Thursday, December 1, 2011

bash: performance of let vs expr vs (( ))

A simple counting loop is used to test the performance of the bash utilities


# i=1; time while :;do [ $i -gt 1000000 ] && break; let i=$i+1; done; echo $i

real 0m17.590s
user 0m17.109s
sys 0m0.400s
1000001

# i=1; time while :;do [ $i -gt 1000000 ] && break; i=$(($i+1)); done; echo $i

real 0m16.043s
user 0m15.629s
sys 0m0.384s
1000001

# i=1; time while :;do [ $i -gt 1000 ] && break; i=`expr $i + 1`; done

real 0m1.411s
user 0m0.052s
sys 0m0.232s


Both let and (( )) perform calculations at almost the same speed. 'expr' being a process creation suffers heavily during calculations

Tuesday, November 15, 2011

Script to dynamically choose fd for a flock

This is a sample script which automatically chooses a unused fd, opens the requested lock file with that fd and acquires a lock on that file

#!/bin/bash

# function to acquire to flock on a local file
# Usage
# flock [-e|-x|-w ] 
# Return
# non-zero in case of errors
# flock_fd variable will contain the fd
function flock
{
 [ -z "$1" ] && return 

 local file="" timeout=20 mode="-x"
 while ! [ -z "$1" ]; do
  case "$1" in
  -x)
   mode="-x"
   shift
   ;;
  -s)
   mode="-s"
   shift
   ;;
  -w)
   timeout=$2
   shift
   shift
   ;;
  *)
   file=$1
   ;;
  esac
  ! [ -z "$file" ] && break
 done
 [ -z "$file" ] && return 1

 ! [ -f "$file" ] && touch $file
 ! [ -f "$file" ] && return 1

 local freefd=`ls /proc/$$/fd | sort -n | awk 'BEGIN{count=0} {if($1 != count) {print count; exit} else {count++}}'` 
 let freefd=$freefd+1

 eval "exec $freefd>>$file"
 [ $? -ne 0 ] && return 1
 flock $mode -w $timeout $freefd
 local ret=$?
 if [ $ret -eq 0 ]; then
  flock_fd=$freefd
 else
  eval "exec $freefd>&-"
 fi

 return $ret
}

# function to unlock a local flock
# Usage
# flock_unlock 
# Return
# non-zero in case of errors
function flock_unlock
{
 # close the file, it would remove the locks
 [ -z "$1" ] && return 1
 eval "exec $1>&-"
 return 0
}

SLES11SP1 pure-ftpd performance poor, uses mmap instead of sendfile

The default pure-ftpd that is available with SLES11SP1 seems to be using mmap for download instead of the preferred sendfile()

When you install the source rpm for pure-ftpd you would see that sendfile code is there with proper flags, and pure-ftpd does not seem to use it

If you check the pure-ftpd binary for any references to sendfile() in pure-ftpd binary, then there won't be any

$ nm /usr/sbin/pure-ftpd | grep sendfile

When you look deeper into the code there is a bug in src/ftpd.h of pure-ftpd bundled with SLES11SP1 which causes mmap to be used instead of the preferred sendfile()

Install the source rpm and check the sources and Create the source tree for the package. Unpack the source tar ball and apply patches

$ rpm -ivh pure-ftpd-1.0.21-183.11.2.src.rpm 


$ cd /usr/src/packages
$ rpmbuild -bp SPECS/pure-ftpd.spec


Once the sources the sources are installed, if we look at how sendfile can be enabled from Makefile/configure scripts

# grep SENDFILE * | grep LINUX | grep 64
config.h.in:#undef SENDFILE64_LINUX
configure:#define SENDFILE64_LINUX
configure.ac:  AC_DEFINE(SENDFILE64_LINUX,,[define if you have a linuxish sendfile64])

 But the ftp sources in src/ directory

# grep SENDFILE * | grep LINUX | grep 64
ftpd.h:# undef SENDFILE64_LINUX
ftpd.h:    defined(SENDFILE_HPUX) || defined(SENDFILE64_LINUX)
ftpd.h.orig:# undef SENDFILE_LINUX64
ftpd.h.orig:    defined(SENDFILE_HPUX) || defined(SENDFILE_LINUX64)


The configure/makefile scripts use SENDFILE64_LINUX, whereas the ftp sources use SENDFILE_LINUX64. Due to this incorrect macro variable name being used in sources, even though sendfile is enabled from configure/makefile level, the code generated with SLES11SP1 does not use sendfile().

http://bradthemad.org/tech/notes/patching_rpms.php contains details of how to make changes to the package and rebuild the rpm

Thursday, October 20, 2011

Saturday, October 8, 2011

Wee Wise Words - Heaven and Hell

Wee Wise Words - Heaven and Hell from Flickerpix on Vimeo.

Innovation Starvation

"Most people who work in corporations or academia have witnessed something like the following: A number of engineers are sitting together in a room, bouncing ideas off each other. Out of the discussion emerges a new concept that seems promising. Then some laptop-wielding person in the corner, having performed a quick Google search, announces that this “new” idea is, in fact, an old one—or at least vaguely similar—and has already been tried. Either it failed, or it succeeded. If it failed, then no manager who wants to keep his or her job will approve spending money trying to revive it. If it succeeded, then it’s patented and entry to the market is presumed to be unattainable, since the first people who thought of it will have “first-mover advantage” and will have created “barriers to entry.” The number of seemingly promising ideas that have been crushed in this way must number in the millions."

