League of Legends Friends List and Smoothwall

Recently I’ve have been playing the great game League of Legends but my friends list has not been working. After dealing with the problem for several weeks, I’ve finally found the issue.

I use Smoothwall for my router, and as Smoothwall users may know, it has a niffty IM proxy feature. Well, after playing with some settings, I discovered that the IM proxy blocks the League of Legends friends list and chat. So if using the Smoothwall IM proxy and wondering why the friends list in League of Legends in broken, try turning off the proxy.

Intel D945GCLF2 and Surround Sound on Gentoo

I while back I purchased an Intel D945GCLF2 motherboard to play with. This board features the dual core Atom 330 processor in a nice mini-ITX form factor. I’ve recently set this up as a media center PC, running Gentoo and XBMC. I’ve been quite happy with its performance in this role, but there was one thing that seemed missing… surround sound. The board only has the standard line in, line out, and mic jacks on the rear panel, but on Intel’s website, they claim it supports 5.1 surround sound. The snd-hda-intel kernel driver only provided 2 channel audio to my ALSA system. The user manual for the board was not much help either:

Intel Desktop Board D945GCLF2 has a 6-channel (5.1) onboard audio subsystem that includes a Realtek ALC662 audio codec.
The audio subsystem features:

  • Intel High Definition Audio interface
  • Advanced jack sense, for the back panel connectors, that enables the audio codec to recognize the device that is connected to an audio port and retask the connector via the audio driver.
  • Back panel audio connectors that are configurable through the audio device drivers:
    • Line in/retasking jack
    • Line out/retasking jack
    • Mic in/retasking jack

I’m not sure how this board behaves with the Windows driver, but needless to say, jack auto detection did not work in Linux. Some searching provided an answer: the kernel driver needs to be configured by ALSA to set the jacks to 6 channel mode. Adding this to the end of /etc/modprobe.d/alsa.conf did the trick:
options snd-hda-intel model=3stack-6ch-dig

With the driver now set, make sure that alsamixer is set to 6 channel audio. The last item in alsamixer for me switches between 2ch and 6ch, so be sure to set it accordingly.

This post on the Ubuntu forums led me to the solution: http://ubuntuforums.org/showthread.php?t=1072792

Network Bonding in Gentoo

I’ve been trying to find a good use for the second network adapter in my fileserver, and what better than to increase the throughput to the network. Using something called bonding, its possible to combine two physical network adapters into one logical bonded adapter. Using a bonded adapter provides several advantages such as fallover should one network fail, but more interesting for me, increased throughput.  There are several different methods that one can use to bond the adapters together.  The best way to double the throughput of the bonded adapters is to use the IEEE 802.3ad protocol, however this requires support on the switch.  802.3ad support is generally limited to managed switches and is not supported on my unmanaged Netgear JGS516. The next best thing is to use a special mode of the bonding driver in Linux, called balance-alb.  The other modes supported by the kernel bonding driver allow things such as fallover.  I’ve been told that the following method does not work with all network adapters. Specifically, the driver needs to be able to change the MAC address on-the-fly, which is not supported in all drivers. I can say that it works with the r8169 (Realtek) and the Intel drivers (e100, e1000, etc.). This post is written with Gentoo in mind but should apply to other distributions.

First thing you need to do is enable bonding in the kernel.  Be sure to compile it as a module since we will need to pass arguments to the module when it is loaded:

Device Drivers ---> Network Device Support
<M>   Bonding driver support

Now set the module to be loaded at boot:

# nano /etc/modules.autoload.d/kernel-2.6
bonding mode=balance-alb miimon=100

The two options above are important. The balance-alb (adaptive load balancing) specifies what bonding mode to use.  There are several different options available here, but balance-alb provides the functionality I want since my switch does not support 802.3ad bonding.  The second option, miimon=100, tells the module to use mii-tool to check if the network adapters are up every 100ms.  This provides the fallover should one adapter fail.

