Guess the block device

Which block devices produce these results? Please put your answer in the comment box below. The output are generated by hdparm -Tt.

Device A:
Timing cached reads: 392 MB in 2.00 seconds = 195.80 MB/sec
Timing buffered disk reads: 62 MB in 3.07 seconds = 20.17 MB/sec

Device B:
Timing cached reads: 6276 MB in 2.00 seconds = 3145.45 MB/sec
Timing buffered disk reads: 732 MB in 3.00 seconds = 243.72 MB/sec

Device C:
Timing cached reads: 1754 MB in 2.00 seconds = 876.83 MB/sec
Timing buffered disk reads: 374 MB in 3.01 seconds = 124.12 MB/sec

 

Tiny Tiny RSS as a replacement for Google Reader

Google is discontinuing Google Reader by July this year. I subscribe to quite a lot of RSS feeds. It is therefore important for me to find a replacement for it. Personally I prefer to use an always-online solution. I know there are plenty desktop clients. However they require your computer to be physically on to check the feeds. This is less than ideal. You might miss out on those frequently updated feeds, by not turning on your computer. There are quite a few commercial solution on the web, such as feedly and The Old Reader. However we all agree that is cooler to have something that you have total control, right?

Tiny Tiny RSS look very similar to Google Reader. It is also available in Debian Unstable repository. Even if you are not running Debian Unstable, you can still install only some packages from Debian Unstable. If you don’t want to change the settings for your package manager, you can try and download the package itself and install it directly. You might need to run “apt-get –f install” to fix dependency after the installation. It is really easy to set up the package.

I have tried running Tiny Tiny RSS on my Raspberry Pi. My Raspberry Pi is from one of the first batches of version B. It only has 256MB of ram. It is painfully slow. So please don’t do that. I think part of the problem is that I am running Transmission and I2P on my Raspberry Pi. The load average hovers around 0.6 normally anyway.

Anyway, if you can’t be bothered to set your own Tiny Tiny RSS up, you are free to use mine.

Tips on Installing I2P on Raspberry Pi

I2P is one of those software that’s best left running forever. Raspberry Pi is one of those platform that’s perfectly suitable for such task. I suppose you could leave your Raspberry Pi running “behind the enemy line”, and you can access it through the I2P darknet.

Installing I2P on Raspberry Pi is simple. Although you need to install a JVM first. You can do that by running:

sudo apt-get install default-jre-headless

You can follow the standard procedure described in I2P website. I installed mine to /opt/i2p. That folder is owned by a local user. I then installed I2P as a service, by running

/opt/i2p/i2prouter install

I then configured i2prouter to run as a local user.

Now here is the important part, the default JVM at its default configuration is very slow. According to various posts, it doesn’t seem to doing Just-In-Time(JIT) compilation, it actually interprets Java bytecode. If you simply start I2P now, your load average will shoot through the roof.

You need to modify /opt/i2p/wrapper.config, added these lines at the appropriate location:

# Use CACAO to increase execution speed
wrapper.java.additional.5=-cacao

I added it after

“wrapper.java.additional.4.stripquotes=TRUE”.

An alternative for using CACAO would be installing Oracle Java SE 8 (with JavaFX) Developer Preview for ARM. This is actually how I actually run my I2P. More instruction is available at here. If you don’t use Java SE 8, then you need to revert your modification to wrapper.config.

If you run I2P now, the load average should be between 0.5 to 1, your mileage may vary though.

You might want to change your I2P’s settings so you can access I2P from other computers within your network.By default I2P only listen to the localhost. More instructions are here. You shouldn’t modify runplain.sh, because we are not using it here. You shouldn’t move the integer library, they seem to have fixed it. You might want to change 0.0.0.0 to a specific adapter’s IP address, for security reason. For example, rather than having:

clientApp.0.args=7657 ::1,127.0.0.1 ./webapps/

I have

clientApp.0.args=7657 ::1,127.0.0.1,192.168.0.1 ./webapps/

I hope this post helps.

 

 

A script to reset the network when ping fails

I live in a place with dodgy wifi connection, sometimes the Wifi adapter says that it is connected, but I can’t send packets. Therefore I have this in my root’s crontab. It works quite well.

EDIT: reset is now called wifi_reset, because reset is actually a command on its own.

