Generated.

[homepage.git] / blog / archive / 2017 / 03 / 03.rss

<?xml version="1.0" encoding="ISO-8859-1"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
        <channel>
                <title>Petter Reinholdtsen - Entries from March 2017</title>
                <description>Entries from March 2017</description>
                <link>http://www.hungry.com/~pere/blog/</link>

        
        <item>
                <title>Free software archive system Nikita now able to store documents</title>
                <link>http://www.hungry.com/~pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html</link>        
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Free_software_archive_system_Nikita_now_able_to_store_documents.html</guid>
                <pubDate>Sun, 19 Mar 2017 08:00:00 +0100</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;https://github.com/hiOA-ABI/nikita-noark5-core&quot;&gt;Nikita
Noark 5 core project&lt;/a&gt; is implementing the Norwegian standard for
keeping an electronic archive of government documents.
&lt;a href=&quot;http://www.arkivverket.no/arkivverket/Offentlig-forvaltning/Noark/Noark-5/English-version&quot;&gt;The
Noark 5 standard&lt;/a&gt; document the requirement for data systems used by
the archives in the Norwegian government, and the Noark 5 web interface
specification document a REST web service for storing, searching and
retrieving documents and metadata in such archive.  I&#39;ve been involved
in the project since a few weeks before Christmas, when the Norwegian
Unix User Group
&lt;a href=&quot;https://www.nuug.no/news/NOARK5_kjerne_som_fri_programvare_f_r_epostliste_hos_NUUG.shtml&quot;&gt;announced
it supported the project&lt;/a&gt;.  I believe this is an important project,
and hope it can make it possible for the government archives in the
future to use free software to keep the archives we citizens depend
on.  But as I do not hold such archive myself, personally my first use
case is to store and analyse public mail journal metadata published
from the government.  I find it useful to have a clear use case in
mind when developing, to make sure the system scratches one of my
itches.&lt;/p&gt;

&lt;p&gt;If you would like to help make sure there is a free software
alternatives for the archives, please join our IRC channel
(&lt;a href=&quot;irc://irc.freenode.net/%23nikita&quot;&gt;#nikita on
irc.freenode.net&lt;/a&gt;) and
&lt;a href=&quot;https://lists.nuug.no/mailman/listinfo/nikita-noark&quot;&gt;the
project mailing list&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;When I got involved, the web service could store metadata about
documents.  But a few weeks ago, a new milestone was reached when it
became possible to store full text documents too.  Yesterday, I
completed an implementation of a command line tool
&lt;tt&gt;archive-pdf&lt;/tt&gt; to upload a PDF file to the archive using this
API.  The tool is very simple at the moment, and find existing
&lt;a href=&quot;https://en.wikipedia.org/wiki/Fonds&quot;&gt;fonds&lt;/a&gt;, series and
files while asking the user to select which one to use if more than
one exist.  Once a file is identified, the PDF is associated with the
file and uploaded, using the title extracted from the PDF itself.  The
process is fairly similar to visiting the archive, opening a cabinet,
locating a file and storing a piece of paper in the archive.  Here is
a test run directly after populating the database with test data using
our API tester:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
~/src//noark5-tester$ ./archive-pdf mangelmelding/mangler.pdf
using arkiv: Title of the test fonds created 2017-03-18T23:49:32.103446
using arkivdel: Title of the test series created 2017-03-18T23:49:32.103446

 0 - Title of the test case file created 2017-03-18T23:49:32.103446
 1 - Title of the test file created 2017-03-18T23:49:32.103446
Select which mappe you want (or search term): 0
Uploading mangelmelding/mangler.pdf
  PDF title: Mangler i spesifikasjonsdokumentet for NOARK 5 Tjenestegrensesnitt
  File 2017/1: Title of the test case file created 2017-03-18T23:49:32.103446
~/src//noark5-tester$
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;You can see here how the fonds (arkiv) and serie (arkivdel) only had
one option, while the user need to choose which file (mappe) to use
among the two created by the API tester.  The &lt;tt&gt;archive-pdf&lt;/tt&gt;
tool can be found in the git repository for the API tester.&lt;/p&gt;

&lt;p&gt;In the project, I have been mostly working on
&lt;a href=&quot;https://github.com/petterreinholdtsen/noark5-tester&quot;&gt;the API
tester&lt;/a&gt; so far, while getting to know the code base.  The API
tester currently use
&lt;a href=&quot;https://en.wikipedia.org/wiki/HATEOAS&quot;&gt;the HATEOAS links&lt;/a&gt;
to traverse the entire exposed service API and verify that the exposed
operations and objects match the specification, as well as trying to
create objects holding metadata and uploading a simple XML file to
store.  The tester has proved very useful for finding flaws in our
implementation, as well as flaws in the reference site and the
specification.&lt;/p&gt;

