MythicX: LhaysomTek Industries
Home || Links || All Articles || Feedback

Recent Articles:

2006/07/13
• On how to do a remote incremental backup with rsync
2006/05/25 (upd. 2007/06/21)
• A rant (and some more info) on the Logitech Harmony 885 remote control
2006/02/11
• A starting point for a busybox based initrd
2006/01/24
• Easy KnoppixOid on a USB HDD / USB Stick
2006/01/16
• Debian, Ubuntu and, *sigh* OpenSSL
2006/01/02
• New Design and Structure
2005/07/16
• Automating my Yahoo! mail
(Last changed: 2006/01/16 )

Debian, Ubuntu and, *sigh* OpenSSL

Recently I've changed most of my machines from Debian Sarge to Ubuntu Breezy. Well, this wasn't really worth a blog entry, but I'm mentionning it here now. Below are the reasons, why I switched:
  • Attitude more geared towards "It just works" instead of wasting time and energy on discussions about policies and politics. They also don't have to wait for the "official" (probably not able to keep up) Debian maintainer or wait for the official NMU hunting session before releases (every other year or so), so they just have a random skilled person fix the things that really itch.
  • They release twice a year, and support it a year and a half. This allows me to update, when I think that it's time, and not to update, when I think there are more important things to do and skip a release. Well it's true that you might prefer Debian or Solaris with their 2-3 year release cycles if you're just having some older rock solid server without need for any feature updates, but in a mixed environment its interesting to have the same distro and version on all maintained machines.
Ok, Ubuntu is not a Silver Bullet. It's still Debian what it's made of and it has some of the same issues. Let's talk about linking GPL software (without a proper OpenSSL linking permission) against OpenSSL. Officially you aren't allowed to distribute these binaries.

Now, recently I thought that it would be a good improvement to change my home network from WPA2-PSK to WPA2 with per-user authentication using EAP TTLS or EAP PEAP. However my wireless bridge wanted a RADIUS server to perform this. There are 2 costless RADIUS capable of this: TinyPEAP (Only a binary for Win32 available -> not an option for me), and of course FreeRadius.

Well, I found out that Debian (and Ubuntu) are distributing a crippled FreeRadius not linked against OpenSSL. They have no policy to ensure an easy way for users to get packages that work:
Digging Google and the Debian Bugtracker, ina bug it was suggested, to build .debs from the official Tarball. So I downloaded FreeRadius 1.10 , installed some 20-build-dependencies and libssl-dev and made some .debs . Well, there was EAP TLS (hooray) but no EAP TTLS nor EAP PEAP, so it's still useless for many many users. Why o why Debian, can't you define a policy for your package maintainers in this respect, that ensures such software "just works" (type a line or two, wait for the compiler to finish, and enjoy a working package. Really, what's FreeRadius good for in this crippled way? It's not better than it's granddaddy radiusd-livingston.

Well, I'll build it from source (configure, make, make install) then. That's almost Slackware again.

Good night, good fight.