ACCESS ALL AREAS

RT broadcast: Renouncing US citizenship, for tax and political reasons

4 May 2013 by Mike Gogulski
Posted in diary, people, politics | 2 Comments »

RT segment from April 15, 2013 in “honor” of US income tax day. Features noted figures Jet Li and Eduardo Saverin, who recently quit their American citizenship for tax reasons. Freddi M. Weintraub, a tax attorney, provides insight into the law surrounding expatriation. Segment concludes with an interview with Mike Gogulski (me), who renounced his US citizenship in 2008 for political reasons and has lived without any nationality since — a stateless person.

Berlin segment filmed 12 April 2013.

Berlin crew:
Correspondent: Peter Oliver, @petergoliver_rt
Producer: Tatiana Bochkareva
Camera: Stanislav Mandryka

Copyright (c) 2013 by RT. Posted with permission.

Bitcoin exchange rate drops 50%! MtGox fail! And more…

10 April 2013 by Mike Gogulski
Posted in economics, technology | 3 Comments »

Bitcoin down 50% today! THE SKY IS FALLING!!! But what’s really going on?

MtGox screwup causes Bitcoin market crash

MtGox screwup causes Bitcoin market crash

The problem, I believe, is that MtGox’s websockets API stopped working a few hours ago. This took any and all automatic traders out of the market, particularly those who were pursuing a “slow accumulate” trading strategy. MtGox has another API called socketio, which is working, but fewer trading bots use it. So, liquidity disappears, particularly from those trying to build up Bitcoin positions without pushing the market higher. Meanwhile, traders using the website trading interface see the price slide, panic, and sell.

This is certainly a problem with MtGox’s business operations, diligence, competence, etc. That the problem has not been addressed as I write this, some 3 hours after it began, is testament to an inadequate monitoring and response system — in business practice terms, not necessarily tech. I don’t care that it’s 4:30am in Tokyo, MtGox owes it to its users to either support the exchange 24/7 or to automatically shut it down when such a fault is detected.

But the MAJOR problem here isn’t MtGox itself, it’s the aggregate behavior of traders to date. MtGox enjoys an early-mover advantage in the marketplace which is very hard to justify given its performance issues in the past weeks. The BTC/USD price may recover straight off, or it may not. The one thing for sure is that MtGox MUST lose market share — both as a result of this screwup, and so that Bitcoin may prosper.

Tags: ,

Bitcoin does not have a “market capitalization”

28 March 2013 by Mike Gogulski
Posted in economics, technology | Comments Off on Bitcoin does not have a “market capitalization”

Great news today via Bitcoin Magazine:

Bitcoin Market Capitalization Hits $1 Billion: The New Era of Institutional Investors

Of course, I’m happy with this news, but the terminology being employed in so many places is simply incorrect.

Market capitalization is defined as the market price of a publicly-traded company’s outstanding shares of stock multiplied by the number of outstanding shares.

Bitcoin is not a publicly-traded company, and has no “shares”. Therefore, by definition, Bitcoin cannot have a “market capitalization”.

Better terminology might be: “Market value of all Bitcoins in circulation hits US$1 billion”.

The distinction is important because the use of the term “market capitalization” reinforces the erroneous notion that Bitcoin has some kind of central issuing authority, which it does not.

Tags:

Is America still a democracy? Who cares? It’s DANGEROUS!

20 March 2013 by Mike Gogulski
Posted in activism, politics, war | 1 Comment »

On 6 March 2013 I participated in a panel discussion in Bratislava on the Bradley Manning case and on the question, “Is the United States still a democracy?” The event took place at the office of the Open Society Foundation – Bratislava and was hosted by Slovakia’s Inštitút ľudských práv – Human Rights Institute. The other guest was Michal Havran, Editor-in-Chief of Slovak politico-economic news and commentary website jeToTak.sk. The discussion was moderated by the Institute’s Director, Peter Weisenbacher, and English-Slovak interpreting support was provided by Institute Program Director and Media Spokesperson Alena Krempaská.

My (sometimes glossed and possibly faulty) transcript of my statements follows the video. I would welcome a transcript of the Slovak portion.

“Do you think Bradley Manning should have done something other than what he did?”

