Preventing RDNSSD from Ruining the SD Card

July 20, 2017

So I have a Raspberry Pi running in the Freifunk Bremen network. It has a dynamic IPv6 address; and since there are currently five active gateway servers on this network which also act as DNS servers, I wanted to get these DNS server addresses dynamically as well.

This can be done with the rdnssd daemon: it listens for IPv6 Neighbour Discovery Protocol packets (in particular Router Advertisements) and extracts the DNS server addresses from them. The addresses are then written to the /etc/resolv.conf file so that they are used as normal DNS servers by the system.

However after setting this up I noticed that the green LED on my Raspi was lighting up every few seconds, indicating “disk” activity. Of course with a Raspi there is no magnetic hard disk but rather a MicroSD card which contains the file system; and since these cards can only tolerate a limited number of write cycles, the frequent LED blinks were worrying.

The cause of the write accesses was that the /etc/resolv.conf file was rewritten every few seconds. IPv6 RA packets are received quite frequently here (about 100 packets per minute!); and each time the ordering of DNS servers is updated to prefer the server that was received most recently.

Updating the /etc/resolv.conf file is done by the resolvconf tool (actually the openresolv tool, if you look under the hood). It takes name server addresses from various sources (like DHCP client, VPN connections, RDNSSD, and static network configuration) and combines those into a single resolv.conf file. So whenever RDNSSD wanted to reorder the DNS servers it had received, resolvconf rewrote the /etc/resolv.conf file.

To prevent the resolvconf tool from frequently writing to SD card, I took the following steps:

  • make /etc/resolv.conf a symbolic link to /var/run/resolv.conf.
    /var/run resides on a ramdisk so data written there does not touch the actual SD card. This also means that the /var/run/resolv.conf file will be lost during reboot; but the resolvconf tool will recreate it during boot.
  • disable the unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf line in /etc/resolvconf.conf. This line was causing the resolvconf tool to also update the /var/cache/unbound/resolvconf_resolvers.conf file every few seconds (which was unnecessary in my case, since I don’t have an Unbound DNS Server installed on the Raspi); and since /var/cache is stored on the SD card, this caused an actual write access to the card.

After making these two changes, the green LED once again remains dark, and cat /etc/resolv.conf shows that the IPv6 name servers merrily change every few seconds.

Advertisements

Calendarserver and DAV_DAV_NOT_CALDAV error

December 6, 2015

So I had just copied the data of my Darwin Calendarserver from an old to a new disk, but Thunderbird only showed the error DAV_DAV_NOT_CALDAV (“CalDAV: Calendar points to a DAV resource, but not a CalDAV calendar”) on console when trying to open the calendars.

After enabling verbose logging in Thunderbird (by setting calendar.debug.log and calendar.debug.log.verbose to true) and digging through the Lightning sources (in the extensions/{e2fda1a4-762b-4020-b5ad-a41df1933103}/components/ directory of my Thunderbird profile), it turned out that the error was that the calendars had the “{DAV:}resourcetype” attribute set to just “collection” rather then both “collection” and “calendar”. This was also visible when opening https://homeserver/calendars/users/oliver/calendar/ in Firefox. However, I couldn’t find out the cause for this from Calendarserver, neither from logs nor from code.

But digging into other directions finally produced a result: the extended attributes were missing on the copied data. Sure, the old disk had had the user_xattr flag set in /etc/fstab; and the new partition even uses that flag automatically (as seen from /proc/mounts). But for copying the data, I had attached the old disk via USB and had mounted it manually – and in that step I had forgotten to specify “-o user_xattr” :-( . Without that parameter, even “cp -ax” can’t copy these attributes.

After mounting the old disk with the correct and copying the data over again, “getfattr -d -R /var/spool/caldavd” finally showed lots of extended attribute values, and Thunderbird finally opened the calendars. Success!

Firefox Private Browsing Windows Are Not Independent

November 11, 2015

Public Service Announcement: If you have multiple “Private Browsing” windows open in Firefox (41), they all share the same cookies. So if you think you can login to a site multiple times using multiple Private Browsing windows, you’re out of luck with plain Firefox.
More importantly, if you’re logged into Facebook in one PB window, opening a second PB window won’t protect you from being tracked by Facebook.

You can test this on http://www.html-kit.com/tools/cookietester/ by setting a test cookie in one PB window and then visiting the site in a second PB window, where the cookie from the first window will be displayed.

Of course this information leak not only affects cookies (they are just the most obvious piece of information that’s leaked between windows). For example, when running the browser history sniffer at http://zyan.scripts.mit.edu/sniffly/ in one PB window, it also shows sites you’ve visited in other PB windows.

In summary, this is not the kind of behavior I was expecting from a Private Browsing feature. In the end this feature is really just usable to avoid leaving traces on the computer, but doesn’t help to protect your privacy from the sites you visit.

Gedit File Search Plugin 1.2 now supports Gedit 3.12

April 13, 2014

The latest Gedit File Search Plugin now adds support for two more Gedit versions: Gedit 3.10 will be used by Ubuntu 14.04 LTS “Trusty Tahr” (soon be released), and Gedit 3.12 is currently the latest bleeding-edge release available.

