Miscellanous Information

ldap and kerberos

If you can do ldapsearch -x okay but ldapsearch gives a Permission denied in replay cache code error, when running slapd under openldap user but auths okay when ran as root (check klist for ldap/server.example.com ticket)

Then see if the following works from the console. If it does then integrate it into /etc/default/slapd otherwise you may try KRB5RCACHETYPE=none as a further workaround (though having a replay cache is preferred)

env KRB5_KTNAME="FILE:/etc/ldap/ldap.keytab" KRB5RCACHEDIR=/var/local/lib/ldap slapd -u openldap -g openldap -d 255 -h "ldap:/// ldapi:///"

Peercast

Use wget --header="Pragma: stream-offset" for WMV streams to get the stream instead of a playlist.

DVgrab uses

To get an Mpeg stream: dvgrab -format raw | ffmpeg -f dv -i - -target vcd - | vlc -

You can do this in xscreensaver-getimage-video to get frames from the IEEE1394 DV camera on your xscreensaver:

my @programs = (
  "dvgrab --format jpeg --jpeg-overwrite --every 25 $tmpdir/webcam < /dev/null " .
  "> /dev/null 2> /dev/null & C=\$! ; sleep 1; kill \$C; ".
  "mv $tmpdir/webcam.jpg $tmpfile", # IEEE1394 camera

Palm Tungsten E

To install programs on a palm tungsten E

  1. Connect with usb
  2. modprobe usbserial
  3. cd to the directory with the palm apps in it
  4. If not using network: Run hotsync on palm, then: pilot-xfer --port=/dev/ttyUSB1 -i *.prc *.pdb *.pqa
  5. If using network run: pilot-xfer --port=net: -i *.prc *.pdb *.pqa then hotsync on palm.

Microsoft Word 2000

It is possible to search for clipart by artistic style. All that is needed is the style number. Just enter something like the following in the search box.

Bind ports below 1024 without root on GNU/Linux

For Debian install libcap2-bin

If your linux is 2.6.26 or newer, you may no longer need to patch linux as below. just do setcap cap_ipc_lock,cap_sys_nice=+ep /usr/bin/jackd and enjoy realtime scheduling in jack. You can also do this for alsaplayer to enable the realtime option there.

If you want to use wireshark from a non-root account, do setcap cap_net_raw=+ep /usr/bin/dumpcap. Now you can run wireshark from a normal account and choose to capture from the network.

For superuser ports, try setcap cap_net_bind_service=+ep /path/to/program

If linux is older than about 2.6.18…

You'll need to enable capabilities in Linux by editing /usr/src/linux/include/linux/capability.h to make CAP_INIT_EFF_SET equal to CAP_FULL_SET. Like this.

Re-compile and install linux with capabilites and commoncap modules and then modprobe commoncap

Now you can give any program access to ports less than 1024 by executing something like sudo setpcaps cap_net_bind_service+eip `pidof program`. The program itself never has or gets root privieges by this way.

The realtime priority of jackd could be checked with chrt -p `ps -C jackd -o pid=`. chrt can be found in the schedutils package. You now see jackd bear a priority of RT within the top program.

Of course you need to allow users to do this by letting setpcaps run as root to do its work in /etc/sudoers file.

You might co-erce Adobe Flash to try jackplug with FLASH_ALSA_DEVICE=plug:SLAVE=jack set in the environment variables.

Modifying your servers to use setpcaps

It may also be useful to insert a slight delay with sleep(1) in the main() function of some programs so that setpcaps has time to do its work before the background program attempts to bind ports under 1024.

That works in C programs, in python can put something like this near the beginning

import select
select.select([],[],[],1)

Running storebackup without root

storebackup can quite easily oveload the computer CPU or completely fill the memory leading to OOM if run as root as no limits on the process are enforced.

It is rather better to run in the user backup to regulate the process. We do this by allowing the backup user to perform some elevated activities and maybe with some alteration to storebackup code to cope with this change.

For your /etc/security/capability.conf

cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid    backup

Then /etc/pam.d/su modified to put auth required pam_cap.so at the beginning.