&lt;p&gt;The test document I uploaded is a summary of all the specification
defects we have collected so far while implementing the web service.
There are several unclear and conflicting parts of the specification,
and we have
&lt;a href=&quot;https://github.com/petterreinholdtsen/noark5-tester/tree/master/mangelmelding&quot;&gt;started
writing down&lt;/a&gt; the questions we get from implementing it.  We use a
format inspired by how &lt;a href=&quot;http://www.opengroup.org/austin/&quot;&gt;The
Austin Group&lt;/a&gt; collect defect reports for the POSIX standard with
&lt;a href=&quot;http://www.opengroup.org/austin/mantis.html&quot;&gt;their
instructions for the MANTIS defect tracker system&lt;/a&gt;, in lack of an official way to structure defect reports for Noark 5 (our first submitted defect report was a &lt;a href=&quot;https://github.com/petterreinholdtsen/noark5-tester/blob/master/mangelmelding/sendt/2017-03-15-mangel-prosess.md&quot;&gt;request for a procedure for submitting defect reports&lt;/a&gt; :).

&lt;p&gt;The Nikita project is implemented using Java and Spring, and is
fairly easy to get up and running using Docker containers for those
that want to test the current code base.  The API tester is
implemented in Python.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Detecting NFS hangs on Linux without hanging yourself...</title>
                <link>http://www.hungry.com/~pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html</link>        
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Detecting_NFS_hangs_on_Linux_without_hanging_yourself___.html</guid>
                <pubDate>Thu, 9 Mar 2017 15:20:00 +0100</pubDate>
                <description>&lt;p&gt;Over the years, administrating thousand of NFS mounting linux
computers at the time, I often needed a way to detect if the machine
was experiencing NFS hang.  If you try to use &lt;tt&gt;df&lt;/tt&gt; or look at a
file or directory affected by the hang, the process (and possibly the
shell) will hang too.  So you want to be able to detect this without
risking the detection process getting stuck too.  It has not been
obvious how to do this.  When the hang has lasted a while, it is
possible to find messages like these in dmesg:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
nfs: server nfsserver not responding, still trying
&lt;br&gt;nfs: server nfsserver OK
&lt;/blockquote&gt;&lt;/p&gt;
  
&lt;p&gt;It is hard to know if the hang is still going on, and it is hard to
be sure looking in dmesg is going to work.  If there are lots of other
messages in dmesg the lines might have rotated out of site before they
are noticed.&lt;/p&gt;

&lt;p&gt;While reading through the nfs client implementation in linux kernel
code, I came across some statistics that seem to give a way to detect
it.  The om_timeouts sunrpc value in the kernel will increase every
time the above log entry is inserted into dmesg.  And after digging a
bit further, I discovered that this value show up in
/proc/self/mountstats on Linux.&lt;/p&gt;

&lt;p&gt;The mountstats content seem to be shared between files using the
same file system context, so it is enough to check one of the
mountstats files to get the state of the mount point for the machine.
I assume this will not show lazy umounted NFS points, nor NFS mount
points in a different process context (ie with a different filesystem
view), but that does not worry me.&lt;/p&gt;

&lt;p&gt;The content for a NFS mount point look similar to this:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
[...]
device /dev/mapper/Debian-var mounted on /var with fstype ext3
device nfsserver:/mnt/nfsserver/home0 mounted on /mnt/nfsserver/home0 with fstype nfs statvers=1.1
        opts:   rw,vers=3,rsize=65536,wsize=65536,namlen=255,acregmin=3,acregmax=60,acdirmin=30,acdirmax=60,soft,nolock,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=129.240.3.145,mountvers=3,mountport=4048,mountproto=udp,local_lock=all
        age:    7863311
        caps:   caps=0x3fe7,wtmult=4096,dtsize=8192,bsize=0,namlen=255
        sec:    flavor=1,pseudoflavor=1
        events: 61063112 732346265 1028140 35486205 16220064 8162542 761447191 71714012 37189 3891185 45561809 110486139 4850138 420353 15449177 296502 52736725 13523379 0 52182 9016896 1231 0 0 0 0 0 
        bytes:  166253035039 219519120027 0 0 40783504807 185466229638 11677877 45561809 
        RPC iostats version: 1.0  p/v: 100003/3 (nfs)
        xprt:   tcp 925 1 6810 0 0 111505412 111480497 109 2672418560317 0 248 53869103 22481820
        per-op statistics
                NULL: 0 0 0 0 0 0 0 0
             GETATTR: 61063106 61063108 0 9621383060 6839064400 453650 77291321 78926132
             SETATTR: 463469 463470 0 92005440 66739536 63787 603235 687943
              LOOKUP: 17021657 17021657 0 3354097764 4013442928 57216 35125459 35566511
              ACCESS: 14281703 14290009 5 2318400592 1713803640 1709282 4865144 7130140
            READLINK: 125 125 0 20472 18620 0 1112 1118
                READ: 4214236 4214237 0 715608524 41328653212 89884 22622768 22806693
               WRITE: 8479010 8494376 22 187695798568 1356087148 178264904 51506907 231671771
              CREATE: 171708 171708 0 38084748 46702272 873 1041833 1050398
               MKDIR: 3680 3680 0 773980 993920 26 23990 24245
             SYMLINK: 903 903 0 233428 245488 6 5865 5917
               MKNOD: 80 80 0 20148 21760 0 299 304
              REMOVE: 429921 429921 0 79796004 61908192 3313 2710416 2741636
               RMDIR: 3367 3367 0 645112 484848 22 5782 6002
              RENAME: 466201 466201 0 130026184 121212260 7075 5935207 5961288
                LINK: 289155 289155 0 72775556 67083960 2199 2565060 2585579
             READDIR: 2933237 2933237 0 516506204 13973833412 10385 3190199 3297917
         READDIRPLUS: 1652839 1652839 0 298640972 6895997744 84735 14307895 14448937
              FSSTAT: 6144 6144 0 1010516 1032192 51 9654 10022
              FSINFO: 2 2 0 232 328 0 1 1
            PATHCONF: 1 1 0 116 140 0 0 0
              COMMIT: 0 0 0 0 0 0 0 0

