traceroute to www.stortinget.no (85.88.67.10), 30 hops max, 60 byte packets 1 uio-gw10.uio.no (129.240.202.1) 0.447 ms 0.486 ms 0.621 ms 2 uio-gw8.uio.no (129.240.24.229) 0.467 ms 0.578 ms 0.675 ms 3 oslo-gw1.uninett.no (128.39.65.17) 0.385 ms 0.373 ms 0.358 ms 4 te3-1-2.br1.fn3.as2116.net (193.156.90.3) 1.174 ms 1.172 ms 1.153 ms 5 he16-1-1.cr1.san110.as2116.net (195.0.244.234) 2.627 ms he16-1-1.cr2.oslosda310.as2116.net (195.0.244.48) 3.172 ms he16-1-1.cr1.san110.as2116.net (195.0.244.234) 2.857 ms 6 ae1.ar8.oslosda310.as2116.net (195.0.242.39) 0.662 ms 0.637 ms ae0.ar8.oslosda310.as2116.net (195.0.242.23) 0.622 ms 7 89.191.10.146 (89.191.10.146) 0.931 ms 0.917 ms 0.955 ms 8 * * * 9 * * * [...]This show the DNS names and IP addresses of (at least some of the) network equipment involved in getting the data traffic from me to the www.stortinget.no server, and how long it took in milliseconds for a package to reach the equipment and return to me. Three packages are sent, and some times the packages do not follow the same path. This is shown for hop 5, where three different IP addresses replied to the traceroute request. There are many ways to measure trace routes. Other good traceroute implementations I use are traceroute (using ICMP packages) mtr (can do both ICMP, UDP and TCP) and scapy (python library with ICMP, UDP, TCP traceroute and a lot of other capabilities). All of them are easily available in Debian. This time around, I wanted to know the geographic location of different route points, to visualize how visiting a web page spread information about the visit to a lot of servers around the globe. The background is that a web site today often will ask the browser to get from many servers the parts (for example HTML, JSON, fonts, JavaScript, CSS, video) required to display the content. This will leak information about the visit to those controlling these servers and anyone able to peek at the data traffic passing by (like your ISP, the ISPs backbone provider, FRA, GCHQ, NSA and others). Lets pick an example, the Norwegian parliament web site www.stortinget.no. It is read daily by all members of parliament and their staff, as well as political journalists, activits and many other citizens of Norway. A visit to the www.stortinget.no web site will ask your browser to contact 8 other servers: ajax.googleapis.com, insights.hotjar.com, script.hotjar.com, static.hotjar.com, stats.g.doubleclick.net, www.google-analytics.com, www.googletagmanager.com and www.netigate.se. I extracted this by asking PhantomJS to visit the Stortinget web page and tell me all the URLs PhantomJS downloaded to render the page (in HAR format using their netsniff example. I am very grateful to Gorm for showing me how to do this). My goal is to visualize network traces to all IP addresses behind these DNS names, do show where visitors personal information is spread when visiting the page.
When I had a look around for options, I could not find any good free software tools to do this, and decided I needed my own traceroute wrapper outputting KML based on locations looked up using GeoIP. KML is easy to work with and easy to generate, and understood by several of the GIS tools I have available. I got good help from by NUUG colleague Anders Einar with this, and the result can be seen in my kmltraceroute git repository. Unfortunately, the quality of the free GeoIP databases I could find (and the for-pay databases my friends had access to) is not up to the task. The IP addresses of central Internet infrastructure would typically be placed near the controlling companies main office, and not where the router is really located, as you can see from the KML file I created using the GeoLite City dataset from MaxMind.
I also had a look at the visual traceroute graph created by the scrapy project, showing IP network ownership (aka AS owner) for the IP address in question. The graph display a lot of useful information about the traceroute in SVG format, and give a good indication on who control the network equipment involved, but it do not include geolocation. This graph make it possible to see the information is made available at least for UNINETT, Catchcom, Stortinget, Nordunet, Google, Amazon, Telia, Level 3 Communications and NetDNA.
In the process, I came across the web service GeoTraceroute by Salim Gasmi. Its methology of combining guesses based on DNS names, various location databases and finally use latecy times to rule out candidate locations seemed to do a very good job of guessing correct geolocation. But it could only do one trace at the time, did not have a sensor in Norway and did not make the geolocations easily available for postprocessing. So I contacted the developer and asked if he would be willing to share the code (he refused until he had time to clean it up), but he was interested in providing the geolocations in a machine readable format, and willing to set up a sensor in Norway. So since yesterday, it is possible to run traces from Norway in this service thanks to a sensor node set up by the NUUG assosiation, and get the trace in KML format for further processing.
