philip tricca

2010/08/16

Debian Logo Rights and Misuse

Filed under: Linux, computer — Tags: , — flihp @ 21:21

I’ve been traveling a whole bunch for work lately. A month or two ago I was on the road the hotel I was staying in was hosting a job fair that was put on by a company called the Catalyst Career Group. I couldn’t help but notice their logo looked familiar.

So after standing on my head in the middle of the lobby I realized that it’s just the Debian logo upside down. The Debian project is pretty explicit about the license they distribute their logo under [1] and this doesn’t follow the license by my reading of it.

Now what to do about it? The Debian legal mailing list [2] looks like the right place. I’ll update on the results of this one. Interesting stuff.

[1] http://www.debian.org/logos/
[2] http://www.debian.org/legal/

2010/08/15

Thruxton Sprockets

Filed under: Motorcycle — Tags: , — flihp @ 14:21

The chain on my Thruxton was about 6 years old and looking pretty ratty so I decided it was time for a new one. My buddy recently did some homework on chains and he ended up buying an EK X Ring chain so I followed suit. After hitting my Haynes manual to find out the right specs (525, 104 links) I picked one up. Found a good deal on an EK MVXZ 525 through ebay along with a chain tool to break the old one, and get the new one on.

Old Chain

My first mistake was trying to break the old chain off of my Thruxton with a $20 chain tool and not enough of the rivet ground down. So I broke the pin on that one and, surprise, it didn’t come with a spare. I took a pretty good chunk out of my knuckle when the pin broke and I was a bit pissed so I switched over to the cutting wheel and just cut the chain off. Should have just done that in the first place. Glad to have the old chain off too since it had a few links that weren’t flexing right. That’s why it felt funny while I was riding.

Since I was without a chain tool now I took the new one down to Destiny Motorsports and Garry cut it down for me. Great spot if you’re in Syracuse and you need an inspection or service. They’ve always done right by me and this time was no different.

Rear Sprocket

Now that I had the new chain at the right length I had to switch out the sprockets. I figured since I had the chain off it would make sense to upgrade the sprockets with some after market ones from British Customs. I picked up an aluminum rear sprocket and a fancy steel front too. I didn’t change the tooth ratio but I’m tempted to try a smaller front sprocket in the future.

Anyways getting the rear sprocket off was easy enough. Remove the rear wheel, pull the old one, put on the new one. The white stuff on the new sprocket is just lithium grease from the new chain. They come covered in that stuff and you’re gonna want to wipe as much of it off the chain before you ride on it.

Front Sprocket

Getting the front sprocket off was a bit of a trick. First off you’ve gotta bend back a huge washer that is bent down on the nut that holds the sprocket on. I did it with a screw driver but I’m sure there are better ways. This nut is huge by the way. 36 or 38mm and sockets that big get super pricey, not to mention a driver for it and a torque wrench if you want to torque it back down to spec.

After putting the new sprocket on you’ve gotta torque down the nut and flatten out the washer again. Flattening the washer down on the sprocket isn’t something you can do with a screwdriver. A small punch works perfectly if you’ve got one laying around.

New Chain

Pressing the master link on the new chain on is a real pain. I’ve already gone through one cheep chain tool so this time I got the real deal from EK. This tool is worth every penny and makes getting the master link on much easier than it would be normally. They’ve still got the EK chain tool on special at Moto-Chains so if you’re gonna buy one I’d recommend this one. It’ll press on the plates and press out pins. You can even use it for riveting.

So this is what the master link looks like after it’s been riveted. I didn’t take a picture of the chain when it was completely new. The photo below is the chain after 1200 miles through the white mountains. I was rushing to get the new chain on for the trip and forgot to snap a photo when it was fresh.

So that’s it. The new chain and sprockets are great. Not something you really notice when you’re riding but that’s the whole point. My old chain had a few links that weren’t flexing right and I could definitely feel the kinks when I was riding on it. This new one is super smooth which is the effect I was going for.

2010/08/14

Parking Meter Fail

Filed under: Uncategorized — Tags: — flihp @ 20:19

Even parking meters have bad days. Ran across this about a month ago and it gave me a laugh when I was cleaning out my camera/phone tonight. Enjoy.

