

also running ubuntu kernel 2.6.11-1 smp sort of successfully, but it kills the usb connectivity so apcupsd doesn’t see teh ups. And then it did... ANd then it didn’t. Then it did. Then it didn’t. Still to be resolved.

07-13-05 hjm - Now runnning 2.6.10-5-smp-k8 more or less successfully, een with the USB also upgraded all the KDE stuff, so now it appears to be running more stably. printing hint for remote use: kcmshell printmgr will bring up the KDE print manager in full.

DODS server on sand. The DODS server on sand is not a server at all, but just a series of cgi scripts that are active as soon as the apache server comes up. DODS urls are constructed as:

*this is the same across zender DODS servers

seasalt.ess.uci.edu = 128.200.14.39:
Dell Dimension T Minitower 800 MHz PIII
Arrived 20000615
System Service Tag DS8J10B
Express Service Code 300 055 479 95
Intel Pentium III (Coppermine) 800 MHz
256 MB RAM
40 GB Ultra ATA 7200 RPM with ATA 66 controller
NIC: 3Com EtherLink 10/100 PCI PCI For Complete PC Management (3c905c-TX)
Microsoft PS/2 Mouse (Intellipoint)
Promise Technology Inc. Ultra66 IDE Controller
Intel 82371AB/EB PCI Bus Master IDE Controller
120 MB Super disk, aka LS120
Sony 8X/4X/32X CD-RW drive

Linux 2.2.x kernels do not recognize the ATA66 controller, but patches and workarounds are available. HHPT366 HOWTO at http://www.csie.ntu.edu.tw/%7Eb6506063/hpt366/ UDMA Mini-HOWTO http://www.linuxdoc.org My solution was to plug the hard drive directly into the IDE controller on the motherboard and then install linux, i.e., I bypassed the ATA66 controller.

soot.ess.uci.edu = 128.200.14.98
Dell Precision Workstation 650n Minitower
Arrived Jan 23, 2003
Service Tag GC9L921
Express Service Code 35570219545
UCI Property #: 039003412
Dual Xeon 2.8GHz
2 GB RAM
hjm: 4.11.05 - added ”/etc/init.d/httpd restart” to /etc/rc.local to restart web server on reboot.

Change Preferences->Advanced->Proxies->Automatic proxy configuration to

9.17.1 Firefox

Disable popup windows by adding the following line to user.js:

Do not modify prefs.js directly since it is automatically overwritten on shutdown and thus custom changes are not persistent.

9.18 Create krein disk structure

9.19 NFS export

One may use the network file system (NFS) to mount or export directories across the network. To export local disks to a host, edit the exports file, e.g., /etc/exports.

If remote host needs root access (root on remote machine has root privilage on the disks), add the hostname behind the root= chain. Otherwise add the host behind the -access= chain. If not sure which one you want then add the system to -access=. Note that the host separator is :.

Details of managing setup are described in excellent NFS-HOWTO http://www.linux.org/docs/ldp/howto/NFS-HOWTO. It is easy to export the disks on an already running filesystem. First make sure that the NFS daemon, nfsd, is running. Then make sure the NFS lock daemon, nfslock, is running. exportfs:

By default, NFS exports filesystems with a feature called root-squashing enabled. With root-squashing enabled, processes do not maintain root priveleges when writing to an NFS-exported partition on a different machine. This is a useful security measure, but plays hell with poor man’s cron scripts that backup files across machines. To override root-squashing, use the no_root_squash option in the exports file.

To export NFS filesystems securely, update hosts.allow and hosts.deny as appropriate. In particular, hosts.allow must allow access to all machines that request INET services from a machine with NFS-mounted home directories. To restrict INET services to specific hosts use, e.g.,

To allow INET services to all hosts use, e.g.,

To restrict INET services to all hosts use, e.g.,

This may prevent errors revealed by gconf-sanity-check-1:

9.20 NFS mount these disks on local machine:

Here are the mountpoints to use on lanina when mounting the central fileserver partitions at NCAR:

Once these mountpoints exist, the machine is on the NCAR network, and the mount options are listed in the /etc/fstab file, the partitions may be mounted with the following commands:

Note that the partitions should not be automatically mounted at boot time since usually the laptop is not directly on the NCAR network. The noauto option to mount accomplishes this. Thus the appropriate fstab entries are

When disconnecting the laptop from the network, it is best to umount these partitions so that the NFS-related daemons do not waste time looking for them when the laptop is turned on again somewhere off the network.

Here are the mountpoints on krein:

Create mountpoints on local machine (e.g., dust.ess.uci.edu):

Add mount commands to /etc/fstab:

Mount these partitions interactively the first time:

Create softlinks on local machine (e.g., dust.ess.uci.edu) so these directories may be accessed identically on krein and on local machine

1. Disk dks9d2s0 is for match runs /BIAN/match,
2. Disk dks9d3s0 is for match runs /ZENDER/match
3. Disk dks9d4s0 is for NCEP data /DSS
4. Disk dks9d5s0 is for boundary data $DATA/data, diagnostics $DATA/dgn, $DATA/aca, $DATA/map, and csm runs /ZENDER/csm and all run directories /data/zender/match, /data/zender/csm

9.21 Install sudo

As root, install sudo

The sudo command has some subtle problems. First, sudo does not alter HOME. To execute commands with HOME changed to the target user, i.e., root, invoke sudo with -H /root but does not change

Second, sudo carries the user’s environment with it. Often it is desirable to see a command executed exactly as it would be if it were being execture from a root login shell.

Some GNU/Linux distributions, such as Ubuntu ¹, do not enable the root account by default. Instead, Ubuntu expects the first user created to use sudo to perform administrative tasks. In such situations, it may be useful to create a shell with root privileges

Another option is to enable the root accounta

hjm - 08-18-05 I’ve had a continuing problem with sand periodically complaining about my .ICEauthority and .Xauthority files being screwed up and then refusing to let me log in on the console. This may not affect you two too much as you probably never use GUI tools to admin the system, but I do and this is the reason.

Since sand has no root user, it manipulates the user’s .Xauthority to enable X to open displays. That changes the permission of the file and thus prohibits a console login because xdm needs to write to that file.

So if you use an X app as root, you will need to explicitly change the permissions on these files before you will be able to log in.

I’ve added the following into my .alias file which fixes (but does not solve) the problem:

alias chice=”sudo chown hjm.cgdcsm /home/hjm/.ICEauthority /home/hjm/.Xauthority”

9.22 Install IDL and PGI

Intel recently purchased Kai software and is now distributing their compilers for Linux.

