Evergreen Security Now!

2007/01/25

I have started to listen the Security Now! podcasts from the very beginning – sometimes in summer 2005. Unlike some  news-and-rumours podcasts that sound kind of weird if you listen them month later, this one did not loose a bit of it’s freshness. Even listening the story of Sony Rootkit discovery again was very entertaining. I am now at first “mod-4” Q&A podcast, Number 16.

Every time I listen to Steve Gibson, one of two things happens. Either I learn something new, or I discover new, better way how to explain something I knew about in a very nice, accessible way. Steve’s handling of differences between WEP and WPA, explanation why MAC address filtering gives no security and his VPN coverage was an excellent example of the later.

On the NAS building front: I have decided to go with 4 SATA + 1 IDE configuration and keep all 4 SATA disks fully RAID-5-ed. I have not yet decided which distribution I will put on. Probably will start with OpenFiler, but Ubuntu looks pretty good too and deservers a try. Btw, Peter is trying to convince me to use BIOS RAID and build a Windows 2003 server – but that is still a Plan B. If time permits, will move the yardstick on Saturday night. It may be delayed, because the biometric security project is quickly approaching the release phase and – as usual – time will be a precious resource.

Advertisements

Webbits – 2007-01

2007/01/23

Webbit is like timbit – it comes in 12, 20 or 40 pack, contains many small pieces of different taste and color, is generally unhealthy but good, can be addictive and is nice addition to your morning “extra large, double cream” from Tim Hortons. Unlike from timbits, from webbits you will not get fat, only distracted. Enjoy !

The Quizstop allows you to select how fast are you reflexes with the mouse. Something for those with competitive gene among us (I mean you Igor, of course ;-).

Different kind of test is on http://jakemandell.com/tonedeaf/ It plays you two tone sequences and your job is to decide whether they are the same or not. Flash required.

Funny geek quotes. Free ebook on Programming in Ruby. Keyboard shortcuts for Mozilla Firefox.Timeline of Linux distros. 50 beautiful CSS designs. Very interesting blog idea – view from your window. Some views would be good as wallpaper, but if you need more variety, try the list of sites with nice wallpapers. Free ebook on Blender.

Few interesting blogs: on data/text mining, visualization and gis, on future of the books, visual communication, and even blog almost without words. Blog about programming in Cocoa environment on OS-X. Another rumor site on all things Apple. If you like better  DotNET, look here and here.

Interesting on-line test data generator.

For those of us who have daughters, here is something they (== the girls) may like.


FEOTD: Clippings – GMail’s best friend

2007/01/22
  • Thanks to Lifehacker I have discovered this extension which add missing piece of GMail functionality:

This very simple extension allows you to enter multiple sets of text (such as e-mail signatures) and paste them into forms simply by right-clicking.

Why is this such a big deal ? I am using GMail for both my personal and work stuff. To make sure my work related email appear as coming from company email address, I set the proper From address when composing an email. GMail can be configured to stay with the recipient address when replying. The only problem is signature. In private emails, I want to have link to the blog, in work emails, to company site. And GMail offers only one signature. With this extension, I do not use any signature from GMail, just simply insert correct one from the Clippings buffer.

There are other solutions Gmail multiple signatures Greasemonkey script but they are quite heavyweight for simple problem (which was main reason I did not try them out).

Get it at usual place.


The joys of open source NAS

2007/01/21

Well, as it looks like, I was prematurely ecstatic about the new open source based NAS server. While the hardware works great, I had not much luck so far with setting up the software on top of that.

My original idea was to use FreeNAS, let it boot and install into USB drive and use all 4 SATA disks in RAID 5 set up by BIOS. It did not work. FreeNAS does not see the RAID5 volume created by BIOS and keeps referring to 4 separate SATA drives. So does Openfiles and few other distributions. After the USB key was initialized, the system did not boot and stopped with error message ‘No Ufs’.

Some research later, I found out that the drivers for the chipset needs to be installed in order the hardware RAID to be recognized. In the process of searching I’ve learned more about RAID’s than I ever wanted to know 🙂 and found out that the hardware RAID I have is in reality half software solution and without loaded drivers and help from OS will not work. Not much surprise, one cannot expect from $110 mainboard to be everything for everybody.

I did few experiments with using 4 SATA disks as separate volumes and set up software RAID 5 in FreeNAS. It worked OK, so as long as you resolve the problem with booting, this almost would be a workable solution. For now, while I am experimenting with the system, it is booting from additional 40GB IDE drive. The “almost” part is bad surprise in FreeNAS capabilities. It allows you to create users and even groups (dunno why), but the access control is all or nothing. For volume, you can set level of authentication required – anonymous, local user or domain, but you cannot define any restrictions on access. For example, you cannot have read only access. This makes FreeNAS completely unsuitable for what I need – I must be able to export read only shares. To do that, I will very likely have to use normal Linux distribution (preferably some with Web based admin interface), and properly configure servers and security. It should not be terribly hard, the trouble is that I know too little about all that Linux-hardisks stuff. On the other hand, it is a great learning opportunity.

