Going back to my roots: testing Mageia 4 beta

Many years ago I used to be a Mandriva user and contributor, mostly active in packaging software. I stopped my contributions because I had the feeling the distribution was having more and more trouble keeping up with all new evolutions in the GNU Linux free software world and was loosing ground to other, more innovative distributions. Finally I settled for Debian myself. Even though it is not always the most innovative distribution itself, I liked its open, independent community-based nature.

Now after all this time, I was curious to see how my former favourite distribution had evolved. Mandriva was forked by former Mandriva employees and contributors, and so Mageia was born. Mageia is currently developing version 4 of its distribution and released beta 2 two weeks ago, on 13 December 2013. I decided to try out this version.
Continue reading

Living in a surveillance state

Because of time constraints it has been a long time since I wrote something here. However, this is something I want to share with as many people as possible now: Mikko Hypponen’s talk titled “Living in a surveillance state”, last week at TEDxBrussels . If you think that you don’t have to fear the spying by the NSA, GCHQ and other state services because you have nothing to hide, or you are wondering what we can do against it, then you should definitely watch this. “Open source” is the key answer to the latter question by the way.

These are 20 very well spent minutes of your time.

Leap second causing ksoftirqd and java to use lots of cpu time

Today there was a leap second at 23:59:60 UTC. On one of my systems, this caused a high CPU load starting from around 02h00 GMT+2 (which corresponds with the time of the leap second). ksoftirqd and some java (glassfish) process where using lots of CPU time. This system was running Debian Squeeze with kernel 2.6.32-45. The problem is very easy to fix: just run

# date -s "`date`"

and everything will be fine again. I found this solution on the Linux Kernel Mailing List: http://marc.info/?l=linux-kernel&m=134113389621450&w=2. Apparently a similar problem can happen with Firefox, Thunderbird, Chrome/Chromium, Java, Mysql, Virtualbox and probably other processes.

I was a bit suprised that this problem only happened on this particular machine, because I have several other servers running similar kernel versions.

Multi-monitor support with Randr 1.3 and NVidia’s proprietary driver

I just got a second monitor at home and wanted to configure the two monitors with my NVidia graphics card. You can set up TwinView in the Nvida Settings application, however I did not like that solution: the next time I restarted X, all the settings were lost and the second monitor powered off. Also GNOME did not seem to behave correctly when the monitors went on stand by and I unlocked the desktop. The desktop appeared to be shifted over the monitors. The latter might be a bug of gnome-settings-daemon 3.2 and not Nvidia’s however.

However since the NVidia proprietary driver version 330 beta series, it finally supports Randr 1.3 so that you can configure dual screen with the configuration tools provided with your desktop. This driver is currently available in Debian Experimental. To install it (make sure you have experimental in your apt sources.list first, of course), run this command:

# apt-get install -t experimental xserver-xorg-video-nvidia

I also pulled in gnome-settings-daemon and gnome-control-center version 3.4 which appeared in Debian Sid today:

# apt-get install -t unstable gnome-settings-daemon gnome-contol-center

Now reboot your system (to be sure the new Nvidia kernel and X drivers are loaded), and then go System Tools – Preferences – System Settings (gnome-control-center in a terminal window) – Display. Enable the wo monitors, set the optimal (highest) resolution and drag them in the right position, click Apply, and confirm everything is working fine. Now you have a nice multi-monitor setup without needing to mess with NVidia’s twin view and without having to create a script to get the right settings applied automatically when X is started.

Creating your own GNOME session based on cairo-dock and Compiz

Personally I absolutely do not like the gnome-shell in GNOME 3. I actually even hate it: it is slow, messy and cumbersome to use and I have the feeling that developers are not listening to criticism. Obvious and trivial design bugs which are well known, are totally ignored (bug 662738 is an example).

For that reason, I went looking for an alternative desktop. KDE is way too bloated for a netbook with 1 GB of RAM, while XFCE is not as polished as a traditional GNOME 2.32 desktop. The best alternative I could find out right now, was to just replace the GNOME Shell by a custom panel or dock implementation. In the end I chose cairo-dock: it is written in C, so it is probably not as memory hungry as AWN (which uses Python) and Docky (which uses Mono, which I also consider as a possible patent minefield). Cairo-dock is also actively maintained. I paired cairo-dock with the compiz window manager to get some nicely looking desktop.
Continue reading

MegaCLI: useful commands

Recently I installed a server with a Supermicro SMC2108 RAID adapter, which is actually a LSI MegaRAID SAS 9260. LSI created a command line utility called MegaCLI for Linux to manage this adapter. You can download it from their support pages. The downloaded archive contains an RPM file. I installed mc and rpm on Debian with apt-get, and then extracted the MegaCli64 binary (for x86_64) to /usr/local/sbin, and the libsysfs.so.2.0.2 from the Lib_utils RPM to /opt/lsi/3rdpartylibs/x86_64/ (that’s the location where MegaCli64 looks for this library).