device binfmt_misc mounted on /proc/sys/fs/binfmt_misc with fstype binfmt_misc
[...]
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The key number to look at is the third number in the per-op list.
It is the number of NFS timeouts experiences per file system
operation.  Here 22 write timeouts and 5 access timeouts.  If these
numbers are increasing, I believe the machine is experiencing NFS
hang.  Unfortunately the timeout value do not start to increase right
away.  The NFS operations need to time out first, and this can take a
while.  The exact timeout value depend on the setup.  For example the
defaults for TCP and UDP mount points are quite different, and the
timeout value is affected by the soft, hard, timeo and retrans NFS
mount options.&lt;/p&gt;

&lt;p&gt;The only way I have been able to get working on Debian and RedHat
Enterprise Linux for getting the timeout count is to peek in /proc/.
But according to
&lt;ahref=&quot;http://docs.oracle.com/cd/E19253-01/816-4555/netmonitor-12/index.html&quot;&gt;Solaris
10 System Administration Guide: Network Services&lt;/a&gt;, the &#39;nfsstat -c&#39;
command can be used to get these timeout values.  But this do not work
on Linux, as far as I can tell.  I
&lt;ahref=&quot;http://bugs.debian.org/857043&quot;&gt;asked Debian about this&lt;/a&gt;,
but have not seen any replies yet.&lt;/p&gt;

&lt;p&gt;Is there a better way to figure out if a Linux NFS client is
experiencing NFS hangs?  Is there a way to detect which processes are
affected?  Is there a way to get the NFS mount going quickly once the
network problem causing the NFS hang has been cleared?  I would very
much welcome some clues, as we regularly run into NFS hangs.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How does it feel to be wiretapped, when you should be doing the wiretapping...</title>
                <link>http://www.hungry.com/~pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html</link>        
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/How_does_it_feel_to_be_wiretapped__when_you_should_be_doing_the_wiretapping___.html</guid>
                <pubDate>Wed, 8 Mar 2017 11:50:00 +0100</pubDate>
                <description>&lt;p&gt;So the new president in the United States of America claim to be
surprised to discover that he was wiretapped during the election
before he was elected president.  He even claim this must be illegal.
Well, doh, if it is one thing the confirmations from Snowden
documented, it is that the entire population in USA is wiretapped, one
way or another.  Of course the president candidates were wiretapped,
alongside the senators, judges and the rest of the people in USA.&lt;/p&gt;

&lt;p&gt;Next, the Federal Bureau of Investigation ask the Department of
Justice to go public rejecting the claims that Donald Trump was
wiretapped illegally.  I fail to see the relevance, given that I am
sure the surveillance industry in USA believe they have all the legal
backing they need to conduct mass surveillance on the entire
world.&lt;/p&gt;

&lt;p&gt;There is even the director of the FBI stating that he never saw an
order requesting wiretapping of Donald Trump.  That is not very
surprising, given how the FISA court work, with all its activity being
secret.  Perhaps he only heard about it?&lt;/p&gt;

