Apr 142014
 

I just checked my email, and see this:

Return-Path: < …>
X-Original-To: …
Delivered-To: …
Received: by atomos.longlandclan.yi.org (Postfix, from userid 0)
	id 67204200E27C; Sun, 13 Apr 2014 23:05:55 +1000 (EST)
Subject: [Fail2Ban] SSH: banned 138.91.144.167 from atomos
Date: Sun, 13 Apr 2014 13:05:55 +0000
From: Fail2Ban < …>
To: …
Message-Id: <20140413130556.67204200E27C@atomos.longlandclan.yi.org>

Hi,

The IP 138.91.144.167 has just been banned by Fail2Ban after
5 attempts against SSH.


Here is more information about 138.91.144.167:


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=138.91.144.167?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       138.91.0.0 - 138.91.255.255
CIDR:           138.91.0.0/16
OriginAS:       
NetName:        MICROSOFT
NetHandle:      NET-138-91-0-0-1
Parent:         NET-138-0-0-0-0
NetType:        Direct Assignment
RegDate:        2011-06-22
Updated:        2013-08-20
Ref:            http://whois.arin.net/rest/net/NET-138-91-0-0-1


OrgName:        Microsoft Corp
OrgId:          MSFT-Z
Address:        One Microsoft Way
City:           Redmond
StateProv:      WA
PostalCode:     98052
Country:        US
RegDate:        2011-06-22
Updated:        2013-10-03
Comment:        To report suspected security issues specific to 
Comment:        traffic emanating from Microsoft online services, 
Comment:        including the distribution of malicious content 
Comment:        or other illicit or illegal material through a 
Comment:        Microsoft online service, please submit reports 
Comment:        to:
Comment:        * https://cert.microsoft.com.  
Comment:        
Comment:        For SPAM and other abuse issues, such as Microsoft 
Comment:        Accounts, please contact:
Comment:        * abuse@microsoft.com.  
Comment:        
Comment:        To report security vulnerabilities in Microsoft 
Comment:        products and services, please contact:
Comment:        * secure@microsoft.com.  
Comment:        
Comment:        For legal and law enforcement-related requests, 
Comment:        please contact:
Comment:        * msndcc@microsoft.com
Comment:        
Comment:        For routing, peering or DNS issues, please 
Comment:        contact:
Comment:        * IOC@microsoft.com
Ref:            http://whois.arin.net/rest/org/MSFT-Z

OrgTechHandle: MRPD-ARIN
OrgTechName:   Microsoft Routing, Peering, and DNS
OrgTechPhone:  +1-425-882-8080 
OrgTechEmail:  IOC@microsoft.com
OrgTechRef:    http://whois.arin.net/rest/poc/MRPD-ARIN

OrgAbuseHandle: MAC74-ARIN
OrgAbuseName:   Microsoft Abuse Contact
OrgAbusePhone:  +1-425-882-8080 
OrgAbuseEmail:  abuse@microsoft.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/MAC74-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

Regards,

Fail2Ban
atomos ~ # grep 138.91.144.167 /var/log/auth.log ; zgrep 138.91.144.167 /var/log/auth.log-20140*.gz
Apr 13 23:05:40 atomos sshd[3143]: Did not receive identification string from 138.91.144.167
Apr 13 23:05:40 atomos sshd[3144]: SSH: Server;Ltype: Version;Remote: 138.91.144.167-1025;Protocol: 2.0;Client: JSCH-0.1.51
Apr 13 23:05:41 atomos sshd[3144]: SSH: Server;Ltype: Kex;Remote: 138.91.144.167-1025;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth]
Apr 13 23:05:41 atomos sshd[3144]: SSH: Server;Ltype: Authname;Remote: 138.91.144.167-1025;Name: support [preauth]
Apr 13 23:05:48 atomos sshd[3144]: Invalid user support from 138.91.144.167
Apr 13 23:05:48 atomos sshd[3144]: Postponed keyboard-interactive for invalid user support from 138.91.144.167 port 1025 ssh2 [preauth]
Apr 13 23:05:49 atomos sshd[3203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.91.144.167 
Apr 13 23:05:51 atomos sshd[3144]: error: PAM: Authentication failure for illegal user support from 138.91.144.167
Apr 13 23:05:51 atomos sshd[3144]: Failed keyboard-interactive/pam for invalid user support from 138.91.144.16  port 1025 ssh2
Apr 13 23:05:51 atomos sshd[3144]: Postponed keyboard-interactive for invalid user support from 138.91.144.167 port 1025 ssh2 [preauth]
Apr 13 23:05:51 atomos sshd[3236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.91.144.167 
Apr 13 23:05:54 atomos sshd[3144]: error: PAM: Authentication failure for illegal user support from 138.91.144.167
Apr 13 23:05:54 atomos sshd[3144]: Failed keyboard-interactive/pam for invalid user support from 138.91.144.16  port 1025 ssh2
Apr 13 23:05:54 atomos sshd[3144]: Received disconnect from 138.91.144.167: 3: com.jcraft.jsch.JSchException: Auth cancel [preauth]

Seriously, some dodgy ISP in Russia or Asia having a crack, I’ll ignore it. But a big company like you? I expect better behaviour.