2010/07/20

Xen Network Driver Domain: How

Filed under: HowTo, Linux, security — Tags: , , , , — flihp @ 23:37

In my last post I went into the reasons why exporting the network hardware from dom0 to an unprivileged driver domain is good for security. This time the “how” is our focus. The documentation out there isn’t perfect and it could use a bit of updating so expect to see a few edits to the relevant Xen wiki page [1] in the near future.

Basic setup

How you configure your Xen system is super important. The remainder of this post assumes you’re running the latest Xen from the unstable mercurial repository (4.0.1) with the latest 2.6.32 paravirt_ops kernel [2] from Jeremy Fitzhardinge’s git tree (2.6.32.16). If you’re running older versions of either Xen or the Linux kernel this may not work so you should consider updating.

For this post I’ll have 3 virtual machines (VMs).

  1. the administrative domain (dom0) which is required to boot the system
  2. an unprivileged domain (domU) that we’ll call “nicdom” which is short for network interface card (NIC) domain. You guessed it, this will become our network driver domain.
  3. another unprivileged domain (domU or client domain) that will get its virtual network interface from nicdom

I don’t really care how you build your virtual machines. Use whatever method you’re comfortable with. Personally I’m a command line junkie so I’ll be debootstrapping mine on LVM partitions as minimal Debian squeeze/sid systems running the latest pvops kernel. Initially the configuration files used to start up these two domUs will be nearly identical:
nicdom:

kernel="/boot/vmlinuz-2.6.32.16-xen-amd64"
ramdisk="/boot/initrd.img-2.6.32.16-xen-amd64"
memory=256
name="nicdom"
disk=["phy:/dev/lvgroup/nicdom_root,xvda,w"]
root="/dev/xvda ro"
extra="console=hvc0 xencons=tty"

client domain

kernel="/boot/vmlinuz-2.6.32.16-xen-amd64"
ramdisk="/boot/initrd.img-2.6.32.16-xen-amd64"
memory=1024
name="client"
disk=[
    "phy:/dev/lvgroup/client_root,xvda,w",
    "phy:/dev/lvgroup/client_swap,xvdb,w",
]
root="/dev/xvda ro"
extra="console=hvc0 xencons=tty"

I’ve given the client a swap partition and more ram because I intend to turn it into a desktop. The nicdom (driver domain) has been kept as small as possible since it’s basically a utility that won’t have many logins. Obviously there’s more to it than just load up these config files but installing VMs is beyond the scope of this document.

PCI pass through

The first step in configuring the nicdom is passing the network card directly through to it. The xen-pciback driver is the first step in this process. It hides the PCI device from dom0 which will later allow us to bind the device to a domU through configuration when we boot it using xm

There’s two ways to configure the xen-pciback driver:

  1. kernel parameters at dom0 boot time
  2. dynamic configuration using sysfs

xen-pciback kernel parameter

The first is the easiest so we’ll start there. You need to pass the kernel some parameters to tell it which PCI device to pass to the xen-pciback driver. Your grub kernel line should look something like this:

module /vmlinuz-2.6.32.16-xen-amd64 /vmlinuz-2.6.32.16-xen-amd64 root=/dev/something ro console=tty0 xen-pciback.hide=(00:19.0) intel_iommu=on

The important part here is the xen-pciback.hide parameter that identifies the PCI device to hide. I’m using a mixed Debian squeeze/sid system so getting used to grub2 is a bit of a task. Automating the configuration through grub is outside the scope of this document so I’ll assume you have a working grub.cfg or a way to build one.

Once you boot up your dom0 you’ll notice that lspci still shows the PCI device. That’s fine because the device is still there, it’s just the kernel is ignoring it. What’s important is that when you issue an ip addr you don’t have a network device for this PCI device. On my system all I see is the loopback (lo) device, no eth0.

dynamic configuration with sysfs

If you don’t want to restart your system you can pass the network device to the xen-pciback driver dynamically. First you need to unload all drivers that access the device: modprobe -r e1000e. This is the e1000e driver in my case.

