CV of Jelte Jansen, short version

Go To Extended version

Personal information

• Name: Jelte Jansen
• Date of Birth: February 7th, 1979
• Sex: Male
• Nationality: Dutch

Employment History

• 2018-present: Ionite

  • Description: Consultancy, technology development, and services regarding e-invoicing
  • Function: Freelance
  • Tasks: Consultancy, protocol development, software development, e-invoicing services

• 2013-present: Stichting Internet Domeinregistratie Nederland

  • Description: Foundation that administrates the .nl country-code top-level domain
  • Function: Research Engineer
  • Tasks: Technical Advisor, Internet protocol research and development, Privacy board member

• 2009-present: Internet Systems Consortium

  • Description: Non-profit public benefit organization that produces and distributes quality Open Source software, and provides professional services based on that software.
  • Function: Software Engineer
  • Tasks: Software design, Software development, Protocol engineering, Scrum Master

• 2004-2009: NLnet Labs

  • Description: Foundation to develop, implement, evaluate, and promote new protocols and applications for the Internet.
  • Function: Developer
  • Tasks: Research, development, protocol engineering, application testing, systems maintenance

• 2000-2004: First8 B.V. (part-time)

  • Description: ICT Company specialized in creating inter- and intra-net applications
  • Function: Software Engineer
  • Tasks: Design and development of Java-based Internet applications

• 1998-2000: InterNLnet B.V. (part-time)

  • Description: Internet Provider
  • Function: Helpdesk for an Internet provider.
  • Tasks: Provide technical help to customers with their network and Internet connections

Other Functions

• 2019-present: RIPE Programme Committee
  • Description: Planning and presentation selection for RIPE meetings
  • Function: Member
• 2017-present: __SIDN Fonds Advisory Board
  • Description: Review project proposals and funding requests, general advice for SIDN Fonds
  • Function: Member

Education

• High school: Gymnasium Beekvliet
• University: University of Nijmegen (now know as Radboud University)
  • Computing Science
  • Graduated on Security and Development in 2004

Awards

• Aia Master award for master thesis, Slicing Midlets

Other

• Several personal projects can be found on http://www.tjeb.nl/Projects and http://www.tjeb.nl/blog
• 1999 - 2001: Chair of Thalia, the student association for Computing Science
• 2001 - 2002: Chair of 'Stichting Beet', a student association encompassing the technology studies at the University of Nijmegen
• 2000 - 2001: Treasurer of 'Stichting Beet'

Publications

• Protecting Home Networks From Insecure IoT Devices
• Whois-data; domeinnamen, persoonsgegevens en de openbaarheid daarvan
• Resilience of the Domain Name System: a case study of the .nl domain
• SPIN: A user-centric Security Extension for In-home Networks
• Ervaringen met privacybeheer voor DNS-‘big data’-toepassingen
• Experiences with privacy management for DNS 'big data' applications (Translation of original article)
• A privacy framework for ‘ DNS big data ’ applications (translation of original paper)
• Een privacyraamwerk voor ‘DNS big data’-toepassingen
• RFC 5702
• DNSSEC Key maintenance
• An Introduction to the use of HSM
• Measuring the effects of DNSSEC deployment on query load

(tl;dr: use latest rdup for backups, and thecus has problems with some drives, even from the compatibility list, if so, try updating firmware).

So I recently saw a reasonably good deal on the Thecus N5550, a 5-bay hot-swappable NAS machine. This seemed as good a time as any to finally clean up my backups and Do Them Right.

So the plan is to see how much the already excellent rdup has progressed (last time I used it was at version 0.5, it is now at 1.1.13, the version from the repositories on my systems was 1.0.5).

Initial setup for the N5550 is quite OK, I setup NTP, NFS access, Samba access, and enabled SSH login to have a lowlevel look at what's going on inside.

Setting up the RAID array was a breeze; For my first experiment I chose a RAID-5 array of 3 Seagate 3TB disks, totalling in about 5.5TB of space.

I installed rdup on my vps, and on a local always-on machine (a lowpower fanless box acting as a fancy gateway), and initially I mounted the big drive as a samba mount (there were some unidentified problems with nfs4, see below). Read and write speed were not as high as I would have thought, about 1-3 MB/s. But that was a problem for later, and I don't really need that much speed anyway.

I only needed simple incremental backups, so the rdup-simple script should be fine.

Then the first problem arised; there were a lot of 'no such file or directory' errors. After retracing the steps rdup-simple takes manually, I found out that sometimes rdup-up missed creating a directory. And then of course when it tries to write files in it it fails. This happens for different directories on every run, so I suspect this is some form of race condition.

I asked around and a friend who uses it says he had never seen this with his version (1.1.11 IIRC).

Time to upgrade.

