Running an rssh chroot on Ubuntu Lucid 10.04

I had some trouble getting a chroot running for rssh on Ubuntu Lucid 10.04. I ran the script below:

/usr/share/doc/rssh/examples/mkchroot.sh /var/chroot

It created most of the files, but didn't include the right libraries. Here's the minimum file listing I've been able to use:



libnsl was the tricky one that I found by trial and error. I installed bash inside the chroot and tested running each binary. Everything runs without libnsl, but its required if you want it to work with rssh.

Use ffmpeg to extract first image out of FLV

I found at least one other person trying to find a way to extract a JPG snapshot out of a flash video using ffmpeg.

The above article suggests using ffmpeg to extract a PNG, and then convert that to a JPG (since the JPG will be much smaller). Instead, just use the correct arguments to ffmpeg:

ffmpeg -i movie.flv-vcodec mjpeg -vframes 1 -an -f rawvideo -s 320x240 movie.jpg

With -vcodec mjpeg the important argument.

Verizon FIOS and running a Linux operating system

Despite the well known fact that Verizon Can't Do Math, I have to say that I am surprised to find that their FIOS service is pretty good. I've had it for over a month, and haven't noticed it go down or have any speed problems.

More interestingly, I've actually found that they are pretty Linux-friendly. Actually, Linux-friendly might be too strong - lets just say that they have not locked me into using Windows for their service. I did have to use activatemyfios.verizon.net, which has a Windows/OS X only Firefox extension. But other than that, I haven't felt the vendor lock-in blues.
Here are some good points:

• As far as I can tell, Verizon only blocks port 80. I run both SSH and HTTPS from my home box.


• Once I spoofed the correct MAC address, I was able to use my own non-Verizon router


• There is no PPPoE authentication or the like


• My IP address has not changed since I started the service


• Latency is very low (about 12ms to Google)


• Service has not gone down

I don't use their phone or TV services, so I can't comment on those. My guess would be that services like Vonage or Skype would work pretty well on my FIOS connection.

Bad points:

• The backup battery is supposedly pretty weak. It only provides voice service during a power outage, not Internet. For that, you'd have to use a UPS. Fortunately, I haven't had the power go out.


• It took forever to get the service installed. Even though the previous house owner already had FIOS installed, they couldn't come out for 2.5 weeks.

Verizon does pretty well here. So if you're thinking about switching - I would recommend it.

Who the heck is 142.166.3.122 and 142.166.3.123 (radianrss-1.0)?

I've been perusing through my logs lately and found the user agent "radianrss-1.0" numerous times. I'd never heard of this program (maybe an RSS reader?), so I did a google search. The only commentary I found was this post speculating that 142.166.3.123 was possibly involved in the compromise of katester.net.

Interestingly enough, the rest of the search results are the traffic statistics pages of various Wordpress blogs around the Internet. There doesn't seem to be a clear answer for what "radianrss" is, or why 142.166.3.122-123 is constantly indexing all of my blog posts.

If you're not already, START USING DD-WRT!

==========================================================

 ____  ___    __        ______ _____         ____  _____
 | _ \| _ \   \ \      / /  _ \_   _| __   _|___ \|___ /
 || | || ||____\ \ /\ / /| |_) || |   \ \ / / __) | |_ \
 ||_| ||_||_____\ V  V / |  _ < | |    \ V / / __/ ___) |
 |___/|___/      \_/\_/  |_| \_\|_|     \_/ |_____|____/ 

                       DD-WRT v23 SP2
                   http://www.dd-wrt.com

==========================================================

I installed dd-wrt on my Linksys WRT54g because I was having problems with the Sveasoft Alchemy firmware. The wireless was dropping constantly, which can be real annoying when you're trying to do a video call on Skype. My suspicion was that the firmware image was too large and too many services were trying to be run at once, and the unit was running out of memory.

Once long ago I had problems with the Alchemy firmware getting an IP address from my DSL connection. I managed to get syslog working (shouldn't have been hard, but it didn't work well with Alchemy) and the errors seemed to point to the fact that the unit was running out of memory. It would eventually work, it just took 20 minutes to get an IP address after it booted. Then it would stay up for months.