Next we tell the xen-pciback driver to hide the device by passing it the device address:

echo "0000:00:19.0" | sudo tee /sys/bus/pci/drivers/pciback/new_slot
echo "0000:00:19.0" | sudo tee /sys/bus/pci/drivers/pciback/bind

Some of you may be thinking “what’s a slot” and I’ve got no good answer. If someone reading this knows, leave me something in the comments if you’ve got the time.

passing pci device to driver domain

Now that dom0 isn’t using the PCI device we can pass it off to our nicdom. We do this by including the line:

pci=['00:19.0']

in the configuration file for the nicdom. We can pass more than one device to this domain by placing another address between the square brackets like so:

pci=['00:19.0', '03:00.0']

Also we want to tell Xen that this domain is going to be a network driver domain and we have to configure IOMMU:

netif="yes"
extra="console=hvc0 xencons=tty iommu=soft"

Honestly I’m not sure exactly what these last two configuration lines do. There are a number of mailing list posts giving a number of magic configurations that are required to get PCI passthrough to work right. These ones worked for me so YMMV. If anyone wants to explain please leave a comment.

Now when this domU boots we can lspci and we’ll see these two devices listed. Their address may be the same as in dom0 but this depends on how you’ve configured your kernel. Make sure to read the Xen wiki page for PCIPassthrough [4] as it’s quite complete.

Depending on how you’ve set up your nicdom you may already have some networking configuration in place. I’m partial to debootstrapping my installs on a LVM partition so I end up doing the network configuration by hand. I’ll dedicate a whole post to configuring the networking in the nicdom later. For now just get it working however you know how.

the driver domain

As much as we want to just jump in and make the driver domain work there’s still a few configurations that we need to run through first.

Xen split drivers

Xen split drivers exist in two halves. The backend of the driver is located in the domain that owns the physical device. Each client domain that is serviced by the backend has a frontend driver that exposes a virtual device for the client. This is typically referred to as xen split drivers [3].

The xen networking drivers exist in two halves. For our nicdom to serve its purpose we need to load the xen-netback driver along with the xen-evtchn and the xenfs. We’ve already discussed what the xen-netback driver so let’s talk about what the others are.

The xenfs driver will exposes some xen specific stuff form the kernel to user space through the /proc file system. Exactly what this “stuff” is I’m still figuring out. If you dig into the code for the xen tools (xenstored and the various xenstore-* utilities) you’ll see a number of references to files in proc. From my preliminary reading this is where a lot of the xenstore data is exposed to domUs.

The xen-evtchn is a bit more mysterious to me at the moment. The name makes me think it’s responsible for the events used for communication between backend and frontend drivers but that’s just a guess.

So long story short, we need these modules loaded in nicdom:

modprobe -i xenfs xen-evtchn xen-netback

In the client we need the xenfs, xen-evtchn and the xen-netfront modules loaded.

Xen scripts and udev rules

Just like the Xen wiki says, we need to install the udev rules and the associated networking scripts. If you’re like me you like to know exactly what’s happening though, so you may want to trigger the backend / frontend and see the events coming from udev before you just blindly copy these files over.

udev events

To do this you need both the nicdom and the client VM up and running with no networking configured (see configs above). Once their both up start udevadm monitor --kernel --udev in each VM. Then try to create the network front and backends using xm. This is done from dom0 with a command like:

xm network-attach client mac=XX:XX:XX:XX:XX:XX,backend=nicdom

I’ll let the man page for xm explain the parameters :)

In the nicdom you should see the udev events creating the backend vif:

KERNEL[timestamp] online   /devices/vif/-4-0 (xen-backend)
UDEV_LOG=3
ACTION=online
DEVPATH=/devices/vif-4-0
SUBSYSTEM=xen-backend
XENBUS_TYPE=vif
XENBUS_PATH=backend/vif/4/0
XENBUS_BASE_PATH=backend
script=/etc/xen/scripts/vif-nat
vif=vif4.0

There are actually quite a few events but this one is the most important mostly because of the script and vif values. script is how the udev rule configures the network interface in the driver domain and the vif tells us the new interface name.

Really we don’t care what udev events happend in the client since the kernel will just magically create an eth0 device like any other. You can configure it using /etc/network/interfaces or any other method. If you’re interested in which events are triggered in the client I recommend recreating this experiment for yourself.

