this is my final posting on wordpress as i migrated to http://www.branchable.com/. my primary motivation was:

  • write articles offline
  • all articles/images and other files are managed using git
  • all articles written using markdown syntax
  • the blog stylesheet is based on templates also accessible via git
  • finally branchable offers hosting for a very good price without adds and the webinterface is not based on php

just vist http://blog.lastlog.de

the cloud

what does ‘cloud’ stand for?

simply speaking, a cloud consists similar computers (homogeneous hardware). usually every single cloud computer runs the same OS (host system), each controlling various guests. the main technical motivations are:

  • load balancing of cpu load (move the VM to a machine with more CPU power)
  • load balancing of input/ouput load (RAM increase; faster storage raid; in memory databases)
  • load balancing of bandwidth usage (move the VM to the most demanding users)
  • increase redundancy (reduce hardware failures; reduce power loss issues)
the main non-technical motivations seem to be:
  • marketing – ‘cloud’ sounds cool, although a ‘cloud’ is basically just a subset of the internet
  • vendor lock-in – probably no surprise to anyone
  • centralization – cheaper to manage; grants more control over the platform

if you are a customer to a service which is hosted in the cloud you usually don’t see the cloud at all, hence the term ‘cloud’:

  • amazon: when buying books or other things
  • google: using google search; reading email; google maps
  • microsoft azure: whatever that platform is good for, is actually anybody using this?
if you are using one or more machines from a cloud, there are basically two interesting patterns:
  • actively maintain each computer: implement distributed file systems and distributed services
  • using an abstraction: someone implemented the handling of nodes and services you are going to develop thus it is running on top of an abstraction
to sum up, if you want to use cloud computers, you have to decide between:
  • SaaS – Software as a Service (something like google mail)
  • PaaS – Platform as a Service (something like ms azure / amazon e2)
as the trend in hardware design is going towards multicore along with NUMA it seems the cloud is undergoing similar changes. as a rule of thumb i’d say that ‘cloud computing can be seen as an approach to build a distributed operating system‘.

cloud problems

not too long ago you would have maintained your own infrastructure with access to the hardware and software used. but times have changed and the americanization of things, that is by building ‘super services’, is about to change the internet yet again.

i see this issues (no special order):

loss of control

this is probably the strongest argument against using third party proprietary services as you can’t fix it when it is broken. but cloud computing usually means a loss of privacy as well. the article [2] mentioning various points from richard stallman and larry ellison probably makes this point clear. it is interesting to see this SaaS wikipedia article [3] which reads like a campaign for SaaS – probably written by someone with a marketing background. there is the dangers to loose your data to foreign countries, as mentioned in [7].

loss of own infrastructure

you don’t have your own infrastructure anymore, thus you don’t have physical control over your devices. additionally you then depend on working internet connections. it is likely that the infrastructure you rely on runs in one or several different countries.

loss of software not designed for the cloud

the various versions of the GPL had a great influence on how software could be used and distributed but with the advent of the cloud this changes drastically. the way programs, especially webservices, are designed makes the GPL concept useless as it does not affect you at all. however, there is a new license, the ‘Affero General Public License’ [4] which fills that gap.

why is wordpress is not licensed AGPL i wonder? my first guess is laziness as every author of every single patch would have to be asked for license change persmission. but the wordpress hosters could be using the GPL to greenwash their software as they would not have to hand out proprietary extension which might not be released. but who knows?!

loss of knowledge how to setup services similar to today’s cloud servcies

think about email – who operates his own mailserver nowadays? most friends of mine use google mail and this implies: once you are familiar with a service and its workflow you usually do not want to change. especially if the service seems to be free as in google mail for example (but most of my friends seem not to care that google replaced ‘currency’ by ‘privacy’ which is used as payment instead).

as a consequence the knowledge about how to run your own mail server gets lost. if you understand german, listen to alternativlos 18 – ‘Peak Oil, den Weltuntergang, und wie man sich vorbereiten kann’ [5] minute 74 ff – they discuss this issue.

my personal experience

i have a strong tendency to use devices which are capable of bringing me certain services offline. this is why i put a lot of effort into the evopedia application for instance. the nokia n900 is probably another good example where i try to maintain an offline infrastructure – i didn’t even have mobile internet on the n900 for a complete year and yet i was able to do most things using sip/mappero/evopedia and others.

here are some thoughts about online services i use:


i use wordpress.com right now and i really hate it for these points:

  • you can’t write offline
  • initial uploading images or updating them is a frustrating process
  • i sometimes loose parts of articles while writing
  • there is no good backup process for offline backups
  • i hate the WYSIWYG editor as it does not work very well
  • wordpress is inconsitent in producing a good web 2.0 workflow, it feels like reloading the page all the time instead of doing so for single dom-tree elements only, as it would be done with web 2.0; if you don’t trust me, have a look at [6] – how the upcoming wikipedia editor works
of course i could host wordpress on my own webserver and i wanted to do that for a long time. the problem is that wordpress is optimized to be run on wordpress.com thus i think it might be too much work for me to support it with proper security updates and plugin management. instead i search for a blog system which uses markdown in combination to git but i didn’t find yet what i am searching for.
don’t get me wrong, i really like wordpress but i don’t like this dependency and lack of flexibility using their software.

google mail/docs

i really love ‘google docs’ as it is a wonderful collaborative platform but i can’t use it as i have to disclose all documents to google i’d be working on.

google android

like google mail and google docs, android has a very good cloud integration. but if you want to use services other than google’s, it is a horrible platform. for instance i keep installing xabber [12] although google uses jabber but intentionally made you require to install third party software in order to use non google jabber. same goes for most other services. if i had to use an android phone i would buy one with proper CyanogenMod [13] support.