Select the “non-commercial unsupported software” for Linux, not the free evaluation software. The Intel compilers are OpenMP-compliant. The Fortran and C+ + compiler work fine on RedHat 7.2. Only the OpenMP features of the C+ + compiler seems not to work. Serial numbers of icc and ifc are 1110-19809410 and 1130-70846464, respectively. Intel compiler support questions go to pto.support@intel.com.

We bought Lahey 6.1 Pro fortran compiler serial number LP072528. Technical support is support@lahey.com.

My PGI PINs are 109584 (dust), 502421 (seasalt), and 508553 (sand). Download releases from PGI website at http://www.pgroup.com/downloads. Generate permanent licenses keys using personalized account on the PGI website at http://www.pgroup.com/pgilogin.htm Username pn109584 and Password Mall!21 (dust). Username pn502421 and Password Teen:28 (seasalt), Username pn508553 and Password Jane&40 (sand). Updating PGI license keys. To learn the FLEXlm-style hostid of the system, execute

For lanina, this results in 0010a4081231 For seasalt, this results in 0001031c5c7f For seasalt, this results in 00d0680399a4 PGI-style hostids do not require a license daemon, but are locked to the username that installed the compilers, and to the hardware configuration in existence when the compilers were installed. The PGI-style hostid can be found by running the command

The host ID must match that in the license file.

To copy files from dust to other machines, e.g., lanina:

Add the following to .bashrc:

PGI Fortran may not run on lanina unless LM_LICENSE_FILE is undefined with unset LM_LICENSE_FILE. This is because any licenses specified in LM_LICENSE_FILE appear to override searching for PGI-style node-locked licenses first. Since LM_LICENSE_FILE must be defined to allow network access to the IDL software, this means it will be difficult if not impossible to get PGI and IDL both working on lanina at the same time.

To remove a checked out license use the lmremove option to the lmutil command.

The argument to lmremove were obtained from the lmstat -a command, which is now obsolete. Instead give sub-commands arguments directly to lmutil, e.g.,

9.22.1 PGI on sand

So that any system user may run the software, we create a FlexLM license daemon /etc/init.d/pgi-lmgrd. A corresponding user, flexlm, runs this daemon.

The server’s hostname configuration is very important. When the hostname changes then update the license file accordingly.

9.23 PCMCIA

Customize in /etc/pcmcia if neccessary. For RedHat systems, read Section 2.5.2 (p. 12) of PCMCIA HOWTO
As recommended, delete (or comment out) contents of default
/etc/pcmcia/network.opts
and replace with script given in HOWTO
This fix enables ethernet connections on power-up
Alternatively, I modified /etc/pcmcia/network with two suggestions from PCMCIA Xircom Hypermail list, but, as stated in the HOWTO,
RedHat may not actually run this script.
JWZ has similiar card and uses three commands

9.24 Building new kernel

Before building kernel make sure default compiler is known to build stable kernels. For RedHat 7.0 systems use kgcc not gcc. New kernel (2.2.18+) Makefiles do this automatically, but just in case do this as root export CC=/usr/bin/kgcc. For guaranteed kernel stability, GCC version 2.95 is recommended. export CC=/usr/bin/gcc-2.95. Finally, the System.map file must be copied along with the kernel.

I like the make xconfig method. It is very clean and allows storing and retrieving configuration files. By default, the configuration file is saved as .config in the top-level make directory. Save a visible version of the configuration file as, e.g., /home/zender/linux/usr/src/linux/config.lanina.2.4.23.20010322 or config.lanina.2.4.23.20010322 and then cp /usr/src/linux/config.lanina.2.4.23.20010322 /home/zender/linux/usr/src/linux Specific configuration options which are not the default must be set.

1. Block Devices: CONFIG_BLK_DEV_IDEFLOPPY for LS-120/Iomega Zip support.
2. Sound: CONFIG_SOUND_MAESTRO for Lanina soundcard
3. Networking Options: for IEEE 1394/Firewire
4. IrDA (infrared) support: CONFIG_IRDA
5. USB support: Various. Important for futurre goodies like mouse, joystick...
6. Character devices: CONFIG_PRINTER
7. Filesystems: CONFIG_FAT_FS, CONFIG_VFAT_FS for MS Windows filesystem support

The sysctl command allows one to print (and set) kernel parameters at runtime. The Procfs file system which displays /proc/sys is required for sysctl to work.

9.25 LILO configuration

The LILO (linux loader) system is a venerable method of loading Linux which has lately been superceded by GRUB. One problem with the LILO method is that the lilo command must be run after installing a kernel and prior to rebooting the machine. If it is necessary to rescue a machine that boots with LILO, one must construct rather complex lilo commands to synchronize the system.

When updating the kernel, make the old, working image available as a backup.

lilo.conf must specify the linear keyword to boot off a SCSI disk (e.g., dirt.ess.uci.edu).

9.26 Restarting daemons

Send HUP (hangup) signal to process:

Restart daemon manually:

Use alias:

9.27 Monitor Kernel Startup

Trace with the kernel startup with dmesg. This command prints /var/log/dmesg.

9.28 Strip downloaded text files of DOS linefeeds

There are three different systems used for representing the end of the line in text files. MS Windows uses ASCII CR/LF, Macintosh uses CR, and Unix uses LF as end-of-line characters. To convert from Windows to Unix, use the tr command to strip the file of the excess carriage-returns:

To convert from Unix to Windows, insert carriage-returns in front of line-feeds:

FTP servers attempt to handle these translations automatically when text mode is selected.

The end-of-line convention is (part of what is) known in Emacs as the encoding. Files written with the DOS-encoding convention may be reset to the Unix convention within Emacs using

9.29 Installing Debian

Useful mailing list debian-user@lists.debian.org http://www.debian.org/MailingLists

A few packages cause many warnings when upgrading Debian. These include kbuildsycoca and kio. What causes these warnings?

Commands to set up a basic scientific computing environment

9.30 SWAMP

Files end up on pbs.ess.uci.edu in local directory /misc/bulk/swamp. Files exported from ESMF land in /misc/bulk/swamp/esmf/zender. SWAMP scripts root files at the machine name level, e.g., SWAMP sees /misc/bulk/swamp/esmf/zender/sncpd10 as /esmf/zender/sncpd10.

9.31 Recreating Server Files

Server port to leave open when registering over UCInet.

When the system goes down and takes the /etc partition with it, the system services must be re-installed from scratch.

9.32 i8500s

Inspiron 8500

9.33 Images

Images refers to all still images, including JPEG, tiff, etc. The best program to use for viewing images depends on your intent. For image processing, use gimp. For slideshows of raster images, use gimp.

