E-mail Happenings

It’s now less than four days to go until the MX record for garysoft.co.uk disappears from my DNS server.  In English, this means that any mail you send to ….@garysoft.co.uk will not work any more – but you’ve had two or so years to update your address books, so hopefully this won’t affect any of you.

But in case you hadn’t noticed, just replace garysoft.co.uk with garyhawkins.me.uk in the e-mail address, and all will start working again.

Instant Messaging reorganisation

I found out an interesting thing the other day – that the instant messaging client I’ve been using for quite a while, Pidgin, doesn’t actually support some features in the XMPP protocol.  (If you’ve never heard of XMPP, it’s the open standard protocol behind instant messaging servers such as Google Talk, but you can run your own XMPP server if you like and that’s what I’m doing, using a piece of software called ejabberd).

The main problem with Pidgin (or more correctly the library underneath it, known as libpurple) does not support the concept of ‘priorities’, apart from a hard-coded default of 1 (or 0 if you’re away) mainly because most other instant messaging services don’t have the feature, and as libpurple supports mutiprotocol, this is a bit of problem.  In case you’re wondering, XMPP priorities are useful for times where you have multiple IM clients running at once and you want to choose which one provides the ‘status’ to other users.  For example, I could run client on my desktop, and one on my mobile phone, and one on my laptop, and I might decide to give the desktop client the highest priority, and if that one is offline, then the laptop takes over, and if that one’s offline, then the mobile takes over.

So, I’ve been on the hunt for a replacement instant messaging client.  The one I’ve decided to settle on is called Psi+ (which in turn is an enhanced fork of the Psi instant messenger).  It’s available for Windows, Linux and Mac.  One advantage of it is that it is designed for XMPP only, so that it doesn’t have to work around the limitations of having to support MSN, Yahoo!, ICQ, AOL, etc. as well.  At first, I found it a bit complicated to use  – but then again the ‘advertising’ for it does clearly state it’s an XMPP client for ‘power users’ – and that it certainly is.  It’s chock full of features including a few little known ones, like being able to set ‘mood’ and ‘activity’ (so, for example, you could set mood to ‘Thirsty’ and activity to ‘Drinking’).  It also, more importantly, supports XMPP priorities properly, and also does XMPP Jingle voice calls too.  It took me quite a while to set up since there are so many things you can set, but now that I’ve got it how I want it, I’m pretty pleased with it.

Unfortunately, one casualty of this means that my MSN account can’t be used with Psi+ so I’ve decided to cancel it.  Therefore, if you were talking to me using MSN, you’ll now have to switch to XMPP instead – but I don’t think that will affect too many people.  You can reach me on XMPP at gary.hawkins@garyhawkins.me.uk using your favourite client.

World IPv6 Launch – and this time they’re not switching it off

World IPv6 Launch logoLast year, World IPv6 Day was held on 8 June, where lots of well-known (and some not-so-well-known) Internet sites turned on IPv6 for a day to see what would happen.  Well, the Internet Society have come up with a sequel, called “World IPv6 Launch” – to be held on 6 June this year – and this time the plan is not to switch the IPv6 off.

Major companies such as Google, Facebook, Yahoo! and the Bing division of Microsoft are taking part, which is probably a large proportion of the IPv4 traffic currently going and up down the Internet today, so it will be interesting to see what effect turning on IPv6 will have.  Although it must be said that most ISPs in the UK have been very slow to roll out IPv6, some have and this will at last mean that we get to talk to all these big sites over the new protocol at last.

I’ve never really made a big secret of the fact that I think the UK ISPs really need to get a move-on with the v6 rollout – at the time of writing, the predictions are that RIPE will run out of IPv4 addresses around the end of July, so time is now of the essence.  What are you all waiting for?! (I suspect the answer is “someone else to do it first”)

More details at http://www.worldipv6launch.org/

garyhawkins.me.uk now DNSSEC enabled

Today I have managed to get the garyhawkins.me.uk domain DNSSEC enabled.  So what is it and why do you need it?  DNSSEC is a mechanism for digitally signing your DNS servers so that you can reliably prove that the result you get back is the correct result and not a fake one provided by an attacker.