I guess I've just been out of the loop with regard to the newer firmwares. dd-wrt has much of the same basic functionality in their 'mini' version as the Sveasoft Alchemy fully featured version did. And to think that at point I paid for Alchemy because I wanted a more featureful, stable firmware :|

The wireless issues have gone away, and the web interface has a much more polished feel to it. I like logging into the router just to look at the interface and see the random stats. It also gives you status on the signal strength of the wireless clients, which can be very useful!

The dd-wrt firmware is famous for being able to do client mode bridging, i.e. act as a transparent wired-to-wireless bridge. I'm looking forward to trying that out some day.

By the way, although my unit will broadcast at a power of 251mW, I read on the dd-wrt wiki that 84mW is ideal for most hardware in terms of getting the best signal-to-noise ratio. At 84mW, I get a SNR of somewhere between 30-40, so I feel like that is probably pretty accurate information, considering I probably only need a SNR of 10-15 to get a very good wireless signal.

Try out dd-wrt today!

Slow SSH logins in Ubuntu Feisty (7.04)

There are two major reasons (I know of) that can cause extremely slow SSH logins - anywhere in the range of 15-30 seconds. It doesn't seem like a long time, but it takes forever to wait that out sitting at the terminal.

Say no to GSSAPIAuthentication

For some reason, GSSAPIAuthentication is turned on by default in Ubuntu Feisty (7.04). If you ssh -v somewhere.com, you'll see this in the output:

...
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-8ubuntu1
debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied
A parameter was malformed
Validation error

debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied
A parameter was malformed
Validation error

debug1: SSH2_MSG_KEXINIT sent
...

There are two ways to fix it. You can edit either /etc/ssh/ssh_config to include

GSSAPIAuthentication no

Or, you can edit ~/.ssh/config and add the same line. The only difference is that /etc/ssh/ssh_config will affect all systems users - probably a good thing.

Slow/broken DNS lookups

Each time you log into an OpenSSH server, it will typically perform a reverse-lookup on your IP address and store it in wtmp (try running the command "last"). If that DNS lookup times out, you'll be in for a big delay. Whats worse, OpenSSH has a habit of performing the lookup 3 or 4 times, further extending the delay to 30 seconds or more.

Its generally best to fix the source of the problem by fixing whatever problem exists in your DNS infrastructure. This could be as simple as pointing /etc/resolv.conf to the correct nameserver.

If you're really in a bind, you can pass the -u0 flag to sshd. Unfortunately, the sshd man page does not reveal any config file options to accomplish the same thing. But, the -u0 flag will stop sshd from performing any lookups that are not absolutely necessary as part of the authentication mechanism.

Use ps2pdf to create PDFs from any Linux application

If you want to share a PDF of a web page or any other document with another person, PDF is usually the way to go. There are free PDF printers out there for Windows, but fortunately the necessary software is probably already installed on your Linux distribution. Just use ps2pdf.

First, print from your application (ie. Firefox) and make sure to check "Print to file":



Press Print, save the file as filename.ps , and then run the following command:

$ ps2pdf filename.ps

The resulting file will be filename.pdf.

This is also a good way to convert old PS files (which can get pretty large) to the smaller PDF format. And, if for some reason you want to go the other direction, you can always use the pdf2ps utility.

Use Mozilla Firefox under WINE to reach those Windows-only sites

Its long been known that you can use something like the User Agent Switcher to make it appear like you're using a different operating system than you really are. This can be useful on some websites that insist you need to run Windows - when in fact Linux or practically any other operating system will work fine.

But for those sites that are actually telling the truth, you can often run Firefox under WINE with very good results. Just head over to www.getfirefox.com and download the Windows binary. The site actually does its own OS detection, so you'll probably want to choose "Other Systems and Languages." Once you have it, make sure you have WINE installed. I also installed the MS truetype fonts because it looks terrible otherwise.