Apr 122014
 

Well, it seems user interfaces are going around in circles again. Just recently, I’ve been meeting up with the Windows 8.1 style UI. One of my colleagues at work uses this as his main OS, we also have a VM image of Windows Server 2012 R2 (a 180-day evaluation).  One thing I will say, it’s a marginal improvement on Windows 8.  But is it all that new?

win2012r2

Now, the start screen is one of the most divisive aspects of the Windows 8 UI.  Some love it, some hate it.  Me?  Well the first incarnation of it was an utter pigsty, with no categorisation or organisation.  That has improved somewhat now that you can organise tiles into groups.

But hang on, where have I seen that before?

winnt31-1

That looks… familiar… Let me scroll over to the right a bit…

winnt31-2Ohh, how rude of me!  Allow me to introduce you to an old acquaintance…

winnt31-3This, is Windows NT 3.1.  What one might call the first real ancestor of Windows 8.1.  Everything that came before was built on DOS, Windows 8.1 basically calls itself Windows NT 6.3 beneath the UI.  This is the great-great-great-great-great-great-great-great-grandparent of today’s Windows desktop OS.  Yeah, it’s been that many releases: 8.0, 7, Vista, XP, 2000, NT 4, NT 3.51 and NT 3.5 all sit in between.

Now the question comes up, how is it different?  Sure there are similarities, and I will admit I exaggerated these to make a point.  The Program Manager normally looks more like this:

winnt31-4The first thing you’ll notice that the Program manager (the closest you’ll get to the “start screen”) doesn’t normally occupy the full screen, although you can if you ask it to.  In fact, it will share the screen with other things you might have open:

winnt31-5This is good for both novice and power user alike.  The power user is likely wanting to launch some other application and will be thinking about the job at hand.  The novice might have instructions open that they’re trying to follow.  In neither case, do you want to interrupt them with an in-your-face full screen launcher; a desktop computer is not a smartphone.

The shortcoming of the original Program Manager interface in terms of usability was that you were limited to two levels of hierarchy, with the top-level containing only program groups, and the lower level containing only program icons.  The other shortcoming was in switching applications, you either had to know the ALT+TAB shortcut or minimise/restore full-screen applications so you could see the other applications or their icons.  There was no status area either.

Windows 95 improved things in that regard, the start menu could show arbitrary levels and the taskbar provided both a status area and a screen region dedicated to window selection.  As the installer put it, changing applications was “as easy as changing channels on TV”.  (Or words to that effect.  I’ve ran the Windows 95 installer enough times to memorise two OEM keys off-by-heart but not well enough to remember every message word-for-word.)  Windows NT 4.0 inherited this same interface.

This remained largely unchanged until Windows XP, which did re-arrange some aspects of the Start menu.  Windows 2000/ME made some retrograde changes with respect to network browsing (that is, “My Network Places” vs “Network Neighborhood”[sic]) but the general desktop layout was the same.  Windows Vista was the last version to offer the old “classic” menu with it disappearing altogether in Windows 7.  The Vista/7 start menu, rather than opening out across the desktop as you navigated, confined itself to a small corner of the screen.  Windows 8 is the other extreme.

Windows 8, the start screen takes over.  There’s no restore button on this “window”, it’s all or nothing.  Now, before people point me out to be some kind of Microsoft-hater (okay, I do endulge in a bit of Microsoft-bashing, but they ask for it sometimes!) I’d like to point out there are some good points.

The Start screen isn’t a bad initial start point when you first log in, or if you’ve just closed the last application and wish to go someplace else.  It’s a good dashboard, with the ability to display status information.  It’s also good for touch use as the UI elements are well suited to manipulation by even the most chubbiest of digits.

What it is not, is a good launcher whilst you’re in the middle of things.  A more traditional Start menu with an item to open the Start Screen would be better here.  It also does a very poor job of organising applications: something Windows has never been good at.

So I guess you’ve all worked it out by now that I’m no fan of the Windows UIs in general, and this is especially true of Windows 8.1/2012 R2.  Not many UIs have a lower approval rating in my opinion.  The question now of course, is “how would I do things different”?  All very well to have an opinion about what I don’t like, and so far the IT industry has pushed back on Microsoft and said: “We don’t like this”.  The question is, how do they improve.