Without any udev rules and scripts in place the xm network-attach command should fail after a time out period. If you’re into reading network scripts or xend log files you’ll see that xend is waiting for the nicdom to report the status of the network-attach in a xenstore variable:

DEBUG (DevController:144) Waiting for 0.
DEBUG (DevController:628) hotplugStatusCallback /local/domain/1/backend/vif/3/0/hotplug-status

installing rules, scripts and tools

Now that we’ve seen the udev events we want to install the rules for Xen that will wait for the right event and will then trigger the necessary script. From the udevadm output above we’ve seen that dom0 passes the script name through the udev event. This script name is actually configured in the xend-config.xsp file in dom0:

(vif-script vif-whatever)

You can use whatever xen networking script you want (bridge is likely the easiest).

So how to install the udev rules and the scripts? Well you could just copy them over manually (mount the nicdom partition in dom0 and literally cp them into place). This method got me in trouble though and this detail is omitted from the relevant Xen wiki page [1]. What I didn’t know is the info I just supplied above: that dom0 waits for the driver domain to report its status through the xenstore. The networking scripts that get run in nicdom report this status but they require some xenstore-* utilities that aren’t installed in a client domain by default.

Worse yet I couldn’t see any logging out put from the script indicating that it was trying to execute xenstore-write and failing because there wasn’t an executable by that name on it’s path. Once I tracked down this problem (literally two weeks of code reading and bugging people on mailing lists) it was smooth sailing. You can install these utilities by hand to keep your nicdom as minimal as possible. What I did was copy over the whole xen-unstable source tree to my home directory on nicdom with the make tools target already built. Then I just ran make -C tools install to install all of the tools.

This is a bit heavy handed since it installs xend and xenstored which we don’t need. Not a big deal IMHO at this point. That’s pretty much it. If you want your vif to be created when your client VM is created just add a vif line to its configuration:

vif=["mac=XX:XX:XX:XX:XX:XX,backend=nic"]

Conclusion

In short the Xen DriverDomain has nearly all the information you need to get a driver domain up and running. What they’re missing are the little configuation tweeks that likely change from time to time and that the xenstore-* tools need to be installed in the driver domain. This last bit really stumped me since there seems to be virtually no debug info that comes out of the networking scripts.

If anyone out there tries to follow this leave me some feedback. There’s a lot of info here and I’m sure I forgot something. I’m interested in any way I can make this better / more clear so let me know what you think.

[1] http://wiki.xen.org/xenwiki/DriverDomain
[2] http://wiki.xensource.com/xenwiki/XenParavirtOps
[3] http://wiki.xen.org/xenwiki/XenSplitDrivers
[4] http://wiki.xen.org/xenwiki/XenPCIpassthrough

2010/07/14

Xen Network Driver Domain: Why

Filed under: HowTo, Linux, computer, security, software architecture — Tags: , , — flihp @ 20:57

If you’ve been watching the xen-user, xen-devel or the xen channel on freenode you’ve probably seen me asking questions about setting up a driver domain. You also may have noticed that the Xen wiki page dedicated to the topic [1] is a bit light on details. I’ve even had a few people contact me directly through email and my blog to see if I have this working yet which I think is great. I’m glad to know there are other people interested in this besides me.

This post is the first in a series in which I’ll explains how I went about configuring Xen to bind a network device to an unprivileged domain (typically called domU) and how I configured this domU (Linux) to act as a network back end for other Linux domUs. This first post will frame the problem and tell you why you should care. My next post will dig into the details of what needs to be done to set up a network driver domain.

Why

First off why is this important? Every Xen configuration I’ve seen had all devices hosted in the administrative domain (dom0) and everything worked fine. What do we gain by removing the device from dom0 and having it hosted in a domU.

The answer to these questions is all about security. If all you care about is functionality then don’t bother configuring a driver domain. You get no new “features” and no performance improvement (that I know of). What you do get is a dom0, the most security critical domain, with a reduced attack surface.

Let’s consider an attack scenario to make this concrete: Say an exploit exists in whichever Linux network driver you use. This exploit allows a remote attacker to send a specially crafted packet to your NIC and execute arbitrary code in your kernel. This is a worst case scenario, probably not something that will happen but it is possible. If dom0 is hosting this and all other devices and their drivers your system is hosed. The attacker can manipulate all of your domUs, the data in your domUs, everything.

