Skip to main content

out of inodes

Xen is fun. Now I can actually see what all the other OS flavours out there are up to without "real" rebooting or disk juggling. Of course, at some point it was time for Gentoo again, last time I tried I was highly impressed, but got distracted by Debian somehow :-) Anyway, Gentoo documentation is usually pretty good, straightforward and with real-world examples - so far so good. But after unpacking the portage tree, I was getting "No space left on device" errors. Well, tbh 2 GB for rootfs is not that much, especially when most of the software will be built from source anyway, but I still had ~700MB free. Of course I was out of inodes:
# tar -tjf portage-latest.tar.bz2 | wc -l
# tar -tjf stage3-amd64-2008.0.tar.bz2 | wc -l
# df -i .
Filesystem            Inodes   IUsed   IFree IUse% Mounted on
/dev/hda1             125184  125184       0  100% /mnt/gentoo
Recreating the filesystem with mkfs.ext3 -b 1024 -i 1024 did help. Gentoo ships with /etc/mke2fs.conf where these defaults were taken from. While these may make sense for today's systems, they were just too large for my Xen test domain.

of pipes and shells

Only now I came across the following problem:

cmd1 | cmd2; echo $?
...where I'd like to have the errorcode of cmd1. I did not even expect that this issue was indeed so very common and documented. The solutions are even shell-specific, in short: * For bash or zsh, use $PIPESTATUS[n], resp. $pipestatus[n] * For any other shell the solution is way more complicated, but not impossible. See the FAQ again for all the gory details.

space vs. time

# time pbzip2 -c wordlist.txt > wordlist.txt.bz2
real    41m53.295s
user    67m17.972s
sys     5m38.981s

# time 7z a -m0=lzma -mx=9 -mfb=64 -md=32m -ms=on wordlist.txt.7z wordlist.txt
real    525m35.861s
user    446m31.866s
sys     32m20.861s

# ls -lhgo
total 31G
-rw------- 1  25G 2008-12-16 00:55 wordlist.txt
-rw------- 1 776M 2008-12-17 01:09 wordlist.txt.7z
-rw------- 1 5.0G 2008-12-16 08:46 wordlist.txt.bz2
....'nuff said.

<s>censored</s> is the new online

alice$ ifconfig en0 | awk '/inet / {print $2}' | xargs whois | grep NET  
Comcast Cable Communications, Inc. EASTERNSHORE-1 (NET-24-0-0-0-1)
Comcast Cable Communications BAYAREA-9 (NET-24-4-0-0-1)
Yes, it's true - I've signed with the one ISP I wanted to avoid in the first place. And no, getting an internet connection around here is no fun: it's awkward (a 30min. chat session with some hotline monkey just to get my order through?) and expensive: 42 USD for 6Mbps? Come on. "with scorching speeds up to 4 times faster than 1.5 Mbps DSL" - what? Oh, and for $ 66,95 one can order the Blast! package, with speeds "up to 16Mbps", with a magic "Powerboost" feature: "PowerBoost provides bursts of download and upload speeds for the first 10 MB and 5 MB of a file, respectively". Dude, wtf? Unfortunately the competition is no better: you have to subscribe to an High Speed Internet Elite package to get 6Mbps, for 33 USD a month. However, DSL is not available at my place, so I have to stick to the one and only cable provider servicing this area. Welcome to the silicon valley. On the plusside: 5 days after I signed up, I was online - pretty impressive, compared the adventures one has to go through back home. Oh, and winter has finally arrived, I even had to scratch hoarfrost off the car tonight - brrr. So much for global warming. Good job, Greenpeace :-\ Oh, another thing: I was provided with a DOCSIS 2.0 certified cable modem, assigning the public IPv4 address to the connected device. Which is kinda neat: now we don't have a strange NAT blackbox in our way to do "stuff" :-) However, since configuration is done via DHCP, the hostname is modified too. With MacOS 10.4 and /etc/hostconfig still being used, we can avoid that by setting HOSTNAME="foo". So, it's basically dhclient's supersede option in Apple speak :)

building TrueCrypt from source

As there are no existing TrueCrypt for GNU Linux/Sparc, we had to do this ourselves. However, the buildprocess is not pretty and for some reason one just *has* to build all that wxWidget stuff, although I don't intend to manage crypto devices with my mouse, sigh. Oh, and there were quite a few build errors but thanks to Kano we finally succeeded. Here it goes, the whole shebang for TrueCrypt-6.1a:

