Author Archives: Antranig Vartanian

About Antranig Vartanian

Doing things @ illuria, Inc. Unix, BSD, InfoSec, Elixir/Erlang, DNS, XMPP. Mostly harmless.

Generating SSHFP Records

I added a new server to our hackerspace last week. This new server will be used for research in security. When I was adding the new DNS record when I realized that the previous server had a SSHFP record as well!

I remember that I should use the ssh-keygen command, however, like a normal human being, I forgot which flag to use. A simple search in the manual page says that I should use -r flag, so here we go.

antranigv@srv0:~ % ssh-keygen -r srv0
srv0 IN SSHFP 1 1 785b3fa04870e92bf25f4c7f7092733acf586ffb
srv0 IN SSHFP 1 2 847fd4a76ef7dfcef31ac3fa18c139413ab0017fa17014b3884bff161c3364de
srv0 IN SSHFP 3 1 8268aa7b8dccf4c0e7881472c72093589ca46b2e
srv0 IN SSHFP 3 2 ea0c9f0a50a825f5a0a59cebf8637876970a34000e6e0afd46bf269e08294a88
srv0 IN SSHFP 4 1 2fbe9d0e2ecdbd9dd58576e4683ee70858ca3f25
srv0 IN SSHFP 4 2 a34643bdce1ef3042cdd76fb7e46fcaf108dc436f8fcdb55daf993a27da0654b

All I need to do is to add these into the DNS zone. Luckily I run BIND, so I copy-pastad them into the file, did +1 to the SOA’s serial and done!

Now I can try logging in.

antranigv@zvartnots:~ $ ssh srv0.hackerspace.am -v
OpenSSH_9.3p1, OpenSSL 3.1.3 19 Sep 2023
debug1: Reading configuration data /Users/antranigv/.ssh/config
debug1: Reading configuration data /Users/antranigv/.ssh/personal
[…]
debug1: Server host key: ssh-ed25519 SHA256:OCsizTimnJi1grbxSY5LpvpLozfZ2pk+4Jzwg60WKYA
debug1: found 6 secure fingerprints in DNS
debug1: verify_host_key_dns: matched SSHFP type 4 fptype 1
debug1: verify_host_key_dns: matched SSHFP type 4 fptype 2
debug1: matching host key fingerprint found in DNS

and I logged in properly!

Reply via email.

Antranig Vartanian

November 12, 2023

I spent some time and moved my What I Use page to WordPress. I finally have a good reason to use the details HTML tag.

I also updated the content! My new music player(s) is the iPod! More about that, soon!

Reply via email.

Antranig Vartanian

November 8, 2023

If you’re seeing this then the migration is done! The weblog has moved from weblog.antranigv.am to antranigv.am.

I have also spent some time updating my About page, I hope I haven’t missed anything important. I will be adding more pages soon, such as link to friends, blogs that I read, what I use, etc.

I hope ActivityPub is working properly with the new domain.

Long Live The Web!

Reply via email.

macOS Desktops limit?

If you’ve ever wondered how many Desktops you can have on macOS, the answer, based on my 10 second test is 16. I do, however, have two apps in fullscreen mode (OmniFocus and Music.app).

Foo

I wonder if this is per screen. If any of you has an external monitor, please test and let me know!

Fun fact: you cant do “⌘⇪3” (Command+Shift+3) to capture the screen if you’re in Mission Control, instead I ran the following inside a terminal.

sleep 5 && screencapture /tmp/foo.png

If you like to nerd out on Unix-y stuff, here’s a screenshot from the manual page of screencapture(1).

Screenshot 2023 11 02 at 7 52 29 PM

Better documentation is needed, indeed.

That’s all folks…

Reply via email.

Upcoming migration

In the coming days/weeks, this blog will be migrated to a new address. Notably, the subdomain will be dropped and I will use antranigv.am for my blog.

I’ve been meaning to do these changes for a while now, and it occurred to me there’s no time like the present. Of course, the biggest kicker was discussing about this with my good friend Rubenerd.

Three major changes:

  • weblog.antranigv.amantranigv.am
  • The blog’s name will be changed from “Freedom Be With All” to something… else
  • The theme, while staying the same, will be modified a bit. Mostly the internals

I always had a love and hate relationship with the subdomain weblog., however, I realized that the only thing on my homepage is little information such as projects I’m working on, some contact info and some banners.

While it’s a cool static page with a cool theme, I generate it in a complex way: OPML → XSLT → HTML, to be specific.

By moving the blog to the homepage, it will make it a better “reading experience” (is RX a thing? or is that part of UX as well?)

