DocumentationsNico Schotteliushttps://www.nico.schottelius.org//docs/Nico Schotteliusikiwiki2020-11-13T14:54:33ZEnog 17: High Speed Nat64 with P4https://www.nico.schottelius.org//docs/enog17-high-speed-nat-with-p4/2020-11-13T14:54:33Z2020-11-12T23:00:00Z
<p>This is a talk I have given at
<a href="https://www.enog.org/enog-17/programme/plenary/">Enog17</a>. You
can download the <a href="https://www.nico.schottelius.org//docs/enog17-high-speed-nat-with-p4/high-speed-nat64-with-p4-enog17.pdf">HIGH SPEED NAT64 WITH P4 (ENOG17) presentation</a>.</p>
DENOG 12: How to build, maintain & market IPv6-only datacenterhttps://www.nico.schottelius.org//docs/denog-12-how-to-build-maintain-and-market-ipv6-only-datacenter/2020-11-13T14:53:44Z2020-11-09T23:00:00Z
<p>This is a talk I have given at
<a href="https://pretalx.denog.de/denog12/talk/VMNK8F/">the DENOG 12
conference</a>.</p>
<p>You can download the <a href="https://www.nico.schottelius.org//docs/denog-12-how-to-build-maintain-and-market-ipv6-only-datacenter/denog-12-how-to-build-maintain-and-market-ipv6-only-datacenter.pdf">presentation of how to build, maintain and
market IPv6-only datacenter as a pdf</a>.</p>
RIPE 81: Bringing IPv6 Everywherehttps://www.nico.schottelius.org//docs/ripe81-bringing-ipv6-everywhere/2020-11-13T14:42:50Z2020-10-28T23:00:00Z
<p>This is a talk I have given at
<a href="https://ripe81.ripe.net/programme/meeting-plan/ipv6-wg/">the IPv6 working group on the RIPE81
conference</a>.</p>
<p>You can download the <a href="https://www.nico.schottelius.org//docs/ripe81-bringing-ipv6-everywhere/ripe81-bringing-ipv6-everywhere.pdf">Bringing IPv6 Everywhere presentation</a>.</p>
RIPE 81: High Speed NAT64 with P4https://www.nico.schottelius.org//docs/ripe81-high-speed-nat64-with-p4/2020-11-13T14:48:24Z2020-10-26T23:00:00Z
<p>This is a talk I have given at
<a href="https://ripe81.ripe.net/programme/meeting-plan/plenary/">the RIPE81
conference</a>.</p>
<p>You can download the <a href="https://www.nico.schottelius.org//docs/ripe81-high-speed-nat64-with-p4/high-speed-nat64-with-p4-ripe81.pdf">presentation as a pdf</a>.</p>
IPv6 Security - ETHZ Netsechttps://www.nico.schottelius.org//docs/ipv6-security-eth-netsec/2020-10-02T14:43:40Z2020-09-30T22:00:00Z
<p>This is a presentation about the security aspects
of IPv6 that I gave at <a href="https://ethz.ch">ETH</a>
in the <a href="https://netsec.ethz.ch/courses/netsec-2020/">Netsec</a> course.</p>
<ul>
<li><a href="https://www.nico.schottelius.org//docs/ipv6-security-eth-netsec/eth-netsec-20201001.pdf">IPv6 Security @ ETH Netsect</a></li>
</ul>
Running a Devuan Data Centerhttps://www.nico.schottelius.org//docs/running-a-devuan-datacenter/2019-04-07T12:38:24Z2019-04-07T22:00:00Z
<p>This is a presentation about <a href="https://datacenterlight.ch">Data Center
Light</a> that I gave at the
first [Devuan
conference][https://devuan.org/os/debian-fork/d1conf-announce-20190119)
in Amsterdam.</p>
<ul>
<li><a href="https://www.nico.schottelius.org//docs/running-a-devuan-datacenter/running_a_devuan_data_center.pdf">Running a Devuan Data Center (PDF)</a></li>
</ul>
Green Data Center - Living Talk #2https://www.nico.schottelius.org//docs/green-data-center-living-talk-2/2019-04-07T15:06:45Z2019-03-11T23:00:00Z
<p>This is a presentation about the green aspects
of <a href="https://datacenterlight.ch">Data Center Light</a> that I gave at the
first <a href="https://livingdocs.io/">LivingDocs</a> in Zürich.</p>
<ul>
<li><a href="https://www.nico.schottelius.org//docs/green-data-center-living-talk-2/green_data_center_living_talk_2.pdf">Green Data Center - Living Talk #2 (PDF)</a></li>
</ul>
Implementation of a Layer 7 IPv4 to IPv6 Reverse Proxy in P4https://www.nico.schottelius.org//docs/p4-layer7-ipv4-ipv6-proxy/2019-04-07T14:50:45Z2018-12-19T23:00:00Z
<p>This is a presentation about a <a href="https://p4.org/">P4</a>
based implementation of a Layer 7 IPv4 to IPv6 Reverse Proxy
that I gave together with Sarah Plocher as part of the
Advanced Topics in Communication Networks course of the master at <a href="https://ethz.ch">ETH Zürich</a>.</p>
<ul>
<li><a href="https://www.nico.schottelius.org//docs/p4-layer7-ipv4-ipv6-proxy/p4_layer7_ipv4_ipv6_proxy.pdf">P4 based layer 7 IPv4 to IPv6 proxy (PDF)</a></li>
</ul>
LoRaWAN Insecurities (Distributed Systems LAB, ETH Zürich)https://www.nico.schottelius.org//docs/lorawan-insecurities/2019-04-07T13:23:44Z2018-03-08T23:00:00Z
<p>This is a presentation about insecurities in the LoRaWAN standard
that I gave together with Kamila Součková in the context of the
distributed systems lab as part of the master studies at <a href="https://ethz.ch">ETH Zürich</a>.</p>
<ul>
<li><span class="createlink">LoRaWAN insecurities (PDF)</span></li>
</ul>
Digital Glarus - a coworking space and much morehttps://www.nico.schottelius.org//docs/digitalglarus-a-coworking-space-and-much-more/2019-04-07T15:03:09Z2017-11-04T23:00:00Z
<p>This is a presentation about a <a href="https://digitalglarus.ch/">Digital
Glarus</a>
that I gave together with
Andrea Belli and Marketa Brozova
as part of the Open Innovation
course of the master at <a href="https://ethz.ch">ETH Zürich</a>.</p>
<ul>
<li><a href="https://www.nico.schottelius.org//docs/digitalglarus-a-coworking-space-and-much-more/digitalglarus_a_coworking_space_and_much_more.pdf">Digital Glarus - a coworking space and much more (PDF)</a></li>
</ul>
Role of science in society - Paul Feyerabendhttps://www.nico.schottelius.org//docs/role-of-science-in-society-paul-feyerabend/2019-04-07T15:22:56Z2017-03-07T23:00:00Z
<p>This is a presentation about a the role of science in society based on
the book of Paul Feyerband
that I gave together with
Sarah Plocher
as part of the
Quantum Information and Cryptography
of the master at <a href="https://ethz.ch">ETH Zürich</a>.</p>
<ul>
<li><a href="https://www.nico.schottelius.org//docs/role-of-science-in-society-paul-feyerabend/role_of_science_in_society_paul_feyerabend.pdf">Role of science in society - Paul Feyerabend (PDF)</a></li>
</ul>
A small introduction for using gpgmehttps://www.nico.schottelius.org//docs/a-small-introduction-for-using-gpgme/2016-02-25T13:34:24Z2015-02-03T14:47:26Z
<pre><code>"GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG easier for applications. " (from their homepage)
</code></pre>
<h2>Introduction</h2>
<p>Encrypting, signing, decrypting, all those nice things of gnupg are supported by gpgme, a library that should make access to gnupg easy. When I started using gpgme I was searching for some easy to use examples and did not find some. That's the reason why I'm writing this article. This article assumes that you are familar with the programming language C and have gpgme already installed (you can verify that by running "gpgme-config --libs", which should return something like "-lgpgme -lgpg-error" and not "zsh: command not found: gpgme-config"). This document was initially written on 2007-08-05 and was last modified on the 2007-08-05.</p>
<h2>Compiler and linker options</h2>
<p>When using gpgme, you've to specify some flags to the compiler and linker. One big mistake is to ignore the "Largefile Support (LFS)" section in the manual. If you do not want to run into strange problems read it. One my system I had to specify "-D_FILE_OFFSET_BITS=64" to the c compiler. To make life a bit easier, I am using a very small Makefile for my tests:</p>
<pre><code>#
# Test Makefile for gpgme test application
# Nico Schottelius, 2007-08-05, GPLv3
#
flags=$(shell gpgme-config --libs --cflags)
gpgme1: gpgme1.c
gcc -D_FILE_OFFSET_BITS=64 -g ${flags} gpgme1.c -o $@
gpgme2: gpgme2.c
gcc -D_FILE_OFFSET_BITS=64 -g ${flags} $< -o $@
clean:
rm -f gpgme*
</code></pre>
<p>The first program: Export all available public keys
You can also get the raw file
<a href="https://www.nico.schottelius.org//docs/a-small-introduction-for-using-gpgme/gpgme-export-all.c">gpgme-export-all.c</a>.
I compiled it with "gcc -Wall -D_FILE_OFFSET_BITS=64 -g -lgpgme -lgpg-error gpgme-export-all.c"</p>
<pre><code>/* gpgme-example1:
*
* Nico Schottelius, 2007-08-05, GPLv3
*
* export all public keys
*/
#include <gpgme.h> /* gpgme */
#include <stdio.h> /* printf */
#include <unistd.h> /* write */
#include <errno.h> /* errno */
#include <locale.h> /* locale support */
#define SIZE 1024
/* USE -D_FILE_OFFSET_BITS=64 (at least) on Debian! */
int main()
{
char *p;
char buf[SIZE];
size_t read_bytes;
int tmp;
gpgme_ctx_t ceofcontext;
gpgme_error_t err;
gpgme_data_t data;
gpgme_engine_info_t enginfo;
/* The function `gpgme_check_version' must be called before any other
* function in the library, because it initializes the thread support
* subsystem in GPGME. (from the info page) */
setlocale (LC_ALL, "");
p = (char *) gpgme_check_version(NULL);
printf("version=%s\n",p);
/* set locale, because tests do also */
gpgme_set_locale(NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
/* check for OpenPGP support */
err = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
if(err != GPG_ERR_NO_ERROR) return 1;
p = (char *) gpgme_get_protocol_name(GPGME_PROTOCOL_OpenPGP);
printf("Protocol name: %s\n",p);
/* get engine information */
err = gpgme_get_engine_info(&enginfo);
if(err != GPG_ERR_NO_ERROR) return 2;
printf("file=%s, home=%s\n",enginfo->file_name,enginfo->home_dir);
/* create our own context */
err = gpgme_new(&ceofcontext);
if(err != GPG_ERR_NO_ERROR) return 3;
/* set protocol to use in our context */
err = gpgme_set_protocol(ceofcontext,GPGME_PROTOCOL_OpenPGP);
if(err != GPG_ERR_NO_ERROR) return 4;
/* set engine info in our context; I changed it for ceof like this:
err = gpgme_ctx_set_engine_info (ceofcontext, GPGME_PROTOCOL_OpenPGP,
"/usr/bin/gpg","/home/user/nico/.ceof/gpg/");
but I'll use standard values for this example: */
err = gpgme_ctx_set_engine_info (ceofcontext, GPGME_PROTOCOL_OpenPGP,
enginfo->file_name,enginfo->home_dir);
if(err != GPG_ERR_NO_ERROR) return 5;
/* do ascii armor data, so output is readable in console */
gpgme_set_armor(ceofcontext, 1);
/* create buffer for data exchange with gpgme*/
err = gpgme_data_new(&data);
if(err != GPG_ERR_NO_ERROR) return 6;
/* set encoding for the buffer... */
err = gpgme_data_set_encoding(data,GPGME_DATA_ENCODING_ARMOR);
if(err != GPG_ERR_NO_ERROR) return 7;
/* verify encoding: not really needed */
tmp = gpgme_data_get_encoding(data);
if(tmp == GPGME_DATA_ENCODING_ARMOR) {
printf("encode ok\n");
} else {
printf("encode broken\n");
}
/* with NULL it exports all public keys */
err = gpgme_op_export(ceofcontext,NULL,0,data);
if(err != GPG_ERR_NO_ERROR) return 8;
read_bytes = gpgme_data_seek (data, 0, SEEK_END);
printf("end is=%d\n",read_bytes);
if(read_bytes == -1) {
p = (char *) gpgme_strerror(errno);
printf("data-seek-err: %s\n",p);
return 9;
}
read_bytes = gpgme_data_seek (data, 0, SEEK_SET);
printf("start is=%d (should be 0)\n",read_bytes);
/* write keys to stderr */
while ((read_bytes = gpgme_data_read (data, buf, SIZE)) > 0) {
write(2,buf,read_bytes);
}
/* append \n, so that there is really a line feed */
write(2,"\n",1);
/* free data */
gpgme_data_release(data);
/* free context */
gpgme_release(ceofcontext);
return 0;
}
</code></pre>
<p>[[!tags programming]]</p>
cconfighttps://www.nico.schottelius.org//docs/cconfig/2016-02-25T13:34:24Z2015-02-03T14:47:26Z
<h2>Introduction</h2>
<p>cconfig is a proposal for configurations on Unix-alike systems.
