Miscellanous Information

AUFS environment for download mirroring

Many of the documents here talk about downloading internet materials, and applying some customisation to use them.

I do the download to /mirror and edits such as hacking source or compiling them go in /union, these changes are captured in /overlay which can be backed up leaving the original mirror to not be backed up, as the original internet path is captured in the system. The probability of losing both /mirror and the resource disappearing off the internet is quite low, but to further hedge against this, get a few internet archives to back up the resource of interest.

For /etc/fstab

/dev/mapper/fs-mirror /mirror ext4 user_xattr,acl,usrquota,grpquota        1       2
/dev/mapper/fs-overlay /overlay ext4 user_xattr,acl,usrquota,grpquota        1       2
none /union  aufs    br=/overlay:/mirror

Now wget can be made to fetch for mirroring, place something in a wgetrc to get paths like /mirror/http/www.example.com/some/example. and this pattern follows for all other protocols including ftp and git.

content_disposition = on
#content_on_error = on

ldap and kerberos

If you can do ldapsearch -x okay but ldapsearch gives a Permission denied in replay cache code error, when running slapd under openldap user but auths okay when ran as root (check klist for ldap/server.example.com ticket)

Then see if the following works from the console. If it does then integrate it into /etc/default/slapd otherwise you may try KRB5RCACHETYPE=none as a further workaround (though having a replay cache is preferred)

env KRB5_KTNAME="FILE:/etc/ldap/ldap.keytab" KRB5RCACHEDIR=/var/local/lib/ldap slapd -u openldap -g openldap -d 255 -h "ldap:/// ldapi:///"


Use wget --header="Pragma: stream-offset" for WMV streams to get the stream instead of a playlist.

DVgrab uses

To get an Mpeg stream: dvgrab -format raw | ffmpeg -f dv -i - -target vcd - | vlc -

You can do this in xscreensaver-getimage-video to get frames from the IEEE1394 DV camera on your xscreensaver:

my @programs = (
  "dvgrab --format jpeg --jpeg-overwrite --every 25 $tmpdir/webcam < /dev/null " .
  "> /dev/null 2> /dev/null & C=\$! ; sleep 1; kill \$C; ".
  "mv $tmpdir/webcam.jpg $tmpfile", # IEEE1394 camera

Palm Tungsten E

To install programs on a palm tungsten E

  1. Connect with usb
  2. modprobe usbserial
  3. cd to the directory with the palm apps in it
  4. If not using network: Run hotsync on palm, then: pilot-xfer --port=/dev/ttyUSB1 -i *.prc *.pdb *.pqa
  5. If using network run: pilot-xfer --port=net: -i *.prc *.pdb *.pqa then hotsync on palm.

Microsoft Word 2000

It is possible to search for clipart by artistic style. All that is needed is the style number. Just enter something like the following in the search box.

Bind ports below 1024 without root on GNU/Linux

For Debian install libcap2-bin

If your linux is 2.6.26 or newer, you may no longer need to patch linux as below. just do setcap cap_ipc_lock,cap_sys_nice=+ep /usr/bin/jackd and enjoy realtime scheduling in jack. You can also do this for alsaplayer to enable the realtime option there.

If you want to use wireshark from a non-root account, do setcap cap_net_raw=+ep /usr/bin/dumpcap. Now you can run wireshark from a normal account and choose to capture from the network.

For superuser ports, try setcap cap_net_bind_service=+ep /path/to/program

If linux is older than about 2.6.18…

You'll need to enable capabilities in Linux by editing /usr/src/linux/include/linux/capability.h to make CAP_INIT_EFF_SET equal to CAP_FULL_SET. Like this.

Re-compile and install linux with capabilites and commoncap modules and then modprobe commoncap

Now you can give any program access to ports less than 1024 by executing something like sudo setpcaps cap_net_bind_service+eip `pidof program`. The program itself never has or gets root privieges by this way.

The realtime priority of jackd could be checked with chrt -p `ps -C jackd -o pid=`. chrt can be found in the schedutils package. You now see jackd bear a priority of RT within the top program.

Of course you need to allow users to do this by letting setpcaps run as root to do its work in /etc/sudoers file.

