Technology has created storage faster than we can use it

May 3rd, 2013

The Plan9 from Bell Labs paper discusses serving files and the central server used in their scenario:
“The central server in our installation has about 100 megabytes of memory buffer, 27 gigabytes of magnetic disks, and 350 gigabytes of bulk storage in a write-once-read-many (WORM) jukebox.”

The paper goes onto describe their use of this storage setup to demonstrate the ability to do dumps of file systems for backups & recovering or interacting with previous changes in Plan9, finishing with
“Our WORM has served a community of about 50 users for five years and has absorbed daily dumps, consuming a total of 65% of the storage in the jukebox. In that time, the manufacturer has improved the technology, doubling the capacity of the individual disks. If we were to upgrade to the new media, we would have more free space than in the original empty jukebox. Technology has created storage faster than we can use it”.

Tags: ,
Posted in General | No Comments »

a.out

May 1st, 2013

From the paper “First edition Unix: Its creation and restoration

because the PDP-11/20 provided no memory protection against kernel corruption by the running process, it was considered a courtesy for a programmer to yell ‘‘a.out?’’—the name of the Unix assembler’s default output file—before running a new executable for the first time

Tags: ,
Posted in *nix | No Comments »

My 33KB SSD

April 10th, 2013

Work issued me with a mid 2012 MacBook Air, one constant running issue has been rebooting on wake from sleep after a thunderbolt display has been attached or detached in previous state, with the upgrade to 10.8.3 I also started experiencing graphics glitches on wake. In the last week things took for the worse, Friday & Saturday I experienced my system going back to intial login screen on wake & after logging in having two concurrent sessions which meant some apps didn’t work correctly, Sunday night after a fresh reinstall, system failed to detect system disk but after 15 minutes everything was ok, on Monday I rebooted & the system displayed the progress bar at the boot screen as if it was flashing firmware though I’d not initiated an update.
Today I returned to my computer to find the system hung, power cycling the system produced the same flashing folder with a question mark which means unable to find system folder.
Booted of a 10.8.3 USB flash disk, disk utility reports a 33KB Sandforce SSD!

20130411-124209 AM.jpg

20130411-124233 AM.jpg

20130411-124248 AM.jpg

Tags: ,
Posted in OS X | 3 Comments »

Book review : Kerberos, The definitive guide

February 10th, 2013

Kerberos & AFS have been two technologies I’ve wanted to deploy for a long time but based on my experience with Kerberos in Windows 2000 & and studies for MCSE I had made myself believe that it would be a painful task, I purchased this book a couple of years back but never got around to reading it properly until the start of the new year. The book is divided into 10 chapters, the first 3 explain how Kerberos works conceptually, from there on the book covers the practical aspects, how to deploy Kerberos using the MIT, Heimdal & Windows implementation, how to troubleshoot common issues, improve security, integrate applications & services, implement cross realm authentication, windows & UNIX integration, finishing off with the future of Kerberos.
The book uses FreeBSD as the OS which the UNIX examples are demonstrated on though Kerberos is built from source. I also used FreeBSD to perform my test installation but instead opted to use the Heimdal implementation which comes bundled as standard in the base OS of the BSDs. Implementation was really simple, once the KDC was up & the necessary SRV records were in place, telnet authentication worked seamlessly and after I’d set GSSAPIAuthentication yes in my ssh(1) & sshd(8) config files, SSH also worked seamlessly. Only thing that caught me out was Heimdal in FreeBSD base uses DNS where as the book assumes that this is switched off (not sure if this feature was switched off by default at the time & has now changed or it’s just the FreeBSD bundled version which has it on by default). The information for troubleshooting & some of security is still relevant but other than that it is badly outdated, discussing DES encryption & the lack of support for RC4 encryption which was the default cipher used by Windows 2000. Setting up a slave KDC has also change since this book was published in Heimdal, you now need a hprop/hostname principal for each slave server where as the book recommends host/hostname principals which doesn’t work with Heimdal anymore.

