Archive for August, 2010

tune2fs and green disks

Thursday, August 5th, 2010

Hey folks,
old news I’m sure, but if you get tempted into buying the new WD Caviar “Green Power” disks there is something you need to know about them: they fake 512-byte blocksizes while in reality having 4096-byte blocks! The move to 4K blocks is reasonable considering we just busted the 2 terabyte barrier, but the disk firmware is faking 512-byte blocks in the name of compatibility (read: so windows xp won’t shit itself).

Unfortunately, running in bs512 mode makes the disk exactly 3x slower than it should be!
The fix: line up your partitions at 4k boundries, so start partition one at block 64, 1024 or even 2048 (the win7 start block) not the default, 63, in most partitioning software. Start fdisk with the -u parameter and carefully specify the start block. In gparted you’ll have to unhook the “snap to cylinder boundries” checkbox, and then I suppose you could even move a partition to the right block, but expect this to take an inordinate amount of time!

On a related note, fsck’ing an ext filesystem on boot is a drag, and fsck’ing 2TB file systems is a huge drag. Sure you should be running the fsck but it has a nasty tendency to happen on your workstation precisely when you can’t afford the extra 5 minute delay!

I bump the default 10 mounts count to 0 (disabling mount count fscking) and auto-fsck my disks every 99 days, staggered so not all disks get checked on the same day. Do this with the tune2fs command:

wasp:~# tune2fs -c 0 -i 99d /dev/sda1
tune2fs 1.41.12 (17-May-2010)
Setting maximal mount count to -1
Setting interval between checks to 8553600 seconds

out.

PS I recently managed to achieve sustained throughputs of 110MB/s with these WD disks and properly aligned partitions:

7516192768 bytes (7.5 GB) copied, 68.4392 s, 110 MB/s
115+0 records in
114+0 records out

yes that’s disk-to-disk with ext4 and one large file, no fragmentation.

PPS the defaults have nowadays changed to 120 days and 39 mounts, to which I say -1 mounts is better anyway!

edit: Now that your files are aligned, you can specify a block size to mkfs as well, which might avoid unaligned fragments: mkfs.ext4 -b 4096 -L gigantor -O sparse_super /dev/sdb1

CPM: Reliable multiuser password management

Monday, August 2nd, 2010

Sup all,
summer is drawing to a close and vacation is definitely over, but I for one welcome the chance to think and act again. Some time ago our managed services department started complaining about various shoddy password management solutions. Truth be told we already had a good solution, CPM (“Console Password Management”) but the software had fallen into disrepair due to seldom and untidy updates from its author. A new maintainer was desired and a project to fix the software was decreed and the result fell into my lap so to speak.

What sets CPM apart from other password management solutions is that it supports multiple users and goes to great lengths to keep your passwords secure while at the same time being very simple in its design: CPM locks its XML-formatted hierarchical password database in non-swappable private memory (so your passwords don’t get written in cleartext to disk while swapping), and encrypts the database with an arbitrary amount of GnuPG public keys.

All this makes CPM quite nice for storing and sharing secrets in a nice curses-based searchable console interface.

For the longest time I’ve been keeping the hundred-odd passwords I can’t remember on notepads and in random text files, thinking that surely I should start employing some sort of password management before I go crazy or my passwords leak. The congruence of my wishes with the scope of this project, so I picked up CPM and gave it a little love, and the result can be found at

GitHub CPM with CPM packages for debian in the downloads section.

CPM crash course

Requirements: Gnu Privacy Guard, and a GPG keypair.

First, install CPM:

dpkg -i cpm_0.25~beta-2debian2_amd64.deb

Then, create a password database, adding your key to the recipient list when prompted.

create-cpmdb

Then, use CPM from the console:

cpm

CPM should now ask you for you GPG key password and display an empty database.

CPM is controlled with the arrow keys, Enter and some control keys.
Hitting Control-H will bring you to the Help screen which explains the control keys.

By default CPM organises your passwords in a structure of hosts that have several services which may have one or more users. Hosts, services, users and passwords are nodes in the tree and a node is added by hitting Control-A and given an appropriate name.

For instance, if I were to add a password ch1ckens0up to user lolarun on the wiki service of host fragglepop.info, I would create the following node structure:

  host:fragglepop.info
      \-->service:wiki
              \-->user:lolarun
                      \-->password:ch1ckens0up

Of course there is no need to follow this anal layout, and you may even change the node structure by editing the template names in CPM by hitting Control-N or modifying the /etc/cpmrc config file.

To have CPM generate a random password for you, hit Control-P.
Your changes are not saved unless you hit Control-W or quit the program by hitting ESC enough times. Quitting through Control-C will not save the database.

Future work includes pushing the package into Debian.

What you don’t get (yet) is a GTK-based GUI, or a wrapper to pull the password database out of GIT and commit it again after modification nor integration with gpg-agent, probably (?) due to a bug in gpgme.

Enjoy this lovely piece of software and leave a comment after testing it!