Category Archives: Hacking

Flow of things

A very long time has passed since I last posted anything. In that time, I’ve done an ass ton (metric, in imperial that’d be approximately 45/64th’s of one quarter cup liquid ounce of.. inches?)  of work, been to Switzerland and back, had my son start elementary school, and various other bits and bobs. Maybe that’s why? Anyway, I’ll start rambling off things that come to mind.

So I went to Switzerland, Geneva to be more exact. And to be even more exact, I visited CERN! The inner geek in me is still excited. That place is, to put it bluntly, amazing. We started by checking in at the visitor center, where we got our badges. I took the opportunity (at the recommendation of one of our hosts), to visit the gift shop and pick up a t-shirt and coffee mug. The mug has the four component formulas for, well, everything important, i.e. the Standard Model Lagrangian. Don’t ask me to explain it, because I’m pretty sure I couldn’t. The t-shirt I can explain. Not only was it made somewhere in Asia, but it also has on it the original Tim Berners Lee proposal for the world wide web. The back has his boss’s comment “Vague, but exciting”, on it. Both items are in frequent use.

At CERN, I visited the control room for ATLAS, one of the experiments using the large hadron collider. The LHC itself was being upgraded to allow for higher energy level collisions in the future. Pity we couldn’t visit the actual detector, or see the actual uhm.. tube where the particles travel in a circle before hitting each other every once in a while. We also visited the computer center.  As a computer guy, I was pretty darn impressed. The amount of hardware that’s in there is staggering, and the connections to the outside world are even more impressive. I was told there wasn’t “much” science going on, and still the aggregate bandwidth of connections to and from the facility and to research facilities around the world was at over 7 GiB, with over 200 000 running jobs. They told us it gets to around 13-15 GiB when there’s a real buzz. There was a nifty touch screen in the lobby of the computer center, built around google earth, that you could spin around to see the different connections around the globe. Finland’s share? A meager 0,3% of the computing being done. Meh. The lobby also had some display cases with various old hardware: old modems, fiber optics, hard drives and so on.

Geneva was a nice place in general. The climate was nice, the views spectacular and the people generally very nice. I had that same nagging feeling that I had in Paris in 07, where the French speaking people were just acting.. weird. We had a waiter that was muttering something under his breath the whole time he was serving us. There was that same air of arrogance and displeasure at having to speak English. The hotel was a refreshing exception (as it was in Paris), and I can easily recommend it for anyone looking for a reasonably priced hotel in Geneva. We stayed at, *drumroll* the Hotel de Geneve! Located at 1, pl. Isaac Mercier, Geneva 1201, Switzerland, it seemed to be a fairly central location. It was a short 10 minute walk from the train station, and not far from the river for instance.

On our second day, we took the train to Lausanne. I had perch. Nice expensive looking place by the shores of Lac Léman (Lake Geneva). The train ride was maybe an hour, or a little less and very smooth. Saw an Aston Martin Vanquish drive by. The whole place seemed to be in a perpetual slow motion, and somehow at ease or at rest. Didn’t really see much of the city, we just had lunch, but what little I saw was nice.

The journey back was eventless, if it wasn’t for the small incident at the airfield in Geneva. We were taken to our plane (an Embraer 190) by bus, and had to wait outside the plane for a considerable amount of time as the idiots piled into the plane (how hard is it to just find your place, and stow your luggage?). While waiting, I figured I’d take a few pictures. I took a picture of one of my traveling companions, with the plane in the background, and then turned around to take a picture of the scenic mountains that basically surround the whole place. At this point, one of the yellow vested… whatever she was, told me to put the phone away. No pictures! Put it your bag! I told her there were no signs posted anywhere that I couldn’t take a picture, but she would have none of it, and I yielded, putting my phone in my pocket.

Now, I am aware that standing on the tarmac, there is in theory a risk that something will happen that requires my attention. On the other hand, if a plan lands on us, I doubt I would have time to do some kind of Die Hard-type jump to safety, phone or no phone. There were also no spinning propellers that I could accidentally walk into. I think there was even a small roped fence thing preventing us from wandering onto the runway or other areas around the plane.

I was not given any reason for why I couldn’t take a picture. This always irks me. If there is no sign prohibiting photography, or an announcement, and I have used my common sense to assess that taking a picture does not pose a risk to my or anyone elses health, I’m going to take pictures. I have no reason to fight with airport people. They are doing their job. I still fail to see how my photography could cause any harm. Also note, the queue into the plane was *not* moving, so I was not holding up the plane, telling everyone “hold on, I need to tweet this shit!”.

“Is this not a reasonable place to park?”

Enough about travel again! Seems I can’t get enough of it. Later this year, though, I’m flying over to Edinburgh, which might be the place to be now that they are voting for independence! I might get a chance to visit the newest independent country in the world. Or maybe not, in case the No-vote is the winner.  The vote might be today?

On the hardware side of life, I’ve been doing some upgrades for my backup and storage infrastructure. For local onsite backups, I now have an Iomega IX2-200 (cloud edition), with twin 3TB Western Digital Red drives, in RAID1. It’s not the newest or the fastest NAS out there, but it works. On my main workstation I have replaced the previous 2x1TB RAID1 set with a 2x2TB RAID1 set. Just added one terabyte. I now have a bunch of spare 1TB disks, which will probably be incorporated into a FreeNAS build I’m working on. I had some issues trying it out earlier this month, but I think it was just Samba misbehaving. It would disconnect in the middle of a file transfer, and tell me the path is not accessible. According to FreeNAS, things were a-ok. It’s not like I’m a FreeNAS guru or anything, so I’ll have to put in more hours to that build to get it working. It might end up being up to 8x1TB. Currently I have only 8GB of RAM (ECC, though), but I’ll probably want to upgrade that to at least 16, maybe even 32. The thing is, that means I have to get a different motherboard, processor and.. Oh well.


Observations from an ebook noob

I’ve been the owner of an ebook reader (see the previous post) for all of two weeks now. I have used my kindle nearly daily, and it’s a handy thing to have around. So far, I’ve mostly been reading issues of Linux Journal (who moved to a digital format two years (?) back), the scifi book by MK Wren that I mentioned, and then various tests.