Say, for example, Google signed their google.com zone with appropriate DNSSEC keys (which, actually, they haven’t got round to doing yet!)  Instead of the computer just blindly accepting whatever results have been given to it, the computer will first do a verification check on the results returned by verifying a special digital signature given to every DNS name.  If the digital signature is wrong, then the result is invalid and an error will be returned.  So when you type in “www.google.com” into your web browser, then you can be something very close to 100% sure that you are being sent to the correct web site, and not a fake one.

(This is quite similar to, but not exactly the same as, the way that DKIM works with email – the mail headers are digitally signed and decrypted with a special DKIM key stored in the DNS in an effort to verify that the mail has genuinely come from the sender and/or domain name that it says it has.)

In theory, this means that if an attacker were to redirect all requests for garyhawkins.me.uk to another server, then the attack would fail because the attacker shouldn’t have the private key to sign the response with, because the response wouldn’t decrypt with my public key stored in the DNS.  So therefore, it makes it very difficult for an attacker to return fake results, hopefully meaning that when you access a server on garyhawkins.me.uk, you’re getting the real results!

HTML mail revisited

So, I’ve been using HTML mail for a while, as you may have gathered from a previous post, but there’s one thing nagging me about it – the HTML email signature is a bit too ‘busy’ for my liking (especially with the full-colour 64×64 image I had in it).  If you write a relatively boring email with a full-colour logo in the signature, that somehow makes the signature look out-of-place somehow.  But then again, a plain text email signature looks a bit too boring.  I could go for the ‘inbetween’ method, which is a ‘boring’ signature but in HTML, but that doesn’t seem to serve any sensible purpose either way.

So, for now, I’ll think I’ll go back to using a ‘boring’ signature for now – at least that way Thunderbird manages to send the mail entirely plain text only if there are no HTML elements in it – which suits me fine.  Then if I must use HTML, then it can do it on an as-needed basis.

Answers or comments on a postcard please … (or in the comments section)

Rough guide to grub-efi-amd64 on Debian Wheezy

This is a rough guide on how to get Debian testing (wheezy) to boot from UEFI.  I’ve tried on Squeeze but unfortunately there’s so many bugs in it that it basically fails for me on an Intel S1200BTL motherboard with AMI Aptio UEFI.

The Debian Installer CD does not yet boot from UEFI itself so the process is made a little bit more complex than it might otherwise be.

Step 1 – Preparation

  1. Back up your data.
  2. Please make a copy of your data for safe keeping purposes.
  3. Store a second copy of your data somewhere where it won’t get wiped.
  4. Have you backed up your data yet?
  5. Backing up your data is a really good idea.
  6. Please back up your data, and do it now before you forget.
  7. Reminder – don’t forget to back up your data.
  8. I’d install a copy of backup software and use it if I were you at this point.
  9. Backing up is a good idea.
  10. You are strongly advised to do your backups before you attempt steps 1-9.
  11. Burn yourself a Debian Installer CD so that you can recover if it all goes wrong.
  12. Make sure the CD you’ve just burned actually works.

Step 2 – Make sure you have an EFI System Partition

UEFI machines require a special partition called an ‘EFI System Partition’ to store boot loaders and other assorted drivers from, unless you fancy installing GRUB2 to a USB stick, that is.  100MiB seems a reasonable size for it and must be FAT32 formatted otherwise the UEFI probably won’t see it.  If you are going to be installing Microsoft products on this box, then you should make it the first partition, but the UEFI standard itself doesn’t require this.  If you are using GPT partition tables, the EFI System Partition needs to have a type GUID code of C12A7328-F81F-11D2-BA4B-00A0C93EC93B (if you are using parted to make your partitions you can turn a partition into an EFI System one by running the command set <partition-number> boot on which will set this for you.  MBR (“normal”) partition tables should use partition type 0xEF for it.

When you create it, it should be formatted with a FAT32 file system and you must ensure that it has a directory called efi placed in the root directory.

Step 3 – Boot into your existing Debian system

If you haven’t already, boot up your existing Debian system and log in as root.  Please ensure you have a working grub-pc (BIOS) configuration (i.e. GRUB 2) before you go any further.  If you are still using GRUB 1, then upgrade to GRUB 2 and get it working before you carry on.

Install the grub-efi-amd64 package using aptitude or apt-get.  This conflicts with the grub-pc package and will cause the old ‘BIOS’ grub to be removed.

Mount your EFI System Partition on to /boot/efi, and it’s a good idea to make sure it’s always mounted on boot by altering the fstab.