Looking around, you will still see references to Windows 2000 when doing Kerberos implementation eg in the current Heimdal documentation, I’m not sure if this is still applicable to the latest version of Windows or it’s there for historical reference.
If I were looking to learn about Kerberos, specifically Heimdal, I would use the official documentation & the Kerberos5 article on the FreeBSD handbook instead of buying this book as there is too much outdated advice in this book that no longer applies.
Ignoring the outdated best practices, the initial implementation information has remained the same over the year & it’s amazingly easy to deploy in a lab scenario for testing.

Tags: , ,
Posted in General | No Comments »

bhyve – BSD Hypervisor

February 10th, 2013

With the videos released last month from euroBSDcon 2012, I watched Michael Dexter’s talk on bhyve, the BSD hypervisor has come along way since I last tried it over a year ago & Michael has helped a with it’s progress by writing articles on CFT & scripts for running bhyve.
Last week I decided to get myself a server which I could use to do builds quickly & to run virtual machines for testing. Hetzner do high spec consumer hardware as servers,  €59 per month get you a i7 with 32GB of RAM & 2x 3TB HDD, I ordered the server along with a 16GB USB flash drive with the plan of running SmartOS, once my login details for the server came through, I raised a support ticket for access to a IP KVM, within the hour I was given access & the installation went seamlessly. SmartOS was running on my server & it all went down hill from there.
As there is a IPv4 address shortage, hetzner charge a premium for additional addresses as a routed subnet, along with an additional fee for having the ability to request additional addressses as a “flexi pack”, a /27 would cost €47, I was not going to pay this so decided to go IPv6 only as I have connectivity at home & work. Unfortunately, though IPv6 support is there in the core of SmartOS by interitence from OpenSolaris, the additions from Joyent for KVM don’t, main culprit being vmadm(1m), after losing two days trying to get things working I came to the conclusion that A) it would be a big pain to maintain going forward as the burden would be on me to work around the shortfalls of the system B) I didn’t want to maintain my own release with third party patches which were not in yet C) I didn’t like the way I would have to extend the system to add functionality eg to set the hostname for your system persistently you have to use a script D) getting IPv6 support to guests was painful.

The majority of the work I’m doing is oriented around FreeBSD, it takes over 4 hours to do a build world & kernel on my ThinkPad X61s with a 1.6GHz Core2Duo so anything that can prolong it’s life & give me new builds quickly is good. I placed another support request for IP KVM (LARA in the world of hetzner) & once I had the login details I netbooted the server to  their FreeBSD rescue environment which is a FreeBSD 8.3 based copy of mfsBSD. From there I fetched the latest FreeBSD-CURRENT usb image & wrote it to the flash drive using dd(1) & went about setting up a mirrored zpool to install FreeBSD onto.

Once the installation was complete & the system was up & running I revisited Michael’s talk, slides & scripts.
His scripts are numbered sequentially so you can easily go from creating a disk image to running & managing your virtual machines. This article covers a summary of what is involved to get a guest VM ready with FreeBSD-CURRENT built from source which are taken from his scripts & slides. As development has progressed since the talk, some things which are performed are no longer required. Essentially, you can boot a stock system from a disk image with only 2 necessary modifications to stock configuration files for dealing with the console.
There is also a vmrun.sh script which simplifies the whole process to try out (see instructions)

First build world & kernel (not necessary, you can use the precompiled binary instead if you choose)

On the host add the following to /boot/loader.conf
vmm_load="YES"
if_tap_load="YES"
bridgestp_load="YES"
if_bridge_load="YES"
bridgestp_load="YES"

Create a file which will be used as your disk, eg a 80GB one
truncate -s 80G disk.img
Create a md(4) disk with the file you just created
mdconfig disk.img
Initialise the disk to use the entire disk as a freebsd slice
fdisk -BI md0

You’ll receive the following error which can be safely ignored
******* Working on device /dev/md0 *******
fdisk: invalid fdisk partition table found

Write a standard label & boot code to slice 1
bsdlabel -wB /dev/md0s1
Write a filesystem to slice 1a
newfs -U /dev/md0s1a
Mount it to /mnt
mount /dev/md0s1a /mnt

From /usr/src, install world, kernel & distribution (contents of /etc) onto the disk image
make installworld DESTDIR=/mnt
make installkernel DESTDIR=/mnt
make distribution DESTDIR=/mnt

Setup your fstab to mount root from /dev/vtbd0s1a
echo "/dev/vtbd0s1a / ufs rw 1 1" > /mnt/etc/fstab
Configure your console
echo 'console "/usr/libexec/getty std.9600" vt100 on secure' > /mnt/etc/ttys
echo 'console="userboot"' > /mnt/boot/loader.conf

Aside from configuring /etc/rc.conf the instructions above cover the bare minimum to get a booting VM.

