Search Results: "Craig Small"

16 February 2014

Craig Small: psmisc 22.21 Released

Today as it was raining and I couldn t do much gardening, psmisc version 22.21 was released. The files are located up on sourceforge at https://sourceforge.net/projects/psmisc/files/latest/download or at your favorite distro repository soon. Once again, thanks to all patch submitters, bug reports and translators for all their help in getting this out. Apologies to the translation teams for having two alpha versions. So what does psmisc 22.21 bring you? Amongst a lot of minor bug fixes it has:

If you started a process and then spawned some threads and then decided to change the names of the threads, pstree would show the old name, it now shows the correct new name
pstree has a new flag (-N) for namespace support, thanks Aristeu for the patches
Previously fuser -M flag only worked if it was before -m, now it can be either order

The Debian psmisc package should be out in the next few hours.

14 February 2014

Craig Small: Resetting USB devices

I m not sure if it is just a bad motherboard, cable, USB device or just bad luck, but when I reboot the computer the UPS doesn t appear. It s not even seen in lsusb and of course that makes nut-server fail which makes nut-client complain that it cannot work out the UPS status.The solution was to unplug and plug the cable in then reset nut-server and all was good. But playing with cables seems so last century, surely there was a better way? Some Googling showed up a way to Reset USB without a reboot but the directories the entry mentioned didn t exist on my computer; though there was something very close to it. Perhaps that would work? A few tweaks later and I had a working UPS monitoring cable! The changed script is below: I m not sure if it is just a bad motherboard, cable, USB device or just bad luck, but when I reboot the computer the UPS doesn t appear. It s not even seen in lsusb and of course that makes nut-server fail which makes nut-client complain that it cannot work out the UPS status.The solution was to unplug and plug the cable in then reset nut-server and all was good. But playing with cables seems so last century, surely there was a better way? Some Googling showed up a way to Reset USB without a reboot but the directories the entry mentioned didn t exist on my computer; though there was something very close to it. Perhaps that would work? A few tweaks later and I had a working UPS monitoring cable! The changed script is below:

#!/bin/sh
 
SYSXHCI=/sys/bus/pci/drivers/xhci_hcd
 
if [ "$(id -u)" != 0 ] ; then
 echo This must be run as root!
 exit 1
fi
 
if ! cd $SYSXHCI ; then
 echo Weird error. Failed to change directory to $SYSXHCI
 exit 1
fi
 
for dev_id in ????:??:??.? ; do
 printf "$ dev_id " &gt; unbind
 printf "$ dev_id " &gt; bind
done

Thanks to Eli for the original idea which got me onto the right path.

13 February 2014

Craig Small: Google doesn t get SPF

Someone has decided to use my email address for a spam source. They have even used google to relay it which, given Googles current policies seems like a winning idea. I keep getting emails from Google s servers with header lines like this:

X-Original-Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of csmall@small.dropbear.id.au does not designate 66.80.26.66 as permitted sender)

You don t say? You mean even though my SPF records do not include some dodgy server in California, even though Google knows I don t include this in my SPF records well we will let the email go through anyhow. SPF records mean that s where my email comes from. If the record has a -all at the end of it, like mine do, then it means don t accept it from anywhere else. The hardfail means Google sees the -all and still does nothing about it.

3 February 2014

Craig Small: jffnms 0.9.4

JFFNMS version 0.9.4 was released today, this version fixes some bugs that have recently appeared in previous versions.

Alarmed Interfaces and Events

The triggers rules editor had a problem where some of the rules clicked off the triggers would not appear or could not be edited correctly. Most of the Admin screens have the ability to sort the rows. This, unfortunately, didn t sort but the functionality has been restored. Most users are probably unaware of this, but the database schema is first created for MySQL and is then converted for PostgreSQL. The conversi0n process is far from ideal and hasn t worked until this release. More testing is required for PostgreSQL support but it should be a lot better.

22 January 2014

Craig Small: WordPress 3.8 for Debian

Well if you can read this then you know it s working. After way too many weeks, Debian will have WordPress version 3.8. Thanks to Rapha l for his kind assistance and answering my questions about how it was built. The upload is still gurgling along and will make it there in its own time. He said Handing over packages is hard, I d agree but say taking over them is too. So, what does WordPress 3.8 look like? From the frontend I didn t really notice much. The big changes, at least cosmetically, seem to be for the admin backend. It just look slicker and cleaner. Hopefully Debian users find the update useful and I ve not broken anything. There s always the BTS if there is. I ve deliberately tried to minimise the changes for this version to limit the breakage.

