echo setterm -powersave off -powerdown 0 -blank 0 >> /etc/rc.local

Yesterday Kevin and I swapped in some 250G hard drives for our old 80G drives. The 80G drives were setup in a RAID-1 configuration. With our recent upgrade to CentOS 5 we gained the ability to do online growing of RAID-1 arrays, so it was a good time to upgrade (actually, it was planned that way ;-P).

So the first step was swapping the new drives in and letting the array resync each time. When replacing the drives, we also modified the partition so it utilized the entire disk.

Old disk:
/dev/sdb3 : start= 2313360, size=158513355, Id=fd

New disk:
/dev/sdb3 : start= 2313360, size=486078705, Id=fd

Then, all was required was to re-add the disk to the array to get it syncing:
$ mdadm --manage --add /dev/md1 /dev/sdb3

After each drive was finished syncing, we needed to get grub setup on the device again to use its own copy of /boot (props to the Dell Software Raid and Grub HOW-TO).
$ grub
> device (hd0) /dev/sdb
> root (hd0,0)
> setup (hd0)

These steps were performed again for the other drive.

After both new drives were in, it was time to grow the RAID-1 array:
$ mdadm --grow /dev/md1 --size=max

After the array finished syncing, it was time to resize the filesystem:
$ resize2fs

And that leaves us with a much larger root partition! Where it was 90% full before, it's now 30% full:

$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/md1              229G   64G  154G  30% /

My recent blog post about direction and online updates sparked some interest - and some interesting discussion. Through that discussion, I wanted to post some clarifications and concessions about the original article.

Concession: I wasn't correct about my statement that Fedora has a "lack of direction" - it's direction is exactly that its maintainers can try to do what they want to improve the distribution.
Clarification: Fedora is not an easy place to get along at - Just read fedora-devel list and you will find that most people post messages that are incredibly selfish and full of negativity - this doesn't feel like "community" to me. Even in my discussion on the #fedora-devel channel, my previous post was immediate construed as "OMG apt-get rulz FTW" fanboy love instead of the actual criticism that online updates should be supported. It still took an hour of discussion to get it understood what I was desiring and for some agreement and constructive ideas to come around
Concession: apt-get upgrade might not rock - I don't have strong experiences here and shouldn't have stated that it was great.
Clarification: Fedora should support online upgrades - "Online upgrades" means you can upgrade from release X to release Y without needing to reboot into some installer (rebooting for a new kernel or FS changes are fine). Fedora does have the YumUpgradeFaq wiki page, but the very first bullet point is Don't. This mentality needs to change in order for online upgrades to succeed.
Concession: someone needs take charge to make online updates happen - As gregdek pointed out, things don't change if someone doesn't champion it. At the same time, OSS is not only about "scratching your own itch", it's about community. Just because a user requests a feature doesn't mean we should expect the user to implement it every time.
Clarification: I'm excited about Fedora, and I'd love to help make it be better - I've been a Red Hat user for 8-9 years; and I've tried other distributions in the past. The issues I've pointed out are the ones that have been bugging me for awhile now, and the ones I'd like to see changed. I wasn't really prepared for the first reply to my blog to be "well do something about it", but they're right.

I had a good discussion with skvidal, wwoods, f13, gregdek, and others in #fedora-devel about how upgrades currently work, the progress being made towards media-less upgrades, and the problems faced by online upgrades. I hope to have the ideas and concepts laid out into a wiki page soon where everyone can contribute their ideas on how to improve things.

I'm also a little disappointed that no one made it to my last point - or perhaps they were so enraged by my first two points that they just stopped reading - about packages with optional features. I know it's been discussed a little bit on the fedora-devel list, but I have no idea what it would take or what maintenance would be like. That's probably something else I should work on writing ideas down about.

Some of the biggest problems I see in Fedora these days are the following:

1. Lack of direction

   Since Fedora is a distribution for developers by developers in order to test out new technology, the main tree ends up being a hodge-podge of whatever each individual maintainer feels like working on. Unless there is an individual or small group of individuals that desires things to be a certain way, then you have to abide by those rules (take for example, no kmods in Fedora).

   If Fedora had a better sense of what it should be doing it would polarize developers along the same path rather than everyone working for their own goals.

   For example, I haven't seen any real ground-startling features for Fedora 7 or 8. Sure, Fedora 7 had "the merge", but that mostly was for maintainers benefit (arguably) and again was driven by very few people. For Fedora 8 one of the "big features" was supposed to be a rework of the init system, but that's again been pushed off. Instead we get features like "online desktop" and "NetworkManager". While these do improve user experience, they are very small nitches that don't involve developers for all of Fedora - just tiny groups of people. Everyone else is left to do whatever they want, so long as they don't piss off one of the groups that are in control.