http://johniac.posterous.com/innovation-starvation-world-policy-institute

Julian Treasure: The 4 ways sound affects us

Harald Haas: Wireless data from every light bulb

Adam Ostrow: After your final status update

Thursday, October 6, 2011

MAP_POPULATE performance with ext3

Performance of mmap_read without MAP_POPULATE, around 90 MB/sec

XXX_01:~ # ~/a.out -i /tmp/test/testfile
Time taken : 22 sec
Data Read : 2097152000 bytes
Speed is : 90.909091 MB/sec
XXX_01:~ #
XXX_01:~ # umount /tmp/test; mount  /dev/vx/dsk/vxvmdg/fs_iscsi_ext3 /tmp/test
XXX_01:~ # ~/a.out -i /tmp/test/testfile
Time taken : 22 sec
Data Read : 2097152000 bytes
Speed is : 90.909091 MB/sec
XXX_01:~ #

Performance wih MAP_POPULATE, around 86 MB/sec

XXX_01:~ # ~/a.out -i /tmp/test/testfile
Time taken : 23 sec
Data Read : 2097152000 bytes
Speed is : 86.956522 MB/sec
XXX_01:~ #
XXX_01:~ # umount /tmp/test; mount  /dev/vx/dsk/vxvmdg/fs_iscsi_ext3 /tmp/test
XXX_01:~ # ~/a.out -i /tmp/test/testfile
Time taken : 23 sec
Data Read : 2097152000 bytes
Speed is : 86.956522 MB/sec
XXX_01:~ #

Looks like the built-in read-head of ext3 or linux is good enough without the need for MAP_POPULATE when used with mmap

Monday, October 3, 2011

James altucher on atheism

Altucher on atheism 

ATHEISM
@mczirjack asks: What are your thoughts (if any) of the expanding Aetheist movement i.e.: Sam Harris, Richard Dawkins, etc
ANSWER:
Atheism is almost a one-word oxymoron. It’s an organized religion against organized religions. But they still try to keep all of the trappings of an organized religion: every “professional atheist” tries to lay out an ethical system.
I could think of myself as an atheist also – I don’t believe in a man with a beard who magically created the Universe. Then I can lay out an existential system of ethics and ways for men to deal with each other without the words “under God” hanging over them.
Most people forget that Buddha was an atheist. And that even in orthodox Judaism there is no real word for God.
I prefer,for myself, to develop a system of happiness, to eliminate the constant brainwashing that occurs around me, and to try to enjoy life today.
In terms of the question: “do I believe in a higher power?” I would have to answer that I do believe in the concept of “surrender” which may or may not imply a higher power (who knows?). In other words, many situations get so difficult you want to throw up your hands and just say, “you know what, I did all I can. I leave the rest up to you.” And who is that you? It might be a higher power. It might be a creative force inside of you that is dying for those moments to be unleashed. Or it might simply be the feeling of gratitude that is always worth cultivating to help one find more happiness in life.

Sunday, October 2, 2011

Meltdown - The men who crashed the world

Corruption in media

Desperate measures to finance escalating costs of production are also happening because hordes of players enter the media sector for a variety of reasons. There are no less than 40 news channels across the country financed by political parties or families, according to this documentary. A highly fragmented market that shows no signs of consolidating. 

The more expensive news gets to produce, and the less advertising there is to go around, the more shows you will get on gadgets and cars and movies. And fewer news crews going off to the countryside to report what is happening to ordinary people. Not reporting is not a cognizable offence, but it undermines the reason for the existence of journalism in a free society. 

And lots of other insightful comments at http://www.thehindu.com/arts/magazine/article2475946.ece

Friday, September 30, 2011

Comment on slashdot about speed of light by MichaelCrawford

I am intimately familiar with the interaction of light with matter as a result of having been an avid Amateur Telescope Maker [geometricvisions.com] and Amateur Astronomer since the tender age of twelve.
This led to my acceptance to study Astronomy at Caltech in the Fall of 1982, where I was privileged to attend a non-credit class called "Physics X" that was taught by The Immortal Richard Feynman. You could ask him any question you wanted - it didn't have to be about Physics even - but the ensuing discussion had to be purely conceptual. Questions that would require Feynmen to work out equations on the chalkboard were not permitted.
One afternoon I pointed out to him that the phenomenon that light slows down as it passes through a medium just had to be wrong. When one examines any medium at a subatomic scale, it is mostly empty vacuum with some rare particles that have all been either proven or are suspected to be geometric points. (While Protons and Neutrons have a non-zero diameter, they are each composed of three quarks, which themselves are thought to be point particles.)
"Surely," I pointed out to Feynman, "When light passes through all this vacuous space inside a piece of glass, it always travels at precisely C! How could Snell's Law" - which yields the angle of refraction when light passes through the surface of a medium - "possibly be correct!"
I knew damn well that Snell's Law was correct, as Snell himself experimentally demonstrated the law hundreds of years ago. While he did not measure what the Speed of Light had to do with refraction, we have been able to measure light's speed for over a century.
Feynman replied that when light passes through matter, the charged particles in that matter oscillate in sympathy with the oscillations of the light's electomagnetic field. But because they are all in a bound state, and because accellerating charged particles causes them to emit light of their own, thereby carrying away energy and so dampening their sympathetic oscillation, the movements of the charged particles in matter is not quite in phase with the waves in the light passing through the medium.
Feynman concluded, "The light emitted by the charge particles in matter interferes with the light passing through the medium" - that is, wave peaks add to wave peaks, and so with troughs, while peaks and troughs together cancel each other - "so that the resulting combination of light waves only appears to move slower than C."
Thus the Photons are always moving at a constant velocity of C, but all the Photons in the medium interact so that passing a Photon through the medium will result in the exit Photon being delayed from the timing you would expect from when the entrance Photon entered the front surface. They key to understanding all this is that the entrance and exit Photons are NOT THE SAME PHOTON!
Feynman discusses this in a really lucid way, with rigorous mathematics, in Volume II of The Feynman Lectures on Physics. Volume II covers Electricity and Magnetism, Volume I covers Classical Mechanics - Newton's Laws of Motion and such - while the third volume does Quantum Mechanics. The set of three is expensive but are easy to read, even if you don't know much Calculus, and would be a good investment for any Slashdotter.
I was mortally embarrased to realize years later that I had asked Feynman a really basic, purely conceptual question whose completely rigorous answer led to him sharing the 1965 Nobel Prize with Tomanaga of Japan! Their Quantum Electrodynamics describes the interaction of light with electric charge with complete precision.
Feynman's formulation uses a conceptual drawing called a Feynman Diagram as a calculational and explanatory device. I don't know how Tomanaga formulated his Quantum Electrodynamics, but my understanding as that at first no one could understand why the two theories seemed quite different but always yielded the same numerical results. Some time later Freeman Dyson - Esther Dyson's father - published a paper that demonstrated that their two theories were in fact equivalent. I expect that it was Dyson's paper that clinched their Nobel.
Everyone who knew anything about Dick Feynman - not just us Tech students, as he was at Cornell before Caltech - considered him a heaven-sent deity because throughout his life he considered it far more important to teach Physics than to understand it. The Feynman Lectures resulted from a year he spent teaching Freshman Physics. Some of his lectures were filmed; I expect you could buy DVDs, or maybe find them on YouTube.
Over the West entrance of the Dabney Student House at Caltech is an elaborate, fantastical sculpture of Heaven. God's face looks just like Feynman's!
Some of the happiest memories of my whole life are of the times I spent not just being taught by Dick Feynman, but getting to know him as a person. Such an opportunity doesn't come to many. For having had that opportunity I am truly priveliged.

