MavEtJu's Distorted View of the World - 2008-09

Posted on 2008-09-26 09:00:00
Tags: FreeBSD

The FreeBSD Operating System is partly original code and partly contributed code, like the GNU licensed GCC compiler toolchain, the BSD licensed BIND DNS nameserver and the timezone database.

Sometimes people assume maintainership of the contributed code, for example Doug Barton with the BIND DNS nameserver and I-said-the-fool with the timezone database. The only reason I assumed maintainership for it was because there were upcoming changes with regarding to Daylight Saving Time where I live, so there was a good reason to make sure these definitions were up to date. These days both misc/zoneinfo in the ports collection and share/zoneinfo the base system are updated very shortly after a new timezone update has been released.

Sometimes the maintainers or the people who originally imported the code disappear or let the code go stale (for whatever reason). In the last couple of weeks, with lots of free time, I have updated a couple of these contributed modules:

• tzcode2004a to tzcode2008e - tzcode is the software which compiles the timezone files and submits functions like strftime(), asctime() and localtime() in libc. The proposal can be found on the -arch mailinglist in the tzcode update to 2008e thread.
• file(1) 4.23 to 4.26 - The code of 4.26 works fine on FreeBSD 7.0 and -current, except for two #ifdef's which have been feed back to the author. The maintainer of the module, David O'Brien, has been informed about this and I have requested for co-maintainership but no (positive) response yet.
• ISO 639 and ISO 3166 - ISO 639 contains a list of 2 and 3 letter abbrevations for languages, ISO 3166 contains a list of 2 and 3 letter abbrevation for countries. The PRs are conf/127422 and conf/127429.
• top(1) from 3.5b12 to 3.8b1 - The patches have been submitted in the PR bin/127633 and I am still going through the PR database to close related PRs and hunt for interesting features, like Added jail filtering support to top(1).

Updating a module isn't a simple let's patch the changes between version A and B, because often the code has been adapted to work with the FreeBSD Operating System or to have specific FreeBSD features, and it might be easier to get diffs from the original code against the FreeBSD version and find ways to merge these changes, or the functionality, into to the newer versions.

To give an example, the patch between the FreeBSD version of top(1) 3.5b12 and 3.8b1 was 13K lines, but the patch between the stock top(1) 3.5b12 and the FreeBSD top(1) 3.5b12 version was only 1500 lines and so was at the end also the patch between the stock top(1) 3.8b1 and the FreeBSD top(1) 3.8b1 version!

Posted on 2008-09-17 11:00:00
Tags: Science, Space

The Voyager space probe, launched in 1977 and at this moment happily traveling outside our solar system, gets its electrical power via the heath caused by the decay of plutonium.

Since the half-life of plutonium, and the elements it decays into, is known, "aliens" can use it determine the age of the space craft.

At least that was until today, when I read the following article: Evidence for Correlations Between Nuclear Decay Rates and Earth-Sun Distance:

Unexplained periodic fluctuations in the decay rates of 32 Si and 226 Ra have been reported by groups at Brookhaven National Laboratory (32 Si), and at the Physikalisch-TechnischeBundesandstalt in Germany (226 Ra). We show from an analysis of the raw data in these experiments that the observed fluctuations are strongly correlated in time, not only with each other, but also with the distance between the Earth and the Sun. Some implications of these results are also discussed, including the suggestion that discrepancies in published half-life determinations for these and other nuclides may be attributable in part to differences in solar activity during the course of the various experiments, or to seasonal variations in fundamental constants.

If this is true (for real, the reality, ...) then the "aliens" will have a hard time figuring out the age of Voyager!

In addition to repeating long-term decay measurements on Earth, measurements on radioactive samp les carried aboard spacecraft to other planets would be very useful since the sa mple-Sun distance would then vary over a much wider range.

Posted on 2008-09-16 21:00:00
Tags: FreeBSD, zoneinfo

Just in time for the release of 7.1 and 6.4: src/share/zoneinfo is updated! Changes are for the countries of Mauritius, Morocco, Pakistan, Palestine, Argentina and Brazil.

Of course also available in the ports collection as misc/zoneinfo.