You can read it in the following formats:</p>
<ul>
<li><a href="https://www.nico.schottelius.org//docs/cconfig/cconfig.pdf">PDF</a></li>
<li><a href="https://www.nico.schottelius.org//docs/cconfig/cconfig.tex">LaTeX</a></li>
</ul>
efshhttps://www.nico.schottelius.org//docs/efsh/2016-02-25T13:34:24Z2015-02-03T14:47:26Z
<h2>Introduction</h2>
<p>Efsh is the acronym for <strong><em>easy filesystem hierarchy</em></strong>.
It is indented to be a <strong><em>lightweight</em></strong>, <strong><em>easy to use</em></strong>
and <strong><em>sysadmin friendly</em></strong> standard.</p>
<h2>Downloads</h2>
<ul>
<li><a href="https://www.nico.schottelius.org//docs/efsh/efsh-0.2.pdf">efsh 0.2</a></li>
<li><a href="https://www.nico.schottelius.org//docs/efsh/efsh-0.1.1.pdf">efsh 0.1.1</a></li>
</ul>
<h2>Development</h2>
<p>The latest development version can be found in git:</p>
<ul>
<li><a href="http://git.schottelius.org/?p=nsdocuments">gitweb</a></li>
</ul>
<p>You can clone it using</p>
<pre><code>git clone git://git.schottelius.org/nsdocuments
</code></pre>
<h2>Support</h2>
<p>There is a IRC channels, in which development takes places:</p>
<ul>
<li><a href="irc://irc.freenode.org/#cstar">#cstar</a> - Multi language (German/English)</li>
</ul>
<p>You can also <a href="https://www.nico.schottelius.org//about/">contact me directly</a>.</p>
FreeBSD Raid Monitoringhttps://www.nico.schottelius.org//docs/freebsd-raid-monitoring/2016-02-25T13:34:24Z2015-02-03T14:47:26Z
<h3>Introduction</h3>
<p>You've a raid and you want to monitor it with FreeBSD. That may or
may not be a problem. I'll try to summarise all information I got. If
you know that there's something incorrect or outdated, please contact
me. In general monitoring the state of a raid may be problematic, if
the hardware does not expose the needed information or does just expose
it via notification (it sends a messages "raid status changed" through
the driver, which you can try to grep out of syslog, but you cannot
monitor it actively).</p>
<h3>Status of this document</h3>
<p>This document was initially written on the 2nd of August 2007.
It was migrated to
<a href="http://www.nico.schottelius.org">www.nico.schottelius.org</a>
on the 12th of May 2009.</p>
<p>You can have a look into <a href="https://www.nico.schottelius.org//about/websites/">git</a>, to see when it was
last updated.</p>
<h2>List of raid systems and how to monitor them</h2>
<h3>FreeBSD gmirror software raid</h3>
<p>As you might expect, monitoring this raid is pretty easy.
We achieved that with the following two scripts:</p>
<pre>ddna044% cat /usr/local/scripts/fbsd_raid_monitor/cfs_gmirror.sh <br />#!/bin/sh<br />#==============================================================================<br /># Copyright (c) 2007, Netstream AG<br /># Author: Nico Schottelius <nico-freebsd-raid-monitoring <at> schottelius.org><br /># Created: 2007-04-23<br /># Description: Display state of all gmirror devices<br /># Created-By: /home/user/nico/firmen/netstream/sh/neues_skript.sh<br />#==============================================================================<br /><br />gmirror list | \<br /> awk -F: 'BEGIN { print "gmirror devices";<br /> print "---------------";<br /> }<br /> /^Geom name:/ {<br /> name=$2<br /> }<br /> /^State:/ {<br /> print name ":" $2<br /> }'<br /></pre>
<p>And the one that is called by cron:<br /></p>
<pre>ddna044% cat /usr/local/scripts/fbsd_raid_monitor/cfrib_gmirror.sh <br />#!/bin/sh<br />#==============================================================================<br /># Copyright (c) 2007, Netstream AG<br /># Author: Nico Schottelius <nico-freebsd-raid-monitoring <at> schottelius.org><br /># Created: 2007-04-23<br /># Description: Report broken devices.<br /># Created-By: /home/user/nico/firmen/netstream/sh/neues_skript.sh<br />#==============================================================================<br /><br />check=$(dirname $0)/cfs_gmirror.sh<br /><br /># Skip first two lines: header<br />"$check" | awk -F": " 'BEGIN { getline; getline } $2 !~ /COMPLETE/ { print $1 ":" $2 }'<br /><br /></pre>
<h3>LSI / Symbios Megaraid (<i>amr</i> driver)</h3>
<p><br />There are two possibilities to monitor amr-based devices:<br /></p>
<ul><li>with <b>megarc</b></li><li>with <b>amrstat</b></li></ul>
<p><br />The utility "amrstat" is availale in ports as sysutils/amrstat and is <a title="The term "FOSS"" href="https://www.nico.schottelius.org/documentations/foss/the-term-foss">FOSS</a>. Calling it reveals all needed information:<br /><br /></p>
<pre>ddna044# amrstat <br />Logical volume 0: optimal (136.73 GB, RAID0)<br />Logical volume 1: optimal (136.73 GB, RAID0)<br />Physical drive 1:1 online<br />Physical drive 1:2 online<br /></pre>
<p><br />The utility "<b>megarc</b>" is available in ports (sysutils/megarc), which is a <b>closed source </b>binary provided by LSI. I've found two easy to use scripts for this controller written by Scott Mitchell on <a href="http://lists.freebsd.org/pipermail/freebsd-questions/2006-June/125470.html">http://lists.freebsd.org/pipermail/freebsd-questions/2006-June/125470.html</a>:<br /></p>
<pre>#!/bin/sh -f<br />#<br /># Check status of RAID volumes on amr(4) controllers using the LSI MegaRC<br /># utility. If any logical drive has a status other than OPTIMAL, or any<br /># physical disks has a status other that ONLINE, display the full status<br /># for the adapter. If more than one adapter exists, add additional unit<br /># numbers to $adapters.<br />#<br /># $Id$<br />#<br /><br />adapters="0"<br /><br />for adapter in $adapters; do<br /> status=`/usr/local/sbin/megarc -ldinfo -a${adapter} -Lall -nolog |\<br /> /usr/bin/sed '1,$s/^M//' |\<br /> /usr/bin/sed '1,/Information Of Logical Drive/d'` ||\<br /> echo "Failed to get RAID status for AMR adapter ${adapter}"<br /><br /> echo "${status}" |\<br /> /usr/bin/egrep '^ Logical Drive : .*: Status: .*$' |\<br /> /usr/bin/egrep -qv 'OPTIMAL$'<br /> drives=$?<br /><br /> echo "${status}" |\<br /> /usr/bin/egrep '^ [0-9]+' |\<br /> /usr/bin/egrep -qv 'ONLINE$'<br /> disks=$?<br /><br /> if [ ${drives} -ne 1 -o ${disks} -ne 1 ]; then<br /> echo ""<br /> echo "AMR RAID status (adapter ${adapter}):"<br /> echo "${status}"<br /> fi<br />done<br /></pre>
<p><b>Warning:</b> The above script may not work when doing copy and paste, as reported by Per olof Ljungmark:</p>
<pre>I proceeded to test the scripts but the first one gives you an error due<br />to what Scott Mitchell wrote in his original mail:<br />"BTW, the '^M' in the amr-check-status script is a real Control-M<br />character, and there are embedded tabs in a couple of the egrep patterns,<br />in case those get lost in transit."<br /><br /><br />Don't know if ^M will show in a browser but the 16th. line should read:<br />/usr/bin/sed '1,$s/^M//' |\<br />otherwise you will get a sed error.<br /></pre>
<p>And the other one:</p>
<pre><br />#!/bin/sh -f<br />#<br /># Display status of RAID volumes on amr(4) controllers using the LSI MegaRC<br /># utility. If more than one adapter exists, add additional unit numbers to<br /># $adapters.<br />#<br /># $Id$<br />#<br /><br /># If there is a global system configuration file, suck it in.<br />#<br />if [ -r /etc/defaults/periodic.conf ]; then<br /> . /etc/defaults/periodic.conf<br /> source_periodic_confs<br />fi<br /><br />adapters="0"<br /><br />rc=0<br />case "${daily_amr_status_enable:-YES}" in<br /> [Nn][Oo])<br /> ;;<br /> *)<br /> for adapter in $adapters; do<br /> echo ""<br /> echo "AMR RAID status (adapter ${adapter}):"<br /> /usr/local/sbin/megarc -ldinfo -a${adapter} -Lall -nolog |\<br /> sed '1,/Information Of Logical Drive/d' || rc=$?<br /> done<br /> ;;<br />esac<br /><br />exit "$rc"<br /></pre>
<p>For more information on supported devices have a look at <a href="http://www.freebsd.org/cgi/man.cgi?query=amr&apropos=0&sektion=4&manpath=FreeBSD+6.2-RELEASE&format=html">amr(4)</a>.</p>
<h3>mpt</h3>
<p><br />mpt based devices can be monitored under Linux with the kernel module "mptctl" and the <a title="The term "FOSS"" href="https://www.nico.schottelius.org/documentations/foss/the-term-foss">FOSS</a> tool "<a href="http://www.drugphish.ch/~ratz/mpt-status/">mpt-status</a>". There seems to be no support under FreeBSD available currently. For more information about mpt have a look at <a href="http://www.freebsd.org/cgi/man.cgi?query=mpt&apropos=0&sektion=4&manpath=FreeBSD+6.2-RELEASE&format=html">mpt(4)</a>.<br /><br /></p>
<h3>ciss</h3>
<p>Known tools:</p>
<ul>
<li>camcontrol</li>
<li>hpacucli</li>
</ul>
<p><br />This driver is used for most HP / Compaq controllers and is (afaik) found in almost all modern SAS/SATA systems provided by HP. As described in http://www.unixadmintalk.com/f41/monitoring-raid-arrays-51889/, you can monitor it via <b>camcontrol</b>:<br /><br /></p>
<pre># camcontrol inquiry da0<br />pass0: <COMPAQ RAID 1 VOLUME OK> Fixed Direct Access SCSI-0 device<br />pass0: 135.168MB/s transfers<br /></pre>
<p>(This is untested by me, just found it on the net). On <a href="http://lists.freebsd.org/pipermail/freebsd-proliant/2006-October/000169.html">http://lists.freebsd.org/pipermail/freebsd-proliant/2006-October/000169.html</a> I also found the relevant strings to look for:<br /></p>
<pre>During normal operation of the raid:<br /># camcontrol inquiry da0 -D<br />pass0: <COMPAQ RAID 1 VOLUME OK> Fixed Direct Access SCSI-0 device<br /><br />After removing one of the raid member disks:<br /># camcontrol inquiry da0 -D<br />pass0: <COMPAQ RAID 1 VOLUME inte> Fixed Direct Access SCSI-0 device<br /><br />After re-inserting the raid member disk:<br /># camcontrol inquiry da0 -D<br />pass0: <COMPAQ RAID 1 VOLUME reco> Fixed Direct Access SCSI-0 device<br /><br />And about 45 minutes later:<br /># camcontrol inquiry da0 -D<br />pass0: <COMPAQ RAID 1 VOLUME OK> Fixed Direct Access SCSI-0 device<br /></pre>
<p>You could also use <a id="acu" name="acu">hpacucli, which can be found at </a>http://people.freebsd.org/~jcagle/. I have no experience with it. So if you have, you can send report or scripts to monitor it to me, so I can include it here (the hint to it was send by Jaimie Sirovich.<br /></p>
<h3>3ware raid: twa/twe</h3>
<p>Install and configure <b>sysutils/3dm</b>. This installs a daemon that provides a webinterface and which is also capable to notify you via e-mail if something happens. This is perhaps the easiest way of monitoring raid in FreeBSD. The other possibility to monitor 3ware raids is via <b>tw_cli</b>.</p>
<h3>ataraid</h3>
<p>This is a softwareraid driver for many different cards.