Ater getting rid of the repository versions, and building a fresh rdup from the latest release (long live apt-get build-dep!), rdup-simple proceeded without a hitch.

I also has a number of media files I wanted to copy, so I simply scp'd them to the mounted share.

And then the real trouble started.

While it was copying one of the video files, scp aborted with an I/O error. I tried to copy again, and this time the failed file worked. But shortly after that, while copying another big file, the thecus started beeping continuously.

Looking at the diagnostics, it reported a failing disk (drive 2). Since I had already run the smart checks on this brand new disk, I didn't think it was actually dying on me, so I tried to find what was really happening. Good thing I had that SSH access; dmesg showed lots and lots of problems:

Periodic exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x6 frozen from sata drive
hard resetting link

followed by a number of messages:

device reported invalid CHS sector 0

And of course the RAID was in a degraded mode. Telling it to fix itself started a rebuild. As you may now, RAID rebuilds take a long long time, and after about 10 hours (at 92 percent), disks 1 and 3 dropped with similar errors. Bye bye RAID.

This seems to be a problem with the driver, as similar problems for other systems are all over the web. It is often blamed on bad cabling, but there are no cables in this machine (the sata connections are directly wired on a board, and if that board was bad, I'd expect to see much, much more complaints on the Thecus forum).

Another thing I noticed is that these are 6GB/s disks, and the thecus should handle them fine (they are on the compatibility list), but they are connected at 3.0GB/s, not 6.0.

This might be related.

So, I almost contemplated getting rid of the firmware and trying to install a real OS on the system. But there was one thing else to try first.

The version of the disk firmware was CC4B, and there were some reports with other Thecus machines that depending on the firmware version, some disks of the same model worked and some did not.

I put my disks in another machine and updated firmware to CC4H. Fun!

Steps updating seagate disks: - Boot my main Linux machine to windows for Seagate firmware update tool - firmware update tool reboots the machine into a mini linux version - which updates the disk - then reboots the machine (defaulting to main linux) - Repeat for other disks

Shoving the disks back into the Thecus, I got a small disappointment; the disks were still negotiated to 3 GB/s. Oh well.

Rebuilt the RAID array (this time as a RAID-1, I care more about redundancy than write speed and size). And this time I found out the nfs problem (or at least a workaround); when mounting with nfs4, the shares got a weird UID, and Invalid Argument if you try to chown something. However, mounting it using nfs3 makes it work.

Using RAID-1 and nfs(3) gave me 10 MB/s write speed and 2 GB/s read speed. Now that is more like it! (Again, don't care too much about write speed, but 10 MB is a lot better than 1). (EDIT: hmm, that was with a zeroed test file I just created, for normal files it appears to be about 10 MB/s read speed as well).

I have been stresstesting it all day now, and have just started the backups again. No disk I/O errors so far.

So if you get those, before doing anything drastic, check your disk firmware updates.

Happy RAIDing!

I got my Raspberry Pi yesterday!

Installation of the provided Debian image is a breeze (just make sure you have an SD card and a micro-USB cable lying around). And I am happily playing with it right now.

I didn't have a real Plan to use it yet, so in the meantime I'm using it to control my Ultimaker over a network; Due to physical constraints, I have my printer in the same room as my main desktop system, but out of reach for any sane USB cable. I have a laptop sitting right next to it to control it now, and I am thinking of getting an Ulticontroller.

But the laptop is slow, and I want to at least be able to send prints from my main machine to the Ultimaker. Also, should I get rid of the laptop, I have more room to stuff tools and prints. It's getting a bit messy.

So, Use 1 for the Raspberry Pi was born!

Originally I was thinking of writing a fake serial driver, that passed on all data to a fake serial client, running on the Pi, but it turns out that isn't even necessary; we can use the socat tool.

I have not fully fleshed out all details yet, and there are some current problems, but I thought I'd share.

Basic steps:

1. Install socat on client and on raspberry pi
2. Connect Raspberry to network
3. Connect Raspberry to Ultimaker
4. On raspberry, run:

   socat -d tcp-listen:<some port>,fork /dev/ttyACM0,raw,echo=0,b<your Ultimaker firmware baudrate>

5. On client machine, run:

   socat -d PTY,link=~/ttyACM0,raw,echo=1,wait-slave tcp:<IP address of raspberry>:<same port as previous command>

(I used port 12346 for no reason at all)

Go to your controller tool (e.g. PrintRun), and set the port to ~/ttyACM1.

And start printing!

Well, not exactly. While the above works with PrintRun, it does not with Cura.

Cura appears to have a fixed set of possible ports (I can't edit the field), so we'll have to use one of the standard names. This presents us with a problem, since in order to use, for instance /dev/ttyACM0, we'll need to run socat as root. And if we run socat as root, our client (which we will certainly not run as root), can't connect.

