tag:blogger.com,1999:blog-354396792024-03-14T08:10:53.474+00:00~ / pjvenda / blogI'm Pedro Venda and this is my personal blog. I am a techno-geek, a UNIX-head, a petrol-head and a security consultant.
All posts are made over my own point of view and don't necessary reflect what others may think is right or wrong. Mostly they're harmless though :)
In all, this blog follows my perspective that knowledge is power and most effective when shared.
The stuff you learn as you go along ...
... needs to be shared with those that might not know yet.Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.comBlogger73125tag:blogger.com,1999:blog-35439679.post-11334412519912705822013-04-05T17:34:00.001+01:002013-04-05T17:34:32.742+01:00djbdns logging to syslog instead of multilogRecently I came across an issue in the djbdns service on a linux host that I am setting up. After resolving around 250 remote queries, tinydns just stopped responding with no error messages. The same happened with dnscachex. A reboot would give me another allowance of ~250 queries. I was not happy.<br />
<br />
After chasing this bug for a ridiculous amount of time, which included a fair bit of strace, tcpdump, reboots, googling, scripting tests, comparing it with a working installation, etc, I got to the bottom of it.<br />
<br />
To make a long story short, turns out that daemontools - a support package that monitors djbdns services - was firing up multilog which in turn was failing to run due to invalid permissions set in its log directory (multilog was executed under <tt>dnslog:nofiles</tt> and its log directory was owned by <tt>root:root</tt>, so there was little chance of multilog writing files there).<br />
<br />
Logging in djbdns is implemented with a FIFO pipe between tinydns and the logger process - usually multilog. As multilog never really started, tinydns locked up after pumping enough data into the log pipe which apparently filled up its input buffer (guess I could find out exactly how large it is...). Changing ownership of the log directory to <tt>dnslog:nofiles</tt> fixed the problem.<br />
<pre class="code">drwxr-sr-x 2 <b>dnslog nofiles</b> 4096 Mar 19 03:18 main
-rwxr-xr-x 1 root root 98 Mar 24 02:32 run
-rw-r--r-- 1 dnslog nofiles 0 Oct 14 17:59 status
drwx--S--- 2 root root 4096 Mar 24 02:33 supervise</pre>
Then I took the chance to make a further tweak: in a Linux system with no storage, I was not interested in having djbdns writing log files locally. Having a syslog daemon available, configured to forward data to a remote server made the solution quite obvious. All I needed was to get djbdns to forward logs to the local syslog daemon.<br />
<br />
This is surprisingly easy to do but not at all obvious. The logger process is started by daemontools via the wrapper script <tt>/service/tinydns/log/run</tt>.<br />
<pre class="code">#!/bin/sh
exec setuidgid dnslog multilog t ./main</pre>
Instead of multilog, logger can be used to pipe data to syslog like so:<br />
<pre class="code">#!/bin/sh
<b>exec /usr/bin/logger -p <u>local5.debug</u> -t <u>tinydns</u></b></pre>
I chose facility local 5, log level debug and program name tinydns to mark these log entries, but these parameters are user defined. See the logger man page for more information. The same technique can be applied to dnscachex.<br />
<br />
On the remote syslog server, I segregate these logs with the following configuration rules [remember to rotate these log files!]:<br />
<pre class="code">$template HostDirFile_tinydns,"/var/log/%HOSTNAME%/tinydns.log"
$template HostDirFile_dnscache,"/var/log/%HOSTNAME%/dnscache.log"
# DNS services
if $syslogfacility-text == 'local5' and $programname == 'tinydns' then ?HostDirFile_tinydns
& ~
if $syslogfacility-text == 'local5' and $programname == 'dnscachex' then ?HostDirFile_dnscache
& ~
</pre>
Job done.Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-4993836315399367622012-03-19T00:39:00.000+00:002012-03-19T00:39:13.671+00:00Creating Mac OS X Lion Installation media without having purchased Lion @ App store<dl class="itemize">
<dt><a name="summary"></a><h4>Summary</h4></dt>
<dd><p>It is possible to create a bootable Mac OS X Lion installation disk without having purchased the OS from Apple's online App store. I am _not_ talking about a recovery system, but instead of a USB stick or DVD or partition from which the OS can be fully installed or reinstalled onto a computer with an empty disk and no Internet connection. <a href="#process">Skip to the process if you will</a>.</p>
<ol class="toc">
<li><a href="#summary">Summary</a></li>
<li><a href="#background">Background</a></li>
<li><a href="#process">Process</a></li>
<li><a href="#more">About the Internet installation process</a></li>
<li><a href="#final">Conclusion / References</a></li>
</ol>
<p>All the guides I found on the Internet about creating Lion installation USB sticks or DVDs relied on the premise that the user has purchased their OS on Apple store and the process involves its re-download. I have not purchased Mac OS X Lion on App Store so I am unable to re-download it from there without buying again. The other alternative, about 3x more expensive, would be to buy Apple's Mac OS X Lion USB drive. Not going to happen either.</p></dd>
<dt><a name="background"></a><h4>Background</h4></dt>
<dd><p>Apple's latest Mac OS X Lion has a new model of installation and recovery. They have stopped distributing their OS in physical media. Instead people can now purchase Lion on the Apple store, which is delivered in a download. Because of this, a new mechanism to allow for operating system recoveries or reinstalls has been implemented. This new model of recovery relies initially on a 650MB bootable hidden recovery partition, labelled 'Recovery HD' containing what I would call a 'Recovery Mac OS X'. From here users can use recovery tools such as Disk Utility or a terminal, recovering a time machine backup or reinstalling the OS.</p>
<p>In fairness, creating physical installation media is not necessary because hardware released after Lion came out can boot in recovery mode from the Internet. Then a fully restore or installation into an empty disk can be done entirely from the Internet. Older hardware still compatible with Lion can do the same via a boot volume created by the Lion Recovery Assistant tool (same content as in the recovery partition). Both methods have the downside of requiring an Internet connection and time to download about 4GB of data.</p>
<p>I like their new installation and recovery method. It ends up being more flexible than its predecessors. The ability to install Lion <i>without any type of media</i> is great!<br />
But some people - including me - would like to have some sort of physical media with from which a full OS install could be made. Even though I did not use them more than once, I kept the original install discs of 10.4 Tiger, 10.5 Leopard and 10.6 Snow Leopard.<br />
Creating physical Lion installation media is feasible and fairly easy too. It is likely that the number of guides over the Internet about creating Mac OS X Lion installation media has reached triple digits by now.</p>
<p>However all the guides I have read (admittedly not all) assume that the OS has been bought at the Apple App Store. They all rely on extracting that InstallESD.dmg by re-downloading Lion from the App Store, eventually by making use of the command + click modifier to force re-download.<br />
This excludes all Apple buyers that obtained their latest operating system by buying a macbook or imac computer recently. Like me.</p>
<p>I legally own a copy of Mac OS X Lion because it was pre-installed on a new laptop, which makes it legal but not purchased at the App Store. When I go to the App Store, Lion does not appear as a 'purchased' product under my apple id (makes sense). Therefore if I wanted to re-download Lion from the App Store I would have to buy it again... Not going to happen. Apple also sells Lion in physical media (a USB stick) but it costs about 3x the price of standard ,online install Lion... Not a good solution either.</p>
<p size="small">Someone somewhere on the Internet has claimed that once the OS jumps a minor version, it would show up to download. I could not reproduce this as the OS got updated from 10.7.2 to 10.7.3.</p>
<p>It just does not seem fair that I do not get the same features as if I had purchased Lion on the App Store.</p></dd>
<dt><a name="process"></a><h4>How to: Create a Mac OS X Lion installation volume without having purchased it from the App Store</h4></dt>
<dd><p>The limitation of not having bought Lion on the App Store is not being able to re-download the OS's installer, specifically from where it is possible to extract <tt>InstallESD.dmg</tt> - the 3.6GB image with the full install tree. This can be achieved by running the Internet recovery process to reinstall OS X Lion on a blank disk.</p>
<dl class="itemize">
<dt><h5>Step 0. Before beginning</h5></dt>
<dd><p><b><u>Ensure that what you are doing is legal and under Apple's terms and conditions.</u></b> My laptop came pre-installed with Mac OS X Lion so I am elligible to perform this bare metal recovery.<br />
It is relevant to keep the operating system installed on the internal disk functional. This process requires no changes to the internal disk. In fact if you don't have a working OS on the internal disk, you'll need a second Mac to get this done.</p></dd>
<dt><h5>Step 1. Prepare the target disk</h5></dt>
<dd><p>Find a 20GB+ external disk, USB or Firewire (Thunderbolt should work too) with disposable data (all data on the external disk will be deleted, of course). Use Disk Utility to create a new GUID partition scheme with one partition (labelled with whatever you like, but preferably different from the internal disk's label) formatted with 'Mac OS Extended (Journaled)' file system. Remember to apply the changes.<br /><br /><b>This will be your target install disk!</b> I have labelled mine 'Lion Install'.</p></dd>
<p><div class="separator" style="clear: both; text-align: center; margin-bottom: 25px;"><a class="image" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIihtLjUoUv_Elt7pUbwQt0aVOr7SO0Nh6f42dx0sZZWajdQbeHzlYAxzSAt6uAYEzKZhqMPwesQXKYM77yLbEUJss-UhaolX_7gkSmU9os2RpaQnJisYfTp0Yx9dPlNqJSBYdTQ/s1600/Screen+Shot+2011-12-19+at+22.19.07.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="320" width="314" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIihtLjUoUv_Elt7pUbwQt0aVOr7SO0Nh6f42dx0sZZWajdQbeHzlYAxzSAt6uAYEzKZhqMPwesQXKYM77yLbEUJss-UhaolX_7gkSmU9os2RpaQnJisYfTp0Yx9dPlNqJSBYdTQ/s320/Screen+Shot+2011-12-19+at+22.19.07.png" /></a><br /><span style="font-size: small">Target disk before preparation</span></div>
<div class="separator" style="clear: both; text-align: center;margin-bottom: 25px;"><a class="image" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCV047GPlM6Ru9T0WI5tAFl-TJ_wnI6hiZ9_5jjC2srRgzHK2d4g2OMQGJ9BWF08HnwxpaBDL24LomEEaPAEgZAEgDvMZw8QalueCZflFNSpVM5VG3aYF13v8oc5PQ7b3b6M4dlg/s1600/Screen+Shot+2011-12-19+at+22.20.02.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="244" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCV047GPlM6Ru9T0WI5tAFl-TJ_wnI6hiZ9_5jjC2srRgzHK2d4g2OMQGJ9BWF08HnwxpaBDL24LomEEaPAEgZAEgDvMZw8QalueCZflFNSpVM5VG3aYF13v8oc5PQ7b3b6M4dlg/s320/Screen+Shot+2011-12-19+at+22.20.02.png" /></a><br /><span style="font-size: small">Creating the GUID partition scheme on the target disk</span></div>
<div class="separator" style="clear: both; text-align: center;margin-bottom: 25px;">
<a class="image" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP2_Kb_fggvayInW-L1LR5EHgdRfnyGWFZnjGagsI3bNX9Y9_yV-NuEXkTW10LgCMrD2yrKTz_k3v73wkEttXxuYHLQEAGr7nEc_oYyZMngfG_rZdeFvEpvoQ064_RS-H-82TozQ/s1600/Screen+Shot+2011-12-19+at+22.19.51.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="177" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP2_Kb_fggvayInW-L1LR5EHgdRfnyGWFZnjGagsI3bNX9Y9_yV-NuEXkTW10LgCMrD2yrKTz_k3v73wkEttXxuYHLQEAGr7nEc_oYyZMngfG_rZdeFvEpvoQ064_RS-H-82TozQ/s320/Screen+Shot+2011-12-19+at+22.19.51.png" /></a><br /><span style="font-size: small">Creating the Install partition on the target disk</span></div></p>
<dt><h5>Step 2. Go into Internet Recovery mode</h5></dt>
<dd><p>Ensure that you have Internet connectivity via Wi-Fi or Ethernet and reboot (erm, remember to memorise the remaining steps or print them or view them in another device).<br /><br />Connect the external disk and shutdown.<br /><br />Hold cmd-r while pressing the power button to startup the computer into Recovery mode. Release cmd-r after the apple symbol appears.<br /><br />You should have booted into recovery mode which has no user accounts, a grey background and starts with the 'Choose your language' screen.<br /><br />This simpler OS has been loaded from a hidden partition of the internal disk or directly off the Internet. How cool is that??</p></dd>
<dt><h5>Step 3. Initiate Lion reinstallation into the target media</h5></dt>
<dd>Choose the option 'Reinstall Mac OS X Lion' and select your external disk as the target (in my case labelled 'Lion Install'.<br /><br />