According to Bradley’s testimony in the court, I picked out a few things that motivated him, first of all. One of them was the cruelty, the callousness and the criminality displayed by the soldiers who were captured in the video that was released called “Collateral Murder” shooting people in the streets of Baghdad. Also there was one experience he detailed where he pointed to a pattern where people were being killed and captured simply to kind of “make the numbers”, and the people in command were just focused on eliminating names from a list rather than seeking justice. He also mentioned the treatment of detainees in Guantánamo and elsewhere, and that in many cases there was no good reason for holding them. He talked about the financial crisis as it affected Iceland and how the US and the EU were trying to pressure Iceland into accepting an IMF-style bailout which would have been disastrous for the citizens. And he also mentioned what’s come to be called the Garani massacre in Afghanistan, where 150 people were killed, most of them women and children.

Bradley did try to do several different things before he released the information to WikiLeaks. First he attempted to raise some of these issues with his chain of command, and also tried to get the attention of his member of Congress to investigate. Those requests were ignored, essentially, “go back to work,” so he decided he had to do something else. He also attempted to make contact with the Washington Post and the New York Times and the website politico.com and was also ignored in those cases. So, finally he went and gave the information to WikiLeaks and later he told his correspondent and “confidante” online — in testimony that later became ground for his arrest — “well, it was forwarded to [WikiLeaks] – and god knows what happens now – hopefully worldwide discussion, debates, and reforms – if not, then we’re doomed – as a species – i will officially give up on the society we have if nothing happens […] I want people to see the truth… regardless of who they are… because without information, you cannot make informed decisions as a public.” So, Bradley for himself determined that somethign had to be done with the information he was in possession of, no other avenue was available to him, so he did what he thought justice demanded.

“Why did you, as an American, decide to start the support network for Manning?”

Well, first I’d like to point out that I’m an ex-American since 2008. In 2010 the news came out through Wired magazine’s online website that Bradley Manning had been arrested. I looked at the story and said “Oh my god. Here’s the guy who released this shocking and awful video of the helicopter murders in Baghdad.” My first reaction was less about Bradley than it was about Adrian Lamo, the person he had been chatting to about what he had done, and who would be his “confidante”. Lamo betrayed Manning by turning him in to the police and the military authorities, and my reaction and really the reason that I got into this was saying: “Adrian Lamo, you dirty motherfucker!” So, over the next three days, as I read more about the story, as it was starting to come out, and thought more about it I became angrier and angrier about the situation and realized that Manning was facing the full weight of the American “justice” system, so I registered bradleymanning.org. Over the next couple of months, by operating that website myself as a blog, I attracted the attention of other people who were interested in the case and eventually the Support Network was born.

(responding to a comment from Michal Havran, where he points out that it’s unfair to say the Post and the Times “ignored” Manning)

Because of the way the traditional media operate, Manning wasn’t able to develop the kind of relationship that “Deep Throat” developed with Bob Woodward, back in the day. Manning was a guy who hung out on the internet. He met WikiLeaks by hanging out in IRC chat rooms. The technological landscape of journalism is changing to some degree, and whereas the Post and the Times weren’t able to respond to someone used to communicating in the way that Manning does, an organization like WikiLeaks and now other organizations like that are developing the technology and the culture to support a new kind of journalism.

The other point related to this charge of “aiding the enemy”. “Nepriateľ” neexistuje. There is no “enemy”. In order for the term “enemy” to be properly applied under American constitutional law, as I understand it, if there is no Congressional declaration of war, there can be no “enemy”, and the United States hasn’t had a Congressionally-declared war since World War II. […] In short, the situation with the United States being at war in Afghanistan, Iraq, in Yemen, Somalia, god knows where else, constitutionally, under the Constitution, all of it is criminal behavior for the last 60 years. So, even by its own declared standards, it’s not justified in putting this “aiding the enemy” charge against Manning. However, the United States administration has, for a long time, simply ignored the sections of the law that it doesn’t find convenient.

“Why did you renounce your American citizenship?”

