Tue, 20 Dec 2005

Hot Chip

Running a 5-micrometer-technology chip at an 8-MHZ clock rate caused it to dissipate a great deal of power - nearly 1.5 watts C64
[] permanent link

Tue, 13 Dec 2005

apt-get security updates

# apt-get -o Dir::Etc::SourceList=/etc/apt/security_updates.list -o Dir::State::Lists=/var/lib/xxxxxxx/lists/ update
[/Tips] permanent link

Wed, 02 Nov 2005

http://johnbokma.com/mexit/2005/10/26/vmware-player-windows-xp.html

http://johnbokma.com/mexit/2005/10/26/vmware-player-windows-xp.html
[/Tips] permanent link

Sat, 10 Sep 2005

LZMA compression, 

time bzip2 -dc /tmp/ecos.tar.bz2 | ../lzma -x -b64 -s25 > ecos.tar.lzma

real    23m31.643s
user    19m17.570s
sys     0m18.510s

eyck@dev:/tmp/lzma-0.04/tst$ du -sh *
22M     ecos.tar.lzma
52K     lzma-0.04.tar.bz2
64K     lzma-0.04.tar.gz
52K     lzma-0.04.tar.lzma
eyck@dev:/tmp/lzma-0.04/tst$ du -sh /tmp/ecos.tar.bz2
35M     /tmp/ecos.tar.bz2
seems interesting, should be able to beat rzip on smaller files.
[/Projects] permanent link

Sat, 06 Aug 2005

WAR - What A Rack

WAR (What A Rack!) - Rack management/accounting interface.
[/Projects] permanent link

Sun, 05 Jun 2005

A love song for bobby long/Grayson Capps

***ing(?) Alabama and the coloni-al end,
hot day old orange juice, some vodka on a night stand,
there's chevy nova, with a seat burned out at the back,
from wind-blown cigarette (which just stumped in in the wind?)
Bobby Long was like Zorba the Greek,
side-tracked by a scent of a woman,
(could've been an actor on a movie screen?)
stayed at alabama, (just a dream of a dream?)
he played footbal against WS-(?league), should've seen him running down the field
I grow old, I grow old, with a bottom of my trousers rolled,

it's a love song, for bobby long
it's a love song, for bobby long

he was a handsome man, he had a (cheero-chick-kit?) bone
fair hair boy, where did he go wrong,
chose a roadless travel, made all the difference,
(nice chest and critizied?) he don't make no sense
(brook n'?) called him crazy, he said bobby long was nothing but a drunk,
but all the thoughts in his head was way passed anything they (?don't funk)

it's a love song, for bobby long
it's a love song, for bobby long

but don't get me wrong, bobby long was not good,
he'd drag you down if he know he could
well he would,
drag you down,
(road I ride down will be the?) the day for me
won't come along
road I ride is gonna set me free
come take me home

he was a friend of my papa's
he used to drink and tell lies
(prays flannaby o'connel?) smoke cigarettes and (fa fa fa?)
so here I am at a colonial end
me and (?katie long) my pretty girl-friend
he charmes her with a poem, then he brakes down and cries
smile a crooked smile, with his broken chick-bone (smile/sad?)
tell about his life, now he's 63,
he looks me in the eyes, he says come and go with me
walk on water
walk on water
but you know you drown themselves (?around)
god and a devil,
god and a devil,
god and a devil (along side his mind?)

love song, for bobby long
love song, for bobby long

[/Lyrics/Love.Song.4.Bobby] permanent link

Thu, 02 Jun 2005

apt-get install module-init-tools apt-get install lvm2
[/Tips] permanent link

Tue, 24 May 2005

BSD - Bastard patcheset for Linux kernel

Tue May 24 18:08:27 CEST 2005
    bsd29b
  1. security fix - vserver barrier fixed.
Fri Jan 21 7:55:24 CET 2005

2.4.29 brakes my X (radeon), thus BSD is only at 2.4.28 with security fixes. I'm testing 2.4.29 with few lines backed out, this should work. The patch is ~10 lines long.

Fri Aug 6 12:17:08 CEST 2004 (6 Aug 2004):

  1. Stable: 18f, upgrades openwall to ow3, removes fixes for i387 (included in ow3). This is still based on 2.4.25.
  2. New stable is getting ready: 20a. Basically this is 21n with ocfs and e2compr riped out.
  3. New dev: 21n is coming..., this will come with drbd 0.7.x, which works with xfs..
(4 Jul 2004):
  1. Stable: 18e, includes fixed vserver (vs1.28) and fixed openswan (1.0.6), I'm going to update stable branch to 2.4.26 base, this means 20a release is coming soon, will be based on 21m with ext2 compression ripped off. The rest of 21m seem to be solid enough to move to dead branch.
  2. Dev: 21m, includes fixed vserver (vs1.28) and fixed openswan (1.0.6),
Two releases (7 Apr 2004):
  1. Stable: 18a,
  2. Development: 19a, start of new development tree, at the moment it contains device mapper for lvm2