Contrary to what some might think, my answer is not to roll the UI back to what came in Windows 7.  The following are some mock-ups of some ideas I have decided to share.

Meet a desktop that for now we’ll call the “Skin The Cat” desktop.  The idea is a desktop that provides more than one way to perform typical actions to suit different usage scenarios.  A desktop that follows the mantra… “there’s more than one way to skin a cat”.  (And who hasn’t wanted to go skin one at some point!)  No code has been written, the screenshots here are entirely synthetic, using The Gimp to draw what doesn’t exist.

mockup-desktopSo here, we see the STC desktop, with two text editors going and a web browser (it’s a quiet day for me).  I’ve shown this on a 640×480 screen just for the sake of reducing the amount of pixel art, but this would represent a typical wide-screen form-factor display.

You’ll notice a few things:

  • Rather than having the “task bar” down the bottom, I’ve put it up the left side.
  • The launch bar (as I’ll call it) has two columns, one shows current applications, the other shows that application’s windows.
  • Over on the right, we have our status area, here depicting volume control, WiFi, battery and mail icons, and a clock down the bottom.
  • Bottom left is a virtual desktop pager.  (MacOS X users would call these spaces.)

Why would I break Microsoft tradition and use this sort of layout?  My usual preference is to have the launch bar up the top of the screen rather than down the side, as that’s where your application menus are.  However, monitors are, for better or worse, getting wider rather than taller.  So while there’s plenty of space width-wise, stacking bars horizontally leads to one being forced to peer at their work through the proverbial letter-box slot.  This leaves the full height for the application.

I group the windows by the application that created them.  All windows have a border and title bar, with buttons for maximizing, iconifying (minimising, for you Windows folk) and closing, as well as a window options menu button, which also displays the application’s icon.

So how does this fit the “skin the cat” mantra?  Well the proposal is to support multiple input methods, and to be able to switch between them on the fly.  Thus, icons should be big enough you can get your thumb onto them with reasonable accuracy, most common window operations should be accompanied by keyboard actions, and the controls for a window should be reasonably apparent without needing special guidance.  More importantly, the window management should stay out of the way until the user explicitly requests its attention by means of:

  • clicking on any title bar buttons or panel icons with the mouse
  • tapping on the title bar of a window or on panel icons with one’s finger
  • pressing an assigned key on the keyboard

Tapping on the title bar (which is big enough to get one’s finger on) would enable other gestures momentarily to allow easier manipulation with one’s fingers.  The title bar and borders would be enlarged, and the window manager would respond to flick (close), pinch (restore/iconify or maximise) and slide (move) gestures.

Tapping the assigned keyboard key or keystroke (probably the logo/”Windows”/command key, inference being you wish to do give the window manager a command) would bring up a pop-up menu with common window operations, as well as an option for the launch menu.

Now this is good and well, but how about the launcher?  That was one of my gripes with Windows for many years after all… Well let’s have a look at the launch menu.

mockup-launcherSo here we’ve got a user that uses a few applications a lot.  The launcher provides three views, and the icons are suggestive about what will happen.  What we see is the un-grouped view, which is analogous to the tiles in Windows 8, with the exception that these are just program launchers, no state is indicated here.

The other two views are the category view, and the full-screen view.  These are identical except that the latter occupies the full screen like the present start screen in Windows 8 does.  Optionally the category view (when not full screen) could grow horizontally as the tree is traversed.  Here, we see the full-screen version.  Over on the right is the same list of frequent applications shown earlier.  As you navigate, this would display the program items belonging to that category.

mockup-launcher-fullscrn

Here, we choose the Internet category.  There aren’t any program icons here, but the group does have a few sub-groups.  The “Internet” category name is displayed vertically to indicate where we are.mockup-launcher-fullscrn-inetLooking under Web Browsers, we see this group has no sub-groups, but it does have two program icons belonging to it.  The sub-group, “Web Browsers” is displayed vertically.  Tapping/clicking “Internet” would bring us back up to that level.mockup-launcher-fullscrn-inet-web

In doing this, we avoid a wall of icons, as is so common these days on Android and iOS.  The Back and Home links go up one level, and up to the top respectively.

The launcher would remember what state it was last in for next time you call it up.  So if you might organise specialised groups for given tasks, and have in them the applications you need for that task.  It’d remember you opening that group last time so you’d be able to recall applications as needed.

Window management is another key feature that needs to be addressed.  The traditional GUI desktop has been a cascading one, where dialogue boxes and windows are draw overlapping one another.  Windows 8 was a throw-back to Windows 2.1 in some ways in that the “Modern” (god I hate that name) interface is fundamentally a tiling one.

