mmacleod.ca

Author: Mike

  • Second Asus Graphics Card Caught Fire

    For the second time now I’ve had an Asus EN9600GT catch fire on me. The first time was a few years ago when I first built my media centre. At the time the media centre was on but wasn’t actually doing anything, when suddenly there was a loud pop and flames shooting out the back of the computer. I RMA’d the device, which is a needlessly painful process with Asus, and installed the replacement.

    This evening I was logged into the media centre from another computer and running an update on it (I run MythTV). Suddenly, progress seems to stop. I turn on the TV, and there’s nothing there. I try to power cycle the media centre to no effect. Finally I pull out the computer and pull off the cover – nothing is happening. I pull the power cord, give it half a minute, plug it back in and try again. Fire.

    The burned component
    The burned component

    The first one was far more spectacular than this one. But regardless, I certainly don’t need the extra expense and hassle of having to rebuild or replace my media centre right now.

  • Patching forked-daapd So It Actually Works

    I’ve been struggling with a pair of issues with forked-daapd recently. I’ve managed to fix one of them for the time being. In particular, with recent versions of iTunes forked-daapd was dropping out after about 5 minutes of audio. I found the issue in the bug tracker on github, and found that some people has taken some stabs at patching the problem. One of them actually succeeded (though no one appeared to be able to post a working .deb).

    I used the guide How to: Recompiling / Rebuild Debian / Ubuntu Linux Binary Source File Packages and the patch listed in this comment to sort out the problem. On Debian Testing here are the steps to follow to recreate the solution:

    apt-get install build-essential fakeroot dpkg-dev
cd /usr/src/
apt-get source forked-daapd
apt-get build-dep forked-daapd
dpkg-source -x forked-daapd_0.19gcd-2.dsc
cd forked-daapd-0.19gcd/src/
cp httpd_daap.c httpd_daap.c.bak
wget https://raw.github.com/kekiefer/forked-daapd/77dc0fd2f466a02b86582ed2c5f97ea6e444f2ac/src/httpd_daap.c
cd ..
dpkg-buildpackage -rfakeroot -b
cd /usr/src
dpkg -i forked-daapd_0.19gcd-2_amd64.deb

    You’re just recompiling the regular debian package but with an updated httpd_daap.c source file. You can also just download the .deb here.

  • Open Letter To Canadian Senators

    Dear Senators,

    I’m writing to you about Bill C-10, the Omnibus Crime Bill, hoping to convince you to reject it. Crime has been falling for years in Canada. Mandatory minimum sentences have been a colossal failure south of the border. In a period of deficit spending, do we really need a piece of boondoggle legislation?

    The crime rate in Canada has been falling since it peaked in 1992, and in 2006 was the lowest it had been in 25 years. There are pockets of trouble, but these areas are isolated and should be treated for what they are: exceptions. Hot spot policing and other tactics and tools that are already available to police are more than enough to confront these exceptional areas. Overall, the crime rate fell by 5% in 2010, and the severity of crime fell by 5% – in a single year. There is no need for widespread and radical changes to our justice system based on irrational fear and not backed up by actual facts and numbers.

    Mandatory minimum sentences have been a total failure in the United States. They represent a judgement by politicians that we can’t trust the judgement of judges. The result south of the border has been prisons that are bursting at the seams to no great benefit for either society at large or the populations inside. Conditions are so bad that the Supreme Court of the United States has declared it cruel and unusual punishment and ordered California to release tens of thousands of prisoners. The United States’ prison population is 2.2 million (2010 numbers), which means they represent the fourth largest city in the states, with more people than Houston and just less than Chicago. If you include everyone under correctional supervision the number jumps to 7.2 million (2009 numbers), which would make it the second largest city, just behind New York. I see no reason to model our justice system on what is clearly failing south of the border – you should not measure the effectiveness of your justice system by the number of people locked up but by how just it is.

    The cost of C-10 is projected to be massive. We’re already spending more money than we take in revenue. This is worse than a pointless exercise – it will lead directly to cuts to other programs that could be doing more to make Canada better. If we spent this same money on early childhood care and access to education, on after school programs and sports clubs, and yes, on smarter policing and more courtrooms, we would see a much better return on our investment. Mandatory minimum sentences are just not cost-effective. Not just in terms of criminal acts deterred, but in people potential unleashed. This approach is not soft on crime. Things that are illegal will still be illegal, and the extra police and extra court resources could make sure they were dealt with quickly and effectively. But at the same time, the other programs could help prevent the creation of criminals in the first place.

