On Linux there is the hdparm tool for various hard disk benchmarking and extraction of hard disk operations info. As the Linux manual states hdparm – get/set SATA/IDE device parameters
Most Linux users should already know it and might wonder if there is hdparm port or equivalent for FreeBSD, the aim of this short post is to shed some light on that.
The typical use of hdparm is like this:
linux:~# hdparm -t /dev/sda8
/dev/sda8:
Timing buffered disk reads: 76 MB in 3.03 seconds = 25.12 MB/sec
linux:~# hdparm -T /dev/sda8
/dev/sda8:
Timing cached reads: 1618 MB in 2.00 seconds = 809.49 MB/sec
The above output here is from my notebook Lenovo R61i. If you're looking for alternative command to hdparm you should know in FreeBSD / OpenBSD / NetBSD, there is no exact hdparm equivalent command. The somehow similar hdparm equivallent command for BSDs (FreeBSD etc.) is: diskinfo
diskinfo is not so feature rich as linux's hdparm. It is just a simple command to show basic information for hard disk operations without no possibility to tune any hdd I/O and seek operations. All diskinfo does is to show statistics for a hard drive seek times I/O overheads. The command takes only 3 arguments.
The most basic and classical use of the command is:
freebsd# diskinfo -t /dev/ad0s1a
/dev/ad0s1a
512 # sectorsize
20971520000 # mediasize in bytes (20G)
40960000 # mediasize in sectors
40634 # Cylinders according to firmware.
16 # Heads according to firmware.
63 # Sectors according to firmware.
ad:4JV48BXJs0s0 # Disk ident.
Seek times:
Full stroke: 250 iter in 3.272735 sec = 13.091 msec
Half stroke: 250 iter in 3.507849 sec = 14.031 msec
Quarter stroke: 500 iter in 9.705555 sec = 19.411 msec
Short forward: 400 iter in 2.605652 sec = 6.514 msec
Short backward: 400 iter in 4.333490 sec = 10.834 msec
Seq outer: 2048 iter in 1.150611 sec = 0.562 msec
Seq inner: 2048 iter in 0.215104 sec = 0.105 msec
Transfer rates:
outside: 102400 kbytes in 3.056943 sec = 33498 kbytes/sec
middle: 102400 kbytes in 2.696326 sec = 37978 kbytes/sec
inside: 102400 kbytes in 3.178711 sec = 32214 kbytes/sec
Another common use of diskinfo is to measure hdd I/O command overheads with -c argument:
freebsd# diskinfo -c /dev/ad0s1e /dev/ad0s1e 512 # sectorsize 39112312320 # mediasize in bytes (36G) 76391235 # mediasize in sectors 75784 # Cylinders according to firmware. 16 # Heads according to firmware. 63 # Sectors according to firmware. ad:4JV48BXJs0s4 # Disk ident.
I/O command overhead:
time to read 10MB block 1.828021 sec = 0.089 msec/sector
time to read 20480 sectors 4.435214 sec = 0.217 msec/sector
calculated command overhead = 0.127 msec/sector
Above diskinfo output is from my FreeBSD home router.
As you can see, the time to read 10MB block on my hard drive is 1.828021 (which is very high number), this is a sign the hard disk experience too many read/writes and therefore needs to be shortly replaced with newer faster one. diskinfo is part of the basis bsd install (bsd world). So it can be used without installing any bsd ports or binary packages.
For the purpose of stress testing hdd, or just some more detailed benchmarking on FreeBSD there are plenty of other tools as well. Just to name a few:
rawio – obsolete in FreeBSD 7.x version branch (not available in BSD 7.2 and higher)
iozone, iozone21 – Tools to test the speed of sequential I/O to files
bonnie++ – benchmark tool capable of performing number of simple fs tests
bonnie – predecessor filesystem benchmark tool to bonnie++
raidtest – test performance of storage devices
mdtest – Software to test metadata performance on filsystems
filebench – tool for micro-benchmarking storage subsystems
Linux hdparm allows also changing / setting various hdd ATA and SATA settings. Similarly, to set and change ATA / SATA settings on FreeBSD there is the:
ataidle
tool.
