I don’t know how that got on there

Someone handed me a couple of floppy disks the other day and wanted me to get some important files from them, these disks had been sitting in the back of a cabinet since 1996. I had three USB floppy drives and a couple of hardware floppy drives handy so I thought I’d give it a go and tried both disks in each drive. All I got was erroring on almost every sector with messages like:

sd 5:0:0:0: [sdc] CDB: Read(10): 28 00 00 00 01 1e 00 00 01 00 00 00 end_request: critical target error, dev sdc, sector 286
sd 5:0:0:0: [sdc] Unhandled sense code
sd 5:0:0:0: [sdc]  Result: hostbyte=invalid driverbyte=DRIVER_SENSE
sd 5:0:0:0: [sdc]  Sense Key : Medium Error [current] Info fld=0x11f
sd 5:0:0:0: [sdc]  Add. Sense: Recorded entity not found

It’s most likely that these errors were caused by age but floppy disk drives also have differing alignment between the drive the data was written with and the drive used for reading the data.

There was only one thing I could do really and that was give ddrescue a try. There are two utilities called ddrescue, to be exact it was GNU ddrescue version 1.11. What I decided to do was try running ddrescue using three different read methods, on each disk in every drive (different alignments). My hope being that by writing to the same image file and using the logfile feature of ddrescue that I could amalgamate the good parts of each read into one complete image file.

Note: You’ll probably need to change the options below for each floppy device, file location, etc, if the drives are in different computers it’s probably easiest to save the files to some central location.

First we try to copy as much data as possible, without splitting sectors or retrying on failures:

sudo ddrescue --verbose --no-split --cluster-size=1 /dev/sdc floppy1.img floppy1.log

Now we retry any previous errors twice, using uncached reads:

sudo ddrescue --verbose --direct --max-retries=2 --cluster-size=1 /dev/sdc floppy1.img floppy1.log

Finally we try again but with the retrim option set, so that ddrescue will try to reread full sectors:

sudo ddrescue --verbose --direct --retrim --max-retries=2 --cluster-size=1 /dev/sdc floppy1.img floppy1.log

At this point you hopefully have a complete floppy disk image (I only had to use three of the available floppy drives) and then depending on the situation and damage you can either run the image through fsck, mount it, write it to a new disk or run it through a file carver.

In my situation I was able to use the mtools suite to copy the required files directly from the floppy disk image files.

 

Mounting a case-insensitive filesystem on Linux

Recently I had a web developer who was coding on a Linux server, he was used to working on Windows servers and was having problems dealing with the case sensitivity of the EXT3 filesystem. I looked into it and in addition to using the Apache mod_speling module, also decided to go a step further. As root or using sudo do the following:

  1. Create a file of the size you wish the filesystem to be, 1GB in this example:
    dd if=/dev/zero of=fat32.disk bs=1K count=1M
  2. Format the filesystem, fat32 in this example but you can use NTFS or another case-insensitive file system:
    mkfs.vfat fat32.disk
  3. Mount the filesystem and test it, you may wish to use uid= and gid= to mount it as a specific user and you’ll probably want to adjust the umask to something less permissive:
    mount /media/fat32.disk /var/www/fat32 -t vfat -o loop,owner,group,umask=000
  4. Add this to /etc/fstab so that it gets mounted after a reboot:
    /media/fat32.disk /var/www/fat32 vfat loop,owner,group,umask=000 0 0

I wouldn’t use this for production systems, in that situation I’d recommend a dedicated FAT32 or NTFS partition. If you do have to run this on a production system it should be fine for 99% of setups, it just feels like a quick hack to me.

 

Starting services in safe mode

Recently I was trying to figure out how to start additional services in Windows safe mode. I had a user whose laptop kept crashing at login, I had a quick look and several theories came to mind but uptime was important, so as a temporary workaround I set it up in safe mode with networking.

A few days later the user calls and wants to be able to print in safe mode. I look into it, do some searching, but the prevailing wisdom seemed to be that it wasn’t doable. This sounded like an MCP party line to me so I decide to explore the registry. Eventually I find the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control key which has sub-keys of Minimal and Network. Minimal being safe mode, Network being safe mode with networking. It seems to be a whitelist of services, drivers and drive groups that are allowed to start or load.

Therefore it is possible to start additional services and load additional drivers in safe mode – just add a key for the service or driver short name, then a string for type. The below entry (if in a .reg file) would allow the Print Spooler to start in safe mode with networking.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Spooler]
@="Service"

If you want a list of all drivers, driver groups and services starting in normal mode and their corresponding short names check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

I’d caution against whitelisting too much as it kind of defeats the purpose of safe mode, though in certain situations as a quick hack it can useful. It may also be something worth checking the next time you’re dealing with a particularly nasty malware infection. I haven’t seen anything which exploits it yet, but I imagine something does.

 

IPv6: Part 1 – I could see you all ignore the fact we’d fill up IPv4

After several friends asked about it, and because of the recent featured article on the BBC technology news site, I thought I would do a series on IPv6. I consider myself somewhat of an authority, because my honours project, dissertation and paper were on IPv6 – the actual title being IPv6, its implementation and migrating from IPv4 – I had what I thought were better ideas for a project but I figured IPv6 knowledge would increase my employability in the coming years.

The series starts with theory and need, then a few posts on local implementation, a couple of scenarios for wider implementation, then a final article on the reticence of the IT world to IPv6 and what I think is causing it.

So starting with theory and the need for IPv6, I know they’re not glamorous, I know to some they may be mind numbing and they’d rather just get on and do it, the whole don’t talk or discuss just do mentality. I can sympathise with this opinion. That being said, sorry no dice, you need a good mix of practical and theory otherwise you get into the area of call cargo cult system administration – I’ll probably discuss that phrase more in a future post – where you follow something like a ritual with no actual understanding. … 

 

I am the gatekeeper…

Are you the keymaster. Or how to stop some joker messing up your beautiful network by screwing with client side DNS.

Scenario: You’re a system administrator/network administrator/IT guy (whatever you want to call it) with an excellent setup, and while you sit staring at the blinking lights in the comms room pondering the quintessential meaning of things, or more realistically chatting on IRC (whatever floats your boat) you’re interrupted for the fifteenth time that week by that luser, um user you were forced to give local admin access to. Turns out now they can’t access the intranet or send e-mail.

Upon investigating you find that once again this user has changed the DNS settings on their computer, breaking Active Directory/OpenLDAP/e-mail whatever, despite repeated warnings. They’re operating under the mistaken belief that using the DNS servers provided by OpenDNS, Google DNS or any number of resolvers found here. Will make their Interweb downloads of funny cat pictures faster, you’ve tried chatting and explaining it to the guy, you tried approaching their line manager with no success. Short of beating the user with a hammer you need to find a way to resolve this situation, what do you do? You could block external DNS but that’s only half an answer. If they do it again it will break more connectivity. …