Posted on 2008-09-14 11:00:00, modified on 2008-09-17 18:00:00
Tags: Politics, Elections

Yesterday New South Wales held its local council elections and Naomi was running in it as the Sutherland Shire Council (SSC) candidate for the Greens. The SSC has 15 positions, the area is split in five wards so there are 3 positions per ward. Naomi ran for ward A, Cronulla and Wooloware. Knowing the demographic and the voting history of the area, it was clear that at least one Liberal would get in, and one Shire Watch Independent. So she had, tied with the Labour guy, a fifty/fifty percent chance of getting in (At least that were the predictions)

The weekend before the election we had planned to do the letterboxing, but Mother Nature decided that it was the weekend for greening up the gardens and filling up the dams... Instead of a team of ten to fifteen people doing that for the whole area in one day, we ended up with a team of four doing that during the rest of the week (Specially thanks to Colin for his six-thousand kilometer walk through the voting area to do a huge chunk of this letterboxing!).

The parties represented in the SSC local elections were Labour, The Greens, Shire Watch, Community First, Australia First and a hand full of independents. Yes, the Liberals were not running in the electorate, there was too much infighting in their party here so they didn't endorse any of the candidates. So the "Liberals" ran as independents, which gave it an interesting new turn: You have partyless independents and Liberal independents.

The people running for the SSC local elections were Naomi Waizer for the Greens, Carl Provan for Shire Watch (who has been mayor for the SSC), Scott Docherty for Labour (who has been in the SSC and says to be voting for green policies), Kevin Schreiber of the Liberal independents ("Putting the shire first" (but printing his A-frames outside the Shire) and well known for his connections with developers), Marie Simone as an independent (her slogan was "a GENUINE local independent", where GENUINE was pointing to local (A-frames printed outside the shire too) but not to independent since she always sits at the SSC meetings between two liberals), John Newton of Australia First (which thrives on racism and intolerance) and George Capsis of Community First (a baptist church priest who drives around in a ute). Yes, that are seven parties going for three seats.

The voting day came, all the polling booths were manned and Mother Nature decided to make it the hottest day of the year... 10 hours in the baking sun is not my idea of a good time, but since I don't have the right (hahahaha, you don't have rights in Australia, everything is either compulsory or forbidden) to vote here I have to find other ways to help the people here to chose the right party. 10 hours in the baking sun wasn't a good idea for the Australian First guy too, who in the afternoon started to announce his party as "Australian Families First" and "Family First".

Despite the compulsory voting here in Australia, less than 70% of the 31 thousand people registered to vote, raising about AU$ 500 thousand in fines for people who didn't show up. Compulsory voting is still a horrible idea for me, since you end up with people coming to the booths telling me "I have no idea who to vote for" and "I don't know anything about their policies". You shouldn't be allowed to vote unless you know who you want to vote for and why you want to vote for them. Everybody else should be banned and be fined if they show up anyway! </rant>

The counting-of-the-votes system is tricky: To get in you need at least 25% of the votes. If there aren't three people with that, the votes for the smallest party get redistributed according to the preferences on the ballot paper (at federal elections it is according to party preferences, but not at council elections). Any party which gets over the 25% after that gets a seat. Repeat until you have three seats filled.

The outcome: The Liberal independent got in, he has 25.2% of the votes. And then it gets murky: Shire Watch got 21.3%, so it probably gets in too. Both Labour and The Greens got 14.0% (told you it was a 50% chance she got in), but due to the preference deals that Labour has made with Community First he will probably get in. The final result won't be there until Tuesday this week.

Thanks to all the voters and volunteers who helped making this election a great one for the Greens. It put them on the map on the SSC as a party which is ready to take over.

Everybody else who is complaining about the same-old-same-old SSC: You had your chance because putting in Naomi Waizer of The Greens and George Capsis of Community First would have shaken up the SSC pretty nicely!

Update: I got into this video about Steve the National Socialist supporting Australia First NSW. At the third booth in Cronulla you see the group I'm handing out in. And the old guy in blue who he is talking to is the guy who got mentioned earlier in this write-up.

Posted on 2008-09-10 17:00:00, modified on 2008-09-11 12:00:00
Tags: Networking, FreeBSD, PXE, tftp

After being able to use PXE to boot up virtual machines in QEMU, I found an old computer with an old (1998 firmware) fxp ethernet card (Intel EtherExpress PRO/100 Ethernet) I thought "let's boot FreeBSD -current on it!"

That was easier said than done, because for some reason the ethernet card it was requesting a very strange path:

16:48:24.742828 IP 10.204.250.12.2071 > 10.204.250.2.69:  30 RRQ "pxebootM-^?" octet blksize 1456
        0x0000:  4500 003a 0006 0000 1411 9d06 0acc fa0c  E..:............
	0x0010:  0acc fa02 0817 0045 0026 a4f9 0001 7078  .......E.&....px
	0x0020:  6562 6f6f 74ff 006f 6374 6574 0062 6c6b  eboot..octet.blk
	0x0030:  7369 7a65 0031 3435 3600                 size.1456.