As of time of writting ataidle is in port path /usr/ports/sysutils/ataidle/
To check it out install it as usual from the port location:
FreeBSD also has also the spindown port – a small program for handling automated spinning down ofSCSI harddrive spindown is useful in setting values to SATA drives which has problems with properly controlling HDD power management.
To keep constant track on hard disk operations and preliminary warning in case of failing hard disks on FreeBSD there is also smartd service, just like in Linux. smartd enables you to to control and monitor storage systems using the Self-Monitoring, Analysisand Reporting Technology System (S.M.A.R.T.) built into most modern ATA and SCSI hard disks. smartd and smartctl are installable via the port /usr/ports/sysutils/smartmontools.
To install and use smartd, ataidle and spindown run:
freebsd# cd /usr/ports/sysutils/smartmontools
freebsd# make && make install clean
freebsd# cd /usr/ports/sysutils/ataidle/
freebsd# make && make install clean
freebsd# cd /usr/ports/sysutils/spindown/
freebsd# make && make install clean
Therein I explained how I ended up with an unbootable telephone after improperly shutting down my Nokia directly removing the battery instead of pressing the Nokia front turn off button first and then remove the battery.
Two months ago in order to get rid of the annoying nokia hanging on boot up bug I decided to flush my firwmare. The firmware was a flushed by a friend of me who is a Mobile software specialist he used a special so called double cable and a special software programmer device which is required to flush up a certain range of mobile phones models.
Since the firmware update my Nokia was equipped with the latest firmware version provided by Nokia corp before Nokia dropped the support for the phone. The latest Nokia firmware version available which was installed on my phone was 6.27.(0)
This pissed me off and I once again had to follow the necessary described steps about formatting the Nokia 9300i Communicator mobile device as it’s explained in the up-mentioned article.
The format went fine nevertheless the newer phone firmware version. The format completed quite quickly once again it took in between 30 seconds and a minute to complete.
The good news after the format of my hanged Nokia phone was that it kept the newer firmware version, even after reverting to facture defaults with the firmware format. Now thanksfully still my Symbian OS version is still 6.27(0)
It’s rather strange that even the newest avaialable firmware patch for the Nokia 9300i doesn’t fix such a vital boot up mobile hang error.
Recently has become publicly known for the serious hole found in all Apache webserver versions 1.3.x and 2.0.x and 2.2.x. The info is to be found inside the security CVE-2011-3192 – https://issues.apache.org/bugzilla/show_bug.cgi?id=51714
The DoS script is known in the wild under the name killapache.pl killapache.pl PoC depends on perl ForkManager and thus in order to be properly run on FreeBSD, its necessery to install p5-Parallel-ForkManager bsd port :
freebsd# cd /usr/ports/devel/p5-Parallel-ForkManager
freebsd# make install && make install clean
...
Here is an example of the exploit running against an Apache webserver host.
In about 30 seconds to 1 minute time the DoS attack with only 50 simultaneous connections is capable of overloading any vulnerable Apache server.
It causes the webserver to consume all the machine memory and memory swap and consequently makes the server to crash in most cases. During the Denial of Service attack is in action access the websites hosted on the webserver becomes either hell slow or completely absent.
The DoS attack is quite a shock as it is based on an Apache range problem which started in year 2007.
Today, Debian has issued a new versions of Apache deb package for Debian 5 Lenny and Debian 6, the new packages are said to have fixed the issue.
I assume that Ubuntu and most of the rest Debian distrubtions will have the apache's range header DoS patched versions either today or in the coming few days. Therefore work around the issue on debian based servers can easily be done with the usual apt-get update && apt-get upgrade
On other Linux systems as well as FreeBSD there are work arounds pointed out, which can be implemented to close temporary the Apache DoS hole.