9.33.1 Gimp

The gimp program is excellent for viewing and editing images. However, it has now slideshow capabilities.

9.33.2 KView

9.33.3 Kuickshow

Kuickshow is a very fine tool with excellent preview and slieshow modes. In preview mode, just click on a filename and keep hitting Pg Dn to see new pictures. The slideshow mode has an appropriate delay betweeen slides. Remember to de-activate power-saving and screen-blanking before expecting the slideshow to continue unattended.

9.34 CDs

Compact Disks (CDs) store up to 700 MB. Formatting and writing data to the CD, known as burning, is not always straightforward with Linux. The program cdbakeoven has an intuitive interface. It provides continuous real-time status reports during burning, and sometimes works when K3b fails. On sand.ess.uci.edu, K3b tends to fail yet cdbakeoven works. On elnino.ess.uci.edu, K3b tends to work and cdbakeoven fails.

The KDE CD/DVD-burning utility is called K3b. It automatically loads when it detects a blank CD in a writable drive. However, K3b does not have a completion meter and just hangs when it fails to burn CDs (at least under SuSE. This is annoying because one does not know whether the program is working, and how long until completion.

9.35 DVDs

I use xine and mplayer to play DVDs. Due to legal concerns, few Linux distributions automatically install DeCSS, the pre-requisite library for decrypting DVDs. Multimedia software works with media resource locators (MRLs). MRLs are similar to URLs with media-like protocols. Most audio/video players do not allow direct control of volume, perhaps because the computer speakers are a shared resource. Hence it is wise to start the audio controls before the video player. Kmix is a fine audio controller to use.

9.35.1 MPlayer

MPlayer accepts many of the same commands that work with Xine:

Mplayer has difficulty with full-screen mode.

9.35.2 dvdrip

9.35.3 Xine

Xine accepts many of the same commands that work with Mplayer:

Xine provides trouble-free operation in full-screen mode.

Make sure the DVD is in the drive an mounted

xine generates lots of warning messages:

Adobe’s Flash is a popular format for video.

Run xine as root until permissions are straightened out.

9.36 Network

Linksys Etherfast 10/100 hub

netstat -rn: BuH98 p. 177
Destination 0.0.0.0 is default destination of all datagrams not explicitly
routed elsewhere
Flags: U = Route is Up or Usable, G = Route uses a gateway, H = Route targets a host

Sometimes connectivity to a host or a subnet can be lost when a static route gets stuck in the routing table. This has happened twice in the past when system administrators log into lanina and manipulate the routing table. In such cases, the static route must be manually removed from the routing table as follows. Assuming 128.200.14.0 is unreachable,

ifconfig -a:

9.37 Kernel Modules

Modules may be listed with the lsmod command, inserted with insmod, probed with modprobe, or removed with rmmod.

Occasionally it is necessary to insert standalone kernel modules.

9.38 Change network topology

Linux Network (BuH98) p. 138, Linux Bible p. 374 Following scenarios include possibly superfluous commands to shut down eth0:1. If eth0:1 is not shutdown and is running, route table may be bad. Machine which runs PPP (calls ISP) tries to set default route to ppp0 interface. If default route (0.0.0.0) on PPP host is preset to eth0, PPP fails doing this Hence unset and preset eth0 default route on PPP host before ydialing

On RedHat systems, the key networking information is kept in /etc/sysconfig/network and in /etc/sysconfig/network-scripts/ifcfg-eth0. Things such as GATEWAY, NETMASK, must be set correctly in these files. These files are easiest to change by hand.

1. dakine is PPP dialin host and gateway for home LAN Execute following commands on lanina:
   # Delete existing Ethernet interface(s), if any  
   /sbin/ifconfig eth0 down  
   /sbin/ifconfig eth0:1 down  
   /sbin/ifconfig eth0 lanina.zender.org # Connect IP address with Ethernet interface  
   # Add entry to kernel routing table which directs all datagrams to any host on network 192.168.1.0 to Ethernet interface fxm: gives error: SIOCADDRT: Invalid argument  
   /sbin/route add -net 192.168.1.0  
   # Route to gateway host all datagrams bound for hosts outside intranet  
   # fxm: "metric 1" argument appears necessary  
   /sbin/route add default gw 192.168.1.1 metric 1  
   # Execute following commands on dakine  
   /sbin/ifconfig eth0 down  
   /sbin/ifconfig eth0:1 down  
   /sbin/ifconfig eth0 dakine.zender.org # Connect IP address with Ethernet interface  
   # Ensure default route interface is not preset to eth0 before dialing  
   /sbin/route del default gw 192.168.1.1 metric 1  
   ppp-go  
   /etc/ppp/chain start # Turn on IP masquerading

2. lanina is PPP dialin host and gateway for home LAN
   # Execute following commands on lanina  
   # Delete existing Ethernet interface(s), if any  
   hostname lanina.zender.org  
   hostname -i -v  
   /sbin/ifconfig eth0 down  
   /sbin/ifconfig eth0:1 down  
   # Ensure default route interface is not preset to eth0 before dialing  
   /sbin/route del default gw 192.168.1.1 metric 1  
   ppp-go  
   /sbin/ifconfig eth0 lanina.zender.org # Connect IP address with Ethernet interface  
   /etc/ppp/chain start # Turn on IP masquerading  
   # Execute following commands on dakine  
   # Point dakine to lanina gateway  
   /sbin/ifconfig eth0 down  
   /sbin/ifconfig eth0 dakine.zender.org  
   # Route to gateway host all datagrams bound for hosts outside intranet  
   # fxm: "metric 1" argument appears necessary  
   /sbin/route add default gw 192.168.1.2 metric 1

   These commands plus some other goodies (clock synchronization) are executed by the lanina.sh script.

