Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-desktop
Navigation:
Lists: gentoo-desktop: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-desktop@g.o
From: Duncan <1i5t5.duncan@...>
Subject: Re: System problems - some progress
Date: Fri, 1 Apr 2011 03:22:07 +0000 (UTC)
Lindsay Haisley posted on Sat, 26 Mar 2011 10:57:33 -0500 as excerpted:

> Yep, I know where you're coming from there.  Iptables isn't all that
> hard to understand, and I've become pretty conversant with it in the
> process of using for my own and others' systems.  I'd always rather deal
> with the "under the hood" CLI tools than with some GUI tool that does
> little more than obfuscate the real issue.  That way lies Windows!

Indeed, the MSWindows way is the GUI way.  But I wasn't even thinking 
about that.  I was thinking about the so-called "easier" firewalling CLI/
text-editing tools that have you initially answer a number of questions to 
setup the basics, then have you edit files to do any "advanced" tweaking 
the questions didn't have the foresight to cover.

But my (first) problem was that while I could answer the questions easy 
enough, I lacked sufficient understanding of the real implementation to 
properly do the advanced editing.  And if I were to properly dig into 
that, I might as well have mastered the IPTables/Netfilter stuff on which 
it was ultimately based in the first place.

The other problem, when building your own kernel, was that the so-called 
simpler tools apparently expect all the necessary Netfilter/IPTable kernel 
options to be available as pre-built modules (or built-in) -- IOW, they're 
designed for the binary distributions where that's the case.  Neither the 
questions nor the underlying config file comments mentioned their kernel 
module dependencies.  One either had to pre-build them all and hope they 
either got auto-loaded as needed, or delve into the scripts to figure out 
the dependencies and build/load the required modules.

Now keep in mind that I first tried this on Mandrake, where I was building 
my own kernel within 90 days of first undertaking the switch, while I was 
still booting to MS to do mail and news in MSOE, because I hadn't yet had 
time to look at user level apps well enough to make my choices and set 
them up.  So it's certainly NOT just a Gentoo thing.  It's a build-your-
own-kernel thing, regardless of the distro.

The problem ultimately boiled down to having to understand IPTables itself 
well enough to know what kernel options to enable, either built-in or as 
modules which would then need to be loaded.  But if I were to do that, why 
would I need the so-called "easier" tool, that only complicated things.  
Honestly, the tools made me feel like I was trying to remote-operate some 
NASA probe from half-way-across-the-solar-system, latency and all, instead 
of using the direct-drive, since what I was operating on was actually 
right there next to me!

At that time I simply punted.  I had (or could have and did have, by 
(wise) choice on MS) a NAPT based router between me and the net anyway, 
and already knew how to configure /it/.  So I just kept it and ran the 
computer itself without a firewall for a number of years.  Several years 
later, after switching to Gentoo, when I was quite comfortable on Linux in 
general, I /did/ actually learn netfilter/iptables, configure my computer 
firewall accordingly, and direct-connect for a year or two -- until my 
local config changed and I actually had the need for a NAPT device as I 
had multiple local devices to connect to the net.

Which brings up a nice point about Gentoo.  With Mandrake (and most other 
distributions of the era, from what I read), there were enough ports open 
by default that having a firewall of /some/ sort, either on-lan NAPT 
device or well configured on-computer IPChains/IPTables based, was wise.  
IOW, keeping that NAPT device was a good choice, even if it /was/ an MS-
based view of things, because the Linux distros of the time still ran with 
various open ports (whether they still do or not I don't know, I suspect 
most do, tho they probably do it with an IPTables firewall up now too).

Gentoo's policy by contrast has always (well, since before early 2004, 
when I switched to it) been:

1) Just because it's installed does NOT mean it should have its initscript 
activated so it runs automatically in the default runlevel -- Gentoo ships 
by default with the initscripts for net-active services in /etc/init.d, 
but does NOT automatically add them to the default runlevel.

2) Even when a net-active service IS activated, Gentoo's default 
configuration normally has it active on the loopback localhost address 
only.

3) Gentoo ships X itself with IP-forwarding disabled, only the local Unix 
domain socket active.

As such, by the time I actually got around to learning IPTables/netfilter 
and setting it up on my Gentoo box, it really wasn't as necessary as it 
would be on other distributions, anyway, because firewall or no firewall, 
the only open ports were ports I had deliberately opened myself and thus 
already knew about.