But about the medium. Surprisingly, I fucking hate that there are format restrictions, DRM and all that jazz. Why have two formats that do essentially the same thing on different devices? Profits, probably. Businessy stuff that I don’t understand. There are of course, ways around things like this. I read somewhere that you can root a Kindle, which then enables functionality not found on the retail device. There are various converters for formats, such as Calibre, which enables management and conversion between formats. I have read that the Kindle (un-rooted?) will not eat stuff that has been un-DRM-ified using a converter, or that it will read books that have been converted at all. I haven’t tried the software yet, so I’ll have to get back to you.

The issue of DRM is a difficult one. I do not believe in crippling content and/or software. Your product should be good enough so that people want to pay for it. And I will. The amount of money I spend on software, movies and music in a given year is not a small one. We own several shelves of music, several gigabytes of digital music, and probably in the neighborhood of 500 DVDs and Blurays. I prefer FLOSS, but if it doesn’t do what I need it to do, I’ll probably buy something. I own my copies of Windows, on all of my hardware. And so on. Ok, disclaimers aside, the point I was trying to make is: If your content is good and there is a need for it, people will pay for it. DRM will never be an effective solution, ever. People will always find a way around it.

Okay, done venting!

I’m still miffed that I can’t read my technical manuals or whitepapers, which are in PDF format, on my Kindle. I would really find it useful if I could carry that with me when I go on consulting gigs, so I could pull up any number of manuals when I’m in a server room somewhere doing an install. Yeah, I can use a laptop, but that will run out of battery on most install gigs, and it’s not comfortable to have when you’re behind a rack for instance. Printing them is also out of the question, as they might be hundreds of pages. This is really a use case I can get behind, though, I do admit it is a comfort thing, more than a necessity for me.

I ran into that pesky “out of memory” message, trying to read a tiny 15 MB pdf. I don’t get it. Surely the device has more than 15 megs of RAM, and I hope it doesn’t cache the entire document when you read it. Maybe a slight read-ahead and read-back? Conversion might be the answer here, but, as I said, I will have to get back when I’ve tried it.

As for the content: I have not bought anything from Amazon yet. I have bought The Book of PF (3rd edition) from No Starch (really like their stuff!), some indie content, and then the scifi books through.. whatever it was. Paid by paypal or credit card, then transfered them through the USB to the Kindle. Works fine.

There is in-device buying. I’ve seen ads for $1.99 books on the Kindle, and sooner or later, I’ll click on one. It will be interesting to see if there are regional restrictions on that. I bought the Kindle in the States, sure, but can I buy books from Amazon when I’m in Finland? tells me to go to (eerily similar to my first tries of buying a Kindle). I simply don’t understand this. I get it that they need to like.. pay distributors and what not, but.. Just let me pay you for your stuff! I have the money! You have the stuff! Let’s transact!

You can also move content by sending an email to your “Kindle email address”, which was created when you first registered your Kindle. Also, you can probably use Wifi (haven’t tried it). USB is fine for me.

Even if I have to live without content from Amazon’s stores, there’s still plenty for me to read, and plenty of good publishers that provide me with cheap, compatible books.

Compatible books. What a laugh-riot.


Pi musings

So now I’ve gone and done it! I am doing something with my Pi. What I’ve done is, install nginx in a jail on it. Why? Just because I haven’t done that before. I’ll talk a bit more about what I did, and how in this post.

Why nginx? Well, the primary reason is that it’s growing in market share, and because I have very little hands-on experience of it. Also because I have this idea in my head that it’s slightly less bulky than say Apache2. Many Pi-specific pages also recommend lighthttpd, but since nginx is more prevalent on the net, I chose that.

Note! You could prepare the chroot environment beforehand. If you wish to do so, jump to the appropriate heading and then come back here. This is the order that I did things in, so if you, for some yahoo reason want to follow that, read on.

The Raspbian repositories contain a version of nginx, but it’s supposedly very old. I opted to compile from source, which seemed like a good idea after the repositories listed for a more current version didn’t work properly for the version of Raspbian / architechture of the Pi. Obviously, compiling on the Pi as a rather slow process, but this isn’t a rush order. To start off, i installed some necessary tools so I could compile from source:

sudo apt-get -y install wget build-essential libpcre3-dev libpcre++-dev zlib1g-dev libssl-dev

After this, wget the latest source package for ngingx,, and unpack this to a location of your choosing:

wget and the pgp signature: wget

Get the public key for the signer of the package (in t his case Maxim Dounin)  wget

Import it: gpg –import mdounin.key

And finally run gpg nginx-1.5.6.tar.gz.acs

You should get a message about a good signature, however, it’ll not be a trusted signature. You can’t be sure it belongs to the owner. The key would need to be signed by trusted sources, in order to establish the web of trust properly. But for now, we are content.

Then once you are all wrapped in tin foil, go prepare a pot of your favorite coffee and start compiling nginx. Change, add, remove options as needed. This is just from another howto, so you might like different locations for your logs, or include modules that are not included here:

cd nginx-$VERSION ./configure –sbin-path=/usr/sbin/nginx \ –conf-path=/etc/nginx/nginx.conf \ –pid-path=/var/run/ \ –error-log-path=/var/log/nginx/error.log \ –http-log-path=/var/log/nginx/access.log \ –with-http_ssl_module \ –without-http_proxy_module make

After this, you could potentially start nginx using /usr/sbin/nginx, but we’re not done yet.


Here, we want to do some potential damage control. The webserver is living inside its own little world, and if someone gets into that world, it’s kind of small and boring, and has no real access to the underlying OS.

We can do this either manually, or by giving the chroot directory (the new root) as a variable:

mkdir $D

After this, we need to create necessary directories inside the chroot directory for nginx to work properly.

# mkdir -p $D/etc
# mkdir -p $D/dev
# mkdir -p $D/var
# mkdir -p $D/usr
# mkdir -p $D/usr/local/nginx
# mkdir -p $D/tmp
# chmod 1777 $D/tmp
# mkdir -p $D/var/tmp
# chmod 1777 $D/var/tmp
# mkdir -p $D/lib

Note that we also give permissions to tmp and /var/tmp at this stage. Just to keep them writable by everyone just like they are in the base OS. Makes it easier for non-privileged users to write temporary files during installs or stuff needed when you are running the server.  Some instructions (like the one on Nixcraft that I relied on heavily while doing this) create a lib64 directory inside the chroot. I didn’t even have such a directory in the base Raspbian, so I followed suite inside the chroot by making a lib directory.