There are times when this mode of display is the most appropriate, and indeed, I use tiling a lot.  I did try Awesome, an automatic tiling window manager for a while, but found the forced style didn’t suit me.  A user should be able to define divisions on a given desktop and have windows tiled within them.  The model would be similar to how spreadsheet cells are resized and optionally merged.  A user might initiate tiled mode by defining the initial number of rows and columns (which can be added or subtracted from later).  They then can “snap” individual windows to groups of cells, resizing the divisions as required.  Resizing and moving a window would then move in units of one “cell”.

At the request of the user, individual windows can then be “floated” from the cellular layout allowing them to be cascaded.  Multiple windows may also occupy a cell group, with the title bar becoming “tabbed’ (much like in FluxBox) to allow selection of the windows within that cell group.

I haven’t got any code for the above, this is just some ideas I’ve been thinking about for a while, particularly this afternoon.  If I get motivated, we may see a “skin the cat desktop” project come into existence.  For now though, I’ll continue to do battle with what I use now.  If someone (commercial or open-source motivated) wants to try and tackle the above, you’re welcome to.  However, the fact the ideas are documented here means there is prior art (in fact, there is prior art in some of the above), and I’d appreciate a little attribution.

Apr 122014
 

Hi all,

Well, this week has given the security world quite a shake-up as a result of the OpenSSL Heartbleed bug.  I’ve got no reason to suspect my key has actually been compromised, but two things made me decide to revoke my old key and issue a new one:

  • It was quite old, dating from 2011.  I think I’ll be replacing them every 2~3 years from now on.  (new one after two years, old one revoked a year later)
  • I’ve got no way to really know if my system was penetrated or not, better to be safe than sorry.

The following is my new key (minus the UIDs, I don’t want to encourage the spam):

pub   4096R/10BDE3B7 2014-04-11 [expires: 2017-04-10]
Key fingerprint = 9804 EB67 F914 61DE 967D  A1B0 4DFA 1914 10BD E3B7

Right now I’m going through and changing some of my passwords, just to be on the safe side. Thankfully I use a few different passwords (I have “classes” of passwords which I use for different tasks) so those getting revealed is less of a problem than it may have been.

The other good news is that my SSH keys haven’t been compromised, I have been gradually replacing my old DSA one with new RSA ones, and hadn’t copied the private key to my server yet (although the public one was in authorized_keys).  That, and my CA key used for this site, was kept on another computer, so it should be okay.  I’ve generated new SSL keys just in case though.

The new GPG key is signed with my old one, you can trust that signature if you wish.  Don’t trust anything signed by it after this date however.

Now, to re-train my muscle memory with these new passwords.  (sigh)

Apr 032014
 

Well, lately I’ve been doing some development work with OpenNebula.

We’ve recently deployed a 3-node Ceph cluster which we intend to use as our back-end storage for numerous things: among them being VM storage.  Initially I thought the throughput would be “good enough”, 3 hosts each with gigabit links supplying VM hosts with gigabit backhaul links.

It’d be comparable to typical HDDs, or so I thought.  What I didn’t count on in particular was the random-read latency introduced by round-tripping over the network and overheads.  When I tried Ceph with just libvirt, things weren’t too bad, I was close to saturating my 1Gbps link.  Put two VMs on and again, things hummed along.  Not blistering fast mind you but reasonable.

I got OpenNebula talking to it easy enough.  We’re running the stable version: 4.4.  There are a few things I learned about the way OpenNebula uses Ceph:

  • OpenNebula uses v1-format RBDs (the Ceph default actually)
  • Since v1 RBDs don’t support COW clones, instance images are copied.
  • Copying a 160GB image in triplicate over gigabit Ethernet takes a while, and brought our little cluster to a crawl.

Naturally, we’re looking into beefing up the network links and CPUs on the storage nodes, but I’ve also been looking at ways to reduce the load on the back-end cluster.  One is through caching.  There are a couple of projects out there which allow you to combine two types of storage, using a smaller, faster block device to act as a cache for a larger, slower device.  Two which immediately come to mind: FlashCache and bcache.

bcache is on the TODO list, it has a few more knobs and dials to be able to play with, and shares a single cache device with multiple back-end devices, so might yet be worth investing time in.

Sébastian Han posted a guide on doing RBD caching using FlashCache, and so my work has largely been based on this initial work.  I’ve been hacking up a OpenNebula datastore management and transfer management driver which harnesses FlashCache and the newer v2 RBD format to produce a flexible storage subsystem for OpenNebula.

The basic concept is simple enough:

  • Logical Volume Manager, is used to allocate slices of a SSD to use as cache for back-end RBDs.
  • For non-persistent images, a new copy-on-write clone of the base image is created
  • A flashcache composite device is produced using the LVM volume as cache and the RBD as the backend
  • KVM/QEMU/Xen uses this composite device like a regular disk

The initial attempt worked well for Linux VMs, read performance initially would be between 20MB/sec and 120MB/sec depending on network/storage cluster load.  Subsequent reads would then exceed 240MB/sec.  Write performance was limited to what the cluster could do, unless you used writeback mode at which point speed picked up dramatically.

