Monday, December 11, 2017

Be Careful With Your SSD On Linux

My laptop has an SSD instead of a spinning hard disk.  The first laptop I had with an SSD was a company-issued ThinkPad with either a 32GB or 64GB SSD.  It was entirely too small for what I was doing at the time.  After that, I always chose capacity over speed for my laptop hard disk.

Skip to now and SSDs for laptops are entirely usable capacity-wise.  So my ThinkPad now has a 1TB SSD in it.  It came with one when I bought it, but I recently had to replace it because it failed.  SSDs are great, but you can beat them up rather quickly if you're not careful.

On my laptop I also use the LUKS encryption for my /home volume.  I don't encrypt the entire laptop because I don't really care that my man pages are encrypted or my cups configuration file is encrypted.  Just the stuff in /home is important to me.  What I failed to do was make sure I open the LUKS device with --allow-discards on the cryptsetup(8) command.

The --allow-discards option enables TRIM or UNMAP on the underlying device, though it's probably TRIM in nearly every case.  Without getting in to the technical details, this enables the kernel to handle unused blocks differently on an SSD than on a spinning hard disk.  TL;DR, this is important to not wear out the flash memory quickly.

So that's what happened to me.  And the failure was interesting too because the laptop just started acting very strangely until eventually write operations failed and then it started lying and saying the device was full.

Make sure you're unlocking LUKS volumes on SSDs with --allow-discards.  Every distribution is a little different, but a common method us defining the device in /etc/crypttab with the options you need to use.

Monday, October 9, 2017

AOL Instant Messenger Shutting Down

After 20 years or so, AOL Instant Messenger is shutting down.  Not really a surprise.  A lot of instant messaging services have come and gone.  I still have an AIM account that is named after an FCC callsign I was granted in 2000 but no longer have.  At the time it was easy to communicate with less techy friends and family and it was easy to use on Linux with programs like gaim.

I currently use it through a program called bitlbee and then interact with that through irssi.

While AIM is shutting down, I still have Facebook Messenger, Google Hangouts, and regular IRC on FreeNode.  I also use email.

Remember ICQ?  It's apparently still running and I think people are using it.  Implementations come and go but there will always be a way to do instant messaging in some capacity.  People seem to like that.  Right now I am working on a more integrated and reliable setup for my Facebook Messenger+Google Hangouts+IRC setup so I can move between computers and networks and have everything move between clients.  Yeah, that'll totally work.

Friday, October 6, 2017

Hold On Let Me Start the Recording

"Hold on, let me just start the recording...ok, you're good."

During meetings and conference calls, I find it common for large meetings to have someone insist on recording the call.  Or in the case of video conferencing, recording the session as a movie.  But why?

I assume the thought process is that those who can't make the meeting will listen to or watch the recording later.  I can say with 100% certainty that I have never done that.  Has anyone?  If you didn't have time for a 1 hour meeting, what makes anyone think that I will somehow have a separate hour somewhere to listen to the recording?

If the recordings are being kept for logging purposes...ugh, there are better ways.  How much of the call will be people asking if they can be heard, for others to go on mute, and nonsense chatter while waiting for the moderator to join?  ALL CALLS!  The recording is unedited, so the later listener fortunately has an opportunity to relive this hour of unproductivity.

Stop recording calls.  If you're trying to catch people up later, write up minutes.  It's far more effective.  If you're recording it because someone is giving a demo or presentation, have them make an edited webinar recording elsewhere and pass that around.

Thursday, October 5, 2017

Encrypted /home Volumes

On my laptops and workstations, I keep my /home volume encrypted using LUKS (Linux Unified Key Setup).  This is the sort of thing that you should do, regardless of your operating system.  I set up my systems to carry a separate /home volume from the rest of the filesystem.  I leave everything else on the system on unencrypted volumes because I see no value in keeping executables, libraries, and system configuration files encrypted.  For configuration files I do care about, I put them in /home/etc and link them back to the expected path.