3. lanina is fixed IP (lanina.ess.uci.edu) running Linux
   # Execute following commands on lanina  
   # This topology setup works, but lanina does not resolve names on local network:  
   # ssh dust.ess.uci.edu works but ssh dust does not  
   hostname lanina.ess.uci.edu  
   hostname -i -v  
   /sbin/ifconfig eth0 down  
   /sbin/ifconfig eth0:1 down  
   #/sbin/ifconfig eth0 lanina.zender.org # Connect IP address with Ethernet interface  
   /sbin/ifconfig eth0 inet 128.200.14.80 # Connect IP address with Ethernet interface  
   /sbin/ifconfig eth0 netmask 255.255.0.0 broadcast 128.200.14.255  
   # Creating eth0:1 puts potentially troublesome entries in route table  
   # These entries may cause problems when machine is again connected to home network  
   #/sbin/ifconfig eth0:1 lanina.ess.uci.edu # Connect IP address with Ethernet interface  
   # Route to gateway host all datagrams bound for hosts outside intranet  
   # fxm: "metric 1" argument appears necessary  
   /sbin/route add default gw 128.200.14.1 metric 1

4. elnino is wireless on Harry’s Earthlink.net DSL network. elnino uses eth0 for wired connection and eth1 for wireless.
5. lanina is wireless on Harry’s Cox DSL network Make sure /etc/resolv.conf contains the cox.net nameserver:
   nameserver 68.4.16.25  
   nameserver 68.2.16.30  
   nameserver 68.5.16.30

   lanina is 192.168.1.73 on Harry’s network. elnino is 192.168.1.74 on Harry’s network. ashes is 192.168.1.75 on Harry’s network. Harry’s router is 192.168.1.1. Following lines switch lanina to work on wireless network:

   /sbin/ifconfig eth0 down  
   sleep 1  
   /sbin/ifconfig eth0 add address 192.168.1.73 add netmask 255.255.255.0  
   /sbin/route add default gw  192.168.1.1

   These commands plus some other goodies (clock synchronization) are executed by the harry.sh script.

Harry’s DSL server, moon, is assigned a “permanent” IP address by cox.net. Since I masquerade as moon, it may be useful to try to display X programs from other machines on my laptop.

moon is visible to the internet, but mine is not since all IP packets are masquerading as Harry’s machine. Hence two consecutive SSH’s are required unless moon is contacted on port 261. This port forwards SSH requests directly to elnino’s DHCP address of 192.168.1.226

bonk’s network sometimes gets into strange states which dramatically reduce network speed. If you suspect this might be the case, log into bonk and do a

If it shows errors, alert Harry. The fix is often simply a quick ifdown/ifup cycle. NCAR standard for routers on each subnet is 128.117.xxx.251. CGD router is 128.117.22.251 or 128.117.24.251. The default gateway should be the router The default nameserver (in resolv.conf) should be bearmtn = 128.117.24.2.

9.39 T-Mobile G1 “Gphone” Cell Phone

9.40 LGGE

The external web homepage at the Laboratoire de Glaciologie Géophysique de l’Environnement (LGGE) in Grenoble, France is http://www-lgge.ujf-grenoble.fr/eng. LGGE is cordoned off by a firewall. The outside-facing LGGE SSH server is triolet.obs.ujf-grenoble.fr. The two-step hop to log into ashes from outside the LGGE firewall is

The automatic proxy configuration file for accessing the web via a browser inside the firewall is

The internal LGGE homepage is http://www (yes, you read that correctly). The LGGE homepage for Linux is: http://lgge-pc240 and for printer configuration is http://lgge-pc240:631/printers. My USA/UCI printer configuration file is in /etc/cups/cupsd.conf.bak.

LGGE supports NFS-mounting the Linux partitions on lgge-pc240:

Pour imprimer partir du poste linux: imprimante Noir et Blanc HP laserjet 4250 au 1er tage couloir (format papier A4 recto/verso-duplex): 192.168.101.39 Photocopieuse Canon 3570 deuxieme tage salle reprographie: (format A4 et A3 recto/verso-duplex): 192.168.101.36

Imprimante couleur: Dell 3110CN deuxieme tage salle reprographie: (format A4 recto/verso-duplex): 192.168.101.42

9.41 Router

Whistlernet routers: Linksys Wireless-G router WRT54G Install HyperWRT Linux router distribution from http://www/hyperwrt.org.

1. Connect ethernet of laptop to router
2. Log into router. Login,password when shipped is admin,admin
3. Destination is http://192.168.1.1
4. Router Name is zender-WRT54G
5. Local Address is 192.168.1.5
6. Internet Address is 192.168.1.6
7. Subnet Mask is 255.255.255.0
8. Enable DHCP server
9. Starting IP address: 192.168.1.160
10. Ending IP address: 192.168.1.179
11. Static DNS: 128.200.1.201, 64.4.16.25,
12. Router password: dakinenet
13. Wireless Network Name (SSID): zendernet
14. Setup to use MAC-based filtering
15. Startup script for each router to bond to eachother:
    /usr/sbin/wl lazywds 0  
    # Give Mangonet MAC to zendernet  
    /usr/sbin/wl ws 00:0F:66:8E:B6:D2

9.42 Sound

Audio can be one of the most pleasant features of a computer, or its most annoying. Usually Linux does recognize the special keys many keyboard manufacturers have added to automatically control audio features. In public places such as planes, meetings, and libraries, it is often very desirable to turn off not just the sound server, but all audio beeps. For this purpose, the xset command does very nicely:

http://aries17.uwaterloo.ca/~dmg/brick suggests adding

to /etc/conf.modules for Dell Inspiron 7500.

Sometimes the sound device gets controlled by processes that do not play well with others. One symptom of this is when amarok complains that the sound device “is unavailable”. When this occurs, try to kill the errant processes revealed to be controlling the sound device. To find those processes, follow these steps:

1. Open the system monitor: System-¿Administration-¿System Monitor
2. Open in the menu: Monitor-¿Search for open files
3. In the text box, enter: /dev/snd/* then click on Find

On 20080325, kpdf, of all things, was responsible for stealing the sound outputs.

9.43 dakine = msw, lanina = linux

List dakine msw shares accessible via Samba on lanina lanina: smbclient -L dakine Work interactively in FTP-like environment with msw shares lanina: smbclient \\dakine\home Ability to browse Linux from Windows is determined by /etc/smb.conf:

Specifically, you must set up encrypted passwords by using the line ”encrypt passwords = yes” in your smb.conf file, and you must create an appropriate smbpasswd file

9.44 DHCP

Dynamic Host Configuration Protocol allows computers to configure as an Internet node without a static IP address. DHCP clients receive their IP address from the DHCP server. The network configuration files must be altered to enable DHCP. On Debian systems, this is configured in /etc/network/interfaces with a line for the appropriate interface. For example, to configure eth0 (usually the wired ethernet connection) for DHCP, use

The pump command may work when DHCP does not.

Note, however, that pump may corrupt the ARP table (Section 9.46).

9.45 Wireless

Wireless is a PITA. Logging into wireless access in Starbuck’s cafe Barcelona.

