Tag Archives: linux

Linux applications and .NET Core on a Chromebook makes this an increasingly interesting device

I have been writing about Google Chromebooks of late and as part of my research went out and bought one, an HP Chromebook 14 that cost me less than £200. It runs an Intel Celeron N3350 processor and has a generous (at this price) 32GB storage; many of the cheaper models have only 16GB.

This is a low-end notebook for sure, but still boots quickly and works fine for general web browsing and productivity applications. Chrome OS (the proprietary version of the open source Chromium OS) is no longer an OS that essentially just runs Google’s Chrome browser, though that is still the main intent. It has for some time been able to run Android applications; these run in a container which itself runs Android. Android apps run fairly well though I have experienced some anomalies.

Recently Google has added support for Linux applications, though this is still in beta. The main motivation for this seems to be to run Android Studio, so that Googlers and others with smart Pixelbooks (high-end Chromebooks that cost between £999 and £1,699) can do a bit more with their expensive hardware.

I had not realised that even a lowly HP Chromebook 14 is now supported by the beta, but when I saw the option in settings I jumped at it.

image

It took a little while to download but then I was able to open a Linux terminal. Like Android, Linux runs in a container. It is also worth noting that Chrome OS itself is based on Linux so in one sense Chromebooks have always run Linux; however they have been locked down so that you could not, until now, install applications other than web apps or Android.

Linux is therefore sandboxed. It is configured so that you do not have access to the general file system. However the Chromebook Files application has access to your user files in both Chrome OS and Linux.

image

I found little documentation for running Linux applications so here are a few notes on my initial stumblings.

First, note that the Chromebook trackpad has no right-click. To right-click you do Alt-Click. Useful, because this is how you paste from the clipboard into the Linux terminal.

Similarly, there is no Delete key. To Delete you do Alt-Backspace.

I attribute these annoyances to the fact that Chrome OS was mostly developed by Mac users.

Second, no Linux desktop is installed. I did in fact install the lightweight LXDE with partial success but it does not work properly.

The idea is that you install GUI applications which run in their own window. It is integrated so that once installed, Linux applications appear in the Chromebook application menu.

I installed Firefox ESR (Extended Support Release).  Then I installed an application which promises to be particularly useful for me, Visual Studio Code. Next I installed the .NET Core SDK, following the instructions for Debian.

image

Everything worked, and after installing the C# extension for VS Code I am able to debug and run .NET Core applications.

I understand that you will not be so lucky with VS Code if you have an ARM Chromebook. Intel x86 is the winner for compatibility.

What is significant to me is not only that you can now run desktop applications on a Chromebook, but also that you can work on a Chromebook without needing to be deeply hooked into the Google ecosystem. You still need a Google account of course, for log in and the Play Store.

You will also note from the screenshot above that Chrome OS is no longer just about a full-screen web browser. Multiple overlapping windows, just like Windows and Mac.

These changes might persuade me to spend a little more on a Chromebook next time around. Certainly the long battery life is attractive. Following a tip, I disabled Bluetooth, and my Chromebook battery app is reporting 48% remaining, 9 hrs 23 minutes. A little optimistic I suspect, but still fantastic.

Postscript: I was always a fan of the disliked Windows RT, which combined a locked-down operating system with the ability to run Windows applications. Maybe container technology is the answer to the conundrum of how to provide a fully capable operating system that is also protected from malware. Having said which, there is no doubt that these changes make Chromebooks more vulnerable to malware; even if it only runs in the Linux environment, it could be damaging and steal data. The OS itself though will be protected.

Ubuntu goes minimal (but still much bigger than Alpine Linux), cosies up to Google Cloud Platform

Ubuntu has announced “Minimal Ubuntu”, a cut-down server image designed for containerised deployments. The Docker image for Minimal Ubuntu 18.04 is 29MB:

Editors, documentation, locales and other user-oriented features of Ubuntu Server have been removed. What remains are only the vital components of the boot sequence.  Images still contain ssh, apt and snapd so you can connect and install any package you’re missing. The unminimize tool lets you ‘rehydrate’ your image into a familiar Ubuntu server package set, suitable for command line interaction.

says Canonical.

29MB is pretty small; but not as small as Alpine Linux images, commonly used by Docker, which are nearer 5MB. Of course these image sizes soon increase when you add the applications you need.

I pulled Ubuntu 18.04 from Docker Hub and the image size is 31.26MB so this hardly seems a breakthrough.

