Welcome 
to Orb Designs

Home

Graffiti

About

Sitemap

Visual

DevWork


Email Brian Bilbrey

Email Brian

GPG Key

GRAFFITI -- January 17, 2005 thru January 23, 2005

>> Link to the Current Week <<

Last Week << Mon   Tues   Wed   Thu   Fri   Sat   Sun >> Next Week


Search this site :

Welcome to Orb Graffiti, a place for me to write daily about life and computers. Contrary to popular belief, the two are not interchangeable.     About eMail - I publish email sometimes. If you send me an email and you want privacy or anonymity, please say so clearly at the beginning of your message.

Ron Paul in 2008

Creative Commons License

Read LinuxGazette, get a clue.

MONDAY    Tues    Wed    Thu    Fri    Sat    Sun   
January 17, 2005

An unfortunate expression...0637 - Good morning. Cousin Tom and his team played well against the highly-touted Payton Manning and the rest of the Indianapolis Colts. We saw the last quarter of play almost by accident, as we turned on the tube to find 60 Minutes for Marcia. That young Corey Dillon feller is a pretty good running back, too. That unfortunate photo (courtesy of Associated Press) was captioned, "Tom Brady celebrates a third quarter touchdown..." I say unfortunate, because to me it looks more like, "Tom Brady passes a kidney stone...". But seriously, he's a good guy, and they've still got a hell of a team. I'm also not planning on watching unless/until they make it back to the Stupid Bowl, what, 3 weeks from yesterday? At this rate of progress, they'll soon be holding the Stupid Bowl on Easter Sunday. At least that way we can have the Pharisee's pitch Janet Jackson to the Lions at halftime as entertainment. (carnivores, not Detroit! Get your mind out ot the gutter!)

Up for today at work, I'm going to assist one of our customer service engineers setup for a training session, and work on backup reorganization. The downside of this is that I am going to work. A fair chunk of the area population isn't, in honor of MLK Day. The upside is that traffic should be a breeze both ways, cutting my commute down enough to peel an hour or more off my working day.

Top  /  Email Brian


Mon    TUESDAY    Wed    Thu    Fri    Sat    Sun   
January 18, 2005

0645 - Good morning. Here's last night's fun... A travelling drive is going to be my mobile backup solution. The downside to this is that I've got all of our personal data on a hard disk sitting in my desk at work, or in my glove box. Do I want anyone to pick up that drive and pick data off of it in a trivial fashion? No way! Could No Such Agency handle any drive encryption I could throw at them? Probably, but then my data's not a target for a governmental body that doesn't really exist. So, here are the steps I've taken to get backups on an encrypted volume.

First off, I'm running Debian Sid on my home workstation, with the 2.6.9 kernel at present (patched for some of the latest shenanigans). I have the following modules installed at boot time: dm_mod, dm_crypt, aes_i586, and twofish. I am probably going to use twofish because it's a much, much faster software algorithm than AES/Rijndael. But I have AES loaded anyway, for possible future USB key use. I've also got the cryptsetup package installed. With debian, that pulls in the device mapper utilities that I'll also need to make this work.

The backup hardware is a WD 160G drive in an el-cheapo IDE-to-USB2 housing, just enough to get it there and back again. When I plug the USB connector in, this is the output in /var/log/syslog:


Jan 17 18:22:27 vimes kernel: usb 1-1: new full speed USB device using address 7
Jan 17 18:22:27 vimes kernel: scsi2 : SCSI emulation for USB Mass Storage devices
Jan 17 18:22:27 vimes kernel:   Vendor: USB 2.0   Model: Storage Device    Rev: 0100
Jan 17 18:22:27 vimes kernel:   Vendor: USB 2.0   Model: Storage Device    Rev: 0100
Jan 17 18:22:27 vimes kernel:   Type:   Direct-Access    ANSI SCSI revision: 02
Jan 17 18:22:27 vimes kernel: SCSI device sdb: 312581808 512-byte hdwr sectors (160042 MB)
Jan 17 18:22:27 vimes kernel: sdb: assuming drive cache: write through
Jan 17 18:22:27 vimes kernel:  /dev/scsi/host2/bus0/target0/lun0: unknown partition table
Jan 17 18:22:27 vimes kernel: Attached scsi disk sdb at scsi2, channel 0, id 0, lun 0
Jan 17 18:22:27 vimes kernel: Attached scsi generic sg2 at scsi2, channel 0, id 0, lun 0,  type 0
 ... and so on ...