great service for source code hosting using git. still the platform itself is not available like for http://gitorious.org/ or  http://gitlabhq.com/. github.com uses a wiki which is bound to the platform and not contained in the git repo.

note: although i never used http://www.fossil-scm.org i like the idea that it contains a wiki in the repository as well

i use github.com only for free and open source projects.

better without clouds

the conventional use of the term ‘cloud’ simply indicates a buzzword or business term for vendor lock-in and centralized infrastructure you don’t have control of. that is good to know as it helps to recognize and avoid such services. what one should use instead is decentralized infrastructure located near the user, connected to the internet where needed, giving the user the control over the platform.

arguably this concept is implemented as a new trend called ‘personal cloud‘ or ‘private cloud server‘. but these terms are limiting the trend to personal or private matters, yet i would like to see it in businesses as well.


following the concept of decentralization users can host their own files and other things as address books / calenders on their own home devices.

a list of interesting devices to give you an idea:

  • sheevaplug [9] – there is even a nixos version for this device (by viric)!
  • pogoplug [10]
  • tonidoplug [11]
  • fritz!box (with myfritz and fritznas) [14]


software implementing services

a list of software i find interesting:

  • despora [15] – decentralized facebook
  • owncloud [16] – dropbox like service
  • sparkleshare [21] – is a collaboration and sharing tool that is designed to keep things simple and to stay out of your way.
  • tomahawk [19] – a nice music streaming service
  • various p2p / torrent like services:
    • mldonkey [17]

still most ‘personal or private clouds’ scale differently compared to the big 3 mentioned in the beginning of this article. for instance, most of these services are configured in the client/server way and they usually do not implement concepts as failover, backups or load balancing. for that to happen it requires a new set of tools and decentralized frameworks based on p2p technologies – which has just not happened yet.

there is also a political issue: most internet users do not have a decent upload channel, which basically means that their internet connection is not very good.

software for managing services

  • openshift [20] – is a cloud computing platform as a service product from red hat
  • openstack [21] – is a global collaboration of developers and cloud computing technologists producing the ubiquitous open source cloud computing platform for public and private clouds.
  • disnix [8] – is a distributed deployment extension for Nix, a purely functional package manager.
i’ve used neither but i like to point out that there is ongoing open source involvement and interestingly non of these technologies are used in private clouds. private clouds seem to implement the classical client/server paradigm at the moment. there is a remarkable exception, that is filesharing using p2p/kademlia which implements a basically read only storage which scales pretty well already.

a matter of design

to make the private cloud or a decentralized cloud a success we need:

  • a standardized package manager with proper software life-cycle management
  • symmetrical internet connections with decent upload/download speeds
  • transparent support for scalability/reliability/redundancy (the points mentioned in the beginning of the article)
  • powerful hardware with low power usage but capable of high loads
  • encryption and certificates or a chain of trust
  • ipv6 – we need good endpoint communication capabilities
  • a clear understanding of where we want to put our personal data and how we can protect it
i think each requirement on its own is already implemented somewhere but not in combination to each. there is not yet a library providing the software/protocol requirements and the hardware is either not powerful enough or is not intended to be used in that way required.


still it is a long way for the private clouds to have the same level of features/quality as the big clouds already have. for the time being it seems to be complicated for the average internet user to use the internet without loosing too much of his individuality, thus the freedom of expression.


[1] http://www.google.de/search?sourceid=chrome&ie=UTF-8&q=richard+stallman+cloud

[2] http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman

[3] http://de.wikipedia.org/wiki/Software_as_a_Service

[4] http://en.wikipedia.org/wiki/Affero_General_Public_License

[5] http://alternativlos.org/18/

[6] https://www.mediawiki.org/wiki/VisualEditor:InezSandbox

[7] http://www.engadget.com/2011/06/30/microsoft-european-cloud-data-may-not-be-immune-to-the-patriot/

[8] http://nixos.org/disnix/

[9] http://de.wikipedia.org/wiki/SheevaPlug

[10] http://pogoplug.com/

[11] http://en.wikipedia.org/wiki/Tonido

[12] http://www.xabber.com/

[13] http://www.cyanogenmod.com/

[14] https://www.myfritz.net/was_ist_myfritz.xhtml

[15] http://de.wikipedia.org/wiki/Diaspora_(Software)

[16] http://de.wikipedia.org/wiki/Owncloud

[17] http://de.wikipedia.org/wiki/Mldonkey

[18] http://trac.edgewall.org/

[19] http://www.tomahawk-player.org/

[20] http://en.wikipedia.org/wiki/OpenShift

[21] http://openstack.org/

[22] http://sparkleshare.org/

what is this?

for years i wanted to be able to change from a wireless setup to a wired one in a transparent fashion, that is:

  • without having to configure
  • without loosing active connections
  • with the ability to expand bandwidth when needed
but altough this seems to be a default on mac os x and maybe on windows vista+ (not sure for windows) it never worked on linux. this was probably caused by the fact: that i tried to use a bridge at first and wlan does not go well together with ethernet (kernel related limitiation; maybe MTU settings?).
i can’t remember why bonding failed last time i tried it (2years ago?) – maybe because of the used linux drivers?

how does it work?

