Author: dropbear

  • procps-ng 3.3.9

    Procps version 3.3.9 was released today.  As there has been some API changes and fixes which means the library has changed again.  There is a fine balance between fixing or enhancing library functions and keeping the API stable, with the added problem it wasn’t a terribly good one to start with.

    Besides the API change, the following changes were made:

    • kernel namespaces support added to skill, pgrep, ps and top
    • pidof was reimplemented from scratch (replacing sysvinit pidof)
    • ps has configurable libselinux support (–enable-libselinux)
    • ps provides for display of systemd slice unit (–with-systemd)
    • free can once again report non-zero ‘shared’ memory
    • sysctl provides ‘–system’ to ignore missing /etc/sysctl.conf
    • watch interval capacity was increased – debian #720445
    • pwdx no longer fails in a nonexistent locale – debian #718766
    • top clarified summary area Mem/Swap stats – debian #718670
    • top batch mode -w (width) abend fixed – debian #721204
    • top man page removed ‘Bd/Ed’ mdoc macros – debian #725713
    • top no longer clears screen at exit – redhat #977561
    • top adapted to potential libnuma stderr message – redhat #998678
    • top added missing batch mode newline – redhat #1008674

    Tar file is at sourceforge at https://sourceforge.net/projects/procps-ng/files/Production/

  • XBMC with MythTv

    I have had MythTV running on my server for quite some time. Once I got past the weird problems you often have with the local ABC channel, it has worked very well. One tip, put the recordings into their own partition. MythTV will happily fill it and deleting files only marks them for deletion. This makes perfect sense when it has its own partition but is annoying otherwise.

    Until recently, the frontend on the television in the living room was a DVD player that spoke DLNA. This worked ok, but was very basic. The recordings were just a list with no graphics or details. Something better had to go here and it has; XBMC.

    A small (size of a paperback) PC later and we have XBMC running and doesn’t it look pretty! The cute thing was it merged my DVD images and my recordings into one, so it didn’t matter where the movie came from, it looks the same. It even understands MythTV advertising marks and skips them, all is good.

    Except, no sound. This is where a combination of my Google skills and XBMC’s documentation failed.  The documentation either says switch to HDMI output or go through a very long and involved process to get the sound card working.  The tests on the command line failed and I thought I was going to be in for that long and involved process fixing alsa.

    Then in another part of the menus I saw you had Basic, Advanced, Expert levels and wondered what that did? It gave me more things to tweak in the menus. Perhaps that might fix my HDMI sound problem?  Going into the System setup and then audio and then switching to a higher level of menu (it’s on the left) suddenly I have a screen and a half of options and a few seconds later, sound!

    So if you are searching for NVIDIA and HDMI and sound, first turn on the advanced menu items and try setting that, it might be all you need (despite what Google and documentation says).

    One other thing, the C or I button on  a remote could be called “Guide”. It is on mine.

    Also, SMB shares give a much better result than DLNA ones because SMB all the images and info are done on XBMC and it doesn’t do the same for DLNA.

  • WordPress password bots

    Browsing through my logs I noticed that one particular IP address was continuously trying to go to wp-login.php After a few more greps, it seems he really likes this URL. So, Mr 37.115.188.210 congratulations for testing a few things and welcome to the blocklist.

    I love fail2ban, but initially I didn’t have it for the wordpress login. That needed to get fixed real quick, so a visit to the wordpress plugins site and we have WP fail2ban up and running.

    And doesn’t it work well:

    2013-11-21 22:54:47,742 fail2ban.actions: WARNING [wordpress] Ban 37.115.188.210
    2013-11-21 22:58:29,037 fail2ban.actions: WARNING [wordpress] Unban 37.115.188.210
    2013-11-21 22:58:39,450 fail2ban.actions: WARNING [wordpress] Ban 37.115.188.210
    2013-11-21 23:08:40,164 fail2ban.actions: WARNING [wordpress] Unban 37.115.188.210
    2013-11-21 23:09:27,241 fail2ban.actions: WARNING [wordpress] Ban 37.115.188.210
    2013-11-21 23:19:27,919 fail2ban.actions: WARNING [wordpress] Unban 37.115.188.210
    2013-11-21 23:20:09,991 fail2ban.actions: WARNING [wordpress] Ban 37.115.188.210
    2013-11-21 23:30:10,689 fail2ban.actions: WARNING [wordpress] Unban 37.115.188.210
    

    You get the idea! I’ve sent a message off to the responsible ISP, we’ll see how that goes.