1. Limiting large number of range requests
The first suggested solution is to limit the lenght of range header requests Apache can serve. To implement this work raround its necessery to put at the end of httpd.conf config:
# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (?:,.*?){5,5} bad-range=1
RequestHeader unset Range env=bad-range
# We always drop Request-Range; as this is a legacy
# dating back to MSIE3 and Netscape 2 and 3.
RequestHeader unset Request-Range
# optional logging.
CustomLog logs/range-CVE-2011-3192.log common env=bad-range
CustomLog logs/range-CVE-2011-3192.log common env=bad-req-range
2. Reject Range requests for more than 5 ranges in Range: header
Once again to implement this work around paste in Apache config file:
This DoS solution is not recommended (in my view), as it uses mod_rewrite to implement th efix and might be additionally another open window for DoS attack as mod_rewrite is generally CPU consuming.
# Reject request when more than 5 ranges in the Range: header.
# CVE-2011-3192
#
RewriteEngine on
RewriteCond %{HTTP:range} !(bytes=[^,]+(,[^,]+){0,4}$|^$)
# RewriteCond %{HTTP:request-range} !(bytes=[^,]+(?:,[^,]+){0,4}$|^$)
RewriteRule .* - [F]
# We always drop Request-Range; as this is a legacy
# dating back to MSIE3 and Netscape 2 and 3.
RequestHeader unset Request-Range
3. Limit the size of Range request fields to few hundreds To do so put in httpd.conf:
LimitRequestFieldSize 200
4. Dis-allow completely Range headers: via mod_headers Apache module
In httpd.conf put:
RequestHeader unset Range
RequestHeader unset Request-Range
This work around could create problems on some websites, which are made in a way that the Request-Range is used.
5. Deploy a tiny Apache module to count the number of Range Requests and drop connections in case of high number of Range: requests
This solution in my view is the best one, I've tested it and I can confirm on FreeBSD works like a charm. To secure FreeBSD host Apache, against the Range Request: DoS using mod_rangecnt, one can literally follow the methodology explained in mod_rangecnt.c header:
freebsd# wget http://people.apache.org/~dirkx/mod_rangecnt.c
..
# compile the mod_rangecnt modulefreebsd# /usr/local/sbin/apxs -c mod_rangecnt.c
...
# install mod_rangecnt module to Apachefreebsd# /usr/local/sbin/apxs -i -a mod_rangecnt.la
...
Finally to load the newly installed mod_rangecnt, Apache restart is required:
freebsd# /usr/local/etc/rc.d/apache2 restart
...
I've tested the module on i386 FreeBSD install, so I can't confirm this steps works fine on 64 bit FreeBSD install, I would be glad if I can hear from someone if mod_rangecnt is properly compiled and installed fine also on 6 bit BSD arch.
Deploying the mod_rangecnt.c Range: Header to prevent against the Apache DoS on 64 bit x86_amd64 CentOS 5.6 Final is also done without any pitfalls.
[root@centos ~]# uname -a;
Linux centos 2.6.18-194.11.3.el5 #1 SMP Mon Aug 30 16:19:16 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
[root@centos ~]# /usr/sbin/apxs -c mod_rangecnt.c
...
/usr/lib64/apr-1/build/libtool --silent --mode=link gcc -o mod_rangecnt.la -rpath /usr/lib64/httpd/modules -module -avoid-version mod_rangecnt.lo
[root@centos ~]# /usr/sbin/apxs -i -a mod_rangecnt.la
...
Libraries have been installed in: /usr/lib64/httpd/modules
...
[root@centos ~]# /etc/init.d/httpd configtest
Syntax OK
[root@centos ~]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
After applying the mod_rangecnt patch if all is fine the memory exhaustion perl DoS script's output should be like so:
freebsd# perl httpd_dos.pl www.patched-apache-host.com 50
Host does not seem vulnerable
All of the above pointed work-arounds are only a temporary solution to these Grave Apache DoS byterange vulnerability , a few days after the original vulnerability emerged and some of the up-pointed work arounds were pointed. There was information, that still, there are ways that the vulnerability can be exploited. Hopefully in the coming few weeks Apache dev team should be ready with rock solid work around to the severe problem.
