ixs' Vodkamelone

When working with disk images the admin is often faced with the problem of mounting the contained partitions inside of these images.

Such full-disk images can be the containers of virtual machines for xen as fount in /var/lib/xen/images or disk-images ripped from dying drives with the help of recovery tools such as dd_rescue.

Regardless of the origin, these images do contain everything needed to run a machine, a partition table, a boot sector, at least one, but often several partitions inside of one container.
Mounting these images through a normal loop mount does only result in the first image to be mounted, often not what is wanted.
In the past, suggestions ranged from imaging single partitions to using dd to "cut" the single partitions out of the full-disk image. Crude workarounds as we've had a perfect tool called device mapper for some time now.

Executing fdisk on the my test disk-image shows several partitions, among some ingorable warnings:

[root@workstation ~]# fdisk -l disk.img 
You must set cylinders.
You can do this from the extra functions menu.

Disk disk.img: 0 MB, 0 bytes
4 heads, 32 sectors/track, 0 cylinders
Units = cylinders of 128 ∗ 512 = 65536 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
disk.img1   ∗           1          32        2032   83  Linux
disk.img2              33         216       11776   83  Linux
disk.img3             217         705       31296   83  Linux
disk.img4             706         978       17472    5  Extended
disk.img5             706         859        9840   83  Linux
disk.img6             860         978        7600   83  Linux
[root@workstation ~]# 

Thus, we know we do have an image file containing several partitions.

Now, how to handle this?

Mounting this test-image gives an error in my case. Often though the first partition gets sucessfully mounted.

[root@workstation ~]# mount disk.img /mnt/ -t ext2 -o loop,ro
mount: wrong fs type, bad option, bad superblock on /dev/loop1,
       missing codepage or helper program, or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

[root@workstation ~]# 

The solution to this is called kpartx, a tool to map the partitions contained inside such an image into device-mapper block devices. This tools is contained in the kpartx RPM and can be easily installed by executing yum install kpartx if it is not already installed on your system.

Execution is quite simple. To list the contained partitions and see onto which loop-devices they would be mapped, the following command is needed:

[root@workstation ~]# kpartx -l disk.img 
loop0p1 : 0 4064 /dev/loop0 32
loop0p2 : 0 23552 /dev/loop0 4096
loop0p3 : 0 62592 /dev/loop0 27648
loop0p5 : 0 19680 /dev/loop0 90272
loop0p6 : 0 15200 /dev/loop0 109984
[root@workstation ~]# 

To actually map these partitions onto the loop-devices, call kpartx with the -a instead of the -l parameter:

[root@workstation ~]# kpartx -a -v disk.img 
add map loop0p1 : 0 4064 linear /dev/loop0 32
add map loop0p2 : 0 23552 linear /dev/loop0 4096
add map loop0p3 : 0 62592 linear /dev/loop0 27648
add map loop0p5 : 0 19680 linear /dev/loop0 90272
add map loop0p6 : 0 15200 linear /dev/loop0 109984
[root@workstation ~]# 

The partitions are then available in /dev/mapper/ to be mounted accordingly and the containing files to be accessed:

[root@workstation ~]# ls -all /dev/mapper/
total 0
drwxr-xr-x  2 root root     160 2008-06-11 15:06 .
drwxr-xr-x 13 root root    4180 2008-06-11 15:06 ..
crw-rw----  1 root root  10, 60 2008-06-11 13:28 control
brw-rw----  1 root disk 253,  0 2008-06-11 15:06 loop0p1
brw-rw----  1 root disk 253,  1 2008-06-11 15:06 loop0p2
brw-rw----  1 root disk 253,  2 2008-06-11 15:06 loop0p3
brw-rw----  1 root disk 253,  3 2008-06-11 15:06 loop0p5
brw-rw----  1 root disk 253,  4 2008-06-11 15:06 loop0p6
[root@workstation ~]# 
[root@workstation ~]# mount /dev/mapper/loop0p5 /mnt/ -o loop,ro
[root@workstation ~]# mount | grep '/mnt'
/dev/mapper/loop0p5 on /mnt type ext2 (ro,loop=/dev/loop1)
[root@workstation ~]# ls /mnt/
backup  conf.tar.gz     etc                  manifest.txt  tool
bin     default.list    factory_default.md5  rc.reboot     upgrade.list
cfg     default.tar.gz  lost+found           test
[root@workstation ~]# 

After the partitions have been unmounted, the device-mapper mappings can be removed by calling kpartx with the -d parameter. The image file can then be used again as it is not in use anymore by the device mapper.

