Killer Encryption Apps

Video of my talk last month at GSLUG

Photos from the Install Fest

Some photos from the Install Fest 2009. It really was fun and we had a number of library patrons drop in to chat and get free software! We also installed Linux on half-a-dozen different systems which were given away at the end of the event.

New projects and toys

Learning some fun new stuff this week.
* Linux KVM - onboard virtualization, snazzy and fast once you work through the kinks. For instance, bridging to the VLAN is not the default networking setup, so you have to craft your own network interface (br0) and then hack the XML file defining the VM to attach to it.
* Keepalived - a replacement for LVS and Heartbeat to provide redundant load-balancers.

Plus a nice Christmas gifts: 20" LCD monitor and the ever gratifying Costco-sized Peppered beef jerky .

svnspam released @ Google Code

I have uploaded source code for svnspam to Google code for it's first v0.1 release. It's still a bit rough around the edges but a wonderful way to track, visualize and audit code changes in a Subversion repository.

Thanks to BitPusher for sponsoring this work. Feel free to get involved or join the project if you are so inclined.

Convert Tivo shows to iPod & iTunes using open source

I've been working on this lately and finally have most of the wrinkles ironed out. It would be nice to have it windowless but that is still required for the first and last steps. Here is how I do it.

1. Install Tivo Desktop and transfer shows to local computer. Move the file(s) from "My Tivo Recordings" into V:\video\fromtivo

2. On franco (my FreeBSD file server) run tivodecode -m 1234567890 -o outfile.mpg "Some Title.tivo"
This produces the MPEG video. Note that the aspect looks funky in totem a.k.a. Movie Player but it gets fixed in next step.

3. On monk (my Ubuntu laptop), run winff
. Add the .mpg file created in step 2. Specify output for iPod and Xvid 4:3. Click options and specify 320x240 in the size. Specify /share2/video/4itunes as the output folder.

4. Back in iTunes, import the resulting outfile.mp4 file and copy to iPod.

To make things like this easier I run a file server (franco) with NFS and Samba. Video files are shared across the network from the /share2/video mount point on Linux which is same as V:\ drive mapping on the windows desktops.

Thinking through how this could be windowsless: run galleon for transferring the .tivo files down and run iTunes from wine.

pfSense and CARP on vmware-server

Before I forget, I wanted to document the necessary details for getting CARP to work on pfSense running under vmware-server 1.0.7. IT IS BROKEN by default, because the vmnet driver does not recognize the (emulated) MAC address used by CARP (and VRRP): 00-00-5E-00-01-XX

The symptom is that the carp0 interface appears but cannot be communicate, and failover does not happen. Reason being, the vmnet driver is silently dropping the packets on the floor!

To get it working requires a patch (on the host) to vmnet-only/driver.c and recompile.

Here is the patch for vmware-server-1.0.7 for Linux. Save it into /tmp/driver.c.patch

--- vmnet-only/driver.c.orig 2008-10-08 15:37:23.000000000 -0500
+++ vmnet-only/driver.c 2008-10-08 15:44:50.000000000 -0500
@@ -1284,6 +1284,9 @@
 
    return ((flags & IFF_PROMISC) || MAC_EQ(destAddr, ifAddr) || 
     ((flags & IFF_BROADCAST) && MAC_EQ(destAddr, broadcast)) || 
+  ((destAddr[0] == 0) && (destAddr[1] == 0) &&
+   (destAddr[2] == 0x5e) && (destAddr[3] == 0) &&
+   (destAddr[4] == 1)) ||
     ((destAddr[0] & 0x1) && (flags & IFF_ALLMULTI || 
       (flags & IFF_MULTICAST && 
        VNetMulticastFilter(destAddr, ladrf)))));

The file is a little hard to find, being hidden in a vmnet.tar below /usr/lib/vmware/modules/source/ ...

cd /usr/lib/vmware/modules/source
tar xvf vmnet.tar
patch < /tmp/driver.c.patch
tar cvf vmnet.tar vmnet-only
vmware-config.pl

Then, choose the option to recompile the kernel drivers, specifically vmnet.

The one other addl. need (I'm not 100% sure on this) is that it may be necessary to allow promiscous on the ethernet device, in the .vmx file...

ethernet0.nopromisc = "false"

References...

• VRRP & CARP with VMware Server
  
• CARP problem with VMWare Server
  

Use debmirror to mirror a repository

debmirror is a easy way to create a mirror of a subset of an Ubuntu or Debian (.deb) repository accessible via apt. This can help speed up local network operations and provide a point-in-time snapshot for patching against.

$ debmirror --progress --verbose --nosource --method=ftp \
--passive --host=ftp.osuosl.org --root=pub/ubuntu --dist=hardy \
--section=main,restricted,universe,multiverse --arch=amd64 \
/home/ftp/mirror/ftp.osuosl.org/ubuntu
...
gpgv: Can't check signature: public key not found

What is this error about public key? It turns out you need the Ubuntu PGP signing keys in your (trust) keyring to get this working.

$ gpg --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg \
 --export | gpg --no-default-keyring --keyring trustedkeys.gpg --import
...
gpg: key 437D05B5: public key "Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>" imported
gpg: key FBB75451: public key "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>" imported
gpg: Total number processed: 2
gpg:               imported: 2
gpg: no ultimately trusted keys found

Now it works. Hints from this post much appreciated.

DNS on Linux presentation

Here is my DNS on Linux presentation I gave just over a year ago at LinuxFest Northwest.
How nice that I can embed it in my blog, thanks to Slideshare.

| View | Upload your own

Gutsy upgrade takes guts

Ubuntu's Gutsy Gibbon was released the other day so I decided to give it a spin on my IBM Thinkpad T30 laptop, which had been happily running Feisty for quite some time.

So brought up Synaptic and chose the upgrade option and the process began.

First it had to download gobs and gobs of new packages to install. Wait time - about 2 hours on my broadband connection. Granted their servers are a bit swamped with the new release.

After that the packages were installed (upgraded). There were problems though, cupsys was not cooperating. I ended up with a scary error message about packages not installing or something to that effect. Hesitantly I rebooted and crossed my fingers... what other choice was there?

The system did come back up, sort of. Let's just say some things were broken.

Now, for while I've run JFS for performance reasons. The cupsys package was not upgrading and investigation revealed a file in /var/log/cups had problems because it was not showing the usual permissions and ownership info. Instead it had ? for those bits.

Long story short there was filesystem corruption, and it two took runs of fsck.jfs -v -f after booting each time into 'diagnostic' mode and remounting / as read-only (mount -o remount,ro /dev/sda3)

The second problem was equally insiduous. Upon booting, where it fires up X... I get an error message stating your session was less than ten seconds, and Gtk was not happy... something about mkdtempdir: permission denied. After scratching my head for a bit I looked up the error on google and saw a post about someone losing their sticky-bit permissions on /tmp. That was it, chmod 1777 /tmp and restarting did take care of it.

So, anyone pushing gutsy is forewarned, this (and perhaps linux) is obviously still not fit for the masses.

DNS talk at LinuxFest

I'll be presenting my "Applied DNS" talk at LinuxFest Northwest, which takes place in Bellingham, WA on April 30th.