zen.org Communal Weblog

I’ve got rkhunter installed on our Debian Etch box after a recent break-in on a home machine (long story, the short version involves silliness on my part changing to make my desktop receive incoming SSH connections—and leaving the patrick dummy account with its silly original password).

Every day I was getting two separate messages: one from rkhunter itself complaining

Warning: This operating system is not fully supported!

and the second from the daily cron job of running it, saying

/etc/cron.daily/rkhunter:
lsmod: QM_MODULES: Function not implemented

To hush the first, I edited the /var/lib/rkhunter/db/os.dat file and added the line

156:Debian 4.0 (i386):/usr/bin/md5sum:/bin:

I just read through the /usr/bin/rkhunter script to come up with the right syntax/values for this.

To make the daily cron mail stop, I edited the /etc/cron.daily/rkhunter script and changed the invocation line to redirect stderr to the log file (adding ‘2>&1‘) as well:

$RKHUNTER --cronjob --report-warnings-only --createlogfile /var/log/rkhunter.log > $OUTFILE 2>&1

Fingers crossed this does the trick.

The version of rsync installed with Tiger Mac OS X 10.4.11 isn’t the best … you can followsome great instructions and build the 3.0.6 version instead, getting a bit of a speed boost-up.

Anything to avoid typing commands you already know, and apply patches for changes someone else already did.

Our LaCie 500GB Mac Mini Hub drive, now a few years old, started a horrid clicking noise recently, and wouldn’t mount. Try as I might, it just kept failing. Crap, we lost everything on it! But a bunch of posts in different places, including the Mac OS X Hints Forum, talked about the power supply causing this sort of problem—and the disk itself is fine.

Elana had the great idea of taking the physical drive out of the LaCie case and putting it in an external drive enclosure. (Cuz I’ve amassed far too much stuff.) And voila, it worked just fine! Now I just need to get a cheap 500GB disk which I can use to mirror the contents of this disk, responding to the harsh reminder of how easy it is to lose vast amounts of data.

Some of which actually matters.

This is what I got to say at Patrick’s primary school today, introducing the President of Ireland before she gave her remarks in front of the kids and staff at the school:

Today is a very special day for the Dalkey School Project. As Chairperson of the Board of Management, it gives me great pleasure to welcome President McAleese to the school. The last time she visited the school was for the 25th birthday celebrations.

However, for many people here, this is their first time experiencing a Presidential visit; we look forward to hearing the President’s address. It is an honor for me to invite the President to speak.

Ladies and gentlemen, boys and girls, the President of Ireland, Mary McAleese.

Earlier this year I got a SheevaPlug, a little box with some Flash memory and an ARM processor running Linux. It’s so friggin’ awesome! (Technical term.) My main motivation for getting it, aside from a cool toy, was its much lower power consumption compared to the Mac Mini.

For a few years now our Mini had been doing most of the maintenance efforts for our home network, including: DHCP; DNS; running the No-IP client so I can SSH in via our dynamic DSL connection with its random addresses; acting as a printer server; and work as a local NTP server (still to do). (My email folders were also on the Mini thru an IMAP server, but I’ve moved that onto my desktop for the moment.)

The SheevaPlug is now doing all of it. In particular, I’m finding name lookups for Web browsing is vastly faster than when the Mini was doing the effort.

This list offers the details of what I’ve done to use the SheevaPlug. I’ll add to it (to mirror my local ChangeLog) as we make any other tweaks or fixes. It’s not a lot of effort and the end result is great.

(Note: I still need to finish fixing the formatting of this for readability.)