[root@workstation ~]# umount /mnt/
[root@workstation ~]# kpartx -d -v disk.img 
del devmap : loop0p1
del devmap : loop0p2
del devmap : loop0p3
del devmap : loop0p5
del devmap : loop0p6
loop deleted : /dev/loop0
[root@workstation ~]# ls -al /dev/mapper/
total 0
drwxr-xr-x  2 root root     60 2008-06-11 15:16 .
drwxr-xr-x 13 root root   4080 2008-06-11 15:16 ..
crw-rw----  1 root root 10, 60 2008-06-11 13:28 control
[root@workstation ~]# 

I finally decided to try to breath some life into my weblog again and write some hopefully useful technical articles.

I'm currently planning on concentrating on stuff I find out fiddling with new toys (usually embedded stuff running Linux) or little hints or tricks I'm using when administrating systems.

The content of these articles might not all be new and many people already know about them, but I found it's mostly "advanced" administration stuff many people do not know about and can profit from these.

If there's anything which should be described in more detail or anything else, I'm available on the usual IRC networks (IRCnet, oftc, freenode etc.) as ixs.

The first article explains kpartx and how to use it to access partitions inside full-disk images.

We've gotten a new document scanner for bawue.net in order to better handle our documents and our snail-mail communication.
The Canon ScanFront 220P is a network scanner which does (among other things) optical character recognition and is able to send the resulting document as a PDF via e-Mail or upload it to a FTP Server or a SMB Network share.

The device itself is running Windows CE in order to accomplish all that which is fine as it therefore needs no computer connected to it as some other scanners do.

A real problem for the Linux user howerver is that Canon seems to have handed the development of the scanner's web interface to some clueless and moronic developers.
There's simply no excuse for designing a web interface which only works with Internet Explorer and doesn't even allow a Firefox user to log into the interface.
I'd expect MUCH better from a global company such as Canon, especially when the scanner in question costs about US$ 2,150.00

If the device would have been running Linux and the sources would have been delivered as requested by the GPL I'd have a working scanner here and Canon's development team would have had a nice unified diff in the mail fixing their problems. That way, all they are getting is an acrid mail.
Another reason to favour open source operating systems for any development work. Some companies seem to clearly get this.

In the meantime tough I need a working scanner. Greasemonkey to the rescue: I've written a small GPL3 licensed Greasemonkey User script fixing the problems in the ScanFront webinterface. Naturally, one has to have greasemonkey installed to use this script.

It currently fixes the login prompt, makes the "New User" button work, fixes an onload-recursion in the address book and makes the job-control window work when selecting the destination address for a scanjob.
Most of these problems stem from the fact that the Internet Explorer XML parser seems to be somewhat sloppy and does not make a difference by getElementById and getElementsByName.
My userscript works around these issues but a real fix can only be delivered by Canon.

Today was my first day as a Red Hat employee.

Even though I'm just working there as an intern for the next six months before starting work on my Diploma thesis, it has been rather uneventful.

Ohh right, today is saturday. Weekends for teh win!
So I'll start on monday then with the "New Hire Orientation" in Munich. According to the guys on irc, it's gonna be fun.

Yeah, right!

Michael linked to an IAT Test which claims to be able to find out your unconscious preference for either Microsoft Software or Open-Source software, ruling out self-presentation or controlled responding.
Wikipedia has somewhat more about the Implicit Association Test.