Have a look at ataraid(4).
Somebody in ##freebsd (irc.freenode.org) pasted the url
<a href="http://www.monkeybrains.net/~rudy/example/raid_status.html">http://www.monkeybrains.net/~rudy/example/raid_status.html</a>, which contains a script that monitors gmirror, 3ware (via tw_cli) and also ataraid (ar0) via <b>atacontrol</b>.
For archiving, the script is mirrored below:</p></p>
<pre>#!/bin/sh<br /><br /># raid_status - check the state of the RAID. <br /><br /># This script works for various types of RAID devices. (Currently, 3Ware, gmirror, BSd 'ar0' raids)<br /># WARNING: Install the proper CLI program for your 3ware card, if you use 3ware.<br /><br /># Set up a cronjob like this:<br /># */16 * * * * /home/rudy/bin/raid_status CRON<br /><br />### Copyright (c) 2006, Rudy Rucker All rights reserved.<br />### Redistribution and use of script, with or without modification, is<br />### permitted provided that the following condition is met:<br />### Redistributions of source code must retain the above copyright<br />### notice, this list of conditions and the following disclaimer.<br />### THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND<br />### ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE<br />### IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE<br />### ARE DISCLAIMED.<br /><br /># ----------- Change Log ------------<br /># Mon Oct 11 15:20:37 PDT 2004 - rudy<br /># Original script.<br /># Tue Feb 7 01:28:07 PST 2006 - rudy<br /># Added 9500 and 9550 support<br /># Fri Jun 9 10:38:33 PDT 2006 - rudy<br /># works for 'ar' and 'tw' mirrored arrays<br /># Tue Sep 12 10:23:13 PDT 2006 - rudy<br /># Added gmirror and realized that not all 3ware's are the same...<br /><br />MODE=$1<br /><br />TWCLI="/usr/local/bin/tw_cli"<br />GMIRROR="/sbin/gmirror"<br />ATACONTROL="/sbin/atacontrol"<br /><br />AWK="/usr/bin/awk"<br />GREP="/usr/bin/grep"<br />MAIL="/usr/bin/mail"<br /><br />EMAIL="noc@example.com"<br /><br /># if this is not a 3ware card, check the atacontol<br />if [ -c /dev/twed0 ] && [ -x $TWCLI ]; then<br /> # 3ware card ... 8000 series<br /> STATUS=`$TWCLI info c0 u0 | $GREP "^Status" | $AWK {'print $2'}`;<br /> VALID='OK'<br /> ESTATUS_CMD="$TWCLI info c0 u0";<br /> # double check the 3ware output incase it returned nada...<br /> # Umm... this is the only raid card I have witness this bug<br /> if [ "X$STATUS" = "X" ]; then<br /> sleep 1;<br /> STATUS=`$TWCLI info c0 u0 | $GREP "^Status" | $AWK {'print $2'}`;<br /> fi<br />elif [ -c /dev/da0 ] && [ -x $TWCLI ]; then<br /> # Note, there are plenty of other device names that use da0... this script is<br /> # not for those... works with:<br /> # 3ware 9550SX, 9500S<br /> STATUS=`$TWCLI info c0 | $GREP "^u0" | $AWK '{print $3}'`;<br /> VALID='OK'<br /> ESTATUS_CMD="$TWCLI info c0 u0"<br />elif [ -c /dev/mirror/gm0 ] && [ -x $GMIRROR ]; then<br /> # gmirror /dev/mirror/gm0<br /> STATUS=`$GMIRROR status gm0 | $GREP "^mirror" | $AWK {'print $2'}`;<br /> VALID='COMPLETE'<br /> ESTATUS_CMD="$GMIRROR list";<br />elif [ -c /dev/ar0 ] && [ -x $ATACONTROL ]; then<br /> # Motherboard promise and others<br /> STATUS=`$ATACONTROL status ar0 | $GREP "status" | $AWK -F 'status: ' '{print $2}'`;<br /> VALID='READY'<br /> ESTATUS_CMD="/sbin/atacontrol status ar0"<br />else<br /> echo "Unknown Raid type.... ";<br /> if [ -x $TWCLI ]; then<br /> echo " + found $TWCLI";<br /> else<br /> echo " - can't exec $TWCLI";<br /> fi<br /> if [ -x $ATACONTROL ]; then<br /> echo " + found $ATACONTROL";<br /> else<br /> echo " - can't exec $ATACONTROL";<br /> fi<br /> if [ -x $GMIRROR ]; then<br /> echo " + found $GMIRROR";<br /> else<br /> echo " - can't exec $GMIRROR";<br /> fi<br /> exit;<br />fi<br /><br /># Okay, we checked the raid status and know what the return code should be.<br />if [ "$STATUS" = "$VALID" ]; then<br /> if [ "$MODE" = "CRON" ]; then<br /> exit;<br /> fi<br /> echo "OK condition"; <br /> $ESTATUS_CMD<br /> exit;<br />fi<br /><br /># ERROR! Either print to TTY or send an email, based on MODE (which is arg[1])<br />if [ "$MODE" = "CRON" ]; then<br /> $ESTATUS_CMD | $MAIL -s "[ERROR] Raid array on $HOST returned $STATUS" $EMAIL<br />else<br /> echo "ERROR condition"<br /> $ESTATUS_CMD<br />fi<br /><br /></pre>
<h3>Adaptec: aac</h3>
<p>Jaimie Sirovich reported that you can monitor some adaptec card with the
<a href="http://www.freshports.org/sysutils/aaccli">aacli</a>
More information and examples are currently missing.</p>
<h3>Areca: arcmsr</h3>
<p>The areca controller can either be monitored directly from the raid controller
(8 and 16 port versions), which has an own nic and rj45 port or via the
<strong><em>closed source</em></strong> webserver
(which is the same one as running on the controller).
It can be downloaded from
<a href="http://www.areca.com.tw/support/main.htm">areca.com</a>.
Configuring it means just to click around in the webinterface.</p>
<h3>asr</h3>
<p>Are reported to be monitorable via
<a href="http://www.freshports.org/sysutils/asr-utils">asr-utils</a>
(confirmation needed).</p>
Linux Virtual Machine Overviewhttps://www.nico.schottelius.org//docs/linux-virtual-machines/2016-02-25T13:34:24Z2015-02-03T14:47:26Z
<p>This document is <strong><em>WORK IN PROGRESS</em></strong></p>
<h2>Introduction</h2>
<p>This article tries to summarise Linux Virtual Machine
methods and is in its early stage. It does not focus
on different types of hypervisors, but more on the
issues and features you get with each hypervisor.</p>
<h3>Host Kernel</h3>
<p>Some supervisors need their own (modified Linux) kernel
to operate, whereas others work with any Linux kernel.
Though some of them again need some configurations
to be turned on in the stock kernel.</p>
<h3>VM Installation</h3>
<p>Depending on the hypervisor, there are different requirements
and methods for the installation:</p>
<ul>
<li>Installation can be done within the VM for completly isolated machines</li>
<li>Installation must be done outside / on the host for systems without own kernel</li>
</ul>
<p>Some hypervisors can boot from the network, whereas others just
create a very lightweight isolation and boot an installed system
only.</p>
<h3>Guest OS changes</h3>
<p>Some hypervisors require changes to the virtual machines, to be able
to run successfully. Others allow a original OS version to be
installed.</p>
<h3>Network configuration</h3>
<p>Whether the VM is attached to a bridge, a tun/tap device, treated
as a normal process, there may be a lot of different configurations.
Furthermore, firewall (masquerade/nat) configurations may be necessary.</p>
<p>Additionally, some of the hypervisors support dynamic allocation
of mac or even ip addresses.</p>
<h3>Templates</h3>
<p>Some hypervisors support reusage of installations.</p>
<h3>Management</h3>
<p>Most hypervisors contain some minor collection of utilities
to manage virtual machines. Some libraries / frameworks
try to integrate those utilities, to abstract the different
implementations.</p>
<p>Typical issues are:</p>
<ul>
<li>Autostart machines on startup / autostop on shutdown</li>
<li>Creation of new VMs / including template handling</li>
<li>Manual start/stop of VMs</li>
<li>Listing of running / existing VMs</li>
</ul>
<h3>Automated usage</h3>
<p>Especially interesting for a sysadmin is, how easy a system can
be automated, which steps need to be taken to get a new image
or copy of an existing one. This aspect is one focus of this
document.</p>
<h2>Hypervisors</h2>
<table>
<thead>
<tr>
<th>Name</th>
<th> Host Kernel</th>
<th> Guest OS changes</th>
<th> Installation</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="http://wiki.qemu.org/">QEMU</a></td>
<td> Original</td>
<td> no</td>
<td> inside</td>
</tr>
<tr>
<td><a href="http://www.linux-kvm.org/">KVM</a></td>
<td> Original w/KVM</td>
<td> no</td>
<td> inside</td>
</tr>
<tr>
<td><a href="http://lguest.ozlabs.org/">Lguest</a></td>
<td> Original w/Lguest</td>
<td> ?</td>
<td> ?</td>
</tr>
<tr>
<td><a href="http://lxc.sourceforge.net/">Linux Containers</a></td>
<td> Original w/Containers</td>
<td> yes</td>
<td> outside</td>
</tr>
<tr>
<td><a href="http://linux-vserver.org">Linux VServer</a></td>
<td> Own</td>
<td> ?</td>
<td> ?</td>
</tr>
<tr>
<td><a href="http://user-mode-linux.sourceforge.net/">User Mode Linux</a></td>
<td> Original</td>
<td> ?</td>
<td> outside</td>
</tr>
<tr>
<td><a href="http://wiki.openvz.org/Main_Page">OpenVZ</a></td>
<td> Own</td>
<td> ?</td>
<td> ?</td>
</tr>
<tr>
<td><a href="http://www.virtualbox.org/">Virtualbox</a></td>
<td> Original+Modules</td>
<td> no</td>
<td> inside</td>
</tr>
<tr>
<td><a href="http://www.vmware.com/">VMWare</a></td>
<td> Original+Modules / Own</td>
<td> no</td>
<td> inside</td>
</tr>
<tr>
<td><a href="http://www.xen.org/">Xen</a></td>
<td> Own</td>
<td> ?</td>
<td> ?</td>
</tr>
</tbody>
</table>
<h3>lxc</h3>
<p>Some hints on lxc:</p>
<ul>
<li>Helper scripts existent (lxc-debian, lxc-fedora, ...)</li>
<li>adjust init. change dev. do not run udev (why?)</li>
<li>Root open in the filesystem</li>
<li>No network specified = all from host accessible!</li>
</ul>
<h2>Management Libraries / Frameworks</h2>
<table>
<thead>
<tr>
<th>Name</th>
<th> Hints</th>
</tr>
</thead>
<tbody>
<tr>
<td colspan="2">Ganetti</td>
</tr>
<tr>
<td colspan="2">Libvirt</td>
</tr>
</tbody>
</table>
<h2>Poor man's management</h2>
<p>This sections describes typical vm management tasks, done with
easy commands.</p>
<h3>Creating a new (sparse) image file</h3>
<pre><code>dd if=/dev/zero of=<filename> bs=1 count=0 seek=<gigabytes>G
</code></pre>
rails hintshttps://www.nico.schottelius.org//docs/rails_hints/2016-02-25T13:34:24Z2015-02-03T14:47:26Z
<ul>
<li>webserver aufsetzen</li>
<li>datenbankserver aufsetzen</li>
<li>applikation hochladen</li>
<li>datenbank erzeugen</li>
<li>...</li>
</ul>
<p>http://www.turnkeylinux.org/rails</p>
<p>23:55 < simplyb> telmich: I'm not sure if slicehost lets you clone via the API</p>
<p>rvm einbinden?