Next, I'll create a single large partition on the drive, using cfdisk.


vimes:~# cfdisk /dev/sdb
 ...
vimes:~# cfdisk -P s /dev/sdb
Partition Table for /dev/sdb

               First       Last
 # Type       Sector      Sector   Offset    Length   Filesystem Type (ID) Flag
-- ------- ----------- ----------- ------ ----------- -------------------- ----
 1 Primary           0   312576704     63   312576705 Linux (83)           None

The next setup is to create the crypto volume using the cryptsetup command, a "nice" frontend for dmsetup specifically for crypto purposes. Before running this, read and understand the manpage for cryptsetup. Here's the command I used:


vimes:~# cryptsetup -c twofish -y create backupvol /dev/sdb1
Enter passphrase: <some long string of characters, I've used 40+chars>
Verify passphrase: <some long string of characters, I've used 40+chars>

vimes:~# dmsetup ls
backupvol       (254, 1)

I ran cryptsetup specifying the twofish cipher (default is AES), -y to ask for confirmation of the passphrase (always a good thing to do), and the specific command is create, making a /dev/mapper/backupvol as an interface to the physical block device /dev/sdb1. Then I checked proper completion using the dmsetup command (again, refer to the man page for all of the many options). Now I can build a filesystem on the encrypted volume:


vimes:~# mkreiserfs /dev/mapper/backupvol 
mkreiserfs 3.6.19 (2003 www.namesys.com)
 ...
ReiserFS is successfully created on /dev/mapper/backupvol.

Now I can mount that drive:


vimes:~# mount /dev/mapper/backupvol /mnt/backupvol

vimes:/dev/mapper# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hda5              20G  3.2G   16G  17% /
tmpfs                 506M     0  506M   0% /dev/shm
/dev/hda6              99G   46G   54G  46% /home
/dev/mapper/backupvol 
                      150G   33M  150G   1% /mnt/backupvol

Yup, there's the 150G hanging off of /mnt/backupvol. ... Hmmm, there's something wrong about this. Ah, yeah, I thought I was missing something. Back up there at the beginning of this exercise where the logfile read in part "new full speed USB device". Full speed ain't high speed, it's just full-rate USB 1.1, at 12Mbps. That'll never do. So I move the drive on over to Rust, and learn one new thing. These drive only like to be plugged into a USB bus once on each power-up cycle. I've since verified this through far more googling and head scratching than you'll want to know about. Messages like this:


usb 2-2: new full speed USB device using address 3
usb 2-2: device not accepting address 3, error -71

Are not fun to see. But that's the trick. If you unplug the device from the USB bus, then power cycle it. Everybody happy, every time. And when I got it to work, this is what I saw in the logfile on Rust (running another Debian varient):


usb 1-8: new high speed USB device using address 2
Initializing USB Mass Storage driver...
scsi0 : SCSI emulation for USB Mass Storage devices
  Vendor: USB 2.0   Model: Storage Device    Rev: 0100
  Type:   Direct-Access                      ANSI SCSI revision: 02
SCSI device sda: 312581808 512-byte hdwr sectors (160042 MB)
 ...

Much better. So I then used rsync to copy everything I wanted to back up from Vimes directly onto the encrypted filesystem on the mobile drive.


rust:/var/log# rsync -av --progress -e ssh vimes:/home /mnt/backupvol/.  
Building file list...
  ...
  ...
sent 1150976 bytes  received 47981769988 bytes  9442668.69 bytes/sec
total size is 48468812936  speedup is 1.01

That shows the rsync restart, as I wanted the progress bars this time. But ~46G in 84 minutes, encrypted at one end, ssh transfer, decrypted at the other end, then re-encrypted onto the drive. Not bad at all, especially since much of this doesn't change from backup to backup and I can use rsync every time. I may rebuild the backup home on Rust, and run a clean set from there, taking ssh and 100 Mbit ethernet out of the equation. Here are the demount and remount sequences respectively, for future reference:


### unmount
umount /mnt/backupvol
cryptsetup remove backupvol

### remount
### .... isn't working at the moment. Frack!
### well, the data is sure SAFE this way.
### more when I know more.

Don't try this at home, yet, kids. Have a great day!


0916 - Okay, it was operator error. It works fine, remounting as below. Just make sure that you type your long, good passphrase correctly.



### remount
cryptsetup create backupvol /dev/sda1
# passphrase prompt follows, then...
mount /dev/mapper/backupvol /mnt/backupvol

Oh, and don't forget your passphrase. Or it's game over. Now, on with the day.


2045 - Hey. I just dropped in to post in a fix, I'd left a dangling <strong> tag, and wanted to fix it while fresh in my mind. See ya tomorrow morning...

Top  /  Email Brian


Mon    Tues    WEDNESDAY    Thu    Fri    Sat    Sun   
January 19, 2005

0744 - Good morning. The sunrise is peeking out between the clouds and the horizon, casting an orange glow into the office here at work. At around 10 last night, the temps had dropped to around 14 degrees F. The cloud deck ahead of today's weather rolled in overnight and brought temps up to nearly 19° by the time I was out the door at 0620. I figured I'd get in early since we're due for a couple inches of snow today, combined with a bunch of odd commutes and out-of-towners in for the festivities. I spent most of yesterday working with our IPS product, it's a very cool package and sweet to watch evil packets blocked in real time. It's not clear how much I can talk about our stuff at this time, so I'll hold off for the moment. Primarily, my gig here is supporting the people who *do* work with the products, so yesterday was my first hands-on and I'm impressed. If you do computer security for a living, have a look at that link, though. Hell, I might want to set this up at home! Heh, I can probably get an employee discount. But only if I get to work, so have a great day!