Now run grub-install (The EFI version does not require any parameters).  This should install the grub-efi files to your EFI System Partition.  Once the installation is complete, you should find a single file in \efi\debian called grubx64.efi.

Important – Check your grub.cfg to make sure that it loads the efi_gop module in the load_video function.  If it doesn’t, your computer will boot, but you won’t see the screen display!  (Some old UEFIs may need efi_uga instead, but most UEFIs use efi_gop these days.)

Step 4 – First UEFI boot

The first time you boot from this, there will be no entry in the UEFI boot manager to start it up automatically, so you’ll need to go into the EFI Shell and boot grub2 by hand.

Shut down your machine, and reboot into the UEFI setup and switch mode from BIOS to UEFI.  (Not all UEFIs need this step – some like my AMI Aptio has a mode which will let you boot from either BIOS or UEFI).

Boot into the EFI Shell.  At the prompt, type in fs0: to switch to the EFI System Partition, and then type \efi\debian\grubx64.efi to start GRUB manually.  If all has gone well, you should be rewarded with the bog standard GRUB2 boot menu as normal.  Choose your kernel and off you go!  Don’t forget to congratulate yourself that you managed to UEFI boot your Debian install on the way!

Step 5 – Reinstall grub2

This may sound a bit silly, but it’s the easiest way of getting a boot option into the UEFI boot manager.  Once your machine has succesfully booted again, load the efivars module by typing modprobe efivars, make sure the EFI System Partition is mounted at /boot/efi, and then run grub-install again, then update-grub.  You should find now, if you run efibootmgr, that you should have an entry “debian” in there which will boot the new grub install you have just made.

Finally, make sure that efivars module is loaded every time you boot by inserting it into the /etc/modules file.

Scary Search Engines

It’s quite scary sometimes how search engines appear to pick up your links so quickly.  (Unless I just happened to catch the spider crawling my web site at just the right moment).  Now I seem to feature in Google Blogs somewhere at the top of the list, and all kinds of other stuff.  Of course, I had to do something to screw ’em up – I’ve just changed the URL of my “Full Size Blog” … :)   Try again Google! :)

Going Postal Social

I was fortunate/unfortunate (please delete as applicable) enough to receive an invite to Google+ yesterday.  I thought (even though I eventually cancelled my account on its competitor) it would be fair to give it a try, to see what it was like and whether it would be better than “the other social network”.

I quite like the concept of “circles” in G+ (and something I’m sure that “the other site” will be emulating fairly quickly) in that it appears possible to restrict certain postings to certain people – as long as there aren’t any bugs in the G+ code, I suppose.  One more thing that I like about G+ is that it seems a lot “simpler”.  As far as I can see, you can’t install apps into it, which for me is a plus because (talking to my various social networking friends) is one of the big distractions.  As you might expect, it’s quite closely tied in with other Google services and I can’t find a way to change my primary email address to my “proper” one (unlike my gmail one which I hardly ever use)

So… first impressions are okay, but obviously time will tell whether this (a) becomes really popular and (b) what the privacy implications are.  And I still need to read the terms and conditions properly…

How (not to) upgrade your hard disks

This should have been easy.  But like everything “important” that I try to do, it ended up as a bit of a nightmare.  The problem was simple: 300GB disks too small, need more space.  The solution was also simple: Buy three shiny new 3TB disks and fit them, copy data over, job done.  Simple?  Of course not…

The first thing was, will my computer support them?  Some of you will know that Windows really really hates drives bigger than 2TiB in size and the only way to make them work is to (a) use 64-bit Windows Vista Service Pack 1 or later and (b) use a motherboard with a UEFI instead of a BIOS, a compatible SATA disk controller, and a GPT partition table (rather than the old-fashioned MBR style) must be used as well, since MBR partition tables do not support drives bigger than 2TiB.  I do not have a motherboard with a UEFI, but thankfully neither do I run Windows on this particular server — it runs Linux (Debian 6.01 Squeeze to be precise).  This is a plus, because it means that using GRUB 2 I do not have to worry about any such problems, since it already supports GPT partition tables, and 64-bit LBA, and everything else you need to actually boot a 3TB disk.  Everything fine so far then!

