Tuesday, October 19, 2010

Microcode

This morning, one of my servers (Dell Poweredge R510, with a quad-core Intel Xeon E5520 CPU running Debian 5.0.4) had crashed. It didn't respond to anything : ping, ssh, smb. Not even when physically attaching a screen and a USB keyboard to it, did it respond.
After a reboot, the system started without a problem and everything seemed to work again.

Skimming through the logs I found some things occuring :

kernel: BUG: soft lockup - CPU#7 stuck for 61s!
and
kernel: __ratelimit: 35 messages suppressed
kernel: nf_conntrack: table full, dropping packet.

After Googling, I didn't really find a sound explanation, but some of the things that was mentioned was a bug in the Intel CPU, which could be solved by updating the CPU Microcode.

I'm not sure this will solve my problem, which only happened once since I started using the server about half a year ago, but as was mentioned, it does little risk, doesn't slow down your machine and might solve a few  problems.

So I installed two packages (you need contrib and non-free repositories):
apt-get install intel-microcode microcode.ctl
Package intel-microcode contains the updated microcode for Intel CPU's, while microcode.ctl does the update. Because the update is done in memory, the update is lost after a reboot, so you will have to do it again, but this package takes care of that.

Update 06Dec2010 : The microcode is automatically updated after a reboot. :)

Wednesday, October 13, 2010

Open Source Social Networking

For quite some time now, I've been thinking about a social networking website alternative, where you, as a user, can keep control of what you submit : who can see it, what can be seen, and most important, if you delete it, that it is really gone (at least from the website you originally put it on, as one can not be sure that something that is published on the internet can be completely removed from it). But I got an insight on how it could be done. It's only a rough idea, with a lot of conceptual and practical things still to be sorted out :

A way to reach this goal is to use encryption. When encrypting a message for instance with OpenPGP, you use the public keys of the ones that should be able to decrypt the message. To do so, they use their own - private - key, which is of course private, and can only be used by the one who owns it. So this way, only the ones you intend to be able to read your message will be able to read it.
So, in case of this conceptual open source social networking website, every user has a PGP-key. If you want to submit something to this website, for instance your place of birth, you encrypt it, using the public keys of a selection of your friends and submit that encrypted chunk of data to the website, where it is stored in the database.
If one of your friends accesses your page on this social networking website, all the data, in encrypted form, is requested from the website and decrypted using the private key of that friend. The data that was encrypted with that persons public key, will be decrypted, while the rest will remain unreadable, thus showing only the data that you intended for that person.
If on a later moment, you decide you want to change the list of people that will be able to consult your place of birth, you simple encrypt the same data with different keys and replace it in the database.

The kind of data you can encrypt is of course not limited to short texts, but can also be a picture, a piece of video, a link to a website, a piece of you DNA, ...
The upside of storing an encrypted version of the data you share, makes it unreadable to anyone who doesn't have the right decryption key. So even if your data remains in the database of the website, it will only be readable for the persons it was originally intended for. It will even not be readable by the maintainers of the website, unless you include their public key when encrypting.

So, the bottom line is that YOU should be able to keep control over your data. Encrypting the data is one thing, somewhat trusting the software that makes it happen and of course also the ones hosting it all, is as important.
And here the Open Source model comes in. The software is freely available, so the way it works can be checked and improved by the Open Source community.
And because the software is freely available, anyone can set up a social networking website. So as a user, you can choose who to trust when you join a group.


Of course, this is all just an idea and a very general concept.

One final remark : in order for this to work, the whole encryption mechanism should be invisible for the end user. And the encryption should be handled client side, for obvious reasons, otherwise the data you intend to be limited available, might end up unencrypted on some kind of server.

Thursday, October 07, 2010

change permissions of files and folders

On *nix, when you want to change the access permission of a directory and all files and folders in it, you could use :

cd your_dir
chmod -R 750 *
But this doesn't make a distinction between files and folders. So if you want different permissions for files and folders, you can do this :
cd your_dir
find -type f -exec chmod 640 {} \;
find -type d -exec chmod 750 {} \;