Blog O’ Matty

I have read a number of documents on correctly using CSS and XHTML over the past month, and have learned about a number of common mistakes people make when creating content that uses these technologies. Most of the articles discussed ways to structure web content to avoid these pitfalls, which got me wondering if anyone had taken these recommendations and created a tool to analyze content for errors. After a bit of googling, I came across the W3C content validation site, as well as the tidy utility.

The W3C website is super easy to use, and it provides extremely useful feedback that you can use to improve your content. The tidy utility provides similar capabilities, but has options to actually correct errors it finds in the files it analyzes. Tidy can be downloaded from sourceforge, or installed with your favorite package utility (the CentOS repositories contain tidy, so it’s a yum install way). Once tidy is installed, you can pass the name of one or more files to analyze as arguments:

$ tidy –indent index.html
line 8 column 1 - Warning: <link> isn’t allowed in elements
line 3 column 1 - Info: <html> previously mentioned
line 74 column 28 - Warning: unescaped & which should be written as &
line 74 column 29 - Warning: unescaped & which should be written as &
line 191 column 15 - Warning: discarding unexpected </h2>
line 181 column 9 - Warning: <a> escaping malformed URI reference
Info: Doctype given is “-//W3C//DTD XHTML 1.0 Strict//EN”
Info: Document content looks like XHTML 1.0 Transitional
5 warnings, 0 errors were found!

<HTML FILE CONTENTS WITH FIXES APPLIED>

The tidy output will contain the list of errors it detected as well as the corrected HTML code. This is amazingly cool, and it has tipped me off to a few issues with some of the XHTML files that I am using to support my website. Tidy and the W3C validation site are incredibly useful which will hopefully enhance the experience for individuals who access W3C validated content.

I am always on the look out for tools to analyze system performance. One nifty tool I recently came across is atop, which is an advanced system performance monitor for Linux. When atop is run, it displays overall system utilization in the header, and per-process CPU, memory, network or disk utilization information in the body (you need to patch your kernel to get disk and network utilization). Here is a sample atop session that shows just how awesome this utility is:

I really dig the headers, as well as the network and disk utilization menus. Atop rocks!

On most Linux hosts, the first field of the /etc/fstab file contains labels instead of disk partions. This simplifies file system management, since you don’t have to update the fstab file if you move a drive to a new controller, or add additional drives to a system. If you want to locate the partition that is associated with a label, you can use the findfs utility:

$ /sbin/findfs LABEL=/
/dev/hda1

You can also use the findfs utility to locate a partition by UUID

$ /sbin/findfs UUID=b4ce6d24-000c-45a3-8258-cbf9f826c0ce
/dev/hda1

The findfs utility is extremely useful, and is just one of a number of cool programs (others include blkid, e2label, partinfo and findsuper) in the e2fsprogs package! Giddie up!

I had several ISO images lying around on my desktop, and decided to go through each image and purge the ones I no longer need. Several image files weren’t labeled, so I decided to fire up the isoinfo utility to figure out what the mystery ISO images were. The first image I checked was a Solaris 10 update 4 DVD, as you can see from the “Volume id” field in the isoinfo “-d” (print primary volume descriptor) output:

$ isoinfo -d -i 1.iso |more

CD-ROM is in ISO 9660 format
System id: Solaris
Volume id: SOL_10_807_X86
Volume set id:
Publisher id:
Data preparer id:
Application id: MKISOFS ISO 9660/HFS FILESYSTEM BUILDER & CDRECORD CD-R/DVD CRE
ATOR (C) 1993 E.YOUNGDALE (C) 1997 J.PEARSON/J.SCHILLING
Copyright File id:
Abstract File id:
Bibliographic File id:
Volume set size is: 1
Volume set sequence number is: 1
Logical block size is: 2048
Volume size is: 1327235
El Torito VD version 1 found, boot catalog is in sector 42171
NO Joliet present
Rock Ridge signatures version 1 found
Eltorito validation header:
    Hid 1
    Arch 0 (x86)
    ID ''
    Key 55 AA
    Eltorito defaultboot header:
        Bootid 88 (bootable)
        Boot media 0 (No Emulation Boot)
        Load segment 0
        Sys type 0
        Nsect 4
        Bootoff A4BC 42172

To double check that the volume descriptor was correct, I also ran isoinfo with the “-l” (list files) option to generate a file listing of each ISO image:

$ isoinfo -l -i 1.iso |more

Directory listing of /
d---------   0    0    0            4096 Aug 16 2007 [    632 02]  .
d---------   0    0    0            4096 Aug 16 2007 [    632 02]  ..
----------   0    0    0            2048 Aug 16 2007 [  42171 00]  .CATALOG
----------   0    0    0              92 Jun 12 2007 [  42231 00]  .CDTOC
d---------   0    0    0            2048 Aug 16 2007 [  42045 02]  .INSTALL
----------   0    0    0               0 Aug 16 2007 [  42173 00]  .INSTALL_CONFIG
----------   0    0    0             419 Jun 12 2007 [  42232 00]  .SLICEMAPFILE
d---------   0    0    0            2048 Aug 16 2007 [  42041 02]  BOOT
----------   0    0    0            6128 Jun 12 2007 [  42233 00]  COPYRIGHT
----------   0    0    0             257 Aug 16 2007 [  42236 00]  INSTALLER
----------   0    0    0          459760 Jun 12 2007 [  42237 00]  JDS-THIRDPARTYLICENSEREADME
d---------   0    0    0            2048 Aug 16 2007 [    634 02]  LICENSE
d---------   0    0    0            2048 Aug 16 2007 [    635 02]  SOLARIS_10
----------   0    0    0              19 Jun 12 2007 [  42462 00]  _VOLUME.INF
----------   0    0    0              21 Aug 16 2007 [  42463 00]  _VOLUME_INF.2
----------   0    0    0              21 Aug 16 2007 [  42464 00]  _VOLUME_INF.3
----------   0    0    0              21 Aug 16 2007 [  42465 00]  _VOLUME_INF.4
----------   0    0    0              21 Aug 16 2007 [  42466 00]  _VOLUME_INF.5

With this information in hand, I added useful labels to the mystery images. Nice!

I manage a fair number of Linux hosts, and like to keep tabs on how my systems are performing. One way I accomplish this is with procallator, which is a Perl script that collects performance data that can be graphed by orca. The graphs that orca produces are great awesome for trening server performance over time, and can be extremely valuable when debugging performance problems.

To setup procallator to collect performance data, you first need to retrieve the latest orca CVS snapshot from the orcaware snapshots directory (the procallator script is included with the orca snapshot, and the latest version contains a number of fixes). Once orca is downloaded, you will need to extract the tarball and run configure to modify the variables in the header of the procallator script:

$ tar xfj orca-snapshot-r529.tar.bz2

$ cd orca-snapshot-r529

$ ./configure –prefix=/opt/orca-r529 –with-html-dir=/opt/html

After the configure operation completes, you can install the procallator scripts with the Makefile’s install option:

$ make install

This will place the procallator perl script in $PREFIX/bin. To make sure the script starts at system boot, you can copy the $PREFIX/data_gathers/procallator/S99procallator script to /etc/rc3.d (or /etc/init.d depending on how you install your init scripts):

$ cp S99procallator /etc/rc3.d

Once these files are in place, you can start procallator by invoking the init script with the start option:

$ /etc/rc3.d/S99procallator start

This will start the procallator script as a daemon process, and the script will write performance data to the directory defined in the procallator script’s DEST_DIR variable every 5 minutes (this is tunable). The performance files will contain the name proccol-YYYY-MM-DD-INDEX, and one file will be produced each day. To graph the data in the procallator files, you can use orca and the procallator.cfg file that is in the $PREFIX/data_gathers/procallator directory. I placed a sample set of performance graphs on my website, and you can reference the article monitoring LDAP performance article for details on setting up orca to graph data. I digs me some procallator!

I recently came across Nigel’s monitor (nmon), which is an awesome text-based tool for visualizing a variety of CPU, memory, network and kernel performance data on Linux hosts. Nmon can be be run the without any arguments to display a base screen with CPU performance counters, or you can export the NMON environment variable with a list of performance counters you want displayed (you can also enable additional performance counters by typing the key that corresponds to the counter in the nmon display):

$ export NMON=cnDVk

$ ./nmon_x86_fedora5

Once nmon fires up, you will be greeted with a screen similar to the following:

Nmon is a great piece of software, and I am hopeful more distributions will include it in the future.

I use a laptop to conduct most of system administration duties, and periodically need to store sensitive information in my home directory on my laptop. To ensure that this information can’t be used for malicious purposes, I use the FUSE encryption module to encrypt anything I think is sensitive (I probably go overboard when it comes to encrypting data, but you can never be too safe with your (or your companies) data!).

Now you may be asking yourself why not GNUPG? Well, the FUSE encryption module allows transparent access to file and directories, so you don’t have to manually key in a symmetric key each time you need to access a file (you only need to type the key in when you mount the encrypted folder). This provides a fair amount of flexibility, and helps me ensure that I won’t accidentally forget to reencrypt a file when I am done using it.

