Latest Blog Entries
Article posted on Apr 22
2ping 2.0 released
- Posted by Ryan Finnie on April 22, 2012, 8:14 pm
2ping 2.0 has been released today. User-visible changes are minor, but behind the scenes, a major update to the protocol specification has been implemented, justifying the major version bump:
- Updated to support 2ping protocol 2.0
- Protocol 1.0 and 2.0 are backwards and forwards compatible with each other
- Added support for extended segments
- Added extended segment support for program version and notice text
- Changed default minimum packet size from 64 to 128 bytes
- Added peer reply packet size matching support, turned on by default
- Added extra error output for socket errors (such as hostname not found)
- Added extra version support for downstream distributions
- Removed generation of 2ping6 symlinks at "make all" time (symlinks are still generated during "make install" in the destination tree)
2ping is a bi-directional ping utility. It uses 3-way pings (akin to TCP SYN, SYN/ACK, ACK) and after-the-fact state comparison between a 2ping listener and a 2ping client to determine which direction packet loss occurs.
- Leave Comment
- Posted in Uncategorized
Article posted on Apr 19
WiFi on an Ubuntu server
- Posted by Ryan Finnie on April 19, 2012, 7:25 pm
One night last week, my cable internet service went down. OK, it rarely happens, and when it does, I have an iPhone with tethering. No big deal normally, I would just have my laptop connect to the tether. However, that night I was in the middle of a few things on my home LAN, and wanted my whole network to have internet access, not just my laptop. Getting wireless access on my home router/server seemed the most preferable. So I dug through the junk crates and found:
- Two Orinoco Gold 802.11b PCMCIA cards
- Four Orinoco Silver 802.11b PCMCIA cards
- A Linksys 802.11b USB dongle which required a USB A to A cable
- A Linksys 802.11g PCI card
- About a dozen WRT54G (or similar) router/APs
I immediately threw away the USB dongle due to its odd requirement. I should throw away the Orinoco cards as well, but dammit, they had real value (ten years ago). The PCI card would have worked, except my new router/server actually has no "legacy" PCI slots, just PCI Express slots. I could have cobbled together some sort of bridge with a WRT54G, but it would have been too much work. In the end I toughed it out and waited for the cable internet to return.
The next day I ordered a $17 PCI express 802.11n adapter, and it arrived today. Ubuntu 12.04 "precise" (currently in beta, set to be released next week) saw it immediately, and with a little reading I was able to get it working with my phone. I'm leaving the configs here in case they are useful to someone else:
/etc/network/interfaces:
#auto wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant.conf
"auto wlan0" is commented out because I obviously don't want it running on boot, since this is a backup solution. That line could simply be omitted, but I like it there to point out to myself it is not brought up on boot.
/etc/wpa_supplicant.conf:
network={
ssid="Ryan’s iPhone"
scan_ssid=1
key_mgmt=WPA-PSK
psk="yourkeyhere"
}
iPhone-specific note: that "’" is actually a unicode character, U+2019. "iwlist wlan0 scan" was returning this, which wpa_supplicant was not accepting:
ESSID:"Ryan\xE2\x80\x99s iPhone"
In the end, I hopped on my laptop, associated with the phone and grabbed the SSID from the logs and pasted it in on the server, to preserve the unicode character.
With that in place, "ifup wlan0" worked fine. In the future, during an outage I should just be able to log into the server, run "ifdown eth1", then "ifup wlan0", and everything at home should be run through my phone.
- Leave Comment
- Posted in Uncategorized
Article posted on Apr 11
OpenPGP key transition
- Posted by Ryan Finnie on April 11, 2012, 10:53 am
A copy of this announcement is available at http://www.finnie.org/rfinnie-openpgp-2012-transition.txt, in case the text is mangled here and the signature cannot be verified.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256,SHA1
Wed, 11 Apr 2012 10:30:08 -0700
For a number of reasons, I've recently set up a new OpenPGP key, and
will be transitioning away from my old one. My old key was created
over 10 years ago, as a 1024 bit DSA key with a SHA-1 signatures, both
of which are considered inadequate today. My new key is a 4096 bit RSA
key with SHA-256 signatures.