2. Upgrades aren't supported - All hail Anaconda - the great upgraderinstaller!

   Fedora (and RHEL/CentOS) needs to be able to upgrade online, using a tool like yum (or smart, or apt - I don't really care which tool it is - right now it seems smart could handle it better than yum). Most of the other distros can do this without problems (Gentoo, Ubuntu, Debian).

3. No optional featuresets for packages - You have packages that either include the feature or do not.

I'm not sure how to fix the problems, but I do know that Fedora needs to make the following happen:

1. Make upgrades work - Even with Anaconda it wasn't possible to upgrade from FC-6 to F-7 without broken packages - an online upgrade would have arguable gone better, but it "wasn't supported". "yum upgrade" should work like "apt-get upgrade" between versions.

   With the rolling release like we've been having the past couple versions, it's very easy for someone with an up-to-date release have newer packages than are available with the release of the next version.

   Case in point: FC-6 had KDE 3.5.7, but F-7 shipped with KDE 3.5.6. Immediately after release 3.5.7 was available as an update for F-7, but an upgrade from FC-6 to F-7 wasn't supported due to libata changes (hda->sda). This stuff needs worked out so that you can update from one version to the next easily.

2. Optional package features - Offer packages that can somehow enable/disable features based on what other packages are installed. Be able to install package foo that has either mysql or postgresql support, or both - even if they're compile flags. That is to say, if I have mysql currently installed, and I install foo, I get foo w/ mysql. Or if I try to install foo without mysql or postgresql, provide some way of saying that they can be supported if you install them.

Both of these problems are hard. They require coordination across all of the package maintainers. Perhaps they're features that could polarize the maintainers to a common goal and make Fedora better.

I've had this little script laying around for awhile that I use as a wrapper for RCS to check out a group of files in one batch, edit them all, and commit them. So I setup repository for rcsedit in case others want to try it out.

It should be pretty easy to try out, just:

wget http://svn.silfreed.net/rcsedit/trunk/rcsedit

Should get you the script to use. I typically install it to /usr/local/bin. It will use your default $EDITOR if you have one defined, otherwise it will use vim. If the files exist it will check them all out (or only the ones that exist), edit them, and commit them as one batch (allows you to enter a log message once for all changes).

Let me know if you can think of any improvements.

For some years now I've relied on a script written by Lindsay Snider while at PA.net for all my backup needs. A year or so ago a presentation was done at CPLug that described the tool, and it was agreed that the script should become public somewhere so people can use it.

It wasn't really clear whose job it was going to be to setup the project publically, so it kinda just was forgotten. I was recently looking into backup tools again and decided it was time to get the tool out there and integrate my local changes into a canonical copy.

So now we have the remotebackup project with a public SVN tree.

Feel free to send any questions/comments/ideas my way for now while we work out the structure of who will be working on the project.

So, I'm still running Tripwire 2.3.1.2 (hmm.. isn't 2.4.1.2 out now?) on Argo. You know what? Maintaining it sucks.

I hear samhain is the uber-cool IDS of the day (that actually has database signing using gpg, unlike aide), but then I need to learn another IDS.

I have this RPM database; isn't there some script that can use that to verify things aren't evil? Something that checks binaries and stuff using the database, and then looks for directories and files that shouldn't exist at certain places?

What else do people use for an IDS? Or IDS' just a tool of days-gone-by and I should just learn to live in the days where no one uses an IDS to make sure their box is 0wnz3d?

My suspicions about RoR appear to be vindicated; at least by one person anyway.

I've tried to read some examples and howtos about Ruby and Ruby-on-Rails. The language seems very elegant, but I always heard that it's slow and suspected that it's ability to do lots of different things was limited. I've picked up some python recently and found that using objects for everything (mostly) works out very well. In PHP 5, OOP is very well supported (with some caveats) and if you have a firm grasp on OOP, PHP can even begin to look like Ruby (see: fluent interface).

When I rebooted my firewall the other day I ended up not being able to route via IPv6. This seemed very odd since route -n --inet6 seemed very clear that I had a default route.

I eventually found that this is a kernel bug through a message on Sixxs' forums.

So the solution for me was:
ip -6 route add 2000::/3 via 2001:4830:1600:bc::1 dev sixxs

and then add a static route at boot time:
# cat /etc/sysconfig/static-routes-ipv6
sixxs 2000::/3 2001:4830:1600:bc::1

Tonight I was able to get ejabberd up and running on Argo. I had to use the Fedora 7 package for now until I work out co-maintainership on the ejabberd package in EPEL, but it seems to be running fine.

I imported all the "major" domains - nivek.ws, pyxos.net, silfreed.net, and thtech.net. What I didn't import were some "legacy" jabberd.blah.net domains. I'm not sure if anyone was using these, but my guess is that they weren't. If you were or knew someone that was, please let me know and we'll figure something out.

At any rate, ejabberd seems to be working fine. We'll really get a test next week when people on other servers log in and I can see if s2s works properly.