Windows proved to be a puzzle, it seems some Windows images have an odd way of accessing the disk, and this impacts performance badly.  In many cases, the images were of a sparse nature, with most of the content being in the first 8GB.  So I made sure to allocate 8GB chunks of my SSD, and performed what I call pre-caching: seeding the contents of the SSD with the initial 8GB (or however big the SSD partition is) of the image.

That picks up the initial boot performance by a big margin, at the cost of the image taking a little longer to deploy in the PROLOG stage.

For those who are interested, some early code is available via git.

bcache might be worth a look-in as it has read-ahead caching.  I haven’t done so yet.  I’d like to split the caching subsystem out and have cache drivers much like we have for datastore managers and transfer managers alike.  The same concept would work for iSCSI/CLVM storage or Gluster storage as it does for Ceph.

Mar 272014
 

Well, the search goes on. This saga started out initially as questions began about where MH370 had gone.

As if a large aircraft could just disappear into thin air.

There’s no question that the plane has crashed. Almost certainly it crashed out in the ocean, a particularly nasty stretch of ocean that’s home to some of the roughest seas.

Sure, they’ll have life rafts and other safety devices on board. Anyone caught out in the ocean for this long would be long dead by now. To the families of those on board, I do offer my condolences.

The question remains as to why this happened though. I was thinking about this, this morning. The plane was destined for Beijing. It is understood it crashed somewhere south-west of Perth.

Far be it from me to raise conspiracy theories, but it got me thinking: was someone on that plane trying to take an Al Queda-esque swipe at Perth?

Update: Discussing the thought here, we rather suspect the 2 hour long recording on the flight recorder will be largely silent. It’s too far west for Perth, although there might’ve been intentions to alter course later. Something caused the course for the autopilot to be set down south, and the plane flew more-or-less dead straight. There are questions being raised about one of the pilot’s marital situation, which might hint at a suicide attempt. I guess I’ll stop here, and let the authorities do their investigation.

Feb 252014
 

Hi all,

This is more a note to myself on how to configure stgt to talk to a Ceph rbd. Everyone seems to recommend patching tgt-admin: this is simply not necessary. The challenge is the lax way that tgt-admin parses the configuration file.

My scenario: VMWare ESXi virtual machine host, needing to use storage on Ceph.
I have 3 storage nodes running ceph-mon and ceph-osd daemons. They also have a version of tgtd that supports Ceph. (See the ceph-extras repository.)

The /etc/tgt/conf.d/${CLIENT}.conf configuration file. (I’m putting all the targets for ${CLIENT} here.)

# Target naming: iqn.yyyy-mm.backwards.domain.your:client.target
# where yyyy-mm: year and month of target creation
# backwards.domain.your: Your domain name; written backwards.
# client.target: A name for the target, since it's for one client here I name it
# as the client's host name then give the rest some descriptive title.
<target iqn.2014-02.domain.my:my-client.my-target-name>
    driver iscsi
    bs-type rbd
    backing-store pool-name/rbd-name
    initiator-address ip.of.my.client
</target>

For better or worse, I run the tgt daemon on the Ceph nodes themselves. Multipath I’m not sure about at this point, I’ve set up the targets on all of my Ceph nodes so I can connect to any, but I have not tested this yet.

To enable that target:

# tgt-admin -v -e

Then to verify:

# tgt-admin -s

You should see your LUNs listed.

Jan 112014
 

I noticed when I went looking for soundmodem that its homepage had disappeared off the face of the ‘net, and with it, its source code.

Thankfully, there were some traces of it still around. The Wayback Machine had all bar the source code, and Debian had the rest of what I was looking for.

So you can find a mirror of the old soundmodem site, along with the software at the following address.

http://soundmodem.vk4msl.yi.org/

Dec 162013
 

Patrick Lauer posted a rather lengthy article regarding the issues of clothing sizing.

In essence, it’s his struggle, having known what his sizes were earlier suddenly discovering that the new clothing he buys, with the same size as his existing clothing, does not fit, despite his old clothes fitting just fine. Presumably his old clothes didn’t have a problem, therefore the summation is that the sizing standards have changed.

AMEN TO THAT!

You’ve just hit upon the #1 reason I despise shopping for clothes online or through any sort of “proxy” (i.e. getting someone else to buy you some). You just never know from looking at a size label whether it’ll “fit”. Doesn’t matter what the clothing is: shoes, trousers, shirts, jackets, gloves, hats, helmets … you’ve got to physically go there and try it on if you want to be sure.