The old key will continue to be valid for at least 90 days. It will be
revoked on or around 2012-07-15, or after the release of Finnix 105,
whichever is later. (My old key was used to manage signatures for the
Finnix project. This will be split out into a Finnix-specific signing
key, and will be announced in a separate message.)
However, I would prefer all future correspondence to come to the new
one, as of today. I would also like this new key to be re-integrated
into the web of trust. This message is signed by both keys to certify
the transition.
The old key was:
pub 1024D/203ECA25 2001-05-09
Key fingerprint = B023 7C63 DF28 70AA C3AB C54A 2996 10A9 203E CA25
And the new key is:
pub 4096R/86AE8D98 2012-04-11
Key fingerprint = 42E2 C8DE 8C17 3AB1 02F5 2C6E 7E60 A3A6 86AE 8D98
To fetch the full key (including a photo UID, which is commonly
stripped by public keyservers), you can get it with:
wget -q -O- http://www.finnie.org/rfinnie.gpg | gpg --import -
Or, to fetch my new key from a public key server, you can simply do:
gpg --keyserver pgp.mit.edu --recv-key 86AE8D98
If you already know my old key, you can now verify that the new key is
signed by the old one:
gpg --check-sigs 86AE8D98
The new and old keys' primary UIDs are both "Ryan Finnie
". This was by design, to ensure you must verify the
key signatures rather than seeing something like "Ryan Finnie (2012)
".
If you don't already know my old key, or you just want to be double
extra paranoid, you can check the fingerprint against the one above:
gpg --fingerprint 86AE8D98
If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you would sign my key:
gpg --sign-key 86AE8D98
Lastly, if you could upload these signatures, I would appreciate it.
You can either send me an e-mail with the new signatures (if you have
a functional MTA on your system):
gpg --armor --export 86AE8D98 | mail -s 'OpenPGP Signatures' ryan@finnie.org
Or you can just upload the signatures to a public keyserver directly:
gpg --keyserver pgp.mit.edu --send-key 86AE8D98
Please let me know if there is any trouble, and sorry for the
inconvenience.
Thank you,
Ryan Finnie
[Much of this text was adapted from dkg
- Leave Comment
- Posted in Uncategorized
Article posted on Apr 8
Finnie/Finnix blogs linked with Facebook
- Posted by Ryan Finnie on April 8, 2012, 9:50 pm
Since I have proven over and over again I am incapable of logging into Facebook more than once every few weeks, and since Facebook has completed its quest of taking over the world, I have decided to install some space-age software to automatically post blog updates to the appropriate Facebook pages:
- My blog to my Facebook profile
- Finnix blog to the Finnix page on Facebook
- Velociraptor Aerospace Dynamics does not have a dedicated blog, but I occasionally post about it on my blog, and will be sure to share the posts with the VAD page on Facebook
- Leave Comment
- Posted in Uncategorized
Article posted on Mar 25
vsix.us - Your IP address, with a few tools
- Posted by Ryan Finnie on March 25, 2012, 11:17 pm
While debugging my IPv6 problem (which I still don't have a resolution for), I registered a domain and made yet another "what is my IP?" site: vsix.us. It looks pretty. You should visit it.
- Leave Comment
- Posted in Uncategorized
Article posted on Mar 22
iOS devices not getting IPv6
- Posted by Ryan Finnie on March 22, 2012, 9:17 pm
Dear Lazyweb,
I'm at a loss here. I've got an IPv6 setup at home, with radvd giving out network information. And it basically just works. My laptop associates with the wireless network, sends out a Router Solicitation packet, the router responds with a Router Advertisement (RA), and the laptop gives itself an IP. And for good measure, the router sends out unsolicited RAs every 10 seconds or so.
But my iPhone and iPad are no longer getting IPv6 addresses. They associate with the AP, get a DHCPv4 address, then nothing. I've even tried using the Ip6config app to scan for RAs, but according to it, no RAs arrive. But I can see them from my laptop, capture them with Wireshark, and they look proper. And of course there's no way to get around this in iOS, since there are literally no user-configurable IPv6 options.
I know this worked at one point, because whenever I try searching the web, I keep coming up with my own post from 2010 on getting this working. That being "hey, it's not working... oh, now it is".