The name of this blog “Freedom Be With All” has a bit of history.

Initially, I only had an Armenian blog (which used to be blog.antranigv.am moved to antranigv.am/blog and currently settled to անդրանիկ.հայ which is “my name in Armenian dot Armenia’s IDN TLD”), I was too scared to blog in English.

The title of my Armenian blog was and still is “Ազատութիւն Ամենեցուն”, literally meaning “Freedom to all”. It’s a “mod” of the common “Peace to all” phrase mentioned in The Divine Liturgy Of The Armenian Church.

Personally, freedom is the highest value of all, hence I went with it, instead of peace.

The tagline will stay the same: I’m your worst nightmare. You see, when I was a kid, back in school, back in Syria, I was bullied (I mean, who wasn’t?), but not for my nerdiness, instead, for my “sharpness”. It wasn’t cool to know things, read books, talk with strangers on this thing called “the internet”. It wasn’t cool to talk about Star Wars all day (don’t you have history to study? who cares about WHY the Trade Federation attacked Naboo). It wasn’t cool to “know how to run pirated PlayStation games” because we were, well, poor is the right word here.

But I loved the internet, and the people on the internet introduced me to Unix, specifically to Linux. And that got me to (pirate, of course, because Syria, and) watch a documentary named Revolution OS, where the intro starts with Eric S. Raymond telling a story, ending with “I’m your worst nightmare”.

That feeling, of being such a good computer hacker, that you feel like a god in front of the computer and you feel that you can be a whole corporation’s nightmare is what made me feel powerful, is what made me feel “un-bully-able”. After that I would spend my days (well, technically nights, after my father went to sleep) chatting on IRC, reading books about programming, cracking the neighbour’s WiFi, reinstalling X11 3 times, and being nicer when you know you have the ability to be batman a nightmare.

All of this story aside, I don’t know what to name the blog. Maybe “Antranig Vartanian”, maybe “Antranig’s Notes”, maybe “antranigv”. Still not sure… Have a thought? Reply in the comments 🙂

The theme of the website will stay as is, but some nice modifications will be added, like a calendar, maybe a tag cloud, etc.

Finally, and I just remembered about this while I was typing this post: ActivityPub!

Dear lazyweb

I have a WordPress blog that uses the ActivityPub plugin, which means that you can follow it from the fediverse, e.g. from Mastodon!
However, I am planning to migrate the domain of the blog. Do I need to keep a static JSON somewhere meaning the “account” has migrated?

Any tips will be appreciated!

Otherwise, around 40 nice people will need to follow again 🙁

Wow, this post went more than I expected!

Thank you for reading (or skimming!)

That’s all folks… 

Reply via email.

Antranig Vartanian

October 31, 2023

Once a month, the WordPress app on my iPhone stops working. Specifically, it stops loading and sending data. It just “hangs” there. I’m honestly considering using the mobile web interface to blog remotely.

I wish there was MarsEdit for mobile…

Any alternatives or suggestions? Maybe I should use the “Post via Email” feature like back in the good old days 🙂

Reply via email.

Antranig Vartanian

October 26, 2023

The following happened in a group chat (technically, XMPP Multi-User Chat)

<inky> @antranigv, looks like the sarian website is broken again

<antranigv> @inky, fixed! It was an SSL/TLS certificate issue

<inky> @antranigv, It seems that now, the bot that cross-posts the submissions from sarian to here is not working

<antranigv> Looks like there’s an issue with Ruby. I have to upgrade it

<tigran> This is how the robot revolution begins!

<inky> If we are going to "do it", it will end just like it starts: one robot will fail because of SSL, the other because of a wrong version of ruby.

I’ve been ROFLing for 3 minutes now… xD

Cheers.

Reply via email.

bhyve CPU Allocation Test for 256 core machine

During the last bhyve weekly call, Michael Dexter asked me to run the bhyve CPU Allocation Test that he wrote in order to see if number of CPUs in the guest makes the system boot longer.

Here’s a post with the details of the test and my findings.

