Building a Digital Lifestyle with Open-Source Technology
Over the years, I've enjoyed the benefits of a lot of technology in my home. (Translation: nerds have all the cool toys!) Even though I have friends and family that don't have Internet access, I often marvel at the conveniences afforded by modern technology, much of it open source.
A few years ago, we ran network cable throughout the house, enabling us to access the intranet, as well as the Internet from any room in the house. Aside from being cooped up in the hot, dusty attic for hours at a time, it really wasn't as hard as you might think. Once we had ubiquitous network access, it only made sense to configure some services for use by the family. First, I set up Samba so that my wife and I could have a common place to store family documents, pictures and music. This way, my wife can use her Windows workstation to access our files, and I can use my Gentoo Linux workstation via NFS and “it just works”.
Eventually, we set up an Apache Web server to serve up Web pages. I've got it configured to serve an intranet Web page, which is just a bunch of commonly accessed hyperlinks, and a different set of Web pages to visitors from the Internet, where I try to promote various side businesses.
Of course, I run my own e-mail server, exim for SMTP and Courier IMAP. I use dyndns to provide my server with a Fully Qualified Domain Name (FQDN) that is accessible from the Internet. This way, my e-mail and Web addresses don't change, even if I change Internet providers.
MythTV has got to be the neatest toy I've ever come across. MythTV is a digital video recorder, DVR, that runs under Linux. Basically, to build a MythTV box, you start with a standard Linux box, add a video capture/tuner card, a video card with S-Video or composite outputs and a whole lot of hard drive space. What you end up with is TiVo on steroids. With MythTV, members of the family can choose TV shows that interest them from a variety of different menus, schedule when and how they are to be recorded and watch what they want, when they want. The system can even record programs into particular groups. This way, my kids' shows get recorded into the “Kids” recording group, and my boys know how to use the remote control that came with the tuner card to navigate to their recording group to watch the shows that we recorded for them. The kids don't have to wait until Saturday morning to watch cartoons and educational programs, and we don't have to worry about them stumbling upon programs that aren't appropriate for them. MythTV downloads the local TV schedule over the Internet, automatically—all this with the added bonus that MythTV allows us to skip commercials. Not only can I skip commercials, but I also can increase the playback speed. By skipping commercials and setting the playback speed to 150%, I can watch a 30-minute newscast in 15 minutes or less.
But MythTV goes beyond simple DVR functionality—way beyond. We use the MythMusic module to play our CDs and MP3s. All of our family pictures are on the computer, so we can view them on the TV using the MythImages module. My kids get a kick out of seeing themselves and people they know on TV. The MythVideo module allows us to watch .avi and .mpg video files that we download from the Internet. When you consider that MythTV includes a Weather, Games, News and DVD module, you start to see that MythTV is an all-around entertainment system.
Thanks to Vonage and their annoying commercials, almost everyone has heard of Voice over IP (VoIP). Most people know that you can use your computer and VoIP to talk to other people over the Internet for free. Some people know that you can use VoIP to talk to other people using regular telephones. But even fewer people know how easy this is to set up with an open-source software package called Asterisk. Asterisk is an all-inclusive telephony toolbox, which is just a fancy way of saying that anything you want to do with respect to telephones and phone calling, you can do with Asterisk.
At our house, Asterisk handles all incoming and outgoing calls and replaces the caller ID boxes and answering machines that we used to have scattered throughout the house. But our Asterisk installation goes beyond mere answering-machine functionality. It also screens our calls, preventing virtually any telemarketer from bothering us. When calls come in, the computer checks to see whether valid caller ID information is available. If it's not, the computer picks up the call and asks callers to enter their phone numbers. If they don't, the system hangs up on them. Once a valid caller ID has been received, the caller is presented with an answering machine greeting. The system is smart enough to greet our friends, family and coworkers by name. The greeting informs callers that they must press the # key in order to reach us; otherwise, they can press the * key or wait 15 seconds to be sent to voice mail. While this is going on, the computer displays the caller ID on the MythTV and announces the caller's name on the server's speakers. All this happens before our phones even begin to ring!
Since we installed the system, we've not had a single telemarketer bother to press the # key to talk to us. Also, many of the people who call us simply want to leave a message anyway, such as our dentist's office confirming an appointment.
We gained several features that would have cost us extra from our old phone company. Call waiting allows us to answer an incoming phone call even when we're already on the phone. The do-not-disturb feature allows us to tell the Asterisk system simply to send callers to voice mail, so we can enjoy some time at home without being interrupted by a ringing phone. Of course, we're able to access our voice mail remotely, either through the telephone network, or via e-mail. I even get paged when someone leaves us a new voice-mail message.
Because the people I work for are gracious enough to allow me to work from home on occasion, I tend to be on the phone quite a bit. The Asterisk system lets me have a separate virtual phone line in the office. Thus, I'm able to be on the phone without tying up the regular home phone. My wife can use the phone any time she needs to, even though I may be on the phone all day long taking care of business.
Asterisk and VoIP give us a lot of flexibility as to how we use our phone system. We can use a VoIP phone such as a Cisco 7960, or we can use one of the many soft phones like X-Ten. Because Asterisk supports all of the major VoIP protocols such as SIP, H.323, MGCP, Skinny and IAX2, our options are virtually limitless. We also have the option of installing an Analog Telephone Adapter (ATA), which allows us to use our existing telephones and telephone wiring. But one of the best features of our VoIP system is that it's a lot cheaper than our old PSTN phone line. When we were with Qwest, we had an unlisted phone number and caller ID, which cost us $40 US each month including long distance. Because I'm able to buy VoIP phone service wholesale and add call features such as voice mail, our last phone bill was about $15 US for the same or more phone usage.