You might co-erce Adobe Flash to try jackplug with FLASH_ALSA_DEVICE=plug:SLAVE=jack set in the environment variables.

Modifying your servers to use setpcaps

It may also be useful to insert a slight delay with sleep(1) in the main() function of some programs so that setpcaps has time to do its work before the background program attempts to bind ports under 1024.

That works in C programs, in python can put something like this near the beginning

import select

Running storebackup without root

storebackup can quite easily oveload the computer CPU or completely fill the memory leading to OOM if run as root as no limits on the process are enforced.

It is rather better to run in the user backup to regulate the process. We do this by allowing the backup user to perform some elevated activities and maybe with some alteration to storebackup code to cope with this change.

For your /etc/security/capability.conf

cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid    backup

Then /etc/pam.d/su modified to put auth required pam_cap.so at the beginning.

Now we allow the programs that storebackup needs to work to use these capabilities when they are launched by the backup user. Note there is not +eip so elevated access should only be usable when pam_cap.so sets the access.

We avoided setting it on bash as it breaks fakeroot and we could not then build debian packages. This is done in the cronjob that starts storebackup before switching to user backup and then starting storebackup.

for N in perl cp cat tar rm bzip2 mknod chown mkdir md5sum rmdir mount grep pod2text
	setcap  cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid+ei `which $N`

As these priviledges would be dangerous to give to untrusted users, we now test the security of this, you may try some safe operations as the backup user that are not allowed for the other users such as creating and deleting empty files in /tmp as both backup and some other non-root user.

With capability storebackup should not check if permissions let it read file, just go on and read them, because it can. A small modification is needed:

--- /usr/share/storebackup/lib/fileDir.pl	2012-03-04 07:45:54.000000000 +0000
+++ /usr/share/storebackup/lib/fileDir.pl	2015-02-07 00:53:40.000000000 +0000
@@ -772,6 +771,0 @@
-       unless (-r $entry)
-       {
-           $prLog->print('-kind' => $prLogWarn,
-                         '-str' => ["no permissions to read <$entry>"]);
-           next;
-       }

Finally we can edit /etc/cron.daily/storebackup to start storebackup nightly as user backup and maybe nice the process and set limits on RAM consumption. Also saveRAM=yes is also good for the storebackup job files.

if ! > "${tmplog}" 2>&1 su backup -c 'chrt -i 0 ionice -t -c3 /usr/bin/perl /usr/bin/storeBackup -f '"${file}"

Hopefully storebackup now finds it can do the activities it needs to do, and can also be monitored in top as it works protecting the data.

Startup Jabberd2

case "$1" in
  # mysql needs to be running first
  cd /etc/rc.d/
  su jabber -c "/usr/local/bin/jabberd \\-b"
  kill -TERM `ps -u jabber | grep perl | cut -d" " -f1-2`
  kill -HUP `ps -u jabber | grep perl | cut -d" " -f1-2`
  echo "usage $0 start|stop|reload"

Change File modes except ..

With this for N in .*; do if [ "$N" != ".." ]; then chown -R --reference=. $N; fi; done

DVB notes

  1. cp ttlcdacc.dll /usr/lib/hotplug/firmware/tda1004x.mc
  2. dvbtune -f 634833 # BBC (may get FE_TIMEDOUT error) so keep trying, possibly by creating some cpu delay by browsing webpages or someting while it polls...
  3. scan -c # e.g. get BBC ONE audio and video pids, (in hex, but dvbstream likes them in decimal.)
  4. Now... enjoy tv....
  5. dvbstream -v 600 -a 601 -ps -o | mplayer -cache 4096 - # or 640, 641 for bbc news 24
  6. Or radio...
  7. dvbstream 6210 -o | ts2es 6210 | madplay - -b 32 -o wave:- | aplay -
There are different versions with different md5 hashes. I found 216 worked best here.
tda1004x.bin versionMD5 Hash

It is possible to sort the tzap output from scan to match the Freeview channel ordering. Then BBC NEWS 24 can be watched using dvb://80

VSftpd and other chrooted programs

It's still possible to provide files from elsewhere in a file system, without using symbolic links as chroot doesn't allow it and some programs don't recognise them for security, or hard links that cannot be done across filesystems.

