Just completed the Real World Debugging Exercise.
It is a static page on this site (just like the Lot Area Calculator).
Just completed the Real World Debugging Exercise.
It is a static page on this site (just like the Lot Area Calculator).
To set up your USB Flash drives as pass-through in VirtualBox, here is what you can do.
Next, plug in your flash drive and record its device. For me, it was /dev/sde. Look in /var/log/syslog, or dmesg output, for the “[sde] Attached SCSI removable disk” line. My device looked like this:
ls -l /dev/sde brw-rw---- 1 root disk 8, 64 Nov 24 15:22 /dev/sde
If you don’t run virtualbox as root (and you should not), then you’ll need to use the group to access /dev/sde. Above, you can see it is “disk”.
Now, make sure the user that is running virtualbox is in the “disk” group (e.g. ‘tim’ user):
sudo usermod -a G disk tim
After this, you may or may not have to reboot. Run “groups” as your user. Make sure you see “disk” listed. If not, reboot (or maybe just logout and login).
Then, for each USB Flash drive, run this VBoxManage command:
(Note: this command just creates a *.vmdk file that “links” to a raw device. It does not touch or alter the device, but it does make sure your current user has permissions to the device):
VBoxManage internalcommands createrawvmdk -filename usbflash1.vmdk -rawdisk /dev/sde1 chown tim:tim usbflash1.vmdk
Then, in the virtualbox GUI, under settings, choose Storage, then “add hard disk”, then “Choose existing disk”, then select the usbflash1.vmdk file created above.
See the ZFS Fkash Drives on how to create your ZFS volume from the USB Flash drive(s).
Next up: plugging the USB Flash drives into a different ZFS instance.
(In case it is not clear, the trade-off here is between:
1) Two separate USB flash drives, which can be used by just about any computer, but must be manually kept in sync, and manually compared looking for differences, versus
2) Two flash drives as a single ZFS mirror volume, where ZFS makes sure the contents are the same and scrubs them to make sure they stay that way. However, you need a ZFS system to mount and use them.)
The contents of usbflash1.vmdk:
# Disk DescriptorFile version=1 CID=1d3a8b59 parentCID=ffffffff createType="fullDevice" # Extent description RW 15130017 FLAT "/dev/sde1" 0 # The disk Data Base #DDB ddb.virtualHWVersion = "4" ddb.adapterType="ide" ddb.geometry.cylinders="15009" ddb.geometry.heads="16" ddb.geometry.sectors="63" ddb.uuid.image="33234751-eccf-4188-8e3d-a903b8a4ad74" ddb.uuid.parent="00000000-0000-0000-0000-000000000000" ddb.uuid.modification="ee7f3673-388e-42ab-9fa6-698cd80fb5bd" ddb.uuid.parentmodification="00000000-0000-0000-0000-000000000000" ddb.geometry.biosCylinders="941" ddb.geometry.biosHeads="255" ddb.geometry.biosSectors="63"
As an experiment, I created a small (8GB) ZFS volume in a mirror configuration using two 8GB USB Flash drives.
The purpose was to put “small, but really important things” on this storage system.
It actually ended up being two discrete pieces of work. First, setting up a VirtualBox FreeNas 9 image with “USB passthrough”. Second, running the FreeNas/BSD commands to create the volume by hand, since FreeNas insists on using 2G (fixed) per disk when it creates volumes. 2GB of 1000GB isn’t even a drip; 2GB of 8GB is significant.
So, second things first: creating the partition and volume and getting FreeNas to acknowledge it.
Once you know the two devices in FreeNas (for me it was /dev/ada1 and /dev/ada2), you can run these commands:
gpart create -s gpt /dev/ada1 gpart add -i 1 -t freebsd-zfs /dev/ada1 # now run ls -l /dev/gptid, make note of the new entry, # e.g. d50a7a3b-aeb0-11e6-86a2-080027bed2b8 gpart add -i 1 -t freebsd-zfs /dev/ada2 # make note of that gptid too, # e.g. e9c860e9-aeb0-11e6-86a2-080027bed2b8
Since my two USB drives were not exactly the same (7.4G versus 7.2G), the zpool create required the “-f” flag:
zpool create -f usb8 mirror /dev/gptid/d50a7a3b-aeb0-11e6-86a2-080027bed2b8 /dev/gptid/e9c860e9-aeb0-11e6-86a2-080027bed2b8 zpool status pool: usb8 state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM usb8 ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 gptid/d50a7a3b-aeb0-11e6-86a2-080027bed2b8 ONLINE 0 0 0 gptid/e9c860e9-aeb0-11e6-86a2-080027bed2b8 ONLINE 0 0 0
Then, to get FreeNas to acknowledge it:
zpool export usb8
Finally, in the FreeNas GUI, run “Import Volume”, no encryption, selecting the volume name in the drop-down list. Under “Disks”, you should see two “7.xGiB” entries, not the “5.xGiB” the the 2GB swap partition would have given you.
If you didn’t make note of the gptid as you created the partitions, you can run
And look for the “Name: ada1p1” entry to get the “rawuuid” value to use with /dev/gptid/hxhxhx….