Let's see if the DHCP answer is correct (with net/dhcpdump, also available from my website):

  TIME: 2008-09-11 10:48:23.169
    IP: 10.204.250.2 (00:0f:ea:2c:d5:18) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
    OP: 2 (BOOTPREPLY)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: b45ceb89
  SECS: 1024
 FLAGS: 7f80
CIADDR: 0.0.0.0
YIADDR: 10.204.250.12
SIADDR: 10.204.250.2
GIADDR: 0.0.0.0
CHADDR: 00:02:b3:5c:eb:89:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: pxeboot.
OPTION:  53 (  1) DHCP message type         2 (DHCPOFFER)
OPTION:  54 (  4) Server identifier         10.204.250.2
OPTION:  51 (  4) IP address leasetime      600 (10m)
OPTION:   1 (  4) Subnet mask               255.255.255.0
OPTION:   3 (  4) Routers                   10.204.250.1
OPTION:  60 (  6) Vendor class identifier   Mavvie
OPTION:  67 (  7) Bootfile name             pxeboot

So let's give it the file it wants. The shell I use nor the terminals I use actually make it possible for me to enter the ASCII character 255. So it's Perl to the rescue:

[/tftpboot] root@k7>perl -e 'link("pxeboot", "pxeboot\xff"); '
[/tftpboot] root@k7>ls -al
total 854
drwxr-xr-x   2 nobody  wheel     512 Sep 10 11:05 .
drwxr-xr-x  21 root    wheel     512 Aug  2 07:40 ..
-rw-r--r--   2 root    wheel  260097 Aug 27 21:20 pxeboot
-rw-r--r--   2 root    wheel  260097 Aug 27 21:20 pxeboot?

Did you see the blksize 1456? If you are using the net/freebsd-tftp port, you will send packets with that size instead of 512 bytes:

16:48:24.747635 IP 10.204.250.2.65265 > 10.204.250.12.2071: UDP, length 15
16:48:24.747821 IP 10.204.250.12.2071 > 10.204.250.2.65265: UDP, length 4
16:48:24.747961 IP 10.204.250.2.65265 > 10.204.250.12.2071: UDP, length 1460
16:48:24.748919 IP 10.204.250.12.2071 > 10.204.250.2.65265: UDP, length 4

Posted on 2008-09-06 11:00:00
Tags: Networking, Rant, Cisco

When Cisco Systems started, the world of networking was simple, there were routers and there were hubs. Routers connected to other routers and hubs, hubs connected to one router and computers. Each interface on the router was its own LAN, its own IP subnet (Unless you used the interface for SNA, DECNet, IPX, AppleTalk or briding only). And the configuration on the routers made sense:

interface serial0
  ip address 192.168.1.1 255.255.255.0
!
interface ethernet0
  ip address 192.168.2.1 255.255.255.0

Over time, hubs got replaced by switches. Coax cables got replaced by cat5 cables. Seperate routers and switches got integrated and people started to think in VLANs instead of router interfaces. And this is where the Cisco IOS syntax went wrong: They kept talking about router interfaces instead of LANs.

For example, to create a new VLAN an Extreme Networks switch/router or a Riverstone / Cabletron switch/router (does anybody remember them?), you create the VLAN (you give it a name, not just an index number) add the IP subnet to the VLAN, add a tag to the VLAN and add (finally!) the ports, tagged or untagged, to the VLAN. So you have a VLAN, and it has the VLAN tag and IP address properties, and it has one or more ports in it. Port specific properties (speed, duplex, label) are configured in the ports section.

create vlan "backbone"
configure vlan backbone tag 2
configure vlan backbone add ports 4 tagged  
configure vlan backbone add ports 5 untagged  
configure vlan backbone ipaddress 10.128.7.1/28
[...]
configure ports 4 display-string fibre-to-dc1
configure ports 4 auto off speed 100 duplex full 
configure ports 5 display-string natgw

