Here s my (twentieth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 29th month of actively contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
Interesting month, surprisingly. Lots of things happening and lots of moving parts; becoming the new normal , I believe.
Anyhow, working on Ubuntu full-time has its own advantage and one of them is being able to work on Debian stuff!
So whilst I couldn t upload a lot of packages because of the freeze, here s what I worked on:
Mentoring for newcomers and assisting people in BSP.
Moderation of -project mailing list.
Ubuntu
This was my 4th month of actively contributing to Ubuntu.
Now that I ve joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/
This month, by all means, was dedicated mostly to PHP 8.0, transitioning from PHP 7.4 to 8.0.
Naturally, it had so many moving parts and moments of utmost frustration, shared w/ Bryce. :D
So even though I can t upload anything, I worked on the following stuff & asked for sponsorship.
But before, I d like to take a moment to stress how kind and awesome Gianfranco Costamagna,
a.k.a. LocutusOfBorg is! He s been sponsoring a
bunch of my things & helping with re-triggers, et al. Thanks a bunch, Gianfranco; beers on me
whenever we meet!
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my twentieth month as a Debian LTS and eleventh month as a Debian ELTS paid contributor.
I was assigned 29.75 hours for LTS and 40.00 hours for ELTS and worked on the following things:
LTS CVE Fixes and Announcements:
Issued DLA 2654-1, fixing CVE-2021-29472, for composer.
For Debian 9 stretch, these problems have been fixed in version 1.2.2-1+deb9u1.
Issued DLA 2662-1, fixing CVE-2021-32027 and CVE-2021-32028, for postgresql-9.6.
For Debian 9 stretch, these problems have been fixed in version 9.6.22-0+deb9u1. This update for done by the maintainer, Christoph Berg. I just took care of announcing and publishing the update.
Uploaded ruby-rack-cors to buster-security, fixing CVE-2019-18978.
For Debian 10 buster, these problems have been fixed in version 1.0.2-1+deb10u1.
I have just disconnected from irc.freenode.net for the last time. You should do the same. The awful new de facto operators are using user numbers as a public justification for their behaviour. Specifically, I recommend that you:
If you have previously been known to be generally around on Freenode, connect to Libera (the continuity network set up by the Freenode staff), and register your usual nick(s) there.
Disconnect from freenode so that you don't count as one of their users.
Note that mentioning libera in the channel topic of your old channels on freenode is likely to get your channel forcibly taken over by the new de facto operators of freenode. They won't tolerate you officially directing people to the competition.
I did an investigation and writeup of this situation for the Xen Project. It's a little out of date - it doesn't have the latest horrible behaviours from the new regime - but I think it is worth pasting it here:
Message-ID: <24741.12566.639691.461134@mariner.uk.xensource.com>
From: Ian Jackson <iwj@xenproject.org>
To: xen-devel@lists.xenproject.org
CC: community.manager@xenproject.org
Subject: IRC networks
Date: Wed, 19 May 2021 16:39:02 +0100
Summary:
We have for many years used the Freenode IRC network for real-time
chat about Xen. Unfortunately, Freenode is undergoing a crisis.
There is a dispute between, on the one hand, Andrew Lee, and on the
other hand, all (or almost all) Freenode volunteer staff. We must
make a decision.
I have read all the publicly available materials and asked around with
my contacts. My conclusions:
* We do not want to continue to use irc.freenode.*.
* We might want to use libera.chat, but:
* Our best option is probably to move to OFTC https://www.oftc.net/
Discussion:
Firstly, my starting point.
I have been on IRC since at least 1993. Currently my main public
networks are OFTC and Freenode.
I do not have any personal involvement with public IRC networks. Of
the principals in the current Freenode dispute, I have only heard of
one, who is a person I have experience of in a Debian context but have
not worked closely with.
George asked me informally to use my knowledge and contacts to shed
light on the situation. I decided that, having done my research, I
would report more formally and publicly here rather than just
informally to George.
Historical background:
* Freenode has had drama before. In about 2001 OFTC split off from
Freenode after an argument over governance. IIRC there was drama
again in 2006. Significant proportion of the Free Software world,
including Debian, now use OFTC. Debian switched in 2006.
Facts that I'm (now) pretty sure of:
* Freenode's actual servers run on donated services; that is,
the hardware is owned by those donating the services, and the
systems are managed by Freenode volunteers, known as "staff".
* The freenode domain names are currently registered to a limited
liability company owned by Andrew Lee (rasengan).
* At least 10 Freenode staff have quit in protest, writing similar
resignation letters protesting about Andrew Lee's actions [1]. It
does not appear that any Andrew Lee has the public support of any
Freenode staff.
* Andrew Lee claims that he "owns" Freenode.[2]
* A large number of channel owners for particular Free Software
projects who previously used Freenode have said they will switch
away from Freenode.
Discussion and findings on Freenode:
There is, as might be expected, some murk about who said what to whom
when, what promises were made and/or broken, and so on. The matter
was also complicated by the leaking earlier this week of draft(s) of
(at least one of) the Freenode staffers' resignation letters.
Andrew Lee has put forward a position statement [2]. A large part of
the thrust of that statement is allegations that the current head of
Freenode staff, tomaw, "forced out" the previous head, christel. This
allegation is strongly disputed by by all those current (resigning)
Freenode staff I have seen comment. In any case it does not seem to
be particularly germane; in none of my reading did tomaw seem to be
playing any kind of leading role. tomaw is not mentioned in the
resignation letters.
Some of the links led to me to logs of discussions on #freenode. I
read some of these in particular[3]. MB I haven't been able to verify
that these logs have not been tampered with. Having said that and
taking the logs at face value, I found the rasengan writing there to
be disingenuous and obtuse.
Andrew Lee has been heavily involved in Bitcoin. Bitcoin is a hive of
scum and villainy, a pyramid scheme, and an environmental disaster,
all rolled into one. This does not make me think well of Lee.
Additionally, it seems that Andrew Lee has been involved in previous
governance drama involving a different IRC network, Snoonet.
I have come to the very firm conclusion that we should have nothing to
do with Andrew Lee, and avoid using services that he has some
effective control over.
Alternatives:
The departing Freenode staff are setting up a replacement,
"libera.chat". This is operational but still suffering from teething
problems and of course has a significant load as it deals with an
influx of users on a new setup.
On the staff and trust question: As I say, I haven't heard of any of
the Freenode staff, with one exception. Unfortunately the one
exception does not inspire confidence in me[4] - although NB that is
only one data point.
On the other hand, Debian has had many many years of drama-free
involvement with OFTC. OFTC has a formal governance arrangement and
it is associated with Software in the Public Interest. I notice that
the last few OFTC'[s annual officer elections have been run partly by
Steve McIntyre. Steve is a friend of mine (and he is a former Debian
Project Leader) and I take his involvement as a good sign.
I recommend that we switch to using OFTC as soon as possible.
Ian.
References:
Starting point for the resigning Freenode staff's side [1]:
https://gist.github.com/joepie91/df80d8d36cd9d1bde46ba018af497409
Andrew Lee's side [2]:
https://gist.github.com/realrasengan/88549ec34ee32d01629354e4075d2d48
[3]
https://paste.sr.ht/~ircwright/7e751d2162e4eb27cba25f6f8893c1f38930f7c4
[4] I won't give the name since I don't want to be shitposting.
Review: A Desolation Called Peace, by Arkady Martine
Series:
Teixcalaan #2
Publisher:
Tor
Copyright:
2021
ISBN:
1-250-18648-X
Format:
Kindle
Pages:
496
A Desolation Called Peace is a direct sequel to
A Memory Called Empire and picks up
shortly after that book's ending. It would completely spoil the first
book and builds heavily on previous events. This is not a series to read
out of order.
It's nearly impossible to discuss anything about the plot of this book
without at least minor spoilers for the previous book, so beware. If
you've not read A Memory Called Empire, I highly recommend it, and
you may want to skip this review until you have.
Mahit Dzmare has returned to Lsel Station and escaped, mostly, the pull of
the Teixcalaan Empire in all its seductive arrogance. That doesn't mean
Lsel Station is happy to see her. The maneuverings of the station council
were only a distant part of the complex political situation she was
navigating at the Teixcalaanli capital. Now home, it is far harder to
ignore powerful councilors who would be appalled by the decisions she
made. The ambassador to a hated foreign empire does not have many allies.
Yaotlek Nine Hibiscus, the empire's newest commander of
commanders, is the spear the empire has thrust towards a newly-discovered
alien threat. The aliens have already slaughtered all the inhabitants of
a mining outpost for no obvious reason, and their captured communications
are so strange as to provoke nausea in humans. Their cloaking technology
makes the outcome of pitched warfare dangerously uncertain. Nine Hibiscus
needs someone who can talk to aliens without mouths, and that means the
Information Ministry.
The Information Ministry means a newly promoted Three Seagrass, who is
suffering from insomnia, desperately bored, and missing Mahit
Dzmare. And who sees in Nine Hibiscus's summons an opportunity to address
several of those problems at once.
A Memory Called Empire had an SFnal premise and triggering plot
machinery, but it was primarily a city political thriller. A
Desolation Called Peace moves onto the more familiar SF ground of first
contact with a very alien species, but Martine makes the unusual choice of
revealing one of the secrets of the aliens to the reader at the start of
the book. This keeps the reader's focus more on the political maneuvering
than on the mystery, but with a classic first-contact communication
problem as the motivating backdrop.
That's only one of the threads of this book, though. Another is the
unfinished business between Three Seagrass and Mahit Dzmare, and between
Mahit Dzmare and the all-consuming culture of Teixcalaan. A third is the
political education of a very exceptional boy, whose mere existence is a
spoiler for A Memory Called Empire and therefore not something I
will discuss in detail. And then there are the internal politics of Lsel
Station, although I thought that was the least effective part of the book
and never reached a satisfying conclusion.
This is a lot to balance, and I think that's one of the reasons why
A Desolation Called Peace doesn't replicate the magic that made me
love A Memory Called Empire so much. Full-steam-ahead pacing with
characters who are thinking on their feet and taking desperate risks has a
glorious momentum. Here, there's too much going on (not to mention four
major viewpoint characters) to maintain the same pace. Once Mahit and
Three Seagrass get into the same room, there are moments that are as good
as the highlights of A Memory Called Empire, but it's not as
sustained as I was hoping for.
This book also spends more time on Mahit and Three Seagrass's
relationship, and despite liking both of the characters, this didn't
entirely work for me. Martine uses them to make a subtle and powerful
point about relationships across power gradients and the hurt that comes
from someone trivializing a conflict that is central to your identity. It
took me a while to understand the strength of Mahit's reaction, but it
eventually felt right. But that fight wasn't what I was looking for in
the book, and there was a bit too much of both of them failing (or
refusing) to communicate for my taste. I appreciated what Martine was
exploring, but personally I wanted a different sort of catharsis.
That said, this is still a highly enjoyable book. Nine Hibiscus is a
solid military SF character who is a good counterweight to the more
devious approaches of the other characters. I enjoyed the subplot of the
kid in the Teixcalaanli capital more than I expected, although it felt
more like setup for future novels than critical to the plot of this one.
And then there's Three Seagrass.
Three Seagrass always made decisions wholly and entire. All at once.
choosing information as her aptitudes. Choosing the position of
cultural liaison to the Lsel Ambassador. Choosing to trust her.
choosing to come here, to take this assignment entirely, completely,
and without pausing to look to see how deep the water was that she was
leaping into.
Every word of this is true, and it's so much fun to read. Three Seagrass
was a bit overshadowed in A Memory Called Empire, a supporting
character in someone else's story. Here, she has moments where she can
take the lead, and she's so delightfully different than Mahit. I loved
every moment of her viewpoint.
A Desolation Called Peace isn't as taut or as coherent as A
Memory Called Empire. The plot sags in a few places, and I think there
was a bit too much hopeless Lsel politics, nebulous alien horror, and
injured silence between characters. But the high points are nearly as
good as the high points of A Memory Called Empire and I adore these
characters. If you liked the first book, I think you'll like this one
too.
More, please!
Rating: 8 out of 10
Here s my (nineteenth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 28th month of actively contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
Crazy month, as always. Lots of things happening and lots of moving parts.
Now that I am working on Ubuntu-full time, I barely get much time to do any extra stuff. Then the massive COVID wave that has plunged India had made this month further crazier. More on that later, maybe. IDK.
Anyway, I did some Debian stuff, thanks to Salzburg BSP (more down below). I worked on the following stuff:
Mentoring for newcomers and assisting people in BSP.
Moderation of -project mailing list.
Salzburg BSP 2021
This was my first virtual BSP and the first BSP in Salzburg and it was absolutely amazing!
Many kudos to Bernd Zeimetz for organizing it so smoothly and wonderfully, for real! \o/
We had a bunch of amazing sessions, besides hacking, of course, like:
yoga,
sports,
games, and
datacenter tour -> which was super!
We also had lots of things happening at #debian-bsp-2021-szg and did a lot of work.
Whilst everything we did is available on the pad, I work on the following things:
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my nineteenth month as a Debian LTS and tenth month as a Debian ELTS paid contributor.
I was assigned 60.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:
Issued DLA 2639-1, fixing CVE-2020-12460, for opendmarc.
For Debian 9 stretch, these problems have been fixed in version 1.3.2-2+deb9u3.
Uploaded fluidsynth to sid, fixing CVE-2021-28421.
For Debian sid, these problems have been fixed in version 2.1.7-1.1. Thanks to Reiner Herrmann for their work.
Uploaded fluidsynth to buster-pu, fixing CVE-2021-28421.
For Debian sid, these problems have been fixed in version 2.1.7-1.1. Thanks to Reiner Herrmann for their work.
ELTS CVE Fixes and Announcements:
Issued ELA 396-1, fixing CVE-2021-23358, for underscore.
For Debian 8 jessie, these problems have been fixed in version 1.7.0~dfsg-1+deb8u1.
Issued ELA 397-1, fixing CVE-2020-1946, for spamassassin.
For Debian 8 jessie, these problems have been fixed in version 3.4.2-0+deb8u4.
Help issued ELA 401-1, fixing CVE-2021-25329 and CVE-2020-9484, for tomcat7, along with Markus.
For Debian 8 jessie, these problems have been fixed in version 7.0.56-3+really7.0.100-1+deb8u3.
Mark CVE-2021-20297/network-manager as not-affected for jessie.
Mark CVE-2021-22890/curl as not-affected for jessie and stretch.
Mark CVE-2020-7760/codemirror-js as not-affected for jessie.
Mark CVE-2021-25122/tomcat8 as not-affected for jessie.
Mark CVE-2021-XXXX/plinth as no-dsa for stretch.
Mark CVE-2021-29424/libnet-netmask-perl as no-dsa for stretch.
Mark CVE-2021-28374/courier-authlib as fixed in 0.58-3.1 for jessie.
Mark CVE-2021-1252/clamav as not-affected for jessie.
Mark CVE-2021-1404/clamav as not-affected for jessie.
Mark CVE-2020-4051/dojo as no-dsa for jessie.
Mark CVE-2021-29447/wordpress as not-affected for jessie.
Mark CVE-2021-29450/wordpress as not-affected for jessie.
Mark CVE-2019-20920/libjs-handlebars as ignored for stretch and jessie.
Mark CVE-2021-23369/libjs-handlebars as ignored for stretch and jessie.
Mark CVE-2020-4051/dojo as fixed in 1.15.4+dfsg1-1 for sid and bullseye.
Mark CVE-2021-28965/ruby2.7 fixed in 2.7.3-1 for sid.
Mark CVE-2020-12272/opendmarc as postponed for jessie.
Mark CVE-2021-20296, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, and CVE-2021-3479, affecting openexr, as no-dsa for jessie and stretch.
The Tor Project now has a status page which shows the state of
our major services.
You can check status.torprojet.org for news about major outages
in Tor services, including v3 and v2 onion services, directory
authorities, our website (torproject.org), and the
check.torproject.org tool. The status page also displays outages
related to Tor internal services, like our GitLab instance.
This post documents why we launched
status.torproject.org, how the service was
built, and how it works.
Why a status page
The first step in setting up a service page was to realize we needed
one in the first place. I surveyed internal users at the end of
2020 to see what could be improved, and one of the suggestions that
came up was to "document downtimes of one hour or longer" and
generally improve communications around monitoring. The latter is
still on the sysadmin roadmap, but a status page seemed like a
good solution for the former.
We already have two monitoring tools in the sysadmin team: Icinga
(a fork of Nagios) and Prometheus, with Grafana
dashboards. But those are hard to understand for users. Worse, they
also tend to generate false positives, and don't clearly show users
which issues are critical.
In the end, a manually curated dashboard provides important usability
benefits over an automated system, and all major organisations have
one.
Picking the right tool
It wasn't my first foray in status page design. In another life, I had
setup a status page using a tool called Cachet. That was already
a great improvement over the previous solutions, which were to use
first a wiki and then a blog to post updates. But Cachet is a complex
Laravel app, which also requires a web browser to update. It
generally requires more maintenance than what we'd like, needing silly
things like a SQL database and PHP web server.