As for RAID, there are two possible ways ahead: option one is to get the BIOS RAID working. This would require to find the proper drivers for the Linux kernel version I will be using and learn how to add driver during Linux installation. The other is use software RAID provided by several distributions – e.g. by Openfiler. It may not be as bad as it sounds, because using software RAID inside Linux distributions is exactly what cheaper NAS devices are doing. It does not even have to mean that the performance will be much worse: the main reason these lower end NAS devices are slow in RAID configuration is not enough CPU power and enough memory – typically they have some ARM processor and 256 MB RAM. On my box, I have full Athlon 64 and 1 GB RAM, which is way more powerful.

The tricky part is how do divide the 4 disks into partitions so that I can place /boot and swap somewhere and keep the root partition on RAID-ed disk. It can be tricky, because the partitions that participate in RAID should have same size and you still need to place the /boot swap and the root partition somewhere. Because they are so important, it would be great if they could sit on RAID, but of course it is a chicken-egg problem, because the RAID is created after Linux boots.

I see two options (and you guys who actually do understand this stuff, feel free to correct me if I am completely wrong):

a) keep the IDE drive (which will hold the MBR, /boot, swap and root file system) for boot and Linux installation and create one partition per SATA disk, all combined into large RAID-5. This way, all space on SATA drives is utilized. The IDE is single point of failure, but if it fails, it should be quite easy to boot some LiveCD and reconfigure the access to the data, because the sofware RAID support is built into new kernels and should work the same, regardless of distribution. The most of the IDE disk space will be available – the Linux distribution will comfortably fit into 2-4 GB, and the rest of  80 GB (the smallest disk you can buy) can be exported as quick, no-RAID, working disk space (staging area or temp).

b) Partition the SATA disks so that the boot, swap and system partition are on the first disk. The size of the rest of disk wil be determining the primary RAID volume size. The equivalent sized partitions to the system size on the other disks are combined into second RAID5 volume. For example

hda1 – 100 MB = boot, hda2 – 2 GB = swap, hda3 – 4 GB = system, hda4 – 3xx GB = space for RAID 5
hdb1 – 100 MB = (copy of boot), hdb2 – 6 GB = space for vol2 RAID, hdb3 – 3xx GB = space for RAID 5
hdc1 – 100 MB = (copy of boot), hdc2 – 6 GB = space for vol2 RAID, hdc3 – 3xx GB = space for RAID 5
hdd1 – 100 MB = (copy of boot), hdd2 – 6 GB = space for vol2 RAID, hdd3 – 3xx GB = space for RAID 5

After that, there will be two RAID5 volumes: one created from hda4, hdb3, hdc3 and hdd3 – which have all same capacity and one created from hdb2, hdc2 and hdd2. The capacities of the volumes will be 3 x 3xx GB (about 900 GB) for big one and about 12 GB for the smaller one. If any of the disks hdb, hdc and hdd fails, nothing happens and after replacement data will be restored. If disk hda fails, in order to restore, the system must be started from LiveCD, reinstalled on hda (with exact partitions and RAID table) and after booting the data will be restored. Kind of complicated but maybe doable.

There is always plan B, of course: stay with BIOS RAID and use Windows 2003. It would have exactly same issues with drivers as Linux had, but I know how to install this one (as I have done it when we were setting up the development lab). The machine is powerful enough to run it. What would be nice, is that both OS and data would sit on RAID-ed volume. What I do not like on the Windows idea is the necessity of using GUI to do anything – the Remote Desktop is pretty much only practical way how to administer the system. And I would not learn much new either, I think …

Yep, more thinking and planning required. I will shelve the RAID project until next weekend. I have mixed feelings about all this. On one hand, it is great to be discovering new things and learning, but it takes so much time: after Yan built the box, we have tried to get it working until 3AM … Why things cannot “just work” as in Mac world ? If budget would not be problem, here is perfect RAID solution :-).


Dealing with digital mess: Local (offline) File Storage

2007/01/20

If you have digital camera or digital camcorder, you probably have a problem where to store the pictures and video so that they are readily available for viewing and protected against loss caused by hardware failure. How much storage you need depends on how many and how large pictures do you take and how heavy camcorder user you are. In my case, I have switched to shooting RAW on my D70, doing about 2000-4000 shots a year and the camcorder produces about 4-5 GB unprocessed video per hour of recording. After adding some free capacity for the document archives, some MP3 files, anything smaller than 500 GB will be probably too small. To have some space, I decided I better go for 1 Terrabyte of space.

The main advantage of the local disk storage is speed. Regardless how fast your Internet connection is, it is nothing like 1 GB Ethernet, when it comes to to speedy access to your files. You would of course get most speed if the data were stored on local disks of the machine which uses them, but who uses only one machine :-). To separate data storage into dedicated box offers easier sharing and freedom to reinstall OS on the workstation without impacting data availability. Therefore, I want NAS.

Another important feature of the local storage is safety. To protect yourself against data loss, you want to do at minimum RAID storage – likely RAID-5. I was avoding RAID for some time – and as result ended up with many USB disks laying around, lots of cables, power adapters and very complicated cascade backup process, which need to be simplified.