The host machines runs the following

# uname -a
FreeBSD genomic.abi.am 13.2-RELEASE FreeBSD 13.2-RELEASE releng/13.2-n254617-525ecfdad597 GENERIC amd64

# sysctl hw.model hw.ncpu
hw.model: AMD EPYC 7702 64-Core Processor
hw.ncpu: 256

# dmidecode -t processor | grep 'Socket Designation'
        Socket Designation: CPU1
        Socket Designation: CPU2

# sysctl hw.physmem hw.realmem hw.usermem
hw.physmem: 2185602236416
hw.realmem: 2200361238528
hw.usermem: 2091107983360

Basically, it’s FreeBSD 13.2, with 2TB of RAM, 2 CPUs with 64 cores each, 2 threads each, totaling 256 vCores

The test runs a bhyve VM with minimal FreeBSD, that’s built with OccamBSD. The main changes are the following:

  • /boot/loader.conf has the line autoboot_delay="0"
  • There are no service enabled
  • /etc/rc.local has the line shutdown -p now

The machine boots and then it shuts down.

Here’s what I’ve got in the log file →

Host CPUs: 256
1 booted in 9 seconds
2 booted in 9 seconds
3 booted in 9 seconds
4 booted in 9 seconds
5 booted in 9 seconds
6 booted in 9 seconds
7 booted in 9 seconds
8 booted in 9 seconds
9 booted in 10 seconds
10 booted in 10 seconds
11 booted in 10 seconds
12 booted in 11 seconds
13 booted in 10 seconds
14 booted in 11 seconds
15 booted in 12 seconds
16 booted in 9 seconds
17 booted in 12 seconds
18 booted in 18 seconds
19 booted in 14 seconds
20 booted in 15 seconds
21 booted in 22 seconds
22 booted in 17 seconds
23 booted in 23 seconds
24 booted in 10 seconds
25 booted in 10 seconds
26 booted in 17 seconds
27 booted in 14 seconds
28 booted in 15 seconds
29 booted in 12 seconds
30 booted in 15 seconds
31 booted in 31 seconds
32 booted in 19 seconds
33 booted in 15 seconds
34 booted in 32 seconds
35 booted in 18 seconds
36 booted in 22 seconds
37 booted in 24 seconds
38 booted in 17 seconds
39 booted in 24 seconds
40 booted in 13 seconds
41 booted in 15 seconds
42 booted in 23 seconds
43 booted in 37 seconds
44 booted in 21 seconds
45 booted in 19 seconds
46 booted in 12 seconds
47 booted in 17 seconds
48 booted in 19 seconds
49 booted in 17 seconds
50 booted in 18 seconds
51 booted in 15 seconds
52 booted in 20 seconds
53 booted in 14 seconds
54 booted in 22 seconds
55 booted in 18 seconds
56 booted in 17 seconds
57 booted in 92 seconds
58 booted in 15 seconds
59 booted in 15 seconds
60 booted in 17 seconds
61 booted in 16 seconds
62 booted in 22 seconds
63 booted in 17 seconds
64 booted in 12 seconds
65 booted in 17 seconds

At the 66th core, bhyve crashes, with the following line

Booting the VM with 66 vCPUs
Assertion failed: (curaddr - startaddr < SMBIOS_MAX_LENGTH), function smbios_build, file /usr/src/usr.sbin/bhyve/smbiostbl.c, line 936.
Abort trap (core dumped)

At this point, bhyve crashes with every ncpu+1, so I had to stop the loop from running.

I had to look into the topology of the CPUs, which FreeBSD can report using

sysctl -n kern.sched.topology_spec

<groups>
 <group level="1" cache-level="0">
  <cpu count="256" mask="ffffffffffffffff,ffffffffffffffff,ffffffffffffffff,ffffffffffffffff">0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255</cpu>
  <children>
   <group level="2" cache-level="0">

[...]

   </group>
  </children>
 </group>
</groups>

You can find the whole output here: kern.sched.topology_spec.xml.txt

The system that we need for production requires 240 vCores. This topology gave me the idea to run that manually, using the socket, cores and threads options →

bhyve -c 240,sockets=2,cores=60,threads=2 -m 1024 -H -A \
    -l com1,stdio \
    -l bootrom,BHYVE_UEFI.fd \
    -s 0,hostbridge \
    -s 2,virtio-blk,vm.raw \
    -s 31,lpc \
    vm0

And it booted all fine! 🙂

240 booted in 33 seconds

For production, however, I use vm-bhyve, so I’ve added the following to my configuration →

cpu="240"
cpu_sockets="2"
cpu_cores="60"
cpu_threads="2"
memory="1856G"

And yes, for those who are wondering, bhyve can virtualize 1.8T of vDRAM all fine 🙂

For my debugging nerds, I’ve also uploaded the bhyve.core file to my server, you may get it at bhyve-cpu-allocation–256.tgz

As long as this is helpful for someone out there, I’ll be happy. Sometimes I forget that not everyone runs massive clusters like we do.

That’s all folks…

Reply via email.