Now we allow the programs that storebackup needs to work to use these capabilities when they are launched by the backup user. Note there is not +eip so elevated access should only be usable when pam_cap.so sets the access.

Note this has been found to not work well with fakeroot, so may evaluate how to fix that.

for N in bash cat
do
	setcap cap_dac_override+ei `which $N`
done
for N in perl md5sum bunzip2 bzcat bzip2 chown cp gzip mknod rm
do
	setcap  cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid+ei `which $N`
done

As these priviledges would be dangerous to give to untrusted users, we now test the security of this, you may try some safe operations as the backup user that are not allowed for the other users such as creating and deleting empty files in /tmp as both backup and some other non-root user.

Finally we can edit /etc/cron.daily/storebackup to start storebackup nightly as user backup and maybe nice the process and set limits on RAM consumption. Also saveRAM=yes is also good for the storebackup job files.

if ! > "${tmplog}" 2>&1 su backup -c 'chrt -i 0 ionice -t -c3 /usr/bin/perl /usr/bin/storeBackup -f '"${file}"

Hopefully storebackup now finds it can do the activities it needs to do, and can also be monitored in top as it works protecting the data.


Startup Jabberd2

case "$1" in
'start')
  # mysql needs to be running first
  cd /etc/rc.d/
  su jabber -c "/usr/local/bin/jabberd \\-b"
  ;;
'stop')
  kill -TERM `ps -u jabber | grep perl | cut -d" " -f1-2`
  ;;
'reload')
  kill -HUP `ps -u jabber | grep perl | cut -d" " -f1-2`
  ;;
*)
  echo "usage $0 start|stop|reload"
esac

Change File modes except ..

With this for N in .*; do if [ "$N" != ".." ]; then chown -R --reference=. $N; fi; done

DVB notes

  1. cp ttlcdacc.dll /usr/lib/hotplug/firmware/tda1004x.mc
  2. dvbtune -f 634833 # BBC (may get FE_TIMEDOUT error) so keep trying, possibly by creating some cpu delay by browsing webpages or someting while it polls...
  3. scan -c # e.g. get BBC ONE audio and video pids, (in hex, but dvbstream likes them in decimal.)
  4. Now... enjoy tv....
  5. dvbstream -v 600 -a 601 -ps -o | mplayer -cache 4096 - # or 640, 641 for bbc news 24
  6. Or radio...
  7. dvbstream 6210 -o | ts2es 6210 | madplay - -b 32 -o wave:- | aplay -
There are different versions with different md5 hashes. I found 216 worked best here.
tda1004x.bin versionMD5 Hash
21583e171133c2e0fe3ffdd862e3b498d3f
216490709cef1ccb4a0ac03273c487669f0
217e022aa497e089988ce835c4359107a30

It is possible to sort the tzap output from scan to match the Freeview channel ordering. Then BBC NEWS 24 can be watched using dvb://80

VSftpd and other chrooted programs

It's still possible to provide files from elsewhere in a file system, without using symbolic links as chroot doesn't allow it and some programs don't recognise them for security, or hard links that cannot be done across filesystems.

We can use bind mounts. The fstab is like for other file systems, except you list a source folder instead of a block device. Then, for example, mount /home/ftp/downloads and your files will be accessible also in the new location. Remember to list it in fstab after mounts that provide the origin folder, so that automounting works correctly on system startup.

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>               <dump>  <pass>
/mnt/downloads     /home/ftp/downloads none    rw,bind                 0       0

Muttrc

set folder=~
set mbox=~/mbox
set spoolfile=$MAIL
macro index _ "c $MAIL^m" "New Messages"
macro index - "c ~/mbox^m" "Received Messages"

Olympus C-4000

gphoto2 --manual describes how to switch camera control mode.

When camera control is off, modprobe sd-mod; modprobe usb-storage allows the camera flash to be mounted in the filesystem, often from the device /dev/sda1

When camera control is on, gphoto2 can be used to control the camera more extensively.

gphoto2 --port=usb --capture-image -L
Take a picture, then list pictures in memory.
gphoto2 --port=usb -L
Just list the pictures in memory.
gphoto2 --port=usb --folder=/DCIM/100OLYMP --get-file P1010001.TIF
Download P1010001.TIF

An image from the camera can be used as a template for faking in GIMP. It can then be recombined with a header from the camera's saved tiff's for upload to the camera memory, such that the camera can be used as a portable image viewer.