#!/bin/bash

function wifi_reset {
echo
echo “Disabling wlan0″
echo
/sbin/ifdown wlan0
echo
echo “Re-enabling wlan0″
echo
/sbin/ifup wlan0
echo
echo “Done!”
}

ping -c 1 www.google.com > /dev/null 2>&1

if [ $? -ne 0 ]; then
echo “Network down!”
wifi_reset
fi

HOSTS=”www.google.com”
COUNT=10
for myHost in $HOSTS
do
count=$(ping -c $COUNT $myHost | grep ‘received’ | awk -F’,’ ‘{ print $2 }’ | awk ‘{ print $1 }’)
if [ $count -le 5 ]; then
# 50% failed
echo “Poor network performance!”
wifi_reset
fi
done

Installing WordPress on Debian

Right, if you want to install WordPress, then don’t bother with the one in the repository. It over-complicates things by putting the WordPress scripts outside /var/www. Perhaps it is better for security, but the resulting installation is a pain to use and maintain. You can’t do auto-update, and you can’t install plugins without installing a FTP server.

You should follow the tutorial at:http://codex.wordpress.org/Installing_WordPress, before you start, remember to set the owner of /var/www to www-data:www-data, and set the permission of the folder to 775.

If you want to use permalink like me, you need to enable Apache rewrite mod by typing “a2enmod rewrite” as the root, then modify the your /etc/apache2/sites-available/default according to  http://tymonn.wordpress.com/2009/07/31/how-to-enable-mod_rewrite-in-apache2-debianubuntu/

And that’s about it. If you use the WordPress package in the repository, you will have a “fun” time of setting the whole thing up.

OpenVPN IPv6 Tunnel Linux Client Configuration

I have finally decided to give my Raspberry Pi proper IPv6 access. I assume you have followed my previous guide on configuring OpenVPN IPv6 tunnel broker. You need to add these lines to your OpenVPN client configuration file:

script-security 2

up “/etc/openvpn/turing-up.sh”

down “/etc/openvpn/turing-down.sh”

This is the content of turing-up.sh:

#!/bin/bash

/sbin/dhclient -6 -pf /var/run/turing.ipv6.pid tap0

This is the content of turing-down.sh:

#!/bin/bash

kill $(echo $(cat /var/run/turing.ipv6.pid))

rm /var/run/turing.ipv6.pid

Basically the modification automatically attaches a dhclient on the new tap interface, and kill it when the tunnel is torn down.

Create an OpenVPN based IPv6 tunnel broker

Introduction

It is indeed possible to use OpenVPN for tunnelling IPv6 traffic. OpenVPN’s packets work at the transport layer, while the packets for the traditional 6in4 tunnel work at the Internet layer. OpenVPN works at a higher level. For a 6in4 tunnel to work, your router needs to be able to route IP packet with the IP protocol header of 41. This may not always happen, your router may not support that, or perhaps the administrators have configured the network to drop such packet. However OpenVPN will work as long as you can still send out TCP or UDP packets.

The basic idea is to use OpenVPN in TAP mode, and use that to forward IPv6 packets. TAP mode operates in the link layer (layer 2), so it won’t care about the data that gets transported in (layer 3). IPv6 is a basically a network layer protocol.

So let’s get started. I assume you are using a Debian based distribution.

Procedure

Setting up the Ethernet Bridge

First you need to install uml-utilities and bridge-utils. Then create a network bridge with a TAP adapter. Of course you can add in more adapters to the bridge if you want. You can do this by configuring your /etc/network/interface, for example:

iface br0 inet static

address 10.10.4.1

netmask 255.255.255.0

bridge_ports tap0

pre-up /usr/sbin/tunctl -t tap0

 

iface br0 inet6 static

address 2001:470:d:c68::1

netmask 64

Note, the bridge’s IPv4 address will be OpenVPN server’s address. You can only configure OpenVPN to assign IPv4 address within the range specify by the network mask of the bridge. Note that you might not need to configure IPv4 settings for this OpenVPN tunnel, however I haven’t tried it yet. Sometimes OpenVPN clients don’t bring up the TAP virtual adapter if you don’t supply IPv4 settings.

