Found out why firefox didn't talk ipv6 by default: the same resolver bug that I saw before: the resolver prefers ipv4+rfc1918 addresses over ipv6. Fixed with some DNS magic. Some day I'll phase out NATted IPv4 addresses. Until then they are irritating.
2008-03-30 (#)
I tried flashplayer 9 for Linux because flash 7 makes my browser hang often, especially on flash video. With flash 9 I had no audio because flashplayer 9 for linux only supports alsa (and I prefer oss), but a bit of searching found Flash Player:Additional Interface Support for Linux which includes the source of a support library which fixes this problem... for linux users who don't mind compiling a shared library on their own. But now I can watch a youtube video without firefox crashing.
2008-02-17 (#)
I had some time for work on the wardriving box. I fixed the powerbutton problem by switching to Linux kernel 2.6.24.2. Linux 2.6 has specific support for the geode processor which include acpi support. With 2.6 I get a good power-button event when I press it and on a shutdown with powerdown the alix system is powered down completely (power led goes out). I also worked on the case, making holes for the antenna connectors. I managed to make the right holes and modify the I/O shield without making the wrong holes or get damaged myself. My teacher in metalwork years ago would probably think I'm still bad at it but with a drill and a metal file the modifications got done, including filing the flange of the N-connector to make it fit in the case. Pictures of the results,
Results of the metalwork.
Antenna connectors in place and the I/O shield modified to allow for the big N-connector.I'm also learning about Linux 2.6: without a keyboard there is not a lot of entropy for /dev/random.
Board installed in the case.
2008-02-14 (#)
A few minor setbacks on the wardriving box project yesterday evening. Software shutdown via acpid does not work (there is no event when I press the power button). Kernel recompiling for acpi debugging gave me lots of headaches with the module versioning. I did some searching for it and the Linux Loadable Kernel Module HOWTO had the answer:So it is generally not wise to use symbol versioning.. words to the wise. And the CF connector of the M200 case is a normal 40 pin IDE connector where I bought a cable for 44pin 2mm ide connectors because the alix.1c mainboard has a 44pin ide header. It would be nice if I could fix this, I could use the external CF-bay of the M200 case which would mean I wouldn't have to open it to change/upgrade the CF. The manual of the M200 case has stern warnings about opening and closing it too often.
2008-01-28 (#)
First boot on the wardriving box (like first light on a telescope). Thursday evening I had some actual time to play with the mainboard and a CF card. With a lot of peeking at the presentation on building flash-based Linux routers by Remco van Mook I was able to get a basic Debian Linux to run on the Alix board in little time. It boots, it starts a few getty processes and ifplugd. I also automated work on converting the local installation to a root image and the root image to the CF card.
2008-01-03 (#)
athcool is .. cool! The new server mainboard was consuming some more power and was at a higher temperature. I looked for ways to reduce this a bit. Setting power throttling mode to T1 did not help for power use or temperature (but the system reacted slowish), but athcool made the readouts from lm_sensors change from CPU Temp: +42.8 C to CPU Temp: +21.5 C which looks a lot better. And, more important: the UPS reports a drop in power-use, which is good for the electricity bill. Follow the graphs at my assorted sensors at home.
2007-12-21 (#)
Some environment sensors at home are now public. Started with the environment sensors of the home server gosper which are the easiest. Other stuff will be added if and when certain monitoring projects go from being a wild idea to delivering real data. Ok, I did order some temperature sensors and a 1-wire controller from Hobby Boards 1-wire solutions.
2007-10-27 (#)
Learning ifplugd to do the ipv6 equivalent was easy: just add the following to /etc/ifplugd/action.d/ifupdown in the up part: /usr/bin/rdisc6 -q -w 250 -r 8 $1.
2007-10-26 (#)
And in trying to firewall IPv6 I found that INPUT and FORWARD are really separate. From the docs:the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets).So if I want to set a policy for both the local machine and the machines behind it I need to set those rules in both INPUT and FORWARD.
2007-10-26 (#)
Trying to access machines at home directly from the outside via ipv6 made the old ndisc_send_redirect: not a neighbour show up again. I found the reason: I added an address on the internal network to the external interface, so a cool address would show and not the xs4all-ipv6-tunnel interface address, with up ip -6 addr add 2001:888:1011::13/64 dev xs4allipv6 in /etc/network/interfaces. Now when trying to access an internal machine, 2 possible routes to 2001:888:1011::/64 existed. Fix: add another line up ip -6 route del 2001:888:1011::/64 dev xs4allipv6 to remove that extra route again. Now I can access machines on the home network directly from ipv6 hosts all over the world. Time for extra firewalling rules!
2007-10-26 (#)
And the ultimate answer came from Friedemann Stoyan via the debian-ipv6 mailinglist: It's a know debian bug: libc6: Resolver prefers IPv4 to IPv6 in some cases. The bit where RFC1918 addresses trigger this bug is especially evil: in my opinion users with ipv4+nat (rfc1918) and ipv6 (globally routed) on their network would be better suited with a preference for ipv6.