I have a little thing here that I wrote back in 2008, which I’ll just read. “I renounced my American citizenship in protest of what has become an American Empire, a nation that I see riding an express train to police state dictatorship with flags flying, anthems blaring and deluded, complicit masses cheering it along the track.” And this was not a new phenomenon I suddenly saw in 2008. I’d wanted to leave the US since around 1998, until I finally did in 2004, but I had seen already this trend toward greater and greater control — fascism — in America as early as 1990. My good friend Vinay Gupta wrote something a few days ago which I think is very powerful: “America is raising a generation for whom America has always been the world’s great fascist power.

“What do you, as an ex-American citizen, given this case, think about the US justice system?”

The American “justice” system is critically broken, and it’s not going to be fixed. That’s something that’s been building for quite a long time. The constitutional guarantees to a fair, public, speedy trial obviously are being pushed aside in this case. In fact, we’ve even got notification in the last few days that four of the government’s witnesses against Manning are going to be anonymous, which at least on the face of it goes against the rule that you have the right to know who your accuser is. One of those four, in fact, is so classified and so secret — because, it’s believed, he’s the person who actually shot Osama bin Laden — that the defense will not be allowed to interview him prior to trial.

In my opinion, all of the treatment of Bradley Manning, fundamentally, from the side of the United States government, is not about Bradley Manning. It’s about the demonstration of the naked exercise unlimited, unaccountable power. In my mind, there is a very strong motivation that goes all the way up beyond the president to the people who actually own America and who the president works for, and what they’re thinking is: “Let’s do everything we can to make Bradley Manning the poster child, the great example, for why you don’t leak information from inside the government. And, when we have the chance, we’ll make the process go as slowly as possible. In fact, we’ll screw up the prosecution at the first instance and at the appeals level so that it eventually goes to the Supreme Court, and then Manning’s been in prison for 15 years before the case is finally disposed of. And we can always point to this, to people inside the government, as an example of what you don’t do.” So, American justice? Sure, if you’re privileged, and if you can afford it. I could go on…

“Would the 1000 days detention be different if this were before the USA-PATRIOT Act came into effect?”

I’m not a legal expert but I believe that in this case the PATRIOT Act does not apply to the length of time that he’s been imprisoned before trial. My understanding is that some portion — some smaller portion — of the 1000 days is due to the defense requesting additional time for preparation of the case. However, the bulk of the 1000 days is claimed by the defense as being foot-dragging and delay on the part of the government. This goes to the kind of thing I was saying before, where, “hey, we can screw up the prosecution so much as we like so long as it draws things out and continues hanging Bradley out there as a counterexample.”

“What do you think Manning’s actions will mean, for further releases of information via WikiLeaks, for the US and for democracy?”

Julian Assange came up with a great quotation after WikiLeaks began publishing the Bradley Manning material, which was “courage is contagious.” The only reason why Manning was caught and why Manning has now been in prison for a thousand days and faces a life sentence is that he trusted somebody who betrayed him. It was not necessary that the state would ever find him, because the means that he employed, with the assistance of WikiLeaks, and allegedly of some other people, were technologically secure. So, I hope that Manning’s example serves as an inspiration to other people who might leak governmental, corporate or church secrets that those organizations would rather keep hidden, because they point to bad behavior. The modern state, the modern corporation — the big corporation, particularly — can’t function without some level of legally-privileged secrecy. I’d be very happy to see that disappear.

“Is the US still a democracy?”

I must qualify my answer first. In one sense, I don’t care. I’m an anarchist. I think democracy is a terrible way to organize society. As H.L. Mencken wrote: “Democracy is the theory that the common people know what they want, and deserve to get it good and hard.” (laughter)

America is not a democracy. The American political system maintains the forms of a republican democracy, it maintains the institutions of a republican democracy, but this is much like putting perfume on a pig. It’s window-dressing. While it’s true that anybody can run for the legislature and get elected, in order to actually wield power in the legislature and retain it one must placate the corporate and other interests that actually own the country. And, in the case of the highest reaches of the administration, in particular the presidency, one does not — by virtue of good character, charisma and great plans for the country — get elected to the presidency. One gets elected to the presidency because the people who own America allow you to be, and because you’ve already sold your soul to the devil.