    There is another aspect I would like you to consider: the welfare of the criminals themselves. The crime rate in all western countries has been falling since it peaked in the 80s or early 90s. However, in the United States where mandatory minimum sentences mean millions of people are locked up, the falling crime rate hides an alarming fact: if you include the crimes committed within the prison system, almost all of them violent assaults both sexual and otherwise, the crime rate has not actually fallen that much in the United States. While the rate of sexual assault in the general population of the United States fell by 85% from 1980 to 2005, that statistic hides that there are over 216,000 prisoners raped each year(and that is the estimated number of victims, not the estimated number of actual rapes, as once you’ve been ‘marked’ you can expect it to be a common occurrence). The United States actually holds the dubious honour of likely being the only country in history with more male rape victims than female. Increasing the prison population is inevitably going to lead to higher incidents of assault within the prison system.

    Please, assert your constitutional authority and vote to send this legislation back. It’s an unnecessary, pointless, and potentially inhumane waste of already scarce resources.

    Regards,
    Mike MacLeod
    Toronto, ON

    PS. I’ve collected here some further reading from a variety of sources, some are used above others are not:
    The Economist: What’s America’s real crime rate?
    The New Yorker: The Caging of America
    Wikipedia: Incarceration in the United States
    Wikipedia: Crime in Canada
    The Star: 10 Reasons To Oppose Bill C-10
    Huffington Post: Occupy the Dream: The Mathematics of Racism
    Canadian Lawyer Magazine: A chink in mandatory minimums
    Coalition for Evidence-Based Policy: Do Early Childhood Intervention Programs Really Work?
    Student Pulse: Preventing Juvenile Delinquency: Early Intervention and Comprehensiveness as Critical Factors
    n+1: Raise the Crime Rate
    CBC: Mandatory sentences staying in crime bill, Nicholson says
    RAND: Are Mandatory Minimum Drug Sentences Cost-Effective?
    StatsCan: Police-reported crime statistics

  • VDSL + MLPPP + FreeBSD + Xen = Awesome

    I signed up for the new 25Mbps VDSL services that are becoming available through TekSavvy, now that Bell has to provide speed matching profiles to other providers instead of just the staid old 5Mbps profiles they used to offer.

    The techs were done by the time I got home, but one of them was nice enough to install a proper POTS splitter for me, which was nice. According to the person present at the time, he said something to the effect of “I don’t know if I’m supposed to do this, but I think Mike will appreciate it”.

    My router is a Xen virtual machine, running a hardware virtualized FreeBSD instance, with three NICs passed to it using PCI passthrough. I use packet filter for the firewall and traffic shaping, and MPD5 to handle the actual MLPPP tunnel.

    Once I got home I connected the router to the cellpipe modem, and right away the PPPoE came up. Subsequent testing showed that I actually got slightly better performance by configuring mpd to bring up two full tunnels on the single line and then bond them together than I did by having mpd bring up just a single MLPPP enabled tunnel.

    Speedtest Result

    I had been concerned that the virtual machine wouldn’t be up to the task, but it appears that isn’t much of a concern. I haven’t done any testing with new MTU/MRU values yet, so there’s still a possibility of improving performance slightly from here, but I’m already getting pretty much what was promised, so I don’t know how much further it could go.

  • IPv6 Part 9: Configuring A Domain For IPv6 With BIND

    Welcome to part nine of my multipart series on IPv6. In this post I’ll cover how to configure the ISC BIND daemon to serve an authoritative DNS domain over IPv6. The host is running FreeBSD 8.2, but this should apply equally well to any system running the ISC named daemon.

    Just having connectivity over IPv6 isn’t enough; you also have to tell the rest of the world that it can reach you over IPv6. In this post I’ll cover the basics of configuring your domain for IPv6, on the assumption that your name servers and your web servers have IPv6 connectivity. If your name servers do not, Hurricane Electric will host your DNS on IPv6 enabled systems for free.