- 1 Comment
- Posted in Uncategorized
Article posted on Mar 9
New home server
- Posted by Ryan Finnie on March 9, 2012, 10:46 pm
It's been a long time since I've built a computer from scratch, and even longer since I've been excited about it. For the last few years, my home office network has been mostly kitbashed together from other computers, and when I've needed to buy new parts, it's usually been begrudgingly.
However, a few weeks ago, the stars all aligned. I was preparing to upgrade the RAM and drives on my colo box in San Jose after Ubuntu 12.04 is released, and went shopping. Hard drive prices are very high due to the flooding in Thailand last year, but RAM is dirt cheap. I was able to max out my colo server's RAM to 24GB (6x4GB) for $100. That got me thinking about my home office. At any given moment, 7 desktop computers were on: my main Ubuntu workstation, a Windows gaming machine, two G4 Mini Finnix dev machines (PPC), an C2D E7200 Finnix dev machine (x86), an Athlon64 3200+ Debian sid dev machine and an Athlon64 X2 4600+ router / miscellaneous server.
The desktops are used frequently, the G4s are insignificant (they consume 9w each), but the last three servers were all relatively old, very power hungry (and hot), and all perform tasks that need somewhat significant computing power, though usually never at the same time. And at idle, the three of them draw a combined 240w. So I decided now would be a good time to build a virtualization server and combine them. I considered upgrading one of them for the task, but decided it wouldn't work: The E7200, despite being relatively new, doesn't support VT. The 3200+ is nearing 10 years old (it was the first 64-bit consumer processor released) and definitely doesn't support VT. The 4600+ does, but it's pretty old, and the worst power offender.
No, it would be best to start from scratch. I decided to focus on an Intel Sandy Bridge processor, as much RAM as I could get, and a mid-range 6Gbps SATA drive for serving the VMs, with a focus on energy savings primarily and computing power secondarily. Here's what I ended up with:
- Intel Core i5-2400 CPU - $179.99
- MSI H67MA-E45 H67 chipset motherboard - $99.99
- G.SKILL 32GB RAM (4x8GB) - $239.98!
- Seagate Barracuda Green 2TB 6Gbps SATA drive - $129.99
- LG SATA DVD burner - $15.99
- Intel Gigabit PCIex card - $29.99
- Cooler Master Centurion 534 case - $59.99
- RAIDMAX 530W PSU - $39.99
- Rosewill 92mm CPU cooler - $17.99
- Hotplug front SATA bays (2) - $39.98
- Total: $853.88
The parts arrived on Wednesday the 29th, I assembled it last weekend, and installed Ubuntu precise Beta 1 (AMD64 server). I was worried about building a Sandy Bridge system, the platform being relatively new, but nearly everything has worked perfectly so far. The CPU is well supported, the integrated graphics work, and all integrated components on the motherboard work fine. The only issue I've found so far is the system will not reliably power off after shutdown, but I can live with that. Heck, this is even the first machine I've owned where SATA hotplug works correctly.
The 6Gbps Seagate is a LUKS-crypted LVM disk holding the OS installations. The main install contains the routing / VPN / DHCP / etc services, as well as a QEMU/KVM host managed by libvirt. The Finnix dev and Debian sid dev machines have been transferred to this as VM guests. And Finnix build times have been reduced by nearly 2/3rds in the process.
Additionally, the host contains an existing 1.5TB WD Green SATA 3Gbps drive for shared media (ISOs, iTunes collection, movies, etc), and an existing 1.0TB WD Green SATA 3Gbps drive for backups of the other hosts. This drive is mounted in one of the front hotswap SATA sled trays for easy removal. (I learned this lesson late last year when I evacuated my home due to a nearby wildfire, and found that even quick-release case screws and toolless hard drive mounts were difficult to remove when you are short on time.) The other sled tray is simply for miscellaneous uses when needed.
So I replaced three servers, consuming 240w combined idle, with a beefy new server: powerful new CPU, 32GB RAM, and 3 hard drives totaling 4.5TB. I was expecting the idle power draw to be about 120w. But when I plugged it into my Kill-a-Watt, I found the power draw was really... 58w. Wow. And the CPU and case temperatures always hover around 28C. My first feeling was anger with myself; I should have spent the extra few dollars on the i5-2500 or i7-2600, but I was worried about power draw and heat dissipation. Oh well, the i5-2400 is still much faster than anything I've owned before.