There are many other things that could be said about this, but one of them worth mentioning is that in the American electoral system there are really only two parties, the Republicans and the Democrats. It’s been said more than once that the Republicans and the Democrats are just like two wings of the same evil bird. So in fact there is no real choice between Democrats and Republicans in the US, they’re both two faces of the same entity, whereas in Slovakia, you actually do have a choice: you get to vote for Penta, or J&T.[1] (laughter)

And further, if you look at the visible signs of how the country has been developing for the last 25 years, the signs of the emergence of a police state are obvious and everywhere. The Department of Homeland Security recently purchased something like one billion rounds of high-powered rifle ammunition. These are not to be used in wars. The US government has just purchased three bullets for every man, woman and child inside the country. When you add to these things the endless American wars that have been going on since “peace” after World War II, the question becomes: “Is America a democracy? Who cares? It’s DANGEROUS!”

[1]: Two large Slovak investment banks

Tear down the old myths and preconceptions!

5 March 2013 by Mike Gogulski
Posted in mind control, philosophy, religion | Comments Off on Tear down the old myths and preconceptions!

“I have come to the conclusion that there is no hope for humanity or our world if we do not violently tear down the old myths and preconceptions which plague our species with demon gods and imaginary karmic enslavement.”

— Vinay Gupta, "Dynamic Tension", 4 March 2013

It’s your duty as an oppressed worker to steal from your exploiters.

13 February 2013 by Mike Gogulski
Posted in art, mind control | 2 Comments »

King Missile, “Take Stuff from Work”, Fluting on the Hump, 1987.

Take stuff from work.
It’s the best way to feel better about your job.
Never buy pens or pencils or paper.
Take ’em from work.
Rubber bands, paper clips, memo pads, folders-take ’em from work.
It’s the best way to feel better about your low pay and appalling working conditions.
Take an ashtray-they got plenty.
Take coat hangers.
Take a, take a trash can.
Why buy a file cabinet?
Why buy a phone?
Why buy a personal computer or word processor?
Take ’em from work.
I took a whole desk from the last place I worked.
They never noticed and it looks great in my apartment.
Take an electric pencil sharpener.
Take a case of white-out; you might need it one day.
Take some from work
It’s your duty as an oppressed worker to steal from your exploiters.
It’s gonna be an outstanding day.
Take stuff from work.
And goof off on the company time.
I wrote this at work.
They’re paying me to write about stuff I steal from them.
Life is good.

“The most radical way possible”

11 January 2013 by Mike Gogulski
Posted in diary | Comments Off on “The most radical way possible”

My vanity agents constantly scour the internets looking for mention of … ME! Every once in a while, a complimentary surprise pops up.

If I were a god, I’d have to disbelieve in myself, but still.

From “Culture Gods | Escaping Culture” by Liv Jones, via Greensboring:

But the most prominent example that we may have free will over our culture is from Mike Gogulski, who rather than adhering to traditional channels of expatriating, chose the most radical way possible: by renunciation of citizenship to one’s nation. Gogulski then became stateless and now continues to live without a nationality. Mike discovered his own self-autonomy was not a result of culture, but a product of his departure from it. Mike entered into his newly self-manifested “culture” not by fortune, fame or social class, but by the flame from a single lighted match to his social security card, and by his own determination that culture would have no dominion over him. He describes the process not as that of becoming a God, but that of “officially becoming human”.

Thanks, Liv!

Fixing the “100% CPU and no useful output” imklog+rsyslog kernel logging problem on Ubuntu guests under Xen PV

5 January 2013 by Mike Gogulski
Posted in technology | 3 Comments »

I’ve been helping the organizers of the unSYSTEM conference with some IT support and development work. Things are getting hot, so it was time to get off shared hosting and onto a VPS.

The VPS provider handed me a Xen VM just as I expected. What I didn’t expect was a three-year-old Linux kernel (2.6.32-5!?) and a 32-bit machine instead of a 64-bit. Okay, the 32-bitness isn’t a big deal, doesn’t matter for this application. The kernel needs upgrading, though, so I go and do my usual things like I do on other Xen VPSes I use. Turns out I can’t upgrade the kernel, since the disk partition where /boot lives before the initrd finishes is actually outside the domain of my VPS, and thus inaccessible. Huh. I sure as heck wouldn’t set up customer DomUs that way if I were the provider, but whatever. A very helpful admin got me running instead with PyGrub, so now I’m running a far more up-to-date 3.5.x kernel. Phew!