    UPDATE: Development is now at 21XXX, based off of new(huh) 2.4.26, currently at revision 21k 21k.html

Links: http://www.rshk.co.uk/projects/cpucap.php
[/Projects/bsd] permanent link

Mon, 16 May 2005

Instant Mail/IM


[/Projects] permanent link

Thu, 21 Apr 2005

Perl Modules Missing From Debian

(todo list for debian-perl;)
  • Catalyst
  • Net::Lite::FTP (;)
  • Crypt::MatrixSSL
  • Maypole(see Catalyst)
  • PAR
  • Config::Scoped / Error 

time nice fakeroot dh-make-perl --build --cpan Net::Jabber::Server
time nice fakeroot dh-make-perl --build --cpan Authen::SASL
time nice fakeroot dh-make-perl --build --cpan Net::BEEP::Lite
time nice fakeroot dh-make-perl --build --cpan Net::BEEP::Lite::TLSProfile
time nice fakeroot dh-make-perl --build --cpan DBD::SQLite
time nice fakeroot dh-make-perl --build --cpan WSDL::Generator
time nice fakeroot dh-make-perl --build --cpan Class::Hook
#time nice fakeroot dh-make-perl --build --cpan Coro
time nice fakeroot dh-make-perl --build --cpan Event
time nice fakeroot dh-make-perl --build --cpan Bloom::Filter
time nice fakeroot dh-make-perl --build --cpan Net::OSCAR
time nice fakeroot dh-make-perl --build --cpan NetPacket::Ethernet
dh-make-perl --build --cpan Archive::Zip;dh-make-perl --build --cpan Module::ScanDeps;
echo dh-make-perl --build --cpan PAR::Dist
echo dh-make-perl --build --cpan PAR

dh-make-perl --build --cpan Crypt::DSA; dh-make-perl --build --cpan Cryp::RSA;dh-make-perl --build --cpan Math::Pari;dh-make-perl --build --cpan Data::Buffer
dh-make-perl --build --cpan  Net::Pcap
dh-make-perl --build --cpan  Net::PcapUtils;dh-make-perl --build --cpan  NetPacket::Ethernet;dh-make-perl --build --cpan  NetPacket::IP
time nice fakeroot dh-make-perl --build --cpan Tie::DBI
time nice fakeroot dh-make-perl --build --cpan Tie::RDBMS
dh-make-perl --build --cpan Net::Rendezvous
dh-make-perl --build --cpan NetworkInfo::Discovery::Rendezvous
dh-make-perl --build --cpan NetworkInfo::Discovery::Nmap
dh-make-perl --build --cpan  NetworkInfo::Discovery::Register
dh-make-perl --build --cpan  NetworkInfo::Discovery::Detect
dh-make-perl --build --cpan  NetworkInfo::Discovery::Sniff
dh-make-perl --build --cpan  NetworkInfo::Discovery::Traceroute
dh-make-perl --build --cpan  NetworkInfo::Discovery::Scan
dh-make-perl --build --cpan Tk::Canvas
dh-make-perl --build --cpan Socket
dh-make-perl --build --cpan Net::Traceroute
dh-make-perl --build --cpan Net::Pcap
dh-make-perl --build --cpan NetPacket::Ethernet
dh-make-perl --build --cpan NetPacket::IP
dh-make-perl --build --cpan NetPacket::TCP
dh-make-perl --build --cpan NetPacket::UDP
dh-make-perl --build --cpan NetPacket::ARP
dh-make-perl --build --cpan NetPacket::ICMP
dh-make-perl --build --cpan Graph::Reader::XML
dh-make-perl --build --cpan Net::DNS
dh-make-perl --build --cpan File::Find::Rule::MMagic
dh-make-perl --build --cpan File::Find::Rule::ImageSize

[/Perl] permanent link

Fri, 08 Apr 2005

Tauryna

'nobody knows what it does' Vita Plus sth - 0.50mg * 20 = 6.35 Gellwe 4/5g ( 400/5mg kofeina) = 2zl Freeway Energy Drink(lidl) 0.38% (30mg/100ml kofeina), = 2zl Ice Bull 1l, 100ml = (400mg tauryna, 32mg kofeina) =~ 5zl
[/Misc] permanent link

Wed, 30 Mar 2005

Crypt::MatrixSSL Matrix::SSL

apt-cache show libmatrixssl1.2
Package: libmatrixssl1.2
Priority: optional
Section: libs
Installed-Size: 96
Maintainer: Gerrit Pape 
Architecture: i386
Source: matrixssl
Version: 1.2.4-2
Depends: libc6 (>= 2.3.2.ds1-4)
Filename: pool/main/m/matrixssl/libmatrixssl1.2_1.2.4-2_i386.deb
Size: 39640
MD5sum: 13dc856bf8ab9cf889d8825ab3a120b1
Description: small SSL library optimized for embedded systems
 MatrixSSL is an embedded SSL implementation designed for small footprint
 devices and applications requiring low overhead per connection.  The
 library is less than 50K on disk with cipher suites.  It includes SSLv3
 server support, session resumption, and implementations of RSA, 3DES,
 ARC4, SHA1, and MD5.  The source is well documented and contains
 portability layers for additional operating systems, cipher suites, and
 crypto providers.
 .
 See http://www.matrixssl.org/ for more information.

