peterh - Linux - Blog

Archives

Show All

2023
- September
  - Keyboard input remapping for Linux/Wayland
    09/25/23
    I have an usb keyboard with missing keys (|,< and >).
    
    For X remapping was done by xmodmap
    
    | is remapped to right AltGr + Y
    < is remapped to right AltGr + ;
    > is remapped to right AltGr + :
    
    .Xmodmap
    keycode 52 = y Y y Y bar U203A guillemotr
2022
- March
  - packet capture with ssh and tcpdump on a remote host and display with wireshark
    03/31/22
    #> mkfifo /tmp/shark
    #> ssh USER@HOST 'sudo -S /usr/sbin/tcpdump -i eth0 -w - -p -n -s 0' > /tmp/shark
    In an other session
    #> sudo wireshark -k -i /tmp/shark
    Then go back to first session and enter the ssh password.
    
    Or in one line
    #> ssh U
2020
- June
  - systemd-networkd - Play AP on plugin of your USB WIFI Stick
    06/18/20
    check wifi device name
    ~# ip addr | grep -A 5 wlan10: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    
    IP configuration of your Wifi Stick for systemd-networkd
    
    /etc/systemd/network/hostapd.network
    [Match]
    Name=wlan0
    
    [Network]
    Addre
  - forward http requests to an other host
    06/02/20
    iptables -t nat -A PREROUTING -p tcp -d THISIP --dport 80 -j DNAT --to-destination OTHERIP:80
    iptables -t nat -A POSTROUTING -p tcp -d OTHERIP --dport 80 -j MASQUERADE
    iptables -I FORWARD -p tcp -d OTHERIP --dport 80 -j ACCEPT
2019
- November
  - Multiple em28xx USB devices not automatically detected by the module
    11/18/19
    I got multiple USB devices working with em28xx module.
    
    Usually a module option gives the em28xx module the order of the devices if not automatically detected
    (ex. options em28xx card=80,92,9,9).
    
    But the order at boot is every time different (order for module option not usb
2018
- October
  - portforward only key based chroot ssh access without a shell for the user under 64 Bit
    10/03/18
    /etc/ssh/sshd_config:...
    Match user USER
    PasswordAuthentication no
    AllowTcpForwarding yes
    X11Forwarding no
    PermitTunnel no
    GatewayPorts no
    AllowAgentForwarding no
    ChrootDirectory /home/USER
    But if the client needs a login shell this failed.<
2017
- September
  - ssh otp
    09/29/17
    Install oathtool.
    sudo apt-get install oathtool libpam-oath
    Generate a secret.
    export HEX_SECRET=$(head -10 /dev/urandom | md5sum | cut -b 1-30)
    Generate the TOTP details, 6 digits long.
    oathtool --verbose --totp $HEX_SECRET
    Enter the base32 secret in Android FreeOTP.
2016
- November
  - convert to mp4
    11/15/16
    ffmpeg -i input.mp4 -pix_fmt yuv420p -vcodec libx264 -acodec aac output.mp4
2014
- May
  - mtp mount Galaxy S3 with jmtpfs or simple-mtpfs
    05/19/14
    kio-mtp and mtp-detect stopped working :-(
    
    But jmtpfs seams to work - i decided to mount on usb plug in with an udev rule
    #> apt-get install jmtpfs
    #> mkdir -p /media/mtp/etc/udev/rules.d/99-jmtpfs.rules
    ACTION=="add", ENV{ID_MTP_DEVICE}=="1", RUN=
- April
  - sound conversion
    04/01/14
    decode to wav
    avconv -i input.m4a output.wav
    for f in *.m4a; do avconv -i "$f" "${f/%m4a/wav}"; done
    faad -o output.wav input.aac
    sox -t raw -r 8000 -A -b 8 -c 1 file.alaw file.wav
    sox -t raw -r 8000 -U -b 8 -c 1 file.mulaw test.wav
    decode from wav
2013
- June
  - android tvheadend compile
    06/27/13
    build standalone toolchain from Android NDK.
    
    cd WORKINGDIR
    wget http://dl.google.com/android/ndk/androi
    tar -xjv android-ndk-r8e-linux-x86_64.tar.bz2
    run this script ( make-standalone-toolchain.sh )
    #!/bin/bash
    
    export ANDROID_NDK=android-ndk-r8e
    export
  - android rk3066 kernel dvb module compile ( my dvbt stick is a af9015 )
    06/26/13
    Pull rk3066 kernel source from omegamoon
    git clone git://github.com/omegamoon/rockchip-rk30xx-mk808
    With the toolchain (4.6) from omegamoon on dvbt usb stick plugin i got with dmesg
    af9015: command failed:166
    af9015: command failed:1
    af9015: command failed:39
    af9015: co
  - flash minix neo x5 only with adb
    06/05/13
    minix> click right bottom (clock), click settings, click settings on bottom
    and choose com.rockchip.settings.
    minix> enable Usb debugging
    minix> select device and change usb connection (PC) to MTP.
    minix> connect minix with USB Cable to PC.
    
    ubuntu>
- March
  - Enable USB host API support
    03/19/13
    I wondered why
    mUsbManager = (UsbManager) getSystemService(Context.USB_SERVICE);
    mUsbManager.getDeviceList(); was empty on an 7" cmx rapax LE 070-0508 tablet.
    