OXIGEN ICON THEME Oxygen icon theme is dual licensed. You may copy it under the Creative Common Attribution-ShareAlike 3.0 License or the GNU Library General Public License.  i created this image; please feel free to use either of the above liceneses when using my composition of the image (nixos_bonding.png)

bond0/br0 abstraction

first read the manual at [1]. here is the sequence of actions i had to take:

rmmod bonding
modprobe bonding mode=active-backup miimon=100 primary=eth0
ifconfig bond0 up
ifenslave bond0 eth0 --verbose

since wlan drivers are somehow odd from time to time i usually prefer to shut wlan0 down:

ip l set wlan0 down

my first and failed attempt to to get wlan0 to bond0:

# ifenslave bond0 wlan0 --verbose
ifenslave.c:v1.1.0 (December 1, 2003)
o Donald Becker (becker@cesdis.gsfc.nasa.gov).
o Detach support added on 2000/10/02 by Willy Tarreau (willy at meta-x.org).
o 2.4 kernel support added on 2001/02/16 by Chad N. Tindel
 (ctindel at ieee dot org).
ABI ver is 2
current hardware address of master 'bond0' is 00:23:7d:00:ff:fe, type 1
Interface 'wlan0': flags set to 1002.
Interface 'wlan0': address cleared
Master 'bond0': Error: SIOCBONDENSLAVE failed: Operation not possible due to RF-kill
Master 'bond0': hardware address set to 00:23:7d:00:ff:fe.
Slave 'wlan0': MTU set to 1500.
Master 'bond0', Slave 'wlan0': Error: Enslave failed

so after disabling the RF-kill (i have a wlan rf-kill switch on the keyboard)

ifenslave bond0 wlan0

just to make sure all services work as expected, i restart them:

stop dhcpcd
dhcpcd bond0
stop wpa_supplicant
start wpa_supplicant
ip a
2: eth0:  mtu 1500 qdisc pfifo_fast master bond0 state UP qlen 1000
 link/ether 00:23:7d:00:ff:fe brd ff:ff:ff:ff:ff:ff
3: wlan0:  mtu 1500 qdisc mq master bond0 state UP qlen 1000
 link/ether 00:23:7d:00:ff:fe brd ff:ff:ff:ff:ff:ff
5: bond0:  mtu 1500 qdisc noqueue state UP
 link/ether 00:23:7d:00:ff:fe brd ff:ff:ff:ff:ff:ff
 inet brd scope global bond0
 inet6 fe80::223:7dff:fe00:6ec8/64 scope link
 valid_lft forever preferred_lft forever


  • eth0/wlan0/bond0 all share the same mac address now
  • eth0/wlan contain tha SLAVE flag
  • all are in state UP
also note: i do not use wicd/network manager
# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_req=1 ttl=50 time=30.8 ms
64 bytes from icmp_req=2 ttl=50 time=28.4 ms
64 bytes from icmp_req=3 ttl=50 time=30.5 ms (here i unplug eth0)
64 bytes from icmp_req=4 ttl=50 time=30.5 ms
64 bytes from icmp_req=5 ttl=50 time=31.4 ms
64 bytes from icmp_req=6 ttl=50 time=30.9 ms
64 bytes from icmp_req=7 ttl=50 time=32.2 ms
--- ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6008ms
rtt min/avg/max/mdev = 28.420/30.708/32.215/1.105 ms

i also did some bandwidth tests downloading a big file from my local samba server and it changed from slow when being on wlan to fast when plugging in the cable (took about 1-3 seconds)

the only problem so far:

  • konqueror won’t resolve smb://foobar/ to the smb:// ip

this might be caused as i use the code below in my smb.conf, see [2]:

 server string = foobar
 netbios name = foobar

and netbios might have problems with this setup (but i doubt that, it is probably some konqueror related issue)


hope i covered all requirements:

  • the LAN and WLAN have to be bridged on the router, thus both have to be in the same collision domain (this means that both lan/wlan share the same ip range and devies bound to either can see each others MAC addresses)
  • i use wpa_supplicant and wpa2 encryption, so wpa_supplicant must work when using encryption
  • lspci showed:
    • 03:00.0 Network controller: Intel Corporation Ultimate N WiFi Link 5300
    • 00:19.0 Ethernet controller: Intel Corporation 82567LM Gigabit Network Connection (rev 03)
  • Linux eliteBook-8530w 3.2.20 #1 SMP Tue Jun 12 22:57:17 UTC 2012 x86_64 GNU/Linux
  • ifenslave.c: v1.1.0 (December 1, 2003)
    • it might make sense to call ifenslave with –verbose because only then one can see that


i will make this a default setup for sure:

  • yet i need to package ifenslave as i can’t find it on nixpkgs
  • maybe bonding should be integrated similar to “networking.bridging”, see [3]
  • i wonder how wicd might be affected by bonding
anyway, to see this working at least is a good thing!


[1] http://www.kernel.org/doc/Documentation/networking/bonding.txt

[2] https://nixos.org/wiki/Samba_on_nix

the problem

lately nix-channel stopped working with this error message:

# nix-channel --update
fetching list of Nix archives at `http://nixos.org/releases/nixos/channels/nixos-unstable/MANIFEST.bz2'...
 % Total % Received % Xferd Average Speed Time Time Time Current
 Dload Upload Total Spent Left Speed
100 421 100 421 0 0 5212 0 --:--:-- --:--:-- --:--:-- 10023
 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
caching /nix/store/2n6ifd0gyw3cg4v780yxdl307sfi4mmv-MANIFEST.bz2...
bzip2: (stdin) is not a bzip2 file.
you have an old-style or corrupt manifest `/nix/var/nix/manifests/nixos-unstable nixos-d8b23fa7b687df69ca99c50a659cb9b7.nixmanifest'; please delete it at /nix/store/gq4mqkg155jbpdzs44s6nc6ys1q3aqmh-nix-1.0pre2614_005d1e4/lib/perl5/site_perl/5.14.2/x86_64-linux-thread-multi/Nix/Manifest.pm line 346.
cannot pull cache manifest from `http://nixos.org/releases/nixos/channels/nixos-unstable' at /var/run/current-system/sw/bin/nix-channel line 88.