# apt-get install wine msttcorefonts

And then start the installer

$ wine Firefox\ Setup\ 2.0.0.7.exe

You'll go through the normal install process, and when you're finished you'll see a new Firefox icon on your Linux desktop:



Double-click it and you should be good to go! If you want to visit a site with audio, you'll want to run winecfg, visit the Audio tab, choose your settings (I just left the defaults) and click Apply. Otherwise you might run into some issues with Firefox crashing. If its any consolation, Firefox will crash on certain sites powered by Move Networks in Windows, too, if there is no audio driver installed. This is probably related to the Firefox extension you must install to view the site.

Apt-get DOES have an option for automatic security updates

I recently wrote about the cron job that I run to keep my Debian and Debian-like servers up to date automatically.

It turns out that apt-get (or libapt, more specifically) has a mechanism to automatically download and install security updates. This will work across package management applications (apt-get, synaptic, aptitude, etc) and is very simple to setup. Edit /etc/apt/apt.conf.d/10periodic to include the following:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "1";

Your distribution should already have a cron job (usually in /etc/cron.daily/apt) that runs every day and updates as per these configuration options. To see the entire config, run

$ apt-config dump

For those interested, this configuration setting is what Synaptic sets when using its "Install security updates without confirmation" option.

Thanks to g for pointing this out.

The new Ubuntu is coming already

If you didn't already know, Ubuntu 7.10 Gutsy Gibbon will be coming soon!



Maybe I'll finally get suspend support for my dual core Dell XPS desktop?

Any guesses if the Ruby and Rails packaging will be any better?

Using syntax enable and other vim commands in Ubuntu and Debian

So I ran into the strangest thing today. Vim complains because I tried to use 'syntax enable' in my .vimrc.

$ vim myfile.rb
Error detected while processing /home/solipsistic/.vimrc:
line    1:
E319: Sorry, the command is not available in this version: syntax enable
Press ENTER or type command to continue

Apparently Debian-like distributions don't package the full version of vim by default. They pack a 'lite' version.

# apt-get install vim

And you'll be rolling again.

Installing Mongrel on Ubuntu Feisty with rubygems

When I recently re-installed Ubuntu 7.04 (Feisty), I found that I couldn't build the native fastthread gem (a required dependency). If you get this error:

Building native extensions. This could take a while...
extconf.rb:1:in `require': no such file to load -- mkmf (LoadError)
from extconf.rb:1

ERROR: While executing gem ... (RuntimeError)
ERROR: Failed to build gem native extension.
Gem files will remain installed in /var/lib/gems/1.8/gems/fastthread-1.0 for inspection.

then you need the ruby development libraries and the build-essential package. I've found that these commands will make sure mongrel (and rails) is installed correctly:

$ sudo apt-get install ruby1.8-dev rubygems build-essential rails
$ sudo gem install mongrel --include-dependencies


Using the Ubuntu Feisty Live CD as your primary OS

I had one of the most dreaded computer woes happen last week - my hard drive crashed.

Well, it didn't crash completely. I have about a 70% boot rate. It makes a load noise like the bearings aren't well lubricated when the drive won't boot. I figured it was better (and less frustrating) to stop using the drive and just wait until the new hard drive arrived.

Luckily, I use unison over SSH to backup my files, so everything was already mirrored on my Debian file server at home, even though I was across the country when the failure occured. I've reminded myself that I needed to have my data backed up if something catastrophic ever happened to my laptop. In my mind the scenario was that my laptop was going to be run over by a truck (gotta think big), but I knew the hard drive crash was probably inevitable. Unison is a good tool to sync two file systems, however it does work best if you manually sync. If you want something to automatically back up files, set up rsync as a cron job on your system.

Coping with the problem

At first, I thought I should just go without my laptop for a few days (oh the horror!). Newegg ships fast, right? I should have known myself better than that. I immediately started thinking of how to run my system with a broken hard drive. Naturally, the idea of using a Linux Live CD came to mind.

To preserve the old hard drive, I physically removed it from the laptop. After that, I remembered I had ordered some Ubuntu 7.04 pressed CDs a while back so I popped one in.

To my surprise, Ubuntu 7.04 (Feisty) as a Live CD rivals my normal hard drive install in terms of performance! The bootup time is quite slow, but once it has started, it runs nicely. Since I spend a lot of time using Firefox, I don't experience the spin-up-spin-down as often as I remember in previous Live CD usage. I think Feisty must also do a good job of caching programs in RAM when you first access them because I hardly ever hear the CD drive spin up unless I'm starting a new program.

