In a previous post it became clear that censorship in The Netherlands has started. Due to the nature of the Internet and how it has been implemented in most lands, it means there is no central point of control to stop all to an IP-address. This means every network owner needs to take action, but how do they do it?
In the case of thepiratebay.org it looks like it has been done by manipulating DNS-answers. The first attempt is just using the DNS-resolver from the internet access provider and the second is an attempt using Google public resolvers.
$ dig thepiratebay.org
; < <>> DiG 9.8.1 < <>> thepiratebay.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6811
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;thepiratebay.org. IN A
;; ANSWER SECTION:
thepiratebay.org. 10 IN A 194.109.6.92
;; ADDITIONAL SECTION:
thepiratebay.org. 10 IN TXT "Forged by XS4ALL for Stichting B.R.E.I.N."
;; Query time: 19 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Sat Feb 4 08:15:35 2012
;; MSG SIZE rcvd: 104
$ dig thepiratebay.org @8.8.8.8
; <<>> DiG 9.8.1 < <>> thepiratebay.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 4847
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;thepiratebay.org. IN A
;; ANSWER SECTION:
thepiratebay.org. 2596 IN A 194.71.107.50
;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 4 08:16:16 2012
;; MSG SIZE rcvd: 50
By just changing DNS resolvers on the client or internet router the censorship can be bypassed for now. The question remaining is how long this is going to stand when the first article is published by a big computer magazine on how to bypass it. Or when sites also get an .onion to bypass DNS completely.
A picture says more than a thousand words, but censorship in The Netherlands has started thanks to Stichting Brein.
As from now all my DVD’s are for sale on Bol.com and yes in March I’ll join the month of not spending a penny on the entertainment industry which was proposed for SOPA and PIPA. It only make me wonder how ACTA is going to influence the Internet when it gets approved.
Firefox 10 beta 6 was released on last week and with the final release coming soon it was time to have a closer look at Firefox 10. I must say that this is a release worth installing like Firefox 5 was with decent HTML5 video support. But what makes Firefox 10 different then previous releases? Then answer is simple, WebGL. WebGL is a way to do 3D programming and rendering directly from within JavaScript.
With Firefox 10 WebGL works and there for also Google Street View works without the need of Flash. Yes, another dependency on Flash has been removed. The previous major dependency was YouTube, but as some may have noticed they also are in a transition from Flash to HTML5 video where you get the HTML5 variant when Flash doesn’t work.
As more and more websites switch from a Flash-player for video toward HTML5 in under a year it makes you wonder what WebGL is going to change. Was HTML5 a year ago only for the geeks and cutting edge, now more and more starts to depend on it. With HTML5 Canvas a lot of Arcade games where rewritten to run in a webbrowser. With WebGL the question comes when Doom has been rewritten to run in a webbrowser. Maybe something for a Google Summer of Code project?
In a previous posting I started with BtrFS and as mentioned BtrFS supports snapshotting. With this you can create a point in time copy of a subvolume and even create a clone that can be used as a new working subvolume. To start we first need the BtrFS volume which can and must always be identified as subvolid 0. This as the default volume to be mounted can be altered to a subvolume instead of the real root of a BtrFS volume. We start with updating /etc/fstab so we can mount the BtrFS volume.
LABEL=datavol /home btrfs defaults,subvol=home 0 0
LABEL=datavol /media/btrfs-datavol btrfs defaults,noauto,subvolid=0 0 0
As /media is a temporary file system, meaning it is being recreated with every reboot, we need to create a mountpoint for the BtrFS volume before mounting. After that we create two read-only snapshots with a small delay in between. As there is currently no naming guide for how to call snapshots, I adopted the ZFS naming schema with the @-sign as separator between the subvolume name and timestamp.
$ sudo mkdir -m 0755 /media/btrfs-datavol
$ sudo mount /media/btrfs-datavol
$ cd /media/btrfs-datavol
$ sudo btrfs subvolume snapshot -r home home\@`date "+%Y%M%d-%H%m%S-%Z"`
Create a readonly snapshot of 'home' in './home@20124721-080109-CET
...
$ sudo btrfs subvolume snapshot -r home home\@`date "+%Y%M%d-%H%m%S-%Z"`
Create a readonly snapshot of 'home' in './home@20124721-080131-CET'
$ ls -l
totaal 0
drwxr-xr-x 1 root root 52 nov 21 2010 home
drwxr-xr-x 1 root root 52 nov 21 2010 home@20124721-080109-CET
drwxr-xr-x 1 root root 52 nov 21 2010 home@20124721-080131-CET
We now have two read-only snapshots and lets test to see if they are real read-only subvolumes. The creation a new file shouldn’t be possible.