While I was investigating things before I got support involved I wanted to look at as much log data as I could, so naturally I was poking around extensively in /var/log to see what was going on. I found this:

root@nyancat:/var/log# tail /var/log/kern.log
[...]
Jan  3 13:26:03 unsystem kernel: Kernel logging (proc) stopped.
Jan  3 13:26:03 unsystem kernel: imklog 5.8.6, log source = /proc/kmsg started.
Jan  3 13:26:03 unsystem kernel: Cannot read proc file system: 1 - Operation
not permitted.
Jan  3 13:26:33 unsystem kernel: last message repeated 1879152 times
Jan  3 13:27:33 unsystem kernel: last message repeated 3727264 times
Jan  3 13:28:33 unsystem kernel: last message repeated 3768064 times
Jan  3 13:29:33 unsystem kernel: last message repeated 3756864 times
root@nyancat:/var/log#

Okay, so that’s decidedly not good. Lucky thing that rsyslogd deduplicates messages before writing them to disk, but even so the rsyslogd process was consuming 100% CPU on one of the cores in the machine (I hadn’t noticed, since performance with the single remaining core was fine. But still, this is bad stuff, so I had to dig in and fix it before I could use this system for, er, unSYSTEM. /proc/kmsg had permissions like:

root@nyancat:/var/log# ls -l /proc/kmsg
-r-------- 1 root root 0 Jan  3 11:05 /proc/kmsg

so I whipped out a can of

root@nyancat:/var/log# chmod 444 /proc/kmsg

… but no love. Try what I might, I was still getting the reports of millions of those EPERM messages.

Okay… so why does dmesg work while imklog is flailing?

root@nyancat:/var/log# strace dmesg > /dev/null
[...]
syslog(0xa, 0, 0)                       = 131072
syslog(0x3, 0x8900038, 0x20008)         = 12549
fstat64(1, {st_dev=makedev(202, 2), st_ino=368645,
st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096,
st_blocks=0, st_size=0, st_atime=2013/01/03-13:37:27,
st_mtime=2013/01/03-13:37:29, st_ctime=2013/01/03-13:37:29}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7861000
write(1, "[    0.000000] Reserving virtual"..., 4096) = 4096
write(1, "ids:1 nr_node_ids:1\n[    0.00000"..., 4096) = 4096
write(1, "g initramfs...\n[    0.167294] Fr"..., 3742) = 3742
exit_group(0)
root@nyancat:/var/log#

dmesg works here for reading the kernel message log, but it’s doing it via a syslog(0x3, char *bufp, int len) call rather than by trying to read /proc/kmsg. Time to ask the internets WTF is going on here.

Turns out that this is a long-standing issue dating back at least to early 2010. Those feisty internets soon coughed up what seems to be the main bug description:

https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/523610

And some other bug pages:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573980

https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/565288

The core of the problem goes something like this: some time in early 2010 the Ubuntu and/or Debian devs (I really don’t know which) decided that having rsyslogd running as root is a security risk. I can’t fault that thinking; it’s good practice for system utilities that even need to be launched as root to drop their privileges as soon as they’re able. So, the patch came in saying “Do your few initial root things, then seteuid(getpwnam(“syslog”)->pw_uid); (or whatever).” So, open /dev/kmsg (which you can do as root with no problem), then drop out of the system-privilege stratosphere to do your logging off the open file descriptor. Sounds good, right?

Problem is, /proc/kmsg ain’t a regular file. Nothing in /proc is a regular file, to be sure, but /proc/kmsg is extra special. One fine day, the Linux kernel devs came up with good reason to make sure that the kernel message buffer exposed in /proc could not be read by any non-root process. So, your fd = open(“/proc/kmsg”, “r”);, as root, succeeds, but as soon as you drop privileges the part of the kernel responsible for policing that buffer starts throwing EPERMs at you as soon as you attempt a read() on the file descriptor. Huh. Why bloody rsyslogd doesn’t adapt by using the syslog(3, …, …); method dmesg uses is a mystery for another day (i.e. never).