Canonical quotes Paul Nash, Group Product Manager for Google Cloud Platform, in its press release. The image is being made available initially for Amazon EC2, Google Compute Engine, LXD, and KVM/OpenStack. The kernel has been optimized for each deployment, so the downloadable image is optimized for KVM and slightly different than the AWS or GCP versions.

Notes from the Field: dmesg error blocks MySQL install on Windows Subsystem for Linux

I enjoy Windows Subsystem for Linux (WSL) on Windows 10 and use it constantly. It does not patch itself so from time to time I update it using apt-get. The latest update upgraded MySQL to version 5.7.22 but unfortunately the upgrade failed. The issue is that dpkg cannot configure it. I saw messages like:

invoke-rc.d: could not determine current runlevel

2002: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock

After multiple efforts uninstalling and reinstalling I narrowed the problem down to a dmesg error:

dmesg: read kernel buffer failed: Function not implemented

It is true, dmesg does not work on WSL. However there is a workaround here that says if you write something to /dev/kmsg then at least calling dmesg does not return an error. So I did:

sudo echo foo > /dev/kmsg

Removed and reinstalled MySQL one more time and it worked:

image

Apparently partial dmesg support in WSL is on the way, previewed in Build 17655.

Note: be cautious about fully uninstalling MySQL if you have data you want to preserve. Export/backup the databases first.

Microsoft and GitHub, and will GitHub get worse?

Microsoft has announced an agreement to acquire GitHub for $7.5 billion (in Microsoft stock). Nat Friedman, formerly CEO of Xamarin, will become GitHub’s CEO, and GitHub will continue to run somewhat independently. A few comments.

image

Background: GitHub is a cloud-based source code repository based on Git, a distributed version control system created by Linus Torvalds. It is free to use for public, open source projects but charges a fee (from 7$ to $21 per user per month) for private repositories.

First, why? This one is easy. Microsoft is a big customer of GitHub. Microsoft used to have its own hosting service for open source software called CodePlex but abandoned it in favour of GitHub, formally closing CodePlex in March 2017:

Over the years, we’ve seen a lot of amazing options come and go but at this point, GitHub is the de facto place for open source sharing and most open source projects have migrated there. We migrated too.

said Brian Harry.

Microsoft also uses GitHub for its documentation, and this has turned out to be a big improvement on its old documentation sites.

Note also that Microsoft has many important open source projects of its own, including much of its developer platform (.NET Core, ASP.NET Core and Entity Framework Core). Many of its projects are overseen by the .NET Foundation. Other notable open source, Github-hosted projects include Visual Studio Code, a programmer’s editor that has won many friends, and TypeScript, a typed superset of JavaScript that compiles to standard JavaScript code.

When big companies become highly dependent on the services of another company they may become anxious about it. What if the other company were taken over by a competitor? What if it were to run into trouble, or to change in ways that cause problems? Acquisition is an easy solution.

In the case of GitHub, there was reason to be anxious since it appears not to be profitable – unsurprising given the large number of free accounts.

Second, Microsoft is always pitching to developers, trying to attract them to its platform and especially Azure services. It has a difficult task because it is the Windows company and the Windows platform overall is in decline, versus Linux on servers and Android/iOS on mobile. Therefore it is striving to become a cross-platform company, and with considerable success. I discuss this at some length in this piece. Note that there is a huge amount of Linux on Azure, including “more than 40%” of the virtual machines. More than 50%? Maybe.

If Microsoft can keep GitHub working as well as before, or even improve it, it will do a lot to win the confidence of developers who are currently outside the Microsoft platform ecosystem.

image

Will GitHub get worse?

The tricky question: under Microsoft, will GitHub get worse? The company’s track record with acquisitions is spotty, ranging from utter disasters (Nokia, Danger) to doubtful (Skype), to moderately successful so far (LinkedIn, Xamarin).

Under the current leadership, I doubt anything bad will happen to GitHub. I’d guess it will migrate some infrastructure to Azure (GitHub runs mainly from its own datacentres as I understand it) but there is no need to re-engineer the platform to run on Windows.

Some businesses will be uncomfortable hosting their valuable source code with Microsoft. That is understandable, in the same way that I hear of retailers reluctant to use Amazon Web Services (since it is a platform owned by a competitor), but it is a low risk. Others have long-standing mistrust of Microsoft and will want to migrate away from GitHub because of this.