Accessing the box
After initial power-on, logged in as root with the default password nosoup4u. Then I changed the root password to something I’m used to typing.
General Usability
1. As noted on “SheevaPlug”, edit /etc/dhcp3/dhclient.conf and comment out the the line
   

   #OFF#supersede domain-name-servers 127.0.0.1;

2. Ran dhclient eth0
3. Make sure APT will work by doing: mkdir -p /var/cache/apt/archives/partial
4. Install ntpdate with apt-get install ntpdate.
5. Edit /etc/rc.local and comment out the line
   

   #date 012618002009

   and add
   

   ntpdate ntp.maths.tcd.ie

6. Edit /etc/hostname and change the name from ‘debian‘ to ‘inara‘.
7. I should note the boot sequence for the SheevaPlug still specifies a different subnet:
   

   Nov 14 13:52:19 inara kernel: Kernel command line: console=ttyS0,115200 mtdparts=nand_mtd:0×400000@0×100000(uImage),0×1fb00000@0×500000(rootfs) rw root=/dev/mtdblock1 rw ip=10.4.50.4:10.4.50.5:10.4.50.5:255.255.255.0:DB88FXX81:eth0:none

8. * /etc/rc.local: Comment out
   #OFF#insmod /boot/fat.ko
   #OFF#insmod /boot/vfat.ko
   and add
   chmod 1777 /tmp /var/tmp
9. Edit /etc/fstab and add the lines
   

   tmpfs /var/log tmpfs defaults 0 0
   tmpfs /tmp tmpfs defaults 0 0

   to make the most frequent activity not actually write anything out to the flash memory. Too many writes to flash can accelerate its demise.

10. Also change the root partition in /etc/fstab to specify noatime to also reduce unnecessary “disk” writes:
    

    rootfs / rootfs rw,noatime 0 0

11. Install wget (to download stuff), sysstat (to see how things are running), and rsync (to download/upload stuff) with : sudo apt-get install wget sysstat rsync
Network Time Support
1. Update the list of packages, then install NTP: sudo apt-get update && sudo apt-get install ntp
2. Edit /etc/ntp.conf and change the server line to be the Trinity College server: server ntp.maths.tcd.ie
3. As suggested on “New Plugger How To”, ran dpkg-reconfigure tzdata
   and selected Europe -> Dublin.
Logging in over the USB serial port
1. Follow the instructions at “Setting Up Serial Console Under Linux”
2. On my desktop (running Ubuntu 9.04), ran
   * On homer:
   sudo /sbin/modprobe -q ftdi-sio product=0×9e8f vendor=0×9e88
   sudo apt-get install cu
   sudo chown uucp /dev/ttyUSB1
   so I can then log into the SheevaPlug over a serial line with
   * sudo cu -s 115200 -l /dev/ttyUSB1
   This is really helpful when you make a typo and the box is no longer getting on your network properly!
Network Connection
1. Edited /etc/network/interfaces and changed it from doing DHCP to a static address:
   

   auto eth0
   #iface eth0 inet dhcp
   # /usr/share/doc/ifupdown/examples for more information.
   iface eth0 inet static
   address 192.168.20.8
   network 192.168.20.0
   netmask 255.255.255.0
   broadcast 192.168.20.255
   gateway 192.168.20.1

DHCP Server
1. Installed the DHCP server with: apt-get install dhcp3-server
2. Copied the /etc/dhcpd.conf file over from the Mini.
DNS Server
1. Install BIND with: apt-get install bind9
2. Edit /etc/bind/named.conf.local and add
   

   options {
   // use this to get faster lookups that we cache:
   forward first;
   forwarders {
   // Eircom:
   // BACKUP plan when DoS attacks hit eircom (2009-09-02)
   159.134.237.6;
   159.134.248.17;
   // as per http://broadbandsupport.eircom.net/ under Broadband Settings:
   // 213.94.190.194;
   // 213.94.190.236;
   // Try going straight to the Netopia box
   // 192.168.20.1;
   };
   allow-query { localhost; 192.168.20.0/24; };
   allow-transfer { localhost; };

   };
   zone “20.168.192.in-addr.arpa” IN {
   type master;
   file “192.168.20″;
   };
   zone “network.home” IN {
   type master;
   notify no;
   file “network.home”;
   };