    Also USB Device Info showed an empty Android page, but not an empty Linux page.
    
    The solution was a comb
- February
  - extract an android apk package file and decompile it
    02/18/13
    Download APK-Multi-Tool-Linux
    
    Extract AndroidManifest.xml, assets, res Folder and smali (disassembly from Java virtual machine) from an apk
    $ cd APK-Multi-Tool-Linux
    $ java -jar other/apktool.jar d pace-apk-here-for-modding/ANDROID.apk out
    Extract jar from apk with dex2jar
  - extract .img files from samsung images
    02/18/13
    Download Android-Kitchen
    
    Download an image and extract it to ~/image.
    
    compile sim2img
    $ cd Android-Kitchen
    $ scripts/compile_simg2imgextract ext4 image
    $ tools/samsung_files/simg2img_files/simg2img ~/image/cache.img ext4_cache.imgloopmount ext4 image
    $ mkdir
  - Download apk from playstore with a google chrome extension
    02/13/13
    apk-downloader is a google chrome extension to easily download apk files from google play store.
    
    start chrome with
    #> chromium-browser --ignore-certificate-errors --allow-running-insecure-content
  - Galaxy S3 flash with VD2 taken cache.img and hidden.img from ATO
    02/13/13
    According to samsung udate the Galaxy S3 firmware with the highest Changelist at the moment is csc (salescode) VD2 919627 build date 01.02.2013 (Germany Vodafone branded) and my csc image is ATO (Austria unbranded) 566833 build date 10.12.2012 (got this by OTA).
    
    To have the newest firmwar
  - ssh to android /system/bin/pm SEGV
    02/11/13
    pm segfaults if LD_LIBRARY_PATH is missing like on login with ssh
    $ su -c "/system/bin/pm"
    [1] Segmentation fault pm
    $ su -c "LD_LIBRARY_PATH=/vendor/lib:/system/lib pm"
    
    if pm is not found like this$ /system/bin/pm list packages
    sh: /system/b
- January
  - set permissions to open a file in our private home directory by an external app
    01/16/13
    try
    {
    openFileOutput(pdfFile.getName(), MODE_WORLD_READABLE | MODE_WORLD_WRITEABLE).close();
    }
    catch (Exception logOrIgnore) { }
  - LogCat: ClipboardServiceEx Had failed to obtaining clipboardEx service.
    01/16/13
    Something went wrong with the clipboard of my Galaxy S3.
    
    The solution was http://forum.xda-developers.com/showthr
    su
    mv /data/clipboard /data/oldclipboard
    mkdir /data/clipboard
    chmod 775 /data/clipboard
    chown system.system /data/clipboard
    reboot
  - Ubuntu 12.10 upgrade / install eclipse and ADT
    01/16/13
    After upgrade from 12.04 to 12.10 eclips wont work anymore :-(
    
    Only deleting ~/.eclipse and ¨/workspace and reinstalling ADT did not work i got:
    An error occurred while collecting items to be installed
    session context was:(profile=epp.package.jee,
    phase=org.eclips
2012
- November
  - hostap with a wifi usb stick on demand
    11/09/12
    After plug in of a wifi usb stick linux act's as a hostap.
    
    apt-get install isc-dhcp-server hostapd
    
    changes in /etc/hostapd/hostapd.confinterface=wlan0
    driver=nl80211
    ssid=MYSSID
    country_code=AT
    ieee80211d=1
    hw_mode=g
    channel=11
    beacon_int
- October
  - transcode a mjpeg ip cam on demand with a cgi script using ffmpeg
    10/09/12
    To minimize bandwidth for video streaming i have to transcode mjpeg to h264.
    To do this on demand ffserver is no option for me.
    Therefore a small cgi script on the webserver with ffmpeg did the trick:
    
    #!/bin/bash
    
    echo -e "Content-type: video/avi\n"
  - port forward with iptables
    10/04/12
    iptables -I FORWARD -i INTERFACE -p tcp --dport PORT -j ACCEPT
    iptables -A PREROUTING -t nat -i INTERFACE -p tcp --dport PORT -j DNAT --to-destination LOCAL_IP
- August
  - apt-get behind a server port redirected with ssh to a proxy
    08/28/12
    There is an apt proxy (Apt-Cacher NG), a workstation, a server and a server behind that server.
    workstation> ssh -R3142:proxy:3142 server
    
    server> ssh -R3142:127.0.0.1:3142 server_behind
    
    server_behind> cat /etc/apt/apt.conf.d/01proxy
    Acquire::http { Proxy &quo
  - Ubuntu Wake on Lan WOL
    08/27/12
    If ethtool ethX doesn't contain Wake-on: g then add pre-down /sbin/ethtool -s ethX wol g to /etc/network/interfaces
    
    Add NETDOWN=no to /etc/default/halt
    
    Test with /sbin/shutdown -P now and wakeonlan [-i BROADCASTADDR] MAC (apt-get install wakeonlan)
  - Find duplicate filenames
    08/26/12
    find -type f -printf "%f\n" | sort | uniq -d
- January
  - hdd performance tests
    01/30/12
    #> hdparm -tT /dev/sda
    Timing buffered disk reads: 398 MB in 3.00 seconds = 132.45 MB/sec
    
    write:
    
    #> dd if=/dev/zero of=./tempfile bs=1M count=1024 conv=fdatasync,notrunc
    1073741824 Bytes (1,1 GB) kopiert, 12,8038 s, 83,9 MB/s
    
    read:
    
    #>
2011
- September
  - sftp and port forward only login
    09/16/11
    I need a ssh login for restricted portforward but without a shell for the user.
    
