Coincidence …? 🙂
Tag: GNU+Linux
Yet another Seagate hard disk fails on me
It all starts with that strange sound… In my machine’s case, a whining noise. As a sysadmin and/or experienced geek, you know something’s wrong. I suspect the head assembly has become detached and is scraping along the disk surface at 7200rpm…
Naturally, the usual recovery tools don’t work… and the drive sounds shot.
# pvmove /dev/sdd1 /dev/sdg1
/dev/sdd1: Moved: 0.0%
/dev/sdd1: Moved: 0.0%
/dev/sdd1: read failed after 0 of 2048 at 0: Input/output error
No physical volume label read from /dev/sdd1
Physical volume /dev/sdd1 not found
ABORTING: Can’t reread PV /dev/sdd1
ABORTING: Can’t reread VG for /dev/sdd1
# dd if=/dev/sdd1 of=dev/sdg1 bs=4096
dd: reading `/dev/sdd1′: Input/output error
2+0 records in
2+0 records out
8192 bytes (8.2 kB) copied, 0.0992418 s, 82.5 kB/s
# dd if=/dev/sdd of=dev/sdg bs=4096
dd: reading `/dev/sdd’: Input/output error
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.0205753 s, 199 kB/s
This is the third 1TB Seagate ES.2 drive I’ve had develop bad sectors. Although they have a 5 year warranty, they seem to start expiring after 3.
Thank goodness I have backups…
Playing with Mozilla Firefox Sync on Virtualmin
Part #2 of the Data Liberation series
Mozilla, the organisation behind the ubiquitous Firefox web browser, kindly publishes its source code powering a key service which it provides – Firefox Sync. Because of this, we are able to run our own password sync servers securely and not necessarily be the target of a large-scale data-mining break-in, such as might be performed by a malicious cracker, or the NSA. Sorry, of course they are the same thing.
F
irefox Sync is a neat service which allows you to, quite literally, sync your settings in Firefox across multiple devices. These settings can include bookmarks, web browsing history, cookies, form-filling data and passwords. Anyway, I too was keen to run my own password sync server, so I set about doing just that.
I host quite a bit of stuff using Virtualmin, another superbly produced piece of software which facilitates the set-up of multiple domains on a single box. Setting up Firefox Sync on your own server under virtualmin is actually very straightforward.
The main task at hand is to follow the detailed instructions published by Mozilla.
As per the instructions, I had to run the following, in order to install required software:
# apt-get install python-dev mercurial sqlite3 python-virtualenv libssl-dev
In addition, I also needed to install and enable the WSGI Apache module, which wasn’t present on my system (drawing in dependencies as needed):
# apt-get install libapache2-mod-wsgi
I decided to install the Mozilla sync software in the home directory of my newly created domain, which in Virtualmin is either “/home/domain” or “/home/domain/domains/subdomain”, depending on whether you have created a subdomain for this specific purpose or not. In the subdomain situation, the folder path would end up being: /home/domain/domains/subdomain/server-full.
Once installed, I inspected the Apache config file. A key change I had to make was to the WSGI configuration within this file. On my Debian box, the Apache config files are located in the standard place: /etc/apache2/sites-available – the same would be true for Ubuntu (on CentOS and other RHEL/Fedora derivatives, you’ll probably find them in /etc/httpd/conf.d/). Once you have created your domain in Virtualmin, your domain’s config file should be within this folder, appropriately named “domain.com.conf”.
In the “domain.com.conf”, there are a few lines to add and one to edit:
Firstly, find the DocumentRoot declaration:
DocumentRoot /home/mydomain/domains/subdomain/public_html
and change it to:
DocumentRoot /home/mydomain/domains/subdomain/server-full
Next, you’ll need to insert the following lines, within the same stanza as DocumentRoot (the best thing is to adjust and paste these lines directly after DocumentRoot:
WSGIProcessGroup sync-http
WSGIDaemonProcess sync-http user=<your-virtualmin-domain's-user> group=<your-virtualmin-domain's-group> processes=2 threads=25
WSGIPassAuthorization On
WSGIScriptAlias / /home/mydomain/domains/subdomain/server-full/sync.wsgi
The above example assumes that you are working within the :80> stanza. If you have enabled SSL on your virtual server, within Virtualmin, then you’ll also have a :443> stanza to add these lines to, with one or two exceptions!