But of course defense in depth is a VERY important security principle, 
correlating as it does with the parallel "never trust yourself not to fat-
finger SOMETHING!"  (Now, if the so-called security services HBGary, et. 
al., only practiced it! ...  I think that's what galled most of the world 
most, not that they screwed up a couple things so badly, but that they so 
blatantly violated the basic defense-in-depth, or we'd have never read 
about the screw-ups in the first place as they'd have not amounted to 
anything if the proper layers of defense had been there... and for a 
SECURITY firm, no less, to so utterly and completely miss it!)  So 
regardless of the fact that in theory I didn't actually need the firewall 
by then since the only open ports were the ones I intended to be open, I 
wasn't going to run direct-connected without /some/ sort of firewall, and 
I learned and activated IPTables/netfilter before I did direct-connect.  
And now that I have NAPT again, I still keep it running, as that's simply 
another layer of that defense in depth, and I can use the NAPT router for 
multiplexing several devices on a single IP, not its originally accidental 
side-effect of inbound firewalling, tho again, I keep that too as it's 
another layer of that defense in depth, I just don't /count/ on it.

>> Bottom line, yeah I believe ext4 is safe, but ext3 or ext4, unless you
>> really do /not/ care about your data integrity or are going to the
>> extreme and already have data=journal, DEFINITELY specify data=ordered,
>> both in your mount options, and by setting the defaults via tune2fs.
> 
> So does this turn off journaling?  What's a good reference on the
> advantages of ext4 over ext3, or can you just summarize them for me?

No, this doesn't turn off journaling.

Briefly...

There's the actual data, the stuff in the files we care about, and 
metadata, the stuff the filesystem tracks behind the scenes so we don't 
have to worry about it.  Metadata includes stuff like the filename, the 
dates (create/modify/access, the latter of which isn't used that much any 
more and is often disabled), permissions (both traditional *ix set*/user/
group/world and if active SELinux perms, etc), INODE AND DIRECTORY TABLES 
(most important in this context, thus the CAPS, as without them, your data 
is effectively reduced to semi-random binary sequences), etc.

It's the metadata, in particular, the inode and directory tables, that fsck 
concerns itself with, that's potentially damaged in the event of a chaotic 
shutdown, that fsck checks and tries to restore on remount after such a 
shutdown, etc.

Because the original purpose of journaling was to shortcut the long fscks 
after a chaotic shutdown, traditionally it concerns itself only with 
metadata.  In practice, however, due to reordered disk operations at both 
the OS and disk hardware/firmware level, the result of a recovery with 
strict meta-data-only journaling on a filesystem can be perfectly restored 
filesystem metadata, but with incorrect real DATA in those files, because 
the metadata was already written to disk but the data itself hadn't been, 
at the time of the chaotic shutdown.

Due to important security implications (it's possible that the previous 
contents of that inode was an unlinked but not secure-erased file 
belonging to another user, UNAUTHORIZED DATA LEAK!!!), such restored 
metadata-only files where the data itself is questionable, are normally 
truncated to zero-length, thus the post-restore zero-length "empty" file 
phenomenon common with early journaled filesystems and still occasionally 
seen today.

The data= journaling option controls data/metadata handling.

data=writeback is "bare" metadata journaling.  It's the fastest but 
riskiest in terms of real data integrity for the reasons explained above.  
As such, it's often used where performance matters more than strict data 
integrity in the event of chaotic shutdown -- where data is backed up and 
changes since the backup tend to be trivial and/or easy to recover, where 
the data's easily redownloaded from the net (think the gentoo packages 
tree, source tarballs, etc), and/or where the filesystem is wiped at boot 
anyway (as /tmp is in many installations/).  Zeroed out files on recovery 
can and do happen in writeback mode.

data=ordered is the middle ground, "good enough" for most people, both in 
performance and in data integrity.  The system ensures that the commit of 
the real data itself is "ordered" before the metadata that indexes it, 
telling the filesystem where it's located.  This comes at a slight 
performance cost as some write-order-optimization must be skipped, but it 
GREATLY enhances the integrity of the data in the event of a chaotic 
shutdown and subsequent recovery.  There are corner-cases where it's still 
possible at least in theory to get the wrong behavior, but in practice, 
these don't happen very often, and when they do, the loss tends to be that 
of reverting to the pre-update version of the file, losing only the 
current edit, rather than zeroing out of the file (or worse yet, data 
leakage) entirely.

data=journal is the paranoid option.  With this you'll want a much larger 
journal, because not only the metadata, but the data itself, is 
journaled.  (And here most people thought that's what journaling did /all/ 
the time!)  Because ALL data is ultimately written TWICE in this mode, 
first to the journal and then from there to its ultimate location, by 
definition it's a factor of two slower, but provided the hardware is 
working correctly, the worst-case in a chaotic shutdown is loss of the 
current edit, reverting to the previous edition of the file.