In 2 years duration these is the second serious Apache Denial of Service vulnerability after before a one and a half year the so called Slowloris Denial of Service attack was capable to DoS most of the Apache installations on the Net.
Slowloris, has never received the publicity of the Range Header DoS as it was not that critical as the mod_range, however this is a good indicator that the code quality of Apache is slowly decreasing and might need a serious security evaluation.
I'm on a way trying to install Free Mega Games Pack and I'm facing troubles in following the instructions to add a the latest development wine version described on http://www.winehq.org/download/ubuntu The guys from WineHQ has to update the wine install instructions, since the instructions are targetting older versions of Ubuntu which are not compatible with newer Ubuntus which comes natively with Unity In order to complete the step in adding the WineHQ Ubuntu PPA development repository my only way was to add it using command line. Here is how:
root@ubuntu:~# apt-add-repository ppa:ubuntu-wine/ppa
You are about to add the following PPA to your system:
Latest official WineHQ releases
Welcome to the Wine Team PPA. Here you can get the latest available Wine betas for every supported version of Ubuntu. This PPA is managed by Scott Ritchie, and is a replacement for the WineHQ budgetdedicated.com repository used for Jaunty and earlier.
More info: https://launchpad.net/~ubuntu-wine/+archive/ppa
Press [ENTER] to continue or ctrl-c to cancel adding it
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.bvo21sFWKG --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver hkp://keyserver.ubuntu.com:80/ --recv 883E8688397576B6C509DF495A9A06AEF9CB8DB0
gpg: requesting key F9CB8DB0 from hkp server keyserver.ubuntu.com
gpg: key F9CB8DB0: public key "Launchpad PPA for Ubuntu Wine Team" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Similarly adding a PPA repository on Debian is also possible by using a little shell script add-apt-repository.sh . add-apt-repository.sh simulates what ubuntu's apt-add-repositry python script does.
It is educative to mention PPA stands for (Personal package Archive) and the difference between normal repository and PPA is mainly in the fact that PPA repositories makes a package distributed by the repository like the native Ubuntu packages issued by Canonical. Once for example a new version of a file is placed in PPA deb package repository, the newer package will be automatically installed to the system using it.
I have a Godaddy account for already 4 years or so and with time I tend to login and use Godaddy to set DNS records or buy a new domain way more often if compared to the old days.
By default GoDaddy creates numeric accounts names (Customer Number as they call it), example:
Being in necessity to often login to godady it started getting more and more annoying with every single day as it is pretty hard for me to memorize the not so intuitive 1424915, therefore everytime I had to login to Godaddy, I had to check in my notes again and again what is my Username
This costs me a lot of time, so finally in a quick chat with a friend today, he mentioned about having the same issue and explained he just recently changed his (Customer Number) numeric Username to a easy to remember login text string.
I know that changing the Username from an ID to a word in GoDaddy is possible for a long time and I even did it before for one Godaddy Account owned by a company. However just until today, I did not changed my GoDaddy Account number to intuitive text phrase for the simple reason I did not have time to check, how changing the account username and password in Godaddy could be done
Anyways today this friends small chat, triggered me to take few seconds and check in Godaddy's website navigation on how changing the ugly number ID to a shiny username was possible. This is how this little article got born 🙂
So enough jibberish, here is how I changed my Customer Number username to a desired easy to memorize:
1. Login to Godaddy with your Customer Number
2. Navigate to My Account -> Update Security Settings
My Account -> Update Security Settings
Fill in properly all the input (red start) fields seen on the screenshot and click Save Changes . Once you see a message settings are Saved. It is generally a good idea to open some different kind of browser and try logging in with the new set username and password.