# apt-get install libfuse-dev pkg-config
# mkdir /usr/local/include/pkcs11-v2-20
# cd /usr/local/include/pkcs11-v2-20
# for i in pkcs11.h pkcs11f.h pkcs11t.h; do \
   wget$i; done
# for i in `pwd`/*h; do (ln -s $i /usr/include); done 
# cd /usr/local/src
# wget
# tar -xjf wxWidgets-2.8.9.tar.bz2
# cd ~/dev/truecrypt-6.1-source
# make NOGUI=1 WX_ROOT=/usr/local/src/wxWidgets-2.8.9 wxbuild
[....hours later on this box....]
# file Main/truecrypt 
Main/truecrypt: ELF 32-bit MSB executable, SPARC, version 1 (SYSV), dynamically
linked (uses shared libs), stripped
Note: it's really important to get v2.20 of the PKCS11 header files, the current version did not work. Also, Debian/Etch comes with libwxgtk2.[46]-dev - the build failed and I really had to get the 2.8 version. Update: Although the build worked, truecrypt doesn't. Rebuilding with DEBUG=1 DEBUGGER=1 NOSTRIP=1 made gdb(1) spit out all the gory details:
stanley# gdb /usr/local/sbin/truecrypt
GNU gdb 6.4.90-debian
This GDB was configured as "sparc-linux-gnu"...Using host libthread_db 
library "/lib/v9/".

(gdb) run --create /dev/loop0 --encryption=AES --filesystem=fat \
               --hash=ripemd-160 --keyfiles=/root/stanley.key \
               --protect-hidden=no --volume-type=normal \
Starting program: /usr/local/sbin/truecrypt --create /dev/loop0 \
              --encryption=AES --filesystem=fat --hash=ripemd-160 \
              --keyfiles=/root/stanley.key --protect-hidden=no \
              --volume-type=normal --random-source=/dev/urandom
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 32604)]

Enter password: 
WARNING: Short passwords are easy to crack using brute force techniques!
We recommend choosing a password consisting of more than 20 characters.
Are you sure you want to use a short password? (y=Yes/n=No) [No]: y
Re-enter password: 

