I just migrated the Annvix-related blog entries from my linsec.ca blog where I used to talk about Annvix a little bit, amongst other things. So even though this blog has only been up a few days you’ll see entries going back to last year. I wanted to consolidate the Annvix-related stuff and remove it from my other blog.
I’m hoping by the end of the week to have PHP5 (5.1.2) in 2.0-CURRENT. I’ve just spent the last 2 hours working on upgrading the spec file from 4.4.2 up to 5.1.2 and merging in changes from Mandriva’s 5.1.2 package. Just got it to compile; we’ll see how well it works.
Well, I guess this is a good sign:
[vdanen@build SPECS]$ php --version PHP 5.1.2 with Hardening-Patch 0.4.8 (cli) (built: Mar 30 2006 00:01:08) Copyright (c) 1997-2004 The PHP Group Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
phpinfo() works as well so at least I didn’t completely hose it. We’ll see how well it works once I get mod_php and some modules compiled.
Got an email from my dad yesterday morning which essentially said “If you can get Annvix installed on this IBM server today, great, if not I’ve been told to install Windows Server 2003 on it tomorrow”.
Ouch.
My dad works for Northlands Park in Edmonton, AB, Canada, which is the largest venue for hosting shows in Edmonton (the Oilers play hockey here, all the big shows and big concerts are done on the grounds).
So I went out, took my 1.2-RELEASE CD with me, and within an hour of getting there had Annvix installed and configured (with apache, php, MySQL, and samba). This was actually a pretty sweet machine (although it’s not optimized for booting as the time from grub to a login prompt was shorter than the time it took for the BIOS to fully post). It’s a dual xeon 3GHz machine with hardware RAID and 4GB of RAM. Northlands is using it for an intranet server that my dad is developing.
I wasn’t sure what to expect, but was very pleased with the install of this machine and how Annvix handled it. It didn’t properly write the SCSI module to use to /etc/modules.conf, not sure why yet, but I think that’s more kudzu auto-detection than anything else. Otherwise, the install was quite smooth.
I’l have to find out for sure, but I think this is an IBM pSeries machine.
Had to be done sooner or later, and I’ve asked Sean to do the same, but I think it would be good if people knew who the “brains” behind Annvix was and what, if any, their qualifications are (not that you really need any, just a healthy dose of persistence), their interests, and so forth. In short… why on earth would these individuals subject themselves to the torment of working on a Linux distribution considering it isn’t the easiest thing to do.
So, to get the ball rolling, I’m going to introduce myself.
My name is, well, obviously, Vincent Danen. I’ve been dealing with (I refuse to say “doing”) computers for a long time, starting off on an IBM PS/2 with an 80MB drive and (I think) 6MB of RAM. Whatever it was, it was dog slow and I was running a BBS. That got me hooked. I was involved in all kinds of beta testing, writing documentation, and other involvement in the BBS community “back in the day”. At that point I started off with DOS and some multi-tasking thing I can’t for the life of me remember (I want to say QEMU but I think that was a better memory management tool). Anyways, I went from there to OS/2… loved that OS.
It was when an OS/2 fixpack burned me that I turned to Linux, at that point it was Red Hat 4.2 or something. I had tried earlier versions of Slackware and Ygdrassil but there was nothing in them that made me want to switch from OS/2. The big thing for me, at that point, was that my BBS software (BBBS) would run on whatever OS I ran, and it ran on Linux so there we went. I had a second computer that was also running OS/2, which I swapped for Win98 at a later date to play Baldur’s Gate (I completely missed Win95, thankfully). After finishing Baldur’s Gate, I decided I needed to get rid of Windows in order to properly learn Linux and that’s when I started using it fulltime… back in 1998 I think.
Anyways, I did some writing for TechRepublic and a few other sites when Linux was emerging as the next big thing and very few people knew much about it and those that did apparently couldn’t write easy-to-understand articles too well, so I did a *lot* of technical articles; enough that I could quit my old job as a bill collector and write fulltime. With gobs of time on my hand, I started volunteering time and packaging effort for Mandriva (then MandrakeSoft)… back in the 6.x days. Eventually, because I had so much time on my hands, I was hired in 2000 and have worked for Mandriva ever since doing security updates and other related work. I am now the Security Team Manager at Mandriva and I love my job, and I love Mandriva.
Unfortunately, Mandriva’s real strength (ease of use) was a big problem for me and the servers I wanted to run since I was doing web hosting as well. As a result I took Mandrake 9.2, forked it, and began “trimming the fat”, so to speak, to make it into a strict server OS. My initial idea was to have this thing become the basis of a future Corporate Server product. That didn’t really work out too well (difference of ideas, and timing was off) so I turned it into OpenSLS (or Open Secure Linux Server). Of course, after Patrick at Slackware emailed me indicating that there used to be a distro called SLS, that ended up being a pretty shitty distro back in the day, I changed the name to Annvix because I was afraid people would mistake OpenSLS for being a natural progression of SLS and associate the baggage and bad rep that SLS had with my project.
Annvix, BTW, is a mix of mine and my wife’s (Angela) names with a traditional “x” ending since I wanted it to sound unixy and sexy and Annvi just didn’t sound right. (BTW, thanks Ian for that idea!) It took me about 2 months to come up with this.
Anyways, I’ve been working on Annvix since mid-2003. It’s evolved a long way since I initially forked it from Mandrake 9.2. I try to keep pace with some of the development of current Mandriva, but it’s hard because it was, for the longest time, just me. Even now, all packaging efforts are largely done by myself.