7 January 2014

Craig Small: Trying out Prosody for XMPP

After reading Fran ois article about running your own XMPP server, I thought I d give it a go myself. A comment from Steven suggested that prosody would be a better and simpler alternative so I went with that. It is actually really simple with about 5 lines to add to the config, as well as firewall changes. The only trick is if you have a chained SSL certificate like mine you need to cat the certificate and the CA one together, otherwise you get SSL errors. So I m up and going with a XMPP contact the same as my email address which is csmall and then the domain enc.com.au
It just doesn t have anyone as contacts yet

I ll be adding the DNS records for it shortly.

16 December 2013

Craig Small: Debian s procps 3.3.9

While the upstream procps which was released last week has a new pidof, the Debian package will continue to not have that binary and the Debian sysvint-utils package will continue to have that file. That stops any messy procps splits and putting one part into Essential etc. This may mean that one distributions pidof doesn t quite work like anothers, but that has been like that already; which is why when I discussed the change as upstream I wondered where they found some of those flags I don t have.

Craig Small: Debian s procps 3.3.9

3 December 2013

Craig Small: procps-ng 3.3.9

Procps version 3.3.9 was released today. As there has been some API changes and fixes which means the library has changed again. There is a fine balance between fixing or enhancing library functions and keeping the API stable, with the added problem it wasn t a terribly good one to start with. Besides the API change, the following changes were made:

kernel namespaces support added to skill, pgrep, ps and top
pidof was reimplemented from scratch (replacing sysvinit pidof)
ps has configurable libselinux support ( enable-libselinux)
ps provides for display of systemd slice unit ( with-systemd)
free can once again report non-zero shared memory
sysctl provides system to ignore missing /etc/sysctl.conf
watch interval capacity was increased debian #720445
pwdx no longer fails in a nonexistent locale debian #718766
top clarified summary area Mem/Swap stats debian #718670
top batch mode -w (width) abend fixed debian #721204
top man page removed Bd/Ed mdoc macros debian #725713
top no longer clears screen at exit redhat #977561
top adapted to potential libnuma stderr message redhat #998678
top added missing batch mode newline redhat #1008674

Tar file is at sourceforge at https://sourceforge.net/projects/procps-ng/files/Production/

28 November 2013

Craig Small: XBMC with MythTv

I have had MythTV running on my server for quite some time. Once I got past the weird problems you often have with the local ABC channel, it has worked very well. One tip, put the recordings into their own partition. MythTV will happily fill it and deleting files only marks them for deletion. This makes perfect sense when it has its own partition but is annoying otherwise. Until recently, the frontend on the television in the living room was a DVD player that spoke DLNA. This worked ok, but was very basic. The recordings were just a list with no graphics or details. Something better had to go here and it has; XBMC. A small (size of a paperback) PC later and we have XBMC running and doesn t it look pretty! The cute thing was it merged my DVD images and my recordings into one, so it didn t matter where the movie came from, it looks the same. It even understands MythTV advertising marks and skips them, all is good. Except, no sound. This is where a combination of my Google skills and XBMC s documentation failed. The documentation either says switch to HDMI output or go through a very long and involved process to get the sound card working. The tests on the command line failed and I thought I was going to be in for that long and involved process fixing alsa. Then in another part of the menus I saw you had Basic, Advanced, Expert levels and wondered what that did? It gave me more things to tweak in the menus. Perhaps that might fix my HDMI sound problem? Going into the System setup and then audio and then switching to a higher level of menu (it s on the left) suddenly I have a screen and a half of options and a few seconds later, sound! So if you are searching for NVIDIA and HDMI and sound, first turn on the advanced menu items and try setting that, it might be all you need (despite what Google and documentation says). One other thing, the C or I button on a remote could be called Guide . It is on mine. Also, SMB shares give a much better result than DLNA ones because SMB all the images and info are done on XBMC and it doesn t do the same for DLNA.

21 November 2013

Craig Small: WordPress password bots

Browsing through my logs I noticed that one particular IP address was continuously trying to go to wp-login.php After a few more greps, it seems he really likes this URL. So, Mr 37.115.188.210 congratulations for testing a few things and welcome to the blocklist. I love fail2ban, but initially I didn t have it for the wordpress login. That needed to get fixed real quick, so a visit to the wordpress plugins site and we have WP fail2ban up and running. And doesn t it work well:

2013-11-21 22:54:47,742 fail2ban.actions: WARNING [wordpress] Ban 37.115.188.210
2013-11-21 22:58:29,037 fail2ban.actions: WARNING [wordpress] Unban 37.115.188.210
2013-11-21 22:58:39,450 fail2ban.actions: WARNING [wordpress] Ban 37.115.188.210
2013-11-21 23:08:40,164 fail2ban.actions: WARNING [wordpress] Unban 37.115.188.210
2013-11-21 23:09:27,241 fail2ban.actions: WARNING [wordpress] Ban 37.115.188.210
2013-11-21 23:19:27,919 fail2ban.actions: WARNING [wordpress] Unban 37.115.188.210
2013-11-21 23:20:09,991 fail2ban.actions: WARNING [wordpress] Ban 37.115.188.210
2013-11-21 23:30:10,689 fail2ban.actions: WARNING [wordpress] Unban 37.115.188.210

You get the idea! I ve sent a message off to the responsible ISP, we ll see how that goes.