FWIW and rather ironically, my original understanding of all this came 
from a series of IBM DeveloperWorks articles written in the early kernel 
2.4 series era, explaining the main filesystem choices, many of them then 
new, available in kernel 2.4.  While the performance data and some 
filesystem implementation detail (plus lack of mention of ext4 and btrfs 
as this was before their time) is now somewhat dated, the theory and 
general filesystem descriptions remain solid, and as such, the series 
remains a reasonably good intro to Linux filesystems to this day.  As 
such, parts of it are still available as linked from the Gentoo 
Documentation archived copy of those IBM DeveloperWorks articles.  In 
particular, two parts covering ext3 and the data= options remain available:

http://www.gentoo.org/doc/en/articles/afig-ct-ext3-intro.xml
http://www.gentoo.org/doc/en/articles/l-afig-p8.xml

The ironic bit is who the author was, one Daniel Robbins, the same DRobbins 
who founded the then Enoch Linux, now Gentoo.  But I read them long before 
I ever considered Gentoo, when I was first switching to Linux and using 
Mandrake.  It was thus with quite some amazement a number of years later, 
after I'd been on Gentoo for awhile, that I discovered that the *SAME* 
DRobbins who founded Gentoo (and was still active tho on his way out in 
early 2004 when I started on Gentoo), was the guy who wrote the Advanced 
Filesystem Implementor's Guide in IBM DeveloperWorks, the guide I'd found 
so *INCREDIBLY* helpful years before, when I hadn't a /clue/ who he was or 
what distribution I'd chose years later, as I just starting with Mandrake 
and trying to figure out what filesystems to choose.

As to the ext3/ext4 differences... AFAIK the (second) biggest one is that 
ext4 uses extents by default, thus fragmenting files somewhat less over 
time.  (Extents are a subject worth their own post, which I won't attempt 
as while I understand the basics I don't understand all the implications 
thereof myself.  But one effect is better efficiency in filesystem layout, 
when the filesystem was created with them anyway... it won't help old 
files on upgraded-to-ext4-from ext2/3 that much.  Google's available for 
more. =:^)

There's a lot of smaller improvements as well.  ext4 is native large-
filesystem by default.  A number of optimizations discovered since ext3 
are implemented in ext4 that can't be in ext3 for stability and/or old-
kernel backward compatibility reasons.  ext4 has a no-journal option 
that's far better on flash-based thumb-drives, etc.  There are a number of 
options that can make it better on SSDs and flash in general than ext3.

And the biggest advantage is that ext4 is actively supported in the kernel 
and supports ext2/3 as well, while ext2/3, as separate buildable kernel 
options, are definitely considered legacy, with talk, as I believe I 
mentioned, of removing them as separate implementations entirely, relying 
on ext4's backward compatibility for ext2/3 support.  In that regard, ext3 
as a separate option is in worse shape than reiserfs, since it's clearly 
legacy and targeted for removal.  As part of ext4, support will 
*DEFINITELY* continue for YEARS, more likely DECADES, so is in no danger 
in that regard (more so than reiserfs support, which will continue to be 
supported as well for at least years), but the focus is definitely on ext4 
now, and as ext3 becomes more and more legacy, the chances of corner-case 
bugs appearing in ext3-only code in the ext4 driver do logically 
increase.  In that regard, reiserfs could actually be argued to be in 
better shape, since it's not implemented as a now out-of-focus older-
brother to a current filesystem, so while it has less focus in general, it 
also has less chances of being accidentally affected by a change to the 
current-focus code.

Which can be argued to have already happened with the default ext3 
switching to data=writeback for a number of kernels, before being switched 
back to the data=ordered it always had before.  A number of kernels ago 
(2.6.29 IIRC), ext4 was either officially just out of or being discussed 
for bringing out of experimental.  I believe it was Ubuntu that first made 
it a rootfs system install option, in that same time period.  Shortly 
thereafter, a whole slew of Ubuntu on ext4 users, most of whom it turned 
out later were using the closed nVidia driver, which was unstable in that 
version against that Ubuntu version and kernel, thus provoking many cases 
of "chaotic shutdown", a classic worst-case trial-by-fire test for the 
then still coming out of experimental ext4, began experiencing the classic 
"zeroed out file" problems on reboot after their chaotic shutdowns.