I got all the functionality transferred over to the new server last weekend, but haven't done much with it for the last week. (I was pretty sick this week, missing four days of work.) This weekend I hope to make sure everything is in working order, and decommission the other servers.
- Leave Comment
- Posted in Uncategorized
Article posted on Feb 20
Working at Canonical
- Posted by Ryan Finnie on February 20, 2012, 2:14 pm
A month ago, I started working at Canonical, the makers of Ubuntu. Normally I'd write a long-winded post about my experiences from the last month, how/why I started and so on, but I'll just summarize: it rocks.
I work in the IS Operations group as a system administrator, and while my Launchpad profile has the little "Member of Canonical" badge on it now, I am not an Ubuntu developer (though of course Canonical employs quite a number of Ubuntu developers). That's not to say I don't contribute to Ubuntu; I file bugs, and manage packages as trickle-down from my Debian maintainer status, but these are all contributions that any member of the public community can do. Working in Canonical IS Operations is much like being a sysadmin in any large Ubuntu server shop.
I've gone back through last year's posts and tagged relevant posts with planet:canonical, which are aggregated at Canonical Voices, a feed aggregator for Canonical employees. ("Planet" has become a generic term for feed aggregation sites, though Canonical Voices is not actually running Planet software.) These tagged posts don't necessarily have to do with Canonical or Ubuntu topics, but are a filter for posts I want to appear there; technology topics, mostly.
Last month I made a post to the Finnix blog, explaining how my employment will affect Finnix development (it won't). Since then, Finnix 104 has been released, and I even found out some of the coworkers in my group are Finnix users. Good times!
- 2 Comments
- Posted in Uncategorized
Article posted on Jan 7
When exactly did I become an adult?
- Posted by Ryan Finnie on January 7, 2012, 12:59 am
2011 was an interesting year, tax-wise. And by "interesting", I mean there is now a large sign on my back yelling "audit me". I went from filing a 1040EZ every year to starting a company that was originally designed to be a wrapper around a few hundred dollars in Google Adsense revenue, but inexplicably became a bona fide consulting company. 1099s, business expenses, travel expenses, home office square footage deductions, self-employment tax, etc, etc. And that's on top of the two actual employers I worked for during parts of the year. I'll be owing, big time. (Hypothetical IRS: "Why weren't you making scheduled anticipated tax payments like a good little business taxpayer?" Me: "Hey, it surprised me as much as it did you.")
An actual conversation with a tax advisor in November:
"Do you have any employees?"
"My company's logo is a dinosaur riding an atomic bomb, Slim Pickens style."
"So, no then."
- 1 Comment
- Posted in Uncategorized
Article posted on Dec 26
Quick tip: Pythagoras for the lazy
- Posted by Ryan Finnie on December 26, 2011, 7:30 pm
I occasionally plug this into Wolfram Alpha:
a^2+b^2=c^2, a/b=16/9, c=27
Click the "approximate forms" solution to get the width and height (a and b) for a rectangle where you know the diagonal (c) and the ratio (16/9). a or b can be specified at the end instead of c if you know the width or height.
I most often use this when I need to get the physical width and height of a monitor panel that I know the diagonal size of (since nearly all monitors are advertised by their diagonal panel size). With that information and the resolution, you can figure out the physical DPI of the monitor. (Not to be confused with the effective DPI of the operating system, which is used for things like converting font points and ems to pixels, and is usually independent of the monitor's size and resolution: 96 DPI for Windows, 72 DPI for Mac OS, and 75 or 100 DPI for X11 historically, though many Linux distros are preset to 96 DPI today.)
- Leave Comment
- Posted in Uncategorized
Ryan Finnie
Site Search
Identica Posts
- Boeing acquires Finnix, Velociraptor Aerospace Dynamics: http://ur1.ca/8vfdi
- It was sending to a dot matrix printer: http://ur1.ca/8nqe9 - Sadly, I don't know where the source went.
- You may want to consider a truerand implementation as well, since it relies on nothing by the CPU and RTC: http://ur1.ca/8l5cx
- !Finnix 104 released! http://ur1.ca/85rl4
- !Finnix has become quite popular in China in the last day. About 5000 downloads in the last few hours.
