Humour geek

Posted on by lucas

Un collègue ne locke pas son poste de travail, et vous voulez lui faire une blague ? Un journal linuxfr propose quelques idées. Les plus fines :

  • Ctrl+s dans ses terminaux (mais il faut tomber sur quelqu’un qui ne connait pas)
  • setxkbmap dvorak (ou setxkbmap fr, selon le collègue !)
  • alias ssh=logout

Au passage, j’ai aussi découvert cowsay.

qemu 0.8.1 and tun/tap networking

Posted on by lucas

qemu’s documentation isn’t really crystal clear, and I lost a lot of time with this today.

The way you can link your guest system and your host system has changed between qemu 0.7 and 0.8, with the introduction of Virtual LANs. They are mandatory: you always have to use one, even if you only want to use one qemu instance.

When running qemu, you have to specify both endpoints :

  • the one to the host system (using -net tap)
  • the one to the guest system (using -net nic)

A working command line to start qemu looks like qemu -net nic -net tap -hda ….

Non-google Summer of Code proposal: Distributed monitoring of the Jabber network

Posted on by lucas

(This was initially a Google SoC project proposal. Someone got a grant to work on this, but then, he got another grant to work on another project, and he chose to work on the other one…)

The Jabber network isn’t really known for its reliability: servers are often down, or are unable to contact other servers. And most server admins don’t have tools to detect such problems. There’s some data on http://public.jabbernet.dk/mrtg/, but it’s far from being enough.

The goal of this project is to build a testing framework to be able to monitor the public servers and answer those questions :

  • Do client connections using SASL, TLS or SSL currently work on server foo.com ? (not only checking if the TCP port is open, but do full login)
  • Do server-to-server communications works between server foo.com and bar.com ? What about latency ? (To determine that, you need to connect to both servers and exchange ping messages)

Of course one would need a nice way to vizualize such data (matrix + rrdtool graphs ?)

Additional ideas :

  • Allow server admins to set a contact email, so they can be informed of problems (and/or provide an RSS feed)
  • Integrate this into the XMPP Federation

I would like to work on this, but I won’t have time. If you are interested, please contact me !

IP over DNS

Posted on by lucas

Sometimes, you are at an airport, hotel, train station, … Wireless Internet access is available, but very expensive, and you start to feel not so well because you haven’t checked your mail in the last 6 hours.

Often, DNS works : you can resolve everything, which is quite frustrating… But wait. Why can’t we tunnel IP packets into DNS packets ?

There are two existing solutions (to my knowledge) to do that. Both work using the same principle : you delegate a subdomain to a special DNS server (so you need to be able to run a DNS server somewhere, that means having UDP port 53 still available). Then, the client software issues DNS requests for TXT records in this subdomain. Data is encapsulated into those DNS requests.

NSTX (latest version, project page, Debian package) is written in C and tries to build a full VPN between you and the server. While it works, it doesn’t always work, probably because of some caching DNS servers which might not like your crafted packets. Also, it requires setting tun interfaces at both ends. So I gave up with it, and switched to OzymanDNS

OzymanDNS (latest release, no real documentation available) is a simpler alternative, written in Perl. It only allows you to tunnel a TCP connection, which is enough, because if you can establish an SSH connection, you can use SSH tunnelling, Socks proxying, or even build a full VPN with OpenSSH 4.3.

To run OzymanDNS, you need to install the necessary perl modules (Debian packages libnet-dns-perl and libmime-base32-perl, amongst others) on both ends. You also need to delegate a subdomain to your crafted server (we will use tunnel.example.com). Then :

  • On the server, start: ./nomde.pl -i 127.0.0.1 tunnel.example.com (the -i 127.0.0.1 is not important, it’s just the IP address the server returns in case it receives an A query).
  • On the client, run ssh with ProxyCommand: ssh -o ProxyCommand="./droute.pl sshdns.tunnel.example.com" localhost. The sshdns asks the server for a connection to localhost:22.
  • You know have an SSH connection open to the other end.

While it’s not very fast, it’s still quite usable for stuff like reading mails with mutt. Also, I experienced some crashes while trying to transfer a quite large file with scp over socks over ssh over IP over DNS, so there might be some bugs. If somebody wants to hack on this … :-)

Update: Nice presentation about all this stuff here.

Update 2: As mentionned in the comments, there’s also iodine, which is similar to nstx (tunnelling IP over DNS using tun devices on both ends). I also found DNScat. It’s written in Java, and can do tunnelling using ppp.

Jabber clients and OS usage stats (2)

Posted on by lucas

I already did this last september. This time, 1145 online clients from the Apinc Jabber server replied to the poll. It was done around 4:30 PM, french local time. Here are the results.

Systems :

  • GNU/Linux : 38% (in september 2005: 34%)
  • Windows : 37% (34%)
  • Mac OS : 18% (23%)
  • Others (AmigaOS, FreeBSD, NetBSD, OpenBSD, SunOS) : 0% (1%)
  • Unknown (Gaim doesn’t always report the OS) : 5% (6%)

Clients :

  • Psi: 28% (28%)
  • Gaim: 25% (25%)
  • iChatAgent: 13% (18%)
  • Kopete: 7% (7%)
  • Gajim: 5% (3%)
  • Pandion: 4% (2%)
  • libgaim: 4% (3%)
  • Miranda: 2% (1%)
  • neos: 2% (1%)
  • BitlBee: 1% (0%)
  • Exodus: 1% (1%)
  • Trillian: 1% (2%)
  • Unknown: 0% (none)
  • JBother: 0% (none)
  • JAJC: 0% (0%)

All clients with at least one reply are listed here.

I’ll let you do the analysis :-) I’m just quite happy with the fact that we know have much less Mac users (most of them were parasites only interested in the MSN gateway).

The scripts are available on request if you want to run them against your own server.

pipes and progress bars

Posted on by lucas

dd is a very frustrating application. You often run it through complex pipes (well, I do), and you never know if it’s performing well (or if you forgot to tune the HD perf with hdparm before). The only thing you can is wait.

Well, not quite. If you read the doc, you would have found this :

       Sending  a  USR1  signal  to  a running ‘dd’ process makes it print I/O        statistics to standard error and then resume copying.               $ dd if=/dev/zero of=/dev/null& pid=$!               $ kill -USR1 $pid; sleep 1; kill $pid               18335302+0 records in 18335302+0 records  out  9387674624  bytes               (9.4 GB) copied, 34.6279 seconds, 271 MB/s

Interesting, isn’t it ? But I’ve found something even more interesting : pv (packaged in Debian/Ubuntu).

Description: Shell pipeline element to meter data passing through  pv (Pipe Viewer) can be inserted into any normal pipeline between two processes  to give a visual indication of how quickly data is passing through, how long it  has taken, how near to completion it is, and an estimate of how long it will be  until completion.  .  To use it, insert it in a pipeline between two processes, with the appropriate  options. Its standard input will be passed through to its standard output and  progress will be shown on standard error.

It’s very easy to use :

# dd if=/dev/hda12 | pv |dd of=/dev/hda13 88.2MB 0:00:04 [23.3MB/s] [                                               ]

And it can even give an ETA if you use it like cat (e.g: pv file | nc -w 1 somewhere.com 3000).