Sat, 26 Jun 2010
rose in Japan is down; time to make backups
For some reason, my server in Japan is down. (This website is hosted from Minnesota.) For that reason, freeculture.org is down.
Today is a good day to remember that I should make frequent backups. I'm doing a backup run of the Minnesota machine right now.
[] permanent link and comments
Mon, 27 Apr 2009
Comments
What if there were comments on asheesh.org?
Discuss.
[] permanent link and comments
Sun, 05 Oct 2008
qemu IP address patch
I sometimes use the qemu virtualization system, or its cousin kvm, for creating virtual computers to test software in. Conveniently, qemu makes networking those really easy.
Unfortunately, the IP addresses it assigns for virtualization happen to be in the same subnet as my desktop at work (at CC, 10.0.2.x). I had some fear of changing a piece of software as presumably complex as qemu.
I forged ahead and came up with a patch that I posted to the qemu-devel mailing list. I'm just wring this post in case someone wonders, "How can I change the IP address of the user net layer used by qemu to avoid a conflict?"
The answer is as easy as replacing the string "10.0.2" with "10.0.3" globally across the qemu codebase and recompiling. If that mailing list post ever goes away, I have a local copy of the patch.
(This work was sponsored by CC, but pending an okay from CC, you should be free to use it under the terms of the WTFPL.)
[] permanent link and comments
Sat, 04 Oct 2008
What are your most expensive websites to run? Patching Apache to find out
When running a busy webserver, one may want to know how much server time is spent preparing each request. That would be especially useful if broken-down per web site you host. Server processing time indicates things like how long MySQL queries took, or how loaded the disks are; in general, they are the measure of how difficult it was to answer a request. It may also be interesting to compare server time spent processing a request today to the same request's time in the past as an indication of how system changes (upgraded disks, more complex filesystem) have affected your ability to process web requests.
Apache's mod_log_config lets you log how long a request takes from start to end, which includes the amount of time taken to send the actual data. That can be imagined as server_processing_time + time_to_send_data_to_client. I wasn't interested in seeing how slow or fast clients' net connections were.
In a project I named vhost_effort, I wrote a patch to Apache to be able to log just that server time spent from the start of the request to when the request is ready to be sent. That work was done at Creative Commons, and the software results are available under the Apache 2.0 license. vhost_effort.py is a hack that generates a pie graph for how much server time is spent on each vhost (among other sorts of visualizable statistics). I began thinking of using a visualizer for disk usage to make the pie graph interactive, but by the time I was nearly done working that out we had already gathered all the data we needed.
My projects page has a link to the code in the Creative Commons Subversion repository. I did write about this at labs.creativecommons.org a year ago also.
Code in Creative Commons Subversion.
[] permanent link and comments
Fri, 22 Aug 2008
dd, dd_rescue, and ddrescue
The short answer: "Use GNU ddrescue. GNU stands for Quality."
dd is a classic UNIX utility to read from and write to files (often devices). Typically, one uses it to copy a hard disk to a file, or to image a hard drive by copying a backup onto it.
One hits a problem when the hard disk has errors. In this case, dd abruptly stops working in the middle, reporting an "Input/output error." But when the hard disk has errors, usually what you want is to get an image of all the blocks on the hard disk that are readable - not just the first few before the first error!
(Note for the pedantic: Yes, I know about dd conv=notrunc,noerror. They're so easy to misuse (mostly by forgetting one of those two options) that they're worth avoiding.)
Two tools are available for this particular purpose. Confusingly, one is called ddrescue, and the other is called dd_rescue.
Around 2001, Kurt Garloff wrote dd_rescue. It does what dd does if you pass it some options, but it comes with instructions on how to use it to recover data from drivers, like by running it multiple times or bakcwards. A wrapper script called dd_rhelp automates that process.
When you're running dd_rescue on an obscure OS like Mac OS X 10.3 because you dropped your laptop in Uganda and the Linux partition grew bad blocks and you still want your data, you will find that dd_rhelp is written as a complicated shell script that relies on GNU versions of core system utilities. OS X provides non-GNU versions, and you will waste hours fiddling with compiling those utilities just so you can run some dumb shell script.
In the summer of 2004, the same summer as I dropped my laptop, Antonio Diaz Diaz wrote "ddrescue," a stand-alone C++ tool that does the same things as dd_rhelp, but more sanely and therefore more efficiently. It became an official GNU project. GNU ddrescue, like dd_rhelp, can keep a log file to let itself gracefully pick up after interrputions.