    This got realized with /etc/ssh/sshd_config:...
    Subsystem sftp internal-sftp
    
    Match user USER
    PasswordAuthentication yes
    AllowAgentForwarding no
    X11Forwarding no
    Forc
  - change xorg screen dimension on login with xrandr
    09/07/11
    * create modline setting with cvt for desired resolution
    
    * add new modline with xrandr --newmode
    
    * add mode to output with xrandr --addmode
    
    * set output and dimension with xrandr --output and --mode
    
    The needed steps are done in
    
    /etc/X11/Xsession
  - usb modem dialin
    09/07/11
    Server
    
    needed packages: mgetty, pppd
    
    start and stop mgetty on plugin of usbmodem (0572:1329 Conexant Systems (Rockwell), Inc.)
    
    /etc/init/mgetty.conf# mgetty - dialin daemon
    
    description "mgetty daemon"
    
    start on tty-device-added KERN
- July
  - route icmp to a different gateway
    07/28/11
    echo 100 icmp_route >> /etc/iproute2/rt_tables
    ip rule add fwmark 1 table icmp_route
    ip route add default via IP_OF_NOT_DEFAULT_GATEWAY dev eth0 table icmp_route
    
    iptables -t mangle -A OUTPUT -d IP_TO_PING -p icmp -j MARK --set-mark 1
- March
  - USB: uss720 fixup refcount position
    03/28/11
    My testprog do a lot of bitbang - after hours i got following warning and my machine lockups:
    
    WARNING: at /build/buildd/linux-2.6.38/lib/kref.c:34
    
    After debugging uss720 driver i discovered that the completion callback was called before usb_submit_urb returns.
    The callback
  - fast reboot with kexec
    03/04/11
    sudo apt-get install kexec-tools
    
    change LOAD_KEXEC to true in /etc/default/kexec
- January
  - record a video with ffmpeg from a webcam with audio
    01/31/11
    First activate and rise webcam audio input level with alsamixer.
    
    ffmpeg -f video4linux2 -i /dev/video0 -pix_fmt yuv420p -s vga -r 8 -f alsa -ac 1 -ar 16000 -i hw:1,0 -vcodec mpeg4 -b 400k -acodec libmp3lame -ab 80k video.avi
  - key remap on keyboard for console and X
    01/13/11
    I got a funny viennese dialect keyboard, but after start using it i missed a key '<,>,|' :-(
    
    So i searched for a way to remap 'AltGr + y' to '|', 'AltGr + ,' to '<' and 'AltGr + .' to '>'
    
    Console<
2010
- April
  - Audio only capture from a video/audio usb capture stick
    04/27/10
    #> apt-get install xawtv
    
    I assume the usb stick become /dev/video0 and audio became card 1 (card 0 is an onboard audio device)
    
    #> v4lctl -c /dev/video0 setattr input Composite1
    #> v4lctl -c /dev/video0 setattr mute off
    #> amixer -c 1 sset Line,0 50%,50% un
- February
  - initramfs script's to backup system's (also raid1) and restore from a usb stick
    02/04/10
    These are scripts to backup system's and build an image for an usb stick or kvm for testing:
    
    rescue.tar.gz
    
    The only thing to configure is the backup-script:
    
    All your partition's must have an UUID.
    
    With "uuidgen | xargs mkswap /dev/sda1 -U&qu
2009
- November
  - php script for sispmctl (power supply switching)
    11/24/09
    #> apt-get install sispmctl
    
    Switch Socket on with sispmctl -o 1, off with sispmctl -f 1 and get status with sispmctl -m all
    
    To have premission for a webserver to execute the command:
    
    /etc/udev/rules.d/90-local.rules:ACTION=="add", SUBSYSTEM=="usb&qu
  - bluetooth network with bluez4 and udev
    11/21/09
    Many things changed for bluez4. Now everything is made through dbus commands.
    
    apt-get install bluetooth bluez (on server and client)
    
    First check for bdaddr on server and client:
    
    Server:> hcitool dev
    Devices:
    hci0 00:01:1A:63:49:33
    
    C
  - dnstunnel with iodine and bind9
    11/10/09
    Iodine server with public IP:
    
    #> apt-get install iodine
    
    For "good" connection i used a mtu of 256 through my provider DNS.
    On local network no mtu change was necessary.
    