In this case, the participant is asked to please sort stimulus words (Joy, Evil etc.) and pictures (Tux, Firefox Logo, Microsoft Word Logo and similar). By combining "good" stimuli with "bad" attitudes and measuring response time and comparing the results from the test round where "good" stimuli is paired with "good" attitudes the IAT claims to be able to offer insight into a person, regardless of his self-reports.

I am quite wary of tests such as these as I believe them to be useless against a participant who intends to game the test. Especially if the test claims to be objective.

The first trial I did resulted in being attested to have "a strong automatic preference for Open Source products over Microsoft products".
This sounds about right.

The second trial, I tried gaming the system. As the participant is asked to sort the words and images into two combined groups which change, it was clear that the IAT test is based on reaction measurements. If sorting the words into the "Microsoft + Good" group is being done faster by the participant then sorting the words into the "Microsoft + Bad" group (compared to the "OSS + Good" group vs "OSS + Bad" group), it is assumed that the association between good and Microsoft is closer then the association between bad and Microsoft. Thus the user has a unconscious preference for Microsoft.

This much I gathered by guessing and the result was that I consciously delayed my responses at the appropriate time, thus resulting in a slight preference for Microsoft over OSS.

A short Google-Search later I was reading a paper by Klaus Fiedler and Matthias Blümke from the University of Heidelberg confirming my speculation and resulting in the third test run certifying "a moderate automatic preference of Microsoft over Open Source Software"...

So much for the test. :-)

Nachdem ich ja schon ausgiebig meine Abenteuer mit der T-Com beklagte, musste ich heute ernüchtert feststellen, dass nicht nur die T-Com mich hasst. Nein, auch Cisco mag mich nicht.

Heute Nacht wurde der Access Concentrator in Stuttgart umgetauscht. Früher war ich an STGX42-erx, einer Juniper Networks E-Series, angeschlossen. Mittlerweile ist es ein Cisco 10000 Router mit der Performance Routing Engine 3.

Das Ergebnis ist deutlich:

Mar 13 17:37:29 rtr pppd[19032]: pppd 2.4.3 started by root, uid 0
Mar 13 17:37:29 rtr pppd[19032]: Using interface ppp0
Mar 13 17:37:30 rtr pppd[19032]: Connect: ppp0 <--> /dev/pts/0
Mar 13 17:37:30 rtr pppoe[19035]: PPP session is 63082
Mar 13 17:37:31 rtr pppd[19032]: CHAP authentication succeeded
Mar 13 17:37:31 rtr pppd[19032]: local  IP address 91.32.100.35
Mar 13 17:37:31 rtr pppd[19032]: remote IP address 217.0.118.57
Mar 13 17:50:01 rtr pppd[19032]: LCP terminated by peer
Mar 13 17:50:01 rtr pppd[19032]: Connect time 12.5 minutes.
Mar 13 17:50:01 rtr pppoe[19035]: Session 63082 terminated -- received PADT from peer
Mar 13 17:50:01 rtr pppoe[19035]: Sent PADT
Mar 13 17:50:01 rtr pppd[19032]: Sent 39902910 bytes, received 18850825 bytes.
Mar 13 17:50:01 rtr pppd[19032]: Modem hangup
Mar 13 17:50:01 rtr pppd[19032]: Connection terminated.
Mar 13 17:50:02 rtr pppd[19032]: Exit.

Man sieht also sehr schön, wie es eben nicht geht. :-(

Warren wondered whether it would make any sense including a version of scp or ssh which do not encrypt their traffic on the network.

As far as I can see, such a tool would indeed be useful for many tasks. "brokensh" might not be that useful, but "brokencp" is certainly useful.
Consider the roadwarrior with his notebook who is transferring some data from the server to his notebook. He is already encrypting the data-traffic by using openvpn or ipsec. The network between his tunnel-terminator and the server can be considered secure. He would save CPU-time by not having to encrypt the traffic twice.
Or the system-administrator who has to copy a whole tree of files, including permissions from one machine to another. He could just call tar c /dir | ssh root@server tar xv to achieve this. If the machines are directly connected the transfer is probably faster, as the data does not need to be encrypted. Generally, I do help myself in this case by using netcat, but still.