The other nice thing is that the laptop fan almost never turns on. The old hard drive ran somewhat noisy and warm, causing the fan system to kick on about 75% of the time. I've really enjoyed the cool, quiet performance of running on a Live CD. The laptop is absolutely silent.

The only real obstacle I've faced is that I can't shutdown my laptop unless I want to spend time re-setting up my Thunderbird profile and re-installing Firefox extensions. I guess you can't have everything.

Why not switch completely?

If this setup works so well, I thought to myself, why not just switch to always using a Live CD and save $60 on a new hard drive? After thinking about it, I've decided that I would be willing to switch if a few conditions were met:

1. A decent amount of persistent storage were possible


2. I could install updates and new software without losing them each time I reboot


3. Most or all of the OS could be loaded in RAM at boot

I could probably accomplish #1 with a USB drive and a persistent home directory. I think #2 would be harder with the USB drive - like what happens when you move between systems with the same flash drive - but still possible. In the end, I think I would be happiest by buying a Compact Flash to IDE adapter and a large (16GB or more) Compact Flash card. These are nice because you get the cool, quiet operation and persistent operation. I considered doing this instead of getting a new hard drive, but in the end I figured I would get much more storage but the price (80GB @ $60 or 16GB @ $150 or more). In the future I think many laptop hard drives will be completely flash based memory.

As for #3, I wish that Ubuntu Feisty had the ability to use the "toram" kernel boot option and load the OS into RAM during boot. I've done this with Knoppix CDs in the past. The speed increase is amazing. Granted, less RAM is available for program execution, but RAM is cheap enough these days that the productivity gain is worth the extra couple of dollars.

All in all, I give the Ubuntu Feisty Linux Live CD a surprisingly high thumbs up for everyday use.

Use OpenDNS for faster and more secure browsing

I ran across opendns.org the other day and decided to try it.

There was a definite speed boost! I have Verizon FIOS and the OpenDNS servers are more responsive than Verizon's DNS servers. I've noticed that most pages now load in about 3/4 of a second (time to look up the DNS name, fetch the page, and render it). I use fasterfox to time it.

OpenDNS also provides some interesting reports. You can turn off the DNS logs if you like (privacy and all), but I found them useful. I have a cron job that runs every 5 minutes and fetches my mail via POP and mails it to another account. The cron job had done over 24,000 DNS lookups of the same IP address in the last 8 days. My router is supposed to be caching those requests (isn't that why you run local DNS?), but its easy to see that caching is not happening.

Also, OpenDNS gives you the ability to block domains, and automatically will block phishing and pornographic sites if you want. This can be pretty useful, for kid-safe and normal-user-safe browsing.

I've been pretty happy with using the service so far - especially since it is free. The only thing I've noticed is that I haven't seen any *nix update clients. Anyone found one that they like?

Update: here are some screenshots from their interface

Recent Activity



Unique Domains



Top Domains



Sample blocked domain

Automatic updates in Debian Linux (etch)

UPDATE: I found a better way to do this

I have half a dozen Debian Linux boxes in various places that I administer. Some are file servers, some are meant to do rsync backups, and some have lost their purpose and I simply keep them around because they are on a fast Internet connection. These are not critical in any way, but they are often useful to have around as an entry point into a network or to host some simple service.

I've searched the Internet for a good way to keep these boxes up to date without having to administer them all the time. After all, I don't want to SSH to n boxes once a week (or more) just to run apt-get update && apt-get upgrade. And what if some critical hole is found in SSH and I can't patch the box in a reasonable time? Or, more likely, what if I just don't hear about the critical hole and the box gets exploited days later?

Most Debian administrators seem to think that using a tool like cron-apt is the best way to go about things. Cron-apt downloads all available updates and sticks them in apt's cache, but does not install them. This does make it quicker to manually update since the packages are already present on the system. If I administered these boxes for a living, I would be plenty happy with the way that cron-apt downloads the packages and sends you an email when new packages are ready to install. But since I want the minimal fuss, I chose a different way.