From Michael’s 2-install-guest.sh I’ve skipped loading the virtio drivers in /boot/loader.conf as they’re loaded by default in FreeBSD-CURRENT & the following though I’ve not given it more testing
Helps Kernel detected it’s running in a virtualised environment
smbios.bios.vendor="Bochs"
Avoid clock drift
kern.timecounter.hardware="TSC"
kern.timecounter.invariant_tsc="1"
PCI pass-through support as it caused hangs
hw.pci.enable_msix="0"
hw.pci.honor_msi_blacklist="0"

Unmount the file system
umount /mnt
Detach the file from md(4)
mdconfig -d -u 0
Assuming you’re using md0
You can get a list of configured devices with
mdconfig -l

As covered in 3-host-prep.sh you can load the required kernel modules for bhyve & guest networking by running
kldload vmm
kldload if_tap
kldload bridgestp
kldload if_bridge or rebooting :)

Before starting your VM, you need to create the needed interfaces, a tap(4) interfaces with a bridge(4) linked to the interface you want the VM to be able to communicate on, in my case a re(4)
ifconfig tap0 create up
ifconfig bridge0 create up
ifconfig bridge0 addm tap0 addm re0 up

Because of STP, once you have started the virtual machine, you should pause at the boot menu by pressing space & waiting 20 seconds until STP has stabilised otherwise you may find strange issues with you guest not being able to communicate properly.
If you restart a VM, it is also important to destroy the tap & bridge interfaces before starting up again or you will again experience odd behaviour e.g I was seeing traffic come in to the VM but not going out.
ifconfig tap0 destroy
ifconfig bridge0

To start a VM with less than 4GB RAM issue
sudo bhyveload -d /path/to/disk.img -m 256 vmname && sudo bhyve -c 1 -a -A -m 256 -I -H -g 0 -s 0:0,hostbridge -s 2:0,virtio-blk,/path/to/disk.img -s 1:0,virtio-net,tap0 -S 31,uart,stdio vmname
This will start a VM called vmname which uses 256MB RAM.

To start a VM which uses 4GB or more you’ll have to specify memory settings differently as you need to lead space for PCI MMIO decode below 4GB, so for example, if you wanted to use 8GB RAM, you’d issue
sudo bhyveload -d /path/to/disk.img -m 2048 -M 6144 vmname && sudo bhyve -c 1 -a -A -m 2048 -M 6144 -I -H -g 0 -s 0:0,hostbridge -s 2:0,virtio-blk,/path/to/disk.img -s 1:0,virtio-net,tap0 -S 31,uart,stdio vmname

To shutdown a VM issue
bhyvectl --vm=vmname --destroy

My next step is to now see how to use a ZFS filesystem instead of a file based disk for the VM.

Tags: , ,
Posted in FreeBSD | No Comments »

Skype uses nginx?

February 9th, 2013

Or is it that box with the RFC1918 address that appears 3 hops away when I run a traceroute?

20130210-015811.jpg

Tags:
Posted in General | No Comments »

FOSDEM 2013

February 7th, 2013

Last week I attended a conference on open source software called FOSDEM in Brussels, the two day event has lots of tracks, based on either specific projects or topics such as Java or securiy.