Wednesday, September 28, 2011

Thursday, September 22, 2011

Mathieu Santos - I Can Hear The Trains Coming

Mathieu Santos - I Can Hear The Trains Coming from Jubadaba on Vimeo.

Thin Film Transforms Any Surface Into a Massive Multitouch Screen

It would be good to have both gesture and touch integration for these screens. With larger screens it gets difficult to reach all corners, so a *minority report* style interface and touch interface together could make a great tool.





TOKYO SLO-MODE

TOKYO SLO-MODE from alex lee on Vimeo.

Comment about how current financial system is being run

In Ireland, there were only around 40 or so company directors amongst all the major bank, company and state boards. Most of these were also businessmen, CEOs, or managers. As you can imagine, nest padding was a primary activity. When the state property agency NAMA was created, one of the first acts of the board was to increase the chairman's salary by 70% [www.rte.ie]. I imagine similar outrages occur in the US.

The proper here isn't "doofus factors" or anything to do with individual boards. The problem is that the entire business and governance culture of the western world is no longer functioning properly. It has become mired in corruption, greed, fraud, and mismanagement. Yet still we tolerate crooks and doofuses because seemingly everyone agrees that this is the best way to run things. Our prevalent financial worldviews are unable to explain or understand why things aren't working anymore.

Personally, I feel that a "financial reformation" is needed in our society. Something literally of the magnitude of the Protestant reformation in the 1500s. We need to turn away from the corrupt established church of business and economics and find new business philosophies. We need to find a system which prevents doofuses, grubbers, and psychopaths from running our companies. We need a system in which shareholders are investors instead of gamblers.

We need a new way of doing business, and even of thinking about and understanding business. Otherwise we'll end up with companies like Yahoo, Microsoft, NASA, and Bank of America being run into the ground by directors, managers,and shareholders who at best have no idea what they're doing, and who at worst will actively destroy the company for personal gain.

Another wonderful comment http://tech.slashdot.org/comments.pl?sid=2433280&cid=37432878

What you have just described is the fundamental career philosophy behind the MBA. To state it another way, the default MBA business strategy is: "Ramp up short-term profitability by whatever means is necessary/convenient, regardless of long-term consequences for the company, because by the time those consequences arise, you will have been hired away to work at a different company, at a higher pay grade, and dealing with those consequences will have become somebody else's problem.

The problem for the Western economy is that, ever since the Reagan administration (or the Thatcher administration, or the Mitterand administration, or ... but you get the picture), MBAs have progressively grown in influence to a position of utterly dominating corporate governance in every country outside of China. It is they who are responsible for exporting the bulk of Western industrial production to developing countries, it is they who were responsible for creating and marketing poisonous mortgage-backed derivative securities (and thereby crashing the global economy - a process that is only now reaching its middle, rather than ending), and it is they who dominate corporate boardrooms.

It's not so much that they are psychopaths. It's that they have been trained to be psychopaths by the most prestigious business schools in the Western world. And this all in the name of delivering maximum value to shareholders.

The problem with the MBA philosophy is that the only shareholders that matter - because they are by far the largest shareholders - are institutional shareholders: insurance companies, pension funds, banks, and so on. And these shareholders' investment portfolios are run by - you guessed it - MBAs, who have absolutely no loyalty to anyone or anything except themselves. They'll kick a fundamentally-sound stock to the curb in a heartbeat, so long as their spreadsheets tell them that a company down the block is offering higher short-term profits, regardless of how unsound that new company's long-term outlook might be, because they don't invest for the long term.

Which, incidentally, is why Wall Street and its fraternal counterparts have been experiencing day-to-day mood swings like a bipolar teenager with PMS. In fact, that phenomenon is a result of the MBA-mediated migration to algorithmically-based automated trading systems, which, by intent completely ignore long-term value in favor of short-term gains produced by, essentially, day-trading on a massive scale.

And, short of outlawing MBAs and hanging all existing holders of the degree, I see absolutely zero chance that this utterly broken system that rewards only MBAs will - or, for that matter, can - change for the better any time in the forseeable future.