So, I went ahead and bought myself three hard disks – one Seagate, and two WD Caviar Green disks, one of which was to be the backup disk.  After suitably “de-green”ing the WD drives (by using the idle3ctl utility, available from Sourceforge, which is a Linux version of Western Digital’s own wdidle3 utility) and turning the auto head parking off, I got to work.  All four drives were fitted, and I created an EFI System Partition (for future use, as I don’t have a UEFI motherboard yet), a BIOS Boot Partition to store GRUB 2 on (this is necessary with GPT partition tables since there is no ‘spare’ space to store the boot code, so I normally create a 1MiB partition to store that, and the rest was a RAID partition to store the logical LVM volumes.  All seems reasonable so far, taking care to align the partitions to MiB boundaries since the Western Digital drives are 4K physical sector drives (but the Seagate one claims not to be).

So, backups done, I shut down the machine, pulled the power, and installed the new disks as SATA3 and SATA4 on the controller so that the existing Maxtor 300GB disks would boot up as normal, which they duly did.  Once the system was booted, it was time to configure the RAID-1 array on the new disks, and then to move the data across.  I’d been practising this the week before on a kvm virtual machine so that I’d know what to do if it went wrong.  Couldn’t go wrong twice, could it…?

Well, yes it could.  The first “mistake” I made was to install the old system in such a way that both the / (root) partition was on a logical volume.  Normally, this wouldn’t matter, but it tends to matter when you’re trying to move it to another volume.  When I tried this before, it seemed to work, but this time something went wrong.  I issued the fateful “lvm pvmove” command to move the LVMs from one physical disk to another, everything stopped.  Oops.  I had started the process and then gone to bed – and when I got up the next morning it was still going and nothing was printed on the screen (even though I had verbose on).  What should I do?  At worst, I could just restore the backups (even though it would take ages)…  I ended up pushing the reset button.  The machine then failed to boot, but it did make it into the initramfs (since it couldn’t find the RAID array).  This is the bit where I think you’re supposed to panic!

Thankfully, I managed to reassemble the RAID array from the initrams and then ran lvm pvmove –abort to stop any already running moves in process.  Personally I don’t think it even got started, so I took the risk and ran the lvm pvmove command again from inside the initramfs (which is probably a good place to do it since no filesystems are mounted at this point).  It started.  It printed percentages.  It was going.  And then I had to go to work…

Got home to discover that it appeared to have worked.  All the LVs had been successfully moved, or so it said.  So the final thing to do was to get the system booted properly, by mounting the root volume and exiting the initramfs, and then (to cut a long story short) checking that /etc/mdadm/mdadm.conf had the right info in it, running update-initramfs -u once booted to make sure it detected the new RAID-1 array, then I installed GRUB 2 on the new disks.  And rebooted, and held my breath, and ….

Phew!  It booted!  Thank goodness for that!  Then I had to shut the machine down again to fit the hotplug SATA caddy which the backup drive went into, and also the new SATA DVD writer.  Once that was done, the old disks were removed, and the new machine was booted.

There was one final challenge – some idiot had set all his kvm virtual machines up so that none of the partition tables on the virtual machines were 4K sector aligned.  So I ended up spending quite a few hours sorting that one out – and that’s another (long) story.

But I got it done, and now it’s working, and hopefully I won’t have to do that again for another 5 years… (by which time I expect we’ll all be buying 30TB drives for £100!)  And next time, I’ll be using the Debian Rescue disk to boot into before doing the lvm pvmove…

Google+ vs Facebook

There appears to be a lot of hype at the moment concerning the new Google+ service from, well, Google.  Is it really the “Facebook killer” that everyone’s been waiting for, or is the hype surrounding it just that?

Currently, Google+ is in limited beta so you (à la Google Wave) need an “invite” to get on it – which apparently I don’t have.  At the moment, I have no idea whether I even want an invite – after all, to quote the words of this xkcd cartoon — “it’s not Facebook but it’s like Facebook.”

So, those of you that know me also know that I cancelled my Facebook account (mainly because I read the Terms of Service and didn’t really like what I read); so what is it (if anything) that makes Google+ worth signing up for, that Facebook doesn’t have?  Should I even bother?  After all, both companies have one thing in common, and that is that they are making money out of your personal data (and mine as well).  And this is the sticking point for me; whether I offer my data to Facebook or Google or anyone else, someone else is making money out of that data.  Perhaps Google may take a slightly better attitude to data privacy, maybe they won’t.

Will it be successful? Will it overtake Facebook? Does anyone even care? Who knows — I haven’t even got an invite!  (But, I suppose, if I ever do decide to sign up, I can always cancel my account just like I did for their main competitor…)