I attended the following talks
On Saturday
XMPP 101
The Open Observatory of Network Interference
Practical Security for developers, using OWASP ZAP
The future of X.org on non-Linux systems
Declarative style GUI programming
How to build an Identity Management System on Linux

On Sunday
The Lua Scripting Language in the NetBSD Kernel
Supporting the new C and C++ standards in FreeBSD
Improvements in the OpenBSD IPsec stack

My favourite talk of the event was the OWASP talk on Saturday by Simon Bennetts who did a great job of clearly explaining what ZAP can do & how it is of use for testing the security of your web application.
The XMPP 101 talk gave an overview of what the protocol can do, the OONI talk had a very late start & laptop issues, didn’t get much from the talk but it does seem like an interesting project from the info on the website. Matthieu Herrb  talked about the progress of running X.org on UNIX, conclusion “Tough times for non-linux systems”. Marc Balmer gave two talks on using Lua, first in GUI programming & the second on the lua(4) subsystem in the NetBSD kernel, allowing users to explore the system easily & doing rapid prototype without the initial steep learning curve of learning C & kernel internal, making the system internals easily accessible. The last talk on the Security track was on FreeIPA, luckily the slides were quiet detailed as it was impossible to hear the speaker because the mic was hanging too low off  his shirt collar.

The BSD track on Sunday was where I spent most of the day. David Chisnall spoke about the C & C++ standards & the mistakes made by the standards groups which we have to live with. I spent the lunch break talking with David about FreeBSD, how I struggle with doing buildworld on my X61s, what can be done to speed up buildworld, why the buildworld process takes so long & the tools Juniper has developed which allow you to track the dependency path for building each component in FreeBSD base.
Mike Belopuhov spoke about the IPsec stack & NAT64 support in OpenBSD, I had an opportunity to ask Mike about dead peer detection, in my previous site to site VPN deployment I had issues where if the connection dropped at either site, the tunnel with not be re-established, needing manual intervention, It was good to hear that this was a problem with the isakmpd & not necessarily a configuration issue.

There were a lots of projects & businesses with stands, Oreilly had a stand selling books, Google were in the recruitment section, Oracle with three big banners for java, mysql & something else, the lady on the stand was very friendly, telling me about how Oracle participates in open source software such as Java, the penny then dropped about the update 13 release.
It was good to see CAcert had a stand and were looking very busy with assurances. I visited the mozilla stand & had the opportunity to try out the firefoxOS on a nexus s?
I’m strongly considering moving to it as I’d rather go with firefoxOS than android, the lock down of iOS is very painful for sharing data between my own devices & makes it frustrating for getting content from several devices to a single place.
I visited the google stand to talk to the recruiters there, I was curious to learn about their recruitment process, since 2007 I have been approached by Google on 3 different occasion, the most recent being back in July last year. I always assumed they had drives every so many years & I’d just been lucky to have been listed on three separate occasions, it turns out actually that once you’re on their radar, they will make contact every once in a while to see if your situation has changed & if have developed sufficiently since last time to be able to pass the interview tests.
I spoke with others regarding this, with those now employed by them & those who have also been approached in the past, discussing why systems folks are sought after & what options you have should you wish to no longer be contacted (supposedly under Californian law, if a person requests a company to never be contacted again, the company has to comply?).

Over the weekend I spotted a few OpenBSD tops (more hoodies than t-shirts) & met my first MirBSD user/developer, Benny Siegert who was the organiser of the BSD track at FOSDEM.
I also had the opportunity to meet up with/bump into folks from communities such as MetaBUG, OSHUG, LOSUG, Brighton 2600, London *BSD, it was good to catch up.

Tags: , , ,
Posted in Misc | No Comments »

Hetzner website doesn’t work

February 6th, 2013

Contrary to what the page says. :)

20130206-044517 PM.jpg

Posted in General | No Comments »

WordPress Plugin: Old Core Files

January 27th, 2013

I saw the Old Core Files plugin advertised on my WordPress dashboard & I was curious to see what it’d report for this instance.
It listed 461 obsolete files which I was unable to delete but this may be due to my config rather than a plugin issue (fiddling with filesystem permissions did not help). After the tidy up I went to compose a post only to find that leaving the plugin active breaks the add new post section of WordPress, the following error message is logged

2013/01/27 21:46:36 [error] 49410#0: *511 FastCGI sent in stderr: "PHP Fatal error: Call to a member function abspath() on a non-object in /myblog/wp-content/plugins/old-core-files/old-core-files.php on line 237" while reading upstream, client: 10.10.10.10, server: http://www.myblog.foo, request: "GET /wp-admin/post-new.php HTTP/1.1", upstream: "fastcgi://unix:/tmp/php.socket:", host: "www.myblog.foo", referrer: "https://www.myblog.foo/wp-admin/"

If you have an instance of WordPress that’s been around for a while & has gone through several version updates then it’s well worth installing as a one off. Use the plugin to get a list of obsolete files & remove the plugin afterwards. The current version (v1.0) seems to cause issues if left enabled.