[/Misc] permanent link

Thu, 17 Mar 2005

1111011310.....

#!/usr/bin/perl

use strict;

use Gtk2 -init;
use Glib qw(TRUE FALSE);

my $window = Gtk2::Window->new;
$window->signal_connect(delete_event => sub { Gtk2->main_quit; });

my $label = Gtk2::Label->new('' . time());
my $font = Gtk2::Pango::FontDescription->from_string("Sans Bold 48");
$label->modify_font($font);

Glib::Timeout->add(250, sub { $label->set_text('' . time()); TRUE; });

$window->add($label);

$window->show_all;

Gtk2->main;

[/Perl] permanent link

use DBM::Deep

  use DBM::Deep;
	my $db = new DBM::Deep "foo.db";

	$db->{key} = 'value'; # tie() style
	print $db->{key};

	$db->put('key', 'value'); # OO style
	print $db->get('key');

	# true multi-level support
	$db->{my_complex} = [
	'hello', { perl => 'rules' }, 
42, 99 ];

DESCRIPTION

A unique flat-file database module, written in pure perl. True multi-level hash/array support (unlike MLDBM, which is faked), hybrid OO / tie() interface, cross-platform FTPable files, and quite fast. Can handle millions of keys and unlimited hash levels without significant slow-down. Written from the ground-up in pure perl -- this is NOT a wrapper around a C-based DBM. Out-of-the-box compatibility with Unix, Mac OS X and Windows.


[/Perl] permanent link

Mon, 14 Mar 2005

-Mre=debug

perl -Mre=debug -e "/just|another|perl|hacker/"
[/Tips] permanent link

Tue, 08 Mar 2005

Net::Lite::FTP - tls-enabled ftp client library for perl.

NAME
       Net::Lite::FTP - Perl FTP client

SYNOPSIS
              use Net::Lite::FTP;
	      my $tlsftp=Net::Lite::FTP->new();
	      $tlsftp->open("ftp.tls.pl","21");
	      $tlsftp->user("user");
	      $tlsftp->pass("password");
	      $tlsftp->cwd("pub"); 
	      my $files=$tlsftp->nlst("*.exe");
	      foreach $f (@files) {
	      	$tlsftp->get($f); 
	      };

DESCRIPTION
	Very simple FTP client with support for TLS

See more ...




								[/Projects] permanent link

Mon, 14 Feb 2005

It's not easy being omnipotent.

Best practices for Admins/Gods:

  • Drop your privileges as soon as possible ( 
     ($>,$<)=(getpwnam('nobody'),getpwnam('nobody'));
    For Gods this means becoming human or animal. Probably.
  • Watch your input. (taint checks...)
  • Watch your output. (check if you're really writing where you think you are...)

[/Misc] permanent link

Thu, 27 Jan 2005

Comment from mmartha

Date: 09/27/2004 01:00PM PDT Comment Hi nerak99, First you add winbind in your nsswitch.conf passwd: files winbind group: files winbind hosts: files dns winbind Add your realm to kerberos in krb.conf Authenticate #kinit user@REALM Join the domain in Active directory #net ads join -S DOMAIN -U user%passwd Join the domain in NT Direcotry #net rpc join -S DOMAIN -U user%passwd In smb.conf ¨ Active Directory [global] security = ADS password encrypt = yes realm = REALM.COM idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash template home = /home/win2k/%D/%U winbind separator = + NT directory [global] security = DOMAIN idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash template home = /home/win2k/%D/%U winbind separator = + Create the home directories run smb, nmb and winbind you can probe winbind with #wbinfo -u #wbinfo -g #getent passwd #getent group To a local login you need to edit your PAM settings, depend of your system. In red hat, you need to edit the file system-auth. In SuSe, login and xdm.
[/Misc] permanent link

Thu, 13 Jan 2005

[Xen-devel] Debian Sarge Root Raid + LVM + XEN install guide (LONG)

From: "Tom Hibbert" 
Hello fellow xenophiles and happy new year!

I've documented the install procedure for a prototype server here since
I found no similar document
Anywhere on the net. It's a Sarge-based Domain0 on linux root raid from
scratch, using LVM to store
the data for the domU mail server and its mailstore. I humbly submit my
notes in the hope that they are useful to some weary traveller.

Have fun!