A WSGIDaemonProcess is assigned to each virtual server in Apache. In doing so, it creates a system process which requires a name. According to the WSGI docs, this name must be unique:
“[…] note that the name of the daemon process group must be unique for the whole server. That is, it is not possible to use the same daemon process group name in different virtual hosts. “
When you come to pasting in the additional lines in your :443 stanza, you are dealing with a separate virtual server in Apache. So, within your Apache config file, be sure to rename your WSGIDaemonProcess process name. E.g.:
WSGIProcessGroup sync-https
WSGIDaemonProcess sync-https user=<your-virtualmin-domain's-user> group=<your-virtualmin-domain's-group> processes=2 threads=25
This configuration should now be valid. You can test this with:
service apache2 reload
This won’t stop the current Apache process, but it will attempt to load the new configuration file. If it fails to load the config, it will tell you without stopping Apache.
Once this works, simply issue:
service apache2 restart
Syncing on mobile
If you intend to use Firefox on Android, or any other mobile Firefox (or clone) that supports the same syncing protocol, there is one caveat. If you are using an unsigned or self-signed SSL certificate on your sync server, you should visit the site first in your mobile Firefox and add a permanent exception. Once done, set up firefox sync in the normal way, by typing the characters into your desktop browser’s sync dialog, and the two browsers will shortly be synced up nicely!
Getting to grips with i3 on slackware
[ This is an incomplete post mainly consisting of notes to myself. Ignore at will, commander. ]
When installing slackware, I opted for the excellent XFCE desktop environment. But having become aware of i3, a new tiling window manager, I decided to give it a go.
Learning a new Linux distro is never completely straightforward, even for a veteren. All distributions do things differently, so the knowledge you gain in one distro is never wholly applicable to another.
This can make for interesting discoveries and baffling, vexing problems which require prolonged periods of diagnosis to remedy. But the joy of learning how things work is always with you in Slackware, which is why the distribution – while harder work – is certainly quite rewarding.
Installing i3
How to install… SBo… xwmconfig, etc
http://docs.slackware.com/howtos:window_managers:i3wm
Good starter docs by sycamorex
Getting the right screen display resolution with laptop and external monitor
Use Arch documentation as reference xrandr https://wiki.archlinux.org/index.php/Xrandr (and clues from http://oyhus.no/Intel_915G_SuSE_10.3.html)
To XDM or not to XDM…
The problems I had with XDM
Getting started with the i3 config file – setting alternative shortcuts, nm-applet, etc
$TERM – WTF!! http://superuser.com/questions/124908/how-do-you-change-the-default-term-value-set-at-console-login-ubuntu/124915#124915
Getting the € Euro sign working: http://www.dawoodfall.net/index.php/utf-8-console … and having to edit the code page slightly (removing the U+20AC character from the 4th position in the table) http://www.fileformat.info/info/unicode/char/20aC/index.htm (“loadkeys unknown keysym: ‘quotedblbase'”)
Other smaller config changes
Running Emacs (server) and testing with emacsclient http://www.emacswiki.org/emacs/EmacsClient#toc1
Becoming a Slacker
INTRODUCTION
Enough was enough. I rocked and rolled along with one mainstream distribution after another, since I started using GNU/Linux in 2000. It was time for something else. Something that wasn’t trying to be everything.
Even I was slightly surprised then that, knowing so little about it, I chose Slackware Linux as my next distribution.
Here are some rough-and-ready notes from my installation, in case they’re of help to anyone else.
INSTALLATION
To install on an encrypted drive, I followed Juan Valencia’s blog:
http://www.jveweb.net/en/archives/2010/10/installing-slackware-in-an-encrypted-lvm.html
Apart from the natural modifications expected, i.e. kernel versions, the instructions were completely sound and the installation proceeded without issue.
INITRD KEYMAP
One LILO was installed, and the system rebooted, I had two issues:
- The USB devices attached to my ThinkPad’s docking station weren’t activating at boot time
- The keymap of the initial ram disk was set to US, so to decrypt my drive I had to observe the alternative placement of certain characters… 😉
To resolve these issues, I found the “IT Debris” blog (amusingly sub-titled: “Nothing lasts, nothing is finished, nothing is perfect”):
http://blog.beulink.org/slackware-initrd-luks-usb-keyboard/
To the command line (mkinitrd -c -k 3.2.7 -f ext4 -r /dev/vgl01/lvroot -m usb-storage:ehci-hcd:usbhid:jbd2:mbcache:ext4 -C /dev/sda2 -L -u -o /boot/initrd.gz) I added the flag “-l uk”, which loaded the UK keymap by default into the initial ramdisk.