Using the gptid/rawuuid, instead of /dev/adaX, is a good idea in general. In this particular case, remember that the device is actually a VirtualBox-created “Disk”, with a VirtualBox serial number, and a VirtualBox gptid.
See the next post on how the “pass-through” was created in VirtualBox.
Fun lesson from today: don’t blindly clear/flush your iptables.
If you are remotely managing a system, then make sure you run this:
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
before you run this:
sudo iptables -F
It turns out there are people who will write default block (“policy DROP”) style rules (instead of the using a default “policy ACCEPT” and ending with REJECTs/DROPs at the end that match everything). If the default policy is not ACCEPT, then clearing the rules will immediately remove your ssh access to the machine.
The lack of a default “policy REJECT” is one reason you will see more “policy ACCEPT” – because then, at the end, you can choose between REJECT or DROP. If you write your rules “in the other direction”, you loose the flexibility to choose – you must DROP. There are numerous posts on why DROP is not necessarily better than REJECT. (“Attackers don’t really feel any pain with DROP, but your legitimate users sure do”.)
The goal of this machine was to replace the highly unreliable kids computer (Portable Power Build). First the GPU went, then the HDD started showing errors. Finally the MB voltage started to act up. The net result was that the computer was very unreliable and would just freeze, awaiting a hard reboot.
The goal was to be “reasonable yet not extravagant”.
Some facts on the CPU: the i5-6500 is currently #261 on PassMark [7,042] cpubenchmark.net. At a price of $204, it has a “value” rating of 34.3. It is the first 4-core not 8-core machine in a long time – for a gaming machine, the 4 extra cores don’t pay off. This is the first LGA 1151 CPU build. And along with it, the first DDR4 machine as well. Also a first is the USB-C connector on the motherboard.
All product links are from the actual vendor. Not all pieces were purchased in 2016.
|CPU||Intel Boxed Core I5-6500 FC-LGA14C 3.20 Ghz 6M Processor Cache LGA 1151 BX80662I56500||$204|
|RAM||Corsair Vengeance LPX 16GB (2x8GB) DDR4 DRAM 3000MHz (PC4-24000) C15 Memory Kit – Black||$74|
|Motherboard||GIGABYTE GA-Z170XP-SLI LGA 1151 Z170 2-Way SLI UEFI DualBIOS ATX DDR4 ATX DDR4||$126|
|Power Supply||Corsair CX Series, CX500 500 Watt (500W) Power Supply, 80+ Bronze Certified||$53|
|Video||Gigabyte GTX 750Ti GV-N75TOC2-2GI GTX 750 Ti GDDR5-2GB 2xHDMI OC Graphics Cards||$105|
|Case||Corsair Carbide Series 200R Compact ATX Case||$58|
|SSD Drive||Samsung 850 EVO 250GB 2.5-Inch SATA III Internal SSD (MZ-75E250B/AM)||$117|
|DVD/CD||Samsung DVD Burner 24x SATA DVD+RW DVD-Writer Internal Optical Drive (SH-224FB/BSBE)||$17|
|OS||Microsoft Windows 10 Pro 64 Bit System Builder OEM | PC Disc||$125|
As posted for 14.04, here are the steps to getting a larger VNC connection to your Ubuntu 16.04 virtual machine:
Desktop Sharing is back as an item in 16.04 desktop. Just bring up the search, type “Desktop Sharing”.
If for some reason you do not see it, type:
Desktop Sharing Security
When your VNC client fails to connect with an error like “No matching security types” or “No security type suitable for RFB 3.3 supported” (or if you see a log line from vino-server like “Advertising security type 18”) then type:
$ gsettings set org.gnome.Vino require-encryption false
Then connect again with your VNC viewer. No restart or logout required.
Higher Resolution – a little
To get to a decent 1024×768, you can run xdiagnose:
$ sudo xdiagnose
In the dialog box, check all of the options under “Debug” : “Extra graphics debug messages”, “Display boot messages”, and “Enable automatic crash bug reporting”. Push “Apply” then “Close”.
$ sudo /sbin/shutdown -r now
You can now choose 1024×768 under “Displays”
Higher Resolution – a lot
To get to higher resolutions (e.g. 1600×1200):
1) Insert the VBOX additions (from VirtualBox)
2) cd /media/$(id -nu)/VBOXADDITIONS*
3) sudo ./VBoxLinuxAdditions.run
4) sudo apt-get install virtualbox-guest-x11
and reboot again.
Now, the “Displays” settings window should allow choices from 2560×1600 to 800×600 for the VBX 0″ display.
Having upgraded the wifi device, and changing the SSID and passphrase, the Brother HL-2170W printer needed to be updated.
First, the “easy button” just failed. Never worked. Which I recall happened the last time I set up this printer.
Next was the factory reset to get the wired interface to listen again – turn off power, hold “Go” button, turn on power, press “Go” button 7 times.
Then press “Go” 3 times to print the connection information – see page 3, “Network Configuration”, “IP Settings” – mine said “10.0.0.200 (via DHCP)”.