Now emerge ifenslave, a userland tool to bond the interfaces:

# emerge -av ifenslave

Next, we need to configure the network interfaces:

# nano /etc/conf.d/net
slaves_bond0="eth0 eth1"
config_bond0=( "dhcp" )
config_eth0=( "null" )
config_eth1=( "null" )

This bonds eth0 and eth1 to form the bond0 interface.  You can bond more than two adapters as necessary.  The bond0 interface is configured to use DHCP to automatically obtain an IP address.  The config_eth0=( “null” ) lines prevent the individual adapters from getting an IP address since we only want bond0 to get an IP.

Now lets create the startup script, have it start automatically on boot, and remove the individual adapters from starting at boot:

# ln -sf /etc/init.d/net.lo /etc/init.d/net.bond0
# rc-update add net.bond0 default
# rc-update del net.eth0
# rc-update del net.eth1

That should be it, reboot, and you’ll now have bonded adapters.  I used a program called netio to measure my network speeds.  Prior to bonding, I could read at about 60-80MB/sec from the fileserver over a gigabit network.  With bonded adapters, that increased to about 120-150MB/sec, quite an improvement!  Write speeds saw a significant improvement as well.  Note that many hard drives will not be able to read/write at the same speed as the network adapter.  So if your adapter can push out 150MB/sec, it doesn’t help you if your hard drive can only read at 60MB/sec.  Internally, the RAID 5 array in my fileserver can read at up to 250MB/sec using hdparm, so the array can more that keep up with the bonded adapters.  If you have an older computer with dual 10/100 adapters, bonding can give you a nice boost to throughput that most hard drives will still be able to keep up with.

References and additional information:

Boost Reliability with Ethernet Bonding and Linux

Tips and Tuning for Ethernet Bonding With Linux

Gentoo Linux Documentation — Modular Networking

Gentoo as VirtualBox Guest

For a while, I kept an old 733MHz computer in my rack to use as a test box, where I could play with various software without needing to worry that what I was doing could cause problems for my desktop.  I have not used it in a while, but I decided that having a physical test machine is unecessary for what I generally want to test.  So I decided to create a set of Gentoo virtual machines in VirtualBox (version 2.2.2) so that I could run software in an isolated environment and easily be able to start again from a clean state if necessary.  Following the article on the Gentoo Wiki was helpful, but was not complete.

The first issue is the naming of the hard disk block device.  The minimal live CD detects the drive as /dev/hda however, using the driver suggested in the wiki will detect the drive as /dev/sda.  This is not a big problem so long as you make sure to use sda in /etc/fstab and in the GRUB configuration.  I’m sure there is a reasonable explanation for why this happened, but this was the simplest solution that I could think of.

Now that I have a basic, clean Gentoo install, I make two copies.  The first is a backup of the virtual machine without any extra programs installed.  This will let me install any program from the state of a brand new Gentoo install.  The second, copy is the same as the first, but with the addition of X and XFCE, so I can play with graphical programs without compiling X every time.  Virtualbox supports creating snapshots of the virtual machine hard drive, so I can revert the machine to the last state before the software I’m testing was installed.

Now that everything is working, it’s time to start testing.  First up will be XFCE 4.6.

Deny Hosts and SSH Login Attempt Behavior

A few weeks ago I installed DenyHosts, a small deamon (can also be run as a cron job) that runs on my server to block IP’s that make brute force SSH login attempts.  The script has worked great, blocking over 500 hosts on the first day I used it (including myself a few times…).  One of the features of the script is the ability to send an email each time it blocks a host.  Although getting a few hundred emails at first was very annoying, setting up a few rules in gmail prevented me seeing them in my inbox (they go directly to a folder).  I did, however, start to look at the times when the various hosts get denyed.  They seem to come in large groups, so that there will be 50 or so hosts blocked in a rather short length of time, around 10 minutes or less.  The IP’s of the computers also come from all over the world, but most seem to come from Asia, South America, and Russia.  I think it would be interesting to do a more complete statistical analysis of the data in regards to the time and location of where the login attempts are coming from.  Maybe I’ll write something to do this later.

Expand JFS Filesystem

I recently bought 2 new 500GB hard drives and am in the process of migrating my RAID array to double its size to 2TB. The current 1TB over 3 drives was 100% full, so it was something that had to be done. The expansion took about 26 hours on my 3ware 9650SE-8LPML controller, which is quite good from what I see of other peoples experiences. Of course, all important data was backed up before the RAID expansion.