My eventual workaround for this was inspired by:

http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg761493.html:

root@nyancat:/var/log# mkdir -p /var/run/rsyslogd
root@nyancat:/var/log# mkfifo /var/run/rsyslogd/kmsg
root@nyancat:/var/log# chown -R syslog /var/run/rsyslogd
root@nyancat:/var/log# chmod -R 700 /var/run/rsyslogd
root@nyancat:/var/log# echo '$KLogPath /var/run/rsyslogd/kmsg' >>
/etc/rsyslog.conf
root@nyancat:/var/log# dd bs=1 if=/proc/kmsg of=/var/run/rsyslogd/kmsg &

What we’re doing here is creating a named pipe on the filesystem that we’ll use to shuttle data to rsyslogd from /proc/kmsg, using a long-running dd process in byte-at-a-time mode. Gross, but it works. The $KLogPath business added to rsyslog.conf tells the daemon to read its kernel messages off the named pipe we’ve created.

Test:

root@nyancat:~# cat > test.c << EOF
main() {
	char *x=0;
	puts(x);
}
EOF
root@nyancat:~# gcc test.c -o test
root@nyancat:~# ./test
Segmentation fault
root@nyancat:~# tail -1 /var/log/kern.log
Jan  3 14:32:55 unsystem kernel: [18497.165293] a.out[19891]: segfault
at 0 ip b7637ee1 sp bffe10ec error 4 in libc-2.15.so[b75ba000+1a3000]
root@nyancat:~#

Yay, it works. Now let’s make it survive a reboot, via an upstart job:

root@nyancat:/var/log# cat > /etc/init/kmsg-pipe.conf << EOF
#
# Ye Olde /proc/kmsg hack by Mike Gogulski
# from http://www.nostate.com/4228/fixing-the-100-cpu-and-no-useful-output-imklogrsyslog-kernel-logging-problem-on-ubuntu-guests-under-xen-pv
#
# This is free and unencumbered software released into the public domain under
# the terms of the Unlicense [http://unlicense.org/].
#
description	"/proc/kmsg pipe hack for rsyslogd"
start on started rsyslog
stop on stopped rsyslog
respawn
script
	mkdir -p /var/run/rsyslogd || true
	mkfifo /var/run/rsyslogd/kmsg || true
	chown -R syslog /var/run/rsyslogd || true
	chmod -R 700 /var/run/rsyslogd || true
	exec dd bs=1 if=/proc/kmsg of=/var/run/rsyslogd/kmsg
end script
EOF
root@nyancat:/var/log#

The $KLogPath entry must be in /etc/rsyslog.conf as shown above, or someplace under /etc/rsyslog.d/whatever.conf.

Test:

root@nyancat:/var/log# date
Sat Jan  5 01:24:36 CET 2013
root@nyancat:/var/log# service rsyslog stop
rsyslog stop/waiting
root@nyancat:/var/log# ps ax | grep kmsg | grep -v grep
root@nyancat:/var/log# service rsyslog start
rsyslog start/running, process 2288
root@nyancat:/var/log# ~/test
Segmentation fault
root@nyancat:/var/log# tail -1 /var/log/kern.log
Jan  5 01:25:00 nyancat kernel: [ 5629.864293] a.out[2297]: segfault
at 0 ip b7661ee1 sp bfb7e0cc error 4 in libc-2.15.so[b75e4000+1a3000]
root@nyancat:/var/log# !ps
ps ax | grep kmsg | grep -v grep
 2289 ?        Ss     0:00 dd bs=1 if=/proc/kmsg of=/var/run/rsyslogd/kmsg
root@nyancat:/var/log# kill 2289
root@nyancat:/var/log# !ps
ps ax | grep kmsg | grep -v grep
 2305 ?        Ss     0:00 dd bs=1 if=/proc/kmsg of=/var/run/rsyslogd/kmsg
root@nyancat:/var/log# !~
~/a.out
Segmentation fault
root@nyancat:/var/log# !t
tail -1 /var/log/kern.log
Jan  5 01:25:24 nyancat kernel: [ 5653.661550] a.out[2313]: segfault
at 0 ip b761aee1 sp bfe5ed5c error 4 in libc-2.15.so[b759d000+1a3000]
root@nyancat:/var/log#

Groovy. Enjoy!

PS: sudo is for sissies! Nyan!

