Formatting a linux machine over ssh

Lets say you have data on a remote linux machine, and for what ever reason you need to format the drive.  Like for instance you decide to switch VPS hosts.  If you just let them delete it, you have no way of knowing what really happens to your data.   So providing you have ssh access here is a way to eliminate your data.

One of the beauties of linux is that everything is a file or folder.  So if you need to store something in the RAM you can do so by copying it to.  /dev/shm.  This is useful for us.

The /proc directory holds information about your system, kernel, configuration parameters, processes, etc.  We need access to this.  Once we have formatted the system, we will no longer be able to use our normal methods of shutting down.

So first off you will want to become root.  If you don't know how to do this..  You probably shouldn't be trying to do this.

Then we need to mount /proc in /dev/shm so we will have access after we have formatted the drive.

 mkdir /dev/shm/proc  
 mount /proc /dev/shm/proc -t proc  

If you need any other tools like ls copy them from /bin into /dev/shm because they will be gone.

Now you need to cd into /dev/shm.  Again once you have formatted the drive you won't be able to change into it, because / doesn't exist.

Now you can choose your method of destruction.  Some you could use:

• rm -rf --no-preserve-root /
• dd if=/dev/urandom of=/dev/sda
• shred -n1 -z -v  /dev/sda (you can replace the number with how ever many passes you wish to run)

I personally used shred.

Once this is done its time to put the machine to rest.

 echo 1 > proc/sys/kernel/sysrq  
 echo o > proc/sysrq-trigger  

And next time it starts up you will have nada!  Everything is gone.  You might want to fire up a VM and give this a go before you go and try it.

God bless,

Aaron

Libki project

In my short time at the library, i've done more programming, linux work then I thought possible.  Especially for working at a library.

We have about 11-12 computers available for patrons to use for the internet.  Right now these are using a distribution called Userful.  It costs the library X amount of dollars every month.  The support is next to nothing.  They allow multiple logins, they have outdated software, and we aren't able to do much except change network and printer settings.

This makes it pretty hard to help out the patrons.  If a machine goes down, we have to reinstall and then wait on their servers to reauthorize the machine.  This also puts a major cramp in productivity.

Here is born libki.  Kyle Hall began work on this system about a year or so ago.  It took us a while to dig through his code and get up and running.  But we finally have it working.  

Problem now is it's feature set is very incomplete.  

Login window.  In production would be full screen.

Server side its using cakephp.  *Shudder*  It's hideous.  He did a great job with it, but I can't stand templating engines.  Give me straight php any day.

Client is using php+gtk.  An interesting combo.  I never would have thought have using php for client side.  Looking through the code.. Its really not all that complicated.

Kyle's started working on a complete rewrite.  Client written in C++/Qt4.  Server php / Ajax.  

I'm really aching to get access to the code.  A project with a need. Several libraries accross the world are interested in this project.  I'm not especially thrilled about Qt4 as i've never used it before.  But it is cross platform, so it would be worth learning.  

If I was to go and write the system on my own... I think I might would go for python for the client.  

God bless,

Aaron

Childrens distro sneak peak

I was assigned the task of creating a children's linux distro for use here at the library.  Here's a sneak peak.



I'm basing it on Linux Mint for now.  I think i'll probably move it all over to straight Ubuntu before finalizing.  The dock is called docky.  Can be installed from apt-get.

As you can see I've loaded it up with games.  Once i've finished i'll give a better break down of what i've done.

God bless,

Aaron

Ipv6: Keeping the tunnel connected with dynamic IP

Put together a script to keep your ip updated for the tunnel.  This is for Hurricane Electric.  Just plug in your info from your tunnel info page.


If Ubuntu, copy this file to:  /etc/init.d/updateip
Then, sudo ln -s /etc/init.d/updateip /etc/rc2.d/S95updateip

Will now start up with the computer.
Hope it helps someone. 
God Bless,

Aaron

IPv6: Setting up the tunnel in Ubuntu

With ICANN recently announcing the end of IPv4 addresses to allocate, its time to take a look at the future.


What is IPv6? According to Cisco IPv6 is:

IP Version 6. Replacement for IPv4. A next generation IP protocol. IPv6 is backward compatible with and is designed to fix the shortcomings of IPv4, such as data security and maximum number of user addresses. IPv6 increases the address space from 32 to 128 bits, providing for an unlimited number of networks and systems. It also supports quality of service (QoS) parameters for real-time audio and video.