Next, create the following inside the chroot/dev directory, but first checking their special attributes using:

# ls -l /dev/{null,random,urandom}

You’ll get something like:

crw-rw-rw- 1 root root 1, 3 Jan  1  1970 /dev/null
crw-rw-rw- 1 root root 1, 8 Jan  1  1970 /dev/random
crw-rw-rw- 1 root root 1, 9 Jan  1  1970 /dev/urandom

Note column five. 1,3 and 1,8 and 1,9.  You need to set these attributes inside the chroot too. Do a:

# /bin/mknod -m 0666 $D/dev/null c 1 3
# /bin/mknod -m 0666 $D/dev/random c 1 8
# /bin/mknod -m 0444 $D/dev/urandom c 1 9

Next, you’ll copy all the nginx files from your base OS inside the chroot. For instance:

# /bin/cp -farv /usr/local/nginx/* $D/usr/local/nginx and

# /bin/cp – farv /etc/nginx/* $D/etc/nginx

Next a tricker part. Move all necessary libraries to run nginx to the chroot. You can find out what you need by doing a:

ldd /usr/sbin/nginx

You’ll get an output similar to:

/usr/lib/arm-linux-gnueabihf/ (0xb6f94000) => /lib/arm-linux-gnueabihf/ (0xb6f6a000) => /lib/arm-linux-gnueabihf/ (0xb6f33000) => /lib/arm-linux-gnueabihf/ (0xb6ef2000) => /usr/lib/arm-linux-gnueabihf/ (0xb6ea2000) => /usr/lib/arm-linux-gnueabihf/ (0xb6d3f000) => /lib/arm-linux-gnueabihf/ (0xb6d34000) => /lib/arm-linux-gnueabihf/ (0xb6d16000) => /lib/arm-linux-gnueabihf/ (0xb6cee000) => /lib/arm-linux-gnueabihf/ (0xb6bbf000)
/lib/ (0xb6fa1000)

All of these need to go to the corresponding locations inside the chroot. There are scripts floating around for checking what you need and copying them over; I just copied them manually because I’m a pleb.  You can always come back later; nginx and any other tools you use will tell you if you uare missing any libraries, and you can copy them later.

Copy the relevant contents of /etc to the chroot. I had problems with the users inside the chroot, but it might have been something I messed up. I was unable to run it using nobody:nogroup, and had to resort to using the uid and gid, but more on that later. If someone knows what I fucked up, and happens to read this, use the comments, thanks! But the copying I mentioned (again thanks to Nixcraft):

# cp -fv /etc/{group,prelink.cache,services,adjtime,shells,gshadow,shadow,hosts.deny,localtime,nsswitch.conf,nscd.conf,prelink.conf,protocols,hosts,passwd,,,resolv.conf,host.conf} $D/etc

And some directories (though my raspbian install didn’t have prelink.conf.d at all):

# cp -avr /etc/{,prelink.conf.d} $D/etc

We’re just about done. Kill an existing nginx’s using pkill nginx or something like killall -9 nginx to do it more violently.  Then we can run a test of nginx inside the chroot. This will tell you what is missing (libraries, files etc.), or if your config syntax is wrong:

# /usr/sbin/chroot /nginx /usr/local/nginx/sbin/nginx -t

To run it finally, remove the -t at the end. As I mentioned, at this point I had issues about a line in the nginx config file (/etc/nginx/nginx.conf), which is “user nobody;”. For the life of me  I could not get it to run using this user, even though I had it inside the chroot/etc/passwd, and group files. It just told me unknown user and so on. Changing the user also had no effect, i tried creating a fresh user, but to no avail. Finally, I ended up running nginx with:

/usr/sbin/chroot –userspec=65534:65534 /nginx /usr/sbin/nginx

Where 65534 is the uid and gid (respectively) of nobody and nogroup. Note that we are chrooting into /nginx (my chroot directory for nginx) and then from there, running /usr/sbin/nginx which is the script that starts nginx. After this, we have nginx running under the correct user and group:

nobody    4355  0.0  0.1   4984   724 ?        Ss   Oct07   0:00 nginx: master process /usr/sbin/nginx
nobody    4356  0.0  0.2   5140  1228 ?        S    Oct07   0:00 nginx: worker process

To be absolutely sure that nobody runs the “base OS” version of nginx, you can remove the directories associated, or rename the executable file under /usr/sbin (i called mine nginx_nonchroot), so I can verify that file isn’t being run. Or remove the execute bit with chmod -x /usr/sbin/nginx.

When starting nginx at boot, be sure you are doing it in the right way to ensure it’s inside the chroot:

# echo '/usr/sbin/chroot /nginx /usr/sbin/nginx' >> /etc/rc.local

To verify that your nginx is running inside the chroot, use the process id (second column when you run ps aux | grep nginx; in my example, 4355), by running:

# ls -la /proc/4355/root/

…and you’re getting the contents of the chroot root, i.e. all the directories that sit under the chroot /

drwxr-xr-x 10 root root 4096 Oct  7 19:00 .
drwxr-xr-x 24 root root 4096 Oct  6 23:24 ..
drwxr-xr-x  2 root root 4096 Oct  7 19:11 bin
drwxr-xr-x  2 root root 4096 Oct  6 23:25 dev
drwxr-xr-x  5 root root 4096 Oct  7 19:43 etc
drwxr-xr-x  3 root root 4096 Oct  6 23:36 lib
drwxr-xr-x  2 root root 4096 Oct  7 00:03 run
drwxrwxrwt  2 root root 4096 Oct  6 23:23 tmp
drwxr-xr-x  5 root root 4096 Oct  6 23:27 usr
drwxr-xr-x  5 root root 4096 Oct  7 19:51 var

You can also change the default index page so you can see that that’s the one being loaded.  In my case /nginx/usr/local/nginx/html/index.html. You can reload the chrooted nginx using:

# /usr/sbin/chroot /nginx /nginx/usr/sbin/nginx -s reload

You could now make sure nginx is listening on your pi, by using:

netstat -pantu | grep nginx

tcp        0      0    *               LISTEN      4355/nginx   

Browse to the ip assigned to your pi and see your webpage! Make sure you lock things down with iptables, and allow traffic only to ports that you want, and from addresses you want.