Now suppose you’ve bound your NIC to a domU and configure this domU to act as a network back end for other domUs. Using the same (slightly far-fetched) vulnerability as an example, have we reduced the impact of the exploit?

The driver domain makes a significant difference here. Instead of having malicious code executing in dom0, it’s in an unprivileged domain. This isn’t to say that the exploit has no effect on the system. What we have achieved though is reducing the effects of the exploit. Instead of a full system compromise we’re now faced with a single unprivileged domain compromise and a denial of service on the networking offered to the other VMs.

The attacker can take down the networking for all of your VMs but they can’t get at their disks, they can’t shut them down, and they can’t create new VMs. Sure the attacker could sit in the driver domain and snoop on you domUs traffic but this sort of snooping is possible remotely. The appropriate use of encryption solves the disclosure problem. In the worst case scenario attacker could use this exploit as a first step in a more complex attack on the other VMs by manipulating the network driver front ends and possibly triggering another exploit.

In short a driver domain can reduce the attack surface of your Xen system. It’s not a cure-all but it’s good for your overall system security. I’m pretty burned out so I’ll wrap up with the matching “How” part of this post in the next day or two. Stay tuned.

[1] http://wiki.xen.org/xenwiki/DriverDomain

2010/07/08

handlebar hacking

Filed under: Bicycle — Tags: , — flihp @ 17:02

The crash course I’ve been getting in bicycle handle bar diameters is a real drag. There’s 1/7th of an inch difference between most roadbike bars and BMX so, as I describe in my last post, the stem on my new cutter won’t work with my new bull horn bars. The old FBM bars I had kicking around are super wonky but since I haven’t used them in a few years I figured I’d try cutting them to fit. Any reason to throwing a cutting wheel on my die grinder is a good reason :)

First off I cut down the forks and pressed a star nut so that’s been progress since my last post. These bars have the right shape but they’re way too tall:

First thing was to throw them into a vice and cut off the bottom part which makes the bars about 1/3 of the original height:

At this point they’re still too wide so I trimmed off two inches at the end of each handle. Notice the angle at the end of the bar. This is from a previous cut I made with a hack saw and never cleaned up:

That’s pretty much it. Here’s the final product:

So two points: First, if I have to remind you to wear safety gear when you’re cutting metal it’s already too late for you. Second, I’ve probably weakened the bars significantly by making these cuts. By cutting out the bottom of the bend I’ve effectively made these three piece bars and any weight that’s put on them is going directly onto the welds. Since this is a road bike I’m not worried but I’ll be keeping an eye on them just in case.

Now all I’ve gotta do is sand ‘em down and get some white paint. Then some brown bar tape to match my seat.

2010/07/03

Volume Cutter Assembled

Filed under: Bicycle — Tags: , — flihp @ 00:14

I’ve been waiting for what seems like forever to get my wheel set from Mello Velo (the local bike shop). I’ve had pretty much all of the other parts together for a week now, but a bike isn’t a bike without two wheels. Yesterday they finally came in.

You’d think that would be all good news but not everything is right with the world. Lets start with the good news though: I’ve got most of the parts that I need to build this thing now.

The cranks are Sugino and they were recommended by the bike shop. The tools required to install the bottom bracket and cranks on this thing are completely different from a BMX so the bike shop did the install. The accessories include a pair of Shadow Conspiracy BMX platform pedals (cheap plastic ones), origin 8 seat, chain and bull horn bars.

Now the bad news: the rear wheel (that big beautiful B43) got scratched up when an unnamed person at the bike shop was building them. And it isn’t just a scratch or two, they’re marked up in a huge way. I’ve got no experience building wheels but it must have taken some serious effort to do this type of damage:

I’m getting a replacement and I’m tempted to try building it myself but without a truing stand there isn’t much I can do. Either way this may work out to my benefit and here’s why. I purchased the front rim with a breaking surface. The intent was to mirror the other fixie setups I’ve seen with a break on the front wheel. The Volume Fu-Manchu forks aren’t drilled for a break but putting a hole in them isn’t a big deal. The problem is this:

The distance between the breaking surface on the rim and the location where the break mount belongs is huge on this fork. Comparing it to the fork on my Raleigh it’s nearly an inch and a half taller. I’ve heard of “long reach” breaks but that’s a really long way. The frame does have a hole to mount a break in the rear however but since I’ve had the B43 laced to the rear wheel I can’t (no breaking surface).