We can use bind mounts. The fstab is like for other file systems, except you list a source folder instead of a block device. Then, for example, mount /home/ftp/downloads and your files will be accessible also in the new location. Remember to list it in fstab after mounts that provide the origin folder, so that automounting works correctly on system startup.

# /etc/fstab: static file system information.
# <file system> <mount point>   <type>  <options>               <dump>  <pass>
/mnt/downloads     /home/ftp/downloads none    rw,bind                 0       0


set folder=~
set mbox=~/mbox
set spoolfile=$MAIL
macro index _ "c $MAIL^m" "New Messages"
macro index - "c ~/mbox^m" "Received Messages"

Olympus C-4000

gphoto2 --manual describes how to switch camera control mode.

When camera control is off, modprobe sd-mod; modprobe usb-storage allows the camera flash to be mounted in the filesystem, often from the device /dev/sda1

When camera control is on, gphoto2 can be used to control the camera more extensively.

gphoto2 --port=usb --capture-image -L
Take a picture, then list pictures in memory.
gphoto2 --port=usb -L
Just list the pictures in memory.
gphoto2 --port=usb --folder=/DCIM/100OLYMP --get-file P1010001.TIF
Download P1010001.TIF

An image from the camera can be used as a template for faking in GIMP. It can then be recombined with a header from the camera's saved tiff's for upload to the camera memory, such that the camera can be used as a portable image viewer.

# image is 9437184 header is 14409
dd if=P1010001.TIF of=P1010002.TIF bs=14409 count=1
dd if=gimp.tif of=P1010002.TIF skip=8 seek=14409 bs=1 count=9437184

Phpbb2 auto lang

To save user from having to add the language types manually from the control panel...


Jackd on Emu10k1

16 channel effects bus....

/usr/bin/jackstart -T -R -P89 -dalsa -Chw:0,2 -r96000 -p1024 -n2 -Phw:0,3 -s -m -o16 -zs -H -M

For 32 or 24 bit output (?) on emu10k1 with jackd (supports 48000, 96000, 192000 as in p16v.c) The "HD Analog" controls in alsamixer can control the volume of these output lines.

/usr/bin/jackstart -T -R -P89 -dalsa -r96000 -p512 -Phw:0,4 -o8 -H

The output ports seem to be as follows:
1Green Left
2Green Right
3Orange Left
4Orange Right
7Black Left
8Black Right

The black jack apparently has the best audio quality

Jackd for OpenAL (Such as ut2004)

Two files in the home directory allow openal applications like unreal tournament 2004 to be used with jack, and so with ALSA cards that do not really have their own mixer.

cat >> ~/.openalrc << EOF
(define devices '(alsa native))
(define alsa-device "plug:SLAVE=jack")

cat >> ~/.asoundrc << EOF
pcm.jack {
        type jack
        playback_ports {
                0 alsa_pcm:playback_1
                1 alsa_pcm:playback_2
        capture_ports {
                0 alsa_pcm:capture_1
                1 alsa_pcm:capture_2

Use Jack / ALSA for festival output

(Parameter.set 'Audio_Method 'Audio_Command)
(Parameter.set 'Audio_Required_Format 'riff)
(Parameter.set 'Audio_Command "aplay -q -D plug:SLAVE=jack $FILE")

Goes in /etc/festival.scm

mkfifo ~/.ut2004/System/speech
while true
        cat ~/.ut2004/System/speech | while read
                echo -ne "(SayText \""
                echo -n $REPLY | sed 's/\\/\\\\/g
                echo -e ".\")"
done | festival

This can now be used to provide a speech device instead of the other method involving a speechd for ut2004

Use multimedia keys

Users can use their multimedia keys to cause events or enter special characters. Here I put the characters ☹, ☺, and ☻ on the first 3 keys, when shift is pressed at the same time. Users of Microsoftʼs Windows® may be able to use their Keyboard Layout Creator

It can be set in ~/.Xsession or for gnome users add it to the list of startup programs. Use shift to access your character choices, as your desktop may override the unshifted keys to set off the labelled action.

