Latest Blog Entries

Article posted on Apr 8

Finnie/Finnix blogs linked with Facebook

Posted by Ryan Finnie on April 8, 2012, 9:50 pm

Since I have proven over and over again I am incapable of logging into Facebook more than once every few weeks, and since Facebook has completed its quest of taking over the world, I have decided to install some space-age software to automatically post blog updates to the appropriate Facebook pages:

My blog to my Facebook profile
Finnix blog to the Finnix page on Facebook
Velociraptor Aerospace Dynamics does not have a dedicated blog, but I occasionally post about it on my blog, and will be sure to share the posts with the VAD page on Facebook

1 Comment
Posted in Uncategorized

Article posted on Mar 25

vsix.us - Your IP address, with a few tools

Posted by Ryan Finnie on March 25, 2012, 11:17 pm

While debugging my IPv6 problem (which I still don't have a resolution for), I registered a domain and made yet another "what is my IP?" site: vsix.us. It looks pretty. You should visit it.

Article posted on Mar 22

[Resolved] iOS devices not getting IPv6

Posted by Ryan Finnie on March 22, 2012, 9:17 pm

Dear Lazyweb,

I'm at a loss here. I've got an IPv6 setup at home, with radvd giving out network information. And it basically just works. My laptop associates with the wireless network, sends out a Router Solicitation packet, the router responds with a Router Advertisement (RA), and the laptop gives itself an IP. And for good measure, the router sends out unsolicited RAs every 10 seconds or so.

But my iPhone and iPad are no longer getting IPv6 addresses. They associate with the AP, get a DHCPv4 address, then nothing. I've even tried using the Ip6config app to scan for RAs, but according to it, no RAs arrive. But I can see them from my laptop, capture them with Wireshark, and they look proper. And of course there's no way to get around this in iOS, since there are literally no user-configurable IPv6 options.

I know this worked at one point, because whenever I try searching the web, I keep coming up with my own post from 2010 on getting this working. That being "hey, it's not working... oh, now it is".

Update (2012-06-08): I've figured out what caused this.

Article posted on Mar 9

New home server

Posted by Ryan Finnie on March 9, 2012, 10:46 pm

It's been a long time since I've built a computer from scratch, and even longer since I've been excited about it. For the last few years, my home office network has been mostly kitbashed together from other computers, and when I've needed to buy new parts, it's usually been begrudgingly.

However, a few weeks ago, the stars all aligned. I was preparing to upgrade the RAM and drives on my colo box in San Jose after Ubuntu 12.04 is released, and went shopping. Hard drive prices are very high due to the flooding in Thailand last year, but RAM is dirt cheap. I was able to max out my colo server's RAM to 24GB (6x4GB) for $100. That got me thinking about my home office. At any given moment, 7 desktop computers were on: my main Ubuntu workstation, a Windows gaming machine, two G4 Mini Finnix dev machines (PPC), an C2D E7200 Finnix dev machine (x86), an Athlon64 3200+ Debian sid dev machine and an Athlon64 X2 4600+ router / miscellaneous server.

The desktops are used frequently, the G4s are insignificant (they consume 9w each), but the last three servers were all relatively old, very power hungry (and hot), and all perform tasks that need somewhat significant computing power, though usually never at the same time. And at idle, the three of them draw a combined 240w. So I decided now would be a good time to build a virtualization server and combine them. I considered upgrading one of them for the task, but decided it wouldn't work: The E7200, despite being relatively new, doesn't support VT. The 3200+ is nearing 10 years old (it was the first 64-bit consumer processor released) and definitely doesn't support VT. The 4600+ does, but it's pretty old, and the worst power offender.

No, it would be best to start from scratch. I decided to focus on an Intel Sandy Bridge processor, as much RAM as I could get, and a mid-range 6Gbps SATA drive for serving the VMs, with a focus on energy savings primarily and computing power secondarily. Here's what I ended up with:

Intel Core i5-2400 CPU - $179.99
MSI H67MA-E45 H67 chipset motherboard - $99.99
G.SKILL 32GB RAM (4x8GB) - $239.98!
Seagate Barracuda Green 2TB 6Gbps SATA drive - $129.99
LG SATA DVD burner - $15.99
Intel Gigabit PCIex card - $29.99
Cooler Master Centurion 534 case - $59.99
RAIDMAX 530W PSU - $39.99
Rosewill 92mm CPU cooler - $17.99
Hotplug front SATA bays (2) - $39.98
Total: $853.88

The parts arrived on Wednesday the 29th, I assembled it last weekend, and installed Ubuntu precise Beta 1 (AMD64 server). I was worried about building a Sandy Bridge system, the platform being relatively new, but nearly everything has worked perfectly so far. The CPU is well supported, the integrated graphics work, and all integrated components on the motherboard work fine. The only issue I've found so far is the system will not reliably power off after shutdown, but I can live with that. Heck, this is even the first machine I've owned where SATA hotplug works correctly.