the fix

# ls -la /nix/var/nix/manifests/

total 28
drwxr-xr-x 2 root root 4096 Jun 6 20:19 ./
drwxr-xr-x 11 root root 4096 Jun 4 12:36 ../
-rw-r--r-- 1 root root 0 Jun 6 19:44 cache.lock
-rw-r--r-- 1 root root 10240 Jun 6 19:44 cache.sqlite
-rw-r--r-- 1 root root 0 Jun 6 20:19 cache.sqlite-journal
lrwxrwxrwx 1 root root 56 Jun 6 20:19 nixos-unstable-1b76fe40b585f44b15266540562d24b5.nixmanifest -> /nix/store/xrl4xmx6jz3zvcqwfy3k2qfycdh2454n-MANIFEST.bz2
-rw-r--r-- 1 root root 64 Jun 6 20:19 nixos-unstable-1b76fe40b585f44b15266540562d24b5.url
lrwxrwxrwx 1 root root 56 Jun 6 19:44 nixos-unstable\ nixos-d8b23fa7b687df69ca99c50a659cb9b7.nixmanifest -> /nix/store/2n6ifd0gyw3cg4v780yxdl307sfi4mmv-MANIFEST.bz2
-rw-r--r-- 1 root root 70 Jun 6 19:44 nixos-unstable\ nixos-d8b23fa7b687df69ca99c50a659cb9b7.url

first, remove all the manifests

# rm /nix/var/nix/manifests/*

then we can remove the store entry:

# nix-store --delete /nix/store/xrl4xmx6jz3zvcqwfy3k2qfycdh2454n-MANIFEST.bz2 1 888 3 pts/17 /nix/var/nix/manifests root@eliteBook-8530w 12-06-06 21:35:59
finding garbage collector roots...
removing stale link from `/nix/var/nix/gcroots/auto/v6aa8ai44dd10ypv8vg6shf8b5mzkhfn' to `/nix/var/nix/gcroots/per-user/root/channels.tmp'
deleting `/nix/store/xrl4xmx6jz3zvcqwfy3k2qfycdh2454n-MANIFEST.bz2'
1 store paths deleted, 6557759 bytes (6.25 MiB, 12840 blocks) freed

afterwards nix-channel –update works

# nix-channel --update
fetching list of Nix archives at `http://nixos.org/releases/nixos/channels/nixos-unstable/MANIFEST.bz2'...
 % Total % Received % Xferd Average Speed Time Time Time Current
 Dload Upload Total Spent Left Speed
100 421 100 421 0 0 5191 0 --:--:-- --:--:-- --:--:-- 10023
 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
cached contents of ‘http://nixos.org/releases/nixos/channels/nixos-unstable/MANIFEST.bz2’ disappeared, redownloading...
 % Total % Received % Xferd Average Speed Time Time Time Current
 Dload Upload Total Spent Left Speed
100 421 100 421 0 0 5221 0 --:--:-- --:--:-- --:--:-- 10268
100 6404k 100 6404k 0 0 1499k 0 0:00:04 0:00:04 --:--:-- 1705k
caching /nix/store/xrl4xmx6jz3zvcqwfy3k2qfycdh2454n-MANIFEST.bz2...
downloading Nix expressions from `http://nixos.org/releases/nixos/channels/nixos-unstable/nixexprs.tar.bz2'...
 % Total % Received % Xferd Average Speed Time Time Time Current
 Dload Upload Total Spent Left Speed
100 425 100 425 0 0 5417 0 --:--:-- --:--:-- --:--:-- 10365
100 3701k 100 3701k 0 0 1404k 0 0:00:02 0:00:02 --:--:-- 1627k
unpacking channel Nix expressions...
these derivations will be built:
building path(s) `/nix/store/r3i2m2by6hcsa3ic99nyhjdb7p551izl-channels'
unpacking channel nixos-unstable


i don’t know why it stopped working. maybe i did checkout the wrong channel by mistake? but maybe someone else might find himself in the same situation and this posting might help to get things going quickly.

thanks to niksnut@freenode#nixos

a short ‘guide’ on how to use meld for merges in svn.

this has been discussed on many blogs but since i had this issue twice now and especially since svn changed the parameter list and therefore many pages describing this are thus wrong, here it is again. also nobody seems to implement the workflow i like, that is:

  • on the left side is the file to be edited
  • on the right side is the new version (this file is only important while merging)
workflow: what ~/.meld does is to give you MINE and THEIRS for merging into MINE (MINE is the left side document). after the merge it would copy the modified MINE over MERGED. and once the conflict is marked ‘resolved‘ all the different files will vanish and leave a working set of files.


merge-tool-cmd = /root/.meld


### the specified command: base theirs mine merged wcfile
/nix/var/nix/profiles/default/bin/meld $3 $2
# this cp copies mine to merged
cp $3 $4
exit 0

afterwards don’t forget to make it executable & install meld of course:

chmod u+x .meld
nix-env -i meld

the merge:

svn up
Updating '.':
A pkgs/applications/misc/gnome_terminator
A pkgs/applications/misc/gnome_terminator/default.nix
U pkgs/applications/version-management/git-and-tools/svn2git-kde/default.nix
A pkgs/applications/graphics/zgrviewer
A pkgs/applications/graphics/zgrviewer/default.nix
U pkgs/applications/audio/audacious/default.nix
U pkgs/applications/audio/yoshimi/default.nix
U pkgs/lib/platforms.nix
G pkgs/top-level/all-packages.nix
U pkgs/top-level/haskell-defaults.nix