Recently I upgraded the kernel on my laptop to a newer version.  I build and install my own kernels because I'm a Linux greybeard and that's what I've always done.  I also like to stay moderately up to date on happenings in the kernel.  I used to read LKML, but I just don't have the time anymore.

When I build a new kernel, I start with the configuration file for the one I am currently running.  I do make olddefconfig and then run make menuconfig to look through any new things.  Occasionally this process will cause existing configuration options to be lost.  The defconfig step isn't flawless, but that's ok.

My recent upgrade had this happen specifically with regard to the AES-NI modules in the kernel.  Intel processors come with CPU instructions for AES encryption functionality and software using these instructions significantly speeds up encryption operations.  It's instructions like this that help LUKS volume encryption work transparently and not impact overall system performance.  If you lack these instructions, the kernel will continue to function for LUKS support just fine, but you will notice things move more slowly.

When I rebooted and entered my passphrase to unlock /home, the system just waited.  And waited and waited and waited.  I had never had this happen to me before, so my first thought was the filesystem was damaged or the LUKS header was damaged or something like that.  I was able to boot from USB media and unlock everything and ultimately tracked it down to the missing AES-NI modules.

So, today's lesson is when using LUKS volume encryption on Linux on an x86_64 system, you want CONFIG_CRYPTO_AES_NI_INTEL set to either y or m depending on how you run your system.  Setting this option in the kernel config will bring in more things, but that's fine.

Monday, July 17, 2017

Informed Delivery

I know the idea of receiving email from the post office is probably not high on your list of things you'd like to get working, but I came across Informed Delivery yesterday and the idea looks interesting.

In the United States, the Postal Service is the sole authorized agency responsible for and required to provide uniform postal service to all citizens regardless of geography and at a uniform price.  Your opinions of whether or not this is a reasonable agency to have or how the US Postal Service is run are of no interest to me.  I have opinions to that you likely don't care about.  One thing we can probably agree on is that the Postal Service has to compete with technological advancements while still meeting their legal obligations and that can be very difficult.

Things that didn't exist when the Postal Service was created:  UPS, FedEx, DHL, email, or telephones.  The Postal Service has to compete with all of these and still provide what are effectively baseline services that many people take for granted.

So enough of that, what is Informed Delivery?  I don't know, but I signed up.  As explained, it seems to be a system where you can get emails (opt-in) indicating what mail is headed your way.  Expecting something important?  They could, in theory, scan it and notify you on the sending end and you'll know it's en route.  The possibilities for this service seem interesting, but I'll remain somewhat cautious as to what they will implement.  What would be nice is if I could go to a web page and uncheck the things I don't want delivered, say, on a weekly basis.  Reduce what the letter carriers have to move around and let me filter my physical mail somehow.  We'll see.

Monday, July 10, 2017

Using ssh-agent for Remote Login Sessions

I work on a lot of remote systems via ssh logins.  It's very common for me to be remotely logged in to several systems throughout the day.  Not everything I do is from my workstation's login session.

A lot of the things I do, such as source code control with git, rely on ssh keys.  I have passphrases on my keys so every time I use git, ssh will prompt for the passphrase -or- will ask the running ssh-agent for the credentials.  On my graphical workstations, I have my X sessions set up to start ssh-agent upon log in and add all of the keys in ~/.ssh to the agent.  That way things like git push and git pull work quickly and without prompting me for the passphrase.  When I log out, the session goes away.