So when my replacement B43 comes in I’m going to have it laced to the front rim and for now I’ll keep the damaged B43 on my rear wheel. After riding around for a bit on it today without any breaks I really want to try going breakless for a while. If I decide it’s just too hairy to ride around without any breaks I’ll lace the deep v to the rear wheel and put a break back there. Here’s how it looks now:

The handle bars in the picture aren’t the bull horns from the picture above. I have a Fly BMX stem on there now and the size difference between road bike handlebars and BMX bars is about 1/8″. The bull horn bars won’t fit in this stem so I grabbed some FBM handlebars from my box of old parts.

The bars are way too high, the riding position is straight up beach cruiser with these bars. It’s kinda funny but not something that’s gonna last. I’ve got my eye on an Origin 8 Classic Pro Stem that’ll solve this problem. When I get the bars sorted and the toe-straps I ordered come in I’ll put up some final pictures. Oh yeah and the top of the fork still needs to be trimmed and I need to set a star nut in the fork too. Always more work to be done.

2010/06/29

Debian Lenny make-kpkg broken with new kernel

Filed under: computer, software — Tags: , , — flihp @ 21:24

If you use make-kpkg to build your kernels and you’re running Lenny you may have had problems building 2.6.34 when it came out. With kernel-package version 11.015 I’m getting the following error:

The UTS Release version in include/linux/version.h
""
does not match current version:
"2.6.34"
Please correct this

I’m sure more recent packages have this bug squashed but on Lenny it’s still a problem. What’s happening is make-kpkg is looking for a version string in $(KERN_ROOT)/include/linux/version.h and it’s not there. Every once in a while the kernel maintainers move stuff around and that’s exactly what happened. The UTS_RELEASE definition was moved from $(KERN_ROOT)/include/linux/utsrelease.h to $(KERN_ROOT)/include/generated/utsrelease.h

I found it confusing that the error message lists the version.h file. Turns out this definition has been moved before and when make-kpkg can’t find it in $(KERN_ROOT)/include/linux/utsrelease.h it falls back to version.h in the same directory. So we fix it with a quick patch.

--- ./version_vars.mk	2008-11-24 12:01:32.000000000 -0500
+++ ./version_vars.mk.new	2010-06-29 21:51:50.000000000 -0400
@@ -138,10 +138,10 @@
 EXTRAV_ARG :=
 endif
 
-UTS_RELEASE_HEADER=$(call doit,if [ -f include/linux/utsrelease.h ]; then  \
-	                       echo include/linux/utsrelease.h;            \
+UTS_RELEASE_HEADER=$(call doit,if [ -f include/generated/utsrelease.h ]; then  \
+	                       echo include/generated/utsrelease.h;            \
 	                   else                                            \
-                               echo include/linux/version.h ;              \
+                               echo include/linux/utsrelease.h ;              \
 	                   fi)
 UTS_RELEASE_VERSION=$(call doit,if [ -f $(UTS_RELEASE_HEADER) ]; then                    \
                  grep 'define UTS_RELEASE' $(UTS_RELEASE_HEADER) |                       \

Down load version_vars.mk.patch. Copy this patch to /usr/share/kernel-package/ruleset/misc/ and apply it:

zcat version_vars.mk.patch.gz | sudo patch -p1

If you’ve already tried to build your kernel and had it fail because of this bug you should copy the version_vars.mk we just patched to $(KERN_ROOT)/debian/ruleset/misc/ and run make-kpkg again. This should keep you from having to rebuild the whole kernel … which takes an age on my laptop.

Can’t wait for Squeeze to go stable but that always comes with a whole set of new problems :)

2010/06/28

QNAP 419P Torrent Client

Filed under: Rant, software — Tags: , — flihp @ 19:09

About 6 months ago I purchased a QNAP 419P NAS. I did a bunch of shopping around and settled on this one largely because it’s Linux based, runs on a low powered ARM cpu, and it’s got a pretty active community. After 6 months of operation I can’t say I’m thrilled, but it hasn’t been a complete disaster either.