  • Quieting dbus

    I run a program called logcheck which regularly scans the logfiles looking for “interesting things”. One of these interesting things (to logcheck, not to me at first) was dbus complaining about mythtv.  The logs look something like this:

    Nov 17 05:08:18 elmo dbus-daemon[1621]: dbus[1621]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.236" (uid=999 pid=3669 comm="/usr/bin/mythfilldatabase --verbose general --logl") interface="org.freedesktop.NetworkManager" member="GetDevices" error name="(unset)" requested_reply="0" destination="org.freedesktop.NetworkManager" (uid=0 pid=1930 comm="/usr/sbin/NetworkManager ")

    What this is is the dbus daemon rejecting a message being sent from mythfilldatabase that wants to go to NetworkManager.  Looking at NetworkManager’s dbus configuration, its doing all the right things.

    So it’s a simple matter of just fixing up the dbus configuration and you’re done. Then I hit the first snag; the dbus documentation is a little sad. I remember seeing a show where they MRI scanned some artifacts to get to the writing and then used a maker-bot to recreate the hidden writing. They then painstakingly translated it using a team of experts to work out the English translation.  Working out the dbus configurations is not quite that difficult, but it’s close.  The easiest way is to copy something and see if it works, which is what I did.

    I created a file /etc/dbus-1/system.d/mythtv.conf which permitted the myth user access to the GetDevices method. It looks like:

    
    
            
                    
            
    
    
    

    Reloaded dbus and all went quiet.

     

     

    Enhanced by Zemanta
  • Damn you, unworking r8168

    I really don’t know why ethernet device makers insist on making it hard for to use their products.  Ethernet has been around for many, many years; surely its not too much to ask for drivers that “just work”.

    And so that’s the problem I currently have with my new computer. It has an onboard Ethernet interface which uses a Realtek chip and that’s where the problems have been (with the exception of a power button that wriggled free, but that is also easy to fix).

    The device comes up as:

    03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 06)
    
    

    I’ve used:

    • The R8169 driver that comes with most of the Debian kernels
    • r8168-dkms driver
    • The 8168 driver from the realtek site

    and all of them don’t work.  It seems that the receive side works fine (I sometimes get a valid IPv6 address) but no packets are sent, even ifconfig eth0 shows zero transmitted packets.

    ethtool shows some of the setup, this is with the r8168 driver:

    driver: r8168
    version: 8.037.00-NAPI
    firmware-version:
    bus-info: 0000:03:00.0
    supports-statistics: yes
    supports-test: no
    supports-eeprom-access: no
    supports-register-dump: yes
    supports-priv-flags: no

     

    Interestingly, if I use the r8169 driver in the kernel and try ifup etho then I do get an entry in the firmware-version spot.

    dmesg also shows that it finds the device.

    [    0.916487] r8168 Gigabit Ethernet driver 8.037.00-NAPI loaded
    [    0.916667] r8168 0000:03:00.0: irq 72 for MSI/MSI-X
    [    0.939129] r8168: This product is covered by one or more of the following patents: US6,570,884, US6,115,776, and US6,327,625.
    [    0.939136] r8168  Copyright (C) 2013  Realtek NIC software team <[email protected]>
    [   10.807066] r8168: eth0: link up

    So it all looks good, except it won’t send any packets.  Anyone got one of these devices and if so (and more importantly) how did you get it to work?

     

  • Changed Twitter Handle

    For my birthday I thought I’d fix my twitter handle. The old one was a bit fiddly and hard to remember. So the new one is @smallsees  Pretty easy to remember; my surname and my ircname. Sorted, done. Now all I need to do is stop these birthday things.

     

  • Goodbye mygbiz

    Google seems to try to invent new and interesting ways for spammers to spam me (and many others).  I’ve still not worked out a good way to block “fake googlegroups” which follow this method:

    1. Make new fake gmail login
    2. Make new fake google group
    3. Add lots of people’s email addresses to the group
    4. Send lots of junk to these people
    5. Repeat when it gets closed down

    I’m not sure why  groups aren’t opt-in. A rather simple and standard way to stop this exact problem.

    Anyhow, the next new spammer enablement that the nice folks at Google have come up with is the mygbiz.com domain. These are temporary email addresses you can use when setting up Google apps. The only thing I have ever seen from them is spam. So I thought I’d try to report some to Google.  After looping around several help screens that were, despite their name, very unhelpful, I’ve come to the conclusion that Google isn’t too serious about fixing this problem.