The Intel ipw3945 driver does not automatically associate with the best quality network available, e.g., from multiple UCInet access points. You may configure a wireless interface to try access points in a certain order specified in file /etc/wpa_supplicant.conf, e.g.,

9.46 ARP Address Resolution Protocol

The Address Resolution Protocol (ARP) table maps ethernet addresses to IP addresses. Examine the ARP table contents (BuH98 p. 173) with

Sometimes the ARP table contains duplicate or ill-defined entries. For example, pump may corrupt the ARP table. One symptom of this is when ssh to a working host fails with, e.g.:

When this occurs, the first thing to check is that the sshd daemon is installed and running. Many security-conscious operating systems ship by default with very few services running. Another cause of this message is incorrect network configuration. The suspect device is eth0 or eth1. Ensure that only one Ethernet device is configured. The best solution is to remove the offending entry:

A simple but dangerous fix is to bring down (and then up) the offending device. This does not work remotely since the machine will be off the network.

ssh and scp will also fail with the error

when the sshd server is not running. To check whether sshd is running, use ps. To check wheter port 22 is open for SSH connections, use the nmap command:

9.47 Power

A helpful primer on reducing power usage by Linux is at http://www.lesswatts.org/tips/disks.php.

The Intel powertop command gives useful hints to reduce laptop power usage. Suggestions (for neige and virga) have included:

Applying these suggestions reduce power usage on virga by 10 W!

9.48 Hibernate

Laptops these days have various power consumption options controlled by the Linux Advanced Configuration and Power Interface (ACPI). The states are standby, suspend, and hibernate. The standby action causes the screen to go blank. The suspend action invokes ACPI state S3, aka suspend-to-RAM. According to linux.com, “everything in the system enters a low-power state except for RAM, which consumes a small amount of power in order to retain its contents, so that upon resuming, everything is loaded back from the memory and all running applications are restored immediately.” According to the article, the following should be in the device section of xorg.conf:

The suspend action may be invoked by, e.g., the suspend.sh script in the article.

The hibernate action saves the state to disk and powers down. According to linux.com, hibernate is also known as ACPI State S4 or suspend-to-disk. On reboot, the kernel senses that a saved state is available and reloads it.

Experimented with ACPI on Ubuntu 6.06 LTS on 20060604 by connecting the actions to the lid shut button action. Results follow. Suspend on ashes: blanks screen and turns off wireless. With nv driver, lid-up restores without problems except must manually restart wireless interface. With nvidia driver, lid-up get that black melty look and must manually re-boot. Also, both nv and nvidia driver intermittently (after a few hours) may reboot on ashes. This may indicate an xorg.conf problem. However nv driver seems to have problems with translucency. In fact, translucency could be a problem with nvidia as well.

Hibernate on ashes: With nv driver, saves session to disk and powers down. Session restores correctly on re-boot, except must manually restart wireless interface. With Nvidia driver, nothing happens—no shut down at all.

Suspend …on virga: works perfectly with suspend.sh! Hibernate …on virga works perfectly after modifying xorg.conf to allow session restores. Only checked virga with NVidia driver, not sure if suspend and hibernate work on virga with nv driver.

The i8kutils package provides a number of Inspiron-specific control commands including i8kmon, i8kctl, i8kbuttons. These appear to work when the kernel has loaded the i8k kernel module, e.g., with

The gkrellm utility will graphically display output from the i8kutils package.

See here for more details.

This thread https://launchpad.net/distros/ubuntu/+source/util-linux/+bug/66637 describes how to fix broken swap partitions with Ubuntu Edgy.

1. Determine your swap with fdisk -l
2. Run mkswap on your swap partition and record the output UUID.
3. Put this UUID into fstab.
4. Put RESUME=UUID=<the-swap-partition-uuid-from-vol_ID into /etc/initramfs-tools/conf.d/resume
5. Run update-initramfs -u
6. Reboot normally after this finishes
7. Run swapon -s to check if your swap is active.
8. Run ls -la /dev/disk/by-uuid/

Do not change any symlinks. Just try these instructions.

9.49 PCMCIA

Get rid of annoying beep when PCMCIA is inserted Add to /etc/sysconfig/pcmcia:

Use cardctl to notify system of PCMCIA card status changes. To suspend, eject, or resume the card, use

To restart the entire pcmcia subsystem, or to remove the eth0 interface, use

To trace shell execution use, e.g.,

9.50 core dumps

RH6.1 default /etc/profile uses the ulimit command to limit size of core files with ulimit -c 1000000. This causes an error on telnet logins so comment it out.

9.51 Printing

RedHat causes spool directories in /var/spool/lpd to be owned by root with group lp. If this is not the case then printing may fail with permission denied errors comp.os.linux.setup suggested adding to /etc/conf.modules

This appears to fix printer queue “permission denied” errors on dakine But this is untested on lanina, which has given parport errors on bootup in the past.

If lanina is booted up unconnected to the printer, and then the printer is connected later and printing is attempted, an error may result such as 2000-12-30-17:13:18.388 Get_local_host: hostname 'lanina.zender.org' bad. When this occurs printing will fail and restarting the print daemon will also fail. The solution is simply to rename the machine, e.g., sudo hostname lanina and then restart the printer daemon and then printing should succeed.

9.51.1 CUPS

CUPS is the Common Unix Printing System. Configure CUPS by pointing a web browser to http://localhost:631. The HP4600 network color laser printer is configured to accept IPP as http://hp4600.ess.uci.edu:631/ipp/port1. The HP4350 network laser printer is configured to accept IPP http://192.168.14.2:631/ipp/port1. The Tek850 color printer is tek850.ess.uci.edu = 128.200.24.133. The HP6840 color printer is hp6840.ess.uci.edu = 128.200.24.134. The most informative site for printing on Linux is http://www.linuxprinting.org. They sponsor a newsgroup with an email gateway for virtually all types of printer, especially HP printers. Web Portal to HP printers may be useful.

Enabling extra printers in OpenOffice.org

The Xerox Phaser 4500 printer is set up as

On 20061108, ESS installed a new printer for faculty on a private network. This requires modifying the interfaces file to start a new interface solely for this printer.

Printing protocols may be enabled and disabled by firewall controls on particular ports. On Debian-compatible GNU/Linux systems with 2.6 Kernels, the firewall is built with iptables. The iptables rules are set in /etc/rc.firewall.

Under Debian, use the guarddog program to configure firewalls. At a minimum, allow these protocols: DNS, FTP, HTTPS, HTTP, IPP, NNTP, NTP, POP3, Ping, rsync, SMTP, SSH, VNC. Systems without these protocols set will not behave well. License daemons on other monstrosities will usually need to be configured by hand. For instance, the IDL license daemon wants to send and receive TCP packets on port 1700. This must be defined as a new “User Defined” protocol under “Advanced Settings” and then manually enabled in all intervening network zones.