Craig Small: Quieting dbus

I run a program called logcheck which regularly scans the logfiles looking for interesting things . One of these interesting things (to logcheck, not to me at first) was dbus complaining about mythtv. The logs look something like this:

Nov 17 05:08:18 elmo dbus-daemon[1621]: dbus[1621]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.236" (uid=999 pid=3669 comm="/usr/bin/mythfilldatabase --verbose general --logl") interface="org.freedesktop.NetworkManager" member="GetDevices" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=1930 comm="/usr/sbin/NetworkManager ")

What this is is the dbus daemon rejecting a message being sent from mythfilldatabase that wants to go to NetworkManager. Looking at NetworkManager s dbus configuration, its doing all the right things. So it s a simple matter of just fixing up the dbus configuration and you re done. Then I hit the first snag; the dbus documentation is a little sad. I remember seeing a show where they MRI scanned some artifacts to get to the writing and then used a maker-bot to recreate the hidden writing. They then painstakingly translated it using a team of experts to work out the English translation. Working out the dbus configurations is not quite that difficult, but it s close. The easiest way is to copy something and see if it works, which is what I did. I created a file /etc/dbus-1/system.d/mythtv.conf which permitted the myth user access to the GetDevices method. It looks like:

<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
        <policy user="mythtv">
                <allow send_destination="org.freedesktop.NetworkManager"
                       send_interface="org.freedesktop.NetworkManager"
                       send_member="GetDevices"/>
        </policy>
</busconfig>

Reloaded dbus and all went quiet.

15 October 2013

Craig Small: Damn you, unworking r8168

I really don t know why ethernet device makers insist on making it hard for to use their products. Ethernet has been around for many, many years; surely its not too much to ask for drivers that just work . And so that s the problem I currently have with my new computer. It has an onboard Ethernet interface which uses a Realtek chip and that s where the problems have been (with the exception of a power button that wriggled free, but that is also easy to fix). The device comes up as:

03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 06)

I ve used:

The R8169 driver that comes with most of the Debian kernels
r8168-dkms driver
The 8168 driver from the realtek site

and all of them don t work. It seems that the receive side works fine (I sometimes get a valid IPv6 address) but no packets are sent, even ifconfig eth0 shows zero transmitted packets. ethtool shows some of the setup, this is with the r8168 driver:

driver: r8168
version: 8.037.00-NAPI
firmware-version: 
bus-info: 0000:03:00.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: yes
supports-priv-flags: no

Interestingly, if I use the r8169 driver in the kernel and try ifup etho then I do get an entry in the firmware-version spot. dmesg also shows that it finds the device.

[  0.916487] r8168 Gigabit Ethernet driver 8.037.00-NAPI loaded
[  0.916667] r8168 0000:03:00.0: irq 72 for MSI/MSI-X
[  0.939129] r8168: This product is covered by one or more of the following patents: US6,570,884, US6,115,776, and US6,327,625.
[  0.939136] r8168  Copyright (C) 2013  Realtek NIC software team <nicfae@realtek.com>
[  10.807066] r8168: eth0: link up

So it all looks good, except it won t send any packets. Anyone got one of these devices and if so (and more importantly) how did you get it to work?

6 October 2013

Craig Small: Changed Twitter Handle

For my birthday I thought I d fix my twitter handle. The old one was a bit fiddly and hard to remember. So the new one is @smallsees Pretty easy to remember; my surname and my ircname. Sorted, done. Now all I need to do is stop these birthday things.

18 September 2013

Craig Small: Goodbye mygbiz

Google seems to try to invent new and interesting ways for spammers to spam me (and many others). I ve still not worked out a good way to block fake googlegroups which follow this method:

Make new fake gmail login
Make new fake google group
Add lots of people s email addresses to the group
Send lots of junk to these people
Repeat when it gets closed down

I m not sure why groups aren t opt-in. A rather simple and standard way to stop this exact problem. Anyhow, the next new spammer enablement that the nice folks at Google have come up with is the mygbiz.com domain. These are temporary email addresses you can use when setting up Google apps. The only thing I have ever seen from them is spam. So I thought I d try to report some to Google. After looping around several help screens that were, despite their name, very unhelpful, I ve come to the conclusion that Google isn t too serious about fixing this problem. If you have postfix, the solution is very simple:

vi /etc/postfix/access_sender
Add a line like mygbiz.com REJECT
postmap /etc/postfix/access_sender
postfix reload

I find the results to this method far superior to trying to get Google interested in being responsible for a domain they run. If you want to use google apps then spend the $50 and get a domain. Alternatively don t use something that spammers abuse. Does it work? You bet it does!