3. Add files /etc/bind/192.168.20 and /etc/bind/network.home from the Mini.
No-IP Client
1. Get GCC off the CD that comes with the SheevaPlug box in SheevaPlug_Host_SWsupportPackageLinuxHost.zip.
2. Extract gcc.tar.bz2 from it, then extract files from that.
3. Download No-IP.
4. Extract the noip sources; may be in a directory noip-2.1.9-1.
5. Expecting ‘gcc’ and ‘noip-2.1.9-1′ are in the same directory, edit the makefile to have
   

   CC=../gcc/bin/arm-none-linux-gnueabi-gcc -O3

6. Do ‘cd noip-2.1.9-1′ and ‘make’, then copy the binary to /usr/local/bin/noip2.
7. Run “/usr/local/bin/noip2 -C” and answer its questions; you’ll need to have registered on no-ip.com to have a username and password to use with this free client.
8. Create the file /etc/init.d/noip2 using the example at http://www.togaware.com/linux/survivor/No_IP.html.
9. Do “chmod 755 /etc/init.d/noip2″ and then “update-rc.d noip2 defaults” so it’ll run when you boot.

The Akismet plugin for our wordpress blog here on zen.org has stopped—get ready for it—a total of 537,920 spam comments. In two years. That’s half a million.

The peak was in June 2008 when more than 71 thousand attempts were made.

The original IEEE Transactions on Communications paper A Protocol for Packet Network Intercommunication (as a PDF) by Vint Cerf and Bob Kahn describing the seed that made the Internet come to be. Geek mana. I don’t know how long Princeton will keep it up there before I’ll have to delete the link.

Dear Senator Snowe,

My wife and I have a home in Islesboro, and thus are in your constituency.

We are very grateful for your decision to help make a real step forward in the repair of the American health care system. Your efforts are a perfect example of the bi-partisan system needed by the citizens of the Unites States to maintain a functional government. Behind the drama constantly surrounding everything political is a selection of representatives who remember why we come out to vote.

Thank you so much for taking a stand. Our boys, ages 7 and 2, are two examples of the people your choice is going to help.

Sincerely,
Brendan and Elana Kehoe,
Islesboro, Maine

My Sony laptop (VGN-TZ398U aka PCG-4P2) has the horrible habit of forgetting about its wireless device when I put it to sleep/standby. When it wakes back up, I have to go through crazy steps to make it work again. The laptop is running Vista Service Pack 2, though Vista as shipped on the laptop had the same problem.

A while ago I created a batch file which I could right-click an “Run as administrator” to make the device magically work again:

rem Restart the wireless interface, needed on vaio vgn-tz398u after
rem sleeping. Run as admin.
rem
rem cf http://www.wlanbook.com/enable-disable-wireless-card-command-line/ for an alternative using DevCon.
netsh interface set interface "Wireless Network Connection" disabled
netsh interface set interface "Wireless Network Connection" enabled


But this has been a royal pain. Then I found the answer in a post “How do I get a Vista laptop over its wireless quirk“:

In your Device Manager, open up your network card and go to the Power Management tab. Uncheck (what should be) the first option, “Allow the computer to turn this device off to save power.” This will stop the connection from being dropped whenever the computer goes to sleep/standby. Many wireless cards don’t let you do this, but most, if not all, wired NICs can.

My thanks to the user niles on that site who had the final real fix for me. It’s working like a charm!

I’ve got a bunch of photos I’d like to adjust to get rid of the redeye effect. A bit of searching found a few different tutorials on how to accomplish this in GIMP. But the effort is just plain nuts…you’re doing an awful lot of clicks and menus and finding your way down channels and tunnels … you’d never find the rest to do what should be a point-and-click sort of thing. (For those of us not using expensive commercial packages which have that…)

Because of a great howto, I discovered Digikam, a free KDE package which is perfect. You select a picture and click Edit, then select the region around the eyes. Click Enhance->Red Eye to see a popup showing both the original and, next to it, the fixed version. It’s perfect. Click OK, then Save, and you’re done.