Infinite props to Nixcraft for this article, which helped me along the way. The main reason I wrote this was that my install  was slightly different, and I figure I’d type my own problems and solutions down. Also, raspbian has changed slightly (i guess?); So here you are. This howto was also very helpful, thanks to




LSI Updates and Pi

There’s no possible way to make a Raspberry Pi-joke that hasn’t already been made.


So far so good. Things’ve been working fine, though I have to look into disabling the bios since I’m not booting from any drives that are behind the LSI card. Boot times are three times as long as without the card, even though the OS is loading from the Samsung 840 Pro SSD drive.

I used MegaRaid Storage Manager for Windows to install the latest BIOS for my card. I went to the LSI site, searched for Host Bus Adapters -> LSI SAS 9211-8i -> Firmware, and downloaded the only available package (at the time this was named “9211-8i_Package_P17_IR_IT_Firmware_BIOS_for_MSDOS_Windows”, released Aug 09, 2013, the same package as for the IR-firmware installed in the previous post). Inside the archive, you will find various folders. Look in the  folder “sasbios_rel” and check that you have mptsas2.rom in there. That’s the BIOS image.

The good news is, as I mentioned, once you have the Storage Manager software installed, and your card is recognized, you can flash the BIOS from Windows without issues. This should also work for Firmware, but I haven’t tried this yet, as I am already running the latest IR-firmware. Open up SM, and somewhere in the middle you will find Update Firmware. There, select BIOS (middle selection for me), and browse to the folder mentioned earlier. Inside, select the mptsas2.rom file. Hit OK, and it will ask you to check a box and confirm that you want to update the BIOS. After that, it’ll flash, and tell you when it is done. It will show you the old BIOS version until you reboot. My card was, and is now Improvements are minimal, but there were some.

One note on the Write Cache, mentioned in the last post. I was unable to enable this from Storage Manager. Perhaps due to the fact that there is no battery backup unit. I’ll have to look more into this at a later date.


Got me a Pi. The B model, from local RS reseller, Yleiselektroniikka. Cost me 47 bucks including taxes. It’s the revised Model B, with 512MB memory. I also got a transparent case, which was 10 bucks. I didn’t get a powersupply, because I have plenty of USB chargers for various devices (and a few generic ones) that provide 1A+ @5V. My HTC Desire Z charger powered the Pi just fine, even though there’ve been reports of “flaky” mobile phone chargers not working with the Pi.

I have an 8 GB Verbatim SD-card for this project, and I dropped the latest NOOBS image from the Raspberry Pi homepage on the card, after formating the card FAT. I then installed Raspbian from the NOOBS-installer, and proceeded to do an apt-get update && apt-get upgrade, which also upgraded the Pi bootloader to the latest version (as was recommended by the small booklet that came with the Pi.)

I haven’t done much with the device yet (joining the club of Pi owners everywhere! :)), except hook things up and tried it out a bit. It works great! Or just as advertised. Obviously the boot is a little bit slow, but nothing out of the ordinary, considering the specs. HDMI out works fine; I use an HDMI -> DVI cable for this.

Adventures in LSI-land

I bought an IBM M1015 raid card. Which is actually an LSI 9240, containing a SAS2008 chip. It is a basic card, with no battery backup. It has two mini-SAS ports, that can be split to 8 SAS/SATA devices (four per port), and then configured to either RAID0 or RAID1. With a feature-key (some little IBM fob that is slapped onto the card), you can also get RAID5, and other modes. RAID1, however, is what I wanted.

So turns out the IBM M1015 does not get detected by three of the four motherboards I tested it on. It worked on an Intel reference board (?) in some old workstation, but not on:

  • MSI MS-7497
  • MSI M2N-E
  • Asus P8Z68-V GEN3

Out of those, the 7497 and the Asus did not even boot, just a blank screen if the card was in (any PCI-E slot). I also couldn’t find any BIOS settings that would make it boot. Nothing would ever come on screen. The M2N booted just fine, but no card was detected.

So, instead of giving up, I decided to try and flash the card with a different firmware. In a process known as crossflashing, you essentially clean up the firmware on the card, and flash something that wasn’t originally intended to go on the card.

For this card, there are three alternatives (at least):

  • Original IBM M1015 (LSI 9240) firmware, as provided by IBM
  • LSI 9211-8i IT-firmware (tried this one too, machine booted fine and detected the drives behind the card)
  • LSI 9211-8i IR-firmware (i picked this one)

The latter two being provided by the actual manufacturer of the card, LSI. The differences (as listed by this site) are as follows:

IBM M1015 firmware

  • Can do RAID0 and RAID1. Contains Web-Bios for controlling settings, perhaps other IBM branding

LSI IT-firmware

  • Can do straight passthrough, without RAID. Apparently ideal for ZFS for instance.

LSI IR-firmware

  • Can do RAID0 and RAID1, 1E and 10, as well as passthrough

The flashage!

So, to flash the card, you need a machine that (obviously) can recognize the card. I had two of them, the Intel reference motherboard-box, and an IBM x3690 X5 server (UEFI, more on this later). On top of this, you need a bootable USB stick. I used a Kingston U3 USB stick, which is recognized by most machines, and works great. On that stick, I have FreeDOS, the LSI Megacli/megarec tools, as well as the required firmware- and bios-images. I can make a package of the files that I have, so you can slap em on a card. To get FreeDOS on a stick, check here and then here, for instance. I also needed the UEFI Shell file, again, more on that later. But you might as well put that file on your stick too.

To start off, you need to clean out whatever is on the 16MB flash chip on the card. Boot up to freedos, and move to the directory where you have megacli and the firmware files. First, get the ‘SAS Address’ of the card, either by looking at the card physically, or by running:

megarec -writesbr 0 sbrempty.bin
megarec -cleanflash 0

After this, you have a card with pretty much nothing on it. If you do not flash a firmware on the chip, you have what is effectively a dead card. Reboot the computer. You should not see the machine detect the card, as it will not load the BIOS of the card. Now, there are two ways to move forward. Either boot back to the FreeDOS environment, and flash the correct firmware to the card, or load up an UEFI Shell (depending on your hardware) and do the flashing from there. You should start with the FreeDOS-way:

sas2flsh -o -f 2118ir.bin -b mptsas2.rom
sas2flsh -o -sasadd put_your_SAS_Address_here

A note about the first command: Chose which firmware you want to flash, either it or ir. Note, that you can flash between any of the firmwares after the fact, just do megarec -cleanflash0, and then proceed to the second step with the new firmware that you chose. You can leave out the -b mptsas2.rom command. This is the BIOS of the card, which you do not need, if you do not intend to boot off a RAID-array which is behind the card. Boot times will be faster if the BIOS isn’t loaded. I put it in just for good measure (and yes, the boot slow-down is noticeable).