A typical IPv4 address looked something like this: 74.125.225.17 (One of google's)
An IPv6 Address: 2a00:1450:8006:0000:0000:0000:0000:0068 or 2a00:1450:8006::68(ipv6.google.com)


Yeah... Not pretty, not pretty at all. Do I need to switch to IPv6? No you don't. I don't think we'll ever see a complete switch. Your current setup is fine. This is for those of you that actually like learning technology. Learn hands on.


Lets get started! First you will need to choose a tunnel provider. Personally I chose Hurricane Electric's Tunnel Broker. There is also Sixxs, Gogo6, Teredo/Miredo etc.. This guide, only applies to Hurricane Electric's as the rest use a different approach. If you only want to check IPv6 enabled websites out. Go with one of the others. Teredo/Miredo is pretty much point and click.


Once you sign up for an account and sign in, click Create Regular Tunnel.

You should see something similar.  Obviously minus the markings.  

Where it says the IP you are view from.  Copy and paste that into the IPv4 endpoint Box.  Select a server nearest you.  For me Chicago is the closest.  Click Submit.

If it gives you an error about not being able to reach the ipv4 address.   You will need to login to your router and allow ICMP packets through.  If you need help finding this let me know.

Once complete you will receive a list of Information for your tunnel.  Write this all down.  Important for the next step.  You should have the information similar to this:

Tunnel Connection

Server End IPv4:  209.51.191.5

                   IPv6: 2001:470:d51e:f35::1/64

Client End IPv4: (Your IP)

                 IPv6: 2001:470:d51e:f35::2/64

DNS

74.82.42.42

2001:470:20::2

Routed

2001:470:d51f:f35::1/64

Note: This is not my information.  Made the addresses up.  But yours should look very similar.

It also has the option to allocate a /48.  If you want to setup a firewalled network with clients and servers on different subnets like I am.  Go ahead and allocate one.

Now open up a terminal issue:  sudo nano /etc/network/interfaces 

Should then look something like that.  Run: sudo /etc/init.d/networking restart

You should now have access.  Try browsing http://ipv6.google.com or http://www.v6.facebook.com or http://ipv6.geekgonecrazy.com 

Its important to note, that the bridge Ip and your actual ip are only slightly different.  So make sure to keep them straight.  As the bridge does no more than connect you.  The other is your routed subnet of /64.  A /64 can have 

18,446,744,073,709,551,616 Hosts or devices.  Insane right?  Compared to IPv4, where your ISP will charge you $10+ for 1 static.

I've enabled IPv6 access to my whole network, and will be continuing in several following posts showing the steps i've taken.

If you have questions/problems, let me know i'd be happy to help in any way I can.

Thanks,

Aaron

Project Opacity: Prototype to Production

     About a month ago at work we started a project internally known as Project Opacity.

Opacity by definition: is the quality of being opaque to a degree; the degree to which something reduces the passage of light

Honestly, I have no idea how this has anything to do with being more transparent.  Maybe by allowing patrons easier access to information?  I didn't ask on the naming.

Anyways, on to what Project Opacity actually is.  Through out the library there are computer stations from which patrons can access the library catalog.  Which we call Opac's or kiosks.  Come to think of it, this probably is where the name comes from.

An old Opac station.

This was one of the old Opac's.  They were becoming extremely unreliable.  Half the time they weren't working.  The graphics on the web page wouldn't show.  Pages took a long time to load.  Most of this is due to the browser being something along the lines of IE4(Ok maybe not.  Honestly not sure).  It was winCE based.

This is the cabinet space below where the thin client was kept.

They were using old WYSE thin clients.  I'm sure these could have been updated or something.  But I can imagine licensing would have been a pain.  As well has who knows might not have supported this hardware.  Personally really glad to not have to deal with winCE, being a linux guy.

So my boss hunted around looking into upgrading these.  Custom clients vs updated WYSE type thin clients.  Custom clients won!  Thankfully!  I believe they were same price, if not cheaper with twice the hardware specs.  Operating system: Linux.  WOOT!  Needless to say,  I got excited about this project.

So low and behold we have a prototype!!

Kind of a sexy little machine.  Using CF card for hard drive, Atom processor, and 2 gigs of ram.  Decent setup really.  

I then spent the better part of a week designing a custom linux install, based on linuxmint.  Went through the process of actually making my own install CD.  Very cool stuff!  In the near future I plan on writing a post on doing this.  But for now sticking with Project Opacity, the Hardware side.  Believe me, plenty enough to write about!