Update Security Settings is also the place for people who would like to change Godaddy account password. Be 100% sure to check the new username/password pair in another browser (without logging out with the one you just use) or you will end up unable to login to your godaddy account !!! Its also a good idea in any case to, have written down somewhere on paper Godaddy's Call-in-PIN, this is just a precaution to assure yourself that you will be able to restore your account username/password in case if lost.
If you haven't used the Call In PIN, I hope you will never need to. Anyways just as a matter of info this PIN can help you in some cases where you have to identify yourself as the owner of your Godaddy account (Something like the Debit / Credit cards CVV code [positioned on the card back] ). I've only used the Call in PIN in few occasions by Godaddy's tech support, where I contacted them directly by email to ask some specific questions on how to do stuff inside my account. I know this article, will be boring for some of my readers, so if this is the case please accept my humble apologies … anyways it will help me orient myself in the future if I forgot how I did it and hopefully will be useful to someone else.
My blog’s index has suddenly started redirecting to my last post. That was rather strange, since I haven’t done anything special, all I did before the problem occured was a change in wordpress wp-admin to my latest post.
There in I changed the post Visibility from Public to Private
Right after this my blog’s home started redirecting to the blog post where the changes was made.
This was really strange, so I reverted back the changes in Post’s Publish Visibility to the default setting. Though the change the redirect to the latest post by accessing my www.pc-freak.net/blog/ was still there.
I tried completely wiping out the post by sending it to Trash and issuing the same post again, but now things became even worser.
Accessing my blog was opening 404 not found error message . Everything seemed fine in wordpress admin and therefore I suspected the redirect is being applied from info read in my wordpress database in MySQL.
A bit of investigation prooved my guess was correct, for some reason a record was made to the MySQL blog database in table wp_redirection_items.
The incorrect redirection wihtin the database looked like so:
WP-Minify – does combine all JS and CSS script into one consolidated compressed script or style as well removes any duplicate script resources and hence could have positive impact on performance
HeadJS Loader – does strips out all your old javascript declarations and puts them into one head.js file so that they are loaded in parallel in the head of the pages and through that prevents the blocking of load up until all JS is a loaded so commonly seen these days on the net for more info on how HeadJS works check out http://headjs.com
Script Gzip – merges and compresses the CSS and JS links on page, the plugin does not have caching functionality. The plugin doesn’t have much configuration options which I find as a good thing
To find out what works best for you its a best practice if the website speed load time is tested after loading each of the plugins and with all of them enabled and configured, finally for best results just leave only the plugins or a combination of them which gives the lowest page responce times.
I had to setup a QMAIL auto reply (Out of the Office) message on 5 email addresses and since I haven't done it for a long time it took me a couple 20 minutes to consult Qmail (Life With Qmail http://lifewithqmail.org (great website!) documentation and read a couple of online forum threads until I finally remembered, how I used to be setting up a vacation message manually via qmail's .qmail file.
Of course Setting qmail auto reply can always be done via QmailAdmin or VQadmin .. – Qmail Vpopmail web frontends however on many Qmail mail servers Qmailadmin or/and VQadmin is absent due to some reason or even on a big mail servers the server doesn't run Apache at all. Hence it is good to know how to set qmail vacation message directly via plain SSH terminal connection and this is why how this article got born.
So here is how I enable qmail auto reply "manually", through .qmail for my email address info@my-email-domain.com:
1. Set a /var/vpopmail/domains/my-email-domain.com/info/.qmail file with the following content:
Then put with vim or mcedit etc. an auto-reply vacation message similar to the sample below:
From: info@cadiainsurance.com Subject: We have received your message. Thank you!
Dear Customer, we thank you for the interest in our services.
A member of our team will reply promptly to your enquiry shortly.
4. Set proper permissions for vacation/message and .qmail files
/home/vpopmail/domains/my-email-domain.com/info/vacation/message and /home/vpopmail/domains/my-email-domain.com/info/.qmail files has to be owned by user/group vpopmail:vchkpw, e.g.:
If you are a qmail administration with the requirement to create auto reply message for employees going on a holiday often (in a middle sized company office), setting up the out of the office auto reply manually one by one is a time consuming, annoying task and "crazy" task. Therefore some time ago while still I was employed in a Bulgarian mid-sized company called Design.BG, I've written a tiny shell script which creates qmail email users vacation messages by passing few arguments.