Soon after this you will be asked to accept an EULA and Apple will verify your eligibility to perform this installation. If Apple says you're good to go, which should be guaranteed on any hardware released after Mac OS X Lion, the download process begins.<br /><br />The recovery program mentions that '<i>your computer will reboot automatically</i>': this is important, because the reinstallation process requires no interaction and will happily stop after the OS is fully installed on the target media, at which point the files we require will have been deleted.</p></dd>
<dt><h5>Step 4. Interrupt the installation process</h5></dt>
<dd><b><u>The installation process must not be allowed to finish.</u></b> I ensured I was present when the download finished and the computer rebooted. At that point, I hijacked the process and forced the computer to boot into the internal disk's OS instead of the external disk's installer program. Simply disconnecting the external disk from the computer immediately after it reboots should suffice to startup into the internal disk's OS.<br /><br />If the computer is allowed to reboot into the installer program, that is fine, but a reboot must be forced before the installation ends, because at that point the installer program is deleted, which is exactly what we're after.</p></dd>
<dt><h5>Step 5. Extract <tt>InstallESD.dmg</tt></h5></dt>
<dd>Having booted back to a functional OS X, connect the external disk onto which Lion Internet Recovery was initiated and it should have the following files:</p>
<pre class="code">$ ls -lR
total 0
drwx------ 15 pjvenda staff 510 12 Dec 14:10 Mac OS X Install Data/
./Mac OS X Install Data:
total 7448928
-rw------- 1 pjvenda staff 13324 12 Dec 12:42 InstallESD.chunklist.partial
<u>-rw-------@ 1 pjvenda staff 3788832912 12 Dec 14:10 InstallESD.dmg</u>
-rw-r--r-- 1 pjvenda staff 916 12 Dec 12:42 InstallESD.dmg.partialState
-rw-r--r-- 1 pjvenda staff 182 12 Dec 14:10 MacOSXInstaller.choiceChanges
-rw-r--r-- 1 pjvenda staff 10884 22 Jul 05:44 MacOS_10_7_IncompatibleAppList.pkg
-rw-r--r-- 1 pjvenda staff 435 12 Dec 14:10 OSInstallAttr.plist
-rw-r--r--@ 1 pjvenda staff 863920 6 Oct 14:07 boot.efi
-rw-r--r-- 1 pjvenda staff 408 12 Dec 14:10 com.apple.Boot.plist
-rw-r--r--@ 1 pjvenda staff 6306 12 Dec 14:10 ia.log
-rw-r--r-- 1 pjvenda staff 786 12 Dec 14:10 index.sproduct
-rw-r--r--@ 1 pjvenda staff 24087081 6 Oct 14:08 kernelcache
-rw-r--r-- 1 pjvenda staff 618 12 Dec 14:10 minstallconfig.xml</pre>
<p>Locate and keep the file <tt>InstallESD.dmg</tt> by copying it to somewhere safe.<br /><br /><b><tt>InstallESD.dmg</tt> holds the complete Mac OS X Lion installation program and getting to it was the reason to execute this process.</b></p>
</dd>
</dl>
<p>There it is, we were successful at obtaining <tt>InstallESD.dmg</tt> <u>legally</u> without having bought Lion at the App Store, simply by initiating an Internet Recovery and interrupting installation after the program had downloaded the OS.<br /><br />
The rest of the process of creating a bootable full Lion installation media is the same as in any guide on the Internet from after the step of re-downloading the OS from the App store.</p>
<div class="separator" style="clear: both; text-align: center;margin-bottom: 25px;">
<a class="image" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-n8LOcUO_ygd5ZtyRrJvGNJEdmjiUiq2ljRu6zu_uAzJ2HLbBT5Re7hYKwF-o3nWAb8zI1B8QfjjGMukr8BlTxIoHCQCIxw9KNppAQjDn7YDeHPyLDlREE9S6O1Mq3d7RoRUzAw/s1600/Screen+Shot+2011-12-22+at+21.54.51.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="234" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-n8LOcUO_ygd5ZtyRrJvGNJEdmjiUiq2ljRu6zu_uAzJ2HLbBT5Re7hYKwF-o3nWAb8zI1B8QfjjGMukr8BlTxIoHCQCIxw9KNppAQjDn7YDeHPyLDlREE9S6O1Mq3d7RoRUzAw/s320/Screen+Shot+2011-12-22+at+21.54.51.png" /></a><br /><span style="font-size: small">Burning InstallESD.dmg image into the prepared target disk</span></div>
<div class="separator" style="clear: both; text-align: center;margin-bottom: 25px;">
<a class="image" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBGvtBMpohyphenhyphenUKyuv0r-ruS71h1Pp9JYd7PwoH72BBC-bIlDY32NzdgMtqiAV2bI80EauIRr1N0nlu6Y2wGI2HmE4Zt_DQ7BUl5Ry9fOJaoHv54jbHbBTVCKdoqFQ7olggMLsb5-Q/s1600/Screen+Shot+2011-12-22+at+22.15.27.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="276" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBGvtBMpohyphenhyphenUKyuv0r-ruS71h1Pp9JYd7PwoH72BBC-bIlDY32NzdgMtqiAV2bI80EauIRr1N0nlu6Y2wGI2HmE4Zt_DQ7BUl5Ry9fOJaoHv54jbHbBTVCKdoqFQ7olggMLsb5-Q/s320/Screen+Shot+2011-12-22+at+22.15.27.png" /></a><br /><span style="font-size: small">Contents of Lion installation media prepared from InstallESD.dmg image</span></div>
</dd>
<dt><a name="more"></a><h4>About the Internet Recovery process</h4></dt>
<dd>
<p>Luckily Apple's implementaion of Internet recovery is simple:</p>
<ol><li>Download OS X Installer onto target drive;</li>
<li>Reboot from the target drive and run the installer;</li>
<li>Delete the installer just before rebooting again into the newly installed OS;</li>
</ol>
<p>So, between steps 1) and 2), what is left on the target disk is actually the full Mac OS X Lion's installer program.</p>
<pre class="code">$ ls -lR
total 0
drwx------ 15 pjvenda staff 510 12 Dec 14:10 Mac OS X Install Data/
./Mac OS X Install Data:
total 7448928
-rw------- 1 pjvenda staff 13324 12 Dec 12:42 InstallESD.chunklist.partial
<u>-rw-------@ 1 pjvenda staff 3788832912 12 Dec 14:10 InstallESD.dmg</u>
-rw-r--r-- 1 pjvenda staff 916 12 Dec 12:42 InstallESD.dmg.partialState
-rw-r--r-- 1 pjvenda staff 182 12 Dec 14:10 MacOSXInstaller.choiceChanges
-rw-r--r-- 1 pjvenda staff 10884 22 Jul 05:44 MacOS_10_7_IncompatibleAppList.pkg
-rw-r--r-- 1 pjvenda staff 435 12 Dec 14:10 OSInstallAttr.plist
-rw-r--r--@ 1 pjvenda staff 863920 6 Oct 14:07 boot.efi
-rw-r--r-- 1 pjvenda staff 408 12 Dec 14:10 com.apple.Boot.plist
-rw-r--r--@ 1 pjvenda staff 6306 12 Dec 14:10 ia.log
-rw-r--r-- 1 pjvenda staff 786 12 Dec 14:10 index.sproduct
-rw-r--r--@ 1 pjvenda staff 24087081 6 Oct 14:08 kernelcache
-rw-r--r-- 1 pjvenda staff 618 12 Dec 14:10 minstallconfig.xml</pre>
<p>Problem solved!</p>
<p>My initial plan to obtain installation media from the Internet recovery method was significantly more involved. It consisted of doing an Internet based install onto an empty disk while routing the Internet connection via another host which intercepted all traffic. By analysing this traffic, I would hopefully be able to filter important payloads (hopefully most files would be downloaded via plaintext HTTP, but SSL mitm was also within reach).<br /><br />
At some point I reckoned that a full installation tree would at some point be created that could be reused on bootable media, ideally including the InstallESD.dmg image.<br /><br />
Fortunately, soon after I started analysing data (which provided some very interesting results), I realised that the simplest scenario was that Internet recovery simply downloaded the installer onto the target media and ran it from there. So I did a couple of quick tests and, sure enough that was the case.<br /><br />
Nonetheless I had the chance to analyse the network traffic exchanged between laptop and Apple's servers, which revealed the most interesting insights into the process.<br /><br />
Apple's approach to OS distribuition and installation has always been fairly unrestrictive from a technical point of view. There are no serial keys, no activations, no obvious applications of DRM, etc. I reckon the risk they take in facilitating illegal copying of their OS is far outweighted by hardware limitations and especially the pricing model of Mac OS X. OS X is very cheap by any standard and even more so considering how technically good it is. I also think that their legal customer base is a far better investment into the business than working against pirates: that they already know it is an arms-race, that companies tend to lose consistently.</p>
</dd>
<dt><a name="final"></a><h4>Conclusion / References</h4></dt>
<dd><p>All that's left is to provide a number of the references I used from the Internet to do this work and a few final remarks. I hope it's been informative and useful as it was for me.</p>
<p>While researching for this, I came across hundreds of online blog posts, news articles, original and copied howtos, copies of copied howtos, etc. After writing this post (believe it or not) I found one link written by somebody that had the same idea about extracting installation media from Internet recovery. Only one.</p>
<ul><li><a href="http://www.afp548.com/article.php?story=getting-lion-installer"><b>Downloading Hardware Specific Lion Installers</b></a></li></ul>
<p>Some information about InstallESD.dmg's integrity (mine is below):</p>
<pre class="code">$ md5deep InstallESD.dmg
412cee9c4c77c04c9c8489c363a7e2e4 /Volumes/New HD/Mac OS X Install Data/InstallESD.dmg</pre>
<ul><li><a href="https://discussions.apple.com/thread/3417802?start=0&tstart=0">Differences in InstallESD.dmg</a></li></ul>
<p>Resources about Lion recovery disk assistant, Recovery mode and Internet recovery</p>
<ul><li><a href="http://www.macworld.com/article/161664/2011/08/hands_on_with_lion_recovery_disk_assistant.html">Hands on with lion recovery disk assistant</a></li>
<li><a href="http://www.macworld.com/article/161088/2011/07/hands_on_lion_recovery_mode.html">Hands on with lion recovery mode</a></li>
<li><a href="http://www.macstories.net/tag/lion-internet-recovery/">Lion Internet Recovery</a></li>
<li><a href="http://support.apple.com/kb/HT4718">OS X Lion: About Lion Recovery</a></li>
<li><a href="http://support.apple.com/kb/DL1433">Lion Recovery Disk Assistant</a></li></ul>
<p>And finally, arstechnica provides the best Mac OS X guides. These are the nerdiest most detailed guides I've ever seen about an operating system. About all 7 versions of Mac OS X in fact. And they're great!</p>
<ul><li><a href="http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars"><b>Mac OS X 10.7 Lion: The Ars technica review</b></a></li></ul>
</dd>
</dl>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0London, UK51.5081289 -0.12800551.350006900000004 -0.443862 51.6662509 0.187852tag:blogger.com,1999:blog-35439679.post-37952440797819142902011-12-11T02:26:00.000+00:002011-12-14T13:20:13.167+00:00Quick tips for Mac OS X<p>Thought I should share a few tips I learnt today. All these work in multiple versions of OS X although I didn't research exactly which apart from Lion. A quick table of contents for this post is shown below:</p>
<ul class="toc">
<li><a href="#01_hide">Hide or unhide files from finder: the invisible attribute</a></li>
<li><a href="#02_viewvols">View disk volumes on the command line: disk utility does not reveal everything</a></li>
<li><a href="#03_mountvols">Mount and unmount volumes and images on the command line: good for hidden volumes or image files</a></li>
<li><a href="#04_spotlight">Permanently disable spotlight indexing on a specific volume</a></li>
<li><a href="#05_mdutil">Disable ongoing spotlight indexing on a specific volume</a></li>
<li><a href="#06_acl">View extended file attributes and access control lists</a></li>
</ul>
<p>I can't think of many situations where these would be required in day-to-day use of Mac OS X. If you don't know why you would need to use these or what for, then don't bother; you don't need them.</p>
<dl class="itemize"><dt><a name="01_hide"></a><h4>Hide or unhide files from finder: the invisible attribute</h4></dt>
<dd><p>Finder does not display files that have the 'invisible' attribute enabled on them. Makes sense. Just like windows, there are files that the OS does not want users messing about with.<br /><br />But users know better, so I have created two files 'public' and 'secret_to_finder' with text in them. The file 'secret_to_finder' was hidden. <tt>GetFileInfo</tt> and <tt>SetFile</tt> allow for these attributes to be listed and manipulated.</p>
<pre class="code">$
$ # list files
$
$ ls -l public secret_to_finder
<u>-rw-r--r--<b>@</b></u> 1 pjvenda staff 7 10 Dec 16:28 <u>secret_to_finder</u>
-rw-r--r-- 1 pjvenda staff 8 10 Dec 16:28 public
$
$ # get attributes of file 'secret_to_finder'
$
$ GetFileInfo secret_to_finder
file: "/Users/pjvenda/secret_to_finder"
type: "\0\0\0\0"
creator: "\0\0\0\0"
<u>attributes: a<b>V</b>bstclinmedz</u>
created: 12/10/2011 16:28:40
modified: 12/10/2011 16:28:48
$
$ # get attributes of file 'public'
$
$ GetFileInfo public
file: "/Users/pjvenda/public"
type: "\0\0\0\0"
creator: "\0\0\0\0"
<u>attributes: avbstclinmedz</u>
created: 12/10/2011 16:28:42
modified: 12/10/2011 16:28:52</pre>
<p>The three details to note in the listing above are that <tt>ls</tt> happily shows invisible files, a '@' symbol is shown on files with non-standard attributes and the capital 'V' in the attribute list of the file 'secret_to_finder' (same as ls marked with '@').<br /><br />To make 'secret_to_finder' visible again (to Finder) the following code does it.</p>
<pre class="code">$
$ # change file attribute
$
$ SetFile -a v ./secret_to_finder
$
$ # list files again
$
$ ls -l public secret_to_finder
-rw-r--r-- 1 pjvenda staff 7 10 Dec 16:28 <u>secret_to_finder</u>
-rw-r--r-- 1 pjvenda staff 8 10 Dec 16:28 public
$
$ # check that hidden file is no longer hidden
$
$ GetFileInfo ./secret_to_finder
file: "/Users/pjvenda/secret_to_finder"
type: "\0\0\0\0"
creator: "\0\0\0\0"
<u>attributes: avbstclinmedz</u>
created: 12/10/2011 16:28:40
modified: 12/10/2011 16:28:48</pre><p>Visible again.<br /><tt>man {ls,SetFile,GetFileInfo}</tt> is your friend.
</p></dd>
<dt><a name="02_viewvols"></a><h4>View disk volumes on the command line: disk utility does not reveal everything</h4></dt>
<dd><p>Mac OS X has a way of hiding partitions by using a particular partition type code: <tt>Apple_Boot</tt>. Having this type on a partition makes it invisible to Disk Utility. But it is there and I want to mount it.<br />
It is actually very simple. <tt>diskutil</tt> handles this partition as if it was a common visible one (likely <tt>Apple_HFS</tt>).</p>
<pre class="code">$ # list disks and partitions (or slices :)
$
$ diskutil list
/dev/disk0
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *320.2 GB disk0
1: EFI 209.7 MB disk0s1
2: Apple_CoreStorage 319.3 GB disk0s2
3: Apple_Boot Recovery HD 650.0 MB disk0s3
/dev/disk1
#: TYPE NAME SIZE IDENTIFIER
0: Apple_HFS Macintosh HD *319.0 GB disk1
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *8.0 GB disk2
1: <u>Apple_Boot Recovery HD 650.0 MB disk2s1</u>
$
$ # disk2s1 is hidden from Disk Utility but diskutil is able to mount it
$ # (actually disk0s3 is of the same type - hidden too)
$
$ diskutil mount disk2s1
Volume Recovery HD on disk2s1 mounted
$
$ # quick check
$
$ mount
(...)
/dev/disk2s1 on /Volumes/Recovery HD (hfs, local, nodev, nosuid, journaled, noowners)</pre>
<p>Mounted hidden partitions are handled by Finder just as any other mounted volume. <tt>man diskutil</tt> is your friend.</p>
</dd>
<dt><a name="03_mountvols"></a><h4>Mount and unmount volumes and images on the command line: good for hidden volumes or image files</h4></dt>
<dd><p>Handling disk images in Mac OS X is ridiculously simple. This is a powerful feature that OS X makes use of for all the right reasons, and then some more.<br />
Using DMGs could hardly be made easier. Mounting and unmounting is done in Finder by double clicking icons and clicking 'eject' symbols or dragging icons to bins... What if the DMG file is invisible to Finder? One can make it visible (<a href="#01_hide">as shown earlier in this post</a>) or it can be mounted via the command line with <tt>hdiutil</tt> like so:</p>
<pre class="code">$ # find out if BaseSystem.dmg is hidden
$
$ GetFileInfo ./BaseSystem.dmg
file: "/Volumes/Recovery HD/com.apple.recovery.boot/BaseSystem.dmg"
type: "devi"
creator: "ddsk"
<u>attributes: a<b>V</b>bstclinmedz</u>
created: 10/06/2011 14:04:11
modified: 10/06/2011 14:04:11
$
$ # .dmg is hidden to Finder
$ # but it can still be mounted
$
$ hdiutil mount ./BaseSystem.dmg
Checksumming Driver Descriptor Map (DDM : 0)…
Driver Descriptor Map (DDM : 0): verified CRC32 $81E6D0AF
Checksumming (Apple_Free : 1)…
(Apple_Free : 1): verified CRC32 $00000000
Checksumming Apple (Apple_partition_map : 2)…
Apple (Apple_partition_map : 2): verified CRC32 $1025E215
Checksumming Macintosh (Apple_Driver_ATAPI : 3)…
Macintosh (Apple_Driver_ATAPI : 3): verified CRC32 $F1E8BA9E
Checksumming (Apple_Free : 4)…
(Apple_Free : 4): verified CRC32 $00000000
Checksumming disk image (Apple_HFS : 5)…
..............................................................................
disk image (Apple_HFS : 5): verified CRC32 $97F66EDE
Checksumming (Apple_Free : 6)…
(Apple_Free : 6): verified CRC32 $00000000
verified CRC32 $2F452569
/dev/disk5 Apple_partition_scheme
/dev/disk5s1 Apple_partition_map
/dev/disk5s2 Apple_Driver_ATAPI
<u>/dev/disk5s3 Apple_HFS /Volumes/Mac OS X Base System</u>
$
$ # verify mount
$
$ mount
(...)
/dev/disk5s3 on /Volumes/Mac OS X Base System (hfs, local, nodev, nosuid, read-only, noowners, mounted by pjvenda)</pre>
<p>The mounted image is fully useable in Finder as any normal image. <tt>man hdiutil</tt> is your friend.</p>
</dd>
<dt><a name="04_spotlight"></a><h4>Permanently disable spotlight indexing on a specific volume on any host</h4></dt>
<dd><p>There is a way to ensure that a certain volume is never indexed by Spotlight regardless of which computer it is connected to. All that is required is to create a file called <tt>.metadata_never_index</tt> on the root of the said volume and Spotlight will refuse to touch it. This can be done in any OS capable of writing onto the volume's file system, not necessarily a Mac.</p>
<pre class="code">$ # start from a clean, indexable volume
$
$ mdutil -i on /Volumes/My\ Book
/Volumes/My Book:
Indexing enabled.
$
$ # create .metadata_never_index file
$
$ touch /Volumes/My\ Book/.metadata_never_index
$
$ # disable spotlight indexing
$
$ mdutil -d /Volumes/My\ Book
/Volumes/My Book:
Indexing and searching disabled.
$
$ # attempt to enable spotlight again
$
$ mdutil -i on /Volumes/My\ Book
/Volumes/My Book:
Indexing and searching disabled.</pre>
<p>If spotlight is running, creating <tt>.metadata_never_index</tt> does not stop it automatically, although disconnecting and re-connecting the volume will. This ensures that the disk will not be indexed by any Mac OS X system.</p></dd>
<dt><a name="05_mdutil"></a><h4>Disable ongoing spotlight indexing on a specific volume</h4></dt>
<dd><p>I've stopped counting the times I've inserted someone else's external disk or USB stick to have OS X immediatelly hogging CPU and I/O bandwidth for hours indexing everyting it can read. In most cases, these volumes will very rarely be connected to my system, so there's absolutely no point in indexing it. Moreover, when it is someone else's drive, I don't want my OS snooping through every directory.<br />
Mac OS X allows standard user accounts to manage Spotlight indexing on non-system volumes, which is a very nice touch. Administrative privileges are required for system volumes.<br />
So to disable Spotlight indexing immediately, the tool to use is <tt>mdutil</tt>.</p>
<pre class="code">
$ mdutil -d /Volumes/My\ Book
/Volumes/My Book:
Indexing and searching disabled.</pre>
<p>There is no mention of the '-d' switch on <tt>mdutil</tt>'s man page but <tt>mdutil</tt>'s online help has it. To enable indexing again: <tt>mdutil -i on /Volumes/My\ Book</tt>. Also, removing the drive and connecting it again does not resume spotlight, so this is disables spotlight permanently on the host where it was done for that specific disk but Spotlight instances running on other Macs may still index it. To disable spotlight permanently for the target disk on <u>any</u> Mac have a look at the <a href="#04_spotlight">previous suggestion</a> on this post.</p>
<pre class="code">Usage: mdutil -pEsa -i (on|off) -d volume ...
Utility to manage Spotlight indexes.
-p Publish metadata.
-i (on|off) Turn indexing on or off.
-d Disable Spotlight activity for volume (re-enable using -i on).
-E Erase and rebuild index.
-s Print indexing status.
-a Apply command to all volumes.
-V vol Apply command to all stores on the specified volume.
-v Display verbose information.
NOTE: Run as owner for network homes, otherwise run as root.</pre><p>I also found a GUI tool that does this with buttons: Spotless</p></dd>
<dt><a name="06_acl"></a><h4>View extended file attributes and access control lists</h4></dt>
<dd><p>While copying data off my old home directory onto a new installation of Mac OS X, I found a few directories that I was not able to delete.</p>
<pre class="code">$ ls -ld Documents
drwx------+ 2 pjvenda staff 68 10 Dec 15:55 Documents/
$ rm -rf Documents
rm: Documents: Permission denied
</pre>
<p>What? I'm the owner, and I own the top directory, so why the permission issue? Sure enough, root is able to delete it, but that is no answer to the problem. The clue here is the '+' symbol in the privilege section of <tt>ls</tt>'s output.<br />
This is a fairly common feature among modern file systems but seldom used feature introduced into HFS+ in 10.4/Tiger: file system ACLs. Server editions of this operating system do provide a GUI to manage ACLs, but not the desktop version. ACLs may be controlled by using <tt>fsaclctl</tt>.<br />
<tt>ls</tt> not only detects that the files or directories have ACLs applied to them, but it also shows details about the said ACLs.</p>
<pre class="code">$ ls -lde Documents
$ ls -lde Documents
<u>drwx------<b>+</b></u> 2 pjvenda staff 68 10 Dec 15:55 Documents/
0: group:everyone deny delete</pre>
<p>Ah! So nobody is allowed to delete the file as per ACL #0. For the purpose, all I had to do was to get rid of the ACL - this can be done with <tt>chmod</tt> (err, surprise!).</p>
<pre class="code">$ # delete ACL with index 0
$
$ chmod -a# 0 Documents
$ ls -lde Documents
drwx------ 2 pjvenda staff 68 10 Dec 15:55 Documents/
$
$ # ACLs are gone. I can delete the directory now
$
$ rmdir Documents</pre>
<p>Done. Alternatively <tt>chmod</tt> could be used explicitly with the same result like so: <tt>chmod -a 'everyone deny delete' Documents</tt>.<br />
<tt>man {ls,chmod}</tt> is your friend</p>
</dd>
</dl>
<p>I looked into most these small tasks while examining Lion's new recovery/installation model. The <tt>Recovery HD</tt> volume is hidden but useable via the command line, inside there is a <tt>BaseSystem.dmg</tt> file that is invisible to Finder which can be tackled by either mounting it in a terminal or unhiding it.</p>
<h4>Credit</h4>
<ul><li>Mac OS X Lion <tt>man</tt> pages<ul>
<li><tt>ls</tt></li>
<li><tt>SetFile</tt></li>
<li><tt>GetFileInfo</tt></li>
<li><tt>mdutil</tt></li>
<li><tt>hdiutil</tt></li>
<li><tt>chmod</tt></li></ul></li>
<li><a href="http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/2">ars technica: Mac OS X 10.7 Lion: Installation</a></li>
<li><a href="http://reviews.cnet.com/8301-13727_7-20081463-263/manage-all-partitions-with-disk-utility-in-os-x/">Manage all partitions with Disk Utility in OS X</a></li>
<li><a href="http://commandlinemac.blogspot.com/2008/12/installing-dmg-application-from-command.html">Installing a .dmg application from the command line</a></li>
<li><a href="http://arstechnica.com/apple/reviews/2005/04/macosx-10-4.ars/8">ars technica: Mac OS X 10.4 Tiger: Access control lists</a></li>
</ul>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0London, UK51.508129 -0.12800551.349988999999994 -0.443862 51.666269 0.187852tag:blogger.com,1999:blog-35439679.post-62772187653107412202011-11-27T17:02:00.000+00:002011-12-14T10:45:29.445+00:00The joys of hardware RAID<p class="title">Hardware RAID</p>
<p>After having used software RAID on Linux for longer than I'd care to admit, I decided to go business and get a proper RAID controller. I mean having a decent motherboard with a bunch of unused bandwidth (2 channel PCI-X bus), it seemed only fair to make use of it.</p>
<p>I was primarily looking for a good SATA-II PCI-X controller with more than 4 ports. The short list came down to LSI Logic Megaraid 300-8x, Adaptec 2820SA and 3Ware 9550SX-8. Availability and cost end up being the same thing in this case. Most can be bought new but they are extortionately expensive. Alternatively there's the 2nd hand market on ebay... but few cards of this type are there. Eventually I got the 12 port version of the 3ware card (9550SX-12) plus a cache battery (!!).</p>
<p><div class="separator" style="clear: both; text-align: center;">
<a href="http://photos.pjvenda.net/Selected/Hardware/13754155_Tc36ZT#1600959638_gvs65Ks-A-LB" title="Photo & Video Sharing by SmugMug"><img alt="Photo & Video Sharing by SmugMug" src="http://photos.pjvenda.net/Selected/Hardware/i-gvs65Ks/0/S/20110614T22004301-S.jpg" title="Photo & Video Sharing by SmugMug" /></a><br /><span style="font-size: small">3ware 9550SX-12</span></div></p>
<p class="title">Advantages</p>
<p>The whole point of this was to free up system resources from RAID duties (mostly kernel tasks eating away system time, which isn't that much for RAID 1) but more importantely to gain performance by making use of more disks over multiple high bandwidth channels. This was achieved by the 3ware controller which does a wonderful job at managing devices and RAID volumes on its own, independently of the operating system. In addition, the Linux kernel does include a driver that supports the card and the vendor's management tool (tw_cli) is very good.</p><p>Below is a quick listing of me detaching two independent disks and reattaching them in a RAID 1 array. The backup battery unit had not been charge-tested yet by the controller (a 20+ hour process), so it refused to enable functionality that depended on it.</p>
<pre class="code"># tw_cli /c0 show
Unit UnitType Status %RCmpl %V/I/M Stripe Size(GB) Cache AVrfy
------------------------------------------------------------------------------
u0 RAID-1 OK - - - 1862.63 OFF OFF
u1 JBOD OK - - - 931.513 OFF OFF
u2 JBOD OK - - - 931.513 OFF OFF
u3 RAID-1 OK - - - 186.254 OFF OFF
Port Status Unit Size Blocks Serial
---------------------------------------------------------------
p0 NOT-PRESENT - - - -
p1 OK u0 1.82 TB 3907029168 WD-WCAZA3206335
p2 NOT-PRESENT - - - -
p3 OK u0 1.82 TB 3907029168 WD-WCAZA3189743
p4 NOT-PRESENT - - - -
p5 NOT-PRESENT - - - -
p6 OK u1 931.51 GB 1953525168 5QJ0RVB7
p7 OK u2 931.51 GB 1953525168 5QJ0ZA08
p8 NOT-PRESENT - - - -
p9 NOT-PRESENT - - - -
p10 OK u3 189.92 GB 398297088 B41AARNH
p11 OK u3 189.92 GB 398297088 B41AB7KH
Name OnlineState BBUReady Status Volt Temp Hours LastCapTest
---------------------------------------------------------------------------
bbu On No Testing OK OK 0 xx-xxx-xxxx
# tw_cli /c0/u2 del
Deleting /c0/u2 will cause the data on the unit to be permanently lost.
Do you want to continue ? Y|N [N]: Y
Deleting unit c0/u2 ...Done.
# tw_cli /c0/u1 del
Deleting /c0/u1 will cause the data on the unit to be permanently lost.
Do you want to continue ? Y|N [N]: Y
Deleting unit c0/u1 ...Done.
# tw_cli /c0 add type=raid1 disk=6-7 storsave=balance
Creating new unit on controller /c0 ... Done. The new unit is /c0/u1.
Setting Storsave policy to [balance] for the new unit ... Done.
Setting default Command Queuing policy for unit /c0/u1 to [on] ... Done.
Setting write cache=ON for the new unit ...Failed
. BBU is not ready. Use /c0/u1 set cache=ON command
to change the write cache policy when the BBU is ready.
# tw_cli /c0 show
Unit UnitType Status %RCmpl %V/I/M Stripe Size(GB) Cache AVrfy
------------------------------------------------------------------------------
u0 RAID-1 OK - - - 1862.63 OFF OFF
u1 RAID-1 OK - - - 931.312 OFF OFF
u3 RAID-1 OK - - - 186.254 OFF OFF
Port Status Unit Size Blocks Serial
---------------------------------------------------------------
p0 NOT-PRESENT - - - -
p1 OK u0 1.82 TB 3907029168 WD-WCAZA3206335
p2 NOT-PRESENT - - - -
p3 OK u0 1.82 TB 3907029168 WD-WCAZA3189743
p4 NOT-PRESENT - - - -
p5 NOT-PRESENT - - - -
p6 OK u1 931.51 GB 1953525168 5QJ0RVB7
p7 OK u1 931.51 GB 1953525168 5QJ0ZA08
p8 NOT-PRESENT - - - -
p9 NOT-PRESENT - - - -
p10 OK u3 189.92 GB 398297088 B41AARNH
p11 OK u3 189.92 GB 398297088 B41AB7KH
Name OnlineState BBUReady Status Volt Temp Hours LastCapTest
---------------------------------------------------------------------------
bbu On No Testing OK OK 0 xx-xxx-xxxx
# dmesg | tail
(...)
[58946.312871] 3w-9xxx: scsi0: AEN: INFO (0x04:0x001A): Drive inserted:port=7.
[58946.371418] 3w-9xxx: scsi0: AEN: INFO (0x04:0x001F): Unit operational:unit=2.
[58946.396867] sd 0:0:2:0: [sdc] Attached SCSI disk
[59352.626254] scsi 0:0:1:0: Direct-Access AMCC 9550SX-12 DISK 3.08 PQ: 0 ANSI: 5
[59352.626400] sd 0:0:1:0: Attached scsi generic sg1 type 0
[59352.626770] sd 0:0:1:0: [sdc] 1953103872 512-byte logical blocks: (999 GB/931 GiB)
[59352.627651] sd 0:0:1:0: [sdc] Write Protect is off
[59352.627654] sd 0:0:1:0: [sdc] Mode Sense: 23 00 00 00
[59352.628233] sd 0:0:1:0: [sdc] Write cache: disabled, read cache: disabled, doesn't support DPO or FUA
[59352.783431] sdc: unknown partition table
[59352.886156] sd 0:0:1:0: [sdc] Attached SCSI disk
</pre>
<p class="title">Disadvantages</p>
<p>Downsides of this solution were few and at the time mostly neglectible. The 3ware driver for Linux is functional but there are reports of implementation issues, related to interrupt management and PCI interaction. It is a universal 3ware driver that supports a multitude of similar controllers maintained by the vendor but it seems that updates are focused on supporting new cards. Another con of the hardware RAID route is that on-disk format of the data is managed by the card which means that there is a strong possibility that disks and RAID volumes become readable only by compatible 3ware controllers (using the same on-disk format). This reduces flexibility and increases risk in case the controller fails. There is documentation on the Internet that shows this.</p>
<p class="title">In use</p>
<p>Despite the disadvantages which I considered at first but digested over the initial period of testing I decided to go ahead and modify my server from software to hardware RAID. Both my 1TB and 2TB disks were made into RAID1 volumes which the operating system happily uses as if they were single disks which is very cool. I used these volumes as simple disks which I partitioned and gave to LVM.</p>
<p>The card supports and handles hot-swapping and moving disks between physical ports well. I disconnected and connected disks while the volumes were up and all went smoothly. I can't be sure now, but I don't think the card rebuilt the entire volumes - just the blocks that had changed. Swapping ports was no trouble either (even online) all disks were recognised and put into the correct volumes. Booting worked well too, so no complaints in terms of functionality.</p>
<p>However, and in line with reports on the Internet, performance in multiple access situations was not great - the system kind of locked down while multiple heavy I/O operations were taking place. Sure every system becomes sluggish when lots of I/O is happenning, but operations in memory, using cached files, using the shell, etc, all that stuff keeps working smoothly, as long as it does not need to touch disks. Unlike with the 3ware where the shell would become unresponsive to keyboard input. Single operation performance on the other hand was great! Can't remember the numbers - must have then written somewhere.</p>
<p class="title">Breakage</p>
<p>A few months into the break-in period, I was finding ext4 errors being reported by the kernel and also my fault for not adding auto fsck to fstab (in a nutshell, it's the last column of fstab entries: '2' for non-root volumes, '1' for root, ''0' for swap. 'man fstab' for more info).</p>
<p><u>Keep calm and carry on.</u></p>
<p>Not happy about it, I decided to fix the errors, scan the disks, look in host and guest system logs and look for hardware faults on the controller logs. None found. A bit of research into Xen, ext4, LVM, 3ware, etc, revealed few clues.</p>
<p>Assuming it might be issues with ext4, I tried changing a few less important file systems back to ext3 which may be bad in many ways, but _not_ in stability. Soon into this operation errors became frequent, appeared under ext3 too and worryingly operations on one file system were generating errors in other file systems (eek!!). Therefore something bad was wrong. At this point the host OS's root filesystem started to fall apart and important files went missing.</p>
<p><u>Now panic.</u></p>
<p>In disaster recovery mode, I decided not to touch anything, verify if the file server vm was working (it was), buy a large external disk and proceeded to copy over all the important information out of it over the network (which took the most part of 2 days). This is exactly the type of trouble that raid1 won't get you out of - file system corruption. Fortunately the Xen guest images were largely unaffected so I mostly ok, although I was not fully aware of the extent of the damage at the time.</p>
<p class="title">Incident analysis</p>
<p>Frankly I don't know what caused the file system corruption. However, the simple fact that corruption happened under ext4 *and* ext3, and that operations on one file system caused problems in other file systems leads me to look away from the file system itself and into some lower layer of code. Below the file system there is vfs, lvm and the 3ware driver on the kernel. Further downstream, we have the controller itself and the disks. Any of the above is able to interfere simultaneously in more than one file system, and I would imagine it would likely do if something misbehaved. Other variables to throw into the mix are, of course, Xen 4.1.1.</p>
<p>Given that I don't often have this type of issue, I decided to take back the last change that I had introduced: the RAID1 hardware implementation.</p>
<p>I went back to software raid, reinstalled the server and performed some tests which went well. I'm using the same disks as I didn't find any fault in them and I am also using the same controller card, except all disks are now being exported directly rather than in a RAID volume (some would call this JBOD exports). I couldn't resist not using the controller's 1GB of battery supported read/write cache memory... Hopefully it is not faulty.</p>
<p class="title">Conclusion</p>
<p>If the same problem does not happen again, then I have to assume that something in the driver or hardware raid1 implementation is wrong or does not play nicely with Linux and/or with Xen. In the mean time I will also try to buy another SATA-II PCI-X card, but this time RAID is purely optional.</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0London, UK51.5001524 -0.126236251.1838419 -0.7579502 51.8164629 0.5054778tag:blogger.com,1999:blog-35439679.post-60439037237268525022011-05-17T19:07:00.000+01:002011-05-17T19:07:24.676+01:00Enabling a full XEN domU login console<p>So I got rid of vserver and I'm rebuilding my server with xen. I'm building a XEN 4.1 with Gentoo XEN kernels for domain 0 and unprivileged domains. There were a number of issues with the process but I managed to get a stable fully functional dom0 kernel going. Unprivileged domains will have to be built from scratch as the current file systems were tweaked for the vserver environment.</p><p>The base file system is a Gentoo amd64 stage3 mounted in loopback mode. I also have a functional domU kernel so it was time to create a sample configuration file and fire up a virtual host with <pre>xm create <config_file> -c</pre>It seemed to bootup properly but console output ceased immediately after the kernel booted - the point at which process 1 is called: <tt>init</tt>. Some theory as to why this happens can be found here: <a href="http://www.xen.org/files/xensummit_4/xensummit_linux_console_slides.pdf">http://www.xen.org/files/xensummit_4/xensummit_linux_console_slides.pdf</a></p><p>So to enable a fully functional xen login console the following is required (as always, there are other methods for similar or different purposes):</p><p><ul><li>Make sure your domU kernel has all serial ports disabled. This may not be required but it will save some potential hassle because of how xen handles domU kernels;<br /><br /></li>
<li>Make sure your domU file system is populated with a bare base of device files in /dev (console, null, etc.). Gentoo's stage {1,2,3} base filesystems have all the necessary files;<br /><br /></li>
<li>Configure the kernel's virtual terminal driver to use xen's subsystem by adding the following command line parameter <pre>xencons=<b>xvc</b></pre>As far as I understand, this is the default for current XEN kernels, so this parameter may not be required (it wasn't in my case but it's here for the sake of completeness);<br /><br /></li>
<li>Configure the kernel's console to output to a xvc type terminal. This is done by adding <pre>console=<b>xvc0</b></pre>to the domU's kernel command line;<br /><br /></li>
<li>Adding kernel command line parameters can be done by editing the configuration file and adding (or adding to) a '<tt>extra=</tt>' entry with whatever command line parameters as required. Specifically for this case, that would be<pre>extra = 'xencons=xvc console=xvc0'</pre>If '<tt>extra=</tt>' already exists and contains something, just add the console parameter at the end: <pre>extra = 'parameter=value param2=value2 xencons=xvc console=xvc0'</pre><br /></li>
<li>Observe the kernel bootup messages looking for lines with '<tt>console</tt>'. There should be one similar to: <pre>Xen virtual console successfully installed as <u>xvc0</u></pre><br /></li>
</ul></p><p>At this point, there should be a working console past the init process, service startup output (rc*) will be visible. However, it is likely that a login prompt won't appear. If that's the case and you want one, read on.</p><p><ul><li><tt>/etc/inittab</tt> can be setup to fire respawning login terminals at character devices, such as serial ports or the xen console (xvc0). One or more terminal lines are probably already on <tt>/etc/inittab</tt> with getty processes such as <pre>c1:12345:respawn:/sbin/agetty 38400 <u>tty1</u> linux</pre>I modified one of those to point at <tt>/dev/xvc0</tt> rather than at /dev/tty1: <pre>c1:12345:respawn:/sbin/agetty 38400 <u><b>xvc0</b></u> linux</pre>(in case you're wondering, the first parameter c1 is only a label). In addition, for xen domU virtual hosts, there is little point in having any other login terminals, so the remaining (at tty2, tty3 and so on) can safely be commented out;<br /><br /></li>
<li>Remember to setup a root password...;<br /><br /></li>
<li>The final step is to get your system to allow root logins on the xen console. <tt>/etc/securetty</tt> contains a list of terminal devices over which root logins are allowed, to which '<tt>xvc0</tt>' needs to be added (no <tt>/dev/</tt>);<br /><br /></li></p></ul><p>Done!</p><p>A few more things I learnt while setting up this template file system:</p><p><ul><li>When creating sparse loopback file systems, <b>make sure</b> the host file system can accommodate the entire file, <u>or else the loopback file system <b>will become corrupt</b></u>;</li>
<li>Linux does strange things when it runs out of space on /;</li></ul></p><p>kthxby!</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-51357646336406243092011-04-21T20:53:00.000+01:002011-04-21T20:53:08.261+01:00code snippet and a quoteCode snippet unrelated to quote and quote unrelated to code snippet.<br />
<br />
Code snippet [needed this for a while]:<br />
<br />
<pre>#!/bin/bash
function fsuffix() {
local LEN=2
# ${1} full path
FILE=$(basename ${1})
DIR=$(dirname ${1})
# get last file of the specified type
LS=$(ls -1 "${1}"-* 2>/dev/null| egrep "${1}-[0-9]+$" | sort -nr | head -n 1)
if [ -z "${LS}" ]; then
FSTSUF=1
LSTSUF=0
LST=""
LSTSFX_OUT=""
else
LSTSUF=$(echo ${LS} | egrep -o "[0-9]*$")
FSTSUF=$((LSTSUF+1))
printf -v LST "%s-%0${LEN}d" "${FILE}" "${LSTSUF}"
LSTSFX_OUT="${DIR}/${LST}"
fi
printf -v FST "%s-%0${LEN}d" "${FILE}" "${FSTSUF}"
FSTSFX_OUT="${DIR}/${FST}"
return ${FSTSUF}
}</pre><br />
Quote:<br />
<blockquote><i>I'm going to record this in your file, under commendations-oh, there's a lot of space here. "Did well...enough"</i></blockquote>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-17075557830434990172011-03-31T19:31:00.003+01:002011-03-31T19:31:00.763+01:00Ducati Desmosedici RROne of the past weekend's highlights was spotting a rare bike... Alice.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxu9-tQhbelDXiadKrCehd_usR1fecDx2d1X7a5rXD01DQd1TXcrZfS1gaVil5Jwwr1qiKWvF3smJmrHdakNR4ev2y98TEZuApkT23iIrWYJPILDmXahrdx88IhsPhCBUZQaxKqQ/s1600/DesmosediciRR.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxu9-tQhbelDXiadKrCehd_usR1fecDx2d1X7a5rXD01DQd1TXcrZfS1gaVil5Jwwr1qiKWvF3smJmrHdakNR4ev2y98TEZuApkT23iIrWYJPILDmXahrdx88IhsPhCBUZQaxKqQ/s320/DesmosediciRR.jpg" width="320" /></a></div><br />
Alice is a Ducati Desmosedici RR: a £40k road legal MotoGP motorcycle replica. This is a rare find, particularly due to its price, but also because of scarce availability.<br />
<br />
There's a lot special about this bike from an engineering point of view.<br />
<br />
<ul><li><a href="http://en.wikipedia.org/wiki/Ducati_Desmosedici_RR">Desmosedici RR</a> is the road legal Racing Replica of the MotoGP <a href="http://en.wikipedia.org/wiki/Ducati_Desmosedici">Ducati Desmosedici GPn</a>;</li>
<li><a href="http://en.wikipedia.org/wiki/Ducati_Desmosedici">Desmosedici GPn</a> is the n'th season motogp racing bike developed by Ducati. Currently in the MotoGP season of 2011, Ducati is running the <a href="http://en.wikipedia.org/wiki/Ducati_Desmosedici#GP11">Desmosedici GP11</a>;</li>
<li>The term "desmosedici" is a contraption of '<a href="http://en.wikipedia.org/wiki/Desmodromic_valve">desmodromic</a>' and 'sedici' (sixteen in Italian) that would translate to something like '16 valve Desmodromic valvetrain';</li>
<li><a href="http://en.wikipedia.org/wiki/Desmodromic_valve#Design_and_history">Desmodromic distribution</a> is a solution devised to overcome problems related to spring actuated valves at high engine rpm first implemented around 1910;</li>
<li>(All current Ducati engines employ the desmodromic valvetrain system: <a href="http://en.wikipedia.org/wiki/Ducati_Desmoquattro_motorcycles#The_Early_Desmoquattro_.28851_-_996S.29">desmoquattro</a>, <a href="http://en.wikipedia.org/wiki/Ducati_Desmoquattro_motorcycles#The_Testastretta_.28996R_-_999R.29">testastretta</a>, <a href="http://en.wikipedia.org/wiki/Ducati_Desmoquattro_motorcycles#Testastretta_Evoluzione_.281098.29">testastretta evoluzione</a>);</li>
</ul><br />
Here's a detailed technical description and comparison between a Desmosedici RR and a GPn: <a href="http://robotpig.net/__automotive/ducati_desmosedici.php?page=1">http://robotpig.net/__automotive/ducati_desmosedici.php?page=1</a><br />
And this is a very good succinct 3d model of a desmodromic valve: <a href="http://www.seastarsuperbikes.co.uk/ducatiengines.html">http://www.seastarsuperbikes.co.uk/ducatiengines.html</a><br />
<br />
From a rider's standpoint this is probably as close as one can get to a road legal motogp bike. And that's ~200bhp at the rear wheel, slipper clutch, 171Kg (== over 1000 bhp per 1000Kg), a beautiful growling Ducati V-4 engine attached to a glorious - barely legal - exhaust and handling manners of a race bike.<br />
This is _not_ my type of bike, but it's as exciting as a GT1 racing car. Like such, I would not pass the opportunity to try it out. :-]Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-69020141409471915632011-03-31T17:51:00.002+01:002011-03-31T17:51:00.141+01:00This week's reading listA covert distributed file system implemented on top of hacked printers.<br />
<a href="http://www.remote-exploit.org/wp-content/uploads/2011/03/Printers-Gone-Wild.pdf">http://www.remote-exploit.org/wp-content/uploads/2011/03/Printers-Gone-Wild.pdf</a><br />
Video here: <a href="http://www.remote-exploit.org/?page_id=764">http://www.remote-exploit.org/?page_id=764</a><br />
<br />
A more generic, yet much longer and deeper printer hacking presentation. Included in the discussion are the issues of firmware infection and remote attacks to printers with malicious physical consequences.<br />
<a href="http://archive.hack.lu/2010/Costin-HackingPrintersForFunAndProfit-slides.pdf">http://archive.hack.lu/2010/Costin-HackingPrintersForFunAndProfit-slides.pdf</a><br />
<br />
Cisco's guide of IPv6 for dummies. This is a long PDF presentation that is well worth the time to go through.<br />
<a href="http://ipv6forum.se/wordpress/wp-content/uploads/2009/01/ipv6-for-dummies-se-090120.pdf">http://ipv6forum.se/wordpress/wp-content/uploads/2009/01/ipv6-for-dummies-se-090120.pdf</a><br />
<br />
TCP hijacking state of the art (in the context of proxy services)<br />
<a href="http://www.squid-cache.org/~adrian/talks/20080510%20BSDCan%20TCP%20Hijacking%202.pdf">http://www.squid-cache.org/~adrian/talks/20080510%20BSDCan%20TCP%20Hijacking%202.pdf</a><br />
Complements well with this tool: <a href="http://intrepidusgroup.com/insight/mallory/">http://intrepidusgroup.com/insight/mallory/</a><br />
<br />
fun!Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-31476529128557966252011-03-08T20:33:00.001+00:002011-03-08T20:33:00.175+00:00eroded compact discMetallica: the black album, an album of a very rare breed of musical work. I bought this CD a long time ago - around 1994 (about 17 years ago). Shortly after I bought it, maybe a year or so, I noticed these tiny cracks appearing around the edges. Those tiny cracks have been growing as if erosion or corrosion has been taking place in the reflective material.<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghtY6DmjmkLBEdEx3MLSXPesKDgRwHS8FUytCOkuXr2YsAOiJ_H6wcbPpXHKcRvklYDlfCJAPkjO4UsmTq0hBFxoifZjkIDj56F1GKMfDZVCOgO1FpzGCJYnAZqiX7hF88lDDeHg/s1600/1209881260_bTomc-L.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghtY6DmjmkLBEdEx3MLSXPesKDgRwHS8FUytCOkuXr2YsAOiJ_H6wcbPpXHKcRvklYDlfCJAPkjO4UsmTq0hBFxoifZjkIDj56F1GKMfDZVCOgO1FpzGCJYnAZqiX7hF88lDDeHg/s320/1209881260_bTomc-L.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">eroded compact disc?</td></tr>
</tbody></table>No other CD I own has ever had this kind of issue. I'm guessing this was a manufacturing defect, perhaps a one-off or an entire batch, who knows? The last track doesn't play any more - there's no reflective material left to cover the entire surface that contains it.<br />
<br />
Isn't it ironic that this kind of physical wear would develop in a <a href="http://en.wikipedia.org/wiki/Compact_Disc">compact disc</a> - one of the most robust digital support ever made, originally developed and aimed at the consumer market as reliable media to record and playback music? The fact that this was a one-off in my collection and that a (quick) google search revealed nothing of this kind probably means that this is indeed rare.<br />
<br />
But a curious one, nonetheless...Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-82440101736373135542011-02-14T00:01:00.000+00:002011-02-14T00:01:09.984+00:00long traceroutesPhysical distance and network distance have an interesting relationship. Even though intra and inter-city links can be horribly slow and therefore not a good measure of physical distance, the same is not as true for international and inter-continental links.<br />
<br />
From the UK (a.a.a.a) to Japan (z.z.z.z) via the Internet:<br />
<br />
<tt>traceroute to z.z.z.z (z.z.z.z), 30 hops max, 40 byte packets<br />
1 b.b.b.b (b.b.b.b) 0.710 ms 0.606 ms 0.636 ms<br />
2 c.c.c.c (c.c.c.c) 3.065 ms 2.447 ms 2.817 ms<br />
3 d.ukcore.bt.net (d.d.d.d) 2.810 ms 2.793 ms 2.483 ms<br />
4 e.e.e.e (e.e.e.e) 7.235 ms 6.432 ms 7.068 ms<br />
5 f.ukcore.bt.net (f.f.f.f) 6.449 ms 6.360 ms 6.221 ms<br />
6 * g.eu.bt.net (g.g.g.g) 6.151 ms 5.906 ms<br />
7 h.eu.bt.net (h.h.h.h) 88.322 ms 88.575 ms 88.227 ms<br />
8 i.eu.bt.net (i.i.i.i) 88.652 ms 88.257 ms 88.850 ms<br />
9 * * *<br />
10 j.j.j.j (j.j.j.j) 164.092 ms 163.958 ms 163.862 ms<br />
11 k.kddnet.ad.jp (k.k.k.k) 151.157 ms 150.945 ms 150.999 ms<br />
12 l.kddnet.ad.jp (l.l.l.l) 262.545 ms 264.215 ms 262.769 ms<br />
13 m.kddnet.ad.jp (m.m.m.m) 284.810 ms 278.666 ms 276.577 ms<br />
14 n.kddi.ne.jp (n.n.n.n) 270.713 ms 270.666 ms 282.805 ms<br />
15 o.kddi.ne.jp (o.o.o.o) 278.036 ms 278.105 ms 278.458 ms<br />
16 p.kddi.ne.jp (p.p.p.p) 269.161 ms 266.220 ms 270.104 ms<br />
17 q.kddi.ne.jp (q.q.q.q) 279.407 ms 283.477 ms 279.755 ms<br />
18 r.r.r.r (r.r.r.r) 295.864 ms 266.645 ms 267.897 ms<br />
19 s.s.s.s (s.s.s.s) 268.964 ms 268.345 ms 267.745 ms<br />
20 z.jp (z.z.z.z) 265.074 ms 275.107 ms 263.744 ms</tt><br />
<br />
The key hops are 6 to 7 (~82ms) [UK-Europe], 8 to 10 (~76ms) [Europe-Japan] and 11 to 12 (~110ms). These represent the respective network distances of the links between UK and somewhere in Europe and between somewhere in Europe and Japan.<br />
<br />
From the UK (a.a.a.a) to Australia (z.z.z.z) via a private link:<br />
<br />
<tt>traceroute to z.z.z.z (z.z.z.z), 30 hops max, 40 byte packets<br />
1 b.b.b.b (b.b.b.b) 0.522 ms 0.491 ms 0.827 ms<br />
2 c.c.c.c (c.c.c.c) 2.811 ms 2.788 ms 2.753 ms<br />
3 d.d.d.d (d.d.d.d) 0.567 ms 0.543 ms 0.515 ms<br />
4 e.e.e.e (e.e.e.e) 0.467 ms 0.771 ms 0.556 ms<br />
5 f.f.f.f (f.f.f.f) 6.864 ms 8.488 ms 11.544 ms<br />
6 g.g.g.g (g.g.g.g) 305.581 ms 306.083 ms 306.598 ms<br />
7 z.z (z.z.z.z) 305.507 ms 305.506 ms 305.377 ms</tt><br />
<br />
In this case, the important hops are 4 to 5 (~8ms) [likely intercity] and 5 to 6 (~295ms) [obviously intercontinental].<br />
<br />
<div>An interesting trivia to take away from the latter case is packets travelled half the world and back at a difficult-to-conceive 408 216 000 km/h or 253 653 663 mph. Or in a scientific perspective 0.378*c [where c is approximately the speed of light in vaccum].<br />
<br />
My trusty UDP packets travelled half the world and back at an amazing ~37.8% of the speed of light! That's including routing and other network type processing, variable speeds of propagation trough different mediums, etc.</div>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-84969292280161981892011-01-25T14:00:00.000+00:002011-01-25T14:50:55.115+00:00robust internet connection 1/2<div>Until recently, my overkill home network had two routers with DSL cards in them. An 877W and a 2621XM with a WIC-1ADSL.<br />
<br />
The 870 served as the outside router, providing an Internet connection via aDSL to my ISP. I have OSPF running between the two routers, including default route distribution (<span class="Apple-style-span" style="font-family: 'courier new';">default-information originate</span>) from the outside router, informing other routers about an Internet access path.</div><div><br />
</div><div style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhcQR-32eg1gKu55Qo4asWgoPvb4f4vfTuYsI-PUVzdlDpIjbqxoCybcTBNtApIN6maxa_OC7AoFYxEvD9F1VYI8ZJ8IbuICg2_HEFkw0s5jimiEWDVm-jqDEV1ANySGjqgRoqBA/s1600-h/r1.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5435522202301947426" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhcQR-32eg1gKu55Qo4asWgoPvb4f4vfTuYsI-PUVzdlDpIjbqxoCybcTBNtApIN6maxa_OC7AoFYxEvD9F1VYI8ZJ8IbuICg2_HEFkw0s5jimiEWDVm-jqDEV1ANySGjqgRoqBA/s640/r1.png" style="cursor: hand; cursor: pointer; display: block; margin: 0px auto 10px; text-align: center;" /></a><br />
<span class="Apple-style-span" style="font-size: small;">Typical setup. Cisco 877W is Internet gateway and responsible for NAT. Traffic is routed via 2621XM.</span></div><br />
As I was fiddling with routing protocols and had multiple DSL cards, one question came up: <b>could I have such a setup that if I swap my DSL cable from one router to the other, the user network can keep accessing the Internet without having to configure/reconfigure anything?</b><br />
<b><br />
</b><br />
<div>I thought so, and I can! What's required?</div><div><ol><li>A routing protocol to update the routing tables of both routers if such a change would happen. done: OSPF. But now the core router would also have a default route to distribute should it become the Internet uplink (so <span class="Apple-style-span" style="font-family: 'courier new';">default-information originate</span> on it too);</li>
<li>Redundant NAT configurations, so both routers perform address translation in the same way: can do;</li>
</ol><br />
<br />
<div style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIRE6N2Riw0KwZlW4rcrPpks2HjmXdY6dVLuD5fDdj0x8sh-Lhyphenhyphen0N3dGKSJZ4LUUrWz3EmdvbwuTBdD54OJsr45XrieT_HDFs3PRk0hNCHmbNQLHOkdhOgq1ZDxPJD8DiEMQ5tiw/s1600-h/r2.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5435524257127855842" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIRE6N2Riw0KwZlW4rcrPpks2HjmXdY6dVLuD5fDdj0x8sh-Lhyphenhyphen0N3dGKSJZ4LUUrWz3EmdvbwuTBdD54OJsr45XrieT_HDFs3PRk0hNCHmbNQLHOkdhOgq1ZDxPJD8DiEMQ5tiw/s640/r2.png" style="cursor: hand; cursor: pointer; display: block; margin: 0px auto 10px; text-align: center;" /></a><span class="Apple-style-span" style="font-size: small;">Alternative setup. Cisco 2621XM becomes Internet gateway, also responsible for NAT.</span></div><br />
So after a little while, I got it going. Sadly, the WIC-1ADSL is far far from being as good as the 877W's DSL chipset, so Internet performance suffers a good bit. However, the exercise here is technological and it is about redundancy and/or robustness (albeit partially manual, as I have to switch the cable between routers).<br />
<br />
<div>... to be continued.</div></div>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-5755724217856955712010-08-04T16:20:00.001+01:002010-08-04T16:20:30.070+01:00Power delivery<div style="text-align: center; padding: 3px;"><a href="http://www.flickr.com/photos/pjvenda/4856321779/" title="photo sharing"><img src="http://farm5.static.flickr.com/4082/4856321779_6a5826cd1f.jpg" style="border: solid 2px #000000;" alt="" /></a><br /><span style="font-size: 0.8em; margin-top: 0px;"><a href="http://www.flickr.com/photos/pjvenda/4856321779/">Power delivery</a>, originally uploaded by <a href="http://www.flickr.com/people/pjvenda/">pjvenda</a>.</span></div><p>The final link between drive train and rear wheel.</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-81154024184758887392010-07-20T19:20:00.001+01:002010-07-20T19:20:13.605+01:00St Michael's mount<div style="text-align: center; padding: 3px;"><a href="http://www.flickr.com/photos/pjvenda/4518316815/" title="photo sharing"><img src="http://farm5.static.flickr.com/4007/4518316815_b5bb4fd681.jpg" style="border: solid 2px #000000;" alt="" /></a><br /><span style="font-size: 0.8em; margin-top: 0px;"><a href="http://www.flickr.com/photos/pjvenda/4518316815/">St Michael's mount</a>, originally uploaded by <a href="http://www.flickr.com/people/pjvenda/">pjvenda</a>.</span></div><p>The narrow twisty footpath into the castle.</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-32082455479325960692010-07-15T23:12:00.002+01:002010-08-05T10:55:41.205+01:00Spotify maturing as a business?<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjr33ZTovbxfUTlSJSyVfFReqdSrgaR6XvRN7fu2xNwAvjeIdajpyjdgv8e7pNF56ZP0D_pLxktNs7L1aG5H0XJujZT7jd_FQvpvIzkpY3Zy1cx7YXlrniAP6KFJx7CYQq-bhzwjQ/s1600/SS-2010-07-15_20.55.01.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="141" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjr33ZTovbxfUTlSJSyVfFReqdSrgaR6XvRN7fu2xNwAvjeIdajpyjdgv8e7pNF56ZP0D_pLxktNs7L1aG5H0XJujZT7jd_FQvpvIzkpY3Zy1cx7YXlrniAP6KFJx7CYQq-bhzwjQ/s200/SS-2010-07-15_20.55.01.png" width="200" /></a>Spotify is a great product, I use it every day. It's an online music streaming service available for a number of countries in Europe (sorry, Portugal is not in the list yet... shame on you Spotify).<br />
<blockquote><b>Warning:</b> This is my own opinion... a long one.</blockquote>I have been using it since its early days, when signing up was open and free and their ads seemed "amateur" at most. They even had a "Spotify voice mail" into which users left their messages of spotify-glory eventually ending up in self-advertising ads.<br />
<br />
Discussions with business aware people led me to believe that there is something not quite right with their business model. To users it was music on tap for free, high quality, high availability, nagging ads but nothing we couldn't live with. I know that the key of success in online services is the ability to create a critical mass of users. Hence it made sense to give away music on tap for free.<br />
<br />
Starting a business is difficult and incurs a lot of risk. Most technology companies have significant losses during the first years of operation, but often after braking even, the gains far outweigh the losses. In other words, losses in this case == investment.<br />
<br />
But this is not sustainable forever and something was bound to happen. They would have to change the revenue model or increase the density of ads (a lot!) in the free accounts to make people switch to the paid version or go bust or be backed up by a company that made money some other way...<br />
<br />
Adding to this, they implemented some serious anti-tampering stuff into their windows client since the very initial versions, including fancy anti-debugging and obfuscation code. Clearly they either over-engineered it or just prepared for a longer-term reality... Not that it is a bad thing, implementing decent security measures since day one, but it was also a visible sign that they did not want people cracking it.<br />
<br />
The way I see it, there's a thin line between giving away enough to attract interest and new users and charging enough (from whatever multiple sources) to keep the business afloat, or at least following to the almighty business plan. Giving away stuff keeps people happy and attracts new users, etc, but does not pay the bills. Shutting the service to paid customers would kill the expansion of their user base. I think they never got this balance exactly right (assuming of course it was possible in the first place).<br />
<br />
Over the past year or so they introduced various changes that affect the afore-mentioned balance. Their initial model was something like:<br />
<ul><li>Paid ads;</li>
<li>Free accounts to everyone: Lots of music available, ads that could not be skipped;</li>
<li>Premium accounts for £9.99 per month: No ads, higher quality streaming;</li>
</ul>Shortly after the following features also appeared:<br />
<ul><li>Paid ads: Arbitrary companies were able to advertise in Spotify, spamming free accounts forever. Artists were also advertising their work via Spotify ads;</li>
<li>Premium accounts: <b>Offline mode</b>, <b>mobile access</b> for some smartphone platforms and unrestricted international access, even higher quality streaming, <u>invites were provided</u>;</li>
<li>Free accounts I: access out of allowed countries was limited to 14 days, [the mac client paused ads if sound was muted - sneaky, eh?];</li>
<li><b>Mobile access</b>: Various applications were created and deployed for the most widely used smartphone platforms (iPhone, android, any other?). This is, of course, restricted to premium accounts;</li>
<li>Free accounts II: All existing free accounts kept working normally. However, <u>free accounts could no longer be created without an invite</u>. Invites were being handed to paying users and could be used as tokens to create new free accounts. So free accounts stopped being free, essentially;</li>
</ul>Now the free user base could only expand with the help of the paying user base. Clever! The number of invites given to premium account holders was now controlling expansion of the free user base. So if you didn't have an account, you'd be left with 2 choices: either find someone with a premium account and get an invite from them or buy a premium account yourself.<br />
<br />
Also there was little choice to the user base. Either you have a free account with nagging ads or you pay £9.99 per month... or the ridiculous £9.99 for one day. There weren't too many commercial ads, most were artists promoting their music/albums/singles/whatever and the rest were self-advertising. Targeted ads seem to work so-so. Some ads my wife gets I never heard and vice-versa. However, I still get spammed by Rhianna's promotions... something's very wrong there... My playlists are little more than Iron Maiden, Bruce Dickinson, Megadeth, Manowar... you get the picture...<br />
<br />
Fast forward to 2010 Q1/Q2 (IIRC) and here's some more changes. I think these prove what I described above. Spotify decided to press on and attempt to expand its paying user base now. This was expected, and as far as I'm concerned, overdue by now. What we have now is:<br />
<ul><li>Paid ads: Arbitrary companies were able to advertise in Spotify, spamming free accounts forever. Artists were also advertising their work via Spotify ads;</li>
<li>Free accounts: Left untouched. All free accounts are kept working, but can only be created with an invite coming from a premium account;</li>
<li>Premium accounts: Mobile access for some smartphone platforms and unrestricted international access, even higher quality streaming;</li>
<li><b>Integration with locally stored music files</b>: The Spotify player can now play locally stored files and even share them with mobile clients. I don't know exactly how and when this works, but it sounds 'local'. Nonetheless, it makes sense to me;</li>
<li><b>Open accounts</b>: Free version of Spotify, no invite necessary, but limited to 20h per month. Like a demo, really;</li>
<li><b>Unlimited accounts</b>: Poor man's premium account. Half the price of a premium account but no mobile access, no offline mode and no streaming abroad. Pretty much all the good features gone except for the music, of course, and with no ads;</li>
</ul><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsuaSTrZ6oj3uCBRwZ1RTF3omlv-l1p9M-m9vHWuTefhW5PsbEiy0qKVmsj0o9LsiZtxioqs2rMH01_x2qfNkx_KmQMZ3GpqHBidsdTxJnTx4jMBQTHKw13iY5gccccb2WiWZ-QQ/s1600/SS-2010-07-15_20.53.30.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsuaSTrZ6oj3uCBRwZ1RTF3omlv-l1p9M-m9vHWuTefhW5PsbEiy0qKVmsj0o9LsiZtxioqs2rMH01_x2qfNkx_KmQMZ3GpqHBidsdTxJnTx4jMBQTHKw13iY5gccccb2WiWZ-QQ/s400/SS-2010-07-15_20.53.30.png" width="400" /></a></div><div><br />
</div><div>There it is, another shift towards expanding their paying user base. This starts to open up the choice range of non-paying customers and the game just might start changing. I'm not yet willing to invest £60 per year on a Spotify Unlimited account (the premium is still too much), particularly because most a lot of the music I enjoy is not there (which I reckon is mostly my own problem). However, it begins to become more and more reasonable to a wider and wider range of users and potential users.</div><div><br />
</div><div>I must also say that my ramblings about expensive and cheap are, of course, relative. What's expensive for me may be very cheap for you and vice-versa.</div><div><br />
</div><div>Good stuff, Spotify! Now get those label contracts going (get Rammstein back on the lists please, btw), as well as Metallica, AC/DC and every other song in the world :] A bit like Google! Hmm.....</div><div><br />
</div>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0Oxford, Oxfordshire, UK51.7522764 -1.255824351.6991414 -1.3725538 51.8054114 -1.1390948tag:blogger.com,1999:blog-35439679.post-15198862980574393142010-07-14T12:12:00.001+01:002010-07-14T12:12:30.661+01:00Capelinhos<div style="text-align: center; padding: 3px;"><a href="http://www.flickr.com/photos/pjvenda/4774611961/" title="photo sharing"><img src="http://farm5.static.flickr.com/4093/4774611961_fb49752c2e.jpg" style="border: solid 2px #000000;" alt="" /></a><br /><span style="font-size: 0.8em; margin-top: 0px;"><a href="http://www.flickr.com/photos/pjvenda/4774611961/">Capelinhos</a>, originally uploaded by <a href="http://www.flickr.com/people/pjvenda/">pjvenda</a>.</span></div><p>A massive eruption took place in the sea just meters in front of this lighthouse in 1957 (over 13 months). What was before the tip of the island is no more. This is now a magical place of inevitable history and volcanic science.</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-33786115313115277902010-06-24T19:16:00.001+01:002010-06-24T19:16:30.506+01:00Once liquid I<div style="text-align: center; padding: 3px;"><a href="http://www.flickr.com/photos/pjvenda/4601942939/" title="photo sharing"><img src="http://farm2.static.flickr.com/1098/4601942939_5cefe71656.jpg" style="border: solid 2px #000000;" alt="" /></a><br /><span style="font-size: 0.8em; margin-top: 0px;"><a href="http://www.flickr.com/photos/pjvenda/4601942939/">Once liquid I</a>, originally uploaded by <a href="http://www.flickr.com/people/pjvenda/">pjvenda</a>.</span></div><p>The more I look at this picture the more I like it.<br /><br />And it's not one of those I thought: "this will make a fantastic shot" when I took it.</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-29264143191376441692010-06-15T11:53:00.001+01:002010-06-15T11:53:12.547+01:00Fly Azores<div style="text-align: center; padding: 3px;"><a href="http://www.flickr.com/photos/pjvenda/4534752008/" title="photo sharing"><img src="http://farm5.static.flickr.com/4038/4534752008_d8868bac13.jpg" style="border: solid 2px #000000;" alt="" /></a><br /><span style="font-size: 0.8em; margin-top: 0px;"><a href="http://www.flickr.com/photos/pjvenda/4534752008/">Fly Azores</a>, originally uploaded by <a href="http://www.flickr.com/people/pjvenda/">pjvenda</a>.</span></div><p>Shot minutes before boarding.</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com3tag:blogger.com,1999:blog-35439679.post-85541067400483206092010-05-13T13:47:00.001+01:002010-05-13T13:47:22.529+01:00Twisty<div style="text-align: center; padding: 3px;"><a href="http://www.flickr.com/photos/pjvenda/4157798938/" title="photo sharing"><img src="http://farm3.static.flickr.com/2703/4157798938_b7a52f0a76.jpg" style="border: solid 2px #000000;" alt="" /></a><br /><span style="font-size: 0.8em; margin-top: 0px;"><a href="http://www.flickr.com/photos/pjvenda/4157798938/">Twisty</a>, originally uploaded by <a href="http://www.flickr.com/people/pjvenda/">pjvenda</a>.</span></div><p></p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-57668654310984948732010-05-08T00:28:00.004+01:002010-05-08T00:32:48.968+01:00Hydraulic vs bucket+shim valve adjustersBeen researching the various valvetrain designs out of a philosophical discussion on hydraulic adjusters not commonly employed in motorcycles (H-D engines are the notable exception). Fascinating!<br /><br />I found out how hydraulic adjusters are currently used in various car engines and how elegantly they solve the problem of keeping valve clearances. I also read a bit about pneumatic actuated valves with cams/followers or with electro-hydraulic actuators and no cams. Clever!<br /><br />Being uninformed about hydraulic valve adjusters, I did the right thing and researched a bit. I'll share a summary for those that, like me, would like to know.<br /><br />Hydraulic valve adjusters are a clever solution meant to solve the problem of keeping correct valve tolerances at any engine/oil temperature. Incidentally the design led to having permanent contact between cam, lifter, pushrod, rocker arm and valve stem, making it quieter.<br /><br />[I now realise that the more common cam followers+shims+buckets should equally have (more or less) permanent contact between all the parts. This happens because followers to shim clearances are filled by oil pressure that builds up underneath the buckets as the engine runs: makes sense and came from a very reliable source.]<br /><br />This is an open loop feedback system in which pushrod operating travel changes by action of hydraulic lifters which, in turn, are influenced by engine pressure and/or temperature. Ingenious!<br /><br />"Our" design is more on the style of "getting it right for the typical range of engine temperatures".<br /><br />Two typical engineering approaches to the problem, both with their pros and cons. While it's easier to see the cons in the non-hydraulic shim+bucket style system, the hydraulic type is not without them:<br /><br />Being an open loop system, it relies on correct information coming in from oil (density+type+dirt+volume=different pressure vs temperature curves) as well as integrity of the lifter itself (spring load). But even if everything else is kept, oil changes with wear and that affects operation of the lifters. Self adjusting valves gradually come out of adjustment at all engine temperatures. Then of course this is a more complex system and probably more expensive to manufacture. Hydraulic lifters are precision parts with very tight tolerances. It is hard to tell if the time it takes to get a valve significantly out of tolerance is so long that it becomes non-serviceable... I really don't know. Some people say yay other say nay.<br /><br />Me, I would go for the hydraulic type, but I'm an engineer, not a business man. On that note, how about the <a href="http://www.seastarsuperbikes.co.uk/ducatiengines.html">desmodronic valve actuator system</a> currently used in Ducati engines? Funky, eh?<br /><br />Thanks for reading. Feel free to poke holes at it.<br /><br />References were:<br /><ul><li><a href="http://dansmc.com/valveclearence.htm">http://dansmc.com/valveclearence.htm</a><br /><li><a href="http://www.samarins.com/glossary/dohc.html">http://www.samarins.com/glossary/dohc.html</a><br /><li><a href="http://scarbsf1.com/valves.html">http://scarbsf1.com/valves.html</a> (nice other resources on this site)<br /><li><a href="http://en.wikipedia.org/wiki/Overhead_camshaft">http://en.wikipedia.org/wiki/Overhead_camshaft</a> (nice cutoff pic of bucket+shim valve arrangement)<br /><li><a href="http://en.wikipedia.org/wiki/Hydraulic_tappet">http://en.wikipedia.org/wiki/Hydraulic_tappet</a><br /><li><a href="http://www.ratwell.com/technical/HydraulicLifters.html#operation">http://www.ratwell.com/technical/HydraulicLifters.html#operation</a><br /><li><a href="http://www.animatedpiston.com/BMW.htm">http://www.animatedpiston.com/BMW.htm</a><br /><li><a href="http://www.seastarsuperbikes.co.uk/ducatiengines.html">http://www.seastarsuperbikes.co.uk/ducatiengines.html</a></li></ul>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com1tag:blogger.com,1999:blog-35439679.post-84352486131030297412010-05-03T00:43:00.008+01:002010-05-03T00:48:00.614+01:00The long way homeOne wonderful thing about bikes is that much more often than in a car, you go out for a ride with no purpose, sometimes with no defined direction or destination. <br /><br />I work in an office in Thame, roughly 15 miles away from home. Commuting by motorcycle is good and fun: not too long, very little traffic, twisty but safe (good visibility throughout, no sudden tight bends, etc). It's a good mix of city, dual carriageway (A40) and A-road (A418).