- rvm vorhanden
- rvm 1.8.7
- gem install bundler</p>
<h2>- bundle install</h2>
<p>PKG=libsqlite3-dev sqlite3 zlib1g-dev libssl-dev
apt-get install $PKG
su - railsuser
export http_proxy=http://proxy.ethz.ch:3128
rvm install ruby-1.8.7 && rvm ruby-1.8.7 && rvm gemset create rails && rvm 1.8.7@rails && gem install bundler && cd rails/ && bundle install && gem install unicorn && unicorn_rails -l /home/mbs/rails/unicorn.sock</p>
<p>Danach:</p>
<p>mbs@sgv-rails-01:~$ cd ~/rails && rvm 1.8.7@rails && unicorn_rails -l /home/mbs/rails/unicorn</p>
<p>Opitimiert:</p>
<hr />
<p>[21:38] kr:wollmilchsau% rsync -av ./ rvm7@sgv-nicosc-06.ethz.ch:</p>
<p>rvm7@sgv-nicosc-06:~$ rvm install ruby-1.8.7
rvm7@sgv-nicosc-06:~$ rvm install 1.9.2
rvm7@sgv-nicosc-06:~$ rvm install ruby-1.9.1
rvm7@sgv-nicosc-06:~$ rvm gemset create mbs
'gem' was not found, cannot perform gem actions (Do you have an RVM ruby selected?)
rvm7@sgv-nicosc-06:~$ rvm ruby-1.8.7-p302
rvm7@sgv-nicosc-06:~$ rvm gemset create mbs
'mbs' gemset created (/home/rvm7/.rvm/gems/ruby-1.8.7-p302@mbs).
rvm7@sgv-nicosc-06:~$ rvm ruby-1.8.7-p302@mbs
rvm7@sgv-nicosc-06:~$ gem install bundler
ERROR: Loading command: install (LoadError)
no such file to load -- zlib
ERROR: While executing gem ... (NameError)
uninitialized constant Gem::Commands::InstallCommand
rvm7@sgv-nicosc-06:~$ rvm ruby-1.9.1-p378
Gemset 'mbs' does not exist, rvm gemset create 'mbs' first.
rvm7@sgv-nicosc-06:~$ rvm gemset create mbs
'mbs' gemset created (/home/rvm7/.rvm/gems/ruby-1.9.1-p378@mbs).
rvm7@sgv-nicosc-06:~$
rvm7@sgv-nicosc-06:~$ gem install bundler
/home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/package.rb:10:in <code>require': no such file to load -- zlib (LoadError)
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/package.rb:10:in</code>'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/format.rb:9:in <code>require'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/format.rb:9:in</code>'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/installer.rb:11:in <code>require'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/installer.rb:11:in</code>'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/dependency_installer.rb:3:in <code>require'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/dependency_installer.rb:3:in</code>'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/commands/install_command.rb:4:in <code>require'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/commands/install_command.rb:4:in</code>'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/command_manager.rb:140:in <code>require'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/command_manager.rb:140:in</code>rescue in load_and_instantiate'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/command_manager.rb:132:in <code>load_and_instantiate'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/command_manager.rb:65:in</code>[]'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/command_manager.rb:118:in <code>find_command'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/command_manager.rb:104:in</code>process_args'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/command_manager.rb:75:in <code>run'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/rubygems/gem_runner.rb:39:in</code>run'
from /home/rvm7/.rvm/rubies/ruby-1.9.1-p378/bin/gem:29:in `'
rvm7@sgv-nicosc-06:~$</p>
<p>root@sgv-nicosc-06:~# apt-get install zlib1g-dev</p>
<p>rvm7@sgv-nicosc-06:~$ rvm uninstall ruby-1.8.7-p302 ruby-1.9.1-p378
Removing /home/rvm7/.rvm/rubies/ruby-1.9.1-p378...
rvm7@sgv-nicosc-06:~$ rvm uninstall ruby-1.8.7-p302
Removing /home/rvm7/.rvm/rubies/ruby-1.8.7-p302...</p>
<p>rvm7@sgv-nicosc-06:~$ rvm install ruby-1.8.7</p>
<p>Installing Ruby from source to: /home/rvm7/.rvm/rubies/ruby-1.8.7-p302, this may take a while depending on your cpu(s)...</p>
<h1>fetching ruby-1.8.7-p302</h1>
<h1>extracting ruby-1.8.7-p302 to /home/rvm7/.rvm/src/ruby-1.8.7-p302 (already extracted)</h1>
<h1>configuring ruby-1.8.7-p302</h1>
<h1>compiling ruby-1.8.7-p302</h1>
<h1>installing ruby-1.8.7-p302</h1>
<h1>rubygems installing to ruby-1.8.7-p302</h1>
<h1>shebangs adjustment for ruby-1.8.7-p302 (gem irb erb ri rdoc testrb rake).</h1>
<h1>importing initial gems</h1>
<h1>complete install of ruby-1.8.7-p302</h1>
<p>rvm7@sgv-nicosc-06:~$ rvm ruby-1.8.7-p302</p>
<p>rvm7@sgv-nicosc-06:~$ rm -rf .rvm</p>
<p>rvm7@sgv-nicosc-06:~$ rm -rf .rvm</p>
<p>rvm7@sgv-nicosc-06:~$ rvm install ruby-1.8.7 && rvm ruby-1.8.7 && gem install bundler</p>
<p>Installing Ruby from source to: /home/rvm7/.rvm/rubies/ruby-1.8.7-p302, this may take a while depending on your cpu(s)...</p>
<h1>fetching ruby-1.8.7-p302</h1>
<p>Downloading ruby-1.8.7-p302, this may take a while depending on your connection...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4086k 100 4086k 0 0 239k 0 0:00:17 0:00:17 --:--:-- 407k</p>
<h1>extracting ruby-1.8.7-p302 to /home/rvm7/.rvm/src/ruby-1.8.7-p302</h1>
<h1>configuring ruby-1.8.7-p302</h1>
<h1>compiling ruby-1.8.7-p302</h1>
<h1>installing ruby-1.8.7-p302</h1>
<h1>rubygems installing to ruby-1.8.7-p302</h1>
<p>Retrieving rubygems-1.3.7
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 284k 100 284k 0 0 351k 0 --:--:-- --:--:-- --:--:-- 351k
Extracting rubygems-1.3.7 ...</p>
<h1>shebangs adjustment for ruby-1.8.7-p302 (gem irb erb ri rdoc testrb rake).</h1>
<h1>importing initial gems</h1>
<h1>complete install of ruby-1.8.7-p302</h1>
<p>Successfully installed bundler-1.0.0
1 gem installed
Installing ri documentation for bundler-1.0.0...
Installing RDoc documentation for bundler-1.0.0...
rvm7@sgv-nicosc-06:~$</p>
<p>rvm7@sgv-nicosc-06:~$ gem install bundler</p>
<p>rvm7@sgv-nicosc-06:~$ git clone git://git.sans.ethz.ch/mbs
Initialized empty Git repository in /home/rvm7/mbs/.git/
remote: Counting objects: 1648, done.
remote: Compressing objects: 100% (591/591), done.
remote: Total 1648 (delta 984), reused 1641 (delta 981)
Receiving objects: 100% (1648/1648), 233.86 KiB, done.
Resolving deltas: 100% (984/984), done.
rvm7@sgv-nicosc-06:~$
rvm7@sgv-nicosc-06:~$ cd mbs/
rvm7@sgv-nicosc-06:~/mbs$ bundle install
Detected Gemfile.lock generated by 0.9, deleting...
Fetching source index for http://rubygems.org/</p>
<p>root@sgv-nicosc-06:~# apt-get install libsqlite3-dev sqlite3</p>
<p>rvm7@sgv-nicosc-06:~/mbs$ rvm implode
Are you SURE you wish for rvm to implode? This will remove /home/rvm7/.rvm ? (type 'yes' or 'no')
yes
Hai! Removing /home/rvm7/.rvm
/home/rvm7/.rvm has been removed.
rvm7@sgv-nicosc-06:~/mbs$ cd
rvm7@sgv-nicosc-06:~$</p>
<hr />
<p>rvm7@sgv-nicosc-06:~$ rvm install ruby-1.8.7 && rvm ruby-1.8.7 && rvm gemset create mbs && gem install bundler && cd mbs/ && bundle install</p>
<h2> ==> missing rvm ruby-1.8.7@mbs!</h2>
<p>rvm7@sgv-nicosc-06:~$ rvm install ruby-1.8.7 && rvm ruby-1.8.7 && rvm gemset create mbs && rvm ruby-1.8.7@mbs && gem install bundler && cd mbs/ && bundle install</p>
<hr />
<p>Extracting rubygems-1.3.7 ...</p>
<h1>shebangs adjustment for ruby-1.8.7-p302 (gem irb erb ri rdoc testrb rake).</h1>
<h1>importing initial gems</h1>
<h1>complete install of ruby-1.8.7-p302</h1>
<p>'mbs' gemset created (/home/rvm7/.rvm/gems/ruby-1.8.7-p302@mbs).
Successfully installed bundler-1.0.0
1 gem installed
Installing ri documentation for bundler-1.0.0...
Installing RDoc documentation for bundler-1.0.0...