# image is 9437184 header is 14409
dd if=P1010001.TIF of=P1010002.TIF bs=14409 count=1
dd if=gimp.tif of=P1010002.TIF skip=8 seek=14409 bs=1 count=9437184

Phpbb2 auto lang

To save user from having to add the language types manually from the control panel...

REPLACE INTO phpbb_config VALUES
('auto_lang_ar','arabic'),
('auto_lang_ast','asturian'),
('auto_lang_az','azerbaijani'),
('auto_lang_bg','bulgarian'),
('auto_lang_bs','bosnian'),
('auto_lang_ca','catalan'),
('auto_lang_cs','czech'),
('auto_lang_cy','welsh'),
('auto_lang_da','danish'),
('auto_lang_de','german'),
('auto_lang_el','greek'),
('auto_lang_en','english'),
('auto_lang_eo','esperanto'),
('auto_lang_es','spanish'),
('auto_lang_es-ar','spanish_argentina'),
('auto_lang_et','estonian'),
('auto_lang_eu','basque'),
('auto_lang_fa','farsi'),
('auto_lang_fi','finnish'),
('auto_lang_fr','french'),
('auto_lang_gl','galego'),
('auto_lang_he','hebrew'),
('auto_lang_hr','croatian'),
('auto_lang_hu','hungarian'),
('auto_lang_id','indonesian'),
('auto_lang_is','icelandic'),
('auto_lang_it','italian'),
('auto_lang_ja','japanese'),
('auto_lang_ko','korean'),
('auto_lang_ku','kurdish'),
('auto_lang_lt','lithuanian'),
('auto_lang_mk','macedonian'),
('auto_lang_mn','mongolian'),
('auto_lang_nl','dutch'),
('auto_lang_no','norwegian'),
('auto_lang_pl','polish'),
('auto_lang_pt','portuguese'),
('auto_lang_pt-br','portuguese_brazil'),
('auto_lang_ro','romanian'),
('auto_lang_ru','russian'),
('auto_lang_sk','slovak'),
('auto_lang_sl','slovenian'),
('auto_lang_sq','albanian'),
('auto_lang_sr','serbian'),
('auto_lang_sv','swedish'),
('auto_lang_th','thai'),
('auto_lang_tr','turkish'),
('auto_lang_ug','uighur'),
('auto_lang_uk','ukrainian'),
('auto_lang_zh-cn','chinese_simplified'),
('auto_lang_zh-tw','chinese_traditional_taiwan');

Jackd on Emu10k1

16 channel effects bus....

/usr/bin/jackstart -T -R -P89 -dalsa -Chw:0,2 -r96000 -p1024 -n2 -Phw:0,3 -s -m -o16 -zs -H -M

For 32 or 24 bit output (?) on emu10k1 with jackd (supports 48000, 96000, 192000 as in p16v.c) The "HD Analog" controls in alsamixer can control the volume of these output lines.

/usr/bin/jackstart -T -R -P89 -dalsa -r96000 -p512 -Phw:0,4 -o8 -H

The output ports seem to be as follows:
Portis
1Green Left
2Green Right
3Orange Left
4Orange Right
7Black Left
8Black Right

The black jack apparently has the best audio quality

Jackd for OpenAL (Such as ut2004)

Two files in the home directory allow openal applications like unreal tournament 2004 to be used with jack, and so with ALSA cards that do not really have their own mixer.

cat >> ~/.openalrc << EOF
(define devices '(alsa native))
(define alsa-device "plug:SLAVE=jack")
EOF

cat >> ~/.asoundrc << EOF
pcm.jack {
        type jack
        playback_ports {
                0 alsa_pcm:playback_1
                1 alsa_pcm:playback_2
        }
        capture_ports {
                0 alsa_pcm:capture_1
                1 alsa_pcm:capture_2
        }
}
EOF