Personally I think it is right to be wary of any giant global corporation, and dislike the huge and weakly regulated influence they have on our lives. I doubt that Microsoft is any worse than its peers in terms of trustworthiness but of course this is open to debate.

Another point: with this acquisition, free GitHub hosting for open source projects will be likely to continue. The press release says:

GitHub will retain its developer-first ethos and will operate independently to provide an open platform for all developers in all industries. Developers will continue to be able to use the programming languages, tools and operating systems of their choice for their projects — and will still be able to deploy their code to any operating system, any cloud and any device.

It is of course in Microsoft’s interests to make this work and the success of Visual Studio Code and TypeScript (which also come from the developer side of the company) shows that it can make cross-platform projects work. So I am optimistic that GitHub will be OK.

Update: I’ve noticed Sam Newman and Martin Fowler taking this view, a good sign from a people I respect and who are by no means from the usual Microsoft crowd.

image

Official announcements

Press release: https://news.microsoft.com/?p=406917

Chris Wanstrath’s Blog Post: https://blog.github.com/2018-06-04-github-microsoft/

Satya Nadella’s Blog Post: https://blogs.microsoft.com/?p=52553832

Case sensitive directories now possible in Windows Explorer as well as in the Windows Subsystem for Linux

Experienced Windows users will know that occasionally you hit a problem with case sensitivity in file names. The problem is that on Linux, you can have files whose name differs only in case, such as MyFile.txt and myfile.txt. Windows on the other hand will not normally let you do this and the second will overwrite the first.

The latest build of Windows 10 (1803, or the April 2018 Update) has a fix for this. You can now set directories to be case-sensitive using the fsutil command line utility:

fsutil.exe file setCaseSensitiveInfo <path> enable

You can then enjoy case sensitivity even in Windows Explorer:

image

This is not particularly useful in Windows. In fact, it is probably a bad idea since most Windows applications presume case-insensitivity. I found that using Notepad on my case-insensitive directory I soon hit bugs. I double-click a file, edit, save, and get this:

image

Press F5 and it sorts itself out.

Developers may have written applications where a file is specified with different case in different places. Everything is fine; it is the same file. Then you enable case-sensitivity and it breaks, possibly with unpredictable behaviour where the application does not actually crash, but gives wrong results (which is worse).

If you are using WSL though, you may well want case-sensitivity. There are even applications which will not compile without it, because there are different files in the source whose name differs only by case. Therefore, WSL has always supported case-sensitivity by default. However, Windows did not recognize this so you had to use this feature only from WSL.

In the new version this has changed and when you create a directory in WSL it will be case-sensitive in both WSL and Windows.

There is a snag. In the full explanation here there is an explanation of how to adjust this behaviour using /etc/wsl.conf and also the warning:

Any directories you created with WSL before build 17093 will not be treated as case sensitive anymore. To fix this, use fsutil.exe to mark your existing directories as case sensitive.

Hmm. If you are wondering why that application will not compile any more, this could be the reason. You can set it back to the old behaviour if you want.

Should Microsoft have made the file system case-sensitive? Possibly, though it is one of those things where it is very difficult to change the existing behaviour, for the reasons stated above. Note that Windows NT has always supported case-sensitive file names, but the feature is in effect disabled for compatibility reasons. It is poor for usability, having files whose names differ only in case which are therefore easily confused. So I am not sure. Being able to switch it on selectively is nice though.

Chromebooks get more useful as Linux comes to Chrome OS

At Google’s IO conference under way in San Francisco, the company has announced the ability for a Chromebook to run Linux applications.

image

“Support for Linux will enable you to create, test and run Android and web app for phones, tablets and laptops all on one Chromebook. Run popular editors, code in your favourite language and launch projects to Google Cloud with the command-line. Everything works directly on a Chromebook,” says product manager Ton Buckley. “Linux runs inside a virtual machine that was designed from scratch for Chromebooks. That means it starts in seconds and integrates completely with Chromebook features. Linux apps can start with a click of an icon, windows can be moved around, and files can be opened directly from apps.”

Squinting at the screen in Google’s photo, above, it looks like the Linux VM runs Debian.

Coupled with the existing ability to run Android apps, the announcement makes Chromebooks more attractive for users (and I am one of them) who would previously have found the operating system too restrictive.