Program received signal SIGBUS, Bus error.
[Switching to Thread 16384 (LWP 32604)]
0x001598c8 in TrueCrypt::Endian::Big (x=@0x3a9df4) \
                  at /root/truecrypt-6.1-source/Platform/Memory.h:99
99                              return x;
(gdb) bt
#0  0x001598c8 in TrueCrypt::Endian::Big (x=@0x3a9df4) \
                  at /root/truecrypt-6.1-source/Platform/Memory.h:99
#1  0x00168e08 in TrueCrypt::EncryptionTest::TestXtsAES () \
                  at EncryptionTest.cpp:429
#2  0x0016bd30 in TrueCrypt::EncryptionTest::TestAll () \
                  at EncryptionTest.cpp:24
#3  0x000c57e8 in TrueCrypt::VolumeCreator::CreateVolume \
                  (this=0xfff55078, options=@0xfff555e0) \
                  at VolumeCreator.cpp:179
#4  0x00058434 in TrueCrypt::TextUserInterface::CreateVolume \
                 (this=0x4c43f8, options=@0xfff55888, randomSourcePath=@0x5395ac) \
                 at TextUserInterface.cpp:769
#5  0x0007efa8 in TrueCrypt::UserInterface::ProcessCommandLine \
                 (this=0x4c43f8) \
                 at UserInterface.cpp:973
#6  0x00048ed4 in TrueCrypt::TextUserInterface::OnRun \
                 (this=0x4c43f8) \
                 at TextUserInterface.cpp:1141
#7  0x002bd634 in wxEntry (argc=@0x4a9510, argv=0x4b3948) \
                 at /usr/local/src/wxWidgets-2.8.9/src/common/init.cpp:460
#8  0x002bd774 in wxEntry (argc=@0xfff55c14, argv=0xfff55c94) \
                 at /usr/local/src/wxWidgets-2.8.9/src/common/init.cpp:472
#9  0x000ada54 in main (argc=10, argv=0xfff55c94) at Unix/Main.cpp:84
(gdb) bt all
No symbol "all" in current context.
Hm, but even running truecrypt --test was showing the same behaviour: TestXtsAES just fails to work. However, when trying to create the volume with another cipher, it still crashes at TestXtsAES, because VolumeCreator::CreateVolume always calls EncryptionTest::TestAll before actually creating the volume. Commenting out this call in VolumeCreator.cpp:179, recompiling and trying to create the volume with the Twofish cipher gives:
Program received signal SIGBUS, Bus error.
[Switching to Thread 16384 (LWP 7980)]
0x001c508c in RMD160Transform (digest=0xffcfc730, data=0xffcfc6ef) \
                at ../Crypto/Rmd160.c:192
192                     X[i] = LE32 (data[i]);
Current language:  auto; currently c
Wow, now it fails at the hashing algorithm. When using SHA-512 instead of ripemd-160, it still crashes:
Program received signal SIGBUS, Bus error.
[Switching to Thread 16384 (LWP 7991)]
0x0019ea6c in TrueCrypt::VolumeHeader::SerializeEntry \
   (this=0x516df0, entry=@0xffde8840, header=@0xffde8960, offset=@0xffde8850) \
                at VolumeHeader.cpp:286
286                     *reinterpret_cast \
               (header.Get() + offset - sizeof (T)) = Endian::Big (entry);
...and that's it. Still SIGBUS for truecrypt, and -ENOSKILL for me, for not knowing C++ at all. Looks like truecrypt just wasn't meant to be run on big endian platforms. Damn.

and the winner is...

Ah, benchmarks - what else would we spend our CPU cycles on anyway? Quite a long time ago I was surprised to see that awk was so much slower than grep. This was a long time ago and I don't remember all the details, but there was sort involved too, and it was GNU/grep vs. Solaris/awk, IIRC. Anyway, here's what I did just now:

# ls -lhgo du.all; wc -l du.all 
 -rw-r--r--    1     2.2M Jan  7 17:26 du.all
          23773 du.all

# time sort -n du.all | grep -v /home > /dev/null 
real	0m8.939s
user	0m8.920s
sys	0m0.010s

# time grep -v /home du.all | sort -n > /dev/null 
real	0m25.694s
user	0m25.670s
sys	0m0.010s

# time awk '!/\/home/' du.all | sort -n > /dev/null 
real	0m0.622s
user	0m0.620s
sys	0m0.010s
Yes, the sort(1) is not even relvant here, it's really grep(1) taking so long. There's a --mmap switch to grep, promising better performance and sometimes coredumps, neither of both happened. This was done with GNU sort-4.5.3, GNU Awk 3.1.1, GNU grep 2.5.1. Oh, yeah - these may have been "current" versions back in ~2002 :)

How to disable Spotlight, Leopard style

There's a howto disable Spotlight for OS 10.4; for OS 10.5 it's a a bit different, as /etc/hostconfig is about to go away. In short:

$ sudo launchctl unload /System/Library/LaunchDaemons/

To disable it permanently, type this instead:
$ sudo launchctl unload -w /System/Library/LaunchDaemons/

To enable Spotlight type the following and press Return:
$ sudo launchctl load /System/Library/LaunchDaemons/

To enable it permanently, type this instead:
$ sudo launchctl load -w /System/Library/LaunchDaemons/
Someone else suggested to disable even more:
$ sudo launchctl unload -w /System/Library/LaunchAgents/
$ sudo launchctl unload -w /System/Library/LaunchDaemons/
Hm, doing all that makes Spotlight stop indexing, but it's still running, and it respawns upon kill(1)....