Here we can see a lot of trafic passes Sweden on its way to Denmark, Germany, Holland and Ireland. Plenty of places where the Snowden confirmations verified the traffic is read by various actors without your best interest as their top priority. Combining KML files is trivial using a text editor, so I could loop over all the hosts behind the urls imported by www.stortinget.no and ask for the KML file from GeoTraceroute, and create a combined KML file with all the traces (unfortunately only one of the IP addresses behind the DNS name is traced this time. To get them all, one would have to request traces using IP number instead of DNS names from GeoTraceroute). That might be the next step in this project. Armed with these tools, I find it a lot easier to figure out where the IP traffic moves and who control the boxes involved in moving it. And every time the link crosses for example the Swedish border, we can be sure Swedish Signal Intelligence (FRA) is listening, as GCHQ do in Britain and NSA in USA and cables around the globe. (Hm, what should we tell them? :) Keep that in mind if you ever send anything unencrypted over the Internet. PS: KML files are drawn using the KML viewer from Ivan Rublev, as it was less cluttered than the local Linux application Marble. There are heaps of other options too. As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.
Eligibility International Travellers whose sole objective of visiting India is recreation , sight-seeing , casual visit to meet friends or relatives, short duration medical treatment or casual business visit.https://indianvisaonline.gov.in/visa/tvoa.html That this facility is being given to 130 odd countries is better still
Albania, Andorra, Anguilla, Antigua & Barbuda, Argentina, Armenia, Aruba, Australia, Austria, Bahamas, Barbados, Belgium, Belize, Bolivia, Bosnia & Herzegovina, Botswana, Brazil, Brunei, Bulgaria, Cambodia, Canada, Cape Verde, Cayman Island, Chile, China, China- SAR Hong-Kong, China- SAR Macau, Colombia, Comoros, Cook Islands, Costa Rica, Cote d lvoire, Croatia, Cuba, Czech Republic, Denmark, Djibouti, Dominica, Dominican Republic, East Timor, Ecuador, El Salvador, Eritrea, Estonia, Fiji, Finland, France, Gabon, Gambia, Georgia, Germany, Ghana, Greece, Grenada, Guatemala, Guinea, Guyana, Haiti, Honduras, Hungary, Iceland, Indonesia, Ireland, Israel, Jamaica, Japan, Jordan, Kenya, Kiribati, Laos, Latvia, Lesotho, Liberia, Liechtenstein, Lithuania, Luxembourg, Madagascar, Malawi, Malaysia, Malta, Marshall Islands, Mauritius, Mexico, Micronesia, Moldova, Monaco, Mongolia, Montenegro, Montserrat, Mozambique, Myanmar, Namibia, Nauru, Netherlands, New Zealand, Nicaragua, Niue Island, Norway, Oman, Palau, Palestine, Panama, Papua New Guinea, Paraguay, Peru, Philippines, Poland, Portugal, Republic of Korea, Republic of Macedonia, Romania, Russia, Saint Christopher and Nevis, Saint Lucia, Saint Vincent & the Grenadines, Samoa, San Marino, Senegal, Serbia, Seychelles, Singapore, Slovakia, Slovenia, Solomon Islands, South Africa, Spain, Sri Lanka, Suriname, Swaziland, Sweden, Switzerland, Taiwan, Tajikistan, Tanzania, Thailand, Tonga, Trinidad & Tobago, Turks & Caicos Island, Tuvalu, UAE, Ukraine, United Kingdom, Uruguay, USA, Vanuatu, Vatican City-Holy See, Venezuela, Vietnam, Zambia and Zimbabwe.This should make it somewhat easier for any Indian organizer as well as any participants from any of the member countries shared. There is possibility that this list would even get longer, provided we are able to scale our airports and all and any necessary infrastructure that would be needed for International Visitors to have a good experience. What has been particularly interesting is to know which ports of call are being used by International Visitors as well as overall growth rate
The Percentage share of Foreign Tourist Arrivals (FTAs) in India during November, 2016 among the top 15 source countries was highest from USA (15.53%) followed by UK (11.21%), Bangladesh (10.72%), Canada (4.66%), Russian Fed (4.53%), Australia (4.04%), Malaysia (3.65%), Germany (3.53%), China (3.14%), France (2.88%), Sri Lanka (2.49%), Japan (2.49%), Singapore (2.16%), Nepal (1.46%) and Thailand (1.37%).And port of call
The Percentage share of Foreign Tourist Arrivals (FTAs) in India during November 2016 among the top 15 ports was highest at Delhi Airport (32.71%) followed by Mumbai Airport (18.51%), Chennai Airport (6.83%), Bengaluru Airport (5.89%), Haridaspur Land check post (5.87%), Goa Airport (5.63%), Kolkata Airport (3.90%), Cochin Airport (3.29%), Hyderabad Airport (3.14%), Ahmadabad Airport (2.76%), Trivandrum Airport (1.54%), Trichy Airport (1.53%), Gede Rail (1.16%), Amritsar Airport (1.15%), and Ghojadanga land check post (0.82%) .The Ghojadanga land check post seems to be between West Bengal, India and Bangladesh. Gede Railway Station is also in West Bengal as well. So all and any overlanders could take any of those ways.Even Hardispur Land Check post comes in the Bengal-Bangladesh border only. In the airports, Delhi Airport seems to be attracting lot more business than the Mumbai Airport. Part of the reason I *think* is the direct link of Delhi Airport to NDLS via the Delhi Airport Express Line . The same when it will happen in Mumbai should be a game-changer for city too. Now if you are wondering why I have been suddenly talking about visas and airports in India, it came because Hong Kong is going to Withdraw Visa Free Entry Facility For Indians. Although, as rightly pointed out in the article doesn t make sense from economic POV and seems to be somewhat politically motivated. Not that I or anybody else can do anything about that. Seeing that, I thought it was a good opportunity to see how good/Bad our Government is and it seems to be on the right path. Although the hawks (Intelligence and Counter-Terrorist Agencies) will probably become a bit more paranoid , their work becomes tougher.