Tuesday, September 20, 2011

The Art of Corporate Mind Control

Just watched this video, not the best but decent. Corporate world currently controls media and lets us know exactly what they want us to know. This is similar to the religion system we had before, religious institutions controlled the content discussed among people, expressing opinions against the religion was prohibited. All the form of communication we are exposed are designed to lead us into believing something that may not be true, it was religion before, now its corporate world. We just gave control form religion -> govt -> corporates.

There are a lot of scenes from *V for Vendetta*, from one of my favourites.

Smartphone brain scanner on N900

http://www.newscientist.com/article/mg21128305.500-nokia-app-powers-portable-brain-scanner.html

How to eat your Apple

How to eat your Apple from Erick Oh on Vimeo.

Are you lucky ?

I must be "lucky" to have noticed this:

http://ca.lifehacker.com/5791032/improve-your-luck-by-relaxing-keeping-an-open-mind-and-paying-attention-to-the-world-around-you?skyline=true&s=i

Humorous phases of funny faces

SNL - Andy's Excuse for Being Late

Monday, July 11, 2011

Sharing is inherent to human beings

http://idle.slashdot.org/comments.pl?sid=2311798&cid=36708580

Wednesday, July 6, 2011

Patent prior art validity

One of the comments on slashdot talks about having a review time after a patent is requested. This seems to be good idea, patent office does not really care to check for prior art, so if the request patent is published publicly then anyone who thinks there could be a prior art or it is too obvious can they comment accordingly for the patent.

There is no way the patent office can have an expert for *everything* - when new things are invented, then very often for a few years there is only a dozen of people on the planet who understand the subject and the relations to other fields.

I think what should be done is that patents have a "review time" in which the public can comment on them before being finally granted. Then these things would be very easy.

Sunday, July 3, 2011

Get out of NFS mount hang

When nfs is mounted without 'intr' option, it has the habit of hanging if the server is not responding. This is how the linux NFS works, the kernel continuously keeps retrying the request and does not return.

If the nfs server is down and you fire 'df -h', then it would hang while listing the nfs mount, it won't respond to any signals as it is stuck inside kernel.

The simplest solution is to force umount the mount point

XXX:/tmp # umount -f /tmp/test

But it you just want your hung process to return without removing your mount, then you can just plumb the server ip on the localhost

XXX:/tmp # df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda1             14413312  12154924   1526228  89% /
udev                   8187884       336   8187548   1% /dev
/dev/sda5             23711000   5215016  17291516  24% /opt
/dev/sda6              5676464   2786656   2601444  52% /var
/dev/sda7              5676464   1496004   3892096  28% /tmp

XXX:/tmp # mount
/dev/sda1 on / type ext3 (rw,acl,user_xattr)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
/dev/sda5 on /opt type ext3 (rw,acl,user_xattr)
/dev/sda6 on /var type ext3 (rw,acl,user_xattr)
/dev/sda7 on /tmp type ext3 (rw,acl,user_xattr)
10.10.10.10:/test on /tmp/test type nfs (rw,addr=10.10.10.11)

The simplest way is to plumb the server ip 10.10.10.11 on the localhost that would give the nfs client the impression that is talking to the server. Once you start nfs server on the localhost, it will be able to talk to it and find out that the share is not exported by this server and come out

On the client machine you need to start the NFS service and plumb the server ip
XXX:# /etc/init.d/nfs start
XXX:# ifconfig lo:0 10.10.10.11

Now any process hanging while reading data from nfs should come out of kernel

Tuesday, May 24, 2011

Setup RSA SecurID VPN on Nokia N900

This post will highlight the configuration required to setup RSA SecurID software on nokia N900 and use vpnc to authenticate.

Install Java on N900
http://wiki.maemo.org/Java
Java for N900 is available as IcedTea6 in extras or extras-testing.

Install micro-emulator
http://www.nokian900applications.com/install-java-on-nokia-n900/
Install micro-emulator as per above link

Download Microemulator.
Unzip microemulator as root in /opt/: unzip microemulator-2.0.4.zip -d /opt/microemulator/

Install RSA SecurID
http://codehunk.wordpress.com/2010/05/11/rsa-securid-token-on-gnulinux/


$ wget ftp://ftp.rsa.com/pub/agents/j2me/JME23.zip
$ wget ftp://ftp.rsasecurity.com/pub/agents/TokenConverter.tar.gz
$ mkdir securId

$ unzip JME23.zip -d securId/
$ tar -C securId -zxvf TokenConverter.tar.gz
$ cd securId
# Convert your RSA token into required format
$ cp some_directory/token_file.sdtid .
$ chmod +x TokenConverter
$ ./TokenConverter token_file.sdtid -p 'password_you_got_from_admin' -o num_out
$ cat num_out | rev | sed -e :a -e 's/\(.*[0-9]\)\([0-9]\{5\}\)/\1-\2/;ta' | rev
21111-12593-96653-61657-73256-55655-33735-53711-52131-25113-57215-55172-12151-26371-12716-73632-5
# Edit SecurId.jad and add the following lines
X-NumericInput: 21111-12593-96653-61657-73256-55655-33735-53711-52131-25113-57215-55172-12151-26371-12716-73632-5
X-AllowNumericInput: No
$ java -cp /opt/microemulator/microemulator.jar:SecurID.jar org.microemu.app.Main com.rsa.swtoken.j2me.client.SecurID

Enter your PIN and you should get a 8-digit passcode which can be used with vpnc

vpnc can be setup the same as done for desktop linux as in
http://bashingbaru.blogspot.com/2011/05/setup-vpn-using-rsa-securid-software.html
 


Monday, May 23, 2011

Ted Talk: Why work doesn't happen at work

Clearly summarises the problem at work places

Saturday, May 21, 2011

rpcbind and portmap on SLES11

SLES11 includes 2 programs, rpcbind and portmap which both provide portmapper functionality. SLES11 contains rpcbind-0.1.6+git20080930-6.15.x86_64.rpm portmap-6.0+git20070716-31.16.x86_64.rpm packages which are supposed to provide portmapper functionality. But while using portmap for portmapper functionality mountd fails to start.


root@sles11sp1-XXX:~# rpm -qa | grep portmap
portmap-6.0+git20070716-31.16
root@sles11sp1-XXX:~ # cat /etc/SuSE-release
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 1

When you start you might see an error, that mound failed to start. If you look at /var/log/messages, you could be seeing

May 20 05:15:18 sles11sp1-XXX mountd[5703]: unable to register (mountd, 1, udp).
May 20 05:15:53 sles11sp1-XXX mountd[5711]: unable to register (mountd, 1, udp).
May 20 05:15:55 sles11sp1-XXX mountd[5713]: unable to register (mountd, 1, udp).