Unfortunately the Gedit in Ubuntu 14.04 lacks some features which were used by this plugin: namely, the file browser in the side bar doesn’t offer a Search in Files shortcut any more, and highlighting of file search results in opened documents doesn’t work any more. While Gedit has regained these features in later versions, that’s only small consolation for Ubuntu LTS users.
I’m not sure if there’s a way to work around these shortcomings, or if it’s possible to add these features to the Ubuntu Gedit version. Guess once we actually start using it in the next weeks/months it’ll become apparent whether this is a real problem.

There haven’t been any other changes in this release; but if you run a new version of Gedit, download Gedit File Search Plugin 1.2 and give it a try!

jhbuild + etckeeper: “Please tell me who you are.”

March 3, 2014

>be using Etckeeper with Git under Ubuntu 14.04 alpha
>be running “jhbuild --sysdeps install”
>be entering password for package installation
>jhbuild installs packages successfully, but then…
>a wild error appears:

*** Please tell me who you are.

Run

  git config --global user.email "you@example.com"
  git config --global user.name "Your Name"

to set your account's default identity.
Omit --global to set the identity only in this repository.

fatal: unable to auto-detect email address (got 'root@trusty64vb.(none)')
E: Problem executing scripts DPkg::Post-Invoke 'if [ -x /usr/bin/etckeeper ]; then etckeeper post-install; fi'
E: Sub-process returned an error code

>hmm.jpg
>”git config --global --get user.email”
>shows correct email
>oh wait, sudo?
>”sudo git config --global --get user.email”
>still looks good
>oh wait, actual root?
>”sudo su -”
>”git config --global --get user.email”
>gotcha!

Solution:
$ sudo su –
# git config --global user.email “root@trusty64vb”
# git config --global user.name “Root”
# exit

(also, https://bugs.launchpad.net/ubuntu/+source/etckeeper/+bug/1267564 explains why problem didn’t appear in 12.04)

Gedit File Search Plugin 1.1 with support for Gedit 3.8

February 6, 2014

There’s a new version of the Gedit File Search Plugin available, which has been ported to Python 3. This means that Gedit 3.8 is now supported as well.

Internally, the code has been ported to run under both Python 2.7 and Python 3. Also, to accomodate the plugin loaders in the different Gedit versions, there are now two File Search entries in the plugin selection dialog: one for “current” Gedit, and one for Gedit before version 3.8. If you’re unsure which one to enable, just try both: one will refuse to load, and the other one should work :-)

So if you have been itching to use the file search plugin with a current Gedit version, go ahead and download the new release!

Refreshing DNS-SD entries in Nautilus

September 22, 2013

When publishing a new DNS-SD service (aka Zeroconf, Bonjour, or Rendezvous) with Avahi (eg. by adding a .service file in /etc/avahi/service/), Nautilus sometimes doesn’t pick up changes made to the .service file, even though avahi-discover and avahi-browse have picked up the modifications. Killing and restarting Nautilus or Avahi doesn’t help either; the trick is to kill the gvfsd-network and gvfsd-dnssd processes, eg. with “killall gvfsd-network gvfsd-dnssd“.

Btw. for debugging, the gvfs-ls and gvfs-info command line tools are quite useful as they show the same info as displayed by Nautilus.

Oh, and if you want to use the “p=” parameter in a .service file for specifying the password for FTP: it’s not supported by Nautilus – only the “path” and “u” parameters are handled. If you really want to avoid any prompt when double-clicking an FTP share in Nautilus, either allow login as user anonymous on your FTP server (and specify “<txt-record>u=anonymous</txt-record>” in your .service file); or save the FTP password in the Gnome keyring.

Gedit File Search Plugin 1.0 available – now for Gedit 3

September 10, 2013

The first version of Gedit File Search Plugin for Gedit 3.4 is finally available. This is mainly the work of Adam Dingle who did the initial port to GTK3 and the new plugin system, and I’m very grateful for his work!

Note that this version has only been tested with Gedit 3.4.1 on Ubuntu 12.04. It might work on other systems as well, though – I’m eager to hear of your experiences.

So go ahead and download the new release!

Also, if you are using Gedit 2, there’s a separate version available.

Gedit File Search Plugion 0.6 available

September 8, 2013

A new version of Gedit File Search Plugin is available, with minor bugfixes. More importantly, this is probably the last release to support Gedit 2 – any further work on this plugin will probably only happen for Gedit 3. Given that version 0.6 should be quite stable and bugfree, this ought to be a good time to send this branch into retirement, and move focus to Gedit 3.

So go ahead and download the plugin – no use in waiting!

[Update: to clarify, this version supports Gedit 2 only. A version for Gedit 3 will be released soon.]

How to use Magic Sysrq on Lenovo Thinkpad Edge 11

March 2, 2012

The keyboard on Lenovo Thinkpad Edge 11 doesn’t have a Sysrq key anymore. As described at http://forum.notebookreview.com/thinkpad-edge-x1-x100e-x120e-sl-l/579456-no-insert-sysrq-keys-e220s.html#post7505261 there are Fn key combos to still get the functionality of these missing keys:

Fn+B = break
Fn+P = pause
Fn+S = sysrq
Fn+C = ScrLK
Fn+I = insert

To use Magic Sysrq key combos, this worked for me when using Ubuntu 11.04:

Press Alt, press Fn and S, release Fn and S, press the Sysrq command key.

For testing, the “h” command key is nice as it just prints some help text to kernel log. You can see in dmesg whether the key combo worked.