Fetching source index for http://rubygems.org/
Installing rake (0.8.7)
Installing abstract (1.0.0)
Installing activesupport (3.0.0.beta4)
Installing builder (2.1.2)
Installing i18n (0.4.1)
Installing activemodel (3.0.0.beta4)
Installing erubis (2.6.6)
Installing rack (1.1.0)
Installing rack-mount (0.6.13)
Installing rack-test (0.5.4)
Installing tzinfo (0.3.23)
Installing actionpack (3.0.0.beta4)
Installing mime-types (1.16)
Installing polyglot (0.3.1)
Installing treetop (1.4.8)
Installing mail (2.2.5)
Installing actionmailer (3.0.0.beta4)
Installing arel (0.4.0)
Installing activerecord (3.0.0.beta4)
Installing activeresource (3.0.0.beta4)
Using bundler (1.0.0)
Installing thor (0.13.8)
Installing railties (3.0.0.beta4)
Installing rails (3.0.0.beta4)
Installing sqlite3-ruby (1.3.1) with native extensions
Your bundle is complete! Use <code>bundle show [gemname]</code> to see where a bundled gem is installed.</p>
<p>Your bundle was installed to <code>/home/rvm7/.rvm/gems/ruby-1.8.7-p302@mbs</code>
rvm7@sgv-nicosc-06:~/mbs$ rails server
=> Booting WEBrick
=> Rails 3.0.0.beta4 application starting in development on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2010-09-08 14:28:06] INFO WEBrick 1.3.1
[2010-09-08 14:28:06] INFO ruby 1.8.7 (2010-08-16) [x86_64-linux]
[2010-09-08 14:28:06] INFO WEBrick::HTTPServer#start: pid=15658 port=3000</p>
<hr />
<p>railsuser2@sgv-rails-01:~$ rvm install ruby-1.8.7 && rvm ruby-1.8.7 && rvm gemset create rails && gem install bundler && cd rails/ && bundle install</p>
<p>railsuser2@sgv-rails-01:~$ export http_proxy=http://proxy.ethz.ch:3128 && rvm install ruby-1.8.7 && rvm ruby-1.8.7 && rvm gemset create rails && gem install bundler && cd rails/ && bundle install</p>
<hr />
<p>export http_proxy=http://proxy.ethz.ch:3128 && rvm install ruby-1.8.7 && rvm ruby-1.8.7 && rvm gemset create rails && gem install bundler && cd rails/ && bundle install && gem install unicorn && unicorn_rails -l /home/mbs/rails/unicorn.sock</p>
<p>mbs@sgv-rails-01:~$ export http_proxy=http://proxy.ethz.ch:3128 && rvm install ruby-1.8.7 && rvm ruby-1.8.7 && rvm gemset create rails && rvm rails@1.8.7 && gem install bundler && cd rails/ && bundle install && gem install unicorn && unicorn_rails -l /home/mbs/rails/unicorn.sock</p>
<p>mbs@sgv-rails-01:~/rails$ rvm 1.8.7
mbs@sgv-rails-01:~/rails$ un
unalias unexpand unlink unxz
uname unicode_start unlzma unzip
unattended-upgrade unicode_stop unset unzipsfx
unattended-upgrades uniq unshare <br />
uncompress unix_chkpwd until <br />
unconfined unix_update unwrapdiff <br />
mbs@sgv-rails-01:~/rails$ un</p>
<p>mbs@sgv-rails-01:~/rails$ find /home/mbs/.rvm/ -name unicorn*
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/bin/unicorn_rails
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/bin/unicorn
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/cache/unicorn-1.1.4.gem
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/bin/unicorn_rails
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/bin/unicorn
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/ext/unicorn_http
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/ext/unicorn_http/unicorn_http.o
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/ext/unicorn_http/unicorn_http.c
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/ext/unicorn_http/unicorn_http.rl
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/ext/unicorn_http/unicorn_http.so
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/ext/unicorn_http/unicorn_http_common.rl
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/unicorn.gemspec
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/Documentation/unicorn_rails.1.txt
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/Documentation/unicorn.1.txt
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/man/man1/unicorn_rails.1
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/man/man1/unicorn.1
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/lib/unicorn.rb
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/lib/unicorn_http.so
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/lib/unicorn
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/examples/unicorn.conf.rb
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/gems/unicorn-1.1.4/examples/unicorn.conf.minimal.rb
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/specifications/unicorn-1.1.4.gemspec
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/doc/unicorn-1.1.4
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/doc/unicorn-1.1.4/rdoc/files/ext/unicorn_http
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/doc/unicorn-1.1.4/rdoc/files/ext/unicorn_http/unicorn_http_c.html
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/doc/unicorn-1.1.4/rdoc/files/lib/unicorn_rb.html
/home/mbs/.rvm/gems/ruby-1.8.7-p302@1.8.7/doc/unicorn-1.1.4/rdoc/files/lib/unicorn
mbs@sgv-rails-01:~/rails$</p>
<p>mbs@sgv-rails-01:~/rails$ gem install bundler && cd rails/ && bundle install && gem install unicorn && unicorn_rails -l /home/mbs/rails/unicorn.sock2</p>
<ul>
<li>gem zu alt auf server</li>
<li>capistrano:
<ul>
<li>keine echten dependencies -> gems werden nicht installiert</li>
<li>bundler nicht auf zielsystem vorhanden</li>
<li>integration in unicorn schwierig (current wechselt)</li>
<li>wann ist capistrano sinnvoll</li>
</ul>
</li>
<li>rvm im user als lösung?</li>
</ul>
<hr />
<p>Notizen:</p>
<ul>
<li>hosting als "notwendiges übel"</li>
<li>keine zeit für sysadmin-sachen</li>
<li>vmware ->> squeeze ->> vserver</li>
<li>puppetmaster auf vserver</li>
<li><p>lxc?</p>
<ul>
<li>dateien im fs</li>
</ul>
</li>
<li><p>i: collectd >> munin</p></li>
<li>dns nicht automatisiert</li>
<li>vhost erzeugen und vernichten mit puppet !</li>
<li>gems: als root besser: rake / bundler</li>
<li>gem selber kompiliert im root!</li>
<li>rvm: layer++;</li>
<li>gem-update</li>
<li>rails / passenger: suid als user</li>
<li>shared/system</li>
<li>vim: command t</li>
<li><p>vim: vc über mehrere zeilen</p></li>
<li><p>cijoe <=> webseite</p></li>
<li>fatfree => crm</li>
<li>highrise</li>
<li>basecamp</li>
<li>balanced scorecard</li>
</ul>
<p>--- vserver
- "one click install" / cpanel
- vserver-hosting
- "heroku-konkurrenz"
- puppet consulting / 0900er</p>
<hr />
<p>config/application,rb:</p>
<pre><code>config.generators do |g|
g.template_engine :haml
end
</code></pre>
<p>git submodule add git://github.com/psynix/rails3_haml_scaffold_generator.git lib/generators/haml</p>
<ul>
<li>nginx</li>
<li>unicorn</li>
<li>restarts?</li>
<li>cluster?</li>
</ul>
Static image gallery generator comparison (FOSS)https://www.nico.schottelius.org//docs/static-image-gallery-generator-comparison/2016-07-04T09:09:00Z2015-02-03T14:47:26Z
<h2>Introduction</h2>
<p>This document describes several static image gallery generators,
their advantages and disadvantages. All of them are FOSS and
have been tested under a Unix like operating system.
If you have any kind of update, do not hesitate to
<a href="https://www.nico.schottelius.org//about/">contact me</a>. I am using a downscaled sample directory
(<strong>basis</strong>) for testing.</p>
<p>I'm not referencing the navigation, but only "Next Image", because
this is probably the most often used navigation part.</p>
<h3>Terms</h3>
<p>A small definition of the terms:</p>
<table>
<thead>
<tr>
<th>Term</th>
<th> Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Next image</td>
<td> What to click to reach the next image</td>
</tr>
<tr>
<td>Output</td>
<td> Tools either output in the source directory or in a different one</td>
</tr>
<tr>
<td>Original image reference</td>
<td> How to reach the full size image</td>
</tr>
<tr>
<td>Original image location</td>
<td> During creation, how are original images handled</td>
</tr>
<tr>
<td>Image scaling</td>
<td> Does the tool support scaling the images?</td>
</tr>
<tr>
<td>Exif</td>
<td> Can the tool display exif information?</td>
</tr>
<tr>
<td>Default Design</td>
<td> Hints on the default design chosen by the tool</td>
</tr>
<tr>
<td>Configuration</td>
<td> Configuration possibilities</td>
</tr>
<tr>
<td>Subdirectory index</td>
<td> Does a run include the subdirectories?</td>
</tr>
<tr>
<td>Subdirectory removal</td>
<td> Can the tool handle removal of a subdirectory?</td>
</tr>
<tr>
<td>Other</td>
<td> Stuff not categorised / special about this tool</td>
</tr>
</tbody>
</table>
<h2><a href="http://cgg.bzatek.net/">cataract</a> (1.0.0)</h2>
<ul>
<li> Next image: Click on image</li>
<li> Output: Different directory</li>
<li> Original image reference: links to original image (full size)</li>
<li> Original image location: Originals are copied</li>
<li> Image scaling: supported</li>
<li> Exif: Supported</li>
<li> Default design: Good usable</li>
<li> Configuration: XML files</li>
<li> Subdirectory index: No</li>
<li> Other: Scrolling (middle mouse button) does not work</li>
</ul>
<h3>Sample usage:</h3>
<pre><code>cp -r basis cgg-input
cd cgg-input
# create directory listing
cgg-dirgen > index.xml
cd ..
# cgg automatically creates the destination directory
cgg -s cgg-input -o cgg-output/
</code></pre>
<h2><a href="https://www.thregr.org/~wavexx/software/fgallery/">fgallery</a> (1.8.2)</h2>
<ul>
<li> Next image: Link next to the image</li>
<li> Output: Different directory</li>
<li> Original image reference: Copy (optional)</li>
<li> Original image location: Originals are copied</li>
<li> Image scaling: Supported</li>
<li> Exif: Supported</li>
<li> Default design: Good usable</li>
<li> Configuration: Command line</li>
<li> Subdirectory index: No</li>
<li> Other: Sets background colour fitting to image</li>
</ul>
<h3>Sample usage:</h3>
<pre><code>cp -r basis fgallery-input
fgallery -j 4 fgallery-input fgallery-out
</code></pre>
<h2><a href="http://live.gnome.org/gthumb">gthumb</a> (2.10.12)</h2>
<ul>
<li> Next image: Various</li>
<li> Output: Different directory</li>
<li> Original image reference: Link from scaled image</li>
<li> Original image location: Copy (optional)</li>
<li> Image scaling: Supported</li>
<li> Exif: Supported</li>
<li> Default design: Good usable</li>
<li> Configuration: GUI</li>
<li> Subdirectory index: No</li>
<li> Other: Different designs available</li>
</ul>
<h3>Sample usage:</h3>
<pre><code>cp -r basis gthumb-input
gthumb gthumb-input
</code></pre>
<h2><a href="http://igal.trexler.at/">igal2</a> (2.0)</h2>
<ul>
<li> Next image: Link below and above image</li>
<li> Output: Same directory</li>
<li> Original image reference: Link from scaled image</li>
<li> Original image location: .</li>
<li> Image scaling: <strong><em>unsupported</em></strong></li>
<li> Exif: <strong><em>unsupported</em></strong></li>
<li> Default design: Very basic</li>
<li> Configuration: Command line</li>
<li> Subdirectory index: No</li>
<li> Other: Automatic link to parent directory</li>
</ul>
<h3>Sample usage:</h3>
<pre><code>cp -r basis igal2-input
cd igal2-input
igal2 --www
</code></pre>
<h2><a href="http://sousmonlit.zincube.net/~niol/playa/oss/projects/lazygal/">lazygal</a> (0.5)</h2>
<ul>
<li> Next image: Image preview next to the image</li>
<li> Output: Different directory</li>
<li> Original image reference: Text below image</li>
<li> Original image location: Copy (optional)</li>
<li> Image scaling: supported</li>
<li> Exif: supported</li>
<li> Default design: Basic</li>
<li> Configuration: Command line and configuration file</li>
<li> Subdirectory index: Yes</li>
<li> Subdirectory removal: Yes / Warning</li>
<li> Other: Automatic link to parent directory, RSS feed, HTML5 videos for video files</li>
</ul>
<h3>Sample usage:</h3>
<pre><code>cp -r basis lazygal-input
mkdir lazygal-output
lazygal -o lazygal-output lazygal-input
# Including copy of original images:
lazygal -O -o lazygal-output lazygal-input
</code></pre>
<h2><a href="http://home.gna.org/llgal/">llgal</a> (0.13.15)</h2>
<ul>
<li> Next image: Link below and above image</li>
<li> Output: Same directory</li>
<li> Original image reference: Link from scaled image</li>
<li> Original image location: .</li>
<li> Image scaling: supported</li>
<li> Exif: supported</li>
<li> Default design: Usable</li>
<li> Configuration: Command line</li>
<li> Subdirectory index: Yes</li>
<li> Subdirectory removal: Yes</li>
<li> Other: Support for different languages, optional link to parent site</li>
</ul>
<h3>Sample usage:</h3>
<pre><code>cp -r basis llgal-input
cd llgal-input
llgal
# limit size:
llgal --sx 1000 --sy 700
# Track subdirectories
llgal --sx 1000 --sy 700 -R
# Create real world site
llgal --sx 1000 --sy 700 -R --exif --fe -L --li --title "Nico Schottelius' Photos" --www --lang en_US
</code></pre>
<h2><a href="http://homepage.univie.ac.at/l.ertl/swiggle/">swiggle</a> 0.4</h2>
<p>Generates html file without any links.</p>
<h3>Sample usage:</h3>
<pre><code>mkdir swiggle-input
cp -r basis swiggle-input
swiggle swiggle-input
</code></pre>
Simple Universal Time (SUT)https://www.nico.schottelius.org//docs/sut/2016-02-25T13:34:24Z2015-02-03T14:47:26Z
<h2>Introduction</h2>
<p>This article describes a simple solution to the
problem of having to care about time zones,
clock adjusting due to summer and winter time
changes. It also addresses the problematic to
of non-metric conversion when used with other
units.</p>
<p><strong>Simple Universal Time (SUT)</strong><br />
is suited for instant implementation and does
not interfer with any current time system.</p>
<h2>Motivation</h2>
<p>The life of individuals becomes more and more
global:</p>
<ul>
<li>Communication takes place covering several time zones</li>
<li>Travelling accross multiple time zones has become normal</li>
</ul>
<p>Due to this change, people are more and more confronted to
think about the time in different time zones.</p>
<p>To place a call, you have to find out</p>
<ul>
<li>in which time zone the target person is</li>
<li>how much offset to UTC this particular time zone has</li>
<li>remember the delta from my time zone to UTC</li>
<li>create the delta from both time zones</li>
<li>find a good time for a call</li>
</ul>
<p>This is quite cumbersome and wastes a lot of energy
world wide, every day.</p>
<p>Furthermore, changes from summer time to winter time zone
make this process even harder: If you remember the offset
for a particular location, the time zone may have changed
due to summer time changes...</p>
<p>There is another problem with the current time scheme:
that is being non-metric. Having scientific
calculations with all metric units is usually broken up
due to the non-metric behaviour of time. This is simply
unecessary and can be easily fixed as the following
proposal will show.</p>
<h2>Proposal</h2>
<p>To simplify this time disaster, the following two changes
are proposed for change:</p>
<pre><code>* Convert the time of day to a metric system
* Drop all time zones and only use SUT
</code></pre>
<h3>Conversion to metric</h3>
<p>For a simple start, assume there is no time definition and
that we can start from scratch. Assume:</p>
<ul>
<li>A day has 10 hours</li>
<li>An hour has 100 minutes</li>
<li>A minutes has 100 seconds</li>
</ul>
<p>This would create a day that has
<strong>10 * 100 * 100 = 100000</strong> seconds.</p>
<p>The old scheme used to have 24 hours, 60 minutes per hour
and 60 seconds per minute, which resulted in
<strong>24 * 60 * 60 = 86400</strong> seconds.</p>
<p>Let us prefix the new definition with the word
<strong>simple</strong> to be able to distinguish between the two schemes and
let us convert them into another:</p>
<pre><code>100000 simple seconds = 86400 seconds # divide by 100000
1 simple second = 0.864 seconds
</code></pre>
<p>Or the other way around:</p>
<pre><code>86400 seconds = 100000 simple seconds # divide by 86400
1 second = 1.157407 (periodical, rounded)
</code></pre>
<p>So having the seconds calculated, we can also compare the
minutes and hours:</p>
<pre><code>1 simple minute = 100 simple seconds => 86.4 seconds = 1 minute 26.4 seconds
1 simple hour = 10000 simple seconds => 8640 seconds = 144 minutes = 2h 24 minutes
</code></pre>
<p>And the other way round:</p>
<pre><code>1 minute = 60 seconds => 69.4 simple seconds (not one simple minute!)