Debian Sarge XEN dom0 with Linux Root Raid and LVM

Hardware: P4 3.2ghz LG775
	    Asus P5GD1-VM
	    1gb DDR400 DRAM
	    2x80gb Seagate SATA disks

Reasons for using software raid (over Intel ICH raid or more expensive
SCSI raid)
	1. Speed
	   Bonnie++ shows Linux Software Raid is MUCH faster than ICH5
(at least under Linux)
	2. Reliability
	   I have observed that frequent disk access with small files
has destroyed ICH5 raid arrays in 	   the past (at least under
Linux)
	3. Recovery
	   I had a bad experience with the death of an Adaptec 3200S
controller not long ago. The array
	   was nonrecoverable because a replacement card could not be
sourced in time. Additionally the
	   firmware revision for the 3200s was unknown. (Recovery from
controller death if even 	   possible requires the same firmware
revision as the original card, since that was not known
we would have had to guess which takes time and time is money when you
have a dead server)
	4. Price
	   Reduce cost of hardware to the client because we arent using
expensive raid controllers
	5. Prevalence
	   It is much easier to source standard disks than it is to
source SCSI disks (in the case
	   of using SCSI raid controllers). It is also much easier to
source a standard SATA controller 	   than it is to source a RAID
controller 

Reasons for using XEN
	1. Recovery
	   Putting all network services inside XEN virtual machines that
can be backed up makes       	   disaster recovery a non-brainer
	2. Better utilisation of hardware
	   Stacking virtual machines allows more efficient use of
hardware (cost effectiveness)
	3. It's just cooler :)

Methodology
	1. Setting up the hardware - setting SATA to compatible mode
	2. Boot off Feather Linux USB key
	3. Partition primary drive
	4. Install base system
	5. Chroot into base system
	6. Install C/C++ development packages
	7. Install XEN packages
	8. Configure/build/install XEN Dom0 kernel
	9. Install GRUB
	10. Reboot to base system and set SATA to enhanced mode
	11. Migrate system into RAID1 and test
	12. Configure/build/install XEN DomU kernel
	13. Configure LVM
	14. Create DomU environment
      * 15. Install services into DomU
	16. Configure XEN to boot DomU automatically
      * 17. Testing
      * 18. Deployment

* Not covered by this document


1. Setting up the hardware
   -----------------------

Standard stuff here. Set the mode for SATA to Compatible so that
Feather's kernel was able to access the hard disks.

2. Boot off Feather Linux USB key
   ------------------------------

Feather is fantastic because it allows one to setup a Debian system
without having to boot from the now heavily outdated Woody install CD.
It supports more hardware and  also allows easy installation to a system
without a CDRom drive in a build network without an 'evil' segment (PXE
boot). It also makes a convenient rescue platform.
http://featherlinux.berlios.de

3. Partition primary drive
   -----------------------

Feather Linux does not properly support the ICHx and it doesnt have the
administration tools for making raid arrays. Therefore the setup method
we will use is to build the base system on a single disk and then
migrate it into RAID1. Trust me, this is much easier than it sounds!

I partitioned the primary drive as follows

   Device Boot      Start         End      Blocks   Id  System
/dev/hda1               1           3       24066   fd  Linux raid
autodetect
/dev/hda2               4         501     4000185   fd  Linux raid
autodetect
/dev/hda3             502        9605    73127880   fd  Linux raid
autodetect
/dev/hda4            9606        9729      996030   fd  Linux raid
autodetect

using hda2 for root and hda1 for boot with swap on hda4. hda3 is not
used yet.

Format and mount up the drive to /target:

# mkdir /target
# mkfs.ext3 /dev/hda1
# mkfs.ext3 /dev/hda2
# mount /dev/hda2 /target
# mkdir /target/boot
# mount /dev/hda1 /target/boot


4. Install the base system
   ----------------------

Set up Feather with APT and debootstrap:

# dpkg-get
# apt-get install debootstrap

Install the base system

# debootstrap sarge /target

Perform basic configuration

# vi /target/etc/fstab

/dev/sda2        /       ext3    defaults        0       1
/dev/sda1        /boot   ext3    defaults        0       2
proc             /proc   proc    defaults        0       0

You may be asking why am I putting sda here? The reason is because once
I set the ICH6 to use Enhanced Mode and reboot into the fresh 2.6.9 xen0
kernel with SATA support compiled the drives appear as SCSI devices. hda
will be enumerated as /dev/sda.

5. Chroot into base system
   -----------------------

# umount /dev/hda1
# cd /target
# chroot .
# su -
# mount /dev/hda1 /boot

Unmounting and remounting boot is important for configuring GRUB later.

Some more configuration needs to be done at this point:

# rm /etc/resolv.conf
# rm /etc/hostname
# echo xen0-test > /etc/hostname
# echo nameserver 210.55.13.3 > /etc/resolv.conf

6. Install C/C++ packages
   ----------------------

# apt-setup
# apt-get update
# dselect update
# tasksel
(Select C/C++ development packages)

7. Install XEN packages
   --------------------
  
Until Adam's packages get released I am using some homebrew packages
descended from Brian's original 
work.