The basic question about NAS is to build or to buy. Ideally, I would like to have an appliance, not another computer. There is interesting site on the Net – Small Network Builders which offers lot of information about commercial NAS solutions available. Unfortunately, those devices which were in my desired price range (~ $900 to $1100) for TB storage (like Buffalo Home Server), had serious issues either with read/write performance which was at the level of 100 MB network speed on 1GB LAN – or some multi platform compatibility problems. Another potential problem with some NAS boxes was noise. Running four high-performance hard disk drives inside small enclosure requires good cooling and often makes the NAS noisiest part of your office. My goal is to lower the noise, not increase it. An example of NAS with good performance is the Thecus N5200 – but you have to accept the noise. A system that promises quiet operation was Synology CS-406, but in both cases the enclosure (without disks) price tag was in the range $700-$900. If you assume price of the 5 disks about $600-$700, it is impossible to build 1TB in assumed budget.

All commercial NAS devices are computer running usually Linux or BSD Unix with Web based user interface for disk management. The speed of the box is determined (except speed of the disks) by the NIC adapter speed, CPU speed (and amount of RAM) and the overhead of the used OS. Disadvantage of appliance NAS is little control about these and about features supported. With building custom appliance, you have full control and for $800 you can build very decent computer these days.

I have decided to go with larger case – to allow more space around hard drives, better cooling and quieter fans. I asked Yan to recommend really good mainboard with fast enough CPU – but not too fast to need lots of noisy cooling and enough RAM to have space for buffers. Here is configuration I have ended up with – purchased from my favorite hardware supplier:

– AMD 64 3500+ AM2 Processor
– Asus M2NPV-VM AM2 Nf430 mATX MB (Raid5/GbE/Gf6150/VGA/DVI-D)
– 1GB PC2-5300 DDR2 Memory
– Lite-On LH-18A1P-185 DVD-RW 18×18
– Antec Atlas Server Case w/True 500w Power Supply
– 2xSilenX 92mm 14dBA 2000rpm 36cfm Case Fan

Alltogether the price for enclosure was $546. If you add five 320 GB SATAII Seagate HDD, 16MB you will end up with 1.2 TB NAS (900 GB after RAID) which is (hopefully) more powerful, quiter and at least 300-400 cheaper than the pre-built alternatives. The machine which does only fileserver is about 3-4 times faster than my current desktop from early 2002 (which did cost about 2.5K$ at that time). Oh boy …

Technically I did not need buy 5 hard drives for RAID-5, only 4. I just picked up one spare to make sure that when it comes to replacement, I have it available. I believe that having same disks has value and if the increase in HDD capacities will continue with current speed, the 320 GB disks may be unavailable soon.

As for software, I have not decided yet. The best candidate is the FreeNAS. It is not Linux based, but Free BSD. I have no problem with that, quite the opposite – thanks to Macbook, I have very good relationship with FreeBSD Unix now :-).

The machine is completed and running in my office now. It is amazingly quiet – very deep below the level of noise of the other computers. I have not installed OS yet, only booted FreeNAS from the CD. Time to read FreeNAS installation guide I guess.

Will be continued


Too good to be true ?

2007/01/19

Since over 1 month I am using Web based tools for calendar, email, task management, bookmark management and note taking. One problem that these tools have is that as soon as your connection goes down, you are done. Game over. Few days ago I have discovered Scrybe, a tool which maybe can address this problem. Unfortunately, I cannot tell from my own experience, because the system is in private Beta and does allow you to register. But if you can believe the sneak peek video (linked from the site), it should combine calendar which is even better than Google Calendar, task manager and note taking program that would make Google Notes look like second class citizen.

And not only every of these program seems to look and work better as the current “best of the class”, it claims that you can switch the browser (Firefox or IE) to Working Offline mode and keep on using the program, with seamless data resynchronization after the connectivity is restored. It should also nicely synchronize with mobile devices and allows transfer information to and from Office documents via simple copy and paste – without messing up the formatting.

Very nice feature is also “paper synchronization” – printing out fold-able calendar, todo list etc – very similar to PocketMod idea, but with current content. It also should give you very nice way how to turn your notes – Web clippings – into presentable documents. I would love to give it a test ride, if I could.

It almost sounds too good to be true. If it is really true what the video shows – Google or Yahoo, please please please buy this company and get the product out to the masses 🙂


Improve your English, use spellchecking !

2007/01/17

For Jack, Manju and Michel: here is the poem we talked about.

Eye have a spelling chequer
It came with my pea sea
It plainly marques four my revue
Miss steaks eye kin knot sea.

Eye strike a key and type a word
And weight four it two say
Weather eye am wrong oar write
It shows me strait a weigh.

As soon as a mist ache is maid
It nose bee fore two long
And eye can put the error rite
Its rare lea ever wrong.

Eye have run this poem threw it
I am shore your pleased two no
Its letter perfect awl the weigh
My chequer tolled me sew.

As seen on gopher://seanm.ca/00/stuff/spell-checker.txt