The UEFI caveat

If when running the first command you get: “ERROR: Failed to initialize PAL. Exiting program.”, there is a problem with your motherboard’s BIOS and/or you have UEFI instead of BIOS. I can confirm that this happened on a regular old workstation (3 years old maybe?) which does not have UEFI (or then I’m blind and dumb), so I’m not exactly sure as to what is causing the error in this case. In either case, I had to move the card to a server that actually has UEFI, in my case the IBM x3690 X5 server. This server, however, does not have UEFI shell, for some inconceivable reason. But, I was able to boot to the UEFI Shell .efi file that I downloaded previously, by going into UEFI, going to Boot Manager, and selecting Boot From File. Then I navigated to the USB stick where the .efi file was, hit enter, and soon I was in the UEFI shell.

Some notes about the shell. It’s Unix-like, but has some select commands that you need here. Firstly, to navigate to different disks that it detected, use fs0:, fs1: etc. In my case, the USB stick was fs0. After that, you can use either standard DOS or Unix commands to list files; so either ls or dir. Navigate to the directory where you have your megacli and whatnot using cd, as usual. There, you can use the following commands to flash the card (and BIOS):

sas2flash.efi -o -f 2118ir.bin -b mptsas2.rom
sas2flash.efi -o -sasadd put_your_SAS_Address_here

Again, you can leave out the -b mptsas2.rom if you don’t need the BIOS. This time, I had success in flashing the card.

After the commands are done, reboot the machine. You should now see it loading LSI 2008 whatever, instead of IBM M1015. You can use Ctrl-I to enter the configuration management, where you can set card options and create RAID arrays.

Performance and management

A note about performance: When I created the RAID 1 array (consisting of two WD 1TB Red drives), the background initialization which started (There was apparently also a fast initialization option) had significant performance impact. Running Crystal Disk Mark x64, I got around 85MB/s sequential reads. When the init was done, these were the figures:

LSI 9211-8i performance with two drives in RAID 1
LSI 9211-8i performance with two drives in RAID 1

Noteworthy is the write-performance. After the Init was done, I got a log entry stating the Write Cache is disabled. Since this card has no battery backup (being an entry level card), Write Cache probably should be disabled. If it were enabled (I might try this later) from the card options, write perofmance will be significantly better. But, since this is mostly for storage (more reads than writes by far), this is not of concern to me. Data integrity is more important.

In linux, you can use the same MegaCLI from LSI to manage and view the card status. In Windows, you can use a similar graphical program called MegaRAID Storage Manager, from LSI (on the search page, pick Host Bus Adapters -> LSI SAS 9211-8i -> Management Software and Tools), which supports most versions of Windows desktop and server. To download either of these, visit here and select Host Bus Adapters, then LSI SAS 9211-8i, and your relevant download category. Also get the driver for your operating system from the same site, even though Windows 7 and Linux both supported this out of the box.

Oh. also in case you were wondering, the cable I got to hook up the SATA-drives to the card was this one, the DeLOCK Mini SAS 36 pin (SFF-8087) -> 4 SATA cable. The price at the time of this article was 17,90€.


I would like to thank the following pages. Without them, this would not have progressed.

Blabbity blab

Nothing specific to talk about, but I felt like writing anyway.

Don’t multihome vmk ports in ESXi

Multihoming vmk ports on ESXi 5 (?) and later is not kosher. It’ll allow you to make the config, and it’ll even work, for a random period of time. You probably want separate physical ports for management and vMotion, so you’re bound to have two vmk ports, don’t put them on the same subnet/vlan. This was supported in ESX 4 and earlier, perhaps, but not in any later versions of the VMware hypervisor. This KB-article helped out a lot, as well as this quickhand on ESXi shell network commands. The setup was roughly the following:

  • vmk0 – management – vSwitch0 –
  • vmk1 – vmotion – vSwitch1 –

One host with this config dropped off the network, and the management port wouldn’t respond. The other vmk interface still responded perfectly, and the machines were on separate vmnics and vSwitches so they were unaffected as well. But vCenter lost connectivity to the host. Obviously, migrating the vm’s off the host was not an option, as there was no way to reach it through the vSphere client. The cluster did not have HA enabled.

To fix it, the steps were roughly:

  1. Enable ESXi Shell, if it isn’t already, through the DCUI -> Troubleshooting options -> Enable ESXi Shell
  2. Hit Alt-F1 to go to the shell
  3. Disable the vmnic that is not the management vmnic (in our example, vmk1, for vmotion) using esxcli network nic down -n vmnic   ##make sure you get the right vmnic, doublecheck in DCUI
  4. You can Alt-F2 back to DCUI and check out the network settings to verify that it’s down. Once the conflicting vmk is down, the primary one should start working, and you’ll have management back. If necessary, restart management agents / network from DCUI.
  5. There’s also esxcfg-vmknic -d (for delete, -D for disable) portgroup. To list the portgroups, use esxcfg-vmknic -l (and locate the conflicting, non-management vmk, and check the name of it)
  6. When management is restored (you can verify by running the Test Management Network in DCUI, and ping your management IP), do the rest from the vSphere Client (restoring what ever vmk you disabled, and the functionality it had (be it vmotion or so)). This time, make sure you use a separate subnet/vlan (not the same as for management)
  7. Also NOTE that if you used the ESXi Shell to disable a NIC, you have to enable it from there as well. I’ve found no way to say “vmnic up” in vSphere Client. If you know of a way please let me know in the comments. I had to make an extra trip to the data center to get the interface up, and then finalize the config in vSphere client.

Considering a Soekris or Mikrotik

For years (uh say, 8 years?) I’ve used an older workstation PC with two Intel 1Gbps NICs and lately, an SSD, plus OpenBSD & pf as my network firewall/router. It’s a rather clunky solution for a simple task, but it has served me well for years, without too many problems. After listening to TechSNAP (the latest couple of episodes, I guess), I’ve been thinking about replacing that box with a smaller solution, such as hardware from Soekris or Mikrotik. Soekris are a bit expensive, but they are perhaps.. more fully fledged than the Mikrotik. Both, as I understand, allow for your own choice of OS. I would still be running BSD (be it Free or Open), because that’s what I sort of trust with these matters. The other option is to buy an Atom board, slap on 2-4GB memory, two NICs (or a multiport NIC), and the SSD that I already have, and then run that in a smaller form factor case. I’m more of a do-it-yourself kind of guy, so I might end up going that route anyway.

Reading stuff

I’ve been reading a lot lately. Well the past 10 years maybe. My dad tends to remind me that back in school I didn’t like reading too much (perhaps because I didn’t usually need to work too hard to pass courses (except for math), or maybe I just hadn’t found my thing yet. Or maybe I was an immature brat? Perhaps. Anyway. What I’m reading right now is the Bridge Trilogy, by William Gibson. No big shocker here, I’ve read his works multiple times. I think this trilogy is the one I’ve read the least. That’s not to say it isn’t good, but it’s just gotten less attention from me. I’m on the final book now, ‘All tomorrow’s parties”. After that I’ll hop away from Gibson, and move on to James Bamford’s “The Shadow Factory”, a book on the NSA.

Since I misplaced (probably lent it out to someone who doesn’t remember or really liked the book) my copy of Stealing the Network – How to own a Shadow, I ordered a used copy from amazon. The condition was listed as very good, and it came exactly in that shape….

.. only it smells like weed. You know? Mary jane? Now it might just be from hemp-scented incense, or maybe just a pot-head security guy. I don’t mind really, but I still put the book outside for a while to get the worst fumes out. Luckily nobody had ripped pages to roll their joints in. I guess the book would then have been listed as.. Cannabilized. Get it!?!


The Vee Arr and Assembly 2013 wrap-up

Assembly 2013 came and went. All in all a less-than-average Assembly, but it wasn’t all a waste. Let me talk to you about the Occulus Rift.

Occulus Rift is a set of VR goggles, that are in the process of coming to the market (with a consumer release probably happening in 2014), and is now making the rounds  in the form of a dev unit. The dev unit is a pair of goggles, slightly larger than proper diving goggles, and they are not very heavy. There was a comfortable strap that wrapped over and around the head. The development version has a resolution of 640×800 pixels per eye, while the consumer version will be (hopefully) 1080p. The development version also need separate headphones to play audio. It was hooked via wire (or wires) to a computer. The consumer version, again, will hopefully be wireless. In addition to the goggles and the headphones, I used a game-pad to control my character in the VR environment.

There were a few different applications on display. I tried one of them, which was a virtual space, which housed a small yard and a building with a few rooms. It had moving objects, such as ceiling fans, and directional audio playing in the different rooms. The first thing I noticed was the low resolution. I kept trying to focus, as if looking through a pair of binoculars or eyeglasses, but it was just the resolution which was poor. It felt out of focus at times. The first instinct was to look around. This worked great. You had a fair amount of freedom of motion: you could look at the ceiling, down at the ground, you could tilt your head and “bend” your body, to say, look behind a corner.

After a brief adjustment, I thought, wow. This is really immersive. I quickly forgot where I was in the real world, though keeping your balance IRL felt strange. As I steered my character around the yard and inside the building, I felt my body try to maintain balance in the real world. It felt strange, and slightly disorienting. I avoided a wall in the virtual world, and noticed that I made that same movement (albeit a less extreme one) in the real world. Also not really walking around felt a bit weird. You used an analog stick to move and turn the character inside the VR world, and your perspective sort of “floated” around, with your view at head-height.  I did not try if there was a jump or crouch function: I only used the analog sticks.

The other two applications were a game called Jink, that ended up taking third place in the gamedev competition at Assembly 2013, and some kind of rollercoaster application, which my friend M tried out. He’ll hopefully read this, and give us his take in the comments.

The dev kit supports Windows, Linux, OS X, iOS and Android (so that takes care of most of the platforms this’d ever be used on). The estimated price (this is just a guess, and has not been confirmed AFAIK), would be 300 or less. A price I will gladly pay once this comes out. The amount of applications that could run on this, plus the wireless nature will make this a killer device for any tech-head. The Occulus Rift homepage is telling me that Half-Life 2 (and I assume any and all games with the same engine, at least eventually (I hope!)) will be officially supported for the Rift.

Oh. Wow!

Also, apparently anyone can get the dev kit right now for the 300 dollars + what ever applicable fees to your  country.

On to Assembly. This year we were there with a four person crew. We had machine seats, and brought our own computers to the party. To sum things up:

  • The network worked well with just a few glitches during the 72+ hours.
  • The audio was great, despite certain microphone tomfoolery (which happens at all such events, I’m sure, not just Assembly!)
  • The big screen worked fine, though, the encircling LEDs were like… super bright and murder in the midst of the otherwise dark arena floor.
  • Intros & Demos & Music:
    • Music kicked ass in all categories. Good entries.
    • 1K and 4K Intros were of excellent quality
    • Short film and Real Wild were great, I really admired the work done on the reverse engineered Helsinki Metro sign, and the associated Real Wild entry “Next train takes no passengers”
    • Demo and Oldskool categories were disappointing, really. Demo only had 7 entries and one that I would consider good, a second one that was so-so, and the rest being of ‘meh’-quality.
    • It’s not that they were outright bad, but they just didn’t have the Wow!-factor.
  • Game of the year seemed to be League of Legends (or LoL) as well as SC2.
  • No clear new memes that I could pick up.
  • More girls than ever
  • Younger kids
  • Fatter kids
  • Cory Doctorow KICKED ASS. Great speaker.

I can’t be asked to write more. I spent the nights at home, like a true old curmudgeon, but I was there for all but a few compo entries. And that’s the main reason I go anyway, since I don’t need permission from mommy to play games all day at home.

Best quote? “These tickets cost me 145 euros, so you will do exactly as I say!”, by a mother to a kid in the long line to get into the arena.

Peace out.




More upgrades is betterers

Gots m’self a new CPU cooler. Not that my i5 is running hot with the stock cooler (between 45 and 55 degreece celsius idle), but it could be cooler. Also, I’m kind of gearing up for Assembly 2013 Summer. That is always an extra strain on the machine since there are like, 3000 other machines there, and sometimes things get hot. Like not in a sexual way, but in a temperature way!

I also have the idea that a proper, semi-expensive CPU cooler will be quieter. So I went with Noctua just to be sure.

Noctua makes the best fans, if you ask me. Great build quality, silent as all hell. The colors are.. well, they could be better. But I heard recently that they are doing other colors soon, or maybe even now. So this is the good old beige-brown color scheme.

I looked around for a while, weighing the different Noctua options. I even started looking at closed-loop water-cooling. While this might be a good option, it’s something I decided against, mainly because I have little to no experience in water-cooling (though these new sets, like say.. the Corsair H100, 100i, 110 etc. series is crazy easy to install), and because many of those are considerably large. I somehow like the open space in my case, which is probably bollocks from a cooling perspective, but what ever. There’s also the price difference.

In the end it was one of the following: The Noctua NH-D14, the NH-U12P Se2 or, the NH-U12S.

The D14 is the big daddy. It’s been out for a few years, and it consists of a honking huge block, and up to three fans. Easily one of the better aircooling rigs out there, and has been for a good while. It’s rather expensive though, at around 80€ (usually) plus shipping. Weighing in at a whopping 1240 grams with two fans, it’s a beast. So maybe you’re like me and you don’t want to drop quite 80 bucks on a cooler? Then there’s the U12S and the U12P. The S version is the newer one, and the P version is the predecessor. I can’t really explain why i got the older P-version instead of the S version. The price difference was 5 euros. There were a lot more reviews of the U12P SE2, which I ended up getting, and mostly they were positive, even praising. There’s a 14 cm version of this, called the U14S, priced at around 70 bucks.

The Noctua NH-U12P Se2 comes with two NF-P12 fans in the box. This is a brilliant fan on its own already, and I imagine it’ll perform really well with the cooler. The block (which has four heatpipes) weighs in at 940 grams with the two fans. It’s compatible with most CPU sockets. The box and product page lists LGA1156, but that’s essentially the exact same size as the LGA1155 which my i5 has, and is compatible with both. The SE2 box comes with a low noise adapter, and an ultra low noise adapter, which you can use to take the RPM down to 1300/900 rpm, respectively. I’ll post some kind of results with my specific rig later. As a reference, while I am typing this, I still have the Intel i5 stock cooler plugged in, Firefox with five tabs (one with youtube), and a few other apps, the temperature is 47-48 degrees celsius.  The ambient temperature in the apartment is an uncomfortable 27 degrees, so the 48 isn’t that bad actually. I’m running two 140mm Noctua fans in the case, one on the side pushing air out, and one in the bottom of the case, pulling air in. The case, a Fractal Design Define R4 has something at the front too, I think. The noise level, while idle, is noticeable, but very unobtrusive. A steady low-ish hum.

There are two installation guides: one for Intel sockets, one for AMD sockets. I’ve done steps 1 through 5, kind of. I haven’t mounted the backplate yet, obviously, since I’m still using the machine. There are four ‘anti-vibration strips’, that are mounted on each side of the cooling block, which are supposed to dampen vibration from the fans. Two are mounted on each side. Fans are then attached using steel clips. The install guide mentions that adding the second fan, sucking air behind the heatsink, will take the temps down an average of 1-3 degrees. They also note, obviously, that both fans should be blowing the same way.

I’m trying to figure out how to mount the fans. The picture in the guide isn’t the best possible. Once I’ve done that successfully, I’ll take em back off, because they can’t be mounted during installation (prevents you from screwing the heatsink onto the motherboard mounting brackets.

Oh, also the SE2 box contains some Noctua NT-H1 thermal compound. Whether it differs from the Arctic Silver 5 that I have, who knows. It’s supposedly good.

More after I’m done. Hopefully.

Done. Two fans installed, no low noise adapters. Temps are down to around 32-35 degrees idle. So about 10 degrees out of the box. Thermal compound usually takes a while to settle in, so these are probably not the final temps. Anywhoo. A 10 degree idle drop is satisfactory to say the least. I’ll run some Prime95 tomorrow to see how it performs under load.

The toughest part of the installation, easily, was getting the fans mounted on the heatsink. The clips are good, and the mounting is solid, after you figure out where they go and how you’re supposed to bend them so they click in place. The backplate mounting behind the motherboard was great. Everything fit like a glove. Screws were solid and easy to fit.

Also, I removed a metric fuckton of dust. A good summer-cleaning never hurts, and lowers temps in any setup.

Temperatures were measured using Real Temp 3.70.

Edit2: Some “load”-notes. Running Prime95 (for an hour or so) gave me a max of 63 degrees; significantly lower than with the retail intel fan.

Some notes from the road

First I want to talk a little bit about airport security. This was the first trip that I was ‘nude-scanned’. The scanner was at McCarran International Airport in Las Vegas. The device doing the scanning is a ProVision ATD. The type of scanner this is, is a millimeter-wave scanner. Unlike the X-ray backscatter type machines, these should not pose any health risks, as the radiation is not ionizing. There’s a comparison of the two technologies here.  When we flew in to the US, I saw the same machines deployed at O’Hare in Chicago, however, for some reason they were not being used. A regular metal detector was used instead. At LAS when leaving, they put some passangers through the millimeter-wave scanner, and some people through the metal detector. When it was my turn, four people had just passed through the metal detector. For no apparent reason (I didn’t notice a pattern), they closed the metal detector, and put me through the millimeter-wave scanner. You step into the device, and turn 90 degrees to face a set of instructions. There are spots on the floor marked for where your feet go, and you are instructed by a picture to hold your hands above your head. The device appears to do a sweep (looks like the door is closing on the round device), and then the TSA attendant asks you to step out.

Later, they also switched it around, bringing some people through the metal detector, and some through the scanner. Shit. Almost wrote scammer, there. An associate of mine walked through the scanner after me, and after that, he was patted down by the TSA agent. Why? Was he armed to the teeth? No, he was carrying a standard Finnish passport in his pocket. So the gorillion dollar device can’t distinguish between a passport and something that can be used as a weapon? Looking at some of the images of the user interface, and what I was able to see myself, the screen that they look at doesn’t show an image of a person when he or she is being scanned. Just a grey screen, which appeared to turn green when everything was okay. I didn’t see the “failed” scan, but i assume it might have shown the location of the suspected item. But, a passport? For reals? I felt a whole lot less secure after seeing that…

Also, how do they pick who gets the scanner, and who gets the metal detector?