9.52 Virtual Memory

When compiling large programs like mie.cc, g++ may fail with an error like “virtual memory exhausted”. This may be due to having to small a swap partition. To see system parameters use ulimit, e.g., ulimit -a. According to Linus, the size of the swap partition should be twice the amount of RAM, see §9.75. Here is an untested way to use a swapfile instead of repartitioning:

9.53 tramp.el

Tramp stands for “Transparent Remote (file) Access, Multiple Protocol”. It a most excellent Emacs extension which facilitates editing files on remote machines in a local emacs session, using ssh, rcp, or any number of other protocols to transfer edits to the remote machine. Checkout tramp from the SourceForge archive:

Here are Tramp formats that appear to work:

Yes, Tramp does expand ~ correctly (i.e., on the remote machine). This section falls out of date quickly. Tramp filename conventions have changed at least three times in three years.

9.54 RPM packages in /usr that were installed (and may need to be uninstalled or reinstalled) by hand:

9.54.1 IPCC and PBS configuration

The IPCC and PBS clusters, ipcc.ess.uci.edu and pbs.ess.uci.edu, run Rocks. Rocks-based clusters use the Community Enterprise Operating System, CentOS, a re-packaged version version of RHEL. CentOS is an RPM-based system. Copies of CentOS are kept on the system so that new RPMs may be easily installed.

Rocks names compute nodes in a 1-based enumerated format so a 26-compute node cluster has nodes:

Some IPCC compute nodes are loaded by the Medium Performance Cluster (MPC). MPC names compute nodes in a 1-based enumerated format so a 26-compute node cluster has nodes:

Each node is, by default, accessible via ssh. The top command shows the load on all processors in the line labeled “Cpu(s)” (near line 3). This mode presents statistics as a fraction of total available resources for all CPUs so that full usage of 1 CPU on a dual CPU system shows up as ~ 50% user usage, and ~ 50% idle. The load average (uppermost line), on the otherhand, is shown as a fraction of maximum load for one CPU.

Pressing 1 while top is running toggles the presentation mode between a single-line “Cpu(s)” summary and multiple lines of per-CPU summaries. The load average in the top-most line approaches N when an N-processor node is fully utilized, e.g., about 4.0 for a quad-CPU system. The free and xosview commands are also useful at monitoring system usage.

The PBS batch queuing system may be interrogated with a number of commands such as pbsnodes

Running (and killing) MPI jobs can leave clusters with un-released resources such as shared-memory allocations and shared semaphores. This unclean state may block further MPI execution. To clean up the leftover state, use Inter-Process Communication (IPC) management commands such as ipcs:

As its name implies, cluster-fork issues its argument as a command to all cluster nodes.

9.54.2 GPG: GNU Privacy Guard

The OpenPGP standard defines the cryptographic authentication protocol that gpg implements.

See https://help.ubuntu.com/community/GnuPrivacyGuardHowto for GPG suggestions.

9.54.3 Building RPMs

9.54.4 RPM commands

The RedHat Package Manager (RPM) is used to maintain sources and binaries on a wide variety of Linux systems. The packages, so-called RPMs, are manipulated with the rpm command.

9.54.5 APT commands

The Debian package manager is called APT, Advanced Package Tool. Debian packages, so-called .deb’s (“dot debs”), are manipulated with the apt command.

9.55 Required software

required software Following is a list of scientific software required for research/teaching. Most of these packages are installed by default with standard and/or “power” GNU/Linux distributions, such as Debian and RedHat. Since these are free (as in no-cost) software packages, it is easiest if they are all installed on all machines, i.e., no differences between servers and clients. Binaries and libraries should be installed in /usr when the package is (or is indistinct from one) supplied with the base operating system. Software not available in native pre-compiled package format should be installed in /usr/local by default. This avoids pathname proliferation. This is true of most .debs and RPMs, for example. When any administrative intervention is required, the package is best installed in /usr/local. For this reason, it is wise to back-up /usr/local and unnecessary to back-up /usr. Packages which have up-to-date pre-compiled binaries for most Linux distributions:

1. ANTLR
2. Autoconf
3. Autoheader
4. Automake
5. Bash
6. Bison
7. CVS
8. DDD
9. Emacs
10. Flex
11. GCC
12. GDB
13. GSL
14. Gettext
15. Ghostscript
16. Ghostview
17. Gnuplot
18. Gzip
19. Libtool
20. M4
21. Make
22. Octave (Matlab clone)
23. Perl (must be executable as /usr/bin/perl)
24. R (S+ clone)
25. Subversion
26. Tar
27. wget
28. ldd
29. locate

Packages which may not have up-to-date pre-compiled binaries for many Linux distributions:

1. Adobe: Acroread
2. Intel: Fortran 95 and C++ compilers
3. Java runtime environment
4. HDF: HDF 1.8.1+
5. MPI: MPICH2
6. NCAR: NCAR Graphics and NCL
7. Sourceforge: NCO
8. UCSD: Ncview
9. Unidata: netCDF 4.0+, UDUnits

9.56 Packages installed in /usr/local (some RPM, some *.tgz, some proprietary):

DODS Distributed Oceanographic Data System dx IBM Data explorer hdf Hierarchical Data Format gnuplot Gnuplot (for DDD) java Java ncBrowse ncBrowse 1.2.1 ncarg NCAR graphics pgi PGI Fortran rsi Research Systems International Interactive Data Language (IDL) udunits Unidata units conversion package

9.57 NCO and patches

Updating NCO with patches: The only difficult thing about patches is remembering the switches used to create and apply them.

I have simplified remembering the last command by adding lis patch=’patch -p0’* to my .bashrc file. When patches go wrong they can be unapplied with

9.58 Skype

The UCI VoIP FAQ is here.

Skype is an application which allows free IP-based telephony between registered users. The skype program package for Debian is at http://www.skype.com/download/skype/linux. Once registered, simply start skype from a console.

Inspiron 9400 users have found that the audio captured via microphone (plugged into the external jack) is almost inaudible on playback. One solution is use the command-line alsamixer program to set the “Capture” recording level to 75/75. Apparently the 9400 uses the microphone input for dual purposes and this may eventually be sorted out by software.

Ekiga is another program that uses VoIP. My ekiga address is sip:zender@ekiga.net. Ekiga is supposed to work with cameras like my Logitech QuickCam Pro for Notebooks. This camera works with Ubuntu “out-of-the-box” if one selects the v4l2 driver. Otherwise, compile and install the driver yourself with:

9.59 Installing RedHat Linux

Get following non-default packages: Disk 1: openssh-server ElectricFence X100dpifonts DisXk 2: sudo xsanegimp Powertools: ddd openmotif openmotif-devel acroread dxpc octave blas lapack Other: gsl, RealPlayer, abisuite, HDF Do not install netcdf RPM as it is built with double-underscore versions of all Fortran functions.