Buckley presents the new feature as primarily one for developers. You will be able to build and test Android applications directly on the Chromebook. Given the operating system’s native support for Android, this should be an excellent machine for Android development.

One of the first things I would install would be Visual Studio Code, presuming it runs OK. Thanks to .NET Core, ASP.NET development should work. The LAMP stack running locally would be great for  PHP development.

Personally I would not only use it for coding though. The ability to run LibreOffice would be great, for example. There are also a ton of handy Linux utilities for admins.

Top feature: security

The key attractions of Chromebooks (aside from low prices from OEM vendors) is security. They are popular in education for this reason. They require less management than PCs because the operating system is locked down and self-patching. The new feature should not compromise security too much, because Linux runs in a VM and in the worst case resetting the VM should clear any malware – though access to user documents could make malware running in the VM quite disruptive.

Apple’s iPad Pro is another capable device with a locked down OS, but does not run Linux applications.

What about Windows? Microsoft has tried and so far failed to lock down Windows in a manner acceptable to its customers. Windows RT was the first attempt, but users found it too restrictive, partly because the Windows 8 app ecosystem was so weak. Windows S is another attempt; but progress is slow. Microsoft has also weakened the security of its modern app platform to make it more capable, even to the extent of allowing desktop applications into the Windows Store. The approach taken by Apple and Google, to design a new secure operating system and make it gradually more capable, is more viable than Microsoft’s work in the opposite direction.

Why Subsystem for Linux in Windows 10 and Windows Server? And what are the implications?

Microsoft is busy improving Windows Subsystem for Linux (WSL), the compatibility layer that lets you run Linux on Windows. WSL is not an emulator. It accesses the same file system and you can launch Windows applications from WSL, and vice versa. It also runs actual Linux binaries.

The latest announcements cover copy/paste between Linux and Windows, and a tabbed console. Both enhancements are in the skip-ahead insider version of Windows 10, which means they are unlikely to be in the one about to be released, currently known as Spring Creators Update (but rumoured to be getting a name change). In other words, you may have to wait around six months for this to be generally available.

image 

These are not huge changes, but overall WSL is a big deal. Why is Microsoft doing it? One Betanews commenter says:

I still can’t figure out who this whole "Linux-on-Windows" thing is meant for. Developers who work on both platforms maybe? I guess it would be handy for people who just want to try out Linux before migrating to it, but that’s the last thing Microsoft would want to promote.

Microsoft has in fact stated the primary purpose of WSL:

This is primarily a tool for developers — especially web developers and those who work on or with open source projects. This allows those who want/need to use Bash, common Linux tools (sed, awk, etc.) and many Linux-first tools (Ruby, Python, etc.) to use their toolchain on Windows.

There is a bit more to it. Developers are small in number relative to general users, but disproportionately influential, since they make the applications the rest of us run, and if the applications are not there or are inferior, the ecosystem starts to fail and the operating system declines.

I am not sure when it was that developers started to prefer Macs, but I noticed this trend many years ago, perhaps from the time that OS X moved to x86 (2006). This was not just about preferring the Mac user interface. In 2008 Apple opened up iOS, its mobile OS, to third-party applications, and a Mac was required for iOS development (this is still the case). It has long been relatively easy to run a Windows emulator on a Mac, but not vice versa, so for developers who want to support multiple target platforms from one computer, the Mac makes sense.

OS X / macOS is a Unix-like operating system, based on BSD (Berkeley Software Distribution). This means that moving between Linux and Mac is relatively smooth, from a developer perspective. The same tools are generally available. The internet runs mostly on Linux so the Mac has an advantage there as well.

In some cases this is more than just inconvenience. Windows has a long-standing issue with path lengths. MAX_PATH is defined as 260 characters. This limitation can be mostly removed if you have Windows 10 build 1607 or higher. Nevertheless, path issues have made Windows awkward for developing with Java, Node.js, and other languages or frameworks which typically use deeply nested directories. Open source developers perhaps did not care as much about these issues because they were mostly using Mac or Linux.

Microsoft has responded by improving Windows as a platform on which to develop applications. Visual Studio now targets Mac, iOS and Android as well as Windows. MAX_PATH has been alleviated as far as possible. WSL however goes much further. You can install and run Linux development tools and utilities such as gcc, perl, sed, awk, grep, wget, openssl, perl and more. There is no MAX_PATH issue. You can run the Linux build of Apache, PHP, MySQL and more. I used WSL to debug a PHP application and explained how here.