This is because mountd expects to work with rpcbind in SLES11SP1, mountd sees a service on port 111, but cannot register with portmap. It can only register with rpcbind service.

root@sles11sp1-XXX:~ # rpm -qa | grep rpcbind
rpcbind-0.1.6+git20080930-6.15
root@sles11sp1-XXX:~ # rpm -qa | grep portmap
root@sles11sp1-XXX:~ #

Once you remove portmap and install rpcbind, you should be able to start mountd and nfs using /etc/init.d/nfsserver start

Setup VPN using RSA SecurID software Token On Ubuntu

This post will help in configuring RSA SecurID Software Token for use on linux with Cisco VPN client on Ubuntu 10.04

Installing RSA securID software

You should already be having RSA SecurID software Token software and your key file with you.

Install wine on ubuntu if you don't have it yet as
sudo aptitude install wine

Once you have wine installed, you need to configure wine by running
winecfg

Create a new Drive Z: to provide access to either your home directory or to the whole filesystem

Now Install RSA SecurID Software in wine as
wine ./RSA_SecurID_Software_Token_3.0.5.exe

This should install the software, and add a menu item in 'Applications->Wine->Programs'. Run the RSA SecurID software from the menu and import the key.

Installing VPNC 

vpnc can be installed from repositories
sudo aptitude install vpnc

If you have your VPN server info as a pcf file, then it needs to be converted into a vpnc format


mkdir vpnclient
cd vpnclient
wget http://www.unix-ag.uni-kl.de/~massar/soft/cisco-decrypt.c
sudo apt-get install libgcrypt11-dev
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
chmod +x cisco-decrypt
sudo cp cisco-decrypt /usr/bin
wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
sudo cp pcf2vpnc /usr/bin
pcf2vpnc XXX.pcf > XXX.conf

sudo cp XXX.conf  /etc/vpnc/

The above steps would convert the pcf into vpnc format and get it ready for use

Using RSA TokenCode/PassCode with vpnc

Now we need to get vpnc use the token generated by RSA SecurID for authentication. Along with the software token, there is a PIN associated with. Switch RSA to 'Advanced View' and enter PIN and enter PIN there, you should have


When you run vpnc from command line, you need to use 'Current PASSCODE' as your password. It might prompt you for Next passcode in which use the 'Next PASSCODE' as displayed in above image

root@XXX:/etc/vpnc# vpnc --xauth-inter XXX
Enter Username and Password.
Passcode for VPN XXX@XXX.XXX.XXX.XXX:
Enter Next PASSCODE:
Passcode for VPN XXX@XXX.XXX.XXX.XXX:
VPNC started in background (pid: 26055)...
root@XXX:/etc/vpnc#


References
http://www.ubuntugeek.com/how-to-setup-cisco-vpn-using-vpnc-ubuntu-jaunty-9-04.html
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-April/003023.html
http://codehunk.wordpress.com/2010/05/11/rsa-securid-token-on-gnulinux/

Wednesday, May 18, 2011

How linux mount uses /etc/mtab

From linux man page
The programs mount and umount maintain a list of currently mounted filesystems in the file /etc/mtab.  If no arguments are given to mount, this list is printed.
When  the  proc  filesystem  is  mounted (say at /proc), the files /etc/mtab and /proc/mounts have very similar contents. The former has somewhat more information, such as the mount options used, but is not necessarily up-to-date (cf. the -n option below). It is possible to replace /etc/mtab by a symbolic link to /proc/mounts, and especially when you have very large numbers of mounts things will be much faster with that symlink, but some information is lost that way, and in particular using the "user" option will fail.

To know how mount command uses mtab file can be found by tracing the calls of mount

XXX:~ # strace mount -o loop ubuntu-10.04.2-desktop-amd64.iso temp_mount 
 
would generate output of the all system calls that the mount command made
stat("ubuntu-10.04.2-desktop-amd64.iso", {st_mode=S_IFREG|0644, st_size=721129472, ...}) = 0 
getcwd("/home/XXX", 4095)          = 15
readlink("/home/XXX/ubuntu-10.04.2-desktop-amd64.iso", 0x7fff11803d10, 4096) = -1 EINVAL (Invalid argument)
getcwd("/home/XXX", 4095)          = 10
readlink("/home/XXX/temp_mount", 0x7fff11803a40, 4096) = -1 EINVAL (Invalid argument)
Checks if the given path is a softlink, then does verification from mtab if a mount has been done already. 