1 hour = 3600 seconds => 4166.67 simple seconds = 41.6667 simple minutes = 0.4167 simple hours
</code></pre>
<h3>Drop all time zones</h3>
<p>To be able to have one global time that everybody can use
without the need of calculations, there won't be any time
zones defined for use with <strong>SUT</strong>. Instead, SUT is based
on UTC.</p>
<h3>Time format</h3>
<p>As SUT only includes 10 hours, you can display time of the
day using the following format:</p>
<pre><code>H:MM:SS
</code></pre>
<p>where <strong>H</strong> is in the range of <strong>0-9</strong>, <strong>MM</strong> in the range of
<strong>00-99</strong> and <strong>SS</strong> in the range of <strong>00-99</strong>.</p>
<h2>Implications for Society</h2>
<p>When changing to SUT, societies productivity will
improve pretty fast.
If a particular society wants to keep the
unclear advantage of summe time, it can even do so by using
SUT:</p>
<p>Instead of changing the time, this society can announce that
all shops open up earlier in summer and open up later in
winter time. Beware: An actual advantage of using summer time
for a society using <strong>summer time</strong> of one that doesn't
<strong>has not been proven</strong>.</p>
<h2>Using SUT</h2>
<p>You can start right away to use SUT in your daily work.</p>
<p><a href="https://github.com/skmp">Stefanos Kornilios Mitsis Poiitidis</a>
created a javascript implementation of SUT, so you
can easily see the current time.
It is hosted at
<a href="http://telmich.github.io/sut">http://telmich.github.io/sut</a></p>
<h2>Future and Related Work</h2>
<p>Parts of the SUT proposal are also covered by the
<a href="http://en.wikipedia.org/wiki/Decimal_time">Decimal Time</a>,
which has been used in France around 1792.</p>
<p>As societies are adopting more and supporting utilities
will be created. You are advised to open source them
and add them to the <a href="https://github.com/telmich/sut">sut git repository</a>.</p>
<p>SUT is <a href="http://xkcd.com/927/">the new standard</a> to replace
timezones, summer time changes and the 24 hour day.</p>
System specificationshttps://www.nico.schottelius.org//docs/sys-specs/2016-02-25T13:34:24Z2015-02-03T14:47:26Z
<p>Tech specs of systems I had in my hands.</p>
<div class="feedlink">
<a class="feedbutton" type="application/rss+xml" rel="alternate" title="Nico Schottelius (RSS feed)" href="https://www.nico.schottelius.org//docs/sys-specs/index.rss">RSS</a>
<a class="feedbutton" type="application/atom+xml" rel="alternate" title="Nico Schottelius (Atom feed)" href="https://www.nico.schottelius.org//docs/sys-specs/index.atom">Atom</a>
</div>
<div class="archivepage">
<a href="https://www.nico.schottelius.org//docs/sys-specs/get-sysinfo.sh.dell-r815.log">get-sysinfo.sh.dell-r815.log</a><br />
<span class="archivepagedate">
Posted <span class="date">Tue Feb 3 15:47:26 2015</span>
</span>
</div>
<div class="archivepage">
<a href="https://www.nico.schottelius.org//docs/sys-specs/get-sysinfo.sh.supermicro-X8DTT-H.log">get-sysinfo.sh.supermicro-X8DTT-H.log</a><br />
<span class="archivepagedate">
Posted <span class="date">Tue Feb 3 15:47:26 2015</span>
</span>
</div>
The terms FOSS and the relation to FS, OSS and FLOSShttps://www.nico.schottelius.org//docs/the-term-foss/2016-02-25T13:34:24Z2015-02-03T14:47:26Z
<h2>Introduction</h2>
<p>Today, there are different terms in use to describe <strong><em>free</em></strong> and
<strong><em>open source software</em></strong>. This article gives you a short overview
about those terms and a short reason why I prefer to use <strong><em>FOSS</em></strong>.</p>
<h3>Free software</h3>
<p><a href="http://www.gnu.org">GNU</a> prefers to use the term
"<a href="http://www.gnu.org/philosophy/free-sw.html">Free software</a>".
The reason for me not to use this term are:<br /></p>
<ul><li>The abreviation is "FS", which is ambiguous. "FS" is often used as the abreviation for "filesystem".</li><li>The term does not tell you directly, that you also have access to the source (main reason one).</li><li>I think people can easily think free software is just free as in "nothing to pay for it" (main reason two).<br /></li><li>I do not like to pronounce it. Think about "I've like effess." Nothing my tongue likes.<br /></li></ul>
<h3>Open source software</h3>
<p><br />I liked to use the term "<a href="http://www.opensource.org/docs/definition.php">Open source software</a>"
some time. Perhaps because it was used often to talk about what I
associate with GPL'ed or BSD-licensed software. But then, one day, I
found out about the above mentioned GNU free software definition and I
began to think about both terms. In contrast to free software, open
source software (OSS) is much more known, but my reasons not to use it
are:<br /></p>
<ul><li>It lacks the "free as in copy it as you like" definition (main reason).</li><li>I think about the "<a href="http://www.opensound.com/">Open sound system</a>", if I read "OSS", which is not what I want to talk about.</li></ul>
<h2>Free and open source software (FOSS)</h2>
<p>The simplest solution is to combine both terms and finish all problems.
So using FOSS, I get the following advantages and disadvantages:<br /></p>
<ul><li>It is neither an abreviation for "filesystem" nor "open sound system".</li><li>I can pronounce it: "foss."</li><li>It is short and simple and contains everything I love about FOSS.</li><li>Other people may not like it, because I introduce yet another acronym.</li><li>It combines the two terms of both "worlds", so everyone can be happy.<br /></li></ul>
Xorg terminal emulator font listhttps://www.nico.schottelius.org//docs/xorg-terminal-emulator-fonts/2016-02-25T13:34:24Z2015-02-03T14:47:26Z
<h2>Introduction</h2>
<p>This page describes fonts I tested for usability in
a terminal emulator. The ratings may be highly subjective
and describe my way to find good fonts.
This site is inspired by the
<a href="http://adamspiers.org/computing/zsh/files/prompts/X_fonts.README">Nice fonts for X terminals</a>
site. It does not try to make things better, just again
to find my personal preferences.</p>
<h2>How I tested</h2>
<p>I'm using a small script named <strong>urxvt-font-change</strong>,
which is part of the nsbin git repository. This script
allows me to dynamically change the font in the running
terminal. Besides searching around the net for font names,
I've used two local sources:</p>
<ul>
<li>xlsfonts (core X font subsystem)</li>
<li>fc-list (xft)</li>
</ul>
<p>So I load a new font, issue an <strong>ls</strong> in my home directory
(which is pretty much mixed up) and decide whether I can
read the content easily or not and whether it made
some kind of special impression.</p>
<p>Reloading or adding core fonts can be via</p>
<pre><code>xset fp+ /usr/share/fonts/local/
xset fp rehash
</code></pre>
<h2>Objectives</h2>
<p>There are a lot of different objectives for choosing
a font that suits you. For me, the following objectives
are interesting: Is the font usable for ...</p>
<ul>
<li>small screens</li>
<li>presentations</li>
<li>my eyes</li>
</ul>
<p>The last point is probably mostly subjective, a font
must "look good" to me.</p>
<h2>Font list</h2>
<p>And here's the actual font table:</p>
<table>
<thead>
<tr>
<th>Font name</th>
<th> Size</th>
<th> Recommended</th>
<th> Remarks</th>
</tr>
</thead>
<tbody>
<tr>
<td>5x7</td>
<td> tiny</td>
<td> no</td>
<td> Unreadable</td>
</tr>
<tr>
<td>nexus</td>
<td> tiny</td>
<td> no</td>
<td> Digiclock style font, but hard to read</td>
</tr>
<tr>
<td>shine</td>
<td> tiny</td>
<td> no</td>
<td> Similar to nexus, bit better</td>
</tr>
<tr>
<td>outcast</td>
<td> tiny</td>
<td> no</td>
<td> Similar to shine, bit better</td>
</tr>
<tr>
<td>edges</td>
<td> tiny</td>
<td> no</td>
<td> Similar to nexus, more edges</td>
</tr>
<tr>
<td>suxus</td>
<td> tiny</td>
<td> no</td>
<td> Unreadable</td>
</tr>
<tr>
<td>tixus</td>
<td> tiny</td>
<td> yes</td>
<td> Very well readable for such a small font</td>
</tr>
<tr>
<td>smallcaps</td>
<td> small</td>
<td> no</td>
<td> filenames as caps on unix?</td>
</tr>
<tr>
<td>smooth</td>
<td> small</td>
<td> undecided</td>
<td> Good overall, but "M" looks weired and font feels stretched</td>
</tr>
<tr>
<td>artsie</td>
<td> small</td>
<td> yes</td>
<td> Well readable</td>
</tr>
<tr>
<td>fixed</td>
<td> small</td>
<td> yes</td>
<td> Well readable</td>
</tr>
<tr>
<td>-<em>-terminus-</em>-<em>-</em>-<em>-12-</em>-<em>-</em>-<em>-</em>-<em>-</em></td>
<td> tiny-small</td>
<td> yes</td>
<td> Well readable</td>
</tr>
<tr>
<td>smoothansi</td>
<td> small</td>
<td> undecided</td>
<td> Good overall, but "M" looks weired and font feels stretched</td>
</tr>
<tr>
<td>xft:DejaVu Sans Mono:pixelsize=10</td>
<td> small</td>
<td> yes</td>
<td> Well readable</td>
</tr>
<tr>
<td>kates</td>
<td> small-medium</td>
<td> no</td>
<td> Very fancy (impressive?), but partly hard to read</td>
</tr>
<tr>
<td>bigcaps</td>
<td> small-medium</td>
<td> no</td>
<td> Hurts my eyes</td>
</tr>
<tr>
<td>xft:Liberation Mono:style=Regular</td>
<td> small-medium</td>
<td> yes</td>
<td> Well readable</td>
</tr>
<tr>
<td>xft:Source Code Pro</td>
<td> small-medium</td>
<td> yes</td>
<td> Well readable, i,l,1 well distinguishable</td>
</tr>
<tr>
<td>a14</td>
<td> medium</td>
<td> yes</td>
<td> Well readable</td>
</tr>
<tr>
<td>xft:Inconsolata:style=Medium</td>
<td> medium</td>
<td> yes</td>
<td> Well readable</td>
</tr>
<tr>
<td>-<em>-terminus-</em>-<em>-</em>-<em>-14-</em>-<em>-</em>-<em>-</em>-<em>-</em></td>
<td> medium</td>
<td> yes</td>
<td> Well readable</td>
</tr>
<tr>
<td>lucidasans-10</td>
<td> medium</td>
<td> no</td>
<td> Way too much whitespace</td>
</tr>
<tr>
<td>xft:Droid Sans:style=Regular</td>
<td> medium</td>
<td> no</td>
<td> Too much whitespace, not instantly good readable</td>
</tr>
<tr>
<td>MonteCarlo:style=Sans Bold</td>
<td> medium</td>
<td> no</td>
<td> Not Bold, nor incredible easy to read</td>
</tr>
<tr>
<td>lucidasanstypewriter-10</td>
<td> medium</td>
<td> yes</td>
<td> Very well readable</td>
</tr>
<tr>
<td>10x20</td>
<td> medium</td>
<td> no</td>
<td> Mostly good readable, looks a bit disarranged</td>
</tr>
<tr>
<td>xft:Bitstream Vera Sans Mono:style=Bold</td>
<td> medium</td>
<td> yes</td>
<td> Very well readable</td>
</tr>
<tr>
<td>xft:Bitstream Vera Sans Mono:style=Roman</td>
<td> medium</td>
<td> yes</td>