# 236, 178, 230, 162, 164, 166, 160, 237, 235, 161
# cause an event from /usr/share/X11/XKeysymDB
# or enter UTF-16 NNNN char by writing 0x0100NNNN
# find key scan codes with xev
xmodmap -e 'keycode 236 = XF86Mail 0x01002615'
xmodmap -e 'keycode 178 = XF86HomePage 0x0100263B'
xmodmap -e 'keycode 230 = XF86Favorites 0x01002408'
xmodmap -e 'keycode 162 = XF86AudioPause 0x01002026'
xmodmap -e 'keycode 174 = XF86AudioLowerVolume 0x01002639'
xmodmap -e 'keycode 176 = XF86AudioRaiseVolume 0x0100263A'
xmodmap -e 'keycode 160 = XF86AudioMute 0x01002018'
xmodmap -e 'keycode 237 = XF86AudioRecord 0x01002019'
xmodmap -e 'keycode 235 = XF86MyComputer 0x0100201C'
xmodmap -e 'keycode 161 = XF86Calculator 0x0100201D

If you don’t have multimedia keys, can use AltGr keys for favourite characters:

#xmodmap -e 'keycode  10 = 1 exclam 1 exclam 0x01002620 0x0100263A'
#xmodmap -e 'keycode  11 = 2 quotedbl 2 quotedbl 0x01002620 0x0100263A'
#xmodmap -e 'keycode  12 = 3 sterling 3 sterling 0x01002620 0x0100263A'
#xmodmap -e 'keycode  13 = 4 dollar 4 dollar 0x01002620 0x0100263A'
#xmodmap -e 'keycode  14 = 5 percent 5 percent 0x01002620 0x0100263A'
#xmodmap -e 'keycode  15 = 6 asciicircum 6 asciicircum 0x01002620 0x0100263A'
#xmodmap -e 'keycode  16 = 7 ampersand 7 ampersand 0x01002620 0x0100263A'
#xmodmap -e 'keycode  17 = 8 asterisk 8 asterisk 0x01002620 0x0100263A'
#xmodmap -e 'keycode  18 = 9 parenleft 9 parenleft 0x01002620 0x0100263A'
#xmodmap -e 'keycode  19 = 0 parenright 0 parenright 0x01002620 0x0100263A'

The newer systems may requre xkbcomp used instead. Provide charaters like ®™°␈, →…‘’“”, and ☹ ☺ ™ 😼😊

#setxkbmap -print | xkbcomp - $DISPLAY
2> /dev/null xkbcomp - $DISPLAY << EOF
xkb_keymap {
        xkb_keycodes  { include "evdev+aliases(qwerty)"       };
        xkb_types     { include "complete"      };
        xkb_compat    { include "complete"      };
        xkb_symbols   {
                # looks in /usr/share/X11/xkb/symbols/gb amongst others
		# We can edit that file to make changes permanent, maybe use dpkg-divert first!
                # keys are unshift, shift, right alt, right alt and right alt shifted

                include "pc+gb(dvorak)+inet(evdev)+level3(ralt_switch)"
                key <AE01>  { [         1,     exclam,  U00AE,    trademark ] };
                key <AE02>  { [         2,   quotedbl,  U2192,    degree ] };
                key <AE03>  { [         3,   sterling,  U2026,    U2408 ] };
                key <AE04>  { [         4,     dollar,  EuroSign, U2620 ] };
                key <AE05>  { [         5,    percent,  U2639,    U1F63C ] };
                key <AE06>  { [         6, asciicircum, U263A,    U1F60A ] };
                key <AE07>  { [         7,  ampersand,  U2018,    U2620 ] };
                key <AE08>  { [         8,   asterisk,  U2019,    U2039 ] };
                key <AE09>  { [         9,  parenleft,  U201C,    U2018 ] };
                key <AE10>  { [         0, parenright,  U201D,    U2019 ] };
        xkb_geometry  { include "pc(pc104)"     };

Tkabber plugins

Tkabber for debian does now comes with the plugins in a separate package

# can now do
ln --symbolic /usr/share/tkabber-plugins ~/.tkabber/plugins


On an intermediate trap catching server, which receives traps from switches, it is possible to forward the traps to a desktop PC. In /etc/snmp/snmptrapd.conf write something like:

forward default udp6:[2001:db8::]:162

If /etc/hosts.allow and /etc/hosts.deny control access, then disableAuthorization can be set as well.