Here are some useful commands:

View information about the RAID adapter

For checking the firmware version, battery back-up unit presence, installed cache memory and the capabilities of the adapter:

# MegaCli64 -AdpAllInfo -aAll

View information about the battery backup-up unit state

# MegaCli64 -AdpBbuCmd -aAll

View information about virtual disks

Useful for checking RAID level, stripe size, cache policy and RAID state:

# MegaCli64 -LDInfo -Lall -aALL

View information about physical drives

# MegaCli64 -PDList -aALL

Patrol read

Patrol read is a feature which tries to discover disk error before it is too late and data is lost. By default it is done automatically (with a delay of 168 hours between different patrol reads) and will take up to 30% of IO resources.

To see information about the patrol read state and the delay between patrol read runs:
# MegaCli64 -AdpPR -Info -aALL

To find out the current patrol read rate, execute
# MegaCli64 -AdpGetProp PatrolReadRate -aALL

To reduce patrol read resource usage to 2% in order to minimize the performance impact:
# MegaCli64 -AdpSetProp PatrolReadRate 2 -aALL

To disable automatic patrol read:
# MegaCli64 -AdpPR -Dsbl -aALL

To start a manual patrol read scan:
# MegaCli64 -AdpPR -Start -aALL

To stop a patrol read scan:
# MegaCli64 -AdpPR -Stop -aALL

You could use the above commands to run patrol read in off-peak times.

Migrate from one RAID level to another

In this example, I migrate the virtual disk 0 from RAID level 6 to RAID 5, so that the disk space of one additional disk becomes available. The second command is used to make Linux detect the new size of the RAID disk.

# /usr/local/sbin/MegaCli64 -LDRecon -Start -r5 -L0 -a0
# echo 1 > /sys/block/sda/device/rescan

Extending an existing RAID array with a new disk

./MegaCli64 -LDRecon -Start -r5 -Add -PhysDrv[32:3] -L0 -a0

Create a new RAID 5 virtual disk from a set of new hard drives

First we need to now the enclosure and slot number of the hard drives we want to use for the new RAID disk. You can find them out by the first command. Then I add a virtual disk using RAID level 5, followed by the list of drives I want to use, specified by enclosure:slot syntax.

# MegaCli64 -PDList -aALL | egrep 'Adapter|Enclosure|Slot|Inquiry'
# MegaCli64 -CfgLdAdd -r5'[252:5,252:6,252:7]' -a0

Extending an existing RAID array with a new disk

First check the enclosure device ID and the slot number of the newly added disk with the command above. Then we reconstruct the logical drive, adding the new drive. For a RAID 5 array this command is used:

# MegaCli64 -LDRecon -Start -r5 -Add -PhysDrv[32:3] -L0 -a0

View reconstruction progress

When reconstructing a RAID array, you can check its progress with this command.
# MegaCli64 -LDRecon ShowProg L0 -a0

(replace L0 by L1 for the second virtual disk, and so on)

Configure write-cache to be disabled when battery is broken

# MegaCli64 -LDSetProp NoCachedBadBBU -LALL -aALL

Change physical disk cache policy

If your system is not connected to a UPS, you should disable the physical disk cache in order to prevent data loss.

# MegaCli -LDGetProp -DskCache -LAll -aALL

To enable it (only do this if you have a UPS and redundant power supplies):

# MegaCli -LDGetProp -DskCache -LAll -aALL

More information

http://ftzdomino.blogspot.com/2009/03/some-useful-megacli-commands.html
https://twiki.cern.ch/twiki/bin/view/FIOgroup/DiskRefPerc
http://hwraid.le-vert.net/wiki/LSIMegaRAIDSAS
http://kb.lsi.com/KnowledgebaseArticle16516.aspx

Fixing grub-probe error: Couldn’t find PV, check your device.map.

Today I was getting this error when installing a new kernel on a server running Debian:

/usr/sbin/grub-probe: error: Couldn't find PV pv2. Check your device.map.

The error can be reproduce by running the update-grub command.