<td> Very well readable</td>
</tr>
<tr>
<td>variable</td>
<td> medium-large</td>
<td> no</td>
<td> Unreadable</td>
</tr>
<tr>
<td>12x24</td>
<td> large</td>
<td> undecided</td>
<td> Well readable, strange style, good size</td>
</tr>
<tr>
<td>xft:Bitstream Vera Serif:style=Roman</td>
<td> large</td>
<td></td>
<td> Too much whitespace</td>
</tr>
<tr>
<td>xft:DejaVu Sans,DejaVu Sans Condensed:style=Condensed Bold,Bold</td>
<td> large</td>
<td></td>
<td> Too much whitespace</td>
</tr>
<tr>
<td>-<em>-terminus-</em>-<em>-</em>-<em>-32-</em>-<em>-</em>-<em>-</em>-<em>-</em></td>
<td> large</td>
<td colspan="2"> yes</td>
</tr>
<tr>
<td>lucidasanstypewriter-24</td>
<td> extra large</td>
<td> yes</td>
<td> Even blind can read it</td>
</tr>
</tbody>
</table>
<h2>See also</h2>
<ul>
<li><a href="http://avi.alkalay.net/linux/docs/font-howto/Font.html">Optimal Use of Fonts on Linux</a></li>
<li><a href="http://adamspiers.org/computing/zsh/files/prompts/X_fonts.README">Nice fonts for X terminals</a></li>
<li><a href="http://fractal.csie.org/~eric/wiki/Terminus_font">Terminus font</a></li>
<li><a href="http://vico.kleinplanet.de/fonts.html">Vico's little Linux site/fonts</a></li>
<li><a href="http://oldhome.schmorp.de/marc/suxus.html">suxus font</a></li>
<li><a href="https://bbs.archlinux.org/viewtopic.php?pid=283004">Archlinux Terminal Emulator font discussion</a></li>
<li><a href="http://www.bok.net/MonteCarlo/">MonteCarlo</a></li>
</ul>
Orkut - dangerous Big Brother database or fun place?https://www.nico.schottelius.org//docs/orkut-diary/2016-02-25T13:34:24Z2004-08-24T22:00:00Z
<p>This is my personal diary about using Orkut (www.orkut.com).</p>
<h2>27-Feb-2004</h2>
<p> I got invited to orkut.</p>
<h2>29-Feb-2004</h2>
<p> Getting first impressions. What is this "orkut"?
Looks like a secure thing: Only people who are invited may
join. So you most likely know that those are really the people
you know and not fake ones.</p>
<p> Well, you can even trust the communication, as 'dangerous people'
keep outside, can't you?</p>
<p> But why are they using HTTP and not HTTPS? Just keep that in mind..</p>
<p> Ok, lets register. What's that? In affilation with google?
Does that mean one can google through orkut?
Or does that mean google will sell their database to others?</p>
<p> Wow what the hell do they want to know? And why should it be senseful
to tell them all of my mail adresses? Don't I remember getting
spam on all adresses I use on the web? Let's create a Pseudo
Email, only used for Orkut, so we can track back the spam.</p>
<p> After only telling the needed information I see that the one who invited
me is my friend. And that he's got other friends. And they have
friends again. Wow. What a fucking big network.</p>
<p> Let's go to bed, continue tomorrow.</p>
<h2>01-Mar-2004</h2>
<p> Currently I am browsing through the friends network. Seeing
what information I get, so I can conclude on what I will present
to others, when participating in orkut.</p>
<p> There is the nice thing "communities", so I can see what the
persons interests are. Currently orkut looks like a big database of
many friends linked together. Perhaps I can profit from it?</p>
<p> Wow, there are many interesting communities. Everything I like is around me.
Logical, as my friends like same things I do.</p>
<p> Wait..as I am always logged in while viewing, they'll have a full
view for what is interesting for me.</p>
<p> They (=the ones who brougth up orkut) know who invited me. They know
his/her interests. Think about this in a chain.</p>
<p> So they can see who (with what attributes) is interested in which
communities and what you do.</p>
<p> Do you surf on in the "Bi & Lesbian"-section or are you enjoying
the "Internet" community?</p>
<p> Every klick is one point more for data collection. Every move
you make is recorded.</p>
<p> That sounds for me like "1984". What a horrible vision (or reality?).</p>
<p> Oh, let's have a look at whois, who owns orkut:</p>
<pre><code>Domain Name: ORKUT.COM
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS11.WORLDNIC.COM
Name Server: NS12.WORLDNIC.COM
Status: ACTIVE
Updated Date: 11-nov-2003
Creation Date: 08-dec-2002
Expiration Date: 08-dec-2006
BUYUKKOKTEN, ORKUT (UHGFNCTSOD)
2400 W El Camino Real, Apt 419
MOUNTAIN VIEW, CA 94040-1680
US
Domain Name: ORKUT.COM
Administrative Contact:
BUYUKKOKTEN, ORKUT (OBD36) orkut@cs.stanford.edu
2400 W El Camino Real, Apt 419
MOUNTAIN VIEW, CA 94040-1680
US
650 888 5822 fax: 123 123 1234
Technical Contact:
Network Solutions, Inc. (HOST-ORG) customerservice@networksolutions.
13200 Woodland Park Drive
Herndon, VA 20171-3025
US
1-888-642-9675 fax: 571-434-4620
Record expires on 08-Dec-2006.
Record created on 08-Dec-2002.
Database last updated on 1-Mar-2004 10:57:20 EST.
Domain servers in listed order:
NS11.WORLDNIC.COM 216.168.225.141
NS12.WORLDNIC.COM 216.168.225.142
</code></pre>
<p> Well, this company does not tell me anything at all...
If you know something about them, please tell me.</p>
<h2>02-Mar-2004</h2>
<p> After some researching I know that Orkut is being developed by someone
working at Google, BUYUKKOKTEN, ORKUT. (As seen in the whois,
but before I didn't know whether this is a person or a company.</p>
<p> While phoning with some people yesterday I developed some questions and structures:</p>
<pre><code> - orkut know who invited which persons
- they know which communities somebody is interested in
- they see in whom or what you are interested, because
every visit is tracked with a username.
- if you enter wrong data (e.g. wrong surname) people will/may check
the "Bogus"-Button to tell that you are faking somebody
- the information provided in orkut are
</code></pre>
<h2>22-Mar-2004</h2>
<p> I didn't use my orkut account since 02-Mar-2004 and will now write an
email to 'them', requesting to delete my account.</p>
<p> Some people argument "But my data can also be found through google, why
should I not tell them Orkut?"</p>
<p> My answer: With google you cannot track what people do, what they like
and this together with country information, your hobbies, etc.</p>
<p> In my opinion Orkut is a BigBrother version in the web and I don't like
to participate and show 'them' every step I make.</p>
<h2>24-Mar-2004</h2>
<p> Just got again the statement</p>
<pre><code> "You should stop using IRC, delete all your mail accounts and stop surfing.",
</code></pre>
<p> after I said</p>
<pre><code> "I wrote a message to orkut, that I would like to have them remove my account.
Look at http://nico.schotteli.us/papers/net/orkut-diary, why.".
</code></pre>
<p> I'll try to explain the difference for you:</p>
<pre><code> IRC:
- it's easy to track "my" behaviour in IRC
- you cannot verify the identity of me very good
- when trying to track you, 'they' must normally join every channel
you are in (*see mark:1*)
- Queries cannot get tracked (*see mark:1*)
Mail:
- mails are sent to different people on different hosts
- to read all my incoming mail, you got to have access to the mail
server hosting my email
- to read my outgoing mail, you need
a) to be my ISP and get all data while sending out (*see mark:1*)
b) to control _all_ mail servers of people I write to
- mails can easily be encrypted with PGP/GPG (http://www.gnupg.org)
WWW:
- normally if you visit two different websites
(e.g. www.google.com and www.astalavista.com), they don't know
from each other
- if you visit one website _from_ another site, the second one
knows where you come from (if not explicit disabled in your browser)
E.g.:
http://linux.schottelius.org/gpm/ links to
http://lists.linux.it/pipermail/gpm/.
When you click on the link at http://linux.schottelius.org/gpm/,
the host lists.linux.it registers that you come from
http://linux.schottelius.org/gpm/.
As said above, this can easily disabled in (good) browsers.
- if you visit many links within one page
(e.g. looking at http://www.userfriendly.org cartoon archive),
it may be possible to track you, while you are keeping the same ip
- if sites set and read cookies, they may assign you a unique id.
E.g.:
You visit www.microsoft.com. This sites sets the cookie
"customer_nr=3434oeuntoheu45ouonethaonehp".
After that you visit www.sco.com (not from a link from microsoft).
Your browser allows www.sco.com to readout the cookie
"customer_nr" and can exchange access logs with Microsoft
(this should generally not be possible todo cross-site-reading,
but can easily be done with a 'middle'-host like an adserver).
Most browser allow disabling cookies or at least to show a popup
box, asking you whether to use it or not.
mark 1:
Actually IRC, SMTP or HTTP are plain text protocols.
Every person sitting at a router at your ISP can see what you are
doing and the contents of every package you send and recieve.
You should consider use SILC, TLS/SMTP, HTTPS or PGP encrypted mails
instead for better security.
Orkut:
- you have to login before you can visit anything
- every click (changing profile, reading other profiles, joining and
leaving communities, ..., just everything) is logged
- everything you do can easily added to statistics
- 'they' can do track user behaviours, user paths
An example of path-tracking:
1. I (person_b) get invited by person_a
2. person_a is in community_a und community_b
3. I join community_a, too.
--> Now 'they' may know from which scene/interest area we come.
4. I click through the friends path of person_a and see that
there are some friends I know, too.
5. I click on a friend of person_a, whose name is person_h and
ask him to be 'my friend'.
6. There can be some reasons why I want to be his friend, the
most obvious one is because I know person_a and person_h.
7. Now 'they' about some relationship...
This information could be selled or transfered to the FBI for
instance...
</code></pre>
<h2>30-Mar-2004</h2>
<p> Today I recieved information about what companies pay for filtered
user information, it's between $1 per address upto $10 per (snail-mail-)address.</p>
<h2>08-Apr-2004</h2>
<p> Just want to re-read their terms of Service. (http://www.orkut.com/terms.html)
Here are some interesting parts:</p>
<p> 'We also reserve the right to modify these Terms of Service from time to time without notice.'</p>
<pre><code>--> nice, I don't hear or see anything, but will agree and use new
Terms of Service.