Workwear tends to be more consistent, particularly items that companies sell less of. If I buy a pair of overalls, they tend to be consistent. High-vis polo shirts, usually not a problem. But casual stuff? All over the shop!

Add to this, I absolutely despise branded clothing. I’ll even go as far as to remove branding from clothing I buy if possible. One cap I bought had a small metallic logo sewn to it — that disappeared within 5 minutes. Another, had their logo embroidered on the back. Once again, I found myself picking at it to remove it. Both made in China I might add, and neither particularly cheap.

What do I look for? Plain, unbranded. Some might say “boring”. If it’s a shirt, I’ll tend to want something long sleeved, maybe hooded too in some cases: good for when I’m outside since being of fair complexion, a bit of sun exposure and I turn into Caucasian lobster very quickly. (White supremacy my arse!) Hats, I’m fussy: I tend to like styles that are rare, my last two purchases were a gatsby and a spitfire, I also have a stack of coolies.

I’m not fussy where it’s made, although if I see something made in this country, I’ll tend to jump on it. Sure, more expensive, but I’m all too conscious of the ridiculous mark-ups that get put on kit made in Pakistan, and I don’t fancy lining the pockets of people running shoddy factories.

I particularly object to mark-ups when the product is poorly sized, inferior quality, heavily branded and overpriced. Some of the “cheapest” (quality-wise) clothing I’ve seen, comes from “brand” name suppliers, is designed to last until it “goes out of fashion” (3 months) and is approaching triple-figures. I don’t fancy being a walking billboard, especially when I have to pay for the privilege and the product will be in the bin by that time next year.

I have a couple of polo shirts I recall paying quite decent money for. About $60 a piece if I recall. Both have developed tears around the wrist on the sleeves. From another shop I recall buying some hooded polo shirts. They had a logo sewn on to one sleeve (soon gotten rid of). Similar price. I bought three: a white one, a black one and a grey one. The grey one promptly shrank in the wash, it was fine in the shop but now no longer fits me, I’ve only worn it once. The black one developed some strange brownish markings on it.

So I’ve spent effectively $180 for a single shirt, as the other two are no longer in good condition. Made in China. Bugger that!

No, here’s what I’m after: plain, unbranded, will last weekly wear for a period of a few years, and a size label that’s accurate if I’m to purchase online.

Plus, I hate doing this online. I refuse to own a credit/debit card: my bank account is the old-fashioned passbook type because it forces me to be organised with my expenditure. I can only withdraw or transfer money during a bank’s opening hours, demonstrating either knowledge of the account number or holding the passbook, and supplying a signature in front of the cashier. That’s triple-factor authentication: nothing electronic comes close.

This restricts my payment methods somewhat. B-Pay and direct deposit are doable, as is telegraphic wire transfer. PayPal won’t work however, because with no credit card, there’s no ability for them to draw money out of the account. And I don’t trust them either.

I might yet give Bitcoin a try, since this is the sort of transfer that it’s intended for. They’re not meant to be hoarded, they’re meant to be passed around. Seems a good way to just buy just the quantity I need (paying by bank deposit or B-pay), then purchasing the goods I require. Maybe that’ll open up a few more sources.

However, I still then have to wait for a package to arrive. I like the immediacy of just strolling into a shop, seeing something I like, doing a quick check to see if it’ll fit, then walking to the counter, handing some cash over, and walking out with the newly purchased item. No ordering, no payment hassles, no courier, no guesswork on sizing and no post sales spam.

Admittedly, shops are no fun either, I actually dislike going into a shop to buy clothing. Especially since some insist on ghastly music, and have a guard standing at the door insisting on checking your bags, even if you merely take two steps in, look around (in their plain sight), decide you can’t stand the noise and (try to) walk out.

Is it any wonder I tend to frequent charity shops?

Nov 122013
 

Hi all,

Not often I have a whinge about something, but this problem has been bugging me of late more than somewhat.  I’m in the process of setting up an OpenStack cluster at work.  Now, as the underlying OS we’ve chosen Ubuntu Linux which is fine.  Ubuntu is a quite stable, reliable and well supported platform.

One of my pet peeves though, is when some package manager decides to get lazy.  Now, those of us who have been around the Linux scene have probably discovered RPM dependency hell… and the smug Debian users who tell us that Debian doesn’t do this.