So tested it got everything working.  Then, a shocking thing happened.  My boss opened the case, looking for a better way to mount the CF to SATA adapter.  *BOOM!* *POP* *POP*  Ok, so maybe an exaggeration, but the power supply blew.   

Long story short, verified it was the power supply, and ordered new one.  Around the same time also ordering parts, for the eight needed to replace all the Opac's, in both branches of the library.

Cart full of parts for all eight Opac's.

Then we started building them.  Here are some pictures of the parts and putting them together.

8gb CF card.

The CF to SATA converter.

2GB Ram.  Yeah I know just ram.  But I took a pic.. 

Motherboard with Atom processor on it.

Now laying the parts out and actually building them.  Yeah I know, some of you are saying, "So what?  Been there done that."  If you're that person, go read something else.  Others that don't get the chance to build computers, carry on.

Laid them out.  Ain't it so purdy?  

GAh! Wow that was hard.  We went and removed the cases from the box!  :-O
Actually in this same step we inventoried them.  I guess that is the significance.

Open case.

The motherboard in, and power supply in place.

Everything hooked up and ready.  Well almost..

CF to SATA adapter mounted.

Using power tools as an IT Assistant?? Who would have thought?

To mount the adapter, we drilled three holes through the top of the CD/Hard-drive bay.  Then we used motherboard standoffs, nuts, and screws to raise it away from the metal, preventing shorting.

Done?  No, not exactly.  One thing we forgot about completely, was how it would be fit into the cabinet.  Turns out, it didn't fit like we thought it would.  So for the ones mounted on the poles(4 of them), we had to make some modifications.

Two holes drilled where the legs normally would be glued.

Nuts & Bolts through strips of copper

View from the inside.  Yes had to remove the motherboard's.
Was kind of annoying.  But you do what you got to do.

Then we hung these bad boys!

A lot of hacking, but we got them in.  Next I had to flash/clone the CF cards.

Prototype, being prototypee?

First attempt.

As with anything in this project, cloning the cards was a learning experience.  At first we planned on using the CD I created and installing on each.  Which would have worked fine.  After turning it on, no interaction was needed for installation.  But still that's a lot of work, and lets face it.  CD drives are fast... But they are still so, slow!

So the cloning route seemed more appealing.  As seen in the screenshot, I booted from a cd, created a disc image, compressed it, then uncompressed and DD(the disk copy command in linux) to card.  Not sure why this didn't work.  Next just copied directly from one disc to another.

Direct copying from sda to sdb.

Worked great!  Done using:

dd if=/dev/sda bs=256M of=/dev/sdb

For those that don't know how dd works.  if=/dev/sda  "if" stands for input file.  Everything in linux is a file.  Topic for another time.  "/dev/sda" is the path or file where the source disc that you want to copy from is.   "bs=256M"  aka byte size equals 256 megabytes.  The size of the blocks you want copied.  Seems the bigger byte size the faster it transfers.  It transfers it in 256mb chunks.  Finally "of=/dev/sdb". Like the first parameter "of" is output file, and "/dev/sdb" is the output file or destination disc.  

If you have only two discs first disc being in SATA1 and second in SATA2 this is probably correct for you.  Check first!!! You get these backwards and you're gonna wipe out your source disc.  Be careful!

Think before you do, and you'll be fine.  Now we just simply installed the CF cards.

CF card being put in.

Finally!  Power them up!

Opac interface

Software fully operational.  Still making some little tweaks to make the experience better. 

A couple of the key things that make this solution ideal:

Its linux!  The sky is the limit.  With just a few clicks was able to fully lock this down.  Can't close the window, log out, or do malicious things to the system.

All and all, I think we did an excellent job!

Next, figuring out how to update them all at once.  Puppet maybe? Been dying to try it out

Thanks for reading,

Aaron

Destroying a Hard Drive

Not very often do I get to be destructive at work. So when I do get to I get slightly excited! Had an old pentium 3 desktop they planned to give away. But it their copy of xp on it as well as some somewhat sensitive information. At first we were going to put the linux distribution of our fancy on it(this changes from day to day). But it wouldn't boot from the cd. Thought the cd drive was shot. Tried it and an external neither work. After 30 minutes of messing with it my boss gives up. Told me to just pull the hard drive out and trash it! :D

I'm sure we coulda used a floppy to boot from the cd. But, this was much more enjoyable.

God Bless,

Aaron