stat("/sbin/mount.iso9660", 0x7fff118048c0) = -1 ENOENT (No such file or directory)
mount("/dev/loop0", "temp_mount", "iso9660", MS_MGC_VAL, NULL) = 0
readlink("/dev", 0x7fff11803a40, 4096)  = -1 EINVAL (Invalid argument)
readlink("/dev/loop0", 0x7fff11803a40, 4096) = -1 EINVAL (Invalid argument)
getcwd("/home/XXX", 4095)          = 10
readlink("/home/XXX/temp_mount", 0x7fff11803a40, 4096) = -1 EINVAL (Invalid argument)
lstat("/etc/mtab", {st_mode=S_IFREG|0644, st_size=795, ...}) = 0
read_link("/home/XXX/temp_mount", 0x7fff11803a40, 4096) = -1 EINVAL (Invalid argument)
Checks the filesystem type and gets ready to call the corresponding filesystem mount command


getpid()                                = 1052
open("/etc/mtab~1052", O_WRONLY|O_CREAT, 0600) = 3
close(3)                                = 0
link("/etc/mtab~1052", "/etc/mtab~")    = 0
open("/etc/mtab~", O_WRONLY)            = 3
fcntl(3, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
unlink("/etc/mtab~1052")                = 0
umask(077)                              = 022
open("/etc/mtab", O_RDWR|O_CREAT|O_APPEND, 0666) = 5
umask(022)                              = 077

Finds the current PID, then creates a /etc/mtab~ file. Since there shouldn't be two process with same pid, this should be open the only process which has this file open and even if this process dies and a new mount process is run with the same pid, the new process would be able to use the old file as the 'open' is not called with O_EXCL is not used. Once it ensures that /etc/mtab~1052 has been created using 'open' it goes ahead with set /etc/mtab~ and /etc/mtab~1052 as hard link. 

A crash here after creating hard link before 'unlink' of /etc/mtab~ creates problems with mount or umount commands. If a programs dies after creating the file /etc/mtab~, any new mount/umount operations would try to call 'link' which would fail as there is an already /etc/mtab~ file and would assume that somebody is trying to write to the /etc/mtab file.

Rest of the trace for the mount command is

open("/etc/mtab", O_RDWR|O_CREAT|O_APPEND, 0666) = 5
umask(022)                              = 077
fstat(5, {st_mode=S_IFREG|0644, st_size=795, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7a6819a000
fstat(5, {st_mode=S_IFREG|0644, st_size=795, ...}) = 0
lseek(5, 0, SEEK_SET)                   = 0
read(5, "/dev/sda6 / ext3 rw,errors=remou"..., 795) = 795
write(5, "/dev/loop0 /home/XXX/temp_m"..., 52) = 52
close(5)                                = 0
munmap(0x7f7a6819a000, 4096)            = 0
close(3)                                = 0
unlink("/etc/mtab~")                    = 0

mount will the open the /etc/mtab and append the new mounted filesystem. Removes /etc/mtab~ before exiting.

Tuesday, May 17, 2011

Build a single kernel module form source tree

make -C /lib/modules/$(KVERSION)/build M=$(PWD) modules

Thursday, May 12, 2011

Tivoization


Tivoization refers to the configuring by the manufacturer or vendor of a digital electronic product that uses free software so that the product will operate only with a specific version of such software. Although the concept can initially seem very simple and innocuous, a closer look shows that it could have important implications for the future of free software and for the computer industry as a whole.

http://www.linfo.org/tivoization.html

Tuesday, May 10, 2011

rpcbind port conflict with statd no SLES 11

In sles11 portmap has been replaced with rpcbind, which provides additional features like IPv6 and nfsv4 support. By default like portmap, rpcbind listens on port 111. But rpcbind also uses an additional UDP port that it always keeps open and blocked.

Output for portmap on older SLES version

XXX:~ # lsof -p 4046
COMMAND  PID   USER   FD   TYPE DEVICE    SIZE    NODE NAME
portmap 4046 nobody  cwd    DIR    8,1   24576       2 /
portmap 4046 nobody  rtd    DIR    8,1   24576       2 /
portmap 4046 nobody  txt    REG    8,1   17568  687066 /sbin/portmap
portmap 4046 nobody  mem    REG    8,1  132847 1733314 /lib64/ld-2.4.so
portmap 4046 nobody  mem    REG    8,1   36736 1733389 /lib64/libwrap.so.0.7.6
portmap 4046 nobody  mem    REG    8,1   14646 1733355 /lib64/libutil-2.4.so
portmap 4046 nobody  mem    REG    8,1 1570331 1733321 /lib64/libc-2.4.so
portmap 4046 nobody  mem    REG    0,0               0 [heap] (stat: No such file or directory)
portmap 4046 nobody    0u   CHR    1,3            3763 /dev/null
portmap 4046 nobody    1u   CHR    1,3            3763 /dev/null
portmap 4046 nobody    2u   CHR    1,3            3763 /dev/null
portmap 4046 nobody    3u  IPv4  13208             UDP *:sunrpc 
portmap 4046 nobody    4u  IPv4  13220             TCP *:sunrpc (LISTEN)
XXX:~ # 