Setting up the OpenVPN Server

You can set up OpenVPN by following this tutorial. You need to set up OpenVPN in bridge mode. You need to specify the virtual adapter as the one you use in the bridge, in our case: tap0. You need to use the “server-bridge” directive rather than the “server” directive, as you are creating bridging mode OpenVPN. In our example, the “server-bridge” line looks like this:

server-bridge 10.10.4.1 255.255.255.0 10.10.4.2 10.10.4.254

For more information on OpenVPN’s configuration, please refer to its manual.

Setting up the IPv6 router

Then follow you need to follow this tutorial to get IPv6 connectivity for your server. The interface for LAN adapter is br0, rather than eth-lan in the tutorial.

I haven’t managed to make the whole thing to work purely using stateless autoconfiguration via Neighbour Discovery Protocol with radvd. I use a DHCPv6 server to assign IPv6 addresses and push the DNS server information. You need to add the following flags in the “interface” section of radvd.conf:

AdvManagedFlag on;

AdvOtherConfigFlag on;

More information is available in radvd.conf’s manual page.

For the DHCPv6 server, I use the package wide-dhcpv6-server. It is fairly straightforward to configure. Please refer to its manual page for more information.

More examples of radvd configuration or DHCPv6 server configuration are available at here.

Clients

Windows 7

If you have Windows 7, you simply need to use your OpenVPN client to connect to the server. You need to enable IPv6 on the virtual adapter that OpenVPN uses. You simply need to configure the adapter to use DHCP to get its configuration.

Linux

If you have Debian-based Linux distribution and you configured .conf files at /etc/openvpn, you need to get the DHCP client to configure IPv6 on the TAP interface. Assuming tap0 is the virtual adapter OpenVPN uses, you can run the following as the root:

dhclient -6 tap0

I suppose you could run this automatically by specifying the “up” directive in your .conf file.

Iodine IPv4 over DNS tunnel

There are times when your Internet access is very limited. For example in an airport, there might be wireless access points, but you have to pay for them. Interestingly, the DNS servers associated with the wireless access point can still perform DNS lookups correctly. This is when Iodine comes in.

Iodine is basically a fake DNS server. The client sends out really long DNS request, while the server responds with weird and wonderful DNS record. More information on roughly how everything is implemented can be found here.

Configuring Domain

You need to configure domains first. You can get free subdomains at FreeDNS. After registering at FreeDNS, click “Subdomains” and add a type A record. You need to type in your preferred subdomain name in the “Subdomain” box. You should put your server’s permanent IP address in the Destination.

If you do not have a server with permanent IP address, you can use your home broadband. You need to configure dynamic DNS service for your home broadband. In FreeDNS’s Subdomains section, you need to create a CNAME record rather than A record. The destination points to your dynamic DNS domain name.

You then need to add another NS record, which points to the subdomain you have just added.

You might want to ask, why I did not point the NS record straight to an IP address. This is because NS record can only contain domain names.

Server Configuration

You need a Linux machine for server. In Debian/Ubuntu, you can simply type:

apt-get install iodine

Then you need to edit your /etc/default/iodine. You need to make it look like this:

START_IODINED=”true”

IODINED_ARGS=”-c 10.10.10.1 tunnel.crabdance.com”

IODINED_PASSWORD=”your_password”

“tunnel.crabdance.com” is your NS record. “10.10.10.1″ is the server’s IP address on the tunnel interface. The client will be given the next IP address available in the range. The default network mask is /27. “-c” stops iodine daemon from checking the IP address of the incoming UDP packet. This is less secure, however if your DNS request passes through a cluster of DNS servers, the IP address may change during connection.

Now start your server:

/etc/init.d/iodined start

Using the Client

Iodine client is available for both Linux and Windows. You simply call the client’s binary in a terminal window.

In Linux, you type in:

iodine -P your_password tunnel.crabdance.com

In Windows, you need to first install OpenVPN‘s TAP virtual Ethernet adapter. When invoking iodine in Windows, you need to specify the adapter’s name using “-d” option. For example:

iodine -P your_password -d “OpenVPN” tunnel.crabdance.com

Where “OpenVPN” is the name of your virtual adapter.

You can also use the “-f” option to stop the iodine client from detaching from the terminal. This is useful for monitoring the status of the tunnel. You might want to put iodine in a terminal multiplexer, such as GNU Screen.

You can use the tunnel to do whatever you want. You could configure NAT on the server, and access Internet that way. An easier option would be to create a SSH dynamic tunnel to the server, and browse the Internet through that.