Conflict discovered in '/etc/nixos/nixpkgs/pkgs/top-level/python-packages.nix'.
Select: (p) postpone, (df) diff-full, (e) edit,
 (mc) mine-conflict, (tc) theirs-conflict,
 (s) show all options: <strong>l</strong>
  1. type ‘l‘ (like linux) on the keyboard
  2. on the left side is the file you want to patch, so make changes to the left side and save the document
  3. now close meld
  4. back on the shell, type ‘r‘ (for resolved)
  5. continue with other conflicts

Evopedia Icon

for quite some time i use a wiki at lastlog.de, a mediawiki to be precise, and i wonder why there is no wide adaptation towards the wiki principle. with that i don’t mean collaborative editing but, somehow in contrast, the principle to be quotable.

lately, out of curiosity, i scrolled through my diploma thesis and checked the overall link stability. some were broken. however, all wikipedia links worked. as stated in the document itself, i explicitly link to the wikipedia because of its link stability. if i would have liked i could have even linked to a certain revision. but i decided not to, as the reader always has the option to look at an older revision, based on date and time.

the more interesting aspect, that is why i linked to wikipedia articles, is that i don’t want to waste time describing something when there is a different place doing so already. if someone is smart enough to follow my ideas in my diploma thesis i assume the same when it comes to judging about the quality of wikipedia articles. and before linking a keyword (like ‘package manager’) to a certain wikipedia article, which should describe it, i always read the article. the idea is twofold: first i like to see if my conception or understanding matches with what is in the article. second, if that is the case, i would simply link it and forget about the whole thing. but if my understanding does not match with the article i can evaluate my or their version as being better and pick what fits best.

for some online articles i had to link, i wasn’t even able to provide a direct link and therefore added a google search link into the document.

wiki editing has so many benefits, like being able to rollback to a previous version. do collaborative work. why is there no wiki like support, say when editing libre office/word documents? maybe because back in time that was considered a waste of bits&bytes but using compression that can’t be an argument today.

here is a use-case where that would be great: say you write a document and you pass it to someone else for review and corrections. often i would like the other person doing whatever change he wants to do and later be able to rollback this or that change. with a wiki like document structure this would be very easy.

if you don’t follow, just have a look at this link:


and about link stability: this link might even work when this blog is long gone. 

i see so many benefits by using wikis and wiki like concepts but despite of the wiki-web principle and decentralized VCSs there seems to be no wide use of it.

IMHO i think a webpage, even this wordpress blog, which does not implement a wiki principle, is kind of stupid as one can never be certain what is going on. one could say such a page is schizophrenic to some degree.

hopefully this will change in the future.

update: 11.5.2012 – it would be desirable if the mentioned link stability would be independent of a strict TLD (top level domain). for example: if i move this blog to a different location, say to invalidmagic.de then all the articles here stop working and the links from other pages into this article will fail.

what is this?

i recently upgraded my hetzner root server and therefore had a system with 2x3tb disks. as fdisk can’t be used to partition disks > 2tb i had to use gpt instead which was quite tricky until it was working. so here is my installation guide. parts of it applies also to other distributions.

this guide uses concepts from the hetzner wiki OpenBSD installation guide [1].


  • gpt is used for both disks
  • there is no extra /boot partition (the system will directly boot from the lvm which is on top of the mdadm); this works since grub2
  • this setup is pretty similar to using fdisk (MBR) partitions
  • this guide still uses BIOS to boot (no EFI/UEFI)
  • /dev/sda1 and /dev/sdb1 are very small partitions (2Mib); they are used to store the grub2 boot stages, see [5]

disk layout

update: 26.5.2012: updated the image according to the swap comment from nbp. swap should not be in the lvm as it might degrade the performance.

the installation

first remove old partitions/mdadm setups


lvremove /dev/myvolgrp/home
lvremove /dev/myvolgrp/system
lvremove /dev/myvolgrp/swap
vgremove myvolgrp
pvremote /dev/md0
mdadm --stop /dev/md0
# to remove the md0 permanently
mdadm --zero-superblock /dev/sda1
mdadm --zero-superblock /dev/sdb1

creating the partitions

update 26.5.2012: also add the swap partition here (not done below!).

parted /dev/sda
mklabel gpt
mkpart non-fs 0 2
mkpart primary 2 3001G
Number Start End Size File system Name Flags
1 17.4kB 2000kB 1983kB non-fs
2 2097kB 3001GB 3001GB primary

set 1 bios_grub on
Number Start End Size File system Name Flags
1 17.4kB 2000kB 1983kB non-fs bios_grub
2 2097kB 3001GB 3001GB primary

creating the new mdadm softraid device

mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda2 /dev/sdb2
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understands md/v1.x metadata, or use
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.


pvcreate /dev/md0
Physical volume "/dev/md0" successfully created

vgcreate myVolGrp /dev/md0
Volume group "myVolGrp" successfully created

lvcreate -n system -L50G myVolGrp
lvcreate -n swap -L8G myVolGrp

mkfs.ext4 -O dir_index -j -L system /dev/myVolGrp/system
mkswap -L swap /dev/myVolGrp/swap

note: the disk layout diagram mentiones a tmp partition which happended to be added later 😉

using a virtual machine + vnc to boot the iso image

preparing the host system:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

on the hostsystem

#download latest console only 64bit nixos installer

make sure /dev/myVolGrp/system and /dev/myVolGrp/swap are not in use:

apt-get install sudo
qemu-system-x86_64 -enable-kvm -m 1024 -hda /dev/md0 -net nic -net tap -cdrom nixos-minimal-0.1pre33860-33874-x86_64-linux.iso -boot d -vnc localhost:0

note: in contrast to original article [1] i use ‘-enable-kvm’ which speeds things up!