Use Jack / ALSA for festival output

(Parameter.set 'Audio_Method 'Audio_Command)
(Parameter.set 'Audio_Required_Format 'riff)
(Parameter.set 'Audio_Command "aplay -q -D plug:SLAVE=jack $FILE")

Goes in /etc/festival.scm

#!/bin/sh
mkfifo ~/.ut2004/System/speech
while true
do
        cat ~/.ut2004/System/speech | while read
        do
                echo -ne "(SayText \""
                echo -n $REPLY | sed 's/\\/\\\\/g
                s/\"/\\"/g'
                echo -e ".\")"
        done
done | festival

This can now be used to provide a speech device instead of the other method involving a speechd for ut2004

Use multimedia keys

Users can use their multimedia keys to cause events or enter special characters. Here I put the characters ☹, ☺, and ☻ on the first 3 keys, when shift is pressed at the same time. Users of Microsoftʼs Windows® may be able to use their Keyboard Layout Creator

It can be set in ~/.Xsession or for gnome users add it to the list of startup programs. Use shift to access your character choices, as your desktop may override the unshifted keys to set off the labelled action.

#!/bin/bash
# 236, 178, 230, 162, 164, 166, 160, 237, 235, 161
# cause an event from /usr/share/X11/XKeysymDB
# or enter UTF-16 NNNN char by writing 0x0100NNNN
# find key scan codes with xev
xmodmap -e 'keycode 236 = XF86Mail 0x01002615'
xmodmap -e 'keycode 178 = XF86HomePage 0x0100263B'
xmodmap -e 'keycode 230 = XF86Favorites 0x01002408'
xmodmap -e 'keycode 162 = XF86AudioPause 0x01002026'
xmodmap -e 'keycode 174 = XF86AudioLowerVolume 0x01002639'
xmodmap -e 'keycode 176 = XF86AudioRaiseVolume 0x0100263A'
xmodmap -e 'keycode 160 = XF86AudioMute 0x01002018'
xmodmap -e 'keycode 237 = XF86AudioRecord 0x01002019'
xmodmap -e 'keycode 235 = XF86MyComputer 0x0100201C'
xmodmap -e 'keycode 161 = XF86Calculator 0x0100201D

If you don’t have multimedia keys, can use AltGr keys for favourite characters:

#xmodmap -e 'keycode  10 = 1 exclam 1 exclam 0x01002620 0x0100263A'
#xmodmap -e 'keycode  11 = 2 quotedbl 2 quotedbl 0x01002620 0x0100263A'
#xmodmap -e 'keycode  12 = 3 sterling 3 sterling 0x01002620 0x0100263A'
#xmodmap -e 'keycode  13 = 4 dollar 4 dollar 0x01002620 0x0100263A'
#xmodmap -e 'keycode  14 = 5 percent 5 percent 0x01002620 0x0100263A'
#xmodmap -e 'keycode  15 = 6 asciicircum 6 asciicircum 0x01002620 0x0100263A'
#xmodmap -e 'keycode  16 = 7 ampersand 7 ampersand 0x01002620 0x0100263A'
#xmodmap -e 'keycode  17 = 8 asterisk 8 asterisk 0x01002620 0x0100263A'
#xmodmap -e 'keycode  18 = 9 parenleft 9 parenleft 0x01002620 0x0100263A'
#xmodmap -e 'keycode  19 = 0 parenright 0 parenright 0x01002620 0x0100263A'

The newer systems may requre xkbcomp used instead. Provide charaters like ®™°␈, →…‘’“”, and ☹ ☺ ™ 😼😊