So when I found cstate, I was pretty excited. It's basically a
theme for the Hugo static site generator, which means that it's a
set of HTML, CSS, and a sprinkle of Javascript. And being based on
Hugo means that the site is generated from a set of Markdown
files and the result is just plain HTML that can be hosted on any web
server on the planet.
Deployment
At first, I wanted to deploy the site through GitLab CI, but at
that time we didn't have GitLab pages set up. Even though we do have
GitLab pages set up now, it's not (yet) integrated with our
mirroring infrastructure. So, for now, the source is hosted and built
in our legacy git and Jenkins services.
It is nice to have the content hosted in a git repository: sysadmins can just
edit Markdown in the git repository and push to deploy changes, no web browser
required. And it's trivial to setup a local environment to preview changes:
hugo serve --baseUrl=http://localhost/
firefox https://localhost:1313/
Only the sysadmin team and gitolite administrators have access to the
repository, at this stage, but that could be improved if
necessary. Merge requests can also be issued on the GitLab
repository and then pushed by authorized personnel later on,
naturally.
Availability
One of the concerns I have is that the site is hosted inside our normal mirror
infrastructure. Naturally, if an outage occurs there, the site goes down. But
I figured it's a bridge we'll cross when we get there. Because it's so easy to
build the site from scratch, it's actually trivial to host a copy of the site
on any GitLab server, thanks to the .gitlab-ci.yml file shipped (but not
currently used) in the repository. If push comes to shove, we can just publish
the site elsewhere and point DNS there.
And, of course, if DNS fails us, then we're in trouble, but that's the
situation anyway: we can always register a new domain name for the status page
when we need to. It doesn't seem like a priority at the moment.
Comments and feedback are welcome!
I wrote for LWN for about two years. During that
time, I wrote (what seems to me an impressive) 34
articles, but I always had a pile of ideas in the back of my
mind. Those are ideas, notes, and scribbles lying around. Some were
just completely abandoned because they didn't seem a good fit for LWN.
Concretely, I stored those in branches in a git repository, and used
the branch name (and, naively, the last commit log) as indicators of
the topic.
This was the state of affairs when I left:
remotes/private/attic/novena 822ca2bb add letter i sent to novena, never published
remotes/private/attic/secureboot de09d82b quick review, add note and graph
remotes/private/attic/wireguard 5c5340d1 wireguard review, tutorial and comparison with alternatives
remotes/private/backlog/dat 914c5edf Merge branch 'master' into backlog/dat
remotes/private/backlog/packet 9b2c6d1a ham radio packet innovations and primer
remotes/private/backlog/performance-tweaks dcf02676 config notes for http2
remotes/private/backlog/serverless 9fce6484 postponed until kubecon europe
remotes/private/fin/cost-of-hosting 00d8e499 cost-of-hosting article online
remotes/private/fin/kubecon f4fd7df2 remove published or spun off articles
remotes/private/fin/kubecon-overview 21fae984 publish kubecon overview article
remotes/private/fin/kubecon2018 1edc5ec8 add series
remotes/private/fin/netconf 3f4b7ece publish the netconf articles
remotes/private/fin/netdev 6ee66559 publish articles from netdev 2.2
remotes/private/fin/pgp-offline f841deed pgp offline branch ready for publication
remotes/private/fin/primes c7e5b912 publish the ROCA paper
remotes/private/fin/runtimes 4bee1d70 prepare publication of runtimes articles
remotes/private/fin/token-benchmarks 5a363992 regenerate timestamp automatically
remotes/private/ideas/astropy 95d53152 astropy or python in astronomy
remotes/private/ideas/avaneya 20a6d149 crowdfunded blade-runner-themed GPLv3 simcity-like simulator
remotes/private/ideas/backups-benchmarks fe2f1f13 review of backup software through performance and features
remotes/private/ideas/cumin 7bed3945 review of the cumin automation tool from WM foundation
remotes/private/ideas/future-of-distros d086ca0d modern packaging problems and complex apps
remotes/private/ideas/on-dying a92ad23f another dying thing
remotes/private/ideas/openpgp-discovery 8f2782f0 openpgp discovery mechanisms (WKD, etc), thanks to jonas meurer
remotes/private/ideas/password-bench 451602c0 bruteforce estimates for various password patterns compared with RSA key sizes
remotes/private/ideas/prometheus-openmetrics 2568dbd6 openmetrics standardizing prom metrics enpoints
remotes/private/ideas/telling-time f3c24a53 another way of telling time
remotes/private/ideas/wallabako 4f44c5da talk about wallabako, read-it-later + kobo hacking
remotes/private/stalled/bench-bench-bench 8cef0504 benchmarking http benchmarking tools
remotes/private/stalled/debian-survey-democracy 909bdc98 free software surveys and debian democracy, volunteer vs paid work
Wow, what a mess! Let's see if I can make sense of this:
Attic
Those are articles that I thought about, then finally rejected, either
because it didn't seem worth it, or my editors rejected it, or I just
moved on:
novena: the project is ooold now, didn't seem to fit a LWN
article. it was basically "how can i build my novena now" and "you
guys rock!" it seems like the MNT Reform is the brain child of
the Novena now, and I dare say it's even cooler!
secureboot: my LWN editors were critical of my approach, and
probably rightly so - it's a really complex subject and I was
probably out of my depth... it's also out of date now, we did
manage secureboot in Debian
wireguard: LWN ended up writingextensive coverage, and
I was biased against Donenfeld because of conflicts in a previous
project
Backlog
Those were articles I was planning to write about next.
dat: I already had written Sharing and archiving data sets with
Dat, but
it seems I had more to say... mostly performance issues, beaker, no
streaming, limited adoption... to be investigated, I guess?
packet: a primer on data communications over ham radio, and the
cool new tech that has emerged in the free software world. those
are mainly notes about Pat, Direwolf, APRS and so
on... just never got around to making sense of it or really using
the tech...
performance-tweaks: "optimizing websites at the age of http2",
the unwritten story of the optimization of this website with HTTP/2
and friends
serverless: god. one of the leftover topics at Kubecon, my notes
on this were thin, and the actual subject, possibly even
thinner... the only lie worse than the cloud is that there's no
server at all! concretely, that's a pile of notes about
Kubecon which I wanted to sort
through. Probably belongs in the attic now.
Fin
Those are finished articles, they were published on my website and
LWN, but the branches were kept because previous drafts had private
notes that should not be published.
backups-benchmarks: review of backup software through performance
and features, possibly based on those benchmarks, maybe based
on this list from restic although they refused
casync. benchmark articles are hard though, especially when
you want to "cover them all"... I did write a silly Attic vs
Bup back when those programs existed (2014), in a related
note...
ideas/on-dying: "what happens when a hacker dies?" rather grim
subject, but a more and more important one... joeyh has ideas
again, phk as well, then there's a protocol for dying
(really grim)... then there are site policies like GitHub,
Facebook, etc... more in the branch, but that one I can't help but
think about now that family has taken a bigger place in my life...
ideas/openpgp-discovery: OpenPGP discovery mechanisms (WKD, etc),
suggested by Jonas Meurer (somewhere?), only links to
Mailveloppe, LEAP, WKD (or is it WKS?), another
standard, probably would need to talk about OpenPGP CA now
and how Debian and Tor manage their keyrings... pain in the back.
ideas/password-bench: bruteforce estimates for various password
patterns compared with RSA key sizes, spinoff of my smartcard
article, in
the crypto-bench, look at this shiny graph, surely that
must mean an article, right?
ideas/prometheus-openmetrics: "Evolving the Prometheus exposition
format into a standard", seems like this happened
ideas/telling-time: telling time to users is hard. xclock vs
ttyclock, etc. maybe gameclock and undertime as well? syncing time
is hard, but it turns out showing it is non trivial as
well... basically turning this bug report into an article. for
some reason I linked to this meme, derived from this
meme, presumably a premonition of my stupid idea of writing
undertime TIMEZONES!
ideas/wallabako: "talk about wallabako, read-it-later + kobo
hacking", that's it, not even a link to the project!
A lot of those branches were actually just an empty commit, with the
commitlog being the "pitch", more or less. I'd send that list to my
editors, sometimes with a few more links (basically the above), and
they would nudge me one way or the other.
Sometimes they would actively discourage me to write about something,
and I would do it anyways, send them a draft, and they would patiently
make me rewrite it until it was a decent article. This was especially
hard with the terminal emulatorseries, which took forever to
write and even got my editors upset when they realized I had never
installed Fedora (I ended up installing it, and I was proven wrong!)
Stalled
Oh, and then there's those: those are either "ideas" or "backlog" that
got so far behind that I just moved them out of the way because I was
tired of seeing them in my list.
stalled/bench-bench-bench benchmarking http benchmarking tools, a
horrible mess of links, copy-paste from terminals, and ideas about
benchmarking... some of this trickled out into this benchmarking
guide at Tor, but not much more than the list of tools
stalled/debian-survey-democracy: "free software surveys and
Debian democracy, volunteer vs paid work"... A long standing
concern of mine is that all Debian work is supposed to be
volunteer, and paying explicitly for work inside Debian has
traditionally been frowned upon, even leading to serious drama and
dissent (remember Dunc-Tank)? back when I was writing for LWN,
I was also doing paid work for Debian LTS. I also learned
that a lot (most?) Debian Developers were actually being paid by
their job to work on Debian. So I was confused by this apparent
contradiction, especially given how the LTS project has been mostly
accepted, while Dunc-Tank was not... See also this talk at Debconf
16. I had hopes that this study would show the "hunch"
people have offered (that most DDs are paid to work on Debian) but
it seems to show the reverse (only 36% of DDs, and 18% of all
respondents paid). So I am still confused and worried about the
sustainability of Debian.
What do you think?
So that's all I got. As people might have noticed here, I have much
less time to write these days, but if there's any subject in there I
should pick, what is the one that you would find most interesting?
Oh! and I should mention that you can write to LWN! If you think
people should know more about some Linux thing, you can get paid to
write for it! Pitch it to the editors, they won't bite. The worst
that can happen is that they say "yes" and there goes two years of
your life learning to write. Because no, you don't know how to write,
no one does. You need an editor to write.
That's why this article looks like crap and has a smiley.
Here s my (eighteenth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 27th month of active contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
This month was a bit exhausting; lots of moving parts. With the financial year ending, it was even more crazy, with me running around to banks, CA, et al.
Anyway, with now working on Ubuntu full-time, I did little of Debian this month. Here are the following things I worked on:
Filed bug #985314 against asterisk (systemd misconfiguration) and added a patch as well.
Filed bug #985421 against at (add DEP8 tests) and added a patch as well.
Other $things:
Attended the Debian LTS team meeting.
Mentoring for newcomers.
Moderation of -project mailing list.
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my eighteenth month as a Debian LTS and ninth month as a Debian ELTS paid contributor.
I was assigned 60.00 hours for LTS and 39.00 hours for ELTS and worked on the following things:
LTS CVE Fixes and Announcements:
Issued DLA 2580-1, fixing CVE-2021-21311, for adminer.
For Debian 9 stretch, these problems have been fixed in version 4.2.5-3+deb9u2.
Issued DLA 2581-1, fixing CVE-2021-27803, for wpa.
For Debian 9 stretch, these problems have been fixed in version 2:2.4-1+deb9u9.
Issued DLA 2585-1, fixing CVE-2020-13848, for libupnp.
For Debian 9 stretch, these problems have been fixed in version 1:1.6.19+git20160116-1.2+deb9u1.
Issued DLA 2589-2, fixing regression caused by DLA 2589-1, for mupdf.
For Debian 9 stretch, these problems have been fixed in version 1.9a+ds1-4+deb9u7.
Issued DLA 2598-1, fixing CVE-2020-25097, for squid3.
For Debian 9 stretch, these problems have been fixed in version 3.5.23-5+deb9u6.
Marked CVE-2021-21330/python-aiohttp as not-affected for stretch.
Marked CVE-2021-20233, CVE-2021-20225, CVE-2020-27779, CVE-2020-27778, CVE-2020-27749, CVE-2020-27748, CVE-2020-25647, CVE-2020-25632, CVE-2020-25631, and CVE-2020-14372, affecting grub2, as ignored for stretch and jessie.
Marked CVE-2020-27842/openjpeg2 as no-dsa for jessie.
Marked CVE-2020-27843/openjpeg2 as no-dsa for jessie.
Marked CVE-2021-28041/openssh as not-affect for jessie.
Marked CVE-2020-3552 3,4 /tiff as no-dsa for jessie.
Marked CVE-2021-20201/spice as no-dsa for jessie.
Marked CVE-2020-11988/xmlgraphics-commons as postponed for jessie.
Marked CVE-2020-11987/batik as postponed for jessie.
Marked CVE-2020-12695/libupnp as no-dsa for stretch.
Marked CVE-2021-25122/tomcat7 as not-affected for stretch.
Marked CVE-2021-25329/tomcat7 as ignored for stretch.
Marked CVE-2021-28116/squid3 as postponed for stretch and jessie.
Marked CVE-2021-3449/openssl as not-affected for stretch.
Document extra notes for grub2 for LTS and co-ordinate with the sec-team.
Document extra notes for pillow about piled-up issues in jessie.
Issued DLA-2593-1 for ca-certificates on Microsoft s request; co-ordinating w/ them.
Co-ordinating w/ maintainer of courier-authlib for stretch and jessie update.
Fixing build failures of ELTS security tracker and re-ordering entries in data/CVE-EXTENDED-LTS/list file.
Answer queries of dupondje and mikap about openssl on IRC; and it being not-affected for stretch.
Help review the status of CVE-2021-3121/golang-github-gogo-protobuf-dev for Ola.
Co-ordinating w/ Noah for cloud-init and setuptools.
Auto EOL ed mongodb, linux, guacamole-client, node-xmlhttprequest, newlib, neutron, privoxy, glpi, and zabbix for jessie.
Attended monthly meeting for Debian LTS.
Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
Google Pixel phones support what they call Motion Photo which is essentially a photo with a short video clip attached to it. They are quite nice since they bring the moment alive, especially as the capturing of the video starts a small moment before the shutter button is pressed. For most viewing programs they simply show as static JPEG photos, but there is more to the files. I d really love proper Shotwell support for these file formats, so I posted a longish explanation with many of the details in this blog post to a ticket there too. Examples of the newer format are linked there too.
There are actually two different formats, an old one that is already obsolete, and a newer current format. The older ones are those that your Pixel phone recorded as MVIMG_[datetime].jpg", and they have the following meta-data:
The offset is actually from the end of the file, so one needs to calculate accordingly. But it is exact otherwise, so one simply extract a file with that meta-data information:
#!/bin/bash # # Extracts the microvideo from a MVIMG_*.jpg file
# The offset is from the ending of the file, so calculate accordingly offset=$(exiv2 -p X "$1" grep MicroVideoOffset sed 's/.*\"\(.*\)"/\1/') filesize=$(du --apparent-size --block=1"$1" sed 's/^\([0-9]*\).*/\1/') extractposition=$(expr $filesize - $offset) echo offset: $offset echo filesize: $filesize echoextractposition=$extractposition dd if="$1"skip=1bs=$extractpositionof="$(basename -s .jpg $1).mp4"
The newer format is recorded in filenames called PXL_[datetime].MP.jpg , and they have a _lot_ of additional metadata:
Sounds like fun and lots of information. However I didn t see why the length in first item is 0 and I didn t see how to use the latter Length info. But I can use the mp4 headers to extract it:
#!/bin/bash # # Extracts the motion part of a MotionPhoto file PXL_*.MP.mp4
extractposition=$(grep --binary --byte-offset --only-matching --text \ -P "\x00\x00\x00\x18\x66\x74\x79\x70\x6d\x70\x34\x32"$1 sed 's/^\([0-9]*\).*/\1/')
UPDATE: I wrote most of this blog post earlier. When now actually getting to publishing it a week later, I see the obvious ie the Length is again simply the offset from the end of the file so one could do the same less brute force approach as for MVIMG. I ll leave the above as is however for the of binary grepping.(cross-posted to my other blog)
Freedom house puts India in partly free
Just couple of days ago, freedom house published its 2020 rankings for all countries including India. While freedom house shared how democracy in the world has weakened, India chose to take offense about it being called partly free .
India, leader in Internet shutdowns Access Now (copyright)
The above illustration is shared by accessnow . The next big ones who have Internet shutdowns are Yemen 6 and Ethiopia 4. Such internet shutdowns have and will have sad repercussions as would share in another story as well.
Color-coding journalists
A story was broken by caravan magazine yesterday and which was followed by newslaundry which shows how the Govt. is looking to just drive some narrative, does not matter whether it s true or false, it should just show that the Govt. is right and others are all wrong. As can be seen, almost all reporters barring a few have kept silent rather than refuting statements attributed to them or happenings which didn t happen. And this goes to a much larger narrative and disinformation route taken by the Govt. which doesn t have any semblance to the truth or reality as people know it. I would illustrate couple of examples below which shares that. In all my young and even adult-life I hadn t seen a Govt. this much against its own people.