Ho ho, errm… no, when APT wants to go into dummy mode, it does so with style:

Nov 12 05:32:27 in-target: Setting up python3-update-manager (1:0.186.2) ...
Nov 12 05:32:27 in-target: Setting up python3-distupgrade (1:0.192.13) ...
Nov 12 05:32:27 in-target: Setting up ubuntu-release-upgrader-core 
(1:0.192.13) ...
Nov 12 05:32:27 in-target: Setting up update-manager-core (1:0.186.2) ...
Nov 12 05:32:27 in-target: Processing triggers for libc-bin ...
Nov 12 05:32:27 in-target: ldconfig deferred processing now taking place
Nov 12 05:32:27 in-target: Processing triggers for initramfs-tools ...
Nov 12 05:32:27 in-target: Processing triggers for ca-certificates ...
Nov 12 05:32:27 in-target: Updating certificates in /etc/ssl/certs... 
Nov 12 05:32:29 in-target: 158 added, 0 removed; done.
Nov 12 05:32:29 in-target: Running hooks in /etc/ca-certificates/update.d....
Nov 12 05:32:29 in-target: done.
Nov 12 05:32:29 in-target: Processing triggers for sgml-base ...
Nov 12 05:32:29 pkgsel: installing additional packages
Nov 12 05:32:29 in-target: Reading package lists...
Nov 12 05:32:29 in-target: 
Nov 12 05:32:29 in-target: Building dependency tree...
Nov 12 05:32:30 in-target: 
Nov 12 05:32:30 in-target: Reading state information...
Nov 12 05:32:30 in-target: 
Nov 12 05:32:30 in-target: openssh-server is already the newest version.
Nov 12 05:32:30 in-target: Some packages could not be installed. This may 
mean that you have
Nov 12 05:32:30 in-target: requested an impossible situation or if you are 
using the unstable
Nov 12 05:32:30 in-target: distribution that some required packages have not 
yet been created
Nov 12 05:32:30 in-target: or been moved out of Incoming.
Nov 12 05:32:30 in-target: The following information may help to resolve the 
situation:
Nov 12 05:32:30 in-target: 
Nov 12 05:32:30 in-target: The following packages have unmet dependencies:
Nov 12 05:32:30 in-target:  mariadb-galera-server : Depends: 
mariadb-galera-server-5.5 (= 5.5.33a+maria-1~raring) but it is not going to 
be installed

Mmmm, great, not going to be installed. May I ask why not? No, I’ll just drop to a shell and do it myself then.

Nov 12 05:32:30 in-target: E: Unable to correct problems, you have held 
broken packages.

Now this is probably one of my most hated things about computing, is when a software package accuses YOU of doing something that you haven’t. Excuse me… I have held broken packages? I simply performed a fresh install then told you to do an install!

So let’s have a closer look.

Nov 12 05:32:30 main-menu[20801]: WARNING **: Configuring 'pkgsel' failed 
with error code 100
Nov 12 05:32:30 main-menu[20801]: WARNING **: Menu item 'pkgsel' failed.
Nov 12 05:37:38 main-menu[20801]: INFO: Modifying debconf priority limit from 
'high' to 'medium'
Nov 12 05:37:38 debconf: Setting debconf/priority to medium
Nov 12 05:37:38 main-menu[20801]: DEBUG: resolver (ext2-modules): package 
doesn't exist (ignored)
Nov 12 05:37:40 main-menu[20801]: INFO: Menu item 'di-utils-shell' selected
~ # chroot /target
chroot: can't execute '/bin/network-console': No such file or directory
~ # chroot /target bin/bash

We give it a shot ourselves to see the error more clearly.

root@test-mgmt0:/# apt-get install mariadb-galera-server
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 mariadb-galera-server : Depends: mariadb-galera-server-5.5 (= 
5.5.33a+maria-1~raring) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

Fine, so we’ll try installing that instead then.

root@test-mgmt0:/# apt-get install mariadb-galera-server-5.5
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 mariadb-galera-server-5.5 : Depends: mariadb-client-5.5 (>= 
5.5.33a+maria-1~raring) but it is not going to be installed
                             Depends: libmariadbclient18 (>= 
5.5.33a+maria-1~raring) but it is not going to be installed
                             PreDepends: mariadb-common but it is not going 
to be installed
E: Unable to correct problems, you have held broken packages.

Okay, closer, so we need to install those too. But hang on, isn’t that apt‘s responsibility to know this stuff? (which it clearly does).

Also note we don’t get told why it isn’t going to be installed. It refuses to install the packages, “just because”. No reason given.

We try adding in the deps to our list.

root@test-mgmt0:/# apt-get install mariadb-galera-server-5.5 
mariadb-client-5.5
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 mariadb-client-5.5 : Depends: libdbd-mysql-perl (>= 1.2202) but it is not 
going to be installed
                      Depends: mariadb-common but it is not going to be 
installed
                      Depends: libmariadbclient18 (>= 5.5.33a+maria-1~raring) 
but it is not going to be installed
                      Depends: mariadb-client-core-5.5 (>= 
5.5.33a+maria-1~raring) but it is not going to be installed
 mariadb-galera-server-5.5 : Depends: libmariadbclient18 (>= 
5.5.33a+maria-1~raring) but it is not going to be installed
                             PreDepends: mariadb-common but it is not going 
to be installed
E: Unable to correct problems, you have held broken packages.