$sudo touch home@20124721-080109-CET/test.txt
touch: cannot touch `home@20124721-080109-CET/test.txt': Read-only file system
Creating snapshots is fun and handy for migrations or as on disk backup solution, but they do consume space as the delta’s between snapshots is being kept on disk. Meaning that changes between the snapshots are being keept on disk even when you remove them. Freeing diskspace will not only be removing them from the current snapshot, but also removing previous snapshots that include the removed data.
$ sudo btrfs subvolume delete home@20124721-080109-CET
Delete subvolume '/media/btrfs-datavol/home@20124721-080109-CET'
$ ls -l
totaal 0
drwxr-xr-x 1 root root 52 nov 21 2010 home
drwxr-xr-x 1 root root 52 nov 21 2010 home@20124721-080131-CET
As last step we unmount the BtrFS volume again. This is where ZFS and BtrFS differ too much for my taste. To create and access snapshots on ZFS the zpool doesn’t needs to be mounted, but then again with the first few release of ZFS the zpool needed to mounted as well. So there is still hope as BtrFS is still under development.
$ sudo umount /media/btrfs-datavol
Seeing what is possible with BtrFS, Sun’s TimeSlider becomes an option. Also the option of Live Upgrades with rollbacks as is possible with Solaris 11, but for that BtrFS with read-write snapshots needs to be tested in the near future.
After using ZFS on Solaris, I missed the ZFS features on Linux and with no chance of ZFS coming to Linux I had to do with MD and LVM. Or at least until BtrFS became mature enough and since the Linux 3.0 that time slowly has come. With Linux 3.0 BtrFS supports autodefragmentation and scrubbing of volumes. The second is maybe the most important feature of both ZFS and BtrFS as it can be used to actively scan data on disk for errors.
The first tests with BtrFS where in a virtual machine already a longtime ago, but the userland tools where still in development. Now the command btrfs follows the path set by Sun Microsystems and basically combines the commands zfs and zpool for ZFS. But nothing compares to a test in the real world and so I broke a mirror and created a BtrFS volume with the name datavol:
$ sudo mkfs.btrfs -L 'datavol' /dev/sdb2
Now we can mount the volume and create a subvolume on it which we are going to be using as our new home volume for users homedirectories.
$ sudo mount /dev/sdb2 /mnt
$ sudo btrfs subvolume create /mnt/home
$ sudo umount /dev/sdb2
When updating /etc/fstab we can tell mount to use the volumename instead of a physical path to a device or some obscure UUID number. Also you can tell which subvolume you want to mount.
LABEL=datavol /home btrfs defaults,subvol=home 0 0
After unmounting and disabling the original volume for /home we can mount everything and copy all the data with rsync for example to see how BtrFS is working in the real world.
As hinted before scrubbing is important as you can verify that all your data and metadata on disk is still correct. You can do a read-write test by default or only read test to see if all data can be accessed. There is even an option to read parts of the volume that are still unused. In the example below the subvolume for /home is being scrubbed and with success.
$ sudo btrfs scrub status /home
scrub status for afed6685-315d-4c4d-bac2-865388b28fd2
scrub started at Sat Jan 17 15:11:58 2012, running for 106 seconds
total bytes scrubbed: 5.77GB with 0 errors
...
$ sudo btrfs scrub status /mnt
scrub status for afed6685-315d-4c4d-bac2-865388b28fd2
scrub started at Sat Jan 17 15:11:58 2012 and finished after 11125 seconds
total bytes scrubbed: 792.82GB with 0 errors
The first glances of BtrFS in the real world are a lot better with kernel 3.1 then somewhere with kernel 2.6.30 and I’m slowly starting to say it becomes ready to be included in RHEL 7 of Debian 8 for example as default storage solution. The same as ZFS became in Solaris 11. But it is not all glory as still a lot of work needs to be done.
The first is encryption as the LUKS era ends with BtrFS as it is not smart to put it between your disks and BtrFS. You lose the advantage of balancing data between disks when you do mirroring for example. But then again LVM has the same issue where you then also first need to setup software raid with MD with LUKS on top of it and LVM on top of that. For home directories EncFS maybe an option, but it still leaves a lot of area’s uncovered that would be covered by LUKS out of the box.
The second issue is the integration of BtrFS in distributions and the handling of snapshots. As for now you first need to mount the volume before you can make a snapshot of a subvolume. The same for access a snapshot and for that I think ZFS still has an advantage with the .zfs directory accessible for everyone who has access to the filesystem. But time will tell and for now the first tests look great.
Recent Comments