Omega Seiki puts a manufacturing plant in Bangladesh
Now Omega Seiki is an Indian vendor who chose or had to go to manufacture their electric vehicles in Bangladesh. Now while this is a slightly old story this was broken on social media recently. Everybody starting blaming both the vendor and saying we should break FTA (Free Trade Agreement) with Bangladesh, not knowing that despite the FTA, India has put tariff barriers between India and Bangladesh. I had to share research from Brookings to show where India has been losing. Of course, those who don t want to see, wouldn t see anything wrong in the picture.
Teen raped, asked to marry the accused when she turns 18
Now you may see the above headlines and feel it is ridiculous, but the fact is that these orders were put or given by Madras High Court couple of months back. This was then reported by both Livelaw and BarandBench respectively. Now to be truthful, this news didn t make much noise as it should have, probably as I had shared previously that the Govt. wants to lower the marriageable age to 15 or even less. And this is despite all the medical evidence on the contrary, because it assuages this Govt s masculinity. There is also the very recent case where the SC CJI asked the rapist if he is willing to marry a girl who was underage when she reaches maturity. Another one in which it seems martial rape is not a crime according to the CJI. So it seems these are the state of things in which India finds itself today. There are judges like Vrinda Grover who do question CJI but they are few and there are costs to them who ask questions.
Although, as shared this news was overtaken by other news and would have remained so, if not one of the leaders of the present Govt. , a Ramesh Jarkiholi, who hails from Belagavi region of north Karnataka was caught in a sex CD scandal basically asking sexual favors for a permanent Govt. job. He had made statements after the Madras High Court case applauding the judgement given by the judge. While, due to public pressure he had to resign, but not before stating that he had everybody blue films including the Chief Minister of the State. And sad to report that six Karnataka Ministers rushed today or rather yesterday to put a petition in the civil court to restrain media from airing/printing/publishing any defamatory content against them. The court has granted a media gag against 68 media houses for the same. Sadly, the recent happening only reinforce what has been happening in Karnataka since a decade.
Update 07/03/2021 Seems yesterday another 10 odd ministers rushed to get the same order.
Seems different laws apply to politicians vis-a-vis others. A recent example of Rhea Chakravarthy, an actress and girlfriend of Sushant Singh who was hounded in his suicide case and many accusations made on TV but no evidence till date. From what we know as facts, Sushant committed suicide as he was not getting work due to cronyism in Bollywood. In fact, those who were behind it have white-washed themselves, deleted their tweets etc. and while the public knows, no accountability on them. In fact, there is and was so much that I wanted to share as to what has been happening to women, sadly and thankfully arre did the needful for me. They wrote an entire article which tells what the situation for women in India today is. And if you are wondering why I said, that is because when a site which was made exclusively for people to laugh and have a good time and get relief, when they start writing serious articles, you can be sure that things have gone horribly wrong
Asking Tesla to come to India and at the same time ambivalent on battery
Recently, Mr. Nitin Gadkari, a prominent minister of the present Govt. invited Tesla and gave all sorts of incentives to start a manufacturing plant here in India. And while it seems that Tesla has accepted, looking at the Vodafone case, hopefully Tesla does make such contracts where if something goes wrong and they need to sue the Govt. they can do it in States or elsewhere. The way the Govt. acted in the Vodafone case had been a dampener to any MNC investments so far. Although to be fair to both Tesla and GOI, the basic models even if they are manufactured in India will go to less than 1% of the population. The cheapest Tesla Model Y which retails in the U.S. for USD 40k would be around INR 30 lakh. And this is their cheapest car to date. I do know there are rumors of the 25k but that is probably 2-3 years away as shared by Tesla China President Tom Zhu in an interview shared on YT.
https://www.youtube.com/watch?v=aH5leMWFBxI
There are couple of interesting comments being made. The fact that China is going to fully open its automobile market to western companies shows how confident China feels about their own vendors. And I m not much impressed about Tesla as I am about the tiny car revolution happening in China. India, if it wanted to, could learn many lessons from China. Even the electric buses they had started in 2010 itself where people in our auto industry thought it was all a fad. Sadly, we are missing most of the technology and if and by the time Tesla starts a production line, dunno where we could get our lithium. India hasn t been as aggressive as other countries when it comes to securing raw natural resources in other countries, as some other countries have.
Even besides that, it has been tough when you have so many people who still believe that ICE vehicles (Internal Combustion Engines) are better than EV s and even if they know they choose to believe the propaganda. Couple of months ago a young UK girl who had died due to asthma, an inquest found that air pollution was a factor. The girl s name was Ella Adoo-Kissi-Debrah. This is the first case where the doctor ruled air pollution as a chief factor in a person s death. Probably first of its kind of ruling anywhere in the world. I also shared TCO studies between BEV and ICE vehicles done by people who are considering an electric vehicle but those studies seem to fall on deaf ears.
Starlink
This is another of Elon Musk s ventures and would be a money spinner for sure in around the globe. While Starlink has asked TRAI for permission, I don t think they will get it. There is also Bharti Global s Oneweb which probably has a better chance of getting permissions. The reason is censorship. As shared above, India is now a leader in Internet shutdowns and do see this trend only accelerate rather than go the other way around. For people who don t remember, remember how satellite phones were made illegal even though only businessmen could afford it. And this was just 5 years ago.
As shared Oneweb would have better shot as they would accept all Government directives without a second thought. Unless Starlink gives a binding to the Govt. to be a willing partner when it wants to have internet shutdowns, it will not work. Now how Elon approaches that is to be seen and known. FWIW, you can t access Starlink webpage on BSNL broadband. My broadband provider gives at the most 300 kbps and sometimes, at late nights or early mornings, around 500 kbps.
Farmer Protests
Lastly, farmer protests have entered 100 days. In the interim, Vivek Kaul, an economist took stock of the Bihar APMC to see if things have really worked as the Govt. supporters were telling. The investigation and the results didn t inspire the confidence as the Govt. said. The sad part is though, that nowadays nobody, at least those in power as well as those who are supporters are keen to read, understand and even argue otherwise. They are all happy with whatsapp knowledge. Till date 200+ people have died in the farmer protests. All mainstream media houses have stopped talking about farmers in the hope that they will disappear. At the end of the day the Govt. wants that the corporates should win at whatever the cost.
Here s my (seventeenth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 26th month of active contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
This month was a nice mix of amusement, excitement, nervousness, and craziness. More on it below.
Anyway, whilst I was super-insanely busy this month, I still did some Debian stuff here and there. Here are the following things I worked on:
Sponsored ruby-rspec-stubbed-env for C dric Boutillier, heh :P
Interesting Bits!
Last month, I wrote:
Besides, there s something more that is in the pipelines. Can t talk about it now, shh. But
hopefully very sooooooon!
And now I can talk about it! So here it is..
I ve joined Canonical as a SDE to work on Ubuntu, full time!!! \o/
Fully remote + dream job/work + most of the work is in the open-source domain + the beessstttt co-workers one could ever ask for!
It s been an amazing time so far and I ll talk more about it later this month.
But for now, here s our team monitor selfie (with Rick missing because of his secret plan ! ) We ll soon e-meet them in a more detailed manner in the next blog post, that is, later this month!
In another exciting news, I got 2 more CVEs assigned!!! \o/
No, it is not something that I found, it was discovered by Tavis Ormandy. I just assigned
them a CVE ID, CVE-2021-26937
for screen and CVE-2021-27135 for xterm.
This is my 2nd and 3rd, so I am (still) very excited about this! ^_^
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my sixteenth month as a Debian LTS and seventh month as a Debian ELTS paid contributor.
I was assigned 60.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:
(however, I had overworked for 9 hours for both, LTS and ELTS, last month so I had to work for 51 hours for both this month!)
I ve mentioned in the past my twisted EE network setup from when I moved in to my current house. The 4GEE WiFi Mini (also known as the EE Osprey 2 Mini or the EE40VB, and actually a rebadged Alcatel Y853VB) has been sitting unused since then, so I figured I d see about trying to get a shell on it.
TL;DR: Of course it s running Linux, there s a couple of test points internally which bring out the serial console, but after finding those and logging in I discovered it s running ADB on port 5555 quite happily available without authentication both via wifi and the USB port. So if you have physical or local network access, instant root shell. Well done, folks. And then I bricked it before I could do anything more interesting.
There s a lack of information about this device out there - most of the links I can find are around removing the SIM lock - so I thought I d document the pieces I found just in case anyone else is trying to figure it out. It s based around a Qualcomm MDM9607 SoC, paired with 64M RAM and 256M NAND flash. Wifi is via an RTL8192ES. Kernel is 3.18.20. Busybox is v1.23.1. It s running dnsmasq but I didn t grab the version. Of course there s no source or offer of source provided.
Taking it apart is fairly easy. There s a single screw to remove, just beside the SIM slot. The coloured rim can then be carefully pried away from the back, revealing the battery. There are then 4 screws in the corners which need removed in order to be able to lift out the actual PCB and gain access to the serial console test points.
My mistake was going poking around trying to figure out where the updates are downloaded from - I know I m running a slightly older release than what s current, and the device can do an automatic download + update. Top tip; don t run Jrdrecovery. It ll error on finding /cache/update.zip and wipe the main partition anyway. That ll leave you in a boot loop where the device boots the recovery partition which tries to install /cache/update.zip which of course still doesn t exist.
So. Where next? First, I need to get the device into a state where I can actually do something other than watch it boot into recovery, fail to flash and reboot. Best guess at present is to try and get it to enter the Qualcomm EDL (Emergency Download) mode. That might be possible with a custom USB cable that grounds D+ on boot. Alternatively I need to probe some of the other test points on the PCB and see if grounding any of those helps enter EDL mode. I then need a suitable firehose OEM-signed programmer image. And then I need to actually get hold of a proper EE40VB firmware image, either via one of the OTA update files or possibly via an Alcatel ADSU image (though no idea how to get hold of one, other than by posting to a random GSM device forum and hoping for the kindness of strangers). More updates if/when I make progress
Qualcomm bootloader log
Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1.2-00053
S - IMAGE_VARIANT_STRING=LAATANAZA
S - OEM_IMAGE_VERSION_STRING=linux3
S - Boot Config, 0x000002e1
B - 105194 - SBL1, Start
D - 61885 - QSEE Image Loaded, Delta - (451964 Bytes)
D - 30286 - RPM Image Loaded, Delta - (151152 Bytes)
B - 459330 - Roger:boot_jrd_oem_main
B - 461526 - Welcome to key_check_poweron!!!
B - 466436 - REG0x00, rc=47
B - 469120 - REG0x01, rc=1f
B - 472018 - REG0x02, rc=1c
B - 474885 - REG0x03, rc=47
B - 477782 - REG0x04, rc=b2
B - 480558 - REG0x05, rc=
B - 483272 - REG0x06, rc=9e
B - 486139 - REG0x07, rc=
B - 488854 - REG0x08, rc=a4
B - 491721 - REG0x09, rc=80
B - 494130 - bq24295_probe: vflt/vsys/vprechg=0mV/0mV/0mV, tprechg/tfastchg=0Min/0Min, [0C, 0C]
B - 511546 - come to calculate vol and temperature!!
B - 511637 - ##############battery_core_convert_vntc: NTC_voltage=1785690
B - 517280 - battery_core_convert_vntc: <-44C, 1785690uV>, present=0
B - 529358 - bq24295_set_current_limit: setting=0mA, mode=-1, input/fastchg/prechg/termchg=-1mA/0mA/0mA/0mA
B - 534360 - bq24295_set_charge_current, rc=0,reg_val=0,i=0
B - 539636 - bq24295_enable_charge: setting=0, chg_enable=-1, otg_enable=0
B - 546072 - bq24295_enable_charging: enable_charging=0
B - 552172 - bq24295_set_current_limit: setting=0mA, mode=-1, input/fastchg/prechg/termchg=-1mA/0mA/0mA/0mA
B - 561566 - bq24295_set_charge_current, rc=0,reg_val=0,i=0
B - 567056 - bq24295_enable_charge: setting=0, chg_enable=0, otg_enable=0
B - 579286 - come to calculate vol and temperature!!
B - 579378 - ##############battery_core_convert_vntc: NTC_voltage=1785777
B - 585539 - battery_core_convert_vntc: <-44C, 1785777uV>, present=0
B - 597617 - charge_main: battery is plugout!!
B - 597678 - Welcome to pca955x_probe!!!
B - 601063 - pca955x_probe: PCA955X probed successfully!
D - 27511 - APPSBL Image Loaded, Delta - (179348 Bytes)
B - 633271 - QSEE Execution, Start
D - 213 - QSEE Execution, Delta
B - 638944 - >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Start writting JRD RECOVERY BOOT
B - 650107 - >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Start writting RECOVERY BOOT
B - 653218 - >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>read_buf[0] == 0
B - 659044 - SBL1, End
D - 556137 - SBL1, Delta
S - Throughput, 2000 KB/s (782884 Bytes, 278155 us)
S - DDR Frequency, 240 MHz
littlekernel aboot log
Android Bootloader - UART_DM Initialized!!!
[0] welcome to lk
[0] SCM call: 0x2000601 failed with :fffffffc
[0] Failed to initialize SCM
[10] platform_init()
[10] target_init()
[10] smem ptable found: ver: 4 len: 17
[10] ERROR: No devinfo partition found
[10] Neither 'config' nor 'frp' partition found
[30] voltage of NTC is 1789872!
[30] voltage of BAT is 3179553!
[30] usb present is 1!
[30] Loading (boot) image (4171776): start
[530] Loading (boot) image (4171776): done
[540] DTB Total entry: 25, DTB version: 3
[540] Using DTB entry 0x00000129/00010000/0x00000008/0 for device 0x00000129/00010000/0x00010008/0
[560] JRD_CHG_OFF_FEATURE!
[560] come to jrd_target_pause_for_battery_charge!
[570] power_on_status.hard_reset = 0x0
[570] power_on_status.smpl = 0x0
[570] power_on_status.rtc = 0x0
[580] power_on_status.dc_chg = 0x0
[580] power_on_status.usb_chg = 0x0
[580] power_on_status.pon1 = 0x1
[590] power_on_status.cblpwr = 0x0
[590] power_on_status.kpdpwr = 0x0
[590] power_on_status.bugflag = 0x0
[590] cmdline: noinitrd rw console=ttyHSL0,115200,n8 androidboot.hardware=qcom ehci-hcd.park=3 msm_rtb.filter=0x37 lpm_levels.sleep_disabled=1 earlycon=msm_hsl_uart,0x78b3000 androidboot.serialno=7e6ba58c androidboot.baseband=msm rootfstype=ubifs rootflags=b
[620] Updating device tree: start
[720] Updating device tree: done
[720] booting linux @ 0x80008000, ramdisk @ 0x80008000 (0), tags/device tree @ 0x81e00000
Linux kernel console boot log
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Linux version 3.18.20 (linux3@linux3) (gcc version 4.9.2 (GCC) ) #1 PREEMPT Thu Aug 10 11:57:07 CST 2017
[ 0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c53c7d
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[ 0.000000] Machine model: Qualcomm Technologies, Inc. MDM 9607 MTP
[ 0.000000] Early serial console at I/O port 0x0 (options '')
[ 0.000000] bootconsole [uart0] enabled
[ 0.000000] Reserved memory: reserved region for node 'modem_adsp_region@0': base 0x82a00000, size 56 MiB
[ 0.000000] Reserved memory: reserved region for node 'external_image_region@0': base 0x87c00000, size 4 MiB
[ 0.000000] Removed memory: created DMA memory pool at 0x82a00000, size 56 MiB
[ 0.000000] Reserved memory: initialized node modem_adsp_region@0, compatible id removed-dma-pool
[ 0.000000] Removed memory: created DMA memory pool at 0x87c00000, size 4 MiB
[ 0.000000] Reserved memory: initialized node external_image_region@0, compatible id removed-dma-pool
[ 0.000000] cma: Reserved 4 MiB at 0x87800000
[ 0.000000] Memory policy: Data cache writeback
[ 0.000000] CPU: All CPU(s) started in SVC mode.
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 17152
[ 0.000000] Kernel command line: noinitrd rw console=ttyHSL0,115200,n8 androidboot.hardware=qcom ehci-hcd.park=3 msm_rtb.filter=0x37 lpm_levels.sleep_disabled=1 earlycon=msm_hsl_uart,0x78b3000 androidboot.serialno=7e6ba58c androidboot.baseband=msm rootfstype=ubifs rootflags=bulk_read root=ubi0:rootfs ubi.mtd=16
[ 0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[ 0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[ 0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[ 0.000000] Memory: 54792K/69632K available (5830K kernel code, 399K rwdata, 2228K rodata, 276K init, 830K bss, 14840K reserved)
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xffc00000 - 0xfff00000 (3072 kB)
[ 0.000000] vmalloc : 0xc8800000 - 0xff000000 ( 872 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xc8000000 ( 128 MB)
[ 0.000000] modules : 0xbf000000 - 0xc0000000 ( 16 MB)
[ 0.000000] .text : 0xc0008000 - 0xc07e6c38 (8060 kB)
[ 0.000000] .init : 0xc07e7000 - 0xc082c000 ( 276 kB)
[ 0.000000] .data : 0xc082c000 - 0xc088fdc0 ( 400 kB)
[ 0.000000] .bss : 0xc088fe84 - 0xc095f798 ( 831 kB)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] Preemptible hierarchical RCU implementation.