As to the “why” of why I forked Annvix… I wanted something lean without a lot of bloat (255MB for a default install testifies to that), and I also wanted something secure. Mandriva’s idea of security was largely msec which, while it’s got great ideas, is naughty in that it changes stuff on you. I hate that. Of course, I could have just put out rsec without making a new Linux distro, but where’s the fun in that? Besides, this was a learning adventure for me as well. Sometimes it was downright bloody frustrating, but for the most part I enjoy working on Annvix. And it’s taught me *tonnes*. Anyways, I wanted something with more emphasis on security, and I also really like the DJB-style of handling services and using runit was awesome. A lot of the stuff and configuration style of Annvix would never ever make it’s way into Mandriva. As well, since I was “just” the security guy, a lot of my suggestions for development never materialized, or was just plain old ignored. That’s ok tho… it just didn’t fit into the style and design of Mandriva, and I don’t begrudge that. If you look at Annvix now, even compared to Corporate Server (which, BTW, I think is pretty darn good and is priced *way* too low), the target and “profile” of the server OS’s are completely different… they cater to two entirely different crowds. Not to say that CS is insecure; it’s not. But *my* server would never have X installed on it, nevermind a whole bloody KDE install. So that’s where ideas and opinions differed.
Mandriva doesn’t have a problem with me working on Annvix, which is nice, because I do it in my spare time. I guess there’s always the hope that Mandriva may pick up Annvix and run with it (including properly funding it), but if not, that’s cool too. Annvix development is a little slow sometimes due to workload, but it chugs along.
Oh, and as for the mascot, Chum… I got the idea from the OpenBSD crowd with Puffy. I just had to make Chum look meaner. =) Although I think Puffy is cooler (I have about four OpenBSD shirts even though I don’t even use OpenBSD)… damn the OpenBSD guys for thinking of the blowfish first! Aaarg!
Ummm.. on the personal side, I was born in 1976, will be married for 10 years this June, have a four year-old daughter named Jayden, one cat (Tika; down from three), a bunch of fish, and a guinea pig (Peekaboo). I drive a car with the license plate “ANNVIX” and another with a bunch of Linux bumper stickers on it. I use OS X on the desktop for the most part, Annvix for most of my servers, and Mandriva wherever I need a machine running Linux with X. I attend church at Bethesda Christian Fellowship, know I’m not going to hell, and am generally a pretty easy-going guy although a number of people have asked if I was related to Theo de Raadt due to some.. outbursts… on mailing lists. No, I am not related to Theo, but I do live 3hrs away from him so maybe there’s something in this Albertan water. I live in Edmonton, Alberta, Canada and hate telemarketers.
So there you have it. The history of me. =)
Here we go, a blog devoted to Annvix development. I’ve been discussing some Annvix development on my normal blog over at linsec.ca but I think it more appropriate to have a blog devoted to Annvix development. This way, Sean can also blog about stuff we’re thinking about and implementing for Annvix. And, since my linsec blog is picked up by Planet Mandriva, I don’t have to worry about a bunch of Annvix stuff flooding what should, by rights, be a Mandriva-centric aggregator.
Besides, I think that when it comes time to look back, it could be interesting to see what kind of hurdles we faced and how we dealt with them as we progress with Annvix development.
Well, since there wasn’t a whole lot I could do today because of the snow, I started the web gui configuration doo-hickey for Annvix which I’ve unoriginally called “Annvix Web Control”. I’ve been wanting to do this for a year now, and was hoping to have something for 1.2-RELEASE, but due to time constraints I wasn’t able to. On Sean’s suggestion, I took a look at pfSense, which is based on m0n0wall. The web interface looks pretty good, so I think I may model things after it with a few differences.
So far just the authentication routines are done. I tossed up the idea of using PHP sessions, but decided to use HTTP AUTH instead (although without relying on .htaccess) and using Solar’s phpass password encryption code rather than using MD5 or crypt() passwords. It’ll take quite a bit to get this thing up and done, but I hope to have the basics done in a month or two if I can find the time. Not much has been happening with Annvix lately just because of work and a web design project I’m working on (re-designing the Drentch website).
At any rate, the idea behind AWC is to allow for a few things, including status monitoring and configuration. It probably won’t be fully comprehensive nor will it be a replacement for shell configuration, but it will be able to configure a few things. It’s also going to be plugin-based so that, for instance, I can have a plugin to display exim logs and someone else can write one for postfix analysis. For me, the more important thing is for status monitoring… configuration is pretty low on my list. I plan to start with it being a “dashboard” so that you can see things like filesystem usage, view log files, check the load average, etc. without having to login via ssh.
I’m not sure I want to handle configuration through the web interface as that adds a lot of complexity and potential security issues (it’s less of an issue to have someone view data rather than allowing them to re-configure stuff). So I plan to start with status monitoring and some plugins that hook into third-party web apps like phpMyAdmin, etc.
Should be interesting. I hope to have the status monitoring stuff done for 2.0-RELEASE, but we’ll see what happens. It may even be generic enough to use on other operating systems. =)
Annvix is a free secure Linux-based operating system produced by the Annvix development team and Danen Consulting Services. The Annvix project aims to provide a secure, stable, and fast Linux distribution specifically tailored to servers that provide reliable services such as Email, Web, DNS, FTP, File sharing, and more.