Update 28/1/2013
Version 1.1 has been released which removes the delete button.

Tags: ,
Posted in General | No Comments »

FreeBSD, 10 years on

January 26th, 2013

I write this article a week after my 10th anniversary as a FreeBSD user.
I had heard of FreeBSD previously but had never tried it. The closest I had come to a flavour of BSD was unsuccessful attempts at downloading NetBSD on various modems ranging from 14.4k to 33.6 to install onto a Sun 3/60 in the late 90′s.
In the summer of 2002 I managed to obtain a DEC Alpha which I initially ran NT4 on & Redhat 7.2.
I performed a full install with Gnome & watched as the system crawled as it started X11, over the next couple of days It became more & more apparent that the system couldn’t handle it.
I was reading slashdot one night & saw FreeBSD 5.0 had just been announced & the Alpha was a supported platform so I decided to give it a try & downloaded an iso.
Installation went ok, I can’t remember if I had to restart the process because I’d said yes to test the X configuration in sysinstall or not but I do remember that managed to set my syscons font to swiss.
My background was DOS & Windows with several failed attempts at becoming a Linux users, I had some basic knowledge of the *nix user land but more dangerous than anything. Relying on search engines to find answers which in the case of Linux were either incorrect, outdated or didn’t apply to the distro I happen to be running at the time.
It quickly became apparent that this was not a problem on FreeBSD, everything pointed back to the handbook. Using the handbook with some pointers from IRC I made a lot of progress, far more than I had ever made with Linux, I was able to get GDM running, a BSD theme installed & switch window managers. The system also performed really fast, there was a clear noticeable difference between FreeBSD 5.0 & Redhat 7.2.
Using ports I was able to compile software with little effort & the clear divide of user land between base installed & user installed made it easy to track things down.
I ran the 5.0 release for a couple of weeks & was very happy with the progress I had made with configuring the system but I did run into lots of issues which I was told were bugs in FreeBSD 5.0 & it’s not really production ready so I re-installed 4.7 & stuck with the RELENG_4 branch until 4.11.
I was in love with FreeBSD, it was un-intrusive, well organised, well documented & empowering.
By the time version 5.3 was released I was hosting my first customers websites & email with it & have continued to do so for myself & other customers on many occasions since. 10 years on I am now working with many servers running FreeBSD around the world & I’m as happy with it as the first day that I installed it.

Tags:
Posted in FreeBSD | No Comments »

More Acme & tools of Plan9 from User Space

January 9th, 2013

Mind blown today by the Plan9 tools as I got a chance to practice working in acme more today.
Browsing installed fonts exposed by fontsrv(1) as a file system using 9p(1) (a taste of treating everything as a file), using adict(1) which is a dictionary browser & win(1) which connects a shell with a pane in acme so anything you type into that pane is sent to shell & any output from the shell is sent back to the pane. This allows you to do such things as build notes as you work through a problem at the same time, without having to have a collection step as a part of your work flow.
I love the simplicity & elegance of this environment, the points raised above is essentially what is covered in the tour of Acme Editor by Ross Cox in the 2nd third part.

I’ve been trying different fonts for my terminal, currently between Inconsolata & Adobe Source Code Pro
Screenshot below is taken from 2 instances of Acme, one the left running with Inconsolata 19pt antialiased font & one the right Adobe Source Code Pro 17pt antialiased.

Inconsolata vs Adobe Source Code Pro

Tags: ,
Posted in *nix | 1 Comment »

WordPress database error Illegal mix of collations

January 7th, 2013

Ignore the advice below, this error is still produced and tables are still in latin1 encoding, I will follow up once I’ve looked into it further
So the databases for my blogs were setup a long time ago when the mysql database used a latin1 character set and the latin1_swedish_ci collation. With the 2.1.3 release of WordPress this was changed to UTF-8 which applied to new installs. I was recently looking through my errors logs & noticed frequent errors like
"WordPress database error Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation '=' for query SELECT comment_ID FROM wp_comments WHERE comment_post_ID = '1' AND comment_parent = '0' AND comment_approved != 'trash' AND ( comment_author = 'Someone' OR comment_author_email = 'something@example.com' ) AND comment_content = 'Some comment' LIMIT 1 made by wp_new_comment, wp_allow_comment