I for one do like the idea of selectivly disabling encryption for scp as long as the authentication against the remote system is secure, that is no cleartext password crosses the wire. I do not care if the attacker sniffing my line is able to reconstruct the latest Fedora ISO image which I'm copying, I do care that he is not able to sniff my password.

I tried the free as in beer vmware-server on our new quad opteron and probably got exactly what I deserved when using tainted modules. :-)

general protection fault: e040 [1] SMP
<Jan/04 01:48 am>last sysfs file: /class/scsi_host/host0/stats
<Jan/04 01:48 am>CPU 0
<Jan/04 01:48 am>Modules linked in: ipmi_devintf ipmi_si ipmi_msghandler vmnet(U) vmmon(U) ipv6 
ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables
x_tables video sbs i2c_ec i2c_core button battery asus_acpi ac parport_pc lp parport st sg e100
serio_raw pcspkr ide_cd k8_edac mii cdrom edac_mc floppy tg3 shpchp dm_snapshot dm_zero dm_mirror
dm_mod sym53c8xx scsi_transport_spi 3w_9xxx sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
<Jan/04 01:48 am>Pid: 2317, comm: vmware-vmx Tainted: P      2.6.18-1.2747.el5xen #1
<Jan/04 01:48 am>RIP: e030:[<ffffffff88395db1>]  [<ffffffff88395db1>] :vmmon:Task_Switch_S1B1+0x183/0x976
<Jan/04 01:48 am>RSP: e02b:ffff8801e79c7bb8  EFLAGS: 00010282
<Jan/04 01:48 am>RAX: ffff820000000000 RBX: ffffc2000003d000 RCX: 000000000000e040
<Jan/04 01:48 am>RDX: ffff82000000e040 RSI: 0000000000000000 RDI: ffff8801e9bf6000
<Jan/04 01:48 am>RBP: 00002aaaada80a80 R08: 7fffffff00000001 R09: 0000000000000000
<Jan/04 01:48 am>R10: ffff8801e79c7e98 R11: 0000000000000048 R12: ffffffff8058e000
<Jan/04 01:48 am>R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000660
<Jan/04 01:48 am>FS:  00002aaaada80a80(0000) GS:ffffffff8058e000(0063) knlGS:0000000000000000
<Jan/04 01:48 am>CS:  e033 DS: 002b ES: 002b
<Jan/04 01:48 am>Process vmware-vmx (pid: 2317, threadinfo ffff8801e79c6000, task ffff8801ee6fd040)
<Jan/04 01:48 am>Stack:  736282f99c4145dc  000000009d53f5e8  ffff8801e9bf6000  0000000000000246
<Jan/04 01:48 am> 000000008005003b  00002aaaabb65290  00000000b41c1cc3  0000006300005eaf
<Jan/04 01:48 am> 820000000000efff  ef980ea576c5ffff
<Jan/04 01:48 am>Call Trace:
<Jan/04 01:48 am> [<ffffffff883994eb>] :vmmon:Vmx86_RunVM_S1B1+0x3f/0x1a8
<Jan/04 01:48 am> [<ffffffff8838c21e>] :vmmon:__LinuxDriver_Ioctl+0x387/0xd35
<Jan/04 01:48 am> [<ffffffff8027f6f0>] __wake_up_common+0x3e/0x68
<Jan/04 01:48 am> [<ffffffff8022e141>] __wake_up+0x38/0x4f
<Jan/04 01:48 am> [<ffffffff80260729>] _spin_lock_irqsave+0x9/0x14
<Jan/04 01:48 am> [<ffffffff802976dd>] futex_wake+0xc6/0xd5
<Jan/04 01:48 am> [<ffffffff803045f9>] avc_has_perm+0x43/0x55
<Jan/04 01:48 am> [<ffffffff8838daf7>] :vmmon:LinuxDriver_Ioctl+0x529/0x583
<Jan/04 01:48 am> [<ffffffff8030512d>] inode_has_perm+0x56/0x63
<Jan/04 01:48 am> [<ffffffff803045f9>] avc_has_perm+0x43/0x55
<Jan/04 01:48 am> [<ffffffff8026a78d>] monotonic_clock+0x35/0x7b
<Jan/04 01:48 am> [<ffffffff803051ce>] file_has_perm+0x94/0xa3
<Jan/04 01:48 am> [<ffffffff8838db74>] :vmmon:LinuxDriver_CompatIoctl+0x23/0x36
<Jan/04 01:48 am> [<ffffffff802d7230>] compat_sys_ioctl+0xc5/0x2b1
<Jan/04 01:48 am> [<ffffffff8025d54d>] ia32_sysret+0x0/0xa
<Jan/04 01:48 am> [<ffffffff8025d4e2>] ia32_syscall+0x1e/0x6b