Top  /  Email Brian


Mon    Tues    Wed    THURSDAY    Fri    Sat    Sun   
January 20, 2005

1822 - Ahem. Good evening. Sorry about the lack of a post today - events got past me and I was pretty tired. While Marcia can't estimate snow depth if her life depended on it, we *did * have about 2-1/2 to 3 inches worth, at least in those areas around our house where I shovelled last night. Yeah, coverage was too thin to break out the power-blower. Time enough for that on Sunday, after we've taken 4 to 8 inches from that expected system.

Less than 4 full years remain for Mr. Bush to push though his aggressive policy of spending more while taxing less, and to carry freedom to every dark corner of the world. Personally, I wish he'd just focus on keeping it brightly burning here at home, maybe send the TSA to the dark corners of the world ... one way tickets.

Finally DC has a baseball team, don't you think it's time we pushed for a professional football team to enhance our civic stature?

See you tomorrow.

Top  /  Email Brian


Mon    Tues    Wed    Thu    FRIDAY    Sat    Sun   
January 21, 2005

0704 - Good morning. The other day I was reading from my mailing list folder, and saw the following subject line posted to the OpenBSD misc list: When is OpenBSD not the answer? Oh, my goodness, looking at the stacks of replies that followed, we have a troll in our midst. It turns out there wasn't a troll, just a guy pleased to finally see the OpenBSD light, and wondering how to know when, from other people's experience, OpenBSD just wasn't the right tool, so he wouldn't stumble down too many blind alleys. Seth replied succinctly, and I've modded it to .sig quote format below:

When you demand that your boxes be remotely rooted before they can be
patched and within minutes of being connected to the Internet, OpenBSD
doesn't perform well.     -- Seth on misc(at)openbsd(dot)org

Greg chuckled at that and sent me to this site, a short exchange about how OpenBSD was even better in power brownouts. Good for another grin, that was.


Pycon DC 2005 is coming, I've registered. Am I going to see you there? How about you, back in the corner? C'mon, it's a bargain conference at $175 for the full three days of intensity with some very, very bright people (well, they are, anyway ... don't count on me to light the room up, but I try to keep up). The only currently scheduled keynote is Thursday's traditional one from Guido, the other two are still TBA ... I forwarded a request from them to Dr. Jerry Pournelle, in case he is going to be in the area at the right time (March 23 through 25), but have heard nothing more.

It's Friday, thank goodness and the calm before the storm. They don't know how the low pressure and a possible coastal storm will interact with the clipper that's due through here tomorrow, we could have one day's snow, with up to 4 inches, or two days and many more inches. Time will tell, but I'm glad the weekend's almost here. There's momentous news coming down the pike, too, but more when I can say more. Now to work with me.

On the Internet...

Top  /  Email Brian


Mon    Tues    Wed    Thu    Fri    SATURDAY    Sun   
January 22, 2005

0842 - Good morning. Here it comes:

Incoming snowstorm, January 22, 2005

The other momentous news, now out of the bag, is that Marcia's accepted a position on the staff of Wily Technologies. She'll be their Contracts Manager for US East and Europe, and her commute just got better, too. From four days a week doing the 7 miles down to Landover Hills and one day at home, now her commute is equivalent to Bob Thompson's. She gets to work from home, lucky girl.

I'd best go batten hatches, or whatever it is one is supposed to do before a storm. I've already got the snow-blower prepositioned in the garage for ease of getting going tomorrow morning. More later if events warrant...

Top  /  Email Brian


Mon    Tues    Wed    Thu    Fri    Sat    SUNDAY  
January 23, 2005

1212 - Good afternoon. I have all the energy of half a three-toed sloth. My total work-product today is a sail-boat template for Marcia to use in quilting a baby shower gift. I don't see any reason not to keep up the frenetic pace of the day by slowly opening the week's mail, paying bills where needed, and shredding all the crap offers. I continue to have projects all around that I can put off... Yesterday's snow finished at about 4", below the predicted 5" to 9", but I'm not complaining. I only broke out the snowblower once, mid-afternoon when Marcia was coming back from the hairdressers. Yes, they said, "Please to only travel on the roads if it's an emergency." Hair appointments count, I guess. I also moved a shelving unit upstairs into Marcia's office, and moved the TV/Display cabinet set a bit to suit Marcia's tastes in the Living Room remodel. So all my energy went out yesterday, and today I rest. Have a good 'un. See you next week.

Top  /  Email Brian


Last Week << Mon   Tues   Wed   Thu   Fri   Sat   Sun >> Next Week


Visit the rest of the DAYNOTES GANG, a collection of bright minds and sharp wits. Really, I don't know why they tolerate me <grin>. My personal inspiration for these pages is Dr. Jerry Pournelle. I am also indebted to Bob Thompson and Tom Syroid for their patience, guidance and feedback. Of course, I am sustained by and beholden to my lovely wife, Marcia. You can find her online too, at http://www.dutchgirl.net/. Thanks for dropping by.

All Content Copyright © 1999-2011 Brian P. Bilbrey.

Creative Commons License
Except where otherwise noted, this site is licensed under the
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.