On the desktop pc, write:

traphandle IF-MIB::linkDown         /etc/snmp/traps down
traphandle IF-MIB::linkUp           /etc/snmp/traps up

# snmptrap -v 1 -c public IF-MIB::linkDown localhost 2 1 ""
# snmptrap -v 1 -c public IF-MIB::linkUp localhost 3 1 ""

traphandle default /etc/snmp/traps

A trap handler can present the link up down messages to the logged in user via GNOME.

read host
read ip

while read oid val
        case "${oid}" in
                case "${val}" in
dbus=($(ps -C dbus-launch -o user=))
pulse=($(ps -C pulseaudio -o user=))

if test "${link}" = "up"
        if test "${#dbus[*]}" -ne 0
		eval "$(<$(eval echo ~"${dbus[0]}")/.dbus/session-bus/$(</var/lib/dbus/machine-id)-0)"
                /bin/su --command=$'/usr/bin/notify-send -t 1000 up $\'interface '"${interface}"$'\'' "${dbus[0]}"
        if test "${#pulse[*]}" -ne 0
		# configure samples in ~/.pulse/default.pa and ~/.pulse/daemon.conf
                /bin/su --command=$'pactl play-sample bark' "${pulse[0]}"
if test "${link}" = "down"
        if test "${#dbus[*]}" -ne 0
		eval "$(<$(eval echo ~"${dbus[0]}")/.dbus/session-bus/$(</var/lib/dbus/machine-id)-0)"
                /bin/su --command=$'/usr/bin/notify-send -t 1000 down $\'interface '"${interface}"$'\'' "${dbus[0]}"
        if test "${#pulse[*]}" -ne 0
                /bin/su --command=$'pactl play-sample sonar' "${pulse[0]}"

Wipe a MiniDV tape via IEEE1394 interface

Many other guides suggested camcorder recording with the lens cap to erase a minidv on but this can capture environment activity on the tape. It is possible to create artificial video on the computer and send it to the camcorder to overwrite the media. One or more random passes followed by a zero pass is desirable. Some camcorders may not be able to erase the first half second of tape so a small lenscapping may be desirable.

We want dvcont from package libavc1394-tools and test-dv from libiec61883

test-dv was not incuded in the binary package by default, so edited examples/Makefile.am to include test-dv and debian/libiec61883-dev.install to change /usr/bin/plug* to /usr/bin/* followed by dpkg-buildpackage -rfakeroot

git clone git://git.kernel.org/pub/scm/libs/ieee1394/libiec61883.git /mirror/git/git.kernel.org/pub/scm/libs/ieee1394/libiec61883.git
/union/git/git.kernel.org/pub/scm/libs/ieee1394/libiec61883.git/configure --prefix=/union/git/git.kernel.org/pub/scm/libs/ieee1394/libiec61883.bin

Write random data:

dvcont rewind
dvcont record
/union/git/source.ffmpeg.org/ffmpeg.git/ffmpeg -r 25 -s 720x576 -f rawvideo -i /dev/urandom -ar 48k -ac 2 -f s16le -i /dev/urandom -target dv -y /dev/stdout | \
/union/git/git.kernel.org/pub/scm/libs/ieee1394/libiec61883.git/examples/test-dv /dev/stdin

For a blanking pass try zeros

dvcont rewind
dvcont record
/union/git/source.ffmpeg.org/ffmpeg.git/ffmpeg -r 25 -s 720x576 -f rawvideo -i /dev/zero -ar 48k -ac 2 -f s16le -i /dev/zero -target dv -y /dev/stdout | \
/union/git/git.kernel.org/pub/scm/libs/ieee1394/libiec61883.git/examples/test-dv /dev/stdin

Generate chart from quota files


# quotaio_v2.h

while shift
	Q=(`hexdump -ve \"%08x\\\n\" "${F}"`)

	if test "${Q[0]}" != "d9c01f11"
		echo We can read aquota.user files
		exit 1
        if test "${Q[1]}" == "00000000"
        elif test "${Q[1]}" == "00000001"
                echo aquota.user version "${Q[1]}"
                exit 1