Configuring the FUSE encryption module is a simple process. To create a new source directory (this is the directory where the encrypted data goes) and mount it on a destination directory (this is the place where you read and write data to), the encfs utility can be run with the full path to the source directory, and the full path to the destination directory:

$ encfs /home/matty/source /home/matty/encrypt/

The first time you run the encfs utility, it will ask you to pick a setup mode, and a symmetric key to encrypt data that is added to the destination directory. Here are the screens I was presented with when I ran the encfs command line listed above::

Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?> p

Paranoia configuration selected.

Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 2:1:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 256 bits
Block Size: 512 bytes, including 8 byte MAC header
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File data IV is chained to filename IV.

-------------------------- WARNING --------------------------
The external initialization-vector chaining option has been
enabled.  This option disables the use of hard links on the
filesystem. Without hard links, some programs may not work.
The programs 'mutt' and 'procmail' are known to fail.  For
more information, please see the encfs mailing list.
If you would like to choose another configuration setting,
please press CTRL-C now to abort and start over.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:

Once this operation completes, the source directory will be initialized, and mounted on the destination directory:

$ df -h

Filesystem            Size  Used Avail Use% Mounted on
/dev/hda1              19G  2.6G   16G  15% /
tmpfs                 314M     0  314M   0% /dev/shm
/dev/hda2              19G  177M   18G   1% /home
encfs                  19G  177M   18G   1% /home/matty/encrypt

The destination directory can be accessed just like any other directory on the server, but it’s contents will only be viewable while the directory is mounted. To unmount the destination directory so it’s contents can no longer be viewed, the fusermount utility can be run with the “-u” (unmount) option and the directory to unmount:

$ fusermount -u /home/matty/encrypt

I really dig FUSE, and am hopeful the Solaris port will complete in the near future. :)

Periodically situations arise where applications will write to memory that isn’t mapped into their address space. On UNIX systems, this results in a SIGSEGV signal being sent to the offending process. If for some reason you can’t get a core file, you can run the application under the control of the catchsegv utility. The following example shows the results that are displayed when a SIGSEGV signal is received, and the program was run under the control of the catchsegv script:

$ catchsegv ./coreme 10000000

Calling malloc() to allocate 10000000 bytes of heap space
*** Segmentation fault
Register dump:

 EAX: fffffffc   EBX: bff12634   ECX: bff12634   EDX: 00bd3ff4
 ESI: bff12634   EDI: 00000000   EBP: bff12648   ESP: bff12488

 EIP: 0034a402   EFLAGS: 00200246

 CS: 0073   DS: 007b   ES: 007b   FS: 0000   GS: 0033   SS: 007b

 Trap: 00000000   Error: 00000000   OldMask: 00000000
 ESP/signal: bff12488   CR2: 00000000

Backtrace:
/lib/libSegFault.so[0x3d512f]
??:0(??)[0x34a420]
??:0(main)[0x8048453]
/lib/libc.so.6(__libc_start_main+0xdc)[0xab0f2c]
??:0(_start)[0x8048361]

Memory map:

0034a000-0034b000 r-xp 0034a000 00:00 0 [vdso]
003d3000-003d6000 r-xp 00000000 08:01 1426324 /lib/libSegFault.so
003d6000-003d7000 r-xp 00002000 08:01 1426324 /lib/libSegFault.so
003d7000-003d8000 rwxp 00003000 08:01 1426324 /lib/libSegFault.so
00a47000-00a52000 r-xp 00000000 08:01 1427470 /lib/libgcc_s-4.1.1-20070105.so.1
00a52000-00a53000 rwxp 0000a000 08:01 1427470 /lib/libgcc_s-4.1.1-20070105.so.1
00a7e000-00a97000 r-xp 00000000 08:01 1427446 /lib/ld-2.5.so
00a97000-00a98000 r-xp 00018000 08:01 1427446 /lib/ld-2.5.so
00a98000-00a99000 rwxp 00019000 08:01 1427446 /lib/ld-2.5.so
00a9b000-00bd2000 r-xp 00000000 08:01 1427447 /lib/libc-2.5.so
00bd2000-00bd4000 r-xp 00137000 08:01 1427447 /lib/libc-2.5.so
00bd4000-00bd5000 rwxp 00139000 08:01 1427447 /lib/libc-2.5.so
00bd5000-00bd8000 rwxp 00bd5000 00:00 0
08048000-08049000 r-xp 00000000 08:03 1442166 /home/matty/coreme
08049000-0804a000 rw-p 00000000 08:03 1442166 /home/matty/coreme
095bd000-095e2000 rw-p 095bd000 00:00 0
b75f4000-b7f7f000 rw-p b75f4000 00:00 0
b7f8c000-b7f8e000 rw-p b7f8c000 00:00 0
bfefe000-bff13000 rw-p bfefe000 00:00 0 [stack]

This is a nifty utility, and can be useful for viewing the environment of a process at the time the segmentation violation occurred.