Of course, all of these services place a high demand on disk storage. It's not enough simply to buy a bunch of hard drives. You have to have some mechanism of organizing them in a meaningful fashion.Because I have more than one terabyte of disk storage, I use the Enterprise Volume Management System (EVMS) to manage my hard drive space. Though I could have opted for any conceivable RAID configuration, I opted for a simple linear drive append configuration. This essentially amounts to being able to add up the storage of all of the installed 200–320GB drives and present them as one large drive on which I can put one or more filesystems. More important, EVMS gives me the flexibility to move data from one physical disk to another without having to move it from one filesystem to another. I essentially have four physical hard drives that combine logically to create one very large, virtual hard drive. Drives /dev/hdb1, /dev/hdc1, /dev/hdd1 and /dev/hda4 combine to form /dev/evms/media, which contains a single 750GB filesystem.
This feature came to my rescue recently. A couple weeks ago, I started seeing hard drive I/O errors from one of the “middle” drives in my system log. In most cases, this would be bad news. But because I caught the problem early and was running EVMS, I was able to buy a new hard drive and get it installed in the server. Then, I was able to use the EVMS management utility to migrate the data off of the failing drive and onto the new drive, without having to change the overlying filesystem. I simply unmounted the filesystem, added the new drive to the logical volume and migrated the data off the failing hard drive. When it was finished, I simply remounted the filesystem with little or no loss of data. So by using the same principle, I plan on being able to retire older drives and replace them with newer drives, without having to mess with the usual backup and restore cycle. The volume manager simply will move the data from the old drive to the new drive transparently.
But what happens when the day comes when I want to replace an aging 200GB drive with a new 400GB drive, but I don't have any empty drive slots? Obviously, I'm not going to be able to do a backup and restore on 750GB of data! Well, this won't be a problem because of a native Linux protocol called ATA over Ethernet, or ATAoE. Using EVMS, ATAoE and an open-source package called Vblade, I'll be able to install a new drive in my desktop computer and access it natively on my server computer. EVMS will see the “remote” hard drive as a locally installed drive and allow me to migrate data to it over the network. Once the migration is complete, I simply will remove the old drive and install the new drive into the server. When I reboot the server, it will be as though the new drive had always been there.
As many, if not most, of my friends also have home-based networks, it seemed like it might be fun to try to connect them all together. Because most of my friends have dynamic IP addresses and some of them use systems other than Linux as their Internet routers, IPv6 was out of the question. Instead, I use the open-source package, OpenVPN, to connect my friends' networks. Setting up a VPN connection between my friends' networks gives us all transparent access to each other's computers, even computers behind NAT firewalls. Ubiquitous access to each other's networks and computers allows us to do private file and resource sharing. Using a program called Unison, we're able to keep a synchronized archive of family pictures as well as encrypted backups of each others' financial documents. Because of the dynamic nature of such a network of networks, we use the open-source package Quagga, which uses OSPF and RIP to manage the routes between the various networks. So far, this effort has been more of a learning experience than a practical benefit, but we're still working on it.
After spending so much time getting these toys and gadgets working, it's time to start working on some practical tools. For one thing, we're drowning in spam. I've got the Exim mail server configured to drop incoming e-mail into folders based on address and subject. This has worked pretty well at reducing the amount of time I spend reading e-mail. I can delete entire folders that don't interest me. However, it's clear that I need to do more. I'm considering configuring SpamAssassin to triage incoming e-mail messages. SpamAssassin performs a series of tests on a given e-mail message to determine how likely it is to be spam. Each message is given a score. The higher the score, the more likely the message is spam. Those messages that SpamAssassin deems to be probable spam will then be routed to TMDA for ultimate verification.
TMDA implements what's known as a challenge/response mechanism for authenticating e-mail. Essentially, for any message that TMDA handles, TMDA sends a reply message to the original sender. This is the challenge part of what TMDA does. If senders are non-spammers, it's likely they will reply to the challenge message. This is the response part. When TMDA receives a response to a given challenge, it arranges for the original e-mail message to be delivered. The theory is that most spammers won't reply to the challenge, so TMDA won't deliver the spam message. Eventually, the spam will be expired and deleted, having never been delivered. The only problem with TMDA as the sole spam filtering mechanism is that some people don't want to be bothered by challenge messages. That is why I intend to run the messages through SpamAssassin first. This way, only spammy messages will be challenged.
I've tried to outline in this article some of the really neat technology available in the open-source arena. Hopefully, you've read about something that you didn't know about before. Now, I'm off to try to figure out why my VCR keeps flashing 12:00. Oh well.
Resources for this article: /article/9192.
Mike Diehl works for SAIC at Sandia National Laboratories in Albuquerque, New Mexico, where he writes network management software. Mike lives with his wife and two small boys and can be reached via e-mail at firstname.lastname@example.org.
Mike Diehl is a freelance Computer Nerd specializing in Linux administration, programing, and VoIP. Mike lives in Albuquerque, NM. with his wife and 3 sons. He can be reached at email@example.com
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Humble Hacker?
- Server Hardening
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
- Varnish Software's Hitch
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide