Skip to content

Entries from November 2010.

CurveDNS

Yet another DnsCurve implementation:
We are happy to announce the first forwarding DNSCurve solution: CurveDNS.

With CurveDNS you are able to transform any authoritative name server in
a DNSCurve capable one. This is done by acting as a kind of proxy, i.e.
listening to DNS or DNSCurve queries and forwarding the non-protected
variants towards the real (existing) name server. The responses are then
send back to the client either protected (if the query was in DNSCurve)
or not.

In short, CurveDNS supports:
* Forwarding of regular (non-protected) DNS packets;
* Unboxing of DNSCurve queries and forwarding the regular DNS packets
* Boxing of regular DNS responses to DNSCurve responses;
* Both DNSCurve's streamlined- and TXT-format;
* Caching of shared secrets;
* Both UDP and TCP;
* Both IPv4 and IPv6.

This entire project is based on a master thesis named 'Shaping DNS
Security with Curves — A Comparative Security Analysis of DNSSEC and
DNSCurve', you can find this thesis at the CurveDNS website too.

Interested? More information, documentation, et cetera can be found at
the CurveDNS website:

curvedns.on2it.net
Enjoy!

ImageMagick repo for EL 5

Due to popular request (Hi David!), here's the ImageMagick RPM repo for EL5 (Centos, RedHat, ScientificLinux etc).
Feedback is welcome!

Blade Runner

I could watch this film a thousand times without getting bored. What a masterpiece!!
Anyway, you can now watch it on BBC iPlayer. Enjoy!
Fiery the angels fell.
Deep thunder,
rolled around their shores,
Burning with the fires of Orc.

Load a directory in RAM

A nifty little bash script that loads stuff in memory so it runs super fast!
#!/bin/bash
#
# This script remounts a directory in tmpfs (ramdisk) to speed it up
#

DIR=$1
SIZE=$2

if [ ! "$UID" = "0" ]; then
    # this script must run by root. Let's try sudo'ing to root..
    exec sudo $0 $*
fi

if [ ! -d $DIR ]; then
    echo "Usage: $0 "
    exit 1
fi

if [ "a$SIZE" = "a" ]; then
    OPTIONS=""
else
    OPTIONS="-o size=$SIZE"
fi

# first, copy everything somewhere to reuse it later
TMP=`mktemp`
tar cpf $TMP $DIR

# remount dir as ramdisk
mount -t tmpfs $OPTIONS $DIR $DIR

# unpack everything back
(cd / && tar xpf $TMP)
rm -f $TMP
Cheers Evgueni!

OpenVPN problems on Windows 7

Tonight I had a problem with a OpenVPN client running on Windows 7.
It was connecting and authenticating properly, but the pushed routes from the OpenVPN server were not respected. Apparently this is specific to Windows (7?) and it's fixed by adding the following to the client config file:
script-security 2 system
I found this solution here.

XMPP ready

As of now I'm XMPP ready. I can be reached at:
nux@li.nux.ro

Thanks Manu for "provoking" me to install ejabberd and the fine people at ejabberd.im for developing such a nice product.

RedHat 6

Wow! RHEL 6 is out now!!
Thank you RedHat & the Fedora community!
http://press.redhat.com/2010/11/10/red-hat-enterprise-linux-6-a-technical-look-at-red-hats-defining-new-operating-platform/
How does it compare with older RedHat versions? Find out here!
Can't wait to get my hands on Centos 6! Its building has already began!

Keep calm




PS: I love this show!

ScientificLinux 6


Apparently the people at CERN & FermiLab have rolled their sleeves, too, as there is already an alpha iso available for download:
ftp://ftp.scientificlinux.org/linux/scientific/6rolling/iso/
For those who don't know, ScientificLinux is Centos' less popular brother (born from the same mother - RedHat), built by and for the people at CERN and FermiLab.
Exciting times!

Useless sysadmining

Stuff every sysadmin should read:
http://partmaps.org/era/unix/award.html

BitDefender free Antispam tool for linux

Just found out on the Romanian Linux Users Group list that BitDefender published a tool for fighting spam. It's not open source, but it's free (as in beer) and you can hook it into your favourite MTA!
Get it from here.

RHEL6 review

A nice review once again from The H, this time about the newly released RHEL6.
Check it out here.

More reliable than Microsoft, More open than Oracle, More comprehensive than VMware

Nice to see my country in a "good" top for once

Usually when I see my country in a top it's usually about poverty, corruption, bad things generally.. Not this time. This chart is about something rather important considering the times we live: internet speed.
Connection speed by country:




Connection distribution whithin the countries:




Too bad the rest of the country doesn't do as well as its internet backbone...
Stats curtesy of Akamai via the swedes at Royal Pingdom.

Centos 5 x86_64 OS image for xen domU

This is my Centos 5 x86_64 domU image. There are many like it on the internet, but this one is mine.
http://dl.nux.ro/xen/domU/

The image contains a rather minimal install of Centos 5, with postfix and ssh started at boot time.The root password is in the cfg file.
Let me know if you need any help or different images (32 bit maybe, I do Centos only).
I will build Centos 6 images as soon as it is released, so stay tuned.

funny animals

Some funny animals:
http://img.nux.ro/funnyanimals/

A small benchmark on Dell R210: AHCI vs ATA

At some point I needed to see if there's much difference in performance between using a DELL R210 with AHCI mode enabled in BIOS vs ATA mode (which I think is the default). Here are some stats.

New stuff in RHEL/Centos 5.6

With some delay I find out that RHEL 5.6 (and consequently Centos 5.6) will have:
  - bind 9.7 - improved DNSsec support
  - PHP 5.3 - support for namespaces
  - ebtables - Ethernet layer firewall
  - dropwatch - network stack packet analysis
  - IPA fonts - Japan JIS X 0213:2004 support
  - sssd - offline credential caching
All good and well, but the PHP upgrade will break a LOT of sites! I really didn't expect this.. I'll have to prepare my arse for a lot of messing around; also shall setup a PHP 5.2 repo for customers. :-(

hdsentinel - or let's make smartctl reports readable

I am sure lots of you have had problems in the past or simple annoyances because of the way smartctl reports stuff. Although sometimes it's good to have more information, when it comes to routine hard drive check less is more. And this is where hdsentinel comes in handy - it takes the reports from smartctl and makes it "human readable" it directly queries the HDD for S.M.A.R.T. data and displays it in a nice human readable format.
Here's how a hdsentinel report looks like (the red lines are my doing):
HDD Device  1: /dev/sdb
HDD Model ID : ST3250410AS
HDD Serial No: 9RY3E558
HDD Revision : 4.AAA
HDD Size     : 238475 MB
Interface    : S-ATA II
Temperature  : 41 °C
Health       : 30 %
Performance  : 100 %
Power on time: 603 days, 9 hours
Est. lifetime: 109 days 
You can get even more information nicely formatted by using the -r switch (report).
And here's how a normal smartctl report looks like:
smartctl version 5.38 [x86_64-redhat-linux-gnu] Copyright (C) 2002-8 Bruce Allen
Home page is http://smartmontools.sourceforge.net/

=== START OF INFORMATION SECTION ===
Model Family:     Seagate Barracuda 7200.10 family
Device Model:     ST3250410AS
Serial Number:    9RY3E558
Firmware Version: 4.AAA
User Capacity:    250,059,350,016 bytes
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   7
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Sun Nov 28 23:37:14 2010 EET
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x82)	Offline data collection activity
					was completed without error.
					Auto Offline Data Collection: Enabled.
Self-test execution status:      (  40)	The self-test routine was interrupted
					by the host with a hard or soft reset.
Total time to complete Offline 
data collection: 		 ( 430) seconds.
Offline data collection
capabilities: 			 (0x5b) SMART execute Offline immediate.
					Auto Offline data collection on/off support.
					Suspend Offline collection upon new
					command.
					Offline surface scan supported.
					Self-test supported.
					No Conveyance Self-test supported.
					Selective Self-test supported.
SMART capabilities:            (0x0003)	Saves SMART data before entering
					power-saving mode.
					Supports SMART auto save timer.
Error logging capability:        (0x01)	Error logging supported.
					General Purpose Logging supported.
Short self-test routine 
recommended polling time: 	 (   1) minutes.
Extended self-test routine
recommended polling time: 	 (  64) minutes.
SCT capabilities: 	       (0x0001)	SCT Status supported.

SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000f   100   253   006    Pre-fail  Always       -       0
  3 Spin_Up_Time            0x0003   098   098   000    Pre-fail  Always       -       0
  4 Start_Stop_Count        0x0032   100   100   020    Old_age   Always       -       13
  5 Reallocated_Sector_Ct   0x0033   049   049   036    Pre-fail  Always       -       2045
  7 Seek_Error_Rate         0x000f   086   060   030    Pre-fail  Always       -       436557316
  9 Power_On_Hours          0x0032   084   084   000    Old_age   Always       -       14482
 10 Spin_Retry_Count        0x0013   100   100   097    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   020    Old_age   Always       -       15
187 Reported_Uncorrect      0x0032   100   100   000    Old_age   Always       -       0
189 High_Fly_Writes         0x003a   100   100   000    Old_age   Always       -       0
190 Airflow_Temperature_Cel 0x0022   061   056   045    Old_age   Always       -       39 (Lifetime Min/Max 21/44)
194 Temperature_Celsius     0x0022   039   044   000    Old_age   Always       -       39 (0 21 0 0)
195 Hardware_ECC_Recovered  0x001a   061   048   000    Old_age   Always       -       228084472
197 Current_Pending_Sector  0x0012   100   100   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0010   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x003e   200   200   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x0000   100   253   000    Old_age   Offline      -       0
202 TA_Increase_Count       0x0032   100   253   000    Old_age   Always       -       0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Interrupted (host reset)      80%     14481         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.
I think hdsentinel is well worth giving a shot, if only for the time it will save you in the data centre when doing batch checks.

Read more about the linux version here.
Download from here (just download, gunzip and run as root - yeah, it's not open source, but oh well...).
There are also versions for Windows Server if you're interested in such alternatives.

This is fuckin big: Sunde working on an alternative to ICANN

This has definitely made my day, no - my week, actually this makes the whole year look better:
A small tweet turned into a lot of interest.

We haven’t organized yet, but trying to. The background for this project is that we want the internet to be uncensored! Having a centralised system thatcontrols our information flow is not acceptable.

By using existing technology for de-centralisation together with already having a crew with skilled programmers, communicators and network specialists, an alternative system is not far away. We’re not going to re-invent the wheel, we’re going to build on existing technology as much as possible.

There will be a press release shortly with more details.

If you’re interested in talking to us, we’re at the IRC channel #dns-p2p on EfNet.

http://p2pdns.baywords.com/2010/11/30/hello-world/
http://www.osnews.com/story/24079/Sunde_To_Launch_Open_Distributed_Alternative_to_ICANN
Good luck, Sunde!

PowerAdmin 2.1.5 RC1 released

Erm, will have to make some time for upgrading my PowerAdmin installation:
A new version of Poweradmin has been released: 2.1.5 RC1. This is mainly a bug fix / minor enhancement release.

Bugfixes:
#340    html and css fixes
#343    language detection fixes in installer
#345    remove unreachable returns
#347    poweradmin-*-db-structure.sql are missing the new tables
#349    Connection fails with PostgreSQL
#354    problem with zone search
#355    MySQL port
#357    Remove usage of REQUEST_URI in confirm urls
#358    Fix sql error with pgsq
#363    add UTF8 encoding for installer
#366    Add master zone doesn't have "add zone" button
#368    fix installer translation
#376    Wrong notification in user creation
#383    Error when reloading page on record delete
#389    serial number increments after error
#395    Undefined variable: meta_edit

Enhancements/new features:
#386    get_zones() speed enhancement
#70     Only Ueberusers are now allowed to delete their own account.
#72     Installer now checks for requirements
#86 + #334      Add new db_type: mysqli
#296    Ability to set the string "PowerAdmin" used for page title/header in the config file
#327    German translation
#330    Improved usability for deleting records
#342    Check if _POST array has required value .
#348    Gracefull fail when zone_templ_records && zone_templ are missing
#356    Smarter sorting for reverse zones
#364    Direct link to install directory
#365    default language for installation should be English
#367    add favicon
#369    add checks for required php extensions
#371    Ability to edit template  name/description
#373    List all domains         link
#377    Cosmetic improvement: Order of fields differ
#379    Redo information saved in session files.
#390    Before checking if TLD is valid, convert to lowercase
#394    Make 'active' letters in the zone list stand out more.
#361    PHP 5.3 compatibility
#382    Cascading updates for all zones belonging to a certain template.

Please read the 2.1.5 RC1 release notes when you are about to install or upgrade to Poweradmin 2.1.5 RC1

You can download Poweradmin 2.1.5 RC1 from the download page.

If you have comments or suggestions, please send them to the mailinglist! Any help is appreciated.