# mkdir xen
# cd xen
# apt-get install wget
# wget -r http://cryptocracy.hn.org/xen/
# cd cryptocracy.hn.org/xen
# dpkg -i *.deb
# apt-get -f install

8. Configure/build/install XEN dom0 kernel
   ---------------------------------------

Since this is the first time configuring XEN on this hardware I am
building the kernel from scratch.
When we get more of these servers I will install a prebuilt debianised
kernel on them.

# cd /usr/src/
# tar -jxvf ./kernel-source-2.6.9_2.6.9-3_all.deb
# cd kernel-source-2.6.9
# export ARCH=xen
# cp ~/xen/cryptocracy.hn.org/xen/config.xen0 .config
# make menuconfig
(Make changes as appropriate for this hardware)
# make
# make modules_install
# cp vmlinuz /boot/vmlinuz-2.6.9-dom0

9. Configure GRUB
   --------------

# apt-get install grub
# grub-install
# update-grub

Now edit the grub menu.lst file and modify the kernel definition so it
looks like this:

title Xen 2.0.1 / Xenolinux 2.6.9
root (hd0,0)
kernel /xen.gz dom0_mem=131072
module /269-xen0 root=/dev/sda2 ro console=tty0

10. Reboot to base system and revert SATA configuration to Enhanced mode
    --------------------------------------------------------------------

# reboot

Set the relevant option in the BIOS and we're good to go.

11. Migrate to RAID1 and test
    -------------------------

We've just built a complete Dom0 base system on the first disk. In order
to migrate this into RAID1,
we will create a RAID array using the second disk only, duplicate the
data onto the second drive, reboot into it and then readd the first
drive to the array. Sounds complex, but it isnt. This is another
advantage of Linux RAID over conventional RAID: it is easy to migrate
from a single disk to a RAID configuration.


First we need to partition the second disk exactly like the first:

# sfdisk -d /dev/sda > ~/partitions.sda

Having this data backed up is an incredibly good idea. I experienced a
catastrophic faliure on
one server once by enabling DMA with a buggy OSB4 driver. The partition
table was destroyed. Using
the partition data backed up in the manner above i was able to restore
the partition to find
that my data (an important IMAP store) was still intact.

Duplicating the partition table (or restoring from backup) is simple:

# sfdisk /dev/sdb < ~/partitions.sda

That's it. The two drives are now identically partitioned.

Now we need to initialise the RAID on the second disk without destroying
the data on the first.

# apt-get install mdadm raidtools2

Begin by creating the raidtab. My one looks like this:

raiddev /dev/md0
        raid-level 1
        nr-raid-disks 2
        persistent-superblock 1
        chunk-size 8
        
        device  /dev/sda1
        failed-disk 0
        device /dev/sdb1
        raid-disk 1

... repeated for each partition. Marking the partitions on sda - our
source drive - as failed BEFORE
creating the raid array is very important as it prevents them from being
overwritten by mkraid.

Create the RAID disks now.

# for i in 'seq 0 3'; do mkraid /dev/md$i; done

Format and mount the root and boot partitions and initialise swap:

# mkfs.ext3 /dev/md0
# mkfs.ext3 /dev/md1
# mkswap /dev/md2
# mkdir /target
# mount /dev/md1 /target
# mkdir /target/boot
# mount /dev/md0 /target/boot

Copy the contents of our base system into the RAID we've just created:

# ls -1 / | grep -v proc | while read line ; do cp -afx /$line /target;
done
# cp -afx /boot/* /target/boot

Modify the target's fstab and grub configuration as follows:

/target/etc/fstab now looks like this:

/dev/md1        /       ext3    defaults        0       1
/dev/md0        /boot   ext3    defaults        0       2
proc            /proc   proc    defaults        0       0
/dev/md2        none    swap    sw              0       0

And change the kernel definition in /target/boot/menu.lst slightly:

module /269-xen0 root=/dev/md1 ro console=tty0

Umount /target/boot:

# umount /target/boot

Chroot into the target:

# cd /target
# chroot .
# su -

Remount boot and install grub:

# mount -a
# grub-install
# update-grub
# exit
# logout

We're now ready to reboot into our new RAID! 

# reboot

Most modern boards these days (at least the ASUS ones which is all I
use) have an option to select
the boot device. On the P4 and P5 series mainboards this is accessed
through F8. As your system is
booting hit F8 and choose the second drive. If your system does not
support this you can change the
boot order in the bios or if you prefer you can edit the GRUB options by
pressing 'e' at the prompt.

Once the system has rebooted you should now be inside your RAID setup.
It's time to import the first
drive into the array.