    /etc/default/iodineSTART_IODINED="true"
    IODINED_ARGS="-m 256
- September
  - Automount and autounmount of usb sticks / discs
    09/30/09
    Each partition of plugged in usb stick's should be accessible with automount.
    
    My mountpoints will be /media/usb/part0, /media/usb/part1, ...
    
    Example:
    
    The fist plugged stick has two partitions. The second only one.
    
    /media/usb/part0 ... first stick par
- August
  - chrooted sftp only
    08/05/09
    useradd -s /bin/false -m SFTPUSER
    mkdir /home/SFTPUSER/.ssh
    ssh-keygen -t rsa -b 2048 -N '' -f /home/SFTPUSER/.ssh/id_rsa
    chown -R SFTPUSER:SFTPUSER /home/SFTPUSER/.ssh
    chmod 600 /home/SFTPUSER/.ssh/id_rsa
    
    /etc/ssh/sshd_config:
    Subsystem sftp in
- July
  - ssd optimizations
    07/18/09
    * do partition alignment
    
    Check if aligned at http://www.techpowerup.com/articles/other/157
    
    Theodore Ts'o's blog post is somewhat misleading, as even that manufacturer's MLC SSDs have an erase block size of 512KiB (PDF), like OCZ's drives - not 128KiB. You�
  - secure rsync to only one directory
    07/02/09
    I want to rsync to a remote host to a given directory.
    
    local-host:
    ssh-keygen -t rsa keyfilename: ~/.ssh/rsync
    ssh-copy-id -i .ssh/rsync rsyncuser@remote-host
    
    rsync files with ssh:
    rsync -vaHxr --delete \
    -e "ssh -i ~/.ssh/rsync -c arcfour -o Comp
- May
  - ffmpeg http Transfer-Encoding: chunked
    05/22/09
    Today i a made a patch for ffmpeg to be able to fetch a png file from a cgi script
    
    ffmpeg -f image2 -vcodec png -i 'http://server/cgi-bin/graph.cgi'
    
    This didn't work because ffmpeg/libavformat/http could't handle "Transfer-Encoding: chunked"
    <
  - How to recompile / rebuild a debian package
    05/20/09
    $ sudo apt-get install build-essential fakeroot dpkg-dev
    $ mkdir build
    $ cd build
    $ sudo apt-get source foo
    $ sudo apt-get build-dep foo
    $ cd foo
    $ dpkg-buildpackage -rfakeroot -b -us -uc -nc
    
    -nc does not clean, usefull if you change something and rebuild
- April
  - run webalizer over existing (also compressed) logs
    04/29/09
    webalizer.conf:
    LogFile /var/log/apache2/access.log.1
    OutputDir /var/www/webalizer
    Incremental yesTo have the right sorting order (oldest logs first) i use ls -tr.for i in $(ls -tr access.log*); do \
    webalizer -c /etc/webalizer/webalizer.conf $i; \
    done
  - ip crossover: send packets on eth0 out and receive them via eth1
    04/15/09
    For testing my intellon driver on one pc i need to send packets on eth0 (intellon usb) out and receive them via eth1 (intellon ethernet).
    
    The only solution i found was a not anymore supported module for netfilter from Rusty Russell.
    
    I tried to fix the compiler errors/warnings a
  - Intellon int51x1 PLC usb net driver for devolo dlan duo
    04/15/09
    Here is how i made the patch for inclusion:
    
    git config --global user.name "Peter Holik"
    git config --global user.email "peter AT holik.at"
    
    check kernel out with git
    
    git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.gi
- March
  - Show installed packages sorted by disc usage
    03/03/09
    dpkg-query --show --showformat='${Installed-Size}\t${Package}\t${Status}\n' | grep -v deinstall | sort -nr | less
    
    adapted from Martins Blog
    
    Clear dpkg status file
    
    dpkg-Status sorted:
    grep Status /var/lib/dpkg/status|sort|uniq -c
    
    purge rc pac
2008
- November
  - apt-get on many hosts with clusterssh
    11/13/08
    Clusterssh opens for each connection a xterm and sends a keystroke to each window.
    
    You can also work in only one xterm.
    
    #> apt-get install clusterssh
    
    I use approxd for caching .deb's using port 9999. This port is not reachable by all my hosts,
    therefore
  - ubuntu 8.10 (intrepid ibex) troubles with an old Acer Travelmate 630
    11/06/08
    I could not run the ubuntu live installcd and also the alternate hang sometimes. After a successful install X freezes. I tried to boot with various boot options. Only with acpi=off my system seams to working but with fan running and no battery info. An older knoppix was running, so i decided to inst
- October
  - script to rescue/backup a raid1 system and restore from a cd with initramfs
    10/28/08
    Searching for a rescue system that creates a bootable CD to restore my system i found mkcdrec. Because sometimes things (mkcdrec/debian/ubuntu) changes and i had to test and patch for new mkcdrec versions, so i droped it.
    