The primary issue I had after the expansion was the proper partitioning of the free space. When the RAID expansion was complete, I now had 1TB of used space using the JFS filesystem that was the original partition, and 1TB of unused, unpartitioned free space. Attempts to use Gparted to expand the partition failed due to a known bug that prevents partitions over 1TB. I tried to use Parted, the CLT tool that Gparted is based on, to expand the filesystem but was unable to do so. This seemingly left me with two options, either use multiple smaller partitions, or to reformat and restore the data from the backups. I decided that smaller partitions would be a lot of extra work in terms of keeping tabs on the free space on each partition (and may require more frequent partition modifications) which is something that should not be necessary. Restoring from backups was not welcome due to the time involved. Deciding that those options were not acceptable, I was determined to find the solution I wanted, having a 2TB partition without going through a backup restore process. If anything, it would be worth doing simply on the principle of the matter: that having large partitions on a modern filesystem that supports volumes up to 32000TB should not be a problem. Several Google marathons and man page studies allowed me to successfully perform the operation that I wanted.

My main problem was a lack of understanding of the way that fdisk actually works. With fdisk, you can delete and recreate a partition without actually destroying the filesystem that lives on the partition. I am not sure exactly what the limitations are, but it seems that as long as you do not change the starting point of the partition, the filesystem will remain there. In my case, the drive in question (/dev/sda) had a 1TB partition starting at the beginning of the disk (/dev/sda1) with 1TB of unpartitioned free space residing after the JFS partition (created by the RAID expansion). I deleted the JFS partition (/dev/sda1), and recreated the partition, but this time using the full 2TB of space. In the tests that I did, the free space MUST come after the partition. I wrote the partition table, and them mounted the drive. All the data was still there, but the JFS partition was only showing up as 1TB with the command dh -h. This was rather concerning until I realized the state that the drive was in. fdisk only edits the partition table, not the actual filesystem. When it writes out the partition table, it is just redefining where the partition begins and ends and does not touch the filesystem. Thus, although I had expanded the partition, I did not expand the filesystem. Doing some more searching, I found this article that gave me the last piece of information I needed. The command mount -o remount,resize /mount/point tells the JFS filesystem to expand to fill the entire space of the partition. The command is unique to JFS and will not work on other filesystems because the options passed are used by the JFS kernel driver. When you issue the mount command, note that the partition must be mounted.

Perhaps most frustrating is the lack of data on the JFS filesystem. It does not seem to be very popular in the Linux community, most of whom use ext2/ext3. Those that do use an alternative filesystem tend to use ReiserFS with a small number using XFS. In the limited, unscientific testing I have done, JFS performed very well performance wise and used far lower CPU than ext3 or ReiserFS. JFS has worked out well for me so far and, despite my initial difficulty in expanding the filesystem, is the filesystem I will use in the future.

Sun Fire V120

Through the gracious efforts of a friend, I have managed to come by a Sun Fire V120 server with a 650MHz UltraSPARC IIi processor.  It is in need of a hard drive, but is otherwise in working order.  I’ll be getting some cheap 80 pin SCSI drives on ebay in a few days, but in the meantime, my issue is the serial (or LOM) connection used to administrate the server.  There is no video card, so serial is the only way to go (there is a PCI slot, but normal video cards will not work due to Sun using an Open Boot PROM rather than a BIOS).  Perhaps more annoying is the RJ-45 connector that is used for the serial port.  Because of this, I am unable to connect to it.  I may be able to make an RJ-45 to DB9 adapter tonight and attempt to connect.  I haven’t come up with a use for this machine yet, but I’m sure that it will be making use of the Gentoo SPARC project.  I’ve never used Sun hardware before, so this should be fun.

Flying without ID Round 2

Yesterday was another opportunity to fly without presenting any ID at the airport. The man at the US Airways counter didn’t give me much trouble beyond the puzzled look and a few questions about how it’s possible to not travel with ID. Going through security was easier this time than last time as they did not frisk me, but they did give me a little bit of trouble while going through my bag.