</code></pre>
<p> 'In addition, you must provide true, accurate and complete registration information to be an orkut.com member ("Member").'</p>
<p> --> complete..very nice..if I would really complete fill out the form, they
would know everything about me.</p>
<p> 'Other examples of illegal or unauthorized uses include, but are not limited to:'</p>
<p> ...'using any robot, spider, site search/retrieval application, or other device to retrieve or index any portion or the orkut.com service;'</p>
<p> --> well, 'they' may do it, we not...</p>
<p> 'By submitting, posting or displaying any Materials on or through the orkut.com service, you automatically grant to us a worldwide, non-exclusive, sublicenseable, transferable, royalty-free, perpetual, irrevocable right to copy, distribute, create derivative works of, publicly perform and display such Materials. '</p>
<p> Sure, there are more, these are just examples.
There are more intersting things in 'http://www.orkut.com/privacy.html'.</p>
<p> Looks like this story will end soon...</p>
<h2>17-May-2004</h2>
<p> Looks like I got to reinvest time in my "Orkut-Diary".
It seems people sometimes don't see how they are confronted
with Orkut, although they are NOT part of it.</p>
<p> Did you ever think about what happened if you recieve an invitation
message? No?</p>
<p> Well, someone (perhaps a "friend") of you thought it would be nice to invite
you to Orkut. He/She entered your
- First name
- Last name
- your Email
- and the level of which he/she knows you
(haven't met, acquaintance, friend, good friend, best friend)</p>
<p> Perhaps you decline the invitation Email, but what happens with this
data is unknown to you, to her/him. Perhaps the data will get sold
to other companies, perhaps Google uses it for their internal
statistics, perhaps they won't even have a look at them..
We don't know.</p>
Cryptoloop - why they are only partial securehttps://www.nico.schottelius.org//docs/cryptoloop-partial-security/2016-02-25T13:34:24Z2004-03-26T23:00:00Z
<h2>Introduction</h2>
<h3>What is a cryptoloop?</h3>
<p>It's a method to encrypt data written to a storage device:</p>
<pre><code> _________________________
| applications like vim |
-------------------------
^
| i/o with files
|
v
_______________________
| filesystem like xfs |
-----------------------
^
| i/o with blocks
|
v
_____________
| cryptoloop | en/decrypts data
-------------
^
|
|
v
________________
| block device | writes physically
----------------
</code></pre>
<h3>What is it used for?</h3>
<p>It's used to achieve higher security. For instance, if you lose your laptop or
it gets stolen, nobody will be able to read your (sensitive) data.</p>
<h3>Some buzzwords...</h3>
<p>You may want to know what cryptoloop uses, how it works. I don't really want
to explain that here, but I'll give you some buzzwords you can lookup:</p>
<ul>
<li> Linux Kernel v2.6</li>
<li> Cryptographic API</li>
<li> Blowfish,AES,MD5,SHA384 and SHA512, ...</li>
</ul>
<h2>Conditions and use-cases</h2>
<p>I'll now show you in which situations you can/may use cryptoloop.</p>
<h3>regular file</h3>
<p>Howto do it:</p>
<p>Create a regular file:</p>
<p> scice% dd if=/dev/urandom of=testcrypt bs=1024 count=1024
1024+0 records in
1024+0 records out
1048576 bytes transferred in 0.059929 seconds (17496971 bytes/sec)</p>
<p>Setup the loop device and enter the password used for encryption:</p>
<p> scice# /sbin/losetup -e blowfish /dev/loop/1 testcrypt
Password:</p>
<p>And now access the loop like a standard block device:</p>
<p> scice# mkfs.xfs /dev/loop/1
meta-data=/dev/loop/1 isize=256 agcount=1, agsize=4096 blks
= sectsz=512
data = bsize=4096 blocks=4096, imaxpct=25
= sunit=0 swidth=0 blks, unwritten=1
naming =version 2 bsize=4096
log =internal log bsize=4096 blocks=1200, version=1
= sectsz=512 sunit=0 blks
realtime =none extsz=65536 blocks=0, rtextents=0</p>
<p>Look at the cryptoloop:</p>
<p> scice# file -s /dev/loop/1
/dev/loop/1: SGI XFS filesystem data (blksz 4096, inosz 256, v2 dirs)</p>
<p>And look at the file:</p>
<p> scice# file testcrypt
testcrypt: data</p>
<p>Remove the cryptoloop:</p>
<p> scice# losetup -d /dev/loop/1</p>
<p>When you mount your encrypted file, you need to specify the password:</p>
<p> scice# mount testcrypt /mnt/ -o loop,encryption=blowfish
Password:</p>
<p>So far, so good. You can have as many encrypted loops as loopback devices you
have (normally 8).</p>
<p>Benefits:
- you can hide your encrypted data within your home
(attention: security by obscurity!)
- you can create many encrypted files</p>
<p>Disadvantages:
- indirect access
- slower than partitions / raw devices</p>
<h3>optional partition</h3>
<p>Having filesystems on files is ugly, as you enforce indirection
(application->filesystem->cryptoloop->file->filesystem->blockdevice instead of
application->filesystem->cryptoloop->blockdevice).</p>
<p>If you don't have much data which is seldom accessed, you may use
an unused partition for that case. Simply replace testcrypt from above
with the appropriate partition.</p>
<p>Benefits:
- if you don't name the partition in /etc/fstab, perhaps nobody will
ever guess you have an encrypted data partition
(attention: security by obscurity!)
- faster than regular files</p>
<p>Disadvantages:
- not very comfortable, as you cannot just type 'mount /mnt/data'
- you need to pay attention that you <em>only</em> write to /mnt/data and
don't have a prior version on an unencrypted medium, as it is
generally possible to restore 'deleted' files</p>
<h3>home partition</h3>
<p>You may want to generally keep all data on your home directories encrypted.
Use this entry in fstab to achieve it:</p>
<p>/dev/discs/disc0/part4 /home xfs loop,encryption=blowfish 0 0</p>
<p>Benefits:
- faster than regular files
- very comfortable
- transparent to your users</p>
<p>Disadvantages:
- your data is secured, but do you really know that 'vi' is still
vi and not a program calling <code>cp</code> and then vi?</p>
<h3>root partition</h3>
<p>If you want to encrypt your root (/) partition, you need to pay attention!</p>
<p>To understand why, I give you a small explanation about how booting works:</p>
<pre><code>___________________
| hardware checks | like BIOS on x86
-------------------
^
|
v
___________________
| bootloader | like grub,lilo,milo
-------------------
^
|
v
___________________
| kernel | Linux hopefully
-------------------
^
|
v
___________________
| (sysV) init | or cinit, minit or runit,
------------------- which all are loaded from the root filesystem
</code></pre>
<p>First of all, the bootloader needs to be readable (== unencrypted) for the
basic i/o system.
This is normally no problem, as the bootloader is found in the MBR of
a harddisk (at least partially, enough to start).</p>
<p>Then the bootloader needs to find its data/configuration files and after
that it needs to find the kernel.</p>
<p>Normally this is achieved by using an unencrypted /boot partition, which
contains the other bootloader parts and the kernel.</p>
<p>When the kernel finished initalizing, it needs to find (a variant of) init.
Well, it cannot find init, because init is encrypted. To be able to
read the root (and init), we'll need a ramdisk containing losetup, which reads
a password and creates a loop device.</p>
<p>Ramdisks are checked before the kernel tries to load init, so this works
pretty good.</p>
<p>You can then check from your now decrypted root, that /boot didn't change
(with md5sum or tripwire for example). If it changed you can stop booting.</p>
<p>Benefits:
- most parts of the system are encrypted</p>
<p>Disadvantages:
- needs a ramdisk
- need to pay attention, when you make changes to /boot (when updating
the kernel for instance)</p>
<h3>whole system + unencrypted external device</h3>
<p>You could put the /boot partition on a USB Stick, a r/o CDROM.</p>
<p>Benefits:
- you have no unencrypted data on your computer</p>
<p>Disadvantages:
- you always need to pay attention to carry the external medium with you
- same as above</p>
<h2>Problems / insecurity</h2>
<h3>partial encryption</h3>
<p>Well, you always have some unencrypted data. Especially the bootloader,
your kernel and your ramdisk cannot be encrypted (correct me when I'm wrong).</p>
<h3>fake system</h3>
<p>If somebody gets access to your system, he may replace your unencrypted data
and place his faked versions. I've name faked version with a 'F' prefix.</p>
<h3>attack possibilities</h3>
<h4>points</h4>
<p>I'll assume the attacker cannot decrypt our cryptoloop data. So he has
to attack</p>
<ul>
<li> the bootloader</li>
<li> the kernel</li>
<li> the ramdisk</li>
</ul>
<h4>replacements</h4>
<p>First he could try to replace the bootloader. The Fbootloader
could possibly load a Fkernel which has a modified cryptoloop module.</p>
<p>Secondly he could try just to replace the kernel with Fkernel, again
having modified the cryptoloop module.</p>
<p>At last he could replace the contents of the ramdisk. This Framdisk
could contain a modified losetup.</p>
<h4>sniff and copy</h4>
<p>Let's assume the attacker modified the bootloader and the kernel.
You enter the password and the kernel boots up your standard init.
Your checksum checking program (like md5sum, see above) detects that
the kernel is modified.</p>
<p>If you've got luck the kernel module didn't configure your
network opened a connection to the net. If it did, you password is
gone and you'll need to recreate your cryptoloop
(this is not really difficult: losetup the raw device again, with the new
password. dd if=/dev/oldloop of=/dev/newloop).</p>
<p>Assume the attacker replaced your ramdisk, too.
Now the attacker modified LOSETUP! Doesn't really matter you think?
Well, let's see:</p>
<p>You enter the password for your root partition. Flosetup doesn't exit
normally, instead it mounts your root and replaces your system libs and unmounts
the root after that. Your checksum program loads the Flib and the md5sum
function returns always the same value. Your check-script then assumes
that the ramdisk, the kernel and the bootloader are unmodified and starts
the system.
As the libs are modified, the connect() call could try to connect to
a password collecting host and to the one specified.</p>
<p>Flosetup could even have modified <em>anything</em>. This includes your check-script,
/etc/shadow, /sbin/init and so on.</p>
<p>You cannot trust the integrity of your system anymore.</p>
<h4>change encrypted checksums</h4>
<p>Oh, and it would be much easier just to replace the cached checksums on the
encrypted root.</p>
<h2>Solutions</h2>
<h3>Secure unencrypted data</h3>
<p>A way to have secure cryptoloops is to do what's described in 2.5.
You must keep your unencrypted data secure. This means that you got
to wear at <em>always</em>.</p>
<h3>Get a real system [tm]</h3>
<p>The other choice would be to have a 'trusted' system, which is able to
read encrypted MBRs/bootloader.</p>
<p>On x86 you could possibly replace your BIOS with a Linux kernel,
which is able to boot from cryptoloop, in the ROM,</p>
<p>This does <em>not</em> mean you should use <a href="https://en.wikipedia.org/wiki/Trusted_Computing_Platform_Alliance">TCPA</a>! With TCPA you give
away the right to modify your computer to companies like Intel.</p>
<h2>Summary</h2>
<p>You have a protection against someone reading your data, as long as
your laptop/computer is 'trusted'. This means, whenever someone is
able to modify the unencrypted part(s), your cryptoloop data could be
modified.</p>
ttp - tiny transfer protocolhttps://www.nico.schottelius.org//docs/ttp/2016-02-25T13:34:24Z2003-10-13T05:42:23Z
<pre><code>ttp is a small and fast protocol.
it is used within environments where people forget the 'h' before the url,
like chats, mails, etc.
it doesn't transfer any data.
it doesn't have any overhead.
it doesn't have any sense.
it is ttp.
</code></pre>
<h2>Submission to the Journal of Universal Rejection (JofUR)</h2>
<p>ttp was submitted to <a href="http://www.universalrejection.org/">JofUR</a>
and rejected on 2011-03-04.</p>
<h2>Irssi transformation plugin</h2>
<p>Ville Likitalo hosts a
<a href="http://koti.kapsi.fi/~liki/irssi/ttp.pl">ttp irssi plugin</a>
that hypertransforms ttp and ttps (not described here) to
http and https.</p>