This does not work for remote sessions.  Once I log in to a system, I cannot use the agent running on my workstation.  I have added a block to my ~/.zshrc file to start an ssh-agent if one is not already running.  This handles interactive shell logins via ssh or at the console.  There are many ways to do this, but here's how I'm doing it (lines broken for posting here, anywhere there is a backslash, join it with the previous line and remove the backslash):

if [ -d "${HOME}/.ssh" ] && \
   [ ! -f "${HOME}/.noagent" ] && \
   [ -z "${TMUX}" ]; then
    # Start the SSH agent
    if [ -z "${SSH_AGENT_PID}" ] && \
       ( [ -z "${SSH_AUTH_SOCK}" ] || \
         [ ! -r "${SSH_AUTH_SOCK}" ] ); then
        eval $(ssh-agent)

        for pubkey in ${HOME}/.ssh/*.pub ; do
            privkey="$(basename ${pubkey} .pub)"
            [ -f ${HOME}/.ssh/${privkey} ] && \
                ssh-add ${HOME}/.ssh/${privkey}

Like I said, there are many ways to do this, but this is how I managed it.  I will walk through how this works:
  1. First, you need to have ~/.ssh.  I should modify this to make sure you have at least one public key, but I've made that assumption here because that will always be the case for.
  2. I also honor the ~/.noagent file in my home directory.  I can disable this entire block by touch ~/.noagent and it will skip right over it.  This file does not require anything in it, just that it exists.
  3. The test for ${TMUX} is important to ensure that each new pane I open in tmux does not start a new ssh-agent.  If you are using GNU screen, I am sure there's a similar test.
  4. The nested if will then check to see if an existing agent is running.  That's the test for SSH_AGENT_PID and SSH_AUTH_SOCK.  If those exist, I am going to assume ssh-agent is running because I otherwise do not use those environment variables,
  5. The eval line runs ssh-agent (which will background itself) and then sources in its stdout, which contains the SSH_AGENT_PID and SSH_AUTH_SOCK environment variables.
  6. The for loop iterates over all of your public keys and will add each one to the agent if there is a corresponding private key.  This part is interactive as ssh-add will prompt you for the passphrase for each key.
Another thing to note with zsh, which is the shell I'm using, is to avoid having this block in both ~/.zshrc and ~/.zprofile.  If you have both files and they are different, put this block in ~/.zprofile.  If you have one and the other is a symlink to the other, get rid of the symlink because the block will execute twice on interactive shell logins.

Lastly, you should make sure you kill the agent when you log out of your session.  For zsh, I add this to my ~/.zlogout file:

# Kill any running ssh-agent for this session
[ -z "${SSH_AGENT_PID}" ] || ssh-agent -k

Other shells have other mechanisms of running commands on logout.

So it's not perfect, but it does get me an agent running in my remote login sessions and that was my main goal.  I may make some tweaks to this over time, but for now this is what I'm using.

Sunday, July 2, 2017

Default Sorting and Threading in Thunderbird

I've recently set up Thunderbird at work for my email.  I was a long time console email user starting first with elm, then pine, the mutt, then pine again, then mailx, then mutt again.  Eventually I started using gmail and since we use that at work as well, the web interface became the path to least resistance.  But I've never really liked it.

Perhaps I've grown to a point where I don't find setting up mutt and maintaining a stack of support programs fun anymore.  Or maybe it's that when I find I need to slightly change something, I have to dig around online for a long time trying to figure out one obscure setting.  But I really think it's the searching archived mail that has caused to favor the web email client and now Thunderbird.

As I iron out the kinks with having my email in Thunderbird, I've collected some notes on how to change behavior for some things.  First on my list was getting it to sort email the way I prefer and thread messages correctly.  I found I could change this for each folder for an IMAP account, but the settings didn't seem to stick consistently.  Thunderbird offered no obvious default, so I poked around online and found that you can change the defaults via the config editor.

This is similar to the about:config editor in Firefox.  Access it through the Preferences dialog though.  There's a button for Config Editor.  The usual warning stops you, but proceed on.  Here are the changes I made:
  • By default, I want all IMAP folders polled for new messages, not just the Inbox.  Set mail.check_all_imap_folders_for_new to true.
  • I'm not sure what the default sort type is for mailnews, but everyone online seems to insist that having it set to 18 is what you want.  So I changed mailnews.default_sort_type to 18 (technically I didn't because it was already 18).
  • I prefer email messages to be sorted by date in descending order, so I changed mailnews.default_sort_order to 2.
  • I prefer email messages to always show threaded conversations, so I changed mailnews.default_view_flags to 1.
Now any other accounts I add will behave this same way.  I still have some other settings I want to tweak, but this is what I've done so far.