[ 0.000000] NR_IRQS:16 nr_irqs:16 16
[ 0.000000] GIC CPU mask not found - kernel will fail to boot.
[ 0.000000] GIC CPU mask not found - kernel will fail to boot.
[ 0.000000] mpm_init_irq_domain(): Cannot find irq controller for qcom,gpio-parent
[ 0.000000] MPM 1 irq mapping errored -517
[ 0.000000] Architected mmio timer(s) running at 19.20MHz (virt).
[ 0.000011] sched_clock: 56 bits at 19MHz, resolution 52ns, wraps every 3579139424256ns
[ 0.007975] Switching to timer-based delay loop, resolution 52ns
[ 0.013969] Switched to clocksource arch_mem_counter
[ 0.019687] Console: colour dummy device 80x30
[ 0.023344] Calibrating delay loop (skipped), value calculated using timer frequency.. 38.40 BogoMIPS (lpj=192000)
[ 0.033666] pid_max: default: 32768 minimum: 301
[ 0.038411] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.044902] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.052445] CPU: Testing write buffer coherency: ok
[ 0.057057] Setting up static identity map for 0x8058aac8 - 0x8058ab20
[ 0.064242]
[ 0.064242] **********************************************************
[ 0.071251] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
[ 0.077817] ** **
[ 0.084302] ** trace_printk() being used. Allocating extra memory. **
[ 0.090781] ** **
[ 0.097320] ** This means that this is a DEBUG kernel and it is **
[ 0.103802] ** unsafe for produciton use. **
[ 0.110339] ** **
[ 0.116850] ** If you see this message and you are not debugging **
[ 0.123333] ** the kernel, report this immediately to your vendor! **
[ 0.129870] ** **
[ 0.136380] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
[ 0.142865] **********************************************************
[ 0.150225] MSM Memory Dump base table set up
[ 0.153739] MSM Memory Dump apps data table set up
[ 0.168125] VFP support v0.3: implementor 41 architecture 2 part 30 variant 7 rev 5
[ 0.176332] pinctrl core: initialized pinctrl subsystem
[ 0.180930] regulator-dummy: no parameters
[ 0.215338] NET: Registered protocol family 16
[ 0.220475] DMA: preallocated 256 KiB pool for atomic coherent allocations
[ 0.284034] cpuidle: using governor ladder
[ 0.314026] cpuidle: using governor menu
[ 0.344024] cpuidle: using governor qcom
[ 0.355452] msm_watchdog b017000.qcom,wdt: wdog absent resource not present
[ 0.361656] msm_watchdog b017000.qcom,wdt: MSM Watchdog Initialized
[ 0.371373] irq: no irq domain found for /soc/pinctrl@1000000 !
[ 0.381268] spmi_pmic_arb 200f000.qcom,spmi: PMIC Arb Version-2 0x20010000
[ 0.389733] platform 4080000.qcom,mss: assigned reserved memory node modem_adsp_region@0
[ 0.397409] mem_acc_corner: 0 <--> 0 mV
[ 0.401937] hw-breakpoint: found 5 (+1 reserved) breakpoint and 4 watchpoint registers.
[ 0.408966] hw-breakpoint: maximum watchpoint size is 8 bytes.
[ 0.416287] __of_mpm_init(): MPM driver mapping exists
[ 0.420940] msm_rpm_glink_dt_parse: qcom,rpm-glink compatible not matches
[ 0.427235] msm_rpm_dev_probe: APSS-RPM communication over SMD
[ 0.432977] smd_open() before smd_init()
[ 0.437544] msm_mpm_dev_probe(): Cannot get clk resource for XO: -517
[ 0.445730] smd_channel_probe_now: allocation table not initialized
[ 0.453100] mdm9607_s1: 1050 <--> 1350 mV at 1225 mV normal idle
[ 0.458566] spm_regulator_probe: name=mdm9607_s1, range=LV, voltage=1225000 uV, mode=AUTO, step rate=4800 uV/us
[ 0.468817] cpr_efuse_init: apc_corner: efuse_addr = 0x000a4000 (len=0x1000)
[ 0.475353] cpr_read_fuse_revision: apc_corner: fuse revision = 2
[ 0.481345] cpr_parse_speed_bin_fuse: apc_corner: [row: 37]: 0x79e8bd327e6ba58c, speed_bits = 4
[ 0.490124] cpr_pvs_init: apc_corner: pvs voltage: [1050000 1100000 1275000] uV
[ 0.497342] cpr_pvs_init: apc_corner: ceiling voltage: [1050000 1225000 1350000] uV
[ 0.504979] cpr_pvs_init: apc_corner: floor voltage: [1050000 1050000 1150000] uV
[ 0.513125] i2c-msm-v2 78b8000.i2c: probing driver i2c-msm-v2
[ 0.518335] i2c-msm-v2 78b8000.i2c: error on clk_get(core_clk):-517
[ 0.524478] i2c-msm-v2 78b8000.i2c: error probe() failed with err:-517
[ 0.531111] i2c-msm-v2 78b7000.i2c: probing driver i2c-msm-v2
[ 0.536788] i2c-msm-v2 78b7000.i2c: error on clk_get(core_clk):-517
[ 0.542886] i2c-msm-v2 78b7000.i2c: error probe() failed with err:-517
[ 0.549618] i2c-msm-v2 78b9000.i2c: probing driver i2c-msm-v2
[ 0.555202] i2c-msm-v2 78b9000.i2c: error on clk_get(core_clk):-517
[ 0.561374] i2c-msm-v2 78b9000.i2c: error probe() failed with err:-517
[ 0.570613] msm-thermal soc:qcom,msm-thermal: msm_thermal:Failed reading node=/soc/qcom,msm-thermal, key=qcom,core-limit-temp. err=-22. KTM continues
[ 0.583049] msm-thermal soc:qcom,msm-thermal: probe_therm_reset:Failed reading node=/soc/qcom,msm-thermal, key=qcom,therm-reset-temp err=-22. KTM continues
[ 0.596926] msm_thermal:msm_thermal_dev_probe Failed reading node=/soc/qcom,msm-thermal, key=qcom,online-hotplug-core. err:-517
[ 0.609370] sps:sps is ready.
[ 0.613137] msm_rpm_glink_dt_parse: qcom,rpm-glink compatible not matches
[ 0.619020] msm_rpm_dev_probe: APSS-RPM communication over SMD
[ 0.625773] mdm9607_s2: 750 <--> 1275 mV at 750 mV normal idle
[ 0.631584] mdm9607_s3_level: 0 <--> 0 mV at 0 mV normal idle
[ 0.637085] mdm9607_s3_level_ao: 0 <--> 0 mV at 0 mV normal idle
[ 0.643092] mdm9607_s3_floor_level: 0 <--> 0 mV at 0 mV normal idle
[ 0.649512] mdm9607_s3_level_so: 0 <--> 0 mV at 0 mV normal idle
[ 0.655750] mdm9607_s4: 1800 <--> 1950 mV at 1800 mV normal idle
[ 0.661791] mdm9607_l1: 1250 mV normal idle
[ 0.666090] mdm9607_l2: 1800 mV normal idle
[ 0.670276] mdm9607_l3: 1800 mV normal idle
[ 0.674541] mdm9607_l4: 3075 mV normal idle
[ 0.678743] mdm9607_l5: 1700 <--> 3050 mV at 1700 mV normal idle
[ 0.684904] mdm9607_l6: 1700 <--> 3050 mV at 1700 mV normal idle
[ 0.690892] mdm9607_l7: 1700 <--> 1900 mV at 1700 mV normal idle
[ 0.697036] mdm9607_l8: 1800 mV normal idle
[ 0.701238] mdm9607_l9: 1200 <--> 1250 mV at 1200 mV normal idle
[ 0.707367] mdm9607_l10: 1050 mV normal idle
[ 0.711662] mdm9607_l11: 1800 mV normal idle
[ 0.716089] mdm9607_l12_level: 0 <--> 0 mV at 0 mV normal idle
[ 0.721717] mdm9607_l12_level_ao: 0 <--> 0 mV at 0 mV normal idle
[ 0.727946] mdm9607_l12_level_so: 0 <--> 0 mV at 0 mV normal idle
[ 0.734099] mdm9607_l12_floor_lebel: 0 <--> 0 mV at 0 mV normal idle
[ 0.740706] mdm9607_l13: 1800 <--> 2850 mV at 2850 mV normal idle
[ 0.746883] mdm9607_l14: 2650 <--> 3000 mV at 2650 mV normal idle
[ 0.752515] msm_mpm_dev_probe(): Cannot get clk resource for XO: -517
[ 0.759036] cpr_efuse_init: apc_corner: efuse_addr = 0x000a4000 (len=0x1000)
[ 0.765807] cpr_read_fuse_revision: apc_corner: fuse revision = 2
[ 0.771809] cpr_parse_speed_bin_fuse: apc_corner: [row: 37]: 0x79e8bd327e6ba58c, speed_bits = 4
[ 0.780586] cpr_pvs_init: apc_corner: pvs voltage: [1050000 1100000 1275000] uV
[ 0.787808] cpr_pvs_init: apc_corner: ceiling voltage: [1050000 1225000 1350000] uV
[ 0.795443] cpr_pvs_init: apc_corner: floor voltage: [1050000 1050000 1150000] uV
[ 0.803094] cpr_init_cpr_parameters: apc_corner: up threshold = 2, down threshold = 3
[ 0.810752] cpr_init_cpr_parameters: apc_corner: CPR is enabled by default.
[ 0.817687] cpr_init_cpr_efuse: apc_corner: [row:65] = 0x15000277277383
[ 0.824272] cpr_init_cpr_efuse: apc_corner: CPR disable fuse = 0
[ 0.830225] cpr_init_cpr_efuse: apc_corner: Corner[1]: ro_sel = 0, target quot = 631
[ 0.837976] cpr_init_cpr_efuse: apc_corner: Corner[2]: ro_sel = 0, target quot = 631
[ 0.845703] cpr_init_cpr_efuse: apc_corner: Corner[3]: ro_sel = 0, target quot = 899
[ 0.853592] cpr_config: apc_corner: Timer count: 0x17700 (for 5000 us)
[ 0.860426] apc_corner: 0 <--> 0 mV
[ 0.864044] i2c-msm-v2 78b8000.i2c: probing driver i2c-msm-v2
[ 0.869261] i2c-msm-v2 78b8000.i2c: error on clk_get(core_clk):-517
[ 0.875492] i2c-msm-v2 78b8000.i2c: error probe() failed with err:-517
[ 0.882225] i2c-msm-v2 78b7000.i2c: probing driver i2c-msm-v2
[ 0.887775] i2c-msm-v2 78b7000.i2c: error on clk_get(core_clk):-517
[ 0.893941] i2c-msm-v2 78b7000.i2c: error probe() failed with err:-517
[ 0.900719] i2c-msm-v2 78b9000.i2c: probing driver i2c-msm-v2
[ 0.906256] i2c-msm-v2 78b9000.i2c: error on clk_get(core_clk):-517
[ 0.912430] i2c-msm-v2 78b9000.i2c: error probe() failed with err:-517
[ 0.919472] msm-thermal soc:qcom,msm-thermal: msm_thermal:Failed reading node=/soc/qcom,msm-thermal, key=qcom,core-limit-temp. err=-22. KTM continues
[ 0.932372] msm-thermal soc:qcom,msm-thermal: probe_therm_reset:Failed reading node=/soc/qcom,msm-thermal,
key=qcom,therm-reset-temp err=-22. KTM continues
[ 0.946361] msm_thermal:get_kernel_cluster_info CPU0 topology not initialized.
[ 0.953824] cpu cpu0: dev_pm_opp_get_opp_count: device OPP not found (-19)
[ 0.960300] msm_thermal:get_cpu_freq_plan_len Error reading CPU0 freq table len. error:-19
[ 0.968533] msm_thermal:vdd_restriction_reg_init Defer vdd rstr freq init.
[ 0.975846] cpu cpu0: dev_pm_opp_get_opp_count: device OPP not found (-19)
[ 0.982219] msm_thermal:get_cpu_freq_plan_len Error reading CPU0 freq table len. error:-19
[ 0.991378] cpu cpu0: dev_pm_opp_get_opp_count: device OPP not found (-19)
[ 0.997544] msm_thermal:get_cpu_freq_plan_len Error reading CPU0 freq table len. error:-19
[ 1.013642] qcom,gcc-mdm9607 1800000.qcom,gcc: Registered GCC clocks
[ 1.019451] clock-a7 b010008.qcom,clock-a7: Speed bin: 4 PVS Version: 0
[ 1.025693] a7ssmux: set OPP pair(400000000 Hz: 1 uV) on cpu0
[ 1.031314] a7ssmux: set OPP pair(1305600000 Hz: 7 uV) on cpu0
[ 1.038805] i2c-msm-v2 78b8000.i2c: probing driver i2c-msm-v2
[ 1.043587] AXI: msm_bus_scale_register_client(): msm_bus_scale_register_client: Bus driver not ready.
[ 1.052935] i2c-msm-v2 78b8000.i2c: msm_bus_scale_register_client(mstr-id:86):0 (not a problem)
[ 1.062006] irq: no irq domain found for /soc/wcd9xxx-irq !
[ 1.069884] i2c-msm-v2 78b7000.i2c: probing driver i2c-msm-v2
[ 1.074814] AXI: msm_bus_scale_register_client(): msm_bus_scale_register_client: Bus driver not ready.
[ 1.083716] i2c-msm-v2 78b7000.i2c: msm_bus_scale_register_client(mstr-id:86):0 (not a problem)
[ 1.093850] i2c-msm-v2 78b9000.i2c: probing driver i2c-msm-v2
[ 1.098889] AXI: msm_bus_scale_register_client(): msm_bus_scale_register_client: Bus driver not ready.
[ 1.107779] i2c-msm-v2 78b9000.i2c: msm_bus_scale_register_client(mstr-id:86):0 (not a problem)
[ 1.167871] KPI: Bootloader start count = 24097
[ 1.171364] KPI: Bootloader end count = 48481
[ 1.175855] KPI: Bootloader display count = 3884474147
[ 1.180825] KPI: Bootloader load kernel count = 16420
[ 1.185905] KPI: Kernel MPM timestamp = 105728
[ 1.190286] KPI: Kernel MPM Clock frequency = 32768
[ 1.195209] socinfo_print: v0.10, id=297, ver=1.0, raw_id=72, raw_ver=0, hw_plat=8, hw_plat_ver=65536
[ 1.195209] accessory_chip=0, hw_plat_subtype=0, pmic_model=65539, pmic_die_revision=131074 foundry_id=0 serial_number=2120983948
[ 1.216731] sdcard_ext_vreg: no parameters
[ 1.220555] rome_vreg: no parameters
[ 1.224133] emac_lan_vreg: no parameters
[ 1.228177] usbcore: registered new interface driver usbfs
[ 1.233156] usbcore: registered new interface driver hub
[ 1.238578] usbcore: registered new device driver usb
[ 1.244507] cpufreq: driver msm up and running
[ 1.248425] ION heap system created
[ 1.251895] msm_bus_fabric_init_driver
[ 1.262563] qcom,qpnp-power-on qpnp-power-on-c7303800: PMIC@SID0 Power-on reason: Triggered from PON1 (secondary PMIC) and 'cold' boot
[ 1.273747] qcom,qpnp-power-on qpnp-power-on-c7303800: PMIC@SID0: Power-off reason: Triggered from UVLO (Under Voltage Lock Out)
[ 1.285430] input: qpnp_pon as /devices/virtual/input/input0
[ 1.291246] PMIC@SID0: PM8019 v2.2 options: 3, 2, 2, 2
[ 1.296706] Advanced Linux Sound Architecture Driver Initialized.
[ 1.302493] Add group failed
[ 1.305291] cfg80211: Calling CRDA to update world regulatory domain
[ 1.311216] cfg80211: World regulatory domain updated:
[ 1.317109] Switched to clocksource arch_mem_counter
[ 1.334091] cfg80211: DFS Master region: unset
[ 1.337418] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[ 1.354087] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.361055] cfg80211: (2457000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.370545] NET: Registered protocol family 2
[ 1.374082] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.381851] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.389876] cfg80211: (5250000 KHz - 5330000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.397857] cfg80211: (5490000 KHz - 5710000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.405841] cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.413795] cfg80211: (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A)
[ 1.422355] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[ 1.428921] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[ 1.435192] TCP: Hash tables configured (established 1024 bind 1024)
[ 1.441528] TCP: reno registered
[ 1.444738] UDP hash table entries: 256 (order: 0, 4096 bytes)
[ 1.450521] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[ 1.456950] NET: Registered protocol family 1
[ 1.462779] futex hash table entries: 256 (order: -1, 3072 bytes)
[ 1.474555] msgmni has been set to 115
[ 1.478551] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251)
[ 1.485041] io scheduler noop registered
[ 1.488818] io scheduler deadline registered
[ 1.493200] io scheduler cfq registered (default)
[ 1.502142] msm_rpm_log_probe: OK
[ 1.506717] msm_serial_hs module loaded
[ 1.509803] msm_serial_hsl_probe: detected port #0 (ttyHSL0)
[ 1.515324] AXI: get_pdata(): Error: Client name not found
[ 1.520626] AXI: msm_bus_cl_get_pdata(): client has to provide missing entry for successful registration
[ 1.530171] msm_serial_hsl_probe: Bus scaling is disabled [ 1.074814] AXI: msm_bus_scale_register_client(): msm_bus_scale_register_client: Bus driver not ready.