Now let's see how it goes on the Cisco switch/router. It calls both the physical and logical ports and the VLAN definitions "interfaces", so there is no hierarchical approach of obvious difference between them:

interface ethernet0/1
  description fibre-to-dc1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 2
  switchport mode trunk
  duplex full
  spanning-tree portfast
!
interface ethernet0/2
  description natgw
  switchport mode access
  switchport access vlan 2
  spanning-tree portfast
!
interface vlan 2
  description backbone
  ip address 10.128.7.1 255.255.255.240

So the definition of VLANs in the IOS Syntax has become more of a hack without hierarchical approach to the issue than a proper style of hierarchical definition of the VLANs, its properties and the ports in it. Instead of the above, it could have gotten its own section:

interface ethernet0/1
  description fibre-to-dc1
  duplex full
  spanning-tree portfast
!
interface ethernet0/2
  description natgw
  spanning-tree portfast
!
vlan 2
  description backbone
  ip address 10.128.7.1 255.255.255.240
  untagged ethernet0/2
  tagged ethernet0/1

Can this issue be resolved and the IOS Syntax replaced by a proper syntax in which you can define a VLAN and its properties readable and logically? Asking the question is answering it: Of course. But will it ever happen? I hope it, because the current syntax is very error-prone. But I doubt it, since it is there already for years and hundreds of thousands of devices do use this syntax. Having people to change all of these configurations isn't something Cisco would want to do.

Posted on 2008-09-04 16:00:00
Tags: Networking, Peering

There are several kind of internet providers. One of them are the edge providers, who have their own IP space, AS number, provide application hosting and network services for their customers and have one or two uplinks to the internet which get charged per gigabyte of data. And a port on the local internet exchange of course! The other kind are the big ones, who have multiple links with other big ISPs and sell transit to the little ones. Oh, and also provide application hosting and network services for their own customers, and sometimes they are even on the local internet exchange because of that!

Local internet exchanges are places where multiple local ISP come together (you pay for the speed and for the port on the internet exchange, not for the traffic) and agree to route traffic between destined for the other ISPs on the internet exchange directly via the internet exchange instead of via the uplinks to the big ISPs. To push this behaviour, the address ranges advertised to the local internet exchanges are often /24s while the address ranges advertised on the internet uplinks are often /21s and bigger.

So euhm... What is the issue? Nothing yet, but it is coming :-)

If you are an edge provider, what should you do? Take an uplink which is also on the local internet exchange, advertise your /24s to the local internet exchange and your big /21 to the uplink provider. Why? Because the uplink provider will advertise your /21 to the rest of the internet, while it will internally route it via the /24s to the local internet exchange. Free inbound traffic! And if your port on the local internet exchange is 100Mbps or 1000Mbps and the link towards your uplink provider is less than 100Mbps, you will have a nice extra speed increase with it too. Of course this is only for the inbound traffic, the outbound traffic to the internet still goes via the slow uplink, but downloading goes fast. And since you are an edge provider, most of the traffic will be inbound.

The thing you have to take care about is that you have to monitor, specially in the first months, that the bill of your uplink provider does reflect the real traffic going over their uplink. Some providers run their accounting systems based on all the IP traffic going through their edge routers and will bill you for the traffic even if it doesn't go over the physical wire. Check your terms and conditions to see what you can do about this Layer 8 behaviour.

So what can the big ISPs do about this? Design their network properly. Consider the three different services which are being provided: Users, Services, Transit. Users traffic and Services traffic can go via the local internet exchange, but Transit traffic shouldn't. The network should be designed to have three routing clouds (call them Autonomous Systems if you want), and the exchange of routes between the three clouds and the outside world should be regulated carefully to make sure that the Systems and Users clouds are only providing the big ISPs IP space to the transit cloud. That way the /21 is in the Transit cloud and the /24s are in the Users and Services clouds.

Is this possible? I think so. Even if the Service networks and User networks are scattered around the world, with IP-over-IP tunnels between them it will make it look like one contiguous network. Doing proper routing traffic exchange between the three routing clouds internally and between the individual routing clouds and the external networks and the network behaves the way it was meant to work.

Posted on 2008-09-03 17:15:00, modified on 2008-09-05 22:15:00
Tags: FreeBSD, Books, Reviews

As described in the "About the Author" chapter the book Network Administration with FreeBSD 7 by Babak Farrokhi and published by Packt Publishing, this is a book made of scattered notes. And that makes the context of this book so good: It are the notes from an experienced administrator who wants to share his secrets with the world. Although I have been using FreeBSD since the 2.2 versions and I am well known with it, his notes show that there is nothing better to learn from than the experience of peers in the same field you are in.