First edit the raidtab and mark sda as usable:

raiddev /dev/md0
        raid-level 1
        nr-raid-disks 2
        persistent-superblock 1
        chunk-size 8
        
        device  /dev/sda1
        raid-disk 0
        device /dev/sdb1
        raid-disk 1

... etc. Now add the partitions on sda as members using raidhotadd:

# raidhotadd /dev/md0 /dev/sda1

Rinse and repeat for each partition, or use a tricky bash one liner :)

The mirror is now syncing each partition in sequence. You can check the
status of this process 
by periodically cating /proc/mdstat.

Once each partition is synced your mirror is complete and you can
reboot, remove and shuffle drives
about to your hearts content, or at least until you're satisfied that
the root raid is working
correctly.

12. Configure/build/install XEN domU kernel

There's no point in building the domU kernel until you're ready to use
it. If I was using a prebuilt
kernel package I would have included the domU kernel so this step would
be avoided.

# cd /usr/src/kernel-source-2.6.9
# make clean
# export ARCH=xen
# cp ~/xen/cryptocracy.hn.org/xen/config.xenU .config
# make menuconfig
(Make changes as appropriate)
# make
# make modules_install
# cp vmlinuz /boot/vmlinuz-2.6.9-domU

13. Configure LVM

I use LVM (or devmapper) to store the domU VBDs, including their data.
This allows for easy resizing of 
partitions/images as required by services.

# apt-get install lvm10 lvm2

Initialise the partition as a physical volume:

# pvcreate /dev/md3

Create a volume group for xen:

# vgcreate xen /dev/md3

14. Create domU environment
    -----------------------

Create logical volumes for the service domU and its mailstore:

# lvcreate -L4096M -n mail xen
# lvcreate -L65000M -n store xen

Format and mount the domU VBD:

# mount.ext3 /dev/xen/mail
# mount /dev/xen/mail /target

Install the base system on the domU:

# export ARCH=i386
# apt-get install debootstrap
# debootstrap /target

Configure the target:

# cd /target
# chroot .
# su -
# rm /etc/hostname
# rm /etc/resolv.conf
# echo mail > /etc/hostname
# echo nameserver 210.55.13.3 > /etc/resolv.conf
# apt-setup

Edit /etc/fstab:

/dev/hda1       /       ext3    errors=remount-ro       0       1
/dev/hdb1       /store  reiserfs defaults               0       2
proc            /proc   proc    defaults                0       0

Edit /etc/network/interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

# exit
# logout

Create the config file for the new domain

# cp /etc/xen/xmexample1 /etc/xen/mail

Edit the file and change the name and disk parameters:

name = mail
disk = [ 'phy:xen/mail,hda1,w', 'phy:xen/store,hdb1,w']

Unmount the target and format the store partition:

# umount /target
# apt-get install reiserfsprogs
# mkfs.reiserfs /dev/xen/store

Fire up your new xenU domain!

# /etc/init.d/xend start
# xm create -f /etc/xen/mail
# xm console mail

Have a play and to return to the xen0 hit ctrl-].

16. Configure xen to start up the domain automatically
    --------------------------------------------------

# ln -s /etc/init.d/xend /etc/rc2.d/S20xen
# ln -s /etc/init.d/xendomains /etc/rc2.d/S21xendomains
# mv /etc/xen/main /etc/xen/auto

That's it! :) Enjoy your fresh new server.


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

[/Howto] permanent link

Sat, 08 Jan 2005






Network Working Group                                        M. Horowitz
Request for Comments: 2228                              Cygnus Solutions
Updates: 959                                                     S. Lunt
Category: Standards Track                                       Bellcore
                                                            October 1997

                        FTP Security Extensions

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1997).  All Rights Reserved.

Abstract

   This document defines extensions to the FTP specification STD 9, RFC
   959, "FILE TRANSFER PROTOCOL (FTP)" (October 1985).  These extensions
   provide strong authentication, integrity, and confidentiality on both
   the control and data channels with the introduction of new optional
   commands, replies, and file transfer encodings.

   The following new optional commands are introduced in this
   specification:

      AUTH (Authentication/Security Mechanism),
      ADAT (Authentication/Security Data),
      PROT (Data Channel Protection Level),
      PBSZ (Protection Buffer Size),
      CCC (Clear Command Channel),
      MIC (Integrity Protected Command),
      CONF (Confidentiality Protected Command), and
      ENC (Privacy Protected Command).

   A new class of reply types (6yz) is also introduced for protected
   replies.

   None of the above commands are required to be implemented, but
   interdependencies exist.  These dependencies are documented with the
   commands.

   Note that this specification is compatible with STD 9, RFC 959.



Horowitz & Lunt             Standards Track                     [Page 1]

See more ...