Not forgetting to run lilo afterwards!
LILO’S KEYMAP
LILO’s keymap was also set to US. I decided to take a look at this. While the documentation is pretty comprehensive, the instructions for this particular issue were met with a slight problem – the file locations and names had changed in the 13 years since the documentation was written.
keytab-lilo is the recommended tool for updating LILO’s keyboard mapping.
keytab-lilo expects a US map and the other map (in your language, that you want to use) in order to create a mapping between them.
According to the docs, as referenced in /usr/share/doc/LILO…/doc/README’s web link, keytab-lilo expected keyboard mappigns in /usr/lib/kbd. This directoty doesn’t exist, so I did this:
mkdir usr/lib/kbd mkdir /usr/lib/kbd/keytables
loadkeys uk
cd usr/lib/kbd/keytables
cp /usr/share/kbd/keymaps/i386/qwerty/uk.map.gz . cp /usr/share/kbd/keymaps/i386/qwerty/us.map.gz . gunzip uk.map.gz gunzip us.map.gz
mv us.map us.kmap mv uk.map uk.kmap
keytab-lilo uk > /boot/uk.ktl
.. FINALLY, edit /etc/lilo.conf in your favourite editor:
emacs -nw /etc/lilo.conf
boot = /dev/sda keytable = /boot/uk.ktl
NOTE: the remapping doesn’t seem perfect. The hash (“pound” in en_US) symbol (#) is mapped to two keys and the UK pound (£) symbol is not mapped to number 3 at all, but in the main this is a usable UK mapping for me.
AND.. THE SYSTEM KEYMAP!
Edit /etc/profile.d/lang.sh, adjusting from en_US to en_GB
POST-INSTALL STUFF
After this, there were a couple of issues which I wanted to resolve. When using Ubuntu, I recall there was an issue with using a ThinkPad T420 (my machine) and possibly other ThinkPads with audio output via the docking station‘s analogue port. The issue was also addressed in a Ubuntu forum post.
I created /etc/modprobe.d/t420.conf and added the following:
options snd-hda-intel model=thinkpad
options iwlcore led_mode=1
.. then rebooted. Perfect – audio came up as expected. The flashing LED still appears to be flashing, though, so this requires further investigation.
INSTALL GOOGLE CHROME
http://web.archive.org/web/20150815075708/http://infinityperl.org/post/2009/12/09/How-to-install-Google-Chrome-on-Slackware-13.html
(+ hangouts plugin): http://slackblogs.blogspot.co.uk/2010/08/videovoice-chat-works-in-slackware.html
TERMINAL – modifying the prompt
A long trip arouind the documentation and understanding how bash is invoked made me realise that the easiest thing to do is go into XFCE’s Terminal preferences, and tick the box that says “Run Command as login shell”. Then I get my nice prompt with my login, hostname and path instead of just “sh-4.20$”.
PSEUDO SUMMARY
These are my first steps at installing and configuring Slackware Linux. So far, so good. And not a single crash, which is what I expect from a sensible GNU/Linux distribution.
The joys of Emacs
Quite simply, I am very happy to be back in Emacs-land.
There I was, thinking that the web-based task managers, to-do lists, etc
were “all that”. Well, ok, I do feel that some are pretty good, as you can tell from
my tag cloud on this blog. But nothing ever felt like it was native to
me, this keyboard and this computer.
I wanted to put tasks on a computer to 
make them easier to manage. Putting them on a web site didn’t do that, and I don’t think it ever
really will for me. So I’m back in the saddle with orgmode and boy, am I loving this again. It’s amazing how the keystrokes just come back to
you.
Here’s my list of software in Emacs (at present):
- mu4e, for E-mail
- orgmode, for task/calendar management
— mobileorg, for portability - weblogger, for blogging (duh)
For coding, I’m also using:
.. plus some other fontification and syntax colouring plugins.
Truly forgot what a joy it is to use this environment, although it does
take a little work setting up.
find podcast feeds in rhythmbox’s database
A simple one, this. Firstly, get to where rhythmbox stores its data:
# cd ~/.local/share/rhythmbox
Then, do this:
# grep podcast-feed rhythmdb.xml -A 5 | grep location | sed -e 's/<location>//' | sed -e 's/<\/location>//'
You should end up with a list of URLs which your podcast feeds are served from.
debian wheezy – issues and modifications
This is a blog post for personal interest and probably not of much amusement to others.