The size of the pages in the book is wider than the O'Reilly books, which makes it possible to leave it open on your desk while you try out the suggestions and commands printed on them. The order of the chapters is System Configuration, Network Configuration and Network Services and it doesn't only describe the commands available in the base operation system, but also the important ports in the third party software ports collection. The commands and examples in the book are consistent and include the command line, /etc/rc.conf and kernel configuration lines everytime where it is necessary.

Because of the fast development and the broad range of features on the FreeBSD operating system, it is hard to know everything others know. That goes for me with regarding to the GEOM chapter for example, which I never had touched before because I always have used hardware based RAID solutions. And it goes for the author, who didn't write about the GUID partition table for large harddisks.

The FreeBSD operating system has often the approach of "use tools and approaches which have been proven over time" and the mindset of system administrators often reflect this: cvsup is one of these things. But luckely the author mentions the portsnap and freebsd-update tools, although he doesn't mention the fact that the last one can be used for minor version and major version upgrades of the base operating system.

The chapter about jails, one of my favourite features of FreeBSD, is very clear and verbose, but it lacks a reference to the sysutils/ezjail port.

Despite being a book for administrators, the Network Configuration part starts with the basic stuff on how network interfaces work and how to configure them. But it quickly moves forward to VLANs and monitoring mode and Fast EtherChannels. The chapter about tunnelling is partly simple and partly tricky: The simple part is the GRE tunnel in two pages and the tricky part is the IPSEC tunnel in 8 pages. The chapter about PPP describes beside the client configuration also the server configuration, something I have never done before.

The chapter about my favourite thing on network equipment, dynamic routing, is a good start to get things up and running but is missing an essential paragraph about what goes over the wire in case of a successful (or unsuccessful) establishing of routing neighbours.

The firewalls chapter is technically fine, but it shows that the author is natively speaking a language in which words like "a", "an" or "the" are not compulsory to write a grammatically correct sentence: Often these words are missing and its confusing. But there is nothing wrong with the context.

The chapters about Internet Servers and Local Network Services are fine to have a complete overview of all aspects of a FreeBSD system, but it doesn't give more than a quickly name them, give an example and tell how to install them. The book should have been done without these two chapters and they could have been in their own book, with more and deeper examples and troubleshooting tips.

My opinion: Great book, worth having and reading. It could use a review of somebody who is a native English speaker to get the lines better rolling now and then, and a technical review of somebody who can make sure that the examples are correct, but for the rest I would say that it belongs next to the other books like Absolutely FreeBSD and The Complete FreeBSD.

Posted on 2008-09-02 15:00:00
Tags: FreeBSD, Networking

It's September, which means it is Spring in Australia! The semi-cold weather is gone, the birds are shrieking (still) and the trees still have leaves. And what better can you do in Spring than having a Spring Clean?

This years Spring Clean will be about the mirrors of the FreeBSD project. Over the years a huge amount of mirrors have been gathered, and most of are pretty good. Unfortunately, one or two are broken, not up-to-date, out-of-service, have disappeared or can't be found.

Earlier this month, I did the Spring for the Australian mirrors. DNS is now clean, FTP mirrors are all fine again except for ftp4.au.freebsd.org, CVSup now points to a working server, rsync is still not available and the ISO distribution looks fine. It wasn't even Spring yet, imagine that!

Without statistics you don't know anything, so I made a tool which checks for...

• The availability and age of the file TIMESTAMP in the FTP mirrors. This file is updated once per hour on the FTP master site.
• The availability of the ISO images on the FTP mirrors. These files are only created at release time, but at least it shows where you can find your ISO images!
• The availability and age of the file CVSROOT-ports/modules on the CVSup mirrors. This file is updated once per day.
• The availability and age of the file TIMESTAMP in the RSync mirrors. This file is updated once per hour on the FTP master site.
• The availability of all dates on the FreeBSD.org main website on the WWW mirrors. This is not often updated (couple of times per month), but it is the only way I could find to overcome timestamp issues with locally generated HTML files.
• The consitency of the SOA serial numbers in DNS, and to make sure that all CNAMEs are pointing to defined DNS entries.

So, where to find these goodies? At http://www.mavetju.org/unix/freebsd-mirrors/ is the main overview. The score is calculated on the number of (correct) elements found in each test. It is possible to browse through the history of the statistics (as far as collected that is) and to see which items are changed between two dates.

I have applied for a hat to contact the mirror maintainers and ask them to fix the issues, but haven't heard anything yet.