								[/Projects] permanent link

Fri, 07 Jan 2005

Using svk

pokurcz eyck 13:53 ~/shared/projects/tftp/svk > svk mirror //project/cpan https://smaug.forumakad.pl/esvn/cpan/
Committed revision 1.
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk 
cache  config  local
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk/local 
README.txt  conf  dav  db  format  hooks  locks
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk/cache 
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > svk sync //project/cpan                                  
Syncing https://smaug.forumakad.pl/esvn/cpan
Retrieving log information from 1 to 7
Committed revision 2 from revision 6.
Committed revision 3 from revision 7.
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls ~/.svk 
cache  config  local
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > ls
pokurcz eyck 13:54 ~/shared/projects/tftp/svk > # svk sync //project/trunk
pokurcz eyck 13:55 ~/shared/projects/tftp/svk >  svk sync //project/trunk
no source specificed at /usr/share/perl5/SVN/Mirror.pm line 52.
pokurcz eyck 13:55 ~/shared/projects/tftp/svk > ls
pokurcz eyck 13:55 ~/shared/projects/tftp/svk > scp checkout //project/cpan cpan
cp: cannot stat `checkout': No such file or directory
cp: cannot stat `//project/cpan': No such file or directory
zsh: exit 1     scp checkout //project/cpan cpan
pokurcz eyck 13:55 ~/shared/projects/tftp/svk > ls
pokurcz eyck 13:55 ~/shared/projects/tftp/svk > svk checkout //project/cpan cpan
Syncing //project/cpan(/project/cpan) in /home/eyck/shared/projects/tftp/svk/cpan to 3.
A   cpan/Net-Lite-FTP
A   cpan/Net-Lite-FTP/L8R.txt
A   cpan/Net-Lite-FTP/t
A   cpan/Net-Lite-FTP/t/Net-Lite-FTP.t
A   cpan/Net-Lite-FTP/Meta.yml
A   cpan/Net-Lite-FTP/MANIFEST
A   cpan/Net-Lite-FTP/lib
A   cpan/Net-Lite-FTP/lib/Net
A   cpan/Net-Lite-FTP/lib/Net/Lite
A   cpan/Net-Lite-FTP/lib/Net/Lite/FTP.pm
A   cpan/Net-Lite-FTP/Makefile.PL
A   cpan/Net-Lite-FTP/Changes
A   cpan/Net-Lite-FTP/client.pl
A   cpan/Net-Lite-FTP/Makefile.old
A   cpan/Net-Lite-FTP/README
pokurcz eyck 13:55 ~/shared/projects/tftp/svk > ls

cd cpan/Net-Lite-FTP
play...

pokurcz eyck 13:57 ..ftp/svk/cpan/Net-Lite-FTP > svk diff
=== L8R.txt
==================================================================
--- L8R.txt  (revision 3)
+++ L8R.txt  (local)
@@ -1,3 +1,4 @@
+#
 sub list {
      my ($self)=@_;
      my $sock=$self->{'Sock'};


pokurcz eyck 13:57 ..ftp/svk/cpan/Net-Lite-FTP > svk ci
Merging back to SVN::Mirror source https://smaug.forumakad.pl/esvn/cpan.
Merge back committed as revision 8.
Syncing https://smaug.forumakad.pl/esvn/cpan
Retrieving log information from 8 to 8
Committed revision 4 from revision 8.

[/Howto] permanent link

BSD - Bastard patcheset for Linux kernel. 2.4.28-bsd25c

Fri Jan 7 11:05:47 CET 2005 Todays release (25c), https://ghost.anime.pl/~eyck/Projects/bsd/25c/, based on 2.4.28 introduces openswan 2.3.x (2.3.0), this is the first major backwards-incompatible release in BSD family, I don't know yet if it'll trickle down to stable branch.

Also, together with patchset I prepare 'default' kernel, which configuration is based on debian kernels. This time around the configuration contains proper blue support ( TTY was missing ), without it you couldn't play with bluetooth phones ("rfcomm bind /dev/rfcomm0 MAC CHANNEL" command was failing)
[/Projects/bsd] permanent link

Tracing OOPs with Bertl:

Kernel panic: 
SMP
CPU: 3
EIP: 0060:[<80146f4b>] Not tainted VLI
EFLAGS: 00010086 (2.6.10-ih3)
EIP is at kmem_cache_alloc+0x1b/0x50
eax: 00000003 ebx: 00000286 ecx: b7cda280 edx: 00000078
esi: 00000020 edi: ce7ba01c ebp: 00000000 esp: ce7b9ff0
ds: 007b es: 007b ss: 0068
Process (pid: -367138816, threadinfo=ce7b9000 task=d1ec3000)
Stack: 083e2490 083e2490 b7ece380 80140fb3
Call Trace:
 [<80140fb3>] mempool_alloc+0x73/0x140
Code: a4 01 2b eb 96 8d 74 26 00 8d bc 27 00 00 00 00 83 ec 0c 8b 4c 24 10
89 5c
24 08 9c 5b fa b8 00 f0 ff ff 21 e0 8b 40 10 8b 14 81 <8b> 02 85 c0 74 18 c7
42
0c 01 00 00 00 48 89 02 8b 44 82 10 53
08:38 < Bertl >hmm, try 'addr2line -e vmlinux 083e2490 083e2490 80140fb3'