As these errors were always generated by spammers I had alway assumed that these errors were cause by them using misconfigured scripts/tools? after all, every time you upgrade WordPress it performs a database update if it’s required!
I suspect I may have screwed things up by replacing the wp-config.php with a more recent copy. This blog started off on a very early zero dot release of WordPress so I was missing lots of things such as the variables for “Authentication Unique Keys” so I swapped files around.

The WordPress site has an article on converting database character sets which gives a brief history & lists several different approaches to solving this problem. I didn’t want to dump databases & restore so I took the longer way of converting tables manually, thought I was done & left it that. Earlier I drafted up a blog post on Acme and happened to scroll down the front page by accident where I noticed that one of my blog posts was incomplete, looking through the archive showed other posts which also had content missing.
Luckily I’d taken a backup before starting the conversion process.
I created a new database for each blog & re-imported each dump using
mysql -u root -p --default-character-set=utf8 mydbname <; mydbbackup.sql
as instructed in the WordPress article
Revisiting the site showed the incomplete posts were fixed.

Tags: ,
Posted in General | No Comments »

Acme

January 7th, 2013

Acme icon
Back in late October of last year The Setup published an interview with Rob Pikes, in this interview he discussed the acme editor from Plan9 which he described as a editor-shell-IDE-oddball with a link to a screen cast by Plan9 from User Space maintainer Ross Cox demonstrating some of acmes features.
I decided to give it a try & downloaded the source code to build on Mac OS X & I was running acme in without any build issues.
As you’ll hear mentioned in the video, acme was designed with a three button mouse in mind, I was on single button old MacBook Pro with a trackpad. I found it difficult to follow the video as I couldn’t work out how what was what, using the keyboard to modify a single click behavior.
I dug out a three button mouse & things went much better using that, but now I was in a situation where I had several pointing devices on my desk which I didn’t fancy switching between depending on the application I happen to be running.
So I gave up on acme on Mac OS & tried it on my ThinkPad, I was unable to compile devel/plan9port on FreeBSD-CURRENT back then & revisiting last night it still appears to be broken in the release from the 5/1/2013, I switched to Windows & attempted to install inferno but didn’t have much luck with the build process there either, searching around I came across acme-sac which is a standalone bundle of the acme editor taken from inferno with pre-compiled binaries available. Only problem then was that as I do not work in windows normally I rarely got a chance to fire it up & eventually forgot about running it all together.

Acme-sac running on Window 7

I’m currently in Moscow & enjoying the Russian new year holiday, as I have spare time I decided to revisit acme again & see if I could find out how to interact with acme using a single button mouse on an Apple pointing device.
On Mac OS, the button on your magic device or trackpad on your laptop = button 1, alt + click = a button 2, ctrl + click = button 3.
You can reproduce the display of labels shown in the video demo by declaring visibleclicks=1.
It seems that it’s not currently possible to address the issue of a 2-1 cord, which allows you to pass arguments to commands. This is where you hold button 2 & press button 1, it’s not a show stopper as you can work around the issue but merging the text you want to connect together before executing on a scratch area.
Now that I am not trying to perform actions which cannot be done with a single button,  I’m at a level where I can copy/cut/paste, search, pipe text in & out of commands & save edited text.
So for example I’m able to write a basic hello world program, write it out to a file, pass the file to a compiler, execute the produced executable & display it all within acme.

Acme running on Mac OS X

Note: Plan9 from userspace comes with its own version of some common tools which depending on how you search path is declared in your shell, may override your existing tools that you’re familiar with eg diff, man & ls.