Output for rpcbind on SLES11

XXX:~ # lsof -p 9909
COMMAND  PID USER   FD   TYPE             DEVICE SIZE/OFF    NODE NAME
rpcbind 9909 root  cwd    DIR                8,1     4096       2 /
rpcbind 9909 root  rtd    DIR                8,1     4096       2 /
rpcbind 9909 root  txt    REG                8,1    56536 6185085 /sbin/rpcbind
rpcbind 9909 root  mem    REG                8,1    61467 7405594 /lib64/libnss_files-2.11.1.so
rpcbind 9909 root  mem    REG                8,1    19114 7405583 /lib64/libdl-2.11.1.so
rpcbind 9909 root  mem    REG                8,1    39712 7405649 /lib64/libgssglue.so.1.0.0
rpcbind 9909 root  mem    REG                8,1   108213 7405588 /lib64/libnsl-2.11.1.so
rpcbind 9909 root  mem    REG                8,1  1661454 7405577 /lib64/libc-2.11.1.so
rpcbind 9909 root  mem    REG                8,1   135646 7405603 /lib64/libpthread-2.11.1.so
rpcbind 9909 root  mem    REG                8,1   160248 7405669 /lib64/libtirpc.so.1.0.10
rpcbind 9909 root  mem    REG                8,1    42016 7405618 /lib64/libwrap.so.0.7.6
rpcbind 9909 root  mem    REG                8,1   149797 7405570 /lib64/ld-2.11.1.so
rpcbind 9909 root    0u   CHR                1,3      0t0    2376 /dev/null
rpcbind 9909 root    1u   CHR                1,3      0t0    2376 /dev/null
rpcbind 9909 root    2u   CHR                1,3      0t0    2376 /dev/null
rpcbind 9909 root    3r   REG                8,6        0  563076 /var/run/rpcbind.lock
rpcbind 9909 root    4u  sock                0,6      0t0   18570 can't identify protocol
rpcbind 9909 root    5u  unix 0xffff88042b8b63c0      0t0   18543 /var/run/rpcbind.sock
rpcbind 9909 root    6u  IPv4              18545      0t0     UDP *:sunrpc 
rpcbind 9909 root    7u  IPv4              18549      0t0     UDP *:690 
rpcbind 9909 root    8u  IPv4              18550      0t0     TCP *:sunrpc (LISTEN)
rpcbind 9909 root    9u  IPv6              18552      0t0     UDP *:sunrpc 
rpcbind 9909 root   10u  IPv6              18554      0t0     UDP *:690 
rpcbind 9909 root   11u  IPv6              18555      0t0     TCP *:sunrpc (LISTEN)
XXX:~ # 

rpcbind uses an additional UDP port, in this case it is port 690. Unfortunately there is no way to control on which port rpcbind will get when it requests a free UDP port.

On a typical NFS server mountd/nfsd/statd are configured to start on specified ports, this is to assist in configuring the firewall. On our machines, statd was configured to start on port 690, but as rpcbind was started before statd, statd could not start with error 'address already in use'

XXX:~ # grep statd /var/log/messages | tail -10
2011 May 10 11:45:38 XXX_01 rpc.statd[27766]: Version 1.2.1 Starting
2011 May 10 11:45:38 XXX_01 rpc.statd[27766]: Could not bind name to socket: Address already in use


This happens occasionally during reboots, when rpcbind acquires the same port on which statd was configured to start. Since this is a UDP port, it does not show up in 'netstat' and will only show up in lsof

XXX:~ # netstat -atn | grep 690
XXX:~ #

Friday, May 6, 2011

Mplayer shortcuts on nokia N900

Nokia N900 has limited of keys in its keyboard. Some of the special characters like '[' and ']' are missing from the keyboard. While using mplayer '[' and ']' are used to increase/decrease the speed of the video.

As these keys are missing from the keyboard, you can re-map increase/decrease speed functionality to other keys by having a custom input.conf file. A sample input.conf to re-map increase/decrease speed to '(' and ')'
( speed_mult 0.9091    # scale playback speed
) speed_mult 1.1

Tuesday, April 12, 2011

Accessing VMware Server 2 using VMware vSphere client

Though vmware does not support accessing vmware server using VI client, it does work with some limitations. I like vmware server, so i don't have dedicate the server ESXi, this lets you the server for other tasks. Unfortunately the vmware server will run out of support, and it is unlikely that vmware would spend resources to try to make the vmware server GUI any better. Here is how to access to vmware server using vSphere client

Note: You will not able to edit settings of a VM from VI client, you would able to view the VM, do poweron/off operations and view the guest Console.

1. Download VMware vSphere client from vmware site. The version of the software that was tried out is VMware-viclient-all-4-1.0-258902

2. Install the vSphere client on a windows machine


3. Run the vSphere client, and specify IP as full http URL that is used to access vmware server web console like, https://10.209.106.15:8333 and username and password for vmware server access
4. You should see a installer prompt to install compatible client support clients, run the installer, which will restart the vSphere client
5. After vSphere client restarts, enter the vmware server name again and accept the security warning

 6. You should now be able to see the vmware server host in vSphere client. You can do poweron/off operations on any of the virtual machines, but you might not be able to edit settings of the virtual machines. VMware should complain about incompatible version. You will able to see the guest console by going to the 'Console' tab. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008180 provides vmware comment on this issue

Thursday, April 7, 2011

Ethereal cooked capture

Cooked capture when capture is done over '-i any' device.

http://www.ethereal.com/lists/ethereal-users/200412/msg00314.html

On Linux, packet capturing is done by opening a socket. In systems with a 2.2 or later kernel, the socket is a PF_PACKET socket, either of type SOCK_RAW or SOCK_DGRAM.

A SOCK_RAW socket supplies the packet data including what the driver specified, when constructing the socket buffer (skbuff) holding the packet, to be the packet's link-layer header; a SOCK_DGRAM packet supplies only data above what was specified by the driver to be the link-layer header.

For the purposes of libpcap, which is the library used by programs such as tcpdump, Ethereal/Tethereal, snort, etc. to capture network traffic, a SOCK_RAW socket is usually the appropriate type of socket on which to capture, and is what's used.

Unfortunately, the purported link-layer header might be missing (as is the case for some PPP interfaces), or might contain random unpredictable amounts of data (as is the case for at least some interfaces using ISDN), or might not contain enough data to determine the type of the packet (as is the case with at least some ATM interfaces), so capturing with a SOCK_RAW socket doesn't always work well.

For interfaces of those types - and for interfaces of a type that libpcap currently doesn't have code to support - libpcap uses a SOCK_DGRAM socket, and constructs a fake link-layer header from the address supplied by a "recvfrom()" on that socket.

A "Linux cooked capture" is one done with libpcap using a SOCK_DGRAM socket.

Saturday, April 2, 2011

Remote desktop shortcut for shadow/console session

The microsoft KB article suggests a way to connect to the console session http://support.microsoft.com/kb/278845. So even if you are disconnected or you want to connect to the active physical desktop session, then you can do so by specifying '/console' option to mstsc. Unfortunately there is no check box or any other way from mstsc GUI to specify to connect to a console session. A simple workaround is to change/create a shortcut for mstsc by adding '/console' as arguments to mstsc.exe in the 'Target' field.