[ 1.083716] i2c-msm-v2 78b7000.i2c: msm_bus_scale_register_client(mstr-id:86):0 (not a problem)
[ 1.093850] i2c-msm-v2 78b9000.i2c: probing driver i2c-msm-v2
[ 1.098889] AXI: msm_bus_scale_register_client(): msm_bus_scale_register_client: Bus driver not ready.
[ 1.107779] i2c-msm-v2 78b9000.i2c: msm_bus_scale_register_client(mstr-id:86):0 (not a problem)
[ 1.167871] KPI: Bootloader start count = 24097
[ 1.171364] KPI: Bootloader end count = 48481
[ 1.175855] KPI: Bootloader display count = 3884474147
[ 1.180825] KPI: Bootloader load kernel count = 16420
[ 1.185905] KPI: Kernel MPM timestamp = 105728
[ 1.190286] KPI: Kernel MPM Clock frequency = 32768
[ 1.195209] socinfo_print: v0.10, id=297, ver=1.0, raw_id=72, raw_ver=0, hw_plat=8, hw_plat_ver=65536
[ 1.195209] accessory_chip=0, hw_plat_subtype=0, pmic_model=65539, pmic_die_revision=131074 foundry_id=0 serial_number=2120983948
[ 1.216731] sdcard_ext_vreg: no parameters
[ 1.220555] rome_vreg: no parameters
[ 1.224133] emac_lan_vreg: no parameters
[ 1.228177] usbcore: registered new interface driver usbfs
[ 1.233156] usbcore: registered new interface driver hub
[ 1.238578] usbcore: registered new device driver usb
[ 1.244507] cpufreq: driver msm up and running
[ 1.248425] ION heap system created
[ 1.251895] msm_bus_fabric_init_driver
[ 1.262563] qcom,qpnp-power-on qpnp-power-on-c7303800: PMIC@SID0 Power-on reason: Triggered from PON1 (secondary PMIC) and 'cold' boot
[ 1.273747] qcom,qpnp-power-on qpnp-power-on-c7303800: PMIC@SID0: Power-off reason: Triggered from UVLO (Under Voltage Lock Out)
[ 1.285430] input: qpnp_pon as /devices/virtual/input/input0
[ 1.291246] PMIC@SID0: PM8019 v2.2 options: 3, 2, 2, 2
[ 1.296706] Advanced Linux Sound Architecture Driver Initialized.
[ 1.302493] Add group failed
[ 1.305291] cfg80211: Calling CRDA to update world regulatory domain
[ 1.311216] cfg80211: World regulatory domain updated:
[ 1.317109] Switched to clocksource arch_mem_counter
[ 1.334091] cfg80211: DFS Master region: unset
[ 1.337418] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[ 1.354087] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.361055] cfg80211: (2457000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.370545] NET: Registered protocol family 2
[ 1.374082] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.381851] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.389876] cfg80211: (5250000 KHz - 5330000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.397857] cfg80211: (5490000 KHz - 5710000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.405841] cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 1.413795] cfg80211: (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A)
[ 1.422355] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[ 1.428921] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[ 1.435192] TCP: Hash tables configured (established 1024 bind 1024)
[ 1.441528] TCP: reno registered
[ 1.444738] UDP hash table entries: 256 (order: 0, 4096 bytes)
[ 1.450521] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[ 1.456950] NET: Registered protocol family 1
[ 1.462779] futex hash table entries: 256 (order: -1, 3072 bytes)
[ 1.474555] msgmni has been set to 115
[ 1.478551] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251)
[ 1.485041] io scheduler noop registered
[ 1.488818] io scheduler deadline registered
[ 1.493200] io scheduler cfq registered (default)
[ 1.502142] msm_rpm_log_probe: OK
[ 1.506717] msm_serial_hs module loaded
[ 1.509803] msm_serial_hsl_probe: detected port #0 (ttyHSL0)
[ 1.515324] AXI: get_pdata(): Error: Client name not found
[ 1.520626] AXI: msm_bus_cl_get_pdata(): client has to provide missing entry for successful registration
[ 1.530171] msm_serial_hsl_probe: Bus scaling is disabled
[ 1.535696] 78b3000.serial: ttyHSL0 at MMIO 0x78b3000 (irq = 153, base_baud = 460800 [ 1.544155] msm_hsl_console_setup: console setup on port #0
[ 1.548727] console [ttyHSL0] enabled
[ 1.548727] console [ttyHSL0] enabled
[ 1.556014] bootconsole [uart0] disabled
[ 1.556014] bootconsole [uart0] disabled
[ 1.564212] msm_serial_hsl_init: driver initialized
[ 1.578450] brd: module loaded
[ 1.582920] loop: module loaded
[ 1.589183] sps: BAM device 0x07984000 is not registered yet.
[ 1.594234] sps:BAM 0x07984000 is registered.
[ 1.598072] msm_nand_bam_init: msm_nand_bam_init: BAM device registered: bam_handle 0xc69f6400
[ 1.607103] sps:BAM 0x07984000 (va:0xc89a0000) enabled: ver:0x18, number of pipes:7
[ 1.616588] msm_nand_parse_smem_ptable: Parsing partition table info from SMEM
[ 1.622805] msm_nand_parse_smem_ptable: SMEM partition table found: ver: 4 len: 17
[ 1.630391] msm_nand_version_check: nand_major:1, nand_minor:5, qpic_major:1, qpic_minor:5
[ 1.638642] msm_nand_scan: NAND Id: 0x1590aa98 Buswidth: 8Bits Density: 256 MByte
[ 1.646069] msm_nand_scan: pagesize: 2048 Erasesize: 131072 oobsize: 128 (in Bytes)
[ 1.653676] msm_nand_scan: BCH ECC: 8 Bit
[ 1.657710] msm_nand_scan: CFG0: 0x290408c0, CFG1: 0x0804715c
[ 1.657710] RAWCFG0: 0x2b8400c0, RAWCFG1: 0x0005055d
[ 1.657710] ECCBUFCFG: 0x00000203, ECCBCHCFG: 0x42040d10
[ 1.657710] RAWECCCFG: 0x42000d11, BAD BLOCK BYTE: 0x000001c5
[ 1.684101] Creating 17 MTD partitions on "7980000.nand":
[ 1.689447] 0x000000000000-0x000000140000 : "sbl"
[ 1.694867] 0x000000140000-0x000000280000 : "mibib"
[ 1.699560] 0x000000280000-0x000000e80000 : "efs2"
[ 1.704408] 0x000000e80000-0x000000f40000 : "tz"
[ 1.708934] 0x000000f40000-0x000000fa0000 : "rpm"
[ 1.713625] 0x000000fa0000-0x000001000000 : "aboot"
[ 1.718582] 0x000001000000-0x0000017e0000 : "boot"
[ 1.723281] 0x0000017e0000-0x000002820000 : "scrub"
[ 1.728174] 0x000002820000-0x000005020000 : "modem"
[ 1.732968] 0x000005020000-0x000005420000 : "rfbackup"
[ 1.738156] 0x000005420000-0x000005820000 : "oem"
[ 1.742770] 0x000005820000-0x000005f00000 : "recovery"
[ 1.747972] 0x000005f00000-0x000009100000 : "cache"
[ 1.752787] 0x000009100000-0x000009a40000 : "recoveryfs"
[ 1.758389] 0x000009a40000-0x00000aa40000 : "cdrom"
[ 1.762967] 0x00000aa40000-0x00000ba40000 : "jrdresource"
[ 1.768407] 0x00000ba40000-0x000010000000 : "system"
[ 1.773239] msm_nand_probe: NANDc phys addr 0x7980000, BAM phys addr 0x7984000, BAM IRQ 164
[ 1.781074] msm_nand_probe: Allocated DMA buffer at virt_addr 0xc7840000, phys_addr 0x87840000
[ 1.791872] PPP generic driver version 2.4.2
[ 1.801126] cnss_sdio 87a00000.qcom,cnss-sdio: CNSS SDIO Driver registered
[ 1.807554] msm_otg 78d9000.usb: msm_otg probe
[ 1.813333] msm_otg 78d9000.usb: OTG regs = c88f8000
[ 1.820702] gbridge_init: gbridge_init successs.
[ 1.826344] msm_otg 78d9000.usb: phy_reset: success
[ 1.830294] qcom,qpnp-rtc qpnp-rtc-c7307000: rtc core: registered qpnp_rtc as rtc0
[ 1.838474] i2c /dev entries driver
[ 1.842459] unable to find DT imem DLOAD mode node
[ 1.846588] unable to find DT imem EDLOAD mode node
[ 1.851332] unable to find DT imem dload-type node
[ 1.856921] bq24295-charger 4-006b: bq24295 probe enter
[ 1.861161] qcom,iterm-ma = 128
[ 1.864476] bq24295_otg_vreg: no parameters
[ 1.868502] charger_core_register: Charger Core Version 5.0.0(Built at 20151202-21:36)!
[ 1.877007] i2c-msm-v2 78b8000.i2c: msm_bus_scale_register_client(mstr-id:86):0x3 (ok)
[ 1.885559] bq24295-charger 4-006b: bq24295_set_bhot_mode 3
[ 1.890150] bq24295-charger 4-006b: power_good is 1,vbus_stat is 2
[ 1.896588] bq24295-charger 4-006b: bq24295_set_thermal_threshold 100
[ 1.902952] bq24295-charger 4-006b: bq24295_set_sys_min 3700
[ 1.908639] bq24295-charger 4-006b: bq24295_set_max_target_voltage 4150
[ 1.915223] bq24295-charger 4-006b: bq24295_set_recharge_threshold 300
[ 1.922119] bq24295-charger 4-006b: bq24295_set_terminal_current_limit iterm_disabled=0, iterm_ma=128
[ 1.930917] bq24295-charger 4-006b: bq24295_set_precharge_current_limit bdi->prech_cur=128
[ 1.940038] bq24295-charger 4-006b: bq24295_set_safty_timer 0
[ 1.945088] bq24295-charger 4-006b: bq24295_set_input_voltage_limit 4520
[ 1.972949] sdhci: Secure Digital Host Controller Interface driver
[ 1.978151] sdhci: Copyright(c) Pierre Ossman
[ 1.982441] sdhci-pltfm: SDHCI platform and OF driver helper
[ 1.989092] sdhci_msm 7824900.sdhci: sdhci_msm_probe: ICE device is not enabled
[ 1.995473] sdhci_msm 7824900.sdhci: No vreg data found for vdd
[ 2.001530] sdhci_msm 7824900.sdhci: sdhci_msm_pm_qos_parse_irq: error -22 reading irq cpu
[ 2.009809] sdhci_msm 7824900.sdhci: sdhci_msm_pm_qos_parse: PM QoS voting for IRQ will be disabled
[ 2.018600] sdhci_msm 7824900.sdhci: sdhci_msm_pm_qos_parse: PM QoS voting for cpu group will be disabled
[ 2.030541] sdhci_msm 7824900.sdhci: sdhci_msm_probe: sdiowakeup_irq = 353
[ 2.036867] sdhci_msm 7824900.sdhci: No vmmc regulator found
[ 2.042027] sdhci_msm 7824900.sdhci: No vqmmc regulator found
[ 2.048266] mmc0: SDHCI controller on 7824900.sdhci [7824900.sdhci] using 32-bit ADMA in legacy mode
[ 2.080401] Welcome to pca955x_probe!!
[ 2.084362] leds-pca955x 3-0020: leds-pca955x: Using pca9555 16-bit LED driver at slave address 0x20
[ 2.095400] sdhci_msm 7824900.sdhci: card claims to support voltages below defined range
[ 2.103125] i2c-msm-v2 78b7000.i2c: msm_bus_scale_register_client(mstr-id:86):0x5 (ok)
[ 2.114183] msm_otg 78d9000.usb: Avail curr from USB = 1500
[ 2.120251] come to USB_SDP_CHARGER!
[ 2.123215] Welcome to sn3199_probe!
[ 2.126718] leds-sn3199 5-0064: leds-sn3199: Using sn3199 9-bit LED driver at slave address 0x64
[ 2.136511] sn3199->led_en_gpio=21
[ 2.139143] i2c-msm-v2 78b9000.i2c: msm_bus_scale_register_client(mstr-id:86):0x6 (ok)
[ 2.150207] usbcore: registered new interface driver usbhid
[ 2.154864] usbhid: USB HID core driver
[ 2.159825] sps:BAM 0x078c4000 is registered.
[ 2.163573] bimc-bwmon 408000.qcom,cpu-bwmon: BW HWmon governor registered.
[ 2.171080] devfreq soc:qcom,cpubw: Couldn't update frequency transition information.
[ 2.178513] coresight-fuse a601c.fuse: QPDI fuse not specified
[ 2.184242] coresight-fuse a601c.fuse: Fuse initialized
[ 2.192407] coresight-csr 6001000.csr: CSR initialized
[ 2.197263] coresight-tmc 6026000.tmc: Byte Counter feature enabled
[ 2.203204] sps:BAM 0x06084000 is registered.
[ 2.207301] coresight-tmc 6026000.tmc: TMC initialized
[ 2.212681] coresight-tmc 6025000.tmc: TMC initialized
[ 2.220071] nidnt boot config: 0
[ 2.224563] mmc0: new ultra high speed SDR50 SDIO card at address 0001
[ 2.231120] coresight-tpiu 6020000.tpiu: NIDnT on SDCARD only mode
[ 2.236440] coresight-tpiu 6020000.tpiu: TPIU initialized
[ 2.242808] coresight-replicator 6024000.replicator: REPLICATOR initialized
[ 2.249372] coresight-stm 6002000.stm: STM initialized
[ 2.255034] coresight-hwevent 606c000.hwevent: Hardware Event driver initialized
[ 2.262312] Netfilter messages via NETLINK v0.30.
[ 2.266306] nf_conntrack version 0.5.0 (920 buckets, 3680 max)
[ 2.272312] ctnetlink v0.93: registering with nfnetlink.
[ 2.277565] ip_set: protocol 6
[ 2.280568] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 2.285723] arp_tables: (C) 2002 David S. Miller
[ 2.290146] TCP: cubic registered
[ 2.293915] NET: Registered protocol family 10
[ 2.298740] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 2.303407] sit: IPv6 over IPv4 tunneling driver
[ 2.308481] NET: Registered protocol family 17
[ 2.312340] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[ 2.325094] Bridge firewalling registered
[ 2.328930] Ebtables v2.0 registered
[ 2.333260] NET: Registered protocol family 27
[ 2.341362] battery_core_register: Battery Core Version 5.0.0(Built at 20151202-21:36)!