I bought it to replace an older P4 system I had Frankensteined into a file server. It had an old ATA133 3ware raid card with ~900GB in raid 5. I had it running rtorrent on the console and serving up files using NFS. Pretty basic and it served my purposes just fine. I started running out of disk space so I picked up the QNAP 419P.

The 419P is a departure from my normal setup since everything is done through a web UI. I also mount my files using CIFS so my room mate can mount a drive too. The 419P will allow you to mount CIFS and NFS but the permissions get all borked up and since Linux support for CIFS is pretty good these days (and Windows support for NFS sucks) I made the switch.

Now on to the reason I’m writing all of this down: the torrent client that QNAP packages for the 419P is terrible. It’s custom so in their defense it’s a lot of software to maintain. That said I’ve got no idea why they’re trying to roll their own. There are so many web front ends to rtorrent++ that there’s no excuse to be building your own half-baked web front end.

Now bad UI I can handle but recently the trackers I used have started white listing clients. Naturally the identification string offered up by the QNAP torrent client isn’t on the list. So what to do? Well this is where the QNAP community comes in: package rtorrent++ and a few web front-ends. This is all described in their forums [1] and the person who did the heavy lifiting here is definitely getting a few paypal bucks from me as a thank you.

So I’ve got rtorrent and the front ends running on my 419P but why am I still annoyed? Well for one thing there’s no authentication for it. QNAP spent some time building their auth system and it’s not half bad but from the looks of it there isn’t a way for application developers / packagers to tie into it. So as it is now the web UI for rtorrent is wide open. Even on my home network I like to have at least a login / password.

There may be a way to tie into the QNAP auth infrastructure, or even a way to require some auth for the rtorrent front end (I’m thinking some sort of apache mod_auth foo to get at the URI). In the mountains of spare time I’ve got I’ll take a quick look (thick with sarcasm). For now I’m just happy to be downloading again thanks to the QNAP community.

[1] : http://forum.qnap.com/viewtopic.php?f=146&t=25165

2010/06/27

Chrome Valve Cover

Filed under: Motorcycle — Tags: , , — flihp @ 19:13

A few weeks ago the seal on my valve cover started leaking a bit of oil. It was very minor at first so I ignored it. Eventually it started leaking out on to my exhaust (headers) so I’d pull up to a light and notice a bit of smoke rising off my front end. That’s about the point when you can’t ignore the problem any more.

Replacing a seal is pretty easy especially a dry seal like the valve cover seal. I’ve been planning some upgrades though so I took the opportunity to blow some money. There’s some back story here though: this was my first bike and I learned to ride on it, the hard way. In my first summer I laid it down once on each side. The bike survived with minimal damage but the engine cover on the clutch side looks like someone went at it with a file. The alternator and valve covers got off easy but still got chipped up. Over time the hard coat on them started cracking noticeably.

Since I had to remove the valve cover I might as well replace it, right? Might as well get a chrome one too :) I even managed to track down the chrome replacement on ebay for pretty cheep so that’s always nice. Now I really screwed this one up though: I didn’t take as many pictures as I should have. With that in mind here’s the before shots with the tank removed.

When the valve cover is off the cam shafts are exposed. It was all I could do to keep from grabbing my laptop and ordering some more aggressive replacement cams. One step at a time. First replace the seal which actually wasn’t in bad shape. It was a bit frayed at the edges but there wasn’t any serious wear that I could see.

This is the point where I got excited, threw the camera to the side, replaced the seal and threw the new cover on without taking any pictures. I’ll learn eventually. I did it by the book (well by the Haynes Manual). I put a bit of grease on the seal, fitted it into the cover and replaced the bolts at the specified torque. Here’s what it looked like after it’s all back together.

Sadly it’s still bleeding a bit of oil. Nothing as bad as it was so I’m thinking the gasket may just need to get seated. Also the grease I applied may be running out a bit. For now I’m just carrying a shop rag with me and hoping for the best.

I ordered the rest of the replacement covers in chrome from British Customs along with a bunch of other stuff. My next post largely depends on what arrives in the mail first.

Older Posts »

Powered by WordPress