<Jan/04 01:48 am>Code: 0f b6 42 05 83 e0 0f 83 f8 0b 75 0c 8a 42 05 83 e0 f0 83 c8
<Jan/04 01:48 am>RIP  [<ffffffff88395db1>] :vmmon:Task_Switch_S1B1+0x183/0x976
<Jan/04 01:48 am> RSP <ffff8801e79c7bb8>
<Jan/04 01:48 am> <0>Kernel panic - not syncing: Fatal exception
<Jan/04 01:48 am> (XEN) Domain 0 crashed: rebooting machine in 5 seconds.

I fear I'll have to look into xen a bit more and use that in the meantime.

UPDATE: Turns out, it's currently impossible to do what I want:

• Xen and VMware are impossible to run at the same time
• Running ia32 guest inside of a x86_64 Xen instance does not work. It seems to be a planned feature though.
• qemu is slow and the binary kernel accelerator does not work on x86_64

I guess I'll just have to disable Xen for now and go with vmware until I have new hardware for the soon to be virtualized host. :(

Mission accomplished.

Damit BENQ nicht allzuviel Freude an der gekauften (SPUCK!)Siemens Handysparte hat war ich gerade so frei und habe mein gebraucht gekauftes Siemens S65 Mobiltelefon noch am Tag vor Ablauf der Garantie bzw. Gewährleistung reklamiert. Das Display ist verkratzt, die Taste 0 funktioniert nicht immer auf Anhieb und seit Verleihung meines Telefons letzter Woche fehlt auch die silberne Wippe an der Seite des Telefons auf Displayhöhe.
Damit es nicht allzuviel Stress bei der Reklamation gibt, noch vorher das Fullbackup eingespielt damit das Vodafone gebrandete Telefon auch in bescheidenem Vodafone Branding zurückkommt.

Nachdem ich dann auch einen auf überforderter Kunde, der keine Ahnung und hat doch nur noch kurz vor Geschäftsschluss beim vielen Gedräge sein Handy repariert haben will, gemacht habe wurde das Telefon dann auch angenommen und ich kriege in ein paar Tagen ein neues.
Da war der alte Siemens Vorabtausch Service wesentlich angenehmer und wurde zurecht besonders bei Geschäftskunden sehr geschätzt.

Sobald das neue Gerät dann da ist, wird es hier ein oder zwei Artikel zum Unbranden und Firmware-Modifizieren zum Abschalten lästiger Features geben.
Das rote Vodafone Branding ist echt das letzte.

At this last year's Chaos Communication Congress in Berlin there was a short presentation about the One Laptop Per Child system.

I couldn't make the talk itself but managed to take a closer look at the OLPC later on when it was on display at the Wikipedia booth.
My opinion of the device so far is mixed.
The software collection looks nice but still a bit rough about the edges.
The hardware in general definitely looks good. Small, portable and low-power. The display especially is really good looking and offers an enjoyable sharp display. I expected something a bit more low quality after following the swizzle mode blog post by Manu but was positivly surprised.
The keyboard however sucked!

I might be spoiled keyboardwise as I'm nearly exclusivly using IBM Model M Keyboards which feature distinct tactile feedback and I really detest the soft keyboards which are generally available today.