&lt;p&gt;What I find most sad in this story is how Norwegian journalists
present it.  In a news reports the other day in the radio from the
Norwegian National broadcasting Company (NRK), I heard the journalist
claim that &#39;the FBI denies any wiretapping&#39;, while the reality is that
&#39;the FBI denies any illegal wiretapping&#39;.  There is a fundamental and
important difference, and it make me sad that the journalists are
unable to grasp it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2017-03-13:&lt;/strong&gt; Look like
&lt;a href=&quot;https://theintercept.com/2017/03/13/rand-paul-is-right-nsa-routinely-monitors-americans-communications-without-warrants/&quot;&gt;The
Intercept report that US Senator Rand Paul confirm what I state above&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Norwegian Bokmål translation of The Debian Administrator&#39;s Handbook complete, proofreading in progress</title>
                <link>http://www.hungry.com/~pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html</link>        
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Norwegian_Bokm_l_translation_of_The_Debian_Administrator_s_Handbook_complete__proofreading_in_progress.html</guid>
                <pubDate>Fri, 3 Mar 2017 14:50:00 +0100</pubDate>
                <description>&lt;p&gt;For almost a year now, we have been working on making a Norwegian
Bokmål edition of &lt;a href=&quot;https://debian-handbook.info/&quot;&gt;The Debian
Administrator&#39;s Handbook&lt;/a&gt;.  Now, thanks to the tireless effort of
Ole-Erik, Ingrid and Andreas, the initial translation is complete, and
we are working on the proof reading to ensure consistent language and
use of correct computer science terms.  The plan is to make the book
available on paper, as well as in electronic form.  For that to
happen, the proof reading must be completed and all the figures need
to be translated.  If you want to help out, get in touch.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://www.hungry.com/~pere/debian-handbook/debian-handbook-nb-NO.pdf&quot;&gt;A

fresh PDF edition&lt;/a&gt; in A4 format (the final book will have smaller
pages) of the book created every morning is available for
proofreading.  If you find any errors, please
&lt;a href=&quot;https://hosted.weblate.org/projects/debian-handbook/&quot;&gt;visit
Weblate and correct the error&lt;/a&gt;.  The
&lt;a href=&quot;http://l.github.io/debian-handbook/stat/nb-NO/index.html&quot;&gt;state
of the translation including figures&lt;/a&gt; is a useful source for those
provide Norwegian bokmål screen shots and figures.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Unlimited randomness with the ChaosKey?</title>
                <link>http://www.hungry.com/~pere/blog/Unlimited_randomness_with_the_ChaosKey_.html</link>        
                <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Unlimited_randomness_with_the_ChaosKey_.html</guid>
                <pubDate>Wed, 1 Mar 2017 20:50:00 +0100</pubDate>
                <description>&lt;p&gt;A few days ago I ordered a small batch of
&lt;a href=&quot;http://altusmetrum.org/ChaosKey/&quot;&gt;the ChaosKey&lt;/a&gt;, a small
USB dongle for generating entropy created by Bdale Garbee and Keith
Packard.  Yesterday it arrived, and I am very happy to report that it
work great!  According to its designers, to get it to work out of the
box, you need the Linux kernel version 4.1 or later.  I tested on a
Debian Stretch machine (kernel version 4.9), and there it worked just
fine, increasing the available entropy very quickly.  I wrote a small
test oneliner to test.  It first print the current entropy level,
drain /dev/random, and then print the entropy level for five seconds.
Here is the situation without the ChaosKey inserted:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
% cat /proc/sys/kernel/random/entropy_avail; \
  dd bs=1M if=/dev/random of=/dev/null count=1; \
  for n in $(seq 1 5); do \
     cat /proc/sys/kernel/random/entropy_avail; \
     sleep 1; \
  done
300
0+1 oppføringer inn
0+1 oppføringer ut
28 byte kopiert, 0,000264565 s, 106 kB/s
4
8
12
17
21
%
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The entropy level increases by 3-4 every second.  In such case any
application requiring random bits (like a HTTPS enabled web server)
will halt and wait for more entrpy.  And here is the situation with
the ChaosKey inserted:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
% cat /proc/sys/kernel/random/entropy_avail; \
  dd bs=1M if=/dev/random of=/dev/null count=1; \
  for n in $(seq 1 5); do \
     cat /proc/sys/kernel/random/entropy_avail; \
     sleep 1; \
  done
1079
0+1 oppføringer inn
0+1 oppføringer ut
104 byte kopiert, 0,000487647 s, 213 kB/s
433
1028
1031
1035
1038
%
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;Quite the difference. :) I bought a few more than I need, in case
someone want to buy one here in Norway. :)&lt;/p&gt;

&lt;p&gt;Update: The dongle was presented at Debconf last year.  You might
find &lt;a href=&quot;https://debconf16.debconf.org/talks/94/&quot;&gt;the talk
recording illuminating&lt;/a&gt;.  It explains exactly what the source of
randomness is, if you are unable to spot it from the schema drawing
available from the ChaosKey web site linked at the start of this blog
post.&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>