A quick workaround is to change ownership of /dev/ttyACM0 once socat is running;

sudo socat -d PTY,link=/dev/ttyACM0,raw,echo=1,wait-slave tcp:192.168.8.24:12346
chown <your username> /dev/ttyACM0

I suspect there may be some option within socat for this, but I have not looked for it yet.

Obviously, this also 'opens' your printer to your entire network. You can also do it without the listening side, though, but you probably want to set up ssh-keys first, so you do not need to enter a password every time. Once you have, you can use something like:

 socat PTY,link=~/ttyACM0,raw,echo=1,wait-slave EXEC:'"ssh \
 pi@<IP address of raspberry> socat - /dev/ttyACM0,nonblock,raw,echo=0,\
 b<your Ultimaker firmware baudrate>"'

There are more issues:

• The socat instances can quit, in which case you need to run them again, so at this point it is not a fire-and-forget kind of initialization.
• I have no idea what will happen if you plug in something that might initialize a serial port itself. I hope socat is nice in registering itself (so the tty will not be assigned to something else), but I have not tried this out.
• You may not want to do this over a flaky WiFi connection.

Anyway, I'm using this to print out a case for my raspberry right now. Let's see how it goes!

So a while ago, I got myself an Ultimaker

And while I do not want to degrade the usefullness by calling it a toy, I would like to say

Best. Toy. Ever.

It uses a printing technique called FFF, which I guess is just another term for FDM, which builds an object by depositing plastic one layer at a time.

It is sold as a kit, and it took me two evenings (and part of a night) to build. Ever since then I have been happily making little things with it.

You do have to realize that it is quite the DIY project; for the Ultimaker kit you do not need to do any soldering, but don't expect perfect prints straightaway; 3d-printing itself has a learning curve, and you'll be tweaking and playing around with your machine to improve it as well.

I'd estimate that I spend about half the time fixing, calibrating, and improving the machine itself, and half the time actually printing other things. I love it, but before you go out and get one for yourself, you do have to realize this.

But that is one of the great things about these 3d-printers; you can print improvements for your printer as well. Or even entire new printers (without the electronics, obviously).

For instance, I've printed

• several forms of belt tensioners
• a tube holder for the hot-end
• a handle to carry the Ultimaker around
• a new fan duct for the hot-end

But also a lot of non-ultimaker things;

• the infamous geared heart
• a nice little decorative dragon
• a dock for my phone
• presents for people :)

The ultimaker is pretty actively worked on, both by Ultimaking inc. itself, and by its community; for instance, recently a lot of work has been put into improving the filament feed mechanism, and currently people are looking at better ways to build the hot-end.

For things to print, Thingiverse is a great resource. I regularly check it to see what to print next.

I've written a very small Python 3 script to initialize Blogofile posts;

It generates a post number, prompts for a title, automatically sets the date, and adds an empty categories field.

It uses the basic simple-blog conventions, but the script should be easy enough to change to your setup.

Not very useful (yet?), but it makes starting a post just that tiny bit easier.

#!/usr/bin/python3

#
# Simple helper tool to create blog entries.
#

import datetime
import os
import re

EDITOR='<editor here>' # I use 'geany -l7'
BLOG_ENTRY_PATH='<(sub)directory of _posts here>'

def find_next_number(path):
    '''Reads the directory, and returns the first available post number'''
    all_post_numbers = []
    all_files = os.listdir(path)
    p = re.compile('^([0-9]+)\s+')
    for filename in all_files:
        match = p.match(filename)
        if match:
            all_post_numbers.append(int(match.group(1)))
    all_post_numbers.sort()
    return all_post_numbers[-1] + 1;

def prompt_for_title():
    return input('Post title: ')

def get_new_date():
    now = datetime.datetime.now()
    return now.strftime('%Y/%m/%d %H:%M:%S')

class Post:
    def __init__(self, path, number, title, date_str):
        self.path = path
        self.number = number
        self.title = title
        self.date_str = date_str

    def get_filename(self):
        filename = '%03d - %s.markdown' % (self.number, self.title)
        return os.path.join(self.path, filename)

    def create_file(self):
        with open(self.get_filename(), 'w') as out_f:
            out_f.write('---\n')
            out_f.write('title: ' + self.title + '\n')
            out_f.write('date: ' + self.date_str + '\n')
            out_f.write('categories: \n')
            out_f.write('---\n')
            out_f.write('\n')

number = find_next_number(BLOG_ENTRY_PATH)
title = prompt_for_title()
date = get_new_date()
post = Post(BLOG_ENTRY_PATH, number, title, date)
print(post.get_filename())
post.create_file()
os.system('%s "%s"&' % (EDITOR, post.get_filename()))