The OLPC keyboard however is something else. I haven't yet seen such a mushy keyboard in a notebook. The keys are quite flat with a very small keydrop of said 1mm. This would be acceptable if there would be some more resistance when depressing the keys. The BTest-1 System I tried however was so squashy I had to keep looking at the screen to check if the key I pressed actually was pressed.
In general the keyboard feels rotten which is a pity as the system would otherwise be very neat.

Sollte es etwa wirklich geklappt haben, was mir die T-Com telefonisch verkündet hat?

Bisher sieht es zumindest so aus.
Ich kann weiterhin mit ca. 348Kbps Dateien aus dem Internet ziehen, laut Traceroute ist die Latenz zum nächsten Hop bei ca. 12ms , ein Upload mit scp bringt ungefähr 60KBps und mein T-DSL Anschluss hat auch noch eine Verbindung (aktuell allerdings noch zu Congster).

All das spricht für die Tatsache, dass ich T-DSL 3000 mit Fastpath und 512kbit/s Upload habe. Und das, obwohl gestern, am 12. Oktober der Anschluss auf Call & Surf Comfort Plus hätte umgestellt werden sollen. Auch wenn die Auftragsbestätigung was von Call & Surf Comfort erzählte.
Das wäre ja genau das, was ich will.

Insofern spricht wohl alles dafür, dass die T-Com ihren zugesagten Umschalttermin nicht eingehalten hat. Schliesslich läuft ja noch alles. :->

Nunja. Olaf hatte ja schon die schlimmsten Befürchtungen geäussert, aber so schlimm kam es dann doch nicht.

Die T-Com rief gerade an, und teilte mit, dass am Freitag T-LSD 6000 (mit 3072kbps Downstream) geschaltet wird.

Ich bin dann mal gespannt, was mit dem 512kbps Upstream und dem Fastpath passiert

Und noch interessanter wird sicherlich die nächste Rechnung. Es graust mit jetzt schon...

Ich hatte ja zuvor schon ein wenig über das Zurücksetzen eines Elmeg VoIP-VPN Modules und wie über die NAT-Konfiguration für die Elmeg Anlage geschrieben.

Leider ergibt sich noch das unangenehme Problem, dass sich das Snom 360 SIP-Telefon nicht an der Elmeg Anlage anmelden kann. Die Fehlermeldung ist immer die selbe. Auf der Elmeg Telefonanlage findet sich folgende Logmeldung.:

iwu: [MSG] SIP: Registration reject:
 sip:810@192.168.1.250, guest 0, expires 60, location 2, cause AUTH REQUIRED

Eine genauere Analyse des SIP Verkehrs ergibt, dass das Telefon sich nicht an der Anlage anmelden kann, da die Digest-Authentication Informationen nicht stimmen.

Die Lösung für dieses Problem ist, beim Snom Telefon im "Identitäts Menü" für die entsprechende Leitung im "Sip-Reiter" die Unterstützung für "Langer SIP-Contact (RFC3840)" zu deaktivieren.

Anschliessend kann sich das Telefon sofort bei der Anlage registrieren.

Es war ja klar. Soooooo klar. Nur Vollidioten.

 

Die T-Com wird immer besser.

Nachdem ich heute morgen hörte, dass der Computer sich ja gerne mal irren würde, habe ich heute abend nochmal nachgehakt, damit auch sichergestellt ist, dass ich auch wirklich das DSL 6000 (mit 3072kbps Downstream und 512 Upstream in Fastpath) behalten werden.

Das war auch gut so!

Laut Computer der Telekom gibt es bei mir maximal T-DSL 2000, und aus dem Grund wäre darum auch der vorherige Auftrag storniert worden.

WTF???

Also ich habe nun seit knapp einem Jahr T-LSD 3000. Grossartig. Beim nächsten Anrufe höre ich dann bestimmt, dass es für meinen Wohnort kein T-DSL gibt, sie mir aber T-SkyLSD verkaufen können. AHRGL!

Nachdem die Dame an der Hotline (aktuell übrigens 22 Minuten Hold-Time) sah, dass ich bisher auch DSL 3000 habe, hat sie versprochen da nachzuhaken...

Die Hoffnung stirbt bekanntlich zuletzt...