Friday, June 23, 2017

Progress Bar For dd(1)

The dd(1) command is frequently used to both make and write out image files, such as .iso files for Linux releases.  It's mostly intended for this and works fine, but a common complaint from users is the lack of a progress indicator.  It's true:  dd is silent until it's complete.  But you can get a progress bar with the pv(1) command.

pv is short for Pipe Viewer.  You can get it over here or install it from your distribution's packaging system.  For example, Fedora users can do dnf install pv.

Once you have pv installed, you can start getting progress output for console commands.  The man page has some good examples, including one for tar(1).  The man page also suggests using pv by itself as a replacement for dd entirely, but I have had limited success with that.  Here's what I do:
dd if=ISOFILE | pv -p -e -a -s BYTES | dd of=DEVICE bs=4096
OK, that's a lot, but it's not that bad.  dd reads from stdin when not told otherwise.  Likewise, it writes to stdout when not told otherwise.  In this example, we connect two invocations of dd using pv, which also has the same behavior.  By not specifying either on pv, it reads from stdin and writes to stdout.

The ISOFILE is the name of the image file I want to write, such as release-3.2.0-ppc64-20170623.iso.  BYTES is the size of the image file in bytes.  This is obtained any number of ways, such as the long listing from ls(1).  DEVICE is the device node you want to write the image to, such as /dev/sdh.

You could extend this and have the command determine the size of the ISOFILE directly, such as:
dd if=ISOFILE | pv -p -e -a -s $(stat -c %s ISOFILE) | dd of=DEVICE bs=4096
Now this is starting to look like something you could put in to a helper script in your own environment.  Just another tool for your command line adventures.

Sunday, June 18, 2017

Did Someone Say Trains?

No?  Well, I guess I did.  My new commute has me taking three different lines on our transit system to get to work.  It reminds me back to the early 2000s where I would constantly give friend after friend updates on the fact that MARTA is single tracking for the day.  Like anyone cares.

Last week's heat wave caused some hiccups on the MBTA.  The Internet fortunately gives us a venue for all of the experts to offer up comments on what is wrong with the system when anything out of the ordinary occurs.  So what happened that I noticed?
  • Green Line power surge near Kenmore Square.  Since it was a heat wave, my unscientific guess is that people were firing up air conditioners, which impacted the grid.  I only say this because it's happened before both here and in New York.  My intern was affected by this on his first day in the office, but it wasn't really a major thing.
  • Medical emergency on the Red Line.  Well, these tend to happen daily, but I think on the heat wave days there were more.
  • Trash fire on the Red Line.  This is the best one I heard about but still not better than the time I heard on the Green Line radio an operator calling dispatch to report a huge turtle on the tracks (different day, different year).
  • Slow commuter rail.  Likely a heat order from dispatch, but I am guessing.  In extremely hot weather, continuous welded rail can buckle or kink which can lead to a derailment.  This has happened on multiple occasions for both passenger and freight train.  A heat order [usually] requires passenger trains to go 10 or 20 mph below the maximum allowed speed.  The slower speed is meant to help engineers spot rail problems and report and avoid them.

I was only involved in one issue last week, not noted above.  I was going to catch the 5:50 pm outbound train from North Station.  We boarded and then at 5:55 pm, a conductor told everyone the train was out of service because the locomotive wouldn't move (breakdown!).  So we all had to detrain and retrain (crosstrain?).  That took about half an hour.  As we left the platform, we were not in time to beat the Amtrak Downeaster so we had to stop for it to pass.  We continued after it passed, but were traveling at medium speed.

People were very angry about the entire thing.  And yeah, I get it.  Karen was waiting for me at Bistro 5 and our plans changed up, but whatever.