Tags: ,
Posted in General | No Comments »

wiki.freebsd.org offline at the moment

January 5th, 2013

Due to security issue in MoinMoin

20130106-023437.jpg

Update 7/1/2013
The wiki appears to be back up now

Tags: , ,
Posted in FreeBSD | No Comments »

swap_pager: indefinite wait buffer:

December 29th, 2012

I have a virtualbox VM of FreeBSD-CURRENT running on my work laptop which I’m using for testing & development. To bring the system up to date I started buildworld after updating src, going back to check on the build process I found my SSH session had hung and the VM console had starting showing swap_pager: indefinite wait buffer: followed by values for objects in buffer, block number & size.
A search on google brought up the following answer from UNIXguide

This means that a process is trying to page memory to disk, and the page attempt has hung trying to access the disk for more than 20 seconds. It might be caused by bad blocks on the disk drive, disk wiring, cables, or any other disk I/O-related hardware. If the drive itself is actually bad, you will also see disk errors in /var/log/messages and in the output of dmesg. Otherwise, check your cables and connections.

Increasing the amount of RAM allocated to a VM seems to resolves the issue without having to resort to checking virtual cables or connections.

Update 4/1/2013

It seems that I had forgotten to define MALLOC_PRODUCTION in /etc/make.conf as this problem was also raised on the FreeBSD/ARM mailing list

Tags: ,
Posted in FreeBSD | No Comments »

Plugins which improve the basic security of a WordPress instance

December 25th, 2012

I installed a couple of plugins on my instances of wordpress to offer some basic protection which is not available in a stock wordpress install.
First plugin is Simple Security, this plugin protects against brute force login attempts. (There seems to be an issue with the current 1.0.3 release of this plugin where browsing multipage section of the admin section eg posts, followed up with the developer for feedback).

Second plugin is Ban Hammer which allows you to block accounts from signing up using a listed domain or specific email address.

 

Tags: , , ,
Posted in General | No Comments »

Running IPv6 on 4.4BSD – Summer 2012 Retrochallenge entry

July 2nd, 2012

I’m entering the summer Retrochallenge which runs throughout July, the plan is to get an emulated host running with 4.4BSD-lite connected via IPv6 using the NRL patches & if possible serving a basic webpage over HTTP or fail at it & either way document the journey in this post.
It will be a good opportunity to visit the early implementation of IPv6 & learn about the origin of this stack, IPv6 is sexy right? or is that DNS??
I was unaware of the existence of these patches & assumed KAME was the original implementation until I was pointed to the USENIX paper by fellow tweep Dan McDonald.
Looking forward to doing some digging for information & patches :)
To fit the challenge rules, the host the emulation will run on will be a Cobalt Qube2 with NetBSD/Cobalt.

3/7/12
Before I started to attempt building things I did some research on what was required & if the patches and any documentation was still around.
Sun Microsystems IPng Implmentations page is still available on archive.org though the NRL IPv6+IPsec is long gone, I was able to obtain the patch sets from the RIPE FTP server
The installing & operating 4.4BSD UNIX section of UNIX System Manager’s Manual (SMM) lists the supported platforms by 4.4BSD, I hadn’t realised that VAX was not a officially supported platform in this release by CSRG, the 3 official supported platforms which binaries are shipped for being the HP, DECstation & SPARC platforms, this means that simh is off the list & it’s a toss up between tme & GXemul, I’ve not played with GXemul before but tried the Sun3 emulation on tme a few years back in an attempt to get SunOS 4.x but failed after not getting the disk setup right.
I found a copy of the 4.4BSD-Lite CD ISO files on Poul-Henning Kamps website.
Next step is to get a virtual machine up & running with 4.4BSD-Lite, I’m probably going to start with the DECstation (MIPS) emulation on GXemul & move onto SPARC on tme if things don’t work out. The README with patches states the patches were built on SPARC but I’m hoping this isn’t an issue (endianness?).

21/7/12
My CSRG archives cd set is here, this week will be a cram as I play catch up.
Front cover for CSRG Archives cd set

Back cover for CSRG Archives CD set

Tags: ,
Posted in *nix | 1 Comment »