    Then i started to make a live CD with debian-live and make my insta
  - block ssh brute force attacs / prevent synflooding
    10/28/08
    With iptables module recent you can limit the count of tcp connection attempts. In my case i allow only 3 ssh connection attempts per minute. This stops script kiddies doing ssh brute force attacs.
    iptables -N synflood
    iptables -A synflood -p tcp --dport ssh -m recent --set --name SSH
  - Wildcard certificate with virtual hosts and one IP
    10/15/08
    apache
    NameVirtualHost *:80
    NameVirtualHost *:443
    
    <VirtualHost *:443>
    ServerName one.domain.at
    
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/domain.at.pem
    SSLCertificateKeyFile /etc/ssl/private/domain.at.key
    
    CustomL
- September
  - postfix with no local delivery
    09/11/08
    All mails for local accounts should be transfered to a central mailserver.
    
    Sender email should look like USER@HOST.DOMAIN and all mails should be delivered to root@DOMAIN.
    
    Usually /etc/aliases is used, but in my case local delivery is disasbled.
    
    /etc/postfix/main.cf:
  - script to rescue/backup a system and restore from a cd with initramfs
    09/05/08
    Searching for a rescue system that creates a bootable CD to restore my system i found mkcdrec. Because sometimes things (mkcdrec/debian/ubuntu) changes and i had to test and patch for new mkcdrec versions, so i droped it.
    
    Then i started to make a live CD with debian-live and make my insta
  - qemu
    09/05/08
    #> sudo apt-get install kqemu-source kqemu-common build-essential
    #> sudo module-assistant prepare kqemu
    #> sudo module-assistant auto-install kqemu
    
    /etc/udev/rules.d/60-kqemu.rules:
    KERNEL=="kqemu", NAME="%k", MODE="0660", GROUP="
  - fast sftp
    09/05/08
    sftp -o Ciphers=blowfish-cbc USER@HOST
- August
  - Grub Error 2: Bad file or directory type
    08/19/08
    grub prior 0.97 only supports a inode size of 128 Bytes
    
    To format a partition set inode size of 128 Bytes:
    
    #> mkfs.ext3 -I 128 /dev/sda6
  - ugly rename hack
    08/08/08
    find -name 'Pic*' -exec sh -c 'mv $1 "$(echo $1 | sed s/\\./_/g | sed s/^_/\\./g | sed s/_-//g)"' {} {} \;
- July
  - hardy ubuntu-vm-builder with kvm and virtio
    07/02/08
    First get ubuntu-vm-builder from http://packages.ubuntu.com/intrepid/ubuntu-vm-builder
    
    #> dpkg -i ubuntu-vm-builder_0.6_all.deb
    
    I suggest to use approx for caching packages
    
    #> sudo apt-get kvm libvirt-bin
    
    #> sudo adduser `id -un` libvirtd (and rel
- June
  - Two usb video capture stick with em28xx driver
    06/28/08
    get http://mcentral.de/hg/~mrec/em28xx-new/ and untar
    cd em28xx-new-*
    make
    find /lib/modules/$(uname -r) -name "em28xx*" -type f | xargs rm -rf
    find /lib/modules/$(uname -r) -name "tvp5150.ko" -type f | \
    xargs rm -rf
    mkdir -p /lib/modules/$(uname -r
  - io scheduler for databases (deadline)
    06/17/08
    As suggested by http://www.nextre.it/oracledocs/oraclemyths.html
    i put elevator=deadline to grubs menu.lst.
  - atomic ops in c with help of gcc
    06/16/08
    atomic.h[more]#ifndef _ATOMIC_H
    #define _ATOMIC_H
    
    /**
    * Atomic type. http://golubenco.org/blog/category/gcc/
    */
    
    typedef struct {
    volatile int counter;
    } atomic_t;
    
    #define ATOMIC_INIT(i) { (i) }
    
    /**
    * Read atomic variable
  - find PCs in a network
    06/05/08
    for i in $(seq 2 254); do ping -c 1 192.168.0.$i | grep -q rtt && echo "found 192.168.0.$i"; done
  - kvm pxe boot
    06/04/08
    get a ISO bootable image without legacy floppy emulation (.iso) from etherboot
    
    kvm.sh:#!/bin/sh
    
    switch=br0
    
    USERID=$(whoami)
    iface=$(sudo tunctl -b -u $USERID)
    
    sudo /usr/sbin/brctl addbr $switch
    sudo /sbin/ifconfig $switch 192.168.99.1 up
- May
  - apparmor create a new profile
    05/28/08
    aa-genprof can not connect to internet, therefore i do it manually
    
    /etc/apparmor.d/usr.bin.program:
    #include <tunables/global>
    /usr/sbin/program flags=(complain) {
    #include <abstractions/base>
    }
    start program and use it
    
    aa-logprof -f /var/
- April
  - format a partition with check for badblocks
    04/29/08
    badblocks -swvo <output_file> /dev/PARTITION
    mkfs.vfat -l <output_file> /dev/PARTITION
  - Upgrade to Hardy Kubuntu
    04/25/08
    * enable port tcp 80 forwarding on your firewall
    
    because adept_manager connects directly to http://changelogs.ubuntu.com/
    https://bugs.launchpad.net/ubuntu/+source/adept/+bug/153016/comments/13
    