*Greatly* compounding the problem were some seriously ill-advised Gnome 
config-file behaviors.  Apparently, they were opening config-files for 
read-write simply to READ them and get the config in the process of 
initializing GNOME.  Of course, the unstable nVidia driver was 
initializing in parallel to all this, with the predictable-in-hindsight 
results...  As gnome was only READING the config values, it SHOULD have 
opened those files READ-ONLY, if necessary later opening them read-write 
to write new values to them.  As with the security defense-in-depth 
mentioned in the HBGary parenthetical above, this is pretty basic 
filesystem principles, but the gnome folks had it wrong.  The were opening 
the files read/write when they only needed read, and the system was 
crashing with them in that state.  As a result, these files were open for 
writing in the crash, and as is standard security practice as explained 
above, the ext4 journaling system, defaulting to write-back mode, restored 
them as zeroed out files to prevent any possibility of data leak.  
Actually, there were a few other technicalities involved as well (file 
renaming on write, failure to call fsync, due in part to ext3's historic 
bad behavior on fsync, which it treated as whole-filesystem-sync, etc), 
but that's the gist of things.

So due to ext4's data=writeback and the immaturity of the filesystem such 
that it didn't take additional precautions, these folks were getting 
critical parts of their gnome config zeroed out every time they crashed, 
and due to the unstable nVidia drivers, they were crashing frequently!!

*NOT* a good situation, and that's a classic understatement!!

The resulting investigation discovered not only the obvious gnome problem, 
but several code tweaks that could be done to ext4 to reduce the 
likelihood of this sort of situation in the future.

All fine and good, so far.  But they quickly realized that the same sort 
of code tweak issues existed with ext3, except that because ext3 defaulted 
to data=ordered, only those specifically setting data=writeback were 
having problems, and because those using data=writeback were expected to 
have /some/ problems anyway, the issues had been attributed to that and 
thus hadn't been fully investigated and fixed, all these years.

So they fixed the problems in ext3 as well.  Again, all fine and good -- 
the problems NEEDED fixed.  *BUT*, and here's where the controversy comes 
in, they decided that data=writeback was now dependable enough for BOTH 
ext3 and ext4, thus changing the default for ext3.

To say that was hugely controversial is an understatement (multiple 
threads on LKML, LWN, elsewhere where the issue was covered at the time, 
often several hundreds of posts long each), and my feelings on 
data=writeback should be transparent by now so where I stand on the issue 
should be equally transparent, but Linus never-the-less merged the commit 
that switched ext3 to data=writeback by default, AFAIK in 2.6.31.  (AFAIK, 
they discovered the problem in 2.6.29, 2.6.30 contained temporary work-
around-fixes, 2.6.31 contained the permanent fixes and switched ext3 to 
data=writeback.)

Here's the critical point.  Because reiserfs isn't so closely related to 
the ext* family, it retained the data=ordered default it had gotten years 
early, the same kernel Chris Mason committed the code for reiserfs to do 
data=ordered at all.  ext3 got the change due to its relationship with 
ext4, despite the fact that it's officially an old and stable filesystem 
where arguably such major policy changes should not occur.  If the seperate 
kernel option for ext3 is removed in ordered to remove the duplicate 
functionality already included in ext4 for backward compatibility reasons, 
by definition, this sort of change to ext4 *WILL* change the ext3 it also 
supports, unless deliberate action is taken to avoid it.  That makes such 
issues far more likely to occur again in ext3, than in the relatively 
obscure ext4.

Meanwhile, as mentioned, with newer kernels (2.6.36, 37, or 38, IDR which, 
tho it won't matter for those specifying the data=option either via 
filesystem defaults using tune2fs, or via specific mount option), ext3 
reverted again to the older and safer default, data=ordered.

And as I said, it's my firm opinion that the data= option has a stronger 
effect on filesystem stability than any possibly remaining issues with 
ext4, which is really quite stable by now.  Thus, ext3, ext4, or reiserfs, 
I'd **STRONGLY** recommend data=ordered, regardless of whether it's the 
default as it is with old and new (but with a gap) ext3 and reiserfs as it 
has been for years, or not, as I believe ext4 still defaults to 
data=writeback.  If you value your data, "just do it!"

Meanwhile, I believe the default on the definitely still experimental 
btrfs is data=writeback too.  While I plan on switching to it eventually, 
you can be quite sure I'll be examining that default and as of this point, 
have no intentions of letting it be data=writeback, when I do.