The day before, a new RAID disk was added to this server, so I suspected this could be the cause. The file /boot/grub/device.map contained a reference to the first RAID disk as (hd0) but did not contain a reference to the new RAID disk. I ran

# ls -l /dev/disk/by-id/

to find out which SCSI ID referred to sdb (the new RAID disk), and then added the following line to device.map:


(hd1) /dev/disk/by-id/scsi-3600304800087c4f015fb4f2e4cc7a8e5

Now installing the new kernel works fine!

HP support: the end

So, how did the almost two month lasting struggle with HP’s support end (see part 1, part2)?

On Wednesday evening, I received a mail that a 160 GB SSD was sent and we received it on Thursday morning. Also during the same week, we received a 500 GB 7200 RPM hard drive, which was meant to be a temporary replacement until the 160 GB SSD was available again.

So things are finally solved for good. I am just surprised that the 160 GB SSD suddenly became available so quickly now (it was pretty useless to send a 500 GB disk if the SSD would arrive only a few days later). Is this just coincidence or did the complaining convince HP to finally make a real effort to find a replacement quickly? We will probably never know.

Tax-on-web with Debian and Firefox

In Belgium, we can fill out our tax form online on the Tax-on-web site using a smartcard reader and our electronic identity card. Unfortunately, things are rather complicated to set up, partly because the eID authentication is based on SSL renegotiation, a feature which is disabled by default in recent Firefox versions because it can be insecure. It is a bit disappointing that we have to rely on potentially vulnerable technologies to authenticate with our eID, but there is not much choice if you do not want to fill out the paper forms (or are too late, so that the electronic way is the only option).

First we need to make sure the smartcard reader works. I have a Dell Latitude E6400 laptop with a Broadcom smartcard reader which is supported by the ccid driver and required by the pcscd package in Debian. Note that the Broadcom 5880 as delivered by Dell in its Latitude laptops have a buggy firmware by default. You will need to update it by running some Windows tool. More information can be found on the ccid driver website or on the eID website. Note that also Windows is suffering from this problem, so even if you use Windows, you might need to install this update.

If you are using the traditional USB smartcard reader distributed by the government, which is an ACS ACR38, you will need the acr38u driver.

# apt-get install pcscd pcsc-tools libacr38u

To verify that the smartcard reader is working correctly, start up pcsc_scan and insert a smartcard (your eID or even a credit card is fine). Some diagnostic information about the card you inserted should appear automatically in your console. Press ctrl-C to exit pcsc_scan.

Now that the smartcard reader is working, we need to install the middleware and the Firefox plug-in:

# apt-get install beidgui beid-mozilla-plugin

Start up Firefox and open the menu Tools – Preferences. Click on the Advanced section and load the Encryption tab. Now click on Security Devices and click on the Load button. Enter a name (for example beid), and enter the path to the beid pkcs11 module. On Debian Wheezy it is: /usr/lib/libbeidpkcs11.so.3.5.2 . Be sure to check the filename, it might be different if you are using another version. If you cannot find it, try to run in a terminal:

# find / -name "*beidpkcs11*"

This command can also be used on Mac OS X, where the configuration procedure is actually similar to Linux.

To check whether the middleware is working correctly, you can load up beidgui and let it read your eID.

Now because tax-on-web uses SSL renegotiation, which is disabled by default in newer Firefox versions, we need to add an exception to Firefox’ configuration. Type about:config in the URL bar, confirm that you will be careful, and look for the setting security.ssl.renego_unrestricted_hosts. Double click on it, and enter the value ccff02.minfin.fgov.be

Now we need to make Firefox identify itself with version 3.5, otherwise the tax-on-web site will still complain that your browser is unsupported. Install the User Agent Switcher add-on, then in the tools menu, under User Agent Switcher, click on Edit user agents and then on New user agent. Type Firefox 3.5 as description and in the user agent replace Firefox/5.0 by Firefox/3.5 and in the app version 5.0 by 3.5. Now go to taxonweb.be, and then go to the Tools menu and change your user agent to Firefox 3.5. Now you should be able to identify yourself with our eID card. After using the tax-on-web site, do not forget to set your user agent back to the default user agent.

Health insurance CM with eID

The health insurance organisation CM also offers the possibility to log in to its website by the eID. To make it work, you use the same procedure as above, with one difference: the security.ssl.renego_unrestricted_hosts setting should also contain online.cm.be now. You can add multiple hosts by separating them by a comma, so you can set it to ccff02.minfin.fgov.be,online.cm.be