Tuesday, March 29, 2011

Daily dilbert on firefox 4

The extension i missed the most after upgrading to firefox 4 is daily dilbert. This extension has not been updated for quite sometime, so i decided to give it a try by forcing it to install of 4.0. One way is to disable compatibility checking in firefox, but i decided to modify the extension to claim as supporting firefox 4.0. Below are the steps for linux

  • Download daily dilbert extension for 3.6 (using older firefox or any other browser like chrome/opera)
  • From terminal execute the following steps
  • mkdir daily.dilbert
  • cp daily_dilbert-2.6-fx.xpi daily.dilbert
  • cd daily.dilbert
  • unzip daily_dilbert-2.6-fx.xpi
  • Use vim or any other editor to edit install.rdf and change 3.6.* to 4.0.*
  • zip daily_dilbert-2.6-fx.xpi install.rdf  # this will update the zip file with new install.rdf
  • Install the xpi in firefox
I have used it a few times and have not faced any problems

Monday, March 28, 2011

Add/remove programs windows is blank/waiting

I have had problem of Add/remove programs being stuck, in creating list of applications. After searching through microsoft site none of the solutions offered fixed the problem

Finally a solution on tom's hardware had the fix, which is was due to invalid path of java

http://www.tomshardware.com/forum/85414-45-remove-programs-program-open

The exact key may be different, but in HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Current Version/Uninstall there should a key for java which has '\\' instead of a single slash. Once this has been changed add/remove dialog opens fine.

Install GPG key on ubuntu bypassing firewall

If you are seeing error while adding a repo to ubuntu, because you are behind some stupid firewall which is not allowing accessing port 11371

sudo add-apt-repository ppa:ubuntu-mozilla-daily/ppa
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv B34505EA326FEAEA07E3618DEF4186FE247510BE
gpg: requesting key 247510BE from hkp server keyserver.ubuntu.com
gpgkeys: HTTP fetch error 7: couldn't connect to host
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

then you download the key manually from the website and add it to ubuntu. Go to anonymouse.org and visit http://keyserver.ubuntu.com:11371 through the proxy site

Search for the corresponding key on the server as 0x247510BE and download the key, and save it to a text file on local system

Key should be something like below 


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.0.10

mI0ESYo68wEEAKSgKJImCQIcSP/b+24TS0NYzxpf5Y34WOfQBaGpTVhkSXx2TCcF+kC0P3zz
wAsrvL8AULpr2Ww33ahnQ7Cg3kzBxTneo6jdvQOBwshSHMey/PhBAu0ew9zrt/OuKToMJY2h
0TRA2EG6OfcTA8LOm1wkWWadTUG+fqduKKeHDmjdABEBAAG0MUxhdW5jaHBhZCBQUEEgZm9y
IFVidW50dSBNb3ppbGxhIERhaWx5IEJ1aWxkIFRlYW2IXgQQEQgABgUCTSOx/wAKCRD8kg8z
/8ZzxIhpAP9ECWs+m6W/QRysu9APd93yPic08GnN82XFZ/6Zf8oXrgEAruIdOrqeWzvqv1OT
pFo/9ApgjkG98wSSk5AsL5RDHvKItgQTAQIAIAUCSYo68wIbAwYLCQgHAwIEFQIIAwQWAgMB
Ah4BAheAAAoJEO9Bhv4kdRC+2KED/3F9TudOsjvGfeIevqUsOXocd3CQTGJMGu3YevuiBk+l
rGj0EHi9MZ7yq3vi4ZVFoFairUhedQ6iuLrug301CkVNKSYwhwQzQRVkG0b8XqIAqg2UKlPe
JD6nYoEncZNZkD0RHLDAM3Ii/PN1znMKyRZfWKI7MY1IPbECFXFQTv6I
=exAf
-----END PGP PUBLIC KEY BLOCK-----
Then add the key to ubuntu using 'sudo apt-key add ' and then run 'sudo apt-get update' to update the repository which should accept the key

Sunday, March 27, 2011

ubuntu in.archive.ubuntu.com server slow

Its been an problem for a long time, every time i run apt-get update, updating from in.archive.ubuntu.com takes a very long time sometimes it even fails. Even though it is the closest mirror it doesn't seem to be having the requiring bandwidth, so i switch to using jp.archive.ubuntu.com. Now its pretty good.

Graeme smith : Interview after loss in 2011 World cup

Resume broken downloads in firefox

After scourging through to resume a broken (downloaded 200MB of 800MB, and desperate not to download from beginning), found a very useful technique at

http://www.moddb.com/forum/thread/broken-download-solution-for-firefox-users

The idea is simple

1- you have two files on the destination folder. One with the original name and one with an extra ".PART" extension. Move both of these files to some other folder (Move! not copy)
2- Start your download again from the beginning (you have access to the download link, don't you?)
3- Let it download a few bytes, just to have those two files created again, with the exact same name. Now PAUSE this download.
4- Go to the folder where you backed up those old files. Copy both of these files to your download folder and replace the new created files when asked.
5- Now go to Firefox's Downloads form and resume the download.

SA vs Australia 434 vs 438 match

Searched for some time to find the full match video, but everywhere there just seem to be highlights. None of these highlights reflect the real match tension we had watching it live in college. It was incredible, the all action game.
The best copy i could find on the net is at http://www.desipad.com/odi-one-day-innings-videos/87799-south-africa-vs-australia-2005-06-5th-odi-434-438-match.html

http://www.megaupload.com/?d=M9P949Z0 (australia innings) (1:30 min)
http://www.megaupload.com/?d=ANAF5GC5 (SA innings)