The 6Gbps Seagate is a LUKS-crypted LVM disk holding the OS installations. The main install contains the routing / VPN / DHCP / etc services, as well as a QEMU/KVM host managed by libvirt. The Finnix dev and Debian sid dev machines have been transferred to this as VM guests. And Finnix build times have been reduced by nearly 2/3rds in the process.

Additionally, the host contains an existing 1.5TB WD Green SATA 3Gbps drive for shared media (ISOs, iTunes collection, movies, etc), and an existing 1.0TB WD Green SATA 3Gbps drive for backups of the other hosts. This drive is mounted in one of the front hotswap SATA sled trays for easy removal. (I learned this lesson late last year when I evacuated my home due to a nearby wildfire, and found that even quick-release case screws and toolless hard drive mounts were difficult to remove when you are short on time.) The other sled tray is simply for miscellaneous uses when needed.

So I replaced three servers, consuming 240w combined idle, with a beefy new server: powerful new CPU, 32GB RAM, and 3 hard drives totaling 4.5TB. I was expecting the idle power draw to be about 120w. But when I plugged it into my Kill-a-Watt, I found the power draw was really... 58w. Wow. And the CPU and case temperatures always hover around 28C. My first feeling was anger with myself; I should have spent the extra few dollars on the i5-2500 or i7-2600, but I was worried about power draw and heat dissipation. Oh well, the i5-2400 is still much faster than anything I've owned before.

I got all the functionality transferred over to the new server last weekend, but haven't done much with it for the last week. (I was pretty sick this week, missing four days of work.) This weekend I hope to make sure everything is in working order, and decommission the other servers.

Article posted on Feb 20

Working at Canonical

Posted by Ryan Finnie on February 20, 2012, 2:14 pm

A month ago, I started working at Canonical, the makers of Ubuntu. Normally I'd write a long-winded post about my experiences from the last month, how/why I started and so on, but I'll just summarize: it rocks.

I work in the IS Operations group as a system administrator, and while my Launchpad profile has the little "Member of Canonical" badge on it now, I am not an Ubuntu developer (though of course Canonical employs quite a number of Ubuntu developers). That's not to say I don't contribute to Ubuntu; I file bugs, and manage packages as trickle-down from my Debian maintainer status, but these are all contributions that any member of the public community can do. Working in Canonical IS Operations is much like being a sysadmin in any large Ubuntu server shop.

I've gone back through last year's posts and tagged relevant posts with planet:canonical, which are aggregated at Canonical Voices, a feed aggregator for Canonical employees. ("Planet" has become a generic term for feed aggregation sites, though Canonical Voices is not actually running Planet software.) These tagged posts don't necessarily have to do with Canonical or Ubuntu topics, but are a filter for posts I want to appear there; technology topics, mostly.

Last month I made a post to the Finnix blog, explaining how my employment will affect Finnix development (it won't). Since then, Finnix 104 has been released, and I even found out some of the coworkers in my group are Finnix users. Good times!

Article posted on Jan 7

When exactly did I become an adult?

Posted by Ryan Finnie on January 7, 2012, 12:59 am

2011 was an interesting year, tax-wise. And by "interesting", I mean there is now a large sign on my back yelling "audit me". I went from filing a 1040EZ every year to starting a company that was originally designed to be a wrapper around a few hundred dollars in Google Adsense revenue, but inexplicably became a bona fide consulting company. 1099s, business expenses, travel expenses, home office square footage deductions, self-employment tax, etc, etc. And that's on top of the two actual employers I worked for during parts of the year. I'll be owing, big time. (Hypothetical IRS: "Why weren't you making scheduled anticipated tax payments like a good little business taxpayer?" Me: "Hey, it surprised me as much as it did you.")