....

> The problem with Gentoo was that because EVMS was an orphaned project, I
> believe the ebuild wasn't updated.  The initrd file was specific for
> EVMS.

That's quite likely, indeed.

> Of course.  I like technology that _lasts_!  We have a clock in our
> house that's about 190 years old [...] turned me on to the Connecticut
> Clock and Watch museum, run by one George Bruno [who] also makes working
> replicas [and] was able to send me an exact replacement part!  Try
> _THAT_ with your 1990's era computer ;-)

That reminds me...  I skipped it as irrelevant to the topic at hand, but 
due to kernel sensors and ACPI changes, I decided to try the last BIOS 
upgrade available for this Tyan, after having run an earlier BIOS for some 
years.  Along about 2.6.27, I had to start using a special boot parameter 
to keep the sensors working, as apparently the sensor address regions 
overlap ACPI address regions (not an uncommon issue in boards of that era, 
the kernel folks say).  The comments on the kernel bug I filed suggested 
that a BIOS update might straighten that out (it didn't, BIOS still too 
old and board EOLed, even if it is still working), so I decided to try it.

The problem was that I had a bad memory stick.  Now the kernel has 
detectors for that and I had them active, but the kernel drivers for that 
were introduced long after I got the hardware, and while it was logging an 
issue with the memory, since it had been doing that since I activated the 
kernel drivers for it, I misinterpreted that as simply how it worked, so 
wasn't aware of the bad memory it was trying to tell me about.

So I booted to the FreeDOS floppy I used for BIOS upgrades (I've used 
FreeDOS for BIOS upgrades for years, without incident before this) and 
began the process.

It crashed half-way thru the flash-burn, apparently when it hit that bad 
memory!!

Bad situation, but there's supposed to be a failsafe direct-read-recover 
mode built-in, that probably would have worked had I known about it.  
Unfortunately I didn't, and by the time I figured it out, I'd screwed that 
up as well.

But luckily I have a netbook, that I had intended to put Gentoo on but had 
never gotten around to at that point (tho it's running Gentoo now, 2.6.38 
kernel, kde 4.6.1, fully updated as of mid-March).  It was still running 
the Linpus Linux it shipped with (first full system I've bought since my 
original 486SX25 w/ 2MB memory and 130 MB hard drive in 1993, or so, and 
I'd have sooner done without the netbook than pay the MS tax, I DID have 
to order it from Canada and have it shipped to the US).  I was able to get 
online with that, grab a yahoo webmail account since my mail logins were 
stuck on the main system without a BIOS, and use that to order a new BIOS 
chip shipped to me, the target BIOS pre-installed.

That new BIOS chip rescued my system!

I suspect my feelings after that BIOS chip did the trick rather mirror 
yours after that gear did the trick for your clock.  The computer might 
not be 190 years old, but 2003 is old enough in computer years, and I 
suspect I have rather more of my life wound up in that computer than you 
do in that clock, 190 years old or not.

Regardless, tho, you'll surely agree,

WHAT A RELIEF TO SEE IT RUNNING AGAIN!  =:^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman



References:
System problems
-- Lindsay Haisley
Re: System problems
-- Roman Zilka
Re: System problems
-- Lindsay Haisley
Re: System problems
-- Roman Zilka
Re: System problems
-- Lindsay Haisley
Re: System problems
-- eamjr56
Re: System problems
-- Lindsay Haisley
Re: System problems
-- Dale
Re: System problems
-- Jorge Manuel B. S. Vicetto
Re: System problems - some progress
-- Lindsay Haisley
Re: System problems - some progress
-- Paul Hartman
Re: System problems - some progress
-- Lindsay Haisley
Re: System problems - some progress
-- Paul Hartman
Re: System problems - some progress
-- Lindsay Haisley
Re: System problems - some progress
-- Paul Hartman
Re: System problems - some progress
-- Lindsay Haisley
Re: System problems - some progress
-- Duncan
Re: Re: System problems - some progress
-- Lindsay Haisley
Re: System problems - some progress
-- Duncan
Re: Re: System problems - some progress
-- Lindsay Haisley
Re: System problems - some progress
-- Duncan
Re: Re: System problems - some progress
-- Lindsay Haisley
Navigation:
Lists: gentoo-desktop: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: System problems - some progress
Next by thread:
Re: System problems
Previous by date:
Re: Re: System problems - some progress
Next by date:
How to mask KDE 4.6.2?


Updated Jun 28, 2012

Summary: Archive of the gentoo-desktop mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.