    The first step is actually administrative in nature. You need to figure out if you can get your IPv6 addresses into the whois record for your domain at your registrar. In my case my registrar did not have support for adding IPv6 glue records in their admin interface, but they were happy to do it manually through a support ticket. They also said they were in the process of adding IPv6 support to their admin interface, so I hopefully I won’t have to bother the support department next time I need to update a record with them. Here’s an example of my whois record:

    $ whois mmacleod.ca
Domain name: mmacleod.ca
Domain status: registered
Creation date: 2009/04/06
Expiry date: 2012/04/06
Updated date: 2011/06/17

Registrar:
Name: DomainsAtCost Corp.
Number: 45

Name servers:
ns1.nullpointer.ca 199.48.133.238 2607:fc50:1000:8b00::2
ns2.nullpointer.ca 208.86.255.157 2001:0470:001d:0619::2

    As you can see, I have glue records for both IPv4 and IPv6 for my name servers. With that out the way, it’s time to make sure that those nameservers actually serve the zones properly.

    I’m using FreeBSD, but this should apply equally well to any system running BIND, just change the paths to the various configuration files to suit your environment. First, we need to edit /etc/namedb/named.conf:

    $ cat named.conf
options {
directory "/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";

recursion no;
allow-query { any; };
version "0";

listen-on { 203.0.113.238; };
listen-on-v6 { 2001:0DB8:1000:8b00::2; };
};

include "/etc/namedb/dnsadmin.key";

controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "dnsadmin";};
inet ::1 allow { ::1; } keys { "dnsadmin"; };

};

zone "example.com" {
type master;
file "../master/example.com";
};

    This is a very basic named.conf to highlight the few options necessary to get BIND to listen to requests over IPv6 (which is really just the listen-on-v6 option). You are encouraged to read up on BIND administration, as BIND has been associated with a number of attacks over the years, and proper administration of it is very important.

    Next is the configuration of the zone itself. Our example domain will use Google for Domains for email, and host a few of services. Open up /etc/namedb/master/example.com:

    $ cat example.com
$TTL 1200
example.com. IN SOA ns1.example.com. [email protected]. (
2011062702 ; Serial
1200 ; Refresh
1200 ; Retry
2419200 ; Expire
3600 ) ; Negative Cache TTL
;

IN AAAA 2001:0DB8:1000:8b00:0000:0000:0000:0002
IN A 203.0.113.238
IN NS ns1.example.com.
IN NS ns2.example.com.
IN MX 10 ASPMX.L.GOOGLE.COM.
IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
IN MX 30 ASPMX2.GOOGLEMAIL.COM.
IN MX 30 ASPMX3.GOOGLEMAIL.COM.
IN MX 30 ASPMX4.GOOGLEMAIL.COM.
IN MX 30 ASPMX5.GOOGLEMAIL.COM.

$ORIGIN example.com.
; A Records
ns1 IN A 203.0.113.238
ns2 IN A 203.0.113.157
www IN A 203.0.113.238
appsrv-02 IN A 203.0.113.157
appsrv-03 IN A 203.0.113.158

; AAAA Records
ns1 IN AAAA 2001:0DB8:1000:8b00:0000:0000:0000:0002
ns2 IN AAAA 2001:0DB8:001d:0619:0000:0000:0000:0002
www IN AAAA 2001:0DB8:1000:8b00:0000:0000:0000:0002
appsrv-02 IN AAAA 2001:0DB8:001d:0619:0000:0000:0000:0002
appsrv-03 IN AAAA 2001:0DB8:001d:0619:0000:0000:0000:0003

; SRV Records
_sip._tcp IN SRV 1 0 5060 appsrv-03
_sip._udp IN SRV 1 0 5060 appsrv-03

; CNAME Records
sip IN CNAME appsrv-03.example.com.
mail IN CNAME ghs.google.com.
calendar IN CNAME ghs.google.com.
docs IN CNAME ghs.google.com.
sites IN CNAME ghs.google.com.

    As you can see, the only real difference between this and an IPv4-only domain is the addition of some AAAA records. It’s worth noting that the SRV and CNAME records are IPv4/IPv6 agnostic, since they just point to another hostname. It’s then up to your operating system whether it wants to find an A or AAAA record for that hostname.

    That’s all there really is to configuring an authoritative domain for IPv6.