When your hard disk fails, you should turn to your backups. But if you need a tool like these, just remember: "GNU ddrescue."
$ sudo apt-get install gddrescue
[] permanent link and comments
Sun, 03 Aug 2008
Real DOS on a virtual disk
Sometimes you need to run DOS programs, like to flash BIOSs on your laptop. Sometimes, if you're Kragen, that lets you fix ACPI on your BIOS, giving you a hope that X will boot up more often than 1 in 3, sound will skip less, and the first PC card you insert will be assigned a valid IRQ. (The last one is particularly interesting: to get a working PC card before the promised joy of the BIOS update, you have to plug in one card, watch it get assigned the mostly broken IRQ 3, plug in a second card, watch it get assigned the useful IRQ 4, and then you can remove the first one. This is a good way to get a wifi card working.)
Here's a simple HOWTO for getting that going on a Linux machine without repartitioning or booting off external media.
I'll refer to aptitude; I'm assuming you're using a Debian/Ubuntu machine so that makes sense.
Step 1: Install syslinux
Now memdisk is in /usr/lib/syslinux/memdisk .
You should copy it to /boot/ in case your root filesystem is encrypted:
Step 2: Get your DOS floppy in /boot
Debian packages FreeDOS in dosemu-freedos. Unfortunately that doesn't include a floppy image. Instead:
Step 3: Configure GRUB
Put this in your /boot/grub/menu.list and smoke it:
Step 4: Reboot, and choose FreeDOS!
Ta-da, you're done.
More options
For bonus points, you can customize the floppy disk image. The easiest way to modify is to mount it loopback:
Then you can copy files into /mnt/, and then when you're done:
Ta-da, the image has been changed! (Thanks to Kragen for confirming that this actually works.)
The lame old way to customize the image is to use "mtools."
P.S. Thanks to Albert Lee for explaining this trick to me in the first place!
[] permanent link and comments
Wed, 16 Jul 2008
IP over Avian Carrier: Security implications
BBC News has a story on Brazil's pigeon drug mules.
Quoth Bruce Schneier:
[] permanent link and comments
Mon, 26 May 2008
IPv6
Kartik pointed me to this post about "The Future without IPv6". IPv6 is the future addressing scheme that the Internet will hopefully be transitioning to in the next decade or so; IPv4 is the current setup. The reason we need a new addressing scheme is simple - we've run out of addresses. The dream of the Internet was "end to end connectivity," but you can't do that if you don't have enough addresses to give everyone on the network an address.
You've seen this every time you open up a laptop and it gets an IP address from a "wireless router" - the IP address created for you by that router actually can't be reached from the broader Internet. Network Address Translation (NAT) is a trick the router plays where it changes the headers on your messages destined for the Internet so everyone else on the network thinks the box sent the message. But this means if you want to do something not allowed by that box in the middle, or allowed but misunderstood, it is in an incontrovertible position to screw that up.
The article writes:
Using the Internet only for TCP connections to me spells the end of decades of Internet innovations like Voice over IP that rely on the flexibility of the Internet. And the fact that these connections must always go to the few servers able to have their own dedicated IP addresses creates a separate class of connection in the Internet world: "consumer" vs. "distributor". That class distinction is what IP was designed to erase.
I don't agree with the author that we will never move to IPv6, but I also know we won't do it fast enough to satisfy me. Luckily, thanks to the "end to end" nature of the Internet, especially IPv6, I can do my own migration now and give my computers both IPv4 and IPv6 addresses. I'll be here in the future, waiting for the rest of you guys.
P.S. I'm already "multiplexing multiple transports over a single TCP connection" with my always-on SSH tunnel. I am aware of the drawbacks he lists.
[] permanent link and comments
Mon, 03 Mar 2008
Interactive ext3 performance
In 2001, drobbins published an article on IBM DeveloperWorks remarking that the data=journal mount option improved interactive performance on one test from ca. 70 seconds to 7 seconds.
Even today, the openSUSE wiki echoes this advice. I wonder if it still holds.
[] permanent link and comments
Tue, 08 Jan 2008
Passwordless alpine with Dovecot
Do you run a server that people SSH into for email?
Do you like to offer them (al)pine?
Do you use the Dovecot IMAP server?
Do you think your users would like to enjoy IMAP benefits from the comfort of alpine without entering their password?
I do! Here's how: Add this to /etc/pine.conf:
And store this in /usr/local/alpine-rimapd:
chmod +x that sucker and you're off to the races!
[] permanent link and comments