from your homecomputer

execute this two commands (in two different shells):

ssh -L 5900:localhost:5900 root@
vncviewer localhost

inside the qemu/kvm system via vncviewer

how we have to prepare install the system on the devices we had preparted in the steps before:

inside do:
login as root
mount -L system /mnt

cd /mnt
nixos-option --install
vi /etc/nixos/configuration.nix

stop dhcpcd
ip a add dev eth0
ip r add via
echo "nameserver" > /etc/resolv.conf
# use ping www.google.de to verfy that the routing is working

# example url, configuration.nix is appended to this article
curl http://lastlog.de/configuration.nix
mv configuration.nix /mnt/etc/nixos/configuration.nix
# now the installation, make sure you read the nixos installation guide as well, but in short:
# only the grub2 installation should have failed (as there is no /dev/sda1 in the virtual machine!)
#finally we halt the system

im hostsystem we need to install grub2:

apt-get install grub2
grub-install --no-floppy --root-directory=/mnt --recheck /dev/sda
Installation finished. No error reported.

grub-install --no-floppy --root-directory=/mnt --recheck /dev/sdb
Installation finished. No error reported.

# now we add a ssh key so we can login into this system later on
cd /mnt
mkdir root
cd root
mkdir .ssh
chown 0700 .ssh/
cd .ssh
echo "ssh-rsa AAAAB3Nz.....aU79sGVhyOPRz joachim@ebooK" > authorized_keys

from your homecomputer login into the installed system (reboot the host) and then issue this command:

ssh root@ -i ~/.ssh/myprivatekey

after the first login, nixos-rebuild switch might fail with this error message:

nixos-rebuild switch --fast
building the system configuration...
updating GRUB 2 menu...
installing the GRUB bootloader on /dev/sda...
/nix/store/iaypdz5mm1qk8izs9412cb28v9vwwcn4-grub-1.99/sbin/grub-probe: error: no such disk.
Auto-detection of a filesystem of /dev/mapper/myVolGrp-system failed.
Try with --recheck.
If the problem persists please report this together with the output of "/nix/store/iaypdz5mm1qk8izs9412cb28v9vwwcn4-grub-1.99/sbin/grub-probe --device-map="/boot/grub/device.map" --target=fs -v /boot/grub" to
grub-probe --device-map="/boot/grub/device.map" --target=fs -v /boot/grub
grub-probe: info: Cannot stat `/dev/disk/by-id/scsi-35000c5003f556643', skipping.
grub-probe: info: Cannot stat `/dev/disk/by-id/scsi-35000c5003f5363a6', skipping.
grub-probe: info: changing current directory to /dev.
grub-probe: info: changing current directory to pts.
grub-probe: info: changing current directory to shm.
grub-probe: info: changing current directory to myVolGrp.
grub-probe: info: changing current directory to md.
grub-probe: info: changing current directory to disk.
grub-probe: info: changing current directory to by-label.
grub-probe: info: changing current directory to by-uuid.
grub-probe: info: changing current directory to by-partlabel.
grub-probe: info: changing current directory to by-partuuid.
grub-probe: info: changing current directory to by-path.
grub-probe: info: changing current directory to by-id.
grub-probe: info: changing current directory to snd.
grub-probe: info: changing current directory to mapper.
grub-probe: info: opening myVolGrp-system.
grub-probe: error: no such disk.

so what is inside this device.map anyway?

cd /boot/grub
cat device.map
(hd0) /dev/disk/by-id/scsi-35000c5003f556643
(hd1) /dev/disk/by-id/scsi-35000c5003f5363a6

Jordan_U#grub@irc.freenode.net recommended to remove the device.map. that made it work:

rm /boot/grub/device.map


took quite some time to figure all this out so i guess someone else might have interested in this guide as well. i also tried to install, using EFI, but soon discovered that this might be a very complicated road to go and therefore skipped that.
it is cool to see that there is a very helpful community surrounding key projects required to get this installation done. i would have had to spend much more time if i wouldn’t have had someone to ask from time to time.


[1] http://wiki.hetzner.de/index.php/OpenBSD
[2] https://wiki.archlinux.de/title/Gpt
[3] https://wiki.archlinux.org/index.php/GRUB2#GPT_specific_instructions
[4] http://www.wensley.org.uk/gpt
[5] http://en.wikipedia.org/wiki/GNU_GRUB#GRUB_version_2


# Edit this configuration file which defines what would be installed on the
# system. To Help while choosing option value, you can watch at the manual
# page of configuration.nix or at the last chapter of the manual available
# on the virtual console 8 (Alt+F8).