Okay, some more deps, we’ll add those…

root@test-mgmt0:/# apt-get install mariadb-galera-server-5.5 
mariadb-client-5.5 libmariadbclient18
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libmariadbclient18 : Depends: mariadb-common but it is not going to be 
installed
                      Depends: libmysqlclient18 (= 5.5.33a+maria-1~raring) 
but it is not going to be installed
 mariadb-client-5.5 : Depends: libdbd-mysql-perl (>= 1.2202) but it is not 
going to be installed
                      Depends: mariadb-common but it is not going to be 
installed
                      Depends: mariadb-client-core-5.5 (>= 
5.5.33a+maria-1~raring) but it is not going to be installed
 mariadb-galera-server-5.5 : PreDepends: mariadb-common but it is not going 
to be installed
E: Unable to correct problems, you have held broken packages.

Wash-rinse-repeat!

root@test-mgmt0:/# apt-get install mariadb-galera-server-5.5 
mariadb-client-5.5 libmariadbclient18 mariadb-common
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libmariadbclient18 : Depends: libmysqlclient18 (= 5.5.33a+maria-1~raring) 
but it is not going to be installed
 mariadb-client-5.5 : Depends: libdbd-mysql-perl (>= 1.2202) but it is not 
going to be installed
 mariadb-common : Depends: mysql-common but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
root@test-mgmt0:/# apt-get install mariadb-galera-server-5.5 
mariadb-client-5.5 libmariadbclient18 mariadb-common libdbd-mysql-perl 
mysql-common
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libmariadbclient18 : Depends: libmysqlclient18 (= 5.5.33a+maria-1~raring) 
but 5.5.34-0ubuntu0.13.04.1 is to be installed
 mariadb-client-5.5 : Depends: mariadb-client-core-5.5 (>= 
5.5.33a+maria-1~raring) but it is not going to be installed
 mysql-common : Breaks: mysql-client-5.1
                Breaks: mysql-server-core-5.1
E: Unable to correct problems, you have held broken packages.

Aha, so there’s a newer version in the Ubuntu repository that’s overriding ours. Brilliant. Ohh, and there’s a mysql-client binary too, but it won’t tell me what version it’s trying for.

Looking in the repository myself I spot a package named mysql-common_5.5.33a+maria-1~raring_all.deb. That is likely our culprit, so I try version 5.5.33a+maria-1~raring.

root@test-mgmt0:/# apt-get install mariadb-galera-server-5.5 
mariadb-client-5.5 libmariadbclient18 mariadb-common libdbd-mysql-perl 
mysql-common=5.5.33a+maria-1~raring libmysqlclient18=5.5.33a+maria-1~raring 
mariadb-client-core-5.5
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  galera libaio1 libdbi-perl libhtml-template-perl libnet-daemon-perl 
libplrpc-perl

Bingo!

So, for those wanting to pre-seed MariaDB Cluster 5.5, I used the following in my preseed file:

# MariaDB 5.5 repository list - created 2013-11-12 05:20 UTC
# http://mariadb.org/mariadb/repositories/
d-i apt-setup/local3/repository string \
        deb http://mirror.aarnet.edu.au/pub/MariaDB/repo/5.5/ubuntu raring main
d-i apt-setup/local3/comment string \
        "MariaDB repository"
d-i pkgsel/include string mariadb-galera-server-5.5 \
        mariadb-client-5.5 libmariadbclient18 mariadb-common \
        libdbd-mysql-perl mysql-common=5.5.33a+maria-1~raring \
        libmysqlclient18=5.5.33a+maria-1~raring mariadb-client-core-5.5 \
        galera

# For unattended installation, we set the password here
mysql-server mysql-server/root_password select DatabaseRootPassword
mysql-server mysql-server/root_password_again select DatabaseRootPassword

So yeah, next time someone mentions this:

Gentoo: Increasing blood pressure since 1999.

it doesn’t just apply to Gentoo!

Sep 082013
 

Well, some might remember my time with a cheap and nasty Android tablet (some might call these “landfill Android”).  The device packaging did not once even acknowledge the fact that there was GPL’ed software onboard, let alone how one obtains the source.

I discovered it was based around the Vimicro VC0882 SoC.  Turns out, that’s the same as the ViewSonic ViewPad 10e, who do release their kernel sources on their knowledge base.

Thank-you ViewSonic, you have just helped me greatly!  Maybe I should track down one of your tablets and buy one in appreciation.