Here is my create_vpopmail_vacation.sh shell script Note that this script might have a lot of bugs and is not much tested, so read it carefully and test it before you put it for daily use 😉 Happy Hacking! 😉
cdtool package, contains a number of commands enabling you to listen/stop/shuffle/eject/get info about cd audio volumes. cdtool provides the following binaries:
The argument -cache 5000 has to be passed to to work around choppy sound (if for example audio playback interruptions every few milliseconds).
For people who are keen on ncurses (Midnight Commander) like command line interfaces you might enjoy Herrie – a minimalistic music player that supports plenty of sound formats, including audiocds.
Herrie is available for Debian and most deb based modern distros via apt, e.g.:
Ports are also available for FreeBSD, NetBSD and OpenBSD. To install on FreeBSD:
root@freebsd# cd /usr/ports/audio/herrie
root@freebsd# make install clean
I'll be happy to hear feedback and recommendations on any other console audio cd players I might forgot to mention. Which is your favourite console text based cd audio player?
Yesteday with Baky (my dear Orthodox Coptic Christian friend) and Kliment (a good friend from the old rock’n’roll years), we went to the Dobrich Cinema (sadly just one cinema for the city is available). The cinema in Dobrich is called Cinema Club Icarus (Ikar). For all foreigners who wants to enjoy some movie, the Dobrich Cinema does offer a plenty of English speaking movies (with Bulgarian subtitles).
Pitily the Dobrich Cinema website http://www.kinoikar.com/bg/info/2 is not existing in English, though anyone wanting to check the current projected movies in the cinema can use the movie trailers and the movie pictures to get the necessery info.
Anyways I haven’t been to a cinema for some almost two months, so going for a movie was really relaxing enjoyable experience. Besides that, we were lucky to see a movie which fitted quite well to my movie genre preferences –
Midnight in Paris
. Midnight in Paris is a Romantic Comedy for intellectuals and people who have a glipmse on art. Its a Bohemian movie so to say and I believe it wouldn’t hold a big interest for the avarage man who doesn’t keep interest in Arts, History or Philosophy.
The movie plot revives around a young engaged American couple who went to Paris for a business trip, just to find out there whole life is gonna be changed by this. The main actor Gil a just grown man is writting a Novel book, trying to make a shift of his profession from being a movie directory to a novel publicist. Gil (Owen Wilson) is an odd Bohemian kind of man, who quickly fells in love with Paris rich culture architecture and old fame. Next to that Gil is a dreamer who (just like me dreams about the old glorious times), when people were more respectable better moral and more idealistic than in the current age. After one night of heavy wine drinking, Gil’s fiancee wents for some dancing and leaves him on his own. Gil makes a round in Paris and losts himself and decides to stay for a while in front of sold old Roman Catholic Cathedral, a mysterious very old car crosses by the street and suddenly some “party” gang asks Gil to join. He has no idea where he is going and suddeny finds himself in the epoch of the world famous 1920 of great book publicists like the Fidgeralds family. Night by night Gil is being transferred to a different epoch back in time to meet a world famous artists and authors, people like Ernest Hemingway, Picaso, Salvador Dali etc. etc. 😉
The movie shows many personages of odd world famous people with some of their strangeties known by the current age. It appears all of them are dreaming for all and the same thing, to live in a earlier age to live in the Golden Age of Arts and Poetry 😉
The movie is real fun in Gil’s personage I’ve seen a lot of “me”, also I’ve seen a lot of me in many of the other famous people as of course presented in the movie. I hardly recommend this movie to anyone who wants to take a break, have a good mindful laugh time. Here is Midnight in Paris movie trailer as well to get an idea what to expect:
