Biology
Reading the Book of Life in Prehistoric Dung
Physics
Time Emerges from Quantum Entanglement
Society
DEA has more phone records than the NSA
Getting insider information 7 milliseconds early
Computers
How to Develop Unmaintainable Software
The Joys of Maintenance Programming
Psychology
Debunking Positivity
20131117
20130901
GNN Sep 1, 2013
Society
10 Futures as Predicted by Anime
How the NSA misleads the public without actually lying
Technology
The STEM crisis is a myth
Teens care about online privacy
Science
Babies learn words before birth
The Internet had a slow week...
10 Futures as Predicted by Anime
How the NSA misleads the public without actually lying
Technology
The STEM crisis is a myth
Teens care about online privacy
Science
Babies learn words before birth
The Internet had a slow week...
20130824
GNN Aug 24, 2013
Psychology
How we gave colors names, and it messed with our brains (*)
The power of sugar might be in your head
Culture
School Has Become Too Hostile to Boys
Biology
Birds know traffic speed limits (*)
The obesity era... everything is getting fatter
Killer whales, grandmas and what men want: Evolutionary biologists consider menopause
Life under Antarctic ice
For sheep horns, bigger is not better
Bacteria can cause pain on their own
...and that's, the Internet in a minute.
(*): Epic
20130817
GNN Aug 17, 2013
Bringing you the best of the Internet!
Science!
Laptops lower grades (even when taking notes)
Bone-eating Worms!
Sleep Deprivation Encourages Donut Consumption
Soda Makes Five-Year-Olds Break Your Stuff
Modeling Economics with Bacteria (Alternate Article)
Government
Ripping Off Young America: The College-Loan Scandal
U.S. directs agents to cover up program used to investigate Americans
Feds target instructors of polygraph-beating methods
Technology
Xerox machines are changing numbers
Breaking RSA Encryption
Is encryption weaker than we thought?
Watching laptop batteries decay
Humor
Amazon acknowledges fake reviews
Science!
Laptops lower grades (even when taking notes)
Bone-eating Worms!
Sleep Deprivation Encourages Donut Consumption
Soda Makes Five-Year-Olds Break Your Stuff
Modeling Economics with Bacteria (Alternate Article)
Government
Ripping Off Young America: The College-Loan Scandal
U.S. directs agents to cover up program used to investigate Americans
Feds target instructors of polygraph-beating methods
Technology
Xerox machines are changing numbers
Breaking RSA Encryption
Is encryption weaker than we thought?
Watching laptop batteries decay
Humor
Amazon acknowledges fake reviews
20130720
Gentoo, ReadyNAS, and iSCSI
I recently bought a Netgear ReadyNAS 104 while trying to recover from a failure of my old RAID-5 enclosure. Now that it's all put together, it looks like I can pull a maximum of 50 MB/s, with typical speeds of 30-40 MB/s. I'm not sure what the limiting factor is at this point, since it doesn't seem to be network bandwidth, or CPU on either end. I think something in the system is latency bound, since it seems to pull a little faster when my desktop CPU is completely idle.
At first I was going to set it up using sshfs, but the little ARM CPU in that thing can only push about 3-4 MB/s when it has to do the encryption itself. So what I finally settled on was exporting it as iSCSI, and having my desktop do the encryption with cryptfs (LUKS).
I get the feeling that iSCSI doesn't get a lot of love on Gentoo, so I figured I'd post my troubles and what I finally got to work. This post from the Gentoo Wiki Archives was the most helpful, though I skipped all his interface setup, which I'm assuming was designed for a dedicated storage network.
iSCSI Basics:
A target is a server which is offering up a drive for clients to use.
An initiator is the client which consumes a drive to read or write it.
Init Script:
The init script for open-iscsi was kind of primitive... I had to install the unstable version (sys-block/open-iscsi-2.0.872-r2) since it hadn't been updated since modprobe stopped supporting "-l" (which still makes me sad...). At that point, I had to go redo all my kernel setup since I compiled the iSCSI stuff into my kernel, and the init script assumes that it can manually load and unload the modules. I eventually commented out all the do_modules calls to work around that.
I also installed net-libs/libiscsi although I never figured out if it was required or not.
I never did figure out how to get it to automatically connect to my drive, but I got the init script to stop complaining at me by setting AUTOSTARTTARGETS="no" in /etc/conf.d/iscsid. At this point (plus commenting out the modprobes) I could start and stop the daemon cleanly.
To manually mount a drive:
You can add "-d 8" (with a number 1-8) for increased debug messages if things are going wrong, but I can't say I found it very helpful myself.
The drive letter it shows up at will increment as you keep connecting/disconnecting. Which was enough to convince me I wanted to manually mount the thing so I've given up trying to get the init script to autostart it anyway.
CHAP:
CHAP is the iSCSI authentication protocol, and was the biggest pain point of the whole experience. I couldn't get my NAS or open-iscsi to give me any kind of useful error message other than "it didn't work" (or more precisely "iscsiadm: discovery login to 192.168.1.100 rejected: initiator error (02/01), non-retryable, giving up" ).
There are two kinds of CHAP, one used to authenticate initiators (clients), and one used to authenticate the targets (servers). Since I was already encrypting my data on my desktop, I didn't bother setting up the server authentication, but I think it works basically the same way. Here's what finally worked:
First I had to generate an InitiatorName and tell my NAS to restrict access to only that initiator. My NAS only had a field for one "Initiator (IQN)" entry, while the Linux settings had 3 different values. I don't really know what the difference is supposed to be, but I had problems until I set them all to the same thing.
Uncomment the following lines in /etc/iscsi/iscsid.conf, and set them accordingly.
For whatever reason, CHAP passwords have to be between 12 and 16 characters. I spent a while failing to get it to work with an 8-character password before I figured this out.
It probably goes without saying, but make sure you type the same password into your NAS. (And set it for your initiator, instead of what my NAS called the "bidirectional authentication" for letting clients know they're talking to the right server.)
There are also settings in iscsid.conf for using CHAP during discovery. You might have to set those too, but my NAS didn't seem to support it, so I left them alone.
After some trial and error, I finally figured out that my NAS was picking up password changes immediately, but my client was saving some kind of a session that was making things difficult. Eventually I determined that to actually get my new settings to take effect I had to stop my daemon, rm -rf the session folder it had created in /etc/iscsi/nodes/, start the daemon again, and then start over from the discovery phase.
And there you go! Good luck.
At first I was going to set it up using sshfs, but the little ARM CPU in that thing can only push about 3-4 MB/s when it has to do the encryption itself. So what I finally settled on was exporting it as iSCSI, and having my desktop do the encryption with cryptfs (LUKS).
I get the feeling that iSCSI doesn't get a lot of love on Gentoo, so I figured I'd post my troubles and what I finally got to work. This post from the Gentoo Wiki Archives was the most helpful, though I skipped all his interface setup, which I'm assuming was designed for a dedicated storage network.
iSCSI Basics:
A target is a server which is offering up a drive for clients to use.
An initiator is the client which consumes a drive to read or write it.
Init Script:
The init script for open-iscsi was kind of primitive... I had to install the unstable version (sys-block/open-iscsi-2.0.872-r2) since it hadn't been updated since modprobe stopped supporting "-l" (which still makes me sad...). At that point, I had to go redo all my kernel setup since I compiled the iSCSI stuff into my kernel, and the init script assumes that it can manually load and unload the modules. I eventually commented out all the do_modules calls to work around that.
I also installed net-libs/libiscsi although I never figured out if it was required or not.
I never did figure out how to get it to automatically connect to my drive, but I got the init script to stop complaining at me by setting AUTOSTARTTARGETS="no" in /etc/conf.d/iscsid. At this point (plus commenting out the modprobes) I could start and stop the daemon cleanly.
To manually mount a drive:
#Start a session to a target iscsiadm -m discovery -t st -p 192.168.1.100 #Open a drive named "group1" # on the target "iqn.1994-11.com.netgear:host:a1b2c3d4f" # (as generated by my NAS) at IP 192.168.1.100 iscsiadm -m node --targetname iqn.1994-11.com.netgear:host:a1b2c3d4f:group1 --portal 192.168.1.100 --login #At this point /dev/sde should appear and you can mount/format it. #Disconnect from the target to make the drive disappear iscsiadm -m node --targetname iqn.1994-11.com.netgear:host:a1b2c3d4f:group1 --portal 192.168.1.100 --logout
You can add "-d 8" (with a number 1-8) for increased debug messages if things are going wrong, but I can't say I found it very helpful myself.
The drive letter it shows up at will increment as you keep connecting/disconnecting. Which was enough to convince me I wanted to manually mount the thing so I've given up trying to get the init script to autostart it anyway.
CHAP:
CHAP is the iSCSI authentication protocol, and was the biggest pain point of the whole experience. I couldn't get my NAS or open-iscsi to give me any kind of useful error message other than "it didn't work" (or more precisely "iscsiadm: discovery login to 192.168.1.100 rejected: initiator error (02/01), non-retryable, giving up" ).
There are two kinds of CHAP, one used to authenticate initiators (clients), and one used to authenticate the targets (servers). Since I was already encrypting my data on my desktop, I didn't bother setting up the server authentication, but I think it works basically the same way. Here's what finally worked:
First I had to generate an InitiatorName and tell my NAS to restrict access to only that initiator. My NAS only had a field for one "Initiator (IQN)" entry, while the Linux settings had 3 different values. I don't really know what the difference is supposed to be, but I had problems until I set them all to the same thing.
## -*- mode: Conf-space;-*- ##/etc/iscsi/initiatorname.iscsi ## For examples, see /etc/iscsi/initiatorname.iscsi.example InitiatorName=iqn.2008-10.net.banack.mybox:openiscsi-a1b2c3f InitiatorAlias=iqn.2008-10.net.banack.mybox:openiscsi-a1b2c3f
Uncomment the following lines in /etc/iscsi/iscsid.conf, and set them accordingly.
##/etc/iscsi/iscsid.conf node.session.auth.authmethod = CHAP node.session.auth.username = iqn.2008-10.net.banack.mybox:openiscsi-a1b2c3f node.session.auth.password = ThisIsAPassword
For whatever reason, CHAP passwords have to be between 12 and 16 characters. I spent a while failing to get it to work with an 8-character password before I figured this out.
It probably goes without saying, but make sure you type the same password into your NAS. (And set it for your initiator, instead of what my NAS called the "bidirectional authentication" for letting clients know they're talking to the right server.)
There are also settings in iscsid.conf for using CHAP during discovery. You might have to set those too, but my NAS didn't seem to support it, so I left them alone.
After some trial and error, I finally figured out that my NAS was picking up password changes immediately, but my client was saving some kind of a session that was making things difficult. Eventually I determined that to actually get my new settings to take effect I had to stop my daemon, rm -rf the session folder it had created in /etc/iscsi/nodes/, start the daemon again, and then start over from the discovery phase.
And there you go! Good luck.
GNN July 20, 2013
And now, for the first (and possibly last) post of GNN (Gonderic's Notable News). (Not to be confused in any way with this famous android we know and love.)
Science!
Interstellar chemistry makes use of quantum shortcut
Chemistry in space exploits quantum phenomenon because it's so darn cold.
Perfect mirror debuts
Scientists create perfect mirror by drilling tiny holes.
Why are some people mosquito magnets?
Not sure how practically useful this is, but interesting.
Computers
Remy
Evolving better congestion control algorithms.
Why mobile apps are slow and Why mobile web is slow
The titles say it all..
Society
Rise of the Warrior Cop
The trend to militarize America's police
Science!
Interstellar chemistry makes use of quantum shortcut
Chemistry in space exploits quantum phenomenon because it's so darn cold.
Perfect mirror debuts
Scientists create perfect mirror by drilling tiny holes.
Why are some people mosquito magnets?
Not sure how practically useful this is, but interesting.
Computers
Remy
Evolving better congestion control algorithms.
Why mobile apps are slow and Why mobile web is slow
The titles say it all..
Society
Rise of the Warrior Cop
The trend to militarize America's police
20130216
Grocery Shopping With Scott Adams
Scott Adams view of what going shopping feels like: http://dilbert.com/blog/entry/i_want_my_cheese/
I can relate on too many points...
Safeway recently launched an online coupon system up here, which I tried for a while because it seemed nifty. I don't mind saving money, but actually tracking the paper coupons they give me is too much work (which I'm sure is why they do it). But after a couple weeks I finally figured out that they were giving me "discounts" in my online coupon profile that were already available for everyone on the shelves (or at least anyone with a Safeway card). Then I just felt manipulated...
So now I try to use my credit card when I shop there in hopes that whatever extra 2% fee they have to pay to Visa hurts.
I can relate on too many points...
Safeway recently launched an online coupon system up here, which I tried for a while because it seemed nifty. I don't mind saving money, but actually tracking the paper coupons they give me is too much work (which I'm sure is why they do it). But after a couple weeks I finally figured out that they were giving me "discounts" in my online coupon profile that were already available for everyone on the shelves (or at least anyone with a Safeway card). Then I just felt manipulated...
So now I try to use my credit card when I shop there in hopes that whatever extra 2% fee they have to pay to Visa hurts.
Subscribe to:
Posts (Atom)