A noteworthy detail is that there was a sheet of paper outside the machine which explained the technology, and the last row was something like “The use of this technology is optional”. Optional, when you’re four steps from the machine? I’m sure declining at that point would set off zero rectal search alarms? I was planning on declining myself, but I guess I might have chickened out / noticed the note a bit too late. I guess it would have meant the metal detector + a pat down, even if nothing beeped. And some gruntled TSA personel.

There were also new “rules and regulations” on the inbound flight. The Lufhansa flight attendants were ‘required’ to tell us that “grouping in the aisle or near the toilets or the kitchen during the flight is not permitted”. There was an incident on our Frankfurt -> O’Hare  747-400 type airplane where two people were using their phones near the toilets (both were of non-caucasian descent, if that matters), and the flight attendants announced, apparently due to this, that no loitering near the toilets was allowed. The two men declined to move, or didn’t listen, and a flight attendant was there very quickly, asking them to take their seats. After that, the captain turned on the fasten seat-belts sign. There was a rather clear connection between the two events. There was no turbulence, and we were thousands of miles from O’Hare.

You’re wondering about them using their phones? The flight had (paid) WLAN on it. The only caveat was that you were not allowed to use VOIP type applications, as per the terms of service that you accepted when you bought the service. 1 hour was 9,50 €, and 24 hours was 19,90. The connection was provided by satellite, and the service provider was T-mobile out of Germany. Latencies from the middle of the atlantic (or geostationary orbit i suppose?) to Finland were around 600-800 milliseconds. Downspeed was ~3Mbps, and up was 0.03 Mbps, according to

The connection worked very well in general, if you didn’t mind the slow upspeed, buying the service was easy with credit card. A notable detail is that when you associated with the AP, you had DNS resolution, so you could maybe have, contrary to the service agreement, have tunneled out using DNS, and something like NSTX. I didn’t poke around more, nor did I take too many other details off of the connection, but those are my notes.

I just had to edit this again to add this: God damn it it grinds my gears when people do not behave on aircraft. Jesus Herbert Christ! On the return flight to Helsinki, we had an awesome flight attendant. Funny, well spoken and approachable. When we were wheelsdown in Helsinki, still taxiing to our gate, a guy just decides to stand up to get his stuff. She told him “Sir, sit down!”. He did. Before we were completely stopped, and the captain had turned off the seat-belt light, there were at least ten mobile phones powering on, and seatbelts clicking lose.

People: You do not get off the airplane any faster by doing these dumb things. And if you tumble and fall, or drop some luggage on me while doing this shit, I will go medieval.

After we had come to a complete stop, I told the flight attendant “Same thing every time, huh?”, and she said “YEAH! Every time! Why do they keep thinking they’ll get off the plane faster?” She then turned to the man who had stood up during taxi, and asked him, “Sir, why did you stand up? Why? You could get seriously hurt!”, and he just shrugged and avoided her very piercing gaze, mumbling something under his breath.

P.P.S. Oh, and also, there are no bookshops on the Strip in Vegas. Just a hint to anyone who wants to maybe, I don’t know, make some money. I asked the concierge at the hotel we were staying at, and she said I’d probably have to get a cab to get to the nearest book store…

HTPC 2013

So about the HTPC…

It’s now 2013. Three years since I bought the thing, or so. It’s still running fine. I’ve done some upgrades during the past months, and I’ll discuss them in this article.

First of all, the CPU fan had to go. And by go, I mean replaced with a thin form factor, larger fan. The fan is attached to the case with some wires. It looks ugly, but then again, you don’t really see it from where you sit in the living room. There’s little to no vibration or noise from the fan. The one i got, and that i can recommend to any case that needs a low-RPM thin fan, was the Scythe Kaze Jyu Slim, from Jimm’s PC Store. I paid 8 euros for it. Works like a charm. It’s not attached to the CPU heatsink, but it still moves enough hot air out to keep things running. I guess I could run things passively, as I have speculated in the past, but I don’t really like my stuff running that hot, even if it’s within spec. Things just tend to last longer when they are at least somewhat cooled.

The second thing I replaced, was the hard disk. I wish I had a few extra bucks for an SSD, because that is what I will put in as an OS drive (if just for the fast boot time), but right now, I opted for a 3TB Western Digital Red. The old drive was a Western Digital Green 1TB, which had a number of issues (I lost one drive due to a feature relating to power saving, which wore out the drive prematurely. The warranty of course covered this, and no problems with WD). The drive also was a bit sluggish, it felt. But then again, the Green series drives are “supposed” to be. They run at lower RPMs, and are designed for power saving instead of high performance. The Red series drives (I paid around 150 for my 3TB version) are designed for NAS use, and are rated for a very large amount of usage hours. The HTPC is pretty much always on (well not really, but a lot of the time), so this was a good choice. I’ve now had it in use for a few months, and I can’t say I have any complaints. The drive runs smooth, silent and has a lot of capacity. It’s also, unsurprisingly, faster than the Green drive. I have a 20 GB partition set aside for the OS (which I will get to in the next paragraph) and the rest for media and backup from my desktop (over smb, I suppose it could be nfs too..). Nothing bad to say about the drive really. 3TB should be enough for everyone. “:)”

As for the OS, I am now running XBMC 12 “Frodo” RC2. There’s an RC3 but I have not upgraded, except for what I get through apt-get. I have to say that this is by far the best “out-of-the-box” XBMC experience so far. Every damn thing worked. The only thing I really had to set, was the audio output, since I’m running it out through SPDIF instead of HDMI (which was the default). I now no-longer had 9 audio devices to choose from (as in XBMC 11), but three. HDMI, SPDIF, and analog, which is exactly what you would expect. Before I had three devices, each with the three options. Very confusing. I also didn’t have to fiddle around with alsaconf or anything else to get both stereo and surround sound to work using the same output. Very much recommended.

Ok so here’s where I’m at right now. There are two final upgrades I would like to do, and I would like to finalize the fan-attachment so that it doesn’t look like ass. Still thinking about how to do that. The other two, are: SSD for the OS (I could take any size, really, as XBMC takes around 4 to 5GB), and upgrade the RAM from 2 to 4GB.