[ 2.348466] pmu_battery_probe: vbat_channel=21, tbat_channel=17
[ 2.420236] ubi0: attaching mtd16
[ 2.723941] ubi0: scanning is finished
[ 2.732997] ubi0: attached mtd16 (name "system", size 69 MiB)
[ 2.737783] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
[ 2.744601] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
[ 2.751333] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
[ 2.758540] ubi0: good PEBs: 556, bad PEBs: 2, corrupted PEBs: 0
[ 2.764305] ubi0: user volume: 3, internal volumes: 1, max. volumes count: 128
[ 2.771476] ubi0: max/mean erase counter: 192/64, WL threshold: 4096, image sequence number: 35657280
[ 2.780708] ubi0: available PEBs: 0, total reserved PEBs: 556, PEBs reserved for bad PEB handling: 38
[ 2.789921] ubi0: background thread "ubi_bgt0d" started, PID 96
[ 2.796395] android_bind cdev: 0xC6583E80, name: ci13xxx_msm
[ 2.801508] file system registered
[ 2.804974] mbim_init: initialize 1 instances
[ 2.809228] mbim_init: Initialized 1 ports
[ 2.815074] rndis_qc_init: initialize rndis QC instance
[ 2.819713] jrd device_desc.bcdDevice: [0x0242]
[ 2.823779] android_bind scheduled usb start work: name: ci13xxx_msm
[ 2.830230] android_usb gadget: android_usb ready
[ 2.834845] msm_hsusb msm_hsusb: [ci13xxx_start] hw_ep_max = 32
[ 2.840741] msm_hsusb msm_hsusb: CI13XXX_CONTROLLER_RESET_EVENT received
[ 2.847433] msm_hsusb msm_hsusb: CI13XXX_CONTROLLER_UDC_STARTED_EVENT received
[ 2.855851] input: gpio-keys as /devices/soc:gpio_keys/input/input1
[ 2.861452] qcom,qpnp-rtc qpnp-rtc-c7307000: setting system clock to 1970-01-01 06:36:41 UTC (23801)
[ 2.870315] open file error /usb_conf/usb_config.ini
[ 2.876412] jrd_usb_start_work open file erro /usb_conf/usb_config.ini, retry_count:0
[ 2.884324] parse_legacy_cluster_params(): Ignoring cluster params
[ 2.889468] ------------[ cut here ]------------
[ 2.894186] WARNING: CPU: 0 PID: 1 at /home/linux3/jrd/yanping.an/ee40/0810/MDM9607.LE.1.0-00130/apps_proc/oe-core/build/tmp-glibc/work-shared/mdm9607/kernel-source/drivers/cpuidle/lpm-levels-of.c:739 parse_cluster+0xb50/0xcb4()
[ 2.914366] Modules linked in:
[ 2.917339] CPU: 0 PID: 1 Comm: swapper Not tainted 3.18.20 #1
[ 2.923171] [<c00132ac>] (unwind_backtrace) from [<c0011460>] (show_stack+0x10/0x14)
[ 2.931092] [<c0011460>] (show_stack) from [<c001c6ac>] (warn_slowpath_common+0x68/0x88)
[ 2.939175] [<c001c6ac>] (warn_slowpath_common) from [<c001c75c>] (warn_slowpath_null+0x18/0x20)
[ 2.947895] [<c001c75c>] (warn_slowpath_null) from [<c034e180>] (parse_cluster+0xb50/0xcb4)
[ 2.956189] [<c034e180>] (parse_cluster) from [<c034b6b4>] (lpm_probe+0xc/0x1d4)
[ 2.963527] [<c034b6b4>] (lpm_probe) from [<c024857c>] (platform_drv_probe+0x30/0x7c)
[ 2.971380] [<c024857c>] (platform_drv_probe) from [<c0246d54>] (driver_probe_device+0xb8/0x1e8)
[ 2.980118] [<c0246d54>] (driver_probe_device) from [<c0246f30>] (__driver_attach+0x68/0x8c)
[ 2.988467] [<c0246f30>] (__driver_attach) from [<c02455d0>] (bus_for_each_dev+0x6c/0x90)
[ 2.996626] [<c02455d0>] (bus_for_each_dev) from [<c02465a4>] (bus_add_driver+0xe0/0x1c8)
[ 3.004786] [<c02465a4>] (bus_add_driver) from [<c02477bc>] (driver_register+0x9c/0xe0)
[ 3.012739] [<c02477bc>] (driver_register) from [<c080c3d8>] (lpm_levels_module_init+0x14/0x38)
[ 3.021459] [<c080c3d8>] (lpm_levels_module_init) from [<c0008980>] (do_one_initcall+0xf8/0x1a0)
[ 3.030217] [<c0008980>] (do_one_initcall) from [<c07e7d4c>] (kernel_init_freeable+0xf0/0x1b0)
[ 3.038818] [<c07e7d4c>] (kernel_init_freeable) from [<c0582d48>] (kernel_init+0x8/0xe4)
[ 3.046888] [<c0582d48>] (kernel_init) from [<c000dda0>] (ret_from_fork+0x14/0x34)
[ 3.054432] ---[ end trace e9ec50b1ec4c8f73 ]---
[ 3.059012] ------------[ cut here ]------------
[ 3.063604] WARNING: CPU: 0 PID: 1 at /home/linux3/jrd/yanping.an/ee40/0810/MDM9607.LE.1.0-00130/apps_proc/oe-core/build/tmp-glibc/work-shared/mdm9607/kernel-source/drivers/cpuidle/lpm-levels-of.c:739 parse_cluster+0xb50/0xcb4()
[ 3.083858] Modules linked in:
[ 3.086870] CPU: 0 PID: 1 Comm: swapper Tainted: G W 3.18.20 #1
[ 3.093814] [<c00132ac>] (unwind_backtrace) from [<c0011460>] (show_stack+0x10/0x14)
[ 3.101575] [<c0011460>] (show_stack) from [<c001c6ac>] (warn_slowpath_common+0x68/0x88)
[ 3.109641] [<c001c6ac>] (warn_slowpath_common) from [<c001c75c>] (warn_slowpath_null+0x18/0x20)
[ 3.118412] [<c001c75c>] (warn_slowpath_null) from [<c034e180>] (parse_cluster+0xb50/0xcb4)
[ 3.126745] [<c034e180>] (parse_cluster) from [<c034b6b4>] (lpm_probe+0xc/0x1d4)
[ 3.134126] [<c034b6b4>] (lpm_probe) from [<c024857c>] (platform_drv_probe+0x30/0x7c)
[ 3.141906] [<c024857c>] (platform_drv_probe) from [<c0246d54>] (driver_probe_device+0xb8/0x1e8)
[ 3.150702] [<c0246d54>] (driver_probe_device) from [<c0246f30>] (__driver_attach+0x68/0x8c)
[ 3.159120] [<c0246f30>] (__driver_attach) from [<c02455d0>] (bus_for_each_dev+0x6c/0x90)
[ 3.167285] [<c02455d0>] (bus_for_each_dev) from [<c02465a4>] (bus_add_driver+0xe0/0x1c8)
[ 3.175444] [<c02465a4>] (bus_add_driver) from [<c02477bc>] (driver_register+0x9c/0xe0)
[ 3.183398] [<c02477bc>] (driver_register) from [<c080c3d8>] (lpm_levels_module_init+0x14/0x38)
[ 3.192107] [<c080c3d8>] (lpm_levels_module_init) from [<c0008980>] (do_one_initcall+0xf8/0x1a0)
[ 3.200877] [<c0008980>] (do_one_initcall) from [<c07e7d4c>] (kernel_init_freeable+0xf0/0x1b0)
[ 3.209475] [<c07e7d4c>] (kernel_init_freeable) from [<c0582d48>] (kernel_init+0x8/0xe4)
[ 3.217542] [<c0582d48>] (kernel_init) from [<c000dda0>] (ret_from_fork+0x14/0x34)
[ 3.225090] ---[ end trace e9ec50b1ec4c8f74 ]---
[ 3.229667] /soc/qcom,lpm-levels/qcom,pm-cluster@0: No CPU phandle, assuming single cluster
[ 3.239954] qcom,cc-debug-mdm9607 1800000.qcom,debug: Registered Debug Mux successfully
[ 3.247619] emac_lan_vreg: disabling
[ 3.250507] mem_acc_corner: disabling
[ 3.254196] clock_late_init: Removing enables held for handed-off clocks
[ 3.262690] ALSA device list:
[ 3.264732] No soundcard [ 3.274083] UBIFS (ubi0:0): background thread "ubifs_bgt0_0" started, PID 102
[ 3.305224] UBIFS (ubi0:0): recovery needed
[ 3.466156] UBIFS (ubi0:0): recovery completed
[ 3.469627] UBIFS (ubi0:0): UBIFS: mounted UBI device 0, volume 0, name "rootfs"
[ 3.476987] UBIFS (ubi0:0): LEB size: 126976 bytes (124 KiB), min./max. I/O unit sizes: 2048 bytes/2048 bytes
[ 3.486876] UBIFS (ubi0:0): FS size: 45838336 bytes (43 MiB, 361 LEBs), journal size 9023488 bytes (8 MiB, 72 LEBs)
[ 3.497417] UBIFS (ubi0:0): reserved for root: 0 bytes (0 KiB)
[ 3.503078] UBIFS (ubi0:0): media format: w4/r0 (latest is w4/r0), UUID 4DBB2F12-34EB-43B6-839B-3BA930765BAE, small LPT model
[ 3.515582] VFS: Mounted root (ubifs filesystem) on device 0:12.
[ 3.520940] Freeing unused kernel memory: 276K (c07e7000 - c082c000)
INIT: version 2.88 booting
Review: Solutions and Other Problems, by Allie Brosh
Publisher:
Gallery Books
Copyright:
September 2020
ISBN:
1-9821-5694-5
Format:
Hardcover
Pages:
519
Solutions and Other Problems is the long-awaited second volume of
Allie Brosh's work, after the amazing Hyperbole and a Half. The first collection was a mix of original
material and pieces that first appeared on
her blog. This is all new
work, although one of the chapters is now on her blog as a teaser.
As with all of Brosh's previous work, Solutions and Other Problems
is mostly drawings (in her highly original, deceptively simple style) with
a bit of prose in between. It's a similar mix of childhood stories,
off-beat interpretations of day-to-day life, and deeper and more personal
topics. But this is not the same type of book as Hyperbole and a
Half, in a way that is hard to capture in a review.
When this book was postponed and then temporarily withdrawn, I suspected
that something had happened to Brosh. I was hoping that it was just the
chaos of her first book publication, but, sadly, no. We find out about
some of what happened in Solutions and Other Problems, in varying
amounts of detail, and it's heart-wrenching. That by itself gives the
book a more somber tone.
But, beyond that, I think Solutions and Other Problems represents a
shift in mood and intention. The closest I can come to it is to say that
Hyperbole and a Half felt like Brosh using her own experiences as a
way to tell funny stories, and this book feels like Brosh using funny
stories to talk about her experiences. There are still childhood hijinks
and animal stories mixed in, but even those felt more earnest, more sad,
and less assured or conclusive. This is in no way a flaw, to be clear;
just be aware that if you were expecting more work exactly like
Hyperbole and a Half, this volume is more challenging and a bit
more unsettling.
This does not mean Brosh's trademark humor is gone. Chapter seventeen,
"Loving-Kindness Exercise," is one of the funniest things I've ever read.
"Neighbor Kid" captures my typical experience of interacting with children
remarkably well. And there are, of course, more stories about
not-very-bright pets, including a memorable chapter ("The Kangaroo Pig
Gets Drunk") on just how baffling our lives must be to the animals around
us. But this book is more serious, even when there's humor and absurdity
layered on top, and anxiety felt like a constant companion.
As with her previous book, many of the chapters are stories from Brosh's
childhood. I have to admit this is not my favorite part of Brosh's work,
and the stories in this book in particular felt a bit less funny and
somewhat more uncomfortable and unsettling. This may be a very individual
reaction; you can judge your own in advance by reading "Richard," the
second chapter of the book, which Brosh
posted
to her blog. I think it's roughly typical of the childhood stories here.
The capstone of Hyperbole and a Half was Brosh's fantastic two-part
piece on depression, which succeeded in being hilarious and deeply
insightful at the same time. I think the capstone of Solutions and
Other Problems is the last chapter, "Friend," which is about being
friends with yourself. For me, it was a good encapsulation of both the
merits of this book and the difference in tone. It's less able to find
obvious humor in a psychological struggle, but it's just as empathetic and
insightful. The ending is more ambiguous and more conditional; the tone
is more wistful. It felt more personal and more raw, and therefore a bit
less generalized. Her piece on depression made me want to share it with
everyone I knew; this piece made me want to give Brosh a virtual hug and
tell her I'm glad she's alive and exists in the world. That about sums up
my reaction to this book.
I bought Solutions and Other Problems in hardcover because I think
this sort of graphic work benefits from high-quality printing, and I was
very happy with that decision. Gallery Books used heavy, glossy paper and
very clear printing. More of the text is outside of the graphic panels
than I remember from the previous book. I appreciated that; I thought it
made the stories much easier to read. My one quibble is that Brosh does
use fairly small lettering in some of the panels and the color choices and
the scrawl she uses for stylistic reasons sometimes made that text
difficult for me to read. In those few places, I would have appreciated
the magnifying capabilities of reading on a tablet.
I don't think this is as good as Hyperbole and a Half, but it is
still very good and very worth reading. It's harder reading, though, and
you'll need to brace yourself more than you did before. If you're new to
Brosh, start with Hyperbole and a Half, or with the blog, but if
you liked those, read this too.
Rating: 8 out of 10
Spheres of Influence is a direct sequel to
Grand Central Arena, which introduces
the world background and is also a much better book. There is a detailed
recap of the previous volume (thank you!) and a summary of things that
happened between the volumes (that was odd), so it's easy to refresh your
memory, but there's no point in reading this book if you've not read the
first one.
In this series, Spoor is explicitly writing a throw-back space adventure
inspired by E.E. "Doc" Smith and similar SF from the 1920s to the 1950s.
Grand Central Arena was the discovery and exploration story, which
in my opinion is where that literary tradition is at its strongest.
Spheres of Influence veers into a different and less appealing part
of that tradition: the moment when the intrepid space explorer is
challenged by the ignorant Powers That Be at home, who don't understand
the importance of anything that's happening.
Captain Ariane Austin and her crew made a stunning debut into the Arena,
successfully navigated its politics (mostly via sheer audacity and luck),
and achieved a tentatively strong position for humanity. However,
humanity had never intended them to play that role. There isn't much
government in Spoor's (almost entirely unexplained) anarcho-libertarian
future, but there is enough for political maneuvering and the appointment
of a more official ambassador to the Arena who isn't Ariane. But the
Arena has its own rules that care nothing about human politics, which
gives Ariane substantial leverage to try to prevent Earth politicians from
making a mess of things.
This plot could be worse. Unlike his source material, Spoor is not
entirely invested in authoritarian politics, and the plot
resolution is a bit friendlier to government oversight than one might
expect. (It's disturbing, though, that this oversight seems to consist
mostly of the military, and it's not clear how those people are selected.)
But the tradition of investing vast powers in single people of great moral
character is one of the less defensible tropes of early American SF, and
Spoor chooses to embrace it to an unfortunate degree. Clearing out all the
bureaucratic second-guessing to let the honorable person who has stumbled
across vast power make all the decisions is a type of simplistic politics
with a long, bad history in US fiction. The author can make it look like
a good idea by yanking hard on the scales; Ariane makes all the right
decisions because she's the heroine and therefore of course she does. I
was unsettled, in this year of 2021, by the book's apparent message that
her major failing is her unwillingness to consolidate her power.
This isn't the only problem I had with this book. Before we get to the
political maneuvering, the plot takes a substantial digression into the
Hyperion Project.
The Hyperion Project showed up in the first book as part of the backstory
of one of the characters. I'll omit the details to avoid spoilers, but in
the story it functioned as an excuse to model a character directly on
E.E. "Doc" Smith characters. The details never seemed that interesting,
but as background it was easy to read past, and the character in question
was still moderately enjoyable.
Unfortunately, the author was more invested in this bit of background than
I was. Spheres of Influence introduces four more characters from
the same project, including Wu Kong, a cliched mash-up of numerous
different Monkey King stories who becomes a major viewpoint character.
(The decision to focus on a westernized, exoticized version of a Chinese
character didn't seem that wise to me.) One problem is that Spoor clearly
thinks Wu Kong is a more interesting character than I do, but my biggest
complaint is that introducing these new characters was both unnecessary
and pulled the story away from the pieces I was interested in. I want to
read more about the Arena and its politics, alien technology, and awesome
vistas, not about some significantly less interesting historical human
project devoted to bringing fictional characters to life.
And that's the third problem with this book: not enough happens.
Grand Central Arena had a good half-dozen significant plot
developments set among some great sense-of-wonder exploration and alien
first contact. There are only two major plot events in Spheres of
Influence, both are dragged out with unnecessary description and
posturing, and neither show us much that's exciting or new. The
exploration of the Arena grinds nearly to a halt, postponing the one
offered bit of deep exploration for the third book. There are some
satisfying twists and turns in the bits of plot we do get, but nothing
that justifies nearly 600 pages.
This is not a very good book, and huge step down from the first book of
the series. In its defense, it still offers the sort of optimistic (and,
to be honest, simplistic) adventure that I was looking for after reading a
book full of depressing politics. It's hard not to enjoy the protagonists
taking audacious risks, revealing hidden talents, and winning surprising
victories. But I wanted the version with more exploration, more new
sights, less authoritarian and militaristic politics, and less insertion
of fictional characters.
Also, yes, we know that one of the characters is an E.E. "Doc" Smith
character. Please give the cliched Smith dialogue tics a rest. All of
the "check to nine decimal places" phrases are hard enough to handle in
Smith's short and fast-moving books. They're agonizing in a slow-moving
book three times as long.
Not recommended, although I'm still invested enough in the setting that
I'll probably read the third book when I'm feeling in the mood for some
feel-good adventure. It appears to have the plot developments I was
hoping would be in this one.
Followed by Challenges of the Deeps.
Rating: 5 out of 10
Here s my (sixteenth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 25th month of contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
This month was bat-shit crazy. Why? We ll come to it later, probably 15th of this month?
Anyway, besides being crazy, hectic, adventerous, and the first of 2021, this month I was super-insanely busy. With what? Hm, more about this later this month! ^_^
However, I still did some Debian stuff here and there. Here are the following things I worked on:
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my sixteenth month as a Debian LTS and seventh month as a Debian ELTS paid contributor.
I was assigned 26.00 hours for LTS and 36.75 hours for ELTS and worked on the following things:
(however, I worked extra for 9 hours for LTS and 9 hours for ELTS this month, which I intend to balance from the next month!)
LTS CVE Fixes and Announcements:
Issued DLA 2518-1, fixing CVE-2020-35492, for cairo.
For Debian 9 Stretch, these problems have been fixed in version 1.14.8-1+deb9u1.
Prepared DSA 4831-1, fixing CVE-2020-26298, for ruby-redcarpet.
For Debian 10 Buster, these problems have been fixed in version 3.4.0-4+deb10u1. The announcement was released by the Security Team.
This January, on 23rd and 24th, we had Mini DebConf India 2021 online.
I had a talk as well, titled, Why Point Releases are important and how you can help
prepare them?".