2007-10-25 (#)
After working on a proposal for introducing IPv6 at work it suddenly dawned on me that pushing ipv6 at home wasn't going to work with a separate DNS zone for IPv6 addresses. The best way is to integrate ipv6 addresses in the main zone and have the "legacy ipv4 nat range" as second thing to try (for things that are still ipv4-only like nfs). But I found something weird in certain applications: for unqualified names, ipv4 is preferred, for qualified names ipv6. Forcing ipv6 works, but I want ipv6 to happen naturally. Telnet shows best what happens:$ telnet gosper
Trying 10.42.2.1...
Trying 2001:888:1011::694...$ telnet gosper.idefix.net
Trying 2001:888:1011::694...
Trying 82.95.196.202...Something weird happening here, so I asked the debian-ipv6 mailing list.
2007-10-19 (#)
In a flash of thinking in the morning (this is not very usual for me) I remembered that the Asterisk server I set up has quite strict firewalling rules. This does not combine very well with RTP audio. I changed the firewalling rules to accept the RTP ports configured in Asterisk and suddenly: audio from a call to the xs4all test number. Woohoo! A working call!
2007-06-12 (#)
At completely the wrong moment, another disk in my home server went bad. It first showed as loads and loads of ide errors. I had no time to deal with it, so I just left it spewing errors. Which made the problem go away for the biggest part. Eventually I got around to buying a new disk, a cheap 320 Gig disk. I wanted to set up /scratch new, without reiserfs and started to move data to a new scratch volume. This went well until I wanted to shrink the logical volume: the whole volume set became corrupted. I was still able to access my data, so I borrowed some diskspace, reused some other disks and copied everything to another machine using rsync. After I rebooted the server, the volume groups were indeed gone, and I switched to 'old-fashioned' partitions and spend quite some time dividing the loads of data on the new partitions. All is back to normal now, but without lvm or reiserfs.
2007-05-07 (#)
Ages ago, I was trying to get the pam_groupdn option in ldap.conf for pam_ldap.so to do what I want: limit access to a certain system to certain accounts (where the list of 'certain accounts' could be managed centrally, via that same ldap). It needs a 'groupOfUniqueNames' type object in the ldapserver with multiple 'uniqueMember' fields pointing at the dn of accounts that are member. I found the correct bits in a mail to the secure-shell list: RE: AllowGroups and ldap.
2007-04-18 (#)
Making the new disk bootable was the quite hard part: the floppy drive of the server turned out to be completely broken, not reading/writing disks. A scsi cd/dvd drive I added could make the machine boot from CD, but took ages to read the rescue cd, sounding like it had serious reading problems. So I used an ide cd-rom drive (but I had to disconnect one of the ide harddisks first to be able to use this), which the machine did see, and used that to make the whole system bootable again. It took a while of working, but I have a working server again.
2007-04-17 (#)
I bought a new 400G disk at MyCom yesterday. I thought I had to setup the logical volumes all over again because the total size would grow above 1T but that maximum size is the maximum size of one logical volume. So just moving the /scratch volume off the suspect disk and on the new disk was an easy operation using the lvm howto part on removing an old disk. Now to change disks so I can boot from that new disk .. and making it bootable first.
2007-04-15 (#)
Friday the homeserver developed a problem in one sector of /dev/hda, a Maxtor disk that's been in there since September 2003. The sector was in the bitmap of a reiser filesystem (via lvm) that did not want to mount for this reason. I started a complete reiserfsck on it as a last resort to get that sector rewritten. After 39 hours the complete filesystem check was done, that sector rewritten (and at that time remapped by the drive). The /scratch volume is available again, but I'll buy a new disk for it anyway, to avoid going through this several times.
2007-04-04 (#)
I always thought the network performance of Linux was great, but in testing the new ftp archive server at work I found out that was wrong. Hitting it with apachebench for massive downloads of the same .iso file resulted in kernel messages about dropped tcp connections. With a simple google search on "TCP: drop open request from" I found a page with Linux network performance tuning tips. Those tips improved things: iso images flew out at wirespeed (gigabit). Lots of concurrent requests for a small file are still an issue, those stuck at somewhere above 1600 hits/second, way below wirespeed. It will do for the moment ;)
2007-02-20 (#)
Sometimes Debian makes me go "aaaargh" a bit. When I visited Paris and wanted Internet access, I found out the pairing between my phone and the laptop had gone bad (all errors). Trying to delete the pairing and setting it up again gave a problem: there is no working bluetooth-pin application at the moment. Due to the dbus package being in transition, an attempt to install bluez-pin results in bluez-utils being removed (which means there is no bluetooth stack left running to authenticate in the first place). Google-fu to the rescue: Impossible to do pairing in Kubuntu shows that ubuntu users have the same problem and Dan V posted a solution how to build the command-line passkey-agent from the bluez-utils sources and use that to get a pairing again. I'm not the only one frustrated, debian bug 382269 shows more frustrated users.
Older news items for tag linux ⇒