#setxkbmap -print | xkbcomp - $DISPLAY
2> /dev/null xkbcomp - $DISPLAY << EOF
xkb_keymap {
        xkb_keycodes  { include "evdev+aliases(qwerty)"       };
        xkb_types     { include "complete"      };
        xkb_compat    { include "complete"      };
        xkb_symbols   {
                # looks in /usr/share/X11/xkb/symbols/gb amongst others
		# We can edit that file to make changes permanent, maybe use dpkg-divert first!
                # keys are unshift, shift, right alt, right alt and right alt shifted

                include "pc+gb(dvorak)+inet(evdev)+level3(ralt_switch)"
                key <AE01>  { [         1,     exclam,  U00AE,    trademark ] };
                key <AE02>  { [         2,   quotedbl,  U2192,    degree ] };
                key <AE03>  { [         3,   sterling,  U2026,    U2408 ] };
                key <AE04>  { [         4,     dollar,  EuroSign, U2620 ] };
                key <AE05>  { [         5,    percent,  U2639,    U1F63C ] };
                key <AE06>  { [         6, asciicircum, U263A,    U1F60A ] };
                key <AE07>  { [         7,  ampersand,  U2018,    U2620 ] };
                key <AE08>  { [         8,   asterisk,  U2019,    U2039 ] };
                key <AE09>  { [         9,  parenleft,  U201C,    U2018 ] };
                key <AE10>  { [         0, parenright,  U201D,    U2019 ] };
        };
        xkb_geometry  { include "pc(pc104)"     };
};
EOF

Tkabber plugins

Tkabber for debian does now comes with the plugins in a separate package



# can now do
ln --symbolic /usr/share/tkabber-plugins ~/.tkabber/plugins

NET-SNMP

On an intermediate trap catching server, which receives traps from switches, it is possible to forward the traps to a desktop PC. In /etc/snmp/snmptrapd.conf write something like:

forward default udp6:[2001:db8::]:162

If /etc/hosts.allow and /etc/hosts.deny control access, then disableAuthorization can be set as well.

On the desktop pc, write:

traphandle IF-MIB::linkDown         /etc/snmp/traps down
traphandle IF-MIB::linkUp           /etc/snmp/traps up

# snmptrap -v 1 -c public 192.0.2.1 IF-MIB::linkDown localhost 2 1 ""
# snmptrap -v 1 -c public 192.0.2.1 IF-MIB::linkUp localhost 3 1 ""

traphandle default /etc/snmp/traps

A trap handler can present the link up down messages to the logged in user via GNOME.

#!/bin/sh
read host
read ip

interface="unknown"
while read oid val
do
        case "${oid}" in
        .1.3.6.1.6.3.1.1.4.1.0)
                case "${val}" in
                .1.3.6.1.6.3.1.1.5.3)
                link="down"
                ;;
                .1.3.6.1.6.3.1.1.5.4)
                link="up"
                ;;
                esac
        ;;
        .1.3.6.1.2.1.2.2.1.1.1)
        interface="${val}"
        ;;
        esac
done
dbus=($(ps -C dbus-launch -o user=))
pulse=($(ps -C pulseaudio -o user=))

if test "${link}" = "up"
then
        if test "${#dbus[*]}" -ne 0
        then
		eval "$(<$(eval echo ~"${dbus[0]}")/.dbus/session-bus/$(</var/lib/dbus/machine-id)-0)"
		export DBUS_SESSION_BUS_ADDRESS DBUS_SESSION_BUS_PID DBUS_SESSION_BUS_WINDOWID
                /bin/su --command=$'/usr/bin/notify-send -t 1000 up $\'interface '"${interface}"$'\'' "${dbus[0]}"
        fi
        if test "${#pulse[*]}" -ne 0
        then
		# configure samples in ~/.pulse/default.pa and ~/.pulse/daemon.conf
                /bin/su --command=$'pactl play-sample bark' "${pulse[0]}"
        fi
fi
if test "${link}" = "down"
then
        if test "${#dbus[*]}" -ne 0
        then
		eval "$(<$(eval echo ~"${dbus[0]}")/.dbus/session-bus/$(</var/lib/dbus/machine-id)-0)"
		export DBUS_SESSION_BUS_ADDRESS DBUS_SESSION_BUS_PID DBUS_SESSION_BUS_WINDOWID
                /bin/su --command=$'/usr/bin/notify-send -t 1000 down $\'interface '"${interface}"$'\'' "${dbus[0]}"
        fi
        if test "${#pulse[*]}" -ne 0
        then
                /bin/su --command=$'pactl play-sample sonar' "${pulse[0]}"
        fi
fi

Wipe a MiniDV tape via IEEE1394 interface

Many other guides suggested camcorder recording with the lens cap to erase a minidv on but this can capture environment activity on the tape. It is possible to create artificial video on the computer and send it to the camcorder to overwrite the media. One or more random passes followed by a zero pass is desirable. Some camcorders may not be able to erase the first half second of tape so a small lenscapping may be desirable.