/dev/sdb
a t expuls de mon RAID, j'ai utilis
smartmontools pour
identifier le num ro de s rie du disque retirer :
smartctl -a /dev/sdb
Cette information en main, j'ai ferm l'ordinateur, retir le disque
d fectueux et mis un nouveau disque vide la place.
$ parted /dev/sda
unit s
print
et cr une nouvelle table de partitions sur le disque de
remplacement :
$ parted /dev/sdb
unit s
mktable gpt
Ensuite j'ai utilis la commande mkpart
pour mes 4 partitions et je
leur ai toutes donn la m me taille que les partitions quivalentes
sur /dev/sda
.
Finalement, j'ai utilis les commandes toggle 1 bios_grub
(partition
d'amorce) et toggle X raid
(o X est le num ro de la partition)
pour toutes les partitions RAID, avant de v rifier avec la commande
print
que les deux tables de partitions sont maintenant identiques.
/dev/sda
) vers celui
de remplacement (/dev/sdb
), j'ai ex cut les commandes suivantes
sur mes partitions RAID1 :
mdadm /dev/md0 -a /dev/sdb2
mdadm /dev/md2 -a /dev/sdb4
et j'ai gard un oeil sur le statut de la synchronisation avec :
watch -n 2 cat /proc/mdstat
Pour acc l rer le processus,
j'ai utilis le truc suivant :
blockdev --setra 65536 "/dev/md0"
blockdev --setra 65536 "/dev/md2"
echo 300000 > /proc/sys/dev/raid/speed_limit_min
echo 1000000 > /proc/sys/dev/raid/speed_limit_max
Ensuite, j'ai recr ma partition swap RAID0 comme suit :
mdadm /dev/md1 --create --level=0 --raid-devices=2 /dev/sda3 /dev/sdb3
mkswap /dev/md1
Par que la partition swap est toute neuve (il n'est pas possible de
restorer une partition RAID0, il faut la re-cr er compl tement), j'ai d
faire deux choses:
/etc/fstab
, avec le UUID donn
par la commande mkswap
(ou bien en utilisant la command blkid
et en
prenant le UUID pour /dev/md1
)/dev/md1
dans /etc/mdadm/mdadm.conf
avec
celui retourn pour /dev/md1
par la commande mdadm --detail --scan
grub-install /dev/sdb
avant de red marrer avec les deux disques connect s. Ceci confirme que ma
configuration fonctionne bien.
Ensuite, j'ai d marr sans le disque /dev/sda
pour m'assurer que tout
fonctionnerait bien si ce disque d cidait de mourir et de me laisser
seulement avec le nouveau (/dev/sdb
).
Ce test brise videmment la synchronisation entre les deux disques, donc
j'ai d red marrer avec les deux disques connect s et puis r -ajouter
/dev/sda
tous les RAID1 :
mdadm /dev/md0 -a /dev/sda2
mdadm /dev/md2 -a /dev/sda4
Une fois le tout fini, j'ai red marrer nouveau avec les deux disques
pour confirmer que tout fonctionne bien :
cat /proc/mdstat
et j'ai ensuite ex cuter un test SMART complet sur le nouveau
disque :
smartctl -t long /dev/sdb
/dev/sdb
a t expuls de mon RAID, j'ai utilis
smartmontools pour
identifier le num ro de s rie du disque retirer :
smartctl -a /dev/sdb
Cette information en main, j'ai ferm l'ordinateur, retir le disque
d fectueux et mis un nouveau disque vide la place.