WSL is not perfect. Not everything is implemented. You can check the current issues here. Still, it is genuinely useful and mitigates the advantages of Mac or Linux for developers.

Microsoft has also added WSL to Windows Server. Why? The main focus here seems to be on administrators. There are times when it is handy to run a Linux command or script on Windows Server. It is not intended for production use as a server, though there is now support for background tasks; however it is still per-session so you would need to keep a user logged on in order to run, for example, a web server. More important, Microsoft has not designed WSL for production use as a server platform so it might not be as optimized or reliable as you require.

Implications of WSL

Where is this going? This is where it gets speculative. I will argue though that WSL is in part an admission of defeat. Windows remains an important development platform, but is now greatly outweighed by Unix-like platforms:

  • Web/Internet applications
  • iOS applications
  • Android applications

Where Windows support is needed, developers have many cross-platform options to choose from, a popular choice today being Electron, based on Chromium (the open source foundation of Google Chrome) and Node.js.

Today there seems little chance of Windows winning back market share as a mobile operating system, and the importance of desktop applications looks destined for long slow decline.

Windows Server remains a significant application platform, but Microsoft is focused more on driving developers to Azure cloud services than on Windows Server itself. SQL Server now runs on Linux, ASP.NET Core is cross-platform, and Azure has excellent support for Linux.

All of this leads me to think that WSL will continue to improve, perhaps to the point where production loads are supported on Windows Server, for example. Further, the ability to run Windows applications on Linux (which is more or less what happens in SQL Server for Linux) may become equally as important as the reverse.

Setting up PHP for development on Windows Subsystem for Linux in Windows 10

I have been working a little with PHP, for the first time for a while, and soon found it annoying not to have the convenience of instant application testing and line by line debugging. I have set up a PHP development environment before using XAMPP for Windows and Eclipse, but it was fiddly. I also prefer PHP on Linux, which is where my scripts will be running.

Since Windows 10 now has a Linux environment built-in, called Windows Subsystem for Linux (WSL), I decided to set this up to run Apache, PHP and MySQL and to try debugging my scripts there.

My PC is a recent installation and I had not yet installed WSL. To do so, you have to both download a Linux distribution from the Store (I chose Ubuntu), and enable WSL in Windows features. Then restart, launch Ubuntu, set a username and password, and you are up and running.

Note the Linux commands that follow should be run as root using sudo.

Before doing anything else, I got Ubuntu up to date:

apt-get update

apt-get upgrade

Then I installed the LAMP suite:

apt-get install lamp-server^

(the final ^ is intentional; see the guide here).

To check that everything is working, I created the file phpinfo.php in /var/www/html with the following contents:

<?php phpinfo(); ?>

and restarted Apache:

/etc/init.d/apache2 restart

Note: if you have IIS running in Windows, or another web server, Apache will not be able to listen on port 80. Change the port in /etc/apache2/ports.conf and in /etc/apache2/sites-enabled/000-default.conf

Then I opened a web browser on the Windows side and browsed to localhost:

image

and

image

We are up and running, but not debugging PHP yet. Remember the basic rules of WSL:

  • you cannot change Linux files from Windows.
  • you can access Windows files from Linux.

We want to edit PHP from Windows, so we’ll define a site that uses Windows files. Windows files are under /mnt/c (or whatever drive letter you are using).

So if you example you have your PHP website in a folder called c:\websites\mysite, you can have Apache serve files from that folder.

The quickest way to get up and running is to create a symbolic link in the Apache home directory, in my case /var/www/html. Change to that directory and type:

ln -s /mnt/c/websites/mysite mysite

Now you can view the site at http://localhost/mysite/

This worked first time for me, complete with PHP running. You could also set up multiple virtual hosts in Apache, and use the hosts file in Windows to map other host names to localhost.

Next, you probably want PHP to show error messages. To do this, replace the default php.ini with the development version (or tweak it according to your own preferences. At the time of writing, on Ubuntu, the default PHP version is 7.0 and php.ini-development is located in /usr/lib/php/7.0/php.ini-development. So I backed up the ini file at /etc/php/7.0/apache2, replaced it with the development version, and restarted Apache. My PHP form immediately showed me a non-fatal undefined index error, so it worked.

There is one small inconvenience. Apache in WSL will only run during the session. So before starting work, you have to open Ubuntu and type:

sudo apache2ctl start

Well, background task support is coming to WSL but I do not regard this as a big problem.