An actual conversation with a tax advisor in November:

"Do you have any employees?"
"My company's logo is a dinosaur riding an atomic bomb, Slim Pickens style."
"So, no then."

1 Comment
Posted in Uncategorized

Article posted on Dec 26

Quick tip: Pythagoras for the lazy

Posted by Ryan Finnie on December 26, 2011, 7:30 pm

I occasionally plug this into Wolfram Alpha:

a^2+b^2=c^2, a/b=16/9, c=27

Click the "approximate forms" solution to get the width and height (a and b) for a rectangle where you know the diagonal (c) and the ratio (16/9). a or b can be specified at the end instead of c if you know the width or height.

I most often use this when I need to get the physical width and height of a monitor panel that I know the diagonal size of (since nearly all monitors are advertised by their diagonal panel size). With that information and the resolution, you can figure out the physical DPI of the monitor. (Not to be confused with the effective DPI of the operating system, which is used for things like converting font points and ems to pixels, and is usually independent of the monitor's size and resolution: 96 DPI for Windows, 72 DPI for Mac OS, and 75 or 100 DPI for X11 historically, though many Linux distros are preset to 96 DPI today.)

Article posted on Dec 24

2ping 1.2 released

Posted by Ryan Finnie on December 24, 2011, 1:32 am

2ping 1.2 has been released, adding ping-style mdev/ewma statistics:

Added exponentially-weighted moving average (ewma) and moving standard deviation (mdev) statistics to the summary display

2ping is a bi-directional ping utility. It uses 3-way pings (akin to TCP SYN, SYN/ACK, ACK) and after-the-fact state comparison between a 2ping listener and a 2ping client to determine which direction packet loss occurs.

Article posted on Nov 24

Reno Charter QAM channels

Posted by Ryan Finnie on November 24, 2011, 8:51 pm

Today I hooked up my cable line to my TV to see if clear QAM is still available on my account (it is), due to wanting to watch today's NFL game on CBS, since the owner of the local CBS station (KTVN) and Dish Network are currently in the middle of a bitter dispute, and KTVN is currently not available on Dish.

After the game, I spent some time poking around, figuring out which channel was which by cross-referencing guide data. I've compiled a complete list of clear QAM channels on Charter, as well as the channel ID map to the Zap2It guide list. I used to do this when I had a Windows Media Center with an HDHomeRun; hopefully it'll be useful to others.

This list is current as for 2011-12-22, and is subject to change. Also, if you can figure out what Charter Digital channel the ShopNBC channel maps to, let me know so I can update it. It was the only channel I wasn't able to figure out.

Update (2011-12-22): The major network stations have moved to their "traditional" locations. They also have Charter-provided descriptive IDs in the form KXXX_HD. I'm not sure if they're doing ATSC-style virtual remapping from their old QAM locations (and my TV isn't telling me), or perhaps they've gone all digital and have actually moved them down into the lower channels. Either seems likely. I've retained the old QAM channel, just in case they are virtual remaps. Also, KRNSCA (CW), QVC and TBSP have appeared on the 78 channel.

002-001 HD KTVNDT (KTVN_HD) (was 105-195)
004-001 HD KRNVDT (KRNV_HD) (was 090-187)
005-001 HD KNPBDT (KNPB_HD) (was 090-185)
008-001 HD KOLODT (KOLO_HD) (was 105-193)
011-001 HD KRXIDT (KRXI_HD) (was 100-205)
078-245 SD KRNSCA
078-250 SD QVC
078-254 SD TBSP
087-236 SD KAME
087-237 SD KRXI
087-244 SD TWC
090-184 SD KNPBDT2
090-186 SD KNPBDT3
090-189 SD KRNVDT2
091-212 HD KRENDT
092-340 SD IONSATP
100-300 SD KRXIDT2
101-022 SD (Charter guide overlay)
101-369 SD KRRILP
103-267 SD KNVVLP
103-269 SD K52FF
103-274 SD (ShopNBC)
103-292 SD RENO
103-293 SD SPARKS
103-295 SD LOOR216
103-296 SD TMLC
104-190 HD KAMEDT
104-207 SD KAMEDT2
105-194 SD KOLODT2
105-196 SD KTVNDT2
111-381 HD TWCHD
117-127 SD (Charter PPV preview)
127-283 SD TVGNP
127-297 SD WASHO

2 Comments
Posted in Uncategorized

Article posted on Sep 25

Introducing twuewand

Posted by Ryan Finnie on September 25, 2011, 3:26 pm

twuewand is a true hardware random number generator, written in about a hundred lines of Perl.