Sep 18 23:26:38 elmo postfix/smtpd[19013]: NOQUEUE: reject: RCPT from mail-ye0-f208.google.com[209.85.213.208]: 554 5.7.1 <grace@sheiladolan.mygbiz.com>: Sender address rejected: Do not send from mygbiz.com domains; from=<grace@sheiladolan.mygbiz.com> to=<ME@MYDOMAIN> proto=ESMTP helo=<mail-ye0-f208.google.com>

17 September 2013

Craig Small: jqGrid in TurboGears2 Admin Screens

I wanted to use the jqGrid for my admin pages as I liked that look and it matches some of the other screens outside the admin controller. The admin controller, or rather the CrudRestController out of tgext.crud, has a way of exporting results in json format. So surely its a matter of changing the TableBase to use jqGrid in the admin controller and we re done? Well, no. First you need to adjust the jsonReader options so that it lines up to the field names that the controller sends and this was one of the first (or last snags). The json output looks like:

 
  "value_list":  
    "total": 20,
    "items_per_page": 7,
    "page": 1,
    "entries": [(lots of entries)...]

Now this is a little odd because of the top-level dictionary that is being used here. Most of the examples have everything that is inside the value_list being returned. In fact adjusting the controller to return only those items in the value_list values works. To look inside this structure we need to adjust the jsonReader options. jqGrid documentation uses the format toptier>subtier for the XML reader so that was the intial attempt. It was also an intial fail, it doesn t work and you get your very familiar empty grid. The trick is close to this format, but slightly different for json. You change the options to toptier.subtier . In other words change the greater than symbol to a full stop for json access. The jqGridWidget now has the following options (amongst others):

options =  
  'datatype': 'json',
  'jsonReader':  
    'repeatitems': False,
    'root': 'value_list.entries',
    'total': 'value_list.total',
    'page': 'value_list.page',

There might be a way of saying all entries sit under value_list inside jqGrid, but I couldn t find it. Those options given above do give a working jqGrid on the admin screens.

10 September 2013

Craig Small: Odd WordPress pingbacks

I m getting some odd log messages for the apache module modsecurity. Essentially its xml parser is breaking when random places are sending pingbacks. The requests go to xmlrpc.php and the response headers are ok, but the body is binary. The message in the modsecurity log looks like:

Message: XML parser error: XML: Failed parsing document.

After a bit of guessing and sending messages to and fro, I can now see that it is a gziped response. So I m not sure if it is modsecurity not realising that the response is gziped or wordpress not marking it correctly. In any case I can regularly get very similar binary strings using gzip and the usual xml response. So that s half the mystery solved. Most of the requests are spammers so I m not too worried. I think it also impacts legitimate pingbacks because I ve not had any, even from the usual automatic places.

9 August 2013

Craig Small: pidof moving to procps

pidof is a program that finds the PID of a named program. In some ways it is like a cut-down pgrep found in the procps package. pidof currently sits in sysvinit-tools. There are plans to move all utilities that use the proc filesystem under one package which will make the maintenance of them simpler, which in effect means moving pidof from sysvinit-tools to procps. The short-term bump should make it better in the long term. Now as I wear two hats (Debian maintainer and procps upstream) there are two very important things I/we need to know.

If your Debian package depends on pidof being present, then we need to discuss dependencies. procps is generally installed on most systems but there might be corner cases. Possibly just depending on a specific version of procps will do it
If you, your Debian package or anything else (including other distributions) need the non-LSB options of pidof (ie they use -c -n or -m) then we (upstream) need to know about it. There are provisional plans not to support these options but they re needed, or a subset is, then that could change.

Debian developers can chime in on the debian-devel email list, or email myself. If its an upstream issue then either email me, or even better, the procps email list

Craig Small: pidof moving to procps

If your Debian package depends on pidof being present, then we need to discuss dependencies. procps is generally installed on most systems but there might be corner cases. Possibly just depending on a specific version of procps will do it
If you, your Debian package or anything else (including other distributions) need the non-LSB options of pidof (ie they use -c -n or -m) then we (upstream) need to know about it. There are provisional plans not to support these options but they re needed, or a subset is, then that could change.

Debian developers can chime in on the debian-devel email list, or email myself. If its an upstream issue then either email me, or even better, the procps email list

8 August 2013

Craig Small: postfix transport with smarthost

Dear lazyyweb, Has anyone got a way for postfix to use a transport map such that it sends email to the given MX host for some specified domains then default to a smarthost for the remainder? The logic would be: IF domain in ( example.net , foo.bar ,etc etc) THEN use the relevant MX host ELSE send to smarthost.isp.net i can use a transport map to send from specific domains to specific hosts, eg @domain.com goes to otherisp.net mailserver but not to just use domain.com s MX hosts

Next.

Previous.