Ideally, Debian would have a tool that did something similar to Synaptic's GUI interface.



This automatically installs security updates and leaves the rest to the user. I'm not quite sure what mechanisms it uses, but I've used this shell script to accomplish the same thing for over a year.

#!/bin/sh
/bin/date >> /root/autoupdate
/usr/bin/apt-get update >> /root/autoupdate
/usr/bin/apt-get upgrade -y -t security >> /root/autoupdate
/usr/bin/apt-get autoclean

I drop this script into /etc/cron.daily/autoupdate and forget about it. It logs all actions it takes to /root/autoupdate, so I can look back and see what has automatically been installed. It also only installs security updates, although I usually leave off the "-t security" part and let it install everything. In my experience, the stable version of Debian (currently etch) has very few updates that break anything, especially if you haven't customized your configuration files heavily. I've been running this script in several places over the last year and each box will generally install everything except for kernel upgrades, since they usually require a reboot.

A lot of Debian administrators are nay-sayers to this type of approach. This is probably because they've seen many a non-stable distribution break horribly with something like this. If this were a production level box with many users depending on it, I'd also take the approach of manually installing updates. But when I actually want to do something else with my life than manually run apt-get on boxes I occasionally use, this is the perfect solution.

Simple network uptime test

Trying to troubleshoot an intermittent network problem? Just want to know if you ISP is dropping packets or going down altogether?

So many times I've search the 'net for a simple network uptime script. I always wanted to know the exact time the network went down (and came back up) so that I could track down the cause of the problem. Here is a dead-simple script that will do just that:

#!/bin/bash
## connect_test.sh ##
## This script continually pings an IP address / hostname and reports *only*
## when it is unable to reach the destination.
##
## Example: ./connect_test.sh www.google.com

if [[ $1 == "" ]];
then
        echo "Please provide an IP/host to ping"
        exit
fi

while [ true ]; do
        p=`ping -c 4 $1 > /dev/null 2>&1`
        if [[ $? != 0 ]];
        then
                d=`date`
                echo "Unable to reach $1 at $d"
                sleep 1
        fi
done

It works best if you open up multiple terminal windows and try to connect to different portions of your network simultaneously. For example:

./connect_test.sh [my neighboring workstation]
./connect_test.sh [my gateway]
./connect_test.sh [my ISPs DNS]
./connect_test.sh [random domain - ie. google.com or yahoo.com]

This way, you can determine exactly where the failure is AND you have a record of the time it occurred. Hope that helps!

Advantages of being a WINE developer

I've often thought that it would be neat to contribute to a high-profile open source project. You know, something like Joomla that plans to solve all the world's problems. I recently learned that contributing to the WINE project is just what I needed.

For the uninformed, WINE is a project that allows Microsoft Windows programs to be run in Linux. It sounds like a lofty goal - and it is - but sometimes its actually quite useful. For example, I once had to contribute changes to a Word document that had all kinds of complex formatting - and OpenOffice couldn't handle it. To be fair, OpenOffice could open it fine, but the formatting was inconsistent with what is normally displayed in Word and basically corrupted the layout for anyone that viewed the document later. Long story short, I had no choice but to edit the document with Word, running Windows XP. In true Microsoft fashion, Word running on Windows XP did crash several times before I was able to finish my edits to the document. While I wasn't sure whether to blame Microsoft or my professor for creating that extra-complex document layout, I do know I was yearning to experience those kind of program crashes while running my operating system of choice!

WINE let me do just that. Word 2000 actually runs quite well using WINE on Linux. I don't think the newer versions have the same success though.

More to the point, WINE can run any Windows executable. It may not be perfect, but you have to thank the WINE developers for trying:



This is a picture of the free product Personal Ancestral File available from familysearch.org. It helps you keep track of your ancestors. What it wants me to do now is anyone's guess, but it should be clear to you why I want to be a WINE developer. I want the privilege of saying "You won't believe the fun I had today...."

First post on blog.layer2.org

Welcome to my new WordPress blog! This is the site I'm planning on using to write about my thoughts and experiences with technology and other aspects of life. I plan on writing a lot about Ruby, Linux, computer networking and other things. Hope you enjoy reading!