It was a fun and a very short talk, where I just list out the reasons and ways to help in
the preparation of point releases . I did some experimentation with this talk, figuring
out what works for the audience and what doesn t and where can I improve for the next time
I talk about this topic! \o/
You can listen to the talk here
and let me know if you have any feedback!
Anyway, the conference lasted for 2 days and I also did some volunteering (talk director,
talk miester) in Hindi and English, both! It was all so fun and new. Anyway, here s the picture we took:
In another exciting news, I got my first CVE assigned!!! \o/
No, it is not something that I found, it was discovered by Tavis Ormandy. I just assigned
this a CVE ID, CVE-2021-3181.
This is my first, so I am very excited about this! ^_^
Besides, there s something more that is in the pipelines. Can t talk about it now, shh. But
hopefully very sooooooon!
Other $things! \o/
This month was tiresome, with most of the time being spent on the Debian stuff, I did
very little work outside it, really. The issues and patches that I sent are:
Issue #700 for redcarpet, asking for a reproducer for CVE-2020-26298 and some additional patch related queries.
Issue #7 for in-parallel, asking them to not use relative paths for tests.
Issue #8 for in-parallel, reporting a test failure for the library.
Issue #2 for rake-ant, asking them to bump their dependencies to a newer version.
PR #3 for rake-ant, bumping the dependencies to a newer version, fixing the above issue, heh.
Issue #4 for rake-ant, requesting to drop git from their gemspec.
PR #5 for rake-ant, dropping git from gemspec, fixing the above issue, heh.
Issue #95 for WavPack, asking for a review of past security vulnerabilites wrt v4.70.0.
Reviewed PR #128 for ruby-openid, addressing the past regression with CVE fix merge.
Reviewed PR #63 for cocoapods-acknowledgements, updating redcarpet to v3.5.1, as a safety measure due to recently discovered vulnerability.
Issue #1331 for bottle, asking for relevant commits for CVE-2020-28473 and clarifying other things.
Issue #5 for em-redis, reporting test failures on IPv6-only build machines.
Issue #939 for eventmachine, reporting test failures for em-redis on IPv6-only build machines.
FTP master
This month I only accepted 8 packages and like last month rejected 0. Despite the holidays 293 packages got accepted.
Debian LTS
This was my seventy-eighth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.
This month my all in all workload has been 26h. During that time I did LTS uploads of:
[DLA 2489-1] minidlna security update for two CVEs
[DLA 2490-1] x11vnc security update for one CVE
[DLA 2501-1] influxdb security update for one CVE
[DLA 2511-1] highlight.js security update for one CVE
Unfortunately package slirp has the same version in Stretch and Buster. So I first had to upload slirp/1:1.0.17-11 to unstable, in order to be allowed to fix the CVE in Buster and to finally upload a new version to Stretch. Meanwhile the fix for Buster has been approved by the Release Team and I am waiting for the next point release now.
I also prepared a debdiff for influxdb, which will result in DSA-4823-1 in January.
As there appeared new CVEs for openjpeg2, I did not do an upload yet. This is planned for January now.
Last but not least I did some days of frontdesk duties.
Debian ELTS
This month was the thirtieth ELTS month.
During my allocated time I uploaded:
ELA-341-1 for highlight.js
As well as for LTS, I did not finish work on all CVEs of openjpeg2, so the upload is postponed to January.
Last but not least I did some days of frontdesk duties.
Unfortunately I also had to give back some hours.
Other stuff
This month I uploaded new upstream versions of:
With these uploads I finished the libosmocom- and libctl-transitions.
The Debian Med Advent Calendar was again really successful this year. There was no new record, but with 109, the second most number of bugs has been closed.
year
number of bugs closed
2011
63
2012
28
2013
73
2014
5
2015
150
2016
95
2017
105
2018
81
2019
104
2020
109
Well done everybody who participated. It is really nice to see that Andreas is no longer a lone wolf.
Note: this is another article in my series on asynchronous communication in Linux with UUCP and NNCP.
In my previous post, I introduced a way to use ZFS backups over NNCP. In this post, I ll expand on that and also explore non-ZFS backups.
Use of nncp-file instead of nncp-exec
The previous example used nncp-exec (like UUCP s uux), which lets you pipe stdin in, then queues up a request to run a given command with that input on a remote. I discussed that NNCP doesn t guarantee order of execution, but that for the ZFS use case, that was fine since zfs receive would just fail (causing NNCP to try again later).
At present, nncp-exec stores the data piped to it in RAM before generating the outbound packet (the author plans to fix this shortly). That made it unusable for some of my backups, so I set it up another way: with nncp-file, the tool to transfer files to a remote machine. A cron job then picks them up and processes them.
On the machine being backed up, we have to find a way to encode the dataset to be received. I chose to do that as part of the filename, so the updated simplesnap-queue could look like this:
#!/bin/bash
set -e
set -o pipefail
DEST=" echo $1 sed 's,^tank/simplesnap/,,' "
FILE="bakfsfmt2- date "+%s.%N".$$ _ echo "$DEST" sed 's,/,@,g' "
echo "Processing $DEST to $FILE" >&2
# stdin piped to this
zstd -8 - \
gpg --compress-algo none --cipher-algo AES256 -e -r 012345... \
su nncp -c "/usr/local/nncp/bin/nncp-file -nice B -noprogress - 'backupsvr:$FILE'" >&2
echo "Queued $DEST to $FILE" >&2
I ve added compression and encryption here as well; more on that below.
On the backup server, we would define a different incoming directory for each node in nncp.hjson. For instance:
I ll present the scanning script in a bit.
Offsite Backup Rotation
Most of the time, you don t want just a single drive to store the backups. You d like to have a set. At minimum, one wouldn t be plugged in so lightning wouldn t ruin all your backups. But maybe you d store a second drive at some other location you have access to (friend s house, bank box, etc.)
There are several ways you could solve this:
If the remote machine is at a location with network access and you trust its physical security (remember that although it will store data encrypted at rest and will transport it encrypted, it will in most cases handle un-encrypted data during processing), you could of course send NNCP packets to it over the network at the same time you send them to your local backup system.
Alternatively, if the remote location doesn t have network access or you want to keep it airgapped, you could transport the NNCP packets by USB drive to the remote end.
Or, if you don t want to have any kind of processing capability remotely probably a wise move you could rotate the hard drives themselves, keeping one plugged in locally and unplugging the other to take it offsite.
The third option can be helped with NNCP, too. One way is to create separate NNCP installations for each of the drives that you store data on. Then, whenever one is plugged in, the appropriate NNCP config will be loaded and appropriate packets received and processed. The neighbor machine the spooler would just store up packets for the offsite drive until it comes back onsite (or, perhaps, your airgapped USB transport would do this). Then when it s back onsite, all the queued up ZFS sends get replayed and the backups replicated.
Now, how might you handle this with NNCP?
The simple way would be to have each system generating backups send them to two destinations. For instance:
You could probably also more safely use pee(1) (from moreutils) to do this.
This has an unfortunate result of doubling the network traffic from every machine being backed up. So an alternative option would be to queue the packets to the spooling machine, and run a distribution script from it; something like this, in part:
INCOMINGDIR="/var/local/nncp-bakfs-incoming"
LOCKFILE="$INCOMINGDIR/.lock"
printf -v EVAL_SAFE_LOCKFILE '%q' "$LOCKFILE"
if dotlockfile -r 0 -l -p "$ LOCKFILE "; then
logit "Lock obtained at $ LOCKFILE with dotlockfile"
trap 'ECODE=$?; dotlockfile -u '"$ EVAL_SAFE_LOCKFILE "'; exit $ECODE' EXIT INT TERM
else
logit "Could not obtain lock at $LOCKFILE; $0 likely already running."
exit 0
fi
logit "Scanning queue directory..."
cd "$INCOMINGDIR"
for HOST in *; do
cd "$INCOMINGDIR/$HOST"
for FILE in bakfsfmt2-*; do
if [ -f "$FILE" ]; then
for BAKFS in backupdisk1 backupdisk2; do
runcommand nncp-file -nice B+5 -noprogress "$FILE" "$BAKFS:$HOST/$FILE"
done
runcommand rm "$FILE"
else
logit "$HOST: Skipping $FILE since it doesn't exist"
fi
done
done
logit "Scan complete."
Security Considerations
You ll notice that in my example above, the encryption happens as the root user, but nncp is called under su. This means that even if there is a vulnerability in NNCP, the data would still be protected by GPG. I ll also note here that many sites run ssh as root unnecessarily; the same principles should apply there. (ssh has had vulnerabilities in the past as well). I could have used gpg s built-in compression, but zstd is faster and better, so we can get good performance by using fast compression and piping that to an algorithm that can use hardware acceleration for encryption.
I strongly encourage considering transport, whether ssh or NNCP or UUCP, to be untrusted. Don t run it as root if you can avoid it. In my example, the nncp user, which all NNCP commands are run as, has no access to the backup data at all. So even if NNCP were compromised, my backup data wouldn t be. For even more security, I could also sign the backup stream with gpg and validate that on the receiving end.
I should note, however, that this conversation assumes that a network- or USB-facing ssh or NNCP is more likely to have an exploitable vulnerability than is gpg (which here is just processing a stream). This is probably a safe assumption in general. If you believe gpg is more likely to have an exploitable vulnerability than ssh or NNCP, then obviously you wouldn t take this particular approach.
On the zfs side, the use of -F with zfs receive is avoided; this could lead to a compromised backed-up machine generating a malicious rollback on the destination. Backup zpools should be imported with -R or -N to ensure that a malicious mountpoint property couldn t be used to cause an attack. I choose to use zfs receive -u -o readonly=on which is compatible with both unmounted backup datasets and zpools imported with -R (or both). To access the data in a backup dataset, you would normally clone it and access it there.
The processing script
So, put this all together and look at an example of a processing script that would run from cron as root and process the incoming ZFS data.
#!/bin/bash
set -e
set -o pipefail
# Log a message
logit ()
logger -p info -t " basename "$0" [$$]" "$1"
# Log an error message
logerror ()
logger -p err -t " basename "$0" [$$]" "$1"
# Log stdin with the given code. Used normally to log stderr.
logstdin ()
logger -p info -t " basename "$0" [$$/$1]"
# Run command, logging stderr and exit code
runcommand ()
logit "Running $*"
if "$@" 2> >(logstdin "$1") ; then
logit "$1 exited successfully"
return 0
else
RETVAL="$?"
logerror "$1 exited with error $RETVAL"
return "$RETVAL"
fi
STORE=backups/simplesnap
INCOMINGDIR=/backups/nncp/incoming
if ! [ -d "$INCOMINGDIR" ]; then
logerror "$INCOMINGDIR doesn't exist"
exit 0
fi
LOCKFILE="/backups/nncp/.nncp-backups-zfs-scan.lock"
printf -v EVAL_SAFE_LOCKFILE '%q' "$LOCKFILE"
if dotlockfile -r 0 -l -p "$ LOCKFILE "; then
logit "Lock obtained at $ LOCKFILE with dotlockfile"
trap 'ECODE=$?; dotlockfile -u '"$ EVAL_SAFE_LOCKFILE "'; exit $ECODE' EXIT INT TERM
else
logit "Could not obtain lock at $LOCKFILE; $0 likely already running."
exit 0
fi
EXITCODE=0
cd "$INCOMINGDIR"
logit "Scanning queue directory..."
for HOST in *; do
HOSTPATH="$INCOMINGDIR/$HOST"
# files like backupsfmt2-134.13134_dest
for FILE in "$HOSTPATH"/backupsfmt2-[0-9]*_?*; do
if [ ! -f "$FILE" ]; then
logit "Skipping non-existent $FILE"
continue
fi
# Now, $DEST will be HOST/DEST. Strip off the @ also.
DEST=" echo "$FILE" sed -e 's/^.*backupsfmt2[^_]*_//' -e 's,@,/,g' "
if [ -z "$DEST" ]; then
logerror "Malformed dest in $FILE"
continue
fi
HOST2=" echo "$DEST" sed 's,/.*,,g' "
if [ -z "$HOST2" ]; then
logerror "Malformed DEST $DEST in $FILE"
continue
fi
if [ ! "$HOST" = "$HOST2" ]; then
logerror "$DIR: $HOST doesn't match $HOST2"
continue
fi
logit "Processing $FILE to $STORE/$DEST"
if runcommand gpg -q -d < "$FILE" runcommand zstdcat runcommand zfs receive -u -o readonly=on "$STORE/$DEST"; then
logit "Successfully processed $FILE to $STORE/$DEST"
runcommand rm "$FILE"
else
logerror "FAILED to process $FILE to $STORE/$DEST"
EXITCODE=15
fi
Applying These Ideas to Non-ZFS Backups
ZFS backups made our job easier in a lot of ways:
ZFS can calculate a diff based on an efficiently-stored previous local state (snapshot or bookmark), rather than a comparison to a remote state (rsync)
ZFS "incremental" sends, while less efficient than rsync, are reasonably efficient, sending only changed blocks
ZFS receive detects and enforces that the incremental source on the local machine must match the incremental source of the original stream, enforcing ordering
Datasets using ZFS encryption can be sent in their encrypted state
Incrementals can be done without a full scan of the filesystem
Some of these benefits you just won't get without ZFS (or something similar like btrfs), but let's see how we could apply these ideas to non-ZFS backups. I will explore the implementation of them in a future post.
When I say "non ZFS", I am being a bit vague as to whether the source, the destination, or both systems are running a non-ZFS filesystem. In general I'll assume that neither are ZFS.
The first and most obvious answer is to just tar up the whole system and send that every day. This is, of course, only suitable for small datasets on a fast network. These tarballs could be unpacked on the destination and stored more efficiently via any number of methods (hardlink trees, a block-level deduplicator like borg or rdedup, or even just simply compressed tarballs).
To make the network trip more efficient, something like rdiff or xdelta could be used. A signature file could be stored on the machine being backed up (generated via tee/pee at stream time), and the next run could simply send an rdiff delta over NNCP. This would be quite network-efficient, but still would require reading every byte of every file on every backup, and would also require quite a bit of temporary space on the receiving end (to apply the delta to the previous tarball and generate a new one).
Alternatively, a program that generates incremental backup files such as rdup could be used. These could be transmitted over NNCP to the backup server, and unpacked there. While perhaps less efficient on the network -- every file with at least one modified byte would be retransmitted in its entirety -- it avoids the need to read every byte of unmodified files or to have enormous temporary space. I should note here that GNU tar claims to have an incremental mode, but it has a potential data loss bug.
There are also some tools with algorithms that may apply well in this use care: syrep and fssync being the two most prominent examples, though rdedup (mentioned above) and the nascent asuran project may also be combinable with other tools to achieve this effect.
I should, of course, conclude this section by mentioning btrfs. Every time I've tried it, I've run into serious bugs, and its status page indicates that only some of them have been resolved. I would not consider using it for something as important as backups. However, if you are comfortable with it, it is likely to be able to run in more constrained environments than ZFS and could probably be processed in much the same way as zfs streams.
Here s my (fifteenth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 24th month of contributing to Debian.
I became a DM in late March last year and a DD last Christmas! \o/
Amongs a lot of things, this was month was crazy, hectic, adventerous, and the last of 2020 more on some parts later this month.
I finally finished my 7th semester (FTW!) and moved onto my last one! That said, I had been busy with other things but still did a bunch of Debian stuff
Here are the following things I did this month:
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my fifteenth month as a Debian LTS and sixth month as a Debian ELTS paid contributor.
I was assigned 26.00 hours for LTS and 38.25 hours for ELTS and worked on the following things:
LTS CVE Fixes and Announcements:
Issued DLA 2474-1, fixing CVE-2020-28928, for musl.
For Debian 9 Stretch, these problems have been fixed in version 1.1.16-3+deb9u1.
Issued DLA 2484-1, fixing #969126, for python-certbot.
For Debian 9 Stretch, these problems have been fixed in version 0.28.0-1~deb9u3.
Issued DLA 2487-1, fixing CVE-2020-27350, for apt.
For Debian 9 Stretch, these problems have been fixed in version 1.4.11. The update was prepared by the maintainer, Julian.
Issued DLA 2488-1, fixing CVE-2020-27351, for python-apt.
For Debian 9 Stretch, these problems have been fixed in version 1.4.2. The update was prepared by the maintainer, Julian.
Issued DLA 2495-1, fixing CVE-2020-17527, for tomcat8.
For Debian 9 Stretch, these problems have been fixed in version 8.5.54-0+deb9u5.
Issued DLA 2488-2, for python-apt.
For Debian 9 Stretch, these problems have been fixed in version 1.4.3. The update was prepared by the maintainer, Julian.
Issued DLA 2508-1, fixing CVE-2020-35730, for roundcube.
For Debian 9 Stretch, these problems have been fixed in version 1.2.3+dfsg.1-4+deb9u8. The update was prepared by the maintainer, Guilhem.
ELTS CVE Fixes and Announcements:
Issued ELA 324-1, fixing CVE-2020-28928, for musl.
For Debian 8 Jessie, these problems have been fixed in version 1.1.5-2+deb8u2.
Issued ELA 325-1, fixing CVE-2020-28896, for mutt.