{config, pkgs, ...}:

require = [
# Include the configuration for part of your system which have been
# detected automatically.

boot.initrd.kernelModules = [
# Specify all kernel modules that are necessary for mounting the root
# file system.
# "ext4" "ata_piix"
"af_packet" "snd_pcm_oss" "snd_mixer_oss" "rtc_cmos" "rtc_core" "rtc_lib" "snd_hda_codec_via" "i915" "joydev" "drm_kms_helper" "snd_hda_intel" "rng_core" "drm" "snd_hda_codec" "thermal" "i2c_algo_bit" "button" "snd_hwdep" "intel_agp" "psmouse" "i2c_i801" "evdev" "snd_pcm" "video" "agpgart" "pcspkr" "serio_raw" "iTCO_wdt" "i2c_core" "snd_timer" "output" "e1000e" "snd" "soundcore" "snd_page_alloc" "sg" "loop" "ipv6" "kvm" "freq_table" "processor" "thermal_sys" "hwmon" "ext4" "mbcache" "jbd2" "crc16" "raid456" "async_pq" "async_xor" "xor" "async_memcpy" "async_raid6_recov" "raid6_pq" "async_tx" "md_mod" "sd_mod" "crc_t10dif" "sata_sil" "ata_piix" "dm_mod" "usb_storage" "usb_libusual" "usbhid" "hid" "ohci1394" "ieee1394" "ahci" "libata" "scsi_mod" "ehci_hcd" "uhci_hcd" "usbcore" "nls_base" "scsi_wait_scan" "unix"

boot.loader.grub = {
# Use grub 2 as boot loader.
enable = true;
version = 2;

# Define on which hard drive you want to install Grub.
devices = [ "/dev/sda" "/dev/sdb" ];
boot.extraKernelParams = [ "vga=normal" "nomodeset" ];

networking = {
hostName = "nix9000"; # Define your hostname.
# wireless.enable = true; # Enables Wireless.

# Add file system entries for each partition that you want to see mounted
# at boot time. You can add filesystems which are not mounted at boot by
# adding the noauto option.
fileSystems = [
# Mount the root file system
{ mountPoint = "/";
#device = "/dev/sda2";
label = "system";
#{ mountPoint = "/boot";
# label = "boot";

# Copy & Paste & Uncomment & Modify to add any other file system.
# { mountPoint = "/data"; # where you want to mount the device
# device = "/dev/sdb"; # the device or the label of the device
# # label = "data";
# fsType = "ext3"; # the type of the partition.
# options = "data=journal";
# }

swapDevices = [
# List swap partitions that are mounted at boot time.
{ label = "swap"; }

# Select internationalisation properties.
# i18n = {
# consoleFont = "lat9w-16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };

# List services that you want to enable:

# Add an OpenSSH daemon.
services.openssh.enable = true;

# Add CUPS to print documents.
# services.printing.enable = true;

# Add XServer (default if you have used a graphical iso)
# services.xserver = {
# enable = true;
# layout = "us";
# xkbOptions = "eurosign:e";
# };

environment.systemPackages = with pkgs; [
zsh wget wgetpaste vimprobable2

# Add the NixOS Manual on virtual console 8
#services.nixosManual.showManual = true;

quantium cracking

i just finished listening to “Episode 176: Quantum Computing” [1] and this is really a great podcast. like the whole SE-Radio btw!

this podcast really inspired me and on the way back from work, i was thinking about the possibility to exploit software using quantum computing.

quantum cracking that is. it would work like this: assume you have a program or function which gets input. the ultimate goal is to find some input which will crash the program. using a quantum computer this is probably not that hard to compute.
i could imagine that quantum computing could also be used for software verification, which is actually quite the opposite of what quantum cracking would be.

so when quantum computers arrive we do not only lose AES/RSA but our computers will be open to everyone with such a system. hopefully such systems spread soon, which might compensate the negative effect, maybe with quantum cryptography.

but as martin laforest says: at the end of the day i still don’t know when this technique will arrive. but when it arrives it will turn security upside down.

the most promising aspect of quantum computing, which is mentioned in the podcast, is that it will enable detailed quantum research which i consider a very cool thing as it will help to understand what goes down there.



what is this

since i might require such an setup more often i post it here, so i don’t forget it (see [1]).

this guide works great for fdisk+mdadm+LVM but it did not work for parted lately using ubuntu server. i don’t know why, maybe because of the raid controller?

in case someone removes the commands from the nixos wiki, here are the commands again:

  mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1

  pvcreate /dev/md0
  vgcreate myvolgrp /dev/md0
  lvcreate -L 1G -n boot myvolgrp
  lvcreate -L 5G -n system myvolgrp

  mkfs.ext4 -n boot /dev/myvolgrp/boot
  mkfs.ext4 -n system /dev/myvolgrp/system

  mount -L system /mnt
  nixos-option --install

  cat /etc/nixos/configuration.nix
    { mountPoint = "/";
    { mountPoint = "/boot";

advantages of this setup

  • no special partition required either something like /dev/sda1 or /dev/sdb1 where /boot would be placed on
  • LVM can be used for anything
  • still mdadm is below, which is a good thing
reminds me though that i should check if /etc/nixos/configuration.nix is capable of installing grub in several partitions already. usually it is only installed in /dev/sda given by this example:
   boot.loader.grub = {
    # Use grub 2 as boot loader.
    enable = true;
    version = 2;

    # Define on which hard drive you want to install Grub.
     device = "/dev/sda"; # here is only one partition given


[1] https://nixos.org/wiki/Soft-RAID_mdadm_(/dev/md0),_LVM_(PVs,VGs,LVs)

[2] https://nixos.org/wiki/Encrypted_Root_on_NixOS

what is this?

i bought an UPS with two ports: serial and usb. and because i did not know much about the UPS (AEG – PROTECT HOME VA 600) i started to look at the communication protocol. turns out there are lots of good tools for serial line interception but nearly none for the usb stuff. sadly the driver i wrote isn’t needed at all as an email to the nut-ML revealed that this UPS uses the Q1 protocol which is already supported pretty well using the blazer_usb and blazer_ser module.

anyway it was pretty interesting to hack on NUT using debian and later nixos. so here is a guide how to log/analyze serial traffic and how to write a simulator for either side.