    * kdesu "adept_manager --dist-upgrade-devel"
    
    if you use a
  - isdn dialin syncppp
    04/10/08
    apt-get install isdnutils-base
    
    because ippp0 sets a default route we change to ippp1:
    
    mv /etc/isdn/device.ippp0 /etc/isdn/device.ippp1
    mv /etc/isdn/ipppd.ippp0 /etc/isdn/ipppd.ippp1
    
    /etc/isdn/device.ippp1 (remove '# REMOVE'):
    LOCALMSN='XXXXX&
  - Desktopsharing with vnc
    04/09/08
    sudo apt-get install vnc4-common vnc4
    
    sudo vncpasswd /etc/vncpasswd
    
    /etc/X11/xorg.conf:
    Section "Module"
    Load "vnc"
    EndSection
    
    Section "Screen"
    Option "PasswordFile" "/et
- March
  - Using a Flashdisk and take care about limited writes
    03/25/08
    For me it is sufficient to have data written every 20 Minutes.
    
    To enable this i use laptop-mode and set some values in /etc/sysctrl.conf:
    
    vm.swappiness = 0
    vm.laptop_mode = 1200
    vm.dirty_writeback_centisecs = 120000
    vm.dirty_expire_centisecs = 120000
    vm.dirt
  - Install minimal sid with cdebootstrap from ubuntu gutsy
    03/22/08
    To bootstrap debian sid on a second harddisk do following
    
    * create partitions / filesystems
    
    cfdisk /dev/hdc
    mkfs.ext2 /dev/hdc1
    mount -o rw,suid,dev /dev/hdc1 /mnt
    
    mkswap -f /dev/hdc2
    swapon /dev/hdc2
    
    * bootstrap (with a deb proxy like appro
  - digitemp with collectd
    03/16/08
    I used following schematic
    
    Additionally i connected three twisted pair wires with a 100 Ohm resistor. At the end of each wire a schottky diode reverse biased across the DS18S20 sensor against spikes is used.
    
    At the moment i have 5 DS18S20 temperature sensors (inside
  - Linksys SPA-3102 call throu PSTN / Call Forward no answer (CFNA)
    03/13/08
    I will make calls from my phone to PSTN and with dial extension "#9" to my voip account.
    
    This is done with following dialplan "(xx.<:@gw0>|<#9,:>xx.)"
    
    If a call from PSTN is not answered within 20 sec the call should be redirected via voip (see C
- February
  - copy partition
    02/16/08
    copy local
    
    cp
    cp -dpRx /OLD /NEW
    
    tar
    cd /OLD && \
    tar -cp --atime-preserve --one-file-system --exclude=/lost+found -f - . \
    | ( cd /NEW && tar -xpv --atime-preserve -f - )
    
    rsync
    rsync -avHx --delete /OLD /NEW
  - Grub boot Floppy Image (and bios update)
    02/16/08
    mkdir /boot/dos
    cd /boot/dos
    cp /usr/lib/syslinux/memdisk .
    wget http://www.fdos.org/bootdisks/autogen/FDOEM.144.gz
    gunzip FDOEM.144.gz
    
    mkdir /mnt/temp
    mount -o loop -t vfat FDOEM.144 /mnt/temp
    copy new bios-image and flasher to /mnt/temp
    umount /mnt/tem
  - firefox crash / gimp no font - Pango-WARNING **: failed to create cairo scaled font, expect ugly output. the offending font is 'DejaVu Sans 9'
    02/09/08
    after upgrade from feisty to gutsy firefox and gimp wont work:
    
    the solution is
    
    dpkg-reconfigure libcairo2 libpango1.0-common
    fc-cache -fs
    update-pangox-aliases
    
    http://www.mail-archive.com/debian-user
- January
  - bash network calculation
    01/18/08
    IP='130.10.10.10'
    NETMASK='255.255.252.0'
    
    l="${IP%.*}";r="${IP#*.}";n="${NETMASK%.*}";m="${NETMASK#*.}"
    
    SUBNET=$((${IP%%.*}&${NETMASK%%.*})).\
    $((${r%%.*}&${m%%.*})).\
    $((${l##*.}&a
  - xorg Xinerama / Dual Screen
    01/08/08
    The hard work with xinerama / dual screen was:
    
    * set the monitor sync/refresh rate (it won't start without for an old crt not supporting ddc)
    
    * set Option "NoAccel" "true" (screen distortions)
    
    * touchpad only works with dual screen
2007
- December
  - xorg ati ES1000 with DRI
    12/27/07
    xorg ati/radeon video driver for ES1000 has DRI disabled :-(
    
    As a workaraound i changed ChipID in xorg.conf to "0x515a"
    
    suggested by http://ubuntuforums.org/showpost.php?p=
    Section "Device"
    Identifier "ATI Technologies Inc ES1000"
  - date with unix timestamp
    12/05/07
    date in unix timestamp: date +%s
    
    convert unix timestamp to date: date --date "Jan 1, 1970 00:00:00 +0000 + $1 seconds"
    
    set date with unix timestamp: date -s "Jan 1, 1970 00:00:00 +0000 + $1 seconds"
- November
  - secure rsync
    11/25/07
    I want to rsync on my local-host via ssh from a remote host without a ssh enabled root account but full access to the whole filesystem.
    