    If you have postfix, the solution is very simple:

    1. vi /etc/postfix/access_sender
    2. Add a line like “mygbiz.com  REJECT”
    3. postmap /etc/postfix/access_sender
    4. postfix reload

    I find the results to this method far superior to trying to get Google interested in being responsible for a domain they run. If you want to use google apps then spend the $50 and get a domain. Alternatively don’t use something that spammers abuse.

    Does it work? You bet it does!

    Sep 18 23:26:38 elmo postfix/smtpd[19013]: NOQUEUE: reject: RCPT from mail-ye0-f208.google.com[209.85.213.208]: 554 5.7.1 <[email protected]>: Sender address rejected: Do not send from mygbiz.com domains; from=<[email protected]> to=<ME@MYDOMAIN> proto=ESMTP helo=<mail-ye0-f208.google.com>
    
    
  • jqGrid in TurboGears2 Admin Screens

    I wanted to use the jqGrid for my admin pages as I liked that look and it matches some of the other screens outside the admin controller.  The admin controller, or rather the CrudRestController out of tgext.crud, has a way of exporting results in json format. So surely its a matter of changing the TableBase to use jqGrid in the admin controller and we’re done?

    Well, no.

    First you need to adjust the jsonReader options so that it lines up to the field names that the controller sends and this was one of the first (or last snags). The json output looks like:

    {
      "value_list": {
        "total": 20,
        "items_per_page": 7,
        "page": 1,
        "entries": [(lots of entries)...]
      }
    }

    Now this is a little odd because of the top-level dictionary that is being used here. Most of the examples have everything that is inside the value_list being returned. In fact adjusting the controller to return only those items in the value_list values works.

    To look inside this structure we need to adjust the jsonReader options. jqGrid documentation uses the format “toptier>subtier” for the XML reader so that was the intial attempt. It was also an intial fail, it doesn’t work and you get your very familiar empty grid.

    The trick is close to this format, but slightly different for json. You change the options to “toptier.subtier”. In other words change the greater than symbol to a full stop for json access.

    The jqGridWidget now has the following options (amongst others):

    options = {
      'datatype': 'json',
      'jsonReader': {
        'repeatitems': False,
        'root': 'value_list.entries',
        'total': 'value_list.total',
        'page': 'value_list.page',
      }
    }

    There might be a way of saying all entries sit under value_list inside jqGrid, but I couldn’t find it. Those options given above do give a working jqGrid on the admin screens.

  • Odd WordPress pingbacks

    I’m getting some odd log messages for the apache module modsecurity.  Essentially its xml parser is breaking when random places are sending pingbacks. The requests go to xmlrpc.php and the response headers are ok, but the body is binary.  The message in the modsecurity log looks like:

    Message: XML parser error: XML: Failed parsing document.

    After a bit of guessing and sending messages to and fro, I can now see that it is a gziped response. So I’m not sure if it is modsecurity not realising that the response is gziped or wordpress not marking it correctly. In any case I can regularly get very similar binary strings using gzip and the usual xml response. So that’s half the mystery solved.

    Most of the requests are spammers so I’m not too worried.  I think it also impacts legitimate pingbacks because I’ve not had any, even from the usual automatic places.

  • pidof moving to procps

    pidof is a program that finds the PID of a named program. In some ways it is like a cut-down pgrep found in the procps package.  pidof currently sits in sysvinit-tools.

    There are plans to move all utilities that use the proc filesystem under one package which will make the maintenance of them simpler, which in effect means moving pidof from sysvinit-tools to procps. The short-term bump should make it better in the long term.

    Now as I wear two hats (Debian maintainer and procps upstream) there are two very important things I/we need to know.

    • If your Debian package depends on pidof being present, then we need to discuss dependencies. procps is generally installed on most systems but there might be corner cases. Possibly just depending on a specific version of procps will do it
    • If you, your Debian package or anything else (including other distributions) need the non-LSB options of pidof (ie they use -c -n or -m) then we (upstream) need to know about it. There are provisional plans not to support these options but they’re needed, or a subset is, then that could change.

    Debian developers can chime in on the debian-devel email list, or email myself. If its an upstream issue then either email me, or even better, the procps email list

    Enhanced by Zemanta