Argo is now upgraded to CentOS 5.0. There was the usual amount of pain for a server that runs all possible services, but for the most part the upgrade went very well.

So far the only remaining problem is jabberd. I don't have new packages available and the old ones don't start. I guess this is a good time to upgrade to ejabberd.

Feel free to comment if you have problems with the server; or catch me on AIM.

[silfreed@joshua ~]$ ssh argo
Last login: Fri Sep 7 15:09:38 2007 from joshua.wl.silfreed.net
[silfreed@argo ~]$ last -ai -n1
silfreed pts/0 Fri Sep 7 15:09 still logged in 2001:4830:164c:30:290:4bff:fe4b:d76f

I'm such a dork.

I know I said I was using Hurricane Electric earlier today, but now I'm with SixXS.

HE only routes a single /64, which is good for one LAN if you want to use radvd to auto-configure your IPs based on mac addresses. I have two LANs (wireless and wired are separate).

Configuration was very simple; install their heartbeat program aiccu, configure your username, password, and tunnel, and you're good-to-go.

Now, normally this process takes a week to get a subnet. They have this credit system so as to slow down spam IPv6 growth. But if you supply your LinkedIn profile you get bonus credits! So you can sign up for an account, tunnel, and subnet all in a row. It only took a couple hours this afternoon for the responses to come back, but sometimes it could take a day or so.

At any rate, my website now says this when I visit it:
IPv6 2001:4830:164c:30:290:4bff:fe4b:d76f

Feel free to nmap ping my new block: 2001:4830:164c::/48

Okay, I said I would do it, but it took someone else beating me to it to get me to get things going.

Andy managed to find out that 6to4 is definitely the way to go if you have a static IPv4 address. There's lots of anycast servers that handle being the endpoint, so it's much more distributed than the other tunnel brokers. And it's natively supported and easy to setup.

Here's the CentOS 4/RHEL 4 config:

/etc/sysconfig/network
NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=tun6to4

/etc/sysconfig/network-scripts/ifcfg-eth0
IPV6INIT=yes
IPV6TO4INIT=yes

One ifdown eth0 && ifup eth0 and you're good-to-go.
Unfortunately CentOS 4 doesn't support stateful connections in ip6tables (which is the iptables-ipv6 package), so after copying /etc/sysconfig/iptables to /etc/sysconfig/ip6tables I had to remove any stateful tracking for now (iptables-ipv6 is 1.3.5 in CentOS5, so after upgrading I should be good).

And the proof:
$ ping6 www.kame.net
PING www.kame.net(orange.kame.net) 56 data bytes
64 bytes from orange.kame.net: icmp_seq=0 ttl=51 time=236 ms
64 bytes from orange.kame.net: icmp_seq=1 ttl=51 time=236 ms
64 bytes from orange.kame.net: icmp_seq=2 ttl=51 time=236 ms
64 bytes from orange.kame.net: icmp_seq=3 ttl=51 time=235 ms

Argo is 2002:423b:6d88::1 (and hopefully www.silfreed.net works from that).

On the home side, I decided to go with Hurricane Electric's IPv6 Tunnel Broker. I'm still waiting for my tunnel to come up so I haven't configured radvd yet (well, I have, but it doesn't work), but the configuration is still very simple.

/etc/sysconfig/network
NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=sit1

And then add /etc/sysconfig/network-scripts/ifcfg-sit1 (you can't use sit0)
DEVICE=sit1
BOOTPROTO=none
ONBOOT=no
IPV6INIT=yes
IPV6TUNNELIPV4=HESupplied-ServerIPv4address
IPV6ADDR=HESupplied-ClientIPv6address

So very shortly I'll be on my way to IPv6 as well (just a tad later than others ;-).

You can ignore Facebook's stalking side-nature, but what you can't ignore is that other people own your life. This is the reason I've resisted Web 2.0 social networking sites for as long as I have; and even though I do use some of them now, I try to use the bare minimum of them to get the functionality that I want. Lets look at the ones I use now:

• last.fm - I don't really even use them right now. I mostly just wanted to see what it could do since it's been an option in Amarok forever. It's kinda neat to see what my friends have listened to recently.
• Facestalkingbook - Again, I mostly wanted to see what the hype was about. I don't use it.
• Twitter - "What am I doing?" It's answered in the upper-right-hand corner of my website via Twitter's RSS feeds. Twitter doesn't scare me as much as other ones do since the data is so easy to pull out of it, but I worry that others aren't as concerned about who owns their memories.
• LinkedIn - This one seems to have the most potential, and is probably the hardest to replicate. It's like "three degrees to your dream job" (instead of 6 degrees of Kevin Bacon). It seems to have the most potential.. and again, I don't own the data or have an easy way to get my data out.

The web used to be about sharing data.. now it's about keeping it secret except with these friends on this website over here..