    local-host:
    ssh-keygen -t rsacopy ~/.ssh/id_dsa.pub to remote-host:/home/rsyncuser/.ssh/authorized_keys
    
    rsync files with ssh:
    rsync
  - squirrelmail "Deutsch"
    11/21/07
    apt-get install squirrelmail-locales squirrelmail-decode ispell wngerman
    
    ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf
    chgrp -R www-data /usr/share/squirrelmail/
    
    added "de_DE ISO-8859-1" to /var/lib/locales/supported.d/local
  - Postfix and Spamassassin
    11/21/07
    apt-get install spamassassin spamc re2c make gcc libc6-dev
    
    I want to run spamassassin as non root user.
    groupadd -g 3000 spamd
    useradd -u 3000 -g spamd -s /bin/false -d /var/lib/spamassassin spamd
    mkdir /var/lib/spamassassin
    chown spamd:spamd /var/lib/spamassassin/etc/
  - cyrus postfix pop-before-smtp
    11/21/07
    apt-get install pop-before-smtp
    
    uncomment $pat for cyrus in /etc/pop-before-smtp/pop-before-smtp.conf
    
    /etc/postfix/main.cf:
    smtpd_recipient_restrictions = permit_mynetworks,
    reject_non_fqdn_recipient,
    check_client_access hash:/var/lib/pop-before-s
  - cyrus offline transfer mailboxes to a new server
    11/20/07
    On old cyrus server:
    
    export mailboxes.db:
    su - cyrus -c 'ctl_mboxlist -d > cyrus_mboxlist.txt
    export seen databases:
    su - cyrus -c 'for seenfile in `find /var/lib/imap/user -name \*.seen`; do \
    /usr/lib/cyrus/bin/cvt_cyrusdb $seenfile skiplist ${seenfile
  - cyrus convert user authentication from ldap to sasldb
    11/20/07
    apt-get install sasl2-bin libsasl2-modules cyrus-imapd-2.2 cyrus-pop3 cyrus-admin-2.2 cyrus-clients-2.2
    
    /etc/default/saslauthd:
    MECHANISMS="ldap"
    OPTIONS="-O /etc/saslauthd.conf"/etc/saslauthd.conf:
    ldap_servers: ldap://127.0.0.1/
    ldap_search_base:
  - quick base64 encode/decode
    11/14/07
    perl -MMIME::Base64 -e 'print encode_base64("string");'
    
    perl -MMIME::Base64 -e 'print decode_base64("c3RyaW5n");'
  - Secure DDNS with bind9 for ADSL
    11/13/07
    dnssec-keygen -a RSAMD5 -b 1024 -n HOST -k -r /dev/urandom home.domain.org
    
    put content of XXX.key into your zonefile
    
    move xxx.key and xxx.private to your client with sftp
    
    /etc/ppp/ip-up.d/ip_update:
    #!/bin/sh
    
    TTL=60
    SERVER='NAMESERVER'<
  - Secure DNS with bind9 master/slave
    11/13/07
    * chrooted
    * chaos, internal and external zone
    * TSIG updates/zonetransfers for master/slave
    
    apt-get install bind9
    /etc/init.d/bind9 stop
    
    /etc/default/bind9: OPTIONS="-u bind -t /var/lib/named"
    mkdir -p /var/lib/named/etc
    mkdir /var/lib/named/
  - routing for a multihomed network
    11/08/07
    Linux connected via two networkcards to two different providers.
    
    You coud use source based routing or if you prefere to route some ports only to on provider
    here is my solution. Usefull for a private VOIP-Provider having two links and uses one link for RTP and the other for SIP.
- October
  - ftdi dongleid FT232/245R
    10/18/07
    I used the library from FTDI (libftchipid - is only in binary and linked against old libc) to get the dongleid.
    
    I had to "sudo chmod 666 /proc/bus/usb/001/021".
    
    There is an opensource library (libftdi) from intra2net that lacks support of reading the dongleid.
  - usbmonitor libusb usbsniff
    10/18/07
    Linux Kernel:
    
    modprobe usbmon
    mount -t debugfs none_debugs /sys/kernel/debug
    cat /sys/kernel/debug/usbmon/<x>t (x=Ger�tenummer 1,2,3,...)
    libusb with radare/libusbsniff:
    LD_PRELOAD=/usr/lib/libusbsniff.so ./my-usb-program
- September
  - whiptail
    09/05/07
    this one-liner has following benefits:
    
    * restart if pressing ESC (while ! ... ; do true; done)
    
    * store result in a variable not a file (whiptail ... 3>&1 1>&2 2>&3)
    while ! choosen=$(whiptail --nocancel --noitem --radiolist "Please choose" \<
- August
  - Internetaccess via Huawei E220 UMTS/GPRS Modem
    08/27/07
    Kernel < 2.6.20 needs a udev rule:
    
    http://www.kanoistika.sk/bobovsky/archi
    
    /etc/udev/rules.d/82-huawei220.rules
    
    ACTION=="add", SUBSYSTEM=="usb_device", \
    ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="1003",
  - udev - usb add / remove
    08/13/07
    Because udev didn't know anything of idVendor or idProduct if you remove a device i use ENV{PRODUCT} to match for my unplugged device:
    