9.59.1 Updating RedHat Linux with latest patches

Read UCI instructions at http://www.dcslib.uci.edu/linux/index.html. Script is installed as /usr/local/bin/uci_dcs_lnx_pch.pl. Replace “7.0” and “i386” with appropriate version and architecture information below, then run as root The kernal packages and C library are stored in CPU-specific directories for maximum performance. Update these directories first, e.g., i686 instead of i386. Then update the rest of the packages.

When a large number of simultaneous updates are required to patch a system, the command rpm -Fhv ⋆.rpm may not work. In this case, break the task down into smaller tasks for rpm, e.g.,

Another option is to install the RedHat Rawhide distribution. This distribution is available from ftp://ftp.redhat.com/pub/redhat/linux/rawhide/i386. A useful, comprehensive list of distributions is maintained at http://distrowatch.com.

9.59.2 Upgrading RedHat Linux

For network upgrades and installs, you must first create a bootnet.img floppy to install from, and then specify the network address of the RedHat FTP repository.

9.60 Debugging

Debugging is an art as much as anything. A list of debugging methods sorted by past efficacy is

1. Compile programs on different platforms. One compiler may notice errors that another compiler does not report. SGI compilers are especially good at finding errors.
2. Compile with bounds checking if possible
3. Run with MALLOC_CHECK_=1 in environment
4. Link to memory debugging libraries like Electric Fence ftp://ftp.perens.com/pub/ElectricFence or dmalloc ( http://dmalloc.com).
5. Be sure that the shell has enough resources (e.g., memory) to run the program or the crash may be especially mysterious. This can involve using the ulimit command, e.g., ulimit -s unlimited. However, this command may require special permissions to execute.
6. When all else fails, use a symbolic debugger like DDD/gdb (§9.62).

The Electric Fence debugger works very well cith C-language programs. However, Electric Fence may hinder debugging C+ + programs. C+ + programs linked to the Electric Fence library (libefence.a) may generate obscure errors within DDD/GDB such as libpthread.so.0: cannot load shared object file: Cannot allocate memory. If this occurs, simply compile the program without -lefence before loading into GDB.

Once bugs have been found and identified, consider sending a notice to those who might have been affected by the bug.

1. Identify bug symptoms so users may determine whether they were affected by it. It is also helpful to identify versions and/or dates of the code releases known to be affected by the bug.
2. Identify the bug cause in plain English, i.e., passed wrong pointer, transposed two arguments, error in equation, etc.
3. Describe extent of side-effects which bug may cause. Estimates of magnitude of bug, whether results were randomly or systematically biased, which particular regions were more or less affected, etc.
4. Complete the classification of the bug’s damage by mentioning what processes, routines, regions, or versions, are not affected by the bug.
5. Determine and report on what future changes, if any, should be made to software management to ensure this type of bug does not occur again.
6. Acknowledge whether or not the bug fix is known to be solid
7. Provide actual code patch to fix bug

Linux Journal #87 (July, 2001, p. 82) gives helpful debugging tips. The MALLOC_CHECK_ environment variable is one such method. Setting this variable and then running a faulty program will cause the program to print some verbose error messages when the fault is triggered. See the man page for malloc for more information.

Many commercial tools are available to find memory leaks. ccmalloc is a free tool. Simply link with ccmalloc g++, and then run with MALLOC_CHECK_ = 1 to produce a report

ccmalloc generates a report, and the number of memory leaks in the program is shown in the garbage column. http://ieee.uow.edu.au/~mjp16/prog/memleak.html describes the procedure.

9.61 Valgrind

The most useful memory debugging tool since about 2002 has been valgrind² . Simply precede the program invocation with valgrind [options].

Since there are many errors in the default GNU compilers and libraries, these errors may be suppressed using the To make it easier to write suppressions, tell valgrind to print the suppression command for each error it encounters

In this mode, valgrind queries whether to print suppression text for each The default suppressed warnings are contained in /usr/local/lib/valgrind/default.supp, and Store additional suppressions you wish to ignore in a suppresions file, e.g., valgrind.txt. Multiple suppressions files may be used by specifying them with the --suppressions flag:

9.62 DDD

DDD has many obscure capabilities, especially when running in GDB mode. Table 3 summarizes frequently used GDB commands.

GDB does not know the size of dynamically allocated arrays. To print the first grd\_nbr items of array grd, use

The -0 is necessary to get DDD to recognize that the argument is an integer. This may only be neccessary when argument is type long. To display this array in the display window, highlight grd[0]@(grd_nbr-0) so that it appears in the argument line at the top next to ():. Then click the display button. The required specification can be tedious, especially when indirection and class structures are involved, e.g., tst_obj->flx_slr_frc_in[0]@tst_obj->wvl_nbr_in or, for, say, N - 3 elements, the even more complex (⋆tst_obj)->flx_slr_frc_in[0]@(tst_obj->wvl_nbr_in-3).

Setting conditional breakpoints can be done with the watch function. For example, consider the problem of breaking inside of a loop once the value of the counter, idx, is 37. The GDB command is watch idx, which sets a watchpoint on idx. A watchpoint is a breakpoint that is called whenever the expression changes value.

“Stepping” through C+ + code is tedious because GDB takes the long route through all the interface files. Instead, set breakpoints at the start of the desired function with, e.g., break rt_cls::var_put.

Using gdb on G95 code is possible but not pretty. Symbols are case sensitive (use lower case). Dummy arguments are actually pointers. Module variables have a modulename_MP_ prefix. Module procedures have the same, plus an underscore _ suffix.

On SGI 64-bit machines, dbx and gdb do not work and one must use the cvd debugger. This debugger is powerful but non-intuitive. To view the stdout stream one must open the “Execution View” window. Also in the Views menu is the “Variable Browser” which does what it says. Clicking on the variable names in the “Variable Browswer” will bring up a nice “Array Browser” for arrays. Breakpoints are set in the “Traps” menu in cvd.

On AIX, use the xldb debugger. Invoke with

The Lahey lf95 compiler comes with the fdb debugger. Invoke with

9.63 Mailman

Mailman is used to create and manage mailing lists. First, run mailman to create the “site list”:

9.64 Web Servers

The DEAD box model is interactively served on the web. Doing so requires coordination between model scripts, the HTTP server (Apache), and system permissions. The Apache server keeps its transaction logs in /var/log/httpd. Users will get an Internal Server Error if the CGI script fails.