<br /><br /><div align="center"><iframe width="640" height="480" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://maps.google.co.uk/maps?f=q&source=embed&hl=en&geocode=FVStFQMdcNbs_ymvH8StgDNxSDECdFTLqNsgyA%3BFeGcFQMdHhrx_ymhRsLMzJJ2SDHizsyk8p639Q&q=oxford+to+thame&sll=51.730856,-0.959072&sspn=0.070277,0.15913&ie=UTF8&saddr=oxford&daddr=thame&ll=51.747864,-1.115799&spn=0.204057,0.439453&z=11&output=embed"></iframe><br /><small><a href="http://maps.google.co.uk/maps?f=q&source=embed&hl=en&geocode=FVStFQMdcNbs_ymvH8StgDNxSDECdFTLqNsgyA%3BFeGcFQMdHhrx_ymhRsLMzJJ2SDHizsyk8p639Q&q=oxford+to+thame&sll=51.730856,-0.959072&sspn=0.070277,0.15913&ie=UTF8&saddr=oxford&daddr=thame&ll=51.747864,-1.115799&spn=0.204057,0.439453&z=11" style="color:#0000FF;text-align:left">View Larger Map</a></small></div><br /><br />As the weather improves, the sun now shines past 7.30pm (<a href="http://www.gaisma.com/en/location/london.html">sunrise, sunset, dawn and dusk times</a>), it's time for some road exploration / wandering on my Triumph (I really should have blogged about my new speedmaster by now...)!<br /><br />I prepared a route based on something I tried before and set off from the office after work with a memorised list of road names and a few visual cues taken from google street view. Although I didn't follow the plan entirely, the result was the route below:<br /><br /><div align="center"><iframe width="640" height="480" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://maps.google.co.uk/maps?f=d&source=s_d&saddr=thame&daddr=chinnor+to:watlington+to:Goring-on-Thames+to:blewbury+to:didcot+to:A4130+to:A4130+to:wootton+to:the+plain&hl=en&geocode=FeGcFQMdHhrx_ymhRsLMzJJ2SDHizsyk8p639Q%3BFZnsFAMdMRjy_ykxncWYzYx2SDGsz-yYwFdyqg%3BFW0KFAMdsKzw_ym7wk7wUI12SDHj0natcQ11YQ%3BFbgtEgMdaK7u_yHHoBCE4a0e6A%3BFcXnEgMdTznt_ynHlN04irt2SDGutLBW6ogX5Q%3BFb9yEwMdaRPt_ymd5BgaDrl2SDHgQDo13MkJjw%3BFZSgEwMdbC7t_w%3BFbmeEwMdjZ7s_w%3BFbP7FAMdGvDr_ylZpArMscd2SDFwtZfUI4sNBQ%3B&mra=ls&via=6,7&sll=51.698736,-1.248322&sspn=0.070327,0.15913&ie=UTF8&ll=51.663186,-1.159058&spn=0.408879,0.878906&z=10&output=embed"></iframe><br /><small><a href="http://maps.google.co.uk/maps?f=d&source=embed&saddr=thame&daddr=chinnor+to:watlington+to:Goring-on-Thames+to:blewbury+to:didcot+to:A4130+to:A4130+to:wootton+to:the+plain&hl=en&geocode=FeGcFQMdHhrx_ymhRsLMzJJ2SDHizsyk8p639Q%3BFZnsFAMdMRjy_ykxncWYzYx2SDGsz-yYwFdyqg%3BFW0KFAMdsKzw_ym7wk7wUI12SDHj0natcQ11YQ%3BFbgtEgMdaK7u_yHHoBCE4a0e6A%3BFcXnEgMdTznt_ynHlN04irt2SDGutLBW6ogX5Q%3BFb9yEwMdaRPt_ymd5BgaDrl2SDHgQDo13MkJjw%3BFZSgEwMdbC7t_w%3BFbmeEwMdjZ7s_w%3BFbP7FAMdGvDr_ylZpArMscd2SDFwtZfUI4sNBQ%3B&mra=ls&via=6,7&sll=51.698736,-1.248322&sspn=0.070327,0.15913&ie=UTF8&ll=51.663186,-1.159058&spn=0.408879,0.878906&z=10" style="color:#0000FF;text-align:left">View Larger Map</a></small></div><br /><br />"The long way home" is the name I gave to the 50 mile route (above) out of Thame around the south of Oxfordshire and back into Oxford via the Donnigton bridge / Iffley road.<br /><br />Highlights:<br /><ul><li><b>B4009 from the A4074 turnoff to Goring-on-Thames</b>: Superb scenic twisty road with a few villages here and there but without breaking the rhythm too much;</li><li><b>A417 from Goring-on-Thames to Blewbury</b>: Another very scenic twisty road with a number of hills and less villages than the B4009 (IIRC);</li></ul><br />Great bits of road, but not quite highlights:<br /><ul><li>B4009 from Thame to Benson;</li><li>B4016 from Blewbury to Didcot: very twisty, most bends are blind. not too many chances to overtake;</li></ul><br />Ideas, alternatives, improvements:<br /><ul><li>Avoid Didcot ring road by following the A417 a bit further and then turning off to the A4130 at Rowstock;</li><li><b>Try the B4009 further than Goring-on-Thames, perhaps even all the way to Newbury;</b></li><li><b>Keep on the A417 until Wantage, then A338 up to Wootton or join the A420 and back to Oxford;</b></li></ul><br /><br />I managed to discover/execute this alternative route home which included some of the best bits of road I've ridden so far (mind you my experience is limited). This was a fantastic ride that I look forward to do again soon.<br /><br /><i>(feel free to share if you know any great roads around Oxfordshire)</i><br /><br />Until next time,<br />Pedro.Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-86608418921468377782010-01-10T17:03:00.013+00:002010-01-11T15:40:35.663+00:00lame sysadmin<p>Weird stuff went on recently on my network;<br /><br />It started last night while I was fiddling with my lab network - dark witchcraft including ospf, eigrp, nat, acls, ppp/chap, etc. I discarded it as being my laptop still fussing with its gateways and default routes... I was tired and didn't care. So I just turned things off, went to bed and forgot about it.<br /><br />[side note: <i>I should post my network diagram someday, so everyone can appreciate a true overkill geek home network...</i>]</p><p><div style="text-align: center; padding: 3px;"><a href="http://www.flickr.com/photos/pjvenda/4196446504/" title="Cisco home and lab networks by pjvenda, on Flickr"><img src="http://farm3.static.flickr.com/2786/4196446504_d48a939fdc.jpg" style="border: solid 2px #000000;" alt="" /></a><br /><span style="font-size: 0.8em; margin-top: 0px;"><a href="http://www.flickr.com/photos/pjvenda/4196446504/">Cisco home and lab networks</a>, originally uploaded by <a href="http://www.flickr.com/people/pjvenda/">pjvenda</a>.</span></div></p><p>This morning, though, my wife couldn't reach facebook from her laptop. Whoops, I must have done *something*...<br /><br />Symptoms were:</p><ul><li>able to ping external hosts;</li><li>unable to access websites;</li></ul><p>First things first: Check the squid proxy - seemed ok;<br /><br />Lazy as I am, I decided to just reboot the routers because I might have left some not-very-well-though-configs there. The routers came back up and the situation got worse! Now I had no comms between the core and uplink routers. WTF?</p><dl><dt><b>Moral of the story #1</b></dt><dd><u>Having <tt>bpduguard</tt> on switch ports that link to routers is not necessarily safe.</u></dd></dl><p>The router was broadcasting BPDUs out its ports triggering <tt>bpduguard</tt> on the switch which, in turn, disabled all the ports that connect to the router (the ones from which BPDUs were received). This effectively shut the router off the switch.<br /><br />As a quick & dirty solution, I enabled <tt>bpdufilter</tt> on those switch ports. Just ignore those BPDUs instead of disabling the ports if one is received (<tt>bpduguard</tt> is setup globally on the switch, rather than port by port); The proper solution involves shutting down STP on the router instead with <tt>no spanning-tree vlan X</tt> commands.<br /><br />Layer 2 issues sorted, I was back to last night's situation. Being a little more pragmatic this time, I disabled wccp redirects from the core router. Sure enough, everything was back to normal. The proxy was good but the connection between the core router and the proxy service/host was not (this connection being a GRE tunnel - did I mention how nice WCCP is??).</p><dl><dt><b>Moral of the story #2</b></dt><dd><u>Be pragmatic, not lazy.</u></dd></dl><p>I had a massive update pending on the server including a kernel upgrade. I had to reboot now. Naturally the server did not come back up as expected because the updated version of udev required a kernel >=2.6.27. The latest accessible kernel was 2.6.26 - d'ough!!<br /><br />So there I was manually creating md nodes on /dev via a serial console to mount and copy the newest available kernel, modify grub's configuration and try again with a new kernel. It worked! Everything came back to normal, the GRE tunnel came back up, as all other services on the server.</p><dl><dt><b>Moral of the story #3</b></dt><dd><u>Don't slack on your sysadmin duties, update often and check that things are still working after updating. Make sure you reboot from time to time to verify that everything is starting up nicely.</u></dd></dl><p>Along with all this, I forgot about the new terms of service of editdns.net (my DNS provider) and they cancelled my account. My domain pjvenda.net has been unavailable since 3rd January 2010 and should only be restored after tonight (10th January 2010).</p><dl><dt><b>Moral of the story #4</b></dt><dd><u>Make sure you have a working DNS service for your domains. Otherwise they don't work.</u></dd></dl><p>I'm lame sometimes. Must be the cold.<br /><br />Cheers, PJ</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-72494865601261482972009-12-13T20:45:00.000+00:002009-12-13T20:45:37.795+00:00Photographic record of the last ride of 2009I know there is still time, but I don't expect many more convenient breaks in this British weather.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidbAN-aa58hZnwbrPLe1tmKGuY3IZDAoc3e-ObJjLywv8Gq7DvWte-yJePnNBjt8Npy26dSw6QbRxFybE6RUBrOvBjkXsS8IctgHsm1O3vn-V3T9V9FneNTYXlBSgYtaTgUGloxA/s1600-h/CIMG1748.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidbAN-aa58hZnwbrPLe1tmKGuY3IZDAoc3e-ObJjLywv8Gq7DvWte-yJePnNBjt8Npy26dSw6QbRxFybE6RUBrOvBjkXsS8IctgHsm1O3vn-V3T9V9FneNTYXlBSgYtaTgUGloxA/s320/CIMG1748.JPG" border="0" alt=""id="BLOGGER_PHOTO_ID_5414822106454862162" /></a><br /><br />I took this picture after coming back from a short ride earlier this month - an English December, mind you. It was a good ride through Oxford city streets. The weather was dry and not too cold (for my kit). If everything seems grey and dull, it's because it was.<br /><br />I doubt I'll be able to go out again this year and if so, here it is: the record of the last ride of 2009.<br /><br />Cheers, PJ.Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-17879635784186198952009-11-09T14:29:00.001+00:002009-11-09T14:29:30.534+00:00Night lights at the Colosseum<div style="text-align: center; padding: 3px;"><a href="http://www.flickr.com/photos/pjvenda/2058168042/" title="photo sharing"><img src="http://farm3.static.flickr.com/2392/2058168042_49e8426e09.jpg" style="border: solid 2px #000000;" alt="" /></a><br /><span style="font-size: 0.8em; margin-top: 0px;"><a href="http://www.flickr.com/photos/pjvenda/2058168042/">Night lights at the Colosseum</a>, originally uploaded by <a href="http://www.flickr.com/people/pjvenda/">pjvenda</a>.</span></div><p>Taken from the hotel's balcony, while having dinner, during my honeymoon.<br /><br />The balcony shook as every tram or bus passed by, but the result was not bad. 30sec exposure done with an EOS 350D + Sigma 18-125mm.<br /><br />Posted one day after I signed up for a flickr Pro account.</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-54162590241487628772009-10-13T11:31:00.003+01:002009-10-13T11:32:28.174+01:00Back to base<div style="text-align: center; padding: 3px;"><a href="http://www.flickr.com/photos/pjvenda/3570528041/" title="photo sharing"><img src="http://farm3.static.flickr.com/2442/3570528041_4b6ed9680b.jpg" style="border: solid 2px #000000;" alt="" /></a><br /><span style="font-size: 0.8em; margin-top: 0px;"><a href="http://www.flickr.com/photos/pjvenda/3570528041/">Back to base</a>, originally uploaded by <a href="http://www.flickr.com/people/pjvenda/">pjvenda</a>.</span></div><p>At Farnborough 2008.</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0tag:blogger.com,1999:blog-35439679.post-83576671037311017792009-09-10T20:52:00.002+01:002009-09-10T22:13:50.360+01:00Elevator shaft<div style="text-align: center; padding: 3px;"><a href="http://www.flickr.com/photos/pjvenda/3401965570/" title="photo sharing"><img src="http://farm4.static.flickr.com/3444/3401965570_c0dc265eee.jpg" style="border: solid 2px #000000;" alt="" /></a><br /><span style="font-size: 0.8em; margin-top: 0px;"><a href="http://www.flickr.com/photos/pjvenda/3401965570/">Elevator shaft</a>, originally uploaded by <a href="http://www.flickr.com/people/pjvenda/">pjvenda</a>.</span></div><p>Going up?</p>Anonymoushttp://www.blogger.com/profile/01356760100771863599noreply@blogger.com0