    ACTION=="add", KERNEL=="event*", SUBSYSTEM=="input", \
    SYSFS{idVendor}=="1234", SYSFS{idProduct}
- July
  - Permissions
    07/31/07
    File Permissions
    
    yes*: These files gave a "rm: remove write-protected file 'filename'?" error. Saying "yes" removes these files. Also performing a "rm -rf" file removes the file without any warning. The ability to remove a file is controlled at t
- June
  - Monitoring filesystem activity under Linux with block_dump
    06/28/07
    sudo sysctl vm.block_dump=1
    
    or
    
    echo 1 > /proc/sys/vm/block_dump
    
    tail -f /var/log/kern.log
  - ntfs read/write with feisty
    06/24/07
    apt-get install ntfs-g3
    
    /etc/group
    +fuse:x:100:users
    
    vol_id /dev/sda1
    
    /etc/fstab
    UUID=5EFC7B02FC7AD42D /media/usbhdd ntfs-3g rw,users,uid=1000,guid=1000,umask=007,locale=de_AT.utf8,force 0 0user can mount but not unmount
    https://bugs.launchpad.n
  - blocking ads with squid
    06/22/07
    /etc/squid/squid.conf
    +acl ads dstdom_regex -i "/etc/squid.adservers"
    +http_access deny ads
    
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    update-squid-adservers.sh:
    #!/bin/sh
    
    ### short script that downloads a list of ad servers f
  - Internetaccess via modem
    06/21/07
    apt-get install ppp
    
    edit /etc/ppp/pap-secrets
    
    /etc/network/interfaces
    
    auto modem
    iface modem inet ppp
    provider modem
    /etc/ppp/peers/modem
    ttyS0
    38400
    connect "/usr/sbin/chat -v -f /etc/ppp/peers/modem.chat"
    disconn
  - Internetaccess via ISDN
    06/21/07
    apt-get install isdnutils-base
    
    isdnconfig - choose 1, ippp1 to prevent default gateway to ippp0
    
    /etc/isdn/device.ippp1:
    
    edit all lines marked with XXX_:
    
    LOCALIP=
    REMOTEIP=AAA.BBB.CCC.DDD
    LOCALMSN=''
    REMOTEMSN=XXXXX
    LEADINGZERO
  - scponly
    06/21/07
    apt-get install scponly
    
    gunzip /usr/share/doc/scponly/setup_chroot/setup_chroot.sh.gz
    chmod 755 /usr/share/doc/scponly/setup_chroot/setup_chroot.sh
    cd /usr/share/doc/scponly/setup_chroot/
    ./setup_chroot.sh /home/USERNAME USERNAME RELATIVE_WRITEABLE_DIR
    
    cp /dev/nu
  - ssh - chroot
    06/21/07
    chroot a user logging in via ssh
    
    apt-get install libpam-chroot
    
    less /usr/share/doc/libpam-chroot/examples/README.example
    
    /usr/share/doc/libpam-chroot/examples/setup-chrootdir-shell.sh
    
    /etc/security/chroot.conf:
    +USERNAME /var/chroot/sshd/home/USERNA
  - mirror my website
    06/21/07
    chmod 700 /etc/cron.daily/websitesync
    
    #!/bin/sh
    
    wget -q --mirror --no-host-directories --cut-dirs=1 --directory-prefix=/var/www \
    --user=USERNAME --password=XXXXX ftp://www.holik.at/htdocs
    I mirror to my homeserver/var/www and to prevent wget to add
    director
  - serial (ttyS) over TCP
    06/21/07
    First computer where to redirect serial via TCP:
    
    stty -F /dev/ttyS0 raw 9600 -echo
    nc 192.168.0.1 1111 >/dev/ttyS0 </dev/ttyS0
    Second computer receiving needs 2 serial's
    stty -F /dev/ttyS0 raw 9600 -echo
    stty -F /dev/ttyS1 raw 9600 -echo
    
    nc -l -p
  - Internetaccess via adsl
    06/20/07
    apt-get install pptp-linux
    
    i got a usb networkcard - to name it adsl i use udev and made /etc/udev/rules.d/local.rules
    
    SUBSYSTEMS=="usb", KERNEL=="eth*", ATTRS{idVendor}=="050d", \
    ATTRS{idProduct}==&qu
  - dnsmasq
    06/20/07
    dnsmasq with more than one interface
    
    [more]
    
    * Howto define a CNAME with dnsmasq ?
    
    # Configuration file for dnsmasq.
    #
    # Format is one option per line, legal options are the same
    # as the long options legal on the command line. See
    # "/u
  - raid1 with ubuntu feisty
    06/20/07
    What i want from a raid1:
    
    notiy if a disk fails
    This is done by mdadm
    
    boot degraded with only one disk
    boot degraded does not work with ubuntu, because mdadm does not start a degraded raid :-(
    
    my workaround is to add a bootmenue entry in grub
    
    tit