	S=$(( ${#Q[*]} / 256 - 1))

	for INDEX in `seq 1 $S`
		for SUBINDEX in `seq 0 20`
			SUBOFF=$(( $INDEX * 256 + $SUBINDEX * $r + 4))
			ID=${Q[$(( $SUBOFF + 0))]}
			IL=${Q[$(( $SUBOFF + $ilx))]}
			IH=${Q[$(( $SUBOFF + $ihx))]}

			WHO=$(( 0x$ID))
			OCTETS=$(( 0x$IH$IL )) 
			if test $WHO -gt 999
				declare -i USAGE[$WHO]

eval `getent passwd | sed -s s/^\\\\\([^:]*\\\\\):[^:]*:\\\\\([^:]*\\\\\):.*$/USERS[\\\\2]=\\\\1/g`

echo $'<?xml version="1.0" encoding="UTF-8"?>
    "-//W3C//DTD XHTML 1.1 plus MathML 2.0 plus SVG 1.1//EN"
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" 
><head><title></title></head><body><svg:svg width="'$(( ${#USAGE[@]} * 100 ))$'" height="900">

for WHO in "${!USAGE[@]}"
	echo "${USERS[$WHO]}" "${USAGE[$WHO]}"
done | sort -k 2 -rn | while read NAME USAGE
	if test -z "${MAX}"
	HEIGHT=`echo 800\*l\(${USAGE}\)/l\(${MAX}\)|bc -l|cut -d"." -f1`
	Y=$(( 800 - $HEIGHT ))
	echo "<svg:g>"
	echo "<svg:rect height=\"${HEIGHT}\" width=\"20\" x=\"${X}\" y=\"${Y}\" style=\"fill:#"`printf %02x%02x $(( $HEIGHT / 8)) $(( $Y / 4)) `"00;fill-opacity:1\"/>"
	echo "<svg:text x=\"${X}\" y=\"820\">${NAME}</svg:text>"
	echo "<svg:text x=\"${X}\" y=\"850\" style=\"font-size: 0.4em;\">${USAGE}</svg:text>"
	echo "</svg:g>"
	X=$((X + 100))
echo "</svg:svg></body></html>"

iommu unbind for kvm

Might put something like this in /etc/default/libvirtd. The iommu_group is used because all these devices might share the 1 interrupt and system complains (risk of instability) if they are split up. Then we can tell virt-manager to claim the pci devices for a guest, I left the topmost device, a pci bridge out.

This is tried on ASUS P9D with Intel i7-4790K CPU. In this case I have to assign both pci slots and the onboard IEEE1394 controller

for N in /sys/kernel/iommu_groups/9/devices/*
        P=`echo ${N} | cut -c36-`
        if L=`readlink -f /sys/bus/pci/devices/${P}/driver`
                if test "${L}" != "/sys/bus/pci/drivers/pci-stub"
                        if test `echo ${L} | cut -c1-21` == "/sys/bus/pci/drivers/"
                                echo ${P} > "/sys/bus/pci/devices/${P}/driver/unbind"

                        VEN=`</sys/bus/pci/devices/${P}/vendor cut -c3-`
                        DEV=`</sys/bus/pci/devices/${P}/device cut -c3-`
                        echo "${VEN} ${DEV}" > /sys/bus/pci/drivers/pci-stub/new_id
                        #echo $BASE > /sys/bus/pci/drivers/pci-stub/bind

google earth nonadmin install

it is very desirable to install as a non-admin to %LOCALAPPDATA%\Programs\Google as this allows the program to patch without requesting the Administrator password, especially on a single user system. Unfortuately by default the installer will demand the administrator password and not install without it, so try to find a workaround.

Normally earth download is execpted to work.

Had downloaded latest=v7.1.5.1557.1557 from direct links. Google may have fixed by the time this is read.

The installer writes the msi file as a GE*.tmp file to %temp%, we quickly snatch it before it is deleted. e.g. rename %temp%\GE*.tmp GE.msi

Now invoke msiexec with this msi file to force a peruser install:

msiexec /log test.txt /i GE.msi ALLUSERS=2 MSIINSTALLPERUSER=1

The End