$ parted /dev/sda
unit s
print
et cr une nouvelle table de partitions sur le disque de
remplacement :
$ parted /dev/sdb
unit s
mktable gpt
Ensuite j'ai utilis la commande mkpart
pour mes 4 partitions et je
leur ai toutes donn la m me taille que les partitions quivalentes
sur /dev/sda
.
Finalement, j'ai utilis les commandes toggle 1 bios_grub
(partition
d'amorce) et toggle X raid
(o X est le num ro de la partition)
pour toutes les partitions RAID, avant de v rifier avec la commande
print
que les deux tables de partitions sont maintenant identiques.
/dev/sda
) vers celui
de remplacement (/dev/sdb
), j'ai ex cut les commandes suivantes
sur mes partitions RAID1 :
mdadm /dev/md0 -a /dev/sdb2
mdadm /dev/md2 -a /dev/sdb4
et j'ai gard un oeil sur le statut de la synchronisation avec :
watch -n 2 cat /proc/mdstat
Pour acc l rer le processus,
j'ai utilis le truc suivant :
blockdev --setra 65536 "/dev/md0"
blockdev --setra 65536 "/dev/md2"
echo 300000 > /proc/sys/dev/raid/speed_limit_min
echo 1000000 > /proc/sys/dev/raid/speed_limit_max
Ensuite, j'ai recr ma partition swap RAID0 comme suit :
mdadm /dev/md1 --create --level=0 --raid-devices=2 /dev/sda3 /dev/sdb3
mkswap /dev/md1
Par que la partition swap est toute neuve (il n'est pas possible de
restorer une partition RAID0, il faut la re-cr er compl tement), j'ai d
faire deux choses:
/etc/fstab
, avec le UUID donn
par la commande mkswap
(ou bien en utilisant la command blkid
et en
prenant le UUID pour /dev/md1
)/dev/md1
dans /etc/mdadm/mdadm.conf
avec
celui retourn pour /dev/md1
par la commande mdadm --detail --scan
grub-install /dev/sdb
avant de red marrer avec les deux disques connect s. Ceci confirme que ma
configuration fonctionne bien.
Ensuite, j'ai d marr sans le disque /dev/sda
pour m'assurer que tout
fonctionnerait bien si ce disque d cidait de mourir et de me laisser
seulement avec le nouveau (/dev/sdb
).
Ce test brise videmment la synchronisation entre les deux disques, donc
j'ai d red marrer avec les deux disques connect s et puis r -ajouter
/dev/sda
tous les RAID1 :
mdadm /dev/md0 -a /dev/sda2
mdadm /dev/md2 -a /dev/sda4
Une fois le tout fini, j'ai red marrer nouveau avec les deux disques
pour confirmer que tout fonctionne bien :
cat /proc/mdstat
et j'ai ensuite ex cuter un test SMART complet sur le nouveau
disque :
smartctl -t long /dev/sdb
No comment Liked this article? Click here. My blog is Flattr-enabled.
SOURCE_DATE_EPOCH
, set LC_ALL
to C
, and ensure deterministic build order when running parallel builds.md5sums
.dash
as system shell..o
file.C
locale when listing files to be put in README.Patches
.UTC
is used as the timezone when generating the documentation.C
locale in the script for iterating over the files.makecode.pl
.No comment Liked this article? Click here. My blog is Flattr-enabled.
No comment Liked this article? Click here. My blog is Flattr-enabled.
SOURCE_DATE_EPOCH
in debian/rules
.SOURCE_DATE_EPOCH
value as the build date.debian/changelog
entry as build date.yield from
and concurrent.futures
) that could help implement parallel processing. The clear separation of bytes and unicode strings is also likely to reduce encoding related issues.
Mattia Rizolo thus kicked the effort of porting diffoscope to Python 3. tlsh was the only dependency missing a Python 3 module. This got quickly fixed by a new upload.
The rest of the code has been moved to the point where only incompatibilities between Python 2.7 and Pyhon 3.4 had to be changed. The commit stream still require some cleanups but all tests are now passing under Python 3.
Documentation update
The documentation on how to assemble the weekly reports has been updated. (Lunar)
The example on how to use SOURCE_DATE_EPOCH with CMake has been improved. (Ben Beockel, Daniel Kahn Gillmor)
The solution for timestamps in man pages generated by Sphinx now uses SOURCE_DATE_EPOCH. (Mattia Rizzolo)
Package reviews
45 reviews have
been removed, 141 added and 62 updated this week.
67 new FTBFS reports have been filled by Chris Lamb, Niko Tyni, and Lisandro Dami n Nicanor P rez Meyer.
New issues added this week: randomness_in_r_rdb_rds_databases, python-ply_compiled_parse_tables.
Misc.
The prebuilder script is now properly testing umask variations again.
Santiago Villa started a discussion on debian-devel on how binNMUs would work for reproducible builds.
Next.