No, really.

You can stop laughing now.

First, a little history. This is greatly simplified, and specific to Linux, but the concepts are somewhat universal. Linux has three entropy pools. The first is a hidden, primary entropy pool that directly or indirectly receives entropy from several main sources, described later.

The secondary pool feeds from the primary pool, and is used to drive /dev/random. /dev/random is blocking, meaning if both the primary and secondary entropy pool exhaust, reads from /dev/random block until more entropy is generated.

The third pool is the urandom pool, and functions almost exactly as the secondary pool, but drives /dev/urandom. The key difference is while the urandom pool can draw from the primary pool, it can also reuse entropy to avoid blocking in the case of pool exhaustion.

Now, entropy is gathered from several sources to directly feed the primary pool: keyboard and mouse timings, interrupts, disk activity, and entropy fed back from the other two pools, directly or indirectly. However, consider a server. Most of the time it receives no keyboard or mouse activity, and the interrupts and disk activity are theoretically predictable. But the primary pool can also be influenced by writing to the other pools, and modern Linux distributions take advantage of this. Upon shutdown, a number of bytes are read from /dev/urandom (usually 4096 today) and written to a state file. When the computer is booted again, the OS reads this file and writes the bytes back to /dev/urandom. This isn't exactly completely restoring the state pre-shutdown; remember there are other sources of entropy (including the disk activity needed to read the file), so writing the same 4096 bytes back to the urandom pool merely influences the urandom pool and the primary pool, resulting in entropy that is unpredictable from boot to boot.

Now, consider a LiveCD or a diskless workstation. Without the ability to introduce dynamic entropy from a previous session, the predictability increases a lot. If the computer had a hardware random number generator, we wouldn't have this problem. The hardware RNG could be queried directly, or it could be used to influence a pseudo RNG like the system Linux uses. But very few computers have hardware RNGs, and almost zero consumer-level computers do.

Or do they? Every computer actually has two hardware random number generators, which can be combined to get a stream of random numbers. They are the CPU itself and the real-time clock (RTC).

twuewand is a truerand implementation, first invented in 1995 by D. P. Mitchell. It relies on the fact that the CPU and RTC are physically separate clocked devices, and therefore time and work are not linked. twuewand's operation is very simple. It sets an alarm for sometime in the future (by default 4 milliseconds, as determined by the RTC), and then starts flipping a bit between 0 and 1 (work performed by the CPU). When the alarm is reached, the bit is taken. Voilà, random bit. It then repeats this process for as many bytes as needed.

This process produces a stream of truly random bits. An attacker can alter the amount of work performed by the CPU by introducing his own work during the same time period, but it still does not affect the output in a predictable way. However, this stream is still prone to bias. So after a certain number of bytes are collected, it is run through a cryptographic hash digest, by default SHA512, or MD5 if Digest::SHA is not installed. The hashed data is then output. This "whitens" the data, hopefully decreasing bias while retaining randomness.

twuewand could be used as a primary source of random data, but its primary purpose is intended to be an entropy pool seed. In Linux, you would execute:

twuewand $(cat /proc/sys/kernel/random/poolsize) >/dev/urandom

I wrote twuewand a few weeks ago when I first learned of truerand. truerand is an interesting concept, but it's actually almost never used in the real world anymore. The reason it was invented was to add another source of entropy to entropy pools, but the discovery of the benefits of saving pool data to reintroduce after reboot mostly made it unnecessary. But remember, this source is not available to LiveCDs and diskless workstations. I wrote twuewand for use by Finnix during startup, but hit a major snag. Namely, it's slow. Each bit takes a minimum of 4ms to generate, and that adds up. Generating 4096 bytes takes over 2 minutes. So I'm not going to have Finnix run it during startup, at least not for the full 4096 byte pool size. Perhaps 8 bytes by default, which will take a little over a quarter of a second. It's not as cryptographically secure as filling the entire pool, but it's better than nothing. Either way, twuewand will at least be available in the next version of Finnix if you desire to use it.