Blowing up my notebook with Xubuntu, full-disk encryption, mdadm and LVM

23 October 2012 by Mike Gogulski
Posted in technology | 5 Comments »

Have you ever been typing and clicking merrily along on a computer when, suddenly, it shuts off, makes a small hissing noise and emits a little puff of smoke? That happened twice to my 2.5-year-old Asus N71JQ notebook.

The notebook was a great deal when I bought it. About €1100 for a 17″+ monitor, Intel Core i7 4x2GHz CPU, AMD Radeon 4xxx integrated GPU, 2GB RAM (later upgraded to 8GB), and two 500GB SATA II hard drives. The thing weighs a ton, but I’d resolved never to buy a non-portable computer again.

A year after I bought it, it did the magic smoke trick described above. I sent it for warranty repair and it came back with a new motherboard and battery after about 3 weeks Then about 8 months after that, it smoked again. Warranty service, new motherboard and power supply. That was earlier this year.

This weekend I wanted to finally get the machine set up with a super-reliable disk configuration. I had been running full-disk encryption (dmcrypt/LUKS) on it for a while, but I wanted to add mirroring of the system and /home partitions and use the remaining space on the drives as a striped RAID0 array for downloads (mostly movies).

So I set up my partitions like this:

PartitionSize Usage
/dev/sda11 GB/boot
/dev/sda21 GBencrypted, RAID1 mirrored with /dev/sdb2 for LVM2 mirroring logs
/dev/sda3498 GBencrypted, LVM2
/dev/sdb11 GBperiodic bit-level backup of /dev/sda1, just in case
/dev/sdb21 GBencrypted, RAID1 mirrored with /dev/sdba for LVM2 mirroring logs
/dev/sdb3498GBencrypted, LVM2

I ran cryptsetup luksFormat on /dev/sda3 and /dev/sdb3 and used the same passphrase I’d been using before. Since I wasn’t looking forward to entering 4 LUKS passwords at boot time, I set up the 1GB partitions with random passphrases which I stored in keyfiles and referenced from /etc/crypttab so that they’d come online automatically once the main volumes were unlocked and mounted. I then used mdadm to create a RAID1 array, /dev/md0, with /dev/sda2 and /dev/sdab2 mirroring each other.

Then I created a volume group, vg0, and added /dev/md0, /dev/sda3 and /dev/sdb3 to it. Nice, a 997GB virtual disk!

On vg0 I created logical volumes as follows:

Use/mount pointSizeSetup
/16 GBLVM RAID1 mirroring between drives
/home128 GBLVM RAID1 mirroring between drives
swap116 GBnormal volume on /dev/sda3
swap216 GBnormal volume on /dev/sdb3
/download (symlinked to ~/Downloads)842 GBLVM RAID0 striping between drives
free space (on /dev/md0)1 GBFree for mirror logs of the RAID-ed volumes

Now, I wasn’t doing a full reinstall, so I did this in a stepwise fashion. Move everything to one drive, repartition the other drive, set up crypto and LVM on it, move data, reboot, then do the other drive. It took me quite a while to plow my way through all the complexities of the partitioning, cryptsetup, mdadm and LVM configuration, mirror sync took many long hours, but eventually I got there. Everything worked. When I rebooted I expected to be asked for the passphrases to unlock /dev/sda3 and /dev/sdb3, and then the startup scripts would take care of unlocking /dev/sda2 and /dev/sdb2 for me using the password files now available on the unlocked /root volume. I got all my data back in place and celebrated my success, without rebooting but with a few beers.

The next day, the Ubuntu folks pushed out a few updates, one of which required a reboot (libc6? I don’t remember). I wasn’t deep into anything at the moment, so I applied the update and rebooted the machine. As expected, I was prompted for the passphrase for /dev/sda3, which I entered and which was accepted (I wish the Xubuntu greeter provided more useful details of the process, but that’s a complaint for another day). And then, disaster.

I was not asked for the passphrase for /dev/sdb3, but instead was dumped quite unceremoniously into a shell running off the initramfs. I was able to mount /boot, but nothing else. I manually unlocked /dev/sdb3 with cryptsetup luksOpen, but I still couldn’t mount /, /home or /download. What was wrong?