OK, this is cool, we can make changes in the PHP code in our favourite Windows editor, save, and view the results directly in the browser. But what about line-by-line debugging? For this, we are going to use Visual Studio Code with the PHP Debug extension:

image

Then on the Ubuntu side:

apt-get install php-xdebug

Restart Apache:

apache2ctl restart

Check that phpinfo.php now shows an Xdebug section. Then edit php.ini and add the following:

[XDebug]
xdebug.remote_enable = 1
xdebug.remote_autostart = 1

Restart Apache again and XDebug is ready to go.

Over in Visual Studio code there is a little more work to do. The problem is that although everything is running on localhost, the location of the files looks different to Linux than to Windows. We can fix this with a pathMappings setting. In Visual Studio code, open the PHP file you want to debug. Click the Debug icon and then the little gearwheel near top left; this will open launch.json. By default there are a couple of settings for XDebug. These are OK for a default setup, but we need to add path mapping so that the debugger knows where to find the files. For example:

image

Now you can set a breakpoint, start debugging, and open the page in your browser:

image

More guidance on the PHP Debug extension by Felix Becker is here.

Final thoughts

This is cool; but is it better or worse than an old-style VM running Linux and PHP? The WSL solution is lightweight and convenient, but unlike a VM it is not isolated and you may hit issues that are unique to WSL, because not everything runs. I did happen to suffer crashes in Visual Studio and in Outlook while WSL was running; it may well be coincidence, but I cannot help wondering if WSL might be to blame.

Still, a great feature of WSL is that when you exit your session, it goes away, so it is not too intrusive. I plan to use it for PHP debugging and will see how it goes.

Using Strongswan as a VPN client – and a Windows Firewall gotcha

How do you monitor a Windows server over the internet? This one is not in Azure but an actual server, running Hyper-V of course, and the requirement is to monitor both the Hyper-V host and the VMs for things like free memory, disk space and CPU usage.

There is a nice solution called Cacti which does this, using SNMP. You just have to enable SNMP in Windows Server, install Cacti on some other server, and make sure the two can communicate on UDP port 161 (or you can configure another port).

The target server is behind a Linux firewall which has a VPN endpoint, so a good solution is to have a VPN connection between Cacti on-premises and the firewall to enable SNMP traffic over a secure tunnel. This VPN endpoint is already in use using the excellent Shrew soft VPN client, so it was just a matter of finding a suitable Linux VPN client for the VM on which I installed Cacti.

I had installed Debian Linux on a VM to run Cacti, without any GUI (I mean, who needs a GUI on a server?) so looked for a suitable command-line VPN client.  I soon gathered that the usual choice used to be Racoon but is now strongSwan – though note that both of these are more often used to set up a VPN endpoint on a server rather than as clients, though they work fine in either role.

I am sure that someone with more experience than myself in Linux VPNs and networking would have had this up and running in no time, but for me it was somewhat arduous. There are two aspects to a VPN tunnel, one of which is creating the secure tunnel and the second being the networking. StrongSwan will do most of this on your behalf, but you do need to get the configuration right in /etc/ipsec.conf and I chased down several false trails before getting it working.

One issue was that I am using XAuth authentication, and despite strongSwan supporting this I thought by default, got the error “no XAuth method found.” What worked for me was to install libstrongswan-extra-plugins and then make sure that xauth-generic.conf is set to load the xauth-generic plugin.

Next, it was not obvious to me what to put in the strongSwan left and leftsubnet key pairs. I thought the left subnet should be the subnet of my local network (192.168.255.0/24) but in fact I needed the subnet that was configured for VPN clients, in my case 192.168.40.0/24. Until I figured this out I was getting “no matching CHILD_SA config found” and “HASH N(INVAL_ID)” errors when trying to connect.

I fixed that but it still did not work. After trying various things I hit upon left=%any in ipsec.conf and got a successful connection at last.

I had a tunnel, but traffic did not pass. Now, there are two things I did to get this working. One was to put auto=route in ipsec.conf.  The docs sayroute loads a connection and installs kernel traps.” Note that the networking configuration is done not by modifying iptables rules, but through xfrm policy, and to see the current policy you type:

ip xfrm policy

in the shell. It was still not quite right.

The final step was to change left=%any to left=%defaultroute in ipsec.conf. With this last piece of magic in place, everything works.