Goodbye Alphastation

June 22nd, 2012

My second cool legacy UNIX workstation which got me started on FreeBSD & OpenBSD, I obtained this workstation back in the summer of 2002, I first tried Redhat Linux 7.2 which was available as a free download as a promotion to demonstrate the optimisation ability of the Compaq compiler suite for the Alpha. It was a terrible experience consistent with my previous attempts at running Linux up to that point ( I’d started off on Slackware in 96, moved onto Redhat 5.2 followed by Suse 6.2 ), I soon dropped it & moved onto Debian 3.0 (Woody) which was ok but the 7 cd set was a bit too much hassle for doing package installs, the performance wasn’t much better with the compared to the “optimised” Redhat so I moved onto NT 4.0 workstation & FX32! & ran that for a bit before getting bored. In the new year FreeBSD 5.0 release was announced & Alpha was a supported platform so I gave it try on this machine, armed with a copy of the handbook & the help of IRC I made a lot of progress, first by dropping 5.0 & going back to version 4.7 after being told either x was broken in 5 or y was a bug in 5 too many times. I was blown away by how much faster it was compared to the so-called “optimised” edition of Redhat.
Towards the end of 2003 I started thinking about trying OpenBSD as a firewall after hearing about PF & deployed it when 3.4 was released, the Alphastation served as my gateway connected to a 512k/128k cable modem connection but ended up dropping it & moving to i386 when 3.5 was released because php mysql extension was broken on alpha & I wanted to launch this blog.
After that the Alphastation was used less & less over the years so I passed it onto a fellow techie who would appreciate it.

Tags: , , , , , ,
Posted in General | 2 Comments »

iPodLinux on iPod Classic

June 20th, 2012

I’ve kept an eye on the iPodLinux project since I got my 120GB iPod Classic back in 2007, I was never able to try out the fruits of the project as the last supported model was the one prior to the Classic & from the description of the site, the reason was the Classic & newer models used an encrypted firmware.
I was bored tonight & decided to revisit the project to see if any progress had been made & found the site no longer loaded, reading up on the wikipedia page revealed freemyipod which lists the device as supported, so I gave it a go.

Why would you want to do this?

  • Support for file formats not offered by Apple e.g FLAC & OGG
  • Not being tied to an instance of iTunes on a specific computer

    • Installation is only supported via Linux or Windows & is fairly straightforward, I went with the “no iTunes installed” path on Windows and was done in a few minutes. Only sightly annoying thing is that the device needs to be formatted as part of the install process.

    Flashing iPod Classic

    Why would you not want to do this?

  • Rockbox interface is clunkier than the Apple one
  • Losing the ability to use iTunes to sync music (device presents itself as just another drive to computer, you need to manage getting the music on the device yourself)

    I think It was worth the effort to have gained some flexibility & if the interface is really an issue, it is an open source project, so just roll up the sleeves and get involved!

    • Tags: , ,
    Posted in General | No Comments »

    Book Review: Pro DNS and BIND

    May 27th, 2012

    So this is not a new book by any means, bought in 2007, published in 2005, covering BIND 9.x & now succeeded by Pro DNS and BIND 10, I’m on a mission to try & clear as much of my book shelf of books as I can, with ebooks & daily deals from publishers the digital shelf in ibooks is by no means shrinking while I’ve stopped buying books in print. My back is thankful for it & large reference books happily sit in digital format in reach when onsite. Anyway, back to the book this post is about, the book is a polished up version of the DNS for Rocket Scientists Guide which you most certainly would’ve come across if searching for answers to BIND & DNS related questions on the web, with a chapter on DNSSEC which is not on the website for added value.
    The book is split into six parts:

  • Principles and Overview
  • Get Something Running
  • DNS Security
  • Reference
  • Programming
  • Appendixes

    • I read the first eleven of fifteen chapters which took me to the end of the DNS Security part, the last three part are all reference material such as BIND API, RFCs & configuration file parameter lists.
    Like the online guide the book is full of useful information & a very easy read apart from the DNS Security part. The “Securing Zone Transfers” felt out of place and jumped into using the dnssec-keygen with no prior reference to it, I struggled with the DNSSEC chapter also but that may have been more to do with it being my first exposure to the topic. The only thing I found annoying was the repeated reference to the backslash representing the spanning to a new line for every paragraph proceeding a command snippet.

    With reading this book and a review of deploying DNSSEC in the Intro to DNSSEC video from BSDCan 2012 I am looking forward to deploying DNSSEC via both DS & DLV as I have registrar support for some TLDs but not ccTLDs.

    Tags: , ,
    Posted in General | No Comments »

    « Older Entries