The first item that got me a few questions was my all metal mechanical pencil (click here for a review). As you can see in the review, the pencil is quite heavy and solid, so I can understand their complaints. In the end, they did not take it away. What was more amusing, was the concern that the two security guys had over my laptop. I currently am missing 1 key off the keyboard from switching the layout to Dvorak (I still have the key, but need to modify it for it to go back on). The guard spent a minute looking at the missing key to see if there were any apparent modifications to the laptop, when he noticed that the keys were not in the right places. He had never heard of the Dvorak layout and, apparently, did not know that layouts other than qwerty existed. I guess my explanations of a more efficient layout were not good enough, and they asked me to turn the laptop on to verify that the “internals have not been modified”. I really wanted to tell them that I have modified the internals, but discretion got the better of me. So I turn the laptop on, and they get to see LILO in all its glory boot Gentoo. Although they were satisfied that the machine was operational, they were not happy that it was using software that they had never heard of. I explained what an operating system was to them and the difference between Windows and Linux, but I don’t think I cleared much in their minds. To see their reaction, I refused to login to the machine when they asked, which prompted them to bring aver their supervisor (an actual TSA agent rather than hired security). I explained the whole Dvorak and Linux thing to the supervisor, who seemed to be a little more understanding. She felt that turning the computer on was enough and let me go.

The trip through security was relatively painless despite the issues that they had with my computer. I think that this shows that there is a fundamental lack of understanding of how computers and electronics in general work. If I had told the security that I was an electrical engineering student, I’m sure that they would have given me more of a problem with the computer. If security really wants to deal with modern electronic threats, they need to start educating their guards in the matter. There are much more dangerous things than Linux that can be brought onto an airplane, not to mention things that are much less conspicuous than a laptop running totally unfamiliar software. Something that comes to mind would be a radio jamming device that could easily be concealed within an operational laptop, calculator, etc. I understand that I am in a much different position than many people who do not use such electronics everyday, but if people are going to spend billions of dollars on security, shouldn’t they actually be familiar with the kinds of threats that can occur? Or, perhaps, it is just the notion of “security” that is the aim. It is clear to me that actual security is trivial, a superficial glaze is all that is necessary to make people feel safe. Personally, I think the fear that people have in regards to air travel security is absurd, so maybe its a good thing that there still is no real security at the airports. Life is hazardous to your health. Deal.

Linux and Dvorak Update

After using Dvorak for several months now, I am quite comfortable with the layout. Far from my initial struggles, I am no longer annoyed at the layout, but rather enjoy its benefits. I am faster than my Qwerty days, but am not quite to the level of touch typing. I was never much of a typist to begin with, so perhaps being faster in not that much of an accomplishment. Currently, I cannot see myself going back to Qwerty.

On the Linux front, my total conversion over to a Linux based desktop is going along great.  All of my computers currently run Gentoo,  as I just switched one of my servers from Xubuntu to Gentoo.  I do still have my Windows install around so that I can play the occasional game and get a file or two when necessary.  To maintain as much connection to my home computers as possible, I have started to make extensive use of SSH.  Thus, even when I am stuck in the computer labs at school, I can SSH into my box and get all the functionality I would normally have.  Cone has proved to be an excellent command line mail client (with POP and IMAP support) and naim is a functional command line AIM replacement, two common programs that I like to use.  mp3blaster is also a nice program to listen to music.

With the quarter winding down, I should be able to get back to my neglected projects, and maybe start some others.

Switching to Linux

After several years of dabbling in Linux and a few months of server administration, I’ve decided to make the switch and use Linux, specifically Gentoo, on my primary machine.  Although I do still have my Windows XP x64 install, it will be used only when necessary.  Based on my experiences running Gentoo as a server, I think the transition will not be as harsh as some changes I’ve made recently (i.e. Dvorak, and still using it).  Since I already have a familiarity with Gentoo, the main issue will be learning alternative programs for what I used on Windows.  My current frustration is finding a music player that compares to iTunes.  Rhythmbox works, but lacks some of the features that I liked about iTunes, like automatically organizing my music library.  I’ve heard good things about Banshee but have not tried it yet.

In terms of games, two excellent games run natively in Linux: Unreal Tournament 2004 and Quake 4.  With Gentoo, installing them was easy as pie, just emerge ut2004 and emerge quake4-bin and follow the instructions.  I might try to install Counter Strike Source under WINE, but that will be a project for a later date.