Track web server usage using webalizer.

9.64.1 Group Web Server

The group relies on a number of non-default webserver features. Most of these requirements can be met by small modifications of the apache2.conf or httpd.conf files.

1. DirectoryIndex should include index.html and index.shtml
2. PHP should be enabled (although not currently used).
3. Processing of server-side includes (SSI) should be enabled. This handles processing of .shtml files. The apache2.conf handles this:
   # ++hjm to include handling for server-parsed files (.shtml)  
   <IfModule mod_mime.c>  
       AddType text/html .shtml  
       AddHandler server-parsed .shtml  
   </IfModule>

4. DocumentRoot (top directory) of webpage hierarchy should be /var/www/html
5. DODS/OPeNDAP access must work. This may require enabling web-server usage of CGI scripts in the cgi-bin directory
6. Webserver must re-start automatically on reboots

9.64.2 ESS Web Server

The ESS webserver is www.ess.uci.edu. It does not support remote SSH access. The ESS server, ess1.ess.uci.edu, allows remote SSH access. Both the webserver and the department server are virtual hosts which appear to be hosted by the same physical hosts. The physical hosts which support SSH access include swamis.ps.uci.edu and lunada.ps.uci.edu. Physical hosts which firewall SSH include mavericks.ps.uci.edu.

9.65 FTP and firewalls

On Linux, the ncftp client may be used to circumvent firewalls. ncftp supports most of the commands as the standard ftp client, but many more intuitive commands as well. Experience shows that ncftp should replace ftp in nearly every situation.

9.66 Accounts

When GUIs go bad, accounts need to be added by hand. The following commands work to add accounts and appropriately cross-mounted home directories to the cluster:

When adding an account to the home directory server itself (dust.ess.uci.edu), the default home directory should be /home/${USER} rather than /dhome/${USER}.

The userdel command is for deleting user accounts.

9.67 NCAR

Over the years NCAR has developed a number of idiosyncratic procedures for managing user accounts. One way to gain access to any NCAR machine is to connect through the gatekeeper machine, gate.ucar.edu

This machine will open a proxy to any other machine at UCAR.

9.68 Autotools

The GNU Autotools refers to an integrated set of software development and portatibility tools including Libtool.

9.69 SSH

Most Unices use OpenSSH from the FreeBSD folks. Systemwide defaults are set in /etc/ssh/ssh_config. The directory .ssh contains authorization files which make passwordless access possible. An authorized_keys file, if present on machine A, contains public keys of users generated on machines B–Z. These users will be allowed to log in to machine A without entering any password. A known_hosts file, if present, contains public host keys of known remote machines. These keys were generated on remote machines.

1. authorized_keys contains RSA1 public keys of authorized users gathered from the identity.pub files on remote machines. These keys employ SSH protocol version 1.
2. authorized_keys2 contains RSA and DSA public keys of authorized users gathered from the id_dsa.pub files on remote machines. These keys employ SSH protocol version 2.
3. known_hosts contains RSA1 public keys of authorized machines gathered from the /etc/ssh/ssh_host_key.pub files on remote machines. These keys employ SSH protocol version 1.
4. known_hosts2 contains DSA public keys of authorized machines gathered from the /etc/ssh/ssh_host_dsa_key.pub and /etc/ssh/ssh_host_rsa_key.pub files on remote machines. These keys employ SSH protocol version 2.
5. Note that the system-wide configuration files (e.g., /etc/ssh/ssh_config) may disallow recognizing user-specific known hosts.

Execute ssh-keygen -t rsa1 to generate identity and identity.pub files. Execute ssh-keygen -t rsa to generate id_rsa and id_rsa.pub files. Execute ssh-keygen -t dsa to generate id_dsa and id_dsa.pub files.

When upgrading or renaming a server, one may need to re-generate the server’s keys.

To exercise all the various keys, force ssh to use the different algorithms:

Recently, OpenSSH added some useful commands. The command ssh-copy-id automates the process of installing the identity.pub and id_[dr]sa.pub files in a remote machine’s authorized_keys and authorized_keys2 files.

Some machines have multiple IP addresses. blackforest.ucar.edu has four IP addresses. The entries in the known_hosts files might conflict with one another and lead to warnings like “POSSIBLE DNS SPOOFING DETECTED!” or “REMOTE HOST IDENTIFICATION HAS CHANGED!”. Machines with mulitple IP addresses and multiple host keys should be entered in the known_hosts files in one of two ways. First, one may omit the optional FQDN from the entry and specify only the IP address(es) associated with the host. When SSH looks at IP addresses only, it cannot get confused. Second, one may enter the optional FQDN with the IP address, but, in this case, one must make sure that entries for each possible IP address are present. Otherwise the above warnings will result if one tries to use one of the missing addresses.

Misconfiguration of the login shell, e.g., causing .bashrc to print, will cause scp to fail with a lost connection error.

The NCO project uses the Sourceforge shell and CVS servers, nco.sf.net and nco.cvs.sf.net, respectively. Set SSH keys for these machines by uploading keys to the Sourceforge web interface at https://sourceforge.net/account. Uploading keys directly (e.g., with scp) to the shell server is allowed, but discouraged. Uploading keys directly to the Sourceforge CVS server is not allowed.

9.70 Security

It happens. Passwords get compromised. When this occurs, the security environment of all computers logically connected to the compromised account should be rebuilt First, disable password-less logins from the affected account by removing the authorized_keys files from all machines. This firewalls the machines while the passwords are changed. Then search the systems for evidence of compromises. Two packages that check for installation of root-kits are rkhunter and chkrootkit. Theese may help get discover/eliminate spyware and malware as well. Login individually to all machines and change the passwords with usermod:

9.71 Hacks

Elite programming (l33t) hacks:

9.72 GCC

The GNU Compiler Collection, GCC, is the default compiler on Linux systems. To report a GCC bug, send following compile command

and its text output in plain text to bug-gcc@gnu.org. Attach (with MIME) the resulting fully preprocessed file (⋆.i⋆). It is OK to compress the file before attaching it. Do not attach the assembly language file (⋆.s⋆).

9.73 Groups

Make default group cgdcsm with GID 2400. It is also helpful to have a consistent user ID or UID across all systems. My CGD UID is the same as my NCAR scientist number, 3555, as can be seen on Solaris with the ypcat passwd | grep zender.

9.74 WINE

9.75 Partitioning

Linus Torvalds recommends setting swap partition size equal to twice the amount of RAM. Table 4 shows the partitioning schemes used on various computers.