As it turns out, I made a major error in my thinking of how the boot process would proceed. Since / was a RAID1 mirrored volume, I figured that once I unlocked /dev/sda3 LVM would be able to mount it and then /etc/crypttab would be available to unlock /dev/md0. Wrong, wrong, wrong. To mount a mirrored volume, LUKS requires that both the members of the mirror pair and the mirror logs are available. (vg0/root)/etc/crypttab could not be accessed until /dev/sda3 (ok), /dev/sdb3 (ok) and /dev/md0 (not ok) were unlocked. A truly lovely circular dependency problem, I’m sure you’ll agree.

Naturally, I didn’t save the 256-character passwords I generated to unlock /dev/sda2 and /dev/sdb2 using 256 bytes of base64-encoded /dev/random output anywhere other than (vg0/root)/etc/md[01]-key, so I had absolutely no way to get everything opened and mounted. Argh! Many hours of trying things using the Ubuntu CD in rescue mode and SysRescueCD off a USB stick, plus plenty of reading man pages, HOWTOs and forum posts on LUKS, dmcrypt, etc. yielded no progress.

So, I gave up. Time to reinstall. This time, I partitioned the disks the way I wanted them, created my /, /home and /download volumes under LUKS with encryption on just a single drive, and figured I’d take another crack at mirroring some other time. I did have actual work to do.

By late today I had everything reinstalled: familiar apps, my dev environment, custom scripts and some Xfce desktop customization. Somehow I lost my Firefox sync bookmarks during this process, but I’ll survive that. Restored my /home off the hulking black Darth Vader-ish NAS box I rsync it to daily with a cronjob. I read my mail, took care of a few things, and then let myself play The Battle for Wesnoth for a couple of hours before buckling down to work on a job I’m somewhat behind on.

My troops were wiping out orcs and brigands quite handily when, suddenly…

Black screen. Hissing sound. Puff of smoke.

Oh, fuck.

I want my flying car and a use for this stupid electric clothes dryer

25 June 2012 by Mike Gogulski
Posted in environment, technology | 1 Comment »

An engineering problem and a re-engineering problem, both environmental and economic.

Engineering problem:

A: Identify the most energy-efficient automobile in existence today. Assume an urban/suburban sprawl environment, typical commuter/consumer usage patterns and a vehicle capable of carrying at least two passengers plus at most some small household capital goods (that flatpack bookshelf from Ikea, or that new HD LCD TV). Be sure to include all network costs in the efficiency calculation, including costs of production inputs, subsidies (direct, indirect and invisible), regulation, depreciation, supporting infrastructure (e.g. its share of the local power station needed to charge the batteries/supercapacitors, road construction and maintenance, signage, military control of the Strait of Hormuz, …), etc. Quantify its performance.

B: Identify the most energy-efficient helicopter in existence today, assuming the same requirements as above. Quantify its performance.

C: Identify the freest variables in B’s equation (i.e. take petroleum input costs as fixed, but vary materials, flight speed, average cruising altitude, etc.).

D: Having done the work in C, we now have n free variables in helicopter design and construction. Find the n-dimensional volume where all free variables play nicely together, and tend toward improvement over what we have in today’s helicopter B, but without going overboard on the physics or materials science (no hyperdiamond rotors, no bush robots, no warp engines, etc.).  For each point in n-space, solve for energy efficiency.

E: Optimize the efficiency input parameters in n-space such that your new helicopter is more energy-efficient than today’s most efficient automobile.

F: Design, prototype, test, validate, build, document, publish, teach, make a billion dollars and enjoy the freedom of never having to answer the “But, who will build the roads?” question again.

Re-engineering problem:

A: Obtain an electric clothes dryer. If you don’t have one, steal one.

B: Disassemble dryer A into its component parts (assume here that an electric motor is a unitary component, and that there’s no economic sense in unsoldering the surface-mount components from the thing’s wee computer brain).

C: Given the parts set from B, construct any number of devices which actually do useful work.

D: Document, publish. Hang your clothes from a rack, line or other such advanced technology.

Inspiration credits: Jim Davidson (@planetaryjim), Vinay Gupta (@leashless).

  • Categories

  • Archives

  • Core Dogma