and not to forget: thanks to Arnaud Quette for his ups/nut support. there is also a brief nut setup introduction, see [1].

sniff serial port data between UPS and PC

  1. set serial settings to:
    – enable serial port
    – port number com 1 irq 4 io port 0x3f8
    – port mode: host device
    – port/file path: /tmp/interceptty
  2. maybe correct the permissions to /tmp/interceptty
  3. interceptty -s ‘ispeed 2400 ospeed 2400’ -l /dev/ttyS0 | tee mylog | interceptty-nicedump
  4. on the linux host:
    tail -F mylog | grep “<“
  5. start virtualbox vm with a windows xp installed
     ignore this virtualbox warning: “Ioctl failed for serial device ‘/tmp/interceptty’ (VERR_INVALID_PARAMETER). The device will not work properly.”. it works anyway, at least on my system (using ubuntu 10.10 with standard virtualbox).

using the virtual python UPS

  1. on the server side open /dev/remserialVM
    remserial -d -p 23000 -s “2400 raw” -l /dev/remserialVM /dev/ptmx 
  2. on the client side (same host), do:
    remserial -d -r -p 23000 -s “2400 raw” -l /dev/remserialPY /dev/ptmx
  3. chmod 0777 /dev/remser*
  4. change the virtualbox serial settings:
    – port mode: host device
    – port/file path: /dev/remserialVM
  5. then format a ‘message’ with a hexeditor also called “hexeditor”
  6. start the vm
  7. then send the formated message:
    cat message > /dev/remserialPY
  8. if the message was received by the windows ups monitoring software (it will think that the message it received originated from the UPS and not that it was crafted manually)
note: instead of manually sending messages, i also used the script: ./simulate-ups.py which does that automatically.
note: simulate-ups-monitor.py can be used in an analog way but simply using the ups with a real serial port. i should mention btw, that i was using both a usb2serial adapter and an old computer which still contains one of those ancient serial ports.


import serial
ser = serial.Serial('/dev/remserialPY', 2400)

line = ''

def process_command(cmd):
        print " < incomming: " + cmd
        if cmd == "Q1":
                print "REQUEST FOR DATA FROM USV"
                n = ("20").decode("hex")
                d = ("0d").decode("hex")
                a = ("28").decode("hex") + \
                    "000.0" + n + \
                    "000.0" + n + \
                    "000.5" + n + \
                    "005" + n + \
                    "00.0" + n + \
                    "00.6" + n + \
                    "25.0" + n + \
                    "00000001" + d

while True:
        ch = ser.read(1)
        if ch == "\x0d":
                line = ''
                line = line + ch


import serial
import re
import time
import sys

ser = serial.Serial('/dev/ttyS0', 2400)
#, serial.EIGHTBITS, serial.PARITY_NONE, serial.STOPBITS_ONE, 0)

line = ''

def write(cmd):
        #print "sending " + cmd;

def print_status(status):
                print "status is: Unknown|LostCom|Normal|ScheduledShutdown|60SecsShutdown|ActiveShutdown|CriticalPowerFail: " + status

def process_command(cmd):
        valid = re.compile(r"\([0-9][0-9][0-9].[0-9] [0-9][0-9][0-9].[0-9] [0-9][0-9][0-9].[0-9] [0-9][0-9][0-9] [0-9][0-9].[0-9] [0-9][0-9].[0-9] [0-9][0-9].[0-9] [01][01][01][01][01][01][01][01]")
        if valid.match(cmd):
                #print status + " : VALID REPLY FROM USV   ->    " + cmd
                #(239.5 239.5 235.6 000 49.9 13.6 25.0 00001001
                netz_eingang=cmd.split(' ')[0].lstrip('(')
                netz_unknown=cmd.split(' ')[1]
                netz_ausgang=cmd.split(' ')[2]
                percent=cmd.split(' ')[3]
                hz=cmd.split(' ')[4]
                bat_voltage=cmd.split(' ')[5]
                temperature=cmd.split(' ')[6]
                bits=cmd.split(' ')[7]
                print status + " " + cmd
                print "invalid reply detected: " + cmd

write( ("51310d").decode("hex"))

while True:
        ch = ser.read(1)
        if ch == "\x0d":
                write( ("51310d").decode("hex"))
                line = ''
                line = line + ch

simulate the UPS monitor

# ./simulate-ups-monitor.py
VALID REPLY FROM USV -> (241.5 241.4 237.5 000 49.9 13.5 25.0 00001001
VALID REPLY FROM USV -> (241.5 241.4 237.5 000 49.9 13.5 25.0 00001001
VALID REPLY FROM USV -> (241.4 241.4 237.5 000 49.9 13.5 25.0 00001001


so would i buy a AEG Protect Home VA 600 again? currently there is no ‘time left’ estimation and therefore i shutdown the system either after 25 seconds or on LB (low battery) but after reloading the batteries the shutdown usually is triggered by the 25 seconds rule after a state change to OB (on battery). i think this is a decent setup and therefore i would probably buy that UPS again. but i don’t really have a clue about UPS devices so there might be much better ones in the same price range, maybe someone on the NUT/UPS ML can make a better recommendation.

what i really dislike is that this product ships with linux support BUT not with NUT support. i later realized that they created their own linux software. what a waste of time, i would rather love to get the specification and then use NUT instead – probably this is the case for nearly all the users seeing that this devices has linux support. but my request to get the specification was simply ignored, so i think there are better vendors out there.

another interesting aspect of nut is how complex the integration in the system is.


[1] https://nixos.org/wiki/How_to_setup_UPS/NUT