Then, browse to that address, press “Network Configuration”, (default credentials are user/access and admin/access).
This is where the fun begins…
On the screen find the “* Configure Wireless” link. Press that.
Key Setting: Communication Mode = “1) Infastructure Mode” (do not use ad-hoc)
Setting: Authentication Method = “WPA/WPA2-PSK”
Key Setting: Encryption Mode = “AES”
Skip all the of WEP Key fields.
Setting: Passphrase = “<< enter your SSID password here >>”
Push submit. It says “data submitted”, then says “if ethernet cable plugged in, unplug it”. Unplug ethernet. Wait.
Finally, the printer will print 1 page of “NETWORK CONFIGURATION”.
Check the IP Address and make sure the “Link Status” says “Link OK”.
Browse to the wifi IP address. Confirm everything is working.
The goal of this machine was to replace the oldest active computer in the house. This old computer predates – by over three years – the first recorded entry on this blog for computer builds. (First build: core i7). This old computer was a combined “compute and storage” build – before I moved to dedicated compute and storage machines.
It’s main claim-to-fame is its case: a SuperMicro SC-743 4U case (now numbered as CSE-743T-665B) which sells for $320 today. Fifteen years ago it was around $200. It contains a row of 4 hot-swap high-speed fans in the middle of the case. This was the case right after my infamous “Just because a case has space for 6 hard drives, that doesn’t mean it has adequate cooling for 6 hard drives” coming of wisdom. Unfortunately, those fans howl like a jet engine, and it was time to replace it.
Some facts on the CPU: the i5-4690 is currently #191 on PassMark [7,623] cpubenchmark.net. At a price of $224, it has a “value” rating of 34.0. The Core i5-4590 has PassMark [7,224], for $180 and a “value” rating of 40.3, the highest “value” of all the i5s. Note that my “on sale” i5 was only $210. It is the 3rd fastest i5, the fastest is the #165, $320, i5-5675C@3.10GHz [8,106].
All product links are from the actual vendor.
|CPU||Intel Core i5-4690 Haswell Quad-Core 3.5Ghz Socket 1150 84W Intel Graphics 4600||$210|
|RAM||G.SKILL Ripjaws X 16GB (2 x 8GB) 240-Pin DDR3 SDRAM PC3 1600 Desktop Memory Model F3-1600C9D-16GXM||$80|
|Motherboard||GIGABYTE GA-Z97N0D3G LGA 1150 Intel Z97 HDMI SATA 6Gb/s USB 3.0 Micro ATX||$109|
|Power Supply||Corsair CX750 750W 80 Plus Bronze certified, Haswell Ready||$60|
|Video||Intel HD Graphics, built in||–|
|Case||Antec Three Hundred Two Gaming Case, Black||$58|
|SSD Drive||Samsung 840 Pro 256GB SATA III MZ-7PD256BW||$170|
|HD Drive||WD Black 1TB WD1003FZEX 7200 RPM 64MB cache SATA 6.0Gb/s||$80|
|BD/DVD/CD||Samsung DVD Burner 24x SATA Model SH-224BEBE||$20|
|OS||Ubuntu 14.04 64bit||$0|
Secret Share in Java on Maven Central
Just completed a release of the Secret Share in Java project to Maven Central.
Search for it using search.maven.org.
This release features a “simplex” matrix solver implementation (Thanks to Pat J) that greatly speeds up the “combine” operation, and greatly increases the number of shares that can be handled.
First, run the “uploadArchives” target. Make sure all of the uploads report no error (e.g. “Transferring nnnK” matches “Uploaded nnnK”.
Second, go to the sonatype console at https://oss.sonatype.org/#stagingRepositories
The Sonatype web interface continues to be “less than optimal”. First, if that link does not display the menu item “Build Promotion” on the left hand side, you must switch browsers (to IE).
Once you can see those menu items, select “Staging Repositories”, then enter the search string. If the result line does not have a “select check box” on the left hand side of the line, then you will need to find yet another browser (or you have entered your search in the wrong mode – you must be in “Staging Repositories”, not the generic search). Once you can see that check box, select it, and details will appear in the window below. In addition, the button row, starting with “Refresh”, will now show a “Close” button. Push it. Wait a minute, navigate away from the page and then back, and when you select it it will show a “Release” button. Push that.
(Just FYI to everyone out there, since this is not easy to find right now.)
If you’re seeing this message:
mpt2sas0: log_info (0x31080000): original (PL), code (0x08), sub_code (0x0000)
Then you need to visit http://mycusthelp.info/LSI/_cs/AnswerDetail.aspx?&inc=8484
The short answer: Avago Tech (which acquired LSI in 2014) performed a stealth update to the P20 driver .zip artifacts on 21-MAY-2015. Re-download the P20 .zip that contains the firmware (the xxxx_P20_IR_IT_Firmware_BIOS_for_MSDOS_Windows downloads contain the firmware .bin file), and upgrade your LSI firmware to the 20.00.04.00 version. Sadly, neither the .zip nor the .bin are named that way.