Tuesday, May 30, 2017

Ineffective Meetings

I've tried posting this a few times from work but because we have Google Drive and Gmail and Google Calendar and all sorts of other googley bits all up in our network, it's impossible for it to believe that I may not want to use a particular Google service as my non-work self.  So here I am posting this from home.  Maybe I should return my blog to software on my own server rather than using Blogger.  Eh, a topic for another day.

Ineffective meetings have become a part of my daily work routine.  I'm not really sure when it happened but that doesn't really matter much now.  I've been with Red Hat now for almost 12 years.  In that time we have acquired many companies, released many versions of Red Hat Enterprise Linux, and undergone a huge growth in headcount that has ballooned all existing departments.  With this can come some institutional pain, but that's not strictly a bad thing.  In this post I want to concentrate on just meetings.

I recently started logging my weekly meeting attendance.  I log the date of the meeting, the starting time, the duration in minutes, how many minutes I spend contributing in a meaningful way (i.e., statements other than "yeah, sounds good"), whether or not the meeting has an agenda, and whether or not the meeting ends with any actionable things.  I should have also been logging the number of people in the meeting as well because that's a key indicator as to whether or not a meeting will be a giant waste of your time.

Why have I've been logging my meeting activity?  Well, I feel like I'm always catching up on my work.  Where has my time gone?  I feel like the majority of my useful working hours have been sucked up by ineffective meetings.  It's so bad that I generally dial in to a meeting from my desk at the office just so I can do other work and not be so rude in the meeting itself (also, I've been doing that for years anyway).

In the last week I spent 841 minutes in meetings.  That's 14 hours, or 35% of the scheduled work week.  And for what?  I couldn't tell you because it's just an information overload.  Many of the meetings repeat themselves, with the same people, and lack a clear goal.  Here are my observations:

  1. Duration.  Meetings at Red Hat, at least in engineering, are usually scheduled for 1 hour.  Big important meetings get 1.5 hours.  Seldom do you see 30 minute or 45 minute meetings.  One hour is a lot of time to fill, especially when you have no agenda.  My thought is that meetings should start with a short time limit and grow only when necessary.  Beyond 1 hour and you should really break it down in to multiple meetings -or- figure out why you need so much time.  Maybe what you are intending to cover doesn't need to happen in a meeting.

  2. A meeting should be 30 or 45 minutes, tops.  All hands meetings and other types of department wide meetings can be exceptions, likewise big quarterly or planning type meetings can be exceptions.  The point is, a regularly scheduled meeting in the day to day business of doing your work should not be long.

  3. Guests.  The majority of my meetings have too many people invited.  In one meeting there were 66 people on the call.  Sixty-six!  Only two people really talked.  Do we all need to be there?  If you have no reason for me to be there, DON'T INVITE ME!  If you think I might possibly maybe be tangentially interested in the work you are doing, send me the minutes.  If I am interested, you'll hear from me.

  4. The more people you invite to a meeting, the less likely you'll accomplish anything of value.  Have you ever tried ordering a pizza with a group of people?  It's difficult, right?  Everyone wants different types of toppings, or are allergic to some, or have food sensitivities to others.  But what happens when the 1 or 2 pizzas show up?  People eat other types that they didn't order, right?  Was it really necessary to involve everyone in the decision or could you have just ordered one large pepperoni and one large veggie and saved yourself some time?

  5. Agenda.  This one surprises me a lot.  People scheduling a meeting with no agenda.  Why are we here?  Even still, I go to meetings where the person who called the meeting immediately defers to someone else to get things going.  What?  Why are we doing this?  An agenda is short and states why we're holding a meeting.  It should also tell me why I'm being invited.  If I get an invite with no agenda, I will decline it.  Tell me why you are holding a meeting and what you expect from me.  Do you need my input?  Are you assigning work?

  6. Actions.  I really dislike the term action item, but it's relevant for meetings.  There should be a reason we are holding a meeting.  You are either asking me for information or asking me to do something.  Either way, we should come away from the meeting with new information related to the meeting topic or a list of things that need doing and who is doing them.