It was not (for me) quick and easy to configure, but the result is excellent. Just type:

ipsec up [connectionname]

and the tunnel comes up almost instantly. Using snmpwalk I can verify that that traffic is flowing:

image

That said, now is the time to mention a little gotcha with the Windows Firewall for SNMP. When you install the service, Windows creates a firewall rule that opens the SNMP port (normally UDP 161) for incoming traffic, for both private and public profiles.

image

Note there is a separate rule for Domain profiles, which is a clue that something is different. That difference is the scope of the rule. By default, the rule for private and public profiles is scoped only to the local subnet, making it in effect disabled.

image

The idea I guess is to encourage you to restrict traffic to specified IPs if you access the SNMP service from outside the domain, which is good security advice. You can also configure this on the SNMP service properties. But if you are wondering why the service is no responding, this is one thing to check.

Microsoft SQL Server is coming to Linux. What are the implications for Windows Server?

Microsoft is porting SQL Server, its popular database manager, to Linux. According to Executive VP Scott Guthrie:

Today I’m excited to announce our plans to bring SQL Server to Linux as well. This will enable SQL Server to deliver a consistent data platform across Windows Server and Linux, as well as on-premises and cloud. We are bringing the core relational database capabilities to preview today, and are targeting availability in mid-2017.

Why do this? The short answer is that like any other software company, Microsoft wants to sell more licenses, and porting its premier (and excellent) database manager to Linux extends its market and helps it compete more directly with the likes of Oracle and even MySQL.

image

However that begs a second question, which is why has Microsoft not done this before? After all, SQL Server has been around forever. The first release was in 1989, jointly with Ashton Tate and Sybase, and was for OS/2. The first Windows release was 1993. There was a significant leap forward in SQL Server 7.0, in 1998, which I think of as the beginning of the product as we know it today.

Microsoft in the nineties and in the first decade of the new millennium was all about Windows. Dominant on the desktop, the idea was to build synergies between Windows desktop and Windows server so that running server applications like Active Directory, Exchange and SQL Server was the obvious choice. The Visual Studio development environment pushed developers towards Visual Studio in subtle and not-so-subtle ways. Some programming language innovations like LINQ to SQL (a form of Language Integrated Query) only worked with SQL Server. It was not quite lock-in, it was always possible to use a different database engine, but SQL Server was always the default, used in all the examples and documentation, and the best understood when you needed support.

Today Microsoft’s circle of dominance is breaking down. Windows still has desktop dominance, but the importance of the desktop is less, thanks to mobile devices which mostly do not run Windows, and a move away from desktop applications towards web applications that do not care which operating system you use. Active Directory is still important, but cloud computing giants like Google and Amazon are encroaching on that space.

“Only on Windows Server” has become a liability rather than the key to keeping customers locked to Microsoft’s platform.

You can see this in the company’s development strategy, which is migrating towards a cross-platform implementation of .NET as well as embracing iOS and Android via the recently announced Xamarin acquisition. You can also see it in the Azure cloud platform, and Microsoft’s partnership with Red Hat for Linux on Azure. The company is happy to take your money whatever operating system you choose.

It is early days though, and Microsoft is still a Windows-centric company. SQL Server on Linux, expected sometime next year, will probably not be feature-complete compared to SQL Server on Windows – I am guessing, but things like .NET Stored Procedures may be tricky to get right, as well as features like in-memory databases that are tightly integrated with the operating system.

It is worth noting that cross-platform is actually a burden as well as a strength and may involve compromises. It will be fascinating to see how performance compares on equivalent hardware.

Microsoft is now betting than opening up new markets for SQL Server is more important than keeping customers hooked on Windows Server – especially as that last strategy is failing in the cloud computing era.

Finally, there is the question I posed in the title of this post. How does moving key server applications to Linux impact the appeal of Windows Server? After all, Linux licenses are generally cheaper than Windows Server and in some cases free. The answer is that it is one less reason to buy Windows Server, presuming SQL Server works properly on Linux.

You can see this as a process of commoditizing the operating system so that in time expensive server operating system licenses are a thing of the past. This is probably not a good trend for Microsoft. It can still prosper though if you rent your virtual infrastructure from the company and use its cloud services, like Azure and Office 365.

Another way of looking at this is that there is more pressure on Windows Server architect Jeffrey Snover and his team to make Windows Server better than Linux, so that you want to run it because of its merits, not because it is the only way to run SQL Server or Exchange.