For Debian 8 Jessie, these problems have been fixed in version 1.5.23-3+deb8u4.
Marked CVE-2020-17527/tomcat8 as not-affected for jessie.
Marked CVE-2020-28052/bountycastle as not-affected for jessie.
Marked CVE-2020-14394/qemu as postponed for jessie.
Marked CVE-2020-35738/wavpack as not-affected for jessie.
Marked CVE-2020-3550 3-6 /qemu as postponed for jessie.
Marked CVE-2020-3550 3-6 /qemu as postponed for stretch.
Marked CVE-2020-16093/lemonldap-ng as no-dsa for stretch.
Marked CVE-2020-27837/gdm3 as no-dsa for stretch.
Marked CVE-2020- 13987, 13988, 17437 /open-iscsi as no-dsa for stretch.
Marked CVE-2020-35450/gobby as no-dsa for stretch.
Marked CVE-2020-35728/jackson-databind as no-dsa for stretch.
Marked CVE-2020-28935/nsd as no-dsa for stretch.
Auto EOL ed libpam-tacplus, open-iscsi, wireshark, gdm3, golang-go.crypto, jackson-databind, spotweb, python-autobahn, asterisk, nsd, ruby-nokogiri, linux, and motion for jessie.
Bugs and Patches
Well, I did report some bugs and issues and also sent some patches:
Issue #44 for github-activity-readme, asking for a feature request to set custom committer s email address.
Issue #711 for git2go, reporting build failure for the library.
PR #89 for rubocop-rails_config, bumping RuboCop::Packaging to v0.5.
Issue #36 for rubocop-packaging, asking to try out mutant :)
PR #212 for cucumber-ruby-core, bumping RuboCop::Packaging to v0.5.
PR #213 for cucumber-ruby-core, enabling RuboCop::Packaging.
Issue #19 for behance, asking to relax constraints on faraday and faraday_middleware.
PR #37 for rubocop-packaging, enabling tests against ruby3.0! \o/
PR #489 for cucumber-rails, bumping RuboCop::Packaging to v0.5.
Issue #362 for nheko, reporting a crash when opening the application.
PR #1282 for paper_trail, adding RuboCop::Packaging amongst other used extensions.
Bug #978640 for nheko Debian package, reporting a crash, as a result of libfmt7 regression.
Misc and Fun
Besides squashing bugs and submitting patches, I did some other things as well!
Participated in my first Advent of Code event! :)
Whilst it was indeed fun, I didn t really complete it. No reason, really. But I ll definitely come back stronger next year, heh! :)
All the solutions thus far could be found here.
Did a couple of reviews for some PRs and triaged some bugs here and there, meh.
Also did some cloud debugging, not so fun if you ask me, but cool enough to make me want to do it again! ^_^
Worked along with pollo, zigo, ehashman, rlb, et al for puppet and puppetserver in Debian. OMG, they re so lovely! <3
Ordered some interesting books to read January onward. New year resolution? Meh, not really. Or maybe. But nah.
Also did some interesting stuff this month but can t really talk about it now. Hopefully sooooon.
In my previous articles in the series on asynchronous communication with the modern NNCP tool, I talked about its use for asynchronous, potentially airgapped, backups. The first article, How & Why To Use Airgapped Backups laid out the foundations for this. Now let s dig into the details.
Today s post will cover ZFS, because it has a lot of features that make it very easy to support in this setup. Non-ZFS backups will be covered later.
The setup is actually about as simple as it is for SSH, but since people are less familiar with this kind of communication, I m going to try to go into more detail here.
Assumptions
I am assuming a setup where:
The machines being backed up run ZFS
The disk(s) that hold the backups are also running ZFS
zfs send / receive is desired as an efficient way to transport the backups
The machine that holds the backups may have no network connection whatsoever
Backups will be sent encrypted over some sort of network to a spooling machine, which temporarily holds them until they are transported to the destination backup system and ingested there. This system will be unable to decrypt the data streams it temporarily stores.
Hardware
Let s start with hardware for the machine to hold the backups. I initially considered a Raspberry Pi 4 with 8GB of RAM. That would probably have been a suitable machine, at least for smaller backup sets. However, none of the Raspberry Pi machines support hardware AES encryption acceleration, and my Pi4 benchmarks as about 60MB/s for AES encryption. I want my backups to be encrypted, and decided this would just be too slow for my purposes. Again, if you don t need encrypted backups or don t care that much about performance may people probably fall into this category you can have a fully-functional Raspberry Pi 4 system for under $100 that would make a fantastic backup server.
I wound up purchasing a Qotom-Q355G4 micro PC with a Core i5 for about $315. It has USB 3 ports and is designed as a rugged, long-lasting system. I have been using one of their older Celeron-based models as my router/firewall for a number of years now and it s been quite reliable.
For backup storage, you can get a USB 3 external drive. My own preference is to get a USB 3 toaster (device that lets me plug in SATA drives) so that I have more control over the underlying medium and can save the expense and hassle of a bunch of power supplies. In a future post, I will discuss drive rotation so you always have an offline drive.
Then, there is the question of transport to the backup machine. A simple solution would be to have a heavily-firewalled backup system that has no incoming ports open but makes occasional outgoing connections to one specific NNCP daemon on the spooling machine. However, for airgapped operation, it would also be very simple to use nncp-xfer to transport the data across on a USB stick or some such. You could set up automounting for a specific USB stick plug it in, all the spooled data is moved over, then plug it in to the backup system and it s processed, and any outbound email traffic or whatever is copied to the USB stick at that point too. The NNCP page has some more commentary about this kind of setup.
Both are fairly easy to set up, and NNCP is designed to be transport-agnostic, so in this article I m going to focus on how to integrate ZFS with NNCP.
Operating System
Of course, it should be no surprise that I set this up on Debian.
As an added step, I did all the configuration in Ansible stored in a local git repo. This adds a lot of work, but it means that it is trivial to periodically wipe and reinstall if any security issue is suspected. The git repo can be copied off to another system for storage and takes the system from freshly-installed to ready-to-use state.
Security
There is, of course, nothing preventing you from running NNCP as root. The zfs commands, obviously, need to be run as root. However, from a privilege separation standpoint, I have chosen to run everything relating to NNCP as a nncp user. NNCP already does encryption, but if you prefer to have zero knowledge of the data even to NNCP, it s trivial to add gpg to the pipeline as well, and in fact I ll be demonstrating that in a future post for other reasons.
Software
Besides NNCP, there needs to be a system that generates the zfs send streams. For this project, I looked at quite a few. Most were designed to inspect the list of snapshots on a remote end, compare it to a list on the local end, and calculate a difference from there. This, of course, won t work for this situation.
I realized my own simplesnap project was very close to being able to do this. It already used an algorithm of using specially-named snapshots on the machine being backed up, so never needed any communication about what snapshots were present where. All it needed was a few more options to permit sending to a stream instead of zfs receive. I made those changes and they are available in simplesnap 2.0.0 or above. That version has also been uploaded to sid, and will work fine as-is on buster as well.
Preparing NNCP
I m going to assume three hosts in this setup:
laptop is the machine being backed up. Of course, you may have quite a few of these.
spooler holds the backup data until the backup system picks it up
backupsvr holds the backups
The basic NNCP workflow documentation covers the basic steps. You ll need to run nncp-cfgnew on each machine. This generates a basic configuration, along with public and private keys for that machine. You ll copy the public key sets to the configurations of the other machines as usual. On the laptop, you ll add a via line like this:
This tells NNCP that data destined for backupsvr should always be sent via spooler first.
You can then arrange for the nncp-daemon to run on the spooler, and nncp-caller or nncp-call on the backupsvr. Or, alternatively, airgapped between the two with nncp-xfer.
Generating Backup Data
Now, on the laptop, install simplesnap (2.0.0 or above). Although you won t be backing up to the local system, simplesnap still maintains a hostlock in ZFS. Prepate a dataset for it:
zfs create tank/simplesnap
zfs set org.complete.simplesnap:exclude=on tank/simplesnap
Then, create a script /usr/local/bin/runsimplesnap like this:
#!/bin/bash
set -e
simplesnap --store tank/simplesnap --setname backups --local --host hostname \
--receivecmd /usr/local/bin/simplesnap-queue \
--noreap
su nncp -c '/usr/local/nncp/bin/nncp-toss -noprogress -quiet'
if ip addr grep -q 192.168.65.64; then
su nncp -c '/usr/local/nncp/bin/nncp-call -noprogress -quiet -onlinedeadline 1 spooler'
fi
The call to simplesnap sets it up to send the data to simplesnap-queue, which we ll create in a moment. The receivmd, plus noreap, sets it up to run without ZFS on the local system.
The call to nncp-toss will process any previously-received inbound NNCP packets, if there are any. Then, in this example, we do a very basic check to see if we re on the LAN (checking 192.168.65.64), and if so, will establish a connection to the spooler to transmit the data. If course, you could also do this over the Internet, with tor, or whatever, but in my case, I don t want to automatically do this in case I m tethered to mobile. I figure if I want to send backups in that case, I can fire up nncp-call myself. You can also use nncp-caller to set up automated connections on other schedules; there are a lot of options.
Now, here s what /usr/local/bin/simplesnap-queue looks like:
#!/bin/bash
set -e
set -o pipefail
DEST=" echo $1 sed 's,^tank/simplesnap/,,' "
echo "Processing $DEST" >&2
# stdin piped to this
su nncp -c "/usr/local/nncp/bin/nncp-exec -nice B -noprogress backupsvr zfsreceive '$DEST'" >&2
echo "Queued for $DEST" >&2
This is a pretty simple script. simplesnap will call it with a path based on the store, with the hostname after; so, for instance, tank/simplesnap/laptop/root or some such. This script strips off the leading tank/simplesnap (which is a local fragment), leaving the host and dataset paths. Then it just pipes it to nncp-exec. -nice B classifies it as low-priority bulk data (so if you have some more important interactive data, it would be sent first), then passes it to whatever the backupsvr defines as zfsreceive.
Receiving ZFS backups
In the NNCP configuration on the recipient s side, in the laptop section, we define what command it s allowed to run as zfsreceive:
The NNCP_SENDER is the public key ID of the sending node when nncp-toss processes the incoming data. We can use that for sanity checking later.
Now, here s a basic nncp-zfs-receive script:
#!/bin/bash
set -e
set -o pipefail
STORE=backups/simplesnap
DEST="$1"
# now process stdin
runcommand zfs receive -o readonly=on -x mountpoint "$STORE/$DEST"
And there you have it all the basics are in place.
Update 2020-12-30: An earlier version of this article had zfs receive -F instead of zfs receive -o readonly=on -x mountpoint . These changed arguments are more robust.
Update 2021-01-04: I am now recommending zfs receive -u -o readonly=on ; see my successor article for more.
Enhancements
You could enhance the nncp-zfs-receive script to improve logging and error handling. For instance:
#!/bin/bash
set -e
set -o pipefail
STORE=backups/simplesnap
# $1 will be the host/dataset
DEST="$1"
HOST=" echo "$1" sed 's,/.*,,g' "
if [ -z "$HOST" ]; then
echo "Malformed command line"
exit 5
fi
# Log a message
logit ()
logger -p info -t " basename "$0" [$$]" "$1"
# Log an error message
logerror ()
logger -p err -t " basename "$0" [$$]" "$1"
# Log stdin with the given code. Used normally to log stderr.
logstdin ()
logger -p info -t " basename "$0" [$$/$1]"
# Run command, logging stderr and exit code
runcommand ()
logit "Running $*"
if "$@" 2> >(logstdin "$1") ; then
logit "$1 exited successfully"
return 0
else
RETVAL="$?"
logerror "$1 exited with error $RETVAL"
return "$RETVAL"
fi
exiterror ()
logerror "$1"
echo "$1" 1>&2
exit 10
# Sanity check
if [ "$HOST" = "laptop" ]; then
if [ "$NNCP_SENDER" != "12345678" ]; then
exiterror "Host $HOST doesn't match sender $NNCP_SENDER"
fi
else
exiterror "Unknown host $HOST"
fi
runcommand zfs receive -F "$STORE/$DEST"
Now you ll capture the ZFS receive output in syslog in a friendly way, so you can look back later why things failed if they did.
Further notes on NNCP
nncp-toss will examine the exit code from an invocation. If it is nonzero, it will keep the command (and associated stdin) in the queue and retry it on the next invocation. NNCP does not guarantee order of execution, so it is possible in some cases that ZFS streams may be received in the wrong order. That is fine here; zfs receive will exit with an error, and nncp-toss will just run it again after the dependent snapshots have been received. For non-ZFS backups, a simple sequence number can handle this issue.
The Hetzner server that hosts my blog among other things has 2*256G SSDs for the root filesystem. The smartctl and smartd programs report both SSDs as in FAILING_NOW state for the Wear_Leveling_Count attribute. I don t have a lot of faith in SMART. I run it because it would be stupid not to consider data about possible drive problems, but don t feel obliged to immediately replace disks with SMART errors when not convenient (if I ordered a new server and got those results I would demand replacement before going live).
Doing any sort of SMART scan will cause service outage. Replacing devices means 2 outages, 1 for each device.
I noticed the SMART errors 2 weeks ago, so I guess that the SMART claims that both of the drives are likely to fail within 24 hours have been disproved. The system is running BTRFS so I know there aren t any unseen data corruption issues and it uses BTRFS RAID-1 so if one disk has an unreadable sector that won t cause data loss.
Currently Hetzner Server Bidding has ridiculous offerings for systems with SSD storage. Search for a server with 16G of RAM and SSD storage and the minimum prices are only 2E cheaper than a new server with 64G of RAM and 2*512G NVMe. In the past Server Bidding has had servers with specs not much smaller than the newest systems going for rates well below the costs of the newer systems. The current Hetzner server is under a contract from Server Bidding which is significantly cheaper than the current Server Bidding offerings, so financially it wouldn t be a good plan to replace the server now.
Monitoring
I have just released a new version of etbe-mon [1] which has a new monitor for SMART data (smartctl). It also has a change to the sslcert check to search all IPv6 and IPv4 addresses for each hostname, makes freespace check look for filesystem mountpoint, and makes the smtpswaks check use latest swaks command-line.
For the new smartctl check there is an option to treat Marginal alert status from smartctl as errors and there is an option to name attributes that will be treated as marginal even if smartctl thinks they are significant. So now I have my monitoring system checking the SMART data on the servers of mine which have real hard drives (not VMs) and aren t using RAID hardware that obscures such things. Also it s not alerting me about the Wear_Leveling_Count on that particular Hetzner server.
I have an Asustor (Nimbuster 4 / AS5304T) NAS at home, which allows me to perform regular backups. Unfortunately, I couldn't manage to find a way to configure remote backups from the NAS to rsync.net using the "Remote Sync" option of the "Backup & Restore" app provided in the ADM OS of the Asustor NAS.
I'm used to using rsync -e ssh commands and would have expected some such configuration to be possible... it may just be some UI issue, but I couldn't find how to add one for rsync.net.
I've then used the following workaround : the NAS can run a "Linux VM" (LXC ?) with the provided "Linux Center" app. It allows me to run a regular Debian installation inside this Linux guest. On which I installed backupninja, which performs backups over rsync, from the NAS filesystem, to the rsync.net remote.
Along the way I had to overcome a few issues, whose documentation may be useful to others :
the Debian server Linux guest created with the "Linux Center" app can be accessed using SSH with the admin/admin login/pwd (couldn't find a clue in the docs or the UI)
the "Mount shared folder" option in the Debian guest configuration leads to the "/.share/" mountpoint which exibits the NAS filesystem under the Linux guest. This allows to retrieve files being backedup to the NAS to be copied out with rsync
backupninja provides an rsync handler which allows to backup files with rsync, but some default options weren't valid (see debian bug #976650).
the Seagate ironwolf HD less that 4TB aren't compatible with IHM (Ironwolf Health Management), even if the "Storage Manager" app tends to mislead you.
Google Pixel phones support what they call Motion Photo which is essentially a photo with a short video clip attached to it. They are quite nice since they bring the moment alive, especially as the capturing of the video starts a small moment before the shutter button is pressed. For most viewing programs they simply show as static JPEG photos, but there is more to the files. 
I ve mentioned in the past my 
My mistake was going poking around trying to figure out where the updates are downloaded from - I know I m running a slightly older release than what s current, and the device can do an automatic download + update. Top tip; don t run 
I have an Asustor (Nimbuster 4 / AS5304T) NAS at home, which allows me to perform regular backups. Unfortunately, I couldn't manage to find a way to configure remote backups from the NAS to rsync.net using the "Remote Sync" option of the "Backup & Restore" app provided in the ADM OS of the Asustor NAS.
I'm used to using rsync -e ssh commands and would have expected some such configuration to be possible... it may just be some UI issue, but I couldn't find how to add one for rsync.net.
I've then used the following workaround : the NAS can run a "Linux VM" (LXC ?) with the provided "Linux Center" app. It allows me to run a regular Debian installation inside this Linux guest. On which I installed backupninja, which performs backups over rsync, from the NAS filesystem, to the rsync.net remote.
Along the way I had to overcome a few issues, whose documentation may be useful to others :