  7. End on Time.  Better yet, end early!  Many times we actually get through a meeting early, but people run out the clock with filler.  Why?!  End it early and give me back my time.  We can't come up with anything useful for 13 minutes of everyone's time, so let us all just go back to work.
I personally think a lot of people just like to fill up their schedule with meetings.  It certainly looks like you're working.  Crowded meetings also look really busy.  Sixty-six people on the call, wow that must be super important.

If you are going to schedule a meeting, ask yourself these questions:
  • Do I have an agenda?
  • Do I know who should be invited?
  • Does my agenda fit in 30 or 45 minutes?
  • Do I have a set of actions for the meeting?
If you answered no to any of them, take it to email.  So many of my meetings are just presentations.  Dump it on email and make me responsible for reading it in my own time.  I can also read that information and determine what, if anything, relates to my team and individuals on my team.

This only works when everyone is on board.  People feel guilty about declining a meeting.  Or if their boss goes to a meeting, they think they should go to.  While this may be true in some cases, it's not always the case.  Your time is worth something to the company and sitting in meetings doing nothing is probably not what they had in mind.  Make a case for your time being valuable.  Reclaim your work week so you don't feel like you are always behind and having to catch up.

Thursday, January 5, 2017

Web Browsers

After some recent annoyances using Firefox at work and seeing the memory in use by Firefox at home to almost 10GB, I have a renewed interest in looking at alternative web browsers.

Web browsers are not optional.  It accounts for nearly everything I do on the computer.  So it needs to be reliable, usable, and secure.  I have more or less always been a Netscape user and was excited when they open sourced the code in 1998.  Over time we saw Mozilla as a continuation of the (a?) Netscape code base and then eventually Firefox as a nice open source web browser.

But it's so slow.  Even on my dual Xeon, it's noticeably slow.  And the popularity of Firefox means it's a huge attack candidate, so we always see security updates for it.  This isn't Firefox's fault, it's a side effect of having popular software.

So anyways, back to browser alternatives.  Almost everyone has told me "Chrome!".  But that's going in the wrong direction for me, both in terms of the complexity and size of the browser as well as the walled garden of Googleworld.  Safari isn't an option for me because I don't use OS X.  Neither is Internet Explorer because I don't use Windows.  So I'm stuck looking for open source alternatives to Firefox.

I found that a lot of alternative browsers in the open source world are still going.  Dillo, for instance.  Even links, elinks, and lynx get mentioned from time to time.  But I have to have something that can work with modern web sites and not frustrate me.  For example,

WebKit really did make it possible for a lot of new browser projects to start up.  The rendering engine that began in the KDE project now supports a lot of big browser projects.  Looking through the alternatives available, I've narrowed it down to a handful that I want to try:
  • Midori
  • xombrero
  • surf
  • uzbl
Of these, I think that Midori or xombrero will likely be the ones that I actually find usable.  The last two are really out of curiosity.  The surf browser comes from the project.  That project aims to make alternatives to everyday software that, in their definition, does not suck.  Hit or miss, from what I can tell.  Sometimes the alternative offered is just too simple.  Sometimes it's great.  Where I think surf will irritate me is the lack of graphical controls, like being able to click a link.  It's all keyboard oriented.  uzbl appears to be similar, but I still want to look at both of these projects.

UPDATE:  This post has been sitting as a draft on my blog for maybe six months.  In that time I have tried to get WebKit going so I can build Midori or xombrero.  I have not been successful.  I am not running a mainstream Linux distribution so this is not a matter of just installing the distribution-provided packages.  Even if it were, I would likely struggle through building it from source because I prefer to understand at least a little bit about how the browser is put together.

It has been long enough, so maybe it's worth another try.  WebKit was extremely difficult to build, at least when I was passively working on it.  I could probably sit down and figure it out over a weekend but I don't really want to spend that much time on it.  However, recent releases of Firefox have left me thinking it might be worth the time.