My work machine has a fresh install of the (soon-to-be released) Debian version 7 (codename “Wheezy”). There are a couple of modifications I’ve had to make to the installed software to get things working as desired.
Firstly, I’ve read really good things about mu4e – the “maildir-utils for emacs” email client. (Just for clarity, the author of maildir-utils has abbreviated its name to mu.) mu4e provides an interface to your email in emacs which is fast and efficient. I like things that are fast and efficient.
I installed debian’s standard mu and mu4e packages, but found that mu (the wheezy-based package) was not indexing all of my email. Firing up mu4e within emacs then trying to browse the ~/Maildir/INBOX – and being told there were no messages – raised some suspicions! So I removed that package and installed from source instead and, now, indexing works much better.
how to do this
Basically, it’s pretty simple. Just:
# apt-get remove mu4e
This will replace maildir-utils (0.9.8) and mu4e. Then download the mu-0.9.9.5 source (list of mu releases) and follow compilation and installation instructions from its install page.
On Debian, this will result in you installing mu and mu4e to /usr/local/share instead of the default installation point, /usr/share. To enable the use of /usr/local/share/emacs/site-packages/mu4e/ from within your standard emacs23 install, just create a symlink pointing to it from /usr/share/emacs/site-packages/ :
# ln -s /usr/local/share/emacs/site-packages/mu4e/ .
The software replacements are:
- with mu (0.9.9.5) from the package
other modifications
(Edit) I also installed gnu tramp for Emacs from source, but the reasons why I originally did this now escape me, as tramp has been part of Emacs for a while.
unrelated issues
I have found a worrisome issue in wheezy. When I attach an eSATA drive to my ThinkPad (T420) and copy lots of data – e.g. GBs of photos – to my ~/Pictures, I get some kind of kernel panic/X error. I’m still investigating this at present.
I will attempt to keep this list updated as I continue getting this set-up just as I want it 🙂
[ EDIT 10 April 2012 10:00 ]
Grabbing the currently stable, newest kernel source (ver 3.8.6) and compiling it in the debian way has seemingly fixed this crashing/locking issue.
understanding UNIX file permissions
I was recently asked to explain the difference between setting permissions on a directory to either 755 or 751.
In 751 mode, a user who isn’t the owner and isn’t in the group assigned to that directory can still execute anything within that directory, provided they know the name of the executable file. They are unable to browse the contents of that directory to find the name. Therefore, 751 is inherently more secure than 755.
The funky, geeky bit
For reference, each number of 7 5 1 is an octal representation of the number of permission bits set on the file/folder. There are 3 bits per field.
Taking the 7, from 751, this means all bits are set to 1. This is how it works (think of it like a lookup table):
meaning: r w x (read, write, execute)
bit value: 4 2 1 (< - this is the octal lookup bit)
bit set to: 1 1 1 == 4 + 2 + 1 == 7.
If you take the value 5, then this is how that’s set in the bit fields:
bit set to: 1 0 1 == 4 + 0 + 1 == 5.
Remember, there are three fields! So each field – the “owner”, “group” and “others” fields – contains the sum of permission bits set for that field. The “751” is actually a nice, easy way to see permissions. The actual permissions set in a 751 situation are, in binary “nibbles”, 0111, 0101 and 0001.
Demo – try it yourself!
As root, set up a test dir in /tmp/ called test, with 751 perms. Then create a file within that called hello.sh which simply outputs “hello” on the command line when executed. To achieve that, simply do this (as root, remember):
# mkdir /tmp/test# touch /tmp/test/hello.sh# chmod +x /tmp/test/hello.sh
Then edit /tmp/test/hello.sh and put these two lines in:
#!/bin/shecho Hello
/tmp/test is owned by root (rwx / 7) , has the root group (r-x / 5) and the "world" just has execute (--x / 1). When using your own user account, trying to do a # ls /tmp/test - should tell you that permission was denied.
However, you should be able to do # /tmp/test/hello.sh which outputs "Hello" as expected.
If you bump that world permission to r-x / 5, you would be able to see that file because ls has the necessary permission to read the directory contents.
How Linux is Built
Awesome video from The Linux Foundation.