hmm, I think you need an uncompressed kernel though :( 

 printing eip:
c01c7dc9
*pde = 093cd067
*pte = 00000000
Oops: 0000
CPU:    0
EIP:    0010:[]    Not tainted
EFLAGS: 00010202
eax: c58234f8   ebx: 00000080   ecx: cf772d28   edx: c58234f8
esi: c5823490   edi: 00000001   ebp: d5f2fecc   esp: d5f2fe20
ds: 0018   es: 0018   ss: 0018
Process kswapd (pid: 4, stackpage=d5f2f000)
Stack: c5823490 c5823490 c333a4b0 c01c7ea8 c5823490 00000001 c5823490 c01c44cd
       c5823490 c5823490 c01e31ab c5823490 c58234b0 c01e3044 c5823490 00000001
       00000001 c5823490 c5823490 00000004 c333a4b0 c333a4b0 d5f2ff2c c01ecc63
Call Trace:    [] [] [] [] []
  [] [] [] [] [] []
  [] [] [] [] [] []
  [] [] []

Code: 8b 53 08 85 d2 74 15 0f bf 43 0c 50 52 e8 09 7e 02 00 c7 43

/home/eyck# addr2line -e /boot/vmlinuz-2.4.23-bsd15a c5823490 c5823490 c333a4b0
addr2line: /boot/vmlinuz-2.4.23-bsd15a: File format not recognized

[/Misc] permanent link

Thu, 06 Jan 2005

ARM,

ARM was originally designed by a group of mathematicians for use in a relatively obscure proprietary personal computer system. This core presently dominates the low end of the 32-bit market (in terms of shipment volumes) due in part to low power requirements, wide availability in many forms, and a clever instruction set architecture. For example, the so-called "Thumb" instruction set extension allows the microcontroller, though 32-bit in nature, to run quite efficiently out of 16-bit memories with about a 25% improvement in code density. (Narrower data buses generally imply a lower pin count on the microcontroller, and hence a lower cost). Thumb code can also be used in pure 32-bit hardware designs to reduce code volume significantly without unacceptably influencing execution speed. In the last two years or thereabouts, we have begun to see very cut-down ARM-based parts with a small amount of on-chip flash and RAM making their way into control applications formerly occupied by 8-bit devices. ARM is also the most common core used in PDA and smartphone applications. from: http://www-106.ibm.com/developerworks/library/pa-migrate/?ca=dgr-lnxw06X86ToPower#Resources
[/Misc] permanent link

Biking in Snow

Biking in snow is a very intensive experience, everyone is affraid of weather, so noone tries this, but AFAIK everyone who tried snowbiking immediately falls in love with it.

Well, first of all, remember that your brakes don't work that well when the temperature gets low ( that's why I'm hunting for disc brakes, they're much better then v-brakes ), biking on ice at low speeds and curvy roads is quite an excercise for your balance. http://www.enteract.com/~icebike/ http://www.bikewinter.org/ http://www.fieldses.org/~bfields/umba/winter.html Timestamp:2004-10-08
[/Misc] permanent link

Firewall rule for FTP

A.  Firewall rule summary

      As long Application Layer Gateways (or proxys) are not used, a
      packet filtering firewall should be able to pass secured FTP.  The
      following guidelines should help trying to configure one.

   Control Connection

         - Allow any port on the client to connect to port 21 on the
         server

         - Disable any rules that parse and/or impose any rules on the
         commands and/or responses on the control stream.  (Note - there
         is one major firewall vendor who claim this is a security issue
         and make it very hard for you to do this)

         - Ensure the idle timeout of the control connection is longer
         than it will take to transfer the largest file on the data
         connection

   Data Connection

      Normal (active or PORT) FTP

         - Allow port 20 on the server to connect to any port on the
         client

      Firewall-Friendly (passive or PASV) FTP

         - Allow any port on the client to connect to any high port(*)
         on the server.

            (*) This may be able to be configured on the server to be a
            range of ports and not 'any high port'.

      Note: A firewall may allow both Normal and Firewall-Friendly FTP,
      the choice is not exclusive.

   NAT firewalls should be able to allow Firewall friendly FTP through,
   as long as these rules can be followed.
Source: http://www.isaserver.org/articles/FTPTLS_Friendly_Firewalls.html
[/Misc] permanent link

Tue, 04 Jan 2005

XMLFTP - XML File Transfer Protocol,

Next-gen FTP, fixing some problems with FTP, namely:
  1. performance problems with small files
  2. uptight firewall admin-friendly (use one long-lived TCP session for all comunication)

Generally FTP is very old and very evolved protocol, so all/most known problems already have been solved ( TLS/SSL FTP encryption, then you hit problem with FTP conntrack not working, then you solve it by temporarily decrypting control session etc..).

Solving those problems with XML is possible and straight-forward.
[/Projects/XTP] permanent link

Theme Design by Bryan Bell.
September 2007
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30