We want dvcont from package libavc1394-tools and test-dv from libiec61883

test-dv was not incuded in the binary package by default, so edited examples/Makefile.am to include test-dv and debian/libiec61883-dev.install to change /usr/bin/plug* to /usr/bin/* followed by dpkg-buildpackage -rfakeroot

Write random data:

avconv -r 25 -s 720x576 -f rawvideo -i /dev/urandom -ar 48k -ac 2 -f s16le -i /dev/urandom -target dv - | test-dv /dev/stdin

For a blanking pass try zeros

avconv -r 25 -s 720x576 -f rawvideo -i /dev/zero -ar 48k -ac 2 -f s16le -i /dev/zero -target dv - | test-dv /dev/stdin

We can use dvcont rewind to rewind the tape to wipe then dvcont record to start recording

Generate chart from quota files

#!/bin/bash

# quotaio_v2.h

F="${1}"
while shift
do
	Q=(`hexdump -ve \"%08x\\\n\" "${F}"`)

	if test "${Q[0]}" != "d9c01f11"
	then
		echo We can read aquota.user files
		exit 1
	fi

	S=$(( ${#Q[*]} / 256 - 1))

	for INDEX in `seq 1 $S`
	do
		for SUBINDEX in `seq 0 20`
		do
			SUBOFF=$(( $INDEX * 256 +  $SUBINDEX * 12 + 4))
			ID=${Q[$(( $SUBOFF + 0))]}
			IL=${Q[$(( $SUBOFF + 6))]}
			IH=${Q[$(( $SUBOFF + 7))]}

			WHO=$(( 0x$ID))
			OCTETS=$(( 0x$IH$IL )) 
			if test $WHO -gt 999
			then
				declare -i USAGE[$WHO]
				USAGE[$WHO]+=$OCTETS
			fi
		done
	done
	F="${1}"
done

eval `getent passwd | sed -s s/^\\\\\([^:]*\\\\\):[^:]*:\\\\\([^:]*\\\\\):.*$/USERS[\\\\2]=\\\\1/g`

echo $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC
    "-//W3C//DTD XHTML 1.1 plus MathML 2.0 plus SVG 1.1//EN"
    "http://www.w3.org/2002/04/xhtml-math-svg/xhtml-math-svg-flat.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" 
xmlns:svg="http://www.w3.org/2000/svg"
><head><title></title></head><body><svg:svg width="'$(( ${#USAGE[@]} * 100 ))$'" height="900">
'

for WHO in "${!USAGE[@]}"
do
	echo "${USERS[$WHO]}" "${USAGE[$WHO]}"
done | sort -k 2 -rn | while read NAME USAGE
do
	if test -z "${MAX}"
	then
		X=20
		MAX=${USAGE}
	fi
	HEIGHT=`echo 800\*l\(${USAGE}\)/l\(${MAX}\)|bc -l|cut -d"." -f1`
	Y=$(( 800 - $HEIGHT ))
	echo "<svg:g>"
	echo "<svg:rect height=\"${HEIGHT}\" width=\"20\" x=\"${X}\" y=\"${Y}\" style=\"fill:#"`printf %02x%02x $(( $HEIGHT / 8)) $(( $Y / 4)) `"00;fill-opacity:1\"/>"
	echo "<svg:text x=\"${X}\" y=\"820\">${NAME}</svg:text>"
	echo "<svg:text x=\"${X}\" y=\"850\" style=\"font-size: 0.4em;\">${USAGE}</svg:text>"
	echo "</svg:g>"
	X=$((X + 100))
done
echo "</svg:svg></body></html>"

The End